cipherscan/README.md
2013-07-18 21:01:44 -04:00

1.2 KiB

CipherScan

A very simple way to find out which SSL ciphersuites are supported by a target.

Run: ./CipherScan.sh www.google.com:443 -v And watch.

Edit the script if you need more (disable benchmarking by setting DOBENCHMARK to 0).

The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!

Example

$ ./CiphersScan.sh www.google.com:443

prio  ciphersuite                  avg_handshake_ms
1     ECDHE-RSA-AES128-GCM-SHA256  392
2     ECDHE-RSA-RC4-SHA            412
3     ECDHE-RSA-AES128-SHA         415
4     AES128-GCM-SHA256            428
5     RC4-SHA                      404
6     RC4-MD5                      399
7     ECDHE-RSA-AES256-GCM-SHA384  389
8     ECDHE-RSA-AES256-SHA384      388
9     ECDHE-RSA-AES256-SHA         394
10    AES256-GCM-SHA384            388
11    AES256-SHA256                389
12    AES256-SHA                   389
13    ECDHE-RSA-DES-CBC3-SHA       392
14    DES-CBC3-SHA                 391
15    ECDHE-RSA-AES128-SHA256      394
16    AES128-SHA256                391
17    AES128-SHA                   389