Thank you very much this works fine but how do I get the information if
diffie hellman (DH) is used to negotiate the key?
I wanted to compare the differnce in cpu consumption and time delay if
session reuse is used or not! (Keyexchange with Diffie Hellman)
Therefore I set:
SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_OFF );
If I connect to the server there is a delay fore about 20 seconds but the
server doesn't consume any cpu in this time, just the client... Shouldn't
the server waste some CPU while computing his key?
Do you the approximate delay if session reuse is not used?
Furthermore, it would be great to display the DH secret length somehow?
Thanks a lot for any suggestions!
Best Regards
Hubert
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola
Gesendet: Dienstag, 19. September 2006 22:00
An: openssl-users@openssl.org
Betreff: Re: Get Information about SSL Handshake
Hello,
Hello Everybody!
I got my server and client running. I want to do some testing and need
some information about the ssl handshake... whitch mechanism is used
and if diffie-hellman is used what size of the primary secret is used?
I was able to get information about the cipher with
SSL_get_cipher_version() and SSL_get_cipher_name() for a established
connection but I couldn't figure out to get the information about the
handshake.
Peer RSA/DSA parameters used in handshake may be printed for example with
code:
EVP_PKEY *pkey;
X509 *cert;
cert = SSL_get_peer_certificate(ssl);
if ((cert != NULL) ((pkey = X509_get_pubkey(cert)) != NULL)) {
if (pkey-type == EVP_PKEY_RSA pkey-pkey.rsa != NULL
pkey-pkey.rsa-n != NULL) {
printf(RSA-%d\n, BN_num_bits(pkey-pkey.rsa-n));
}
if (pkey-type == EVP_PKEY_DSA pkey-pkey.dsa != NULL
pkey-pkey.dsa-p != NULL) {
printf(DSA-%d\n, BN_num_bits(pkey-pkey.dsa-p));
}
}
if (cert != NULL) {
X509_free(cert);
}
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]