which cipher was chosen?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

which cipher was chosen?

Chris Bare-2
Is there a way to query the BIO or SSL object to see which cipher is being used?
I have a case where my openssl client's performance is significantly slower when talking to server A vs server B. AFAIK, the only difference between A and B is the level of Windows updates, so I'm suspicious that Windows has started to favor the slower ECC ciphers, but I need a way to prove it.

--
Chris Bare
Reply | Threaded
Open this post in threaded view
|

Re: which cipher was chosen?

Dr. Stephen Henson
On Fri, Nov 21, 2014, Chris Bare wrote:

> Is there a way to query the BIO or SSL object to see which cipher is being
> used?
> I have a case where my openssl client's performance is significantly slower
> when talking to server A vs server B. AFAIK, the only difference between A
> and B is the level of Windows updates, so I'm suspicious that Windows has
> started to favor the slower ECC ciphers, but I need a way to prove it.
>

SSL_get_cipher_name().

What do you mean by "peformance" the initial connection speed or the data
transfer rate? With ECC the curve used is also significant: you can query that
using OpenSSL 1.0.2+ which allows you to get details of the server temporary
key.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: which cipher was chosen?

Chris Bare-2
Thanks, that's just what I needed.

By performance I mean the initial connection speed. It spends 4-5 seconds in ssl3_send_client_key_exchange () in the slow case, vs about 0.1 sec in the fast case.
This is on a 200Mhz arm, so it's not a fast machine.

On Fri, Nov 21, 2014 at 7:03 PM, Dr. Stephen Henson <[hidden email]> wrote:
On Fri, Nov 21, 2014, Chris Bare wrote:

> Is there a way to query the BIO or SSL object to see which cipher is being
> used?
> I have a case where my openssl client's performance is significantly slower
> when talking to server A vs server B. AFAIK, the only difference between A
> and B is the level of Windows updates, so I'm suspicious that Windows has
> started to favor the slower ECC ciphers, but I need a way to prove it.
>

SSL_get_cipher_name().

What do you mean by "peformance" the initial connection speed or the data
transfer rate? With ECC the curve used is also significant: you can query that
using OpenSSL 1.0.2+ which allows you to get details of the server temporary
key.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



--
Chris Bare
Reply | Threaded
Open this post in threaded view
|

Re: which cipher was chosen?

James
Hi, 
Alternatively you can use the wireshark or tcpudmp to capture the packet and decode the SSL - Client Hello and Sever Hello 
That also may help to identify which protocol and cipher we use

regards,
James Arivazhagan Ponnusamy

On Sat, Nov 22, 2014 at 7:12 AM, Chris Bare <[hidden email]> wrote:
Thanks, that's just what I needed.

By performance I mean the initial connection speed. It spends 4-5 seconds in ssl3_send_client_key_exchange () in the slow case, vs about 0.1 sec in the fast case.
This is on a 200Mhz arm, so it's not a fast machine.

On Fri, Nov 21, 2014 at 7:03 PM, Dr. Stephen Henson <[hidden email]> wrote:
On Fri, Nov 21, 2014, Chris Bare wrote:

> Is there a way to query the BIO or SSL object to see which cipher is being
> used?
> I have a case where my openssl client's performance is significantly slower
> when talking to server A vs server B. AFAIK, the only difference between A
> and B is the level of Windows updates, so I'm suspicious that Windows has
> started to favor the slower ECC ciphers, but I need a way to prove it.
>

SSL_get_cipher_name().

What do you mean by "peformance" the initial connection speed or the data
transfer rate? With ECC the curve used is also significant: you can query that
using OpenSSL 1.0.2+ which allows you to get details of the server temporary
key.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



--
Chris Bare