Re: which cipher was chosen?
Hi, Alternatively you can use the wireshark or tcpudmp to capture the packet and decode the SSL - Client Hello and Sever Hello That also may help to identify which protocol and cipher we use regards, James Arivazhagan Ponnusamy On Sat, Nov 22, 2014 at 7:12 AM, Chris Bare chris.b...@gmail.com wrote: Thanks, that's just what I needed. By performance I mean the initial connection speed. It spends 4-5 seconds in ssl3_send_client_key_exchange () in the slow case, vs about 0.1 sec in the fast case. This is on a 200Mhz arm, so it's not a fast machine. On Fri, Nov 21, 2014 at 7:03 PM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Nov 21, 2014, Chris Bare wrote: Is there a way to query the BIO or SSL object to see which cipher is being used? I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it. SSL_get_cipher_name(). What do you mean by peformance the initial connection speed or the data transfer rate? With ECC the curve used is also significant: you can query that using OpenSSL 1.0.2+ which allows you to get details of the server temporary key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Chris Bare
which cipher was chosen?
Is there a way to query the BIO or SSL object to see which cipher is being used? I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it. -- Chris Bare
Re: which cipher was chosen?
On Fri, Nov 21, 2014, Chris Bare wrote: Is there a way to query the BIO or SSL object to see which cipher is being used? I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it. SSL_get_cipher_name(). What do you mean by peformance the initial connection speed or the data transfer rate? With ECC the curve used is also significant: you can query that using OpenSSL 1.0.2+ which allows you to get details of the server temporary key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: which cipher was chosen?
Thanks, that's just what I needed. By performance I mean the initial connection speed. It spends 4-5 seconds in ssl3_send_client_key_exchange () in the slow case, vs about 0.1 sec in the fast case. This is on a 200Mhz arm, so it's not a fast machine. On Fri, Nov 21, 2014 at 7:03 PM, Dr. Stephen Henson st...@openssl.org wrote: On Fri, Nov 21, 2014, Chris Bare wrote: Is there a way to query the BIO or SSL object to see which cipher is being used? I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it. SSL_get_cipher_name(). What do you mean by peformance the initial connection speed or the data transfer rate? With ECC the curve used is also significant: you can query that using OpenSSL 1.0.2+ which allows you to get details of the server temporary key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Chris Bare