A few months ago, I wrote an article on how to configure IIS for SSL/TLS protocol cipher best practices. To test your configuration, you can use a handy tool called NMap (nmap.org) or the ZenMap GUI.
Included in NMap is a script called ssl-enum-ciphers, which will let you scan a target and list all SSL protocols and ciphers that are available on that server. You can also narrow it down by specifying a port number with the -p option.
Using NMap, the script would look something like This tool comes in handy if you’re doing a vulnerability scan and you need to make some changes to a server and you want to test those changes. This will allow you to perform a quick scan without needing to do a complete vulnerability scan. You can read more about this NMap script here: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.htmlnmap --script ssl-enum-ciphers nmap -p [port] --script ssl-enum-ciphers [target] where [port] is the port number you want to scan. If you do not specify a port number, it will scan all ports on the server and return the results for each port that is configured to use SSL.
