← Back to Documentation

Cipher Suite Enumeration Guide

Comprehensive TLS/SSH cryptographic detection with Post-Quantum Cryptography support

Overview

Cipher Suite Enumeration

The -cipherscan flag enables comprehensive cipher suite enumeration for TLS connections and key exchange algorithm detection for SSH connections. This feature performs active testing to discover all supported cryptographic configurations on remote services.

🔍 TLS Detection

87+ cipher suites across TLS 1.0-1.3, including modern AEAD and legacy CBC modes

🔐 SSH Detection

Key exchange, host key algorithms, encryption ciphers, and MAC algorithms

🛡ī¸ PQC Support

Native detection of ML-DSA, ML-KEM, and hybrid post-quantum algorithms

⚠ī¸ Important

Cipher scanning performs multiple connection attempts to enumerate all supported cipher suites. This may trigger security monitoring systems and should only be performed with proper authorization.

What Gets Detected

TLS Connections

  • Supported cipher suites (TLS 1.0-1.3)
  • Key exchange algorithms (ECDHE, DHE, RSA, PQC)
  • Ephemeral key lengths
  • Negotiated groups (curves)
  • Signature algorithms
  • Protocol versions
  • Session parameters

SSH Connections

  • Key exchange algorithms (KEX)
  • Host key algorithms
  • Encryption ciphers
  • MAC algorithms
  • Compression algorithms
  • SSH protocol version

Usage Examples

Basic Cipher Scanning

# Basic cipher enumeration
./certscanner -host example.com -cipherscan

# Scan specific ports
./certscanner -host example.com -ports 443,8443,993 -cipherscan

# Scan multiple hosts with cipher detection
./certscanner -host servers.txt -cipherscan -outputformat json

Performance Management

# Conservative resource usage (recommended for production)
./certscanner -host example.com -cipherscan -cputhrottle low

# Balanced performance (default)
./certscanner -host example.com -cipherscan -cputhrottle medium

# Maximum performance
./certscanner -host example.com -cipherscan -cputhrottle high

💡 Tip: Use -cputhrottle low for production environments to minimize resource impact. Cipher scanning can be resource-intensive as it tests multiple cipher suite combinations.

TLS 1.3 Cipher Suites

TLS 1.3 dramatically simplified cipher suite selection by mandating authenticated encryption with associated data (AEAD) and removing legacy algorithms.

Supported TLS 1.3 Cipher Suites

Cipher Suite Security Key Size Description
TLS_AES_256_GCM_SHA384 Strong 256-bit AES-256 with GCM mode, SHA-384 HMAC
TLS_AES_128_GCM_SHA256 Strong 128-bit AES-128 with GCM mode, SHA-256 HMAC
TLS_CHACHA20_POLY1305_SHA256 Strong 256-bit ChaCha20 stream cipher with Poly1305 MAC
TLS_AES_128_CCM_SHA256 Strong 128-bit AES-128 with CCM mode (IoT/constrained devices)
TLS_AES_128_CCM_8_SHA256 Moderate 128-bit AES-128 CCM with 8-byte tag (very constrained devices)

✅ Recommended: TLS 1.3 cipher suites provide strong security by default. All authenticated encryption, forward secrecy mandatory. Scanner tests all TLS 1.3 suites with multiple key exchange groups (including PQC hybrids).

TLS 1.2 Cipher Suites

TLS 1.2 remains widely deployed and supports a much larger set of cipher suites, including legacy options. The scanner tests modern secure ciphers and legacy ciphers for comprehensive security assessment.

Modern TLS 1.2 Cipher Suites (Recommended - AEAD Mode)

Cipher Suite Key Exchange Encryption Security
ECDHE-RSA-AES256-GCM-SHA384 ECDHE AES-256-GCM Strong
ECDHE-RSA-AES128-GCM-SHA256 ECDHE AES-128-GCM Strong
ECDHE-RSA-CHACHA20-POLY1305 ECDHE ChaCha20-Poly1305 Strong
ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE AES-256-GCM Strong
ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE AES-128-GCM Strong
ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE ChaCha20-Poly1305 Strong
DHE-RSA-AES256-GCM-SHA384 DHE AES-256-GCM Strong
DHE-RSA-AES128-GCM-SHA256 DHE AES-128-GCM Strong
DHE-RSA-CHACHA20-POLY1305 DHE ChaCha20-Poly1305 Strong

TLS 1.2 CBC-Mode Cipher Suites (Legacy)

Cipher Suite Key Exchange Encryption Security
ECDHE-RSA-AES256-SHA384 ECDHE AES-256-CBC Moderate
ECDHE-RSA-AES128-SHA256 ECDHE AES-128-CBC Moderate
ECDHE-RSA-AES256-SHA ECDHE AES-256-CBC Weak
ECDHE-RSA-AES128-SHA ECDHE AES-128-CBC Weak
ECDHE-ECDSA-AES256-SHA384 ECDHE AES-256-CBC Moderate
ECDHE-ECDSA-AES128-SHA256 ECDHE AES-128-CBC Moderate
ECDHE-ECDSA-AES256-SHA ECDHE AES-256-CBC Weak
ECDHE-ECDSA-AES128-SHA ECDHE AES-128-CBC Weak
DHE-RSA-AES256-SHA256 DHE AES-256-CBC Moderate
DHE-RSA-AES128-SHA256 DHE AES-128-CBC Moderate
DHE-RSA-AES256-SHA DHE AES-256-CBC Weak
DHE-RSA-AES128-SHA DHE AES-128-CBC Weak

TLS 1.2 RSA Key Exchange Ciphers (No Forward Secrecy)

Cipher Suite Key Exchange Encryption Security
AES256-GCM-SHA384 RSA AES-256-GCM Moderate
AES128-GCM-SHA256 RSA AES-128-GCM Moderate
AES256-SHA256 RSA AES-256-CBC Weak
AES128-SHA256 RSA AES-128-CBC Weak
AES256-SHA RSA AES-256-CBC Weak
AES128-SHA RSA AES-128-CBC Weak

3DES Cipher Suites (Deprecated)

Cipher Suite Key Exchange Encryption Security
ECDHE-RSA-DES-CBC3-SHA ECDHE 3DES-CBC Critical
ECDHE-ECDSA-DES-CBC3-SHA ECDHE 3DES-CBC Critical
DHE-RSA-DES-CBC3-SHA DHE 3DES-CBC Critical
DES-CBC3-SHA RSA 3DES-CBC Critical

⚠ī¸ Warning: CBC-mode ciphers and non-forward-secret key exchange (RSA) are considered legacy. AEAD ciphers (GCM, ChaCha20-Poly1305) with ECDHE/DHE are strongly recommended.

TLS 1.0/1.1 Compatible Cipher Suites

The scanner detects all cipher suites that work with TLS 1.0 and TLS 1.1 protocols. These protocols are deprecated (RFC 8996), but detection capability is provided for comprehensive security assessment.

TLS 1.0/1.1/1.2 CBC-Mode Cipher Suites

Cipher Suite Key Exchange Encryption Protocols
ECDHE-RSA-AES256-SHA384 ECDHE AES-256-CBC TLS 1.0, 1.1, 1.2
ECDHE-RSA-AES128-SHA256 ECDHE AES-128-CBC TLS 1.0, 1.1, 1.2
ECDHE-RSA-AES256-SHA ECDHE AES-256-CBC TLS 1.0, 1.1, 1.2
ECDHE-RSA-AES128-SHA ECDHE AES-128-CBC TLS 1.0, 1.1, 1.2
ECDHE-ECDSA-AES256-SHA384 ECDHE AES-256-CBC TLS 1.0, 1.1, 1.2
ECDHE-ECDSA-AES128-SHA256 ECDHE AES-128-CBC TLS 1.0, 1.1, 1.2
ECDHE-ECDSA-AES256-SHA ECDHE AES-256-CBC TLS 1.0, 1.1, 1.2
ECDHE-ECDSA-AES128-SHA ECDHE AES-128-CBC TLS 1.0, 1.1, 1.2
DHE-RSA-AES256-SHA256 DHE AES-256-CBC TLS 1.0, 1.1, 1.2
DHE-RSA-AES128-SHA256 DHE AES-128-CBC TLS 1.0, 1.1, 1.2
DHE-RSA-AES256-SHA DHE AES-256-CBC TLS 1.0, 1.1, 1.2
DHE-RSA-AES128-SHA DHE AES-128-CBC TLS 1.0, 1.1, 1.2
AES256-SHA256 RSA AES-256-CBC TLS 1.0, 1.1, 1.2
AES128-SHA256 RSA AES-128-CBC TLS 1.0, 1.1, 1.2
AES256-SHA RSA AES-256-CBC TLS 1.0, 1.1, 1.2
AES128-SHA RSA AES-128-CBC TLS 1.0, 1.1, 1.2

TLS 1.0/1.1/1.2 3DES Cipher Suites

Cipher Suite Key Exchange Encryption Protocols
ECDHE-RSA-DES-CBC3-SHA ECDHE 3DES-CBC TLS 1.0, 1.1, 1.2
ECDHE-ECDSA-DES-CBC3-SHA ECDHE 3DES-CBC TLS 1.0, 1.1, 1.2
DHE-RSA-DES-CBC3-SHA DHE 3DES-CBC TLS 1.0, 1.1, 1.2
DES-CBC3-SHA RSA 3DES-CBC TLS 1.0, 1.1, 1.2

⚠ī¸ Security Note: TLS 1.0 and TLS 1.1 are formally deprecated (RFC 8996). This scanner detects these protocols and their associated cipher suites for comprehensive security assessment and compliance reporting.

Post-Quantum Cryptography (PQC)

The scanner includes comprehensive support for NIST-standardized Post-Quantum Cryptography algorithms, enabling detection of quantum-resistant TLS connections. Built on OpenSSL 3.5.2+ with native PQC support.

Supported PQC Algorithms

Key Encapsulation Mechanisms (KEM)

Algorithm Type Security Level Status
ML-KEM-512 Pure PQC NIST Level 1 (~AES-128) Supported
ML-KEM-768 Pure PQC NIST Level 3 (~AES-192) Supported
ML-KEM-1024 Pure PQC NIST Level 5 (~AES-256) Supported
X25519MLKEM768 Hybrid X25519 + ML-KEM-768 Supported
SecP256r1MLKEM768 Hybrid P-256 + ML-KEM-768 Supported
SecP384r1MLKEM1024 Hybrid P-384 + ML-KEM-1024 Supported

Signature Algorithms (Certificate Authentication)

Algorithm Type Security Level Status
ML-DSA-44 Pure PQC NIST Level 2 (~AES-128) Supported
ML-DSA-65 Pure PQC NIST Level 3 (~AES-192) Supported
ML-DSA-87 Pure PQC NIST Level 5 (~AES-256) Supported
SLH-DSA-* Pure PQC Various levels Supported

💡 About Hybrid Cryptography: Hybrid algorithms combine classical and post-quantum algorithms to provide defense-in-depth. If PQC is broken, classical security remains. Recommended for production deployments during the PQC transition period.

Key Exchange Algorithms & Groups

In TLS 1.3, key exchange is performed using groups (named curves and finite field groups). The scanner tests all supported groups to determine which are accepted by the server.

Elliptic Curve Groups

Group Name Type Security Notes
X25519 Curve25519 Strong Modern, fast, widely recommended
P-256 (secp256r1) NIST P-256 Strong Most widely deployed
P-384 (secp384r1) NIST P-384 Strong Commonly used for government/high-security
P-521 (secp521r1) NIST P-521 Strong Highest classical security level
X448 Curve448 Strong Higher security margin than X25519

Finite Field Diffie-Hellman Groups

Group Name Key Size Security Notes
ffdhe2048 2048-bit Moderate Minimum acceptable for legacy compatibility
ffdhe3072 3072-bit Strong Recommended minimum for new deployments
ffdhe4096 4096-bit Strong High security applications
ffdhe6144 6144-bit Very Strong Government and high-security deployments
ffdhe8192 8192-bit Very Strong Maximum classical security (slower)

💡 Performance Note: Elliptic curve groups (X25519, P-256) provide equivalent security to finite field groups with much smaller key sizes and better performance. ECDHE is recommended over DHE for most applications.

SSH Cipher Detection

The scanner detects SSH cryptographic configurations when SSH services are encountered. Unlike TLS, SSH uses separate algorithms for key exchange, host keys, encryption, and MAC.

SSH Key Exchange Algorithms

Algorithm Type Security Notes
curve25519-sha256 ECDH Strong Modern, recommended
ecdh-sha2-nistp256 ECDH Strong NIST P-256
ecdh-sha2-nistp384 ECDH Strong NIST P-384, higher security
ecdh-sha2-nistp521 ECDH Strong NIST P-521, highest security
diffie-hellman-group14-sha256 DH Moderate 2048-bit DH, legacy compatibility
diffie-hellman-group16-sha512 DH Strong 4096-bit DH
diffie-hellman-group18-sha512 DH Strong 8192-bit DH, maximum security
diffie-hellman-group-exchange-sha256 DH Strong Dynamic group negotiation
diffie-hellman-group14-sha1 DH Weak SHA-1 deprecated, avoid
diffie-hellman-group1-sha1 DH Critical 1024-bit + SHA-1, vulnerable

SSH Host Key Algorithms

Algorithm Type Security Notes
ssh-ed25519 EdDSA Strong Modern, recommended
ecdsa-sha2-nistp256 ECDSA Strong NIST P-256
ecdsa-sha2-nistp384 ECDSA Strong NIST P-384
ecdsa-sha2-nistp521 ECDSA Strong NIST P-521
rsa-sha2-512 RSA Strong RSA with SHA-512 (3072+ bits recommended)
rsa-sha2-256 RSA Strong RSA with SHA-256 (2048+ bits recommended)
ssh-rsa RSA Weak SHA-1 signature, deprecated
ssh-dss DSA Critical 1024-bit DSA, weak and deprecated

SSH Encryption Ciphers

Cipher Mode Security Notes
chacha20-poly1305@openssh.com AEAD Strong Modern, fast, recommended
aes256-gcm@openssh.com AEAD Strong AES-256 GCM mode
aes128-gcm@openssh.com AEAD Strong AES-128 GCM mode
aes256-ctr CTR Strong AES-256 counter mode
aes192-ctr CTR Strong AES-192 counter mode
aes128-ctr CTR Strong AES-128 counter mode
aes256-cbc CBC Moderate Legacy, vulnerable to attacks
aes128-cbc CBC Moderate Legacy, vulnerable to attacks
3des-cbc CBC Critical 3DES weak, SWEET32 attack
arcfour Stream Critical RC4 broken, do not use

SSH MAC (Message Authentication) Algorithms

MAC Algorithm Hash Function Security Notes
hmac-sha2-512-etm@openssh.com SHA-512 Strong Encrypt-then-MAC, recommended
hmac-sha2-256-etm@openssh.com SHA-256 Strong Encrypt-then-MAC, recommended
hmac-sha2-512 SHA-512 Strong Standard HMAC
hmac-sha2-256 SHA-256 Strong Standard HMAC
hmac-sha1 SHA-1 Weak SHA-1 deprecated, avoid
hmac-md5 MD5 Critical MD5 broken, do not use

✅ SSH Best Practices: Use curve25519-sha256 for key exchange, ssh-ed25519 for host keys, chacha20-poly1305@openssh.com for encryption, and hmac-sha2-512-etm@openssh.com for MAC. These provide excellent security and performance.

Unsupported/Experimental Algorithms

Some PQC algorithms are not yet supported by OpenSSL 3.5.2 or are still experimental. The scanner cannot currently detect these algorithms.

PQC Algorithms Not Yet Supported

Algorithm Type Status Reason
Falcon Signature Unsupported Not NIST-standardized, requires liboqs provider
BIKE KEM Unsupported Not NIST-standardized, requires liboqs provider
FrodoKEM KEM Unsupported Not NIST-standardized, requires liboqs provider
Composite Signatures Signature Unsupported E.g., mldsa44_ed25519, requires liboqs provider

ℹī¸ About SPHINCS+/SLH-DSA: While OpenSSL 3.5.2 supports SLH-DSA (standardized SPHINCS+), many test servers still use the old pre-standardization names (sphincssha2*, sphincsshake*) which causes OID/naming mismatches. Detection may fail until servers update to NIST-standardized names.

Performance Considerations

Connection Count

Cipher scanning tests multiple combinations:

  • 87+ cipher suite tests
  • Multiple protocol versions (TLS 1.0-1.3)
  • Multiple key exchange groups
  • Typical: 200-400 connections per target

Resource Management

CPU throttling controls concurrency:

  • Low: 2 concurrent connections
  • Medium: 5 concurrent connections
  • High: 10 concurrent connections
  • None: 20 concurrent connections

⚠ī¸ Production Tip: Use -cputhrottle low for production scans to avoid overwhelming targets and minimize resource usage. Consider scanning during maintenance windows for comprehensive enterprise deployments.

← Back to Main Documentation

TLS/SSH Scanner with Post-Quantum Cryptography Detection