[Feature Request] Allow easy lookup of multiple ciphers at once, e.g. from tshark output

[martinvonwittich]

I'm currently looking at the tshark -V capture of a connection between two mail servers that cannot negotiate a common cipher, because on of those servers supports only weak ciphers.

The list of supported ciphers from the remote server looks like this in the tshark output:

[...]
Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 122
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 118
            Version: TLS 1.2 (0x0303)
            Random: 62a34968a18a0a05ca020e7d151c5a694a3d6afb1f3f3cf1...
                GMT Unix Time: Jun 10, 2022 15:38:48.000000000 CEST
                Random Bytes: a18a0a05ca020e7d151c5a694a3d6afb1f3f3cf156955a03...
            Session ID Length: 0
            Cipher Suites Length: 22
            Cipher Suites (11 suites)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
[...]

I can now look up these ciphers one-by-one on ciphersuite.info, e.g. https://ciphersuite.info/search/?q=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

But I feel it would be very useful if I could search for multiple ciphers at once. I tried to turn them into a space separated list in vim, but that doesn't work in the search: https://ciphersuite.info/search/?q=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA+TLS_ECDHE_RSA_WITH_AES_128_

This is to be expected because the search is probably ANDing my keywords instead of ORing them, but a dedicated search form that can OR the search terms to easily look up multiple ciphers would probably be useful. It might even parse ciphers names from the input and ignore everything else, so that users could copy-paste the tshark output verbatim into the search field:

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

[n0lz]

True, on the website only one cipher suite at once is allowed in the search bar. We're considering making bulk searches since a while, but haven't implemented it yet. In the meantime you can use the API at api.ciphersuite.info for bulk searches. In the blog you'll find a how-to for the API.