Today we wrote a simple shell script to query an SSL enabled webserver. Pretty fun to have in the aresenal, it looks like this:
#!/bin/bash
if [ $# -eq 0 ] then echo "No fqdn given to check, try again (ie- $0 yahoo.com)" exit 1fi
for v in ssl2 ssl3 tls1 tls1_1 tls1_2; do for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do openssl s_client -connect ${1}:443 \ -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c" donedone
exit 0Let’s run it against our site and see what we get:
$ ./ssl_cipher_test.sh fak3r.comtls1_2: ECDHE-RSA-AES256-SHAtls1_2: AES256-SHAtls1_2: ECDHE-RSA-AES128-GCM-SHA256tls1_2: ECDHE-RSA-AES128-SHAtls1_2: AES128-GCM-SHA256tls1_2: AES128-SHASo what do you think?
