5 files changed, 28 insertions, 2 deletions

diff --git a/cpp/src/qpid/sys/ssl/SslHandler.cpp b/cpp/src/qpid/sys/ssl/SslHandler.cpp
index 9cf74e4b6d..3469f88c0f 100644
--- a/cpp/src/qpid/sys/ssl/SslHandler.cpp
+++ b/cpp/src/qpid/sys/ssl/SslHandler.cpp
@@ -111,7 +111,7 @@ void SslHandler::readbuff(SslIO& , SslIO::BufferBase* buff) {
             decoded = in.getPosition();
             QPID_LOG(debug, "RECV [" << identifier << "] INIT(" << protocolInit << ")");
             try {
-                codec = factory->create(protocolInit.getVersion(), *this, identifier);
+                codec = factory->create(protocolInit.getVersion(), *this, identifier, aio->getKeyLen());
                 if (!codec) {
                     //TODO: may still want to revise this...
                     //send valid version header & close connection.
@@ -166,7 +166,7 @@ void SslHandler::nobuffs(SslIO&) {
 
 void SslHandler::idle(SslIO&){
     if (isClient && codec == 0) {
-        codec = factory->create(*this, identifier);
+        codec = factory->create(*this, identifier, aio->getKeyLen());
         write(framing::ProtocolInitiation(codec->getVersion()));
         return;
     }
diff --git a/cpp/src/qpid/sys/ssl/SslIo.cpp b/cpp/src/qpid/sys/ssl/SslIo.cpp
index 282d77258f..c149d6ea74 100644
--- a/cpp/src/qpid/sys/ssl/SslIo.cpp
+++ b/cpp/src/qpid/sys/ssl/SslIo.cpp
@@ -436,3 +436,4 @@ void SslIO::close(DispatchHandle& h) {
     }
 }
 
+int SslIO::getKeyLen() {return socket.getKeyLen();}
diff --git a/cpp/src/qpid/sys/ssl/SslIo.h b/cpp/src/qpid/sys/ssl/SslIo.h
index 2d0d5b296c..3162abac40 100644
--- a/cpp/src/qpid/sys/ssl/SslIo.h
+++ b/cpp/src/qpid/sys/ssl/SslIo.h
@@ -121,6 +121,7 @@ public:
     typedef boost::function1<void, SslIO&> BuffersEmptyCallback;
     typedef boost::function1<void, SslIO&> IdleCallback;
 
+
 private:
     ReadCallback readCallback;
     EofCallback eofCallback;
@@ -155,6 +156,8 @@ public:
     bool writeQueueEmpty() { return writeQueue.empty(); }
     BufferBase* getQueuedBuffer();
 
+    int getKeyLen();
+
 private:
     ~SslIO();
     void readable(qpid::sys::DispatchHandle& handle);
diff --git a/cpp/src/qpid/sys/ssl/SslSocket.cpp b/cpp/src/qpid/sys/ssl/SslSocket.cpp
index 9181f56b94..aa8cf127d7 100644
--- a/cpp/src/qpid/sys/ssl/SslSocket.cpp
+++ b/cpp/src/qpid/sys/ssl/SslSocket.cpp
@@ -274,4 +274,24 @@ void SslSocket::setTcpNoDelay(bool nodelay) const
     }
 }
 
+
+/** get the bit length of the current cipher's key */
+int SslSocket::getKeyLen() const
+{
+    int enabled = 0;
+    int keySize = 0;
+    SECStatus   rc;
+
+    rc = SSL_SecurityStatus( socket,
+                             &enabled,
+                             NULL,
+                             NULL,
+                             &keySize,
+                             NULL, NULL );
+    if (rc == SECSuccess && enabled) {
+        return keySize;
+    }
+    return 0;
+}
+
 }}} // namespace qpid::sys::ssl
diff --git a/cpp/src/qpid/sys/ssl/SslSocket.h b/cpp/src/qpid/sys/ssl/SslSocket.h
index a0e73e8181..f1f05e7a98 100644
--- a/cpp/src/qpid/sys/ssl/SslSocket.h
+++ b/cpp/src/qpid/sys/ssl/SslSocket.h
@@ -100,6 +100,8 @@ public:
      */
     int getError() const;
 
+    int getKeyLen() const;
+
 private:
     mutable std::string connectname;
     mutable PRFileDesc* socket;