tlsenum is a command-line TLS enumeration tool that attempts to enumerate what TLS cipher suites a server supports and list them in order of priority.
It works by sending out sending out TLS
ClientHello messages and parsing the
ServerHello responses from the server.
tlsenum assumes that the server decides the preferred cipher suite, ignoring the preference indicated by the client. While this is not strictly guaranteed by the TLS specification, it seems like a fairly common implementation detail.
tlsenum can be used with Python 2.7, 3.3 or 3.4 and can be installed with
$ pip install tlsenum
Using this tool is fairly simple, here is an example of the tool's results when scanning twitter.com.
[ayrx@division tlsenum]$ tlsenum twitter.com 443 TLS Versions supported by server: 3.0, 1.0, 1.1, 1.2 Deflate compression: no Supported Cipher suites in order of priority: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
Do look at
tlsenum -h for other options.