On Mon, Apr 07, 2014, Hanno Bck wrote: > Hi, > > I wanted to ask if anyone is aware of a simple way to extract the > parameters of a key exchange. > > On an SSL connection protected with either Diffie Hellman or Elliptic > Curve Diffie Hellman usually the server should send the parameters of > the key exchange to the client. > > What I'd like to have is a possibility with e.g. openssl s_client to > extract these parameters, so I am able to investigate what parameters a > server sends. > > Is there any way to do this? s_client seems to have no such option, > openssl dhparam is only meant to handle parameter generation and > manipulation offline. I'd also be happy with pointers to any other tool > beside openssl that is capable of doing so (preferrably free, > commandline and linux-compatible). >
This can be done in OpenSSL 1.0.2. The function ssl_print_tmp_key just prints out the size of DH keys or the curve used by EC keys. It could be adapted easily enough to print out the complete key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
