#!/bin/sh
echo 
case "$1" in 
 ssl2)  echo "Testing SSL v2 ..."
	ssl="-ssl2"
	;;
 ssl3)  echo "Testing SSL v3 ..."
	ssl="-ssl3"
	;;
 tls1)  echo "Testing TLS v1 ..."
	ssl="-tls1"
	;;
 tls1_1) echo "Testing TLS v1.1 ..."
	ssl="-tls1_1"
	;;
 tls1_2) echo "Testing TLS v1.2 ..."
	ssl="-tls1_2"
	;; 
 *)	echo "Testing auto negotiated SSL/TLS version ..."
	ssl=""
	;;
esac
if [ -z "$1" ]; then
	echo "Usage: `basename $0` <ssl2|ssl3|tls1|tls1_1|tls1_2|auto> [ip address] [port] [ftp]"
	echo "Param1: No default value. Any text different from listed above is like auto (auto negotiate SSL/TLS version)."
	echo "Param2: Default is 127.0.0.1 (localhost)."
	echo "Param3: Default is 443 (HTTPS default port)."
	echo "Param4: If not empty use explicit FTPS instead of HTTPS."
	echo
	exit
fi

if [ -z "$2" ]; then
  ip="127.0.0.1"
  port="443"
  echo "Testing IP 127.0.0.1 on port 443..."
else
  ip="$2"
  if [ -z "$3" ]; then
    port="443"
    echo "Testing IP $2 on port 443 ..."
  else
    port="$3a"
    if [ -z "$4" ]; then
      echo "Testing IP $2 on port $3 ..."
    else
      echo "Testing IP $2 on port $3 with starttls ftp ..."
    fi
  fi
fi

if [ -z "$4" ]; then
  ftps=""
else
  ftps="-starttls ftp"
fi

echo "
List of working cipher suites (sorted):
"
for cipher in $( openssl ciphers | sed -e 's/:/\n/g' | uniq ) ;
 do for try in {1..5};
 do echo QUIT |
 openssl s_client -cipher $cipher $ssl -connect ${ip}:$port $ftps 2>&1 |
grep 'Cipher\|Protocol' |grep ':' | cut -d' ' -f8- | tr -d '\n' && echo  "\n" ; done ; done | sort -u | grep -v "0000" | grep -v -e '^$' | tee openssl.results
echo "
Working cipher suites count: " `cat openssl.results | wc -l`"
"
echo QUIT | openssl s_client -connect ${ip}:$port $ftps 2>&1 | grep 'Cipher\|Protocol' |grep ':' | cut -d' ' -f8- | tr -d '\n' && echo  " (auto negotiated)\n"