Thank you very much this works fine but how do I get the information if diffie hellman (DH) is used to negotiate the key?
I wanted to compare the differnce in cpu consumption and time delay if session reuse is used or not! (Keyexchange with Diffie Hellman) Therefore I set: SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_OFF ); If I connect to the server there is a delay fore about 20 seconds but the server doesn't consume any cpu in this time, just the client... Shouldn't the server waste some CPU while computing his key? Do you the approximate delay if session reuse is not used? Furthermore, it would be great to display the DH secret length somehow? Thanks a lot for any suggestions! Best Regards Hubert -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola Gesendet: Dienstag, 19. September 2006 22:00 An: openssl-users@openssl.org Betreff: Re: Get Information about SSL Handshake Hello, > Hello Everybody! > > I got my server and client running. I want to do some testing and need > some information about the ssl handshake... whitch mechanism is used > and if diffie-hellman is used what size of the primary secret is used? > > I was able to get information about the cipher with > SSL_get_cipher_version() and SSL_get_cipher_name() for a established > connection but I couldn't figure out to get the information about the > handshake. Peer RSA/DSA parameters used in handshake may be printed for example with code: EVP_PKEY *pkey; X509 *cert; cert = SSL_get_peer_certificate(ssl); if ((cert != NULL) && ((pkey = X509_get_pubkey(cert)) != NULL)) { if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL && pkey->pkey.rsa->n != NULL) { printf("RSA-%d\n", BN_num_bits(pkey->pkey.rsa->n)); } if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL && pkey->pkey.dsa->p != NULL) { printf("DSA-%d\n", BN_num_bits(pkey->pkey.dsa->p)); } } if (cert != NULL) { X509_free(cert); } Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]