The signature algorithm used to sign key exchange parameters and the like is negotiated separately. While contextGetInformation exposes the ciphersuite and negotiated key exchange group, and the public key from the certificate yields part of the signature algorithm, the associated hash algorithm does not appear to be available.
It should IMHO be possible to inspect this value at the end of the handshake. Of course keeping in mind that with Ed25519 and Ed448 (once implemented) there is no separate hash function, so the return value would be aMaybe hash algorithm.
kazu-yamamoto
commented
5 years ago
The signature algorithm used to sign key exchange parameters and the like is negotiated separately. While
contextGetInformationexposes the ciphersuite and negotiated key exchange group, and the public key from the certificate yields part of the signature algorithm, the associated hash algorithm does not appear to be available.It should IMHO be possible to inspect this value at the end of the handshake. Of course keeping in mind that with Ed25519 and Ed448 (once implemented) there is no separate hash function, so the return value would be a
Maybehash algorithm.