To get the list of ciphers and protocols for any JAVA port running on the server we can use below simple script .
Replace Server and port on the below snippet and run the for loop .It will list all the Protocols and ciphers supported by the port on the server
We can use the same snippet to get the ciphers and protocols from from remote server also
This can only run from Linux/Aix/Sol server
for v in ssl2 ssl3 tls1 tls1_1 tls1_2 tlsv1_3; do
for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
openssl s_client -connect SERVERIP:PORT -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo $v:\t$c
done
done
For example i have Linux server where 631 port is up and listening .
Now i want to get the list of Protocols and Cihpers that this server and port supporting .
Replace the IP and port on the given ssl snippet and run on the server . Refer below output.
[wlsuser@localhost tmp]$ netstat -tnpl |grep 631
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
[wlsuser@localhost tmp]$ for v in ssl2 ssl3 tls1 tls1_1 tls1_2;
do for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
openssl s_client -connect 127.0.0.1:631 -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo $v:\t$c
done
done
tls1:tAES256-SHA
tls1:tCAMELLIA256-SHA
tls1:tAES128-SHA
tls1:tSEED-SHA
tls1:tCAMELLIA128-SHA
tls1:tDES-CBC3-SHA
tls1:tIDEA-CBC-SHA
tls1_1:tAES256-SHA
tls1_1:tCAMELLIA256-SHA
tls1_1:tAES128-SHA
tls1_1:tSEED-SHA
tls1_1:tCAMELLIA128-SHA
tls1_1:tDES-CBC3-SHA
tls1_1:tIDEA-CBC-SHA
tls1_2:tAES256-GCM-SHA384
tls1_2:tAES256-SHA256
tls1_2:tAES256-SHA
tls1_2:tCAMELLIA256-SHA
tls1_2:tAES128-GCM-SHA256
tls1_2:tAES128-SHA256
tls1_2:tAES128-SHA
tls1_2:tSEED-SHA
tls1_2:tCAMELLIA128-SHA
tls1_2:tDES-CBC3-SHA
tls1_2:tIDEA-CBC-SHA
[wlsuser@localhost tmp]$
No comments:
Post a Comment