Research and Development

ssl-cipher-suite-enum is a perl script to enumerate supported SSL cipher suites supported by network services (principally HTTPS).

Key features

  • Support for legacy and newer versions of SSL/TLS: SSLv2.0, TLSv1.0/SSLv3.0, TLSv1.1, TLSv1.2
  • Support for SSL testing over SMTP (STARTTLS), RDP and FTP (AUTH SSL)
  • Flagging of common security issues on a per-host and per-cipher-suite basis (see below for list)
  • Works even when the service requires a client SSL certificate
  • Bruteforces SSLv3+ cipher suites – rather than relying on a fixed list of cipher suites that were known at the time of writing
  • No reliance on SSL libraries – which can cause false negatives
  • Human readable and greppable output – to support reporting and automation
  • Fast scan rate – 1000 connections/second over the LAN
  • Option to throttle connection speed
  • Optimised scanning – group unpopular cipher sites into a single handshake to reduce the number of required connections
  • Option to logging all output to a file
  • Support for scanning a list of hosts
  • Handling of servers that accept cipher suites the client didn’t offer – rare but it does happen!

Security issues identified

ssl-cipher-suite-enum identifies the following common security issues relating to SSL:

  • SSLv2 being supported – being vulnerable to a downgrade attack and other problems inherent to this version of the protocol.
  • Cipher suites that use symmetric encryption where the key length is less than 128-bits.
  • Support of key exchange algorithms that don’t support forward secrecy – or equivalently, cipher suites that allow sniffed traffic to be retrospectively decrypted if the private SSL key were to be compromised.
  • Anonymous Diffie Hellman key exchanges – which allow “Man-In-The-Middle” attacks
  • Cipher suites / protocol combinations that are vulnerable to the BEAST attack – i.e. combinations that would leave the client->server stream open to the BEAST attack
  • Cipher suites that are vulnerable to the POODLE attack – i.e. cipher suites that would leave the client->server stream open to the POODLE attack
  • Cipher suites that are vulnerable to issues relating to legacy export ciphers (FREAK and Logjam)

Overview

The tool performs a similar function to sslscan, THCSSLCheck and sslyze, but differs by crafting part of the SSL handshake instead of using an SSL library to establish a full connection. For SSLv3.0 and above, cipher suites are bruteforced (each cipher suite is represented as a 2 byte field: generally 0×00?? or 0xC0?? – yielding 512 possible values). For SSLv2 only known cipher suites are tried – the search space seems much larger v2 cipher suites and precludes timely bruteforcing.

The handshake-crafting approach provides some significant advantages over library-based tools. Libraries either become outdated and therefore incapable of testing for new protocols such as TLSv1.2 or exotic cipher suites; or they are updated and lose support for older protocols – namely SSLv2.  This can be a significant cause of false negative results when performing vulnerability assessments.

ssl-cipher-suite-enum therefore aims to ensure that you can always identify all support cipher suites and that you never miss the fact that SSLv2 is supported. There is, of course an increased risk of false positive results, though: failing to use an SSL library means that the connection is never fully established.  ssl-cipher-suit-enum will not detect that an application refuses to talk over weaker cipher suites or that full connection fails for some other reason – such as a client certificate being required.

Also see the FAQ page.

Example output 1: Old host supporting SSLv2

$ ssl-cipher-suite-enum.pl 127.0.0.1
Starting ssl-cipher-enum v0.4-beta ( https://labs.portcullis.co.uk/application/ssl-cipher-suite-enum/ ) at Tue Jul  3 14:48:21 2012

[+] Scanning 1 hosts

=== Scan Info ===

Target:    127.0.0.1
IP:        127.0.0.1
Port:      443
Protocols: SSLv2.0,SSLv3.0,TLSv1.0,TLSv1.1,TLSv1.2
Scan Rate: unlimited

=== Testing protocol SSLv2.0 ===

[+] Cipher suite supported on 127.0.0.1:443: SSLv2.0 RC4_128_WITH_MD5[010080] SSL2_INSEC,NO_PFS
[+] Cipher suite supported on 127.0.0.1:443: SSLv2.0 RC4_128_EXPORT40_WITH_MD5[020080] SSL2_INSEC,NO_PFS,WEAK_ENC
[+] Cipher suite supported on 127.0.0.1:443: SSLv2.0 RC2_128_CBC_WITH_MD5[030080] SSL2_INSEC,BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.1:443: SSLv2.0 RC2_128_CBC_EXPORT40_WITH_MD5[040080] SSL2_INSEC,BEAST,NO_PFS,WEAK_ENC
[+] Cipher suite supported on 127.0.0.1:443: SSLv2.0 DES_64_CBC_WITH_MD5[060040] SSL2_INSEC,BEAST,NO_PFS,WEAK_ENC
[+] Cipher suite supported on 127.0.0.1:443: SSLv2.0 DES_192_EDE3_CBC_WITH_MD5[0700c0] SSL2_INSEC,BEAST,NO_PFS
[+] 6 SSLv2.0 cipher suites supported

[V] 127.0.0.1:443 - Some clients could be vulnerable to BEAST attack - if HTTPS service
[V] 127.0.0.1:443 - Some connections might be protected with a weak (<128-bit) symmetric encryption key

=== Testing protocol SSLv3.0 ===

[+] 0 SSLv3.0 cipher suites supported

=== Testing protocol TLSv1.0 ===

[+] 0 TLSv1.0 cipher suites supported

=== Testing protocol TLSv1.1 ===

[+] 0 TLSv1.1 cipher suites supported

=== Testing protocol TLSv1.2 ===

[+] 0 TLSv1.2 cipher suites supported

[+] Summary of support cipher suites for 127.0.0.1:443

SSLv2.0:
* RC4_128_WITH_MD5
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

[+] Summary of weakness "BEAST" for 127.0.0.1:443

SSLv2.0:
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

[+] Summary of weakness "NO_PFS" for 127.0.0.1:443

SSLv2.0:
* RC4_128_WITH_MD5
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

[+] Summary of weakness "SSL2_INSEC" for 127.0.0.1:443

SSLv2.0:
* RC4_128_WITH_MD5
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

[+] Summary of weakness "WEAK_ENC" for 127.0.0.1:443

SSLv2.0:
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5

=== Scan Complete ===

[+] ssl-cipher-enum v0.4-beta completed at Tue Jul  3 14:48:22 2012.  918 connections in 1 secs.

Example output 2: Average modern SSL service

$ ssl-cipher-suite-enum.pl localhost:443
Starting ssl-cipher-enum v0.4-beta ( https://labs.portcullis.co.uk/application/ssl-cipher-suite-enum/ ) at Tue Jul  3 14:48:41 2012

[+] Scanning 1 hosts

=== Scan Info ===

Target:    localhost
IP:        127.0.0.2
Port:      443
Protocols: SSLv2.0,SSLv3.0,TLSv1.0,TLSv1.1,TLSv1.2
Scan Rate: unlimited

=== Testing protocol SSLv2.0 ===

[+] 0 SSLv2.0 cipher suites supported

=== Testing protocol SSLv3.0 ===

[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 RSA_DES_192_CBC3_SHA[000a] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 EDH_RSA_DES_192_CBC3_SHA[0016] BEAST
[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 RSA_WITH_AES_128_SHA[002f] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 DHE_RSA_WITH_AES_128_SHA[0033] BEAST
[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 RSA_WITH_AES_256_SHA[0035] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: SSLv3.0 DHE_RSA_WITH_AES_256_SHA[0039] BEAST

[+] Preferred SSLv3.0 cipher suite on 127.0.0.2:443: RSA_RC4_128_SHA[0005]

[+] 7 SSLv3.0 cipher suites supported

[V] 127.0.0.2:443 - Some clients could be vulnerable to BEAST attack - if HTTPS service
[V] 127.0.0.2:443 - Most encrypted connections will not use forward secrecy

=== Testing protocol TLSv1.0 ===

[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 RSA_DES_192_CBC3_SHA[000a] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 EDH_RSA_DES_192_CBC3_SHA[0016] BEAST
[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 RSA_WITH_AES_128_SHA[002f] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 DHE_RSA_WITH_AES_128_SHA[0033] BEAST
[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 RSA_WITH_AES_256_SHA[0035] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.2:443: TLSv1.0 DHE_RSA_WITH_AES_256_SHA[0039] BEAST

[+] Preferred TLSv1.0 cipher suite on 127.0.0.2:443: RSA_RC4_128_SHA[0005]

[+] 7 TLSv1.0 cipher suites supported

[V] 127.0.0.2:443 - Some clients could be vulnerable to BEAST attack - if HTTPS service
[V] 127.0.0.2:443 - Most encrypted connections will not use forward secrecy

=== Testing protocol TLSv1.1 ===

[+] Protocol TLSv1.1 is not supported.  Skipping.
[+] 0 TLSv1.1 cipher suites supported

=== Testing protocol TLSv1.2 ===

[+] Protocol TLSv1.2 is not supported.  Skipping.
[+] 0 TLSv1.2 cipher suites supported

[+] Summary of support cipher suites for 127.0.0.2:443

SSLv3.0:
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* EDH_RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* DHE_RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* DHE_RSA_WITH_AES_256_SHA

TLSv1.0:
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* EDH_RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* DHE_RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* DHE_RSA_WITH_AES_256_SHA

[+] Summary of weakness "BEAST" for 127.0.0.2:443

SSLv3.0:
* RSA_DES_192_CBC3_SHA
* EDH_RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* DHE_RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* DHE_RSA_WITH_AES_256_SHA

TLSv1.0:
* RSA_DES_192_CBC3_SHA
* EDH_RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* DHE_RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* DHE_RSA_WITH_AES_256_SHA

[+] Summary of weakness "NO_PFS" for 127.0.0.2:443

SSLv3.0:
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

TLSv1.0:
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

=== Scan Complete ===

[+] ssl-cipher-enum v0.4-beta completed at Tue Jul  3 14:48:41 2012.  470 connections in 0 secs.

Example output 3: Well secured service supporting TLSv1.2

$ ssl-cipher-suite-enum.pl www.example.com
Starting ssl-cipher-enum v0.4-beta ( https://labs.portcullis.co.uk/application/ssl-cipher-suite-enum/ ) at Tue Jul  3 14:48:52 2012

[+] Scanning 1 hosts

=== Scan Info ===

Target:    www.example.com
IP:        127.0.0.3
Port:      443
Protocols: SSLv2.0,SSLv3.0,TLSv1.0,TLSv1.1,TLSv1.2
Scan Rate: unlimited

=== Testing protocol SSLv2.0 ===

[+] 0 SSLv2.0 cipher suites supported

=== Testing protocol SSLv3.0 ===

[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 RSA_DES_192_CBC3_SHA[000a] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 ECDHE_RSA_WITH_RC4_128_SHA[c011]
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012] BEAST
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013] BEAST
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 ECDHE_RSA_WITH_AES_256_CBC_SHA[c014] BEAST
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 RSA_WITH_AES_128_SHA[002f] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: SSLv3.0 RSA_WITH_AES_256_SHA[0035] BEAST,NO_PFS

[+] Preferred SSLv3.0 cipher suite on 127.0.0.3:443: ECDHE_RSA_WITH_RC4_128_SHA[c011]

[+] 9 SSLv3.0 cipher suites supported

[V] 127.0.0.3:443 - Some clients could be vulnerable to BEAST attack - if HTTPS service
[V] 127.0.0.3:443 - Some encrypted connections may not have forward secrecy

=== Testing protocol TLSv1.0 ===

[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 RSA_DES_192_CBC3_SHA[000a] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 ECDHE_RSA_WITH_RC4_128_SHA[c011]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012] BEAST
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013] BEAST
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 ECDHE_RSA_WITH_AES_256_CBC_SHA[c014] BEAST
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 RSA_WITH_AES_128_SHA[002f] BEAST,NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.0 RSA_WITH_AES_256_SHA[0035] BEAST,NO_PFS

[+] Preferred TLSv1.0 cipher suite on 127.0.0.3:443: ECDHE_RSA_WITH_RC4_128_SHA[c011]

[+] 9 TLSv1.0 cipher suites supported

[V] 127.0.0.3:443 - Some clients could be vulnerable to BEAST attack - if HTTPS service
[V] 127.0.0.3:443 - Some encrypted connections may not have forward secrecy

=== Testing protocol TLSv1.1 ===

[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 RSA_DES_192_CBC3_SHA[000a] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 ECDHE_RSA_WITH_RC4_128_SHA[c011]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 ECDHE_RSA_WITH_AES_256_CBC_SHA[c014]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 RSA_WITH_AES_128_SHA[002f] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.1 RSA_WITH_AES_256_SHA[0035] NO_PFS

[+] Preferred TLSv1.1 cipher suite on 127.0.0.3:443: ECDHE_RSA_WITH_RC4_128_SHA[c011]

[+] 9 TLSv1.1 cipher suites supported

[V] 127.0.0.3:443 - Some encrypted connections may not have forward secrecy

=== Testing protocol TLSv1.2 ===

[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_DES_192_CBC3_SHA[000a] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_RC4_128_SHA[c011]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_DES_192_CBC3_SHA[c012]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_AES_256_CBC_SHA[c014]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_AES_128_CBC_SHA256[c027]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_AES_256_CBC_SHA384[c028]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_WITH_AES_128_SHA[002f] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_AES_128_GCM_SHA256[c02f]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 ECDHE_RSA_WITH_AES_256_GCM_SHA384[c030]
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_WITH_AES_256_SHA[0035] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_WITH_AES_128_CBC_SHA256[003c] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_WITH_AES_256_CBC_SHA256[003d] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_WITH_AES_128_GCM_SHA256[009c] NO_PFS
[+] Cipher suite supported on 127.0.0.3:443: TLSv1.2 RSA_WITH_AES_256_GCM_SHA384[009d] NO_PFS

[+] Preferred TLSv1.2 cipher suite on 127.0.0.3:443: ECDHE_RSA_WITH_RC4_128_SHA[c011]

[+] 17 TLSv1.2 cipher suites supported

[V] 127.0.0.3:443 - Some encrypted connections may not have forward secrecy
[+] Summary of support cipher suites for 127.0.0.3:443

SSLv3.0:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* ECDHE_RSA_WITH_RC4_128_SHA
* ECDHE_RSA_WITH_DES_192_CBC3_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.0:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* ECDHE_RSA_WITH_RC4_128_SHA
* ECDHE_RSA_WITH_DES_192_CBC3_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.1:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* ECDHE_RSA_WITH_RC4_128_SHA
* ECDHE_RSA_WITH_DES_192_CBC3_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.2:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* RSA_WITH_AES_128_CBC_SHA256
* RSA_WITH_AES_256_CBC_SHA256
* RSA_WITH_AES_128_GCM_SHA256
* RSA_WITH_AES_256_GCM_SHA384
* ECDHE_RSA_WITH_RC4_128_SHA
* ECDHE_RSA_WITH_DES_192_CBC3_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA256
* ECDHE_RSA_WITH_AES_256_CBC_SHA384
* ECDHE_RSA_WITH_AES_128_GCM_SHA256
* ECDHE_RSA_WITH_AES_256_GCM_SHA384

[+] Summary of weakness "BEAST" for 127.0.0.3:443

SSLv3.0:
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* ECDHE_RSA_WITH_DES_192_CBC3_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.0:
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* ECDHE_RSA_WITH_DES_192_CBC3_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA

[+] Summary of weakness "NO_PFS" for 127.0.0.3:443

SSLv3.0:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

TLSv1.0:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

TLSv1.1:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

TLSv1.2:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* RSA_WITH_AES_128_CBC_SHA256
* RSA_WITH_AES_256_CBC_SHA256
* RSA_WITH_AES_128_GCM_SHA256
* RSA_WITH_AES_256_GCM_SHA384

=== Scan Complete ===

[+] ssl-cipher-enum v0.4-beta completed at Tue Jul  3 14:49:39 2012.  922 connections in 47 secs.

Output example #4: Scanning SMTP service that supports STARTTLS

$ ./ssl-cipher-suite-enum.pl --smtp 10.0.0.4:25
Starting ssl-cipher-suite-enum v0.9 ( https://labs.portcullis.co.uk/application/ssl-cipher-suite-enum/ ) at Thu Jul 12 07:02:20 2012

[+] Scanning 1 hosts

=== Scan Info ===

Target:    10.0.0.4
IP:        10.0.0.4
Port:      25
Protocols: SSLv2.0,SSLv3.0,TLSv1.0,TLSv1.1,TLSv1.2
Preamble:  SMTP
Scan Rate: unlimited

=== Testing protocol SSLv2.0 ===

[+] Cipher suite supported on 10.0.0.4:25: SSLv2.0 RC4_128_WITH_MD5[010080] SSL2_INSEC,NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv2.0 RC4_128_EXPORT40_WITH_MD5[020080] SSL2_INSEC,NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv2.0 RC2_128_CBC_WITH_MD5[030080] SSL2_INSEC,NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv2.0 RC2_128_CBC_EXPORT40_WITH_MD5[040080] SSL2_INSEC,NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv2.0 DES_64_CBC_WITH_MD5[060040] SSL2_INSEC,NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv2.0 DES_192_EDE3_CBC_WITH_MD5[0700c0] SSL2_INSEC,NO_PFS
[+] 6 SSLv2.0 cipher suites supported

[V] 10.0.0.4:25 - Some connections might be protected with a weak (<128-bit) symmetric encryption key

=== Testing protocol SSLv3.0 ===

[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_RC4_40_MD5[0003] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_RC2_40_MD5[0006] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_DES_40_CBC_SHA[0008] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_DES_64_CBC_SHA[0009] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_DES_192_CBC3_SHA[000a] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 EDH_RSA_DES_40_CBC_SHA[0014] WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 EDH_RSA_DES_64_CBC_SHA[0015] WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 EDH_RSA_DES_192_CBC3_SHA[0016]
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_WITH_AES_128_SHA[002f] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 DHE_RSA_WITH_AES_128_SHA[0033]
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 RSA_WITH_AES_256_SHA[0035] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: SSLv3.0 DHE_RSA_WITH_AES_256_SHA[0039]

[+] Preferred SSLv3.0 cipher suite on 10.0.0.4:25: RSA_RC4_40_MD5[0003] NO_PFS,WEAK_ENC

[+] 14 SSLv3.0 cipher suites supported

[V] 10.0.0.4:25 - Some connections might be protected with a weak (<128-bit) symmetric encryption key
[V] 10.0.0.4:25 - Most encrypted connections will not use forward secrecy

=== Testing protocol TLSv1.0 ===

[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_RC4_40_MD5[0003] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_RC2_40_MD5[0006] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_DES_40_CBC_SHA[0008] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_DES_64_CBC_SHA[0009] NO_PFS,WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_DES_192_CBC3_SHA[000a] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 EDH_RSA_DES_40_CBC_SHA[0014] WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 EDH_RSA_DES_64_CBC_SHA[0015] WEAK_ENC
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 EDH_RSA_DES_192_CBC3_SHA[0016]
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_WITH_AES_128_SHA[002f] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 DHE_RSA_WITH_AES_128_SHA[0033]
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 RSA_WITH_AES_256_SHA[0035] NO_PFS
[+] Cipher suite supported on 10.0.0.4:25: TLSv1.0 DHE_RSA_WITH_AES_256_SHA[0039]

[+] Preferred TLSv1.0 cipher suite on 10.0.0.4:25: RSA_RC4_40_MD5[0003] NO_PFS,WEAK_ENC

[+] 14 TLSv1.0 cipher suites supported

[V] 10.0.0.4:25 - Some connections might be protected with a weak (<128-bit) symmetric encryption key
[V] 10.0.0.4:25 - Most encrypted connections will not use forward secrecy

=== Testing protocol TLSv1.1 ===

[+] Protocol TLSv1.1 is not supported.  Skipping.
[+] 0 TLSv1.1 cipher suites supported

=== Testing protocol TLSv1.2 ===

[+] Protocol TLSv1.2 is not supported.  Skipping.
[+] 0 TLSv1.2 cipher suites supported

[+] Summary of support cipher suites for 10.0.0.4:25

SSLv2.0:
* RC4_128_WITH_MD5
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

SSLv3.0:
* RSA_RC4_40_MD5
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_RC2_40_MD5
* RSA_DES_40_CBC_SHA
* RSA_DES_64_CBC_SHA
* RSA_DES_192_CBC3_SHA
* EDH_RSA_DES_40_CBC_SHA
* EDH_RSA_DES_64_CBC_SHA
* EDH_RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* DHE_RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* DHE_RSA_WITH_AES_256_SHA

TLSv1.0:
* RSA_RC4_40_MD5
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_RC2_40_MD5
* RSA_DES_40_CBC_SHA
* RSA_DES_64_CBC_SHA
* RSA_DES_192_CBC3_SHA
* EDH_RSA_DES_40_CBC_SHA
* EDH_RSA_DES_64_CBC_SHA
* EDH_RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* DHE_RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* DHE_RSA_WITH_AES_256_SHA

[+] Summary of weakness "NO_PFS" for 10.0.0.4:25

SSLv2.0:
* RC4_128_WITH_MD5
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

SSLv3.0:
* RSA_RC4_40_MD5
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_RC2_40_MD5
* RSA_DES_40_CBC_SHA
* RSA_DES_64_CBC_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

TLSv1.0:
* RSA_RC4_40_MD5
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_RC2_40_MD5
* RSA_DES_40_CBC_SHA
* RSA_DES_64_CBC_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

[+] Summary of weakness "SSL2_INSEC" for 10.0.0.4:25

SSLv2.0:
* RC4_128_WITH_MD5
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5
* DES_192_EDE3_CBC_WITH_MD5

[+] Summary of weakness "WEAK_ENC" for 10.0.0.4:25

SSLv2.0:
* RC4_128_EXPORT40_WITH_MD5
* RC2_128_CBC_EXPORT40_WITH_MD5
* DES_64_CBC_WITH_MD5

SSLv3.0:
* RSA_RC4_40_MD5
* RSA_RC2_40_MD5
* RSA_DES_40_CBC_SHA
* RSA_DES_64_CBC_SHA
* EDH_RSA_DES_40_CBC_SHA
* EDH_RSA_DES_64_CBC_SHA

TLSv1.0:
* RSA_RC4_40_MD5
* RSA_RC2_40_MD5
* RSA_DES_40_CBC_SHA
* RSA_DES_64_CBC_SHA
* EDH_RSA_DES_40_CBC_SHA
* EDH_RSA_DES_64_CBC_SHA

=== Scan Complete ===

[+] ssl-cipher-suite-enum v0.9 completed at Thu Jul 12 07:03:37 2012.  470 connections in 77 secs.

Output example #5: Scanning an RDP service

$ ./ssl-cipher-suite-enum.pl --rdp --tlsv1 10.0.0.5:3389
Starting ssl-cipher-suite-enum v0.9 ( https://labs.portcullis.co.uk/application/ssl-cipher-suite-enum/ ) at Thu Jul 12 07:07:59 2012

[+] Scanning 1 hosts

=== Scan Info ===

Target:    10.0.0.5
IP:        10.0.0.5
Port:      3389
Protocols: TLSv1.0
Preamble:  RDP
Scan Rate: unlimited

=== Testing protocol TLSv1.0 ===

[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 RSA_RC4_128_MD5[0004] NO_PFS
[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 RSA_RC4_128_SHA[0005] NO_PFS
[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 RSA_DES_192_CBC3_SHA[000a] NO_PFS
[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 ECDHE_RSA_WITH_AES_128_CBC_SHA[c013]
[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 ECDHE_RSA_WITH_AES_256_CBC_SHA[c014]
[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 RSA_WITH_AES_128_SHA[002f] NO_PFS
[+] Cipher suite supported on 10.0.0.5:3389: TLSv1.0 RSA_WITH_AES_256_SHA[0035] NO_PFS

[+] Preferred TLSv1.0 cipher suite on 10.0.0.5:3389: RSA_WITH_AES_128_SHA[002f] NO_PFS

[+] 7 TLSv1.0 cipher suites supported

[V] 10.0.0.5:3389 - Most encrypted connections will not use forward secrecy
[+] Summary of support cipher suites for 10.0.0.5:3389

TLSv1.0:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA
* ECDHE_RSA_WITH_AES_128_CBC_SHA
* ECDHE_RSA_WITH_AES_256_CBC_SHA

[+] Summary of weakness "NO_PFS" for 10.0.0.5:3389

TLSv1.0:
* RSA_RC4_128_MD5
* RSA_RC4_128_SHA
* RSA_DES_192_CBC3_SHA
* RSA_WITH_AES_128_SHA
* RSA_WITH_AES_256_SHA

=== Scan Complete ===

[+] ssl-cipher-suite-enum v0.9 completed at Thu Jul 12 07:08:21 2012.  227 connections in 22 secs.

The latest version of the code will be maintained on github. Older versions are available below.

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)