Enumerating TLS protocol versions and ciphers supported by the peer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

 

today I learned that nmap has a nice feature to enumerate the protocol versions and cipher suites supported by the peer (see below).

Is there a comparable elegant way to obtain the same results using the `openssl s_client` tool?

 

Matthias

 

 

--

 

$ nmap -script ssl-enum-ciphers -p 443 www.openssl.org

 

Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-06 15:05 CET

Nmap scan report for www.openssl.org (96.16.136.61)

Host is up (0.0041s latency).

Other addresses for www.openssl.org (not scanned): 2a02:26f0:1700:393::c1e 2a02:26f0:1700:380::c1e

rDNS record for 96.16.136.61: a96-16-136-61.deploy.static.akamaitechnologies.com

 

PORT    STATE SERVICE

443/tcp open  https

| ssl-enum-ciphers:

|   TLSv1.0:

|     ciphers:

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

|     compressors:

|       NULL

|     cipher preference: server

|   TLSv1.1:

|     ciphers:

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

|     compressors:

|       NULL

|     cipher preference: server

|   TLSv1.2:

|     ciphers:

|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A

|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A

|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

|     compressors:

|       NULL

|     cipher preference: server

|_  least strength: A

 

Nmap done: 1 IP address (1 host up) scanned in 1.10 seconds

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux