Very interesting documentation. Certainly worth adding to the SSL wiki page.
Is there any way I can validate that my client is using a DH algorithm ?
I looked at the trace again, the thing that looks like choosing the protocol is the following :
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Change Cipher Spec Message
But it does not mention any protocol names. Nor does it in the debug log.
In the trace, look at the Server Hello.
It should contain something like 'Cipher Suite'.
I've just done a quick test, and for me, it looks like:
"Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)"
If you're using Firefox as your client, you can view what it's configured
to use by typing 'about:config' in your address bar. Then filter on
'security', and you'll see all the cipher suites Firefox is including in
its Client Hello and offers the Server to pick from.