[openssl-users] How to get encryption strength?

Dr. Stephen Henson steve at openssl.org
Wed Mar 25 15:35:06 UTC 2015

On Wed, Mar 25, 2015, Dirk Menstermann wrote:

> Hello,
> which API function can I use to obtain the bit strength of the key exchange
> (size of the DH or ECDH parameters)?
> There is the function SSL_get_cipher_bits, but this is only for the symmetric
> cipher, not including the key exchange.

This is only supported in OpenSSL 1.0.2 and later. You can call
SSL_get_server_tmp_key() to get the peer temporary key. This returns an
EVP_PKEY structue which you can then analyse further.

Check out the function ssl_print_tmp_key() in apps/s_cb.c for a simple

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list