How to list supported ciphers suites of a server?

I run into a problem of how to check whether my SSL ciphers suites configuration works correctly on my server.
Basically, with openssl, client can verify if the server supports a particular cipher suite using the following command:

openssl s_client -cipher "$cipher" -CAfile ca/ca.crt -connect server:port
# $cipher is the cipher suite name

So it is possible to automatically test all cipher suites supported by openssl against the server using a simple snippet of Bash, i found such script in this site https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers and modify it a little bit. Below is the script:

#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
    echo -n Testing $cipher...
    result=$(echo -n | openssl s_client -cipher "$cipher"  -connect $SERVER 2>&1)
    if [[ "$result" =~ ":error:" ]] ; then
        error=$(echo -n $result | cut -d':' -f6)
        echo NO \($error\)
    else
        if echo $result | grep -q "Verify return code: 0 (ok)"; then
            echo YES
        else
            echo UNKNOWN RESPONSE
            echo $result
         fi
    fi
sleep $DELAY
done

Related posts

Comments

The comment editor supports Markdown document format. Your email is necessary to notify you of further updates on the discussion. It will be hidden from the public.
Powered by antd server, (c) 2017 - 2020 Xuan Sang LE