How to list supported ciphers suites of a server?

I run into a problem of how to check whether my SSL ciphers suites configuration works correctly on my server.
Basically, with openssl, client can verify if the server supports a particular cipher suite using the following command:

openssl s_client -cipher "$cipher" -CAfile ca/ca.crt -connect server:port
# $cipher is the cipher suite name

So it is possible to automatically test all cipher suites supported by openssl against the server using a simple snippet of Bash, i found such script in this site https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers and modify it a little bit. Below is the script:

#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
    echo -n Testing $cipher...
    result=$(echo -n | openssl s_client -cipher "$cipher"  -connect $SERVER 2>&1)
    if [[ "$result" =~ ":error:" ]] ; then
        error=$(echo -n $result | cut -d':' -f6)
        echo NO \($error\)
    else
        if echo $result | grep -q "Verify return code: 0 (ok)"; then
            echo YES
        else
            echo UNKNOWN RESPONSE
            echo $result
         fi
    fi
sleep $DELAY
done

Rust tip: (Unix) drop the current user privileges

Brief

Rust is a modern programing language which is claimed to be blazingly fast and memory-efficient. It syntactically similar to C++, but is designed to provide better memory safety while maintaining high performance and productivity:

  • Zero cost abstraction: allow a perfect balance between performance and productivity
  • Memory efficient with no runtime or garbage collector
  • Memory safe: Rust does not permit null pointers, dangling pointers, or data races in safe code.
  • Memory management using an ownership model guarantee memory-safety and thread-safety .
  • Great documentation, easy to use compiler and integrated packages/libraries management
  • Easy to interface with other language.
  • A bit of learning curve for the variable ownership and variable lifetime features.
Powered by antd server, (c) 2017 - 2024 Dany LE.This site does not use cookie, but some third-party contents (e.g. Youtube, Twitter) may do.