Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Output hexadecimal ID of SSL/TLS cipher suite

For those of you that also asked themselves how to get the hexadecimal SSL/TLS cipher ID when running tmm --clientciphers, here's a possible way to convert the ID to hex on the fly:

# tmm --clientciphers "DEFAULT" | awk 'FNR > 1 {printf "ID %s (0x%x): %s %s\n", $2, $2, $3, $5}' 
ID 159 (0x9f): DHE-RSA-AES256-GCM-SHA384 TLS1.2
ID 158 (0x9e): DHE-RSA-AES128-GCM-SHA256 TLS1.2
ID 107 (0x6b): DHE-RSA-AES256-SHA256 TLS1.2
ID 57 (0x39): DHE-RSA-AES256-SHA TLS1
ID 57 (0x39): DHE-RSA-AES256-SHA TLS1.1
ID 57 (0x39): DHE-RSA-AES256-SHA TLS1.2
ID 57 (0x39): DHE-RSA-AES256-SHA DTLS1
ID 103 (0x67): DHE-RSA-AES128-SHA256 TLS1.2
ID 51 (0x33): DHE-RSA-AES128-SHA TLS1
ID 51 (0x33): DHE-RSA-AES128-SHA TLS1.1
ID 51 (0x33): DHE-RSA-AES128-SHA TLS1.2
ID 51 (0x33): DHE-RSA-AES128-SHA DTLS1
ID 22 (0x16): DHE-RSA-DES-CBC3-SHA TLS1.1
ID 22 (0x16): DHE-RSA-DES-CBC3-SHA TLS1.2
ID 157 (0x9d): AES256-GCM-SHA384 TLS1.2
ID 156 (0x9c): AES128-GCM-SHA256 TLS1.2
ID 61 (0x3d): AES256-SHA256 TLS1.2
ID 53 (0x35): AES256-SHA TLS1
ID 53 (0x35): AES256-SHA TLS1.1
ID 53 (0x35): AES256-SHA TLS1.2
ID 53 (0x35): AES256-SHA DTLS1
ID 60 (0x3c): AES128-SHA256 TLS1.2
ID 47 (0x2f): AES128-SHA TLS1
ID 47 (0x2f): AES128-SHA TLS1.1
ID 47 (0x2f): AES128-SHA TLS1.2
ID 47 (0x2f): AES128-SHA DTLS1
ID 10 (0xa): DES-CBC3-SHA TLS1
ID 10 (0xa): DES-CBC3-SHA TLS1.1
ID 10 (0xa): DES-CBC3-SHA TLS1.2
ID 10 (0xa): DES-CBC3-SHA DTLS1
ID 49200 (0xc030): ECDHE-RSA-AES256-GCM-SHA384 TLS1.2
ID 49199 (0xc02f): ECDHE-RSA-AES128-GCM-SHA256 TLS1.2
ID 49192 (0xc028): ECDHE-RSA-AES256-SHA384 TLS1.2
ID 49172 (0xc014): ECDHE-RSA-AES256-CBC-SHA TLS1
ID 49172 (0xc014): ECDHE-RSA-AES256-CBC-SHA TLS1.1
ID 49172 (0xc014): ECDHE-RSA-AES256-CBC-SHA TLS1.2
ID 49191 (0xc027): ECDHE-RSA-AES128-SHA256 TLS1.2
ID 49171 (0xc013): ECDHE-RSA-AES128-CBC-SHA TLS1
ID 49171 (0xc013): ECDHE-RSA-AES128-CBC-SHA TLS1.1
ID 49171 (0xc013): ECDHE-RSA-AES128-CBC-SHA TLS1.2
ID 49170 (0xc012): ECDHE-RSA-DES-CBC3-SHA TLS1
ID 49170 (0xc012): ECDHE-RSA-DES-CBC3-SHA TLS1.1
ID 49170 (0xc012): ECDHE-RSA-DES-CBC3-SHA TLS1.2

I think this greatly improves comparatibility to e.g. SSL handshake decodes in wireshark, etc. Hopefully, someone around here can benefit from that, too...

Regards Martin

Rate this Discussion

Replies to this Discussion


This is great stuff, tatmotiv.

You can then compare those values here: http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Comments on this Reply
Comment made 31-Oct-2016 by tatmotiv 1021

Thanks Kevin. I honestly do not understand why tmm --clientciphers is the only SSL-related command in the world that returns the ID in decimal format, while even f5 themselves use hex values in their support documents (e.g. https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html) ... ;-)


@tatmotiv: Thanks for the great & handy command - good stuff indeed.