From f7b12150ce515fe1facdf3b231a05e81ff4f497c Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 12 Aug 2013 22:02:40 +0200 Subject: Report SSL/TLS cipher, in verbose mode. (socket.c cherry-pick from master) --- socket.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'socket.c') diff --git a/socket.c b/socket.c index 732ae054..87f14486 100644 --- a/socket.c +++ b/socket.c @@ -1022,6 +1022,20 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck return(-1); } + if (outlevel >= O_VERBOSE) { + SSL_CIPHER const *sc; + int bitsmax, bitsused; + + sc = SSL_get_current_cipher(_ssl_context[sock]); + if (!sc) { + report (stderr, GT_("Cannot obtain current SSL/TLS cipher - no session established?\n")); + } else { + bitsused = SSL_CIPHER_get_bits(sc, &bitsmax); + report(stdout, GT_("SSL/TLS: using cipher %s, %d/%d secret/processed bits\n"), + SSL_CIPHER_get_name(sc), bitsused, bitsmax); + } + } + /* Paranoia: was the callback not called as we expected? */ if (!_depth0ck) { report(stderr, GT_("Certificate/fingerprint verification was somehow skipped!\n")); -- cgit v1.2.3