SSL Ciphers with Wireshark

When tightening down your SSL cipher suites, telling your clients which ciphers they’re sending can be a big help in getting them to get their side in order.

I spend countless hours generating reports for our clients to tell them what they’re doing in the way of SSL communications. Unfortunately, generating the list efficiently had eluded me until now. In the screenshot below you can see that it’s fairly easy to see the SSL ciphers being sent in the ClientHello.

In the past I would right-click each cipher and copy the description. From there I’d paste it into my editor and cut out the extra verbiage. As you can imagine, if you have to do this 26 times it’s cumbersome to say the least.

Well, I finally stumbled upon a much better way to get the full list so I figured I’d share it here.

Solution: Right-click the Cipher Specs line in the SSL details, select Copy from the context menu, and finally, All Visible Selected Items.

Now you can paste the entire list in your editor and tweak it with your macro/program of choice.

Cipher Specs (26 specs)
    Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
    Cipher Spec: SSL2_RC2_128_CBC_WITH_MD5 (0x030080)
    Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
    Cipher Spec: SSL2_DES_64_CBC_WITH_MD5 (0x060040)
    Cipher Spec: SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080)
    Cipher Spec: SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 (0x040080)
    Cipher Spec: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x000039)
    Cipher Spec: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x000038)
    Cipher Spec: TLS_RSA_WITH_AES_256_CBC_SHA (0x000035)
    Cipher Spec: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x000033)
    Cipher Spec: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x000032)
    Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
    Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
    Cipher Spec: TLS_RSA_WITH_AES_128_CBC_SHA (0x00002f)
    Cipher Spec: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016)
    Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
    Cipher Spec: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0x00feff)
    Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
    Cipher Spec: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x000015)
    Cipher Spec: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x000012)
    Cipher Spec: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0x00fefe)
    Cipher Spec: TLS_RSA_WITH_DES_CBC_SHA (0x000009)
    Cipher Spec: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x000064)
    Cipher Spec: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x000062)
    Cipher Spec: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x000003)
    Cipher Spec: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x000006)

Post to Twitter

2 thoughts to “SSL Ciphers with Wireshark”

Leave a Reply to Kevin Faulkner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.