Table of Contents


show-cipher-preference - server to show TLS client cipher preference


show-cipher-preference [ PORT ]


show-cipher-preference is a most simple server to analyze a TLS CLIENT HELLO. It listens on the given tcp port or default port 443. If a TLS client connects then it prints data of the TLS client hello including cipher preference and optionally (on ECDH) the curves,

Return Value

The return value is 0 if no error occurs and a TLS client hello could be identified and analyzed. Error return values:
  1. illegal port
  2. couldn’t create socket
  3. couldn’t set socket options
  4. couldn’t bind to socket
  5. couldn’t listen on socket
  6. couldn’t set receive buffer
  7. couldn’t accept connection
  8. network read too short
  9. TLS wrong type
  10. TLS wrong record length
  11. TLS wrong message type (must be client hello)


Example for a cipher preference with just one ECDH cipher:
$ ./show-cipher-preference 1993
Version: TLSv1
Record Length: 114
Message Length: 110
Version: TLSv1.2
ServerRandom, Time: 1472248691,
Fri Aug 26 23:58:11 2016
(time reversed:) 1941684311,
Sun Jul 13 06:45:11 2031
Session ID Length: 0
Cipher Suite Length: 4
Compression Methods Length: 1
Extensions Length: 65
Extension: 0x00 0x0B, Extension Length: 4
Extension: 0x00 0x0A, Extension Length: 8, EC list: sect233k1 secp521r1 secp384r1 secp256r1
Extension: 0x00 0x23, Extension Length: 0
Extension: 0x00 0x0D, Extension Length: 32
Extension: 0x00 0x0F, Extension Length: 1


Frank Bergmann,

Table of Contents