import socket
import ssl

def checkhost(host, port, curve=None, cipher=None):
    print("Connecting to {}:{} with cipher {} and curves {}".format(host, port, cipher, curve))
    try:
        a = socket.socket()
        a = ssl.wrap_socket(a)
        ctx = a.context

        if curve is not None:
            ctx.set_ecdh_curve(curve)
        if cipher is not None:
            ctx.set_ciphers(cipher)

        a.connect((host, port))

        c = a.cipher()
        kx = a.kxinfo()

        print(
            " Chosen cipher {}\n"
            " Protocol      {}\n"
            " Key length    {}".format(c[0], c[1], c[2]))
        if kx is not None:
            print(
            " KX type       {}\n"
            " KX length     {}".format(kx[0], kx[1]))
        else:
            print(" No key exchange")

        a.shutdown(socket.SHUT_RDWR)

    except Exception as e:
        print("Error: {}".format(e))

    a.close()


print("Using {}".format(ssl.OPENSSL_VERSION))

checkhost("www.paypal.com", 443)
checkhost("www.paypal.com", 443, "X25519", "ECDHE")
checkhost("www.paypal.com", 443, "P-256:X25519", "ECDHE")
checkhost("www.paypal.com", 443, "X25519:P-256", "ECDHE")
checkhost("www.ssllabs.com", 443, cipher="DHE")
checkhost("www.paypal.com", 443, "P-256:X25519", "AES128-GCM-SHA256")