Untitled

avatar
unknown
plain_text
5 months ago
2.5 kB
2
Indexable
#!/bin/bash

# Usage: ./check_tls_ssl.sh <domain or IP> <port>
DOMAIN=$1
PORT=$2

# Check if domain and port are provided
if [ -z "$DOMAIN" ] || [ -z "$PORT" ]; then
    echo "Usage: $0 <domain or IP> <port>"
    exit 1
fi

# List of all SSL/TLS versions to check
VERSIONS=("ssl3" "tls1" "tls1_1" "tls1_2" "tls1_3")

# Get list of all possible ciphers
CIPHERS=$(openssl ciphers 'ALL:COMPLEMENTOFALL' | sed -e 's/:/ /g')

echo "Checking supported cipher suites for all SSL/TLS versions on $DOMAIN:$PORT"
echo "---------------------------------------------------------------"

# Check all versions and their supported ciphers
for VERSION in "${VERSIONS[@]}"; do
    echo "Checking cipher suites for $VERSION..."
    SUPPORTED_CIPHERS=()

    for CIPHER in $CIPHERS; do
        # Use -ign_eof to ensure the connection stays open until handshake completes
        RESULT=$(echo | openssl s_client -cipher "$CIPHER" -connect "$DOMAIN:$PORT" -$VERSION -ign_eof 2>/dev/null)

        # Check if the handshake was successful by looking for 'Cipher is' in the output
        if echo "$RESULT" | grep -q "Cipher is $CIPHER"; then
            SUPPORTED_CIPHERS+=("$CIPHER")
        fi
    done

    # Output supported ciphers for the version
    if [ ${#SUPPORTED_CIPHERS[@]} -gt 0 ]; then
        echo "Supported cipher suites for $VERSION:"
        for CIPHER in "${SUPPORTED_CIPHERS[@]}"; do
            echo "  - $CIPHER"
        done
    else
        echo "No supported cipher suites found for $VERSION."
    fi

    echo "---------------------------------------------------------------"
done

# Check only TLS 1.3 supported ciphers
echo "Checking only supported cipher suites for TLS 1.3..."
SUPPORTED_CIPHERS_TLS13=()

for CIPHER in $CIPHERS; do
    # Check specifically for TLS 1.3
    RESULT=$(echo | openssl s_client -cipher "$CIPHER" -connect "$DOMAIN:$PORT" -tls1_3 -ign_eof 2>/dev/null)

    # Check if the handshake was successful by looking for 'Cipher is' in the output
    if echo "$RESULT" | grep -q "Cipher is $CIPHER"; then
        SUPPORTED_CIPHERS_TLS13+=("$CIPHER")
    fi
done

# Output supported ciphers for TLS 1.3
if [ ${#SUPPORTED_CIPHERS_TLS13[@]} -gt 0 ]; then
    echo "Supported cipher suites for TLS 1.3:"
    for CIPHER in "${SUPPORTED_CIPHERS_TLS13[@]}"; do
        echo "  - $CIPHER"
    done
else
    echo "No supported cipher suites found for TLS 1.3."
fi

echo "---------------------------------------------------------------"
echo "SSL/TLS version and cipher suite check completed."
Editor is loading...
Leave a Comment