Untitled

#!/bin/bash

# Usage: ./check_tls_ssl.sh <domain or IP> <port>
DOMAIN=$1
PORT=$2

# Check if domain and port are provided
if [ -z "$DOMAIN" ] || [ -z "$PORT" ]; then
    echo "Usage: $0 <domain or IP> <port>"
    exit 1
fi

# List of SSL/TLS versions to check
VERSIONS=("ssl3" "tls1" "tls1_1" "tls1_2" "tls1_3")

echo "Checking supported SSL/TLS versions for $DOMAIN:$PORT"
echo "---------------------------------------------------------------"

# Check SSL/TLS versions
for VERSION in "${VERSIONS[@]}"; do
    echo "Checking $VERSION..."
    openssl s_client -connect "$DOMAIN:$PORT" -$VERSION < /dev/null 2>/dev/null
    if [ $? -eq 0 ]; then
        echo "$VERSION is supported."
    else
        echo "$VERSION is not supported."
    fi
done

echo "---------------------------------------------------------------"

# Check supported cipher suites
echo "Checking supported cipher suites..."

# Get list of all possible ciphers
CIPHERS=$(openssl ciphers 'ALL:COMPLEMENTOFALL' | sed -e 's/:/ /g')

# Show only supported ciphers
SUPPORTED_CIPHERS=()

for CIPHER in $CIPHERS; do
    # Use -ign_eof to ensure the connection stays open until handshake completes
    RESULT=$(echo | openssl s_client -cipher "$CIPHER" -connect "$DOMAIN:$PORT" -ign_eof 2>/dev/null)
    
    # Check if the handshake was successful by looking for 'Cipher is' in the output
    if echo "$RESULT" | grep -q "Cipher is $CIPHER"; then
        SUPPORTED_CIPHERS+=("$CIPHER")
    fi
done

if [ ${#SUPPORTED_CIPHERS[@]} -gt 0 ]; then
    echo "Supported cipher suites:"
    for CIPHER in "${SUPPORTED_CIPHERS[@]}"; do
        echo "  - $CIPHER"
    done
else
    echo "No supported cipher suites found."
fi

echo "---------------------------------------------------------------"
echo "SSL/TLS version and cipher suite check completed."