Good cipher usage is important for the encryption of you connection. With nmap we can look at them and harden the configuration were needed. For that we use the nmap scripting engine with ssl-enum-ciphers script.
Test and install nmap
First, check if nmap is installed.
sebastian@nw4mac:~$ nmap -V Nmap version 7.40 ( https://nmap.org ) Platform: x86_64-apple-darwin16.3.0 Compiled with: liblua-5.3.3 openssl-1.0.2j nmap-libpcre-7.6 libpcap-1.8.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: kqueue poll select
If it is not installed, install it!
# Debian / Ubuntu apt install nmap # Apple macOS brew install nmap # CentOS / Redhad / Fedora dnf install nmap # or with yum yum install nmap
Get your ciphers
When the installation is done, run your first scan. Use -p for the port number and choose your own target.
nmap --script ssl-enum-ciphers -p 443 www.binaryfigments.com
And see the results in the window below. It also gives a grade on you cipher usage. An A grade is nice to have!
You can also check the ciphers on you e-mail server in port 993 for IMAP of port 587 for SMTP with TLS.
nmap --script ssl-enum-ciphers -p 587 mail.solarisinternetgroep.nl
Which gives the following results:
The scores above are fine, but what is you have some issues in your cipher configuration on your website. Your grade will be lower like a C of D. If that is the case, you really should look at your web server configuration and turn of the bad ciphers!
More than a port scanner
In these examples you can see that nmap is more than only a port and network scanner. It can do so much more with the scripting engine. Later more about the nmap scripting engine! In the meanwhile, read about it over here: https://nmap.org/book/man-nse.html.