Untitled
unknown
plain_text
a year ago
2.1 kB
6
Indexable
#!/bin/bash
# Usage: ./check_tls_ssl.sh <domain or IP> <port>
DOMAIN=$1
PORT=$2
# Check if domain and port are provided
if [ -z "$DOMAIN" ] || [ -z "$PORT" ]; then
echo "Usage: $0 <domain or IP> <port>"
exit 1
fi
# List of SSL/TLS versions to check
VERSIONS=("ssl3" "tls1" "tls1_1" "tls1_2" "tls1_3")
echo "Checking status of all SSL/TLS versions for $DOMAIN:$PORT"
echo "---------------------------------------------------------------"
# Check all SSL/TLS versions
for VERSION in "${VERSIONS[@]}"; do
echo "Checking $VERSION..."
openssl s_client -connect "$DOMAIN:$PORT" -$VERSION < /dev/null 2>/dev/null
if [ $? -eq 0 ]; then
echo "$VERSION is supported."
else
echo "$VERSION is not supported."
fi
done
echo "---------------------------------------------------------------"
# Now checking supported cipher suites for TLS 1.2 and TLS 1.3
VERSIONS_TO_CHECK=("tls1_2" "tls1_3")
# Get list of all possible ciphers
CIPHERS=$(openssl ciphers 'ALL:COMPLEMENTOFALL' | sed -e 's/:/ /g')
# Iterate over TLS 1.2 and 1.3 only
for VERSION in "${VERSIONS_TO_CHECK[@]}"; do
echo "Checking supported cipher suites for $VERSION..."
SUPPORTED_CIPHERS=()
for CIPHER in $CIPHERS; do
# Use -ign_eof to ensure the connection stays open until handshake completes
RESULT=$(echo | openssl s_client -cipher "$CIPHER" -connect "$DOMAIN:$PORT" -$VERSION -ign_eof 2>/dev/null)
# Check if the handshake was successful by looking for 'Cipher is' in the output
if echo "$RESULT" | grep -q "Cipher is $CIPHER"; then
SUPPORTED_CIPHERS+=("$CIPHER")
fi
done
# Output supported ciphers for the version
if [ ${#SUPPORTED_CIPHERS[@]} -gt 0 ]; then
echo "Supported cipher suites for $VERSION:"
for CIPHER in "${SUPPORTED_CIPHERS[@]}"; do
echo " - $CIPHER"
done
else
echo "No supported cipher suites found for $VERSION."
fi
echo "---------------------------------------------------------------"
done
echo "SSL/TLS version status and cipher suite check completed."Editor is loading...
Leave a Comment