Remote SSL Server cipher check script with python - 20150130
Debian wheezy has python 2.7.3 and it's SSL library looks disabling server-certificate-verify as default. The script I wrote at Remote SSL Server cipher check script with openssl - 20150126 - Shammerism uses openssl and there is no way to disable server certificate verification and it's requires destination server certificates. I would like to ignore SSL Errors except no cipher supported so it is good for me that python can ignore server certificate verification errors. I wrote the function to check remote server supporting cipher suites.
#!/usr/bin/env python import ssl,socket,commands,argparse parser = argparse.ArgumentParser() parser.add_argument('-host', dest = 'host', required = True) parser.add_argument('-port', dest = 'port', default = 443) x = vars(parser.parse_args()) ciphers = commands.getoutput('openssl ciphers -v | awk \'{print $1}\' | grep -v \'SRP-\\|PSK-\'').split('\n') OK = [] NG = [] for i in ciphers: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((x['host'],int(x['port']))) try: s = ssl.wrap_socket(s, server_side = False, ciphers=i) s.send('GET / HTTP/1.1\r\n') s.send('Host: ' + x['host'] + '\r\n') s.send('\r\n') OK.append(i) s.close() except ssl.SSLError, e: NG.append(i) print '========== Supported Ciphers ==========' for i in OK: print i