Here is a perl script which connects to a netscape-style "https" server. The results of running it with "https.pl home1.mcom.com 443" is: Attempting connection to 198.93.93.10 Connected Sent message, length 40 Received length = 502 Message type = 4 Session ID Hit flag = 0 Certificate type = 1 Server version = 2 Certificate length = 472 Cipher specs length = 3 Conn ID length = 16 Supported ciphers: RC4_EXPORT40, 128 bits This way you can see which of the 5 cipher options (RC4 or RC2 in full and export versions, plus IDEA) are supported by any given server. You always use port 443 and just specify the machine name. I was a little surprised that Netscape's own server is only running the 40 bit version. I hope the export restrictions will not prevent the use of full strength ciphers. Here is the script, which I call https.pl: #!/usr/local/bin/perl # Perl script to test connection to http ssl port # Usage: https machine port # Standard internet stuff $AF_INET = 2; $SOCK_STREAM = 1; ($name, $aliases, $proto) = getprotobyname('tcp'); $sockaddr = 'S n a4 x8'; # Parse if (@ARGV == 2) { ($them, $port) = @ARGV; } else { die "Usage: $0 machine port\n"; } select (S); $| = 1; select (STDOUT); socket (S, $AF_INET, $SOCK_STREAM, $proto) || die "socket: $!"; ($name, $aliases, $type, $len, $thataddr) = gethostbyname($them); $that = pack ($sockaddr, $AF_INET, $port, $thataddr); @thataddr = unpack('C4', $thataddr); $thataddr = join('.', @thataddr); print "Attempting connection to $thataddr\n"; die $! unless connect (S, $that); print "Connected\n"; $cli_hello = 1; $vers = 2; $msg = pack ("C n4", $cli_hello, $vers, 5*3, 0, 16); $challenge = pack ("d2", rand, rand); #16 bytes $cspecs = pack ("Cn"x5, 1, 128, 2, 128, 3, 128, 4, 128, 5, 128); $len = 1+8+5*3+0+16 + 32768; $h = pack("n", $len); $totmsg = pack("a2 a9 a15 a16", $h, $msg, $cspecs, $challenge); print S $totmsg; print "Sent message, length ", $len-32768, "\n"; # Now for the interesting part read (S, $phd, 2); ($slen) = unpack ("n", $phd); print "Received length = ", $slen-32768, "\n"; read (S, $pm1, 11); ($smsg, $ssess, $scert, $sver, $sclen, $scspeclen, $scidlen) = unpack ("C3 n4", $pm1); print "Message type = $smsg\n"; print "Session ID Hit flag = $ssess\n"; print "Certificate type = $scert\n"; print "Server version = $sver\n"; print "Certificate length = $sclen\n"; print "Cipher specs length = $scspeclen\n"; print "Conn ID length = $scidlen\n"; if ($sclen) { read (S, $scert, $sclen); } read (S, $pspecs, $scspeclen); $nscspecs = $scspeclen / 3; @scspecs = unpack ("Cn" x $nscspecs, $pspecs); @ciphernames = ( "(undefined)", "RC4", "RC4_EXPORT40", "RC2", "RC2_EXPORT40", "IDEA" ); print "Supported ciphers:\n"; for ($i=0; $i<$nscspecs; ++$i) { printf ("\t%s, %d bits\n", @ciphernames[@scspecs[2*$i]], @scspecs[2*$i+1]); } read (S, $scid, $scidlen); close S; exit 0;