all IANA cipher suites

[kylak]

Which version are you referring to
The lastest.

Hello, does testssl.sh uses all IANA cipher suites ?

Thanks.

[drwetter]

I just encountered a déjà vu. Why do you ask the same question twice? And you asked the same question also at cipherscan. What's the reason, I am just curious.

…

-- Sent from my mobile. Apologize for my brevity and typos/autocorrection

[kylak]

Here's the answer : OWASP/O-Saft#135 (comment)

[drwetter]

Yeah, I remember having a discussion with EnDe a looong time back why testssl.sh doesn´t do that and scanning for every possible cipher suite. Conclusion was: Our tools have just different goals.

You can however try to scan with an undocumented feature like ./testssl.sh -q --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com and use all IANA suites. ;-)

There's another issue why I believe in general the result maybe not reliable: for some cipher suites you would need to provide TLS extensions or specific values in those extensions, otherwise the server won't possibly accept the ClientHello, see e.g. #1207 (comment)

[kylak]

There's another issue why I believe in general the result maybe not reliable: for some cipher suites you would need to provide TLS extensions or specific values in those extensions, otherwise the server won't possibly accept the ClientHello, see e.g. #1207 (comment)

Just opened an issue here to know if O-Saft handles these scenarios.