[clug] Crypto debugging

[Tony Lewis]

I'm working in a constrained environment (limited ability to get hands 
on keyboard or install stuff) and I need to figure out the simplest way 
to be able to run scans to tell me what versions of SSL/TLS, and what 
ciphers, including weak ones, are running on other boxes in that 
environment.

I've considered:

  * running openssl s_client:
      o decent versions have weak ciphers disabled at compile time, so
        out of the box it doesn't help much
  * compiling openssl with weak ciphers included
      o I've limited experience recompiling on this platform but could
        look into it
  * installing and running openvas
      o this will change the environment a bit, including adding
        repositories so was hoping to avoid
      o also, no experience, so there is a learning curve

Can anyone suggest a tool that can do this with a minimum of effort and 
change to the environment.  Ideally I can just run it and point it at an 
ip:port and get a summary of the certificate, protocol and ciphers offered.

Thanks,

Tony