Article delegate-en/5000 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4997@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SSL encryption
12 Nov 2011 03:17:32 GMT pqmjqbdyi-qjiq2jylzdzr.ml@ml.delegate.org


Hi Yukata,

this is exactly what I need. Thank you very much indeed.

Best wishes,
Ulrich

-----Original Message-----
From: feedback@delegate.org (Yutaka Sato)
Date: Thu, 10 Nov 2011 17:35:00 
To: <feedback@delegate.org>
Reply-To: feedback@delegate.org
Cc: <sieveking@sieveking-edv.de>
Subject: Re: [DeleGate-En] SSL encryption

Hi,

In message <20111104205122.18973qn3uzezrio0@webmail.mnet-online.de> on 11/05/11(04:51:22)
you "G. W. Ulrich Sieveking EDV-Beratung" <sieveking@sieveking-edv.de> wrote:
 |is there any way to see which encryption and hash algorithms were used  
 |to establish a TLS session in the logs generated by DeleGate? Even  
 |with TLSCONF="-vd" I see only numeric status codes I can't understand.

There has been no way for logging the cipher information of the current
SSL session in DeleGate.  I made a modification to enable the logging
with TLSCONF=-vd option to show the description after "-- CIPHER: ..."
in the LOGFILE.

  11/10 17:20:23.43 [18273] 1+1: ## SSLway -- CIPHER: DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1

The modification is like the enclosed patch.  It will be released in
DeleGate 9.9.8-pre21.

Cheers,
Yutaka
--
  9 9   Yutaka Sato (CSDP,ITIL-F,OCUP-A,Security+,ISTQB-F)
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** dist/src/delegate9.9.8-pre20/filters/sslway.c	Sat May 21 18:20:07 2011
--- filters/sslway.c	Thu Nov 10 17:18:17 2011
***************
*** 190,195 ****
--- 190,196 ----
  typedef void SSL_SESSION;
  typedef void EVP_PKEY;
  typedef void EVP_CIPHER;
+ typedef void SSL_CIPHER;
  #define BIO_NOCLOSE 0
  
  typedef void BIGNUM;
***************
*** 236,241 ****
--- 237,244 ----
  int  SSL_set_fd(SSL *ssl, int fd);
  int  SSL_connect(SSL *ssl);
  int  SSL_accept(SSL *ssl);
+ SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+ char *SSL_CIPHER_description(const SSL_CIPHER *sc,char *buf,int size);
  int  SSL_write(SSL *ssl, const void *buf, int num);
  int  SSL_read(SSL *ssl,void *buf,int num);
  int  SSL_pending(SSL *s);
***************
*** 922,927 ****
--- 925,947 ----
  #undef	ERR_print_errors_fp
  #define	ERR_print_errors_fp	eRR_print_errors_fp
  
+ /* new-111110a to show the current cipher of the SSL connection */
+ static int showCurrentCipher(SSL *ssl){
+ 	void *sc;
+ 	IStr(desc,256);
+ 	const char *descp;
+ 
+ 	if( sc = SSL_get_current_cipher(ssl) ){
+ 		if( descp = SSL_CIPHER_description(sc,desc,sizeof(desc)) ){
+ 			DEBUG("-- CIPHER: %s",desc);
+ 			return 0;
+ 		}
+ 	}
+ 	DEBUG("ERROR: Failed getting CIPHER_ description");
+ 	ERR_print_errors_fp(stderr);
+ 	return -1;
+ }
+ 
  static void clearCache(SSL_CTX *ctx,SSL *ssl,int what);
  static void set_vhost(SSL *conSSL,SslEnv *env);
  static SSL *ssl_conn(SSL_CTX *ctx,int confd,SslEnv *env)
***************
*** 953,958 ****
--- 973,979 ----
  		Lap("after connect");
  		saveSessions(ctx,conSSL,XCON);
  		TRACE("connected");
+ 		showCurrentCipher(conSSL);
  		return conSSL;
  	}
  }
***************
*** 985,990 ****
--- 1006,1012 ----
  		Lap("after accept");
  		saveSessions(ctx,accSSL,XACC);
  		TRACE("accepted");
+ 		showCurrentCipher(accSSL);
  		return accSSL;
  	}
  }


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V