SSPI Schannel API returns undocumented value of 0xAE06 or CALG_ECDH_EPHEM

Question

I am using the following code to query current TLS connection:

SecPkgContext_ConnectionInfo data;
QueryContextAttributes(&myHandle, SECPKG_ATTR_CONNECTION_INFO, &data);

It returns correct structure with all the fields:

typedef struct _SecPkgContext_ConnectionInfo {
  DWORD  dwProtocol;
  ALG_ID aiCipher;
  DWORD  dwCipherStrength;
  ALG_ID aiHash;
  DWORD  dwHashStrength;
  ALG_ID aiExch;
  DWORD  dwExchStrength;
} SecPkgContext_ConnectionInfo, *PSecPkgContext_ConnectionInfo;

as per MSDN documentation: https://learn.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-secpkgcontext_connectioninfo

However, the field aiExch has value of 0xAE06 which I guess (from wincrypt.h file) is defined as CALG_ECDH_EPHEM, but documentation only mention two possible values:

CALG_RSA_KEYX 0xA400   // RSA key exchange
CALG_DH_EPHEM 0xAA02   // Diffie-Hellman key exchange.

Now the questions:

What is the meaning of 0xAE06 / CALG_ECDH_EPHEM?
What other values the field aiExch can have?

score 2 · Accepted Answer · edited Apr 15 '20 at 17:01

2

From ALG_ID:

CALG_ECDH_EPHEM | 0x0000ae06 | Ephemeral elliptic curve Diffie-Hellman key exchange algorithm.

[!Note]
This algorithm is supported only through Cryptography API: Next Generation

Windows Server 2003 and Windows XP: This algorithm is not supported.

I can't tell you what else might show up.

edited Apr 15 '20 at 17:01

Remy Lebeau

555,201
31
458
770

answered Apr 15 '20 at 15:55

SoronelHaetir

14,104
1
12
23

SSPI Schannel API returns undocumented value of 0xAE06 or CALG_ECDH_EPHEM

1 Answers1