Python SSL Client for checking ciphers supported on the server
This is an upgraded script of Python SSL Client disabled server certificate verification - Shammerism. The ssl socket generated by httplib.HTTPSConnnection can be initialized with the SSL Context. Then, we can define the cipher to be able to use to SSL Context. Those code is like below.
#!/usr/bin/env python import ssl import httplib DestIP = '1.1.1.1' sslContext = ssl._create_unverified_context() sslContext.set_ciphers('ALL') try: s = httplib.HTTPSConnection(DestIP, context = sslContext) ....
In this example, ALL cipher suites which are available on the host this script will be run are supported. According to python document, this should be written as an openssl format. But, there is a possibility that set_ciphers throws an error. And DestIP is hard coded, it is a bad point. So it should be written like below.
#!/usr/bin/env python import argparse import httplib import ssl parser = argparse.ArgumentParser() parser.add_argument('-host', dest = 'host', required = True) parser.add_argument('-port', dest = 'port', default = 443) parser.add_argument('-cipher', dest = 'cipher', default = 'ALL') x = vars(parser.parse_args()) try: sslContext = ssl._create_unverified_context() sslContext.set_ciphers(x['cipher']) try: s = httplib.HTTPSConnection(x['host'], port = x['port'], context = sslContext) s.send('GET / HTTP/1.1\r\n') ... except ssl.SSLError, e: print 'Connect failure because of ' + e.args[0] finally: s.close() except ssl.SSLError, e: print 'set_cipher failed because ' + e.args[0]