SSL/TLS sessions are generally established by negotiations between a client and server. These negotiations consider the configured cipher preferences of each and attempt to determine the most secure solution that is supported by both parties. SSLyze works by cycling through a list of known ciphers and key lengths and attempting to negotiate a session with the remote server using each configuration. This allows SSLyze to enumerate supported ciphers and keys.