If you are in process of securing your web server or site, there are some tools and online resources that can help us a lot (in one of the following posts will show you some of them).

But simply using the command the fantastic nmap tool, another interesting feature is listing the available cipher suite certain site offers using the “–script ssl-enum-ciphers” parameter:

$ nmap --script ssl-enum-ciphers -p 443 <host>

For example:

$ nmap --script ssl-enum-ciphers -p 443 somoit.net

Starting Nmap 7.40 ( https://nmap.org ) at 2019-05-20 16:54 CEST
Nmap scan report for somoit.net (
Host is up (0.0096s latency).
rDNS record for mail.host108.hostinet.com
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds