From 0d93b5d37eb6cfd56463159250bfb348b6fe1f87 Mon Sep 17 00:00:00 2001 From: Pepi Zawodsky Date: Sat, 8 Feb 2014 17:07:54 +0100 Subject: [PATCH] Updated README to reflect the changes in cipherscan. --- README.md | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 0392b4f..eb2166f 100644 --- a/README.md +++ b/README.md @@ -2,30 +2,37 @@ CipherScan ========== A very simple way to find out which SSL ciphersuites are supported by a target. -Run: ./cipherscan www.google.com:443 -And watch. +On Linux x86_64 run: ./cipherscan www.google.com:443 +On any other *nix or *tux run: ./cipherscan -o /path/to/openssl www.google.com:443 +and watch. + +The newer your version of openssl, the better results you'll get. Versions +of OpenSSL below 1.0.1 don't support TLS1.2 ciphers, elliptic curves, etc... Build your own or test what your system's OpenSSL supports. + +Cipherscan should work fine on Linux, Mac OS X, Solaris, Illumos, SmartOS, OpenIndiana if you specify a an openssl binary with -o. -The newer your version of openssl, the better results you'll get. Older versions -of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own! Options ------- -Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script. +Enable benchmarking by passing -b|--benchmark -You can use one of the options below (only one. yes, I know...) +You can the options below. -Use '-v' to get more stuff to read. - -Use '-a' to force openssl to test every single cipher it know. - -Use '-json' to output the results in json format +-a | --allciphers Test all known ciphers individually at the end. +-b | --benchmark Activate benchmark mode. +-h | --help Shows this help text. +-j | --json Output results in JSON format. +-o | --openssl /path/to/the/openssl binary you want to use. +-v | --verbose Increase verbosity. + ``` -$ ./cipherscan -json www.google.com:443 +linux $ ./cipherscan -json www.google.com:443 ``` Example ------- +Testing plain SSL/TLS: ``` $ ./cipherscan www.google.com:443 ................... @@ -48,6 +55,10 @@ prio ciphersuite protocols pfs_keysize 16 ECDHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 17 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 18 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 +``` + +Testing STARTTLS: +``` $ ./cipherscan -starttls xmpp jabber.ccc.de:5222 ......... prio ciphersuite protocols pfs_keysize