How to list supported ciphers suites of a server?

I run into a problem of how to check whether my SSL ciphers suites configuration works correctly on my server.
Basically, with openssl, client can verify if the server supports a particular cipher suite using the following command:

openssl s_client -cipher "$cipher" -CAfile ca/ca.crt -connect server:port
# $cipher is the cipher suite name

So it is possible to automatically test all cipher suites supported by openssl against the server using a simple snippet of Bash, i found such script in this site and modify it a little bit. Below is the script:

#!/usr/bin/env bash

# OpenSSL requires the port number.
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
    echo -n Testing $cipher...
    result=$(echo -n | openssl s_client -cipher "$cipher"  -connect $SERVER 2>&1)
    if [[ "$result" =~ ":error:" ]] ; then
        error=$(echo -n $result | cut -d':' -f6)
        echo NO \($error\)
        if echo $result | grep -q "Verify return code: 0 (ok)"; then
            echo YES
            echo UNKNOWN RESPONSE
            echo $result
sleep $DELAY

Related posts


The comment editor supports Markdown document format. Your email is necessary to notify you of further updates on the discussion. It will be hidden from the public.
Powered by antd server, (c) 2017 - 2020 Xuan Sang LE