If you are looking to trace the Ciphers from the client and and the server, lets start with the server then move on to the client, let get cracking.
Server Cipher Check
This is simple, in Linux run this command, this will need to be run off a newly built server that supports the new cipher suites, this cannot be run off the client - as it will fail !!!
nmap --script=ssl-enum-ciphers.nse -p 443 www.diepiggydiedie.com
You will then get a list of Ciphers returned that this new server supports as shown below:
If you do not have a server that is newer and supported then you can use this link here
Once there enter the site in the box and click "Submit" wait for the results then look for Cipher Suites, then you have a list of the servers supported cipher suites.
Client Cipher Check
Start the Trace in Linux with, if you are using Windows you will need to download Wireshark then start a capture on the live network card, however I am using Linux......
sudo tcpdump 'tcp port 443' -i rviX -w ssltrace.pcap
If you want to capture both HTTP and HTTPS traffic use this:
sudo tcpdump 'tcp port 80 or tcp port 443' -i rviX -w ssltrace.pcap
Then perform you test, this is where you test the website not working where you need to check the Cipher suites.
Once you have done you test end you capture, if you have used the command above end it with Ctrl+P, however if you have multiple session running then use this:
killall tcpdump
Once you have this pcap file which will be in the currently directory for this example, you can load it in Wireshark and identify cipher suites as follows:
1) From the filter at the top enter this tcp.port==443 this will show you all the TCP:443 traffic or HTTPS traffic, note the destination IP...
Now you need to filter for the "Client Hello" handshake, so update the filter to this :
ssl.handshake.type == 1
Then follow this tree to get the Cipher suites as below:
Then you will see then Ciphers that have been established, this is does not mean anything to you see the other blog post about Ciphers.
