On Tue, Oct 08, 2013, Sean Alexandre wrote: > I'm writing a client app that uses OpenSSL to connect to an SSL server. I want > to display the number of bits used for the DH parameter set. How do I do this? > > So far I've found "struct dh_st" and it has (from dh.h): > BIGNUM *p; > > BIGNUM *g; > > long length; /* optional */ > > > But I haven't figured out how to get a reference to it. I've tried > (psuedocode): > SSL *ssl; > EVP_PKEY *evp_key = SSL_get_privatekey(ssl); > struct dh_st *dh = EVP_PKEY_get1_DH(evp_key); > > But get: ":error:06077080:digital envelope > routines:EVP_PKEY_get1_DH:expecting a dh key:p_lib.c:352:" > > I know a DH exchange happened; SSL_CIPHER_description() gives: > DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD > > Any ideas? Can the client get a reference to dh_st? Or, is there a better way > to see the DH parameter length?
Unfortunately there isn't an official way to do this with any OpenSSL released versions. It's messy doing it in an unofficial way too alas. You have to poke around in structure internals which are not visible in public headers. The unreleased OpenSSL 1.0.2 has an API call to retrieve the ephemeral key using SSL_get_server_tmp_key. There is an example of its use in ssl_print_tmp_key in apps/s_cb.c and s_client can print out this information. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org