Blogging Techstacks

The script below reports back the SSL Cipher used when negotiating the channel between openssl client and ssl server. It's interesting in that it reports back different values depending upon the host you're connecting to. Apache SSL sites, for example, seem to default to using the highest grade encryption available to openssl (256 bits) whereas when I connect to a BigIP SSL VIP, I connect using a 128 bit RC4-based cipher. I wrote it because I'm interested in seeing how I can manipulate the server and/or client to default to different cipher levels and the first iteration of this script is already somewhat useful.

#!/usr/bin/env perl -w

use strict;
use warnings;
use Term::ANSIColor qw(:constants);
use IO::Socket::SSL;

my $host = $ARGV[0];
my $port = $ARGV[1];
my $help = "Usage: $0 <hostname> <port>";

if ( !@ARGV ) {
 print RED, $help . "\n", RESET;
 exit 0;
}

if ( !$ARGV[0] ) {
 print RED, "Hostname not specified. This is required\n", RESET;
 exit 0;
}

if ( !$ARGV[1] ) {
 print RED, "Port number not specified. This is required\n", RESET;
 exit 0;
}

my $client = IO::Socket::SSL->new(SSL_version => 'SSLv3',
     SSL_verify_mode => 0,
     PeerAddr => $host,
     PeerPort => $port,
     Proto => 'tcp',
     Timeout => '5'
     )
 || warn "Something happened...: " . IO::Socket::SSL::errstr();
 $client->verify_hostname($host,'http')
 || die "Hostname verification failed";

my $cipher = $client->get_cipher();

print GREEN, $cipher . "\n", RESET;
exit 0;

My initial intent was to write this in Ruby but the openssl documentation in the standard ruby library seems to be missing an awful lot of information for someone looking to get started with the library. If anyone out there reading this knows where there are some good docs out there for ruby's openssl implementation, I'd appreciate hearing about it. The documentation for the perl module IO::Socket::SSL, which I used instead, made things so easy, I started to doubt whether it was all actually working correctly.