Thursday, February 27, 2014

Quickly test all supported SSLv3/TLSv1 ciphers

I know there’s a bunch of tools out there that do it well, but I like bash scripting, especially nice one-liners.

Here goes:
for cipher in $(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g'); do
    echo -n | (openssl s_client -cipher "$cipher" -connect 10.0.0.1:443 >/dev/null 2>&1 && echo PASS $cipher) || echo FAIL $cipher;
done
You can definitely add a grep PASS or FAIL to filter results out.

No comments:

Post a Comment