Cipherscan - Find out which SSL ciphersuites
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the
openssl s_client
command line.
Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating system (which may have limited ciphers support), or your own version provided in the
-o
command line flag.
Basic test:
$ ./cipherscan google.com
...................
Target: google.com:443
prio ciphersuite protocols pfs curves
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 ECDH,P-256,256bits prime256v1
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1
3 ECDHE-RSA-AES128-SHA TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
4 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
5 AES128-GCM-SHA256 TLSv1.2 None None
6 AES128-SHA256 TLSv1.2 None None
7 AES128-SHA TLSv1.1,TLSv1.2 None None
8 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
9 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
10 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1
11 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1
12 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
13 AES256-GCM-SHA384 TLSv1.2 None None
14 AES256-SHA256 TLSv1.2 None None
15 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
16 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1
17 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
18 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: 100800
OCSP stapling: not supported
Cipher ordering: server
Post a Comment