000032987 - How to check for available SSL/TLS protocols and ciphers for a specific port in RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000032987
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.1
IssueHow to check which SSL/TLS protocols and ciphers are available on a specific port.
ResolutionFollow the below steps:
1- Download the file "TestSSLServer.jar" from this link: https://github.com/Warpnet/scantool/raw/master/TestSSLServer.jar or use the one attached to this article.
2- Move the file to any server having java and able to connect to the desired server and port.
3- Run the below command from the directory where you have placed the file.
# java -jar TestSSLServer.jar <server_name_or_ip> <port>
# java -jar TestSSLServer.jar am81p.vcloud.local 7002

4- The output will show the available protocols and ports. Here is an example of how the output may look like:
# java -jar TestSSLServer.jar am81p.vcloud.local 7002
Supported versions: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
  (TLSv1.0: idem)
  (TLSv1.1: idem)
Server certificate(s):
  d887fe3c5b9f7597c32b1c569e0dc3c219bd7cb2: SERIALNUMBER=04f93769869b944d3817e9327f809f4a9e864db0adb54067a077469629781cdc, CN=am81p.vcloud.local
Minimal encryption strength:     strong encryption (96-bit or more)
Achievable encryption strength:  strong encryption (96-bit or more)
BEAST status: vulnerable
CRIME status: protected

In this example:

  • SSLv3 is enabled with ciphers RSA_WITH_AES_128_CBC_SHA, and RSA_WITH_AES_256_CBC_SHA.
  • TLSv1.0 has no ciphers, so it is disabled.
  • TLSv1.1 has no ciphers, so it is disabled.
  • TLSv1.2 is enabled with ciphers RSA_WITH_AES_128_CBC_SHA,  RSA_WITH_AES_256_CBC_SHA,  RSA_WITH_AES_128_CBC_SHA256,  RSA_WITH_AES_256_CBC_SHA256,  and TLS_RSA_WITH_AES_128_GCM_SHA256