Look at
That is an openssl wrapper which enumerates ciphers and protocols ( and a whole lot more)
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS 1.3
x1302 TLS_AES_256_GCM_SHA384 ECDH 521 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 521 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 521 AESGCM 128 TLS_AES_128_GCM_SHA256
On Mon, 2021-12-06 at 15:06 +0000, Michael Wojcik wrote:
From: Dr. Matthias St. Pierre <Matthias.St.Pierre@xxxxxxxxx>Sent: Monday, 6 December, 2021 07:53To: Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx>; openssl-"Comparable elegant" is underspecified.(I guess, "Comparably elegant" would have been grammatically morecorrect.)I just meant that elegance is in the eye of the beholder.Many people might agree that having a single command line return the list of what suites the server supports is elegant, at least for the user. Others prefer the original UNIX philosophy of simpler tools which are scripted to perform more complex operations; that's the testssl.sh approach, and it's more elegant in the sense of being composed in a visible (and modifiable) way from smaller pieces.A command-line option to s_client to do this sort of server profiling is conceivable, but it would be a significant departure from what s_client does now, since it would conflict with some other options and would involve making multiple connections. That doesn't mean it shouldn't be implemented, necessarily, just that it's not parallel to most of the other things s_client options do.--Michael Wojcik
