hcooper · September 6, 2012 11:09
diff --git a/ciphertest.sh b/ciphertest.sh
 #!/usr/bin/env bash
 # ciphertest.sh
 # Hereward Cooper <[email protected]> - 6th Sept 2012

 # Report what ciphers are support by a given host
 # Modifed from code found here: http://superuser.com/questions/109213/


 # Do we want to pause between each cipher?
 DELAY=0

 # Check we've been given a host and port
 if [[ $1 == "" ]]; then
 	echo "No host provided"
 	exit 1
 elif ! [[ $1 =~ ":" ]]; then
 	echo "No port provided (host:port)"
 	exit 2
 else
 	SERVER=$1
 fi

 # Get our list of cipher we know
 ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

 # Get the version of OpenSSL we're running
 version=$(openssl version)

 # Warn if we're not running a version of OpenSSL we expect
 if ! [[ "$version" =~ "OpenSSL 1.0" ]] ; then
 	echo "Warning: only tested on OpenSSL 1.0.x (currently running $version)"
 	sleep 3
 else
 	echo "Obtaining cipher list from $version."
 fi

 # Loop through the list of ciphers reporting the outsome of each
 for cipher in ${ciphers[@]}; do
 	echo -n Testing $cipher...
 	result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
 	if [[ "$result" =~ "BEGIN CERTIFICATE" ]] ; then
  		echo -e "\e[1;32mYES\e[0m"
 	else
  		if [[ "$result" =~ ":error:" ]] ; then
    		error=$(echo -n $result | cut -d':' -f6)
    		echo -e "\e[1;31mNO\e[0m ($error)"
  		else
    		echo -e "\e[1;33mUNKNOWN RESPONSE\e[0m"
    		echo $result
  		fi
 	fi
 sleep $DELAY
 done
	#!/usr/bin/env bash
	# ciphertest.sh
	# Hereward Cooper <[email protected]> - 6th Sept 2012

	# Report what ciphers are support by a given host
	# Modifed from code found here: http://superuser.com/questions/109213/


	# Do we want to pause between each cipher?
	DELAY=0

	# Check we've been given a host and port
	if [[ $1 == "" ]]; then
	echo "No host provided"
	exit 1
	elif ! [[ $1 =~ ":" ]]; then
	echo "No port provided (host:port)"
	exit 2
	else
	SERVER=$1
	fi

	# Get our list of cipher we know
	ciphers=$(openssl ciphers 'ALL:eNULL' \| sed -e 's/:/ /g')

	# Get the version of OpenSSL we're running
	version=$(openssl version)

	# Warn if we're not running a version of OpenSSL we expect
	if ! [[ "$version" =~ "OpenSSL 1.0" ]] ; then
	echo "Warning: only tested on OpenSSL 1.0.x (currently running $version)"
	sleep 3
	else
	echo "Obtaining cipher list from $version."
	fi

	# Loop through the list of ciphers reporting the outsome of each
	for cipher in ${ciphers[@]}; do
	echo -n Testing $cipher...
	result=$(echo -n \| openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
	if [[ "$result" =~ "BEGIN CERTIFICATE" ]] ; then
	echo -e "\e[1;32mYES\e[0m"
	else
	if [[ "$result" =~ ":error:" ]] ; then
	error=$(echo -n $result \| cut -d':' -f6)
	echo -e "\e[1;31mNO\e[0m ($error)"
	else
	echo -e "\e[1;33mUNKNOWN RESPONSE\e[0m"
	echo $result
	fi
	fi
	sleep $DELAY
	done