[Full-disclosure] Athena SSL Cipher Scanner
athena at dmcdonald.net
Thu Aug 26 15:21:34 BST 2010
I've been alerted to the fact I left in a bit of debug code that was
printing out a load of '*' (thanks Richard).
a new version is available at
On Tue, Aug 24, 2010 at 1:16 PM, Darren McDonald <athena at dmcdonald.net> wrote:
> I've posted a new SSL Cipher tool onto my website, at
> http://dmcdonald.net/athena-ssl-cipher-check_v052.tar.gz, Athena SSL Cipher
> Unlike most SSL cipher scanners which have a limited list of ciphers they
> know of, athena checks all 65536 cipher codes. Of these codes it can
> identify ~150 different ciphers, if it finds a cipher which it cannot
> identify, it'll just inform you that it has found a unknown cipher. Rather
> than sending it 65536 requests to find these ciphers it sends large blocks
> of cipher codes, and uses the server response to narrow down it's search,
> similar to a binary search algorithm. It can scan most ssl services in a
> couple of minutes or so. Further speed improvements are in the pipeline.
> It currently works very well with IIS and apache, but seems to have issues
> with Sun HTTP Servers, the reasons behind which ive not yet fully explored.
> Note I've reimplimented part of sslv2, sslv3, and tls1, and for all ive know
> ive got it wrong and it could completely hose your box, use with caution in
> live environments.
> Id be greatful for any feed back/bugs/comments.
Full-Disclosure is hosted and sponsored by Secunia.