Update Feb 2023: enumerating the secure protocols and ciphers of a remote site can be done more efficiently by nmap, as described in my other article here.
While enabling HTTPS is a important step in securing your web application, it is critical that you take steps to disable legacy protocols and low strength ciphers that can circumvent the very security you are attempting to implement.
As long as you have the latest version of openssl then you should be able to use a bash script like below (credit for this script goes here) to enumerate every matching protocol and cipher that a server is exposing.
#!/bin/bash serverport=$1 echo testing against $serverport for v in ssl3 tls1 tls1_1 tls1_2; do for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do openssl s_client -connect $serverport \ -cipher $c -$v < /dev/null > /dev/null 2>&1 && echo -e "$v:\t$c" done done
You would execute the script something like:
chmod 755 checkciphers.sh .\checkciphers.sh 127.0.01:443
If you want to see all the ciphers being considered, then run the following:
openssl version openssl ciphers -v
Now that you have a complete matching list of the protocols/ciphers, now you will need to determine which protocols (e.g. sslv3) and low-strength ciphers (e.g. RC4) you want to disable. You can start research here, here, here, and here.
And realize that hardening a service goes beyond just TLS protocols and ciphers and expands into DHE key size, HTTP headers for strict transport security, secure cookies, and compression. You can start research here.
Qualys SSL Labs online tester is the most common way of validating the overall score of your publicly exposed service.
REFERENCES
http://securityevaluators.com/knowledge/blog/20151102-openssl_and_ciphers/
https://www.madboa.com/geek/openssl/#how-do-i-find-out-what-openssl-version-i-m-running
https://www.ssllabs.com/ssltest/
http://blog.rlove.org/2013/12/strong-ssl-crypto.html
https://securityevaluators.com/knowledge/blog/20150119-protocols/
http://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
NOTES
Faster way is via nmap and ssl-enum-ciphers script, doc
sudo apt install nmap -y wget http://nmap.org/svn/scripts/ssl-enum-ciphers.nse nmap --script ssl-enum-ciphers -p 443 <FQDN>