Skip to content

Instantly share code, notes, and snippets.

@jvehent

jvehent/tlsobs_ciphersuite.md

Created October 9, 2017 12:19
Show Gist options
  • Save jvehent/40f0b22d286a9c5afd5475a51ccb8a84 to your computer and use it in GitHub Desktop.
Save jvehent/40f0b22d286a9c5afd5475a51ccb8a84 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tlsobs_ciphersuite.md

SQL Query

SELECT timestamp, target, conn_info->'ciphersuite'
FROM scans
WHERE has_tls = 'true'
AND completion_perc = 100 
ORDER BY timestamp desc limit 1;

Sample output

 2017-10-09 12:03:25.532269 | r4---sn-uxaxh5g-4vge.googlevideo.com  | [{"pfs": "ECDH,P-256,256bits", "code": 49199, "cipher": "ECDHE-RSA-AES128-GCM-SHA256", "curves": ["prime256v1"], "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv
1.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "ECDH,P-256,256bits", "code": 49171, "cipher": "ECDHE-RSA-AES128-SHA", "curves": ["prime256v1"], "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv1", "TLSv1.1", "TLSv1
.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "None", "code": 156, "cipher": "AES128-GCM-SHA256", "curves": null, "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": fa
lse}, {"pfs": "None", "code": 47, "cipher": "AES128-SHA", "curves": null, "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "ECDH,P-256,256bits", "c
ode": 49200, "cipher": "ECDHE-RSA-AES256-GCM-SHA384", "curves": ["prime256v1"], "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "ECDH,P-256,256bits", "code": 49172, "
cipher": "ECDHE-RSA-AES256-SHA", "curves": ["prime256v1"], "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "None", "code": 157, "cipher": "AES256-
GCM-SHA384", "curves": null, "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols": ["TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "None", "code": 53, "cipher": "AES256-SHA", "curves": null, "pubkey": 2048, "sigalg": "sh
a256WithRSAEncryption", "protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": false}, {"pfs": "None", "code": 10, "cipher": "DES-CBC3-SHA", "curves": null, "pubkey": 2048, "sigalg": "sha256WithRSAEncryption", "protocols":
 ["TLSv1", "TLSv1.1", "TLSv1.2"], "ticket_hint": "100800", "ocsp_stapling": false}]

Expanded JSON ciphersuite

[
  {
    "pfs": "ECDH,P-256,256bits",
    "code": 49199,
    "cipher": "ECDHE-RSA-AES128-GCM-SHA256",
    "curves": [
      "prime256v1"
    ],
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "ECDH,P-256,256bits",
    "code": 49171,
    "cipher": "ECDHE-RSA-AES128-SHA",
    "curves": [
      "prime256v1"
    ],
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1",
      "TLSv1.1",
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "None",
    "code": 156,
    "cipher": "AES128-GCM-SHA256",
    "curves": null,
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "None",
    "code": 47,
    "cipher": "AES128-SHA",
    "curves": null,
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1",
      "TLSv1.1",
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "ECDH,P-256,256bits",
    "code": 49200,
    "cipher": "ECDHE-RSA-AES256-GCM-SHA384",
    "curves": [
      "prime256v1"
    ],
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "ECDH,P-256,256bits",
    "code": 49172,
    "cipher": "ECDHE-RSA-AES256-SHA",
    "curves": [
      "prime256v1"
    ],
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1",
      "TLSv1.1",
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "None",
    "code": 157,
    "cipher": "AES256-GCM-SHA384",
    "curves": null,
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "None",
    "code": 53,
    "cipher": "AES256-SHA",
    "curves": null,
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1",
      "TLSv1.1",
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  },
  {
    "pfs": "None",
    "code": 10,
    "cipher": "DES-CBC3-SHA",
    "curves": null,
    "pubkey": 2048,
    "sigalg": "sha256WithRSAEncryption",
    "protocols": [
      "TLSv1",
      "TLSv1.1",
      "TLSv1.2"
    ],
    "ticket_hint": "100800",
    "ocsp_stapling": false
  }
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment