On this small script you can get list of all TLS versions and ciphers availble connecting a remore destination . the chalange on that script is that sometimes the number of supported ciphers is great and that consumes time. the main tool used here is openssl along with parallel . I also added timeout and custom port that can be set during the run
The script is build around two loops, one that loop the TLS version , and one that loop the TLS ciphers on each verison. the main command is generating a file that later will be called using parallel command . feel free to copy and modify
#!/bin/bash
TARGET=$1
TARGET_PORT=${2:-443}
TIMEOUT=${3:-2}
LOG="/tmp/TLS-$$.log"
RUN_F="/tmp/TLS-$$.sh"
TLS_V="tls1 tls1_1 tls1_2 tls1_3"
for V in $TLS_V
do
TLS_CIPHEPS=`openssl ciphers -$V | tr ':' ' '`
CIPHER_COMAND="cipher"
[ $V = "tls1_3" ] && CIPHER_COMAND="ciphersuites"
for CIPHER in $TLS_CIPHEPS
do
echo "echo | timeout $TIMEOUT openssl s_client -$V -$CIPHER_COMAND $CIPHER -connect $TARGET:$TARGET_PORT &>/dev/null && echo \"$V $CIPHER\" >>$LOG" >>$RUN_F
done
done
parallel --gnu -k -j 100 <$RUN_F
cat $LOG | sort
rm -f $RUN_F $LOG