On Tue, Oct 08, 2013, Sean Alexandre wrote:

> I'm writing a client app that uses OpenSSL to connect to an SSL server. I want
> to display the number of bits used for the DH parameter set. How do I do this?
> 
> So far I've found "struct dh_st" and it has (from dh.h):
>     BIGNUM *p;                                                                
>        
>     BIGNUM *g;                                                                
>        
>     long length; /* optional */                                               
>        
> 
> But I haven't figured out how to get a reference to it. I've tried 
> (psuedocode):
>     SSL *ssl;
>     EVP_PKEY *evp_key = SSL_get_privatekey(ssl);
>     struct dh_st *dh = EVP_PKEY_get1_DH(evp_key);
> 
> But get: ":error:06077080:digital envelope 
> routines:EVP_PKEY_get1_DH:expecting a dh key:p_lib.c:352:"
> 
> I know a DH exchange happened; SSL_CIPHER_description() gives:
> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
> 
> Any ideas? Can the client get a reference to dh_st? Or, is there a better way
> to see the DH parameter length?

Unfortunately there isn't an official way to do this with any OpenSSL released
versions.

It's messy doing it in an unofficial way too alas. You have to poke around in
structure internals which are not visible in public headers.

The unreleased OpenSSL 1.0.2 has an API call to retrieve the ephemeral key
using SSL_get_server_tmp_key. There is an example of its use in
ssl_print_tmp_key in apps/s_cb.c and s_client can print out this information.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to