CipherScan

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates information, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_clientcommand line.

Cipherscan is meant to run on all flavors of UNIX. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platforms, it will use the OpenSSL version provided by the operating system (which may have limited ciphers support), or your own version provided in the command -o line flag.

Install

git clone https://github.com/mozilla/cipherscan.git

Usage

$ ./cipherscan google.com
……………….
Target: google.com:443

prio ciphersuite protocols pfs curves
1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 ECDH,P-256,256bits prime256v1
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1
3 ECDHE-RSA-AES128-SHA TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
4 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
5 AES128-GCM-SHA256 TLSv1.2 None None
6 AES128-SHA256 TLSv1.2 None None
7 AES128-SHA TLSv1.1,TLSv1.2 None None
8 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
9 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
10 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1
11 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1
12 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
13 AES256-GCM-SHA384 TLSv1.2 None None
14 AES256-SHA256 TLSv1.2 None None
15 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None
16 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1
17 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1
18 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 None None

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: 100800
OCSP stapling: not supported
Cipher ordering: server

Source: https://github.com/mozilla/cipherscan