When tightening down your SSL cipher suites, telling your clients which ciphers they’re sending can be a big help in getting them to get their side in order.
I spend countless hours generating reports for our clients to tell them what they’re doing in the way of SSL communications. Unfortunately, generating the list efficiently had eluded me until now. In the screenshot below you can see that it’s fairly easy to see the SSL ciphers being sent in the ClientHello.
In the past I would right-click each cipher and copy the description. From there I’d paste it into my editor and cut out the extra verbiage. As you can imagine, if you have to do this 26 times it’s cumbersome to say the least.
Well, I finally stumbled upon a much better way to get the full list so I figured I’d share it here.
Solution: Right-click the Cipher Specs line in the SSL details, select Copy from the context menu, and finally, All Visible Selected Items.
Now you can paste the entire list in your editor and tweak it with your macro/program of choice.
Cipher Specs (26 specs) Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080) Cipher Spec: SSL2_RC2_128_CBC_WITH_MD5 (0x030080) Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0) Cipher Spec: SSL2_DES_64_CBC_WITH_MD5 (0x060040) Cipher Spec: SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080) Cipher Spec: SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 (0x040080) Cipher Spec: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x000039) Cipher Spec: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x000038) Cipher Spec: TLS_RSA_WITH_AES_256_CBC_SHA (0x000035) Cipher Spec: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x000033) Cipher Spec: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x000032) Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004) Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005) Cipher Spec: TLS_RSA_WITH_AES_128_CBC_SHA (0x00002f) Cipher Spec: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016) Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013) Cipher Spec: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0x00feff) Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a) Cipher Spec: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x000015) Cipher Spec: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x000012) Cipher Spec: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0x00fefe) Cipher Spec: TLS_RSA_WITH_DES_CBC_SHA (0x000009) Cipher Spec: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x000064) Cipher Spec: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x000062) Cipher Spec: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x000003) Cipher Spec: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x000006)
2 thoughts to “SSL Ciphers with Wireshark”
absolutely agree, additionally I find that due to the added levels of security TLS can fail usually around the beginning of the handshake. i haven’t found much documentation on the alert protocol’s but they are there, it might be cool to have an email trigger saying “I found an SSL alert”
for more information look at page 7 of the PDF below (slide 13)
Thanks for the comment and the PDF!