Skip to content

Instantly share code, notes, and snippets.

@christophermark

christophermark/listServerSideCipherSuites.md

Forked from gotev/listServerSideCipherSuites.md
Created December 3, 2020 02:18
Show Gist options
  • Save christophermark/d1677e9683d6171f65697aca82b8c002 to your computer and use it in GitHub Desktop.
Save christophermark/d1677e9683d6171f65697aca82b8c002 to your computer and use it in GitHub Desktop.
Download ZIP
List server-side cipher suites
Raw
listServerSideCipherSuites.md

On OS X:

brew install nmap
nmap --script ssl-enum-ciphers -p 443 example.server.com

Example output

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-18 15:34 CEST
Nmap scan report for example.server.com (1.2.3.4)
Host is up (0.036s latency).
Other addresses for example.server.com (not scanned): 2.3.4.5
rDNS record for 1.2.3.4: somewhere.compute.amazonaws.com
PORT     STATE SERVICE
6000/tcp open  X11
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment