Konstantin, On 10/21/14 2:18 PM, Konstantin Kolinko wrote: > 2014-10-21 21:55 GMT+04:00 Christopher Schultz <ch...@christopherschultz.net>: >> All, >> >> As part of my testing for the recent changes to Tomcat and tcnative, I >> wanted to use something like "sslscan", but that tool does not support >> anything above TLSv1. >> >> One can use OpenSSL s_client but that's fairly tedious. > > Here is a bash script that uses OpenSSL s_client enumerating all > available ciphers that are supported by that particular version of > OpenSSL: > > http://superuser.com/a/224263 > "Is there a tool that can test what SSL/TLS cipher suites a particular > website offers?"
The script could be improved by trying the ciphers under each supported protocol (e.g. TLSv1 versus TLSv1.1). That script can't distinguish between being able to connect using SSLv3 and TLSv1, only the cipher succeeds. My Java code was written as an exercise also to be shared with the community. Thanks, -chris
signature.asc
Description: OpenPGP digital signature
