mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 22:33:40 +01:00
Updated README to reflect the changes in cipherscan.
This commit is contained in:
Pepi Zawodsky
parent
490c86c43e
commit
0d93b5d37e
35
README.md
35
README.md
@ -2,30 +2,37 @@ CipherScan
|
|||||||
==========
|
==========
|
||||||
A very simple way to find out which SSL ciphersuites are supported by a target.
|
A very simple way to find out which SSL ciphersuites are supported by a target.
|
||||||
|
|
||||||
Run: ./cipherscan www.google.com:443
|
On Linux x86_64 run: ./cipherscan www.google.com:443
|
||||||
And watch.
|
On any other *nix or *tux run: ./cipherscan -o /path/to/openssl www.google.com:443
|
||||||
|
and watch.
|
||||||
|
|
||||||
|
The newer your version of openssl, the better results you'll get. Versions
|
||||||
|
of OpenSSL below 1.0.1 don't support TLS1.2 ciphers, elliptic curves, etc... Build your own or test what your system's OpenSSL supports.
|
||||||
|
|
||||||
|
Cipherscan should work fine on Linux, Mac OS X, Solaris, Illumos, SmartOS, OpenIndiana if you specify a an openssl binary with -o.
|
||||||
|
|
||||||
The newer your version of openssl, the better results you'll get. Older versions
|
|
||||||
of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!
|
|
||||||
|
|
||||||
Options
|
Options
|
||||||
-------
|
-------
|
||||||
Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
|
Enable benchmarking by passing -b|--benchmark
|
||||||
|
|
||||||
You can use one of the options below (only one. yes, I know...)
|
You can the options below.
|
||||||
|
|
||||||
Use '-v' to get more stuff to read.
|
-a | --allciphers Test all known ciphers individually at the end.
|
||||||
|
-b | --benchmark Activate benchmark mode.
|
||||||
Use '-a' to force openssl to test every single cipher it know.
|
-h | --help Shows this help text.
|
||||||
|
-j | --json Output results in JSON format.
|
||||||
Use '-json' to output the results in json format
|
-o | --openssl /path/to/the/openssl binary you want to use.
|
||||||
|
-v | --verbose Increase verbosity.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ./cipherscan -json www.google.com:443
|
linux $ ./cipherscan -json www.google.com:443
|
||||||
```
|
```
|
||||||
|
|
||||||
Example
|
Example
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
Testing plain SSL/TLS:
|
||||||
```
|
```
|
||||||
$ ./cipherscan www.google.com:443
|
$ ./cipherscan www.google.com:443
|
||||||
...................
|
...................
|
||||||
@ -48,6 +55,10 @@ prio ciphersuite protocols pfs_keysize
|
|||||||
16 ECDHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
16 ECDHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
|
||||||
17 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
17 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
||||||
18 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
18 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
|
||||||
|
```
|
||||||
|
|
||||||
|
Testing STARTTLS:
|
||||||
|
```
|
||||||
$ ./cipherscan -starttls xmpp jabber.ccc.de:5222
|
$ ./cipherscan -starttls xmpp jabber.ccc.de:5222
|
||||||
.........
|
.........
|
||||||
prio ciphersuite protocols pfs_keysize
|
prio ciphersuite protocols pfs_keysize
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user