Re: Get Information about SSL Handshake

Tue, 19 Sep 2006 15:11:45 -0700 

Thank you very much this works fine but how do I get the information if
diffie hellman (DH) is used to negotiate the key?

I wanted to compare the differnce in cpu consumption and time delay if
session reuse is used or not! (Keyexchange with Diffie Hellman)
Therefore I set:
 
        SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_OFF );

If I connect to the server there is a delay fore about 20 seconds but the
server doesn't consume any cpu in this time, just the client... Shouldn't
the server waste some CPU while computing his key? 

Do you the approximate delay if session reuse is not used?
Furthermore, it would be great to display the DH secret length somehow?

Thanks a lot for any suggestions!
Best Regards
Hubert


-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola
Gesendet: Dienstag, 19. September 2006 22:00
An: openssl-users@openssl.org
Betreff: Re: Get Information about SSL Handshake

Hello, 
> Hello Everybody!
>  
> I got my server and client running. I want to do some testing and need 
> some information about the ssl handshake... whitch mechanism is used 
> and if diffie-hellman is used what size of the primary secret is used?
>  
> I was able to get information about the cipher with
> SSL_get_cipher_version() and SSL_get_cipher_name() for a established 
> connection but I couldn't figure out to get the information about the 
> handshake.
Peer RSA/DSA parameters used in handshake may be printed for example with
code:

EVP_PKEY *pkey;
X509 *cert;

cert = SSL_get_peer_certificate(ssl);

if ((cert != NULL) && ((pkey = X509_get_pubkey(cert)) != NULL)) {
   if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL 
   && pkey->pkey.rsa->n != NULL) {
      printf("RSA-%d\n", BN_num_bits(pkey->pkey.rsa->n));
   }
   if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
   && pkey->pkey.dsa->p != NULL) {
      printf("DSA-%d\n", BN_num_bits(pkey->pkey.dsa->p));
   }
}

if (cert != NULL) {
   X509_free(cert);
}

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to