Is there an easy way to check SSL cipher preference from the command-line?
Currently, I believe the only way to do this is to manually check the different ciphers with openssl s_client
.
Preferred ciphers are easy enough, just connect with no -cipher
option and the cipher that's used is likely the server's preferred (as long as it's in openssl's default cipher list).
Auditing what ciphers are supported is more legwork, as you'll need to manually specify each cipher that you want to test with the -cipher
option (openssl ciphers
will show you your options) and see if you can connect. There is an outstanding feature request against OpenSSL to add cipher discovery for this purpose, but that's of no help at the moment.
Related videos on Youtube
Mike B
Technology Enthusiast, Gamer, Sci-Fi Addict, and DIY-er in training. =)
Updated on September 18, 2022Comments
-
Mike B over 1 year
CentOS 5.x
I want to confirm which SSL ciphers are supported and preferred on my web server. Is there an easy way to do this WITHOUT using third-party audit software/equipment? I was hoping for something in openssl. Unfortunately, the web server is locked down so other third-party online tools like Qualys SSL Test won't work.
-
plasmid87 about 12 yearsA script has been posted on superuser, which should automate the process using locally available ciphers.