0

How do I list the SSL/TLS cipher suites a particular website offers?

Is there any way we can list only ciphers with "YES" in mentioned script in above URL. Script looks working but it gives huge lists including YES & NO.

Appreciate help on this as I have to run script and looks for ciphers enabled in Prod servers

khuharshree
  • 1
  • 2
  • Also , is it possible to compare it against list of ciphers. For e.g. TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) TLS_RSA_WITH_AES_256_CBC_SHA (0x35) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) TLS_RSA_WITH_SEED_CBC_SHA (0x96) – khuharshree Feb 20 '19 at 17:02

1 Answers1

0

Since you have a working script, you can modify it to produce the output you want. Or more precisely, you can modify it to omit the output you don't want.

One of the simplest ways to experiment with scripts such as the one you cite is to comment out lines that you think you don't need. In bash, the # character at the beginning of a line will cause that line of the script to be ignored.

Take first things first. I'd recommend you study the script to see which output lines you want to keep, and which you want to eliminate, and comment out the lines which produce the output that is not useful to you. If you are in a hurry and do not have time to study and reason through how to revise the script, a simple text-filtering tool like grep might be all you need in the short term. This introduction to basic grep usage may be helpful, especially if you scroll down to the section about using grep with UNIX pipes.

The second part of your question is feasible, but you'll have a better grasp of how to accomplish that after you've gained the skills of how to accomplish the first part of your exercise. In the early part of the script, a list is built of all the ciphers the script will test. Instead of building that list, you could hard-code a list of your chosen ciphers. But beware that it is not possible to test whether a remote server accepts a given cipher unless your client (the openSSL client the script uses to test with) also supports that cipher.

Jim L.
  • 829
  • 5
  • 12
  • Thanks Jim . as final result stored in result variable . Hence greping on variable result to extract only those ciphers with YES is something I am not sure. For eg I tired echo $reault| grep -i “YES” . Any suggestions on this – khuharshree Feb 23 '19 at 15:54
  • Try piping the script output to grep, not grep-ing from inside the script. You may also want to create some simple, small text files, then study the grep man page, and experiment with grep to get the hang of it. You might also try searching this site and other websites for other simple grep questions and examples to help you gain an understanding of how to use grep to filter text files (or pipes) to show just the selected parts of output that you want. – Jim L. Feb 23 '19 at 18:39