What are the default ciphers offered by tls-scan?

[ealashwali]

Hi. If I did not specify the ciphers using -C --ciphers=<arg> nor specified a version's ciphers using --tls1_1 what are the ciphers that the tls-scan will offer to the server? It is important to know as these will affect the server's response. For example, if there is a cipher a tls-scan did not offer from the 1st place, the server will never choose it. So it is important for me to knwo in order to draw the conclusions. Also, can you give a brief idea of the methodology used? does tls-scan examine one cipher at time? I will use tls-scan for a research and it is useful to know what's your methodology please.

[prbinu]

default cipher:
static const char *default_ciphers = "ALL:aNULL:eNULL:NULL";

All openssl ciphers are supported except the following: SRP PSK RC2 DES-CBC3-MD5 RC4-64-MD5 DES-CBC-MD5 IDEA Also the CHACHA ciphers code: https://github.com/prbinu/tls-scan/blob/master/main.c#L1344

[prbinu]

tls-scan tries one cipher at a time. however the tool can make parallel connections to the same server using different ciphers, makes it run faster.

[prbinu]

BTW, I have used a previous version of this tool and scanned ~20M mail domains (SMTP). More here: https://www.slideshare.net/BinuRamakrishnan/analysis-of-tls-in-smtp-world