Table of Contents
show-cipher-preference - server to show TLS client cipher preference
show-cipher-preference [ PORT ]
show-cipher-preference
is a most simple server to analyze a TLS CLIENT HELLO. It listens on the
given tcp port or default port 443. If a TLS client connects then it prints
data of the TLS client hello including cipher preference and optionally
(on ECDH) the curves,
The return value is 0 if no error occurs
and a TLS client hello could be identified and analyzed. Error return values:
- illegal port
- couldn’t create socket
- couldn’t set socket options
- couldn’t bind
to socket
- couldn’t listen on socket
- couldn’t set receive buffer
- couldn’t accept
connection
- network read too short
- TLS wrong type
- TLS wrong record length
- TLS wrong message type (must be client hello)
Example for a cipher
preference with just one ECDH cipher: $ ./show-cipher-preference 1993
Version: TLSv1
Record Length: 114
Message Length: 110
Version: TLSv1.2
ServerRandom, Time: 1472248691,
Fri Aug 26 23:58:11 2016
(time reversed:) 1941684311,
Sun Jul 13 06:45:11 2031
Session ID Length: 0
Cipher Suite Length: 4
0xC0 0x30 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384)
0x00 0xFF TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression Methods Length: 1
Extensions Length: 65
Extension: 0x00 0x0B, Extension Length: 4
Extension: 0x00 0x0A, Extension Length: 8, EC list: sect233k1 secp521r1
secp384r1 secp256r1
Extension: 0x00 0x23, Extension Length: 0
Extension: 0x00 0x0D, Extension Length: 32
Extension: 0x00 0x0F, Extension Length: 1
Frank Bergmann, http://www.tuxad.com
Table of Contents