Get Information about SSL Handshake

2006-09-19 Thread Hubert Gressl 



Hello 
Everybody!

I got my server and 
client running. I want to do some testing and need some information about the 
ssl handshake... whitch mechanism is used and if diffie-hellman is used what 
size of the primary secret is used?

I was able to get 
information about the cipher with SSL_get_cipher_version() and 
SSL_get_cipher_name() for a established connection but I couldn't figure out to 
get the information about the handshake.

Thanks a lot for any 
suggestions!

Hubert

Re: Get Information about SSL Handshake

2006-09-19 Thread Hubert Gressl 
Thank you very much this works fine but how do I get the information if
diffie hellman (DH) is used to negotiate the key?

I wanted to compare the differnce in cpu consumption and time delay if
session reuse is used or not! (Keyexchange with Diffie Hellman)
Therefore I set:
 
SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_OFF );

If I connect to the server there is a delay fore about 20 seconds but the
server doesn't consume any cpu in this time, just the client... Shouldn't
the server waste some CPU while computing his key? 

Do you the approximate delay if session reuse is not used?
Furthermore, it would be great to display the DH secret length somehow?

Thanks a lot for any suggestions!
Best Regards
Hubert


-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola
Gesendet: Dienstag, 19. September 2006 22:00
An: openssl-users@openssl.org
Betreff: Re: Get Information about SSL Handshake

Hello, 
 Hello Everybody!
  
 I got my server and client running. I want to do some testing and need 
 some information about the ssl handshake... whitch mechanism is used 
 and if diffie-hellman is used what size of the primary secret is used?
  
 I was able to get information about the cipher with
 SSL_get_cipher_version() and SSL_get_cipher_name() for a established 
 connection but I couldn't figure out to get the information about the 
 handshake.
Peer RSA/DSA parameters used in handshake may be printed for example with
code:

EVP_PKEY *pkey;
X509 *cert;

cert = SSL_get_peer_certificate(ssl);

if ((cert != NULL)  ((pkey = X509_get_pubkey(cert)) != NULL)) {
   if (pkey-type == EVP_PKEY_RSA  pkey-pkey.rsa != NULL 
pkey-pkey.rsa-n != NULL) {
  printf(RSA-%d\n, BN_num_bits(pkey-pkey.rsa-n));
   }
   if (pkey-type == EVP_PKEY_DSA  pkey-pkey.dsa != NULL
pkey-pkey.dsa-p != NULL) {
  printf(DSA-%d\n, BN_num_bits(pkey-pkey.dsa-p));
   }
}

if (cert != NULL) {
   X509_free(cert);
}

Best regards,
--
Marek Marcola [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]