All, I apologize if this isn't the right place to post this. Please let me know if I should post elsewhere and I'll be happy to do so.
For the past few years, I've been maintaining a Java-based TLS server tester mostly for my own use, but also shared with the Apache Tomcat user community. It does the usual things like checking to see which cipher suites and protocols a server will support. Recently, I decided I wanted to emulate ssllabs's "weak DH" detection which requires the ability to look at the server's key exchange messages which are send during the TLS handshake(s) in order to get information about the ephemeral keys exchanged. Unfortunately, it doesn't look like the public Java API exposes this level of detail to client code. I've plumbed everything I can find in the SSLSocket, SSLSession, SSLParameters, and HandshakeCompletedEvent and I can't find what I'm looking for. If I'm missing some part of the API, please let me know where I've neglected to look. When enabling debug logging, the stderr stream does in fact have information about the server key exchange: *** ECDH ServerKeyExchange Signature Algorithm SHA1withRSA Server key: Sun EC public key, 256 bits public x coord: 110012472572673270259963200120939499588744004832860744957480311193127985892474 public y coord: 52644710749477935701151970482569895235781257631749844762926109323061108920137 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) *** ServerHelloDone *** ECDHClientKeyExchange ECDH Public value: { 4, 79, 42, 152, 110, 20, 54, 113, 102, 98, 154, 229, 169, 168, 248, 134, 190, 20, 10, 233, 39, 44, 67, 158, 215, 13, 248, 134, 228, 65, 174, 5, 139, 154, 212, 79, 238, 177, 31, 240, 189, 185, 129, 24, 175, 37, 177, 149, 138, 15, 141, 183, 134, 243, 15, 185, 60, 24, 67, 7, 172, 48, 133, 222, 85 } main, WRITE: TLSv1.2 Handshake, length = 70 So, all the information I see is there... just not through the API it seems. If such information is in fact not currently exposed, I'd like to propose that the API be extended in order to expose that information. At this point, I'm only interested in the ephemeral Diffie-Hellman keys used to negotiate the session key, but it might be nice to be able to get at the symmetric session key as well to support debugging similar to how Mozilla Firefox can dump the symmetric key to a file on the dist specified by the SSLKEYLOGFILE environment variable. I'm not too picky about the style of the API (e.g. callback-during-handshake versus direct-call-after-handshake), I just want to be able to sniff this stuff. Please let me know if I should provide any additional information. Thanks, -chris
signature.asc
Description: OpenPGP digital signature