draft-ietf-tls-tls13-vectors-05.txt   draft-ietf-tls-tls13-vectors-06.txt 
TLS M. Thomson TLS M. Thomson
Internet-Draft Mozilla Internet-Draft Mozilla
Intended status: Informational May 30, 2018 Intended status: Informational July 09, 2018
Expires: December 1, 2018 Expires: January 10, 2019
Example Handshake Traces for TLS 1.3 Example Handshake Traces for TLS 1.3
draft-ietf-tls-tls13-vectors-05 draft-ietf-tls-tls13-vectors-06
Abstract Abstract
Examples of TLS 1.3 handshakes are shown. Private keys and inputs Examples of TLS 1.3 handshakes are shown. Private keys and inputs
are provided so that these handshakes might be reproduced. are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys and ivs are Intermediate values, including secrets, traffic keys and IVs are
shown so that implementations might be checked incrementally against shown so that implementations might be checked incrementally against
these values. these values.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 1, 2018. This Internet-Draft will expire on January 10, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3
4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15
5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 26 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 26
6. Client Authentication . . . . . . . . . . . . . . . . . . . . 38 6. Client Authentication . . . . . . . . . . . . . . . . . . . . 38
7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 49 7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 49
8. Security Considerations . . . . . . . . . . . . . . . . . . . 59 8. Security Considerations . . . . . . . . . . . . . . . . . . . 60
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 60
10.1. Normative References . . . . . . . . . . . . . . . . . . 60 10.1. Normative References . . . . . . . . . . . . . . . . . . 60
10.2. Informative References . . . . . . . . . . . . . . . . . 60 10.2. Informative References . . . . . . . . . . . . . . . . . 60
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 60 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 61
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 60 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 61
1. Introduction 1. Introduction
TLS 1.3 [TLS13] defines a new key schedule and a number new TLS 1.3 [TLS13] defines a new key schedule and a number of new
cryptographic operations. This document includes sample handshakes cryptographic operations. This document includes sample handshakes
that show all intermediate values. This allows an implementation to that show all intermediate values. This allows an implementation to
be verified incrementally, examining inputs and outputs of each be verified incrementally, examining inputs and outputs of each
cryptographic computation independently. cryptographic computation independently.
A private key is included with the traces so that implementations can A private key is included with the traces so that implementations can
be checked by importing these values and verifying that the same be checked by importing these values and verifying that the same
outputs are produced. outputs are produced.
Note: Invocations of HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) [RFC5869] are not labelled, but can be identified
through the use the labels used by HKDF.
2. Private Keys 2. Private Keys
Ephemeral private keys are shown as they are generated in the traces. Ephemeral private keys are shown as they are generated in the traces.
The server in most examples uses an RSA certificate with a private The server in most examples uses an RSA certificate with a private
key of: key of:
modulus (public): b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c modulus (public): b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c
0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab
bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87
skipping to change at page 3, line 38 skipping to change at page 3, line 43
coefficient: 83 9c a9 a0 85 e4 28 6b 2c 90 e4 66 99 7a 2c 68 1f 21 coefficient: 83 9c a9 a0 85 e4 28 6b 2c 90 e4 66 99 7a 2c 68 1f 21
33 9a a3 47 78 14 e4 de c1 18 33 05 0e d5 0d d1 3c c0 38 04 8a 43 33 9a a3 47 78 14 e4 de c1 18 33 05 0e d5 0d d1 3c c0 38 04 8a 43
c5 9b 2a cc 41 68 89 c0 37 66 5f e5 af a6 05 96 9f 8c 01 df a5 ca c5 9b 2a cc 41 68 89 c0 37 66 5f e5 af a6 05 96 9f 8c 01 df a5 ca
96 9d 96 9d
3. Simple 1-RTT Handshake 3. Simple 1-RTT Handshake
In this example, the simplest possible handshake is completed. The In this example, the simplest possible handshake is completed. The
server is authenticated, but the client remains anonymous. After server is authenticated, but the client remains anonymous. After
connecting, a few application data octets are exchanged. The server connecting, a few application data octets are exchanged. The server
sends a session ticket that permits the use of 0-RTT in any resumed sends a session ticket that permits the use of 0-RTT data in any
session. resumed session.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 1c ca bb 6e 08 b3 86 c8 d6 9e db 0d 7f private key (32 octets): 01 61 d7 bf 4b a0 6c 35 68 f1 09 54 f0
7c 36 08 47 23 4f e4 85 bc 1c fc a4 18 b2 7e 40 b8 6c 8b f1 ca 08 74 60 54 9c dc 7b fe b2 77 6b 46 04 d8 2f aa c2
public key (32 octets): 2e 59 6f fe 6d 68 c4 f4 02 cb 0f 49 84 1f public key (32 octets): b0 f5 01 9f b0 f1 e5 37 6b 8b 1d fb 90 5f
11 f1 ff 97 32 1d 32 42 54 d3 18 52 9a 77 cc d9 88 06 1d 91 51 61 ba c3 77 07 da d8 90 7b d7 1b 98 07 b3 45
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (190 octets): 01 00 00 ba 03 03 01 6a 95 72 55 63 a4 a5 payload (196 octets): 01 00 00 c0 03 03 d4 b9 50 3c 5e 95 c9 ee
2c 6a ae 5b 86 f8 ec a3 21 a9 a3 57 48 1e b7 84 7e 9a 9d a4 12 cc 99 ce 63 76 cc ad 4d cc 06 d7 c8 f1 fa 44 b0 d9 56 00 e9 a0
20 b6 66 00 00 06 13 01 13 03 13 02 01 00 00 8b 00 00 00 0b 00 58 6c 67 00 00 06 13 01 13 03 13 02 01 00 00 91 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00
00 00 33 00 26 00 24 00 1d 00 20 2e 59 6f fe 6d 68 c4 f4 02 cb 00 00 33 00 26 00 24 00 1d 00 20 b0 f5 01 9f b0 f1 e5 37 6b 8b
0f 49 84 1f 11 f1 ff 97 32 1d 32 42 54 d3 18 52 9a 77 cc d9 88 1d fb 90 5f 1d 91 51 61 ba c3 77 07 da d8 90 7b d7 1b 98 07 b3
06 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 45 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
ciphertext (195 octets): 16 03 01 00 be 01 00 00 ba 03 03 01 6a ciphertext (201 octets): 16 03 01 00 c4 01 00 00 c0 03 03 d4 b9
95 72 55 63 a4 a5 2c 6a ae 5b 86 f8 ec a3 21 a9 a3 57 48 1e b7 50 3c 5e 95 c9 ee cc 99 ce 63 76 cc ad 4d cc 06 d7 c8 f1 fa 44
84 7e 9a 9d a4 12 20 b6 66 00 00 06 13 01 13 03 13 02 01 00 00 b0 d9 56 00 e9 a0 58 6c 67 00 00 06 13 01 13 03 13 02 01 00 00
8b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 91 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 2e 59 6f fe 03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 b0 f5 01 9f
6d 68 c4 f4 02 cb 0f 49 84 1f 11 f1 ff 97 32 1d 32 42 54 d3 18 b0 f1 e5 37 6b 8b 1d fb 90 5f 1d 91 51 61 ba c3 77 07 da d8 90
52 9a 77 cc d9 88 06 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 7b d7 1b 98 07 b3 45 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 13 61 1f 76 71 f7 4e fe 91 3e cb 24 26 private key (32 octets): e2 36 b9 50 e1 aa 9b af af ed c6 d1 c9
f8 cf 48 df 50 67 f4 a7 ec b0 d0 27 96 af a5 2c a4 72 4f 31 18 67 fd 56 91 d2 c1 5e 05 3b 5a b0 85 f7 3f 75 a8 6a
public key (32 octets): 49 53 6b a3 f5 a9 f9 cf 46 7f e1 bd 67 03 public key (32 octets): 9d 3c 94 0d 89 69 0b 84 d0 8a 60 99 3c 14
52 c3 dd 92 57 e4 d5 63 22 7d a9 0a 07 d2 0c ef 96 6f 4e ca 68 4d 10 81 28 7c 83 4d 53 11 bc f3 2b b9 da 1a
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 5, line 20 skipping to change at page 5, line 23
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 0b c3 7c 6e 7c 83 66 38 4b ad d8 e9 00 57 b9 c2 IKM (32 octets): 81 51 d1 46 4c 1b 55 53 36 23 b9 c2 24 6a 6a 0e
39 21 3e 19 8e f3 95 aa 2d 69 0a ae 1b 4e 9a 44 6e 7e 18 50 63 e1 4a fd af f0 b6 e1 c6 1a 86 42
secret (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba secret (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63
41 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae 66 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba 41 PRK (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 66
6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06
hash (32 octets): df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0 44 hash (32 octets): c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a 5c
8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63 2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0 61 66 66 69 63 20 c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a
44 8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63 5c 2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d
output (32 octets): a4 d4 cd ed fb 3c 07 d7 be 78 85 8c 0b 63 38 output (32 octets): e2 e2 32 07 bd 93 fb 7f e4 fc 2e 29 7a fe ab
eb 48 02 f1 58 88 ad 14 c1 ef 56 20 74 35 84 06 04 16 0e 52 2b 5a b7 5d 64 a8 6e 75 bc ac 3f 3e 51 03
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba 41 PRK (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 66
6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06
hash (32 octets): df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0 44 hash (32 octets): c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a 5c
8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63 2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 df 94 98 64 2c c0 b3 7f 60 42 53 bf 34 1b b0 61 66 66 69 63 20 c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a
44 8e 3d b5 f5 c8 ab b2 39 31 9b 1c 7b 7b 2e ac 63 5c 2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d
output (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a output (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5
3f cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca a8 c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba 41 PRK (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 66
6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 91 33 1f e1 94 ae 42 89 b8 3d f6 0d db ec 5d output (32 octets): c8 61 57 19 e2 40 37 47 b6 10 76 2c 72 b8 f4
38 44 94 fb 5d a8 0c 63 4d c9 21 82 7c 9c a0 50 a6 da 5c 60 99 57 65 d4 04 a9 d0 06 b9 b0 72 7b a5 83
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 91 33 1f e1 94 ae 42 89 b8 3d f6 0d db ec 5d 38 salt (32 octets): c8 61 57 19 e2 40 37 47 b6 10 76 2c 72 b8 f4 da
44 94 fb 5d a8 0c 63 4d c9 21 82 7c 9c a0 50 a6 5c 60 99 57 65 d4 04 a9 d0 06 b9 b0 72 7b a5 83
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 secret (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb
0f 4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37 51 03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 5e d8 d9 fa bb 99 81 14 89 payload (90 octets): 02 00 00 56 03 03 ee fc e7 f7 b3 7b a1 d1 63
1b 1a c3 82 95 42 e5 d6 f8 dc 55 72 70 48 04 13 e4 7f 65 f6 fa 2e 96 67 78 25 dd f7 39 88 cf c7 98 25 df 56 6d c5 43 0b 9a 04
af 31 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 49 53 6b a3 f5 5a 12 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 9d 3c 94 0d 89
a9 f9 cf 46 7f e1 bd 67 03 52 c3 dd 92 57 e4 d5 63 22 7d a9 0a 69 0b 84 d0 8a 60 99 3c 14 4e ca 68 4d 10 81 28 7c 83 4d 53 11
07 d2 0c ef 96 6f 00 2b 00 02 7f 1c bc f3 2b b9 da 1a 00 2b 00 02 03 04
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 5e d8 d9 ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 ee fc e7
fa bb 99 81 14 89 1b 1a c3 82 95 42 e5 d6 f8 dc 55 72 70 48 04 f7 b3 7b a1 d1 63 2e 96 67 78 25 dd f7 39 88 cf c7 98 25 df 56
13 e4 7f 65 f6 fa af 31 00 13 01 00 00 2e 00 33 00 24 00 1d 00 6d c5 43 0b 9a 04 5a 12 00 13 01 00 00 2e 00 33 00 24 00 1d 00
20 49 53 6b a3 f5 a9 f9 cf 46 7f e1 bd 67 03 52 c3 dd 92 57 e4 20 9d 3c 94 0d 89 69 0b 84 d0 8a 60 99 3c 14 4e ca 68 4d 10 81
d5 63 22 7d a9 0a 07 d2 0c ef 96 6f 00 2b 00 02 7f 1c 28 7c 83 4d 53 11 bc f3 2b b9 da 1a 00 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a 3f PRK (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 a8
cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 33 0f a2 49 0d 3c a4 eb 83 48 8e 36 f9 e8 key output (16 octets): c6 6c b1 ae c5 19 df 44 c9 1e 10 99 55 11
fd 58 ac 8b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 4a 86 a3 a1 e8 c7 cc 6c 37 7d fe 1a iv output (12 octets): f7 f6 88 4c 49 81 71 6c 2d 0d 29 a4
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a 3f PRK (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 a8
cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 90 8f 48 22 03 d1 39 ef da cc 57 22 4b db 67 output (32 octets): a8 0c b7 d1 5d b3 4a 17 ab b0 c2 37 65 be 68
6c 45 46 21 c6 b7 1f 0b 22 d0 a7 60 20 0b ca 6e 29 c2 6d 3f 10 da 34 90 5b 09 99 47 e5 5e 37 db 17 b3
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (657 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40
00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 01 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30
01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61
30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36
32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04
30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01
00 30 81 89 02 81 81 00 b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f 82 79 30
36 c6 98 8c 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26 d3 90 1a
9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1 9e
43 12 09 98 e1 87 a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52 4b 1b 01
44 9a 6d 38 e2 2a 5f da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74 80 30 53
d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab
a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01
06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d
a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05
aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17
7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5
9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72
67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63
b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84
9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29
e1 00 00 0f 00 00 84 08 04 00 80 57 bb 8c 7d 37 ba 54 60 f1 10 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 75 40 40 d0
7b 7c d8 98 09 6d 52 90 98 c6 e9 50 19 cb c1 f9 f0 f7 b6 7c e8 dd ab 8c f0 e2 da 2b c4 99 5b 86 8a d7 45 c8 e1 56 4e 33 cd e1
40 81 32 d6 e5 23 86 44 ba e0 b2 3b 30 90 7c 7b 70 ca 58 b0 bc 78 80 a4 23 92 cc 62 4a ee f6 b6 7b b3 f0 ae 71 d9 d5 4a 23 09
13 1b 6a 75 3a 42 03 3e b6 4b 14 ec ee de 85 f6 93 17 74 2d f6 73 1d 87 dc 59 f6 42 d7 33 be 2e b2 74 84 ad 8a 8c 8e b3 51 6a
23 a3 8b 32 80 45 1d 0c 7f 04 2a df fd 6e a2 3a 4f 78 96 ae 3b 7a c5 7f 26 25 e2 b5 c0 88 8a 85 41 f4 e7 34 f7 3d 05 47 61 df
21 a5 b0 65 bf 85 67 81 bf 03 08 df 04 06 7c 6c 6b 1e 41 9a 6b 1d d0 2f 0e 3e 9a 33 cf a1 0b 6e 3e b4 eb f7 ac 05 3b 01 fd ab
4c ed cd 4f 12 5f 61 9d 1b 3d 9f 82 5b 14 00 00 20 bf bf 3e b1 bd df c5 41 33 bc d2 4c 8b bd ce b2 23 b2 aa 03 45 2a 29 14 00
7c e6 5a af c8 63 19 41 f3 60 92 1b 5e 31 4a db b0 06 34 62 ca 00 20 ac 86 ac bc 9c d2 5a 45 b5 7a d5 b6 4d b1 5d 44 05 cf 8c
f1 e7 8b 3f c5 9b 3e 80 e3 14 58 3e bf 32 83 ef 9a 99 31 0c
ciphertext (673 octets): 17 03 03 02 9c d1 f3 a3 49 88 3a ac cd ciphertext (679 octets): 17 03 03 02 a2 f1 0b 26 d8 fc af 67 b5
f9 7e 4f d1 70 da 97 2e 72 79 28 e5 23 19 37 a9 cf 80 66 7e 15 b8 28 f7 12 12 22 16 a1 cd 14 18 74 65 b7 76 37 cb cd 78 53 91
b5 be 72 d5 12 ab ba c8 f3 c2 50 10 eb b2 c7 ba a1 34 e4 09 44 28 bb 93 24 6d cc a1 af 56 f1 ea a2 71 66 60 77 45 5b c5 49 65
2d ee 9d 59 e5 dd 88 3f 47 f9 bb 07 3b 28 c1 59 dc 8f 6b 6f fa d8 5f 05 f9 bd 36 d6 99 61 71 eb 53 6a ff 61 3e ed dc 42 ba d5
73 78 2f 49 b9 1f 00 7e 1d 8c 00 8b 6b f6 78 62 09 e6 f2 dd ef a2 d2 22 7c 46 06 f1 21 5f 98 0e 7a fa f5 6b d3 b8 5a 51 be 13
6e e6 22 12 d2 bc 3b b6 ff 23 89 79 12 83 11 8f 16 33 34 71 c1 00 03 10 1a 75 8d 07 7b 1c 89 1d 8e 7a 22 94 7e 5a 22 98 51 fd
4d 3b 0b 10 d7 07 d5 32 db 92 05 a7 b4 2b c7 ac 42 c6 30 56 79 42 a9 dd 42 26 08 f8 68 27 2a bf 92 b3 d4 3f b4 6a c4 20 25 93
d1 0a 09 66 ff af 0d 0a 71 cb a8 60 0d 30 17 a2 16 98 81 6d 30 46 06 7f 66 32 2f d7 08 88 56 80 f4 b4 43 3c 29 11 6f 2d fa 52
66 f4 6c 6f a6 d4 be 37 93 09 e7 d1 38 a9 31 29 af 5d 2e fb b1 9e 09 bb a5 3c 7c d9 20 12 17 24 80 9e ad dc c8 43 07 ef 46 fc
1f 06 aa 85 42 1c a9 28 57 e6 1c e9 28 c9 60 ce 25 1b 67 eb 1f 51 a0 b3 3d 99 d3 9d b3 37 fc d7 61 ce 0f 2b 02 dc 73 de db 6f
c9 fe c9 c4 db 72 d3 f6 9c 16 e6 d6 fa c5 e8 21 7a e3 d9 f5 ba dd b7 7c 4f 80 99 bd e9 3d 5b ee 08 bc f2 13 1f 29 a2 a3 7f f0
52 41 00 9a 0b 94 57 65 a6 dd 9c 28 49 77 8a a9 62 ae a6 f9 85 79 49 e8 f8 bc dd 3e 83 10 b8 bf 8b 34 44 c8 5a af 0d 2a eb 2d
70 4b 60 0a 5a a4 03 05 b1 dd 27 f4 a2 e1 6e 24 f9 38 cd 8d ed 4f 36 fd 14 d5 cb 51 fc eb ff 41 8b 38 27 13 6a b9 52 9e 9a 3d
11 38 cb c4 a5 48 fd b2 08 51 9a 7d d0 6b e9 90 ff 0d 8c aa 5c 3f 35 e4 c0 ae 74 9e a2 db c9 49 82 a1 28 1d 3e 6d aa b7 19 aa
5f 9a e9 ea 35 6f 5d e7 a5 62 4d 5c a9 64 44 95 32 e1 a7 c7 a0 44 60 88 93 21 a0 08 bf 10 fa 06 ac 0c 61 cc 12 2c c9 0d 5e 22
df e1 37 b1 70 11 4c d5 f5 11 98 71 18 d7 ee df cd 75 98 43 05 c0 03 0c 98 6a e8 4a 33 a0 c4 7d f1 74 bc fb d5 0b f7 8f fd f2
93 0e 12 26 89 26 90 f6 55 5b a1 f0 43 cf fa ff 2f f7 36 37 93 40 51 ab 42 3d b6 3d 58 15 db 2f 83 00 40 f3 05 21 13 1c 98 c6
97 fd 65 9a 07 4e 4f c1 e0 d9 53 9f 8c c3 07 47 a9 c2 3c fa 09 6f 16 c3 62 ad dc e2 fb a0 60 2c f0 a7 dd df 22 e8 de f7 51 6c
0e 49 f1 17 70 e5 52 6f 8e cb 0c 2d 31 de 53 2d be 22 54 01 7c df ee 95 b4 05 6c c9 ad 38 c9 53 52 33 54 21 b5 b1 ff ba df 75
35 6b b1 fd 9a c8 63 b6 db 9e 36 70 5f 3b 48 d7 dd 88 f2 8b 92 e5 21 2f da d7 a7 5f 52 a2 80 14 86 a1 ee c3 53 95 80 be e0 e4
a5 08 2a e8 15 73 f6 91 0a 2f 6f a1 d6 ca ac 0e ef 5a 15 23 44 b3 37 cd a6 08 5a c9 ec cd 1a 0f 1a 46 ce bf bb 5c df a3 25 1a
5b ce 23 11 52 84 7b 3b bc c8 47 ee 30 78 0d bf 46 6e b3 5a fc c2 8c 3b c8 26 14 8c 6d 8c 1e b6 a0 6f 77 f6 ff 63 2c 6a 83 e2
d9 e0 31 b0 c1 5e 1c ea 34 13 4e 49 5f a6 cf 36 44 a5 dd 3b db 83 e8 f9 df 7c 6d ba bf 1c 6e a4 06 29 a8 5b 43 ab 0c 73 d3 4f
46 18 54 51 f9 8b 94 14 ef c9 f1 0a d5 55 a2 a0 de 25 f3 5f 7d 9d 50 72 83 2a 10 4e da 3f 75 f5 d8 3d a6 e1 48 22 a1 8e 14 09
4a 6b 28 c4 a8 02 cd f2 68 f4 ed 62 f2 1e b5 9d d3 a4 99 f4 2d 9d 74 9e af d8 23 ca 2a c7 54 20 86 50 1e ca 20 6c e7 88 79 20
3a 84 fe f1 2d a3 79 4c 61 ae 6a 77 34 71 ee 53 e0 b8 70 69 82 00 85 73 75 7c e2 f2 30 a8 90 78 2b 99 cc 68 23 77 be ee 81 27
66 5c 08 00 7c e5 22 d0 78 e9 01 d3 9b 11 b5 8f 01 94 16 e6 0c 56 d0 4f 90 25 13 5f b5 99 d7 46 fe fe 73 16 c9 22 ac 26 5c a0
f6 e9 93 e9 4c cd 45 0a 6e e1 0f c7 f5 a6 92 46 c7 83 5f b0 92 d2 90 21 37 5a db 63 c1 50 9c 3e 24 2d fb 92 b8 de e8 91 f7 36
11 82 16 b7 0e dc 83 13 66 8c d1 94 8e ea 29 69 b0 68 ef dd 6c 8c 40 58 39 9b 8d b9 07 5f 2d cc 82 16 19 4e 50 3b 66 52 d8 7d
96 70 6e e5 b0 67 3d 38 c3 b2 59 5e 0b 7a 89 46 49 24 67 5c 74 2c b4 1f 99 ad fd cc 5b e5 ec 7e 1e 63 26 ac 22 d7 0b d3 ba 65
4b da a5 85 19 9b 13 61 c4 27 be ad be 5e fa ed 4c ed 75 1c 17 28 27 53 2d 66 9a ff 00 51 73 59 7f 80 39 c3 ea 49 22 d3 ec 75
e2 1e b8 fa 77 f7 8b 0b 48 4e cd 89 3d 1f 33 56 8b 73 d5 a6 75 76 70 22 2f 6a c2 9b 93 e9 0d 7a d3 f6 dd 96 32 8e 42 9c fc fd
b4 5b 4a c1 7b ec 31 f2 0e 5c ca 22 70 7f e2 d8 6a d1 dc b0 be 75 6e 8e
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51
4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37 03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7
hash (32 octets): b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6 hash (32 octets): f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5
fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 61 66 66 69 63 20 f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d
b6 fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35 d5 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf
output (32 octets): 5e 5c 1f fe 68 ac e5 1e 41 18 4f 94 b3 2b ad output (32 octets): e2 f0 db 6a 82 e8 82 80 fc 26 f7 3c 89 85 4e
a9 23 ad 4c c5 97 aa 79 61 98 bb f6 51 5f 81 2d a6 e8 61 5e 25 df 28 b2 20 79 62 fa 78 22 26 b2 36 26
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51
4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37 03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7
hash (32 octets): b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6 hash (32 octets): f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5
fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 61 66 66 69 63 20 f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d
b6 fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35 d5 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf
output (32 octets): 60 28 ef a6 f1 a1 60 f6 99 83 cc 71 fc 16 d2 output (32 octets): 5b 73 b1 08 d9 ac 1b 9b 0c 82 48 ca 39 26 ec
58 af 39 bb ec 9f 49 20 b2 cc e9 17 df 46 df ea 84 6e 7b c4 7e 41 17 06 96 39 87 ec 11 43 5d 30 57 19
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51
4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37 03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7
hash (32 octets): b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6 hash (32 octets): f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5
fe 1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 b1 a4 df 62 92 b9 0c 0f 03 58 a1 fd e1 39 90 b6 fe 74 65 72 20 f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5 d8
1c 0c 6c 62 4d 26 b0 10 06 98 82 9f b5 82 35 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf
output (32 octets): ce d4 f0 d7 52 e8 7a 2a b4 12 e6 8b 87 e1 d3 output (32 octets): b7 73 34 8a 35 a0 41 f1 19 96 89 f8 df 30 09
a9 55 63 9b 8b 08 9a f1 05 6d 66 88 0a e8 6b 68 92 7b 1d 25 7a bf 5c 0a aa 16 c8 65 10 56 b9 06 d6 c6
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 60 28 ef a6 f1 a1 60 f6 99 83 cc 71 fc 16 d2 58 PRK (32 octets): 5b 73 b1 08 d9 ac 1b 9b 0c 82 48 ca 39 26 ec 6e
af 39 bb ec 9f 49 20 b2 cc e9 17 df 46 df ea 84 7b c4 7e 41 17 06 96 39 87 ec 11 43 5d 30 57 19
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 60 22 e5 dd af 3f 2f d9 db 39 92 3d 13 65 key output (16 octets): a6 88 eb b5 ac 82 6d 6f 42 d4 5c 0c c4 4b
26 a5 9b 7d
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 93 4e 1e c5 0b 75 8e 6c 60 e6 86 aa iv output (12 octets): c1 ca d4 42 5a 43 8b 5d e7 14 83 0a
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): a4 d4 cd ed fb 3c 07 d7 be 78 85 8c 0b 63 38 eb PRK (32 octets): e2 e2 32 07 bd 93 fb 7f e4 fc 2e 29 7a fe ab 16
48 02 f1 58 88 ad 14 c1 ef 56 20 74 35 84 06 04 0e 52 2b 5a b7 5d 64 a8 6e 75 bc ac 3f 3e 51 03
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): d4 d7 6a f0 5a 04 e1 d3 2d 8a 1f 17 84 06 key output (16 octets): 26 79 a4 3e 1d 76 78 40 34 ea 17 97 d5 ad
10 1f 26 49
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): f1 8b 1f 02 a5 01 0c 4d 45 b1 81 d9 iv output (12 octets): 54 82 40 52 90 dd 0d 2f 81 c0 d9 42
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 11, line 17 skipping to change at page 11, line 17
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 0b c3 7c 6e 7c 83 66 38 4b ad d8 e9 00 57 b9 c2 IKM (32 octets): 81 51 d1 46 4c 1b 55 53 36 23 b9 c2 24 6a 6a 0e
39 21 3e 19 8e f3 95 aa 2d 69 0a ae 1b 4e 9a 44 6e 7e 18 50 63 e1 4a fd af f0 b6 e1 c6 1a 86 42
secret (32 octets): ee ef ce 91 5d c4 8b 22 a7 ae 76 4a d2 82 ba secret (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63
41 6f 97 fe 89 e5 d1 bc 89 5b 2d 91 62 35 aa a2 ae 66 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): ce 69 11 59 11 09 be 95 33 30 63 a9 fe e9 3a 3f PRK (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 a8
cc 32 bd 24 9c a0 6f 27 34 ad be 91 7c 02 06 ca c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 33 0f a2 49 0d 3c a4 eb 83 48 8e 36 f9 e8 key output (16 octets): c6 6c b1 ae c5 19 df 44 c9 1e 10 99 55 11
fd 58 ac 8b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 4a 86 a3 a1 e8 c7 cc 6c 37 7d fe 1a iv output (12 octets): f7 f6 88 4c 49 81 71 6c 2d 0d 29 a4
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): a4 d4 cd ed fb 3c 07 d7 be 78 85 8c 0b 63 38 eb PRK (32 octets): e2 e2 32 07 bd 93 fb 7f e4 fc 2e 29 7a fe ab 16
48 02 f1 58 88 ad 14 c1 ef 56 20 74 35 84 06 04 0e 52 2b 5a b7 5d 64 a8 6e 75 bc ac 3f 3e 51 03
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): ca 71 d4 6a cd 46 bd 20 90 b3 c6 c4 f2 39 2e output (32 octets): 12 1b f5 86 01 b2 ed 13 bf 14 b3 ee ac bd 9d
e2 13 4c e0 bf 7b 7d ed 78 24 e3 aa b9 4c 5a 7c 4b a4 ba ba 1e 14 3e db 66 a1 07 79 59 60 fb d9 e2 1f
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 de cc f6 f8 1b 07 0d d0 0e 02 78 payload (36 octets): 14 00 00 20 b9 02 7a 02 04 b9 72 b5 2c de fa
8e 04 90 94 7a 37 61 89 4c ab 21 c2 9c 4b 16 eb 3d 91 13 e4 e4 58 95 0f a1 58 0d 68 c9 cb 12 4d be 69 1a 71 78 f2 5c 55 4b 23
ciphertext (58 octets): 17 03 03 00 35 72 67 bb b3 57 e3 66 8a fe ciphertext (58 octets): 17 03 03 00 35 95 39 b4 ae 2f 87 fd 8e 61
88 38 71 31 40 7b e5 12 93 53 01 51 df 34 30 e0 32 b4 7a bd 24 6b 29 56 28 ea 95 3d 9e 38 58 db 27 49 70 d1 98 13 ec 13 6c ae
87 47 42 fa 75 0d a1 84 ed 7b 5f 1c 81 39 fc 2f 14 d2 c8 55 81 7d 96 e0 41 77 75 fc ab d3 d8 85 8f dc 60 24 09 12 d2 18 f5 af
7c e2 b2 1c
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): 5e 5c 1f fe 68 ac e5 1e 41 18 4f 94 b3 2b ad a9 PRK (32 octets): e2 f0 db 6a 82 e8 82 80 fc 26 f7 3c 89 85 4e e8
23 ad 4c c5 97 aa 79 61 98 bb f6 51 5f 81 2d a6 61 5e 25 df 28 b2 20 79 62 fa 78 22 26 b2 36 26
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): b3 84 bc a1 b8 df e4 3c 76 37 84 65 0f 70 key output (16 octets): 88 b9 6a d6 86 c8 4b e5 5a ce 18 a5 9c ce
e2 70 5c 87
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 87 b1 c1 a2 d5 f8 4a e7 74 b4 51 34 iv output (12 octets): b9 9d c5 8c d5 ff 5a b0 82 fd ad 19
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): ef 19 6e 6f 5b 18 09 d4 96 19 c1 5d 61 97 a5 0f PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51
4e 23 25 df be fa 72 18 08 17 a9 82 0e b3 1f 37 03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7
hash (32 octets): 94 4b a6 82 91 6b e1 4d 32 da d5 f8 99 79 83 2f hash (32 octets): 50 2f 86 b9 57 9e c0 53 d3 28 24 e2 78 0e f6 5c
6d d5 0e 47 31 15 0e 3e 86 56 39 37 3b ac 83 f7 c4 37 a3 56 43 45 35 6b df 79 13 ec 3b 87 96 14
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 94 4b a6 82 91 6b e1 4d 32 da d5 f8 99 79 83 2f 6d 74 65 72 20 50 2f 86 b9 57 9e c0 53 d3 28 24 e2 78 0e f6 5c c4
d5 0e 47 31 15 0e 3e 86 56 39 37 3b ac 83 f7 37 a3 56 43 45 35 6b df 79 13 ec 3b 87 96 14
output (32 octets): 49 d5 94 20 40 47 00 a8 e2 ee 7a cf 46 82 87 output (32 octets): f7 84 42 e1 c4 b9 d4 40 ad b6 3b e6 8f 74 a5
54 4f e6 01 b2 31 97 a0 e1 63 5a 47 4a d6 53 6d 74 f3 01 94 6a 2b 2b db 36 c0 45 bb 7c f5 a9 e3 02 f5
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{server} generate resumption secret "tls13 resumption": {server} generate resumption secret "tls13 resumption":
PRK (32 octets): 49 d5 94 20 40 47 00 a8 e2 ee 7a cf 46 82 87 54 PRK (32 octets): f7 84 42 e1 c4 b9 d4 40 ad b6 3b e6 8f 74 a5 f3
4f e6 01 b2 31 97 a0 e1 63 5a 47 4a d6 53 6d 74 01 94 6a 2b 2b db 36 c0 45 bb 7c f5 a9 e3 02 f5
hash (2 octets): 00 00 hash (2 octets): 00 00
info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74 info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74
69 6f 6e 02 00 00 69 6f 6e 02 00 00
output (32 octets): 46 3a 87 db 89 89 ca 34 e2 ab 45 92 9d b5 45 output (32 octets): e3 4f 01 59 72 7d 1b 8e 4c 9c 17 68 59 45 a2
89 40 23 a8 3d 13 9b f5 68 34 17 13 19 87 47 ae 86 86 1f 70 dc 21 05 cb 22 4b 6d bd b3 83 28 2e f5 cf
{server} send a NewSessionTicket handshake message {server} send a NewSessionTicket handshake message
{server} send handshake record: {server} send handshake record:
payload (205 octets): 04 00 00 c9 00 00 00 1e f4 34 71 a2 02 00 payload (205 octets): 04 00 00 c9 00 00 00 1e 2f d3 99 2f 02 00
00 00 b2 0f 63 7d a7 09 04 33 70 d0 60 00 06 00 00 00 00 2d fe 00 00 b2 ff 09 9f 96 76 cd ff 8b 0b f8 82 5d 00 00 00 00 79 05
b5 7a a8 7b 9c f1 76 0a 8a b4 91 d4 fb 0f 00 70 3d 7a 42 b6 a9 a9 d2 8e fe ef 4a 47 c6 f9 b0 6a 0c ec db 00 70 d9 20 b8 98 99
87 ef d2 4a fb bd 2b c6 06 9d c9 03 d4 c2 d3 f0 4f dd 3d 8e 95 7c 75 b7 96 36 94 3e d4 20 46 a9 61 42 bd 08 4a 04 ac fa 0c 49
97 0a 7b 78 aa 2c e8 28 75 72 4f 8a 82 75 d1 65 e7 7b e4 7d 59 0f 45 2d 75 6d ea 02 c0 f9 27 25 9f 1f 32 31 ac 0d 54 1a 76 91
0e aa ab fa 5f 4c 2d f0 46 71 a0 44 d8 4c f5 cc da c5 88 7d 6b 29 b7 40 ce 38 09 08 42 b8 28 c2 7f d7 29 f5 97 37 ba 98 aa 7b
e7 fe 2e 52 80 d7 a5 0f 23 fc 9c d4 a5 43 01 9e 41 94 63 c4 ee 42 e0 43 c5 da 28 f8 dc a8 59 0b 2d f4 10 d5 13 4f d6 c4 ca ca
29 8f d3 2c 01 93 34 b7 ab bb 78 d4 f2 a1 cf 4e 0f e1 60 aa 72 d8 b3 03 70 60 2a fa 35 d2 65 bf 4d 12 79 76 bb 36 db da 6a 62
86 19 3f da 28 8c 97 d5 ba 39 75 5f 25 b7 a4 a8 f0 63 01 24 88 6f 02 70 e2 0e eb c7 3d 6f ca e2 b1 a0 da 12 2e e9 04 2f 76 be
3d 2c 66 78 78 75 d6 7a 0f 6e b0 ba 71 00 08 00 2a 00 04 00 00 56 eb f4 1a a4 69 c3 d2 c9 da 91 97 d8 00 08 00 2a 00 04 00 00
04 00 04 00
ciphertext (227 octets): 17 03 03 00 de 64 1b 9e 9f fc 8e 0b 0c ciphertext (227 octets): 17 03 03 00 de 36 80 c2 b2 10 9d 25 ca
3f fb c6 46 44 34 fb 66 8c a2 63 e3 9f 89 7c 0c 55 06 45 49 40 a2 6c 3b 06 ee a9 fd c5 cb 31 61 3b a7 02 17 65 96 da 2e 88 6b
0b 3b 29 3a 1c 03 44 31 e9 f9 85 ab c8 40 0b e5 fd 4f 99 29 0f f6 af 93 50 7b d6 81 61 ad 9c b4 78 06 53 84 2e 10 41 ec bf 00
13 7b eb 4b a2 46 df a7 87 e4 5c 02 3a de b5 5b e2 f9 a8 42 09 88 a6 5a c4 ef 43 84 19 dd 1d 95 dd d9 bd 2a d4 48 4e 7e 16 7d
90 f5 2a ac 47 ef e9 7e dd 85 32 d1 14 0a d0 b1 b5 47 96 13 10 0e 6c 00 84 48 ae 58 a0 41 87 13 b6 fc 6c 51 e4 bb 23 a5 37 fb
3c ed 0e 14 ad b1 16 ae f6 74 fd 86 64 9d ec a8 8f 84 3a 23 ab 75 a7 4f 73 de 31 fe 6a a0 bc 52 25 15 f8 b2 5f 89 55 42 8b 5d
5f 3d e4 77 6b aa a3 da 74 36 4a 21 03 e3 46 ed 89 58 98 ed a4 e5 ac 06 76 2c ec 22 b0 aa 78 c9 43 85 ef 8e 70 fa 24 94 5b 7c
b7 10 b7 43 c9 1f 1f 53 71 e3 16 00 c1 3c 40 57 7a 2b ab 9c f1 1f 26 85 10 87 16 89 bb bb fa f2 e7 f4 a1 92 77 02 4f 95 f1 14
33 86 ff 41 4d 2e b8 b6 df 95 d3 a8 48 cc 8f 4f 48 18 3e 05 b8 3a b1 2a 31 ec 63 ad b1 28 cb 39 07 11 fd 6d 06 a4 98 df 3e 98
f1 5a 05 0f c5 92 52 6c ab 9a d2 96 80 b5 a3 9d 53 06 26 a9 95 61 5d 8e b1 02 e2 33 53 b4 80 ef cc a5 e8 e0 26 7a 6d 0f e2 44
ca 0d 62 73 ff 7e 67 44 3d c1 f4 59 dc 47 11 30 d3 20 0a d6 e2 1f 14 c8 c9 66 4a ef b2 cf ff 6a e9 e0 44 27 28 b6 a0 94 0c 1e
5d b4 48 03 82 4f da 06
{client} generate resumption secret "tls13 resumption" (same as {client} generate resumption secret "tls13 resumption" (same as
server) server)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 97 fc be 0b 4f 37 48 da 56 ciphertext (72 octets): 17 03 03 00 43 8c 34 97 da 00 ae 02 3e 53
92 ac fb d1 19 0f a7 b1 8b 10 5a 62 63 f4 79 a3 f2 6b ba 2f 31 c0 1b 43 24 b6 65 40 4c 1b 49 e7 8f e2 bf 4d 17 f6 34 8a e8 34
64 c6 fd 24 d5 6f d8 69 8e 4a d0 27 7f 2b 32 c7 d5 84 41 33 5f 05 51 e3 63 a0 cd 05 f2 17 9c 4f ef 5a d6 89 b5 ca e0 ba e9 4a
35 0b 45 5c d6 8c 28 aa 71 fb 58 cb 86 cf 73 4a dc 63 63 2e 57 1f b7 9a a9 15 44 c6 39 4d 28 a1
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 46 1a 15 62 a3 41 d6 17 9b ciphertext (72 octets): 17 03 03 00 43 f6 5f 49 fd 2d f6 cd 23 47
c8 c6 26 2c 33 2b 18 70 9e 1d c8 10 98 6e 54 6c aa 34 07 a2 c6 c3 d3 01 66 e3 cf dd b6 30 8a 59 06 c0 76 11 2c 6a 37 ff 1d bd
c9 38 3d 52 40 21 5a a5 88 9f ba ed 1b b8 f0 40 b0 6c 82 74 fb 40 6b 58 13 c0 ab d7 34 88 30 17 a6 b2 83 31 86 b1 3c 14 da 5d
bd 41 0c b1 54 63 2b 86 a3 06 1d f5 5f 7a fa af 75 f3 3d 87 60 78 99 94 e2 7d 82 04 3a b8 8d 65
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 42 db 77 cb a0 54 50 26 af ciphertext (24 octets): 17 03 03 00 13 2c 21 48 16 3d 79 38 a3 5f
81 7f 90 9e 65 3d 50 90 3e 65 6a cf 2a 66 06 f8 cb d1 d9 f2
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 70 bf 8b d2 98 53 2f 13 91 ciphertext (24 octets): 17 03 03 00 13 f8 14 1e bd b5 ed a5 11 e0
ca a6 e6 0f 83 e0 b5 1d 79 4a bc e6 39 a5 6f f9 ea 82 5a 21
4. Resumed 0-RTT Handshake 4. Resumed 0-RTT Handshake
This handshake resumes from the handshake in Section 3. Since the This handshake resumes from the handshake in Section 3. Since the
server provided a session ticket that permitted 0-RTT, and the client server provided a session ticket that permitted 0-RTT, and the client
is configured for 0-RTT, the client is able to send 0-RTT data. is configured for 0-RTT, the client is able to send 0-RTT data.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): c8 c8 db ad 72 04 fb fe ed 20 ab 24 44 private key (32 octets): 53 9d 7e bf a9 6c 5c eb 7d 86 f0 b9 68
6a 9c 07 4d b3 5a 4b 07 ec f1 cc 9d 88 70 e8 fd 2e 1d d6 2a 1d d7 b7 b6 0d 81 c2 73 50 74 35 cd d1 b7 aa 80 05 1f
public key (32 octets): a2 e0 04 93 2f 3c d0 b3 c6 a2 9a de 11 8b public key (32 octets): b0 31 99 c3 4d 68 2d 91 db 5f 58 96 10 f6
46 7c 69 55 a6 c3 6a 1d 44 27 38 60 59 b2 26 f5 0c 0f c0 9b ec e9 9c 23 c7 7c c6 0d 1e dd 0d 25 ed 5d be 70
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 46 3a 87 db 89 89 ca 34 e2 ab 45 92 9d b5 45 89 IKM (32 octets): e3 4f 01 59 72 7d 1b 8e 4c 9c 17 68 59 45 a2 86
40 23 a8 3d 13 9b f5 68 34 17 13 19 87 47 ae 86 1f 70 dc 21 05 cb 22 4b 6d bd b3 83 28 2e f5 cf
secret (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 secret (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2
8e 83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd 84 66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): e1 6f 14 f0 eb 94 d9 54 e0 f6 24 5d 7d 0e d0 e8 PRK (32 octets): 20 63 8e c4 e9 90 45 a8 bb 12 1e 86 fe 65 54 82
53 9f 66 38 28 10 6f 17 30 1c f5 de b2 06 a5 50 db b3 74 0d db f6 2d 0c bc c2 04 9c 10 c7 01 34
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 68 08 1e cc c0 ef 70 30 ad dc 42 3a f3 95 c4 output (32 octets): a8 19 28 e3 08 5c 3a 85 63 ed 82 2d a9 af 7a
61 5c 83 67 4f 7d 0d 98 08 69 05 c5 2d a5 bf 66 4e b7 1a c5 43 2a 5f 9d 1e 6f 71 32 f1 8b 36 e2 c7 05
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 eb ef 0b 92 25 8b ec d1 payload (512 octets): 01 00 01 fc 03 03 88 09 d2 a3 9b f9 ae b3
07 3d cf f0 bb a7 da ad c7 b4 e8 14 df dd 1b 77 4b 0d 43 53 95 83 1d 2b 32 e4 ff f9 32 15 e4 fc 4f 25 71 79 71 bd 79 e8 19 41
2b c4 2b 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 e3 dd 9b 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 a2 e0 04 93 2f 3c d0 b3 c6 a2 9a de 11 8b 26 00 24 00 1d 00 20 b0 31 99 c3 4d 68 2d 91 db 5f 58 96 10 f6
46 7c 69 55 a6 c3 6a 1d 44 27 38 60 59 b2 26 f5 0c 0f 00 2a 00 c0 9b ec e9 9c 23 c7 7c c6 0d 1e dd 0d 25 ed 5d be 70 00 2a 00
00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 00 00 00 00 00 00 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 29 00 dd 00 b8 00 b2 0f 63 7d a7 09 04 33 70 d0 60 00 06 00 00 29 00 dd 00 b8 00 b2 ff 09 9f 96 76 cd ff 8b 0b f8 82 5d 00
00 00 00 2d fe b5 7a a8 7b 9c f1 76 0a 8a b4 91 d4 fb 0f 00 70 00 00 00 79 05 a9 d2 8e fe ef 4a 47 c6 f9 b0 6a 0c ec db 00 70
3d 7a 42 b6 a9 87 ef d2 4a fb bd 2b c6 06 9d c9 03 d4 c2 d3 f0 d9 20 b8 98 99 7c 75 b7 96 36 94 3e d4 20 46 a9 61 42 bd 08 4a
4f dd 3d 8e 95 97 0a 7b 78 aa 2c e8 28 75 72 4f 8a 82 75 d1 65 04 ac fa 0c 49 0f 45 2d 75 6d ea 02 c0 f9 27 25 9f 1f 32 31 ac
e7 7b e4 7d 59 0e aa ab fa 5f 4c 2d f0 46 71 a0 44 d8 4c f5 cc 0d 54 1a 76 91 29 b7 40 ce 38 09 08 42 b8 28 c2 7f d7 29 f5 97
da c5 88 7d 6b e7 fe 2e 52 80 d7 a5 0f 23 fc 9c d4 a5 43 01 9e 37 ba 98 aa 7b 42 e0 43 c5 da 28 f8 dc a8 59 0b 2d f4 10 d5 13
41 94 63 c4 ee 29 8f d3 2c 01 93 34 b7 ab bb 78 d4 f2 a1 cf 4e 4f d6 c4 ca ca d8 b3 03 70 60 2a fa 35 d2 65 bf 4d 12 79 76 bb
0f e1 60 aa 72 86 19 3f da 28 8c 97 d5 ba 39 75 5f 25 b7 a4 a8 36 db da 6a 62 6f 02 70 e2 0e eb c7 3d 6f ca e2 b1 a0 da 12 2e
f0 63 01 24 88 3d 2c 66 78 78 75 d6 7a 0f 6e b0 ba 71 f4 34 71 e9 04 2f 76 be 56 eb f4 1a a4 69 c3 d2 c9 da 91 97 d8 2f d3 99
a5 00 21 20 b1 da ce 1d 97 d7 ff bf 46 1d f9 4d ec 70 f1 30 08 32 00 21 20 3c e6 69 de de c4 4e 5e 75 53 8f cc ab 3d b0 45 fb
f9 13 4b 9c c0 40 88 d9 6d 93 cf 73 18 5b d8 5d 21 01 19 99 e1 45 12 ee 3a b3 5f 2a f4 e9
ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 eb ef ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 88 09
0b 92 25 8b ec d1 07 3d cf f0 bb a7 da ad c7 b4 e8 14 df dd 1b d2 a3 9b f9 ae b3 83 1d 2b 32 e4 ff f9 32 15 e4 fc 4f 25 71 79
77 4b 0d 43 53 95 2b c4 2b 00 00 06 13 01 13 03 13 02 01 00 01 71 bd 79 e8 19 41 e3 dd 9b 00 00 06 13 01 13 03 13 02 01 00 01
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 33 00 26 00 24 00 1d 00 20 a2 e0 04 93 2f 3c d0 b3 03 01 04 00 33 00 26 00 24 00 1d 00 20 b0 31 99 c3 4d 68 2d 91
c6 a2 9a de 11 8b 46 7c 69 55 a6 c3 6a 1d 44 27 38 60 59 b2 26 db 5f 58 96 10 f6 c0 9b ec e9 9c 23 c7 7c c6 0d 1e dd 0d 25 ed
f5 0c 0f 00 2a 00 00 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 5d be 70 00 2a 00 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 0f 63 7d a7 09 04 33 00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 ff 09 9f 96 76 cd ff
70 d0 60 00 06 00 00 00 00 2d fe b5 7a a8 7b 9c f1 76 0a 8a b4 8b 0b f8 82 5d 00 00 00 00 79 05 a9 d2 8e fe ef 4a 47 c6 f9 b0
91 d4 fb 0f 00 70 3d 7a 42 b6 a9 87 ef d2 4a fb bd 2b c6 06 9d 6a 0c ec db 00 70 d9 20 b8 98 99 7c 75 b7 96 36 94 3e d4 20 46
c9 03 d4 c2 d3 f0 4f dd 3d 8e 95 97 0a 7b 78 aa 2c e8 28 75 72 a9 61 42 bd 08 4a 04 ac fa 0c 49 0f 45 2d 75 6d ea 02 c0 f9 27
4f 8a 82 75 d1 65 e7 7b e4 7d 59 0e aa ab fa 5f 4c 2d f0 46 71 25 9f 1f 32 31 ac 0d 54 1a 76 91 29 b7 40 ce 38 09 08 42 b8 28
a0 44 d8 4c f5 cc da c5 88 7d 6b e7 fe 2e 52 80 d7 a5 0f 23 fc c2 7f d7 29 f5 97 37 ba 98 aa 7b 42 e0 43 c5 da 28 f8 dc a8 59
9c d4 a5 43 01 9e 41 94 63 c4 ee 29 8f d3 2c 01 93 34 b7 ab bb 0b 2d f4 10 d5 13 4f d6 c4 ca ca d8 b3 03 70 60 2a fa 35 d2 65
78 d4 f2 a1 cf 4e 0f e1 60 aa 72 86 19 3f da 28 8c 97 d5 ba 39 bf 4d 12 79 76 bb 36 db da 6a 62 6f 02 70 e2 0e eb c7 3d 6f ca
75 5f 25 b7 a4 a8 f0 63 01 24 88 3d 2c 66 78 78 75 d6 7a 0f 6e e2 b1 a0 da 12 2e e9 04 2f 76 be 56 eb f4 1a a4 69 c3 d2 c9 da
b0 ba 71 f4 34 71 a5 00 21 20 b1 da ce 1d 97 d7 ff bf 46 1d f9 91 97 d8 2f d3 99 32 00 21 20 3c e6 69 de de c4 4e 5e 75 53 8f
4d ec 70 f1 30 08 f9 13 4b 9c c0 40 88 d9 6d 93 cf 73 18 5b d8 cc ab 3d b0 45 fb 5d 21 01 19 99 e1 45 12 ee 3a b3 5f 2a f4 e9
{client} derive secret "tls13 c e traffic": {client} derive secret "tls13 c e traffic":
PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84
83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd 66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15
hash (32 octets): 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af e0 hash (32 octets): 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 75
87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9
info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61 info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61
66 66 69 63 20 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af e0 66 66 69 63 20 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 75
87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9
output (32 octets): 6c 59 9c 07 27 75 ad e3 57 01 58 17 a2 f1 cf output (32 octets): cb 08 b7 85 96 5c 90 ca 74 0d 54 30 7f 9b bc
4f 3b ed 5e 44 7b a6 1c 75 1a 3a 45 f5 76 a5 bf 75 69 88 fe e7 eb 03 98 08 ed 93 da 96 36 47 d9 1c 87
{client} derive secret "tls13 e exp master": {client} derive secret "tls13 e exp master":
PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84
83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd 66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15
hash (32 octets): 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af e0 hash (32 octets): 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 75
87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9
info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d
61 73 74 65 72 20 8a ec fe eb b4 23 6e fd 8b 78 bb 3f f1 c7 af 61 73 74 65 72 20 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c
e0 87 2b fb b2 60 0f 04 69 ed 58 6f 23 39 7a e0 2d 75 c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9
output (32 octets): a8 fd 17 f5 b4 63 f3 82 fa 6c 36 e4 72 51 41 output (32 octets): d9 dd b0 a3 b4 b9 0c 6a 34 7e fb d3 02 e6 6b
55 d6 c1 df 3b 20 43 31 4c 9c 15 6c 36 b1 c2 7b d3 f1 e8 f7 34 f0 e2 43 f2 b5 bb b2 a1 66 07 ac 18 b7
{client} derive write traffic keys for early application data: {client} derive write traffic keys for early application data:
PRK (32 octets): 6c 59 9c 07 27 75 ad e3 57 01 58 17 a2 f1 cf 4f PRK (32 octets): cb 08 b7 85 96 5c 90 ca 74 0d 54 30 7f 9b bc 69
3b ed 5e 44 7b a6 1c 75 1a 3a 45 f5 76 a5 bf 75 88 fe e7 eb 03 98 08 ed 93 da 96 36 47 d9 1c 87
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 62 9d 26 ba f5 21 45 c0 4f 7d 23 dc 78 c3 key output (16 octets): e8 56 97 a3 12 b9 ba e5 f9 3c 30 9b 2b ad
55 49 e4 85
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): d7 a4 2a a7 a5 00 ef fb e7 dc 61 89 iv output (12 octets): 62 12 30 34 1c c0 fb fe db 55 f6 75
{client} send application_data record: {client} send application_data record:
payload (6 octets): 41 42 43 44 45 46 payload (6 octets): 41 42 43 44 45 46
ciphertext (28 octets): 17 03 03 00 17 cd 4e a6 16 28 3d 3e a5 ad ciphertext (28 octets): 17 03 03 00 17 7c b2 38 bd c6 0b 71 2f b1
af 68 9b a4 12 e1 a2 31 05 d3 83 0f 11 85 40 ca 0f 9b 9b 8b ef c9 ff 31 31 45 75 12
{server} extract secret "early" (same as client) {server} extract secret "early" (same as client)
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 00 a9 a0 a6 d0 03 a5 a8 48 b0 ec c7 99 private key (32 octets): 34 68 86 bf 49 a0 43 10 79 99 c8 5a e2
93 b6 a7 f4 c7 b2 3d 52 28 7f 34 61 a0 af 7e e0 53 0e c2 71 48 e2 c1 ac a0 04 38 a6 87 df c9 bb 2c f1 17 cc cc fe
public key (32 octets): 6f e0 56 e9 fe b7 db 5f 5c fa 38 66 89 ce public key (32 octets): 27 e0 06 8f 6e fd 82 54 08 eb 88 c7 4e e8
ef 6a 11 9c e9 8b ae 4f 42 df 95 d4 e0 57 37 46 21 30 8d ba 83 e3 51 ed 5a 37 49 ae 94 50 5c fb d4 e7 89 28
{server} derive secret "tls13 c e traffic" (same as client) {server} derive secret "tls13 c e traffic" (same as client)
{server} derive secret "tls13 e exp master" (same as client) {server} derive secret "tls13 e exp master" (same as client)
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84
83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd 66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54 output (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83
db 19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf 04 79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54 db salt (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83 04
19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf 79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec
ikm (32 octets): 40 29 ba 3a 16 b8 7f 62 16 d5 a1 3b d2 72 6b 3e IKM (32 octets): b0 66 a1 5b c1 aa ee f8 79 0e 0b 02 e6 2f 82 dc
46 ff f7 44 ee b0 9d 4f 2e df fa 22 aa 3b e8 57 44 64 46 e3 7d 6d 61 22 b0 d3 b9 94 ef 11 dd 3c
secret (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 secret (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7
fc f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10 c9 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 fc PRK (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 c9
f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34
hash (32 octets): ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23 0c hash (32 octets): 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58 f9
0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e 0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23 61 66 66 69 63 20 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58
0c 0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e f9 0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92
output (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e output (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc
9e 8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b 78 81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 fc PRK (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 c9
f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34
hash (32 octets): ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23 0c hash (32 octets): 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58 f9
0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e 0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 ea a7 3e 93 3e c9 cf a6 f6 78 92 1e e8 3f 23 61 66 66 69 63 20 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58
0c 0d 0b 71 94 a0 f6 2b be 66 19 65 a7 1d f3 df 8e f9 0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92
output (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb output (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39
b1 81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6 88 3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 fc PRK (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 c9
f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 57 7e 06 13 10 df 25 c2 6c e4 30 a1 e3 64 79 output (32 octets): d0 83 52 8c fc 36 56 8e 69 05 c2 4b f7 3a df
8b e1 0d f9 99 c6 a8 79 46 33 ac 1d de 56 6b c6 5d 9f ac a9 90 e3 57 0d e0 35 5f f4 35 f9 53 09 b1 26
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 57 7e 06 13 10 df 25 c2 6c e4 30 a1 e3 64 79 8b salt (32 octets): d0 83 52 8c fc 36 56 8e 69 05 c2 4b f7 3a df 9f
e1 0d f9 99 c6 a8 79 46 33 ac 1d de 56 6b c6 5d ac a9 90 e3 57 0d e0 35 5f f4 35 f9 53 09 b1 26
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 secret (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f
ed 8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c a6 b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29
{server} send handshake record: {server} send handshake record:
payload (96 octets): 02 00 00 5c 03 03 82 21 ab 7c ed 15 82 80 e4 payload (96 octets): 02 00 00 5c 03 03 22 ac 26 b0 26 b9 d5 71 70
e3 35 09 f8 69 4f 69 3b 54 1a 73 00 04 8f df 31 3b 2b f5 cb a1 2d ad 44 7e 2d 5a 54 d1 5a e1 e0 6f af 78 35 8a 3e 17 7b e8 3a
3c 19 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00 ce 94 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00
20 6f e0 56 e9 fe b7 db 5f 5c fa 38 66 89 ce ef 6a 11 9c e9 8b 20 27 e0 06 8f 6e fd 82 54 08 eb 88 c7 4e e8 8d ba 83 e3 51 ed
ae 4f 42 df 95 d4 e0 57 37 46 21 30 00 2b 00 02 7f 1c 5a 37 49 ae 94 50 5c fb d4 e7 89 28 00 2b 00 02 03 04
ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 82 21 ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 22 ac
ab 7c ed 15 82 80 e4 e3 35 09 f8 69 4f 69 3b 54 1a 73 00 04 8f 26 b0 26 b9 d5 71 70 2d ad 44 7e 2d 5a 54 d1 5a e1 e0 6f af 78
df 31 3b 2b f5 cb a1 3c 19 00 13 01 00 00 34 00 29 00 02 00 00 35 8a 3e 17 7b e8 3a ce 94 00 13 01 00 00 34 00 29 00 02 00 00
00 33 00 24 00 1d 00 20 6f e0 56 e9 fe b7 db 5f 5c fa 38 66 89 00 33 00 24 00 1d 00 20 27 e0 06 8f 6e fd 82 54 08 eb 88 c7 4e
ce ef 6a 11 9c e9 8b ae 4f 42 df 95 d4 e0 57 37 46 21 30 00 2b e8 8d ba 83 e3 51 ed 5a 37 49 ae 94 50 5c fb d4 e7 89 28 00 2b
00 02 7f 1c 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb b1 PRK (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 88
81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6 3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 5f 3c 74 07 8c 9b 69 ca 92 fb 9e d0 b5 24 key output (16 octets): ae 83 82 f6 52 62 a0 36 0e b6 8f fb 45 15
a0 4e 52 6c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c1 4a 56 2a c5 4c 08 90 4e 4c cf e1 iv output (12 octets): 5b 5d 18 b7 ee c7 ed 46 c3 0f c1 3a
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb b1 PRK (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 88
81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6 3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 33 15 23 2e 79 6a 55 ab ac 23 c5 b2 6e 24 3c output (32 octets): 4d 48 4e ab 01 74 3f 01 91 fd 0d c5 10 42 26
f6 b8 3f e5 31 63 b1 ac 10 fb 0b ec 79 9b 39 84 33 64 f8 67 b6 04 68 8b 5a 2f 47 12 9c 75 a0 c1 a3 63
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (74 octets): 08 00 00 22 00 20 00 0a 00 14 00 12 00 1d 00 payload (80 octets): 08 00 00 28 00 26 00 0a 00 14 00 12 00 1d 00
17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 00 2a 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40 01
00 00 14 00 00 20 bb 25 a6 22 90 1d 44 5c 31 98 e8 ba fd 3a cf 00 00 00 00 00 2a 00 00 14 00 00 20 ef 49 51 b0 98 8b 89 1a 6b
b3 bd 16 65 9f e5 6a c0 3c 50 55 5e 27 58 05 ae 7a 9d 71 3b f2 25 a6 7a 7b 37 c2 8e ab bd 52 30 74 bc 01 aa c3 62
f8 e2
ciphertext (96 octets): 17 03 03 00 5b 0e 44 3c f1 1f 00 5f 95 22 ciphertext (102 octets): 17 03 03 00 61 44 c1 e3 83 6b a6 a7 ba
65 d5 20 87 9e 13 f3 f9 b5 bf 91 f0 3d a2 84 c1 9d 8a 7e fb 1e 0d ed 9d 4c f8 17 f3 29 79 d8 5c 8b 41 da 53 b2 09 55 80 3d 9e
e9 8e f5 ec 1f 5b af 98 3d 8a 94 5f 0c 3b 56 34 c2 39 3c 67 fd a2 e3 42 ef 1a ff d6 6a 02 87 85 e2 19 6a d6 a0 db dd 27 44 3d
18 d4 aa cf 69 c9 16 03 37 4f 8c da c3 a6 e4 9f 18 08 8f 48 38 36 87 26 53 c1 96 8b 0f 9c 01 bd cf de 83 cf c1 b8 43 b7 81 90
ba 22 f5 30 41 00 31 7b ff be 74 9b 1f c6 b0 27 ed 80 14 ab ad 0d c3 ea 30 d1 be 40 e3 ce c8 96 19 88 ce f4 95 8f d1 6b
7f 1f 9e 47 41
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6
8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29
hash (32 octets): 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb hash (32 octets): d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd
4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 61 66 66 69 63 20 d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f
bb 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60 cd 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55
output (32 octets): 2f d1 64 22 0e 74 ba e8 93 70 20 38 bb 73 c6 output (32 octets): a8 ff a2 6f e0 c9 d1 49 3c 3d 3c 3b 32 bc a1
72 4c 92 64 bb ad 2b 7b 72 37 e3 40 29 e0 c3 69 4b 80 f5 9b ba be 25 96 df f8 b2 b0 a1 46 74 0f 8b 00
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6
8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29
hash (32 octets): 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb hash (32 octets): d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd
4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 61 66 66 69 63 20 d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f
bb 4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60 cd 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55
output (32 octets): b7 a6 20 bf bc 35 b7 1e 98 d8 40 14 02 6d e1 output (32 octets): 51 a3 db 37 0b d9 f1 ae 7d e1 88 85 09 6b cb
13 f2 0e ae 01 8b 56 75 04 8f 88 c2 f8 b1 37 b0 f7 c6 1f ea 9b ce 6c cb c2 a2 76 76 4f 62 26 5a 70 9f
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6
8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29
hash (32 octets): 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb hash (32 octets): d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd
4c c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 90 3c e9 7a ed b6 cd 73 55 8c 25 17 44 db c7 bb 4c 74 65 72 20 d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd 93
c8 f5 2b 92 d0 0b 44 e8 34 34 ce 7a 81 ec 60 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55
output (32 octets): 1a 13 62 f1 9a 22 1e 14 9a 38 62 de 2a fc 46 output (32 octets): a1 13 c3 cd ff b5 f6 5d 28 21 54 d1 09 93 54
42 b5 7c aa 3b 0a 50 90 b3 f6 e3 ea 01 47 09 69 bc 90 a0 e3 7d bd c9 e9 ca 30 8d 36 21 e4 15 e9 7a fd
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): b7 a6 20 bf bc 35 b7 1e 98 d8 40 14 02 6d e1 13 PRK (32 octets): 51 a3 db 37 0b d9 f1 ae 7d e1 88 85 09 6b cb c6
f2 0e ae 01 8b 56 75 04 8f 88 c2 f8 b1 37 b0 f7 1f ea 9b ce 6c cb c2 a2 76 76 4f 62 26 5a 70 9f
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 13 d9 5b 20 9e 16 d7 10 96 cf 53 55 e4 8a key output (16 octets): 27 c1 35 48 44 71 94 18 ec 91 eb 0b 14 f6
11 7e 75 3a
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 5b f1 cd 5c f6 f8 78 61 86 21 8a 83 iv output (12 octets): ee b3 48 83 53 db a7 3d 3a fa cd 9e
{server} derive read traffic keys for early application data (same {server} derive read traffic keys for early application data (same
as client write traffic keys) as client write traffic keys)
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 2f 7b c4 a7 4b c7 88 49 cc ff cc 43 29 c0 11 8e PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84
83 09 71 cd 45 63 6b 0b 4b a4 57 dc e6 a9 6e dd 66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54 output (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83
db 19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf 04 79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): d3 ea 7b 5e e5 70 5c 9a 63 2c c2 18 a9 c0 54 db salt (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83 04
19 26 a5 37 7d f1 a6 2a 60 1f 17 55 5e 27 9b bf 79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec
ikm (32 octets): 40 29 ba 3a 16 b8 7f 62 16 d5 a1 3b d2 72 6b 3e IKM (32 octets): b0 66 a1 5b c1 aa ee f8 79 0e 0b 02 e6 2f 82 dc
46 ff f7 44 ee b0 9d 4f 2e df fa 22 aa 3b e8 57 44 64 46 e3 7d 6d 61 22 b0 d3 b9 94 ef 11 dd 3c
secret (32 octets): de 91 a0 54 86 16 ed 5a 59 fd 0d ad d5 d1 87 secret (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7
fc f6 de e8 67 71 78 28 fa 52 9f 16 34 b2 8c e6 10 c9 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): d0 48 f1 02 d3 4c 27 a8 e1 19 24 c9 7c ff cb b1 PRK (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 88
81 4e 38 fa ce 72 98 8f c0 9d ee 5f b3 41 82 c6 3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 5f 3c 74 07 8c 9b 69 ca 92 fb 9e d0 b5 24 key output (16 octets): ae 83 82 f6 52 62 a0 36 0e b6 8f fb 45 15
a0 4e 52 6c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c1 4a 56 2a c5 4c 08 90 4e 4c cf e1 iv output (12 octets): 5b 5d 18 b7 ee c7 ed 46 c3 0f c1 3a
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send a EndOfEarlyData handshake message {client} send a EndOfEarlyData handshake message
{client} send handshake record: {client} send handshake record:
payload (4 octets): 05 00 00 00 payload (4 octets): 05 00 00 00
ciphertext (26 octets): 17 03 03 00 15 7e aa 3c de 68 e7 2f f7 65 ciphertext (26 octets): 17 03 03 00 15 77 bf ce 7f c1 91 0c fa e9
c1 ee 52 0e 19 94 4f 21 52 dd 19 2f 65 7a 05 f3 15 9c de f8 68 5a 30 cb
{client} derive write traffic keys for handshake data: {client} derive write traffic keys for handshake data:
PRK (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e 9e PRK (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc 78
8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b 81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 71 bc 0c 4d c2 b7 d6 8a 2c ac 6e d6 f5 c2 key output (16 octets): e7 d4 94 88 a4 5c 1f 1d b4 ab 7d 7f e5 46
81 50 c9 fa
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 1b b0 fc f0 a3 03 5e e7 87 dc 3e 62 iv output (12 octets): a2 d1 32 5b eb 51 1a 7b 4a 20 c1 0c
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e 9e PRK (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc 78
8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b 81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 97 d3 03 31 b4 2e 62 1c 6a 37 2f d5 48 c2 1e output (32 octets): b5 97 08 27 aa 42 a8 db ab 2b da 4c d7 67 89
bc 6c f3 c6 09 05 d3 41 9a 60 ac 51 d0 02 73 66 8e 5a e6 9a a1 dc f1 b3 d9 78 a0 55 d0 79 80 74 50 11
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 f4 08 6f f0 ce c8 b2 d0 17 a2 c7 payload (36 octets): 14 00 00 20 e1 75 18 96 9c 9f 46 dc 62 94 55
17 8c 5a 67 55 c8 2c 24 81 d6 74 70 7f 39 02 6c 8e e9 de c0 7e ae cf e2 36 db a5 48 77 fc 3d a0 7a d5 9d 13 45 77 fd 51 6e 18
ciphertext (58 octets): 17 03 03 00 35 c8 bc f9 ae e6 c2 2a b9 74 ciphertext (58 octets): 17 03 03 00 35 d0 af c0 f5 b5 5b 5c 88 3c
99 f2 91 de f9 31 39 40 8a db d2 01 27 29 9b fc cb 55 c2 5d 7d cf 4a 46 1f 7a a1 28 47 17 89 eb 7c e4 1b b6 f0 cd 67 a9 64 16
f3 c2 25 f9 60 f9 63 49 1a c8 84 0f cb eb 78 2f 06 50 c7 ae 89 da 6c 19 ea b0 26 b0 1d f6 89 18 58 81 46 1f 38 2f 7a 7d 63 da
76 0b fa 39
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): 2f d1 64 22 0e 74 ba e8 93 70 20 38 bb 73 c6 72 PRK (32 octets): a8 ff a2 6f e0 c9 d1 49 3c 3d 3c 3b 32 bc a1 80
4c 92 64 bb ad 2b 7b 72 37 e3 40 29 e0 c3 69 4b f5 9b ba be 25 96 df f8 b2 b0 a1 46 74 0f 8b 00
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 9d 33 13 5f 96 74 2a ef 1e a5 c0 9f a5 9c
6a 0c key output (16 octets): 29 ca d2 48 96 e7 df 25 ff e0 6f cd 6c 03
69 09
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 71 12 64 6d a3 ba a6 31 70 ca 75 26 iv output (12 octets): dc 81 fc 39 54 43 9c ca e1 63 96 70
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): ea 7a 47 05 8d 09 bb 7b e7 92 82 6c ef 8e 22 ed PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6
8f 40 94 01 9d c5 ca a9 1f 02 07 80 5f c0 3b 1c b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29
hash (32 octets): 9f d1 b0 84 01 46 d6 24 97 08 30 e0 91 ae 31 7a hash (32 octets): a7 87 12 0b d8 96 6c d7 5a 05 ce 0b 9c 5b 26 da
d1 0a ae 86 cc 04 70 f8 98 87 86 2f 53 e6 6e e2 b9 6b 91 9d c3 61 a3 9e 5f d1 0a 3e 05 18 48 e4
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 9f d1 b0 84 01 46 d6 24 97 08 30 e0 91 ae 31 7a d1 74 65 72 20 a7 87 12 0b d8 96 6c d7 5a 05 ce 0b 9c 5b 26 da b9
0a ae 86 cc 04 70 f8 98 87 86 2f 53 e6 6e e2 6b 91 9d c3 61 a3 9e 5f d1 0a 3e 05 18 48 e4
output (32 octets): 4e ee b9 39 b9 63 8f a3 5a d7 57 84 97 13 35 output (32 octets): b0 72 82 ae e5 10 c3 e3 83 02 f4 18 a7 fa fa
9a 47 a3 bc 64 4e 72 26 5c a6 f6 4d 37 52 90 d1 73 9e 44 11 34 69 ae ba 27 1a a1 b6 61 ce 41 52 1c ca
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): ab 97 16 88 85 72 36 8f 24 6c d9 87 3e 59 4e 9e PRK (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc 78
8c 58 a9 03 9d 4b b0 86 82 ff 61 05 4b 27 48 8b 81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 71 bc 0c 4d c2 b7 d6 8a 2c ac 6e d6 f5 c2 key output (16 octets): e7 d4 94 88 a4 5c 1f 1d b4 ab 7d 7f e5 46
81 50 c9 fa
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 1b b0 fc f0 a3 03 5e e7 87 dc 3e 62 iv output (12 octets): a2 d1 32 5b eb 51 1a 7b 4a 20 c1 0c
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 2d db e2 e3 33 68 96 b5 df ciphertext (72 octets): 17 03 03 00 43 c4 83 d1 89 af 82 8c ee 40
2c f5 d3 7c f3 50 ba 01 61 52 4f 57 4d 89 44 0c 67 63 9f fc b4 4d cb 5a 16 64 93 50 2e d9 d0 c9 18 e7 0f d8 25 0c 5f b2 13 44
2f a8 1e 0a b1 8f 3c 48 0e 35 d6 36 1c 66 39 58 71 7f 03 52 83 79 6d 3a 72 bb 0a 4b 5c 59 03 c2 a7 05 6b 82 fc 17 37 7f 72 e7
5e 8e 3a a8 40 39 48 a5 d6 e6 20 38 70 e6 a3 c7 b4 6a 26 a6 97 5b 7e e3 b9 0b 2a b8 65 d4 0c 3c
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 09 f1 68 49 32 61 0e 09 17 ciphertext (72 octets): 17 03 03 00 43 35 da 03 f1 bd 93 ac 09 82
f6 34 37 02 c6 82 d2 5d 03 ee ac 0c e3 dd 1e 87 32 3c 25 ef e9 d8 8e 1a 9f 6e 0e 86 81 c1 a3 4c 6e 95 ee cf ba 10 54 c5 a2 11
b3 68 ad 9f c7 0c 00 49 5c 38 f6 14 d5 01 ae b6 6a 2a 47 c6 c9 00 e8 7f 2b 78 ab 1f e5 a4 3f 39 a5 8e e8 40 bf 97 f5 c9 1f 97
06 d8 b0 32 67 32 1b 7d 6b 32 82 01 be 0b c0 6a 3a ce 78 eb 92 f8 27 91 2f 42 31 6d a1 7b 22 b9
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 c5 fa f2 2d f7 ce ea b6 f2 ciphertext (24 octets): 17 03 03 00 13 95 2b 05 3c 66 06 d8 96 08
0b 3b da ee 3b d9 69 e8 7b aa 89 e1 77 51 23 0e d7 8f a0 80
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 b5 3a d6 ce 3d 3a 44 c6 4c ciphertext (24 octets): 17 03 03 00 13 46 95 47 73 f0 bf 82 91 68
0c 85 67 64 6f ee 6e 7c de aa 34 7b 99 0b 68 bf 73 3a f5 75
5. HelloRetryRequest 5. HelloRetryRequest
In this example, the client initiates a handshake with an X25519 In this example, the client initiates a handshake with an X25519
[RFC7748] share. The server however prefers P-256 [FIPS186] and [RFC7748] share. The server however prefers P-256 [FIPS186] and
sends a HelloRetryRequest that requires the client to generate a key sends a HelloRetryRequest that requires the client to generate a key
share on the P-256 curve. share on the P-256 curve.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 5d be 3b b2 1c d0 ab b9 c2 ab 42 90 1c private key (32 octets): a8 f7 4c 62 7c 09 56 a7 89 81 aa 60 39
bc 23 c8 c2 b8 84 58 ac 6b e9 14 25 dd dd 3a 98 b0 93 b2 e1 58 56 80 f4 af 93 c6 0b 4a 9c cc 35 1f 3c 1a c9 05 c8
public key (32 octets): 77 a1 f8 c2 bf f9 ae ce f0 f3 7c 60 14 f0 public key (32 octets): 28 90 65 44 eb 46 f9 bc c3 63 92 0e 28 a6
5c 82 7f 5f fe 60 5c 3c 32 67 1d 79 8c 1a 29 50 7c 6d 4c 72 a5 ff d1 fb f5 71 06 36 c0 5b 88 ab a0 35 38 0c
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (174 octets): 01 00 00 aa 03 03 fd a5 c0 5a 01 de 6f 64 payload (180 octets): 01 00 00 b0 03 03 8f bb 74 7c 54 ca 32 cd
0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1 ac 8e 07 5e 50 cf 2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64 e3 4a 3e f6 bc 7e
69 0c c9 00 00 06 13 01 13 03 13 02 01 00 00 7b 00 00 00 0b 00 98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 00 81 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 77 a1 f8 c2 bf 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 28 90 65 44 eb
f9 ae ce f0 f3 7c 60 14 f0 5c 82 7f 5f fe 60 5c 3c 32 67 1d 79 46 f9 bc c3 63 92 0e 28 a6 4c 72 a5 ff d1 fb f5 71 06 36 c0 5b
8c 1a 29 50 7c 6d 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 88 ab a0 35 38 0c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03
05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04
02 05 02 06 02 02 02 00 2d 00 02 01 01 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
ciphertext (179 octets): 16 03 01 00 ae 01 00 00 aa 03 03 fd a5 ciphertext (185 octets): 16 03 01 00 b4 01 00 00 b0 03 03 8f bb
c0 5a 01 de 6f 64 0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1 74 7c 54 ca 32 cd 2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64
ac 8e 07 5e 50 cf 69 0c c9 00 00 06 13 01 13 03 13 02 01 00 00 e3 4a 3e f6 bc 7e 98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 00
7b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 81 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00
20 77 a1 f8 c2 bf f9 ae ce f0 f3 7c 60 14 f0 5c 82 7f 5f fe 60 20 28 90 65 44 eb 46 f9 bc c3 63 92 0e 28 a6 4c 72 a5 ff d1 fb
5c 3c 32 67 1d 79 8c 1a 29 50 7c 6d 00 2b 00 03 02 7f 1c 00 0d f5 71 06 36 c0 5b 88 ab a0 35 38 0c 00 2b 00 03 02 03 04 00 0d
00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05
01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c
00 02 40 01
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11 payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11
be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8
a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72
be 27 61 a6 66 36 1c 81 90 47 cf 51 00 00 00 00 5a 99 8e 4c c3 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 d4 00 00 00 00 65 a4 46 6b 5a
d8 dd 02 5b bb e1 0d a6 f2 b2 d1 00 30 b0 3a 58 2f 9c c5 81 d1 a7 aa eb be d0 bc 0b 6d 96 5a 58 00 30 df ac fb a2 00 23 21 e1
0f 62 6c f0 e3 b9 3d 14 d4 65 f9 48 83 5a 2a b5 31 3a 23 a1 9a 2a ec 00 07 b4 da c5 d1 65 20 c4 46 f0 18 49 37 ea 29 a3 07 01
eb a3 67 1e 7a 0d 41 0e 17 4f d0 04 f6 53 f1 08 25 17 3d 1a 90 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 13 a6 a5 df e6 b9 09 87 8b 44
37 cd ea b4 86 df 4e 79 c6 87 f9 d9 b1 b9 e2 ae 81 1e 0b 97 4e ec 76 80 e7 86 75 60 fe bf ed c9 1f af 1a 87 19 1b a8 c3 c8 cd
8f 82 7b b1 66 a8 2d f7 a1 00 2b 00 02 7f 1c 96 2f 88 13 ff 3f 47 96 ae 00 2b 00 02 03 04
ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21 ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21
ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c
5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17
00 2c 00 74 00 72 be 27 61 a6 66 36 1c 81 90 47 cf 51 00 00 00 00 2c 00 74 00 72 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 d4 00 00 00
00 5a 99 8e 4c c3 d8 dd 02 5b bb e1 0d a6 f2 b2 d1 00 30 b0 3a 00 65 a4 46 6b 5a a7 aa eb be d0 bc 0b 6d 96 5a 58 00 30 df ac
58 2f 9c c5 81 d1 0f 62 6c f0 e3 b9 3d 14 d4 65 f9 48 83 5a 2a fb a2 00 23 21 e1 2a ec 00 07 b4 da c5 d1 65 20 c4 46 f0 18 49
b5 31 3a 23 a1 9a eb a3 67 1e 7a 0d 41 0e 17 4f d0 04 f6 53 f1 37 ea 29 a3 07 01 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 13 a6 a5 df
08 25 17 3d 1a 90 37 cd ea b4 86 df 4e 79 c6 87 f9 d9 b1 b9 e2 e6 b9 09 87 8b 44 ec 76 80 e7 86 75 60 fe bf ed c9 1f af 1a 87
ae 81 1e 0b 97 4e 8f 82 7b b1 66 a8 2d f7 a1 00 2b 00 02 7f 1c 19 1b a8 c3 c8 cd 96 2f 88 13 ff 3f 47 96 ae 00 2b 00 02 03 04
{client} create an ephemeral P-256 key pair: {client} create an ephemeral P-256 key pair:
private key (32 octets): d3 b7 74 44 db 98 f0 23 a7 9b 88 d4 18 private key (32 octets): 73 eb 34 d9 e6 f4 90 00 0d 35 bc 12 94
e3 74 80 27 67 43 24 ae 7e 9d 7f 25 33 46 34 b7 eb 40 f6 f1 ea 1c 3f 2b f9 95 56 0a 1f 35 a2 b9 cb 21 13 d5 48 b1
public key (65 octets): 04 9c 86 50 ec 41 c5 a8 df da c7 8b 1f 35 public key (65 octets): 04 35 8d 1d 9c a8 f6 79 5d fa fd 0d d3 88
65 42 16 cf cf 8c 2d b5 09 31 58 59 3b 33 22 1a 60 4b f7 df f9 14 65 67 20 14 9b bc 1b 39 8a a1 46 a2 0f 60 d6 17 db 9f 02 68
a4 7d cf 13 ee cb 29 be 5c 24 73 21 48 2f 44 51 57 b7 33 1e e4 3d ac 20 ac 2c 06 a3 a5 ef a3 e2 12 49 03 d6 d2 eb a7 65 b4 42
af 71 7b 59 7e 07 6d 56 e9 90 1f 15 51 28 f7 e7 0e 06
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 fd a5 c0 5a 01 de 6f 64 payload (512 octets): 01 00 01 fc 03 03 8f bb 74 7c 54 ca 32 cd
0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1 ac 8e 07 5e 50 cf 2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64 e3 4a 3e f6 bc 7e
69 0c c9 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 9c 86 50 ec 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 35 8d 1d 9c
41 c5 a8 df da c7 8b 1f 35 65 42 16 cf cf 8c 2d b5 09 31 58 59 a8 f6 79 5d fa fd 0d d3 88 14 65 67 20 14 9b bc 1b 39 8a a1 46
3b 33 22 1a 60 4b f7 df f9 a4 7d cf 13 ee cb 29 be 5c 24 73 21 a2 0f 60 d6 17 db 9f 02 68 3d ac 20 ac 2c 06 a3 a5 ef a3 e2 12
48 2f 44 51 57 b7 33 1e e4 af 71 7b 59 7e 07 6d 56 e9 00 2b 00 49 03 d6 d2 eb a7 65 b4 42 90 1f 15 51 28 f7 e7 0e 06 00 2b 00
03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c
00 74 00 72 be 27 61 a6 66 36 1c 81 90 47 cf 51 00 00 00 00 5a 00 74 00 72 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 d4 00 00 00 00 65
99 8e 4c c3 d8 dd 02 5b bb e1 0d a6 f2 b2 d1 00 30 b0 3a 58 2f a4 46 6b 5a a7 aa eb be d0 bc 0b 6d 96 5a 58 00 30 df ac fb a2
9c c5 81 d1 0f 62 6c f0 e3 b9 3d 14 d4 65 f9 48 83 5a 2a b5 31 00 23 21 e1 2a ec 00 07 b4 da c5 d1 65 20 c4 46 f0 18 49 37 ea
3a 23 a1 9a eb a3 67 1e 7a 0d 41 0e 17 4f d0 04 f6 53 f1 08 25 29 a3 07 01 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 13 a6 a5 df e6 b9
17 3d 1a 90 37 cd ea b4 86 df 4e 79 c6 87 f9 d9 b1 b9 e2 ae 81 09 87 8b 44 ec 76 80 e7 86 75 60 fe bf ed c9 1f af 1a 87 19 1b
1e 0b 97 4e 8f 82 7b b1 66 a8 2d f7 a1 00 2d 00 02 01 01 00 15 a8 c3 c8 cd 96 2f 88 13 ff 3f 47 96 ae 00 2d 00 02 01 01 00 1c
00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 01 00 15 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 fd a5 ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 8f bb
c0 5a 01 de 6f 64 0f 13 2a 1a a8 b7 a0 5a 9f 17 91 ca 88 fd f1 74 7c 54 ca 32 cd 2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64
ac 8e 07 5e 50 cf 69 0c c9 00 00 06 13 01 13 03 13 02 01 00 01 e3 4a 3e f6 bc 7e 98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 01
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00
41 04 9c 86 50 ec 41 c5 a8 df da c7 8b 1f 35 65 42 16 cf cf 8c 41 04 35 8d 1d 9c a8 f6 79 5d fa fd 0d d3 88 14 65 67 20 14 9b
2d b5 09 31 58 59 3b 33 22 1a 60 4b f7 df f9 a4 7d cf 13 ee cb bc 1b 39 8a a1 46 a2 0f 60 d6 17 db 9f 02 68 3d ac 20 ac 2c 06
29 be 5c 24 73 21 48 2f 44 51 57 b7 33 1e e4 af 71 7b 59 7e 07 a3 a5 ef a3 e2 12 49 03 d6 d2 eb a7 65 b4 42 90 1f 15 51 28 f7
6d 56 e9 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 e7 0e 06 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2c 00 74 00 72 be 27 61 a6 66 36 1c 81 90 47 cf 06 02 02 02 00 2c 00 74 00 72 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1
51 00 00 00 00 5a 99 8e 4c c3 d8 dd 02 5b bb e1 0d a6 f2 b2 d1 d4 00 00 00 00 65 a4 46 6b 5a a7 aa eb be d0 bc 0b 6d 96 5a 58
00 30 b0 3a 58 2f 9c c5 81 d1 0f 62 6c f0 e3 b9 3d 14 d4 65 f9 00 30 df ac fb a2 00 23 21 e1 2a ec 00 07 b4 da c5 d1 65 20 c4
48 83 5a 2a b5 31 3a 23 a1 9a eb a3 67 1e 7a 0d 41 0e 17 4f d0 46 f0 18 49 37 ea 29 a3 07 01 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c
04 f6 53 f1 08 25 17 3d 1a 90 37 cd ea b4 86 df 4e 79 c6 87 f9 13 a6 a5 df e6 b9 09 87 8b 44 ec 76 80 e7 86 75 60 fe bf ed c9
d9 b1 b9 e2 ae 81 1e 0b 97 4e 8f 82 7b b1 66 a8 2d f7 a1 00 2d 1f af 1a 87 19 1b a8 c3 c8 cd 96 2f 88 13 ff 3f 47 96 ae 00 2d
00 02 01 01 00 15 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 01 00 1c 00 02 40 01 00 15 00 af 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral P-256 key pair: {server} create an ephemeral P-256 key pair:
private key (32 octets): 3b 21 7a 4d b8 ab 31 54 d8 f1 ca 4f fc private key (32 octets): 22 da f5 8e bd 87 da df 82 8e 6f 8c 5d
a0 c3 3f 04 8f 1a 06 01 e2 9f 8b b7 f7 9b 36 8c 65 ba a6 c0 43 df 88 be 8b 63 45 02 44 5c 5c 46 3f 4f f4 2d 37 7b
public key (65 octets): 04 65 7e a5 e0 7c 82 1e 25 fd 9e f2 61 4c public key (65 octets): 04 3c ff 48 7b 22 65 d1 42 f8 08 c0 65 ff
08 9f 9d 21 b4 8c c5 44 26 77 0d f4 ef 95 8a 85 c5 e0 3c e3 8b 32 b1 2c b3 a6 08 58 25 6f 15 cd de 4e 94 6a 3c b6 67 1a a9 65
5e 7e 7b 6f 63 92 f0 e3 6c f1 11 9a 9b 59 59 76 79 83 93 19 e4 2c 31 8d 06 ec d6 5c 84 60 04 58 4a d9 79 d5 47 5c 7e 6b 9d 22
0e d1 f0 9a 06 81 d2 ec 71 7a 14 2c 16 da 45 ac 8b d4
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 30, line 13 skipping to change at page 30, line 20
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): fe b0 20 4b f7 6c ce 95 68 ae ef fa 0b 10 ef c7 IKM (32 octets): 65 ab 95 4f 48 f4 18 7d bd 5f 83 6f 63 95 86 5b
64 06 5c 03 48 cc f4 f2 f8 97 22 f2 f5 5c df a8 87 a4 39 98 ef ae 26 ad 24 4c ba d2 aa 2c e4 69
secret (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 secret (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa
a8 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15 b7 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 a8 PRK (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa b7
2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a
hash (32 octets): 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45 00 hash (32 octets): b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8 03
66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45 61 66 66 69 63 20 b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8
00 66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d 03 cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5
output (32 octets): 66 65 be 10 30 f9 05 87 74 35 d5 6b 4a 9b d8 output (32 octets): 37 7b ec 72 bf e0 e9 93 89 e5 e9 13 e2 b2 95
de 7f 4e 37 1c ef 29 5b ac 39 7b 98 d7 35 f5 16 54 9b f6 22 13 87 0f fb da 69 25 ae 17 ce de 4b 0c 01
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 a8 PRK (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa b7
2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a
hash (32 octets): 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45 00 hash (32 octets): b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8 03
66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 12 5d 04 9c 5f a7 94 33 01 e3 0c 64 53 2d 45 61 66 66 69 63 20 b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8
00 66 c7 be b0 cd 26 bd 3f 7a 33 43 ab 7c fc bb 0d 03 cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5
output (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f output (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12
6a 2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7 8e 61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 a8 PRK (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa b7
2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 55 3a 3f 4d 42 b9 da 6e 66 e7 26 49 40 2d 1e output (32 octets): 32 25 e8 e6 82 c8 0f 84 51 c2 69 99 ca 10 99
00 25 e3 de 0e 87 51 0d f7 ab 88 0e 85 bc e4 7f ae 36 69 68 8d 8c 6f 82 82 e6 94 18 37 5b 7e 10 6d 51
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 55 3a 3f 4d 42 b9 da 6e 66 e7 26 49 40 2d 1e 00 salt (32 octets): 32 25 e8 e6 82 c8 0f 84 51 c2 69 99 ca 10 99 36
25 e3 de 0e 87 51 0d f7 ab 88 0e 85 bc e4 7f ae 69 68 8d 8c 6f 82 82 e6 94 18 37 5b 7e 10 6d 51
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d secret (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d
d6 c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4 f9 a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9
{server} send handshake record: {server} send handshake record:
payload (123 octets): 02 00 00 77 03 03 b0 4a 61 26 aa 7b 5c f3 payload (123 octets): 02 00 00 77 03 03 3f 2c 62 94 55 ca 56 6e
0f 4a 09 1c 8f 2f 38 12 85 d7 7c bc db 73 9b 6a 26 f3 73 0e 2c 8e a2 43 7d f8 73 e2 c4 06 bc a6 1a 51 da 4d b6 cb 7e 95 63 7d
aa a8 f2 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 65 7e a5 51 42 7e 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 3c ff 48
e0 7c 82 1e 25 fd 9e f2 61 4c 08 9f 9d 21 b4 8c c5 44 26 77 0d 7b 22 65 d1 42 f8 08 c0 65 ff 32 b1 2c b3 a6 08 58 25 6f 15 cd
f4 ef 95 8a 85 c5 e0 3c e3 8b 5e 7e 7b 6f 63 92 f0 e3 6c f1 11 de 4e 94 6a 3c b6 67 1a a9 65 2c 31 8d 06 ec d6 5c 84 60 04 58
9a 9b 59 59 76 79 83 93 19 e4 0e d1 f0 9a 06 81 d2 ec 71 00 2b 4a d9 79 d5 47 5c 7e 6b 9d 22 7a 14 2c 16 da 45 ac 8b d4 00 2b
00 02 7f 1c 00 02 03 04
ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 b0 4a ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 3f 2c
61 26 aa 7b 5c f3 0f 4a 09 1c 8f 2f 38 12 85 d7 7c bc db 73 9b 62 94 55 ca 56 6e 8e a2 43 7d f8 73 e2 c4 06 bc a6 1a 51 da 4d
6a 26 f3 73 0e 2c aa a8 f2 00 13 01 00 00 4f 00 33 00 45 00 17 b6 cb 7e 95 63 7d 51 42 7e 00 13 01 00 00 4f 00 33 00 45 00 17
00 41 04 65 7e a5 e0 7c 82 1e 25 fd 9e f2 61 4c 08 9f 9d 21 b4 00 41 04 3c ff 48 7b 22 65 d1 42 f8 08 c0 65 ff 32 b1 2c b3 a6
8c c5 44 26 77 0d f4 ef 95 8a 85 c5 e0 3c e3 8b 5e 7e 7b 6f 63 08 58 25 6f 15 cd de 4e 94 6a 3c b6 67 1a a9 65 2c 31 8d 06 ec
92 f0 e3 6c f1 11 9a 9b 59 59 76 79 83 93 19 e4 0e d1 f0 9a 06 d6 5c 84 60 04 58 4a d9 79 d5 47 5c 7e 6b 9d 22 7a 14 2c 16 da
81 d2 ec 71 00 2b 00 02 7f 1c 45 ac 8b d4 00 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f 6a PRK (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 8e
2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7 61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 51 dc bb f8 4c a6 41 9d 5c 5f 52 32 da 05 key output (16 octets): 0d d2 f3 46 9c de 17 30 9f c3 0c 61 64 8d
c0 af 13 b4
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): b1 c3 52 60 1b c5 a8 3d 37 e1 27 fe iv output (12 octets): 9e 33 da a8 b6 e9 71 d3 ad 89 ce 2c
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f 6a PRK (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 8e
2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7 61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 8e 5f be fe 35 d1 12 a8 bd 57 10 e8 b1 00 dd output (32 octets): e2 03 13 64 a4 a5 64 fc 3f f0 da 32 3b 2b 95
61 dc 48 a3 d0 29 87 3e fb c3 ab 67 07 01 8e 86 6e c3 9b 9a be 54 8a c7 19 e8 16 3d 7c c6 9f b6 6b 4c
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (639 octets): 08 00 00 12 00 10 00 0a 00 08 00 06 00 17 payload (645 octets): 08 00 00 18 00 16 00 0a 00 08 00 06 00 17
00 18 00 1d 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 00 18 00 1d 00 1c 00 02 40 01 00 00 00 00 0b 00 01 b9 00 00 01
01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30
86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06
72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31
0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30
03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06
0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81
82 79 30 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26 81 00 b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c 0c 68
d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab bc
1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87
4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74 a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a
80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 5f da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6
ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7
01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04
03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a
01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27
72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5
e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5
51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70
c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9
1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d
96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 1a 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00
78 c0 86 7a 27 20 39 db d4 e2 95 ae e0 eb ce a5 67 5c 09 f6 c6 84 08 04 00 80 6b b7 6f a4 24 aa d9 99 c2 72 49 23 c1 6c 5e 44
2d b9 f3 9d 94 9b c2 2e 1e 23 1c eb dc b8 a6 ec 2e b3 7f 98 bb 6d 47 2e d4 2c e2 0b 66 f6 e3 3c c0 9a b6 84 09 24 30 17 45 f4
bf bb eb f7 64 bb b6 80 45 48 b7 78 52 f4 92 15 60 35 1f 99 8f 48 f8 22 e8 cd b1 e7 1e 74 2f 41 91 8e df a3 37 54 42 11 11 6c
42 0d f7 ea ad 47 4b 3a 1a 50 db cb 0e 40 eb 2a 58 5b 64 5e 0b 33 3a 36 9f a8 97 61 07 6d d6 71 3a 28 e0 7a 22 4f c6 4d 1f dc
4c 95 13 6c 02 87 ce 2e 74 ee 5b 99 48 43 77 e3 de ee 00 13 49 8d 6f 23 01 90 05 36 f4 a9 2c 00 8d 09 9a cb 68 d8 15 9c ff f0
9c aa a2 2f 13 65 fb 26 21 05 83 26 d3 6a 92 47 56 d3 ae 8c b9 ac c3 71 f8 9e 4a f0 19 b2 35 f0 c5 1d 71 a4 21 b8 ca 8d 03 36
3b 14 00 00 20 6b a4 58 68 e6 28 c9 7a e3 b0 e1 68 c6 ea ff 9e 87 00 74 ce 7b 05 8a 14 00 00 20 d2 0d 7e 67 8b 35 c0 03 2e 96
58 e5 97 58 28 76 29 c5 93 68 c6 21 27 61 b6 a3 37 6f 7a 49 40 bc f3 20 4b 90 3e cf 90 ed af ec eb 95 f3 02 3d
32
ciphertext (661 octets): 17 03 03 02 90 5b bc c2 f4 05 15 00 8f ciphertext (667 octets): 17 03 03 02 96 68 9c 22 eb eb c7 1d df
44 54 2c 78 a4 87 46 58 09 04 6f 46 b0 e1 74 a9 e8 ad fa 07 60 1b 02 14 96 5a 39 a0 61 bf 12 af 84 c2 ee 0e 12 13 ae 3e 1c ab
b7 1b 25 4d a3 19 49 d5 d7 0f 3b 1a 6b 6d c2 1c 5a 68 1a af bf c0 ce ca c6 06 37 3e 81 eb 3f 61 55 5e e5 a4 58 bf d4 3e db e1
e5 70 ca cb 35 7b 47 00 cc 74 68 4c c2 99 ba f1 96 02 d5 55 b2 f2 eb 0c b8 28 01 27 9e 02 15 8c 7b 50 3b 86 a1 42 a7 56 c4 1e
d9 66 4a 35 de 49 37 7e 8c b7 a5 10 b9 c1 ba 4e a6 99 68 3d 39 d2 40 b8 0f e8 c4 b1 93 66 ec f1 ac 3a b7 64 f0 c5 37 7a ef 35
1b 86 d7 31 e3 2e 1d bc 86 72 24 2d 90 f9 36 27 cd 12 39 65 4c 6f 27 d6 01 3e af 26 ad bc 72 fc 49 4b 6e bc 9d c2 55 75 44 18
6b 05 92 5e f0 8b 4f 36 7c e3 4d 5f 08 ce 41 27 63 d1 e3 23 ae 38 cf 02 9e 73 05 72 7e f8 0d 7b 7d 51 21 2e d4 d8 8a f5 bc 1a
dd 7a 94 c4 db cc 13 85 5a 31 cc 3a 32 68 fa f4 49 ef 17 b2 90 80 37 8e 1c 6a 28 8e e5 14 75 7b ea b7 8a 48 af fc 89 7c 49 20
65 77 eb 7e 49 04 bf 9a 9f eb af 80 1c 18 61 dd 18 e7 0f c7 ee 2c fd ed 99 a7 81 05 cf 87 69 a4 c3 00 1b 81 82 66 67 03 ce c8
58 38 da 90 38 90 59 95 58 f9 47 d4 70 bf cf 94 29 2a ca 94 83 0b 15 a2 c4 61 68 f8 cb 44 23 70 e6 1c 4d cd f5 bc c0 25 53 f7
e4 62 bf 2b c8 a6 16 88 e1 5b 47 7c 88 e4 33 bf 6e ad 2e 97 ac 50 31 10 11 9f 15 0e 05 94 d5 a3 63 b2 7e 27 72 dc 96 79 24 d3
4a 15 d0 27 60 d1 31 b2 45 25 57 0b 67 e4 d6 27 e0 1f b3 de eb d6 ce b8 6e 7d d0 01 6b 8f 33 92 51 36 e4 69 6c 6d 43 38 4b 31
33 f4 97 7e 43 ea 5d 1c f5 f1 8d 27 14 f1 bd ea 6e 43 9c bb 07 12 ec 7c 15 8a f6 88 ce 18 83 26 67 b4 ff fe 2a c4 17 4a 98 eb
6a 02 76 01 e3 ac 60 39 d7 85 d6 8b 11 ed 5f dd 8b 17 87 27 12 fd c9 17 45 1c 96 76 a4 f3 21 f1 65 64 ec 23 90 ba 37 c3 00 b1
31 c1 cd da 17 a2 70 85 52 cf 1c c2 c9 b9 1d d3 54 77 f7 96 5e e7 a9 da 6c ce b2 ac 0c 45 13 5b 66 84 32 2b b2 34 f9 46 70 2a
15 87 8c a8 5b b5 a2 03 08 be ed d6 10 af 47 82 76 60 f2 b2 cd c2 42 c7 55 7c 71 f0 ee 65 a6 c9 a7 93 24 d6 94 fe 1f 7f b2 67
b3 b7 d5 3b b7 9e 19 da 0a 64 39 d5 b9 48 f2 5e f0 fc 9b c4 2f ce 6e 83 22 5c 9f 10 b5 b8 8d db 25 53 5b f6 cc 73 2f c7 da 79
83 ce 09 40 5f 46 16 4d 06 6f 71 07 9d ff cc 28 cb f3 ba 4f 4b b8 09 28 90 82 7a 00 97 11 74 a5 f0 90 30 d0 b9 bb 5f 22 8b 08
65 39 1d 49 c9 1d 6a 92 58 67 52 8f e5 a1 09 1c 5c 86 29 cb 0b f7 aa 2f 7c 2c 57 ac 9b 7d 69 c8 1d 56 f0 db 07 98 9e 87 4c 4e
7b 91 50 a9 f8 17 e4 18 91 0a f4 0b f9 cd f0 85 c6 d7 a3 be 2c 42 0e d8 32 aa 87 4d 72 c3 c9 36 c0 85 00 f5 aa 3a 9a 9c 8f 76
9c 2e 2e 63 f5 86 68 2d a8 17 c5 c8 ba b8 ee 8c 8d 26 8a 2f f7 f7 41 b7 dc 20 82 ab 8b 8f f4 e7 4e 8b 47 e6 6b 26 fc c6 ff bc
50 73 eb c2 76 fb 6c 65 17 33 da 28 50 0d a7 09 df 4f 95 04 d8 9a 68 b0 5b 1a db 37 bf 6e da 22 99 23 ee 4b 40 f6 3c 34 90 c6
23 ca 32 de e7 2a 0b 18 b1 16 28 20 ab a1 c0 1b e8 0b 3f c4 24 63 f6 82 f4 12 58 25 5e 94 2a 36 7a cd 0c 7d f9 c8 7e 6a 75 5e
d2 8b 66 39 6c c5 45 d3 6d 88 65 1e c7 24 c9 91 18 86 cb 60 52 53 7e 7e 1a cb ba b7 b1 a4 30 b9 26 75 e4 5c 97 58 14 ed 91 7e
cc 8f cd 83 7a 26 82 0b 69 41 9d fd a7 c1 79 57 aa 11 26 62 3a 78 30 7a 5f 99 6b 87 47 f4 41 ca 36 93 2d 45 d5 2a 0b b1 48 6a
6a 4e de 84 30 a3 e1 ff c5 38 59 a5 95 d6 68 60 e1 07 59 01 11 6f 53 75 0d 01 23 f0 8a d7 70 ca c6 8c 00 d2 84 e3 ac 09 05 80
8d 33 9b a9 bb 04 ff 78 20 2c 6c b9 23 23 ad 66 4b 3a e3 c3 c5 68 ca af d4 f9 ae 46 92 04 01 cb 57 9c c4 67 ad f7 67 80 08 c5
53 a4 b7 34 03 da 89 2e 65 40 60 14 78 81 4b e0 ce 3f da 97 05 95 32 06 51 e5 8c 92 cc 99 a6 62 9d 5f bd 57 34 ac 3f cc 34 21
0b 72 63 80 d9 d6 d9 a9 55 36 48 c1 05 4f 96 9a 6a 1a 6f d7 f2 5d 31 b6 09 d2 c7 86 11 00 f4 70 12 ae 8d dc 40 bd ba b9 fa 72
88 46 8d 0e 62 69 95 99 4c e5 b4 2a 4f bb 58 16 3e a6 e2 f1 1b 2a e6 cc 2a bb b8 93 14 fb 06 be 8f 2f 2b cb 65 af 5b 1e ba 49
73 8c 07 34 91 1a 2b c2 9d 06 f3 38 f7 a3 83 ae 50 97 71 ea 11 c5 9e af 94 a1 a0 f9 33 53 f6 e2 fb 84 c9 48 0c cb 35 be 46 cb
f5 18 38 29 42 5d 89 27 d3 2a 39 18 1d 6a a1 91 8d 25 cd 3f b4 12 64 87 f0 72 eb d8 e5 62 5d c9 aa e7 b0 7b 93 e8 de
34 21 6f
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6 PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9
c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4 a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9
hash (32 octets): 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0 hash (32 octets): 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa
de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 61 66 66 69 63 20 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16
d0 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d fa 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e
output (32 octets): 62 b9 5d 5d 70 e3 61 a7 ac db 4c 1d 0b 76 ad output (32 octets): f3 72 b2 bf 29 76 71 90 a8 e0 fd 31 33 47 d8
8e 52 40 72 d8 65 7b c5 60 45 19 7c 56 95 ae 7d 1f 15 14 2c 37 76 3d c1 00 78 71 91 1f 7b 5c 31 0d 40
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6 PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9
c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4 a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9
hash (32 octets): 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0 hash (32 octets): 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa
de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 61 66 66 69 63 20 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16
d0 de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d fa 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e
output (32 octets): bb 4b e6 55 75 24 ef c0 ea d5 e4 1f 3a a7 9b output (32 octets): a8 b8 89 78 fb a9 0f 05 7c 52 c6 77 6a 01 1a
66 2d 54 e7 44 b9 60 bf 4d 74 84 12 98 ea 3c 94 a3 d5 64 bc 4d 38 ee 6c d7 45 4b a2 21 c2 89 10 08 7a
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6 PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9
c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4 a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9
hash (32 octets): 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0 hash (32 octets): 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa
de b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 0c cb 7b d0 f0 9f 0e 88 25 77 3f a6 3d 47 60 d0 de 74 65 72 20 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa 33
b1 ca 2d 33 34 a8 b3 3f 93 2d d4 83 11 b4 1d 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e
output (32 octets): ac 26 20 81 4f 70 43 09 36 be c0 84 92 b8 5d output (32 octets): de e8 d9 7e ec e8 97 93 e4 5d 63 b4 10 18 88
36 3f 71 2f c4 f6 7b 82 a7 7b 5e 75 e3 42 ee 11 3c df 06 a4 d3 63 c9 d8 ff af ef 2e bd 10 64 4d bc 42
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): bb 4b e6 55 75 24 ef c0 ea d5 e4 1f 3a a7 9b 66 PRK (32 octets): a8 b8 89 78 fb a9 0f 05 7c 52 c6 77 6a 01 1a d5
2d 54 e7 44 b9 60 bf 4d 74 84 12 98 ea 3c 94 a3 64 bc 4d 38 ee 6c d7 45 4b a2 21 c2 89 10 08 7a
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): e3 08 90 8b 31 47 94 f7 9e 88 ee 2a 58 69
b4 8c key output (16 octets): df 25 5c 0d f2 0f 01 26 2c 77 1c b8 74 67
7b 4a
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 32 03 04 48 9a 32 bb fe 2f 16 eb 30 iv output (12 octets): 90 89 9d 4b ab a4 31 d1 e3 1b f7 02
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 66 65 be 10 30 f9 05 87 74 35 d5 6b 4a 9b d8 de PRK (32 octets): 37 7b ec 72 bf e0 e9 93 89 e5 e9 13 e2 b2 95 9b
7f 4e 37 1c ef 29 5b ac 39 7b 98 d7 35 f5 16 54 f6 22 13 87 0f fb da 69 25 ae 17 ce de 4b 0c 01
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 23 36 dc fa e3 03 4b 23 54 7b 1c 94 1f bd key output (16 octets): 67 b6 7b 0d c0 12 44 92 42 dd ad ff c0 b1
99 00 7c 7e
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 7d 1a b0 07 49 38 3b 72 75 4e 90 cb iv output (12 octets): 52 ac 28 15 2f f3 e1 26 02 60 08 cb
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 36, line 8 skipping to change at page 36, line 17
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): fe b0 20 4b f7 6c ce 95 68 ae ef fa 0b 10 ef c7 IKM (32 octets): 65 ab 95 4f 48 f4 18 7d bd 5f 83 6f 63 95 86 5b
64 06 5c 03 48 cc f4 f2 f8 97 22 f2 f5 5c df a8 87 a4 39 98 ef ae 26 ad 24 4c ba d2 aa 2c e4 69
secret (32 octets): 91 35 3f 07 99 0d 6d 5a e0 43 f2 dd 4b 36 45 secret (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa
a8 2d d7 a4 8b 91 73 36 5c af 7e 09 80 ba f4 9d 15 b7 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): d6 d3 a4 da b6 55 19 ef aa d1 8e 18 4a f2 6f 6a PRK (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 8e
2f 41 08 a3 6c e9 90 ef 5c 36 bb d9 d2 36 d8 d7 61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 51 dc bb f8 4c a6 41 9d 5c 5f 52 32 da 05 key output (16 octets): 0d d2 f3 46 9c de 17 30 9f c3 0c 61 64 8d
c0 af 13 b4
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): b1 c3 52 60 1b c5 a8 3d 37 e1 27 fe iv output (12 octets): 9e 33 da a8 b6 e9 71 d3 ad 89 ce 2c
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 66 65 be 10 30 f9 05 87 74 35 d5 6b 4a 9b d8 de PRK (32 octets): 37 7b ec 72 bf e0 e9 93 89 e5 e9 13 e2 b2 95 9b
7f 4e 37 1c ef 29 5b ac 39 7b 98 d7 35 f5 16 54 f6 22 13 87 0f fb da 69 25 ae 17 ce de 4b 0c 01
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 2e 93 ce 7c 64 a9 11 9d d3 1e c3 f0 4d 01 8b output (32 octets): 19 4b 6b 62 26 c8 11 3f e1 24 2a 2b 08 9d 39
22 b8 03 9e ce 90 91 a1 3b bc 48 4c bf 3c 11 44 f6 9a 26 83 ee 49 68 d9 ff 9b de c3 dd df 25 83 a0 a6
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 2d 69 87 f1 81 4d d1 02 06 c9 22 payload (36 octets): 14 00 00 20 a7 da 09 8b 9b 26 83 71 64 64 1f
e4 ab c8 26 b3 54 08 6c 19 53 1f 20 46 02 a4 b9 9f c2 07 44 35 9d 0d 1b de c6 e8 eb 48 35 6b e7 c0 b1 7b 6d 19 4b 4b 8f a1 fd
ciphertext (58 octets): 17 03 03 00 35 d3 c3 af 19 fd d5 cf 86 1e ciphertext (58 octets): 17 03 03 00 35 87 b5 65 69 20 5c c2 cc c4
1e cd b5 42 30 00 11 23 a8 2c fc b0 f7 32 55 fa c3 52 4c c4 9b 53 67 58 88 e4 d8 79 1c 5d cf f4 26 cf 1a 88 57 84 50 54 bf 28
91 08 58 ca 3e d1 8e 22 a3 c3 c8 c2 00 75 9e b2 c6 95 8c 02 6b 37 3b 9a 8e d0 99 e1 e8 31 77 fb da 25 b3 78 7a ae 3c e1 f1 a0
c1 c3 a7 af
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): 62 b9 5d 5d 70 e3 61 a7 ac db 4c 1d 0b 76 ad 8e PRK (32 octets): f3 72 b2 bf 29 76 71 90 a8 e0 fd 31 33 47 d8 15
52 40 72 d8 65 7b c5 60 45 19 7c 56 95 ae 7d 1f 14 2c 37 76 3d c1 00 78 71 91 1f 7b 5c 31 0d 40
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 73 56 0a 54 0e 27 05 3e f9 28 d9 25 23 72 key output (16 octets): 06 ea a9 34 99 1d 0b 76 0d 56 9f 8e bb 79
dc 82 22 8b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ba 7e bb 92 b1 cb 06 c1 39 c7 df bd iv output (12 octets): 87 c0 5d f1 e8 a1 87 ba 4f e3 28 b3
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 29 c7 bf 4a b3 ef 65 96 1b 70 85 62 2f cf 5d d6 PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9
c8 6b 01 4e d5 7d 6d 33 92 76 9b 58 d8 cf 3b a4 a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9
hash (32 octets): f0 16 61 e7 4c ae b5 8f 27 66 dc 65 c6 67 87 41 hash (32 octets): f6 d2 e9 99 c9 ce 6e 62 67 b3 83 3d d9 10 cd 91
bb 07 23 24 a1 13 33 2d 50 8a a9 cd 03 1c 3e ee 92 4a f6 89 00 66 d8 51 bd 9e f2 01 65 6c d6 c8
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 f0 16 61 e7 4c ae b5 8f 27 66 dc 65 c6 67 87 41 bb 74 65 72 20 f6 d2 e9 99 c9 ce 6e 62 67 b3 83 3d d9 10 cd 91 92
07 23 24 a1 13 33 2d 50 8a a9 cd 03 1c 3e ee 4a f6 89 00 66 d8 51 bd 9e f2 01 65 6c d6 c8
output (32 octets): bd 55 23 17 8e 08 61 b1 c1 8a e3 0c 9f f5 a7 output (32 octets): 1f 63 61 ef 0f 9d fe 19 ac 0f eb 5d 87 51 5f
fe 68 f2 66 33 af 70 4a ee 1b 64 3e 3a c5 e4 f7 ef ad 41 92 67 6b 79 61 ea 85 fc 2b 31 ba a0 c1 1f fa
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 f8 41 57 a0 1d b2 73 9d a1 ciphertext (24 octets): 17 03 03 00 13 a1 93 82 ba 6a cc c4 d0 df
86 c3 a8 2f 23 cb 31 83 ad e0 e3 46 c6 5b b3 ff 01 95 6f 26
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 a2 06 45 93 d6 f1 8a 0e 7e ciphertext (24 octets): 17 03 03 00 13 6a c7 95 b6 5c a3 13 33 30
1d c6 e8 76 69 b3 c4 54 62 e4 22 5c c3 a8 0b 28 f2 39 d2 e9
6. Client Authentication 6. Client Authentication
In this example, the server requests client authentication. The In this example, the server requests client authentication. The
client uses a certificate with an RSA key, the server uses an ECDSA client uses a certificate with an RSA key, the server uses an ECDSA
certificate with a P-256 key. Note that private keys for this certificate with a P-256 key. Note that private keys for this
example are not included in the draft. example are not included in the draft.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 81 2f 09 40 11 ad f7 29 ff 7c a2 b2 4d private key (32 octets): 51 51 41 c1 11 7c f2 f1 81 f0 63 41 08
0d 16 49 c9 e3 d4 af 0d 1e dc 10 a1 ae 7c b8 14 a4 96 22 da 12 41 26 df 69 36 21 2b b4 8c 0a 48 b6 86 4d 14 8a 35
public key (32 octets): 79 fd 6e fb c1 92 04 40 aa 32 5c dc ea 3f public key (32 octets): 8e 61 95 b8 3b ea 47 57 fc 4f c5 c9 cc 73
3c b7 07 8f ea 03 13 fa 76 6a c3 76 1e dc 62 ad 2c 31 2b 87 10 c0 fe 12 1f dc 3b 46 53 85 0e c0 68 bd 6a 03
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (186 octets): 01 00 00 b6 03 03 82 97 3b d3 3b b4 81 f5 payload (192 octets): 01 00 00 bc 03 03 72 be 9e 03 79 d1 64 11
37 de c6 5a cd 48 5b d4 bd aa 20 f7 d2 2f 68 0c 89 2f 68 45 06 d3 5d a6 b5 56 16 bc 37 5d a6 40 55 2b ca 71 9d ae 41 90 f3 94
51 a5 0e 00 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 39 d8 5a 00 00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 79 fd 6e fb c1 92 04 40 aa 32 5c dc ea 3f 26 00 24 00 1d 00 20 8e 61 95 b8 3b ea 47 57 fc 4f c5 c9 cc 73
3c b7 07 8f ea 03 13 fa 76 6a c3 76 1e dc 62 ad 2c 31 00 2b 00 2b 87 10 c0 fe 12 1f dc 3b 46 53 85 0e c0 68 bd 6a 03 00 2b 00
03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d
00 02 01 01 00 02 01 01 00 1c 00 02 40 01
ciphertext (191 octets): 16 03 01 00 ba 01 00 00 b6 03 03 82 97 ciphertext (197 octets): 16 03 01 00 c0 01 00 00 bc 03 03 72 be
3b d3 3b b4 81 f5 37 de c6 5a cd 48 5b d4 bd aa 20 f7 d2 2f 68 9e 03 79 d1 64 11 d3 5d a6 b5 56 16 bc 37 5d a6 40 55 2b ca 71
0c 89 2f 68 45 06 51 a5 0e 00 00 06 13 01 13 03 13 02 01 00 00 9d ae 41 90 f3 94 39 d8 5a 00 00 06 13 01 13 03 13 02 01 00 00
87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 33 00 26 00 24 00 1d 00 20 79 fd 6e fb c1 92 04 40 03 01 04 00 33 00 26 00 24 00 1d 00 20 8e 61 95 b8 3b ea 47 57
aa 32 5c dc ea 3f 3c b7 07 8f ea 03 13 fa 76 6a c3 76 1e dc 62 fc 4f c5 c9 cc 73 2b 87 10 c0 fe 12 1f dc 3b 46 53 85 0e c0 68
ad 2c 31 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e 04 03 05 03 06 bd 6a 03 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2d 00 02 01 01 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): d6 8f 8d b3 5c 04 61 e2 5f 95 f6 23 04 private key (32 octets): 82 0f ba 6b 13 3f a3 bb 45 4e a0 fe 61
4b 61 bd a3 9d 08 f8 5c 64 43 50 a0 4d 57 d8 9c 66 7a ca 7e 50 3a 74 c3 09 b3 82 28 07 71 7d e1 ee 3f ee 17 27 57
public key (32 octets): c3 ec 4f 42 40 70 ce 83 c7 91 fa 32 8f e9 public key (32 octets): 23 dc 3e 49 2e c4 56 63 c3 ad b5 17 ec 8e
ae 00 96 ab fc cc 15 b9 aa ec eb f6 0b f4 8f 0b 0f 2e ef a6 5b 76 c0 cf 21 21 f4 af f5 09 50 0c 05 19 7f 0a
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
skipping to change at page 40, line 13 skipping to change at page 40, line 23
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): a1 74 df 38 d7 a4 28 b6 2e 99 80 83 00 c6 8c e5 IKM (32 octets): b2 0d 9a cb a0 e0 38 1d 9f f5 1e 9d 7c b8 ba 18
5a 89 1a 80 74 d9 f0 99 56 78 eb 55 68 fe c5 07 a9 ba 63 7e e5 93 08 13 da 7f f8 62 e6 62 44 45
secret (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 secret (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a
35 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6 e4 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 35 PRK (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a e4
75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6
hash (32 octets): 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72 f2 hash (32 octets): 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c b7
ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41 33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72 61 66 66 69 63 20 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c
f2 ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41 b7 33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c
output (32 octets): 80 e0 c6 f8 6e 1e e2 f6 dd b3 ea 30 a7 fc 72 output (32 octets): 23 03 a8 1a 55 a9 e2 92 d3 23 cd c8 9a b2 dd
22 3b 9f ed 27 55 5c 8d 41 f5 8f b2 db bd 4c 0d 09 a1 63 40 f8 4f d9 dd 99 5c 72 50 c3 3e d3 82 b2 db
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 35 PRK (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a e4
75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6
hash (32 octets): 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72 f2 hash (32 octets): 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c b7
ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41 33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 57 65 19 76 4b f9 ac e3 84 32 c8 6d 9e 0f 72 61 66 66 69 63 20 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c
f2 ef 6b a3 7c 9f 76 30 6e fc bb e7 78 56 ad b3 41 b7 33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c
output (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 output (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11
23 d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35 35 ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 35 PRK (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a e4
75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): c2 13 d7 c8 ea f2 1c bc 9d 09 fa 15 85 c4 27 output (32 octets): cc c4 24 b2 2c e3 72 2a 86 5e 45 b8 fc 1c 98
ac 96 c3 18 32 5c d3 3c 95 93 4f 6d e8 f9 28 50 e3 a6 36 9a 61 15 15 15 bb c8 4d f5 f7 3f e1 c5 e7 fe
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): c2 13 d7 c8 ea f2 1c bc 9d 09 fa 15 85 c4 27 ac salt (32 octets): cc c4 24 b2 2c e3 72 2a 86 5e 45 b8 fc 1c 98 a6
96 c3 18 32 5c d3 3c 95 93 4f 6d e8 f9 28 50 e3 36 9a 61 15 15 15 bb c8 4d f5 f7 3f e1 c5 e7 fe
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb secret (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39
7e ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa 53 dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 e1 6b 86 5e 76 5e 84 ba 47 payload (90 octets): 02 00 00 56 03 03 ed 3b 39 8e d9 27 26 f8 9e
b4 2d f2 62 e3 8e 2d e6 1e 95 e3 75 3b ad fd 98 76 5c 62 98 4f ac 52 ea 27 89 c1 00 9d d6 e2 5f 9f 3e c0 f4 00 3d a5 20 93 e4
28 d3 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 c3 ec 4f 42 40 c9 34 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 23 dc 3e 49 2e
70 ce 83 c7 91 fa 32 8f e9 ae 00 96 ab fc cc 15 b9 aa ec eb f6 c4 56 63 c3 ad b5 17 ec 8e ef a6 5b 76 c0 cf 21 21 f4 af f5 09
0b f4 8f 0b 0f 2e 00 2b 00 02 7f 1c 50 0c 05 19 7f 0a 00 2b 00 02 03 04
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 e1 6b 86 ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 ed 3b 39
5e 76 5e 84 ba 47 b4 2d f2 62 e3 8e 2d e6 1e 95 e3 75 3b ad fd 8e d9 27 26 f8 9e ac 52 ea 27 89 c1 00 9d d6 e2 5f 9f 3e c0 f4
98 76 5c 62 98 4f 28 d3 00 13 01 00 00 2e 00 33 00 24 00 1d 00 00 3d a5 20 93 e4 c9 34 00 13 01 00 00 2e 00 33 00 24 00 1d 00
20 c3 ec 4f 42 40 70 ce 83 c7 91 fa 32 8f e9 ae 00 96 ab fc cc 20 23 dc 3e 49 2e c4 56 63 c3 ad b5 17 ec 8e ef a6 5b 76 c0 cf
15 b9 aa ec eb f6 0b f4 8f 0b 0f 2e 00 2b 00 02 7f 1c 21 21 f4 af f5 09 50 0c 05 19 7f 0a 00 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 23 PRK (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 35
d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35 ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 7b 12 04 e6 6d 4a cf 2d a4 da 5d 45 7e e9 key output (16 octets): 61 a2 08 f9 c7 7f 35 96 9e 7f 1e 0e a2 75
97 34 4c 92
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 2b 44 e2 11 46 6b 55 23 7a 3a 47 82 iv output (12 octets): 08 a7 d2 9a d2 4b bf 51 1e a2 dd 45
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a CertificateRequest handshake message {server} send a CertificateRequest handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 23 PRK (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 35
d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35 ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 05 6f 63 21 21 b2 14 cd 48 f9 33 92 7b 7f 8f output (32 octets): 9f 46 ac 32 80 c8 66 da b9 27 45 b6 af ec 7c
d7 6e f6 09 70 8e 2f dc 19 2c 2b 7b e3 eb 2b ce ed b3 5a 58 1a 4a 6c 8e 5e 09 a4 9c 96 d0 ad 30 2e 34
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (512 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (516 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40
00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 01 00 00 00 00 0d 00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05
04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02
0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 30 81 d5 a0 03 02 05 02 06 02 02 02 0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e
01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 13 31 11 30 81 d5 a0 03 02 01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04
30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 1e 17 0d 03 02 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32
31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 32 36 30 37 33 30 35 36 30 1e 17 0d 31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d
30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 32 36 30 37 33 30 30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03
63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 55 04 03 13 08 65 63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86
08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 30 16 15 75 f4 cf 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5
e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 ee 62 ee 6e 2f 83 30 16 15 75 f4 cf e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79
ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 b5 6d 1f 04 ec e4 ee 62 ee 6e 2f 83 ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5
5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 1a 30 18 30 09 06 b5 6d 1f 04 ec e4 5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3
03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f
30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 30 45 02 21 00 df 04 04 03 02 07 80 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00
30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 69 3f ee ca 3b 71 30 45 02 21 00 df 30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca
b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 72 50 d3 20 fe a8 69 3f ee ca 3b 71 b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4
3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f ee 94 6e 51 3e 01 72 50 d3 20 fe a8 3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f
1d 11 00 00 0f 00 00 4c 04 03 00 48 30 46 02 21 00 a9 92 34 f1 ee 94 6e 51 3e 01 1d 11 00 00 0f 00 00 4a 04 03 00 46 30 44 02
07 df ae ab bb 5c a8 f1 a1 1e a4 dd e9 4e c4 3c 9f c2 4f 13 9f 20 4e c5 5a 94 22 b9 26 82 ac f6 01 da 8e ad dc a8 43 17 0c 52
d9 85 02 0f ef 5b 37 02 21 00 88 2a c7 01 dc a9 a3 c2 4d dc 5d 94 cb b0 92 64 60 09 a2 22 8f c6 3d 02 20 33 61 b0 78 aa 93 db
83 99 98 9d e2 bd da f1 cf 3f 4c f5 09 85 8b 19 63 b9 0e a0 98 6e 9c 22 ad f1 88 5b 9e 0a 3e d4 ec dd 5c ef dc ce 63 f9 99 84
14 00 00 20 b5 66 19 91 b8 78 02 73 5d ea 1f 4a b1 c9 63 c3 39 82 0b 23 ee 14 00 00 20 65 0d bb 4b 5a 6a ce 4e 23 5c 3a 3a 39
50 38 fc c7 e3 5e c4 86 2b 18 6e 89 2a 65 6f 06 09 41 fc 25 37 58 6e 9b 56 27 2e 5f d1 31 ca 1f d2 74
ciphertext (534 octets): 17 03 03 02 11 e7 94 8e bf 77 b7 00 e8 ciphertext (538 octets): 17 03 03 02 15 3a cf 25 29 62 4c 10 c3
65 c8 90 a4 4a c7 f8 13 ed 92 eb 98 bf fc 81 3f 17 f3 b6 1c 18 30 42 26 01 83 6e f0 93 ef ff c9 21 c2 60 9e 77 58 42 c4 65 ea
ff 65 ba 73 71 1f e9 cb 00 bc 6a 52 f9 5a 64 02 3c ac 02 7a 68 a3 2c ca 23 34 06 4c 8d d8 53 96 ba 07 a8 6b d0 83 28 bc 07 e1
0c 2e 09 a6 27 59 dc 2b 29 e9 a3 5a c1 05 6a 5b 80 ae c1 bd c6 f8 96 9d 93 09 68 79 a8 ee d4 af 92 e3 e3 ea 74 63 28 d6 40 22
56 be a1 93 dc c1 5a 4a e2 65 0f 99 e2 55 94 87 83 78 0d 3e c2 04 a5 9c a9 9c a8 2d 42 18 f0 85 10 60 ab ca 1e d6 c9 24 d6 49
e2 98 22 f8 51 b8 95 bc 3d e9 51 65 2b f2 de 1f f1 11 c5 60 54 a1 6f 4c 5f 59 37 a6 de dd 36 de aa b7 25 ff 5c ab 8d 05 10 cc
7c b5 64 17 74 ce 0a 61 66 c1 fa c0 60 3e 80 48 1b 79 e2 47 77 4d a2 c4 b7 57 7a 06 2a f1 5a 89 f7 ca 9f 8e ae 62 cf ea 55 6c
24 c6 76 da ea 61 2b 73 e6 36 34 0f 35 8d 0b 31 ad 2a a1 41 51 c0 51 be ed c6 db ac 7f b2 1d a9 10 e7 07 5b 39 7c 32 f7 a5 a5
b1 e3 92 b9 39 4b 28 a5 59 d0 ce 23 79 cd 71 ad bd e9 d3 5a b0 0c e7 e8 22 9a 7c f5 db 31 8e f9 be 2a af 45 04 0d 15 96 aa 72
3e 7e 8c f1 a2 e1 09 a3 20 c6 77 9c dd 9c 34 4b c8 64 54 b4 db d7 99 81 3b 79 37 db 78 dc cc df 5c 1a b0 bb ad 95 29 34 f2 a8
a2 37 1c 02 33 05 c6 7c ed c6 3a 81 b8 48 84 33 96 87 5c 41 6d e3 0f e2 60 2b 72 d0 11 8e fb 24 02 0c 0f 35 b1 4c bd af 1a b6
97 52 60 ab 5a 84 d8 c4 da f9 8f 53 b4 c4 db 2c 62 65 f3 93 79 9e 3e 6b a9 f5 1c db 02 9a 88 11 0d 97 59 26 af f0 ba 32 b2 15
ee 57 4c 75 55 eb c3 7d 15 81 c4 70 7b 93 e1 ef b2 c1 06 cf 73 1b a6 52 db 21 ed eb a4 6e ba 90 f0 d5 51 8c e1 1c 9e 48 61 34
7d 40 46 e6 7b 9b 22 a2 96 1d d5 50 44 1b 1e 5f d9 0e 59 c6 0d ee 18 6e 98 f2 0c 06 67 93 19 5a 16 7a 38 f9 ae 57 2d 66 4b 84
b1 f8 5d fd 9d cc 29 52 55 42 a3 e9 1b 96 23 6c 8d 80 1c 0c 6f 46 09 36 ca f7 fd 83 58 33 0a 99 a0 41 b5 d6 3d db 52 2a e4 20
e7 3e 7f e2 4f 7a 39 42 75 7b 6f 66 1b 76 cb d6 b6 05 5c ed 9e bd 46 e0 7a b1 da 63 4f 43 d3 c2 d6 46 cf df 0d 07 cc e4 1e ed
19 8d d3 39 20 bd 31 3b 46 28 94 58 9d ff f7 6c 2a 90 4c 42 68 c7 98 a0 ad 3d 98 51 52 40 48 0c 02 13 b1 87 37 2d 8d a1 d3 aa
ec a6 da c0 8f 2c d1 d8 34 0a a1 d3 29 3c 24 c7 9a 1a 70 63 3e 42 9f f8 20 94 34 b0 a5 a1 44 8c d6 30 1e c6 37 5e 5f f6 d9 26
4e e4 7b c2 48 b5 a6 79 97 09 57 ab fc 54 ab 15 27 d3 19 2d 3f 55 d1 ae 13 49 97 ef 3b 97 34 f3 89 6e 5d 2f b4 ce 0c 90 d8 d9
e8 b8 ef ce 6b 5c e2 03 4e b0 2f 65 ee 8b e1 71 a7 4a 25 07 81 ea b9 67 da f2 0f 95 05 71 2e e3 6a 33 48 6f 05 72 2a 0b 9f a7
40 74 54 5e af 76 6d 5e ea 0e 26 89 64 54 9a 6e bd f5 57 c1 65 d8 f6 77 bd 9b 2a b2 45 97 ff 68 0b 2d 51 e7 20 f1 99 6a 58 fa
bc 2a e5 7a 65 af 5e 65 e4 4f 68 2c 0a 84 d2 6f 29 74 b5 6e 6e 7f 46 0a 1d 60 6d fb 7a e6 b1 22 e7 a0 9d a4 cc 92 55 dc 82 99
f2 ee 1c 1b 8d 50 64 d7 dd 08 0a 9b e2 95 6c 14 61 e8 30 20 29 15 b4 be db f1 66 2d 0f f4 56 22 a4 cf 75 0e 41 cd c6 32 a1 e0
ee 4c 92 d9 99 00 8e 10 72 42 fa 04 51 ed 3e 38 b2 87 c8 88 0e 4c 07 2f e9 2d 32 9a 26 3f 67 62 be ad 32 31 65 92 b5 01 2d 28
bb a3 be 63 a3 10 fd de c4 7d 6f 2f ab cb 66 b4 1f 1d 4f c4 88 07 a2 12 17 ae 83 34 59 00 f1 f4 cb 1c 7a 77 05 27 20 60 fb 35
92 54 e2 8f 3e 54 06 ce 1d 5c 86 31 bc eb c3 17 20 12 86 16 8a ce d6 be 48 23 6a 6b c6 e6 88 f6 9d 3a 09 3d d4 89
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53
ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1
hash (32 octets): cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66 hash (32 octets): 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e
59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 61 66 66 69 63 20 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b
66 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df 0e 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7
output (32 octets): f3 15 86 72 b5 85 df 78 19 1e 40 82 60 f7 9c output (32 octets): e6 47 85 57 d7 f3 3b b2 77 01 be 74 7f 2f bf
20 42 3f fd 5f a7 20 1d de 0a 28 87 92 ad 57 c7 9d 00 72 e4 91 4f 96 7a 8a b7 20 c9 36 7f f6 61 49 2a
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53
ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1
hash (32 octets): cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66 hash (32 octets): 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e
59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 61 66 66 69 63 20 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b
66 59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df 0e 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7
output (32 octets): ac 6b c7 af 48 49 1d 9d c2 43 96 50 39 5d 90 output (32 octets): 2e 5d c3 82 75 26 7f 49 ae bd 06 3b 4c 22 70
1e 5b a8 20 5c 2b 83 d4 70 0a d9 a0 ce 68 8e 77 3e 5d 41 7f 79 b0 4e 63 7c 93 d3 e3 2a 7d 54 6e 2e b3
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53
ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1
hash (32 octets): cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66 hash (32 octets): 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e
59 6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 cb 60 d5 fb 22 6a d3 0e fc 47 ce 35 e3 3f 9a 66 59 74 65 72 20 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e 7f
6a e0 62 ee 1f 1a cc 95 8f 40 02 9d 23 0e df f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7
output (32 octets): 49 d1 b4 ea 60 2f 70 7c 8f 42 26 b7 47 53 64 output (32 octets): c5 10 a7 cd 37 4a 95 c4 47 ba 18 53 71 7b a6
53 9e d2 68 e7 bc 38 a6 b7 41 ed dc 99 82 1e 61 b9 02 25 11 6c 89 2f 2b 62 86 26 28 a5 72 df 54 68 92
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): ac 6b c7 af 48 49 1d 9d c2 43 96 50 39 5d 90 1e PRK (32 octets): 2e 5d c3 82 75 26 7f 49 ae bd 06 3b 4c 22 70 5d
5b a8 20 5c 2b 83 d4 70 0a d9 a0 ce 68 8e 77 3e 41 7f 79 b0 4e 63 7c 93 d3 e3 2a 7d 54 6e 2e b3
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 3f d4 15 17 e6 ab 77 a2 e8 2d 51 f0 34 fc
key output (16 octets): d9 97 d8 a3 91 e7 d4 a3 9e ab 6f 92 58 8a 8c 21
4b b0
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 3e 38 3a 26 9e c2 af 30 4e bb 67 55 iv output (12 octets): 8f 51 67 7a 4e 55 3e ce e0 2c c3 48
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 80 e0 c6 f8 6e 1e e2 f6 dd b3 ea 30 a7 fc 72 22 PRK (32 octets): 23 03 a8 1a 55 a9 e2 92 d3 23 cd c8 9a b2 dd a1
3b 9f ed 27 55 5c 8d 41 f5 8f b2 db bd 4c 0d 09 63 40 f8 4f d9 dd 99 5c 72 50 c3 3e d3 82 b2 db
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0f 26 6c ef 4e a6 b6 37 11 64 5d a5 43 f8
30 41 key output (16 octets): 2f b3 45 4b aa 32 08 04 f1 46 3b 6d 86 9e
5c 6e
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ed 85 15 18 dd 0d 97 5e d7 70 a4 79 iv output (12 octets): 8d 74 fa ab ae 3d cf 20 6d 04 dc f8
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 45, line 41 skipping to change at page 46, line 8
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): a1 74 df 38 d7 a4 28 b6 2e 99 80 83 00 c6 8c e5 IKM (32 octets): b2 0d 9a cb a0 e0 38 1d 9f f5 1e 9d 7c b8 ba 18
5a 89 1a 80 74 d9 f0 99 56 78 eb 55 68 fe c5 07 a9 ba 63 7e e5 93 08 13 da 7f f8 62 e6 62 44 45
secret (32 octets): 4c ce 76 5f ac c3 15 26 36 dc 39 a9 12 ad 99 secret (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a
35 75 ff f1 bf 21 55 3b 7a bd 5e 49 f3 76 fa 39 d6 e4 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): 28 a9 36 51 09 57 b3 70 7b c7 72 bd be 0a f2 23 PRK (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 35
d9 71 d8 36 69 d6 f0 b8 b7 4f 34 89 85 d4 f1 35 ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 7b 12 04 e6 6d 4a cf 2d a4 da 5d 45 7e e9 key output (16 octets): 61 a2 08 f9 c7 7f 35 96 9e 7f 1e 0e a2 75
97 34 4c 92
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 2b 44 e2 11 46 6b 55 23 7a 3a 47 82 iv output (12 octets): 08 a7 d2 9a d2 4b bf 51 1e a2 dd 45
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
skipping to change at page 46, line 37 skipping to change at page 47, line 4
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} send a Certificate handshake message {client} send a Certificate handshake message
{client} send a CertificateVerify handshake message {client} send a CertificateVerify handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 80 e0 c6 f8 6e 1e e2 f6 dd b3 ea 30 a7 fc 72 22 PRK (32 octets): 23 03 a8 1a 55 a9 e2 92 d3 23 cd c8 9a b2 dd a1
3b 9f ed 27 55 5c 8d 41 f5 8f b2 db bd 4c 0d 09 63 40 f8 4f d9 dd 99 5c 72 50 c3 3e d3 82 b2 db
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): b8 55 e7 3a ba 6f 0f 8e 02 45 0a 15 be c7 96 output (32 octets): 9e 53 42 bd 39 7f ac 99 c3 40 bd 4a 58 0f 63
d8 47 8c 75 ae 7e 00 bc 05 b1 45 39 a2 ed 9b 68 a5 20 49 8a 4f 63 6a 61 da 92 7a a2 ef 20 75 e9 74 86
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01 payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01
b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86
f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63 f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63
6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39
5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30
0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09 0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09
2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81
00 c3 81 75 e0 04 a6 8d 09 3f 82 3b 9c 37 9d 20 1f bc 0b b7 a1 00 c3 81 75 e0 04 a6 8d 09 3f 82 3b 9c 37 9d 20 1f bc 0b b7 a1
skipping to change at page 47, line 28 skipping to change at page 47, line 43
9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0 9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0
28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02
30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86
48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22
af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d
c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be
2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0 2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0
c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17 c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17
bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f
78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84 78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84
08 04 00 80 0b de ba ae 67 e8 1c 4f 30 0d 83 1b 21 b4 8c f3 cb 08 04 00 80 bc cd 87 0a 6d 51 75 ab 6a 97 3f 99 0f 44 33 b9 f4
bf 81 af be 3e b2 0b dc 44 e8 83 7b ed cf 85 8f 8d 0e c0 56 29 ed ea 6a a9 4c e5 c4 a9 0a 07 0f eb b8 9e 1c f5 24 62 d6 a0 5e
f2 ba 93 26 00 7a a5 f9 bc 24 39 b3 d8 41 60 8e bf df f3 87 d8 62 1b 81 96 24 eb 9b f7 57 3a 08 bb 75 3d 4a 19 43 34 59 62 19
60 a9 77 28 53 25 65 2f 61 a4 64 13 d2 e3 8c a3 39 d1 70 a7 5e 68 75 04 54 05 6f 3d 7c e1 22 7f c2 9e 12 31 36 3e 4e ed 5f e0
fc 2a 83 6e 91 19 ad 14 17 16 13 2d 3c 0e a5 3c ce c3 c2 32 ad f4 93 83 7e f6 fe 4a 63 19 52 0b 63 9a ff e7 75 ae 41 76 bb bf
13 b3 fa 67 09 80 14 48 58 aa 84 d2 b5 e0 05 df 25 b6 78 07 73 69 13 b3 a1 a6 77 a0 35 6f 3c 0f 95 3d 35 77 fb 53 76 13 eb af
59 88 91 b6 56 04 14 00 00 20 45 88 6e 7d 4d 30 f1 3d 16 30 a7 84 8e 6a ee b2 1e 14 00 00 20 97 96 f8 14 93 a1 49 f5 37 f9 9b
cf 54 51 37 be fa db 8e 8e b4 f4 c1 08 c1 69 4b cf 09 45 9f 17 3c 4c f8 55 a0 88 5c 64 10 ff a1 db 0e 25 f3 43 a5 ff b5 1d 60
ciphertext (645 octets): 17 03 03 02 80 4f 18 6c 35 49 64 14 72 ciphertext (645 octets): 17 03 03 02 80 38 0f e4 54 42 85 14 4f
cd a8 6a 17 ea 94 2e ac dd 1f cb b9 3e 73 49 21 c1 a9 63 5c 86 66 58 7c 3f ee 90 97 e2 e5 f4 cf ad 97 31 dc 59 62 36 7e 0f 73
32 8e 85 9f ff a3 ac 41 92 6a 3a cb 7b c6 3a 66 dc 4f 66 68 65 ea a8 c3 16 51 cf fc da 0c 7f 2a 85 d7 46 36 85 7e 61 91 9e 7a
57 fe 0a d0 f3 94 1f 07 98 45 95 b9 7c 91 d1 fd 43 df 76 23 36 3e 1a dd 24 b1 d0 8f 37 35 04 36 f5 d2 96 78 43 6f 6a df 4e 4e
0a da 56 5b 44 fc a1 2d fa a2 99 f6 64 55 cf 1c 86 24 54 70 d9 46 f9 fb 0c 79 da 40 cb 43 dd 82 50 a5 fa bc 61 cd b3 9a 4c 3d
b7 b4 5b 8a b5 ff 6c 65 d5 6e 8e c8 8c ee 82 e8 ff 6c 8b 2c de 31 59 6c e3 1b 4c a9 4c 77 16 f6 f8 0d 09 26 80 d6 ce bf e5 c5
e3 cd 65 a7 a6 5c 58 07 b4 d7 cb c1 ed 85 82 e1 7d 8a 58 75 99 cc 0e 51 15 ff 10 a6 80 1d 82 07 f4 ec ea a8 82 02 e1 bd 55 ab
f8 ae ef 84 41 71 95 35 7e d2 6c 86 9d 2c 03 ee ae 50 d6 33 6a b0 ec aa 4f 0e 41 af 70 54 e0 ff df 76 4a 84 cd 01 be a2 0f d7
27 fa 29 d4 05 51 c3 ef 6c c3 f7 6a 09 32 dd f2 50 22 a3 2b 64 b4 91 e5 c1 20 d9 93 31 4c bd 43 55 65 25 3f b2 4b 6e 67 85 ea
36 ac 4a 1a a1 59 7f a6 10 83 da 75 d2 47 39 b0 0d 10 d3 45 2e 79 8f 86 2c fe 0d 01 de 13 d5 f0 d8 f3 f8 d2 75 5c 1b 4d 46 d1
e3 0d 92 f4 f5 87 fc f0 c3 cf 43 2d 3c 8e 4b 4f 6d 4d df 45 e1 d6 a3 b2 43 ea 8b 45 12 51 2e aa 64 27 3a 84 36 3c cc 93 69 a5
24 04 73 01 87 90 b2 a0 09 91 e0 0a 5c 41 75 99 23 d8 9d c7 6c 3a 0b 60 09 d4 47 23 a8 f5 aa 9d 8b c9 37 1f b0 da dc 45 16 fc
cd ba 57 fc a3 84 df 91 d9 b1 67 c1 70 58 b8 ad 7b 4a 92 8d 6f 9f 84 2d 2e 3d 89 15 39 3d 2b fa db 11 82 0f 74 2d 94 6a 2a fa
2a fe 68 f9 7a 82 e3 50 2a 63 48 1b 50 cf 7b 11 e5 ce 21 65 4a 01 4f df d7 da 08 1b 86 26 7c 3c 62 95 7e 91 83 13 3e d8 7f fe
f0 b5 1e 13 aa fe 1f fc 02 f4 0e a0 d1 a4 64 cb bf 4d 99 91 2c 9e 88 3e 7b 69 8e f9 09 30 ad 93 b4 e6 b3 72 bd ca 6d 77 e1 ed
27 f4 d8 0f ca ad aa e7 8c 1d fc 56 5c da 59 e6 74 1a 27 aa 82 20 71 40 2b eb d8 3f 4b 74 94 a8 02 df f2 ab d1 84 d8 c3 9e 6f
c2 4f 04 76 00 65 19 4f 62 a5 7c 2b 79 1e 57 4c 56 70 c5 82 f5 c6 4a 94 85 a3 18 f6 8b cb a3 7d 9a f9 8b 61 e7 b5 4b 2a 48 71
dd 33 3f 36 83 ed d8 97 11 57 94 d0 78 6e 4e 25 8c cc 6c 75 e9 9d 41 41 9e 5b b7 03 98 49 3a e4 a4 7f 45 f1 61 22 53 15 4d da
3d 33 ee c4 dd 61 7f 63 35 e0 aa eb d5 08 8c 24 d6 ad 03 15 8a bd b8 c6 a3 f7 1d d6 93 69 bd fe a1 af 5c b6 35 d1 8b 97 38 24
b9 8e bb 0b 3a b1 cc d4 03 41 2a 56 0a 38 eb b6 69 53 05 9b 93 8b cb 9c fc 61 08 e0 90 2b 86 f6 26 03 19 43 15 ae 51 d3 ac b1
e0 c1 d3 ad 81 5f 3c 00 3f e4 5a 5f 07 c1 fd 71 7b 29 95 81 56 2d 06 b7 d9 86 14 bf 8e 93 f2 d4 d4 a5 6f e8 2d 09 12 e1 57 bc
99 8e 91 95 7f 6c c0 ed 13 84 c9 59 3d 2b 7e 7a 4f 67 2e aa f0 c5 28 7b 5f 1e f9 a9 db d8 a0 80 19 5f 6b 15 5a f9 16 7c ca 41
ad db 58 10 a0 0c 27 0c 25 56 55 dd 38 d3 90 18 5f 96 e8 1e ea 45 35 4c 03 19 51 ab e3 73 4a 49 84 01 37 70 64 a0 d0 08 76 4d
fa 16 c7 02 9c 95 9c 4a e9 bb 1e b6 fc b5 22 a1 b6 75 17 2e 4c 75 9f d1 c8 ea 7b d3 6b ec a2 23 e4 86 fc e9 89 9c de fe a6 95
02 5c 31 57 a6 75 6e b3 ee e3 9e 6a ef 59 32 97 f1 6b 8f 19 68 ba 7d da f2 3f 80 6b 09 ff ef 81 47 87 c7 71 ba 60 90 08 13 4d
59 e3 0a 83 06 6f e3 b5 4f 87 aa 72 b5 52 76 58 e5 ea 6e 11 c1 d4 51 1e 26 5f 78 b6 25 91 74 76 42 7b ed b7 9a 50 c3 b7 58 01
72 17 02 6a ae 62 b7 f8 91 9a cc 40 d9 1d 50 ae c2 cb b8 3f cf 07 5d 13 3f 2e 07 15 e7 1f c0 07 89 eb dc ce f6 b8 cd f2 5d a4
1b 51 96 3c 08 57 9f 07 b6 e2 04 e4 a2 c0 36 48 64 1c 1d 0d bb 19 bc 00 28 74 4a 75 ba ab 09 25 4a 2b b2 19 81 d1 15 64 64 22
e8 62 8b bc 61 b6 0c 7a 22 4a 88 11 39 f7 0c 58 47 1b 3b 54 4d 98 4f 79 eb c7 0a f1 39 0a b1 a2 ac 38 5c 6a d1 28 fd 9d e3 bf
0d 3a b7 ef 6d b7 fd 8b 3a 4b 10 24 54 c8 08 c2 cd 95 ed a0 93 7d be e6 0f 7f e6 d0 09 e7 ce d6 8b d3 7a 06 fd db 83 5f 8e 56
62 84 8f e3 0d 63 1f 34 f3 cf 8e 4a 6d 49 aa f6 2c 64 d8 8d 1c fc eb 59 4f 74 8a 1d a1 e7 7b ea 51 fb 3e 40 b7 b4 70 12 89 ef
70 d4 7b 37
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): f3 15 86 72 b5 85 df 78 19 1e 40 82 60 f7 9c 20 PRK (32 octets): e6 47 85 57 d7 f3 3b b2 77 01 be 74 7f 2f bf 00
42 3f fd 5f a7 20 1d de 0a 28 87 92 ad 57 c7 9d 72 e4 91 4f 96 7a 8a b7 20 c9 36 7f f6 61 49 2a
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 5f 75 27 06 1e 34 51 95 77 55 81 e4 ea 5a key output (16 octets): db 34 ce df e4 fc db 0e d7 00 41 8f dd 96
1d 62 b2 c7
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): f1 59 e4 60 d3 df 3c 5e 2b d7 bc 9e iv output (12 octets): e1 7e 53 1a ba 3c fa 7f 0f ec 8b f5
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 64 94 cc e1 de 53 33 83 e4 0f 2b fd 9e 2e bb 7e PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53
ba 59 9b f6 5d 22 f1 28 2e 61 14 ca 73 74 76 aa dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1
hash (32 octets): aa 82 ed e5 08 e5 40 e0 d5 ee 0e 67 69 89 c0 8c hash (32 octets): 41 bf 98 c7 24 79 cf cf 1d 49 9d c2 d6 a8 44 c1
66 01 a5 e5 c3 b4 fe 34 31 79 71 ce 9b 69 4b e6 7f 49 1e b9 a0 78 21 08 78 b5 5a e5 26 29 94 60
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 aa 82 ed e5 08 e5 40 e0 d5 ee 0e 67 69 89 c0 8c 66 74 65 72 20 41 bf 98 c7 24 79 cf cf 1d 49 9d c2 d6 a8 44 c1 7f
01 a5 e5 c3 b4 fe 34 31 79 71 ce 9b 69 4b e6 49 1e b9 a0 78 21 08 78 b5 5a e5 26 29 94 60
output (32 octets): ba 54 7d 20 f6 13 f6 8e f2 11 96 e4 c6 89 f4 output (32 octets): c4 11 50 3f ea fa f0 d7 0a 77 c6 81 3d b0 42
36 24 db ac 5c 2c 20 f4 22 f6 a8 39 e2 80 a1 8e 7d 4e f5 f4 ce f4 b5 e2 4d b7 65 f8 79 d3 7f c5 b6 af
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 c5 1d 97 36 4e 8d 18 be 9e ciphertext (24 octets): 17 03 03 00 13 d1 3c 7f 7d 16 11 b4 09 df
79 eb a9 7b 85 3f 3b 34 d6 01 45 77 ca 2b e5 a8 a2 8f 33 30
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 79 be 79 28 e0 e0 62 2e 48 ciphertext (24 octets): 17 03 03 00 13 37 bb 98 68 73 81 3c 79 25
e8 bc 9f 09 93 ac 02 98 b9 f6 aa 29 51 e1 21 b0 58 57 f7 8f
7. Compatibility Mode 7. Compatibility Mode
This example shows use of the handshake with the client requesting This example shows use of the handshake with the client requesting
that the server use compatibility mode as defined in Appendix D.4 of that the server use compatibility mode as defined in Appendix D.4 of
[TLS13]. [TLS13].
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 9a 71 27 21 33 44 89 32 c6 de c0 d4 39 private key (32 octets): ea e2 7f 11 4d a0 68 f8 b3 47 2e 62 88
a6 e2 94 09 22 79 c6 f7 bf d5 89 33 14 b4 a7 70 18 3e 37 00 e8 b9 c2 58 13 58 13 6e bb e7 74 38 cb 4f 4b e2 d1 b4
public key (32 octets): 55 34 3a 1d 8d 02 64 b0 78 f1 6d 70 39 f6 public key (32 octets): d5 15 42 62 5f 25 a9 2d 44 a3 aa de f5 9c
9b c9 4e a9 f2 ee 26 f3 51 91 6d 37 d9 73 aa 38 79 03 a8 49 ad 2f 8e fa 9f 04 b8 f5 da b4 02 ac bc 57 1f 16
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (218 octets): 01 00 00 d6 03 03 93 ee 06 65 40 d4 cf 08 payload (224 octets): 01 00 00 dc 03 03 37 b0 76 d2 fa 50 94 39
fa e8 b4 86 09 f8 f5 29 d0 64 f2 bc 65 28 ab a7 3a 40 46 0c 82 5e 99 71 d7 53 c3 c4 cf 07 56 b9 40 70 13 cb ca c7 f4 4a c3 28
0d 86 cd 20 ed db e1 46 86 5a 29 31 2b 13 c7 4d 56 4e 43 6c 3c 13 f6 0f 20 91 41 b7 89 83 d3 67 a0 fe 97 08 df 32 f5 b9 88 8f
a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db 00 06 13 01 13 03 e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe 00 06 13 01 13 03
13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 13 02 01 00 00 8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72
ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00
01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 55 34 3a 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 d5 15 42
1d 8d 02 64 b0 78 f1 6d 70 39 f6 9b c9 4e a9 f2 ee 26 f3 51 91 62 5f 25 a9 2d 44 a3 aa de f5 9c a8 49 ad 2f 8e fa 9f 04 b8 f5
6d 37 d9 73 aa 38 79 03 00 2b 00 03 02 7f 1c 00 0d 00 20 00 1e da b4 02 ac bc 57 1f 16 00 2b 00 03 02 03 04 00 0d 00 20 00 1e
04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
ciphertext (223 octets): 16 03 01 00 da 01 00 00 d6 03 03 93 ee ciphertext (229 octets): 16 03 01 00 e0 01 00 00 dc 03 03 37 b0
06 65 40 d4 cf 08 fa e8 b4 86 09 f8 f5 29 d0 64 f2 bc 65 28 ab 76 d2 fa 50 94 39 5e 99 71 d7 53 c3 c4 cf 07 56 b9 40 70 13 cb
a7 3a 40 46 0c 82 0d 86 cd 20 ed db e1 46 86 5a 29 31 2b 13 c7 ca c7 f4 4a c3 28 13 f6 0f 20 91 41 b7 89 83 d3 67 a0 fe 97 08
4d 56 4e 43 6c 3c a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db df 32 f5 b9 88 8f e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe
00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00 09 00 00 06 00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b 00 09 00 00 06
73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17
00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00
1d 00 20 55 34 3a 1d 8d 02 64 b0 78 f1 6d 70 39 f6 9b c9 4e a9 1d 00 20 d5 15 42 62 5f 25 a9 2d 44 a3 aa de f5 9c a8 49 ad 2f
f2 ee 26 f3 51 91 6d 37 d9 73 aa 38 79 03 00 2b 00 03 02 7f 1c 8e fa 9f 04 b8 f5 da b4 02 ac bc 57 1f 16 00 2b 00 03 02 03 04
00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04
01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
00 1c 00 02 40 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 42 05 eb 84 23 9b 8c e9 4a 18 f3 d6 22 private key (32 octets): 6f fc 0f 52 08 bb f6 73 4b 5f 95 23 7d
4d 52 23 a5 1a 3d 56 74 18 c2 43 11 96 15 56 56 81 8b 35 3d 48 0a 08 fc e9 89 e6 1c 2f 4d 71 6b 5b e4 4d 66 90 7e
public key (32 octets): 3b ae b0 1c aa 0c 5c 3f e5 06 3e 42 b2 6a public key (32 octets): ab 16 0e 03 51 0f a0 3f d5 bd 6e 7a 94 f4
f6 f5 ba 95 83 7d 54 29 3f 4d 9a 33 36 b9 9b 35 bd 05 00 31 16 35 cd 69 87 2e a6 e4 8a 08 71 5e e3 f0 24 2e
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (122 octets): 02 00 00 76 03 03 5a 34 53 70 5a ec 8d 6f payload (122 octets): 02 00 00 76 03 03 32 a4 2f 56 c8 b8 59 cc
89 e7 1f 60 d2 86 6d 82 3d e9 64 f1 00 1e c1 20 32 f8 00 c0 16 5d 80 f2 7f 48 d0 f2 96 d3 a5 bb 8e 05 28 08 11 14 de 8c e3 84
0d e6 a8 20 ed db e1 46 86 5a 29 31 2b 13 c7 4d 56 4e 43 6c 3c d7 e0 df 20 91 41 b7 89 83 d3 67 a0 fe 97 08 df 32 f5 b9 88 8f
a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db 13 01 00 00 2e 00 e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe 13 01 00 00 2e 00
33 00 24 00 1d 00 20 3b ae b0 1c aa 0c 5c 3f e5 06 3e 42 b2 6a 33 00 24 00 1d 00 20 ab 16 0e 03 51 0f a0 3f d5 bd 6e 7a 94 f4
f6 f5 ba 95 83 7d 54 29 3f 4d 9a 33 36 b9 9b 35 bd 05 00 2b 00 00 31 16 35 cd 69 87 2e a6 e4 8a 08 71 5e e3 f0 24 2e 00 2b 00
02 7f 1c 02 03 04
ciphertext (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 5a 34 ciphertext (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 32 a4
53 70 5a ec 8d 6f 89 e7 1f 60 d2 86 6d 82 3d e9 64 f1 00 1e c1 2f 56 c8 b8 59 cc 5d 80 f2 7f 48 d0 f2 96 d3 a5 bb 8e 05 28 08
20 32 f8 00 c0 16 0d e6 a8 20 ed db e1 46 86 5a 29 31 2b 13 c7 11 14 de 8c e3 84 d7 e0 df 20 91 41 b7 89 83 d3 67 a0 fe 97 08
4d 56 4e 43 6c 3c a0 92 4e b3 db 86 2d 67 a7 ed f9 7b 88 0e db df 32 f5 b9 88 8f e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe
13 01 00 00 2e 00 33 00 24 00 1d 00 20 3b ae b0 1c aa 0c 5c 3f 13 01 00 00 2e 00 33 00 24 00 1d 00 20 ab 16 0e 03 51 0f a0 3f
e5 06 3e 42 b2 6a f6 f5 ba 95 83 7d 54 29 3f 4d 9a 33 36 b9 9b d5 bd 6e 7a 94 f4 00 31 16 35 cd 69 87 2e a6 e4 8a 08 71 5e e3
35 bd 05 00 2b 00 02 7f 1c f0 24 2e 00 2b 00 02 03 04
{server} send change_cipher_spec record: {server} send change_cipher_spec record:
payload (1 octets): 01 payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01 ciphertext (6 octets): 14 03 03 00 01 01
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
skipping to change at page 51, line 33 skipping to change at page 51, line 48
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 9f 52 3e a8 87 a4 46 5a 4f 16 49 f9 fa 1f b1 60 IKM (32 octets): d6 ee 52 33 ce 08 89 3e a5 eb d5 0f 0d 8a 25 bf
84 f4 ae ff 99 e4 55 ca 1c 41 bb f0 08 3f 5d 0d ed 5f fd 57 82 32 31 19 46 91 bd 89 2b 8f 9a 50
secret (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b secret (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad
e5 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85 48 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b e5 PRK (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad 48
48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3
hash (32 octets): 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb 55 hash (32 octets): ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd da
4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd 17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb 61 66 66 69 63 20 ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd
55 4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd da 17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b
output (32 octets): 00 0f 13 8f 78 2f 68 a0 95 23 56 27 e0 bf 6d output (32 octets): 1b 92 72 16 81 91 bc c8 5e 46 45 96 e1 0b 79
89 ca 95 33 9a 43 83 b5 f0 a1 54 e5 d3 1b ae dd bf b8 09 a4 f6 36 02 e4 ad a5 b4 f2 c9 c0 b2 4d 27 37
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b e5 PRK (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad 48
48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3
hash (32 octets): 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb 55 hash (32 octets): ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd da
4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd 17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 63 9d 32 6e 5c ad 8c 4d ae 18 bf 2f 4c ce bb 61 66 66 69 63 20 ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd
55 4c be ae 3d 4e 88 a8 1e cf 3e 44 db 33 08 81 dd da 17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b
output (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 output (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d
55 99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10 5e ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b e5 PRK (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad 48
48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 58 bc 54 77 72 31 e8 db 87 75 4a 9d bd ed d4 output (32 octets): ef 79 6e a9 37 7c f8 94 b0 52 52 2b 22 9f cd
c1 1d b9 4e ea 7e cd 20 f0 16 4e e8 bb 6d 61 40 a7 70 a1 d7 c3 a3 2d ca 6c f5 1d 62 95 04 ef 1e e1 25
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 58 bc 54 77 72 31 e8 db 87 75 4a 9d bd ed d4 c1 salt (32 octets): ef 79 6e a9 37 7c f8 94 b0 52 52 2b 22 9f cd 70
1d b9 4e ea 7e cd 20 f0 16 4e e8 bb 6d 61 40 a7 a1 d7 c3 a3 2d ca 6c f5 1d 62 95 04 ef 1e e1 25
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 secret (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c
10 09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4 a3 7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 55 PRK (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d 5e
99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10 ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 87 7d a8 47 c3 41 75 bb 28 cb d2 8d 0d 02 key output (16 octets): 7d cd 41 e1 40 51 3f be 6a f5 22 a4 da 7f
e9 98 57 5b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 9c 82 74 92 f8 a5 87 6a 42 85 42 55 iv output (12 octets): 77 ee 98 da ae 5c 82 24 7d 30 40 7f
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 55 PRK (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d 5e
99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10 ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): df b8 1d 7b e3 86 4f f9 93 fd 55 87 e1 27 f7 output (32 octets): d1 61 e3 34 21 df d7 05 aa 4c c8 bf a6 e4 4d
1d f5 cd 12 19 a0 c7 77 d7 01 ee ba f7 f1 0a 46 98 42 c8 b2 5b f1 c6 e4 e7 b4 dc c6 cb de a9 c2 a3 a1
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d payload (657 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40
00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 01 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30
01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61
30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36
32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04
30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01
00 30 81 89 02 81 81 00 b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f 82 79 30
36 c6 98 8c 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26 d3 90 1a
9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1 9e
43 12 09 98 e1 87 a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52 4b 1b 01
44 9a 6d 38 e2 2a 5f da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74 80 30 53
d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab
a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01
06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d
a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05
aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17
7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5
9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72
67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63
b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84
9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29
e1 00 00 0f 00 00 84 08 04 00 80 38 58 68 8e 9e 7b 4e e9 95 84 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 84 d9 e6 bb
b2 b0 36 c6 01 b0 f4 10 17 ce 41 da 33 a6 40 4a 61 3d 5c 40 b5 5f 60 86 63 13 c5 02 3b 34 5b b6 68 4a 63 6c 67 82 34 01 5d c8
64 f1 e6 20 fa c0 f7 d5 4c 26 c9 7f f3 d9 a5 26 b4 a0 50 f1 16 3b 80 3d 81 30 68 ba 48 03 e2 cc 26 7f f0 86 70 35 d4 b4 46 28
40 d6 e7 1f ec cc 07 e6 06 98 ba 60 5d 58 d2 6a 20 d6 6c 38 06 64 4c 1e fb 90 82 0c 47 ce c2 14 23 98 c3 aa d3 cf 9d a6 2d d4
7d 65 c9 c6 78 41 18 10 c5 28 f4 a6 76 8b aa 0f df ca 98 f4 fb c5 de 51 ac 82 0c 84 af 40 72 1b dd 67 bc 8b bd db 28 3b 75 14
47 29 0e f5 a6 3e cd a3 70 a3 bc 9c 79 55 17 08 4a 86 e2 93 02 25 62 0c f5 b2 76 f2 32 c2 a0 5e 53 f1 6b 6a d6 cd cd a6 04 da
66 32 45 8d f4 ea 7b dc b8 2d f7 d5 9e 14 00 00 20 bc 28 ae 92 f9 95 e6 f8 42 4a 1d fd 37 0c 58 d0 f7 b4 60 5f 1a 21 a9 14 00
94 56 be 73 73 cf b0 58 e3 ba e0 70 f0 52 e2 57 0d 2e 77 dc 07 00 20 5b 6a d9 10 bc 48 94 47 7b 48 da 86 11 eb c4 de 20 25 72
2b 7e 85 52 23 5f c5 63 5f 9c 4a ac 81 a4 81 2e 82 bf c2 fd
ciphertext (673 octets): 17 03 03 02 9c 2a 03 4f 82 98 74 ce 19 ciphertext (679 octets): 17 03 03 02 a2 28 cc 1b 2f 47 22 95 79
68 38 bd 4a 5a 84 1f 5f ed 01 22 3e d0 a5 6d 12 e5 9c 73 11 60 9f 34 2e 49 90 56 09 07 73 a4 57 20 6f 79 a5 4b b8 ca 78 dc 42
75 5b a2 6f 31 27 e1 b7 eb bd c8 f7 7c 01 d5 be de 64 92 bc f4 e7 54 e1 95 6d dd 1a 78 6e 4c e9 6f 8d a4 12 57 ce 53 17 b7 37
c5 86 a9 85 a3 89 de 5a 7b 4f 8a e3 49 0c f8 95 0e b6 ec d1 a9 60 7a c3 b6 f8 6d 6f 6d 1d 71 06 01 af c5 61 0c d8 fb 16 7c 6a
02 3a 98 27 1a 5e fc f8 dd e9 cc 52 8e 9a 8e 33 99 7f 51 52 13 29 99 1e 50 a6 f4 83 7f ff 89 c2 d0 66 58 01 de 54 6e c2 8c bf
14 b5 c5 c1 19 07 67 8f 99 0c 59 b2 01 fe 58 81 e8 5c 75 fa a1 f1 d7 d5 c3 30 b0 60 48 4a 44 0c 54 1c b1 1f 58 88 4a 50 31 dd
85 97 7c 1e cc b6 1c f9 7f 92 83 bb b9 26 f4 02 06 dc ef 51 e3 ae ac ac af ea 6c 34 5a 93 8b 8e ee 6a 57 10 68 05 79 52 a2 60
2b e3 0f b6 ae c4 9e 1d db c3 af d0 fb 9f 1b aa 73 4a a3 7c a0 f9 e4 d6 51 bc e2 d8 57 1c ec aa da 2d 9b 37 15 60 3f f4 77 dd
94 a3 bf b5 7e d3 dd 61 1c 16 e2 87 8c 0a f2 be fd 65 b3 e4 ff 3c cf bf e6 8f 3c 0c b1 4b 0f c0 60 e6 dc 3b 10 f0 1b 43 8f 22
f8 e7 4c 08 f8 b2 76 4f f7 fd 83 df d6 7d 00 01 52 b8 64 1f 7d 12 71 3a 4b 87 fb b1 0d fd 9c 5c 29 e7 8d bc 7f a6 03 89 94 0f
1b 63 bb e5 00 16 5f 05 08 8e 72 43 04 5b 23 e8 91 76 8b 73 14 4e 3e 17 d9 79 f1 45 73 4d 67 66 12 ee 25 c1 15 fc da 0d f5 2c
26 05 2c 12 90 1a 77 2f f5 27 b6 54 b5 bd 38 ae 76 ae a2 11 f2 d2 35 95 77 fc b1 c2 47 e8 bf 90 0e 7a 59 0c 7e 33 f5 ff 1b 0e
a8 70 b9 47 5a 6f d3 dd 8f c7 a2 12 b6 10 a5 4e e0 e0 10 58 c5 d0 d2 90 35 b5 f7 77 df d2 0f 02 41 40 61 7e e3 2d 6f 5a 7f 1b
ce 0b 43 df e0 5a 21 74 17 24 33 ce a4 d0 a1 c6 e5 e5 8b 0f f2 09 4e 60 d1 b1 78 2e 73 ca 22 ae c2 5d 1d 5f d7 ac c8 f5 58 17
50 ed 5c b0 90 e1 63 33 e6 c7 a7 9c d7 34 3f cf 9c e7 99 dc 32 df 92 fe 17 da 29 13 77 10 e7 aa 2e bb 7c a8 45 6b de 8a dd e7
12 e1 bb 00 d2 a0 3f 34 90 85 0b d0 67 37 0a 1d 10 cb d8 e7 77 88 24 19 c1 b1 8d ba d9 a9 70 54 30 bd 94 71 86 53 f3 d2 fb 78
0c 3a d0 07 2d aa 9b 8d 76 ec 78 97 47 23 56 bc 68 30 06 13 43 2c 62 f1 7b ef c3 24 73 f4 ec 5c 5d 73 39 e6 32 1c 65 d7 a0 c8
05 6f 6b e6 33 c6 e8 bf 13 00 78 21 ef 17 6b a2 47 4b 3d e1 e8 f3 c5 d5 c5 1b bb c3 a5 3d 16 60 c5 89 eb e5 dd 39 bd 1e 53 6f
bd 1e 89 c9 46 75 99 6c 47 38 1e 68 6e 7f 78 c2 e1 e8 4d 71 16 f3 ed 09 84 41 36 76 4a b8 8d 51 71 db 6f bd 32 81 ec e9 e5 96
d3 c5 b4 a6 08 d4 d1 fc 58 33 62 bc f6 30 4e ab 91 78 0a ac cb 07 85 56 0a 6f 51 fc f6 63 e8 fc 82 bb 13 d1 9b 49 c4 56 bc c1
30 f9 55 3a 1c 01 b4 9c e7 45 3e 08 1a 84 a0 85 94 ad 5e 6b 44 16 32 6a 70 1f 22 3a 19 d4 a4 5d cc f6 87 b3 95 9a a0 36 dd f3
03 c6 ed 93 bf be cd c0 d7 48 e4 40 09 35 4c b4 bb 5c c7 b9 0c 58 30 98 87 4c d6 da 79 6f e1 29 26 c1 2a 2d 49 79 1b 2d 88 1f
10 07 00 04 a1 d0 d5 98 e1 42 3b e9 cd e7 37 30 cf b4 90 1a db 13 be c3 ec de b5 fb 69 50 b8 5a 36 14 13 7e ad 5e 26 9e 14 84
00 35 ee 1b ac 56 5a ee 7f 18 34 cd 7f da 4d eb 13 14 90 71 e8 ee 26 2b ba d4 b1 c9 cd 35 09 69 85 75 f8 90 19 a9 28 05 81 5a
34 7d 4c 2a f0 70 fe 4d b8 d9 a2 df 00 35 c3 51 e6 2a ab 84 8e ef 89 91 f8 63 6e a7 d4 87 c1 1c 9c 4c cb aa 91 1c 6c 57 b5 bb
8c 70 98 e1 36 99 4e 36 71 c5 61 a5 fd b7 79 27 75 59 23 32 35 28 29 95 b7 f9 c9 c7 33 3d 7d 8f b7 40 cd 5f 0b 55 85 cb 87 d8
3b 88 49 64 c3 c3 94 e7 21 32 33 62 88 3d cd 09 a1 46 19 1d 27 7c 91 4d 02 c0 f5 6a 93 88 73 03 b2 93 38 6b 8e fb 26 48 b4 e1
bd 2a 56 bd cf 9b 05 cf c4 fc 54 30 1c c2 1c a2 28 27 ef 7b f3 10 be 9e bc f5 c0 76 92 41 79 da b2 b1 bc a2 ad 05 21 44 fa 3b
f0 53 98 9b 5a 79 c3 62 7f 58 85 9c 5e 03 1e 9f c4 9b 7f 9b c1 eb 38 5c 5c 28 f1 17 01 cc 78 3e 7c d8 f8 cc 92 b9 26 93 af 71
2c 9b 38 8f de 57 1b 10 69 dd a1 b1 d6 d7 e4 94 e4 6c b8 d1 24 28 2d ec 09 64 29 66 1d 75 f7 b8 3d 69 b4 39 be 1b f5 4e 74 da
93 0c f2 6f 58 f5 42 e2 ef 9c 75 9b 0a 9c c0 e6 0b 74 a0 6e 7e c8 3d e6 62 c5 93 15 15 bf ed 52 e4 cd 3c ce a8 de 9f b2 2a f9
f6 15 ef f9 19 95 3c bd 76 5e ba 94 14 bc 2a c5 2a 02 64 2d 96 01 a3 40 af a3 3a 7b 06 d5 a5 fd e5 ce 1d 2b 7a 72 c7 e2 ee f5
19 d0 ac c6 e3 95 33 62 89 ff 46 25 d8 5b bb 99 5f 39 25 da d8 66 c6 5e
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10 PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3
09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4 7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19
hash (32 octets): 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f hash (32 octets): e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5
4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 61 66 66 69 63 20 e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84
8f 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0 a5 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45
output (32 octets): a1 4a a6 67 74 22 a7 8a 73 7c ad 36 29 c5 05 output (32 octets): b3 59 c9 26 e6 22 56 e6 10 3e 70 fb bc f9 07
64 7c 87 e4 ed 21 91 65 41 68 bd 66 ea ce ed 6e 69 cb 5e e7 56 20 f8 95 a8 b0 e8 c0 05 a4 df ff 75 6c
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10 PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3
09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4 7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19
hash (32 octets): 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f hash (32 octets): e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5
4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 61 66 66 69 63 20 e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84
8f 4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0 a5 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45
output (32 octets): c1 2e 61 d3 35 07 b5 aa b2 ab be 90 b9 83 9e output (32 octets): 7f 64 01 84 e5 99 d2 8e c8 18 84 1c ff 13 92
1f d7 6e 18 67 1c 7b 7c 37 4a a5 d5 92 ef ce 05 67 30 d5 16 9f 16 3b 1f 52 70 12 a3 8e 5d b8 1f 7b 4e
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10 PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3
09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4 7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19
hash (32 octets): 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f hash (32 octets): e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5
4a 42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 4d 58 ee 58 f7 6b 48 18 cc 66 89 46 61 91 25 8f 4a 74 65 72 20 e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5 9d
42 e6 75 26 f3 55 e1 4c 3c 2f 54 87 d6 7e b0 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45
output (32 octets): 89 a9 80 32 78 0a 83 03 97 d2 5b 01 22 a3 a1 output (32 octets): 92 a0 34 07 bc bd c9 8d 26 ae 38 80 8b d6 f1
d3 40 9c 17 d4 0e f8 fe 4a 3b 90 91 b5 c2 72 29 c9 0c d0 47 14 2e c7 ef ac b8 f3 08 9a 7e 3e 52 87 d6
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): c1 2e 61 d3 35 07 b5 aa b2 ab be 90 b9 83 9e 1f PRK (32 octets): 7f 64 01 84 e5 99 d2 8e c8 18 84 1c ff 13 92 30
d7 6e 18 67 1c 7b 7c 37 4a a5 d5 92 ef ce 05 67 d5 16 9f 16 3b 1f 52 70 12 a3 8e 5d b8 1f 7b 4e
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): a7 52 9a 38 6b 50 bf 52 04 44 bf 07 bc 6f key output (16 octets): 9a 33 b7 ff 19 01 80 b3 05 47 fe 9f e3 12
2c 5f 74 09
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 38 d0 dc f9 0a d6 63 89 a7 bf 36 31 iv output (12 octets): a1 18 3b 47 0d 16 7f 63 62 8d 8b 32
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 00 0f 13 8f 78 2f 68 a0 95 23 56 27 e0 bf 6d 89 PRK (32 octets): 1b 92 72 16 81 91 bc c8 5e 46 45 96 e1 0b 79 b8
ca 95 33 9a 43 83 b5 f0 a1 54 e5 d3 1b ae dd bf 09 a4 f6 36 02 e4 ad a5 b4 f2 c9 c0 b2 4d 27 37
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 4b 0e 0b e7 86 ab 5c 8f a3 7c b4 c4 b7 12 key output (16 octets): e7 37 b9 b1 2f 31 56 81 54 fd 6b f2 53 22
ed 67 ac 53
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 0c 9b b3 47 89 4e 14 37 3d 9e 0d b3 iv output (12 octets): 4a a7 80 6d 4f 81 d5 93 7b 99 3b 26
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
skipping to change at page 57, line 17 skipping to change at page 57, line 30
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 9f 52 3e a8 87 a4 46 5a 4f 16 49 f9 fa 1f b1 60 IKM (32 octets): d6 ee 52 33 ce 08 89 3e a5 eb d5 0f 0d 8a 25 bf
84 f4 ae ff 99 e4 55 ca 1c 41 bb f0 08 3f 5d 0d ed 5f fd 57 82 32 31 19 46 91 bd 89 2b 8f 9a 50
secret (32 octets): e4 41 f1 02 2b 79 40 f1 65 d0 b8 d8 a9 5a 6b secret (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad
e5 48 4d 1b bf 68 93 b4 3d e6 f8 08 56 8f 2c e4 85 48 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data: {client} derive read traffic keys for handshake data:
PRK (32 octets): 69 c6 07 a1 9b 25 3c 20 09 b8 21 7b bf ac 40 55 PRK (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d 5e
99 57 97 b2 26 a1 87 8f 45 c8 92 a1 00 32 60 10 ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 7d cd 41 e1 40 51 3f be 6a f5 22 a4 da 7f
key output (16 octets): 87 7d a8 47 c3 41 75 bb 28 cb d2 8d 0d 02 57 5b
e9 98
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 9c 82 74 92 f8 a5 87 6a 42 85 42 55 iv output (12 octets): 77 ee 98 da ae 5c 82 24 7d 30 40 7f
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send change_cipher_spec record: {client} send change_cipher_spec record:
payload (1 octets): 01 payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01 ciphertext (6 octets): 14 03 03 00 01 01
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
skipping to change at page 58, line 18 skipping to change at page 58, line 33
ciphertext (6 octets): 14 03 03 00 01 01 ciphertext (6 octets): 14 03 03 00 01 01
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 00 0f 13 8f 78 2f 68 a0 95 23 56 27 e0 bf 6d 89 PRK (32 octets): 1b 92 72 16 81 91 bc c8 5e 46 45 96 e1 0b 79 b8
ca 95 33 9a 43 83 b5 f0 a1 54 e5 d3 1b ae dd bf 09 a4 f6 36 02 e4 ad a5 b4 f2 c9 c0 b2 4d 27 37
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): a9 dd b3 5b 53 e6 8e b1 c0 87 d8 b0 a3 4c 68 output (32 octets): 89 90 6b c2 96 20 2c dc 3c 10 2a 87 ff fe 99
40 be 0e c8 b9 7a 71 7c 47 09 e7 c3 79 7e 13 9d 8b cc cd b9 2c b1 94 d2 7a 8b 2b 21 10 e6 8b 41 0c 78
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 13 a4 3b 47 05 72 8b 46 ef ed 3e payload (36 octets): 14 00 00 20 ed 87 35 55 93 d3 ef 08 33 0b 32
61 c6 66 85 d1 3c b4 44 47 35 28 fb 9f 04 c6 5f 1f ce 68 df 4b 69 13 0f e9 5f cd e6 3e 60 1d b1 85 88 35 e5 5b 45 c4 08 e5 c5
ciphertext (58 octets): 17 03 03 00 35 fe d4 a2 5e db 44 ef ae 4d ciphertext (58 octets): 17 03 03 00 35 9a b0 af 58 6e 95 81 22 3d
9d a9 11 d7 86 65 13 31 c5 a2 80 fd d0 79 09 8a d6 c9 8d aa a5 c2 bb 71 4d 5b e3 9f c2 eb 04 31 35 84 82 25 23 6d 39 24 71 5e
4f fb 40 22 4f d7 5a 5d 7e 53 dd 1d c8 9c f3 28 2e 97 fb 84 88 f9 10 bc 81 4c 59 f6 d8 5a d2 a9 22 d5 c4 18 ba bc 48 fb 6b 3a
be 19 bc 5e
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): a1 4a a6 67 74 22 a7 8a 73 7c ad 36 29 c5 05 64 PRK (32 octets): b3 59 c9 26 e6 22 56 e6 10 3e 70 fb bc f9 07 cb
7c 87 e4 ed 21 91 65 41 68 bd 66 ea ce ed 6e 69 5e e7 56 20 f8 95 a8 b0 e8 c0 05 a4 df ff 75 6c
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 1f 78 66 90 72 83 c6 18 41 da f0 04 8c 12 key output (16 octets): de ef 7b 47 f8 c6 cd d2 dc 85 7a cf 80 a4
9a e6 67 5d
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 79 51 ad 9f 92 8f 1c 45 fb 71 83 91
iv output (12 octets): af b0 ec 8b 9a d9 04 61 f1 ec 04 b2
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): ea 35 3f 3a 81 83 26 4b fe 63 23 b2 97 bb 30 10 PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3
09 b2 da d6 a7 f8 25 40 17 1f 37 57 cf 7a d1 a4 7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19
hash (32 octets): 75 dd 85 3e d0 fe 62 6e f3 5f b8 66 98 a2 28 73 hash (32 octets): e8 2a 79 f7 32 a4 90 44 12 3b 22 ce f3 54 68 fb
26 df 91 48 cd 8e 34 67 f9 ae c4 b6 36 2e b3 68 db ab 49 f4 b3 a3 ae 5c 5d 34 e0 f1 12 a3 7c 01
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 75 dd 85 3e d0 fe 62 6e f3 5f b8 66 98 a2 28 73 26 74 65 72 20 e8 2a 79 f7 32 a4 90 44 12 3b 22 ce f3 54 68 fb db
df 91 48 cd 8e 34 67 f9 ae c4 b6 36 2e b3 68 ab 49 f4 b3 a3 ae 5c 5d 34 e0 f1 12 a3 7c 01
output (32 octets): 7c 04 ce b7 db f9 f5 5e 8f 56 fa 0b d3 a4 d3 output (32 octets): 87 33 e8 d1 4e b4 de f0 0b bb e3 f1 65 92 68
5e e1 c0 00 6f 2b ec cd 87 8e d9 65 c5 79 e5 20 c6 73 44 5f 2b c0 23 3d e0 98 2b 59 35 ec 89 ca 50 78
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 28 16 c6 d8 c7 76 a7 a3 d9 ciphertext (24 octets): 17 03 03 00 13 5e 7e 60 d9 38 04 1b 9a fd
6a b2 01 41 16 05 24 97 f2 b4 34 c2 ad ef 72 cb 00 a8 63 43
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 ce d1 f4 91 1b 36 18 48 49 ciphertext (24 octets): 17 03 03 00 13 f8 11 03 38 e0 0b 60 4c f8
33 38 c6 79 60 b0 34 4c 0c 54 82 5f 93 d6 10 ee af 43 91 f8
8. Security Considerations 8. Security Considerations
It probably isn't a good idea to use the private key here. If it It probably isn't a good idea to use the private key here. If it
weren't for the fact that it is too small to provide any meaningful weren't for the fact that it is too small to provide any meaningful
security, it is now very well known. security, it is now very well known.
9. IANA Considerations 9. IANA Considerations
This document makes no requests of IANA. This document makes no requests of IANA.
skipping to change at page 60, line 23 skipping to change at page 60, line 36
[TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", draft-ietf-tls-tls13-28 (work in progress), Version 1.3", draft-ietf-tls-tls13-28 (work in progress),
March 2018. March 2018.
10.2. Informative References 10.2. Informative References
[FIPS186] National Institute of Standards and Technology (NIST), [FIPS186] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", NIST PUB 186-4 , July "Digital Signature Standard (DSS)", NIST PUB 186-4 , July
2013. 2013.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
<https://www.rfc-editor.org/info/rfc5869>.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>. 2016, <https://www.rfc-editor.org/info/rfc7748>.
10.3. URIs 10.3. URIs
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
Appendix A. Acknowledgements Appendix A. Acknowledgements
 End of changes. 422 change blocks. 
1190 lines changed or deleted 1206 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/