SSL_CTX *ssl_ctx;
char *ssl_cipher = NULL;
char *ssl_info = NULL;
+char *ssl_tmp_key = NULL;
BIO *bio_out,*bio_err;
#endif
SSL_CIPHER_get_name(ci),
pk_bits, sk_bits);
}
+ if (ssl_tmp_key == NULL) {
+ EVP_PKEY *key;
+ if (SSL_get_server_tmp_key(c->ssl, &key)) {
+ ssl_tmp_key = xmalloc(128);
+ switch (EVP_PKEY_id(key)) {
+ case EVP_PKEY_RSA:
+ apr_snprintf(ssl_tmp_key, 128, "RSA %d bits",
+ EVP_PKEY_bits(key));
+ break;
+ case EVP_PKEY_DH:
+ apr_snprintf(ssl_tmp_key, 128, "DH %d bits",
+ EVP_PKEY_bits(key));
+ break;
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC: {
+ const char *cname;
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ EC_KEY_free(ec);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+
+ apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
+ cname,
+ EVP_PKEY_bits(key));
+ break;
+ }
+#endif
+ }
+ EVP_PKEY_free(key);
+ }
+ }
write_request(c);
do_next = 0;
break;
if (is_ssl && ssl_info) {
printf("SSL/TLS Protocol: %s\n", ssl_info);
}
+ if (is_ssl && ssl_tmp_key) {
+ printf("Server Temp Key: %s\n", ssl_tmp_key);
+ }
#endif
printf("\n");
printf("Document Path: %s\n", path);
apr_getopt_t *opt;
const char *opt_arg;
char c;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ int min_prot = SSL3_VERSION;
+#else
+ int min_prot = TLS1_VERSION;
+#endif
+#endif /* #if OPENSSL_VERSION_NUMBER >= 0x10100000L */
#ifdef USE_SSL
AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
#endif
method_str[CUSTOM_METHOD] = strdup(opt_arg);
break;
case 'f':
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (strncasecmp(opt_arg, "ALL", 3) == 0) {
meth = SSLv23_client_method();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifndef OPENSSL_NO_SSL2
} else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
meth = SSLv2_client_method();
#endif
-#endif
#ifndef OPENSSL_NO_SSL3
} else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
meth = SSLv3_client_method();
} else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
meth = TLSv1_client_method();
}
+#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
+ meth = TLS_client_method();
+ if (strncasecmp(opt_arg, "ALL", 3) == 0) {
+ max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ min_prot = SSL3_VERSION;
+#else
+ min_prot = TLS1_VERSION;
+#endif
+#ifndef OPENSSL_NO_SSL3
+ } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
+ max_prot = SSL3_VERSION;
+ min_prot = SSL3_VERSION;
+#endif
+ } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
+ max_prot = TLS1_1_VERSION;
+ min_prot = TLS1_1_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {
+ max_prot = TLS1_2_VERSION;
+ min_prot = TLS1_2_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
+ max_prot = TLS1_VERSION;
+ min_prot = TLS1_VERSION;
+ }
+#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
break;
#endif
}
exit(1);
}
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
+ SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
+#endif
#ifdef SSL_MODE_RELEASE_BUFFERS
/* Keep memory usage as low as possible */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);