On this small script you can get list of all TLS versions and ciphers availble connecting a remore destination . the chalange on that script is that sometimes the number of supported ciphers is great and that consumes time. the main tool used here is openssl along with parallel . I also added timeout and custom port that can be set during the run
The script is build around two loops, one that loop the TLS version , and one that loop the TLS ciphers on each verison. the main command is generating a file that later will be called using parallel command . feel free to copy and modify
#!/bin/bash TARGET=$1 TARGET_PORT=${2:-443} TIMEOUT=${3:-2} LOG="/tmp/TLS-$$.log" RUN_F="/tmp/TLS-$$.sh" TLS_V="tls1 tls1_1 tls1_2 tls1_3" for V in $TLS_V do TLS_CIPHEPS=`openssl ciphers -$V | tr ':' ' '` CIPHER_COMAND="cipher" [ $V = "tls1_3" ] && CIPHER_COMAND="ciphersuites" for CIPHER in $TLS_CIPHEPS do echo "echo | timeout $TIMEOUT openssl s_client -$V -$CIPHER_COMAND $CIPHER -connect $TARGET:$TARGET_PORT &>/dev/null && echo \"$V $CIPHER\" >>$LOG" >>$RUN_F done done parallel --gnu -k -j 100 <$RUN_F cat $LOG | sort rm -f $RUN_F $LOG