On Mon, Apr 07, 2014, Hanno Bck wrote:

> Hi,
> I wanted to ask if anyone is aware of a simple way to extract the
> parameters of a key exchange.
> On an SSL connection protected with either Diffie Hellman or Elliptic
> Curve Diffie Hellman usually the server should send the parameters of
> the key exchange to the client.
> What I'd like to have is a possibility with e.g. openssl s_client to
> extract these parameters, so I am able to investigate what parameters a
> server sends.
> Is there any way to do this? s_client seems to have no such option,
> openssl dhparam is only meant to handle parameter generation and
> manipulation offline. I'd also be happy with pointers to any other tool
> beside openssl that is capable of doing so (preferrably free,
> commandline and linux-compatible).

This can be done in OpenSSL 1.0.2. The function ssl_print_tmp_key just prints
out the size of DH keys or the curve used by EC keys. It could be adapted
easily enough to print out the complete key.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to