cipherscan/README.md
2013-07-18 21:01:44 -04:00

40 lines
1.2 KiB
Markdown

CipherScan
==========
A very simple way to find out which SSL ciphersuites are supported by a target.
Run: ./CipherScan.sh www.google.com:443 -v
And watch.
Edit the script if you need more (disable benchmarking by setting DOBENCHMARK to 0).
The newer your version of openssl, the better results you'll get. Older versions
of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!
Example
-------
```
$ ./CiphersScan.sh www.google.com:443
prio ciphersuite avg_handshake_ms
1 ECDHE-RSA-AES128-GCM-SHA256 392
2 ECDHE-RSA-RC4-SHA 412
3 ECDHE-RSA-AES128-SHA 415
4 AES128-GCM-SHA256 428
5 RC4-SHA 404
6 RC4-MD5 399
7 ECDHE-RSA-AES256-GCM-SHA384 389
8 ECDHE-RSA-AES256-SHA384 388
9 ECDHE-RSA-AES256-SHA 394
10 AES256-GCM-SHA384 388
11 AES256-SHA256 389
12 AES256-SHA 389
13 ECDHE-RSA-DES-CBC3-SHA 392
14 DES-CBC3-SHA 391
15 ECDHE-RSA-AES128-SHA256 394
16 AES128-SHA256 391
17 AES128-SHA 389
```