On Wed, Mar 25, 2015, Dirk Menstermann wrote: > Hello, > > which API function can I use to obtain the bit strength of the key exchange > (size of the DH or ECDH parameters)? > > There is the function SSL_get_cipher_bits, but this is only for the symmetric > cipher, not including the key exchange. > This is only supported in OpenSSL 1.0.2 and later. You can call SSL_get_server_tmp_key() to get the peer temporary key. This returns an EVP_PKEY structue which you can then analyse further. Check out the function ssl_print_tmp_key() in apps/s_cb.c for a simple example. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
