[openssl-users] Server-side visibility of signature algorithm and key exchange properties?

Matt Caswell matt at openssl.org
Fri Nov 9 18:42:28 UTC 2018

On 09/11/2018 08:38, Viktor Dukhovni wrote:
> On the client side of a TLS connection, I'm easily able to find all
> the primary parameters of interest:
>     * The cipher used.
>     * The server signature algorithm (digest, and public key)
>     * The server key exchange algorithm (public key)
> enabling logging such as:
>   TLS connection established to[]:25:
>     TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>     signature ECDSA(P-256) digest SHA256 key-exchange X25519
> I am having a bit of trouble finding the equivalent information for
> the 3rd line on the server side.  Anyone know how, in TLS 1.3 where
> these are not implied by the ciphersuite, to determine the signature
> algorithm (and curve for ECDSA), the hash algorithm and key exchange
> public key (with bit count for DH or curve name for ECDSA)?

I don't believe we currently expose the signature algorithm selected on
the server side. It's held in s->s3->tmp.sigalg, but AFAICT that is only
ever used internally.

Similarly the key exchange public key is held in s->s3->peer_tmp. We do
expose that via SSL_get_server_tmp_key(), but its a client side only
function. We explicitly check that and return 0 if called on the server


> Are these available for inspection by the server application?  If
> not, that may be an omission we need to address.

More information about the openssl-users mailing list