- The tool now checks to see that it can make a connection to the provided host and port before it performs all of its SSL tests. This will allow you to differentiate a non listening socket or non working network connection from an SSL service that supports no ciphers (mostly there to remind you when you mistype the hostname/port or when the service is down). Thanks to Gitsnik for suggesting this (months ago...).
- The tool now implements some crude detection for sites that allow an SSL connection using weak ciphers exclusively to provide "friendly" advice to the end user to upgrade their browser. In response to a comment from Anton here. Basically, I make a simple HTTP 1.1 request over any SSL socket that gets established, check the response for a "401 Unauthorized" response, and treat as unsupported any associated ciphers. Im reasonably sure that this response should not be generated when authentication is required to access the web resource (that should be "401 Authorization Required"), but just in case the tool will tell you when it considers one or more ciphers to be unsupported because of this reason, and it will give you instructions on how to get more information to confirm. If this causes false negatives, let me know so I can resolve the issue. This new feature can also be disabled using the -f switch if it causes problems - see the help for more information.
Download below - this link will always point to the latest version of the tool: