Learn How to Enumerate SSL/TLS Ciphersuites with ssl-enum-ciphers Script
How to Download and Use ssl-enum-ciphers to Test SSL/TLS Configuration
SSL/TLS is a protocol that provides secure communication over the internet. It encrypts and authenticates the data exchanged between a client and a server, preventing eavesdropping, tampering, and impersonation. However, not all SSL/TLS configurations are equally secure. Some may use weak or outdated cipher suites, compression methods, protocols, or certificates that expose them to various attacks and vulnerabilities.
That's why it's important to test and evaluate the SSL/TLS configuration of a server before trusting it with sensitive information. One tool that can help you with this task is ssl-enum-ciphers, a nmap script that repeatedly initiates SSL/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphersuites and compressors that a server accepts, along with their grades and strengths.
In this article, we will show you how to download and use ssl-enum-ciphers to test the SSL/TLS configuration of a server. We will also explain how the script works, how to interpret its output, what are some common SSL/TLS vulnerabilities and misconfigurations that it can detect, and how to compare its results with other tools.
How to Download and Use ssl-enum-ciphers with nmap
ssl-enum-ciphers is a nmap script that requires nmap, a network scanning tool, to run. You can download nmap from its official website: [nmap.org](^1^). You can also install it using your package manager if you are using Linux or Mac OS.
ssl-enum-ciphers nse script documentation
ssl-enum-ciphers nmap github
ssl-enum-ciphers usage and output
ssl-enum-ciphers rating guide
ssl-enum-ciphers list ciphers supported by server
ssl-enum-ciphers tutorial and examples
ssl-enum-ciphers scan multiple hosts
ssl-enum-ciphers compare results
ssl-enum-ciphers report format
ssl-enum-ciphers csv output
ssl-enum-ciphers filter by grade
ssl-enum-ciphers detect weak ciphers
ssl-enum-ciphers test poodle vulnerability
ssl-enum-ciphers check tls version
ssl-enum-ciphers starttls support
ssl-enum-ciphers specify cipher suite
ssl-enum-ciphers debug mode
ssl-enum-ciphers timeout option
ssl-enum-ciphers parallel execution
ssl-enum-ciphers exclude ports
ssl-enum-ciphers update script
ssl-enum-ciphers alternative tools
ssl-enum-ciphers best practices
ssl-enum-ciphers performance optimization
ssl-enum-ciphers troubleshooting tips
Once you have nmap installed, you need to download ssl-enum-ciphers from its repository: [svn.nmap.org](^2^). You can use the following command to download it:
Alternatively, you can use svn (subversion) to check out the entire nmap scripts directory:
svn co --depth files https://svn.nmap.org/nmap/scripts/
After downloading ssl-enum-ciphers, you need to place it in your nmap scripts directory. The location of this directory may vary depending on your operating system and installation method, but you can find it by running:
nmap --script-help ssl-enum-ciphers
If you see an error message saying that nmap can't find the script, then you need to move it to the correct directory. For example, on Linux, you may need to move it to /usr/share/nmap/scripts/.
Once you have placed ssl-enum-ciphers in your nmap scripts directory, you can use it with nmap by specifying its name after --script option. For example, to test the SSL/TLS configuration of www.example.com on port 443 (the default port for HTTPS), you can run:
nmap --script ssl-enum-ciphers -p 443 www.example.com
PORT STATE SERVICE 443/tcp open https ssl-enum-ciphers: TLSv1.2: ciphers: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A compressors: NULL cipher preference: client warnings: 64-bit block cipher 3DES vulnerable to SWEET32 attack least strength: A
As you can see, the output of ssl-enum-ciphers contains several fields and information that can help you assess the security of the SSL/TLS configuration of the server. Let's go over them in more detail.
How does ssl-enum-ciphers work and what are the output fields?
ssl-enum-ciphers works by sending a series of ClientHello messages to the server, each with a different set of cipher suites and compressors, and recording the ServerHello messages that the server responds with. A cipher suite is a combination of encryption, authentication, and key exchange algorithms that are used to establish a secure connection. A compressor is a method of reducing the size of the data that is transmitted over the connection.
The script tries to test all the possible cipher suites and compressors that are supported by nmap's SSL/TLS library, which is based on OpenSSL. However, some cipher suites or compressors may not be available or enabled on your system, depending on your OpenSSL version and configuration. You can check which cipher suites and compressors are available on your system by running:
nmap --script ssl-enum-ciphers --script-args ssl-enum-ciphers.displayall
The output of ssl-enum-ciphers consists of the following fields:
PORT: The port number that was scanned.
STATE: The state of the port, such as open, closed, or filtered.
SERVICE: The service name that was detected on the port, such as https or smtps.
ssl-enum-ciphers: The name of the script that produced the output.
TLSv1.2: The protocol version that was used for the connection. The script tries to test all the protocol versions that are supported by nmap's SSL/TLS library, which are SSLv2, SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2. However, some protocol versions may not be available or enabled on your system, or may be rejected by the server. You can specify which protocol version to use by adding --script-args ssl-enum-ciphers.protocol=version to your nmap command.
ciphers: The list of cipher suites that were accepted by the server, along with their grades and key exchange parameters. The grades are based on the scoring system used by Qualys SSL Labs, which ranges from A+ (the best) to F (the worst). The key exchange parameters are shown in parentheses after the cipher suite name, and indicate the type and size of the keys that are used for encryption and authentication. For example, ecdh_x25519 means that elliptic curve Diffie-Hellman with curve x25519 is used for key exchange.
compressors: The list of compressors that were accepted by the server. The most common compressor is NULL, which means no compression is used.
cipher preference: The preference order of the cipher suites that are accepted by the server. This can be either client or server, depending on who decides which cipher suite to use for the connection. If it is client, then the script chooses the cipher suite from its list of available ones. If it is server, then the server chooses the cipher suite from the list that the script sends.
warnings: The list of warnings that indicate potential vulnerabilities or misconfigurations in the SSL/TLS configuration of the server. These warnings are based on various sources of information and best practices, such as the Qualys SSL Labs test, the Mozilla SSL Configuration Generator, and the OWASP Transport Layer Protection Cheat Sheet. Some examples of warnings are: weak cipher suites, insecure protocols, certificate issues, compression vulnerabilities, and known attacks.
least strength: The lowest grade among the cipher suites that are accepted by the server. This indicates the minimum level of security that the server offers to its clients. Ideally, this should be A or higher, as lower grades may expose the server to various risks and attacks.
By analyzing these fields, you can get a comprehensive overview of the SSL/TLS configuration of the server and identify any weaknesses or problems that need to be fixed or improved.
How to interpret the cipher suite grades and the least strength indicator?
The cipher suite grades and the least strength indicator are based on the scoring system used by Qualys SSL Labs, which is a widely used and respected tool for testing and evaluating SSL/TLS configurations. The scoring system assigns a grade from A+ to F to each cipher suite based on its security properties and performance. The grades are calculated using a complex algorithm that takes into account various factors such as:
The encryption algorithm and key size
The authentication algorithm and key size
The key exchange algorithm and key size
The protocol version and extensions
The forward secrecy and perfect forward secrecy support
The vulnerability to known attacks and weaknesses
The compatibility and performance issues
The following table summarizes the main criteria and thresholds for each grade:
All cipher suites are secure and support perfect forward secrecy. The server supports HTTP Strict Transport Security (HSTS) with a long duration.
All cipher suites are secure and support perfect forward secrecy. The server does not support HSTS or supports it with a short duration.
Some cipher suites are secure but do not support perfect forward secrecy. The server supports weak protocols such as TLS 1.0 or TLS 1.1.
Some cipher suites are weak or insecure, such as those using 3DES, RC4, or MD5. The server supports insecure protocols such as SSL 3.0.
Some cipher suites are very weak or insecure, such as those using NULL, EXPORT, or ANON. The server supports very insecure protocols such as SSL 2.0.
The server has certificate issues, such as expired, self-signed, revoked, or mismatched certificates.
The server has serious security issues, such as being vulnerable to Heartbleed, POODLE, or FREAK attacks.
The least strength indicator shows the lowest grade among the cipher suites that are accepted by the server. This indicates the minimum level of security that the server offers to its clients. For example, if the server accepts a cipher suite with grade F, then the least strength indicator will be F, even if the server also accepts cipher suites with higher grades. This is because an attacker can force the server to use the weakest cipher suite that it accepts, and compromise the security of the connection.
Therefore, it is recommended to use only cipher suites with grades A or higher, and to disable or remove any cipher suites with lower grades. This will ensure that the server provides a high level of security and performance to its clients, and that it is not vulnerable to any known attacks or weaknesses.
What are some common SSL/TLS vulnerabilities and misconfigurations that ssl-enum-ciphers can detect and warn about?
ssl-enum-ciphers can detect and warn about various SSL/TLS vulnerabilities and misconfigurations that may affect the security and performance of the connection. Some of these are:
64-bit block cipher 3DES vulnerable to SWEET32 attack: This warning means that the server accepts a cipher suite that uses 3DES, a 64-bit block cipher that is vulnerable to a birthday attack called SWEET32. This attack allows an attacker to recover plaintext from encrypted traffic by capturing a large amount of data (around 32 GB) and exploiting a collision in the cipher blocks. To prevent this attack, it is recommended to disable or remove any cipher suites that use 3DES.
Insecure RC4 ciphers detected: This warning means that the server accepts a cipher suite that uses RC4, a stream cipher that is insecure and deprecated. RC4 has several weaknesses and vulnerabilities, such as biases in its output, that allow an attacker to break its encryption and recover plaintext from encrypted traffic. To prevent this, it is recommended to disable or remove any cipher suites that use RC4.
Server supports SSLv3: This warning means that the server supports SSLv3, an old and insecure protocol version that is vulnerable to a padding oracle attack called POODLE. This attack allows an attacker to decrypt SSLv3 traffic by exploiting a flaw in its padding scheme. To prevent this, it is recommended to disable or remove SSLv3 support from the server.
Server supports TLSv1.0: This warning means that the server supports TLSv1.0, an outdated and weak protocol version that is no longer considered secure. TLSv1.0 has several issues and limitations, such as not supporting modern cipher suites, extensions, or features, and being vulnerable to downgrade attacks or protocol confusion attacks. To prevent this, it is recommended to disable or remove TLSv1.0 support from the server.
Server does not support Forward Secrecy with the reference browsers: This warning means that the server does not support Forward Secrecy (FS) or Perfect Forward Secrecy (PFS) with the reference browsers, which are Chrome 51, Firefox 47, IE 11 on Windows 7, Edge 13 on Windows 10, Java 8u91, OpenSSL 1.0.2h, Safari 9 on OS X 10.11, and Safari 9 on iOS 9. FS or PFS is a property of some key exchange algorithms that ensures that the encryption keys are not derived from a static or long-term secret, such as a private key or a password. This means that even if an attacker manages to compromise or steal the long-term secret, they cannot decrypt past or future sessions that use different keys. To support FS or PFS, it is recommended to use key exchange algorithms such as ECDHE or DHE.
Server certificate does not match hostname: This warning means that the server certificate does not match the hostname that was scanned. This may indicate a configuration error, a misissued certificate, or a man-in-the-middle attack. To fix this, it is recommended to use a valid certificate that matches the hostname of the server.
Server certificate is not trusted: This warning means that the server certificate is not trusted by nmap's SSL/TLS library, which uses Mozilla's root store as its trust store. This may indicate a self-signed certificate, an expired certificate, a revoked certificate, or an unknown certificate authority. To fix this , it is recommended to use a trusted certificate that is issued by a reputable certificate authority.
These are some of the most common SSL/TLS vulnerabilities and misconfigurations that ssl-enum-ciphers can detect and warn about, but there may be others that are not covered by the script. Therefore, it is advisable to use other tools and sources of information to complement and verify the results of ssl-enum-ciphers.
How to compare the results of ssl-enum-ciphers with other tools such as SSLLabs or testssl.sh?
ssl-enum-ciphers is a useful and convenient tool for testing and evaluating the SSL/TLS configuration of a server, but it is not the only one. There are other tools that can provide similar or different information and insights, such as SSLLabs or testssl.sh. These tools may have different features, methods, criteria, and scopes than ssl-enum-ciphers, and may produce different results or grades. Therefore, it is beneficial to compare the results of ssl-enum-ciphers with other tools to get a more comprehensive and accurate picture of the SSL/TLS configuration of a server.
SSLLabs is a web-based tool that provides a free online service for testing and grading the SSL/TLS configuration of a server. It uses a complex and comprehensive scoring system that takes into account various factors such as protocol support, key exchange, cipher strength, certificate validity, HSTS support, OCSP stapling, and more. It also provides detailed information and explanations about each aspect of the SSL/TLS configuration, as well as recommendations and best practices for improving it. You can access SSLLabs at [ssllabs.com].
testssl.sh is a command-line tool that provides a free offline service for testing and grading the SSL/TLS configuration of a server. It uses OpenSSL or LibreSSL as its SSL/TLS library, and supports various features such as protocol detection, cipher enumeration, certificate analysis, HSTS support, OCSP stapling, vulnerability scanning, and more. It also provides detailed information and explanations about each aspect of the SSL/TLS configuration, as well as recommendations and best practices for improving it. You can download testssl.sh from its repository: [github.com].
To compare the results of ssl-enum-ciphers with other tools such as SSLLabs or testssl.sh, you can use the following steps:
Run ssl-enum-ciphers on the target server and note down its output fields, such as protocol version, cipher suites, compressors, cipher preference, warnings, and least strength.
Run SSLLabs or testssl.sh on the same target server and note down its output fields, such as protocol support, key exchange, cipher strength, certificate validity, HSTS support, OCSP stapling, vulnerabilities, and grade.
Compare the output fields of ssl-enum-ciphers with those of SSLLabs or testssl.sh and look for any differences or discrepancies. For example, you may find that some cipher suites or compressors are accepted by one tool but not by another, or that some warnings or vulnerabilities are detected by one tool but not by another.
Analyze the reasons and implications of any differences or discrepancies. For example , you may find that some differences or discrepancies are due to different versions or configurations of the SSL/TLS libraries, or different methods or criteria of testing or grading. You may also find that some differences or discrepancies are due to errors or bugs in the tools, or limitations or assumptions in their design. You may need to consult the documentation or source code of the tools to understand their logic and behavior.
Based on the comparison and analysis, decide which tool provides the most accurate and reliable results for your purpose and needs. You may also use multiple tools to cross-check and validate the results, or to get different perspectives and insights on the SSL/TLS configuration of the server.
By comparing the results of ssl-enum-ciphers with other tools such as SSLLabs or testssl.sh, you can get a more comprehensive and accurate picture of the SSL/TLS configuration of the server, and identify any strengths or weaknesses that need to be addressed or improved.
ssl-enum-ciphers is a nmap script that can help you test and evaluat