Enumerating TLS protocol versions and ciphers supported by the peer

Michael Wojcik Michael.Wojcik at microfocus.com
Mon Dec 6 15:06:40 UTC 2021

> From: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
> Sent: Monday, 6 December, 2021 07:53
> To: Michael Wojcik <Michael.Wojcik at microfocus.com>; openssl-
> > "Comparable elegant" is underspecified.
> (I guess, "Comparably elegant" would have been grammatically more
> correct.)

I just meant that elegance is in the eye of the beholder.

Many people might agree that having a single command line return the list of what suites the server supports is elegant, at least for the user. Others prefer the original UNIX philosophy of simpler tools which are scripted to perform more complex operations; that's the testssl.sh approach, and it's more elegant in the sense of being composed in a visible (and modifiable) way from smaller pieces.

A command-line option to s_client to do this sort of server profiling is conceivable, but it would be a significant departure from what s_client does now, since it would conflict with some other options and would involve making multiple connections. That doesn't mean it shouldn't be implemented, necessarily, just that it's not parallel to most of the other things s_client options do.

Michael Wojcik

More information about the openssl-users mailing list