I know it can be done with wireshark, but it's a pain.
How about an easy webpage to just capture and show the connecting browsers cipher list so we can study older smartphones and such?
Kind of surprised such a thing doesn't exist yet, been googling for it.
This page used to do it but it is down now: https://cc.dcsec.uni-hannover.de/
Emailed them and it is back up again, very nice tool.
Apparently it is done via a custom apache module.
But I am thinking it might be possible to also do it with nginx via its perl module, or even just perl directly listening on a socket.