[openssl-users] Server-side visibility of signature algorithm and key exchange properties?

Viktor Dukhovni openssl-users at dukhovni.org
Fri Nov 9 08:38:33 UTC 2018

On the client side of a TLS connection, I'm easily able to find all
the primary parameters of interest:

    * The cipher used.
    * The server signature algorithm (digest, and public key)
    * The server key exchange algorithm (public key)

enabling logging such as:

  TLS connection established to[]:25:
    TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    signature ECDSA(P-256) digest SHA256 key-exchange X25519

I am having a bit of trouble finding the equivalent information for
the 3rd line on the server side.  Anyone know how, in TLS 1.3 where
these are not implied by the ciphersuite, to determine the signature
algorithm (and curve for ECDSA), the hash algorithm and key exchange
public key (with bit count for DH or curve name for ECDSA)?

Are these available for inspection by the server application?  If
not, that may be an omission we need to address.


More information about the openssl-users mailing list