Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Output hexadecimal ID of SSL/TLS cipher suite

For those of you that also asked themselves how to get the hexadecimal SSL/TLS cipher ID when running tmm --clientciphers, here's a possible way to convert the ID to hex on the fly:

# tmm --clientciphers "DEFAULT" | awk 'FNR > 1 {printf "ID %s (0x%x): %s %s\n", $2, $2, $3, $5}' 
ID 159 (0x9f): DHE-RSA-AES256-GCM-SHA384 TLS1.2
ID 158 (0x9e): DHE-RSA-AES128-GCM-SHA256 TLS1.2
ID 107 (0x6b): DHE-RSA-AES256-SHA256 TLS1.2
ID 57 (0x39): DHE-RSA-AES256-SHA TLS1
ID 57 (0x39): DHE-RSA-AES256-SHA TLS1.1
ID 57 (0x39): DHE-RSA-AES256-SHA TLS1.2
ID 57 (0x39): DHE-RSA-AES256-SHA DTLS1
ID 103 (0x67): DHE-RSA-AES128-SHA256 TLS1.2
ID 51 (0x33): DHE-RSA-AES128-SHA TLS1
ID 51 (0x33): DHE-RSA-AES128-SHA TLS1.1
ID 51 (0x33): DHE-RSA-AES128-SHA TLS1.2
ID 51 (0x33): DHE-RSA-AES128-SHA DTLS1
ID 22 (0x16): DHE-RSA-DES-CBC3-SHA TLS1
ID 22 (0x16): DHE-RSA-DES-CBC3-SHA TLS1.1
ID 22 (0x16): DHE-RSA-DES-CBC3-SHA TLS1.2
ID 22 (0x16): DHE-RSA-DES-CBC3-SHA DTLS1
ID 157 (0x9d): AES256-GCM-SHA384 TLS1.2
ID 156 (0x9c): AES128-GCM-SHA256 TLS1.2
ID 61 (0x3d): AES256-SHA256 TLS1.2
ID 53 (0x35): AES256-SHA TLS1
ID 53 (0x35): AES256-SHA TLS1.1
ID 53 (0x35): AES256-SHA TLS1.2
ID 53 (0x35): AES256-SHA DTLS1
ID 60 (0x3c): AES128-SHA256 TLS1.2
ID 47 (0x2f): AES128-SHA TLS1
ID 47 (0x2f): AES128-SHA TLS1.1
ID 47 (0x2f): AES128-SHA TLS1.2
ID 47 (0x2f): AES128-SHA DTLS1
ID 10 (0xa): DES-CBC3-SHA TLS1
ID 10 (0xa): DES-CBC3-SHA TLS1.1
ID 10 (0xa): DES-CBC3-SHA TLS1.2
ID 10 (0xa): DES-CBC3-SHA DTLS1
ID 49200 (0xc030): ECDHE-RSA-AES256-GCM-SHA384 TLS1.2
ID 49199 (0xc02f): ECDHE-RSA-AES128-GCM-SHA256 TLS1.2
ID 49192 (0xc028): ECDHE-RSA-AES256-SHA384 TLS1.2
ID 49172 (0xc014): ECDHE-RSA-AES256-CBC-SHA TLS1
ID 49172 (0xc014): ECDHE-RSA-AES256-CBC-SHA TLS1.1
ID 49172 (0xc014): ECDHE-RSA-AES256-CBC-SHA TLS1.2
ID 49191 (0xc027): ECDHE-RSA-AES128-SHA256 TLS1.2
ID 49171 (0xc013): ECDHE-RSA-AES128-CBC-SHA TLS1
ID 49171 (0xc013): ECDHE-RSA-AES128-CBC-SHA TLS1.1
ID 49171 (0xc013): ECDHE-RSA-AES128-CBC-SHA TLS1.2
ID 49170 (0xc012): ECDHE-RSA-DES-CBC3-SHA TLS1
ID 49170 (0xc012): ECDHE-RSA-DES-CBC3-SHA TLS1.1
ID 49170 (0xc012): ECDHE-RSA-DES-CBC3-SHA TLS1.2

I think this greatly improves comparatibility to e.g. SSL handshake decodes in wireshark, etc. Hopefully, someone around here can benefit from that, too...

Regards Martin

0
Rate this Discussion

Replies to this Discussion

placeholder+image

This is great stuff, tatmotiv.

You can then compare those values here: http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

0
Comments on this Reply
Comment made 31-Oct-2016 by tatmotiv 918

Thanks Kevin. I honestly do not understand why tmm --clientciphers is the only SSL-related command in the world that returns the ID in decimal format, while even f5 themselves use hex values in their support documents (e.g. https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html) ... ;-)

0
placeholder+image

@tatmotiv: Thanks for the great & handy command - good stuff indeed.

0