Qualsys tells me that current versions of Safari on OS X don't support AES-GCM for the SSL/TLS cipher algorithm. I'd like to verify this by observing which cipher suite is selected when visiting my website. However, the only technical information Safari seems to provide is related to the certificate, not the connection itself.
I'm also interested in being able to find this information because I like to check the key exchange algorithm on sites for forward secrecy. I don't generally use Safari for day-to-day operations, but, y'know, sometimes it's necessary.
Is there a way to determine the ciphersuite being used for a particular connection in Safari?
Best Answer
The information you are looking for is easily available in Chrome (v35). Just click on the lock icon in the browser location bar and the cipher suite details are there.
But you asked about Safari. Clicking on the lock icon in Safari 7.0.4 only gives a fraction of what you get in Chrome. I thought there might be more in Safari Developer Tools but came up empty.
What worked for me was to use a network packet inspector (I used WireShark installed through Homebrew).
WireShark will allow you to examine all the network traffic including the "Client Hello" message where Safari lists the cipher suites it supports (the list is 37 items long and matches the list you linked to from Qualsys).
A little further down you can see the "Server Hello" message. In this response the server will respond with the name of the best cipher suite that they both share.
The screenshot below is from WireShark. I have set up a filter to only show packets to and from IP addresses corresponding to 'www.google.com'. Then I started recording and then loaded the google home page under https in Safari.
You can see that the negotiated cipher suite between google and Safari is
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA.Further down in the transcript (not shown) I found packets relating to to "Change Cipher Spec", but this doesn't appear (from what I can tell) to change the selected suite.