Enumerate SSL Ciphers Using nmap

A quick method to scan your network and enumerate the SSL Ciphers in use on systems is with nmap.

nmap –script ssl-enum-ciphers -p 443 192.168.0.1/24

This will scan the entire 192.168.0.0 subnet for open port 443 and if found enumerate the SSL Ciphers enabled.

You can also use openssl if the command is installed in Windows or Linux.

openssl s_client -connect 192.168.0.1:443 -tls1_2

openssl s_client -connect 192.168.0.1:443 -tls1_1

If a response is available for the ciphers specified, output will exist. If not, similar output showing will exist.

$ openssl s_client -connect 192.168.0.1:443 -tls1_1 CONNECTED(00000003) 140154848113984:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1543:SSL alert number 70

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 104 bytes Verification: OK

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1654548424 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no

Published At