Cipherscan – Tool to Find Out SSL Ciphersuites Supported

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.

The tool is meant to run on all flavors of unix. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating system (which may have limited ciphers support), or your own version provided in the -o command line flag.

Cipherscan - Tool to Find Out SSL Ciphersuites Supported
Cipherscan – Tool to Find Out SSL Ciphersuites Supported

The motivation behind cipherscan is to help operators configure good TLS on their endpoints. To help this further, the script analyze.py compares the results of a cipherscan with the TLS guidelines from https://wiki.mozilla.org/Security/Server_Side_TLS and output a level and recommendations.

In the output above, analyze.py indicates that the target jve.linuxwall.info matches the intermediate configuration level. If the administrator of this site wants to reach the modern level, the items that failed under the modern tests should be corrected.

analyze.py does not make any assumption on what a good level should be. Sites operators should know what level they want to match against, based on the compatibility level they want to support.

You can read more and download or fork this tool over here: https://github.com/mozilla/cipherscan

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments