From aa093bc86db5300eedb1934c91b2244eea39735d Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Sat, 8 Nov 2014 19:11:11 +0100 Subject: [PATCH] add openssl options to help message add examples of useful openssl options --- cipherscan | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/cipherscan b/cipherscan index 5b0908c..d6b9015 100755 --- a/cipherscan +++ b/cipherscan @@ -212,12 +212,15 @@ usage() { [-v|--verbose] [-o|--openssl file] [openssl s_client args] usage: $0 -h|--help -$0 attempts to connect to a target site using all the ciphersuites it knows. -Julien Vehent [:ulfr] - https://github.com/jvehent/cipherscan +$0 attempts to connect to a target site using all the ciphersuites known +to OpenSSL it is using. + +Julien Vehent [:ulfr] and others (see README.md) +https://github.com/jvehent/cipherscan Port defaults to 443 -example: $ $0 www.google.com:443 +example: $ $0 www.google.com Use one of the options below: @@ -241,9 +244,20 @@ Use one of the options below: -v | --verbose Increase verbosity. The rest of the arguments will be interpreted as openssl s_client argument. -This enables checking smtp/imap/pop3/ftp/xmpp via -starttls -EXAMPLES: $0 -starttls xmpp jabber.ccc.de:5222 +Some useful OpenSSL options: +-starttls [smtp|imap|pop3|ftp|xmpp] Enable support and testing of the protocols + that require turning TLS after initial protocol specific + hello +-servername name Request SNI support for connections +-verify_hostname name Request host name verification in connection + (req. OpenSSL 1.0.2) +-verify_ip ip Request host name verification for an IP address, usually + not specified in certificates (req. OpenSSL 1.0.2) + +EXAMPLES: +$0 -starttls xmpp jabber.ccc.de:5222 +$0 -servername youtube.com youtube.com:443 " }