How do I list the SSL/TLS cipher suites a particular website offers?
Problem
How can I retrieve a list of the SSL/TLS cipher suites a particular website offers? I've tried openssl, but if you examine the output: it just shows that the cipher suite is something with AES256-SHA. I know I could grep through the hex dump of the conversation, but I was hoping for something a little more elegant. I would prefer to do this on Linux, but Windows (or other) would be fine. This question is motivated by the security testing I do for PCI and general penetration testing. Update: GregS points out below that the SSL server picks from the cipher suites of the client. So it seems I would need to test all cipher suites one at a time. I think I can hack something together, but is there a simpler, more future-proof (e.g. new ciphers) way to do this?
Error Output
$ echo -n | openssl s_client -connect www.google.com:443 CONNECTED(00000003) depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.g…
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Fix for: How do I list the SSL/TLS cipher suites a particular website offers?
I wrote a bash script to test cipher suites. It gets a list of supported cipher suites from OpenSSL and tries to connect using each one. If the handshake is successful, it prints . If the handshake isn't successful, it prints , followed by the OpenSSL error text. Here's sample output showing 3 unsupported ciphers, and 1 supported cipher: EDIT: Add flexibility as host and port are provided as parameter to the script
Awaiting Verification
Be the first to verify this fix
Sign in to verify this fix