draft-ietf-tls-tls13-vectors-04.txt   draft-ietf-tls-tls13-vectors-05.txt 
TLS M. Thomson TLS M. Thomson
Internet-Draft Mozilla Internet-Draft Mozilla
Intended status: Standards Track May 02, 2018 Intended status: Informational May 30, 2018
Expires: November 3, 2018 Expires: December 1, 2018
Example Handshake Traces for TLS 1.3 Example Handshake Traces for TLS 1.3
draft-ietf-tls-tls13-vectors-04 draft-ietf-tls-tls13-vectors-05
Abstract Abstract
Examples of TLS 1.3 handshakes are shown. Private keys and inputs Examples of TLS 1.3 handshakes are shown. Private keys and inputs
are provided so that these handshakes might be reproduced. are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys and ivs are Intermediate values, including secrets, traffic keys and ivs are
shown so that implementations might be checked incrementally against shown so that implementations might be checked incrementally against
these values. these values.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 3, 2018. This Internet-Draft will expire on December 1, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3
4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15
5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 26 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 26
6. Client Authentication . . . . . . . . . . . . . . . . . . . . 38 6. Client Authentication . . . . . . . . . . . . . . . . . . . . 38
7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 49 7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 49
8. Security Considerations . . . . . . . . . . . . . . . . . . . 59 8. Security Considerations . . . . . . . . . . . . . . . . . . . 59
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60
9.1. Normative References . . . . . . . . . . . . . . . . . . 60 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 60
9.2. Informative References . . . . . . . . . . . . . . . . . 60 10.1. Normative References . . . . . . . . . . . . . . . . . . 60
10.2. Informative References . . . . . . . . . . . . . . . . . 60
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 60 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 60
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 60 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 60
1. Introduction 1. Introduction
TLS 1.3 [TLS13] defines a new key schedule and a number new TLS 1.3 [TLS13] defines a new key schedule and a number new
cryptographic operations. This document includes sample handshakes cryptographic operations. This document includes sample handshakes
that show all intermediate values. This allows an implementation to that show all intermediate values. This allows an implementation to
be verified incrementally, examining inputs and outputs of each be verified incrementally, examining inputs and outputs of each
cryptographic computation independently. cryptographic computation independently.
skipping to change at page 3, line 42 skipping to change at page 3, line 43
3. Simple 1-RTT Handshake 3. Simple 1-RTT Handshake
In this example, the simplest possible handshake is completed. The In this example, the simplest possible handshake is completed. The
server is authenticated, but the client remains anonymous. After server is authenticated, but the client remains anonymous. After
connecting, a few application data octets are exchanged. The server connecting, a few application data octets are exchanged. The server
sends a session ticket that permits the use of 0-RTT in any resumed sends a session ticket that permits the use of 0-RTT in any resumed
session. session.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 33 21 0a 80 c1 a0 78 c8 52 0d 00 71 0a private key (32 octets): 1c ca bb 6e 08 b3 86 c8 d6 9e db 0d 7f
06 7b 00 59 68 26 01 05 f4 bf b5 94 a7 13 2b 62 34 33 ab 7c 36 08 47 23 4f e4 85 bc 1c fc a4 18 b2 7e 40 b8 6c 8b
public key (32 octets): fa 0c d2 25 02 a7 23 6a e7 59 9e e0 14 16 public key (32 octets): 2e 59 6f fe 6d 68 c4 f4 02 cb 0f 49 84 1f
e8 05 d7 15 55 93 f0 28 b7 a6 f6 dd f4 9b ad 1a 6f 36 11 f1 ff 97 32 1d 32 42 54 d3 18 52 9a 77 cc d9 88 06
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (190 octets): 01 00 00 ba 03 03 3a 02 32 16 f4 df 71 db payload (190 octets): 01 00 00 ba 03 03 01 6a 95 72 55 63 a4 a5
f2 af d6 09 5f aa cd 8e b9 12 02 36 ca 79 90 c2 0d 40 cb 69 09 2c 6a ae 5b 86 f8 ec a3 21 a9 a3 57 48 1e b7 84 7e 9a 9d a4 12
57 75 35 00 00 06 13 01 13 03 13 02 01 00 00 8b 00 00 00 0b 00 20 b6 66 00 00 06 13 01 13 03 13 02 01 00 00 8b 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00
00 00 33 00 26 00 24 00 1d 00 20 fa 0c d2 25 02 a7 23 6a e7 59 00 00 33 00 26 00 24 00 1d 00 20 2e 59 6f fe 6d 68 c4 f4 02 cb
9e e0 14 16 e8 05 d7 15 55 93 f0 28 b7 a6 f6 dd f4 9b ad 1a 6f 0f 49 84 1f 11 f1 ff 97 32 1d 32 42 54 d3 18 52 9a 77 cc d9 88
36 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 06 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 02 02 00 2d 00 02 01 01
ciphertext (195 octets): 16 03 01 00 be 01 00 00 ba 03 03 3a 02 ciphertext (195 octets): 16 03 01 00 be 01 00 00 ba 03 03 01 6a
32 16 f4 df 71 db f2 af d6 09 5f aa cd 8e b9 12 02 36 ca 79 90 95 72 55 63 a4 a5 2c 6a ae 5b 86 f8 ec a3 21 a9 a3 57 48 1e b7
c2 0d 40 cb 69 09 57 75 35 00 00 06 13 01 13 03 13 02 01 00 00 84 7e 9a 9d a4 12 20 b6 66 00 00 06 13 01 13 03 13 02 01 00 00
8b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 8b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 fa 0c d2 25 03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 2e 59 6f fe
02 a7 23 6a e7 59 9e e0 14 16 e8 05 d7 15 55 93 f0 28 b7 a6 f6 6d 68 c4 f4 02 cb 0f 49 84 1f 11 f1 ff 97 32 1d 32 42 54 d3 18
dd f4 9b ad 1a 6f 36 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 52 9a 77 cc d9 88 06 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 9d ae 7f c7 6c 00 9e 64 32 41 68 c6 27 private key (32 octets): 13 61 1f 76 71 f7 4e fe 91 3e cb 24 26
99 1a 97 d3 95 9e 32 e7 c8 45 0c 14 f3 b5 30 bf 75 ef 87 f8 cf 48 df 50 67 f4 a7 ec b0 d0 27 96 af a5 2c a4 72 4f
public key (32 octets): aa 6c be 84 01 8c c1 a7 43 75 b6 d4 ea 18 public key (32 octets): 49 53 6b a3 f5 a9 f9 cf 46 7f e1 bd 67 03
ad 51 71 c1 50 ae 55 80 a8 4c 62 ef 05 21 a1 16 8a 25 52 c3 dd 92 57 e4 d5 63 22 7d a9 0a 07 d2 0c ef 96 6f
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 5, line 20 skipping to change at page 5, line 20
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): de 19 c3 5f f1 64 46 31 c4 b4 59 9a 22 2c ee eb ikm (32 octets): 0b c3 7c 6e 7c 83 66 38 4b ad d8 e9 00 57 b9 c2
31 aa 4c f3 03 ef 15 48 de 68 ea 83 c9 4b 78 1c 39 21 3e 19 8e f3 95 aa 2d 69 0a ae 1b 4e 9a 44
secret (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f secret (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba
b2 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b 41 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f b2 PRK (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba 41
97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae
hash (32 octets): 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a 4b hash (32 octets): df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0 44
a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc 8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a 61 66 66 69 63 20 df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0
4b a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc 44 8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63
output (32 octets): ed 5d 2e 57 8f 39 41 2a 63 a1 8e 68 d4 52 e4 output (32 octets): a4 d4 cd ed fb 3c 07 d7 be 78 85 8c 0b 63 38
09 21 5b 42 a8 63 40 29 f2 4c c9 c7 bb 3c 4d 29 de eb 48 02 f1 58 88 ad 14 c1 ef 56 20 74 35 84 06 04
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f b2 PRK (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba 41
97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae
hash (32 octets): 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a 4b hash (32 octets): df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0 44
a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc 8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 58 53 80 f8 31 c7 62 08 c5 2c 34 8c 76 be 4a 61 66 66 69 63 20 df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0
4b a6 17 fd 16 da 68 b0 a9 50 38 82 fe ea ff 81 dc 44 8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63
output (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 output (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a
63 e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3 3f cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f b2 PRK (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba 41
97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): ff e0 3e bf eb 8e f7 7a b4 95 7f 14 95 2f be output (32 octets): 91 33 1f e1 94 ae 42 89 b8 3d f6 0d db ec 5d
d5 5a 1f 3b 9d 1c e9 4e 1e 00 f7 40 7d 99 72 99 1b 38 44 94 fb 5d a8 0c 63 4d c9 21 82 7c 9c a0 50 a6
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): ff e0 3e bf eb 8e f7 7a b4 95 7f 14 95 2f be d5 salt (32 octets): 91 33 1f e1 94 ae 42 89 b8 3d f6 0d db ec 5d 38
5a 1f 3b 9d 1c e9 4e 1e 00 f7 40 7d 99 72 99 1b 44 94 fb 5d a8 0c 63 4d c9 21 82 7c 9c a0 50 a6
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 secret (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5
d8 4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14 0f 4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 42 ec 65 e2 f1 86 19 05 8f payload (90 octets): 02 00 00 56 03 03 5e d8 d9 fa bb 99 81 14 89
0a e6 42 76 a1 0d 47 b3 5d 5f 26 75 0b c5 a9 b7 aa c6 30 9f 19 1b 1a c3 82 95 42 e5 d6 f8 dc 55 72 70 48 04 13 e4 7f 65 f6 fa
75 71 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 aa 6c be 84 01 af 31 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 49 53 6b a3 f5
8c c1 a7 43 75 b6 d4 ea 18 ad 51 71 c1 50 ae 55 80 a8 4c 62 ef a9 f9 cf 46 7f e1 bd 67 03 52 c3 dd 92 57 e4 d5 63 22 7d a9 0a
05 21 a1 16 8a 25 00 2b 00 02 7f 1c 07 d2 0c ef 96 6f 00 2b 00 02 7f 1c
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 42 ec 65 ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 5e d8 d9
e2 f1 86 19 05 8f 0a e6 42 76 a1 0d 47 b3 5d 5f 26 75 0b c5 a9 fa bb 99 81 14 89 1b 1a c3 82 95 42 e5 d6 f8 dc 55 72 70 48 04
b7 aa c6 30 9f 19 75 71 00 13 01 00 00 2e 00 33 00 24 00 1d 00 13 e4 7f 65 f6 fa af 31 00 13 01 00 00 2e 00 33 00 24 00 1d 00
20 aa 6c be 84 01 8c c1 a7 43 75 b6 d4 ea 18 ad 51 71 c1 50 ae 20 49 53 6b a3 f5 a9 f9 cf 46 7f e1 bd 67 03 52 c3 dd 92 57 e4
55 80 a8 4c 62 ef 05 21 a1 16 8a 25 00 2b 00 02 7f 1c d5 63 22 7d a9 0a 07 d2 0c ef 96 6f 00 2b 00 02 7f 1c
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 63 PRK (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a 3f
e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3 cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 6b de 0a 34 c4 42 3c f3 5b f4 a7 ec 1a b0 key output (16 octets): 33 0f a2 49 0d 3c a4 eb 83 48 8e 36 f9 e8
aa 06 fd 58
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 22 07 9a 1b e6 53 89 9a 59 a4 e5 51 iv output (12 octets): 4a 86 a3 a1 e8 c7 cc 6c 37 7d fe 1a
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 63 PRK (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a 3f
e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3 cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 1c a5 43 d9 08 b8 ec 1c b7 25 55 7f 83 c4 de output (32 octets): 90 8f 48 22 03 d1 39 ef da cc 57 22 4b db 67
03 f1 71 85 07 b9 0a e4 39 ec 84 92 c2 22 5d 6e 75 6c 45 46 21 c6 b7 1f 0b 22 d0 a7 60 20 0b ca 6e 29
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b
00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02
01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36
skipping to change at page 8, line 11 skipping to change at page 8, line 11
d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28
a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09
06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05
a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85
aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a
7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31
9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e
67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e
b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40
9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d
e1 00 00 0f 00 00 84 08 04 00 80 60 79 53 73 40 82 02 3f d3 8f e1 00 00 0f 00 00 84 08 04 00 80 57 bb 8c 7d 37 ba 54 60 f1 10
e9 bd 96 ea f9 dd e4 45 12 7b ef 6f c8 5b 2a 29 82 27 a9 0d 26 7b 7c d8 98 09 6d 52 90 98 c6 e9 50 19 cb c1 f9 f0 f7 b6 7c e8
12 28 11 7b 93 f7 6c 00 02 56 02 b8 5b e9 6e 6e 75 a2 5b 72 bd 40 81 32 d6 e5 23 86 44 ba e0 b2 3b 30 90 7c 7b 70 ca 58 b0 bc
d9 38 9d 7c 97 95 f3 14 24 60 17 18 9d 4b dd 30 b8 38 17 f5 9a 13 1b 6a 75 3a 42 03 3e b6 4b 14 ec ee de 85 f6 93 17 74 2d f6
5b c3 66 9a 98 d6 41 64 fd c7 80 77 2d ca 3d 06 63 79 24 1a 21 23 a3 8b 32 80 45 1d 0c 7f 04 2a df fd 6e a2 3a 4f 78 96 ae 3b
32 c4 07 1e 21 f9 f3 f0 cd 1d f4 06 ab 1d 37 bd db 13 e1 c2 93 21 a5 b0 65 bf 85 67 81 bf 03 08 df 04 06 7c 6c 6b 1e 41 9a 6b
f8 a4 46 8b 8e 5b c9 09 e5 78 94 e0 f1 14 00 00 20 16 cb aa 5b 4c ed cd 4f 12 5f 61 9d 1b 3d 9f 82 5b 14 00 00 20 bf bf 3e b1
9c 4d 04 ea 5c 83 b2 0b 4c 88 04 7e 8f 95 d9 60 5b 71 24 d1 1d 7c e6 5a af c8 63 19 41 f3 60 92 1b 5e 31 4a db b0 06 34 62 ca
de b1 91 bb 6b 6d 18 f1 e7 8b 3f c5 9b 3e
ciphertext (673 octets): 17 03 03 02 9c c7 ad d2 3a 51 68 b1 f3 ciphertext (673 octets): 17 03 03 02 9c d1 f3 a3 49 88 3a ac cd
49 b7 59 e3 6b 17 1d ab c9 0b aa 31 29 a9 83 81 35 a2 2d a4 d2 f9 7e 4f d1 70 da 97 2e 72 79 28 e5 23 19 37 a9 cf 80 66 7e 15
d5 96 c9 4b 86 f6 af be 4d 7e 6d 6d bd 07 0b 84 f7 0f 33 fa 57 b5 be 72 d5 12 ab ba c8 f3 c2 50 10 eb b2 c7 ba a1 34 e4 09 44
91 7d 7f 44 b1 e0 6d 47 46 64 3b fb 8f 2c dd 0a 2e db 1d 43 b7 2d ee 9d 59 e5 dd 88 3f 47 f9 bb 07 3b 28 c1 59 dc 8f 6b 6f fa
32 26 b1 be f9 5c 34 58 41 d1 20 fc 70 8d 49 09 bf a3 42 e4 99 73 78 2f 49 b9 1f 00 7e 1d 8c 00 8b 6b f6 78 62 09 e6 f2 dd ef
33 c1 00 02 03 3f ee 1e 82 67 0b 26 50 ba 93 c5 3a 87 f8 6d 5c 6e e6 22 12 d2 bc 3b b6 ff 23 89 79 12 83 11 8f 16 33 34 71 c1
bf 51 26 ad 05 58 6f 97 b1 31 4f 21 c0 b7 a2 0c 4b 4f 90 c3 66 4d 3b 0b 10 d7 07 d5 32 db 92 05 a7 b4 2b c7 ac 42 c6 30 56 79
ec 8e d8 49 be a6 d5 b2 e0 bb 88 4f 9e 98 d7 19 5a 42 8f f8 d1 d1 0a 09 66 ff af 0d 0a 71 cb a8 60 0d 30 17 a2 16 98 81 6d 30
26 5a 67 58 84 f3 8a 43 60 68 e3 72 9f 8a 50 99 1b f8 61 37 95 66 f4 6c 6f a6 d4 be 37 93 09 e7 d1 38 a9 31 29 af 5d 2e fb b1
0c 5e 0e b3 ad a2 23 59 c2 5a f7 00 31 cb 18 00 8c 2f a6 e7 c8 1f 06 aa 85 42 1c a9 28 57 e6 1c e9 28 c9 60 ce 25 1b 67 eb 1f
dd 70 58 f8 ec e9 23 b0 96 7a c5 ed c0 39 7b 9d 9a ae cf 3f 0d c9 fe c9 c4 db 72 d3 f6 9c 16 e6 d6 fa c5 e8 21 7a e3 d9 f5 ba
cc 59 83 a4 76 9e 26 0f 15 e6 83 78 74 18 ce 06 75 47 ad f9 fa 52 41 00 9a 0b 94 57 65 a6 dd 9c 28 49 77 8a a9 62 ae a6 f9 85
75 93 24 7d f7 d5 a1 60 32 7b de 57 f8 eb e4 74 55 6b 93 97 9f 70 4b 60 0a 5a a4 03 05 b1 dd 27 f4 a2 e1 6e 24 f9 38 cd 8d ed
ae 3c d2 fa 90 c3 b5 e7 77 d6 2f 3b 1b 11 bb 92 08 a6 8d 55 06 11 38 cb c4 a5 48 fd b2 08 51 9a 7d d0 6b e9 90 ff 0d 8c aa 5c
24 6f 76 ac ef b5 7d b1 b6 37 b4 60 38 24 1d aa 6a 07 b7 dd 8d 5f 9a e9 ea 35 6f 5d e7 a5 62 4d 5c a9 64 44 95 32 e1 a7 c7 a0
45 c4 7b e1 2f 7e 5a 71 a1 00 95 02 9e ed 7e 27 8d de a9 f4 46 df e1 37 b1 70 11 4c d5 f5 11 98 71 18 d7 ee df cd 75 98 43 05
2c 68 9e 1b c6 eb c6 b8 84 da b7 f9 de e7 6f 30 08 73 63 85 05 93 0e 12 26 89 26 90 f6 55 5b a1 f0 43 cf fa ff 2f f7 36 37 93
f9 00 3c de 12 e4 28 24 ff 3a 17 64 3d a1 a7 62 7c 16 6c 89 38 97 fd 65 9a 07 4e 4f c1 e0 d9 53 9f 8c c3 07 47 a9 c2 3c fa 09
5c de 80 87 4b be 7a 19 ff 5c 5e 1a cd 94 eb 26 1b d4 90 4d 4e 0e 49 f1 17 70 e5 52 6f 8e cb 0c 2d 31 de 53 2d be 22 54 01 7c
70 85 24 f3 8d 51 0d 17 2c 6d 61 79 fe e3 dc bb 80 85 b2 f4 3f 35 6b b1 fd 9a c8 63 b6 db 9e 36 70 5f 3b 48 d7 dd 88 f2 8b 92
fe 1c 39 b6 4e 49 34 a3 4c d0 91 fe fe ce 76 1c 74 0e 63 d1 e0 a5 08 2a e8 15 73 f6 91 0a 2f 6f a1 d6 ca ac 0e ef 5a 15 23 44
4a 83 b0 55 75 15 26 0d 8b 40 b0 86 1b d7 75 91 4b 81 24 d6 ec 5b ce 23 11 52 84 7b 3b bc c8 47 ee 30 78 0d bf 46 6e b3 5a fc
42 e6 74 fb e4 8b c6 cf 5a 08 cf fa 98 00 15 08 61 33 27 85 6e d9 e0 31 b0 c1 5e 1c ea 34 13 4e 49 5f a6 cf 36 44 a5 dd 3b db
d7 3f 95 2d b6 fd 9f eb 08 85 56 6d 91 79 3e 50 34 ac da 39 8b 46 18 54 51 f9 8b 94 14 ef c9 f1 0a d5 55 a2 a0 de 25 f3 5f 7d
40 3b 6a ce 62 35 47 d5 2f f7 19 98 fe 31 a1 ef d7 f6 fb 85 ea 4a 6b 28 c4 a8 02 cd f2 68 f4 ed 62 f2 1e b5 9d d3 a4 99 f4 2d
b2 06 94 db f4 d5 00 0f 22 10 bc 3d 31 24 22 f9 d5 8d e9 d3 60 3a 84 fe f1 2d a3 79 4c 61 ae 6a 77 34 71 ee 53 e0 b8 70 69 82
39 bf 8f ae e9 e8 38 33 8c bf 36 b2 b4 82 bd b5 2c 1d 52 32 3b 66 5c 08 00 7c e5 22 d0 78 e9 01 d3 9b 11 b5 8f 01 94 16 e6 0c
a7 4f b2 42 30 64 f9 3f e7 dc 11 54 4f cd ac 52 10 b8 78 91 a1 f6 e9 93 e9 4c cd 45 0a 6e e1 0f c7 f5 a6 92 46 c7 83 5f b0 92
7a 14 9b 3c 83 a8 f5 f4 ed b7 63 53 82 01 f7 77 d6 0a e0 5f 36 11 82 16 b7 0e dc 83 13 66 8c d1 94 8e ea 29 69 b0 68 ef dd 6c
a8 2a d6 50 a0 8d a3 64 0e 97 4d 90 ab a9 31 c1 4d 81 c6 ed 19 96 70 6e e5 b0 67 3d 38 c3 b2 59 5e 0b 7a 89 46 49 24 67 5c 74
1f 32 36 28 72 d1 0b f9 a6 b7 3a c2 a9 e2 89 7b a0 df 61 c6 97 4b da a5 85 19 9b 13 61 c4 27 be ad be 5e fa ed 4c ed 75 1c 17
35 37 a1 10 e5 d4 6c 35 62 75 89 65 36 f3 16 18 72 2a 56 ff 7d e2 1e b8 fa 77 f7 8b 0b 48 4e cd 89 3d 1f 33 56 8b 73 d5 a6 75
b2 8a 53 c6 c7 73 3c bb 47 b4 5b 4a c1 7b ec 31 f2 0e
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8 PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f
4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14 4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37
hash (32 octets): 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e hash (32 octets): b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6
32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 61 66 66 69 63 20 b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90
8e 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c b6 fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35
output (32 octets): f7 1a e9 97 5d 12 75 6a 41 53 17 a4 4c 63 01 output (32 octets): 5e 5c 1f fe 68 ac e5 1e 41 18 4f 94 b3 2b ad
6e 98 39 5d 1e cd da 48 9b cc af 4a 3e 86 3f 87 35 a9 23 ad 4c c5 97 aa 79 61 98 bb f6 51 5f 81 2d a6
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8 PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f
4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14 4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37
hash (32 octets): 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e hash (32 octets): b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6
32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 61 66 66 69 63 20 b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90
8e 32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c b6 fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35
output (32 octets): e4 25 33 b9 1b e3 2a 43 fb 9e 5b 7d 9a 00 2d output (32 octets): 60 28 ef a6 f1 a1 60 f6 99 83 cc 71 fc 16 d2
59 d8 c7 47 b0 83 b5 72 76 ed 98 bd 46 89 33 f6 72 58 af 39 bb ec 9f 49 20 b2 cc e9 17 df 46 df ea 84
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8 PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f
4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14 4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37
hash (32 octets): 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e hash (32 octets): b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6
32 e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 87 c5 9a d5 4c f0 89 e9 40 06 d8 eb b0 80 8f 8e 32 74 65 72 20 b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6 fe
e5 44 b1 b0 79 18 3b 8b eb 89 8e 80 b6 5a 6c 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35
output (32 octets): 14 2d 61 52 63 bc e0 27 60 74 9e c8 d3 8e ac output (32 octets): ce d4 f0 d7 52 e8 7a 2a b4 12 e6 8b 87 e1 d3
7a b0 ce 85 0f c1 e3 87 85 a0 33 8b 7e 74 d4 65 b2 a9 55 63 9b 8b 08 9a f1 05 6d 66 88 0a e8 6b 68 92
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): e4 25 33 b9 1b e3 2a 43 fb 9e 5b 7d 9a 00 2d 59 PRK (32 octets): 60 28 ef a6 f1 a1 60 f6 99 83 cc 71 fc 16 d2 58
d8 c7 47 b0 83 b5 72 76 ed 98 bd 46 89 33 f6 72 af 39 bb ec 9f 49 20 b2 cc e9 17 df 46 df ea 84
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4e 01 d3 e4 ac 71 a2 83 4b b5 71 29 bb 88 key output (16 octets): 60 22 e5 dd af 3f 2f d9 db 39 92 3d 13 65
bf d6 26 a5
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a4 45 9e a6 d6 d7 fb 65 91 6b b8 fa iv output (12 octets): 93 4e 1e c5 0b 75 8e 6c 60 e6 86 aa
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): ed 5d 2e 57 8f 39 41 2a 63 a1 8e 68 d4 52 e4 09 PRK (32 octets): a4 d4 cd ed fb 3c 07 d7 be 78 85 8c 0b 63 38 eb
21 5b 42 a8 63 40 29 f2 4c c9 c7 bb 3c 4d 29 de 48 02 f1 58 88 ad 14 c1 ef 56 20 74 35 84 06 04
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): fd 24 5c 26 ad 85 0f e2 d3 1b f9 6d 87 fe key output (16 octets): d4 d7 6a f0 5a 04 e1 d3 2d 8a 1f 17 84 06
f2 56 10 1f
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): bd 1f de f0 52 bb 30 8c 0a 88 c1 1c iv output (12 octets): f1 8b 1f 02 a5 01 0c 4d 45 b1 81 d9
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 11, line 17 skipping to change at page 11, line 17
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): de 19 c3 5f f1 64 46 31 c4 b4 59 9a 22 2c ee eb ikm (32 octets): 0b c3 7c 6e 7c 83 66 38 4b ad d8 e9 00 57 b9 c2
31 aa 4c f3 03 ef 15 48 de 68 ea 83 c9 4b 78 1c 39 21 3e 19 8e f3 95 aa 2d 69 0a ae 1b 4e 9a 44
secret (32 octets): 95 96 d5 36 cf ab b0 51 28 69 b3 c3 66 39 1f secret (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba
b2 97 59 36 a8 cd da 1f 8c 66 b5 f0 26 54 04 5e 6b 41 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): 76 53 d6 19 95 c3 c7 b9 a7 db 6e f8 80 0d e0 63 PRK (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a 3f
e2 c4 10 1d 52 15 01 1c 8a 28 36 6e 8a 44 9b b3 cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 6b de 0a 34 c4 42 3c f3 5b f4 a7 ec 1a b0 key output (16 octets): 33 0f a2 49 0d 3c a4 eb 83 48 8e 36 f9 e8
aa 06 fd 58
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 22 07 9a 1b e6 53 89 9a 59 a4 e5 51 iv output (12 octets): 4a 86 a3 a1 e8 c7 cc 6c 37 7d fe 1a
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): ed 5d 2e 57 8f 39 41 2a 63 a1 8e 68 d4 52 e4 09 PRK (32 octets): a4 d4 cd ed fb 3c 07 d7 be 78 85 8c 0b 63 38 eb
21 5b 42 a8 63 40 29 f2 4c c9 c7 bb 3c 4d 29 de 48 02 f1 58 88 ad 14 c1 ef 56 20 74 35 84 06 04
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 3a db dd 16 1f ca 16 ee 0b 3e ee c3 58 09 98 output (32 octets): ca 71 d4 6a cd 46 bd 20 90 b3 c6 c4 f2 39 2e
0a 62 86 14 6f ac 25 d2 7b a9 7b 2a fa 3a 66 f9 b0 e2 13 4c e0 bf 7b 7d ed 78 24 e3 aa b9 4c 5a 7c 4b
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 e4 dd f9 c5 4e 5c 65 83 5b e0 e9 payload (36 octets): 14 00 00 20 de cc f6 f8 1b 07 0d d0 0e 02 78
f2 57 03 09 b1 06 f6 72 6e c0 88 2f ca e7 13 8b d7 93 cc c7 1b 8e 04 90 94 7a 37 61 89 4c ab 21 c2 9c 4b 16 eb 3d 91 13 e4 e4
ciphertext (58 octets): 17 03 03 00 35 e8 a7 c0 73 d2 d5 90 fb a2 ciphertext (58 octets): 17 03 03 00 35 72 67 bb b3 57 e3 66 8a fe
33 02 b7 1e 8c 3c ba 0b d4 54 28 97 0c ec de d3 ae 95 24 95 98 88 38 71 31 40 7b e5 12 93 53 01 51 df 34 30 e0 32 b4 7a bd 24
12 7a af 08 ed 15 b8 86 7b 08 67 e2 71 1d 9c e3 97 38 21 e9 a9 87 47 42 fa 75 0d a1 84 ed 7b 5f 1c 81 39 fc 2f 14 d2 c8 55 81
ca dd 7c e2
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): f7 1a e9 97 5d 12 75 6a 41 53 17 a4 4c 63 01 6e PRK (32 octets): 5e 5c 1f fe 68 ac e5 1e 41 18 4f 94 b3 2b ad a9
98 39 5d 1e cd da 48 9b cc af 4a 3e 86 3f 87 35 23 ad 4c c5 97 aa 79 61 98 bb f6 51 5f 81 2d a6
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): ac 85 66 33 d0 d3 1c 93 c8 53 ba 4a 51 b5 key output (16 octets): b3 84 bc a1 b8 df e4 3c 76 37 84 65 0f 70
de f8 e2 70
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 0d a9 f7 fe 9e 8d f9 98 05 12 e5 46 iv output (12 octets): 87 b1 c1 a2 d5 f8 4a e7 74 b4 51 34
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): fa 2f 37 bc 3a 87 b5 9c 46 10 26 27 17 59 84 d8 PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f
4e 03 5f a5 64 75 9c 1e ec 3b 96 4c e9 7a 1f 14 4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37
hash (32 octets): 80 ec 58 20 f2 d2 75 b0 7a 13 77 80 c4 ad 21 40 hash (32 octets): 94 4b a6 82 91 6b e1 4d 32 da d5 f8 99 79 83 2f
4f 36 36 f0 09 11 33 eb f4 0b 9e 83 4c a4 81 45 6d d5 0e 47 31 15 0e 3e 86 56 39 37 3b ac 83 f7
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 80 ec 58 20 f2 d2 75 b0 7a 13 77 80 c4 ad 21 40 4f 74 65 72 20 94 4b a6 82 91 6b e1 4d 32 da d5 f8 99 79 83 2f 6d
36 36 f0 09 11 33 eb f4 0b 9e 83 4c a4 81 45 d5 0e 47 31 15 0e 3e 86 56 39 37 3b ac 83 f7
output (32 octets): af b3 24 6c 40 8d c0 40 5b a4 c3 2f 40 3b df output (32 octets): 49 d5 94 20 40 47 00 a8 e2 ee 7a cf 46 82 87
bb 14 8c 27 ad 59 5a 92 0c f7 12 84 e8 60 8b 48 4d 54 4f e6 01 b2 31 97 a0 e1 63 5a 47 4a d6 53 6d 74
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{server} generate resumption secret "tls13 resumption": {server} generate resumption secret "tls13 resumption":
PRK (32 octets): af b3 24 6c 40 8d c0 40 5b a4 c3 2f 40 3b df bb PRK (32 octets): 49 d5 94 20 40 47 00 a8 e2 ee 7a cf 46 82 87 54
14 8c 27 ad 59 5a 92 0c f7 12 84 e8 60 8b 48 4d 4f e6 01 b2 31 97 a0 e1 63 5a 47 4a d6 53 6d 74
hash (2 octets): 00 00 hash (2 octets): 00 00
info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74 info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74
69 6f 6e 02 00 00 69 6f 6e 02 00 00
output (32 octets): cd 0b 4e db 66 32 41 4e 03 e9 a1 fb 9c bf 10 output (32 octets): 46 3a 87 db 89 89 ca 34 e2 ab 45 92 9d b5 45
68 c1 3d 7e 0f 94 f7 1d a2 6a 69 51 ba f7 52 9e 76 89 40 23 a8 3d 13 9b f5 68 34 17 13 19 87 47 ae 86
{server} send a NewSessionTicket handshake message {server} send a NewSessionTicket handshake message
{server} send handshake record: {server} send handshake record:
payload (205 octets): 04 00 00 c9 00 00 00 1e 83 6a d9 92 02 00 payload (205 octets): 04 00 00 c9 00 00 00 1e f4 34 71 a2 02 00
00 00 b2 20 69 93 e6 82 7e f6 98 84 68 d2 55 00 00 00 00 6a 30 00 00 b2 0f 63 7d a7 09 04 33 70 d0 60 00 06 00 00 00 00 2d fe
23 72 43 90 67 fc 81 f4 d3 17 f1 b1 ef 33 00 70 15 93 bc b0 32 b5 7a a8 7b 9c f1 76 0a 8a b4 91 d4 fb 0f 00 70 3d 7a 42 b6 a9
cc ea 52 8c 5a 07 c3 7b 16 6f 89 7a 83 b7 15 48 18 b7 d1 1a 4e 87 ef d2 4a fb bd 2b c6 06 9d c9 03 d4 c2 d3 f0 4f dd 3d 8e 95
90 7c da 4e 3f af 48 95 97 21 44 b3 a7 d9 96 8d 96 28 b6 e5 66 97 0a 7b 78 aa 2c e8 28 75 72 4f 8a 82 75 d1 65 e7 7b e4 7d 59
9c ce f4 26 0e 45 d6 4d 22 d3 b6 1a b5 7b 7f 59 dd f7 e2 cf 7a 0e aa ab fa 5f 4c 2d f0 46 71 a0 44 d8 4c f5 cc da c5 88 7d 6b
19 6f 9a 32 a3 d9 4f ea 13 eb 25 ab 2d 73 35 78 83 80 dc e7 4d e7 fe 2e 52 80 d7 a5 0f 23 fc 9c d4 a5 43 01 9e 41 94 63 c4 ee
47 76 8e cf f4 67 9e 88 af ac a6 18 97 b9 1c 53 ee 85 82 2c 9f 29 8f d3 2c 01 93 34 b7 ab bb 78 d4 f2 a1 cf 4e 0f e1 60 aa 72
08 7b e4 05 8f ed 0d 6e b5 e2 68 e6 54 f4 ec 0c 67 5f fb 08 6e 86 19 3f da 28 8c 97 d5 ba 39 75 5f 25 b7 a4 a8 f0 63 01 24 88
06 7d 04 39 e3 9d ca f1 fb 60 31 98 db 00 08 00 2a 00 04 00 00 3d 2c 66 78 78 75 d6 7a 0f 6e b0 ba 71 00 08 00 2a 00 04 00 00
04 00 04 00
ciphertext (227 octets): 17 03 03 00 de a7 77 b6 77 11 b5 34 f1 ciphertext (227 octets): 17 03 03 00 de 64 1b 9e 9f fc 8e 0b 0c
0e 38 1f 45 1f 16 da 00 20 dd 9a af a4 9d b4 62 c2 35 dc cc 6d 3f fb c6 46 44 34 fb 66 8c a2 63 e3 9f 89 7c 0c 55 06 45 49 40
bf c6 39 9c 7e ec 88 ae 2a d6 8b 97 ca 23 b1 72 15 59 e6 6f 67 0b 3b 29 3a 1c 03 44 31 e9 f9 85 ab c8 40 0b e5 fd 4f 99 29 0f
7c e6 8c d1 06 7f 41 27 7b ac 40 bb b9 3e 5b 81 0d b4 3c 1c 80 13 7b eb 4b a2 46 df a7 87 e4 5c 02 3a de b5 5b e2 f9 a8 42 09
bd 8b 72 17 17 ba 23 c6 a0 52 ef 78 b6 dc 2b be b4 da e0 06 77 90 f5 2a ac 47 ef e9 7e dd 85 32 d1 14 0a d0 b1 b5 47 96 13 10
8b ab 88 a7 a5 d1 7e a3 b6 3f 12 6c 24 67 33 cc 15 b6 28 b5 b7 3c ed 0e 14 ad b1 16 ae f6 74 fd 86 64 9d ec a8 8f 84 3a 23 ab
43 71 6d 85 f8 f1 f6 77 32 91 c7 37 ae 06 f5 f6 ae 95 6b c3 00 5f 3d e4 77 6b aa a3 da 74 36 4a 21 03 e3 46 ed 89 58 98 ed a4
5d f2 a0 64 94 b0 65 77 68 84 3a e8 fe 95 0e be 81 da 4a c9 9c b7 10 b7 43 c9 1f 1f 53 71 e3 16 00 c1 3c 40 57 7a 2b ab 9c f1
34 e8 e5 73 d5 99 63 75 bb 82 2b 51 67 b4 ae 3f 9c 06 76 f7 e7 33 86 ff 41 4d 2e b8 b6 df 95 d3 a8 48 cc 8f 4f 48 18 3e 05 b8
94 a1 61 0f cb 12 e8 f7 9f 08 75 91 3d b9 67 c8 17 90 e9 6f 60 f1 5a 05 0f c5 92 52 6c ab 9a d2 96 80 b5 a3 9d 53 06 26 a9 95
4e dd 6c 06 c7 70 a2 c0 a8 f6 50 27 8d 22 03 94 8e a6 b2 3c 14 ca 0d 62 73 ff 7e 67 44 3d c1 f4 59 dc 47 11 30 d3 20 0a d6 e2
d3 89 97 4a 5d b4 48 03
{client} generate resumption secret "tls13 resumption" (same as {client} generate resumption secret "tls13 resumption" (same as
server) server)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 98 45 d6 12 28 f1 d9 a5 da ciphertext (72 octets): 17 03 03 00 43 97 fc be 0b 4f 37 48 da 56
a3 2a 06 64 2c 43 68 1c cf 70 65 24 e2 8d 57 15 2f 6b 8f ac d0 92 ac fb d1 19 0f a7 b1 8b 10 5a 62 63 f4 79 a3 f2 6b ba 2f 31
89 fc 98 26 83 c3 30 a3 e1 1f 16 c5 f7 5d 2d 49 21 5c c0 8a 13 64 c6 fd 24 d5 6f d8 69 8e 4a d0 27 7f 2b 32 c7 d5 84 41 33 5f
a1 ec fd 41 a4 1b b1 38 c9 63 48 92 ab 22 63 00 35 0b 45 5c d6 8c 28 aa 71 fb 58 cb 86 cf 73 4a
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 01 0a 55 e6 e1 14 d0 51 60 ciphertext (72 octets): 17 03 03 00 43 46 1a 15 62 a3 41 d6 17 9b
0a b9 5e e7 a3 03 82 3a 23 ae c5 79 be df fa 3f c3 e0 30 18 01 c8 c6 26 2c 33 2b 18 70 9e 1d c8 10 98 6e 54 6c aa 34 07 a2 c6
95 f8 83 6b 58 3b af 9a 14 ae c3 77 be 43 73 a1 a5 ea a1 4e af c9 38 3d 52 40 21 5a a5 88 9f ba ed 1b b8 f0 40 b0 6c 82 74 fb
87 9d 3f ca 6f 9b 7e 46 bc 05 46 83 5d 76 71 e8 bd 41 0c b1 54 63 2b 86 a3 06 1d f5 5f 7a fa af
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 5f 93 e1 bd 82 9d 2b 00 9c ciphertext (24 octets): 17 03 03 00 13 42 db 77 cb a0 54 50 26 af
ad ac 13 3b 7f 0c 1e 8c 94 40 81 7f 90 9e 65 3d 50 90 3e 65
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 09 39 38 d7 0c 6a 9b 1c 9c ciphertext (24 octets): 17 03 03 00 13 70 bf 8b d2 98 53 2f 13 91
2e 35 6b 60 58 80 70 27 cd 6e ca a6 e6 0f 83 e0 b5 1d 79 4a
4. Resumed 0-RTT Handshake 4. Resumed 0-RTT Handshake
This handshake resumes from the handshake in Section 3. Since the This handshake resumes from the handshake in Section 3. Since the
server provided a session ticket that permitted 0-RTT, and the client server provided a session ticket that permitted 0-RTT, and the client
is configured for 0-RTT, the client is able to send 0-RTT data. is configured for 0-RTT, the client is able to send 0-RTT data.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 7f cf 6e 8b fb 63 48 3f 0a 1d 23 99 fb private key (32 octets): c8 c8 db ad 72 04 fb fe ed 20 ab 24 44
ce e4 d0 69 39 6c 17 02 62 fb d9 f2 46 81 11 af 24 ab 34 6a 9c 07 4d b3 5a 4b 07 ec f1 cc 9d 88 70 e8 fd 2e 1d d6
public key (32 octets): b5 b4 ca 2e 51 9a c8 32 92 3e af 84 f4 13 public key (32 octets): a2 e0 04 93 2f 3c d0 b3 c6 a2 9a de 11 8b
3d 53 b2 00 53 63 d5 a7 ad 8e 07 0b d0 fd 15 d6 92 08 46 7c 69 55 a6 c3 6a 1d 44 27 38 60 59 b2 26 f5 0c 0f
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): cd 0b 4e db 66 32 41 4e 03 e9 a1 fb 9c bf 10 68 ikm (32 octets): 46 3a 87 db 89 89 ca 34 e2 ab 45 92 9d b5 45 89
c1 3d 7e 0f 94 f7 1d a2 6a 69 51 ba f7 52 9e 76 40 23 a8 3d 13 9b f5 68 34 17 13 19 87 47 ae 86
secret (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 secret (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11
be d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63 8e 83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 04 5f b4 75 3e d5 65 30 5b 33 d2 04 0b 21 57 2d PRK (32 octets): e1 6f 14 f0 eb 94 d9 54 e0 f6 24 5d 7d 0e d0 e8
7d 24 b3 ee 18 e7 63 bd 1a 1b 20 cf 2a a6 1a 92 53 9f 66 38 28 10 6f 17 30 1c f5 de b2 06 a5 50
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 89 60 f7 a3 5f 8e e3 52 30 20 1e cf 77 f8 b1 output (32 octets): 68 08 1e cc c0 ef 70 30 ad dc 42 3a f3 95 c4
29 8f 77 73 0f 0d 84 ab 51 31 a4 bb 00 9b 4f 3d 1f 61 5c 83 67 4f 7d 0d 98 08 69 05 c5 2d a5 bf 66 4e
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 0b 27 b6 14 3a d0 49 dd payload (512 octets): 01 00 01 fc 03 03 eb ef 0b 92 25 8b ec d1
d0 4e 5c b7 bb 33 22 d3 60 f6 0a 9b 8e 65 07 bc 79 69 84 19 5b 07 3d cf f0 bb a7 da ad c7 b4 e8 14 df dd 1b 77 4b 0d 43 53 95
d4 e8 cb 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 2b c4 2b 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 b5 b4 ca 2e 51 9a c8 32 92 3e af 84 f4 13 26 00 24 00 1d 00 20 a2 e0 04 93 2f 3c d0 b3 c6 a2 9a de 11 8b
3d 53 b2 00 53 63 d5 a7 ad 8e 07 0b d0 fd 15 d6 92 08 00 2a 00 46 7c 69 55 a6 c3 6a 1d 44 27 38 60 59 b2 26 f5 0c 0f 00 2a 00
00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 00 00 00 00 00 00 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 29 00 dd 00 b8 00 b2 20 69 93 e6 82 7e f6 98 84 68 d2 55 00 00 29 00 dd 00 b8 00 b2 0f 63 7d a7 09 04 33 70 d0 60 00 06 00
00 00 00 6a 30 23 72 43 90 67 fc 81 f4 d3 17 f1 b1 ef 33 00 70 00 00 00 2d fe b5 7a a8 7b 9c f1 76 0a 8a b4 91 d4 fb 0f 00 70
15 93 bc b0 32 cc ea 52 8c 5a 07 c3 7b 16 6f 89 7a 83 b7 15 48 3d 7a 42 b6 a9 87 ef d2 4a fb bd 2b c6 06 9d c9 03 d4 c2 d3 f0
18 b7 d1 1a 4e 90 7c da 4e 3f af 48 95 97 21 44 b3 a7 d9 96 8d 4f dd 3d 8e 95 97 0a 7b 78 aa 2c e8 28 75 72 4f 8a 82 75 d1 65
96 28 b6 e5 66 9c ce f4 26 0e 45 d6 4d 22 d3 b6 1a b5 7b 7f 59 e7 7b e4 7d 59 0e aa ab fa 5f 4c 2d f0 46 71 a0 44 d8 4c f5 cc
dd f7 e2 cf 7a 19 6f 9a 32 a3 d9 4f ea 13 eb 25 ab 2d 73 35 78 da c5 88 7d 6b e7 fe 2e 52 80 d7 a5 0f 23 fc 9c d4 a5 43 01 9e
83 80 dc e7 4d 47 76 8e cf f4 67 9e 88 af ac a6 18 97 b9 1c 53 41 94 63 c4 ee 29 8f d3 2c 01 93 34 b7 ab bb 78 d4 f2 a1 cf 4e
ee 85 82 2c 9f 08 7b e4 05 8f ed 0d 6e b5 e2 68 e6 54 f4 ec 0c 0f e1 60 aa 72 86 19 3f da 28 8c 97 d5 ba 39 75 5f 25 b7 a4 a8
67 5f fb 08 6e 06 7d 04 39 e3 9d ca f1 fb 60 31 98 db 83 6a d9 f0 63 01 24 88 3d 2c 66 78 78 75 d6 7a 0f 6e b0 ba 71 f4 34 71
95 00 21 20 58 34 0e ab 95 8d 02 3c 39 84 b4 82 81 0b 58 ec 53 a5 00 21 20 b1 da ce 1d 97 d7 ff bf 46 1d f9 4d ec 70 f1 30 08
7c d3 d1 c6 a9 9d ca 87 1c 73 57 54 1d 45 2f f9 13 4b 9c c0 40 88 d9 6d 93 cf 73 18 5b d8
ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 0b 27 ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 eb ef
b6 14 3a d0 49 dd d0 4e 5c b7 bb 33 22 d3 60 f6 0a 9b 8e 65 07 0b 92 25 8b ec d1 07 3d cf f0 bb a7 da ad c7 b4 e8 14 df dd 1b
bc 79 69 84 19 5b d4 e8 cb 00 00 06 13 01 13 03 13 02 01 00 01 77 4b 0d 43 53 95 2b c4 2b 00 00 06 13 01 13 03 13 02 01 00 01
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 33 00 26 00 24 00 1d 00 20 b5 b4 ca 2e 51 9a c8 32 03 01 04 00 33 00 26 00 24 00 1d 00 20 a2 e0 04 93 2f 3c d0 b3
92 3e af 84 f4 13 3d 53 b2 00 53 63 d5 a7 ad 8e 07 0b d0 fd 15 c6 a2 9a de 11 8b 46 7c 69 55 a6 c3 6a 1d 44 27 38 60 59 b2 26
d6 92 08 00 2a 00 00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 f5 0c 0f 00 2a 00 00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 20 69 93 e6 82 7e f6 00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 0f 63 7d a7 09 04 33
98 84 68 d2 55 00 00 00 00 6a 30 23 72 43 90 67 fc 81 f4 d3 17 70 d0 60 00 06 00 00 00 00 2d fe b5 7a a8 7b 9c f1 76 0a 8a b4
f1 b1 ef 33 00 70 15 93 bc b0 32 cc ea 52 8c 5a 07 c3 7b 16 6f 91 d4 fb 0f 00 70 3d 7a 42 b6 a9 87 ef d2 4a fb bd 2b c6 06 9d
89 7a 83 b7 15 48 18 b7 d1 1a 4e 90 7c da 4e 3f af 48 95 97 21 c9 03 d4 c2 d3 f0 4f dd 3d 8e 95 97 0a 7b 78 aa 2c e8 28 75 72
44 b3 a7 d9 96 8d 96 28 b6 e5 66 9c ce f4 26 0e 45 d6 4d 22 d3 4f 8a 82 75 d1 65 e7 7b e4 7d 59 0e aa ab fa 5f 4c 2d f0 46 71
b6 1a b5 7b 7f 59 dd f7 e2 cf 7a 19 6f 9a 32 a3 d9 4f ea 13 eb a0 44 d8 4c f5 cc da c5 88 7d 6b e7 fe 2e 52 80 d7 a5 0f 23 fc
25 ab 2d 73 35 78 83 80 dc e7 4d 47 76 8e cf f4 67 9e 88 af ac 9c d4 a5 43 01 9e 41 94 63 c4 ee 29 8f d3 2c 01 93 34 b7 ab bb
a6 18 97 b9 1c 53 ee 85 82 2c 9f 08 7b e4 05 8f ed 0d 6e b5 e2 78 d4 f2 a1 cf 4e 0f e1 60 aa 72 86 19 3f da 28 8c 97 d5 ba 39
68 e6 54 f4 ec 0c 67 5f fb 08 6e 06 7d 04 39 e3 9d ca f1 fb 60 75 5f 25 b7 a4 a8 f0 63 01 24 88 3d 2c 66 78 78 75 d6 7a 0f 6e
31 98 db 83 6a d9 95 00 21 20 58 34 0e ab 95 8d 02 3c 39 84 b4 b0 ba 71 f4 34 71 a5 00 21 20 b1 da ce 1d 97 d7 ff bf 46 1d f9
82 81 0b 58 ec 53 7c d3 d1 c6 a9 9d ca 87 1c 73 57 54 1d 45 2f 4d ec 70 f1 30 08 f9 13 4b 9c c0 40 88 d9 6d 93 cf 73 18 5b d8
{client} derive secret "tls13 c e traffic": {client} derive secret "tls13 c e traffic":
PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e
d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63 83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd
hash (32 octets): 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 43 hash (32 octets): 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af e0
0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c 87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d
info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61 info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61
66 66 69 63 20 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 43 66 66 69 63 20 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af e0
0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c 87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d
output (32 octets): b0 ea 52 04 68 97 4f 91 39 58 7d cf f5 6f 77 output (32 octets): 6c 59 9c 07 27 75 ad e3 57 01 58 17 a2 f1 cf
85 69 96 02 fb c8 0c 0c 18 50 82 79 dc bf d0 7b 03 4f 3b ed 5e 44 7b a6 1c 75 1a 3a 45 f5 76 a5 bf 75
{client} derive secret "tls13 e exp master": {client} derive secret "tls13 e exp master":
PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e
d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63 83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd
hash (32 octets): 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 43 hash (32 octets): 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af e0
0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c 87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d
info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d
61 73 74 65 72 20 02 ce c3 cc b1 be e9 72 06 ff bf 5b 0e db f9 61 73 74 65 72 20 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af
43 0a d8 02 05 96 0c 04 ba ff ad b6 dc d3 81 b9 0c e0 87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d
output (32 octets): bc 79 ec a3 3d c5 5e 77 f4 a2 b3 1d e3 b2 eb output (32 octets): a8 fd 17 f5 b4 63 f3 82 fa 6c 36 e4 72 51 41
b7 ff 1a 03 16 e6 a2 ea 2e 1e d1 88 1e 65 c0 ee ba 55 d6 c1 df 3b 20 43 31 4c 9c 15 6c 36 b1 c2 7b d3
{client} derive write traffic keys for early application data: {client} derive write traffic keys for early application data:
PRK (32 octets): b0 ea 52 04 68 97 4f 91 39 58 7d cf f5 6f 77 85 PRK (32 octets): 6c 59 9c 07 27 75 ad e3 57 01 58 17 a2 f1 cf 4f
69 96 02 fb c8 0c 0c 18 50 82 79 dc bf d0 7b 03 3b ed 5e 44 7b a6 1c 75 1a 3a 45 f5 76 a5 bf 75
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): ad 52 61 5a d7 8f ef c8 30 d7 b5 23 c5 6d key output (16 octets): 62 9d 26 ba f5 21 45 c0 4f 7d 23 dc 78 c3
39 6c 55 49
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 1a 68 22 06 82 d9 52 2f 6f d9 80 cb iv output (12 octets): d7 a4 2a a7 a5 00 ef fb e7 dc 61 89
{client} send application_data record: {client} send application_data record:
payload (6 octets): 41 42 43 44 45 46 payload (6 octets): 41 42 43 44 45 46
ciphertext (28 octets): 17 03 03 00 17 f0 a5 2c ad f2 f8 10 e3 ea ciphertext (28 octets): 17 03 03 00 17 cd 4e a6 16 28 3d 3e a5 ad
31 4a 9e 0d 74 94 18 0c 07 e1 b6 dd 23 05 af 68 9b a4 12 e1 a2 31 05 d3 83 0f 11 85
{server} extract secret "early" (same as client) {server} extract secret "early" (same as client)
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 73 c0 5e e2 5c db 68 51 18 f0 f7 dd 5f private key (32 octets): 00 a9 a0 a6 d0 03 a5 a8 48 b0 ec c7 99
d2 dd 12 9d 17 a7 98 b9 1c c5 fe 62 ed 70 a9 ba af 53 2f 93 b6 a7 f4 c7 b2 3d 52 28 7f 34 61 a0 af 7e e0 53 0e c2
public key (32 octets): 47 d1 32 89 df 6f a0 fc 57 3c 74 fa 73 40 public key (32 octets): 6f e0 56 e9 fe b7 db 5f 5c fa 38 66 89 ce
a2 6f 43 38 28 70 7d e5 72 7e 68 28 cb d0 81 9d a9 76 ef 6a 11 9c e9 8b ae 4f 42 df 95 d4 e0 57 37 46 21 30
{server} derive secret "tls13 c e traffic" (same as client) {server} derive secret "tls13 c e traffic" (same as client)
{server} derive secret "tls13 e exp master" (same as client) {server} derive secret "tls13 e exp master" (same as client)
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e
d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63 83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8 output (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54
4f 34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d db 19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8 4f salt (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54 db
34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d 19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf
ikm (32 octets): 4f 81 91 7a 09 87 67 f2 22 5f cf 33 e8 a5 d5 33 ikm (32 octets): 40 29 ba 3a 16 b8 7f 62 16 d5 a1 3b d2 72 6b 3e
d6 88 3b d8 ee 16 00 b2 c5 e4 f0 e8 24 02 06 37 46 ff f7 44 ee b0 9d 4f 2e df fa 22 aa 3b e8 57
secret (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b secret (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87
8f 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93 fc f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b 8f PRK (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 fc
55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93 f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10
hash (32 octets): ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa 4c hash (32 octets): ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23 0c
d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91 0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa 61 66 66 69 63 20 ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23
4c d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91 0c 0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e
output (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 output (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e
8e 44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c 9e 8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b 8f PRK (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 fc
55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93 f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10
hash (32 octets): ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa 4c hash (32 octets): ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23 0c
d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91 0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 ab e0 a2 b9 a8 84 3e 92 93 a8 36 91 96 7c fa 61 66 66 69 63 20 ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23
4c d0 8d 8e fc 0b 13 63 39 a9 1a 6d 01 45 3d 32 91 0c 0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e
output (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 output (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb
33 a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19 b1 81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b 8f PRK (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 fc
55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93 f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): b2 da f2 ee a8 bb d9 2b 5d 84 12 d4 26 7a 3c output (32 octets): 57 7e 06 13 10 df 25 c2 6c e4 30 a1 e3 64 79
31 6c 09 cd 45 8e 71 ab dc c6 7b e6 b1 41 6c 0f 31 8b e1 0d f9 99 c6 a8 79 46 33 ac 1d de 56 6b c6 5d
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): b2 da f2 ee a8 bb d9 2b 5d 84 12 d4 26 7a 3c 31 salt (32 octets): 57 7e 06 13 10 df 25 c2 6c e4 30 a1 e3 64 79 8b
6c 09 cd 45 8e 71 ab dc c6 7b e6 b1 41 6c 0f 31 e1 0d f9 99 c6 a8 79 46 33 ac 1d de 56 6b c6 5d
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 secret (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22
19 61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02 ed 8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c
{server} send handshake record: {server} send handshake record:
payload (96 octets): 02 00 00 5c 03 03 3e 47 ec 55 17 e3 8e 7e f5 payload (96 octets): 02 00 00 5c 03 03 82 21 ab 7c ed 15 82 80 e4
cc bc 69 f9 2f 5b 20 b8 fa 46 a6 54 66 31 bb 99 fa 08 65 f4 af e3 35 09 f8 69 4f 69 3b 54 1a 73 00 04 8f df 31 3b 2b f5 cb a1
22 8c 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00 3c 19 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00
20 47 d1 32 89 df 6f a0 fc 57 3c 74 fa 73 40 a2 6f 43 38 28 70 20 6f e0 56 e9 fe b7 db 5f 5c fa 38 66 89 ce ef 6a 11 9c e9 8b
7d e5 72 7e 68 28 cb d0 81 9d a9 76 00 2b 00 02 7f 1c ae 4f 42 df 95 d4 e0 57 37 46 21 30 00 2b 00 02 7f 1c
ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 3e 47 ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 82 21
ec 55 17 e3 8e 7e f5 cc bc 69 f9 2f 5b 20 b8 fa 46 a6 54 66 31 ab 7c ed 15 82 80 e4 e3 35 09 f8 69 4f 69 3b 54 1a 73 00 04 8f
bb 99 fa 08 65 f4 af 22 8c 00 13 01 00 00 34 00 29 00 02 00 00 df 31 3b 2b f5 cb a1 3c 19 00 13 01 00 00 34 00 29 00 02 00 00
00 33 00 24 00 1d 00 20 47 d1 32 89 df 6f a0 fc 57 3c 74 fa 73 00 33 00 24 00 1d 00 20 6f e0 56 e9 fe b7 db 5f 5c fa 38 66 89
40 a2 6f 43 38 28 70 7d e5 72 7e 68 28 cb d0 81 9d a9 76 00 2b ce ef 6a 11 9c e9 8b ae 4f 42 df 95 d4 e0 57 37 46 21 30 00 2b
00 02 7f 1c 00 02 7f 1c
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 33 PRK (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb b1
a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19 81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0d 71 1f 45 1d c2 0e fc 7e f8 08 9b 44 79 key output (16 octets): 5f 3c 74 07 8c 9b 69 ca 92 fb 9e d0 b5 24
75 ac a0 4e
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ee 5d 71 8a 24 a8 e5 32 8d bc 58 00 iv output (12 octets): c1 4a 56 2a c5 4c 08 90 4e 4c cf e1
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 33 PRK (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb b1
a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19 81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 89 20 c8 40 6e b4 0e d6 66 66 68 95 ae 3d 8d output (32 octets): 33 15 23 2e 79 6a 55 ab ac 23 c5 b2 6e 24 3c
12 67 0e c0 e4 5f 0b cb 63 cf ef f5 13 38 e8 1a 5b f6 b8 3f e5 31 63 b1 ac 10 fb 0b ec 79 9b 39 84 33
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (74 octets): 08 00 00 22 00 20 00 0a 00 14 00 12 00 1d 00 payload (74 octets): 08 00 00 22 00 20 00 0a 00 14 00 12 00 1d 00
17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 00 2a 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 00 2a
00 00 14 00 00 20 b5 06 45 62 14 0c b7 fa 10 da 9a 57 ff 61 7b 00 00 14 00 00 20 bb 25 a6 22 90 1d 44 5c 31 98 e8 ba fd 3a cf
f2 66 d7 14 b7 8b 59 41 a0 af 36 3f ac c1 8d a6 b0 b3 bd 16 65 9f e5 6a c0 3c 50 55 5e 27 58 05 ae 7a
ciphertext (96 octets): 17 03 03 00 5b c8 2d 5e 2c 40 f0 77 cc 7d ciphertext (96 octets): 17 03 03 00 5b 0e 44 3c f1 1f 00 5f 95 22
8b c6 f5 0a 61 52 c2 ff e0 d9 30 60 11 a6 c2 7c 1c 2a c3 88 4c 65 d5 20 87 9e 13 f3 f9 b5 bf 91 f0 3d a2 84 c1 9d 8a 7e fb 1e
a6 1e f2 08 46 fb c3 dd 91 19 4e 26 b6 9a 4a 74 73 a2 51 4d e7 e9 8e f5 ec 1f 5b af 98 3d 8a 94 5f 0c 3b 56 34 c2 39 3c 67 fd
76 68 92 9d 4c 77 63 64 51 21 70 9f 8a 64 a2 9d 14 88 0b 6d f1 18 d4 aa cf 69 c9 16 03 37 4f 8c da c3 a6 e4 9f 18 08 8f 48 38
04 08 b5 74 da 7e 2e 5d 0b 6c da 9d 18 4f fe 57 62 b5 5f ba 22 f5 30 41 00 31 7b ff be 74 9b 1f c6 b0 27 ed 80 14
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19 PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed
61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02 8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c
hash (32 octets): 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78 hash (32 octets): 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb
32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 61 66 66 69 63 20 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7
78 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39 bb 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60
output (32 octets): bc 39 56 2d 42 a4 e7 62 8d cc 15 1b ba c1 16 output (32 octets): 2f d1 64 22 0e 74 ba e8 93 70 20 38 bb 73 c6
88 06 9c 1c 56 ca cd 17 d4 cc 53 4a bb 05 e3 c0 3e 72 4c 92 64 bb ad 2b 7b 72 37 e3 40 29 e0 c3 69 4b
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19 PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed
61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02 8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c
hash (32 octets): 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78 hash (32 octets): 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb
32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 61 66 66 69 63 20 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7
78 32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39 bb 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60
output (32 octets): a2 05 9e be 09 34 8a d4 2b 1d 6a 72 01 9e 8f output (32 octets): b7 a6 20 bf bc 35 b7 1e 98 d8 40 14 02 6d e1
89 06 0d e5 9f de 34 2d 4a d1 68 f2 08 5c ab c3 60 13 f2 0e ae 01 8b 56 75 04 8f 88 c2 f8 b1 37 b0 f7
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19 PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed
61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02 8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c
hash (32 octets): 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78 hash (32 octets): 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb
32 a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 11 bf 9b 71 22 aa c5 07 85 59 ef 90 f7 8e e0 78 32 74 65 72 20 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb 4c
a6 79 72 a2 c7 f4 bd 8f 56 15 d0 bc 19 7a 39 c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60
output (32 octets): e2 d4 f1 2f c6 26 c2 91 de 52 8c 4d d2 cb 1f output (32 octets): 1a 13 62 f1 9a 22 1e 14 9a 38 62 de 2a fc 46
d2 11 b2 d8 44 d9 53 d4 7a 48 d8 17 87 64 05 88 41 42 b5 7c aa 3b 0a 50 90 b3 f6 e3 ea 01 47 09 69 bc
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): a2 05 9e be 09 34 8a d4 2b 1d 6a 72 01 9e 8f 89 PRK (32 octets): b7 a6 20 bf bc 35 b7 1e 98 d8 40 14 02 6d e1 13
06 0d e5 9f de 34 2d 4a d1 68 f2 08 5c ab c3 60 f2 0e ae 01 8b 56 75 04 8f 88 c2 f8 b1 37 b0 f7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 2e c4 83 49 b4 00 e4 9d bb 71 9a 98 91 11 key output (16 octets): 13 d9 5b 20 9e 16 d7 10 96 cf 53 55 e4 8a
2d 99 11 7e
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): b2 6b 47 20 2b 9a 93 55 45 90 c0 3c iv output (12 octets): 5b f1 cd 5c f6 f8 78 61 86 21 8a 83
{server} derive read traffic keys for early application data (same {server} derive read traffic keys for early application data (same
as client write traffic keys) as client write traffic keys)
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 90 a6 5b c0 8e 4a 66 d4 a9 cf 3c f7 ec 2d 85 be PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e
d7 ae 08 af 83 1d 05 d7 0d 6c c0 a9 39 9c 1e 63 83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8 output (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54
4f 34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d db 19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 95 c5 f6 ae c8 48 4c ad 65 ee ff f1 0c 48 a8 4f salt (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54 db
34 d6 53 d6 59 91 bf de 13 69 81 97 b3 b9 b4 5d 19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf
ikm (32 octets): 4f 81 91 7a 09 87 67 f2 22 5f cf 33 e8 a5 d5 33 ikm (32 octets): 40 29 ba 3a 16 b8 7f 62 16 d5 a1 3b d2 72 6b 3e
d6 88 3b d8 ee 16 00 b2 c5 e4 f0 e8 24 02 06 37 46 ff f7 44 ee b0 9d 4f 2e df fa 22 aa 3b e8 57
secret (32 octets): 96 eb 95 b5 63 62 0c 58 ca d2 c7 37 0f b7 4b secret (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87
8f 55 b2 0e 28 bd bc 2d 70 6e 6f db aa 9e 9e 60 93 fc f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): c9 23 18 b4 c5 6f ba 46 bf 6e ef 2a 9a 8f 02 33 PRK (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb b1
a2 8b ab 9b b9 66 67 4a 19 32 0b b5 3c 50 10 19 81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0d 71 1f 45 1d c2 0e fc 7e f8 08 9b 44 79 key output (16 octets): 5f 3c 74 07 8c 9b 69 ca 92 fb 9e d0 b5 24
75 ac a0 4e
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ee 5d 71 8a 24 a8 e5 32 8d bc 58 00 iv output (12 octets): c1 4a 56 2a c5 4c 08 90 4e 4c cf e1
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send a EndOfEarlyData handshake message {client} send a EndOfEarlyData handshake message
{client} send handshake record: {client} send handshake record:
payload (4 octets): 05 00 00 00 payload (4 octets): 05 00 00 00
ciphertext (26 octets): 17 03 03 00 15 87 ea 08 9b c5 7f 33 1c 4f ciphertext (26 octets): 17 03 03 00 15 7e aa 3c de 68 e7 2f f7 65
ad 29 80 d7 5e 3b c1 cc 55 40 e8 75 c1 ee 52 0e 19 94 4f 21 52 dd 19 2f
{client} derive write traffic keys for handshake data: {client} derive write traffic keys for handshake data:
PRK (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 8e PRK (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e 9e
44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c 8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4c 0f 31 7d 9a b1 56 f2 7b 71 cb ca 63 3d key output (16 octets): 71 bc 0c 4d c2 b7 d6 8a 2c ac 6e d6 f5 c2
f7 4f 81 50
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): e3 19 71 d9 f6 41 4b 45 de 4c 4c e2 iv output (12 octets): 1b b0 fc f0 a3 03 5e e7 87 dc 3e 62
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 8e PRK (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e 9e
44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c 8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 68 9e a0 1d d9 3b e4 b2 38 94 de ab a8 d0 7c output (32 octets): 97 d3 03 31 b4 2e 62 1c 6a 37 2f d5 48 c2 1e
56 31 29 ad 6b ef dd 7b 3d 8d ef e5 8e 4f 7e 3a 44 bc 6c f3 c6 09 05 d3 41 9a 60 ac 51 d0 02 73 66 8e
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 52 90 13 55 ab 06 bb fb ab 3a 81 payload (36 octets): 14 00 00 20 f4 08 6f f0 ce c8 b2 d0 17 a2 c7
cc 67 e3 6f eb 5d 8d a1 63 2a 02 ba 83 0a 8f c8 5f 4c 22 66 cf 17 8c 5a 67 55 c8 2c 24 81 d6 74 70 7f 39 02 6c 8e e9 de c0 7e
ciphertext (58 octets): 17 03 03 00 35 39 ab 4d 04 21 bb 3e 2b 85 ciphertext (58 octets): 17 03 03 00 35 c8 bc f9 ae e6 c2 2a b9 74
53 d0 2c ee 16 d3 78 c5 0f a8 76 fd 44 b4 d8 c6 36 26 6e 44 70 99 f2 91 de f9 31 39 40 8a db d2 01 27 29 9b fc cb 55 c2 5d 7d
bd 05 f4 77 d4 fb 91 70 f4 42 96 e2 43 3c 78 0e ef c7 50 5f 9b f3 c2 25 f9 60 f9 63 49 1a c8 84 0f cb eb 78 2f 06 50 c7 ae 89
e1 68 76 0b
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): bc 39 56 2d 42 a4 e7 62 8d cc 15 1b ba c1 16 88 PRK (32 octets): 2f d1 64 22 0e 74 ba e8 93 70 20 38 bb 73 c6 72
06 9c 1c 56 ca cd 17 d4 cc 53 4a bb 05 e3 c0 3e 4c 92 64 bb ad 2b 7b 72 37 e3 40 29 e0 c3 69 4b
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 24 56 8c c4 56 c9 16 6a 17 54 e3 f8 4d da key output (16 octets): 9d 33 13 5f 96 74 2a ef 1e a5 c0 9f a5 9c
66 23 6a 0c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 92 d2 da ec 04 ce c8 de 21 2a 8e 0c iv output (12 octets): 71 12 64 6d a3 ba a6 31 70 ca 75 26
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): c5 ee bf b8 6e 50 81 37 24 5d 79 91 9a 3d 43 19 PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed
61 bc 0d 5c c8 70 d9 08 9a 2f 30 34 b4 b9 6b 02 8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c
hash (32 octets): 74 61 12 2a b1 9d 89 46 41 d8 1c 0b 32 71 a9 35 hash (32 octets): 9f d1 b0 84 01 46 d6 24 97 08 30 e0 91 ae 31 7a
90 9f be 21 87 ce 40 18 d1 81 d0 4b 1f 9b 95 8a d1 0a ae 86 cc 04 70 f8 98 87 86 2f 53 e6 6e e2
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 74 61 12 2a b1 9d 89 46 41 d8 1c 0b 32 71 a9 35 90 74 65 72 20 9f d1 b0 84 01 46 d6 24 97 08 30 e0 91 ae 31 7a d1
9f be 21 87 ce 40 18 d1 81 d0 4b 1f 9b 95 8a 0a ae 86 cc 04 70 f8 98 87 86 2f 53 e6 6e e2
output (32 octets): 98 85 4e 70 a8 c2 0f 1b 02 44 b8 d9 f2 e9 94 output (32 octets): 4e ee b9 39 b9 63 8f a3 5a d7 57 84 97 13 35
37 7d 11 dd 0b 6b 09 42 29 de f0 cd 55 56 9a c1 20 9a 47 a3 bc 64 4e 72 26 5c a6 f6 4d 37 52 90 d1 73
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 50 26 86 51 18 93 2f ba 00 9f b8 84 c2 6c e1 8e PRK (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e 9e
44 96 c8 f3 57 dd f0 d1 a9 0b c2 7b 4c 31 92 9c 8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4c 0f 31 7d 9a b1 56 f2 7b 71 cb ca 63 3d key output (16 octets): 71 bc 0c 4d c2 b7 d6 8a 2c ac 6e d6 f5 c2
f7 4f 81 50
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): e3 19 71 d9 f6 41 4b 45 de 4c 4c e2 iv output (12 octets): 1b b0 fc f0 a3 03 5e e7 87 dc 3e 62
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 28 e8 c4 0d 6e 0a 83 0c 62 ciphertext (72 octets): 17 03 03 00 43 2d db e2 e3 33 68 96 b5 df
58 8a 5a 29 e4 1e 24 48 3d 50 c8 57 f0 1f d2 25 6f a4 51 4e 2d 2c f5 d3 7c f3 50 ba 01 61 52 4f 57 4d 89 44 0c 67 63 9f fc b4
4c a3 77 fd ff 96 26 0e a6 46 a6 92 4e 93 3d 96 74 29 3f 26 ab 2f a8 1e 0a b1 8f 3c 48 0e 35 d6 36 1c 66 39 58 71 7f 03 52 83
a3 a6 da 07 4c 16 c0 27 68 65 ab 02 df 0e 61 01 5e 8e 3a a8 40 39 48 a5 d6 e6 20 38 70 e6 a3 c7
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 54 25 7b ed c2 61 dd 2c f2 ciphertext (72 octets): 17 03 03 00 43 09 f1 68 49 32 61 0e 09 17
a5 bd f1 3f ed fc 93 7a 46 dd 32 59 9b 6f 16 df 78 2e 92 42 bd f6 34 37 02 c6 82 d2 5d 03 ee ac 0c e3 dd 1e 87 32 3c 25 ef e9
43 b0 b4 7e 79 b6 b5 fd 5a 98 23 d7 6f a6 fc ad 1c 84 97 c3 8a b3 68 ad 9f c7 0c 00 49 5c 38 f6 14 d5 01 ae b6 6a 2a 47 c6 c9
62 20 70 af 9e 2a 72 6c 78 b3 ee bc 92 9b 27 66 06 d8 b0 32 67 32 1b 7d 6b 32 82 01 be 0b c0 6a
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 5a d6 a3 97 6d 9d 6c b8 66 ciphertext (24 octets): 17 03 03 00 13 c5 fa f2 2d f7 ce ea b6 f2
b4 a3 5c 0f b4 53 90 ae dd 88 0b 3b da ee 3b d9 69 e8 7b aa
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 1d 7f 76 5d 2c d2 65 53 b2 ciphertext (24 octets): 17 03 03 00 13 b5 3a d6 ce 3d 3a 44 c6 4c
f3 a8 c4 0a 71 a7 e6 48 c3 87 0c 85 67 64 6f ee 6e 7c de aa
5. HelloRetryRequest 5. HelloRetryRequest
In this example, the client initiates a handshake with an X25519 In this example, the client initiates a handshake with an X25519
[RFC7748] share. The server however prefers P-256 [FIPS186] and [RFC7748] share. The server however prefers P-256 [FIPS186] and
sends a HelloRetryRequest that requires the client to generate a key sends a HelloRetryRequest that requires the client to generate a key
share on the P-256 curve. share on the P-256 curve.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 2f 74 42 ae 1b ce d7 5e 82 f9 be 34 3c private key (32 octets): 5d be 3b b2 1c d0 ab b9 c2 ab 42 90 1c
af cd fd 6c 14 28 e6 19 f1 f5 1a ae 58 68 01 1b 94 4c ab bc 23 c8 c2 b8 84 58 ac 6b e9 14 25 dd dd 3a 98 b0 93 b2
public key (32 octets): 18 77 ec d6 d3 b5 46 fb 68 dd 27 35 0f 25 public key (32 octets): 77 a1 f8 c2 bf f9 ae ce f0 f3 7c 60 14 f0
24 87 b7 e8 7b 8a 91 2c e1 a6 a8 8c d0 bb 02 cd 15 49 5c 82 7f 5f fe 60 5c 3c 32 67 1d 79 8c 1a 29 50 7c 6d
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (174 octets): 01 00 00 aa 03 03 b7 c9 bc 82 7e a9 0b 53 payload (174 octets): 01 00 00 aa 03 03 fd a5 c0 5a 01 de 6f 64
72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e af 94 e8 85 36 5b 0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1 ac 8e 07 5e 50 cf
91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 00 7b 00 00 00 0b 00 69 0c c9 00 00 06 13 01 13 03 13 02 01 00 00 7b 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 18 77 ec d6 d3 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 77 a1 f8 c2 bf
b5 46 fb 68 dd 27 35 0f 25 24 87 b7 e8 7b 8a 91 2c e1 a6 a8 8c f9 ae ce f0 f3 7c 60 14 f0 5c 82 7f 5f fe 60 5c 3c 32 67 1d 79
d0 bb 02 cd 15 49 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 8c 1a 29 50 7c 6d 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03
05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04
02 05 02 06 02 02 02 00 2d 00 02 01 01 02 05 02 06 02 02 02 00 2d 00 02 01 01
ciphertext (179 octets): 16 03 01 00 ae 01 00 00 aa 03 03 b7 c9 ciphertext (179 octets): 16 03 01 00 ae 01 00 00 aa 03 03 fd a5
bc 82 7e a9 0b 53 72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e c0 5a 01 de 6f 64 0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1
af 94 e8 85 36 5b 91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 00 ac 8e 07 5e 50 cf 69 0c c9 00 00 06 13 01 13 03 13 02 01 00 00
7b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 7b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00
20 18 77 ec d6 d3 b5 46 fb 68 dd 27 35 0f 25 24 87 b7 e8 7b 8a 20 77 a1 f8 c2 bf f9 ae ce f0 f3 7c 60 14 f0 5c 82 7f 5f fe 60
91 2c e1 a6 a8 8c d0 bb 02 cd 15 49 00 2b 00 03 02 7f 1c 00 0d 5c 3c 32 67 1d 79 8c 1a 29 50 7c 6d 00 2b 00 03 02 7f 1c 00 0d
00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05
01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11 payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11
be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8
a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72
20 1c e9 22 bf 9a 57 cc 0c 63 8a 02 00 00 00 00 b5 89 27 72 3a be 27 61 a6 66 36 1c 81 90 47 cf 51 00 00 00 00 5a 99 8e 4c c3
7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 00 30 39 bc 6d f6 e6 1b 34 45 d8 dd 02 5b bb e1 0d a6 f2 b2 d1 00 30 b0 3a 58 2f 9c c5 81 d1
a1 12 cf 2c 5d f4 b3 bd 4c db 05 07 08 57 d9 f0 22 e8 6a c7 df 0f 62 6c f0 e3 b9 3d 14 d4 65 f9 48 83 5a 2a b5 31 3a 23 a1 9a
91 a9 4a 1b e9 fd 61 ac b3 22 13 7a d5 63 70 dc fa 29 55 aa c6 eb a3 67 1e 7a 0d 41 0e 17 4f d0 04 f6 53 f1 08 25 17 3d 1a 90
d6 ab 28 a2 98 43 62 89 9d 38 b7 b0 9b 3c 4d 86 76 a4 8b b2 c6 37 cd ea b4 86 df 4e 79 c6 87 f9 d9 b1 b9 e2 ae 81 1e 0b 97 4e
bd 05 02 fc c5 61 b5 50 2e 00 2b 00 02 7f 1c 8f 82 7b b1 66 a8 2d f7 a1 00 2b 00 02 7f 1c
ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21 ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21
ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c
5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17
00 2c 00 74 00 72 20 1c e9 22 bf 9a 57 cc 0c 63 8a 02 00 00 00 00 2c 00 74 00 72 be 27 61 a6 66 36 1c 81 90 47 cf 51 00 00 00
00 b5 89 27 72 3a 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 00 30 39 bc 00 5a 99 8e 4c c3 d8 dd 02 5b bb e1 0d a6 f2 b2 d1 00 30 b0 3a
6d f6 e6 1b 34 45 a1 12 cf 2c 5d f4 b3 bd 4c db 05 07 08 57 d9 58 2f 9c c5 81 d1 0f 62 6c f0 e3 b9 3d 14 d4 65 f9 48 83 5a 2a
f0 22 e8 6a c7 df 91 a9 4a 1b e9 fd 61 ac b3 22 13 7a d5 63 70 b5 31 3a 23 a1 9a eb a3 67 1e 7a 0d 41 0e 17 4f d0 04 f6 53 f1
dc fa 29 55 aa c6 d6 ab 28 a2 98 43 62 89 9d 38 b7 b0 9b 3c 4d 08 25 17 3d 1a 90 37 cd ea b4 86 df 4e 79 c6 87 f9 d9 b1 b9 e2
86 76 a4 8b b2 c6 bd 05 02 fc c5 61 b5 50 2e 00 2b 00 02 7f 1c ae 81 1e 0b 97 4e 8f 82 7b b1 66 a8 2d f7 a1 00 2b 00 02 7f 1c
{client} create an ephemeral P-256 key pair: {client} create an ephemeral P-256 key pair:
private key (32 octets): 12 04 90 37 70 08 12 91 d2 e2 8c 2e 4c private key (32 octets): d3 b7 74 44 db 98 f0 23 a7 9b 88 d4 18
cc ae fd fa be a9 02 d6 24 cc 53 7e 17 7e f4 62 e0 4e 68 e3 74 80 27 67 43 24 ae 7e 9d 7f 25 33 46 34 b7 eb 40 f6
public key (65 octets): 04 34 64 59 40 3b b6 5d 0e 0d 11 d1 03 8b public key (65 octets): 04 9c 86 50 ec 41 c5 a8 df da c7 8b 1f 35
e7 1b 03 a7 56 2b 01 e0 3a a1 b5 80 25 c4 65 88 a4 09 3f 1c 75 65 42 16 cf cf 8c 2d b5 09 31 58 59 3b 33 22 1a 60 4b f7 df f9
98 bd 8c 79 ee 7e fc 5b a7 49 bd 24 3c 10 82 12 3a 37 f9 3f 9a a4 7d cf 13 ee cb 29 be 5c 24 73 21 48 2f 44 51 57 b7 33 1e e4
00 8c ff 64 5b c4 e5 8f 20 af 71 7b 59 7e 07 6d 56 e9
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 b7 c9 bc 82 7e a9 0b 53 payload (512 octets): 01 00 01 fc 03 03 fd a5 c0 5a 01 de 6f 64
72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e af 94 e8 85 36 5b 0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1 ac 8e 07 5e 50 cf
91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 69 0c c9 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 34 64 59 40 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 9c 86 50 ec
3b b6 5d 0e 0d 11 d1 03 8b e7 1b 03 a7 56 2b 01 e0 3a a1 b5 80 41 c5 a8 df da c7 8b 1f 35 65 42 16 cf cf 8c 2d b5 09 31 58 59
25 c4 65 88 a4 09 3f 1c 75 98 bd 8c 79 ee 7e fc 5b a7 49 bd 24 3b 33 22 1a 60 4b f7 df f9 a4 7d cf 13 ee cb 29 be 5c 24 73 21
3c 10 82 12 3a 37 f9 3f 9a 00 8c ff 64 5b c4 e5 8f 20 00 2b 00 48 2f 44 51 57 b7 33 1e e4 af 71 7b 59 7e 07 6d 56 e9 00 2b 00
03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c
00 74 00 72 20 1c e9 22 bf 9a 57 cc 0c 63 8a 02 00 00 00 00 b5 00 74 00 72 be 27 61 a6 66 36 1c 81 90 47 cf 51 00 00 00 00 5a
89 27 72 3a 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 00 30 39 bc 6d f6 99 8e 4c c3 d8 dd 02 5b bb e1 0d a6 f2 b2 d1 00 30 b0 3a 58 2f
e6 1b 34 45 a1 12 cf 2c 5d f4 b3 bd 4c db 05 07 08 57 d9 f0 22 9c c5 81 d1 0f 62 6c f0 e3 b9 3d 14 d4 65 f9 48 83 5a 2a b5 31
e8 6a c7 df 91 a9 4a 1b e9 fd 61 ac b3 22 13 7a d5 63 70 dc fa 3a 23 a1 9a eb a3 67 1e 7a 0d 41 0e 17 4f d0 04 f6 53 f1 08 25
29 55 aa c6 d6 ab 28 a2 98 43 62 89 9d 38 b7 b0 9b 3c 4d 86 76 17 3d 1a 90 37 cd ea b4 86 df 4e 79 c6 87 f9 d9 b1 b9 e2 ae 81
a4 8b b2 c6 bd 05 02 fc c5 61 b5 50 2e 00 2d 00 02 01 01 00 15 1e 0b 97 4e 8f 82 7b b1 66 a8 2d f7 a1 00 2d 00 02 01 01 00 15
00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 b7 c9 ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 fd a5
bc 82 7e a9 0b 53 72 b5 ba 58 29 7e 40 ba 82 77 ce bf be eb 8e c0 5a 01 de 6f 64 0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1
af 94 e8 85 36 5b 91 c5 bb 00 00 06 13 01 13 03 13 02 01 00 01 ac 8e 07 5e 50 cf 69 0c c9 00 00 06 13 01 13 03 13 02 01 00 01
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00
41 04 34 64 59 40 3b b6 5d 0e 0d 11 d1 03 8b e7 1b 03 a7 56 2b 41 04 9c 86 50 ec 41 c5 a8 df da c7 8b 1f 35 65 42 16 cf cf 8c
01 e0 3a a1 b5 80 25 c4 65 88 a4 09 3f 1c 75 98 bd 8c 79 ee 7e 2d b5 09 31 58 59 3b 33 22 1a 60 4b f7 df f9 a4 7d cf 13 ee cb
fc 5b a7 49 bd 24 3c 10 82 12 3a 37 f9 3f 9a 00 8c ff 64 5b c4 29 be 5c 24 73 21 48 2f 44 51 57 b7 33 1e e4 af 71 7b 59 7e 07
e5 8f 20 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 6d 56 e9 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2c 00 74 00 72 20 1c e9 22 bf 9a 57 cc 0c 63 8a 06 02 02 02 00 2c 00 74 00 72 be 27 61 a6 66 36 1c 81 90 47 cf
02 00 00 00 00 b5 89 27 72 3a 7b 57 e1 de 6d 9d 65 d4 9b 4c 1d 51 00 00 00 00 5a 99 8e 4c c3 d8 dd 02 5b bb e1 0d a6 f2 b2 d1
00 30 39 bc 6d f6 e6 1b 34 45 a1 12 cf 2c 5d f4 b3 bd 4c db 05 00 30 b0 3a 58 2f 9c c5 81 d1 0f 62 6c f0 e3 b9 3d 14 d4 65 f9
07 08 57 d9 f0 22 e8 6a c7 df 91 a9 4a 1b e9 fd 61 ac b3 22 13 48 83 5a 2a b5 31 3a 23 a1 9a eb a3 67 1e 7a 0d 41 0e 17 4f d0
7a d5 63 70 dc fa 29 55 aa c6 d6 ab 28 a2 98 43 62 89 9d 38 b7 04 f6 53 f1 08 25 17 3d 1a 90 37 cd ea b4 86 df 4e 79 c6 87 f9
b0 9b 3c 4d 86 76 a4 8b b2 c6 bd 05 02 fc c5 61 b5 50 2e 00 2d d9 b1 b9 e2 ae 81 1e 0b 97 4e 8f 82 7b b1 66 a8 2d f7 a1 00 2d
00 02 01 01 00 15 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 01 00 15 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
skipping to change at page 29, line 29 skipping to change at page 29, line 29
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral P-256 key pair: {server} create an ephemeral P-256 key pair:
private key (32 octets): 02 03 21 a8 85 5a 5c ce 43 5e c4 eb 2c private key (32 octets): 3b 21 7a 4d b8 ab 31 54 d8 f1 ca 4f fc
74 54 9d cd 14 b2 50 cc 88 ae b4 e1 a8 27 77 a2 a8 3d e2 a0 c3 3f 04 8f 1a 06 01 e2 9f 8b b7 f7 9b 36 8c 65 ba a6
public key (65 octets): 04 a9 fc 26 e5 99 e4 8d ed 07 36 f4 b1 b2 public key (65 octets): 04 65 7e a5 e0 7c 82 1e 25 fd 9e f2 61 4c
20 2b f4 9c f3 e5 eb 5a 37 0b aa 88 8b 45 50 27 32 36 85 e5 e8 08 9f 9d 21 b4 8c c5 44 26 77 0d f4 ef 95 8a 85 c5 e0 3c e3 8b
eb 52 e1 d3 63 73 08 76 d4 4a 1a cf 53 25 8e a6 e1 75 c1 4c 5f 5e 7e 7b 6f 63 92 f0 e3 6c f1 11 9a 9b 59 59 76 79 83 93 19 e4
20 2c a0 eb b8 a7 3a f2 34 0e d1 f0 9a 06 81 d2 ec 71
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 30, line 13 skipping to change at page 30, line 13
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 67 5e 8f e3 7d f3 8e b4 ae d1 ac 3e a4 a0 a1 63 ikm (32 octets): fe b0 20 4b f7 6c ce 95 68 ae ef fa 0b 10 ef c7
a7 26 56 83 e4 3d ca 95 40 43 87 73 24 aa cf 70 64 06 5c 03 48 cc f4 f2 f8 97 22 f2 f5 5c df a8
secret (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 secret (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45
69 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e a8 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 69 PRK (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 a8
bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15
hash (32 octets): 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33 fe hash (32 octets): 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45 00
bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f 66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33 61 66 66 69 63 20 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45
fe bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f 00 66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d
output (32 octets): 96 f0 1d 63 6d 87 b9 36 1c 0b 8b 93 0c de d9 output (32 octets): 66 65 be 10 30 f9 05 87 74 35 d5 6b 4a 9b d8
7b 59 06 0b 89 3b e2 4e 5d 64 b5 25 86 c0 39 ac 18 de 7f 4e 37 1c ef 29 5b ac 39 7b 98 d7 35 f5 16 54
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 69 PRK (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 a8
bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15
hash (32 octets): 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33 fe hash (32 octets): 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45 00
bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f 66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 0b 61 d4 9c 83 fe f7 da 03 04 0f e3 5e 72 33 61 66 66 69 63 20 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45
fe bd 0f 47 e2 c0 e0 9c 85 a4 a1 2f 89 a0 04 a1 6f 00 66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d
output (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f output (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f
a1 20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14 6a 2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 69 PRK (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 a8
bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): ef ff c0 f0 7a 08 0f cd c7 7e 55 8a 02 f1 77 output (32 octets): 55 3a 3f 4d 42 b9 da 6e 66 e7 26 49 40 2d 1e
f7 32 a9 ff 20 12 8b 66 a0 de e7 1c a3 99 74 ba c8 00 25 e3 de 0e 87 51 0d f7 ab 88 0e 85 bc e4 7f ae
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): ef ff c0 f0 7a 08 0f cd c7 7e 55 8a 02 f1 77 f7 salt (32 octets): 55 3a 3f 4d 42 b9 da 6e 66 e7 26 49 40 2d 1e 00
32 a9 ff 20 12 8b 66 a0 de e7 1c a3 99 74 ba c8 25 e3 de 0e 87 51 0d f7 ab 88 0e 85 bc e4 7f ae
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c secret (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d
be 84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00 d6 c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4
{server} send handshake record: {server} send handshake record:
payload (123 octets): 02 00 00 77 03 03 a9 8d a5 12 67 95 e8 50 payload (123 octets): 02 00 00 77 03 03 b0 4a 61 26 aa 7b 5c f3
bf d4 69 ae 41 2c 8a d6 c6 a2 43 da b5 ca 68 9b cc 37 7b 7f 45 0f 4a 09 1c 8f 2f 38 12 85 d7 7c bc db 73 9b 6a 26 f3 73 0e 2c
7e 93 57 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 a9 fc 26 aa a8 f2 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 65 7e a5
e5 99 e4 8d ed 07 36 f4 b1 b2 20 2b f4 9c f3 e5 eb 5a 37 0b aa e0 7c 82 1e 25 fd 9e f2 61 4c 08 9f 9d 21 b4 8c c5 44 26 77 0d
88 8b 45 50 27 32 36 85 e5 e8 eb 52 e1 d3 63 73 08 76 d4 4a 1a f4 ef 95 8a 85 c5 e0 3c e3 8b 5e 7e 7b 6f 63 92 f0 e3 6c f1 11
cf 53 25 8e a6 e1 75 c1 4c 5f 20 2c a0 eb b8 a7 3a f2 34 00 2b 9a 9b 59 59 76 79 83 93 19 e4 0e d1 f0 9a 06 81 d2 ec 71 00 2b
00 02 7f 1c 00 02 7f 1c
ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 a9 8d ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 b0 4a
a5 12 67 95 e8 50 bf d4 69 ae 41 2c 8a d6 c6 a2 43 da b5 ca 68 61 26 aa 7b 5c f3 0f 4a 09 1c 8f 2f 38 12 85 d7 7c bc db 73 9b
9b cc 37 7b 7f 45 7e 93 57 00 13 01 00 00 4f 00 33 00 45 00 17 6a 26 f3 73 0e 2c aa a8 f2 00 13 01 00 00 4f 00 33 00 45 00 17
00 41 04 a9 fc 26 e5 99 e4 8d ed 07 36 f4 b1 b2 20 2b f4 9c f3 00 41 04 65 7e a5 e0 7c 82 1e 25 fd 9e f2 61 4c 08 9f 9d 21 b4
e5 eb 5a 37 0b aa 88 8b 45 50 27 32 36 85 e5 e8 eb 52 e1 d3 63 8c c5 44 26 77 0d f4 ef 95 8a 85 c5 e0 3c e3 8b 5e 7e 7b 6f 63
73 08 76 d4 4a 1a cf 53 25 8e a6 e1 75 c1 4c 5f 20 2c a0 eb b8 92 f0 e3 6c f1 11 9a 9b 59 59 76 79 83 93 19 e4 0e d1 f0 9a 06
a7 3a f2 34 00 2b 00 02 7f 1c 81 d2 ec 71 00 2b 00 02 7f 1c
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f a1 PRK (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f 6a
20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14 2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): c9 66 8b e3 a4 eb 59 74 eb 92 ff 02 bb d7 key output (16 octets): 51 dc bb f8 4c a6 41 9d 5c 5f 52 32 da 05
2e 0b c0 af
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a0 3e bc f0 df 01 00 7b 81 7b 21 de iv output (12 octets): b1 c3 52 60 1b c5 a8 3d 37 e1 27 fe
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f a1 PRK (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f 6a
20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14 2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): c9 32 f8 bb a8 09 0c d8 3c fa ae 73 f8 41 79 output (32 octets): 8e 5f be fe 35 d1 12 a8 bd 57 10 e8 b1 00 dd
6c bb a9 97 73 28 e4 53 d6 a1 da c8 8c a8 0b 2b ec 61 dc 48 a3 d0 29 87 3e fb c3 ab 67 07 01 8e 86 6e
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (639 octets): 08 00 00 12 00 10 00 0a 00 08 00 06 00 17 payload (639 octets): 08 00 00 12 00 10 00 0a 00 08 00 06 00 17
00 18 00 1d 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 00 18 00 1d 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03
72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17
skipping to change at page 33, line 5 skipping to change at page 33, line 5
80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93
ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03
01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06
03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a
72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea 72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea
e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01
51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be 51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be
c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b
1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8
96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 7d 96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 1a
29 50 6f 66 e0 87 bd b7 c1 5b 15 f5 f9 32 72 41 8a 59 c5 74 59 78 c0 86 7a 27 20 39 db d4 e2 95 ae e0 eb ce a5 67 5c 09 f6 c6
13 33 9c f3 78 5a 39 86 78 55 66 d7 95 2d 9e a9 ab 9f 77 87 6e 2d b9 f3 9d 94 9b c2 2e 1e 23 1c eb dc b8 a6 ec 2e b3 7f 98 bb
6a 39 8b 5b 88 2c 83 e5 43 d3 c1 80 95 30 ef 30 70 fb e4 eb a9 bf bb eb f7 64 bb b6 80 45 48 b7 78 52 f4 92 15 60 35 1f 99 8f
07 2c 6c 23 95 6b de 0e 61 4c d0 13 aa e7 9c b1 86 76 0a 95 55 42 0d f7 ea ad 47 4b 3a 1a 50 db cb 0e 40 eb 2a 58 5b 64 5e 0b
aa 7c 62 2a 29 5c ce 9e f4 7b eb 28 06 10 29 4e a0 a4 cc ca 29 4c 95 13 6c 02 87 ce 2e 74 ee 5b 99 48 43 77 e3 de ee 00 13 49
92 00 ab f2 25 44 3d 0b 50 d1 f8 b1 fa 9b 98 f3 38 b8 00 65 08 9c aa a2 2f 13 65 fb 26 21 05 83 26 d3 6a 92 47 56 d3 ae 8c b9
87 14 00 00 20 43 2a 86 e1 4a 5e 66 f5 57 83 3f 39 ea eb 85 71 3b 14 00 00 20 6b a4 58 68 e6 28 c9 7a e3 b0 e1 68 c6 ea ff 9e
13 0b cd 59 ba 06 5d 8d 6d b4 26 ac 11 43 da 0e 58 e5 97 58 28 76 29 c5 93 68 c6 21 27 61 b6 a3
ciphertext (661 octets): 17 03 03 02 90 2a 10 90 52 02 96 ad d1 ciphertext (661 octets): 17 03 03 02 90 5b bc c2 f4 05 15 00 8f
82 97 94 74 52 0d 25 ef c8 1d 11 77 14 c5 0d d5 32 d9 df f1 fa 44 54 2c 78 a4 87 46 58 09 04 6f 46 b0 e1 74 a9 e8 ad fa 07 60
fe 96 c7 3b 66 e4 7d 81 e6 25 2b 66 86 b8 86 37 10 26 0e 15 4b b7 1b 25 4d a3 19 49 d5 d7 0f 3b 1a 6b 6d c2 1c 5a 68 1a af bf
c4 8d 8a e2 f2 67 45 f5 98 ee 7b 46 70 cb 87 89 3a 73 81 7f cb e5 70 ca cb 35 7b 47 00 cc 74 68 4c c2 99 ba f1 96 02 d5 55 b2
09 45 5f e5 8d 49 5c 07 7a ca a3 b3 ae 9c cc a4 58 5b 12 6d f4 d9 66 4a 35 de 49 37 7e 8c b7 a5 10 b9 c1 ba 4e a6 99 68 3d 39
8c 5f a4 f9 d2 b4 b5 0b dc 72 a8 42 eb 09 5f 71 f9 24 77 d4 5d 1b 86 d7 31 e3 2e 1d bc 86 72 24 2d 90 f9 36 27 cd 12 39 65 4c
d8 ee 69 62 81 87 86 0d f3 d6 8b 80 a3 c7 c7 d4 ca 36 61 69 2f 6b 05 92 5e f0 8b 4f 36 7c e3 4d 5f 08 ce 41 27 63 d1 e3 23 ae
a4 64 23 f5 64 2d 73 6e 27 63 b0 41 07 47 f6 55 eb db 18 37 c1 dd 7a 94 c4 db cc 13 85 5a 31 cc 3a 32 68 fa f4 49 ef 17 b2 90
6f 59 bd c2 db 64 e3 92 fd 92 77 b0 ac e7 1c 1a 15 da e4 13 6c 65 77 eb 7e 49 04 bf 9a 9f eb af 80 1c 18 61 dd 18 e7 0f c7 ee
84 aa 17 7b 69 4d 33 e0 b0 ac 68 0b f0 46 54 d0 03 75 84 c9 b4 58 38 da 90 38 90 59 95 58 f9 47 d4 70 bf cf 94 29 2a ca 94 83
06 59 87 ff 49 02 70 07 f9 1b 95 29 ef a3 87 2c 6a df a9 a9 f8 e4 62 bf 2b c8 a6 16 88 e1 5b 47 7c 88 e4 33 bf 6e ad 2e 97 ac
75 4a 57 f2 a1 6c 16 d3 34 06 ac 27 a8 93 ca 13 2c c3 3a 89 d2 4a 15 d0 27 60 d1 31 b2 45 25 57 0b 67 e4 d6 27 e0 1f b3 de eb
2f f1 fa 70 c0 c6 06 10 1d 89 64 ff 42 3d 13 b7 ac 11 b7 e9 47 33 f4 97 7e 43 ea 5d 1c f5 f1 8d 27 14 f1 bd ea 6e 43 9c bb 07
91 b0 51 45 6a 9b 6f 41 b6 66 00 79 60 8e 87 22 d2 ad 87 36 92 6a 02 76 01 e3 ac 60 39 d7 85 d6 8b 11 ed 5f dd 8b 17 87 27 12
bf db 79 f2 9e 67 e4 16 6d 82 a9 5c be 36 e3 d1 67 88 f5 32 33 31 c1 cd da 17 a2 70 85 52 cf 1c c2 c9 b9 1d d3 54 77 f7 96 5e
7b f9 4c bf 54 31 02 22 4e 45 ee 98 0d 05 d4 68 fa dc 12 91 a2 15 87 8c a8 5b b5 a2 03 08 be ed d6 10 af 47 82 76 60 f2 b2 cd
6f 13 81 01 5c 21 f3 d5 d6 36 9f 29 51 7e a2 f6 1b 9b 7f 20 6a b3 b7 d5 3b b7 9e 19 da 0a 64 39 d5 b9 48 f2 5e f0 fc 9b c4 2f
63 c8 10 d1 3b 74 e4 29 e6 6d 08 1e 41 7f 96 6e 82 88 da a5 52 83 ce 09 40 5f 46 16 4d 06 6f 71 07 9d ff cc 28 cb f3 ba 4f 4b
2d b6 cb 22 35 33 d6 e6 84 2a 70 6c e0 9f 3d 12 19 b6 4f 08 f5 65 39 1d 49 c9 1d 6a 92 58 67 52 8f e5 a1 09 1c 5c 86 29 cb 0b
f4 d2 ca 3d 55 6d 88 64 1f 16 25 de 1e cc 65 5f e5 17 c1 f0 a5 7b 91 50 a9 f8 17 e4 18 91 0a f4 0b f9 cd f0 85 c6 d7 a3 be 2c
a4 9c 79 62 00 02 2d 22 cd cb 70 8c 27 fd d4 16 7a a8 68 fa f7 9c 2e 2e 63 f5 86 68 2d a8 17 c5 c8 ba b8 ee 8c 8d 26 8a 2f f7
be b6 ca 42 e2 da d2 b8 a7 7c 3f a8 68 83 35 de 97 f9 06 bf 69 50 73 eb c2 76 fb 6c 65 17 33 da 28 50 0d a7 09 df 4f 95 04 d8
09 20 60 b4 23 dd 9c 1a 7e 9e c2 3c 78 4c 52 a7 a0 44 35 6c e1 23 ca 32 de e7 2a 0b 18 b1 16 28 20 ab a1 c0 1b e8 0b 3f c4 24
27 c3 54 73 ed 92 49 fe 68 1a 70 ca 11 db c1 e5 4f 51 12 ae 74 d2 8b 66 39 6c c5 45 d3 6d 88 65 1e c7 24 c9 91 18 86 cb 60 52
d1 88 c2 db dc f0 66 13 28 02 10 5e 8b de ae 53 50 b1 b3 55 34 cc 8f cd 83 7a 26 82 0b 69 41 9d fd a7 c1 79 57 aa 11 26 62 3a
a6 82 91 73 03 fb eb 65 3b bc 4b 0c 5c 77 4b b2 94 dc 50 44 c4 6a 4e de 84 30 a3 e1 ff c5 38 59 a5 95 d6 68 60 e1 07 59 01 11
7f 70 5b d6 80 73 af 3a e5 c6 45 29 1e fc 9d 9c 17 6b 19 bd 95 8d 33 9b a9 bb 04 ff 78 20 2c 6c b9 23 23 ad 66 4b 3a e3 c3 c5
47 55 dc a2 2e 2b 52 13 a5 37 2e d9 6b 9f 89 f6 30 80 89 f3 98 53 a4 b7 34 03 da 89 2e 65 40 60 14 78 81 4b e0 ce 3f da 97 05
2a 13 f2 41 30 3b 2e 5d c0 d4 3f fa 73 16 d2 79 bd 78 d1 65 e0 0b 72 63 80 d9 d6 d9 a9 55 36 48 c1 05 4f 96 9a 6a 1a 6f d7 f2
33 61 16 66 fd 79 a3 90 95 db f5 5a 43 e0 89 b1 3b db 6a 33 ef 88 46 8d 0e 62 69 95 99 4c e5 b4 2a 4f bb 58 16 3e a6 e2 f1 1b
b3 bb 0b 67 9c 58 9d 2a 3e 4f 56 18 46 dd 9b 34 c4 68 a9 ce 4d 73 8c 07 34 91 1a 2b c2 9d 06 f3 38 f7 a3 83 ae 50 97 71 ea 11
bd 63 59 29 f7 b5 1f 21 a9 67 92 97 22 7d 7e a1 db 4c f5 18 38 29 42 5d 89 27 d3 2a 39 18 1d 6a a1 91 8d 25
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6
84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00 c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4
hash (32 octets): 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54 hash (32 octets): 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0
51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 61 66 66 69 63 20 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60
54 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98 d0 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d
output (32 octets): 33 60 70 33 79 0d 4d 7d 0f d0 db d9 6f 3c 78 output (32 octets): 62 b9 5d 5d 70 e3 61 a7 ac db 4c 1d 0b 76 ad
21 75 8f 78 14 79 4f 9b b1 e9 c9 17 de 7b ef d4 b2 8e 52 40 72 d8 65 7b c5 60 45 19 7c 56 95 ae 7d 1f
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6
84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00 c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4
hash (32 octets): 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54 hash (32 octets): 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0
51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 61 66 66 69 63 20 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60
54 51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98 d0 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d
output (32 octets): 82 4f 40 74 98 f3 55 f7 c4 56 7d 1a c4 9d a3 output (32 octets): bb 4b e6 55 75 24 ef c0 ea d5 e4 1f 3a a7 9b
cc 44 1c fe a5 7c 86 6d 01 28 04 88 63 74 bb 4f a1 66 2d 54 e7 44 b9 60 bf 4d 74 84 12 98 ea 3c 94 a3
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6
84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00 c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4
hash (32 octets): 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54 hash (32 octets): 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0
51 f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 91 14 ee f5 c3 d5 c0 86 d1 1a a9 f3 32 fd 35 54 51 74 65 72 20 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0 de
f8 70 7c 4f 14 92 ed 2e 84 7e 08 7e 6a bf 98 b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d
output (32 octets): aa 09 d0 be d1 a3 70 92 4b bd 25 44 60 e7 71 output (32 octets): ac 26 20 81 4f 70 43 09 36 be c0 84 92 b8 5d
c4 f1 3c 0a 68 8f 6b b9 f5 b1 e3 35 7b 72 42 c9 17 36 3f 71 2f c4 f6 7b 82 a7 7b 5e 75 e3 42 ee 11 3c
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 82 4f 40 74 98 f3 55 f7 c4 56 7d 1a c4 9d a3 cc PRK (32 octets): bb 4b e6 55 75 24 ef c0 ea d5 e4 1f 3a a7 9b 66
44 1c fe a5 7c 86 6d 01 28 04 88 63 74 bb 4f a1 2d 54 e7 44 b9 60 bf 4d 74 84 12 98 ea 3c 94 a3
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1d dd e3 13 e4 23 c0 bb b4 6e 21 55 4e 62 key output (16 octets): e3 08 90 8b 31 47 94 f7 9e 88 ee 2a 58 69
bc 02 b4 8c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 1d 33 01 7e 40 29 4c bc df b2 cd ec iv output (12 octets): 32 03 04 48 9a 32 bb fe 2f 16 eb 30
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 96 f0 1d 63 6d 87 b9 36 1c 0b 8b 93 0c de d9 7b PRK (32 octets): 66 65 be 10 30 f9 05 87 74 35 d5 6b 4a 9b d8 de
59 06 0b 89 3b e2 4e 5d 64 b5 25 86 c0 39 ac 18 7f 4e 37 1c ef 29 5b ac 39 7b 98 d7 35 f5 16 54
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): dd e8 55 4c 07 08 a0 f7 7c dd da 22 50 43 key output (16 octets): 23 36 dc fa e3 03 4b 23 54 7b 1c 94 1f bd
b4 82 99 00
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 10 90 01 0f e7 e8 21 c7 40 6b 82 d0 iv output (12 octets): 7d 1a b0 07 49 38 3b 72 75 4e 90 cb
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 36, line 8 skipping to change at page 36, line 8
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 67 5e 8f e3 7d f3 8e b4 ae d1 ac 3e a4 a0 a1 63 ikm (32 octets): fe b0 20 4b f7 6c ce 95 68 ae ef fa 0b 10 ef c7
a7 26 56 83 e4 3d ca 95 40 43 87 73 24 aa cf 70 64 06 5c 03 48 cc f4 f2 f8 97 22 f2 f5 5c df a8
secret (32 octets): 56 b6 d9 4c b7 89 04 56 07 85 86 b5 d6 5d 69 secret (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45
69 bc 7c 48 51 ff 7f 95 33 75 ed cb e2 60 4c 1f 8e a8 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): 48 c0 79 83 b0 b1 9b 41 75 36 af 49 aa 3c 4f a1 PRK (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f 6a
20 26 fe fa 16 d0 40 12 8b 7f 87 19 6c ab fe 14 2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): c9 66 8b e3 a4 eb 59 74 eb 92 ff 02 bb d7 key output (16 octets): 51 dc bb f8 4c a6 41 9d 5c 5f 52 32 da 05
2e 0b c0 af
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a0 3e bc f0 df 01 00 7b 81 7b 21 de iv output (12 octets): b1 c3 52 60 1b c5 a8 3d 37 e1 27 fe
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 96 f0 1d 63 6d 87 b9 36 1c 0b 8b 93 0c de d9 7b PRK (32 octets): 66 65 be 10 30 f9 05 87 74 35 d5 6b 4a 9b d8 de
59 06 0b 89 3b e2 4e 5d 64 b5 25 86 c0 39 ac 18 7f 4e 37 1c ef 29 5b ac 39 7b 98 d7 35 f5 16 54
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): a2 e7 bc 56 e4 4c 66 f7 b1 f7 e9 5f 43 4b 03 output (32 octets): 2e 93 ce 7c 64 a9 11 9d d3 1e c3 f0 4d 01 8b
49 7c 09 11 73 96 b8 6e a1 88 a2 e7 5e 4b 5b 52 bd 22 b8 03 9e ce 90 91 a1 3b bc 48 4c bf 3c 11 44 f6
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 dd 60 b6 e8 68 65 0c d8 8a 16 ae payload (36 octets): 14 00 00 20 2d 69 87 f1 81 4d d1 02 06 c9 22
ea be c9 ef 92 8b d1 4a 55 cc fc 9b 25 36 bb f8 5b ef cb a9 2f e4 ab c8 26 b3 54 08 6c 19 53 1f 20 46 02 a4 b9 9f c2 07 44 35
ciphertext (58 octets): 17 03 03 00 35 10 83 df 24 a1 2c 20 11 96 ciphertext (58 octets): 17 03 03 00 35 d3 c3 af 19 fd d5 cf 86 1e
5e 1c 0c d5 82 85 53 dc 17 d9 4f 60 a4 b9 03 58 8c d3 00 63 3b 1e cd b5 42 30 00 11 23 a8 2c fc b0 f7 32 55 fa c3 52 4c c4 9b
de 1c 93 48 a5 38 d4 a9 67 66 ce e5 2c 32 46 4c 84 8b cd 12 19 91 08 58 ca 3e d1 8e 22 a3 c3 c8 c2 00 75 9e b2 c6 95 8c 02 6b
9b 2f c1 c3
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): 33 60 70 33 79 0d 4d 7d 0f d0 db d9 6f 3c 78 21 PRK (32 octets): 62 b9 5d 5d 70 e3 61 a7 ac db 4c 1d 0b 76 ad 8e
75 8f 78 14 79 4f 9b b1 e9 c9 17 de 7b ef d4 b2 52 40 72 d8 65 7b c5 60 45 19 7c 56 95 ae 7d 1f
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 74 df 54 32 03 d8 58 9d c5 27 43 85 9f 6c key output (16 octets): 73 56 0a 54 0e 27 05 3e f9 28 d9 25 23 72
cd da dc 82
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c1 af 57 8c 97 99 e3 a6 48 08 70 35 iv output (12 octets): ba 7e bb 92 b1 cb 06 c1 39 c7 df bd
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 67 f3 ca a1 17 80 44 45 c3 84 1d f0 d6 cf 0c be PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6
84 eb 2d 1e 29 29 3c de 0e 59 8b c0 79 99 24 00 c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4
hash (32 octets): e6 a1 73 98 69 66 1d dc bb dc 11 0a ed ed 74 bc hash (32 octets): f0 16 61 e7 4c ae b5 8f 27 66 dc 65 c6 67 87 41
13 74 65 fa a9 20 ec 69 ea 9e cc 73 60 b2 9d d2 bb 07 23 24 a1 13 33 2d 50 8a a9 cd 03 1c 3e ee
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 e6 a1 73 98 69 66 1d dc bb dc 11 0a ed ed 74 bc 13 74 65 72 20 f0 16 61 e7 4c ae b5 8f 27 66 dc 65 c6 67 87 41 bb
74 65 fa a9 20 ec 69 ea 9e cc 73 60 b2 9d d2 07 23 24 a1 13 33 2d 50 8a a9 cd 03 1c 3e ee
output (32 octets): 5f 86 e4 2a b7 ff e8 49 b9 3e ed b3 f6 e3 88 output (32 octets): bd 55 23 17 8e 08 61 b1 c1 8a e3 0c 9f f5 a7
a8 a4 55 72 b1 cc 03 88 30 44 c6 dd 25 04 57 b9 8b fe 68 f2 66 33 af 70 4a ee 1b 64 3e 3a c5 e4 f7 ef
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 a5 48 29 ee 82 c4 6f 8a 11 ciphertext (24 octets): 17 03 03 00 13 f8 41 57 a0 1d b2 73 9d a1
08 8a ff d2 51 1e 5c 2d d6 d1 86 c3 a8 2f 23 cb 31 83 ad e0
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 54 78 81 09 80 71 83 23 ed ciphertext (24 octets): 17 03 03 00 13 a2 06 45 93 d6 f1 8a 0e 7e
12 c2 e3 d1 a0 c0 f4 87 72 40 1d c6 e8 76 69 b3 c4 54 62 e4
6. Client Authentication 6. Client Authentication
In this example, the server requests client authentication. The In this example, the server requests client authentication. The
client uses a certificate with an RSA key, the server uses an ECDSA client uses a certificate with an RSA key, the server uses an ECDSA
certificate with a P-256 key. Note that private keys for this certificate with a P-256 key. Note that private keys for this
example are not included in the draft. example are not included in the draft.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 6d 8b a2 5f f1 2f 88 11 f2 67 80 03 48 private key (32 octets): 81 2f 09 40 11 ad f7 29 ff 7c a2 b2 4d
ea da fc c1 c5 74 1c 65 fc 45 8d fd b4 f8 f0 19 8f 01 c9 0d 16 49 c9 e3 d4 af 0d 1e dc 10 a1 ae 7c b8 14 a4 96 22
public key (32 octets): 96 33 5a 91 2f 9a 39 44 4c cc 04 fd 51 51 public key (32 octets): 79 fd 6e fb c1 92 04 40 aa 32 5c dc ea 3f
f0 de 0b da 04 02 75 dd 2f 07 10 5a 1c 7d 93 89 99 13 3c b7 07 8f ea 03 13 fa 76 6a c3 76 1e dc 62 ad 2c 31
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (186 octets): 01 00 00 b6 03 03 1d fe f2 73 b4 49 8b 2c payload (186 octets): 01 00 00 b6 03 03 82 97 3b d3 3b b4 81 f5
68 e0 44 af 2c 39 12 ca 6e 91 4b d8 88 f9 09 41 8b f4 8b a3 b5 37 de c6 5a cd 48 5b d4 bd aa 20 f7 d2 2f 68 0c 89 2f 68 45 06
75 a4 a1 00 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 51 a5 0e 00 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 96 33 5a 91 2f 9a 39 44 4c cc 04 fd 51 51 26 00 24 00 1d 00 20 79 fd 6e fb c1 92 04 40 aa 32 5c dc ea 3f
f0 de 0b da 04 02 75 dd 2f 07 10 5a 1c 7d 93 89 99 13 00 2b 00 3c b7 07 8f ea 03 13 fa 76 6a c3 76 1e dc 62 ad 2c 31 00 2b 00
03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d
00 02 01 01 00 02 01 01
ciphertext (191 octets): 16 03 01 00 ba 01 00 00 b6 03 03 1d fe ciphertext (191 octets): 16 03 01 00 ba 01 00 00 b6 03 03 82 97
f2 73 b4 49 8b 2c 68 e0 44 af 2c 39 12 ca 6e 91 4b d8 88 f9 09 3b d3 3b b4 81 f5 37 de c6 5a cd 48 5b d4 bd aa 20 f7 d2 2f 68
41 8b f4 8b a3 b5 75 a4 a1 00 00 06 13 01 13 03 13 02 01 00 00 0c 89 2f 68 45 06 51 a5 0e 00 00 06 13 01 13 03 13 02 01 00 00
87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 33 00 26 00 24 00 1d 00 20 96 33 5a 91 2f 9a 39 44 03 01 04 00 33 00 26 00 24 00 1d 00 20 79 fd 6e fb c1 92 04 40
4c cc 04 fd 51 51 f0 de 0b da 04 02 75 dd 2f 07 10 5a 1c 7d 93 aa 32 5c dc ea 3f 3c b7 07 8f ea 03 13 fa 76 6a c3 76 1e dc 62
89 99 13 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 ad 2c 31 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2d 00 02 01 01 06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 4c 22 f1 c1 22 00 9b 54 ae dc 6f 54 2e private key (32 octets): d6 8f 8d b3 5c 04 61 e2 5f 95 f6 23 04
98 01 4d a2 91 e6 f5 b8 77 03 67 5e 49 f6 10 06 ae 86 65 4b 61 bd a3 9d 08 f8 5c 64 43 50 a0 4d 57 d8 9c 66 7a ca
public key (32 octets): c5 4d 65 0c e2 52 6e 90 24 f2 a3 68 9e 3b public key (32 octets): c3 ec 4f 42 40 70 ce 83 c7 91 fa 32 8f e9
82 58 87 e5 82 b6 c0 e6 07 75 dd a0 bd 2f 8a 5b 6d 53 ae 00 96 ab fc cc 15 b9 aa ec eb f6 0b f4 8f 0b 0f 2e
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 40, line 13 skipping to change at page 40, line 13
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 49 a2 14 3a 0c 4b 7c a4 e9 c1 3a 6f 64 93 88 ec ikm (32 octets): a1 74 df 38 d7 a4 28 b6 2e 99 80 83 00 c6 8c e5
4d 34 87 b5 dc d0 68 37 bd 5c 41 23 a2 e0 1e 5b 5a 89 1a 80 74 d9 f0 99 56 78 eb 55 68 fe c5 07
secret (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 secret (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99
3e c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d 35 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 3e PRK (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 35
c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6
hash (32 octets): b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e ec hash (32 octets): 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72 f2
8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e 61 66 66 69 63 20 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72
ec 8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d f2 ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41
output (32 octets): 06 bd cc 2f 05 32 35 23 70 af 13 71 84 d5 66 output (32 octets): 80 e0 c6 f8 6e 1e e2 f6 dd b3 ea 30 a7 fc 72
31 4a cb 81 bb e1 d2 98 02 f5 78 ef 1e 43 72 26 35 22 3b 9f ed 27 55 5c 8d 41 f5 8f b2 db bd 4c 0d 09
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 3e PRK (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 35
c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6
hash (32 octets): b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e ec hash (32 octets): 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72 f2
8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 b4 76 d4 d5 07 36 d3 7a 2a ed 25 98 2a 10 6e 61 66 66 69 63 20 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72
ec 8c 28 f3 57 ef 19 8c b6 1d e4 a1 3b a2 78 1f 8d f2 ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41
output (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 output (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2
39 1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7 23 d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 3e PRK (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 35
c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 30 5e e3 40 d4 47 ef 6d 28 26 2a b4 9f 3a f7 output (32 octets): c2 13 d7 c8 ea f2 1c bc 9d 09 fa 15 85 c4 27
b0 2c e2 ff db c1 25 fb da 8a 36 45 f4 6f 79 04 e6 ac 96 c3 18 32 5c d3 3c 95 93 4f 6d e8 f9 28 50 e3
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 30 5e e3 40 d4 47 ef 6d 28 26 2a b4 9f 3a f7 b0 salt (32 octets): c2 13 d7 c8 ea f2 1c bc 9d 09 fa 15 85 c4 27 ac
2c e2 ff db c1 25 fb da 8a 36 45 f4 6f 79 04 e6 96 c3 18 32 5c d3 3c 95 93 4f 6d e8 f9 28 50 e3
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 secret (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb
56 ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee 7e ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 d8 ef 9b d4 2a f5 87 b5 27 payload (90 octets): 02 00 00 56 03 03 e1 6b 86 5e 76 5e 84 ba 47
30 bd c6 67 4a 66 bf e4 04 1a 57 ef de 4f 63 9c c2 4c 22 f9 e9 b4 2d f2 62 e3 8e 2d e6 1e 95 e3 75 3b ad fd 98 76 5c 62 98 4f
77 77 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 c5 4d 65 0c e2 28 d3 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 c3 ec 4f 42 40
52 6e 90 24 f2 a3 68 9e 3b 82 58 87 e5 82 b6 c0 e6 07 75 dd a0 70 ce 83 c7 91 fa 32 8f e9 ae 00 96 ab fc cc 15 b9 aa ec eb f6
bd 2f 8a 5b 6d 53 00 2b 00 02 7f 1c 0b f4 8f 0b 0f 2e 00 2b 00 02 7f 1c
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 d8 ef 9b ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 e1 6b 86
d4 2a f5 87 b5 27 30 bd c6 67 4a 66 bf e4 04 1a 57 ef de 4f 63 5e 76 5e 84 ba 47 b4 2d f2 62 e3 8e 2d e6 1e 95 e3 75 3b ad fd
9c c2 4c 22 f9 e9 77 77 00 13 01 00 00 2e 00 33 00 24 00 1d 00 98 76 5c 62 98 4f 28 d3 00 13 01 00 00 2e 00 33 00 24 00 1d 00
20 c5 4d 65 0c e2 52 6e 90 24 f2 a3 68 9e 3b 82 58 87 e5 82 b6 20 c3 ec 4f 42 40 70 ce 83 c7 91 fa 32 8f e9 ae 00 96 ab fc cc
c0 e6 07 75 dd a0 bd 2f 8a 5b 6d 53 00 2b 00 02 7f 1c 15 b9 aa ec eb f6 0b f4 8f 0b 0f 2e 00 2b 00 02 7f 1c
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 39 PRK (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 23
1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7 d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 44 f7 bd 7a d2 f2 13 b2 94 7b c7 29 be 6f key output (16 octets): 7b 12 04 e6 6d 4a cf 2d a4 da 5d 45 7e e9
b7 c4 97 34
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 38 29 95 dc ff fc c2 32 16 86 39 75 iv output (12 octets): 2b 44 e2 11 46 6b 55 23 7a 3a 47 82
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a CertificateRequest handshake message {server} send a CertificateRequest handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 39 PRK (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 23
1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7 d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): c7 68 70 3c 8c 1f 97 a6 f7 6c e1 62 ac 22 08 output (32 octets): 05 6f 63 21 21 b2 14 cd 48 f9 33 92 7b 7f 8f
c4 d4 72 f3 eb 2d 72 71 1c 0f 2f b7 36 de 45 3e b9 d7 6e f6 09 70 8e 2f dc 19 2c 2b 7b e3 eb 2b ce ed
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (510 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (512 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0d
00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08
04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02
0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 30 81 d5 a0 03 02 0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 30 81 d5 a0 03 02
01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 13 31 11 01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 13 31 11
30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 1e 17 0d 30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 1e 17 0d
31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 32 36 30 37 33 30 31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 32 36 30 37 33 30
30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 55 04 03 13 08 65
63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06
08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 30 16 15 75 f4 cf 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 30 16 15 75 f4 cf
e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 ee 62 ee 6e 2f 83 e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 ee 62 ee 6e 2f 83
ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 b5 6d 1f 04 ec e4 ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 b5 6d 1f 04 ec e4
5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 1a 30 18 30 09 06 5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 1a 30 18 30 09 06
03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80
30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 30 45 02 21 00 df 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 30 45 02 21 00 df
30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 69 3f ee ca 3b 71 30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 69 3f ee ca 3b 71
b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 72 50 d3 20 fe a8 b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 72 50 d3 20 fe a8
3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f ee 94 6e 51 3e 01 3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f ee 94 6e 51 3e 01
1d 11 00 00 0f 00 00 4a 04 03 00 46 30 44 02 20 30 e4 bf a4 27 1d 11 00 00 0f 00 00 4c 04 03 00 48 30 46 02 21 00 a9 92 34 f1
2e fb 5c 47 f7 a8 95 68 62 19 07 5d a8 59 00 a1 83 51 88 a7 dc 07 df ae ab bb 5c a8 f1 a1 1e a4 dd e9 4e c4 3c 9f c2 4f 13 9f
81 04 7e f8 18 40 02 20 7f af cb e9 ab db 07 6d 0d b8 ed 0e fe d9 85 02 0f ef 5b 37 02 21 00 88 2a c7 01 dc a9 a3 c2 4d dc 5d
2c 90 17 47 3d a6 99 4f e7 40 21 15 e8 3e d3 99 04 3c 7f 14 00 83 99 98 9d e2 bd da f1 cf 3f 4c f5 09 85 8b 19 63 b9 0e a0 98
00 20 ab a1 88 14 12 63 9b 3b 55 a5 c3 9b a4 57 c0 7f 44 92 b7 14 00 00 20 b5 66 19 91 b8 78 02 73 5d ea 1f 4a b1 c9 63 c3 39
64 74 0c 52 6d 57 9e 83 98 40 5b ec 1c 50 38 fc c7 e3 5e c4 86 2b 18 6e 89 2a 65 6f
ciphertext (532 octets): 17 03 03 02 0f e7 f9 f2 8e 34 e1 1e 5c ciphertext (534 octets): 17 03 03 02 11 e7 94 8e bf 77 b7 00 e8
23 32 33 8e 43 43 e3 2f e5 17 0e 24 cf d2 64 45 c3 58 79 45 3d 65 c8 90 a4 4a c7 f8 13 ed 92 eb 98 bf fc 81 3f 17 f3 b6 1c 18
2a 55 40 45 0f 90 73 32 b6 7b 7a 87 36 bd 32 29 39 c9 47 e8 ff ff 65 ba 73 71 1f e9 cb 00 bc 6a 52 f9 5a 64 02 3c ac 02 7a 68
5c 3a bb 07 ac b8 95 91 4e 0e 3e 2e 2e 3d 0e bb 71 b9 31 58 5f 0c 2e 09 a6 27 59 dc 2b 29 e9 a3 5a c1 05 6a 5b 80 ae c1 bd c6
10 6c 5b b7 f9 c7 8d 86 91 76 5c 52 7a bb 61 04 12 97 9a c3 6d 56 be a1 93 dc c1 5a 4a e2 65 0f 99 e2 55 94 87 83 78 0d 3e c2
63 22 cd e6 a4 64 38 c5 a9 ac b0 d1 96 15 4d a1 ec fe f3 d8 1c e2 98 22 f8 51 b8 95 bc 3d e9 51 65 2b f2 de 1f f1 11 c5 60 54
41 c9 9b 39 6a df 7f 47 b5 29 09 72 b6 e4 c1 73 94 af 05 06 f1 7c b5 64 17 74 ce 0a 61 66 c1 fa c0 60 3e 80 48 1b 79 e2 47 77
41 37 c1 b1 91 7c a5 f1 e4 da 3a 61 8b ea a8 63 c5 80 4e 1e 28 24 c6 76 da ea 61 2b 73 e6 36 34 0f 35 8d 0b 31 ad 2a a1 41 51
ce 2d f7 c4 3f 47 c4 6d c4 80 f2 1b 02 9a 62 b8 8a 57 58 8a 6d b1 e3 92 b9 39 4b 28 a5 59 d0 ce 23 79 cd 71 ad bd e9 d3 5a b0
67 8e 8d 3f 7f da f4 cf 16 18 b6 4d eb db fc 09 88 eb 40 92 ea 3e 7e 8c f1 a2 e1 09 a3 20 c6 77 9c dd 9c 34 4b c8 64 54 b4 db
10 bb 0e ec 14 8f 62 46 47 03 f1 15 50 8d 77 05 5d 42 df de 74 a2 37 1c 02 33 05 c6 7c ed c6 3a 81 b8 48 84 33 96 87 5c 41 6d
42 7e f6 89 c7 a6 5f ff 1c bf a1 2c 5e fa 2c e3 77 3d bf f2 a1 97 52 60 ab 5a 84 d8 c4 da f9 8f 53 b4 c4 db 2c 62 65 f3 93 79
ea 2f 28 1d 8c be 97 83 41 e8 1d 4c f0 81 01 7b 00 b2 1d 13 36 ee 57 4c 75 55 eb c3 7d 15 81 c4 70 7b 93 e1 ef b2 c1 06 cf 73
29 7c 99 19 6a 55 f9 c6 2f 78 04 dc fe 20 ee 03 34 ab 7b 52 5f 7d 40 46 e6 7b 9b 22 a2 96 1d d5 50 44 1b 1e 5f d9 0e 59 c6 0d
6a 67 f6 ed dc cf d3 32 af 0c e6 86 3e eb 0c b8 e3 2b f1 6a 24 b1 f8 5d fd 9d cc 29 52 55 42 a3 e9 1b 96 23 6c 8d 80 1c 0c 6f
84 ad 1d c6 de 4e 3a b3 ad 78 43 04 fc d2 62 65 b4 ef 5f ac d6 e7 3e 7f e2 4f 7a 39 42 75 7b 6f 66 1b 76 cb d6 b6 05 5c ed 9e
6e 21 87 30 b2 b4 98 06 fd 75 e5 e1 a9 e8 9e 70 06 7b 9b fa b4 19 8d d3 39 20 bd 31 3b 46 28 94 58 9d ff f7 6c 2a 90 4c 42 68
52 9e 01 7c 04 72 21 d8 99 77 d3 cc 25 b1 be 85 5c ae e1 bc 5d ec a6 da c0 8f 2c d1 d8 34 0a a1 d3 29 3c 24 c7 9a 1a 70 63 3e
e8 20 9a 37 75 c9 79 2c 78 00 a7 6f 62 c2 24 b8 90 9c ff bd 94 4e e4 7b c2 48 b5 a6 79 97 09 57 ab fc 54 ab 15 27 d3 19 2d 3f
d7 c8 38 f4 d9 5e 2c a6 d2 6e 8e ae 0f 0c 7b ac f3 85 1c 31 1f e8 b8 ef ce 6b 5c e2 03 4e b0 2f 65 ee 8b e1 71 a7 4a 25 07 81
b1 fd 0c 19 72 80 61 8f 43 c5 ed ba b5 d3 6d 50 59 cb 7a e5 04 40 74 54 5e af 76 6d 5e ea 0e 26 89 64 54 9a 6e bd f5 57 c1 65
f4 cc 2d 42 f9 81 83 eb eb a6 e3 70 35 d6 bd 45 fc 64 f3 50 ef bc 2a e5 7a 65 af 5e 65 e4 4f 68 2c 0a 84 d2 6f 29 74 b5 6e 6e
15 6e 7e e0 15 ce 0d d6 c8 9e 23 0b aa 54 33 5b 46 0c fd 04 3b f2 ee 1c 1b 8d 50 64 d7 dd 08 0a 9b e2 95 6c 14 61 e8 30 20 29
21 cc a2 66 72 2c c6 4b 92 e8 67 42 a9 51 67 c7 88 4d fb 61 f8 ee 4c 92 d9 99 00 8e 10 72 42 fa 04 51 ed 3e 38 b2 87 c8 88 0e
88 90 4f 73 1e f8 3c 52 4d f9 27 18 86 06 89 8b ea e5 2d 87 88 bb a3 be 63 a3 10 fd de c4 7d 6f 2f ab cb 66 b4 1f 1d 4f c4 88
98 d1 88 29 2e 39 fa 15 73 7f f2 85 43 59 b0 92 54 e2 8f 3e 54 06 ce 1d 5c 86 31 bc eb c3 17 20
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56 PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e
ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa
hash (32 octets): eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8 hash (32 octets): cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66
80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 61 66 66 69 63 20 cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a
b8 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56 66 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df
output (32 octets): a7 95 27 3b d4 3f 76 6c 34 b0 dd 5e 57 12 9d output (32 octets): f3 15 86 72 b5 85 df 78 19 1e 40 82 60 f7 9c
cb 6a 62 53 d4 25 39 69 f8 43 fc 64 db fb 4d e8 d1 20 42 3f fd 5f a7 20 1d de 0a 28 87 92 ad 57 c7 9d
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56 PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e
ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa
hash (32 octets): eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8 hash (32 octets): cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66
80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 61 66 66 69 63 20 cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a
b8 80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56 66 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df
output (32 octets): 92 e7 e7 04 3b 35 7d 6c a6 ca ba 36 0e f1 4f output (32 octets): ac 6b c7 af 48 49 1d 9d c2 43 96 50 39 5d 90
b9 c6 f8 0b f2 f4 b4 26 f2 e5 8d 62 96 79 b7 41 aa 1e 5b a8 20 5c 2b 83 d4 70 0a d9 a0 ce 68 8e 77 3e
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56 PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e
ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa
hash (32 octets): eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8 hash (32 octets): cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66
80 16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 eb b3 96 15 37 1e 46 21 1d 85 43 f4 0b c5 05 b8 80 74 65 72 20 cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66 59
16 8c 02 d3 d8 37 ca 46 58 5a 19 98 b0 34 56 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df
output (32 octets): ae a4 f5 ae fb fd 28 fd 24 34 e1 75 96 b2 98 output (32 octets): 49 d1 b4 ea 60 2f 70 7c 8f 42 26 b7 47 53 64
21 65 bc fd db cb 01 8f 22 81 2f 1d 1e d9 37 08 ac 53 9e d2 68 e7 bc 38 a6 b7 41 ed dc 99 82 1e 61 b9
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 92 e7 e7 04 3b 35 7d 6c a6 ca ba 36 0e f1 4f b9 PRK (32 octets): ac 6b c7 af 48 49 1d 9d c2 43 96 50 39 5d 90 1e
c6 f8 0b f2 f4 b4 26 f2 e5 8d 62 96 79 b7 41 aa 5b a8 20 5c 2b 83 d4 70 0a d9 a0 ce 68 8e 77 3e
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): b5 02 c5 17 59 fd 20 90 ef 80 f0 b6 d5 3d key output (16 octets): d9 97 d8 a3 91 e7 d4 a3 9e ab 6f 92 58 8a
1d 06 4b b0
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 19 46 48 8e ca 45 0f 53 3b eb 59 3e iv output (12 octets): 3e 38 3a 26 9e c2 af 30 4e bb 67 55
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 06 bd cc 2f 05 32 35 23 70 af 13 71 84 d5 66 31 PRK (32 octets): 80 e0 c6 f8 6e 1e e2 f6 dd b3 ea 30 a7 fc 72 22
4a cb 81 bb e1 d2 98 02 f5 78 ef 1e 43 72 26 35 3b 9f ed 27 55 5c 8d 41 f5 8f b2 db bd 4c 0d 09
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 72 ff ef 49 b3 34 ca dc c9 bf ec ee ae 2f key output (16 octets): 0f 26 6c ef 4e a6 b6 37 11 64 5d a5 43 f8
7e d5 30 41
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 6b 89 8b 86 fe 32 91 19 81 ef 9f 03 iv output (12 octets): ed 85 15 18 dd 0d 97 5e d7 70 a4 79
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 45, line 41 skipping to change at page 45, line 41
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 49 a2 14 3a 0c 4b 7c a4 e9 c1 3a 6f 64 93 88 ec ikm (32 octets): a1 74 df 38 d7 a4 28 b6 2e 99 80 83 00 c6 8c e5
4d 34 87 b5 dc d0 68 37 bd 5c 41 23 a2 e0 1e 5b 5a 89 1a 80 74 d9 f0 99 56 78 eb 55 68 fe c5 07
secret (32 octets): f4 58 19 79 77 70 fb 25 ec e8 ec 05 ce 3a 97 secret (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99
3e c3 30 47 00 5c 29 fd f8 b0 3d 35 73 ba 3b 8b 6d 35 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): bb 5b 26 0b 1a b5 ab eb 1b 23 63 39 ad c3 90 39 PRK (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 23
1e dc 93 38 80 54 eb 6b d6 87 79 d1 38 40 61 f7 d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 44 f7 bd 7a d2 f2 13 b2 94 7b c7 29 be 6f key output (16 octets): 7b 12 04 e6 6d 4a cf 2d a4 da 5d 45 7e e9
b7 c4 97 34
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 38 29 95 dc ff fc c2 32 16 86 39 75 iv output (12 octets): 2b 44 e2 11 46 6b 55 23 7a 3a 47 82
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
skipping to change at page 46, line 40 skipping to change at page 46, line 40
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} send a Certificate handshake message {client} send a Certificate handshake message
{client} send a CertificateVerify handshake message {client} send a CertificateVerify handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 06 bd cc 2f 05 32 35 23 70 af 13 71 84 d5 66 31 PRK (32 octets): 80 e0 c6 f8 6e 1e e2 f6 dd b3 ea 30 a7 fc 72 22
4a cb 81 bb e1 d2 98 02 f5 78 ef 1e 43 72 26 35 3b 9f ed 27 55 5c 8d 41 f5 8f b2 db bd 4c 0d 09
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 87 1c e8 63 61 9c 37 09 02 b2 fc aa 08 16 68 output (32 octets): b8 55 e7 3a ba 6f 0f 8e 02 45 0a 15 be c7 96
db 0f c5 32 8b bc 3f 0e df 74 66 01 e3 ad e7 d2 a2 d8 47 8c 75 ae 7e 00 bc 05 b1 45 39 a2 ed 9b 68 a5
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01 payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01
b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86
f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63 f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63
6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39
5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30
0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09 0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09
skipping to change at page 47, line 28 skipping to change at page 47, line 28
9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0 9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0
28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02
30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86
48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22
af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d
c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be
2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0 2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0
c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17 c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17
bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f
78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84 78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84
08 04 00 80 8c 72 81 c7 26 a8 cb 2e 3e 17 d1 22 7f 3a 56 77 69 08 04 00 80 0b de ba ae 67 e8 1c 4f 30 0d 83 1b 21 b4 8c f3 cb
f4 31 a0 9c e1 37 f9 18 83 11 6c 53 4c d2 09 89 40 27 9b a9 1d bf 81 af be 3e b2 0b dc 44 e8 83 7b ed cf 85 8f 8d 0e c0 56 29
dc d7 17 7f 71 70 59 43 1b d6 c5 0b 24 77 7f 55 6d 2f bf e4 8d f2 ba 93 26 00 7a a5 f9 bc 24 39 b3 d8 41 60 8e bf df f3 87 d8
c4 b9 6c 6b 5f bd cb 4c 57 5a 58 88 98 c6 e1 48 ef 5f af dd 2c 60 a9 77 28 53 25 65 2f 61 a4 64 13 d2 e3 8c a3 39 d1 70 a7 5e
1f ee a5 3f 56 72 f0 aa b4 1f 9a 22 cb fa e4 e0 8b 29 5b 14 99 fc 2a 83 6e 91 19 ad 14 17 16 13 2d 3c 0e a5 3c ce c3 c2 32 ad
c4 71 a8 6a 86 65 55 92 f0 f6 a0 43 d3 fd 84 05 0e 7b b4 b7 6f 13 b3 fa 67 09 80 14 48 58 aa 84 d2 b5 e0 05 df 25 b6 78 07 73
9f 26 76 c7 12 9a 14 00 00 20 34 ef 9a 48 bb 59 75 19 12 14 15 59 88 91 b6 56 04 14 00 00 20 45 88 6e 7d 4d 30 f1 3d 16 30 a7
7f 60 73 9f 40 9a a4 f0 0b 68 b7 9e 1d ee d2 91 e5 09 76 32 df cf 54 51 37 be fa db 8e 8e b4 f4 c1 08 c1 69 4b cf 09 45 9f 17
ciphertext (645 octets): 17 03 03 02 80 bd 53 8f 8a 51 8e 53 29 ciphertext (645 octets): 17 03 03 02 80 4f 18 6c 35 49 64 14 72
91 44 38 97 42 f7 be 7c e8 d5 cc bc dc 49 7e 99 7e fb eb 45 60 cd a8 6a 17 ea 94 2e ac dd 1f cb b9 3e 73 49 21 c1 a9 63 5c 86
ae 3f ac ab 2f 07 82 53 1a 3a ed 15 9b 74 88 41 04 dc 95 9b 90 32 8e 85 9f ff a3 ac 41 92 6a 3a cb 7b c6 3a 66 dc 4f 66 68 65
63 7d 8c f5 a6 24 25 d5 f3 b7 16 57 6b b3 c0 13 99 92 62 0b 91 57 fe 0a d0 f3 94 1f 07 98 45 95 b9 7c 91 d1 fd 43 df 76 23 36
ee 02 fa 02 32 3c 8c 3e c9 e6 a6 d1 cc 3b 4a e1 37 94 38 da c9 0a da 56 5b 44 fc a1 2d fa a2 99 f6 64 55 cf 1c 86 24 54 70 d9
17 39 8d c9 5c 33 94 19 f7 b4 c0 a8 4e 04 73 af 06 50 4d dc e9 b7 b4 5b 8a b5 ff 6c 65 d5 6e 8e c8 8c ee 82 e8 ff 6c 8b 2c de
df 3d 7e b5 a5 3e dd 17 8d 2a 4f 83 c9 2f fa d2 3e 8c 28 a6 17 e3 cd 65 a7 a6 5c 58 07 b4 d7 cb c1 ed 85 82 e1 7d 8a 58 75 99
94 f3 c8 45 96 b1 77 0e c5 b4 ec 1f a4 0a 06 8c e0 40 61 dc 80 f8 ae ef 84 41 71 95 35 7e d2 6c 86 9d 2c 03 ee ae 50 d6 33 6a
1b d0 d3 a7 d0 73 10 0d c6 e7 42 7d aa 0c 9b 8d 2f 4e 16 c4 e4 27 fa 29 d4 05 51 c3 ef 6c c3 f7 6a 09 32 dd f2 50 22 a3 2b 64
3c 84 16 22 b4 ae e1 5e c7 e3 3a c1 b6 4f 74 85 7e 89 82 f8 85 36 ac 4a 1a a1 59 7f a6 10 83 da 75 d2 47 39 b0 0d 10 d3 45 2e
3d 9a 5e 36 96 9d ad 26 08 b6 88 1f cc 27 a7 39 aa 29 9a ce c4 e3 0d 92 f4 f5 87 fc f0 c3 cf 43 2d 3c 8e 4b 4f 6d 4d df 45 e1
73 f7 d9 f5 73 4e 5b 24 d9 57 30 4a a5 6b 06 1c be 70 b5 0f 3f 24 04 73 01 87 90 b2 a0 09 91 e0 0a 5c 41 75 99 23 d8 9d c7 6c
20 3a d1 64 ca 62 76 7d 9d 2b 7c dc 7c ce 9d 05 df ec 43 dc a6 cd ba 57 fc a3 84 df 91 d9 b1 67 c1 70 58 b8 ad 7b 4a 92 8d 6f
9a d4 2d f5 7a 09 3d 0a e0 b6 e0 a9 40 dc 0e dc 04 27 8c ae fe 2a fe 68 f9 7a 82 e3 50 2a 63 48 1b 50 cf 7b 11 e5 ce 21 65 4a
f8 ec 26 8f 29 5c 9c cc 76 3e 38 f2 f1 e1 dd 7f d6 14 17 b6 aa f0 b5 1e 13 aa fe 1f fc 02 f4 0e a0 d1 a4 64 cb bf 4d 99 91 2c
bc 31 a1 94 0b 96 1e ba 3e 85 cd 58 23 fa e7 28 99 9d ec f1 b0 27 f4 d8 0f ca ad aa e7 8c 1d fc 56 5c da 59 e6 74 1a 27 aa 82
7c cc a4 72 94 88 f1 c7 d1 ab e2 56 88 17 ad 19 4f 71 f5 16 cc c2 4f 04 76 00 65 19 4f 62 a5 7c 2b 79 1e 57 4c 56 70 c5 82 f5
30 28 fa 6e 38 a1 8f 40 e3 bf 68 41 88 84 c6 94 5a de 07 51 b0 dd 33 3f 36 83 ed d8 97 11 57 94 d0 78 6e 4e 25 8c cc 6c 75 e9
ab fe 09 d5 1d 4e 3b d9 95 b5 50 b5 da 84 61 79 30 a5 98 89 19 3d 33 ee c4 dd 61 7f 63 35 e0 aa eb d5 08 8c 24 d6 ad 03 15 8a
56 3d 2c b2 96 ec d9 1b a6 cd d1 09 1c ff d8 d9 14 b3 78 1a 43 b9 8e bb 0b 3a b1 cc d4 03 41 2a 56 0a 38 eb b6 69 53 05 9b 93
3e e7 67 03 19 ca ed 45 d5 83 de 8b 66 b3 49 3e df 82 bc d9 14 e0 c1 d3 ad 81 5f 3c 00 3f e4 5a 5f 07 c1 fd 71 7b 29 95 81 56
ba ce e3 06 22 2a 3b 34 de 7f 1c a4 85 7b 9c 9d 19 72 b9 7a a8 99 8e 91 95 7f 6c c0 ed 13 84 c9 59 3d 2b 7e 7a 4f 67 2e aa f0
26 34 01 be db 19 3b 20 1d f8 dc 33 e3 e9 d6 a6 b8 b0 bc be d3 ad db 58 10 a0 0c 27 0c 25 56 55 dd 38 d3 90 18 5f 96 e8 1e ea
02 36 08 9a 19 7d 18 8f 21 a0 72 ec 42 7e 5a b8 e5 62 3c 4c 2e fa 16 c7 02 9c 95 9c 4a e9 bb 1e b6 fc b5 22 a1 b6 75 17 2e 4c
84 ad 88 91 ff 9f b1 68 69 a3 69 63 0d a6 5b f5 0d 4a 6c 92 fa 02 5c 31 57 a6 75 6e b3 ee e3 9e 6a ef 59 32 97 f1 6b 8f 19 68
fc 7d 3f b3 00 7e dc b7 7b 55 82 9f 06 ac 49 9f 6a 9b 2a 26 9d 59 e3 0a 83 06 6f e3 b5 4f 87 aa 72 b5 52 76 58 e5 ea 6e 11 c1
a0 ef 27 67 29 c9 37 84 db 6d 0c 81 e7 d6 2a e6 8a d5 c5 6a db 72 17 02 6a ae 62 b7 f8 91 9a cc 40 d9 1d 50 ae c2 cb b8 3f cf
21 40 a1 1a 6a ed 8c 35 e7 9f ab 13 5d 37 79 d9 9e 9f 8e a4 58 1b 51 96 3c 08 57 9f 07 b6 e2 04 e4 a2 c0 36 48 64 1c 1d 0d bb
c7 7f 9f 15 f1 53 7c 4c 16 25 fb f3 d7 6c d1 a2 d9 e5 39 a0 34 e8 62 8b bc 61 b6 0c 7a 22 4a 88 11 39 f7 0c 58 47 1b 3b 54 4d
26 70 9b 69 32 33 2d 66 76 c4 e6 71 0a 73 d8 1e e5 57 c4 39 81 0d 3a b7 ef 6d b7 fd 8b 3a 4b 10 24 54 c8 08 c2 cd 95 ed a0 93
99 7d 89 74 c2 51 b4 d5 4f 4b cd bc 61 a8 fc c4 a0 d3 ba a6 c0 62 84 8f e3 0d 63 1f 34 f3 cf 8e 4a 6d 49 aa f6 2c 64 d8 8d 1c
a6 0a 70 d4
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): a7 95 27 3b d4 3f 76 6c 34 b0 dd 5e 57 12 9d cb PRK (32 octets): f3 15 86 72 b5 85 df 78 19 1e 40 82 60 f7 9c 20
6a 62 53 d4 25 39 69 f8 43 fc 64 db fb 4d e8 d1 42 3f fd 5f a7 20 1d de 0a 28 87 92 ad 57 c7 9d
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 99 a9 9b 02 57 00 7a b1 61 ba cf 9d e9 80 key output (16 octets): 5f 75 27 06 1e 34 51 95 77 55 81 e4 ea 5a
30 5b 1d 62
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 4a f0 6c c7 ce be e4 bc ff e2 0d 0d iv output (12 octets): f1 59 e4 60 d3 df 3c 5e 2b d7 bc 9e
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): c5 e8 54 45 75 ea 22 fb 0b 25 bc d1 72 1c c7 56 PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e
ed 94 9c f7 7c 56 d4 24 b6 d2 eb d3 4b a7 4c ee ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa
hash (32 octets): 52 fc a8 f6 61 6c 96 7f 0e 93 42 dd ab 79 03 1d hash (32 octets): aa 82 ed e5 08 e5 40 e0 d5 ee 0e 67 69 89 c0 8c
64 cf 07 e3 56 f4 75 13 33 1c 37 05 61 94 9b ff 66 01 a5 e5 c3 b4 fe 34 31 79 71 ce 9b 69 4b e6
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 52 fc a8 f6 61 6c 96 7f 0e 93 42 dd ab 79 03 1d 64 74 65 72 20 aa 82 ed e5 08 e5 40 e0 d5 ee 0e 67 69 89 c0 8c 66
cf 07 e3 56 f4 75 13 33 1c 37 05 61 94 9b ff 01 a5 e5 c3 b4 fe 34 31 79 71 ce 9b 69 4b e6
output (32 octets): 8b 90 6f 3a d8 2d ba 92 f6 b9 ad 03 7f 71 e3 output (32 octets): ba 54 7d 20 f6 13 f6 8e f2 11 96 e4 c6 89 f4
f4 70 eb f4 63 68 7a 2c 92 ec ee ca 3a 22 52 be af 36 24 db ac 5c 2c 20 f4 22 f6 a8 39 e2 80 a1 8e 7d
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 43 c0 93 e4 62 a8 18 6c fe ciphertext (24 octets): 17 03 03 00 13 c5 1d 97 36 4e 8d 18 be 9e
a7 1e 94 46 ff ba bd e7 3b 79 79 eb a9 7b 85 3f 3b 34 d6 01
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 8e d0 6a 3a 56 ab b0 fb 05 ciphertext (24 octets): 17 03 03 00 13 79 be 79 28 e0 e0 62 2e 48
04 ed 3b 3f f9 1d 8c 93 77 8e e8 bc 9f 09 93 ac 02 98 b9 f6
7. Compatibility Mode 7. Compatibility Mode
This example shows use of the handshake with the client requesting This example shows use of the handshake with the client requesting
that the server use compatibility mode as defined in Appendix D.4 of that the server use compatibility mode as defined in Appendix D.4 of
[TLS13]. [TLS13].
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 90 d4 67 c3 48 e3 d2 4d 7e bb 3d d0 4c private key (32 octets): 9a 71 27 21 33 44 89 32 c6 de c0 d4 39
46 16 9a 16 bb 64 ec 6c d3 4d 56 45 ee ac 7c 2f 02 c9 b5 a6 e2 94 09 22 79 c6 f7 bf d5 89 33 14 b4 a7 70 18 3e 37
public key (32 octets): 17 6f 7c 2d 12 36 9d 89 37 4c ae 31 9c 36 public key (32 octets): 55 34 3a 1d 8d 02 64 b0 78 f1 6d 70 39 f6
34 ca 43 0f 82 d6 89 60 90 9b ef 1d 87 ad 1e 9d 32 32 9b c9 4e a9 f2 ee 26 f3 51 91 6d 37 d9 73 aa 38 79 03
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (218 octets): 01 00 00 d6 03 03 54 dd 27 fd c8 0f 86 ea payload (218 octets): 01 00 00 d6 03 03 93 ee 06 65 40 d4 cf 08
a7 d3 79 87 46 73 58 44 60 31 0f 38 aa ec 8f e9 3d 6c 32 b8 c0 fa e8 b4 86 09 f8 f5 29 d0 64 f2 bc 65 28 ab a7 3a 40 46 0c 82
0b e1 9c 20 ae 8b b2 af 77 86 0c f6 9d 70 e9 70 b6 29 81 c5 25 0d 86 cd 20 ed db e1 46 86 5a 29 31 2b 13 c7 4d 56 4e 43 6c 3c
56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86 00 06 13 01 13 03 a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db 00 06 13 01 13 03
13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72
ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00
01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 17 6f 7c 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 55 34 3a
2d 12 36 9d 89 37 4c ae 31 9c 36 34 ca 43 0f 82 d6 89 60 90 9b 1d 8d 02 64 b0 78 f1 6d 70 39 f6 9b c9 4e a9 f2 ee 26 f3 51 91
ef 1d 87 ad 1e 9d 32 32 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 6d 37 d9 73 aa 38 79 03 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e
04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
ciphertext (223 octets): 16 03 01 00 da 01 00 00 d6 03 03 54 dd ciphertext (223 octets): 16 03 01 00 da 01 00 00 d6 03 03 93 ee
27 fd c8 0f 86 ea a7 d3 79 87 46 73 58 44 60 31 0f 38 aa ec 8f 06 65 40 d4 cf 08 fa e8 b4 86 09 f8 f5 29 d0 64 f2 bc 65 28 ab
e9 3d 6c 32 b8 c0 0b e1 9c 20 ae 8b b2 af 77 86 0c f6 9d 70 e9 a7 3a 40 46 0c 82 0d 86 cd 20 ed db e1 46 86 5a 29 31 2b 13 c7
70 b6 29 81 c5 25 56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86 4d 56 4e 43 6c 3c a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db
00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06
73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17
00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00
1d 00 20 17 6f 7c 2d 12 36 9d 89 37 4c ae 31 9c 36 34 ca 43 0f 1d 00 20 55 34 3a 1d 8d 02 64 b0 78 f1 6d 70 39 f6 9b c9 4e a9
82 d6 89 60 90 9b ef 1d 87 ad 1e 9d 32 32 00 2b 00 03 02 7f 1c f2 ee 26 f3 51 91 6d 37 d9 73 aa 38 79 03 00 2b 00 03 02 7f 1c
00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04
01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 50 16 8d 5c 6e 6c a8 2d 2a a3 35 ba ae private key (32 octets): 42 05 eb 84 23 9b 8c e9 4a 18 f3 d6 22
c1 bd 59 f5 19 94 ee 4a d9 79 86 5b 3d fa dc 3c 71 aa 22 4d 52 23 a5 1a 3d 56 74 18 c2 43 11 96 15 56 56 81 8b 35
public key (32 octets): 37 69 88 a2 1d dd bc 38 a2 e6 fc de 82 33 public key (32 octets): 3b ae b0 1c aa 0c 5c 3f e5 06 3e 42 b2 6a
7a ff e6 79 a3 9c 3f e3 fb 5a 29 f9 5f 9f e8 e5 a0 42 f6 f5 ba 95 83 7d 54 29 3f 4d 9a 33 36 b9 9b 35 bd 05
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (122 octets): 02 00 00 76 03 03 21 c5 c5 ee bb d5 fc 32 payload (122 octets): 02 00 00 76 03 03 5a 34 53 70 5a ec 8d 6f
cd 26 52 41 8e 6d 51 4b da df d0 51 e5 d4 37 e0 bf 0c 0a 31 8d 89 e7 1f 60 d2 86 6d 82 3d e9 64 f1 00 1e c1 20 32 f8 00 c0 16
30 a4 b7 20 ae 8b b2 af 77 86 0c f6 9d 70 e9 70 b6 29 81 c5 25 0d e6 a8 20 ed db e1 46 86 5a 29 31 2b 13 c7 4d 56 4e 43 6c 3c
56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86 13 01 00 00 2e 00 a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db 13 01 00 00 2e 00
33 00 24 00 1d 00 20 37 69 88 a2 1d dd bc 38 a2 e6 fc de 82 33 33 00 24 00 1d 00 20 3b ae b0 1c aa 0c 5c 3f e5 06 3e 42 b2 6a
7a ff e6 79 a3 9c 3f e3 fb 5a 29 f9 5f 9f e8 e5 a0 42 00 2b 00 f6 f5 ba 95 83 7d 54 29 3f 4d 9a 33 36 b9 9b 35 bd 05 00 2b 00
02 7f 1c 02 7f 1c
ciphertext (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 21 c5 ciphertext (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 5a 34
c5 ee bb d5 fc 32 cd 26 52 41 8e 6d 51 4b da df d0 51 e5 d4 37 53 70 5a ec 8d 6f 89 e7 1f 60 d2 86 6d 82 3d e9 64 f1 00 1e c1
e0 bf 0c 0a 31 8d 30 a4 b7 20 ae 8b b2 af 77 86 0c f6 9d 70 e9 20 32 f8 00 c0 16 0d e6 a8 20 ed db e1 46 86 5a 29 31 2b 13 c7
70 b6 29 81 c5 25 56 65 9d 47 33 c2 ab e8 54 86 3e fe 09 ea 86 4d 56 4e 43 6c 3c a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db
13 01 00 00 2e 00 33 00 24 00 1d 00 20 37 69 88 a2 1d dd bc 38 13 01 00 00 2e 00 33 00 24 00 1d 00 20 3b ae b0 1c aa 0c 5c 3f
a2 e6 fc de 82 33 7a ff e6 79 a3 9c 3f e3 fb 5a 29 f9 5f 9f e8 e5 06 3e 42 b2 6a f6 f5 ba 95 83 7d 54 29 3f 4d 9a 33 36 b9 9b
e5 a0 42 00 2b 00 02 7f 1c 35 bd 05 00 2b 00 02 7f 1c
{server} send change_cipher_spec record: {server} send change_cipher_spec record:
payload (1 octets): 01 payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01 ciphertext (6 octets): 14 03 03 00 01 01
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
skipping to change at page 51, line 33 skipping to change at page 51, line 33
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 18 5a df 44 30 f3 14 a4 a4 04 47 0e 5d d5 45 35 ikm (32 octets): 9f 52 3e a8 87 a4 46 5a 4f 16 49 f9 fa 1f b1 60
b3 cb 4f b7 9f 75 da 58 b6 fa f7 e2 cf ff f0 36 84 f4 ae ff 99 e4 55 ca 1c 41 bb f0 08 3f 5d 0d
secret (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e secret (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b
6d 1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9 e5 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e 6d PRK (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b e5
1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85
hash (32 octets): b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6 94 hash (32 octets): 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb 55
cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c 4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6 61 66 66 69 63 20 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb
94 cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c 55 4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd
output (32 octets): 4b 4c d4 8c 4f 39 9c 05 77 bd 73 11 5b b5 12 output (32 octets): 00 0f 13 8f 78 2f 68 a0 95 23 56 27 e0 bf 6d
f1 af 4e 3c 65 fa da 60 d5 24 6b 3e 64 b5 7d c5 ec 89 ca 95 33 9a 43 83 b5 f0 a1 54 e5 d3 1b ae dd bf
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e 6d PRK (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b e5
1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85
hash (32 octets): b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6 94 hash (32 octets): 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb 55
cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c 4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 b3 8d da d9 ff b9 64 09 bb de 07 05 47 b4 c6 61 66 66 69 63 20 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb
94 cc b7 9b 4a ed a1 71 a4 6f 09 2d 79 ae fb e7 4c 55 4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd
output (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 output (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40
8c 65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd 55 99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e 6d PRK (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b e5
1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 42 60 f4 bc 75 60 30 9b de 27 31 79 f9 2c 94 output (32 octets): 58 bc 54 77 72 31 e8 db 87 75 4a 9d bd ed d4
f1 13 e3 10 02 fb ba b3 b3 17 98 a3 05 04 10 e2 33 c1 1d b9 4e ea 7e cd 20 f0 16 4e e8 bb 6d 61 40 a7
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 42 60 f4 bc 75 60 30 9b de 27 31 79 f9 2c 94 f1 salt (32 octets): 58 bc 54 77 72 31 e8 db 87 75 4a 9d bd ed d4 c1
13 e3 10 02 fb ba b3 b3 17 98 a3 05 04 10 e2 33 1d b9 4e ea 7e cd 20 f0 16 4e e8 bb 6d 61 40 a7
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 secret (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30
91 ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b 10 09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 8c PRK (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 55
65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd 99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1e f6 3e cc 95 0c e3 96 b0 11 16 ad 52 35 key output (16 octets): 87 7d a8 47 c3 41 75 bb 28 cb d2 8d 0d 02
3f f1 e9 98
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 73 ab 6b 2d c5 8a 11 fd 05 70 4a ce iv output (12 octets): 9c 82 74 92 f8 a5 87 6a 42 85 42 55
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 8c PRK (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 55
65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd 99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 37 10 db 07 3f 25 97 e5 f6 0f cb 4b 14 df bb output (32 octets): df b8 1d 7b e3 86 4f f9 93 fd 55 87 e1 27 f7
ff 45 1e 50 c4 af 44 24 c2 6b 04 55 f1 de 1f 14 41 1d f5 cd 12 19 a0 c7 77 d7 01 ee ba f7 f1 0a 46 98
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b
00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02
01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36
skipping to change at page 54, line 11 skipping to change at page 54, line 11
d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28
a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09
06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05
a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85
aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a
7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31
9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e
67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e
b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40
9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d
e1 00 00 0f 00 00 84 08 04 00 80 58 c8 c3 2b e7 b4 d2 a7 42 2b e1 00 00 0f 00 00 84 08 04 00 80 38 58 68 8e 9e 7b 4e e9 95 84
f3 32 1d 0b dc 63 4c 8e 54 7e 12 0e 57 f8 90 ac 3c 2b 93 b1 c9 b2 b0 36 c6 01 b0 f4 10 17 ce 41 da 33 a6 40 4a 61 3d 5c 40 b5
9d 36 4b 9a 59 9e ad f4 cb 17 50 22 2f 65 61 aa b6 b6 89 10 15 64 f1 e6 20 fa c0 f7 d5 4c 26 c9 7f f3 d9 a5 26 b4 a0 50 f1 16
eb 6b 27 4c 21 72 4a df 97 f0 00 ff 03 de 8f 14 24 53 28 5f b4 40 d6 e7 1f ec cc 07 e6 06 98 ba 60 5d 58 d2 6a 20 d6 6c 38 06
4b 7e 65 96 7c ea 58 74 3e a1 cb 7a 28 62 d0 18 12 64 6b ff 50 7d 65 c9 c6 78 41 18 10 c5 28 f4 a6 76 8b aa 0f df ca 98 f4 fb
04 9e 5b e1 ea 5d c3 50 ed 7e 53 a4 38 5d d3 f0 aa dc e4 bc ec 47 29 0e f5 a6 3e cd a3 70 a3 bc 9c 79 55 17 08 4a 86 e2 93 02
9d 64 8f 82 0d e1 3d da e4 2f 9f 96 20 14 00 00 20 ed 0a 13 2e 66 32 45 8d f4 ea 7b dc b8 2d f7 d5 9e 14 00 00 20 bc 28 ae 92
5f e8 fb 5b 43 aa aa 7b ab 9e 46 34 63 64 11 0a 1b 25 33 75 ab 94 56 be 73 73 cf b0 58 e3 ba e0 70 f0 52 e2 57 0d 2e 77 dc 07
fc 6d ea 46 ef 91 c0 2b 7e 85 52 23 5f c5
ciphertext (673 octets): 17 03 03 02 9c 1e 4e 15 9f 57 8e 9d 1d ciphertext (673 octets): 17 03 03 02 9c 2a 03 4f 82 98 74 ce 19
73 88 13 e5 1b e1 89 ea 1c 80 1b 85 ab bc 4f 0d 52 92 7f aa 30 68 38 bd 4a 5a 84 1f 5f ed 01 22 3e d0 a5 6d 12 e5 9c 73 11 60
6c 04 e6 7f a8 02 ab 02 38 56 18 aa 0e b3 d1 af a0 84 62 ec f3 75 5b a2 6f 31 27 e1 b7 eb bd c8 f7 7c 01 d5 be de 64 92 bc f4
a0 04 a5 f2 dc 51 be 25 10 8f dd d6 38 92 04 88 3a 39 bd f1 0d c5 86 a9 85 a3 89 de 5a 7b 4f 8a e3 49 0c f8 95 0e b6 ec d1 a9
bb de 5f 33 4a c5 bf 11 85 86 de c0 38 2d cf 00 b2 69 13 8a fe 02 3a 98 27 1a 5e fc f8 dd e9 cc 52 8e 9a 8e 33 99 7f 51 52 13
27 28 37 0c c1 9a 3d 58 12 4c b1 99 be b9 7c a0 a8 a9 ab af 01 14 b5 c5 c1 19 07 67 8f 99 0c 59 b2 01 fe 58 81 e8 5c 75 fa a1
c2 38 f2 9c 45 b5 30 28 f8 d8 d2 2a 49 0b d8 2c f2 53 3a 76 72 85 97 7c 1e cc b6 1c f9 7f 92 83 bb b9 26 f4 02 06 dc ef 51 e3
4d 67 d8 a7 2a b0 fb 94 53 63 fb 92 4f 8c a5 e1 32 e6 b3 3c 85 2b e3 0f b6 ae c4 9e 1d db c3 af d0 fb 9f 1b aa 73 4a a3 7c a0
29 4b 12 1c 69 8d df 37 52 ec f3 bc b9 f9 b9 01 37 bf d3 ad 0d 94 a3 bf b5 7e d3 dd 61 1c 16 e2 87 8c 0a f2 be fd 65 b3 e4 ff
fd 04 52 2c 27 1e 63 23 11 37 93 a5 c7 36 ee fa b2 73 a4 79 c3 f8 e7 4c 08 f8 b2 76 4f f7 fd 83 df d6 7d 00 01 52 b8 64 1f 7d
d8 b0 07 2d 0c 39 d9 4f 7d 1b ea c3 2f 02 15 be 45 04 14 6e 83 1b 63 bb e5 00 16 5f 05 08 8e 72 43 04 5b 23 e8 91 76 8b 73 14
c8 d3 37 c8 27 e7 f0 05 d4 83 a8 46 ef 6c c8 1a 13 ed 52 88 d1 26 05 2c 12 90 1a 77 2f f5 27 b6 54 b5 bd 38 ae 76 ae a2 11 f2
69 4e c1 76 a2 7f fb 62 c5 93 ab 1e df dc 8c 6f 0c ec 57 34 7a a8 70 b9 47 5a 6f d3 dd 8f c7 a2 12 b6 10 a5 4e e0 e0 10 58 c5
e8 81 ab 17 ab a9 49 b4 f5 1a 0b 61 49 09 00 ff 92 16 bd b2 26 ce 0b 43 df e0 5a 21 74 17 24 33 ce a4 d0 a1 c6 e5 e5 8b 0f f2
99 5b 54 9c 8d 5d 19 31 a0 11 de 06 bf 75 0f 8c 1c 54 8b 4b d7 50 ed 5c b0 90 e1 63 33 e6 c7 a7 9c d7 34 3f cf 9c e7 99 dc 32
00 2d 9a 76 7e 7b 66 77 f6 4b d2 3f e7 a5 ce 3c 55 5e 7b 8b c6 12 e1 bb 00 d2 a0 3f 34 90 85 0b d0 67 37 0a 1d 10 cb d8 e7 77
ed e8 72 f5 d9 6a fa c0 50 e9 a0 2c 80 1a 0f 15 12 4a 46 42 aa 0c 3a d0 07 2d aa 9b 8d 76 ec 78 97 47 23 56 bc 68 30 06 13 43
89 cc d0 e5 fe b6 70 a9 68 dd db 31 7b fc e9 db 82 9f 63 d4 5a 05 6f 6b e6 33 c6 e8 bf 13 00 78 21 ef 17 6b a2 47 4b 3d e1 e8
bf e6 1a f9 56 d1 b3 c6 ea 8d fe 17 3b 13 d3 db 69 38 7b 54 23 bd 1e 89 c9 46 75 99 6c 47 38 1e 68 6e 7f 78 c2 e1 e8 4d 71 16
f2 78 d2 d7 49 e1 9e 2e 61 d4 f6 85 b6 e6 57 40 8f 99 3a b5 b4 d3 c5 b4 a6 08 d4 d1 fc 58 33 62 bc f6 30 4e ab 91 78 0a ac cb
5c 3c dc ed fd be 44 b0 5f 6a dd 3a 5d e9 30 46 f2 af bb 30 ea 30 f9 55 3a 1c 01 b4 9c e7 45 3e 08 1a 84 a0 85 94 ad 5e 6b 44
03 26 47 eb 7d b7 8a c4 6a 1c 54 52 e3 e9 39 69 82 ef 55 2e 69 03 c6 ed 93 bf be cd c0 d7 48 e4 40 09 35 4c b4 bb 5c c7 b9 0c
cc a5 a7 9d 57 af 22 10 2f da 06 7d 2d 48 f6 9a 91 5c 41 87 81 10 07 00 04 a1 d0 d5 98 e1 42 3b e9 cd e7 37 30 cf b4 90 1a db
29 10 ec b4 7e 76 41 78 e0 ad cc 92 10 42 bc 9f ac 44 53 54 09 00 35 ee 1b ac 56 5a ee 7f 18 34 cd 7f da 4d eb 13 14 90 71 e8
10 b5 02 9d 79 e4 1f 87 d2 66 01 16 18 45 2b 38 b0 0f 97 a6 32 34 7d 4c 2a f0 70 fe 4d b8 d9 a2 df 00 35 c3 51 e6 2a ab 84 8e
20 30 4c d8 56 b8 0c f7 d7 f0 dc 30 7d 2b 9b 57 db 57 ad 29 3a 8c 70 98 e1 36 99 4e 36 71 c5 61 a5 fd b7 79 27 75 59 23 32 35
58 85 f9 4f c2 65 c1 84 af d9 0b 85 a2 52 12 f5 6c 8c c8 29 c1 3b 88 49 64 c3 c3 94 e7 21 32 33 62 88 3d cd 09 a1 46 19 1d 27
b7 d1 6d ce 0b 8b 48 26 44 2d 79 6f 76 fb 1a 8d ff d3 06 96 cf bd 2a 56 bd cf 9b 05 cf c4 fc 54 30 1c c2 1c a2 28 27 ef 7b f3
07 c8 c9 58 4a f9 76 ba 4c 86 4b f4 75 12 fb 8c a3 3f 8d 96 1a f0 53 98 9b 5a 79 c3 62 7f 58 85 9c 5e 03 1e 9f c4 9b 7f 9b c1
5b 66 68 d1 b5 ad c3 8f 16 aa 8b 87 91 be da 44 5c a4 89 8b 0b 2c 9b 38 8f de 57 1b 10 69 dd a1 b1 d6 d7 e4 94 e4 6c b8 d1 24
c8 c8 de 04 22 81 25 21 42 50 cf 49 f4 3d ce d2 28 f5 4c 01 d6 93 0c f2 6f 58 f5 42 e2 ef 9c 75 9b 0a 9c c0 e6 0b 74 a0 6e 7e
b2 e1 fa d7 33 50 e9 a3 69 1e ee fc af 8a 4c a3 66 45 92 0e 72 f6 15 ef f9 19 95 3c bd 76 5e ba 94 14 bc 2a c5 2a 02 64 2d 96
97 af 36 1e 01 27 0e d1 fe 19 d0 ac c6 e3 95 33 62 89
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91 PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b 09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4
hash (32 octets): 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47 hash (32 octets): 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f
bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 61 66 66 69 63 20 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25
47 bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd 8f 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0
output (32 octets): 07 04 02 00 14 0c 44 d3 60 5a 53 0b 0d b2 ee output (32 octets): a1 4a a6 67 74 22 a7 8a 73 7c ad 36 29 c5 05
e6 ad 5b ff 4a 51 64 20 df 10 95 d6 26 15 b5 3b be 64 7c 87 e4 ed 21 91 65 41 68 bd 66 ea ce ed 6e 69
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91 PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b 09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4
hash (32 octets): 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47 hash (32 octets): 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f
bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 61 66 66 69 63 20 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25
47 bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd 8f 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0
output (32 octets): a1 16 af 52 37 f0 00 ca 95 4a 76 f0 bf 59 78 output (32 octets): c1 2e 61 d3 35 07 b5 aa b2 ab be 90 b9 83 9e
2d db 81 45 9e b5 f0 36 eb 72 10 ed 9e ab 6c 23 36 1f d7 6e 18 67 1c 7b 7c 37 4a a5 d5 92 ef ce 05 67
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91 PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b 09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4
hash (32 octets): 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47 hash (32 octets): 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f
bc 41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 9e 61 88 ec d4 0e c8 d1 45 81 2f 15 70 04 59 47 bc 74 65 72 20 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f 4a
41 6a fc cf a8 ca 34 1a 4a 76 01 f6 a7 39 cd 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0
output (32 octets): a6 e6 ca 68 ff 08 62 3b ca de 3d 27 35 95 eb output (32 octets): 89 a9 80 32 78 0a 83 03 97 d2 5b 01 22 a3 a1
ae 49 93 aa e4 7d c1 d8 cf 2f 1d 12 e9 d8 ee 91 5e d3 40 9c 17 d4 0e f8 fe 4a 3b 90 91 b5 c2 72 29 c9
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): a1 16 af 52 37 f0 00 ca 95 4a 76 f0 bf 59 78 2d PRK (32 octets): c1 2e 61 d3 35 07 b5 aa b2 ab be 90 b9 83 9e 1f
db 81 45 9e b5 f0 36 eb 72 10 ed 9e ab 6c 23 36 d7 6e 18 67 1c 7b 7c 37 4a a5 d5 92 ef ce 05 67
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): b2 1c 13 11 a2 57 45 a0 c1 d8 de 68 c7 ce key output (16 octets): a7 52 9a 38 6b 50 bf 52 04 44 bf 07 bc 6f
7a dc 2c 5f
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): d1 7b 34 2a f3 32 e9 90 1f 42 44 43 iv output (12 octets): 38 d0 dc f9 0a d6 63 89 a7 bf 36 31
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 4b 4c d4 8c 4f 39 9c 05 77 bd 73 11 5b b5 12 f1 PRK (32 octets): 00 0f 13 8f 78 2f 68 a0 95 23 56 27 e0 bf 6d 89
af 4e 3c 65 fa da 60 d5 24 6b 3e 64 b5 7d c5 ec ca 95 33 9a 43 83 b5 f0 a1 54 e5 d3 1b ae dd bf
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): cc 08 24 4c 19 61 00 74 6d 6e bd e5 6f ee key output (16 octets): 4b 0e 0b e7 86 ab 5c 8f a3 7c b4 c4 b7 12
e9 01 ed 67
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c0 52 e0 7a ce 1d 8e 0f af aa f1 a9 iv output (12 octets): 0c 9b b3 47 89 4e 14 37 3d 9e 0d b3
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 57, line 17 skipping to change at page 57, line 17
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 18 5a df 44 30 f3 14 a4 a4 04 47 0e 5d d5 45 35 ikm (32 octets): 9f 52 3e a8 87 a4 46 5a 4f 16 49 f9 fa 1f b1 60
b3 cb 4f b7 9f 75 da 58 b6 fa f7 e2 cf ff f0 36 84 f4 ae ff 99 e4 55 ca 1c 41 bb f0 08 3f 5d 0d
secret (32 octets): 50 9a 53 59 61 77 d3 24 94 53 e7 bf ac fe 6e secret (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b
6d 1d be 83 7e d6 bd ab 06 d2 d8 97 59 33 b9 07 d9 e5 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): 2c e0 bf ee 1c 9c bf 77 3a 21 40 b1 4b 14 a0 8c PRK (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 55
65 de ee 09 4a bc db 0f 01 8a 1d 50 33 1f 30 cd 99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1e f6 3e cc 95 0c e3 96 b0 11 16 ad 52 35 key output (16 octets): 87 7d a8 47 c3 41 75 bb 28 cb d2 8d 0d 02
3f f1 e9 98
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 73 ab 6b 2d c5 8a 11 fd 05 70 4a ce iv output (12 octets): 9c 82 74 92 f8 a5 87 6a 42 85 42 55
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send change_cipher_spec record: {client} send change_cipher_spec record:
skipping to change at page 58, line 18 skipping to change at page 58, line 18
ciphertext (6 octets): 14 03 03 00 01 01 ciphertext (6 octets): 14 03 03 00 01 01
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 4b 4c d4 8c 4f 39 9c 05 77 bd 73 11 5b b5 12 f1 PRK (32 octets): 00 0f 13 8f 78 2f 68 a0 95 23 56 27 e0 bf 6d 89
af 4e 3c 65 fa da 60 d5 24 6b 3e 64 b5 7d c5 ec ca 95 33 9a 43 83 b5 f0 a1 54 e5 d3 1b ae dd bf
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 00 f1 67 b7 01 24 2f d4 77 08 23 d6 4b a7 f5 output (32 octets): a9 dd b3 5b 53 e6 8e b1 c0 87 d8 b0 a3 4c 68
09 0e 8b 93 bd 24 9d bd 4d 1d 2f 6c 75 e3 4d 68 4a 40 be 0e c8 b9 7a 71 7c 47 09 e7 c3 79 7e 13 9d 8b
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 9c dd a7 08 0e f0 6b ce 6c 90 bb payload (36 octets): 14 00 00 20 13 a4 3b 47 05 72 8b 46 ef ed 3e
d0 03 1e 1b c8 82 1a 64 70 ea 2a 61 d6 d8 42 b1 51 a6 1c 35 2c 61 c6 66 85 d1 3c b4 44 47 35 28 fb 9f 04 c6 5f 1f ce 68 df 4b
ciphertext (58 octets): 17 03 03 00 35 df 43 9f 06 1c 68 4c 3c 96 ciphertext (58 octets): 17 03 03 00 35 fe d4 a2 5e db 44 ef ae 4d
08 9b 15 58 8c 8d bf af 32 67 a3 d0 83 60 ae b1 d1 59 ce 92 85 9d a9 11 d7 86 65 13 31 c5 a2 80 fd d0 79 09 8a d6 c9 8d aa a5
f7 4e 91 b7 91 7b 4d 7a 1d 11 d6 7d cf 8b 8c fe 4c af 5d a9 58 4f fb 40 22 4f d7 5a 5d 7e 53 dd 1d c8 9c f3 28 2e 97 fb 84 88
b4 a9 be 19
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): 07 04 02 00 14 0c 44 d3 60 5a 53 0b 0d b2 ee e6 PRK (32 octets): a1 4a a6 67 74 22 a7 8a 73 7c ad 36 29 c5 05 64
ad 5b ff 4a 51 64 20 df 10 95 d6 26 15 b5 3b be 7c 87 e4 ed 21 91 65 41 68 bd 66 ea ce ed 6e 69
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): f0 72 a4 38 13 be 60 17 99 b4 c1 21 2c 45 key output (16 octets): 1f 78 66 90 72 83 c6 18 41 da f0 04 8c 12
28 18 9a e6
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 47 c6 45 c2 e5 1c 04 f6 e9 21 f4 99 iv output (12 octets): 79 51 ad 9f 92 8f 1c 45 fb 71 83 91
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 6a c7 28 bf 27 30 55 d8 24 4f 71 01 07 fe 11 91 PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10
ec 30 47 c0 e9 86 14 aa d5 2f 51 62 27 7f 00 7b 09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4
hash (32 octets): 7a 0a 30 81 19 4d bc f1 bd af c6 f4 02 a0 62 a2 hash (32 octets): 75 dd 85 3e d0 fe 62 6e f3 5f b8 66 98 a2 28 73
b1 e3 3a c9 6e ea 6f c3 22 62 c5 20 49 bf d7 1a 26 df 91 48 cd 8e 34 67 f9 ae c4 b6 36 2e b3 68
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 7a 0a 30 81 19 4d bc f1 bd af c6 f4 02 a0 62 a2 b1 74 65 72 20 75 dd 85 3e d0 fe 62 6e f3 5f b8 66 98 a2 28 73 26
e3 3a c9 6e ea 6f c3 22 62 c5 20 49 bf d7 1a df 91 48 cd 8e 34 67 f9 ae c4 b6 36 2e b3 68
output (32 octets): 69 5c b5 3a dd e2 0c 27 6b 9d 87 11 a8 df 03 output (32 octets): 7c 04 ce b7 db f9 f5 5e 8f 56 fa 0b d3 a4 d3
6c cc ce be 5c 82 ed ab 0c 3a 6c 5f 39 84 54 1e 77 5e e1 c0 00 6f 2b ec cd 87 8e d9 65 c5 79 e5 20 c6
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 85 3c c0 b9 9c 64 e3 78 5c ciphertext (24 octets): 17 03 03 00 13 28 16 c6 d8 c7 76 a7 a3 d9
c8 53 b5 61 a1 24 0f f6 35 75 6a b2 01 41 16 05 24 97 f2 b4
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 2b cd 23 33 71 26 6e b4 bc ciphertext (24 octets): 17 03 03 00 13 ce d1 f4 91 1b 36 18 48 49
ce 2d 27 56 f3 8f 37 15 ea 19 33 38 c6 79 60 b0 34 4c 0c 54
8. Security Considerations 8. Security Considerations
It probably isn't a good idea to use the private key here. If it It probably isn't a good idea to use the private key here. If it
weren't for the fact that it is too small to provide any meaningful weren't for the fact that it is too small to provide any meaningful
security, it is now very well known. security, it is now very well known.
9. References 9. IANA Considerations
9.1. Normative References This document makes no requests of IANA.
10. References
10.1. Normative References
[TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", draft-ietf-tls-tls13-28 (work in progress), Version 1.3", draft-ietf-tls-tls13-28 (work in progress),
March 2018. March 2018.
9.2. Informative References 10.2. Informative References
[FIPS186] National Institute of Standards and Technology (NIST), [FIPS186] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", NIST PUB 186-4 , July "Digital Signature Standard (DSS)", NIST PUB 186-4 , July
2013. 2013.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>. 2016, <https://www.rfc-editor.org/info/rfc7748>.
9.3. URIs 10.3. URIs
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
Appendix A. Acknowledgements Appendix A. Acknowledgements
This draft is generated using tests that were written for NSS [1]. This draft is generated using tests that were written for NSS [1].
None of this would have been possible without Franziskus Kiefer, Eric None of this would have been possible without Franziskus Kiefer, Eric
Rescorla and Tim Taubert, who did a lot of the work in NSS. Rescorla and Tim Taubert, who did a lot of the work in NSS.
Author's Address Author's Address
 End of changes. 390 change blocks. 
1059 lines changed or deleted 1064 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/