draft-ietf-tls-tls13-vectors-03.txt   draft-ietf-tls-tls13-vectors-04.txt 
TLS M. Thomson TLS M. Thomson
Internet-Draft Mozilla Internet-Draft Mozilla
Intended status: Standards Track December 4, 2017 Intended status: Standards Track May 02, 2018
Expires: June 7, 2018 Expires: November 3, 2018
Example Handshake Traces for TLS 1.3 Example Handshake Traces for TLS 1.3
draft-ietf-tls-tls13-vectors-03 draft-ietf-tls-tls13-vectors-04
Abstract Abstract
Examples of TLS 1.3 handshakes are shown. Private keys and inputs Examples of TLS 1.3 handshakes are shown. Private keys and inputs
are provided so that these handshakes might be reproduced. are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys and ivs are Intermediate values, including secrets, traffic keys and ivs are
shown so that implementations might be checked incrementally against shown so that implementations might be checked incrementally against
these values. these values.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 7, 2018. This Internet-Draft will expire on November 3, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3
4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 13 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15
5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 22 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 26
6. Client Authentication . . . . . . . . . . . . . . . . . . . . 33 6. Client Authentication . . . . . . . . . . . . . . . . . . . . 38
7. Security Considerations . . . . . . . . . . . . . . . . . . . 42 7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 49
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 42 8. Security Considerations . . . . . . . . . . . . . . . . . . . 59
8.1. Normative References . . . . . . . . . . . . . . . . . . 42 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 60
8.2. Informative References . . . . . . . . . . . . . . . . . 42 9.1. Normative References . . . . . . . . . . . . . . . . . . 60
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 43 9.2. Informative References . . . . . . . . . . . . . . . . . 60
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 43 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 60
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 60
1. Introduction 1. Introduction
TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number TLS 1.3 [TLS13] defines a new key schedule and a number new
new cryptographic operations. This document includes sample cryptographic operations. This document includes sample handshakes
handshakes that show all intermediate values. This allows an that show all intermediate values. This allows an implementation to
implementation to be verified incrementally, examining inputs and be verified incrementally, examining inputs and outputs of each
outputs of each cryptographic computation independently. cryptographic computation independently.
Private keys are included with the traces so that implementations can A private key is included with the traces so that implementations can
be checked by importing these values and verifying that the same be checked by importing these values and verifying that the same
outputs are produced. outputs are produced.
2. Private Keys 2. Private Keys
Ephemeral private keys are shown as they are generated in the traces. Ephemeral private keys are shown as they are generated in the traces.
The server in most examples uses an RSA certificate with a private The server in most examples uses an RSA certificate with a private
key of: key of:
skipping to change at page 3, line 41 skipping to change at page 3, line 42
3. Simple 1-RTT Handshake 3. Simple 1-RTT Handshake
In this example, the simplest possible handshake is completed. The In this example, the simplest possible handshake is completed. The
server is authenticated, but the client remains anonymous. After server is authenticated, but the client remains anonymous. After
connecting, a few application data octets are exchanged. The server connecting, a few application data octets are exchanged. The server
sends a session ticket that permits the use of 0-RTT in any resumed sends a session ticket that permits the use of 0-RTT in any resumed
session. session.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): b1 6a 3c 97 a7 19 0b ec c4 00 2a 2f be private key (32 octets): 33 21 0a 80 c1 a0 78 c8 52 0d 00 71 0a
80 40 b5 99 45 df 0b bd 0c e1 ba db f4 aa 6d 4f 0f a1 9e 06 7b 00 59 68 26 01 05 f4 bf b5 94 a7 13 2b 62 34 33 ab
public key (32 octets): 78 e5 89 74 13 f1 71 53 c7 0c f3 3f a3 4c public key (32 octets): fa 0c d2 25 02 a7 23 6a e7 59 9e e0 14 16
84 97 72 4b da b4 f5 7f 9d 01 c9 53 f5 88 f0 30 46 61 e8 05 d7 15 55 93 f0 28 b7 a6 f6 dd f4 9b ad 1a 6f 36
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (190 octets): 01 00 00 ba 03 03 c4 e2 ea b7 cc 4b bb 43 payload (190 octets): 01 00 00 ba 03 03 3a 02 32 16 f4 df 71 db
7d fa b4 7c a5 6a f8 a0 db 07 2b 90 e5 36 f9 c4 a4 9f ac 89 84 f2 af d6 09 5f aa cd 8e b9 12 02 36 ca 79 90 c2 0d 40 cb 69 09
9c 10 b2 00 00 06 13 01 13 03 13 02 01 00 00 8b 00 00 00 0b 00 57 75 35 00 00 06 13 01 13 03 13 02 01 00 00 8b 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00
00 00 28 00 26 00 24 00 1d 00 20 78 e5 89 74 13 f1 71 53 c7 0c 00 00 33 00 26 00 24 00 1d 00 20 fa 0c d2 25 02 a7 23 6a e7 59
f3 3f a3 4c 84 97 72 4b da b4 f5 7f 9d 01 c9 53 f5 88 f0 30 46 9e e0 14 16 e8 05 d7 15 55 93 f0 28 b7 a6 f6 dd f4 9b ad 1a 6f
61 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02 36 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 02 02 00 2d 00 02 01 01
ciphertext (195 octets): 16 03 01 00 be 01 00 00 ba 03 03 c4 e2 ciphertext (195 octets): 16 03 01 00 be 01 00 00 ba 03 03 3a 02
ea b7 cc 4b bb 43 7d fa b4 7c a5 6a f8 a0 db 07 2b 90 e5 36 f9 32 16 f4 df 71 db f2 af d6 09 5f aa cd 8e b9 12 02 36 ca 79 90
c4 a4 9f ac 89 84 9c 10 b2 00 00 06 13 01 13 03 13 02 01 00 00 c2 0d 40 cb 69 09 57 75 35 00 00 06 13 01 13 03 13 02 01 00 00
8b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 8b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 23 00 00 00 28 00 26 00 24 00 1d 00 20 78 e5 89 74 03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 fa 0c d2 25
13 f1 71 53 c7 0c f3 3f a3 4c 84 97 72 4b da b4 f5 7f 9d 01 c9 02 a7 23 6a e7 59 9e e0 14 16 e8 05 d7 15 55 93 f0 28 b7 a6 f6
53 f5 88 f0 30 46 61 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 dd f4 9b ad 1a 6f 36 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 20 eb 30 48 af fc bf 2b ff 56 df b5 1e private key (32 octets): 9d ae 7f c7 6c 00 9e 64 32 41 68 c6 27
93 4d 78 a0 f5 d2 38 29 41 70 b1 0e ea 18 31 69 68 8b 65 99 1a 97 d3 95 9e 32 e7 c8 45 0c 14 f3 b5 30 bf 75 ef 87
public key (32 octets): ee 31 96 ca 63 98 21 a1 7b 51 68 ab 61 0d public key (32 octets): aa 6c be 84 01 8c c1 a7 43 75 b6 d4 ea 18
70 57 d2 b2 50 84 89 1f 87 ef 26 cf 0c 26 84 e5 d6 7e ad 51 71 c1 50 ae 55 80 a8 4c 62 ef 05 21 a1 16 8a 25
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 5, line 20 skipping to change at page 5, line 20
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 61 d3 4a ad f2 5e 22 3a 2c e6 fb 59 f8 a0 f9 d1 ikm (32 octets): de 19 c3 5f f1 64 46 31 c4 b4 59 9a 22 2c ee eb
d7 5f 18 87 df b0 6c 0f ff f8 47 6d c3 c5 0f 47 31 aa 4c f3 03 ef 15 48 de 68 ea 83 c9 4b 78 1c
secret (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 secret (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f
7f dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6 b2 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 7f PRK (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f b2
dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b
hash (32 octets): 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80 94 hash (32 octets): 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a 4b
22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69 a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80 61 66 66 69 63 20 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a
94 22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69 4b a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc
output (32 octets): 40 2b 60 6f 3c b0 c8 5b 6d bf fb fd a9 df 79 output (32 octets): ed 5d 2e 57 8f 39 41 2a 63 a1 8e 68 d4 52 e4
14 58 4a 0e b9 21 1b b5 e9 0b a4 81 f2 5c 4b 94 e2 09 21 5b 42 a8 63 40 29 f2 4c c9 c7 bb 3c 4d 29 de
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 7f PRK (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f b2
dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b
hash (32 octets): 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80 94 hash (32 octets): 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a 4b
22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69 a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80 61 66 66 69 63 20 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a
94 22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69 4b a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc
output (32 octets): a2 c1 53 5b 55 26 42 8b 49 cb e6 cc 3c 19 23 output (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0
7c 37 4e 94 db 25 6c 96 4d 4d 13 76 a9 de 1a c5 12 63 e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 7f PRK (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f b2
dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 44 50 97 b3 09 4b 9c e8 35 af 72 02 5d 0f d3 output (32 octets): ff e0 3e bf eb 8e f7 7a b4 95 7f 14 95 2f be
80 ae 2b ae 88 06 08 f6 b2 b9 92 42 92 eb 04 71 d1 d5 5a 1f 3b 9d 1c e9 4e 1e 00 f7 40 7d 99 72 99 1b
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 44 50 97 b3 09 4b 9c e8 35 af 72 02 5d 0f d3 80 salt (32 octets): ff e0 3e bf eb 8e f7 7a b4 95 7f 14 95 2f be d5
ae 2b ae 88 06 08 f6 b2 b9 92 42 92 eb 04 71 d1 5a 1f 3b 9d 1c e9 4e 1e 00 f7 40 7d 99 72 99 1b
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a secret (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84
1f a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7 d8 4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 8e 58 c0 e7 0c 99 2d 7f fc payload (90 octets): 02 00 00 56 03 03 42 ec 65 e2 f1 86 19 05 8f
80 98 eb dc 67 ba 85 05 e4 2e 44 05 bf 77 23 95 49 24 7a b2 ba 0a e6 42 76 a1 0d 47 b3 5d 5f 26 75 0b c5 a9 b7 aa c6 30 9f 19
20 3c 00 13 01 00 00 2e 00 28 00 24 00 1d 00 20 ee 31 96 ca 63 75 71 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 aa 6c be 84 01
98 21 a1 7b 51 68 ab 61 0d 70 57 d2 b2 50 84 89 1f 87 ef 26 cf 8c c1 a7 43 75 b6 d4 ea 18 ad 51 71 c1 50 ae 55 80 a8 4c 62 ef
0c 26 84 e5 d6 7e 00 2b 00 02 7f 16 05 21 a1 16 8a 25 00 2b 00 02 7f 1c
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 8e 58 c0 ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 42 ec 65
e7 0c 99 2d 7f fc 80 98 eb dc 67 ba 85 05 e4 2e 44 05 bf 77 23 e2 f1 86 19 05 8f 0a e6 42 76 a1 0d 47 b3 5d 5f 26 75 0b c5 a9
95 49 24 7a b2 ba 20 3c 00 13 01 00 00 2e 00 28 00 24 00 1d 00 b7 aa c6 30 9f 19 75 71 00 13 01 00 00 2e 00 33 00 24 00 1d 00
20 ee 31 96 ca 63 98 21 a1 7b 51 68 ab 61 0d 70 57 d2 b2 50 84 20 aa 6c be 84 01 8c c1 a7 43 75 b6 d4 ea 18 ad 51 71 c1 50 ae
89 1f 87 ef 26 cf 0c 26 84 e5 d6 7e 00 2b 00 02 7f 16 55 80 a8 4c 62 ef 05 21 a1 16 8a 25 00 2b 00 02 7f 1c
{server} derive write traffic keys for handshake data:
PRK (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 63
e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 6b de 0a 34 c4 42 3c f3 5b f4 a7 ec 1a b0
aa 06
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 22 07 9a 1b e6 53 89 9a 59 a4 e5 51
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): a2 c1 53 5b 55 26 42 8b 49 cb e6 cc 3c 19 23 7c PRK (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 63
37 4e 94 db 25 6c 96 4d 4d 13 76 a9 de 1a c5 12 e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): d2 7d 01 ab e2 d9 d6 68 98 dc 10 f8 5d 92 2f output (32 octets): 1c a5 43 d9 08 b8 ec 1c b7 25 55 7f 83 c4 de
d6 ff f5 1d b8 80 f4 af 64 52 b7 1c 05 c3 fc 42 67 03 f1 71 85 07 b9 0a e4 39 ec 84 92 c2 22 5d 6e 75
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b
00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02
01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36
skipping to change at page 7, line 44 skipping to change at page 8, line 11
d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28
a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09
06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05
a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85
aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a
7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31
9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e
67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e
b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40
9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d
e1 00 00 0f 00 00 84 08 04 00 80 35 dc 65 98 6e 5d 7a 91 25 7a e1 00 00 0f 00 00 84 08 04 00 80 60 79 53 73 40 82 02 3f d3 8f
91 01 85 5d 87 54 9c 1b 0d 19 6b 6c 19 da a2 67 38 30 ff 73 a4 e9 bd 96 ea f9 dd e4 45 12 7b ef 6f c8 5b 2a 29 82 27 a9 0d 26
51 ab 79 48 55 ca c3 40 e8 48 fd 10 5a 96 ed b4 23 48 99 8c d9 12 28 11 7b 93 f7 6c 00 02 56 02 b8 5b e9 6e 6e 75 a2 5b 72 bd
ac 0d f6 63 d8 92 7e 88 67 25 57 0a 41 52 28 af 19 67 a2 2d 9b d9 38 9d 7c 97 95 f3 14 24 60 17 18 9d 4b dd 30 b8 38 17 f5 9a
4d 36 7b b0 90 e4 f0 76 ea 5f a4 7d c5 7c ac 77 cb e6 21 7f 3e 5b c3 66 9a 98 d6 41 64 fd c7 80 77 2d ca 3d 06 63 79 24 1a 21
fa 6f 10 53 12 9e b9 1a cb 05 48 c6 38 16 89 8d 36 79 8d 6a c0 32 c4 07 1e 21 f9 f3 f0 cd 1d f4 06 ab 1d 37 bd db 13 e1 c2 93
38 89 c4 13 c9 27 de df f9 39 d0 58 8c 14 00 00 20 4a 81 42 ca f8 a4 46 8b 8e 5b c9 09 e5 78 94 e0 f1 14 00 00 20 16 cb aa 5b
b4 49 41 89 68 94 06 27 07 e6 92 d6 32 a8 6a 12 4c be 2a 81 6b 9c 4d 04 ea 5c 83 b2 0b 4c 88 04 7e 8f 95 d9 60 5b 71 24 d1 1d
3d ef a1 b3 15 40 db de b1 91 bb 6b 6d 18
ciphertext (673 octets): 17 03 03 02 9c 6f 0c 3d 25 89 2d 11 1b ciphertext (673 octets): 17 03 03 02 9c c7 ad d2 3a 51 68 b1 f3
9e 10 b7 bf 9e cb 09 ec 5e 87 75 53 b3 15 3e b9 80 12 4c 44 59 49 b7 59 e3 6b 17 1d ab c9 0b aa 31 29 a9 83 81 35 a2 2d a4 d2
58 b1 71 01 41 8b 00 d8 f0 2f af cc 55 ba 06 25 88 ba 53 0e f0 d5 96 c9 4b 86 f6 af be 4d 7e 6d 6d bd 07 0b 84 f7 0f 33 fa 57
9a 8f b4 c7 d6 de 1f 8b 7e b8 d8 b6 d2 1e 01 34 a9 75 74 ae 71 91 7d 7f 44 b1 e0 6d 47 46 64 3b fb 8f 2c dd 0a 2e db 1d 43 b7
2d 5c b6 c1 5d 19 b3 47 c7 8a 88 4a 71 ff b8 c2 e7 60 02 22 16 32 26 b1 be f9 5c 34 58 41 d1 20 fc 70 8d 49 09 bf a3 42 e4 99
a7 93 8f 10 81 8c 3f 81 16 b4 5a 39 79 d0 9d 72 52 e3 b4 4f 10 33 c1 00 02 03 3f ee 1e 82 67 0b 26 50 ba 93 c5 3a 87 f8 6d 5c
ae 68 f5 a6 1b 31 d8 e0 b4 15 f8 09 7d d5 14 f1 ba d1 49 dc bc bf 51 26 ad 05 58 6f 97 b1 31 4f 21 c0 b7 a2 0c 4b 4f 90 c3 66
e5 cb 35 48 55 f6 1d 56 08 c7 b9 d5 85 9a d9 f4 e2 02 84 45 5d ec 8e d8 49 be a6 d5 b2 e0 bb 88 4f 9e 98 d7 19 5a 42 8f f8 d1
9d ab 37 d5 6e 09 5e bd 88 68 89 a2 36 3f c9 7b 16 62 06 63 7c 26 5a 67 58 84 f3 8a 43 60 68 e3 72 9f 8a 50 99 1b f8 61 37 95
ca 01 ab 37 7e 9d 3f 3d 06 4f 6a fc 87 22 1a bf e6 d5 23 27 e9 0c 5e 0e b3 ad a2 23 59 c2 5a f7 00 31 cb 18 00 8c 2f a6 e7 c8
96 91 6e d4 a3 ed 24 9d 5e 71 04 44 dc 78 64 e4 31 6d a8 01 83 dd 70 58 f8 ec e9 23 b0 96 7a c5 ed c0 39 7b 9d 9a ae cf 3f 0d
b0 cc 0c 3b 38 0a 0a 87 a8 36 17 13 86 c7 f1 b8 db 0b 15 30 a4 cc 59 83 a4 76 9e 26 0f 15 e6 83 78 74 18 ce 06 75 47 ad f9 fa
39 6c 1a d4 53 2a 60 7a 55 31 90 63 83 f7 bb 9c cc 20 da a8 ec 75 93 24 7d f7 d5 a1 60 32 7b de 57 f8 eb e4 74 55 6b 93 97 9f
47 af 17 e5 7e d6 fc c5 f0 61 b7 cb 5a 42 6d 96 96 19 3f e4 a5 ae 3c d2 fa 90 c3 b5 e7 77 d6 2f 3b 1b 11 bb 92 08 a6 8d 55 06
13 56 82 a2 2e 0c 3f a2 26 9f 0a bf c6 31 6a 19 6f e8 7c f8 91 24 6f 76 ac ef b5 7d b1 b6 37 b4 60 38 24 1d aa 6a 07 b7 dd 8d
29 b7 7c 43 41 ae 6c 12 b6 c5 70 d6 fb b5 46 0f f7 c6 5d a5 80 45 c4 7b e1 2f 7e 5a 71 a1 00 95 02 9e ed 7e 27 8d de a9 f4 46
b1 17 0c 49 12 e4 bd b5 9b 2d 14 f2 7a 05 35 3e 51 d2 18 a3 60 2c 68 9e 1b c6 eb c6 b8 84 da b7 f9 de e7 6f 30 08 73 63 85 05
15 4c bf 08 f2 9c 64 4b 28 8f 3d 42 4e e8 ea bb f1 26 fd 6b e4 f9 00 3c de 12 e4 28 24 ff 3a 17 64 3d a1 a7 62 7c 16 6c 89 38
b2 b0 f1 97 5f e4 73 a3 df a8 83 78 bd 5b ea ce ee 52 0e 6e 2d 5c de 80 87 4b be 7a 19 ff 5c 5e 1a cd 94 eb 26 1b d4 90 4d 4e
c7 40 8e 83 8f 34 36 29 c1 a4 a3 dd fa 58 c3 c3 f8 08 5a 79 3a 70 85 24 f3 8d 51 0d 17 2c 6d 61 79 fe e3 dc bb 80 85 b2 f4 3f
f2 49 38 3d e5 51 a8 a9 50 4a ea 31 31 28 27 ad d1 0c ed b3 39 fe 1c 39 b6 4e 49 34 a3 4c d0 91 fe fe ce 76 1c 74 0e 63 d1 e0
e4 a2 32 11 85 aa 27 6f 76 2b 0a 6b cd 9e f8 f8 2c 0f de ac 3b 4a 83 b0 55 75 15 26 0d 8b 40 b0 86 1b d7 75 91 4b 81 24 d6 ec
60 d6 5d 10 94 99 b9 1f 19 4b 88 4a cd c7 b0 d6 3b 8c f6 f0 d8 42 e6 74 fb e4 8b c6 cf 5a 08 cf fa 98 00 15 08 61 33 27 85 6e
cb ab f1 3c a9 96 69 42 e1 6a 3d 75 24 ad f3 3e ee e5 de e8 91 d7 3f 95 2d b6 fd 9f eb 08 85 56 6d 91 79 3e 50 34 ac da 39 8b
6b 57 31 c3 6e 21 1a 2d fb fb 65 60 07 91 3b 51 c5 a0 97 50 df 40 3b 6a ce 62 35 47 d5 2f f7 19 98 fe 31 a1 ef d7 f6 fb 85 ea
a9 70 8d 38 e0 a2 0b 5c ee c9 58 4b c7 aa 83 70 94 b9 6e fd 55 b2 06 94 db f4 d5 00 0f 22 10 bc 3d 31 24 22 f9 d5 8d e9 d3 60
b0 7a c3 72 00 42 4c f9 eb 54 2d 53 b5 6e 71 32 33 83 c1 93 f2 39 bf 8f ae e9 e8 38 33 8c bf 36 b2 b4 82 bd b5 2c 1d 52 32 3b
cd f6 22 08 35 48 07 a0 19 3e cd 23 78 ed dd 72 74 27 fe 9d f9 a7 4f b2 42 30 64 f9 3f e7 dc 11 54 4f cd ac 52 10 b8 78 91 a1
d0 46 28 b8 9c 38 0b 3b 83 b5 e6 95 cf ba 2d 8d 2f 30 ce 0e 19 7a 14 9b 3c 83 a8 f5 f4 ed b7 63 53 82 01 f7 77 d6 0a e0 5f 36
17 ee 05 2e 7e c9 4d 4d da 39 b6 93 e0 1e a9 68 ad 95 1d 40 cc a8 2a d6 50 a0 8d a3 64 0e 97 4d 90 ab a9 31 c1 4d 81 c6 ed 19
99 66 82 0e 7a 95 ff 17 e0 fd 0b 4d d0 d2 a8 70 d0 b5 ab d9 10 1f 32 36 28 72 d1 0b f9 a6 b7 3a c2 a9 e2 89 7b a0 df 61 c6 97
79 5a 3e d7 2d 66 54 ba e0 a7 3a 85 fc dc 9b f8 98 53 82 8c 2c 35 37 a1 10 e5 d4 6c 35 62 75 89 65 36 f3 16 18 72 2a 56 ff 7d
4e 07 51 be e6 e4 a7 de 11 b2 8a 53 c6 c7 73 3c bb 47
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8
a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7 4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14
hash (32 octets): ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19 hash (32 octets): 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e
77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 61 66 66 69 63 20 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f
19 77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b 8e 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c
output (32 octets): 4f c9 93 4a 78 39 af bf b1 ad 4a 09 f9 13 90 output (32 octets): f7 1a e9 97 5d 12 75 6a 41 53 17 a4 4c 63 01
aa 58 f8 16 40 60 8d 63 86 38 78 c0 b9 9f 6c da aa 6e 98 39 5d 1e cd da 48 9b cc af 4a 3e 86 3f 87 35
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8
a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7 4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14
hash (32 octets): ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19 hash (32 octets): 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e
77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 61 66 66 69 63 20 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f
19 77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b 8e 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c
output (32 octets): 71 9b 77 1c 5c 65 41 32 a7 25 1f 09 12 92 f7 output (32 octets): e4 25 33 b9 1b e3 2a 43 fb 9e 5b 7d 9a 00 2d
68 b6 d8 9f af 36 f3 1f 79 44 05 00 fc 16 68 b2 b7 59 d8 c7 47 b0 83 b5 72 76 ed 98 bd 46 89 33 f6 72
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8
a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7 4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14
hash (32 octets): ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19 hash (32 octets): 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e
77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19 77 74 65 72 20 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e 32
4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c
output (32 octets): 9d 07 cc 4a ef bc c1 f1 75 81 54 ac 1a ba 78 output (32 octets): 14 2d 61 52 63 bc e0 27 60 74 9e c8 d3 8e ac
8b 0e d5 f3 1b bc 7f a4 ca dd ce 7a 09 7a 3e 25 42 7a b0 ce 85 0f c1 e3 87 85 a0 33 8b 7e 74 d4 65 b2
{server} derive write traffic keys for application data:
PRK (32 octets): e4 25 33 b9 1b e3 2a 43 fb 9e 5b 7d 9a 00 2d 59
d8 c7 47 b0 83 b5 72 76 ed 98 bd 46 89 33 f6 72
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4e 01 d3 e4 ac 71 a2 83 4b b5 71 29 bb 88
bf d6
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a4 45 9e a6 d6 d7 fb 65 91 6b b8 fa
{server} derive read traffic keys for handshake data:
PRK (32 octets): ed 5d 2e 57 8f 39 41 2a 63 a1 8e 68 d4 52 e4 09
21 5b 42 a8 63 40 29 f2 4c c9 c7 bb 3c 4d 29 de
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): fd 24 5c 26 ad 85 0f e2 d3 1b f9 6d 87 fe
f2 56
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): bd 1f de f0 52 bb 30 8c 0a 88 c1 1c
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 10, line 20 skipping to change at page 11, line 17
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 61 d3 4a ad f2 5e 22 3a 2c e6 fb 59 f8 a0 f9 d1 ikm (32 octets): de 19 c3 5f f1 64 46 31 c4 b4 59 9a 22 2c ee eb
d7 5f 18 87 df b0 6c 0f ff f8 47 6d c3 c5 0f 47 31 aa 4c f3 03 ef 15 48 de 68 ea 83 c9 4b 78 1c
secret (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 secret (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f
7f dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6 b2 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 63
e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 6b de 0a 34 c4 42 3c f3 5b f4 a7 ec 1a b0
aa 06
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 22 07 9a 1b e6 53 89 9a 59 a4 e5 51
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as
server read traffic keys)
{client} derive read traffic keys for application data (same as
server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 40 2b 60 6f 3c b0 c8 5b 6d bf fb fd a9 df 79 14 PRK (32 octets): ed 5d 2e 57 8f 39 41 2a 63 a1 8e 68 d4 52 e4 09
58 4a 0e b9 21 1b b5 e9 0b a4 81 f2 5c 4b 94 e2 21 5b 42 a8 63 40 29 f2 4c c9 c7 bb 3c 4d 29 de
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 47 af c3 66 da 4c 2d 41 64 19 fe c6 f7 af f1 output (32 octets): 3a db dd 16 1f ca 16 ee 0b 3e ee c3 58 09 98
3c 58 9b 56 a2 6a da e0 b6 f3 7a 8d f5 2e a1 d9 33 0a 62 86 14 6f ac 25 d2 7b a9 7b 2a fa 3a 66 f9 b0
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 3a d4 3d b6 d0 42 77 0c 3f 79 f7 payload (36 octets): 14 00 00 20 e4 dd f9 c5 4e 5c 65 83 5b e0 e9
a9 1a cc 0a 41 1f 1b 92 21 f0 3f 9d 2a 6b 92 c4 d1 54 51 19 ed f2 57 03 09 b1 06 f6 72 6e c0 88 2f ca e7 13 8b d7 93 cc c7 1b
ciphertext (58 octets): 17 03 03 00 35 32 d7 1d 7f 1b 8e f2 da f3 ciphertext (58 octets): 17 03 03 00 35 e8 a7 c0 73 d2 d5 90 fb a2
58 4c 6c 09 c7 4a ed 85 6e 75 59 4e 6f 14 67 4c d9 48 f2 69 ab 33 02 b7 1e 8c 3c ba 0b d4 54 28 97 0c ec de d3 ae 95 24 95 98
c1 cc 0e b7 bb 10 45 51 78 88 83 8f 51 34 75 a2 59 ef 80 9b 0f 12 7a af 08 ed 15 b8 86 7b 08 67 e2 71 1d 9c e3 97 38 21 e9 a9
94 1f ca dd
{client} derive write traffic keys for application data:
PRK (32 octets): f7 1a e9 97 5d 12 75 6a 41 53 17 a4 4c 63 01 6e
98 39 5d 1e cd da 48 9b cc af 4a 3e 86 3f 87 35
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): ac 85 66 33 d0 d3 1c 93 c8 53 ba 4a 51 b5
de f8
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 0d a9 f7 fe 9e 8d f9 98 05 12 e5 46
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8
a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7 4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14
hash (32 octets): 2d eb 11 8e 31 f3 d3 8b 38 de 1f cc 26 46 d2 21 hash (32 octets): 80 ec 58 20 f2 d2 75 b0 7a 13 77 80 c4 ad 21 40
ac e6 1f 97 fa 79 75 92 23 7a 65 9c 2b 6b 93 51 4f 36 36 f0 09 11 33 eb f4 0b 9e 83 4c a4 81 45
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 2d eb 11 8e 31 f3 d3 8b 38 de 1f cc 26 46 d2 21 ac 74 65 72 20 80 ec 58 20 f2 d2 75 b0 7a 13 77 80 c4 ad 21 40 4f
e6 1f 97 fa 79 75 92 23 7a 65 9c 2b 6b 93 51 36 36 f0 09 11 33 eb f4 0b 9e 83 4c a4 81 45
output (32 octets): ba dd 11 ad f0 7b 59 f9 d1 90 56 1e 4e 69 d6 output (32 octets): af b3 24 6c 40 8d c0 40 5b a4 c3 2f 40 3b df
5d 2d 0c cc 92 3b 08 4a cd 70 6e 00 cd 54 e6 5b 70 bb 14 8c 27 ad 59 5a 92 0c f7 12 84 e8 60 8b 48 4d
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{server} generate resumption secret "tls13 resumption": {server} generate resumption secret "tls13 resumption":
PRK (32 octets): ba dd 11 ad f0 7b 59 f9 d1 90 56 1e 4e 69 d6 5d PRK (32 octets): af b3 24 6c 40 8d c0 40 5b a4 c3 2f 40 3b df bb
2d 0c cc 92 3b 08 4a cd 70 6e 00 cd 54 e6 5b 70 14 8c 27 ad 59 5a 92 0c f7 12 84 e8 60 8b 48 4d
hash (2 octets): 00 00 hash (2 octets): 00 00
info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74 info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74
69 6f 6e 02 00 00 69 6f 6e 02 00 00
output (32 octets): 20 b3 ed 07 48 14 86 03 09 cd 47 fb 81 0b 36 output (32 octets): cd 0b 4e db 66 32 41 4e 03 e9 a1 fb 9c bf 10
9c f1 86 b7 09 7c b7 76 ff 57 f8 a7 ce 12 18 fa fa 68 c1 3d 7e 0f 94 f7 1d a2 6a 69 51 ba f7 52 9e 76
{server} send a NewSessionTicket handshake message {server} send a NewSessionTicket handshake message
{server} send handshake record: {server} send handshake record:
payload (205 octets): 04 00 00 c9 00 00 00 1e 1a 46 fe 8d 02 00 payload (205 octets): 04 00 00 c9 00 00 00 1e 83 6a d9 92 02 00
00 00 b2 f7 34 a8 af 18 42 36 ce f0 ae ea b1 00 00 00 00 68 2d 00 00 b2 20 69 93 e6 82 7e f6 98 84 68 d2 55 00 00 00 00 6a 30
66 eb 29 13 c9 eb 94 c6 9a 57 51 5d df 2f 00 70 c2 f3 4f 9b 2e 23 72 43 90 67 fc 81 f4 d3 17 f1 b1 ef 33 00 70 15 93 bc b0 32
d5 a5 30 91 16 c9 d7 4f ca eb 2b f8 87 51 9a a5 5a 7c 83 ff 27 cc ea 52 8c 5a 07 c3 7b 16 6f 89 7a 83 b7 15 48 18 b7 d1 1a 4e
fd c3 72 ba ec 38 7d be 58 8e d6 27 4b 1f f5 13 6c eb 68 ea 4a 90 7c da 4e 3f af 48 95 97 21 44 b3 a7 d9 96 8d 96 28 b6 e5 66
39 ce 79 08 7c 6e 75 42 b4 9c 7c 0e 4b 97 fc 2a 29 73 27 71 8b 9c ce f4 26 0e 45 d6 4d 22 d3 b6 1a b5 7b 7f 59 dd f7 e2 cf 7a
29 bf 63 6a dd 4e 6b 46 a4 1d f2 3f 45 01 28 80 20 b2 6c e5 75 19 6f 9a 32 a3 d9 4f ea 13 eb 25 ab 2d 73 35 78 83 80 dc e7 4d
d4 c9 f1 87 eb e5 48 07 1b 51 19 8c 4b 10 f9 4c f7 ce 94 aa 08 47 76 8e cf f4 67 9e 88 af ac a6 18 97 b9 1c 53 ee 85 82 2c 9f
17 a7 2a a8 86 64 63 d9 d7 7f 9c db 81 e6 27 82 c1 33 2e 22 0c 08 7b e4 05 8f ed 0d 6e b5 e2 68 e6 54 f4 ec 0c 67 5f fb 08 6e
55 2c dc 44 48 4b e7 ee f7 64 3d c3 8d 00 08 00 2a 00 04 00 00 06 7d 04 39 e3 9d ca f1 fb 60 31 98 db 00 08 00 2a 00 04 00 00
04 00 04 00
ciphertext (227 octets): 17 03 03 00 de ce 84 1b 08 4c ba 5c 21 ciphertext (227 octets): 17 03 03 00 de a7 77 b6 77 11 b5 34 f1
cd 70 f7 30 28 18 7c c9 a0 e9 e5 b8 88 f8 d0 ca 5a f7 7d df 96 0e 38 1f 45 1f 16 da 00 20 dd 9a af a4 9d b4 62 c2 35 dc cc 6d
eb cd fd 1e 70 c6 8b a2 44 a9 64 3d c8 c2 b3 9c 93 3d 0e a9 1a bf c6 39 9c 7e ec 88 ae 2a d6 8b 97 ca 23 b1 72 15 59 e6 6f 67
8d 7a 35 df db 3d c3 45 57 bb eb e8 0c a4 0b 64 b8 45 cd 04 b2 7c e6 8c d1 06 7f 41 27 7b ac 40 bb b9 3e 5b 81 0d b4 3c 1c 80
18 2e 73 59 f5 53 60 0b 1b 1f 8a c1 29 fd 3c f5 eb 79 91 3a e4 bd 8b 72 17 17 ba 23 c6 a0 52 ef 78 b6 dc 2b be b4 da e0 06 77
27 02 a3 10 a7 17 5d e1 15 c7 fd 77 00 06 54 2d cf 8a 7a 94 53 8b ab 88 a7 a5 d1 7e a3 b6 3f 12 6c 24 67 33 cc 15 b6 28 b5 b7
8d 96 d9 71 72 02 28 4b ed af f5 ff ec a0 23 10 92 12 3e a6 b0 43 71 6d 85 f8 f1 f6 77 32 91 c7 37 ae 06 f5 f6 ae 95 6b c3 00
bc 12 99 ae c3 a9 8c 44 27 e4 35 7c 38 16 d0 a6 c5 d0 93 aa d5 5d f2 a0 64 94 b0 65 77 68 84 3a e8 fe 95 0e be 81 da 4a c9 9c
9c 09 5c 99 76 91 b5 88 cc 3c 10 8e 95 d7 f8 39 f9 ec 2c a5 18 34 e8 e5 73 d5 99 63 75 bb 82 2b 51 67 b4 ae 3f 9c 06 76 f7 e7
2c 80 53 12 a1 c2 d0 32 88 80 97 c1 4e 38 5a 3c c5 e9 37 0e b6 94 a1 61 0f cb 12 e8 f7 9f 08 75 91 3d b9 67 c8 17 90 e9 6f 60
49 08 05 4b 52 64 4e 35 09 2a 34 4a 74 77 b8 bb be fb 22 a8 ff 4e dd 6c 06 c7 70 a2 c0 a8 f6 50 27 8d 22 03 94 8e a6 b2 3c 14
c3 9e 84 ac d3 89 97 4a
{client} generate resumption secret "tls13 resumption" (same as {client} generate resumption secret "tls13 resumption" (same as
server) server)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 18 8a fa 7b 29 8e 8d ef c3 ciphertext (72 octets): 17 03 03 00 43 98 45 d6 12 28 f1 d9 a5 da
eb 5e f8 2f dc 60 92 3b b5 5c ca 31 a5 64 63 df ec 71 7a aa 99 a3 2a 06 64 2c 43 68 1c cf 70 65 24 e2 8d 57 15 2f 6b 8f ac d0
77 9c c6 1f bf ca 90 73 b9 95 51 73 a0 b7 1c 1b f2 b9 2d b0 60 89 fc 98 26 83 c3 30 a3 e1 1f 16 c5 f7 5d 2d 49 21 5c c0 8a 13
73 e9 65 5b 64 3e 12 ef 76 d8 c8 86 91 12 aa 35 a1 ec fd 41 a4 1b b1 38 c9 63 48 92 ab 22 63 00
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 d8 27 0a 4b 0b a6 c0 74 c3 ciphertext (72 octets): 17 03 03 00 43 01 0a 55 e6 e1 14 d0 51 60
83 0b 15 58 a1 cb 89 13 e2 21 d7 08 33 ee 02 74 58 e2 46 11 a0 0a b9 5e e7 a3 03 82 3a 23 ae c5 79 be df fa 3f c3 e0 30 18 01
d4 7f 9c d3 bd 66 ce 03 13 db 71 8e e4 d0 ef bc 3f 8a 4d 7e 35 95 f8 83 6b 58 3b af 9a 14 ae c3 77 be 43 73 a1 a5 ea a1 4e af
04 3c 46 48 40 d8 7d eb 66 b7 7d 40 df 36 aa 7d 87 9d 3f ca 6f 9b 7e 46 bc 05 46 83 5d 76 71 e8
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 d5 92 9a 67 ba 50 4f 19 3a ciphertext (24 octets): 17 03 03 00 13 5f 93 e1 bd 82 9d 2b 00 9c
59 7d 3a ab 2d c3 f9 04 12 7d ad ac 13 3b 7f 0c 1e 8c 94 40
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 09 39 38 d7 0c 6a 9b 1c 9c
ciphertext (24 octets): 17 03 03 00 13 69 ed b3 40 6d 1e 57 51 97 2e 35 6b 60 58 80 70 27 cd 6e
75 4a c9 27 19 e0 5d 71 18 67
4. Resumed 0-RTT Handshake 4. Resumed 0-RTT Handshake
This handshake resumes from the handshake in Section 3. Since the This handshake resumes from the handshake in Section 3. Since the
server provided a session ticket that permitted 0-RTT, and the client server provided a session ticket that permitted 0-RTT, and the client
is configured for 0-RTT, the client is able to send 0-RTT data. is configured for 0-RTT, the client is able to send 0-RTT data.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 25 ee 23 7a 20 17 98 ee e8 7f 37 60 53 private key (32 octets): 7f cf 6e 8b fb 63 48 3f 0a 1d 23 99 fb
e1 28 50 9a be 65 e7 87 34 4f f2 b9 ff 9d 04 fd 13 8a fa ce e4 d0 69 39 6c 17 02 62 fb d9 f2 46 81 11 af 24 ab 34
public key (32 octets): fa 5d e3 00 e6 9f 05 d6 19 a4 28 fc fb 02 public key (32 octets): b5 b4 ca 2e 51 9a c8 32 92 3e af 84 f4 13
88 b5 57 b6 40 6a 26 fc 51 13 c0 4e 4a 3c 86 9a 44 14 3d 53 b2 00 53 63 d5 a7 ad 8e 07 0b d0 fd 15 d6 92 08
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 20 b3 ed 07 48 14 86 03 09 cd 47 fb 81 0b 36 9c ikm (32 octets): cd 0b 4e db 66 32 41 4e 03 e9 a1 fb 9c bf 10 68
f1 86 b7 09 7c b7 76 ff 57 f8 a7 ce 12 18 fa fa c1 3d 7e 0f 94 f7 1d a2 6a 69 51 ba f7 52 9e 76
secret (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc secret (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85
0f 52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16 be d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): de 0c 49 be 25 cd 0a b1 79 a9 d1 be e0 5a c0 cc PRK (32 octets): 04 5f b4 75 3e d5 65 30 5b 33 d2 04 0b 21 57 2d
a0 3d 51 10 4f cc ac db 13 12 b6 35 40 5a db 2c 7d 24 b3 ee 18 e7 63 bd 1a 1b 20 cf 2a a6 1a 92
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): e6 12 24 d1 ef b4 01 4b 18 aa e8 db 83 4e 12 output (32 octets): 89 60 f7 a3 5f 8e e3 52 30 20 1e cf 77 f8 b1
5b da e8 e8 bf f1 17 2f a6 a8 8c 35 39 77 c6 5a 68 29 8f 77 73 0f 0d 84 ab 51 31 a4 bb 00 9b 4f 3d 1f
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 f4 74 90 c6 31 61 6b 80 payload (512 octets): 01 00 01 fc 03 03 0b 27 b6 14 3a d0 49 dd
01 47 e5 62 01 b1 13 6d b0 04 92 f7 e8 d9 56 2a 77 fb f9 77 1d d0 4e 5c b7 bb 33 22 d3 60 f6 0a 9b 8e 65 07 bc 79 69 84 19 5b
8a a4 6c 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 d4 e8 cb 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 28 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 fa 5d e3 00 e6 9f 05 d6 19 a4 28 fc fb 02 26 00 24 00 1d 00 20 b5 b4 ca 2e 51 9a c8 32 92 3e af 84 f4 13
88 b5 57 b6 40 6a 26 fc 51 13 c0 4e 4a 3c 86 9a 44 14 00 2a 00 3d 53 b2 00 53 63 d5 a7 ad 8e 07 0b d0 fd 15 d6 92 08 00 2a 00
00 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02 00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 00 00 00 00 00 00 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 29 00 dd 00 b8 00 b2 f7 34 a8 af 18 42 36 ce f0 ae ea b1 00 00 29 00 dd 00 b8 00 b2 20 69 93 e6 82 7e f6 98 84 68 d2 55 00
00 00 00 68 2d 66 eb 29 13 c9 eb 94 c6 9a 57 51 5d df 2f 00 70 00 00 00 6a 30 23 72 43 90 67 fc 81 f4 d3 17 f1 b1 ef 33 00 70
c2 f3 4f 9b 2e d5 a5 30 91 16 c9 d7 4f ca eb 2b f8 87 51 9a a5 15 93 bc b0 32 cc ea 52 8c 5a 07 c3 7b 16 6f 89 7a 83 b7 15 48
5a 7c 83 ff 27 fd c3 72 ba ec 38 7d be 58 8e d6 27 4b 1f f5 13 18 b7 d1 1a 4e 90 7c da 4e 3f af 48 95 97 21 44 b3 a7 d9 96 8d
6c eb 68 ea 4a 39 ce 79 08 7c 6e 75 42 b4 9c 7c 0e 4b 97 fc 2a 96 28 b6 e5 66 9c ce f4 26 0e 45 d6 4d 22 d3 b6 1a b5 7b 7f 59
29 73 27 71 8b 29 bf 63 6a dd 4e 6b 46 a4 1d f2 3f 45 01 28 80 dd f7 e2 cf 7a 19 6f 9a 32 a3 d9 4f ea 13 eb 25 ab 2d 73 35 78
20 b2 6c e5 75 d4 c9 f1 87 eb e5 48 07 1b 51 19 8c 4b 10 f9 4c 83 80 dc e7 4d 47 76 8e cf f4 67 9e 88 af ac a6 18 97 b9 1c 53
f7 ce 94 aa 08 17 a7 2a a8 86 64 63 d9 d7 7f 9c db 81 e6 27 82 ee 85 82 2c 9f 08 7b e4 05 8f ed 0d 6e b5 e2 68 e6 54 f4 ec 0c
c1 33 2e 22 0c 55 2c dc 44 48 4b e7 ee f7 64 3d c3 8d 1a 46 fe 67 5f fb 08 6e 06 7d 04 39 e3 9d ca f1 fb 60 31 98 db 83 6a d9
90 00 21 20 34 60 d2 6b d5 55 86 97 91 90 dd 6d 8f 25 3d f3 fa 95 00 21 20 58 34 0e ab 95 8d 02 3c 39 84 b4 82 81 0b 58 ec 53
d7 d1 64 61 28 f3 d9 3d 51 57 21 3b 90 86 b3 7c d3 d1 c6 a9 9d ca 87 1c 73 57 54 1d 45 2f
ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 f4 74 ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 0b 27
90 c6 31 61 6b 80 01 47 e5 62 01 b1 13 6d b0 04 92 f7 e8 d9 56 b6 14 3a d0 49 dd d0 4e 5c b7 bb 33 22 d3 60 f6 0a 9b 8e 65 07
2a 77 fb f9 77 1d 8a a4 6c 00 00 06 13 01 13 03 13 02 01 00 01 bc 79 69 84 19 5b d4 e8 cb 00 00 06 13 01 13 03 13 02 01 00 01
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 28 00 26 00 24 00 1d 00 20 fa 5d e3 00 e6 9f 05 d6 03 01 04 00 33 00 26 00 24 00 1d 00 20 b5 b4 ca 2e 51 9a c8 32
19 a4 28 fc fb 02 88 b5 57 b6 40 6a 26 fc 51 13 c0 4e 4a 3c 86 92 3e af 84 f4 13 3d 53 b2 00 53 63 d5 a7 ad 8e 07 0b d0 fd 15
9a 44 14 00 2a 00 00 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 d6 92 08 00 2a 00 00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 f7 34 a8 af 18 42 36 00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 20 69 93 e6 82 7e f6
ce f0 ae ea b1 00 00 00 00 68 2d 66 eb 29 13 c9 eb 94 c6 9a 57 98 84 68 d2 55 00 00 00 00 6a 30 23 72 43 90 67 fc 81 f4 d3 17
51 5d df 2f 00 70 c2 f3 4f 9b 2e d5 a5 30 91 16 c9 d7 4f ca eb f1 b1 ef 33 00 70 15 93 bc b0 32 cc ea 52 8c 5a 07 c3 7b 16 6f
2b f8 87 51 9a a5 5a 7c 83 ff 27 fd c3 72 ba ec 38 7d be 58 8e 89 7a 83 b7 15 48 18 b7 d1 1a 4e 90 7c da 4e 3f af 48 95 97 21
d6 27 4b 1f f5 13 6c eb 68 ea 4a 39 ce 79 08 7c 6e 75 42 b4 9c 44 b3 a7 d9 96 8d 96 28 b6 e5 66 9c ce f4 26 0e 45 d6 4d 22 d3
7c 0e 4b 97 fc 2a 29 73 27 71 8b 29 bf 63 6a dd 4e 6b 46 a4 1d b6 1a b5 7b 7f 59 dd f7 e2 cf 7a 19 6f 9a 32 a3 d9 4f ea 13 eb
f2 3f 45 01 28 80 20 b2 6c e5 75 d4 c9 f1 87 eb e5 48 07 1b 51 25 ab 2d 73 35 78 83 80 dc e7 4d 47 76 8e cf f4 67 9e 88 af ac
19 8c 4b 10 f9 4c f7 ce 94 aa 08 17 a7 2a a8 86 64 63 d9 d7 7f a6 18 97 b9 1c 53 ee 85 82 2c 9f 08 7b e4 05 8f ed 0d 6e b5 e2
9c db 81 e6 27 82 c1 33 2e 22 0c 55 2c dc 44 48 4b e7 ee f7 64 68 e6 54 f4 ec 0c 67 5f fb 08 6e 06 7d 04 39 e3 9d ca f1 fb 60
3d c3 8d 1a 46 fe 90 00 21 20 34 60 d2 6b d5 55 86 97 91 90 dd 31 98 db 83 6a d9 95 00 21 20 58 34 0e ab 95 8d 02 3c 39 84 b4
6d 8f 25 3d f3 fa d7 d1 64 61 28 f3 d9 3d 51 57 21 3b 90 86 b3 82 81 0b 58 ec 53 7c d3 d1 c6 a9 9d ca 87 1c 73 57 54 1d 45 2f
{client} derive secret "tls13 c e traffic": {client} derive secret "tls13 c e traffic":
PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be
52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16 d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63
hash (32 octets): 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 8a hash (32 octets): 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 43
e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a 0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c
info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61 info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61
66 66 69 63 20 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 8a 66 66 69 63 20 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 43
e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a 0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c
output (32 octets): 7b dd 21 10 35 33 b9 d8 2b ae 6c 26 be 3e 78 output (32 octets): b0 ea 52 04 68 97 4f 91 39 58 7d cf f5 6f 77
e9 bd 37 91 42 96 24 db e0 a6 b3 9c e5 bf 69 eb 23 85 69 96 02 fb c8 0c 0c 18 50 82 79 dc bf d0 7b 03
{client} derive secret "tls13 e exp master": {client} derive secret "tls13 e exp master":
PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be
52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16 d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63
hash (32 octets): 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 8a hash (32 octets): 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 43
e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a 0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c
info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d
61 73 74 65 72 20 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 61 73 74 65 72 20 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9
8a e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a 43 0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c
output (32 octets): da 05 9b c4 d7 bd 6e 30 45 b3 df d8 ab c8 68 output (32 octets): bc 79 ec a3 3d c5 5e 77 f4 a2 b3 1d e3 b2 eb
1b 22 47 6f 44 b4 54 22 75 12 af a9 af c0 60 3f c1 b7 ff 1a 03 16 e6 a2 ea 2e 1e d1 88 1e 65 c0 ee ba
{client} derive write traffic keys for early application data:
PRK (32 octets): b0 ea 52 04 68 97 4f 91 39 58 7d cf f5 6f 77 85
69 96 02 fb c8 0c 0c 18 50 82 79 dc bf d0 7b 03
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): ad 52 61 5a d7 8f ef c8 30 d7 b5 23 c5 6d
39 6c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 1a 68 22 06 82 d9 52 2f 6f d9 80 cb
{client} send application_data record: {client} send application_data record:
payload (6 octets): 41 42 43 44 45 46 payload (6 octets): 41 42 43 44 45 46
ciphertext (28 octets): 17 03 03 00 17 f0 a5 2c ad f2 f8 10 e3 ea
ciphertext (28 octets): 17 03 03 00 17 d8 3a 80 c1 65 49 bf 19 49 31 4a 9e 0d 74 94 18 0c 07 e1 b6 dd 23 05
38 a3 9c c1 54 a1 8b a7 cb bb a7 bf 02 e0
{server} extract secret "early" (same as client) {server} extract secret "early" (same as client)
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): a3 41 34 2b 44 be 43 fa 13 b5 a2 fa 30 private key (32 octets): 73 c0 5e e2 5c db 68 51 18 f0 f7 dd 5f
6a d7 24 ef 7f 73 a0 87 ac be 4a 79 10 82 b6 00 cd 08 b5 d2 dd 12 9d 17 a7 98 b9 1c c5 fe 62 ed 70 a9 ba af 53 2f
public key (32 octets): 66 62 56 0e 42 6c b1 13 d5 63 b1 69 e9 72 public key (32 octets): 47 d1 32 89 df 6f a0 fc 57 3c 74 fa 73 40
b5 c4 81 dd b6 cc f2 a5 79 39 ed d2 4b a9 e9 b6 2f 5f a2 6f 43 38 28 70 7d e5 72 7e 68 28 cb d0 81 9d a9 76
{server} derive secret "tls13 c e traffic" (same as client) {server} derive secret "tls13 c e traffic" (same as client)
{server} derive secret "tls13 e exp master" (same as client) {server} derive secret "tls13 e exp master" (same as client)
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be
52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16 d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e output (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8
50 f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba 4f 34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e 50 salt (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8 4f
f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba 34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d
ikm (32 octets): ca 49 06 0d 44 b4 58 b8 e2 6f b7 2a 18 6e bc 44 ikm (32 octets): 4f 81 91 7a 09 87 67 f2 22 5f cf 33 e8 a5 d5 33
6b a8 e4 0e 8f b1 39 5c c7 f7 56 59 ee 86 f8 54 d6 88 3b d8 ee 16 00 b2 c5 e4 f0 e8 24 02 06 37
secret (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 secret (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b
bb 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54 8f 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 bb PRK (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b 8f
0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93
hash (32 octets): ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79 b6 hash (32 octets): ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa 4c
39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7 d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79 61 66 66 69 63 20 ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa
b6 39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7 4c d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91
output (32 octets): a2 ba 52 84 b4 0e 7d 65 af af 93 c0 93 06 dd output (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1
e4 70 98 a4 ee 28 4c f4 6e 0b 59 09 fe 25 8c a6 4f 8e 44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 bb PRK (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b 8f
0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93
hash (32 octets): ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79 b6 hash (32 octets): ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa 4c
39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7 d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79 61 66 66 69 63 20 ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa
b6 39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7 4c d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91
output (32 octets): 58 6f 1a b9 cb 2d 93 70 66 1a 1e 0b c9 fc 8c output (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02
39 1a 34 67 b9 9e bd 58 16 c1 8c 46 a5 28 6e 96 77 33 a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 bb PRK (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b 8f
0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 78 31 58 10 11 a6 70 a2 ce 59 0b 80 b8 e5 44 output (32 octets): b2 da f2 ee a8 bb d9 2b 5d 84 12 d4 26 7a 3c
12 35 49 d6 bd 44 3c f6 9e 80 e8 0a 7e 38 93 d7 7e 31 6c 09 cd 45 8e 71 ab dc c6 7b e6 b1 41 6c 0f 31
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 78 31 58 10 11 a6 70 a2 ce 59 0b 80 b8 e5 44 12 salt (32 octets): b2 da f2 ee a8 bb d9 2b 5d 84 12 d4 26 7a 3c 31
35 49 d6 bd 44 3c f6 9e 80 e8 0a 7e 38 93 d7 7e 6c 09 cd 45 8e 71 ab dc c6 7b e6 b1 41 6c 0f 31
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 secret (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43
d5 c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c 19 61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02
{server} send handshake record: {server} send handshake record:
payload (96 octets): 02 00 00 5c 03 03 4b 98 9e 4c 47 ca 09 2a 18 payload (96 octets): 02 00 00 5c 03 03 3e 47 ec 55 17 e3 8e 7e f5
78 78 ae 45 7f d5 85 6e dc a0 f7 ae cf 00 4e d0 20 3a fe 0d 57 cc bc 69 f9 2f 5b 20 b8 fa 46 a6 54 66 31 bb 99 fa 08 65 f4 af
e3 86 00 13 01 00 00 34 00 29 00 02 00 00 00 28 00 24 00 1d 00 22 8c 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00
20 66 62 56 0e 42 6c b1 13 d5 63 b1 69 e9 72 b5 c4 81 dd b6 cc 20 47 d1 32 89 df 6f a0 fc 57 3c 74 fa 73 40 a2 6f 43 38 28 70
f2 a5 79 39 ed d2 4b a9 e9 b6 2f 5f 00 2b 00 02 7f 16 7d e5 72 7e 68 28 cb d0 81 9d a9 76 00 2b 00 02 7f 1c
ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 4b 98 ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 3e 47
9e 4c 47 ca 09 2a 18 78 78 ae 45 7f d5 85 6e dc a0 f7 ae cf 00 ec 55 17 e3 8e 7e f5 cc bc 69 f9 2f 5b 20 b8 fa 46 a6 54 66 31
4e d0 20 3a fe 0d 57 e3 86 00 13 01 00 00 34 00 29 00 02 00 00 bb 99 fa 08 65 f4 af 22 8c 00 13 01 00 00 34 00 29 00 02 00 00
00 28 00 24 00 1d 00 20 66 62 56 0e 42 6c b1 13 d5 63 b1 69 e9 00 33 00 24 00 1d 00 20 47 d1 32 89 df 6f a0 fc 57 3c 74 fa 73
72 b5 c4 81 dd b6 cc f2 a5 79 39 ed d2 4b a9 e9 b6 2f 5f 00 2b 40 a2 6f 43 38 28 70 7d e5 72 7e 68 28 cb d0 81 9d a9 76 00 2b
00 02 7f 16 00 02 7f 1c
{server} derive write traffic keys for handshake data:
PRK (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 33
a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0d 71 1f 45 1d c2 0e fc 7e f8 08 9b 44 79
75 ac
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ee 5d 71 8a 24 a8 e5 32 8d bc 58 00
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 58 6f 1a b9 cb 2d 93 70 66 1a 1e 0b c9 fc 8c 39 PRK (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 33
1a 34 67 b9 9e bd 58 16 c1 8c 46 a5 28 6e 96 77 a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 98 90 9d e6 86 66 b5 12 80 1c 41 c6 3b 20 f9 output (32 octets): 89 20 c8 40 6e b4 0e d6 66 66 68 95 ae 3d 8d
fc 1f 7f 8f e1 19 64 75 d2 07 48 66 e3 a1 5d 14 15 12 67 0e c0 e4 5f 0b cb 63 cf ef f5 13 38 e8 1a 5b
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (74 octets): 08 00 00 22 00 20 00 0a 00 14 00 12 00 1d 00 payload (74 octets): 08 00 00 22 00 20 00 0a 00 14 00 12 00 1d 00
17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 00 2a 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 00 2a
00 00 14 00 00 20 c9 f5 11 e0 94 08 c2 b3 ff b5 ac 45 3c 7c 0a 00 00 14 00 00 20 b5 06 45 62 14 0c b7 fa 10 da 9a 57 ff 61 7b
65 c0 8c 28 c9 bc 4f 38 54 46 91 9e b8 fd 84 7c e0 f2 66 d7 14 b7 8b 59 41 a0 af 36 3f ac c1 8d a6 b0
ciphertext (96 octets): 17 03 03 00 5b f5 a6 a6 20 f2 db 4e 20 1f ciphertext (96 octets): 17 03 03 00 5b c8 2d 5e 2c 40 f0 77 cc 7d
22 8d 73 b4 15 d8 5e a9 76 e1 55 27 5f 2d 89 a4 96 68 d7 be 48 8b c6 f5 0a 61 52 c2 ff e0 d9 30 60 11 a6 c2 7c 1c 2a c3 88 4c
9a 8b 85 20 5d 0b 59 30 79 e6 0e 10 6e 15 67 29 c2 11 90 0a de a6 1e f2 08 46 fb c3 dd 91 19 4e 26 b6 9a 4a 74 73 a2 51 4d e7
1f 72 32 67 d8 c8 2b f5 dd 40 bb c5 63 99 1e bc 01 1e 49 14 ea 76 68 92 9d 4c 77 63 64 51 21 70 9f 8a 64 a2 9d 14 88 0b 6d f1
3a ee 25 37 3e eb 31 00 36 c8 f4 44 be 45 16 4d 3a 50 5d 04 08 b5 74 da 7e 2e 5d 0b 6c da 9d 18 4f fe 57 62 b5 5f
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5 PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19
c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c 61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02
hash (32 octets): bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89 hash (32 octets): 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78
ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 61 66 66 69 63 20 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0
89 ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd 78 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39
output (32 octets): c9 d1 12 6d be c2 7c a1 72 21 37 3f ef 10 4e output (32 octets): bc 39 56 2d 42 a4 e7 62 8d cc 15 1b ba c1 16
cf a0 6d c4 a1 c4 5c 1d 55 3f 2b 1a 84 16 b4 6e cb 88 06 9c 1c 56 ca cd 17 d4 cc 53 4a bb 05 e3 c0 3e
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5 PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19
c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c 61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02
hash (32 octets): bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89 hash (32 octets): 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78
ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 61 66 66 69 63 20 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0
89 ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd 78 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39
output (32 octets): aa 91 af 99 99 34 3a 32 8e cf ad 72 cb be e1 output (32 octets): a2 05 9e be 09 34 8a d4 2b 1d 6a 72 01 9e 8f
20 71 d7 79 b3 8a 3d 18 5a 7d c7 c4 e7 f8 33 33 1c 89 06 0d e5 9f de 34 2d 4a d1 68 f2 08 5c ab c3 60
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5 PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19
c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c 61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02
hash (32 octets): bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89 hash (32 octets): 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78
ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89 ba 74 65 72 20 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78 32
96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39
output (32 octets): 3d 65 4f f5 ca 07 87 85 69 31 01 cc 71 0f 46 output (32 octets): e2 d4 f1 2f c6 26 c2 91 de 52 8c 4d d2 cb 1f
e2 93 5b 5e c4 61 14 ca bb 08 35 41 a0 84 66 d1 84 d2 11 b2 d8 44 d9 53 d4 7a 48 d8 17 87 64 05 88 41
{server} derive write traffic keys for application data:
PRK (32 octets): a2 05 9e be 09 34 8a d4 2b 1d 6a 72 01 9e 8f 89
06 0d e5 9f de 34 2d 4a d1 68 f2 08 5c ab c3 60
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 2e c4 83 49 b4 00 e4 9d bb 71 9a 98 91 11
2d 99
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): b2 6b 47 20 2b 9a 93 55 45 90 c0 3c
{server} derive read traffic keys for early application data (same
as client write traffic keys)
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be
52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16 d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e output (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8
50 f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba 4f 34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e 50 salt (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8 4f
f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba 34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d
ikm (32 octets): ca 49 06 0d 44 b4 58 b8 e2 6f b7 2a 18 6e bc 44 ikm (32 octets): 4f 81 91 7a 09 87 67 f2 22 5f cf 33 e8 a5 d5 33
6b a8 e4 0e 8f b1 39 5c c7 f7 56 59 ee 86 f8 54 d6 88 3b d8 ee 16 00 b2 c5 e4 f0 e8 24 02 06 37
secret (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 secret (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b
bb 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54 8f 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 33
a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0d 71 1f 45 1d c2 0e fc 7e f8 08 9b 44 79
75 ac
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ee 5d 71 8a 24 a8 e5 32 8d bc 58 00
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send a EndOfEarlyData handshake message {client} send a EndOfEarlyData handshake message
{client} send handshake record: {client} send handshake record:
payload (4 octets): 05 00 00 00 payload (4 octets): 05 00 00 00
ciphertext (26 octets): 17 03 03 00 15 1d ee d3 9b 27 ff 4f 3c 92 ciphertext (26 octets): 17 03 03 00 15 87 ea 08 9b c5 7f 33 1c 4f
2f fd ef 73 89 56 5e cc 79 d1 13 71 ad 29 80 d7 5e 3b c1 cc 55 40 e8 75
{client} derive write traffic keys for handshake data:
PRK (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 8e
44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4c 0f 31 7d 9a b1 56 f2 7b 71 cb ca 63 3d
f7 4f
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): e3 19 71 d9 f6 41 4b 45 de 4c 4c e2
{client} derive read traffic keys for application data (same as
server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): a2 ba 52 84 b4 0e 7d 65 af af 93 c0 93 06 dd e4 PRK (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 8e
70 98 a4 ee 28 4c f4 6e 0b 59 09 fe 25 8c a6 4f 44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 67 02 97 87 4f 08 e5 10 32 72 a8 be 0c 6d c3 output (32 octets): 68 9e a0 1d d9 3b e4 b2 38 94 de ab a8 d0 7c
b4 39 6e 82 28 34 62 6b 21 e6 be 28 b9 d4 b4 35 05 56 31 29 ad 6b ef dd 7b 3d 8d ef e5 8e 4f 7e 3a 44
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 60 c3 2e 99 5e c1 0d d0 1d 73 79 payload (36 octets): 14 00 00 20 52 90 13 55 ab 06 bb fb ab 3a 81
e3 eb f1 9f 75 ef 74 0b 18 d4 24 06 c9 62 db 37 a4 53 74 9d 76 cc 67 e3 6f eb 5d 8d a1 63 2a 02 ba 83 0a 8f c8 5f 4c 22 66 cf
ciphertext (58 octets): 17 03 03 00 35 b1 a4 2d de c8 7d 6a 62 17 ciphertext (58 octets): 17 03 03 00 35 39 ab 4d 04 21 bb 3e 2b 85
a5 53 19 3b 47 a6 6c 32 b4 51 ab f8 48 dc df 68 21 3b 44 21 76 53 d0 2c ee 16 d3 78 c5 0f a8 76 fd 44 b4 d8 c6 36 26 6e 44 70
a9 e5 9b 8e cf 5e 1a fe d8 94 43 9a 9d f0 c3 a2 4b da ac 97 fc bd 05 f4 77 d4 fb 91 70 f4 42 96 e2 43 3c 78 0e ef c7 50 5f 9b
34 55 e1 68
{client} derive write traffic keys for application data:
PRK (32 octets): bc 39 56 2d 42 a4 e7 62 8d cc 15 1b ba c1 16 88
06 9c 1c 56 ca cd 17 d4 cc 53 4a bb 05 e3 c0 3e
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 24 56 8c c4 56 c9 16 6a 17 54 e3 f8 4d da
66 23
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 92 d2 da ec 04 ce c8 de 21 2a 8e 0c
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5 PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19
c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c 61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02
hash (32 octets): 04 5f 9f 6c d4 c6 84 65 a7 79 f4 89 b7 13 57 7f hash (32 octets): 74 61 12 2a b1 9d 89 46 41 d8 1c 0b 32 71 a9 35
42 e9 91 c1 b7 b7 34 db 01 28 a5 7b 88 35 41 27 90 9f be 21 87 ce 40 18 d1 81 d0 4b 1f 9b 95 8a
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 04 5f 9f 6c d4 c6 84 65 a7 79 f4 89 b7 13 57 7f 42 74 65 72 20 74 61 12 2a b1 9d 89 46 41 d8 1c 0b 32 71 a9 35 90
e9 91 c1 b7 b7 34 db 01 28 a5 7b 88 35 41 27 9f be 21 87 ce 40 18 d1 81 d0 4b 1f 9b 95 8a
output (32 octets): 40 7b 7c fa 1a 5d cd 73 e2 75 a6 80 13 16 68 output (32 octets): 98 85 4e 70 a8 c2 0f 1b 02 44 b8 d9 f2 e9 94
24 4e a8 88 64 19 a6 fe cc 01 f5 7b df d5 5d 15 2a 37 7d 11 dd 0b 6b 09 42 29 de f0 cd 55 56 9a c1 20
{server} derive read traffic keys for handshake data:
PRK (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 8e
44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4c 0f 31 7d 9a b1 56 f2 7b 71 cb ca 63 3d
f7 4f
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): e3 19 71 d9 f6 41 4b 45 de 4c 4c e2
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 89 8d 41 41 71 76 9c 87 23 ciphertext (72 octets): 17 03 03 00 43 28 e8 c4 0d 6e 0a 83 0c 62
f5 46 43 1e c6 80 49 5a fa a6 ac 32 5d 66 2f a5 9d 93 5a 99 d2 58 8a 5a 29 e4 1e 24 48 3d 50 c8 57 f0 1f d2 25 6f a4 51 4e 2d
f5 94 63 b8 d9 cd d3 c1 b1 36 79 08 1d d0 98 7c 4d 26 40 9a bd 4c a3 77 fd ff 96 26 0e a6 46 a6 92 4e 93 3d 96 74 29 3f 26 ab
40 ca d0 be a6 d5 95 85 01 b1 fc 02 15 08 6d b9 a3 a6 da 07 4c 16 c0 27 68 65 ab 02 df 0e 61 01
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 8e 95 04 14 52 07 ad 99 f9 ciphertext (72 octets): 17 03 03 00 43 54 25 7b ed c2 61 dd 2c f2
26 b4 7c 28 f6 0f a5 31 b9 7d 35 4f 55 ac fe 46 59 b0 37 f1 94 a5 bd f1 3f ed fc 93 7a 46 dd 32 59 9b 6f 16 df 78 2e 92 42 bd
6e 6a 8d c8 da f7 a9 fc 36 27 02 3f c1 df 0b a1 8c a5 90 11 fc 43 b0 b4 7e 79 b6 b5 fd 5a 98 23 d7 6f a6 fc ad 1c 84 97 c3 8a
2f 39 96 ea bc 2f 6d 50 85 93 d6 0b 23 87 d4 bc 62 20 70 af 9e 2a 72 6c 78 b3 ee bc 92 9b 27 66
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 e4 f4 3b 1b 15 b0 75 40 6c ciphertext (24 octets): 17 03 03 00 13 5a d6 a3 97 6d 9d 6c b8 66
2f 32 68 61 99 82 35 6d 78 53 b4 a3 5c 0f b4 53 90 ae dd 88
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 06 18 b6 94 51 58 6b 0d b9 ciphertext (24 octets): 17 03 03 00 13 1d 7f 76 5d 2c d2 65 53 b2
6c 39 08 0f 6b d7 d1 f1 0b 41 f3 a8 c4 0a 71 a7 e6 48 c3 87
5. HelloRetryRequest 5. HelloRetryRequest
In this example, the client initiates a handshake with an X25519 In this example, the client initiates a handshake with an X25519
[RFC7748] share. The server however prefers P-256 [FIPS186] and [RFC7748] share. The server however prefers P-256 [FIPS186] and
sends a HelloRetryRequest that requires the client to generate a key sends a HelloRetryRequest that requires the client to generate a key
share on the P-256 curve. share on the P-256 curve.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 52 99 b5 dc 31 26 3d a4 eb 70 79 f3 f9 private key (32 octets): 2f 74 42 ae 1b ce d7 5e 82 f9 be 34 3c
29 68 d5 1e ce c2 0c 3b aa 64 67 f2 d8 d2 c2 49 88 09 10 af cd fd 6c 14 28 e6 19 f1 f5 1a ae 58 68 01 1b 94 4c ab
public key (32 octets): 9e d2 81 f2 d1 e0 f8 c3 99 a4 90 a8 6a cd public key (32 octets): 18 77 ec d6 d3 b5 46 fb 68 dd 27 35 0f 25
71 9d 46 56 77 db dc b4 45 1f 97 39 e1 22 40 8a d4 32 24 87 b7 e8 7b 8a 91 2c e1 a6 a8 8c d0 bb 02 cd 15 49
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (174 octets): 01 00 00 aa 03 03 24 cc 22 ad 4c 8b 8c ed payload (174 octets): 01 00 00 aa 03 03 b7 c9 bc 82 7e a9 0b 53
c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0 d8 35 f5 d7 81 0d 72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e af 94 e8 85 36 5b
fb b1 80 00 00 06 13 01 13 03 13 02 01 00 00 7b 00 00 00 0b 00 91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 00 7b 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 28 00 26 00 24 00 1d 00 20 9e d2 81 f2 d1 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 18 77 ec d6 d3
e0 f8 c3 99 a4 90 a8 6a cd 71 9d 46 56 77 db dc b4 45 1f 97 39 b5 46 fb 68 dd 27 35 0f 25 24 87 b7 e8 7b 8a 91 2c e1 a6 a8 8c
e1 22 40 8a d4 32 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 d0 bb 02 cd 15 49 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03
05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04
02 05 02 06 02 02 02 00 2d 00 02 01 01 02 05 02 06 02 02 02 00 2d 00 02 01 01
ciphertext (179 octets): 16 03 01 00 ae 01 00 00 aa 03 03 24 cc ciphertext (179 octets): 16 03 01 00 ae 01 00 00 aa 03 03 b7 c9
22 ad 4c 8b 8c ed c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0 bc 82 7e a9 0b 53 72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e
d8 35 f5 d7 81 0d fb b1 80 00 00 06 13 01 13 03 13 02 01 00 00 af 94 e8 85 36 5b 91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 00
7b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 7b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 08 00 06 00 1d 00 17 00 18 00 28 00 26 00 24 00 1d 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00
20 9e d2 81 f2 d1 e0 f8 c3 99 a4 90 a8 6a cd 71 9d 46 56 77 db 20 18 77 ec d6 d3 b5 46 fb 68 dd 27 35 0f 25 24 87 b7 e8 7b 8a
dc b4 45 1f 97 39 e1 22 40 8a d4 32 00 2b 00 03 02 7f 16 00 0d 91 2c e1 a6 a8 8c d0 bb 02 cd 15 49 00 2b 00 03 02 7f 1c 00 0d
00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05
01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11 payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11
be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8
a8 33 9c 00 13 01 00 00 84 00 28 00 02 00 17 00 2c 00 74 00 72 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72
3c c7 0f 98 68 ee 6d bc bb 7b 7c 21 00 00 00 00 73 d2 77 2a 29 20 1c e9 22 bf 9a 57 cc 0c 63 8a 02 00 00 00 00 b5 89 27 72 3a
c9 93 b4 e0 c3 78 de 45 9e 99 ea 00 30 97 19 7d a5 86 38 74 31 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 00 30 39 bc 6d f6 e6 1b 34 45
85 03 d3 dd e2 41 7d 5f b7 8c 92 76 13 14 10 ea a9 2e 9e 8a f5 a1 12 cf 2c 5d f4 b3 bd 4c db 05 07 08 57 d9 f0 22 e8 6a c7 df
4e a0 92 86 7b 67 7d 64 4f 96 d8 c5 fd 48 30 d1 70 dd 1b 3f 8a 91 a9 4a 1b e9 fd 61 ac b3 22 13 7a d5 63 70 dc fa 29 55 aa c6
85 17 ab ee 19 60 52 d8 e4 29 3d 62 f0 3b 6d 29 b6 88 4b 7c 00 d6 ab 28 a2 98 43 62 89 9d 38 b7 b0 9b 3c 4d 86 76 a4 8b b2 c6
cc 5e 6c e7 ac 36 47 0e a7 00 2b 00 02 7f 16 bd 05 02 fc c5 61 b5 50 2e 00 2b 00 02 7f 1c
ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21 ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21
ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c
5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 28 00 02 00 17 5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17
00 2c 00 74 00 72 3c c7 0f 98 68 ee 6d bc bb 7b 7c 21 00 00 00 00 2c 00 74 00 72 20 1c e9 22 bf 9a 57 cc 0c 63 8a 02 00 00 00
00 73 d2 77 2a 29 c9 93 b4 e0 c3 78 de 45 9e 99 ea 00 30 97 19 00 b5 89 27 72 3a 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 00 30 39 bc
7d a5 86 38 74 31 85 03 d3 dd e2 41 7d 5f b7 8c 92 76 13 14 10 6d f6 e6 1b 34 45 a1 12 cf 2c 5d f4 b3 bd 4c db 05 07 08 57 d9
ea a9 2e 9e 8a f5 4e a0 92 86 7b 67 7d 64 4f 96 d8 c5 fd 48 30 f0 22 e8 6a c7 df 91 a9 4a 1b e9 fd 61 ac b3 22 13 7a d5 63 70
d1 70 dd 1b 3f 8a 85 17 ab ee 19 60 52 d8 e4 29 3d 62 f0 3b 6d dc fa 29 55 aa c6 d6 ab 28 a2 98 43 62 89 9d 38 b7 b0 9b 3c 4d
29 b6 88 4b 7c 00 cc 5e 6c e7 ac 36 47 0e a7 00 2b 00 02 7f 16 86 76 a4 8b b2 c6 bd 05 02 fc c5 61 b5 50 2e 00 2b 00 02 7f 1c
{client} create an ephemeral P-256 key pair: {client} create an ephemeral P-256 key pair:
private key (32 octets): e5 d7 d7 16 54 b7 0d 85 b7 ef f8 ff 9f private key (32 octets): 12 04 90 37 70 08 12 91 d2 e2 8c 2e 4c
b4 10 f8 cc 6d 5c 0d 46 cb 4f 3c 96 28 61 c5 20 88 5d e0 cc ae fd fa be a9 02 d6 24 cc 53 7e 17 7e f4 62 e0 4e 68
public key (65 octets): 04 17 35 66 97 92 26 4a 94 82 cf 17 8e 99 public key (65 octets): 04 34 64 59 40 3b b6 5d 0e 0d 11 d1 03 8b
0a e8 49 a3 55 2f 71 ec b8 4c 7b 02 2b 84 f0 57 eb b9 03 a2 e7 e7 1b 03 a7 56 2b 01 e0 3a a1 b5 80 25 c4 65 88 a4 09 3f 1c 75
ad 9d 2f 7d 44 e3 59 1a d0 04 33 a6 b2 d8 6d 57 9a af 1b 6a 2b 98 bd 8c 79 ee 7e fc 5b a7 49 bd 24 3c 10 82 12 3a 37 f9 3f 9a
01 72 df 0e 6e 00 08 7a bb 00 8c ff 64 5b c4 e5 8f 20
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 24 cc 22 ad 4c 8b 8c ed payload (512 octets): 01 00 01 fc 03 03 b7 c9 bc 82 7e a9 0b 53
c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0 d8 35 f5 d7 81 0d 72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e af 94 e8 85 36 5b
fb b1 80 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 28 00 47 00 45 00 17 00 41 04 17 35 66 97 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 34 64 59 40
92 26 4a 94 82 cf 17 8e 99 0a e8 49 a3 55 2f 71 ec b8 4c 7b 02 3b b6 5d 0e 0d 11 d1 03 8b e7 1b 03 a7 56 2b 01 e0 3a a1 b5 80
2b 84 f0 57 eb b9 03 a2 e7 ad 9d 2f 7d 44 e3 59 1a d0 04 33 a6 25 c4 65 88 a4 09 3f 1c 75 98 bd 8c 79 ee 7e fc 5b a7 49 bd 24
b2 d8 6d 57 9a af 1b 6a 2b 01 72 df 0e 6e 00 08 7a bb 00 2b 00 3c 10 82 12 3a 37 f9 3f 9a 00 8c ff 64 5b c4 e5 8f 20 00 2b 00
03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c
00 74 00 72 3c c7 0f 98 68 ee 6d bc bb 7b 7c 21 00 00 00 00 73 00 74 00 72 20 1c e9 22 bf 9a 57 cc 0c 63 8a 02 00 00 00 00 b5
d2 77 2a 29 c9 93 b4 e0 c3 78 de 45 9e 99 ea 00 30 97 19 7d a5 89 27 72 3a 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 00 30 39 bc 6d f6
86 38 74 31 85 03 d3 dd e2 41 7d 5f b7 8c 92 76 13 14 10 ea a9 e6 1b 34 45 a1 12 cf 2c 5d f4 b3 bd 4c db 05 07 08 57 d9 f0 22
2e 9e 8a f5 4e a0 92 86 7b 67 7d 64 4f 96 d8 c5 fd 48 30 d1 70 e8 6a c7 df 91 a9 4a 1b e9 fd 61 ac b3 22 13 7a d5 63 70 dc fa
dd 1b 3f 8a 85 17 ab ee 19 60 52 d8 e4 29 3d 62 f0 3b 6d 29 b6 29 55 aa c6 d6 ab 28 a2 98 43 62 89 9d 38 b7 b0 9b 3c 4d 86 76
88 4b 7c 00 cc 5e 6c e7 ac 36 47 0e a7 00 2d 00 02 01 01 00 15 a4 8b b2 c6 bd 05 02 fc c5 61 b5 50 2e 00 2d 00 02 01 01 00 15
00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 24 cc ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 b7 c9
22 ad 4c 8b 8c ed c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0 bc 82 7e a9 0b 53 72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e
d8 35 f5 d7 81 0d fb b1 80 00 00 06 13 01 13 03 13 02 01 00 01 af 94 e8 85 36 5b 91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 01
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 08 00 06 00 1d 00 17 00 18 00 28 00 47 00 45 00 17 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00
41 04 17 35 66 97 92 26 4a 94 82 cf 17 8e 99 0a e8 49 a3 55 2f 41 04 34 64 59 40 3b b6 5d 0e 0d 11 d1 03 8b e7 1b 03 a7 56 2b
71 ec b8 4c 7b 02 2b 84 f0 57 eb b9 03 a2 e7 ad 9d 2f 7d 44 e3 01 e0 3a a1 b5 80 25 c4 65 88 a4 09 3f 1c 75 98 bd 8c 79 ee 7e
59 1a d0 04 33 a6 b2 d8 6d 57 9a af 1b 6a 2b 01 72 df 0e 6e 00 fc 5b a7 49 bd 24 3c 10 82 12 3a 37 f9 3f 9a 00 8c ff 64 5b c4
08 7a bb 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 e5 8f 20 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2c 00 74 00 72 3c c7 0f 98 68 ee 6d bc bb 7b 7c 06 02 02 02 00 2c 00 74 00 72 20 1c e9 22 bf 9a 57 cc 0c 63 8a
21 00 00 00 00 73 d2 77 2a 29 c9 93 b4 e0 c3 78 de 45 9e 99 ea 02 00 00 00 00 b5 89 27 72 3a 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d
00 30 97 19 7d a5 86 38 74 31 85 03 d3 dd e2 41 7d 5f b7 8c 92 00 30 39 bc 6d f6 e6 1b 34 45 a1 12 cf 2c 5d f4 b3 bd 4c db 05
76 13 14 10 ea a9 2e 9e 8a f5 4e a0 92 86 7b 67 7d 64 4f 96 d8 07 08 57 d9 f0 22 e8 6a c7 df 91 a9 4a 1b e9 fd 61 ac b3 22 13
c5 fd 48 30 d1 70 dd 1b 3f 8a 85 17 ab ee 19 60 52 d8 e4 29 3d 7a d5 63 70 dc fa 29 55 aa c6 d6 ab 28 a2 98 43 62 89 9d 38 b7
62 f0 3b 6d 29 b6 88 4b 7c 00 cc 5e 6c e7 ac 36 47 0e a7 00 2d b0 9b 3c 4d 86 76 a4 8b b2 c6 bd 05 02 fc c5 61 b5 50 2e 00 2d
00 02 01 01 00 15 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 01 00 15 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skipping to change at page 25, line 37 skipping to change at page 29, line 29
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral P-256 key pair: {server} create an ephemeral P-256 key pair:
private key (32 octets): b1 6d 06 d1 40 ff d5 a9 3b b1 bf 4d 58 private key (32 octets): 02 03 21 a8 85 5a 5c ce 43 5e c4 eb 2c
d7 3d 97 06 62 b9 a5 50 25 ca 63 bc b1 b4 f6 75 ac 73 15 74 54 9d cd 14 b2 50 cc 88 ae b4 e1 a8 27 77 a2 a8 3d e2
public key (65 octets): 04 89 cf b4 c1 91 61 f7 0e b1 5a 43 81 40 public key (65 octets): 04 a9 fc 26 e5 99 e4 8d ed 07 36 f4 b1 b2
02 13 53 46 37 bd b4 fe d0 20 a9 2e 59 d9 58 10 ff eb e3 a8 dd 20 2b f4 9c f3 e5 eb 5a 37 0b aa 88 8b 45 50 27 32 36 85 e5 e8
bd f2 e2 cc 65 71 fe 17 df 28 3a 37 22 f1 23 f3 32 fc b0 cb 3d eb 52 e1 d3 63 73 08 76 d4 4a 1a cf 53 25 8e a6 e1 75 c1 4c 5f
8b bb 9f 0b 65 e0 07 46 ae 20 2c a0 eb b8 a7 3a f2 34
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 26, line 20 skipping to change at page 30, line 13
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): ba 1c d6 f8 aa 98 a2 de ff b7 ba bb 8e 52 4d 2f ikm (32 octets): 67 5e 8f e3 7d f3 8e b4 ae d1 ac 3e a4 a0 a1 63
d3 e8 2d 5c ff 5d 7b e3 0a 20 80 ef 62 6a 92 b3 a7 26 56 83 e4 3d ca 95 40 43 87 73 24 aa cf 70
secret (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a secret (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69
3e 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8 69 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a 3e PRK (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 69
6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e
hash (32 octets): 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30 09 hash (32 octets): 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33 fe
c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27 bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30 61 66 66 69 63 20 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33
09 c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27 fe bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f
output (32 octets): 1e af b2 10 3a c5 96 e5 a8 67 3e ae 2c 42 0c output (32 octets): 96 f0 1d 63 6d 87 b9 36 1c 0b 8b 93 0c de d9
ff b2 d9 45 99 d9 00 08 94 0b db a8 8c a7 71 26 26 7b 59 06 0b 89 3b e2 4e 5d 64 b5 25 86 c0 39 ac 18
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a 3e PRK (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 69
6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e
hash (32 octets): 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30 09 hash (32 octets): 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33 fe
c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27 bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30 61 66 66 69 63 20 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33
09 c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27 fe bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f
output (32 octets): 82 54 e1 25 3f 75 bf a5 bb 5c 4e f2 b1 bb 79 output (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f
73 e0 b7 b8 32 51 31 2b ce 86 30 8e a1 27 b5 52 e0 a1 20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a 3e PRK (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 69
6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 91 74 25 ca 4f 3e 40 22 e2 e6 bb 99 25 f2 f7 output (32 octets): ef ff c0 f0 7a 08 0f cd c7 7e 55 8a 02 f1 77
08 e9 7c 1c 75 56 cd e8 63 52 1f 40 b3 c8 2f 49 36 f7 32 a9 ff 20 12 8b 66 a0 de e7 1c a3 99 74 ba c8
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 91 74 25 ca 4f 3e 40 22 e2 e6 bb 99 25 f2 f7 08 salt (32 octets): ef ff c0 f0 7a 08 0f cd c7 7e 55 8a 02 f1 77 f7
e9 7c 1c 75 56 cd e8 63 52 1f 40 b3 c8 2f 49 36 32 a9 ff 20 12 8b 66 a0 de e7 1c a3 99 74 ba c8
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 secret (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c
3c 18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95 be 84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00
{server} send handshake record: {server} send handshake record:
payload (123 octets): 02 00 00 77 03 03 eb 62 5e d0 a8 a3 3c 5f payload (123 octets): 02 00 00 77 03 03 a9 8d a5 12 67 95 e8 50
a3 c2 77 5a eb a4 c6 2a 4f 31 71 f2 ff ea e4 ea 53 38 27 30 41 bf d4 69 ae 41 2c 8a d6 c6 a2 43 da b5 ca 68 9b cc 37 7b 7f 45
6f f7 3a 00 13 01 00 00 4f 00 28 00 45 00 17 00 41 04 89 cf b4 7e 93 57 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 a9 fc 26
c1 91 61 f7 0e b1 5a 43 81 40 02 13 53 46 37 bd b4 fe d0 20 a9 e5 99 e4 8d ed 07 36 f4 b1 b2 20 2b f4 9c f3 e5 eb 5a 37 0b aa
2e 59 d9 58 10 ff eb e3 a8 dd bd f2 e2 cc 65 71 fe 17 df 28 3a 88 8b 45 50 27 32 36 85 e5 e8 eb 52 e1 d3 63 73 08 76 d4 4a 1a
37 22 f1 23 f3 32 fc b0 cb 3d 8b bb 9f 0b 65 e0 07 46 ae 00 2b cf 53 25 8e a6 e1 75 c1 4c 5f 20 2c a0 eb b8 a7 3a f2 34 00 2b
00 02 7f 16 00 02 7f 1c
ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 eb 62 ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 a9 8d
5e d0 a8 a3 3c 5f a3 c2 77 5a eb a4 c6 2a 4f 31 71 f2 ff ea e4 a5 12 67 95 e8 50 bf d4 69 ae 41 2c 8a d6 c6 a2 43 da b5 ca 68
ea 53 38 27 30 41 6f f7 3a 00 13 01 00 00 4f 00 28 00 45 00 17 9b cc 37 7b 7f 45 7e 93 57 00 13 01 00 00 4f 00 33 00 45 00 17
00 41 04 89 cf b4 c1 91 61 f7 0e b1 5a 43 81 40 02 13 53 46 37 00 41 04 a9 fc 26 e5 99 e4 8d ed 07 36 f4 b1 b2 20 2b f4 9c f3
bd b4 fe d0 20 a9 2e 59 d9 58 10 ff eb e3 a8 dd bd f2 e2 cc 65 e5 eb 5a 37 0b aa 88 8b 45 50 27 32 36 85 e5 e8 eb 52 e1 d3 63
71 fe 17 df 28 3a 37 22 f1 23 f3 32 fc b0 cb 3d 8b bb 9f 0b 65 73 08 76 d4 4a 1a cf 53 25 8e a6 e1 75 c1 4c 5f 20 2c a0 eb b8
e0 07 46 ae 00 2b 00 02 7f 16 a7 3a f2 34 00 2b 00 02 7f 1c
{server} derive write traffic keys for handshake data:
PRK (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f a1
20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): c9 66 8b e3 a4 eb 59 74 eb 92 ff 02 bb d7
2e 0b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a0 3e bc f0 df 01 00 7b 81 7b 21 de
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 82 54 e1 25 3f 75 bf a5 bb 5c 4e f2 b1 bb 79 73 PRK (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f a1
e0 b7 b8 32 51 31 2b ce 86 30 8e a1 27 b5 52 e0 20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): a3 3a 40 a0 16 61 06 92 2f 96 9d 66 28 69 0e output (32 octets): c9 32 f8 bb a8 09 0c d8 3c fa ae 73 f8 41 79
ad 71 29 6b 1c 9f 44 14 64 e8 f4 c4 c2 33 14 10 15 6c bb a9 97 73 28 e4 53 d6 a1 da c8 8c a8 0b 2b ec
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (639 octets): 08 00 00 12 00 10 00 0a 00 08 00 06 00 17 payload (639 octets): 08 00 00 12 00 10 00 0a 00 08 00 06 00 17
00 18 00 1d 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 00 18 00 1d 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03
72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17
skipping to change at page 28, line 47 skipping to change at page 33, line 5
80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93
ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03
01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06
03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a
72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea 72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea
e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01
51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be 51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be
c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b
1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8
96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 96 96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 7d
ac 87 45 e8 60 64 a1 18 d3 35 75 88 1c c7 db 99 b7 ad 5c f6 42 29 50 6f 66 e0 87 bd b7 c1 5b 15 f5 f9 32 72 41 8a 59 c5 74 59
04 2f 0c 6a 4c 65 42 d6 15 3e f7 b4 71 2d 9f 9f 7c 16 7a 9c fe 13 33 9c f3 78 5a 39 86 78 55 66 d7 95 2d 9e a9 ab 9f 77 87 6e
1b 9f 7a e7 41 4b ff 4c d1 3c dd 81 1d ce 07 ce 22 7b f2 ec 74 6a 39 8b 5b 88 2c 83 e5 43 d3 c1 80 95 30 ef 30 70 fb e4 eb a9
38 e9 22 6e 7d da 00 0e f8 34 85 60 ed 21 6b 28 a8 bc 6d b6 10 07 2c 6c 23 95 6b de 0e 61 4c d0 13 aa e7 9c b1 86 76 0a 95 55
3c aa 96 00 d8 84 7c a6 f0 ea 40 64 da 4f 7d 6d c7 b5 98 ff 54 aa 7c 62 2a 29 5c ce 9e f4 7b eb 28 06 10 29 4e a0 a4 cc ca 29
36 a0 4e 01 7d e3 2c 12 eb f3 2e 55 3b e2 60 3e 0f 63 20 63 42 92 00 ab f2 25 44 3d 0b 50 d1 f8 b1 fa 9b 98 f3 38 b8 00 65 08
b8 14 00 00 20 a4 98 49 23 dd 33 35 94 bd 90 4b 9e 80 1b c1 88 87 14 00 00 20 43 2a 86 e1 4a 5e 66 f5 57 83 3f 39 ea eb 85 71
73 31 57 ba 4b 16 c7 62 cd a9 f6 f3 0f e9 a6 88 13 0b cd 59 ba 06 5d 8d 6d b4 26 ac 11 43 da 0e
ciphertext (661 octets): 17 03 03 02 90 11 09 c2 d4 04 4a ea 1f ciphertext (661 octets): 17 03 03 02 90 2a 10 90 52 02 96 ad d1
e6 a7 d0 e1 52 4a 86 e6 b3 fd 43 3a 4a 86 8a 8c 10 1a 58 ab b3 82 97 94 74 52 0d 25 ef c8 1d 11 77 14 c5 0d d5 32 d9 df f1 fa
38 1e 66 c6 9a bc b0 0d c0 ba d7 b4 9c c3 24 55 aa 28 c8 e5 13 fe 96 c7 3b 66 e4 7d 81 e6 25 2b 66 86 b8 86 37 10 26 0e 15 4b
13 a0 9b 4f 19 fc 3c b9 9b 35 5e 8a 4a fc 74 84 c4 c6 d4 de 32 c4 8d 8a e2 f2 67 45 f5 98 ee 7b 46 70 cb 87 89 3a 73 81 7f cb
d5 75 01 4c 53 71 48 ce 7d df 31 d9 3a f5 fb f1 ac dd b8 c7 13 09 45 5f e5 8d 49 5c 07 7a ca a3 b3 ae 9c cc a4 58 5b 12 6d f4
32 e7 ce d7 7a 2f 4d e0 16 dd 98 5a 2c ec 06 8a e2 49 fd a9 bc 8c 5f a4 f9 d2 b4 b5 0b dc 72 a8 42 eb 09 5f 71 f9 24 77 d4 5d
a4 d7 23 19 5a df d8 b8 03 95 00 e9 e1 d6 c6 01 20 6a 6a 85 33 d8 ee 69 62 81 87 86 0d f3 d6 8b 80 a3 c7 c7 d4 ca 36 61 69 2f
56 1a ab ca f5 cc f2 e2 b7 c5 9e 74 75 1a 41 ca 95 15 03 26 a8 a4 64 23 f5 64 2d 73 6e 27 63 b0 41 07 47 f6 55 eb db 18 37 c1
f2 25 56 7f bb 9f ad 99 39 b6 d6 ca a2 47 90 05 d9 4b b8 95 18 6f 59 bd c2 db 64 e3 92 fd 92 77 b0 ac e7 1c 1a 15 da e4 13 6c
ca 63 84 cf 66 dd 97 36 2f 8c 40 13 26 d4 22 d5 3f bd 68 1b 14 84 aa 17 7b 69 4d 33 e0 b0 ac 68 0b f0 46 54 d0 03 75 84 c9 b4
09 16 ec 14 31 45 32 49 04 dd 7f 63 26 96 81 a1 36 f2 e6 15 f4 06 59 87 ff 49 02 70 07 f9 1b 95 29 ef a3 87 2c 6a df a9 a9 f8
7e e9 e3 2a a3 25 2e 0c 3b 1d 47 a9 92 63 50 b4 98 5b 96 51 ef 75 4a 57 f2 a1 6c 16 d3 34 06 ac 27 a8 93 ca 13 2c c3 3a 89 d2
c5 14 80 09 61 6d 75 df dd e9 33 1f e2 ae e5 44 c4 a1 40 10 2a 2f f1 fa 70 c0 c6 06 10 1d 89 64 ff 42 3d 13 b7 ac 11 b7 e9 47
db c1 12 d4 45 1e 1b 90 46 02 9e 71 b9 36 60 49 c9 ac aa 36 82 91 b0 51 45 6a 9b 6f 41 b6 66 00 79 60 8e 87 22 d2 ad 87 36 92
79 f0 dc 27 00 bb 15 1d 96 6d 2d 71 a7 55 44 6a 74 9f 3f fb 2b bf db 79 f2 9e 67 e4 16 6d 82 a9 5c be 36 e3 d1 67 88 f5 32 33
10 11 0d 2f 9d c2 1e f7 1d b7 2b 53 ae 2b a8 70 70 f2 79 15 b8 7b f9 4c bf 54 31 02 22 4e 45 ee 98 0d 05 d4 68 fa dc 12 91 a2
a3 4a 4c 92 03 70 36 3b f7 75 98 a8 99 3d 6d 97 45 53 f7 6a 83 6f 13 81 01 5c 21 f3 d5 d6 36 9f 29 51 7e a2 f6 1b 9b 7f 20 6a
dd e2 a5 5c 30 10 ed bf 86 ec 45 6c 5e 12 f4 fb 28 3f d5 25 e2 63 c8 10 d1 3b 74 e4 29 e6 6d 08 1e 41 7f 96 6e 82 88 da a5 52
2b f8 4e 28 03 41 9a 1f 5c 0d 83 7c e5 bc b1 8c 36 18 06 35 c1 2d b6 cb 22 35 33 d6 e6 84 2a 70 6c e0 9f 3d 12 19 b6 4f 08 f5
d3 28 30 f4 af f6 60 7a 72 81 1e 4e 19 02 b1 c0 88 4e 3c 97 dd f4 d2 ca 3d 55 6d 88 64 1f 16 25 de 1e cc 65 5f e5 17 c1 f0 a5
44 3f 69 5e e3 fe 76 db 3e cc d4 36 ae 87 0f 7f 1d b1 3e 00 cc a4 9c 79 62 00 02 2d 22 cd cb 70 8c 27 fd d4 16 7a a8 68 fa f7
41 9c c4 5a 44 69 29 92 c2 e1 62 41 fb 31 d4 ed e3 95 77 2b 31 be b6 ca 42 e2 da d2 b8 a7 7c 3f a8 68 83 35 de 97 f9 06 bf 69
fd e3 cc 4d b3 27 64 0f 48 d8 3f 63 5f 95 be f6 7f b3 60 c3 c9 09 20 60 b4 23 dd 9c 1a 7e 9e c2 3c 78 4c 52 a7 a0 44 35 6c e1
8e db d6 ae 57 4f ae d0 dc 59 38 20 b2 48 3e 6f 2d ae 39 51 5d 27 c3 54 73 ed 92 49 fe 68 1a 70 ca 11 db c1 e5 4f 51 12 ae 74
9c 54 b9 d1 66 5a 7c ac 02 16 fa 32 55 0a a4 46 a5 e3 7c 9d af d1 88 c2 db dc f0 66 13 28 02 10 5e 8b de ae 53 50 b1 b3 55 34
54 ed 38 71 39 eb 85 47 cc 53 13 7b 02 37 4b 4a 03 4d 38 18 69 a6 82 91 73 03 fb eb 65 3b bc 4b 0c 5c 77 4b b2 94 dc 50 44 c4
57 81 da 2a 23 ec 82 b5 81 98 3d 69 5b 84 37 94 07 cc 87 dc 85 7f 70 5b d6 80 73 af 3a e5 c6 45 29 1e fc 9d 9c 17 6b 19 bd 95
4e 0d 06 3e 6d 62 d2 3c 97 97 5e 91 7d b6 d5 21 82 83 a2 e8 15 47 55 dc a2 2e 2b 52 13 a5 37 2e d9 6b 9f 89 f6 30 80 89 f3 98
16 43 37 5f 0b a1 84 59 91 ed 6f 40 9a 68 31 b5 7a 1c 5d dd 88 2a 13 f2 41 30 3b 2e 5d c0 d4 3f fa 73 16 d2 79 bd 78 d1 65 e0
fe b6 e9 cc 66 ee 1f 3c 28 60 f6 1d f0 f8 1e bb 3b 0a 87 2d 0c 33 61 16 66 fd 79 a3 90 95 db f5 5a 43 e0 89 b1 3b db 6a 33 ef
2d 00 ae 84 44 5f 47 89 31 7d 02 e1 b6 75 a8 db cc 45 66 34 28 b3 bb 0b 67 9c 58 9d 2a 3e 4f 56 18 46 dd 9b 34 c4 68 a9 ce 4d
95 ff 20 77 d8 9d 20 2d 86 43 22 be 4c c6 b3 f0 bf df bd 63 59 29 f7 b5 1f 21 a9 67 92 97 22 7d 7e a1 db 4c
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be
18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95 84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00
hash (32 octets): 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89 hash (32 octets): 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54
cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 61 66 66 69 63 20 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35
89 cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42 54 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98
output (32 octets): de 2e 40 35 e0 1c 52 ea e4 d5 b8 b3 46 50 c3 output (32 octets): 33 60 70 33 79 0d 4d 7d 0f d0 db d9 6f 3c 78
32 04 53 6b 07 03 09 21 e4 31 95 37 b4 a0 90 1e e0 21 75 8f 78 14 79 4f 9b b1 e9 c9 17 de 7b ef d4 b2
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be
18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95 84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00
hash (32 octets): 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89 hash (32 octets): 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54
cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 61 66 66 69 63 20 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35
89 cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42 54 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98
output (32 octets): 14 ff 87 2f 92 e2 e2 5c c2 18 e0 15 bf db f7 output (32 octets): 82 4f 40 74 98 f3 55 f7 c4 56 7d 1a c4 9d a3
b9 1d b3 42 c7 20 00 e2 bd 1d 5c 08 06 d7 56 ab 4d cc 44 1c fe a5 7c 86 6d 01 28 04 88 63 74 bb 4f a1
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be
18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95 84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00
hash (32 octets): 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89 hash (32 octets): 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54
cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89 cd 74 65 72 20 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54 51
9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98
output (32 octets): 10 9f ba 7b bc 8d 86 f3 f8 56 bf d6 a1 0e f3 output (32 octets): aa 09 d0 be d1 a3 70 92 4b bd 25 44 60 e7 71
c2 fb f6 8c 6e 06 70 1b ab 97 6b a8 0c bf 00 12 d5 c4 f1 3c 0a 68 8f 6b b9 f5 b1 e3 35 7b 72 42 c9 17
{server} derive write traffic keys for application data:
PRK (32 octets): 82 4f 40 74 98 f3 55 f7 c4 56 7d 1a c4 9d a3 cc
44 1c fe a5 7c 86 6d 01 28 04 88 63 74 bb 4f a1
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1d dd e3 13 e4 23 c0 bb b4 6e 21 55 4e 62
bc 02
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 1d 33 01 7e 40 29 4c bc df b2 cd ec
{server} derive read traffic keys for handshake data:
PRK (32 octets): 96 f0 1d 63 6d 87 b9 36 1c 0b 8b 93 0c de d9 7b
59 06 0b 89 3b e2 4e 5d 64 b5 25 86 c0 39 ac 18
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): dd e8 55 4c 07 08 a0 f7 7c dd da 22 50 43
b4 82
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 10 90 01 0f e7 e8 21 c7 40 6b 82 d0
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 31, line 23 skipping to change at page 36, line 8
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): ba 1c d6 f8 aa 98 a2 de ff b7 ba bb 8e 52 4d 2f ikm (32 octets): 67 5e 8f e3 7d f3 8e b4 ae d1 ac 3e a4 a0 a1 63
d3 e8 2d 5c ff 5d 7b e3 0a 20 80 ef 62 6a 92 b3 a7 26 56 83 e4 3d ca 95 40 43 87 73 24 aa cf 70
secret (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a secret (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69
3e 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8 69 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f a1
20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): c9 66 8b e3 a4 eb 59 74 eb 92 ff 02 bb d7
2e 0b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a0 3e bc f0 df 01 00 7b 81 7b 21 de
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as
server read traffic keys)
{client} derive read traffic keys for application data (same as
server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 1e af b2 10 3a c5 96 e5 a8 67 3e ae 2c 42 0c ff PRK (32 octets): 96 f0 1d 63 6d 87 b9 36 1c 0b 8b 93 0c de d9 7b
b2 d9 45 99 d9 00 08 94 0b db a8 8c a7 71 26 26 59 06 0b 89 3b e2 4e 5d 64 b5 25 86 c0 39 ac 18
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 19 3b 17 c6 19 fb 94 85 1f 97 91 db 7b 9a 9e output (32 octets): a2 e7 bc 56 e4 4c 66 f7 b1 f7 e9 5f 43 4b 03
03 9d 4f 81 96 9a 93 71 02 06 4b 45 a3 be e9 a3 12 49 7c 09 11 73 96 b8 6e a1 88 a2 e7 5e 4b 5b 52 bd
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 3c 9c 63 c4 72 e5 d6 ab 04 4d 14 payload (36 octets): 14 00 00 20 dd 60 b6 e8 68 65 0c d8 8a 16 ae
59 2e 5a d8 a2 ef 4c 1d 70 f7 f7 7a 13 3c 8d cc fc 05 a6 df 52 ea be c9 ef 92 8b d1 4a 55 cc fc 9b 25 36 bb f8 5b ef cb a9 2f
ciphertext (58 octets): 17 03 03 00 35 cd db d8 39 c3 4d 8d b2 a1 ciphertext (58 octets): 17 03 03 00 35 10 83 df 24 a1 2c 20 11 96
fc 58 5e 55 78 f6 5f ec 70 81 d6 95 00 88 09 02 5c 0c 9d 4f 87 5e 1c 0c d5 82 85 53 dc 17 d9 4f 60 a4 b9 03 58 8c d3 00 63 3b
5a f9 e7 10 d7 52 a2 0a 3d 2c 59 86 7e 92 6e b4 39 52 e2 8f 91 de 1c 93 48 a5 38 d4 a9 67 66 ce e5 2c 32 46 4c 84 8b cd 12 19
83 da 9b 2f
{client} derive write traffic keys for application data:
PRK (32 octets): 33 60 70 33 79 0d 4d 7d 0f d0 db d9 6f 3c 78 21
75 8f 78 14 79 4f 9b b1 e9 c9 17 de 7b ef d4 b2
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 74 df 54 32 03 d8 58 9d c5 27 43 85 9f 6c
cd da
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c1 af 57 8c 97 99 e3 a6 48 08 70 35
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be
18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95 84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00
hash (32 octets): cb 0c c7 bc 35 ef 49 7c be e7 ea fa 2b ff a2 2f hash (32 octets): e6 a1 73 98 69 66 1d dc bb dc 11 0a ed ed 74 bc
8d a5 b8 28 5e 83 35 48 0c 33 65 81 32 22 2c c2 13 74 65 fa a9 20 ec 69 ea 9e cc 73 60 b2 9d d2
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 cb 0c c7 bc 35 ef 49 7c be e7 ea fa 2b ff a2 2f 8d 74 65 72 20 e6 a1 73 98 69 66 1d dc bb dc 11 0a ed ed 74 bc 13
a5 b8 28 5e 83 35 48 0c 33 65 81 32 22 2c c2 74 65 fa a9 20 ec 69 ea 9e cc 73 60 b2 9d d2
output (32 octets): 18 8c 90 bc 6f a9 7a 8d d5 55 1d 80 b1 ae 18 output (32 octets): 5f 86 e4 2a b7 ff e8 49 b9 3e ed b3 f6 e3 88
42 4c f3 e2 f6 90 bc 70 54 e3 6b 33 3f 17 30 17 f3 a8 a4 55 72 b1 cc 03 88 30 44 c6 dd 25 04 57 b9 8b
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 93 21 5e 8c f7 98 69 b6 9a ciphertext (24 octets): 17 03 03 00 13 a5 48 29 ee 82 c4 6f 8a 11
28 57 8f 90 f4 c6 94 6e 5c 9b 08 8a ff d2 51 1e 5c 2d d6 d1
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 4a b5 80 73 c0 a8 93 de 17
76 47 6d ec d2 5e 97 84 e3 d1 ciphertext (24 octets): 17 03 03 00 13 54 78 81 09 80 71 83 23 ed
12 c2 e3 d1 a0 c0 f4 87 72 40
6. Client Authentication 6. Client Authentication
In this example, the server requests client authentication. The In this example, the server requests client authentication. The
client uses a certificate with an RSA key, the server uses an ECDSA client uses a certificate with an RSA key, the server uses an ECDSA
certificate with a P-256 key. certificate with a P-256 key. Note that private keys for this
example are not included in the draft.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): a4 0d c1 93 0c 00 af 0e 9d 3b c2 6c f9 private key (32 octets): 6d 8b a2 5f f1 2f 88 11 f2 67 80 03 48
0f 5e ee 7d ba 97 17 1f 53 2b 71 7f ef bf bf 87 08 38 c9 ea da fc c1 c5 74 1c 65 fc 45 8d fd b4 f8 f0 19 8f 01 c9
public key (32 octets): d5 dd 20 0f ad 08 39 7b 40 f3 e6 14 45 24 public key (32 octets): 96 33 5a 91 2f 9a 39 44 4c cc 04 fd 51 51
0c 75 78 5e b2 e5 0b 72 7c 5a 04 91 64 0d c1 2c 3a 0e f0 de 0b da 04 02 75 dd 2f 07 10 5a 1c 7d 93 89 99 13
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (186 octets): 01 00 00 b6 03 03 a3 ce 03 a9 0c 76 17 79 payload (186 octets): 01 00 00 b6 03 03 1d fe f2 73 b4 49 8b 2c
2d ee d9 6e 55 b1 6a b8 fc 10 91 2c 67 f3 3d db d1 50 b3 25 d5 68 e0 44 af 2c 39 12 ca 6e 91 4b d8 88 f9 09 41 8b f4 8b a3 b5
ca d6 58 00 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 75 a4 a1 00 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 28 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 d5 dd 20 0f ad 08 39 7b 40 f3 e6 14 45 24 26 00 24 00 1d 00 20 96 33 5a 91 2f 9a 39 44 4c cc 04 fd 51 51
0c 75 78 5e b2 e5 0b 72 7c 5a 04 91 64 0d c1 2c 3a 0e 00 2b 00 f0 de 0b da 04 02 75 dd 2f 07 10 5a 1c 7d 93 89 99 13 00 2b 00
03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d
00 02 01 01 00 02 01 01
ciphertext (191 octets): 16 03 01 00 ba 01 00 00 b6 03 03 a3 ce ciphertext (191 octets): 16 03 01 00 ba 01 00 00 b6 03 03 1d fe
03 a9 0c 76 17 79 2d ee d9 6e 55 b1 6a b8 fc 10 91 2c 67 f3 3d f2 73 b4 49 8b 2c 68 e0 44 af 2c 39 12 ca 6e 91 4b d8 88 f9 09
db d1 50 b3 25 d5 ca d6 58 00 00 06 13 01 13 03 13 02 01 00 00 41 8b f4 8b a3 b5 75 a4 a1 00 00 06 13 01 13 03 13 02 01 00 00
87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 28 00 26 00 24 00 1d 00 20 d5 dd 20 0f ad 08 39 7b 03 01 04 00 33 00 26 00 24 00 1d 00 20 96 33 5a 91 2f 9a 39 44
40 f3 e6 14 45 24 0c 75 78 5e b2 e5 0b 72 7c 5a 04 91 64 0d c1 4c cc 04 fd 51 51 f0 de 0b da 04 02 75 dd 2f 07 10 5a 1c 7d 93
2c 3a 0e 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 89 99 13 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2d 00 02 01 01 06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 01 f2 df a3 5d 2f f7 47 3c b2 b2 85 25 private key (32 octets): 4c 22 f1 c1 22 00 9b 54 ae dc 6f 54 2e
74 2d a0 58 a0 35 c7 f8 21 bc 86 bf c2 11 72 16 be cc aa 98 01 4d a2 91 e6 f5 b8 77 03 67 5e 49 f6 10 06 ae 86 65
public key (32 octets): b5 89 13 10 62 da ed c2 12 1b b7 5c 36 88 public key (32 octets): c5 4d 65 0c e2 52 6e 90 24 f2 a3 68 9e 3b
0b 71 12 c1 96 7f fe 17 db 5f a7 ef ef 22 90 90 1e 3d 82 58 87 e5 82 b6 c0 e6 07 75 dd a0 bd 2f 8a 5b 6d 53
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 34, line 40 skipping to change at page 40, line 13
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 94 2f 83 fa ee 2f ad ad 24 2e eb fb c7 a6 6d 5e ikm (32 octets): 49 a2 14 3a 0c 4b 7c a4 e9 c1 3a 6f 64 93 88 ec
c7 71 04 b1 3c d4 97 e0 b1 0d 9d 70 69 1d e8 6a 4d 34 87 b5 dc d0 68 37 bd 5c 41 23 a2 e0 1e 5b
secret (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 secret (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97
e5 e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f 3e c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 e5 PRK (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 3e
e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d
hash (32 octets): 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59 8c hash (32 octets): b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e ec
e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b 8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59 61 66 66 69 63 20 b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e
8c e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b ec 8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d
output (32 octets): e8 d4 bb 93 8c a3 de 6d 1d 7c 78 01 a5 57 20 output (32 octets): 06 bd cc 2f 05 32 35 23 70 af 13 71 84 d5 66
aa df cd 34 2d c8 a4 47 04 1d 21 7c 83 c8 df f3 94 31 4a cb 81 bb e1 d2 98 02 f5 78 ef 1e 43 72 26 35
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 e5 PRK (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 3e
e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d
hash (32 octets): 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59 8c hash (32 octets): b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e ec
e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b 8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59 61 66 66 69 63 20 b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e
8c e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b ec 8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d
output (32 octets): 8b fc e8 b0 11 4e ac cd 83 64 68 b5 e4 60 30 output (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90
fd 32 1c 37 20 7a 41 cd 22 66 4f 56 53 14 f2 1e 05 39 1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 e5 PRK (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 3e
e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f d8 3c 95 03 f0 45 fb a0 08 69 a3 23 22 28 output (32 octets): 30 5e e3 40 d4 47 ef 6d 28 26 2a b4 9f 3a f7
0f 38 85 3f cd 95 15 f1 3c e5 09 60 f0 e6 00 24 84 b0 2c e2 ff db c1 25 fb da 8a 36 45 f4 6f 79 04 e6
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 6f d8 3c 95 03 f0 45 fb a0 08 69 a3 23 22 28 0f salt (32 octets): 30 5e e3 40 d4 47 ef 6d 28 26 2a b4 9f 3a f7 b0
38 85 3f cd 95 15 f1 3c e5 09 60 f0 e6 00 24 84 2c e2 ff db c1 25 fb da 8a 36 45 f4 6f 79 04 e6
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 secret (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7
0a b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba 56 ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 0b 21 fe 7a 05 5c 66 77 67 payload (90 octets): 02 00 00 56 03 03 d8 ef 9b d4 2a f5 87 b5 27
7b 21 e0 7d fc 22 f9 65 92 1c 5c 3e 0c c8 85 b1 71 5e 2e 01 a8 30 bd c6 67 4a 66 bf e4 04 1a 57 ef de 4f 63 9c c2 4c 22 f9 e9
91 3d 00 13 01 00 00 2e 00 28 00 24 00 1d 00 20 b5 89 13 10 62 77 77 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 c5 4d 65 0c e2
da ed c2 12 1b b7 5c 36 88 0b 71 12 c1 96 7f fe 17 db 5f a7 ef 52 6e 90 24 f2 a3 68 9e 3b 82 58 87 e5 82 b6 c0 e6 07 75 dd a0
ef 22 90 90 1e 3d 00 2b 00 02 7f 16 bd 2f 8a 5b 6d 53 00 2b 00 02 7f 1c
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 0b 21 fe ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 d8 ef 9b
7a 05 5c 66 77 67 7b 21 e0 7d fc 22 f9 65 92 1c 5c 3e 0c c8 85 d4 2a f5 87 b5 27 30 bd c6 67 4a 66 bf e4 04 1a 57 ef de 4f 63
b1 71 5e 2e 01 a8 91 3d 00 13 01 00 00 2e 00 28 00 24 00 1d 00 9c c2 4c 22 f9 e9 77 77 00 13 01 00 00 2e 00 33 00 24 00 1d 00
20 b5 89 13 10 62 da ed c2 12 1b b7 5c 36 88 0b 71 12 c1 96 7f 20 c5 4d 65 0c e2 52 6e 90 24 f2 a3 68 9e 3b 82 58 87 e5 82 b6
fe 17 db 5f a7 ef ef 22 90 90 1e 3d 00 2b 00 02 7f 16 c0 e6 07 75 dd a0 bd 2f 8a 5b 6d 53 00 2b 00 02 7f 1c
{server} derive write traffic keys for handshake data:
PRK (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 39
1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 44 f7 bd 7a d2 f2 13 b2 94 7b c7 29 be 6f
b7 c4
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 38 29 95 dc ff fc c2 32 16 86 39 75
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a CertificateRequest handshake message {server} send a CertificateRequest handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 8b fc e8 b0 11 4e ac cd 83 64 68 b5 e4 60 30 fd PRK (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 39
32 1c 37 20 7a 41 cd 22 66 4f 56 53 14 f2 1e 05 1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 23 48 7f 1e 47 29 a3 ef 3d fb e1 61 bd 0c d1 output (32 octets): c7 68 70 3c 8c 1f 97 a6 f7 6c e1 62 ac 22 08
c0 42 51 86 74 be 62 54 5b f1 62 25 7a d7 d9 4e 9d c4 d4 72 f3 eb 2d 72 71 1c 0f 2f b7 36 de 45 3e b9
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (512 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (510 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0d
00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08
04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02
0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 30 81 d5 a0 03 02 0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 30 81 d5 a0 03 02
01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 13 31 11 01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 13 31 11
30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 1e 17 0d 30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 1e 17 0d
31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 32 36 30 37 33 30 31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 32 36 30 37 33 30
30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 55 04 03 13 08 65
63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06
08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 30 16 15 75 f4 cf 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 30 16 15 75 f4 cf
e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 ee 62 ee 6e 2f 83 e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 ee 62 ee 6e 2f 83
ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 b5 6d 1f 04 ec e4 ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 b5 6d 1f 04 ec e4
5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 1a 30 18 30 09 06 5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 1a 30 18 30 09 06
03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80
30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 30 45 02 21 00 df 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 30 45 02 21 00 df
30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 69 3f ee ca 3b 71 30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 69 3f ee ca 3b 71
b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 72 50 d3 20 fe a8 b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 72 50 d3 20 fe a8
3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f ee 94 6e 51 3e 01 3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f ee 94 6e 51 3e 01
1d 11 00 00 0f 00 00 4c 04 03 00 48 30 46 02 21 00 f7 46 ae b2 1d 11 00 00 0f 00 00 4a 04 03 00 46 30 44 02 20 30 e4 bf a4 27
e0 10 2f 37 94 0d d8 90 2b 0a 80 63 33 b7 63 69 06 28 9b ae f0 2e fb 5c 47 f7 a8 95 68 62 19 07 5d a8 59 00 a1 83 51 88 a7 dc
a9 7d 92 12 ab 14 30 02 21 00 a7 81 31 62 2d 82 7b ce 23 d5 04 81 04 7e f8 18 40 02 20 7f af cb e9 ab db 07 6d 0d b8 ed 0e fe
c7 f8 1e 2a 78 d7 fb d6 59 fa 09 e1 e7 4c 5a 74 b9 b0 e5 5f 3e 2c 90 17 47 3d a6 99 4f e7 40 21 15 e8 3e d3 99 04 3c 7f 14 00
14 00 00 20 c6 c0 d6 02 f0 3c e5 92 6c 9e 53 05 04 a0 0a 5f d5 00 20 ab a1 88 14 12 63 9b 3b 55 a5 c3 9b a4 57 c0 7f 44 92 b7
40 97 5d de c4 6a fd 8a 18 fa 20 85 17 08 d6 64 74 0c 52 6d 57 9e 83 98 40 5b ec 1c
ciphertext (534 octets): 17 03 03 02 11 17 bf 02 f6 e5 be bf f8 ciphertext (532 octets): 17 03 03 02 0f e7 f9 f2 8e 34 e1 1e 5c
97 3f de b8 5f 0c cd 77 d7 5e 02 12 69 d8 47 5d 82 a4 26 74 bf 23 32 33 8e 43 43 e3 2f e5 17 0e 24 cf d2 64 45 c3 58 79 45 3d
e3 6c c7 a2 89 6f 63 42 3a aa 5f e2 b2 f8 96 6a 85 61 cb 25 f4 2a 55 40 45 0f 90 73 32 b6 7b 7a 87 36 bd 32 29 39 c9 47 e8 ff
c4 e2 8e c2 df 74 64 85 cf 64 fd f4 28 e6 fb c9 02 49 89 3a 62 5c 3a bb 07 ac b8 95 91 4e 0e 3e 2e 2e 3d 0e bb 71 b9 31 58 5f
a8 15 c5 7a f9 8d 03 73 44 4f 90 85 40 1c e2 5f 4b fb 30 e9 99 10 6c 5b b7 f9 c7 8d 86 91 76 5c 52 7a bb 61 04 12 97 9a c3 6d
85 6a b0 eb 87 70 ef b0 1a cb 7e 30 c3 be d5 3d a3 03 32 b7 dc 63 22 cd e6 a4 64 38 c5 a9 ac b0 d1 96 15 4d a1 ec fe f3 d8 1c
1b 31 78 89 49 a8 05 71 4a 06 81 75 4b 41 d4 57 93 c8 b8 28 29 41 c9 9b 39 6a df 7f 47 b5 29 09 72 b6 e4 c1 73 94 af 05 06 f1
b1 9f 6a fa ea b5 bc c1 78 3d 0b 5e 39 63 03 67 7e fc 73 26 5a 41 37 c1 b1 91 7c a5 f1 e4 da 3a 61 8b ea a8 63 c5 80 4e 1e 28
2c 0c cc 07 02 6f e0 98 46 3b 7e e1 d7 c7 e9 81 ff 7c 89 61 d0 ce 2d f7 c4 3f 47 c4 6d c4 80 f2 1b 02 9a 62 b8 8a 57 58 8a 6d
9d e7 fc be 92 77 98 25 98 a5 e9 0f 53 3a 23 5e 1a e3 81 01 fc 67 8e 8d 3f 7f da f4 cf 16 18 b6 4d eb db fc 09 88 eb 40 92 ea
87 07 69 3e c3 ff 90 47 75 52 87 91 74 65 d3 a6 44 12 2c 73 6c 10 bb 0e ec 14 8f 62 46 47 03 f1 15 50 8d 77 05 5d 42 df de 74
1f e5 98 a2 a9 45 87 c3 d2 4f b8 6a d2 18 97 2d 99 38 c0 89 42 42 7e f6 89 c7 a6 5f ff 1c bf a1 2c 5e fa 2c e3 77 3d bf f2 a1
ce 28 64 20 db a4 3a 39 84 46 55 5f 3b 12 d0 84 5b e9 c8 fe 0c ea 2f 28 1d 8c be 97 83 41 e8 1d 4c f0 81 01 7b 00 b2 1d 13 36
8d 71 f6 99 97 b7 08 b7 51 9c 7b 78 70 98 5d ad 45 89 40 a5 8f 29 7c 99 19 6a 55 f9 c6 2f 78 04 dc fe 20 ee 03 34 ab 7b 52 5f
e4 1a 93 be 45 1f 31 08 42 7a d7 fd 3a 6f 27 ef e0 9f 35 d4 ad 6a 67 f6 ed dc cf d3 32 af 0c e6 86 3e eb 0c b8 e3 2b f1 6a 24
b3 a5 61 b3 41 87 ad 07 59 90 ac a8 b1 4c ec 21 cd c3 1b 78 e8 84 ad 1d c6 de 4e 3a b3 ad 78 43 04 fc d2 62 65 b4 ef 5f ac d6
bb b8 e0 30 d7 f7 c8 0c 56 dc 7c 2f f8 b5 53 0f 95 8c 0f ab 81 6e 21 87 30 b2 b4 98 06 fd 75 e5 e1 a9 e8 9e 70 06 7b 9b fa b4
3b c8 3e b3 d7 a9 72 5d 36 0f b2 d8 33 7c df c9 3c b3 d7 ed ea 52 9e 01 7c 04 72 21 d8 99 77 d3 cc 25 b1 be 85 5c ae e1 bc 5d
ea 75 75 cd cc 43 64 a1 a9 f2 19 e4 ae a9 3c c0 6e 2a 31 51 a8 e8 20 9a 37 75 c9 79 2c 78 00 a7 6f 62 c2 24 b8 90 9c ff bd 94
c7 f0 ef 15 16 a2 fd 34 1a bf b5 b3 9f 32 7c 6b 31 54 33 6e 5c d7 c8 38 f4 d9 5e 2c a6 d2 6e 8e ae 0f 0c 7b ac f3 85 1c 31 1f
6e 94 ed 2c c2 ca 95 ff 69 d4 25 48 3c 63 d2 a4 04 60 b0 03 c0 b1 fd 0c 19 72 80 61 8f 43 c5 ed ba b5 d3 6d 50 59 cb 7a e5 04
4a b6 f5 bf 0e dc 3c 4e 66 21 a7 6f ff ff 1a 4d ae 84 7b 17 b8 f4 cc 2d 42 f9 81 83 eb eb a6 e3 70 35 d6 bd 45 fc 64 f3 50 ef
e5 ea 2b b5 47 e0 5f e3 8a 0f dc 63 78 fd cf 45 5c b9 92 17 8f 15 6e 7e e0 15 ce 0d d6 c8 9e 23 0b aa 54 33 5b 46 0c fd 04 3b
e6 12 9d bd a3 49 a4 c5 6c d3 1e 04 ab bc 4c 5d 2d f5 0d 0c 06 21 cc a2 66 72 2c c6 4b 92 e8 67 42 a9 51 67 c7 88 4d fb 61 f8
04 75 ec 11 8b 0e 3d 82 f0 79 cb 5e ec 44 1f c1 f1 78 88 db f7 88 90 4f 73 1e f8 3c 52 4d f9 27 18 86 06 89 8b ea e5 2d 87 88
9b 04 f4 fa 89 39 ab be 4f 65 c4 b6 26 43 5c c8 dc 98 d1 88 29 2e 39 fa 15 73 7f f2 85 43 59 b0
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56
b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee
hash (32 octets): 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18 hash (32 octets): eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8
3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 61 66 66 69 63 20 eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05
18 3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06 b8 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56
output (32 octets): 49 94 c4 1b d3 5f 90 84 9c da c8 1c ee eb 48 output (32 octets): a7 95 27 3b d4 3f 76 6c 34 b0 dd 5e 57 12 9d
cf 0a 25 08 9c da 15 66 d0 c8 51 ce 42 67 55 0e 42 cb 6a 62 53 d4 25 39 69 f8 43 fc 64 db fb 4d e8 d1
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56
b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee
hash (32 octets): 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18 hash (32 octets): eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8
3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 61 66 66 69 63 20 eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05
18 3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06 b8 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56
output (32 octets): 04 94 45 e6 ca b5 c5 4c 87 af 8a d9 c9 4f c1 output (32 octets): 92 e7 e7 04 3b 35 7d 6c a6 ca ba 36 0e f1 4f
28 14 f5 4c 22 bb c4 6a 08 5e 9e 3f 55 91 1e 77 0c b9 c6 f8 0b f2 f4 b4 26 f2 e5 8d 62 96 79 b7 41 aa
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56
b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee
hash (32 octets): 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18 hash (32 octets): eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8
3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18 3e 74 65 72 20 eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8 80
44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56
output (32 octets): 84 69 2c 16 37 b0 91 ce 55 73 7a bc e2 46 9b output (32 octets): ae a4 f5 ae fb fd 28 fd 24 34 e1 75 96 b2 98
74 5c f4 77 80 ea d7 68 be 99 35 59 2c 16 0d 0d 57 21 65 bc fd db cb 01 8f 22 81 2f 1d 1e d9 37 08 ac
{server} derive write traffic keys for application data:
PRK (32 octets): 92 e7 e7 04 3b 35 7d 6c a6 ca ba 36 0e f1 4f b9
c6 f8 0b f2 f4 b4 26 f2 e5 8d 62 96 79 b7 41 aa
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): b5 02 c5 17 59 fd 20 90 ef 80 f0 b6 d5 3d
1d 06
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 19 46 48 8e ca 45 0f 53 3b eb 59 3e
{server} derive read traffic keys for handshake data:
PRK (32 octets): 06 bd cc 2f 05 32 35 23 70 af 13 71 84 d5 66 31
4a cb 81 bb e1 d2 98 02 f5 78 ef 1e 43 72 26 35
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 72 ff ef 49 b3 34 ca dc c9 bf ec ee ae 2f
7e d5
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 6b 89 8b 86 fe 32 91 19 81 ef 9f 03
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 39, line 30 skipping to change at page 45, line 41
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 94 2f 83 fa ee 2f ad ad 24 2e eb fb c7 a6 6d 5e ikm (32 octets): 49 a2 14 3a 0c 4b 7c a4 e9 c1 3a 6f 64 93 88 ec
c7 71 04 b1 3c d4 97 e0 b1 0d 9d 70 69 1d e8 6a 4d 34 87 b5 dc d0 68 37 bd 5c 41 23 a2 e0 1e 5b
secret (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 secret (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97
e5 e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f 3e c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 39
1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 44 f7 bd 7a d2 f2 13 b2 94 7b c7 29 be 6f
b7 c4
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 38 29 95 dc ff fc c2 32 16 86 39 75
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as
server read traffic keys)
{client} derive read traffic keys for application data (same as
server write traffic keys)
{client} send a Certificate handshake message {client} send a Certificate handshake message
{client} send a CertificateVerify handshake message {client} send a CertificateVerify handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): e8 d4 bb 93 8c a3 de 6d 1d 7c 78 01 a5 57 20 aa PRK (32 octets): 06 bd cc 2f 05 32 35 23 70 af 13 71 84 d5 66 31
df cd 34 2d c8 a4 47 04 1d 21 7c 83 c8 df f3 94 4a cb 81 bb e1 d2 98 02 f5 78 ef 1e 43 72 26 35
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 03 c1 ff eb e1 ec af c1 16 94 42 a3 5f b7 8c output (32 octets): 87 1c e8 63 61 9c 37 09 02 b2 fc aa 08 16 68
4a f4 3d 55 4e c8 5b 94 ae 3f e9 18 3f 54 55 f1 84 db 0f c5 32 8b bc 3f 0e df 74 66 01 e3 ad e7 d2 a2
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01 payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01
b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86
f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63 f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63
6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39
5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30
0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09 0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09
2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81
00 c3 81 75 e0 04 a6 8d 09 3f 82 3b 9c 37 9d 20 1f bc 0b b7 a1 00 c3 81 75 e0 04 a6 8d 09 3f 82 3b 9c 37 9d 20 1f bc 0b b7 a1
skipping to change at page 40, line 47 skipping to change at page 47, line 28
9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0 9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0
28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02
30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86
48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22
af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d
c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be
2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0 2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0
c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17 c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17
bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f
78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84 78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84
08 04 00 80 84 10 d9 4d 75 9a c5 a1 87 9c 61 71 49 48 04 09 7f 08 04 00 80 8c 72 81 c7 26 a8 cb 2e 3e 17 d1 22 7f 3a 56 77 69
9d 94 6f 41 e0 02 2a 66 ee 8e 0d 3b bc f4 37 c2 6f db cb 1d b6 f4 31 a0 9c e1 37 f9 18 83 11 6c 53 4c d2 09 89 40 27 9b a9 1d
69 45 94 f9 01 71 82 e2 80 5c 1a 68 24 e1 06 d1 86 dd 42 37 53 dc d7 17 7f 71 70 59 43 1b d6 c5 0b 24 77 7f 55 6d 2f bf e4 8d
60 89 14 3d 06 12 ec 33 08 50 2c d5 a1 54 3e 82 fb 9d b5 58 7e c4 b9 6c 6b 5f bd cb 4c 57 5a 58 88 98 c6 e1 48 ef 5f af dd 2c
54 07 6e 18 7a d6 ad 9b 89 35 42 a7 54 1d f0 47 49 7f fb 6c e2 1f ee a5 3f 56 72 f0 aa b4 1f 9a 22 cb fa e4 e0 8b 29 5b 14 99
5d df f8 fd e7 ed 8a 67 98 f2 b7 de 1f a8 d9 f9 67 76 15 3a 3d c4 71 a8 6a 86 65 55 92 f0 f6 a0 43 d3 fd 84 05 0e 7b b4 b7 6f
01 9c 5a cc af 97 14 00 00 20 49 3e e4 87 b7 fc 2b f5 19 b7 cd 9f 26 76 c7 12 9a 14 00 00 20 34 ef 9a 48 bb 59 75 19 12 14 15
2b 6b 33 b5 0f 5b e6 d5 23 37 a4 96 2e 39 d0 ec 13 92 f0 76 80 7f 60 73 9f 40 9a a4 f0 0b 68 b7 9e 1d ee d2 91 e5 09 76 32 df
ciphertext (645 octets): 17 03 03 02 80 4d 75 ab 8f 1d 72 06 a6 ciphertext (645 octets): 17 03 03 02 80 bd 53 8f 8a 51 8e 53 29
3e 00 ac cd 41 c6 aa d6 3f e1 4d df 20 42 8f 59 68 d7 fc 60 61 91 44 38 97 42 f7 be 7c e8 d5 cc bc dc 49 7e 99 7e fb eb 45 60
2f d2 5f f6 49 ae 82 c6 2e 3b 1e 6b 0d 07 d4 26 ae d4 3f a8 1f ae 3f ac ab 2f 07 82 53 1a 3a ed 15 9b 74 88 41 04 dc 95 9b 90
c2 76 15 43 92 5d 9a 8c 53 57 b2 0d 5d f1 7d fe 67 7d 8f df 7c 63 7d 8c f5 a6 24 25 d5 f3 b7 16 57 6b b3 c0 13 99 92 62 0b 91
b3 5f 07 48 02 a0 c5 5a 12 31 de a8 d4 27 1d fa 5f 5d 65 21 a4 ee 02 fa 02 32 3c 8c 3e c9 e6 a6 d1 cc 3b 4a e1 37 94 38 da c9
f4 67 c4 78 5d b0 54 1d f1 fb 84 8f 8b 01 e6 8d cb 9c 63 a3 86 17 39 8d c9 5c 33 94 19 f7 b4 c0 a8 4e 04 73 af 06 50 4d dc e9
3a 6b d3 e8 8d b5 a3 67 34 53 2d f3 68 b0 f5 7a 12 b5 65 94 b2 df 3d 7e b5 a5 3e dd 17 8d 2a 4f 83 c9 2f fa d2 3e 8c 28 a6 17
e1 6b 69 4e 5c e6 c1 e6 f3 ab 6f 1f a0 a9 f5 40 e3 80 2d 6b f2 94 f3 c8 45 96 b1 77 0e c5 b4 ec 1f a4 0a 06 8c e0 40 61 dc 80
4f eb e4 2b 72 1f 13 ab 80 90 f1 54 e4 14 54 72 f9 1b 9a fe d6 1b d0 d3 a7 d0 73 10 0d c6 e7 42 7d aa 0c 9b 8d 2f 4e 16 c4 e4
c5 b4 51 39 7e a0 fd 19 8c 04 48 af 73 44 42 91 57 43 11 53 4d 3c 84 16 22 b4 ae e1 5e c7 e3 3a c1 b6 4f 74 85 7e 89 82 f8 85
22 91 07 65 9b 88 00 5c f0 51 db 32 70 83 44 4c 2c 00 14 e9 22 3d 9a 5e 36 96 9d ad 26 08 b6 88 1f cc 27 a7 39 aa 29 9a ce c4
a2 bd 94 a2 c9 d8 40 70 7b 4c 76 0c 56 ff 09 36 b1 b7 ad 8c 76 73 f7 d9 f5 73 4e 5b 24 d9 57 30 4a a5 6b 06 1c be 70 b5 0f 3f
f7 bf c2 dc 8b 75 19 d2 29 ad 7b a5 6d 0a 16 12 d0 56 f8 78 da 20 3a d1 64 ca 62 76 7d 9d 2b 7c dc 7c ce 9d 05 df ec 43 dc a6
5a b9 91 c9 ce 3d d0 44 62 8c 5a 0f ab 4d 51 14 af 7f 95 7e f1 9a d4 2d f5 7a 09 3d 0a e0 b6 e0 a9 40 dc 0e dc 04 27 8c ae fe
f5 27 05 6b 5d 16 0e 8b b2 ad 6d b0 a9 3b e2 3c 5f 68 7e 0a 28 f8 ec 26 8f 29 5c 9c cc 76 3e 38 f2 f1 e1 dd 7f d6 14 17 b6 aa
ec 76 32 a2 1f 24 4f 9e ac 1d 04 4f f9 2d 3c 1f b1 8e f8 1a bb bc 31 a1 94 0b 96 1e ba 3e 85 cd 58 23 fa e7 28 99 9d ec f1 b0
cf 38 08 24 d4 cb 1c e4 51 7a d6 c1 45 f0 56 8b 41 b9 36 26 65 7c cc a4 72 94 88 f1 c7 d1 ab e2 56 88 17 ad 19 4f 71 f5 16 cc
68 ac 23 1e c9 48 eb b3 32 1f 5f b0 14 36 21 af 9b 3c e7 51 7b 30 28 fa 6e 38 a1 8f 40 e3 bf 68 41 88 84 c6 94 5a de 07 51 b0
08 88 e0 71 c6 17 4b 7b 05 a7 bf ce a2 d9 e2 50 16 1a f7 0f 93 ab fe 09 d5 1d 4e 3b d9 95 b5 50 b5 da 84 61 79 30 a5 98 89 19
73 a9 c2 fc 2d 41 06 85 52 38 bc 54 f0 78 40 6c 75 82 7a 46 1e 56 3d 2c b2 96 ec d9 1b a6 cd d1 09 1c ff d8 d9 14 b3 78 1a 43
c2 c3 59 19 f6 75 16 44 fd ce b6 11 31 3e f5 57 09 b5 2b 32 69 3e e7 67 03 19 ca ed 45 d5 83 de 8b 66 b3 49 3e df 82 bc d9 14
24 12 32 92 d1 bd 9d 1d 19 2f 6d 4d d6 bd e8 f3 c8 2c 30 49 f4 ba ce e3 06 22 2a 3b 34 de 7f 1c a4 85 7b 9c 9d 19 72 b9 7a a8
f6 dd f7 4d 18 4d 72 76 57 9f ce 90 a6 6b bd 6b 50 17 82 6d cd 26 34 01 be db 19 3b 20 1d f8 dc 33 e3 e9 d6 a6 b8 b0 bc be d3
0d 31 25 bc a5 47 df b2 f9 ab 53 43 fd a4 2a bb eb 5b f9 ca 6d 02 36 08 9a 19 7d 18 8f 21 a0 72 ec 42 7e 5a b8 e5 62 3c 4c 2e
02 45 8e 7e 7b af 21 04 70 e5 e6 93 ee a4 c2 ca 50 2f e8 e6 d4 84 ad 88 91 ff 9f b1 68 69 a3 69 63 0d a6 5b f5 0d 4a 6c 92 fa
78 7b 57 18 6d 85 40 7d df 0d 5e 0c 8a be 1a 73 46 d6 cd 30 86 fc 7d 3f b3 00 7e dc b7 7b 55 82 9f 06 ac 49 9f 6a 9b 2a 26 9d
5a c5 fc 9d f2 d3 8e 84 1e f3 67 91 be e0 dd 3a 1a 95 b9 c3 2d a0 ef 27 67 29 c9 37 84 db 6d 0c 81 e7 d6 2a e6 8a d5 c5 6a db
3e 8e 97 04 c8 7b fe bd 35 ea f5 cb db 4a 72 32 46 82 04 a5 75 21 40 a1 1a 6a ed 8c 35 e7 9f ab 13 5d 37 79 d9 9e 9f 8e a4 58
63 2c ed 27 76 70 6c d5 02 a5 66 d1 30 c1 ab 40 9a 1c e4 ab 08 c7 7f 9f 15 f1 53 7c 4c 16 25 fb f3 d7 6c d1 a2 d9 e5 39 a0 34
c5 8c 04 ae 75 33 94 8b 63 4b ff 14 54 b6 91 a1 e9 88 c6 de 54 26 70 9b 69 32 33 2d 66 76 c4 e6 71 0a 73 d8 1e e5 57 c4 39 81
85 7e 12 05 65 fc bc 6e 3d 01 ed fa 7a ab c5 f9 2c 45 b4 df 22 99 7d 89 74 c2 51 b4 d5 4f 4b cd bc 61 a8 fc c4 a0 d3 ba a6 c0
50 c0 a6 0a
{client} derive write traffic keys for application data:
PRK (32 octets): a7 95 27 3b d4 3f 76 6c 34 b0 dd 5e 57 12 9d cb
6a 62 53 d4 25 39 69 f8 43 fc 64 db fb 4d e8 d1
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 99 a9 9b 02 57 00 7a b1 61 ba cf 9d e9 80
30 5b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 4a f0 6c c7 ce be e4 bc ff e2 0d 0d
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56
b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee
hash (32 octets): 7f 2d 4e 12 6e 73 62 ae 2f ea 3c b9 1f 32 ec b0 hash (32 octets): 52 fc a8 f6 61 6c 96 7f 0e 93 42 dd ab 79 03 1d
f7 ba 7f 60 c4 ee a4 41 0f 80 26 dc 33 25 77 88 64 cf 07 e3 56 f4 75 13 33 1c 37 05 61 94 9b ff
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 7f 2d 4e 12 6e 73 62 ae 2f ea 3c b9 1f 32 ec b0 f7 74 65 72 20 52 fc a8 f6 61 6c 96 7f 0e 93 42 dd ab 79 03 1d 64
ba 7f 60 c4 ee a4 41 0f 80 26 dc 33 25 77 88 cf 07 e3 56 f4 75 13 33 1c 37 05 61 94 9b ff
output (32 octets): 42 f1 0b 54 0d ee 84 7b 5b 1c 5b 0d 89 2c f7 output (32 octets): 8b 90 6f 3a d8 2d ba 92 f6 b9 ad 03 7f 71 e3
11 7d 9a 13 9b 89 20 64 88 a3 52 eb ee d8 cb 6f 90 f4 70 eb f4 63 68 7a 2c 92 ec ee ca 3a 22 52 be af
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 70 16 fa 95 9e 65 31 0b cf ciphertext (24 octets): 17 03 03 00 13 43 c0 93 e4 62 a8 18 6c fe
54 11 09 dd 74 cc 4b bd 42 95 a7 1e 94 46 ff ba bd e7 3b 79
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 92 e3 7d 92 18 1a 14 ec cf ciphertext (24 octets): 17 03 03 00 13 8e d0 6a 3a 56 ab b0 fb 05
3e 35 13 f4 54 63 4f b1 70 d9 04 ed 3b 3f f9 1d 8c 93 77 8e
7. Security Considerations 7. Compatibility Mode
This example shows use of the handshake with the client requesting
that the server use compatibility mode as defined in Appendix D.4 of
[TLS13].
{client} create an ephemeral x25519 key pair:
private key (32 octets): 90 d4 67 c3 48 e3 d2 4d 7e bb 3d d0 4c
46 16 9a 16 bb 64 ec 6c d3 4d 56 45 ee ac 7c 2f 02 c9 b5
public key (32 octets): 17 6f 7c 2d 12 36 9d 89 37 4c ae 31 9c 36
34 ca 43 0f 82 d6 89 60 90 9b ef 1d 87 ad 1e 9d 32 32
{client} send a ClientHello handshake message
{client} send handshake record:
payload (218 octets): 01 00 00 d6 03 03 54 dd 27 fd c8 0f 86 ea
a7 d3 79 87 46 73 58 44 60 31 0f 38 aa ec 8f e9 3d 6c 32 b8 c0
0b e1 9c 20 ae 8b b2 af 77 86 0c f6 9d 70 e9 70 b6 29 81 c5 25
56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86 00 06 13 01 13 03
13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72
ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00
01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 17 6f 7c
2d 12 36 9d 89 37 4c ae 31 9c 36 34 ca 43 0f 82 d6 89 60 90 9b
ef 1d 87 ad 1e 9d 32 32 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e
04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
ciphertext (223 octets): 16 03 01 00 da 01 00 00 d6 03 03 54 dd
27 fd c8 0f 86 ea a7 d3 79 87 46 73 58 44 60 31 0f 38 aa ec 8f
e9 3d 6c 32 b8 c0 0b e1 9c 20 ae 8b b2 af 77 86 0c f6 9d 70 e9
70 b6 29 81 c5 25 56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86
00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06
73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17
00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00
1d 00 20 17 6f 7c 2d 12 36 9d 89 37 4c ae 31 9c 36 34 ca 43 0f
82 d6 89 60 90 9b ef 1d 87 ad 1e 9d 32 32 00 2b 00 03 02 7f 1c
00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04
01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early":
salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair:
private key (32 octets): 50 16 8d 5c 6e 6c a8 2d 2a a3 35 ba ae
c1 bd 59 f5 19 94 ee 4a d9 79 86 5b 3d fa dc 3c 71 aa 22
public key (32 octets): 37 69 88 a2 1d dd bc 38 a2 e6 fc de 82 33
7a ff e6 79 a3 9c 3f e3 fb 5a 29 f9 5f 9f e8 e5 a0 42
{server} send a ServerHello handshake message
{server} send handshake record:
payload (122 octets): 02 00 00 76 03 03 21 c5 c5 ee bb d5 fc 32
cd 26 52 41 8e 6d 51 4b da df d0 51 e5 d4 37 e0 bf 0c 0a 31 8d
30 a4 b7 20 ae 8b b2 af 77 86 0c f6 9d 70 e9 70 b6 29 81 c5 25
56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86 13 01 00 00 2e 00
33 00 24 00 1d 00 20 37 69 88 a2 1d dd bc 38 a2 e6 fc de 82 33
7a ff e6 79 a3 9c 3f e3 fb 5a 29 f9 5f 9f e8 e5 a0 42 00 2b 00
02 7f 1c
ciphertext (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 21 c5
c5 ee bb d5 fc 32 cd 26 52 41 8e 6d 51 4b da df d0 51 e5 d4 37
e0 bf 0c 0a 31 8d 30 a4 b7 20 ae 8b b2 af 77 86 0c f6 9d 70 e9
70 b6 29 81 c5 25 56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86
13 01 00 00 2e 00 33 00 24 00 1d 00 20 37 69 88 a2 1d dd bc 38
a2 e6 fc de 82 33 7a ff e6 79 a3 9c 3f e3 fb 5a 29 f9 5f 9f e8
e5 a0 42 00 2b 00 02 7f 1c
{server} send change_cipher_spec record:
payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01
{server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 18 5a df 44 30 f3 14 a4 a4 04 47 0e 5d d5 45 35
b3 cb 4f b7 9f 75 da 58 b6 fa f7 e2 cf ff f0 36
secret (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e
6d 1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9
{server} derive secret "tls13 c hs traffic":
PRK (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e 6d
1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9
hash (32 octets): b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6 94
cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6
94 cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c
output (32 octets): 4b 4c d4 8c 4f 39 9c 05 77 bd 73 11 5b b5 12
f1 af 4e 3c 65 fa da 60 d5 24 6b 3e 64 b5 7d c5 ec
{server} derive secret "tls13 s hs traffic":
PRK (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e 6d
1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9
hash (32 octets): b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6 94
cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6
94 cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c
output (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0
8c 65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd
{server} derive secret for master "tls13 derived":
PRK (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e 6d
1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 42 60 f4 bc 75 60 30 9b de 27 31 79 f9 2c 94
f1 13 e3 10 02 fb ba b3 b3 17 98 a3 05 04 10 e2 33
{server} extract secret "master":
salt (32 octets): 42 60 f4 bc 75 60 30 9b de 27 31 79 f9 2c 94 f1
13 e3 10 02 fb ba b3 b3 17 98 a3 05 04 10 e2 33
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11
91 ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b
{server} derive write traffic keys for handshake data:
PRK (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 8c
65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1e f6 3e cc 95 0c e3 96 b0 11 16 ad 52 35
3f f1
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 73 ab 6b 2d c5 8a 11 fd 05 70 4a ce
{server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message
{server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished":
PRK (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 8c
65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd
hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): 37 10 db 07 3f 25 97 e5 f6 0f cb 4b 14 df bb
ff 45 1e 50 c4 af 44 24 c2 6b 04 55 f1 de 1f 14 41
{server} send a Finished handshake message
{server} send handshake record:
payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b
00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02
01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36
30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31
32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61
30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d
00 30 81 89 02 81 81 00 b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b
36 c6 98 8c 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4
9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed
43 12 09 98 e1 87 a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d
44 9a 6d 38 e2 2a 5f da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9
d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28
a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09
06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05
a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85
aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a
7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31
9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e
67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e
b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40
9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d
e1 00 00 0f 00 00 84 08 04 00 80 58 c8 c3 2b e7 b4 d2 a7 42 2b
f3 32 1d 0b dc 63 4c 8e 54 7e 12 0e 57 f8 90 ac 3c 2b 93 b1 c9
9d 36 4b 9a 59 9e ad f4 cb 17 50 22 2f 65 61 aa b6 b6 89 10 15
eb 6b 27 4c 21 72 4a df 97 f0 00 ff 03 de 8f 14 24 53 28 5f b4
4b 7e 65 96 7c ea 58 74 3e a1 cb 7a 28 62 d0 18 12 64 6b ff 50
04 9e 5b e1 ea 5d c3 50 ed 7e 53 a4 38 5d d3 f0 aa dc e4 bc ec
9d 64 8f 82 0d e1 3d da e4 2f 9f 96 20 14 00 00 20 ed 0a 13 2e
5f e8 fb 5b 43 aa aa 7b ab 9e 46 34 63 64 11 0a 1b 25 33 75 ab
fc 6d ea 46 ef 91 c0
ciphertext (673 octets): 17 03 03 02 9c 1e 4e 15 9f 57 8e 9d 1d
73 88 13 e5 1b e1 89 ea 1c 80 1b 85 ab bc 4f 0d 52 92 7f aa 30
6c 04 e6 7f a8 02 ab 02 38 56 18 aa 0e b3 d1 af a0 84 62 ec f3
a0 04 a5 f2 dc 51 be 25 10 8f dd d6 38 92 04 88 3a 39 bd f1 0d
bb de 5f 33 4a c5 bf 11 85 86 de c0 38 2d cf 00 b2 69 13 8a fe
27 28 37 0c c1 9a 3d 58 12 4c b1 99 be b9 7c a0 a8 a9 ab af 01
c2 38 f2 9c 45 b5 30 28 f8 d8 d2 2a 49 0b d8 2c f2 53 3a 76 72
4d 67 d8 a7 2a b0 fb 94 53 63 fb 92 4f 8c a5 e1 32 e6 b3 3c 85
29 4b 12 1c 69 8d df 37 52 ec f3 bc b9 f9 b9 01 37 bf d3 ad 0d
fd 04 52 2c 27 1e 63 23 11 37 93 a5 c7 36 ee fa b2 73 a4 79 c3
d8 b0 07 2d 0c 39 d9 4f 7d 1b ea c3 2f 02 15 be 45 04 14 6e 83
c8 d3 37 c8 27 e7 f0 05 d4 83 a8 46 ef 6c c8 1a 13 ed 52 88 d1
69 4e c1 76 a2 7f fb 62 c5 93 ab 1e df dc 8c 6f 0c ec 57 34 7a
e8 81 ab 17 ab a9 49 b4 f5 1a 0b 61 49 09 00 ff 92 16 bd b2 26
99 5b 54 9c 8d 5d 19 31 a0 11 de 06 bf 75 0f 8c 1c 54 8b 4b d7
00 2d 9a 76 7e 7b 66 77 f6 4b d2 3f e7 a5 ce 3c 55 5e 7b 8b c6
ed e8 72 f5 d9 6a fa c0 50 e9 a0 2c 80 1a 0f 15 12 4a 46 42 aa
89 cc d0 e5 fe b6 70 a9 68 dd db 31 7b fc e9 db 82 9f 63 d4 5a
bf e6 1a f9 56 d1 b3 c6 ea 8d fe 17 3b 13 d3 db 69 38 7b 54 23
f2 78 d2 d7 49 e1 9e 2e 61 d4 f6 85 b6 e6 57 40 8f 99 3a b5 b4
5c 3c dc ed fd be 44 b0 5f 6a dd 3a 5d e9 30 46 f2 af bb 30 ea
03 26 47 eb 7d b7 8a c4 6a 1c 54 52 e3 e9 39 69 82 ef 55 2e 69
cc a5 a7 9d 57 af 22 10 2f da 06 7d 2d 48 f6 9a 91 5c 41 87 81
29 10 ec b4 7e 76 41 78 e0 ad cc 92 10 42 bc 9f ac 44 53 54 09
10 b5 02 9d 79 e4 1f 87 d2 66 01 16 18 45 2b 38 b0 0f 97 a6 32
20 30 4c d8 56 b8 0c f7 d7 f0 dc 30 7d 2b 9b 57 db 57 ad 29 3a
58 85 f9 4f c2 65 c1 84 af d9 0b 85 a2 52 12 f5 6c 8c c8 29 c1
b7 d1 6d ce 0b 8b 48 26 44 2d 79 6f 76 fb 1a 8d ff d3 06 96 cf
07 c8 c9 58 4a f9 76 ba 4c 86 4b f4 75 12 fb 8c a3 3f 8d 96 1a
5b 66 68 d1 b5 ad c3 8f 16 aa 8b 87 91 be da 44 5c a4 89 8b 0b
c8 c8 de 04 22 81 25 21 42 50 cf 49 f4 3d ce d2 28 f5 4c 01 d6
b2 e1 fa d7 33 50 e9 a3 69 1e ee fc af 8a 4c a3 66 45 92 0e 72
97 af 36 1e 01 27 0e d1 fe
{server} derive secret "tls13 c ap traffic":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b
hash (32 octets): 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47
bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59
47 bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd
output (32 octets): 07 04 02 00 14 0c 44 d3 60 5a 53 0b 0d b2 ee
e6 ad 5b ff 4a 51 64 20 df 10 95 d6 26 15 b5 3b be
{server} derive secret "tls13 s ap traffic":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b
hash (32 octets): 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47
bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59
47 bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd
output (32 octets): a1 16 af 52 37 f0 00 ca 95 4a 76 f0 bf 59 78
2d db 81 45 9e b5 f0 36 eb 72 10 ed 9e ab 6c 23 36
{server} derive secret "tls13 exp master":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b
hash (32 octets): 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47
bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47 bc
41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd
output (32 octets): a6 e6 ca 68 ff 08 62 3b ca de 3d 27 35 95 eb
ae 49 93 aa e4 7d c1 d8 cf 2f 1d 12 e9 d8 ee 91 5e
{server} derive write traffic keys for application data:
PRK (32 octets): a1 16 af 52 37 f0 00 ca 95 4a 76 f0 bf 59 78 2d
db 81 45 9e b5 f0 36 eb 72 10 ed 9e ab 6c 23 36
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): b2 1c 13 11 a2 57 45 a0 c1 d8 de 68 c7 ce
7a dc
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): d1 7b 34 2a f3 32 e9 90 1f 42 44 43
{server} derive read traffic keys for handshake data:
PRK (32 octets): 4b 4c d4 8c 4f 39 9c 05 77 bd 73 11 5b b5 12 f1
af 4e 3c 65 fa da 60 d5 24 6b 3e 64 b5 7d c5 ec
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): cc 08 24 4c 19 61 00 74 6d 6e bd e5 6f ee
e9 01
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c0 52 e0 7a ce 1d 8e 0f af aa f1 a9
{client} extract secret "early":
salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 18 5a df 44 30 f3 14 a4 a4 04 47 0e 5d d5 45 35
b3 cb 4f b7 9f 75 da 58 b6 fa f7 e2 cf ff f0 36
secret (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e
6d 1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9
{client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 8c
65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1e f6 3e cc 95 0c e3 96 b0 11 16 ad 52 35
3f f1
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 73 ab 6b 2d c5 8a 11 fd 05 70 4a ce
{client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server)
{client} send change_cipher_spec record:
payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01
{client} derive write traffic keys for handshake data (same as
server read traffic keys)
{client} derive read traffic keys for application data (same as
server write traffic keys)
{client} calculate finished "tls13 finished":
PRK (32 octets): 4b 4c d4 8c 4f 39 9c 05 77 bd 73 11 5b b5 12 f1
af 4e 3c 65 fa da 60 d5 24 6b 3e 64 b5 7d c5 ec
hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): 00 f1 67 b7 01 24 2f d4 77 08 23 d6 4b a7 f5
09 0e 8b 93 bd 24 9d bd 4d 1d 2f 6c 75 e3 4d 68 4a
{client} send a Finished handshake message
{client} send handshake record:
payload (36 octets): 14 00 00 20 9c dd a7 08 0e f0 6b ce 6c 90 bb
d0 03 1e 1b c8 82 1a 64 70 ea 2a 61 d6 d8 42 b1 51 a6 1c 35 2c
ciphertext (58 octets): 17 03 03 00 35 df 43 9f 06 1c 68 4c 3c 96
08 9b 15 58 8c 8d bf af 32 67 a3 d0 83 60 ae b1 d1 59 ce 92 85
f7 4e 91 b7 91 7b 4d 7a 1d 11 d6 7d cf 8b 8c fe 4c af 5d a9 58
b4 a9
{client} derive write traffic keys for application data:
PRK (32 octets): 07 04 02 00 14 0c 44 d3 60 5a 53 0b 0d b2 ee e6
ad 5b ff 4a 51 64 20 df 10 95 d6 26 15 b5 3b be
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): f0 72 a4 38 13 be 60 17 99 b4 c1 21 2c 45
28 18
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 47 c6 45 c2 e5 1c 04 f6 e9 21 f4 99
{client} derive secret "tls13 res master":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b
hash (32 octets): 7a 0a 30 81 19 4d bc f1 bd af c6 f4 02 a0 62 a2
b1 e3 3a c9 6e ea 6f c3 22 62 c5 20 49 bf d7 1a
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 7a 0a 30 81 19 4d bc f1 bd af c6 f4 02 a0 62 a2 b1
e3 3a c9 6e ea 6f c3 22 62 c5 20 49 bf d7 1a
output (32 octets): 69 5c b5 3a dd e2 0c 27 6b 9d 87 11 a8 df 03
6c cc ce be 5c 82 ed ab 0c 3a 6c 5f 39 84 54 1e 77
{server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client)
{client} send alert record:
payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 85 3c c0 b9 9c 64 e3 78 5c
c8 53 b5 61 a1 24 0f f6 35 75
{server} send alert record:
payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 2b cd 23 33 71 26 6e b4 bc
ce 2d 27 56 f3 8f 37 15 ea 19
8. Security Considerations
It probably isn't a good idea to use the private key here. If it It probably isn't a good idea to use the private key here. If it
weren't for the fact that it is too small to provide any meaningful weren't for the fact that it is too small to provide any meaningful
security, it is now very well known. security, it is now very well known.
8. References 9. References
8.1. Normative References 9.1. Normative References
[I-D.ietf-tls-tls13] [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", draft-ietf-tls-tls13-28 (work in progress),
Version 1.3", draft-ietf-tls-tls13-22 (work in progress), March 2018.
November 2017.
8.2. Informative References 9.2. Informative References
[FIPS186] National Institute of Standards and Technology (NIST), [FIPS186] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", NIST PUB 186-4 , July "Digital Signature Standard (DSS)", NIST PUB 186-4 , July
2013. 2013.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>. 2016, <https://www.rfc-editor.org/info/rfc7748>.
8.3. URIs 9.3. URIs
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
Appendix A. Acknowledgements Appendix A. Acknowledgements
This draft is generated using tests that were written for NSS [1]. This draft is generated using tests that were written for NSS [1].
None of this would have been possible without Franziskus Kiefer, Eric None of this would have been possible without Franziskus Kiefer, Eric
Rescorla and Tim Taubert, who did a lot of the work in NSS. Rescorla and Tim Taubert, who did a lot of the work in NSS.
Author's Address Author's Address
 End of changes. 283 change blocks. 
800 lines changed or deleted 1641 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/