Is it possible to view the cipher suites offered on my behalf by a MITM proxy?

Question

I'm trying to discover what cipher suites are being offered by my corporate proxy. It's set up as a man in the middle so my "secure" connections are to it, and it attempts to create a secure connection to my target.

Specifically, I'm looking to view the list of ciphers presented by the proxy in the ClientHello message of the secure connection negotiation.

I don't have the ability to run a network sniffer on outbound traffic from the proxy.

I appreciate that this is information that might be difficult to obtain since it is sent prior to the establishment of a connection, but thought that there might be a website out there for just such a need that I can't seem to find via search engine. Every other facet of the negotiation seems accessible.

The fallback plan is to expose a server running Apache and run a network sniffer on it, hit said box from the corporate network and sort through the results. There are issues that make this less than desirable.

Have you tried https://www.ssllabs.com/ssltest/? Since I don't have a formal network diagram of the mentioned scenario is quite difficult to determine if this would work or not, however if the proxy is in front of the actual server or an outbound load balancer, the cipher suites of the proxy should show up in ssllabs. — Filipe dos Santos, Oct 08 '20 at 17:10
To be clear, you're not going to use this information to try to conclude anything about the security of this proxy, right? Using the 'right' ciphersuite(s) absolutely does not provide or ensure security, and its not at all clear it's even positively correlated, except that the 1.3-only suites are perfectly correlated with 1.3 (duh) and 1.3 is better than 1.2 (or less) in some situations though the suites within 1.3 don't matter much. — dave_thompson_085, Oct 09 '20 at 03:24
We're not trying to conclude anything about security. We're trying to diagnose handshake failures that occur only when we communicate from a server, but not from a workstation - two different proxies. We believe the more tightly controlled proxy that the server uses is not offering the cipher suites that the user proxy is offering, and are compiling evidence to compel the responsible group to investigate. — Skerkles, Oct 09 '20 at 16:31

score 3 · Accepted Answer · answered Oct 08 '20 at 17:50

3

You don't need to do network sniffing, you just need to run a server that displays its connection parameters in detail. Contact that server from your client.

Some existing servers:

Qualys is best known for their server scanning but they also have a page that reports client information.
How's My SSL reports client information.

answered Oct 08 '20 at 17:50

Gilles 'SO- stop being evil'

50,912
13
120
179

Not sure how I missed the "Given Cipher Suites" section of How's My SSL, but thank you. – Skerkles Oct 08 '20 at 19:08

Is it possible to view the cipher suites offered on my behalf by a MITM proxy?

1 Answers1