Na openwrt je nutné nainstalovat nmap-full, který podporuje scriptování a TLS. A stáhnout script ssl-enum-ciphers
root@MB:~# nmap --script ssl-enum-ciphers.nse -p 443 server.cz
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-13 18:19 CET
Nmap scan report for server.cz (152.184.162.111)
Host is up (0.041s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - unknown
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.1:
| ciphers:
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - unknown
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.2:
| ciphers:
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - unknown
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - unknown
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: unknown
Nmap done: 1 IP address (1 host up) scanned in 4.07 seconds