How to check and enumerate ciphers used by TLS/SSL on Linux?

system · January 3, 2025, 4:30pm

Is there any fix for ssl medium strength cipher suites supported (sweet32) vulnerabilities for version 2021.10?

Issue description:

Resolution:

1.) Install nmap package with command:

# yum install nmap

2,) Then, run below command to list TLS/SSL

# nmap --script ssl-enum-ciphers -p

Example output:

[root@ ~]# nmap --script ssl-enum-ciphers -p 6443 localhost

Starting Nmap 7.70 ( https://nmap.org ) at 2024-07-19 01:29 UTC

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000089s latency).

Other addresses for localhost (not scanned): ::1

PORT STATE SERVICE

6443/tcp open sun-sr-https

| ssl-enum-ciphers:

| TLSv1.2:

| ciphers:

| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A

| compressors:

| NULL

| cipher preference: client

|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds

Topic		Replies	Views
Securing Automation Suite RKE2 Server with Strong TLS Cipher Suites and Minimum TLS Version Knowledge Base automation_suite_deployment_and_operatio	0	42	January 3, 2025
Orchestrtor mail settings allow TLS 1.2? Orchestrator orchestrator , question	4	1637	March 4, 2022
What TLS Version is Used in the Direct Connection if SSL/TLS is checked? Activities activities , terminal , question	3	649	July 5, 2023
Terminal (internal) to AS400 over SSL IT Automation activities , terminal , question	0	940	July 31, 2020
Read email error - SSLhandshake exception Help	5	2915	October 11, 2020