From d85b5d2656b0d4632209d3780da22066d717ddb3 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 11 Jul 2025 16:00:01 -0400
Subject: [PATCH] lib/vtls: log rustls negotiated KEX group name

Closes #17906
---
 lib/vtls/rustls.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 8ce630581e..4e1b78a759 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -1192,16 +1192,21 @@ cr_connect(struct Curl_cfilter *cf,
           rustls_connection_get_protocol_version(rconn);
         const rustls_str ciphersuite_name =
           rustls_connection_get_negotiated_ciphersuite_name(rconn);
+        const rustls_str kex_group_name =
+          rustls_connection_get_negotiated_key_exchange_group_name(rconn);
         const char *ver = "TLS version unknown";
         if(proto == RUSTLS_TLS_VERSION_TLSV1_3)
           ver = "TLSv1.3";
         if(proto == RUSTLS_TLS_VERSION_TLSV1_2)
           ver = "TLSv1.2";
         infof(data,
-              "rustls: handshake complete, %s, ciphersuite: %.*s",
+              "rustls: handshake complete, %s, ciphersuite: %.*s, "
+              "key exchange group: %.*s",
               ver,
               (int) ciphersuite_name.len,
-              ciphersuite_name.data);
+              ciphersuite_name.data,
+              (int) kex_group_name.len,
+              kex_group_name.data);
       }
       if(data->set.ssl.certinfo) {
         size_t num_certs = 0;
-- 
2.47.3