How to Use the Weak Cipher Tester
The Weak Cipher Suites Tester is a client-side tool that analyzes TLS cipher lists from scanning tools. No data leaves your browser — making it ideal for sensitive environments.
Step 1: Gather Cipher Data
Use any of these methods:
- nmap:
nmap --script ssl-enum-ciphers -p 443 example.com - sslyze:
sslyze --regular example.com - testssl.sh:
./testssl.sh example.com - Browser: Open Dev Tools → Security → View Certificate → Cipher
Step 2: Copy the Output
Select the section listing cipher suites, e.g.:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| TLS_RSA_WITH_3DES_EDE_CBC_SHA
Step 3: Paste into the Tester
Go to the Weak Cipher Tester and:
- Paste the raw text
- Click “Analyze Ciphers”
The tool extracts and evaluates each suite.
Step 4: Interpret Results
Each cipher gets:
- Grade: A+ to F
- Classification: MODERN, STRONG, MEDIUM, WEAK
- Compliance: PCI DSS & FIPS status
- Remediation: Actionable fix
Pro Tips
- Test all endpoints: web, API, mail, VPN
- Scan load balancers — they often have different configs
- Export results for audit trails
FAQ
Can I scan a domain directly?
No — browser CORS prevents socket-level TLS handshakes. You must provide the cipher list.
What if no ciphers are detected?
Ensure you copied the section with TLS_ or SSL_ suite names.
Is my data sent anywhere?
No. All analysis runs in your browser. View source to confirm.
Audit fast. Fix faster. Secure always.