Although the OpenSSL command-line tool provides many options to test the SSL configuration, the output of the tool is not user friendly. The tool also requires a fair amount of knowledge about the cipher suites that you want to test.

Kali Linux comes with many tools that automate the task of identifying SSL misconfigurations, outdated protocol versions, and weak cipher suites and hashing algorithms. One of the tools is SSLScan, which can be accessed by going to Applications | Information Gathering | SSL Analysis.

By default, SSLScan checks if the server is vulnerable to the CRIME and Heartbleed vulnerabilities. The -tls option will force SSLScan only to test the cipher suites using the TLS protocol. The output is distributed in various colors, with green indicating that the cipher suite is secure and the sections that are colored in red and yellow are trying to attract your attention:

The cipher suites supported by the client can be identified by running the following command. It will display a long list of ciphers that are supported by the client:

sslscan -show-ciphers www.example.com:443  

If you want to analyze the certificate-related data, use the following command that will display detailed information on the certificate:

sslscan --show-certificate --no-ciphersuites www.amazon.com:443  

The output of the command can be exported in an XML document using the -xml=<filename> option.