-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssl-inspector
executable file
·309 lines (292 loc) · 59.1 KB
/
ssl-inspector
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
#!/usr/bin/ruby
# ******************************************************************************
# SSL cipher scanning tool for SSLv3 and TLSv1 TLSv1.1 TLSv1.2
# ******************************************************************************
# This tool will scan a remote host for enabled cipher suites, one cipher suite
# at a time and display which are enabled (and disabled, in verbose mode).
# Cipher suites filtering is made available with several criteria.
# ******************************************************************************
# @author : Xavier LUCAS
# @date : 27/10/2014
# ******************************************************************************
require 'optparse'
require 'ostruct'
require 'socket'
PROTOCOLS = {
:'SSLv3' => [0x03, 0x00],
:'TLSv1.0' => [0x03, 0x01],
:'TLSv1.1' => [0x03, 0x02],
:'TLSv1.2' => [0x03, 0x03]
}
CIPHER_SUITES = [
{:'name' => :'TLS_NULL_WITH_NULL_NULL', :'keyexchange' => :'NULL', :'authentication' => :'NULL', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'NULL', :'id' => [0x00, 0x00]},
{:'name' => :'TLS_RSA_WITH_NULL_MD5', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'MD5', :'id' => [0x00, 0x01]},
{:'name' => :'TLS_RSA_WITH_NULL_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0x00, 0x02]},
{:'name' => :'TLS_RSA_EXPORT_WITH_RC4_40_MD5', :'keyexchange' => :'RSA_EXPORT', :'authentication' => :'RSA_EXPORT', :'encryption' => :'RC4_40', :'bits' => 40, :'mac' => :'MD5', :'id' => [0x00, 0x03]},
{:'name' => :'TLS_RSA_WITH_RC4_128_MD5', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'MD5', :'id' => [0x00, 0x04]},
{:'name' => :'TLS_RSA_WITH_RC4_128_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x05]},
{:'name' => :'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5', :'keyexchange' => :'RSA_EXPORT', :'authentication' => :'RSA_EXPORT', :'encryption' => :'RC2_CBC_40', :'bits' => 40, :'mac' => :'MD5', :'id' => [0x00, 0x06]},
{:'name' => :'TLS_RSA_WITH_IDEA_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'IDEA_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x07]},
{:'name' => :'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA', :'keyexchange' => :'RSA_EXPORT', :'authentication' => :'RSA_EXPORT', :'encryption' => :'DES40_CBC', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x08]},
{:'name' => :'TLS_RSA_WITH_DES_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x09]},
{:'name' => :'TLS_RSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x0A]},
{:'name' => :'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'DES40_CBC', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x0B]},
{:'name' => :'TLS_DH_DSS_WITH_DES_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x0C]},
{:'name' => :'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x0D]},
{:'name' => :'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'DES40_CBC', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x0E]},
{:'name' => :'TLS_DH_RSA_WITH_DES_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x0F]},
{:'name' => :'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x10]},
{:'name' => :'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'DES40_CBC', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x11]},
{:'name' => :'TLS_DHE_DSS_WITH_DES_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x12]},
{:'name' => :'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x13]},
{:'name' => :'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'DES40_CBC', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x14]},
{:'name' => :'TLS_DHE_RSA_WITH_DES_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x15]},
{:'name' => :'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x16]},
{:'name' => :'TLS_DH_Anon_EXPORT_WITH_RC4_40_MD5', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'RC4_40', :'bits' => 40, :'mac' => :'MD5', :'id' => [0x00, 0x17]},
{:'name' => :'TLS_DH_Anon_WITH_RC4_128_MD5', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'MD5', :'id' => [0x00, 0x18]},
{:'name' => :'TLS_DH_Anon_EXPORT_WITH_DES40_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'DES40_CBC', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x19]},
{:'name' => :'TLS_DH_Anon_WITH_DES_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x1A]},
{:'name' => :'TLS_DH_Anon_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x1B]},
{:'name' => :'SSL_FORTEZZA_KEA_WITH_NULL_SHA', :'keyexchange' => :'FORTEZZA', :'authentication' => :'KEA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0x00, 0x1C]},
{:'name' => :'SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA', :'keyexchange' => :'FORTEZZA', :'authentication' => :'KEA', :'encryption' => :'FORTEZZA_CBC', :'bits' => 80, :'mac' => :'SHA', :'id' => [0x00, 0x1D]},
{:'name' => :'TLS_KRB5_WITH_DES_CBC_SHA', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x1E]},
{:'name' => :'TLS_KRB5_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x1F]},
{:'name' => :'TLS_KRB5_WITH_RC4_128_SHA', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x20]},
{:'name' => :'TLS_KRB5_WITH_IDEA_CBC_SHA', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'IDEA_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x21]},
{:'name' => :'TLS_KRB5_WITH_DES_CBC_MD5', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'MD5', :'id' => [0x00, 0x22]},
{:'name' => :'TLS_KRB5_WITH_3DES_EDE_CBC_MD5', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'MD5', :'id' => [0x00, 0x23]},
{:'name' => :'TLS_KRB5_WITH_RC4_128_MD5', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'MD5', :'id' => [0x00, 0x24]},
{:'name' => :'TLS_KRB5_WITH_IDEA_CBC_MD5', :'keyexchange' => :'KRB5', :'authentication' => :'KRB5', :'encryption' => :'IDEA_CBC', :'bits' => 128, :'mac' => :'MD5', :'id' => [0x00, 0x25]},
{:'name' => :'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA', :'keyexchange' => :'KRB5_EXPORT', :'authentication' => :'KRB5_EXPORT', :'encryption' => :'DES_CBC_40', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x26]},
{:'name' => :'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA', :'keyexchange' => :'KRB5_EXPORT', :'authentication' => :'KRB5_EXPORT', :'encryption' => :'RC2_CBC_40', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x27]},
{:'name' => :'TLS_KRB5_EXPORT_WITH_RC4_40_SHA', :'keyexchange' => :'KRB5_EXPORT', :'authentication' => :'KRB5_EXPORT', :'encryption' => :'RC4_40', :'bits' => 40, :'mac' => :'SHA', :'id' => [0x00, 0x28]},
{:'name' => :'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5', :'keyexchange' => :'KRB5_EXPORT', :'authentication' => :'KRB5_EXPORT', :'encryption' => :'DES_CBC_40', :'bits' => 40, :'mac' => :'MD5', :'id' => [0x00, 0x29]},
{:'name' => :'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5', :'keyexchange' => :'KRB5_EXPORT', :'authentication' => :'KRB5_EXPORT', :'encryption' => :'RC2_CBC_40', :'bits' => 40, :'mac' => :'MD5', :'id' => [0x00, 0x2A]},
{:'name' => :'TLS_KRB5_EXPORT_WITH_RC4_40_MD5', :'keyexchange' => :'KRB5_EXPORT', :'authentication' => :'KRB5_EXPORT', :'encryption' => :'RC4_40', :'bits' => 40, :'mac' => :'MD5', :'id' => [0x00, 0x2B]},
{:'name' => :'TLS_PSK_WITH_NULL_SHA', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0x00, 0x2C]},
{:'name' => :'TLS_DHE_PSK_WITH_NULL_SHA', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0x00, 0x2D]},
{:'name' => :'TLS_RSA_PSK_WITH_NULL_SHA', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0x00, 0x2E]},
{:'name' => :'TLS_RSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x2F]},
{:'name' => :'TLS_DH_DSS_WITH_AES_128_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x30]},
{:'name' => :'TLS_DH_RSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x31]},
{:'name' => :'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x32]},
{:'name' => :'TLS_DHE_RSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x33]},
{:'name' => :'TLS_DH_Anon_WITH_AES_128_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x34]},
{:'name' => :'TLS_RSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x35]},
{:'name' => :'TLS_DH_DSS_WITH_AES_256_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x36]},
{:'name' => :'TLS_DH_RSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x37]},
{:'name' => :'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x38]},
{:'name' => :'TLS_DHE_RSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x39]},
{:'name' => :'TLS_DH_Anon_WITH_AES_256_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x3A]},
{:'name' => :'TLS_RSA_WITH_NULL_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA256', :'id' => [0x00, 0x3B]},
{:'name' => :'TLS_RSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x3C]},
{:'name' => :'TLS_RSA_WITH_AES_256_CBC_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA256', :'id' => [0x00, 0x3D]},
{:'name' => :'TLS_DH_DSS_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x3E]},
{:'name' => :'TLS_DH_RSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x3F]},
{:'name' => :'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x40]},
{:'name' => :'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'CAMELLIA_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x41]},
{:'name' => :'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'CAMELLIA_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x42]},
{:'name' => :'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'CAMELLIA_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x43]},
{:'name' => :'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'CAMELLIA_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x44]},
{:'name' => :'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'CAMELLIA_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x45]},
{:'name' => :'TLS_DH_Anon_WITH_CAMELLIA_128_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'CAMELLIA_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x46]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_NULL_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0x00, 0x47]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x48]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_DES_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x49]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x4A]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x4B]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x4C]},
{:'name' => :'TLS_RSA_EXPORT1024_WITH_RC4_56_MD5', :'keyexchange' => :'RSA_EXPORT1024', :'authentication' => :'RSA_EXPORT1024', :'encryption' => :'RC4_56', :'bits' => 56, :'mac' => :'MD5', :'id' => [0x00, 0x60]},
{:'name' => :'TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5', :'keyexchange' => :'RSA_EXPORT1024', :'authentication' => :'RSA_EXPORT1024', :'encryption' => :'RC2_CBC_56', :'bits' => 56, :'mac' => :'MD5', :'id' => [0x00, 0x61]},
{:'name' => :'TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA', :'keyexchange' => :'RSA_EXPORT1024', :'authentication' => :'RSA_EXPORT1024', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x62]},
{:'name' => :'TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x63]},
{:'name' => :'TLS_RSA_EXPORT1024_WITH_RC4_56_SHA', :'keyexchange' => :'RSA_EXPORT1024', :'authentication' => :'RSA_EXPORT1024', :'encryption' => :'RC4_56', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x64]},
{:'name' => :'TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'RC4_56', :'bits' => 56, :'mac' => :'SHA', :'id' => [0x00, 0x65]},
{:'name' => :'TLS_DHE_DSS_WITH_RC4_128_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x66]},
{:'name' => :'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x67]},
{:'name' => :'TLS_DH_DSS_WITH_AES_256_CBC_SHA256', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA256', :'id' => [0x00, 0x68]},
{:'name' => :'TLS_DH_RSA_WITH_AES_256_CBC_SHA256', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA256', :'id' => [0x00, 0x69]},
{:'name' => :'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA256', :'id' => [0x00, 0x6A]},
{:'name' => :'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA256', :'id' => [0x00, 0x6B]},
{:'name' => :'TLS_DH_Anon_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x6C]},
{:'name' => :'TLS_DH_Anon_WITH_AES_256_CBC_SHA256', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA256', :'id' => [0x00, 0x6D]},
{:'name' => :'TLS_GOSTR341094_WITH_28147_CNT_IMIT', :'keyexchange' => :'VKOGOSTR34.10-94', :'authentication' => :'VKOGOSTR34.10-94', :'encryption' => :'GOST28147', :'bits' => 256, :'mac' => :'GOST28147', :'id' => [0x00, 0x80]},
{:'name' => :'TLS_GOSTR341001_WITH_28147_CNT_IMIT', :'keyexchange' => :'VKOGOSTR34.10-2001', :'authentication' => :'VKOGOSTR34.10-2001', :'encryption' => :'GOST28147', :'bits' => 256, :'mac' => :'GOST28147', :'id' => [0x00, 0x81]},
{:'name' => :'TLS_GOSTR341094_WITH_NULL_GOSTR3411', :'keyexchange' => :'VKOGOSTR34.10-94', :'authentication' => :'VKOGOSTR34.10-94', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'GOSTR3411', :'id' => [0x00, 0x82]},
{:'name' => :'TLS_GOSTR341001_WITH_NULL_GOSTR3411', :'keyexchange' => :'VKOGOSTR34.10-2001', :'authentication' => :'VKOGOSTR34.10-2001', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'GOSTR3411', :'id' => [0x00, 0x83]},
{:'name' => :'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'CAMELLIA_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x84]},
{:'name' => :'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'CAMELLIA_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x85]},
{:'name' => :'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'CAMELLIA_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x86]},
{:'name' => :'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'CAMELLIA_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x87]},
{:'name' => :'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'CAMELLIA_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x88]},
{:'name' => :'TLS_DH_Anon_WITH_CAMELLIA_256_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'CAMELLIA_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x89]},
{:'name' => :'TLS_PSK_WITH_RC4_128_SHA', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x8A]},
{:'name' => :'TLS_PSK_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x8B]},
{:'name' => :'TLS_PSK_WITH_AES_128_CBC_SHA', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x8C]},
{:'name' => :'TLS_PSK_WITH_AES_256_CBC_SHA', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x8D]},
{:'name' => :'TLS_DHE_PSK_WITH_RC4_128_SHA', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x8E]},
{:'name' => :'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x8F]},
{:'name' => :'TLS_DHE_PSK_WITH_AES_128_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x90]},
{:'name' => :'TLS_DHE_PSK_WITH_AES_256_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x91]},
{:'name' => :'TLS_RSA_PSK_WITH_RC4_128_SHA', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x92]},
{:'name' => :'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0x00, 0x93]},
{:'name' => :'TLS_RSA_PSK_WITH_AES_128_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x94]},
{:'name' => :'TLS_RSA_PSK_WITH_AES_256_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0x00, 0x95]},
{:'name' => :'TLS_RSA_WITH_SEED_CBC_SHA', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'SEED_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x96]},
{:'name' => :'TLS_DH_DSS_WITH_SEED_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'SEED_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x97]},
{:'name' => :'TLS_DH_RSA_WITH_SEED_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'SEED_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x98]},
{:'name' => :'TLS_DHE_DSS_WITH_SEED_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'SEED_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x99]},
{:'name' => :'TLS_DHE_RSA_WITH_SEED_CBC_SHA', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'SEED_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x9A]},
{:'name' => :'TLS_DH_Anon_WITH_SEED_CBC_SHA', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'SEED_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0x00, 0x9B]},
{:'name' => :'TLS_RSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x9C]},
{:'name' => :'TLS_RSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'RSA', :'authentication' => :'RSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0x9D]},
{:'name' => :'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0x9E]},
{:'name' => :'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'DHE', :'authentication' => :'RSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0x9F]},
{:'name' => :'TLS_DH_RSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xA0]},
{:'name' => :'TLS_DH_RSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'DH', :'authentication' => :'RSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xA1]},
{:'name' => :'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xA2]},
{:'name' => :'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'DHE', :'authentication' => :'DSS', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xA3]},
{:'name' => :'TLS_DH_DSS_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xA4]},
{:'name' => :'TLS_DH_DSS_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'DH', :'authentication' => :'DSS', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xA5]},
{:'name' => :'TLS_DH_Anon_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xA6]},
{:'name' => :'TLS_DH_Anon_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'DH', :'authentication' => :'Anon', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xA7]},
{:'name' => :'TLS_PSK_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xA8]},
{:'name' => :'TLS_PSK_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xA9]},
{:'name' => :'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xAA]},
{:'name' => :'TLS_DHE_PSK_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xAB]},
{:'name' => :'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xAC]},
{:'name' => :'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xAD]},
{:'name' => :'TLS_PSK_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xAE]},
{:'name' => :'TLS_PSK_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xAF]},
{:'name' => :'TLS_PSK_WITH_NULL_SHA256', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA256', :'id' => [0x00, 0xB0]},
{:'name' => :'TLS_PSK_WITH_NULL_SHA384', :'keyexchange' => :'PSK', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA384', :'id' => [0x00, 0xB1]},
{:'name' => :'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xB2]},
{:'name' => :'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xB3]},
{:'name' => :'TLS_DHE_PSK_WITH_NULL_SHA256', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA256', :'id' => [0x00, 0xB4]},
{:'name' => :'TLS_DHE_PSK_WITH_NULL_SHA384', :'keyexchange' => :'DHE', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA384', :'id' => [0x00, 0xB5]},
{:'name' => :'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0x00, 0xB6]},
{:'name' => :'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0x00, 0xB7]},
{:'name' => :'TLS_RSA_PSK_WITH_NULL_SHA256', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA256', :'id' => [0x00, 0xB8]},
{:'name' => :'TLS_RSA_PSK_WITH_NULL_SHA384', :'keyexchange' => :'RSA', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA384', :'id' => [0x00, 0xB9]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_NULL_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0xC0, 0x01]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_RC4_128_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x02]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x03]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x04]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x05]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_NULL_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0xC0, 0x06]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x07]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x08]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x09]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x0A]},
{:'name' => :'TLS_ECDH_RSA_WITH_NULL_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0xC0, 0x0B]},
{:'name' => :'TLS_ECDH_RSA_WITH_RC4_128_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x0C]},
{:'name' => :'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x0D]},
{:'name' => :'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x0E]},
{:'name' => :'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x0F]},
{:'name' => :'TLS_ECDHE_RSA_WITH_NULL_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0xC0, 0x10]},
{:'name' => :'TLS_ECDHE_RSA_WITH_RC4_128_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x11]},
{:'name' => :'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x12]},
{:'name' => :'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x13]},
{:'name' => :'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x14]},
{:'name' => :'TLS_ECDH_Anon_WITH_NULL_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'Anon', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0xC0, 0x15]},
{:'name' => :'TLS_ECDH_Anon_WITH_RC4_128_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'Anon', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x16]},
{:'name' => :'TLS_ECDH_Anon_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'Anon', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x17]},
{:'name' => :'TLS_ECDH_Anon_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'Anon', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x18]},
{:'name' => :'TLS_ECDH_Anon_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDH', :'authentication' => :'Anon', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x19]},
{:'name' => :'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x1A]},
{:'name' => :'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x1B]},
{:'name' => :'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x1C]},
{:'name' => :'TLS_SRP_SHA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x1D]},
{:'name' => :'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x1E]},
{:'name' => :'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x1F]},
{:'name' => :'TLS_SRP_SHA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x20]},
{:'name' => :'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x21]},
{:'name' => :'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA', :'keyexchange' => :'SRP', :'authentication' => :'SHA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x22]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x23]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x24]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x25]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x26]},
{:'name' => :'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x27]},
{:'name' => :'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x28]},
{:'name' => :'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x29]},
{:'name' => :'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x2A]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x2B]},
{:'name' => :'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'ECDHE', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x2C]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x2D]},
{:'name' => :'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'ECDH', :'authentication' => :'ECDSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x2E]},
{:'name' => :'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x2F]},
{:'name' => :'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'ECDHE', :'authentication' => :'RSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x30]},
{:'name' => :'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'AES_128_GCM', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x31]},
{:'name' => :'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384', :'keyexchange' => :'ECDH', :'authentication' => :'RSA', :'encryption' => :'AES_256_GCM', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x32]},
{:'name' => :'TLS_ECDHE_PSK_WITH_RC4_128_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'RC4_128', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x33]},
{:'name' => :'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xC0, 0x34]},
{:'name' => :'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA', :'id' => [0xC0, 0x35]},
{:'name' => :'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA', :'id' => [0xC0, 0x36]},
{:'name' => :'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'AES_128_CBC', :'bits' => 128, :'mac' => :'SHA256', :'id' => [0xC0, 0x37]},
{:'name' => :'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'AES_256_CBC', :'bits' => 256, :'mac' => :'SHA384', :'id' => [0xC0, 0x38]},
{:'name' => :'TLS_ECDHE_PSK_WITH_NULL_SHA', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA', :'id' => [0xC0, 0x39]},
{:'name' => :'TLS_ECDHE_PSK_WITH_NULL_SHA256', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA256', :'id' => [0xC0, 0x3A]},
{:'name' => :'TLS_ECDHE_PSK_WITH_NULL_SHA384', :'keyexchange' => :'ECDHE', :'authentication' => :'PSK', :'encryption' => :'NULL', :'bits' => 0, :'mac' => :'SHA384', :'id' => [0xC0, 0x3B]},
{:'name' => :'SSL_RSA_FIPS_WITH_DES_CBC_SHA', :'keyexchange' => :'RSA_FIPS', :'authentication' => :'RSA_FIPS', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0xFE, 0xFE]},
{:'name' => :'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'RSA_FIPS', :'authentication' => :'RSA_FIPS', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xFE, 0xFF]},
{:'name' => :'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA', :'keyexchange' => :'RSA_FIPS', :'authentication' => :'RSA_FIPS', :'encryption' => :'3DES_EDE_CBC', :'bits' => 168, :'mac' => :'SHA', :'id' => [0xFF, 0xE0]},
{:'name' => :'SSL_RSA_FIPS_WITH_DES_CBC_SHA', :'keyexchange' => :'RSA_FIPS', :'authentication' => :'RSA_FIPS', :'encryption' => :'DES_CBC', :'bits' => 56, :'mac' => :'SHA', :'id' => [0xFF, 0xE1]}
]
def filter(array, procs)
procs.empty? ? array : filter((array.select! &(procs.shift)), procs)
end
options = OpenStruct.new
options.filters = []
options.verbose = false
options.port = 443
OptionParser.new do |opts|
opts.banner = 'Usage: ssl-inspector.rb [options]'
opts.on('-a', '--authentication ALGORITHM', 'Specify an authentication algorithm') { |a| options.filters << Proc.new { |el| el[:'authentication'] == a.to_sym } }
opts.on('-b', '--bits [<|<=|>=|>]SIZE', 'Specify an encryption key size') do |b|
/(?<o><|>|<=|>=)?(?<d>\d+)/ =~ b
options.filters << Proc.new { |el| el[:'bits'].send(o.nil? ? '==' : o, d.to_i) }
end
opts.on('-e', '--encryption ALGORITHM', 'Specify an encryption algorithm') { |e| options.filters << Proc.new { |el| el[:'encryption'] == e.to_sym } }
opts.on('-h', '--host HOST', 'Specify target host') { |h| options.host = h }
opts.on('-k', '--keyexchange ALGORITHM', 'Specify a keyexchange algorithm') { |k| options.filters << Proc.new { |el| el[:'keyexchange'] == k.to_sym } }
opts.on('-m', '--mac ALGORITHM', 'Specify a MAC algorithm') { |m| options.filters << Proc.new { |el| el[:'mac'] == m.to_sym } }
opts.on('-n', '--name NAME', 'Specify a cipher suite partial or full name') { |n| options.filters << Proc.new { |el| el[:'name'] =~ /#{n}/ } }
opts.on('-p', '--port PORT', 'Specify target port') { |p| options.port = p }
opts.on('-s', '--specification PROTOCOL', 'Specification SSLv3 or TLSv1.{0,1,2}') { |s| options.spec = s }
opts.on('-v', '--verbose', 'Run in verbose mode') { |v| options.verbose = v }
opts.on_tail('-h', '--help', 'Show this message') { puts opts ; exit }
end.parse!
abort('You must specify a target host') if options.host.nil?
abort('You must specify a protocol version') if options.spec.nil?
suites = options.filters.empty? ? CIPHER_SUITES : filter(CIPHER_SUITES, options.filters)
protocol = PROTOCOLS[options.spec.to_sym]
suites.each do |suite|
handshake = [
0x16,
protocol,
0x00, 0x2D,
0x01,
0x00, 0x00, 0x29,
protocol,
0x53, 0x4A, 0x84, 0xA9,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B,
0x00,
0x00, 0x02,
suite[:'id'],
0x01,
0x00
]
s = TCPSocket.new(options.host, options.port)
s.write(handshake.flatten!.pack('C*'))
server_hello = s.read(1).unpack('C')[0]
result = 'DISABLED'
if server_hello == 22
h_maj_version, h_min_version = s.read(2).unpack('C*')
result = (server_hello && (protocol == [h_maj_version.to_i, h_min_version.to_i])) ? 'ENABLED' : 'DISABLED'
end
printf("%-50s [%s]\n", suite[:'name'], result) unless !(result == 'ENABLED' || options.verbose)
STDOUT.flush
s.close
end