Table of Contents

Name

show-cipher-preference - server to show TLS client cipher preference

Synopsis

show-cipher-preference [ PORT ]

Description

show-cipher-preference is a most simple server to analyze a TLS CLIENT HELLO. It listens on the given tcp port or default port 443. If a TLS client connects then it prints data of the TLS client hello including cipher preference and optionally (on ECDH) the curves,

Return Value

The return value is 0 if no error occurs and a TLS client hello could be identified and analyzed. Error return values:
  1. illegal port
  2. couldn’t create socket
  3. couldn’t set socket options
  4. couldn’t bind to socket
  5. couldn’t listen on socket
  6. couldn’t set receive buffer
  7. couldn’t accept connection
  8. network read too short
  9. TLS wrong type
  10. TLS wrong record length
  11. TLS wrong message type (must be client hello)

Examples

Example for a cipher preference with just one ECDH cipher:
$ ./show-cipher-preference 1993
Version: TLSv1
Record Length: 114
Message Length: 110
Version: TLSv1.2
ServerRandom, Time: 1472248691,
Fri Aug 26 23:58:11 2016
(time reversed:) 1941684311,
Sun Jul 13 06:45:11 2031
Session ID Length: 0
Cipher Suite Length: 4
0xC0 0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384)
0x00 0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression Methods Length: 1
Extensions Length: 65
Extension: 0x00 0x0B, Extension Length: 4
Extension: 0x00 0x0A, Extension Length: 8, EC list: sect233k1 secp521r1 secp384r1 secp256r1
Extension: 0x00 0x23, Extension Length: 0
Extension: 0x00 0x0D, Extension Length: 32
Extension: 0x00 0x0F, Extension Length: 1

Author

Frank Bergmann, http://www.tuxad.com


Table of Contents