draft-ietf-tls-tls13-vectors-06.txt   draft-ietf-tls-tls13-vectors-07.txt 
TLS M. Thomson TLS M. Thomson
Internet-Draft Mozilla Internet-Draft Mozilla
Intended status: Informational July 09, 2018 Intended status: Informational September 27, 2018
Expires: January 10, 2019 Expires: March 31, 2019
Example Handshake Traces for TLS 1.3 Example Handshake Traces for TLS 1.3
draft-ietf-tls-tls13-vectors-06 draft-ietf-tls-tls13-vectors-07
Abstract Abstract
Examples of TLS 1.3 handshakes are shown. Private keys and inputs Examples of TLS 1.3 handshakes are shown. Private keys and inputs
are provided so that these handshakes might be reproduced. are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys and IVs are Intermediate values, including secrets, traffic keys and IVs are
shown so that implementations might be checked incrementally against shown so that implementations might be checked incrementally against
these values. these values.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 10, 2019. This Internet-Draft will expire on March 31, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 10 skipping to change at page 2, line 10
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3
4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 16
5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 26 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 29
6. Client Authentication . . . . . . . . . . . . . . . . . . . . 38 6. Client Authentication . . . . . . . . . . . . . . . . . . . . 42
7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 49 7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 55
8. Security Considerations . . . . . . . . . . . . . . . . . . . 60 8. Security Considerations . . . . . . . . . . . . . . . . . . . 66
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 66
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 66
10.1. Normative References . . . . . . . . . . . . . . . . . . 60 10.1. Normative References . . . . . . . . . . . . . . . . . . 66
10.2. Informative References . . . . . . . . . . . . . . . . . 60 10.2. Informative References . . . . . . . . . . . . . . . . . 66
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 61 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 67
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 61 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 67
1. Introduction 1. Introduction
TLS 1.3 [TLS13] defines a new key schedule and a number of new TLS 1.3 [TLS13] defines a new key schedule and a number of new
cryptographic operations. This document includes sample handshakes cryptographic operations. This document includes sample handshakes
that show all intermediate values. This allows an implementation to that show all intermediate values. This allows an implementation to
be verified incrementally, examining inputs and outputs of each be verified incrementally, examining inputs and outputs of each
cryptographic computation independently. cryptographic computation independently.
A private key is included with the traces so that implementations can A private key is included with the traces so that implementations can
be checked by importing these values and verifying that the same be checked by importing these values and verifying that the same
outputs are produced. outputs are produced.
Note: Invocations of HMAC-based Extract-and-Expand Key Derivation Note: Invocations of HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) [RFC5869] are not labelled, but can be identified Function (HKDF) [RFC5869] are not labelled, but can be identified
through the use the labels used by HKDF. through the use of the labels used by HKDF.
2. Private Keys 2. Private Keys
Ephemeral private keys are shown as they are generated in the traces. Ephemeral private keys are shown as they are generated in the traces.
The server in most examples uses an RSA certificate with a private The server in most examples uses an RSA certificate with a private
key of: key of:
modulus (public): b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c modulus (public): b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c
0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab
skipping to change at page 3, line 48 skipping to change at page 3, line 48
3. Simple 1-RTT Handshake 3. Simple 1-RTT Handshake
In this example, the simplest possible handshake is completed. The In this example, the simplest possible handshake is completed. The
server is authenticated, but the client remains anonymous. After server is authenticated, but the client remains anonymous. After
connecting, a few application data octets are exchanged. The server connecting, a few application data octets are exchanged. The server
sends a session ticket that permits the use of 0-RTT data in any sends a session ticket that permits the use of 0-RTT data in any
resumed session. resumed session.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 01 61 d7 bf 4b a0 6c 35 68 f1 09 54 f0 private key (32 octets): 49 af 42 ba 7f 79 94 85 2d 71 3e f2 78
f1 ca 08 74 60 54 9c dc 7b fe b2 77 6b 46 04 d8 2f aa c2 4b cb ca a7 91 1d e2 6a dc 56 42 cb 63 45 40 e7 ea 50 05
public key (32 octets): b0 f5 01 9f b0 f1 e5 37 6b 8b 1d fb 90 5f public key (32 octets): 99 38 1d e5 60 e4 bd 43 d2 3d 8e 43 5a 7d
1d 91 51 61 ba c3 77 07 da d8 90 7b d7 1b 98 07 b3 45 ba fe b3 c0 6e 51 c1 3c ae 4d 54 13 69 1e 52 9a af 2c
{client} send a ClientHello handshake message {client} construct a ClientHello handshake message
ClientHello (196 octets): 01 00 00 c0 03 03 cb 34 ec b1 e7 81 63
ba 1c 38 c6 da cb 19 6a 6d ff a2 1a 8d 99 12 ec 18 a2 ef 62 83
02 4d ec e7 00 00 06 13 01 13 03 13 02 01 00 00 91 00 00 00 0b
00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23
00 00 00 33 00 26 00 24 00 1d 00 20 99 38 1d e5 60 e4 bd 43 d2
3d 8e 43 5a 7d ba fe b3 c0 6e 51 c1 3c ae 4d 54 13 69 1e 52 9a
af 2c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03
02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06
02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
{client} send handshake record: {client} send handshake record:
payload (196 octets): 01 00 00 c0 03 03 d4 b9 50 3c 5e 95 c9 ee payload (196 octets): 01 00 00 c0 03 03 cb 34 ec b1 e7 81 63 ba
cc 99 ce 63 76 cc ad 4d cc 06 d7 c8 f1 fa 44 b0 d9 56 00 e9 a0 1c 38 c6 da cb 19 6a 6d ff a2 1a 8d 99 12 ec 18 a2 ef 62 83 02
58 6c 67 00 00 06 13 01 13 03 13 02 01 00 00 91 00 00 00 0b 00 4d ec e7 00 00 06 13 01 13 03 13 02 01 00 00 91 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00
00 00 33 00 26 00 24 00 1d 00 20 b0 f5 01 9f b0 f1 e5 37 6b 8b 00 00 33 00 26 00 24 00 1d 00 20 99 38 1d e5 60 e4 bd 43 d2 3d
1d fb 90 5f 1d 91 51 61 ba c3 77 07 da d8 90 7b d7 1b 98 07 b3 8e 43 5a 7d ba fe b3 c0 6e 51 c1 3c ae 4d 54 13 69 1e 52 9a af
45 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 2c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
ciphertext (201 octets): 16 03 01 00 c4 01 00 00 c0 03 03 d4 b9 complete record (201 octets): 16 03 01 00 c4 01 00 00 c0 03 03 cb
50 3c 5e 95 c9 ee cc 99 ce 63 76 cc ad 4d cc 06 d7 c8 f1 fa 44 34 ec b1 e7 81 63 ba 1c 38 c6 da cb 19 6a 6d ff a2 1a 8d 99 12
b0 d9 56 00 e9 a0 58 6c 67 00 00 06 13 01 13 03 13 02 01 00 00 ec 18 a2 ef 62 83 02 4d ec e7 00 00 06 13 01 13 03 13 02 01 00
91 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 91 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02
03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 b0 f5 01 9f 01 03 01 04 00 23 00 00 00 33 00 26 00 24 00 1d 00 20 99 38 1d
b0 f1 e5 37 6b 8b 1d fb 90 5f 1d 91 51 61 ba c3 77 07 da d8 90 e5 60 e4 bd 43 d2 3d 8e 43 5a 7d ba fe b3 c0 6e 51 c1 3c ae 4d
7b d7 1b 98 07 b3 45 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 54 13 69 1e 52 9a af 2c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: 0 (all zero octets)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): e2 36 b9 50 e1 aa 9b af af ed c6 d1 c9 private key (32 octets): b1 58 0e ea df 6d d5 89 b8 ef 4f 2d 56
31 18 67 fd 56 91 d2 c1 5e 05 3b 5a b0 85 f7 3f 75 a8 6a 52 57 8c c8 10 e9 98 01 91 ec 8d 05 83 08 ce a2 16 a2 1e
public key (32 octets): 9d 3c 94 0d 89 69 0b 84 d0 8a 60 99 3c 14 public key (32 octets): c9 82 88 76 11 20 95 fe 66 76 2b db f7 c6
4e ca 68 4d 10 81 28 7c 83 4d 53 11 bc f3 2b b9 da 1a 72 e1 56 d6 cc 25 3b 83 3d f1 dd 69 b1 b0 4e 75 1f 0f
{server} send a ServerHello handshake message {server} construct a ServerHello handshake message
ServerHello (90 octets): 02 00 00 56 03 03 a6 af 06 a4 12 18 60
dc 5e 6e 60 24 9c d3 4c 95 93 0c 8a c5 cb 14 34 da c1 55 77 2e
d3 e2 69 28 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 c9 82 88
76 11 20 95 fe 66 76 2b db f7 c6 72 e1 56 d6 cc 25 3b 83 3d f1
dd 69 b1 b0 4e 75 1f 0f 00 2b 00 02 03 04
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): 81 51 d1 46 4c 1b 55 53 36 23 b9 c2 24 6a 6a 0e IKM (32 octets): 8b d4 05 4f b5 5b 9d 63 fd fb ac f9 f0 4b 9f 0d
6e 7e 18 50 63 e1 4a fd af f0 b6 e1 c6 1a 86 42 35 e6 d6 3f 53 75 63 ef d4 62 72 90 0f 89 49 2d
secret (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 secret (32 octets): 1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b
66 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06 01 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 66 PRK (32 octets): 1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b 01
15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac
hash (32 octets): c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a 5c hash (32 octets): 86 0c 06 ed c0 78 58 ee 8e 78 f0 e7 42 8c 58 ed
2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d d6 b4 3f 2c a3 e6 e9 5f 02 ed 06 3c f0 e1 ca d8
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a 61 66 66 69 63 20 86 0c 06 ed c0 78 58 ee 8e 78 f0 e7 42 8c 58
5c 2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d ed d6 b4 3f 2c a3 e6 e9 5f 02 ed 06 3c f0 e1 ca d8
output (32 octets): e2 e2 32 07 bd 93 fb 7f e4 fc 2e 29 7a fe ab expanded (32 octets): b3 ed db 12 6e 06 7f 35 a7 80 b3 ab f4 5e
16 0e 52 2b 5a b7 5d 64 a8 6e 75 bc ac 3f 3e 51 03 2d 8f 3b 1a 95 07 38 f5 2e 96 00 74 6a 0e 27 a5 5a 21
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 66 PRK (32 octets): 1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b 01
15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac
hash (32 octets): c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a 5c hash (32 octets): 86 0c 06 ed c0 78 58 ee 8e 78 f0 e7 42 8c 58 ed
2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d d6 b4 3f 2c a3 e6 e9 5f 02 ed 06 3c f0 e1 ca d8
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 c6 c9 18 ad 2f 41 99 d5 59 8e af 01 16 cb 7a 61 66 66 69 63 20 86 0c 06 ed c0 78 58 ee 8e 78 f0 e7 42 8c 58
5c 2c 14 cb 54 78 12 18 88 8d b7 03 0d d5 0d 5e 6d ed d6 b4 3f 2c a3 e6 e9 5f 02 ed 06 3c f0 e1 ca d8
output (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 expanded (32 octets): b6 7b 7d 69 0c c1 6c 4e 75 e5 42 13 cb 2d
a8 c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79 37 b4 e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 66 PRK (32 octets): 1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b 01
15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): c8 61 57 19 e2 40 37 47 b6 10 76 2c 72 b8 f4 expanded (32 octets): 43 de 77 e0 c7 77 13 85 9a 94 4d b9 db 25
da 5c 60 99 57 65 d4 04 a9 d0 06 b9 b0 72 7b a5 83 90 b5 31 90 a6 5b 3e e2 e4 f1 2d d7 a0 bb 7c e2 54 b4
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): c8 61 57 19 e2 40 37 47 b6 10 76 2c 72 b8 f4 da salt (32 octets): 43 de 77 e0 c7 77 13 85 9a 94 4d b9 db 25 90 b5
5c 60 99 57 65 d4 04 a9 d0 06 b9 b0 72 7b a5 83 31 90 a6 5b 3e e2 e4 f1 2d d7 a0 bb 7c e2 54 b4
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb secret (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a
51 03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7 47 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 ee fc e7 f7 b3 7b a1 d1 63 payload (90 octets): 02 00 00 56 03 03 a6 af 06 a4 12 18 60 dc 5e
2e 96 67 78 25 dd f7 39 88 cf c7 98 25 df 56 6d c5 43 0b 9a 04 6e 60 24 9c d3 4c 95 93 0c 8a c5 cb 14 34 da c1 55 77 2e d3 e2
5a 12 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 9d 3c 94 0d 89 69 28 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 c9 82 88 76 11
69 0b 84 d0 8a 60 99 3c 14 4e ca 68 4d 10 81 28 7c 83 4d 53 11 20 95 fe 66 76 2b db f7 c6 72 e1 56 d6 cc 25 3b 83 3d f1 dd 69
bc f3 2b b9 da 1a 00 2b 00 02 03 04 b1 b0 4e 75 1f 0f 00 2b 00 02 03 04
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 ee fc e7 complete record (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 a6
f7 b3 7b a1 d1 63 2e 96 67 78 25 dd f7 39 88 cf c7 98 25 df 56 af 06 a4 12 18 60 dc 5e 6e 60 24 9c d3 4c 95 93 0c 8a c5 cb 14
6d c5 43 0b 9a 04 5a 12 00 13 01 00 00 2e 00 33 00 24 00 1d 00 34 da c1 55 77 2e d3 e2 69 28 00 13 01 00 00 2e 00 33 00 24 00
20 9d 3c 94 0d 89 69 0b 84 d0 8a 60 99 3c 14 4e ca 68 4d 10 81 1d 00 20 c9 82 88 76 11 20 95 fe 66 76 2b db f7 c6 72 e1 56 d6
28 7c 83 4d 53 11 bc f3 2b b9 da 1a 00 2b 00 02 03 04 cc 25 3b 83 3d f1 dd 69 b1 b0 4e 75 1f 0f 00 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 a8 PRK (32 octets): b6 7b 7d 69 0c c1 6c 4e 75 e5 42 13 cb 2d 37 b4
c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79 e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): c6 6c b1 ae c5 19 df 44 c9 1e 10 99 55 11 key expanded (16 octets): 3f ce 51 60 09 c2 17 27 d0 f2 e4 e8 6e
ac 8b e4 03 bc
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): f7 f6 88 4c 49 81 71 6c 2d 0d 29 a4 iv expanded (12 octets): 5d 31 3e b2 67 12 76 ee 13 00 0b 30
{server} send a EncryptedExtensions handshake message {server} construct a EncryptedExtensions handshake message
{server} send a Certificate handshake message EncryptedExtensions (40 octets): 08 00 00 24 00 22 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c
00 02 40 01 00 00 00 00
{server} send a CertificateVerify handshake message {server} construct a Certificate handshake message
Certificate (445 octets): 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03
72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17
0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06
03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7
0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f
82 79 30 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26
d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c
1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52
4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74
80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93
ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03
01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06
03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a
72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea
e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01
51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be
c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b
1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8
96 12 29 ac 91 87 b4 2b 4d e1 00 00
{server} construct a CertificateVerify handshake message
CertificateVerify (136 octets): 0f 00 00 84 08 04 00 80 5a 74 7c
5d 88 fa 9b d2 e5 5a b0 85 a6 10 15 b7 21 1f 82 4c d4 84 14 5a
b3 ff 52 f1 fd a8 47 7b 0b 7a bc 90 db 78 e2 d3 3a 5c 14 1a 07
86 53 fa 6b ef 78 0c 5e a2 48 ee aa a7 85 c4 f3 94 ca b6 d3 0b
be 8d 48 59 ee 51 1f 60 29 57 b1 54 11 ac 02 76 71 45 9e 46 44
5c 9e a5 8c 18 1e 81 8e 95 b8 c3 fb 0b f3 27 84 09 d3 be 15 2a
3d a5 04 3e 06 3d da 65 cd f5 ae a2 0d 53 df ac d4 2f 74 f3
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 a8 PRK (32 octets): b6 7b 7d 69 0c c1 6c 4e 75 e5 42 13 cb 2d 37 b4
c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79 e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): a8 0c b7 d1 5d b3 4a 17 ab b0 c2 37 65 be 68 expanded (32 octets): 00 8d 3b 66 f8 16 ea 55 9f 96 b5 37 e8 85
c2 6d 3f 10 da 34 90 5b 09 99 47 e5 5e 37 db 17 b3 c3 1f c0 68 bf 49 2c 65 2f 01 f2 88 a1 d8 cd c1 9f c8
{server} send a Finished handshake message finished (32 octets): 9b 9b 14 1d 90 63 37 fb d2 cb dc e7 1d f4
de da 4a b4 2c 30 95 72 cb 7f ff ee 54 54 b7 8f 07 18
{server} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 9b 9b 14 1d 90 63 37 fb d2 cb
dc e7 1d f4 de da 4a b4 2c 30 95 72 cb 7f ff ee 54 54 b7 8f 07
18
{server} send handshake record: {server} send handshake record:
payload (657 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d payload (657 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40
01 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 01 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30
82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d
01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61
30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36
30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04
skipping to change at page 8, line 14 skipping to change at page 9, line 24
0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab
9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01
a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d
0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05
00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17
06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5
8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72
60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63
a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84
e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29
ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 75 40 40 d0 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 5a 74 7c 5d
dd ab 8c f0 e2 da 2b c4 99 5b 86 8a d7 45 c8 e1 56 4e 33 cd e1 88 fa 9b d2 e5 5a b0 85 a6 10 15 b7 21 1f 82 4c d4 84 14 5a b3
78 80 a4 23 92 cc 62 4a ee f6 b6 7b b3 f0 ae 71 d9 d5 4a 23 09 ff 52 f1 fd a8 47 7b 0b 7a bc 90 db 78 e2 d3 3a 5c 14 1a 07 86
73 1d 87 dc 59 f6 42 d7 33 be 2e b2 74 84 ad 8a 8c 8e b3 51 6a 53 fa 6b ef 78 0c 5e a2 48 ee aa a7 85 c4 f3 94 ca b6 d3 0b be
7a c5 7f 26 25 e2 b5 c0 88 8a 85 41 f4 e7 34 f7 3d 05 47 61 df 8d 48 59 ee 51 1f 60 29 57 b1 54 11 ac 02 76 71 45 9e 46 44 5c
1d d0 2f 0e 3e 9a 33 cf a1 0b 6e 3e b4 eb f7 ac 05 3b 01 fd ab 9e a5 8c 18 1e 81 8e 95 b8 c3 fb 0b f3 27 84 09 d3 be 15 2a 3d
bd df c5 41 33 bc d2 4c 8b bd ce b2 23 b2 aa 03 45 2a 29 14 00 a5 04 3e 06 3d da 65 cd f5 ae a2 0d 53 df ac d4 2f 74 f3 14 00
00 20 ac 86 ac bc 9c d2 5a 45 b5 7a d5 b6 4d b1 5d 44 05 cf 8c 00 20 9b 9b 14 1d 90 63 37 fb d2 cb dc e7 1d f4 de da 4a b4 2c
80 e3 14 58 3e bf 32 83 ef 9a 99 31 0c 30 95 72 cb 7f ff ee 54 54 b7 8f 07 18
ciphertext (679 octets): 17 03 03 02 a2 f1 0b 26 d8 fc af 67 b5 complete record (679 octets): 17 03 03 02 a2 d1 ff 33 4a 56 f5 bf
b8 28 f7 12 12 22 16 a1 cd 14 18 74 65 b7 76 37 cb cd 78 53 91 f6 59 4a 07 cc 87 b5 80 23 3f 50 0f 45 e4 89 e7 f3 3a f3 5e df
28 bb 93 24 6d cc a1 af 56 f1 ea a2 71 66 60 77 45 5b c5 49 65 78 69 fc f4 0a a4 0a a2 b8 ea 73 f8 48 a7 ca 07 61 2e f9 f9 45
d8 5f 05 f9 bd 36 d6 99 61 71 eb 53 6a ff 61 3e ed dc 42 ba d5 cb 96 0b 40 68 90 51 23 ea 78 b1 11 b4 29 ba 91 91 cd 05 d2 a3
a2 d2 22 7c 46 06 f1 21 5f 98 0e 7a fa f5 6b d3 b8 5a 51 be 13 89 28 0f 52 61 34 aa dc 7f c7 8c 4b 72 9d f8 28 b5 ec f7 b1 3b
00 03 10 1a 75 8d 07 7b 1c 89 1d 8e 7a 22 94 7e 5a 22 98 51 fd d9 ae fb 0e 57 f2 71 58 5b 8e a9 bb 35 5c 7c 79 02 07 16 cf b9
42 a9 dd 42 26 08 f8 68 27 2a bf 92 b3 d4 3f b4 6a c4 20 25 93 b1 18 3e f3 ab 20 e3 7d 57 a6 b9 d7 47 76 09 ae e6 e1 22 a4 cf
46 06 7f 66 32 2f d7 08 88 56 80 f4 b4 43 3c 29 11 6f 2d fa 52 51 42 73 25 25 0c 7d 0e 50 92 89 44 4c 9b 3a 64 8f 1d 71 03 5d
9e 09 bb a5 3c 7c d9 20 12 17 24 80 9e ad dc c8 43 07 ef 46 fc 2e d6 5b 0e 3c dd 0c ba e8 bf 2d 0b 22 78 12 cb b3 60 98 72 55
51 a0 b3 3d 99 d3 9d b3 37 fc d7 61 ce 0f 2b 02 dc 73 de db 6f cc 74 41 10 c4 53 ba a4 fc d6 10 92 8d 80 98 10 e4 b7 ed 1a 8f
dd b7 7c 4f 80 99 bd e9 3d 5b ee 08 bc f2 13 1f 29 a2 a3 7f f0 d9 91 f0 6a a6 24 82 04 79 7e 36 a6 a7 3b 70 a2 55 9c 09 ea d6
79 49 e8 f8 bc dd 3e 83 10 b8 bf 8b 34 44 c8 5a af 0d 2a eb 2d 86 94 5b a2 46 ab 66 e5 ed d8 04 4b 4c 6d e3 fc f2 a8 94 41 ac
4f 36 fd 14 d5 cb 51 fc eb ff 41 8b 38 27 13 6a b9 52 9e 9a 3d 66 27 2f d8 fb 33 0e f8 19 05 79 b3 68 45 96 c9 60 bd 59 6e ea
3f 35 e4 c0 ae 74 9e a2 db c9 49 82 a1 28 1d 3e 6d aa b7 19 aa 52 0a 56 a8 d6 50 f5 63 aa d2 74 09 96 0d ca 63 d3 e6 88 61 1e
44 60 88 93 21 a0 08 bf 10 fa 06 ac 0c 61 cc 12 2c c9 0d 5e 22 a5 e2 2f 44 15 cf 95 38 d5 1a 20 0c 27 03 42 72 96 8a 26 4e d6
c0 03 0c 98 6a e8 4a 33 a0 c4 7d f1 74 bc fb d5 0b f7 8f fd f2 54 0c 84 83 8d 89 f7 2c 24 46 1a ad 6d 26 f5 9e ca ba 9a cb bb
40 51 ab 42 3d b6 3d 58 15 db 2f 83 00 40 f3 05 21 13 1c 98 c6 31 7b 66 d9 02 f4 f2 92 a3 6a c1 b6 39 c6 37 ce 34 31 17 b6 59
6f 16 c3 62 ad dc e2 fb a0 60 2c f0 a7 dd df 22 e8 de f7 51 6c 62 22 45 31 7b 49 ee da 0c 62 58 f1 00 d7 d9 61 ff b1 38 64 7e
df ee 95 b4 05 6c c9 ad 38 c9 53 52 33 54 21 b5 b1 ff ba df 75 92 ea 33 0f ae ea 6d fa 31 c7 a8 4d c3 bd 7e 1b 7a 6c 71 78 af
e5 21 2f da d7 a7 5f 52 a2 80 14 86 a1 ee c3 53 95 80 be e0 e4 36 87 90 18 e3 f2 52 10 7f 24 3d 24 3d c7 33 9d 56 84 c8 b0 37
b3 37 cd a6 08 5a c9 ec cd 1a 0f 1a 46 ce bf bb 5c df a3 25 1a 8b f3 02 44 da 8c 87 c8 43 f5 e5 6e b4 c5 e8 28 0a 2b 48 05 2c
c2 8c 3b c8 26 14 8c 6d 8c 1e b6 a0 6f 77 f6 ff 63 2c 6a 83 e2 f9 3b 16 49 9a 66 db 7c ca 71 e4 59 94 26 f7 d4 61 e6 6f 99 88
83 e8 f9 df 7c 6d ba bf 1c 6e a4 06 29 a8 5b 43 ab 0c 73 d3 4f 2b d8 9f c5 08 00 be cc a6 2d 6c 74 11 6d bd 29 72 fd a1 fa 80
9d 50 72 83 2a 10 4e da 3f 75 f5 d8 3d a6 e1 48 22 a1 8e 14 09 f8 5d f8 81 ed be 5a 37 66 89 36 b3 35 58 3b 59 91 86 dc 5c 69
9d 74 9e af d8 23 ca 2a c7 54 20 86 50 1e ca 20 6c e7 88 79 20 18 a3 96 fa 48 a1 81 d6 b6 fa 4f 9d 62 d5 13 af bb 99 2f 2b 99
00 85 73 75 7c e2 f2 30 a8 90 78 2b 99 cc 68 23 77 be ee 81 27 2f 67 f8 af e6 7f 76 91 3f a3 88 cb 56 30 c8 ca 01 e0 c6 5d 11
56 d0 4f 90 25 13 5f b5 99 d7 46 fe fe 73 16 c9 22 ac 26 5c a0 c6 6a 1e 2a c4 c8 59 77 b7 c7 a6 99 9b bf 10 dc 35 ae 69 f5 51
d2 90 21 37 5a db 63 c1 50 9c 3e 24 2d fb 92 b8 de e8 91 f7 36 56 14 63 6c 0b 9b 68 c1 9e d2 e3 1c 0b 3b 66 76 30 38 eb ba 42
8c 40 58 39 9b 8d b9 07 5f 2d cc 82 16 19 4e 50 3b 66 52 d8 7d f3 b3 8e dc 03 99 f3 a9 f2 3f aa 63 97 8c 31 7f c9 fa 66 a7 3f
2c b4 1f 99 ad fd cc 5b e5 ec 7e 1e 63 26 ac 22 d7 0b d3 ba 65 60 f0 50 4d e9 3b 5b 84 5e 27 55 92 c1 23 35 ee 34 0b bc 4f dd
28 27 53 2d 66 9a ff 00 51 73 59 7f 80 39 c3 ea 49 22 d3 ec 75 d5 02 78 40 16 e4 b3 be 7e f0 4d da 49 f4 b4 40 a3 0c b5 d2 af
76 70 22 2f 6a c2 9b 93 e9 0d 7a d3 f6 dd 96 32 8e 42 9c fc fd 93 98 28 fd 4a e3 79 4e 44 f9 4d f5 a6 31 ed e4 2c 17 19 bf da
5c ca 22 70 7f e2 d8 6a d1 dc b0 be 75 6e 8e bf 02 53 fe 51 75 be 89 8e 75 0e dc 53 37 0d 2b
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51 PRK (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a 47
03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19
hash (32 octets): f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5 hash (32 octets): 96 08 10 2a 0f 1c cc 6d b6 25 0b 7b 7e 41 7b 1a
d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf 00 0e aa da 3d aa e4 77 7a 76 86 c9 ff 83 df 13
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d 61 66 66 69 63 20 96 08 10 2a 0f 1c cc 6d b6 25 0b 7b 7e 41 7b
d5 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf 1a 00 0e aa da 3d aa e4 77 7a 76 86 c9 ff 83 df 13
output (32 octets): e2 f0 db 6a 82 e8 82 80 fc 26 f7 3c 89 85 4e expanded (32 octets): 9e 40 64 6c e7 9a 7f 9d c0 5a f8 88 9b ce
e8 61 5e 25 df 28 b2 20 79 62 fa 78 22 26 b2 36 26 65 52 87 5a fa 0b 06 df 00 87 f7 92 eb b7 c1 75 04 a5
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51 PRK (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a 47
03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19
hash (32 octets): f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5 hash (32 octets): 96 08 10 2a 0f 1c cc 6d b6 25 0b 7b 7e 41 7b 1a
d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf 00 0e aa da 3d aa e4 77 7a 76 86 c9 ff 83 df 13
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d 61 66 66 69 63 20 96 08 10 2a 0f 1c cc 6d b6 25 0b 7b 7e 41 7b
d5 d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf 1a 00 0e aa da 3d aa e4 77 7a 76 86 c9 ff 83 df 13
output (32 octets): 5b 73 b1 08 d9 ac 1b 9b 0c 82 48 ca 39 26 ec expanded (32 octets): a1 1a f9 f0 55 31 f8 56 ad 47 11 6b 45 a9
6e 7b c4 7e 41 17 06 96 39 87 ec 11 43 5d 30 57 19 50 32 82 04 b4 f4 4b fb 6b 3a 4b 4f 1f 3f cb 63 16 43
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51 PRK (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a 47
03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19
hash (32 octets): f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5 hash (32 octets): 96 08 10 2a 0f 1c cc 6d b6 25 0b 7b 7e 41 7b 1a
d8 6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf 00 0e aa da 3d aa e4 77 7a 76 86 c9 ff 83 df 13
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 f8 c1 9e 8c 77 c0 38 79 bb c8 eb 6d 56 e0 0d d5 d8 74 65 72 20 96 08 10 2a 0f 1c cc 6d b6 25 0b 7b 7e 41 7b 1a 00
6e f5 59 27 ee fc 08 e1 b0 02 b6 ec e0 5d bf 0e aa da 3d aa e4 77 7a 76 86 c9 ff 83 df 13
output (32 octets): b7 73 34 8a 35 a0 41 f1 19 96 89 f8 df 30 09 expanded (32 octets): fe 22 f8 81 17 6e da 18 eb 8f 44 52 9e 67
7b 1d 25 7a bf 5c 0a aa 16 c8 65 10 56 b9 06 d6 c6 92 c5 0c 9a 3f 89 45 2f 68 d8 ae 31 1b 43 09 d3 cf 50
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 5b 73 b1 08 d9 ac 1b 9b 0c 82 48 ca 39 26 ec 6e PRK (32 octets): a1 1a f9 f0 55 31 f8 56 ad 47 11 6b 45 a9 50 32
7b c4 7e 41 17 06 96 39 87 ec 11 43 5d 30 57 19 82 04 b4 f4 4b fb 6b 3a 4b 4f 1f 3f cb 63 16 43
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): a6 88 eb b5 ac 82 6d 6f 42 d4 5c 0c c4 4b key expanded (16 octets): 9f 02 28 3b 6c 9c 07 ef c2 6b b9 f2 ac
9b 7d 92 e3 56
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): c1 ca d4 42 5a 43 8b 5d e7 14 83 0a iv expanded (12 octets): cf 78 2b 88 dd 83 54 9a ad f1 e9 84
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): e2 e2 32 07 bd 93 fb 7f e4 fc 2e 29 7a fe ab 16 PRK (32 octets): b3 ed db 12 6e 06 7f 35 a7 80 b3 ab f4 5e 2d 8f
0e 52 2b 5a b7 5d 64 a8 6e 75 bc ac 3f 3e 51 03 3b 1a 95 07 38 f5 2e 96 00 74 6a 0e 27 a5 5a 21
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 26 79 a4 3e 1d 76 78 40 34 ea 17 97 d5 ad key expanded (16 octets): db fa a6 93 d1 76 2c 5b 66 6a f5 d9 50
26 49 25 8d 01
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 54 82 40 52 90 dd 0d 2f 81 c0 d9 42 iv expanded (12 octets): 5b d3 c7 1b 83 6e 0b 76 bb 73 26 5f
{client} extract secret "early":
salt: (absent)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c {client} extract secret "early" (same as server early secret)
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): 81 51 d1 46 4c 1b 55 53 36 23 b9 c2 24 6a 6a 0e
6e 7e 18 50 63 e1 4a fd af f0 b6 e1 c6 1a 86 42
secret (32 octets): 5b 4f 96 5d f0 3c 68 2c 46 e6 ee 86 c3 11 63 {client} extract secret "handshake" (same as server handshake
66 15 a1 d2 bb b2 43 45 c2 52 05 95 3c 87 9e 8d 06 secret)
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server master secret)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 3b 7a 83 9c 23 9e f2 bf 0b 73 05 a0 e0 c4 e5 a8
c6 c6 93 30 a7 53 b3 08 f5 e3 a8 3a a2 ef 69 79
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): c6 6c b1 ae c5 19 df 44 c9 1e 10 99 55 11
ac 8b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): f7 f6 88 4c 49 81 71 6c 2d 0d 29 a4 {client} derive read traffic keys for handshake data (same as server
handshake data write traffic keys)
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server handshake data read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server application data write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): e2 e2 32 07 bd 93 fb 7f e4 fc 2e 29 7a fe ab 16 PRK (32 octets): b3 ed db 12 6e 06 7f 35 a7 80 b3 ab f4 5e 2d 8f
0e 52 2b 5a b7 5d 64 a8 6e 75 bc ac 3f 3e 51 03 3b 1a 95 07 38 f5 2e 96 00 74 6a 0e 27 a5 5a 21
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 12 1b f5 86 01 b2 ed 13 bf 14 b3 ee ac bd 9d expanded (32 octets): b8 0a d0 10 15 fb 2f 0b d6 5f f7 d4 da 5d
a4 ba ba 1e 14 3e db 66 a1 07 79 59 60 fb d9 e2 1f 6b f8 3f 84 82 1d 1f 87 fd c7 d3 c7 5b 5a 7b 42 d9 c4
{client} send a Finished handshake message finished (32 octets): a8 ec 43 6d 67 76 34 ae 52 5a c1 fc eb e1
1a 03 9e c1 76 94 fa c6 e9 85 27 b6 42 f2 ed d5 ce 61
{client} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 a8 ec 43 6d 67 76 34 ae 52 5a
c1 fc eb e1 1a 03 9e c1 76 94 fa c6 e9 85 27 b6 42 f2 ed d5 ce
61
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 b9 02 7a 02 04 b9 72 b5 2c de fa payload (36 octets): 14 00 00 20 a8 ec 43 6d 67 76 34 ae 52 5a c1
58 95 0f a1 58 0d 68 c9 cb 12 4d be 69 1a 71 78 f2 5c 55 4b 23 fc eb e1 1a 03 9e c1 76 94 fa c6 e9 85 27 b6 42 f2 ed d5 ce 61
ciphertext (58 octets): 17 03 03 00 35 95 39 b4 ae 2f 87 fd 8e 61 complete record (58 octets): 17 03 03 00 35 75 ec 4d c2 38 cc e6
6b 29 56 28 ea 95 3d 9e 38 58 db 27 49 70 d1 98 13 ec 13 6c ae 0b 29 80 44 a7 1e 21 9c 56 cc 77 b0 51 7f e9 b9 3c 7a 4b fc 44
7d 96 e0 41 77 75 fc ab d3 d8 85 8f dc 60 24 09 12 d2 18 f5 af d8 7f 38 f8 03 38 ac 98 fc 46 de b3 84 bd 1c ae ac ab 68 67 d7
b2 1c 26 c4 05 46
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): e2 f0 db 6a 82 e8 82 80 fc 26 f7 3c 89 85 4e e8 PRK (32 octets): 9e 40 64 6c e7 9a 7f 9d c0 5a f8 88 9b ce 65 52
61 5e 25 df 28 b2 20 79 62 fa 78 22 26 b2 36 26 87 5a fa 0b 06 df 00 87 f7 92 eb b7 c1 75 04 a5
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 88 b9 6a d6 86 c8 4b e5 5a ce 18 a5 9c ce key expanded (16 octets): 17 42 2d da 59 6e d5 d9 ac d8 90 e3 c6
5c 87 3f 50 51
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): b9 9d c5 8c d5 ff 5a b0 82 fd ad 19 iv expanded (12 octets): 5b 78 92 3d ee 08 57 90 33 e5 23 d9
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 5c 79 d1 69 42 4e 26 2b 56 32 03 62 7b e4 eb 51 PRK (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a 47
03 3f 58 8c 43 c9 ce 03 73 37 2d bc bc 01 85 a7 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19
hash (32 octets): 50 2f 86 b9 57 9e c0 53 d3 28 24 e2 78 0e f6 5c hash (32 octets): 20 91 45 a9 6e e8 e2 a1 22 ff 81 00 47 cc 95 26
c4 37 a3 56 43 45 35 6b df 79 13 ec 3b 87 96 14 84 65 8d 60 49 e8 64 29 42 6d b8 7c 54 ad 14 3d
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 50 2f 86 b9 57 9e c0 53 d3 28 24 e2 78 0e f6 5c c4 74 65 72 20 20 91 45 a9 6e e8 e2 a1 22 ff 81 00 47 cc 95 26 84
37 a3 56 43 45 35 6b df 79 13 ec 3b 87 96 14 65 8d 60 49 e8 64 29 42 6d b8 7c 54 ad 14 3d
output (32 octets): f7 84 42 e1 c4 b9 d4 40 ad b6 3b e6 8f 74 a5 expanded (32 octets): 7d f2 35 f2 03 1d 2a 05 12 87 d0 2b 02 41
f3 01 94 6a 2b 2b db 36 c0 45 bb 7c f5 a9 e3 02 f5 b0 bf da f8 6c c8 56 23 1f 2d 5a ba 46 c4 34 ec 19 6c
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client application data write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{server} generate resumption secret "tls13 resumption": {server} generate resumption secret "tls13 resumption":
PRK (32 octets): f7 84 42 e1 c4 b9 d4 40 ad b6 3b e6 8f 74 a5 f3 PRK (32 octets): 7d f2 35 f2 03 1d 2a 05 12 87 d0 2b 02 41 b0 bf
01 94 6a 2b 2b db 36 c0 45 bb 7c f5 a9 e3 02 f5 da f8 6c c8 56 23 1f 2d 5a ba 46 c4 34 ec 19 6c
hash (2 octets): 00 00 hash (2 octets): 00 00
info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74 info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74
69 6f 6e 02 00 00 69 6f 6e 02 00 00
output (32 octets): e3 4f 01 59 72 7d 1b 8e 4c 9c 17 68 59 45 a2 expanded (32 octets): 4e cd 0e b6 ec 3b 4d 87 f5 d6 02 8f 92 2c
86 1f 70 dc 21 05 cb 22 4b 6d bd b3 83 28 2e f5 cf a4 c5 85 1a 27 7f d4 13 11 c9 e6 2d 2c 94 92 e1 c4 f3
{server} send a NewSessionTicket handshake message {server} construct a NewSessionTicket handshake message
NewSessionTicket (205 octets): 04 00 00 c9 00 00 00 1e fa d6 aa
c5 02 00 00 00 b2 2c 03 5d 82 93 59 ee 5f f7 af 4e c9 00 00 00
00 26 2a 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf 1b 00 70 ad 3c
49 88 83 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60 97 a3 a9 82 11
72 83 f8 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61 be 7f d6 1d 28
27 db 27 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4 d2 9e e0 37 25
a6 a4 da fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2 67 7f a5 90 6c
5b 3f 7d 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb f2 97 b5 ae a6
17 64 6f ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41 ef 5f 7d e6 50
5e 5b fb c3 88 e9 33 43 69 40 93 93 4a e4 d3 57 00 08 00 2a 00
04 00 00 04 00
{server} send handshake record: {server} send handshake record:
payload (205 octets): 04 00 00 c9 00 00 00 1e 2f d3 99 2f 02 00 payload (205 octets): 04 00 00 c9 00 00 00 1e fa d6 aa c5 02 00
00 00 b2 ff 09 9f 96 76 cd ff 8b 0b f8 82 5d 00 00 00 00 79 05 00 00 b2 2c 03 5d 82 93 59 ee 5f f7 af 4e c9 00 00 00 00 26 2a
a9 d2 8e fe ef 4a 47 c6 f9 b0 6a 0c ec db 00 70 d9 20 b8 98 99 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf 1b 00 70 ad 3c 49 88 83
7c 75 b7 96 36 94 3e d4 20 46 a9 61 42 bd 08 4a 04 ac fa 0c 49 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60 97 a3 a9 82 11 72 83 f8
0f 45 2d 75 6d ea 02 c0 f9 27 25 9f 1f 32 31 ac 0d 54 1a 76 91 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61 be 7f d6 1d 28 27 db 27
29 b7 40 ce 38 09 08 42 b8 28 c2 7f d7 29 f5 97 37 ba 98 aa 7b 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4 d2 9e e0 37 25 a6 a4 da
42 e0 43 c5 da 28 f8 dc a8 59 0b 2d f4 10 d5 13 4f d6 c4 ca ca fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2 67 7f a5 90 6c 5b 3f 7d
d8 b3 03 70 60 2a fa 35 d2 65 bf 4d 12 79 76 bb 36 db da 6a 62 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb f2 97 b5 ae a6 17 64 6f
6f 02 70 e2 0e eb c7 3d 6f ca e2 b1 a0 da 12 2e e9 04 2f 76 be ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41 ef 5f 7d e6 50 5e 5b fb
56 eb f4 1a a4 69 c3 d2 c9 da 91 97 d8 00 08 00 2a 00 04 00 00 c3 88 e9 33 43 69 40 93 93 4a e4 d3 57 00 08 00 2a 00 04 00 00
04 00 04 00
ciphertext (227 octets): 17 03 03 00 de 36 80 c2 b2 10 9d 25 ca complete record (227 octets): 17 03 03 00 de 3a 6b 8f 90 41 4a 97
a2 6c 3b 06 ee a9 fd c5 cb 31 61 3b a7 02 17 65 96 da 2e 88 6b d6 95 9c 34 87 68 0d e5 13 4a 2b 24 0e 6c ff ac 11 6e 95 d4 1d
f6 af 93 50 7b d6 81 61 ad 9c b4 78 06 53 84 2e 10 41 ec bf 00 6a f8 f6 b5 80 dc f3 d1 1d 63 c7 58 db 28 9a 01 59 40 25 2f 55
88 a6 5a c4 ef 43 84 19 dd 1d 95 dd d9 bd 2a d4 48 4e 7e 16 7d 71 3e 06 1d c1 3e 07 88 91 a3 8e fb cf 57 53 ad 8e f1 70 ad 3c
0e 6c 00 84 48 ae 58 a0 41 87 13 b6 fc 6c 51 e4 bb 23 a5 37 fb 73 53 d1 6d 9d a7 73 b9 ca 7f 2b 9f a1 b6 c0 d4 a3 d0 3f 75 e0
75 a7 4f 73 de 31 fe 6a a0 bc 52 25 15 f8 b2 5f 89 55 42 8b 5d 9c 30 ba 1e 62 97 2a c4 6f 75 f7 b9 81 be 63 43 9b 29 99 ce 13
e5 ac 06 76 2c ec 22 b0 aa 78 c9 43 85 ef 8e 70 fa 24 94 5b 7c 06 46 15 13 98 91 d5 e4 c5 b4 06 f1 6e 3f c1 81 a7 7c a4 75 84
1f 26 85 10 87 16 89 bb bb fa f2 e7 f4 a1 92 77 02 4f 95 f1 14 00 25 db 2f 0a 77 f8 1b 5a b0 5b 94 c0 13 46 75 5f 69 23 2c 86
3a b1 2a 31 ec 63 ad b1 28 cb 39 07 11 fd 6d 06 a4 98 df 3e 98 51 9d 86 cb ee ac 87 aa c3 47 d1 43 f9 60 5d 64 f6 50 db 4d 02
61 5d 8e b1 02 e2 33 53 b4 80 ef cc a5 e8 e0 26 7a 6d 0f e2 44 3e 70 e9 52 ca 49 fe 51 37 12 1c 74 bc 26 97 68 7e 24 87 46 d6
1f 14 c8 c9 66 4a ef b2 cf ff 6a e9 e0 44 27 28 b6 a0 94 0c 1e df 35 30 05 f3 bc e1 86 96 12 9c 81 53 55 6b 3b 6c 67 79 b3 7b
82 4f da 06 f1 59 85 68 4f
{client} generate resumption secret "tls13 resumption" (same as {client} generate resumption secret "tls13 resumption" (same as
server) server)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 8c 34 97 da 00 ae 02 3e 53 complete record (72 octets): 17 03 03 00 43 a2 3f 70 54 b6 2c 94
c0 1b 43 24 b6 65 40 4c 1b 49 e7 8f e2 bf 4d 17 f6 34 8a e8 34 d0 af fa fe 82 28 ba 55 cb ef ac ea 42 f9 14 aa 66 bc ab 3f 2b
05 51 e3 63 a0 cd 05 f2 17 9c 4f ef 5a d6 89 b5 ca e0 ba e9 4a 98 19 a8 a5 b4 6b 39 5b d5 4a 9a 20 44 1e 2b 62 97 4e 1f 5a 62
dc 63 63 2e 57 1f b7 9a a9 15 44 c6 39 4d 28 a1 92 a2 97 70 14 bd 1e 3d ea e6 3a ee bb 21 69 49 15 e4
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 f6 5f 49 fd 2d f6 cd 23 47 complete record (72 octets): 17 03 03 00 43 2e 93 7e 11 ef 4a c7
c3 d3 01 66 e3 cf dd b6 30 8a 59 06 c0 76 11 2c 6a 37 ff 1d bd 40 e5 38 ad 36 00 5f c4 a4 69 32 fc 32 25 d0 5f 82 aa 1b 36 e3
40 6b 58 13 c0 ab d7 34 88 30 17 a6 b2 83 31 86 b1 3c 14 da 5d 0e fa f9 7d 90 e6 df fc 60 2d cb 50 1a 59 a8 fc c4 9c 4b f2 e5
75 f3 3d 87 60 78 99 94 e2 7d 82 04 3a b8 8d 65 f0 a2 1c 00 47 c2 ab f3 32 54 0d d0 32 e1 67 c2 95 5d
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 2c 21 48 16 3d 79 38 a3 5f complete record (24 octets): 17 03 03 00 13 c9 87 27 60 65 56 66
6a cf 2a 66 06 f8 cb d1 d9 f2 b7 4d 7f f1 15 3e fd 6d b6 d0 b0 e3
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 f8 14 1e bd b5 ed a5 11 e0
bc e6 39 a5 6f f9 ea 82 5a 21 complete record (24 octets): 17 03 03 00 13 b5 8f d6 71 66 eb f5
99 d2 47 20 cf be 7e fa 7a 88 64 a9
4. Resumed 0-RTT Handshake 4. Resumed 0-RTT Handshake
This handshake resumes from the handshake in Section 3. Since the This handshake resumes from the handshake in Section 3. Since the
server provided a session ticket that permitted 0-RTT, and the client server provided a session ticket that permitted 0-RTT, and the client
is configured for 0-RTT, the client is able to send 0-RTT data. is configured for 0-RTT, the client is able to send 0-RTT data.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 53 9d 7e bf a9 6c 5c eb 7d 86 f0 b9 68 private key (32 octets): bf f9 11 88 28 38 46 dd 6a 21 34 ef 71
2a 1d d7 b7 b6 0d 81 c2 73 50 74 35 cd d1 b7 aa 80 05 1f 80 ca 2b 0b 14 fb 10 dc e7 07 b5 09 8c 0d dd c8 13 b2 df
public key (32 octets): b0 31 99 c3 4d 68 2d 91 db 5f 58 96 10 f6 public key (32 octets): e4 ff b6 8a c0 5f 8d 96 c9 9d a2 66 98 34
c0 9b ec e9 9c 23 c7 7c c6 0d 1e dd 0d 25 ed 5d be 70 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1 8d 66 8f 0b
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: 0 (all zero octets)
IKM (32 octets): e3 4f 01 59 72 7d 1b 8e 4c 9c 17 68 59 45 a2 86 IKM (32 octets): 4e cd 0e b6 ec 3b 4d 87 f5 d6 02 8f 92 2c a4 c5
1f 70 dc 21 05 cb 22 4b 6d bd b3 83 28 2e f5 cf 85 1a 27 7f d4 13 11 c9 e6 2d 2c 94 92 e1 c4 f3
secret (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 secret (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20
84 66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15 bb 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c
{client} send a ClientHello handshake message {client} construct a ClientHello handshake message
{client} calculate finished "tls13 finished": ClientHello (477 octets): 01 00 01 fc 03 03 1b c3 ce b6 bb e3 9c
ff 93 83 55 b5 a5 0a db 6d b2 1b 7a 6a f6 49 d7 b4 bc 41 9d 78
76 48 7d 95 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b
00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33
00 26 00 24 00 1d 00 20 e4 ff b6 8a c0 5f 8d 96 c9 9d a2 66 98
34 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1 8d 66 8f 0b 00 2a
00 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03
02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06
02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 29 00 dd 00 b8 00 b2 2c 03 5d 82 93 59 ee 5f f7 af 4e c9
00 00 00 00 26 2a 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf 1b 00
70 ad 3c 49 88 83 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60 97 a3
a9 82 11 72 83 f8 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61 be 7f
d6 1d 28 27 db 27 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4 d2 9e
e0 37 25 a6 a4 da fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2 67 7f
a5 90 6c 5b 3f 7d 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb f2 97
b5 ae a6 17 64 6f ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41 ef 5f
7d e6 50 5e 5b fb c3 88 e9 33 43 69 40 93 93 4a e4 d3 57 fa d6
aa cb
PRK (32 octets): 20 63 8e c4 e9 90 45 a8 bb 12 1e 86 fe 65 54 82 {client} calculate PSK binder:
db b3 74 0d db f6 2d 0c bc c2 04 9c 10 c7 01 34
ClientHello prefix (477 octets): 01 00 01 fc 03 03 1b c3 ce b6 bb
e3 9c ff 93 83 55 b5 a5 0a db 6d b2 1b 7a 6a f6 49 d7 b4 bc 41
9d 78 76 48 7d 95 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00
00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00
14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04
00 33 00 26 00 24 00 1d 00 20 e4 ff b6 8a c0 5f 8d 96 c9 9d a2
66 98 34 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1 8d 66 8f 0b
00 2a 00 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03
06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05
02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 29 00 dd 00 b8 00 b2 2c 03 5d 82 93 59 ee 5f f7 af
4e c9 00 00 00 00 26 2a 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf
1b 00 70 ad 3c 49 88 83 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60
97 a3 a9 82 11 72 83 f8 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61
be 7f d6 1d 28 27 db 27 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4
d2 9e e0 37 25 a6 a4 da fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2
67 7f a5 90 6c 5b 3f 7d 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb
f2 97 b5 ae a6 17 64 6f ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41
ef 5f 7d e6 50 5e 5b fb c3 88 e9 33 43 69 40 93 93 4a e4 d3 57
fa d6 aa cb
binder hash (32 octets): 63 22 4b 2e 45 73 f2 d3 45 4c a8 4b 9d
00 9a 04 f6 be 9e 05 71 1a 83 96 47 3a ef a0 1e 92 4a 14
PRK (32 octets): 69 fe 13 1a 3b ba d5 d6 3c 64 ee bc c3 0e 39 5b
9d 81 07 72 6a 13 d0 74 e3 89 db c8 a4 e4 72 56
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): a8 19 28 e3 08 5c 3a 85 63 ed 82 2d a9 af 7a expanded (32 octets): 55 88 67 3e 72 cb 59 c8 7d 22 0c af fe 94
b7 1a c5 43 2a 5f 9d 1e 6f 71 32 f1 8b 36 e2 c7 05 f2 de a9 a3 b1 60 9f 7d 50 e9 0a 48 22 7d b9 ed 7e aa
finished (32 octets): 3a dd 4f b2 d8 fd f8 22 a0 ca 3c f7 67 8e
f5 e8 8d ae 99 01 41 c5 92 4d 57 bb 6f a3 1b 9e 5f 9d
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 88 09 d2 a3 9b f9 ae b3 payload (512 octets): 01 00 01 fc 03 03 1b c3 ce b6 bb e3 9c ff
83 1d 2b 32 e4 ff f9 32 15 e4 fc 4f 25 71 79 71 bd 79 e8 19 41 93 83 55 b5 a5 0a db 6d b2 1b 7a 6a f6 49 d7 b4 bc 41 9d 78 76
e3 dd 9b 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 48 7d 95 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 b0 31 99 c3 4d 68 2d 91 db 5f 58 96 10 f6 26 00 24 00 1d 00 20 e4 ff b6 8a c0 5f 8d 96 c9 9d a2 66 98 34
c0 9b ec e9 9c 23 c7 7c c6 0d 1e dd 0d 25 ed 5d be 70 00 2a 00 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1 8d 66 8f 0b 00 2a 00
00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02
03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57 00 00 00 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 29 00 dd 00 b8 00 b2 ff 09 9f 96 76 cd ff 8b 0b f8 82 5d 00 00 29 00 dd 00 b8 00 b2 2c 03 5d 82 93 59 ee 5f f7 af 4e c9 00
00 00 00 79 05 a9 d2 8e fe ef 4a 47 c6 f9 b0 6a 0c ec db 00 70 00 00 00 26 2a 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf 1b 00 70
d9 20 b8 98 99 7c 75 b7 96 36 94 3e d4 20 46 a9 61 42 bd 08 4a ad 3c 49 88 83 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60 97 a3 a9
04 ac fa 0c 49 0f 45 2d 75 6d ea 02 c0 f9 27 25 9f 1f 32 31 ac 82 11 72 83 f8 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61 be 7f d6
0d 54 1a 76 91 29 b7 40 ce 38 09 08 42 b8 28 c2 7f d7 29 f5 97 1d 28 27 db 27 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4 d2 9e e0
37 ba 98 aa 7b 42 e0 43 c5 da 28 f8 dc a8 59 0b 2d f4 10 d5 13 37 25 a6 a4 da fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2 67 7f a5
4f d6 c4 ca ca d8 b3 03 70 60 2a fa 35 d2 65 bf 4d 12 79 76 bb 90 6c 5b 3f 7d 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb f2 97 b5
36 db da 6a 62 6f 02 70 e2 0e eb c7 3d 6f ca e2 b1 a0 da 12 2e ae a6 17 64 6f ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41 ef 5f 7d
e9 04 2f 76 be 56 eb f4 1a a4 69 c3 d2 c9 da 91 97 d8 2f d3 99 e6 50 5e 5b fb c3 88 e9 33 43 69 40 93 93 4a e4 d3 57 fa d6 aa
32 00 21 20 3c e6 69 de de c4 4e 5e 75 53 8f cc ab 3d b0 45 fb cb 00 21 20 3a dd 4f b2 d8 fd f8 22 a0 ca 3c f7 67 8e f5 e8 8d
5d 21 01 19 99 e1 45 12 ee 3a b3 5f 2a f4 e9 ae 99 01 41 c5 92 4d 57 bb 6f a3 1b 9e 5f 9d
ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 88 09 complete record (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 1b
d2 a3 9b f9 ae b3 83 1d 2b 32 e4 ff f9 32 15 e4 fc 4f 25 71 79 c3 ce b6 bb e3 9c ff 93 83 55 b5 a5 0a db 6d b2 1b 7a 6a f6 49
71 bd 79 e8 19 41 e3 dd 9b 00 00 06 13 01 13 03 13 02 01 00 01 d7 b4 bc 41 9d 78 76 48 7d 95 00 00 06 13 01 13 03 13 02 01 00
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 01 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02
03 01 04 00 33 00 26 00 24 00 1d 00 20 b0 31 99 c3 4d 68 2d 91 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 e4 ff b6 8a c0 5f 8d
db 5f 58 96 10 f6 c0 9b ec e9 9c 23 c7 7c c6 0d 1e dd 0d 25 ed 96 c9 9d a2 66 98 34 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1
5d be 70 00 2a 00 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 8d 66 8f 0b 00 2a 00 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
15 00 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 ff 09 9f 96 76 cd ff 00 00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 2c 03 5d 82 93 59
8b 0b f8 82 5d 00 00 00 00 79 05 a9 d2 8e fe ef 4a 47 c6 f9 b0 ee 5f f7 af 4e c9 00 00 00 00 26 2a 64 94 dc 48 6d 2c 8a 34 cb
6a 0c ec db 00 70 d9 20 b8 98 99 7c 75 b7 96 36 94 3e d4 20 46 33 fa 90 bf 1b 00 70 ad 3c 49 88 83 c9 36 7c 09 a2 be 78 5a bc
a9 61 42 bd 08 4a 04 ac fa 0c 49 0f 45 2d 75 6d ea 02 c0 f9 27 55 cd 22 60 97 a3 a9 82 11 72 83 f8 2a 03 a1 43 ef d3 ff 5d d3
25 9f 1f 32 31 ac 0d 54 1a 76 91 29 b7 40 ce 38 09 08 42 b8 28 6d 64 e8 61 be 7f d6 1d 28 27 db 27 9c ce 14 50 77 d4 54 a3 66
c2 7f d7 29 f5 97 37 ba 98 aa 7b 42 e0 43 c5 da 28 f8 dc a8 59 4d 4e 6d a4 d2 9e e0 37 25 a6 a4 da fc d0 fc 67 d2 ae a7 05 29
0b 2d f4 10 d5 13 4f d6 c4 ca ca d8 b3 03 70 60 2a fa 35 d2 65 51 3e 3d a2 67 7f a5 90 6c 5b 3f 7d 8f 92 f2 28 bd a4 0d da 72
bf 4d 12 79 76 bb 36 db da 6a 62 6f 02 70 e2 0e eb c7 3d 6f ca 14 70 f9 fb f2 97 b5 ae a6 17 64 6f ac 5c 03 27 2e 97 07 27 c6
e2 b1 a0 da 12 2e e9 04 2f 76 be 56 eb f4 1a a4 69 c3 d2 c9 da 21 a7 91 41 ef 5f 7d e6 50 5e 5b fb c3 88 e9 33 43 69 40 93 93
91 97 d8 2f d3 99 32 00 21 20 3c e6 69 de de c4 4e 5e 75 53 8f 4a e4 d3 57 fa d6 aa cb 00 21 20 3a dd 4f b2 d8 fd f8 22 a0 ca
cc ab 3d b0 45 fb 5d 21 01 19 99 e1 45 12 ee 3a b3 5f 2a f4 e9 3c f7 67 8e f5 e8 8d ae 99 01 41 c5 92 4d 57 bb 6f a3 1b 9e 5f
9d
{client} derive secret "tls13 c e traffic": {client} derive secret "tls13 c e traffic":
PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84 PRK (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20 bb
66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c
hash (32 octets): 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 75 hash (32 octets): 08 ad 0f a0 5d 7c 72 33 b1 77 5b a2 ff 9f 4c 5b
c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9 8b 59 27 6b 7f 22 7f 13 a9 76 24 5f 5d 96 09 13
info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61 info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61
66 66 69 63 20 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 75 66 66 69 63 20 08 ad 0f a0 5d 7c 72 33 b1 77 5b a2 ff 9f 4c 5b
c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9 8b 59 27 6b 7f 22 7f 13 a9 76 24 5f 5d 96 09 13
output (32 octets): cb 08 b7 85 96 5c 90 ca 74 0d 54 30 7f 9b bc expanded (32 octets): 3f bb e6 a6 0d eb 66 c3 0a 32 79 5a ba 0e
69 88 fe e7 eb 03 98 08 ed 93 da 96 36 47 d9 1c 87 ff 7e aa 10 10 55 86 e7 be 5c 09 67 8d 63 b6 ca ab 62
{client} derive secret "tls13 e exp master": {client} derive secret "tls13 e exp master":
PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84 PRK (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20 bb
66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c
hash (32 octets): 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 75 hash (32 octets): 08 ad 0f a0 5d 7c 72 33 b1 77 5b a2 ff 9f 4c 5b
c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9 8b 59 27 6b 7f 22 7f 13 a9 76 24 5f 5d 96 09 13
info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d
61 73 74 65 72 20 34 b6 f2 ae b0 97 8e 4d f4 3a a9 0f b0 c2 8c 61 73 74 65 72 20 08 ad 0f a0 5d 7c 72 33 b1 77 5b a2 ff 9f 4c
75 c2 f8 0a f8 e6 3a 5b 22 3b c4 a1 83 04 9b 89 b9 5b 8b 59 27 6b 7f 22 7f 13 a9 76 24 5f 5d 96 09 13
output (32 octets): d9 dd b0 a3 b4 b9 0c 6a 34 7e fb d3 02 e6 6b expanded (32 octets): b2 02 68 66 61 09 37 d7 42 3e 5b e9 08 62
f1 e8 f7 34 f0 e2 43 f2 b5 bb b2 a1 66 07 ac 18 b7 cc f2 4c 0e 60 91 18 6d 34 f8 12 08 9f f5 be 2e f7 df
{client} derive write traffic keys for early application data: {client} derive write traffic keys for early application data:
PRK (32 octets): cb 08 b7 85 96 5c 90 ca 74 0d 54 30 7f 9b bc 69 PRK (32 octets): 3f bb e6 a6 0d eb 66 c3 0a 32 79 5a ba 0e ff 7e
88 fe e7 eb 03 98 08 ed 93 da 96 36 47 d9 1c 87 aa 10 10 55 86 e7 be 5c 09 67 8d 63 b6 ca ab 62
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): e8 56 97 a3 12 b9 ba e5 f9 3c 30 9b 2b ad key expanded (16 octets): 92 02 05 a5 b7 bf 21 15 e6 fc 5c 29 42
e4 85 83 4f 54
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 62 12 30 34 1c c0 fb fe db 55 f6 75 iv expanded (12 octets): 6d 47 5f 09 93 c8 e5 64 61 0d b2 b9
{client} send application_data record: {client} send application_data record:
payload (6 octets): 41 42 43 44 45 46 payload (6 octets): 41 42 43 44 45 46
ciphertext (28 octets): 17 03 03 00 17 7c b2 38 bd c6 0b 71 2f b1
40 ca 0f 9b 9b 8b ef c9 ff 31 31 45 75 12
{server} extract secret "early" (same as client) complete record (28 octets): 17 03 03 00 17 ab 1d f4 20 e7 5c 45
7a 7c c5 d2 84 4f 76 d5 ae e4 b4 ed bf 04 9b e0
{server} calculate finished "tls13 finished" (same as client) {server} extract secret "early" (same as client early secret)
{server} calculate PSK binder (same as client)
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 34 68 86 bf 49 a0 43 10 79 99 c8 5a e2 private key (32 octets): de 5b 44 76 e7 b4 90 b2 65 2d 33 8a cb
71 48 e2 c1 ac a0 04 38 a6 87 df c9 bb 2c f1 17 cc cc fe f2 94 80 66 f2 55 f9 44 0e 23 b9 8f c6 98 35 29 8d c1 07
public key (32 octets): 27 e0 06 8f 6e fd 82 54 08 eb 88 c7 4e e8 public key (32 octets): 12 17 61 ee 42 c3 33 e1 b9 e7 7b 60 dd 57
8d ba 83 e3 51 ed 5a 37 49 ae 94 50 5c fb d4 e7 89 28 c2 05 3c d9 45 12 ab 47 f1 15 e8 6e ff 50 94 2c ea 31
{server} derive secret "tls13 c e traffic" (same as client) {server} derive secret "tls13 c e traffic" (same as client)
{server} derive secret "tls13 e exp master" (same as client) {server} derive secret "tls13 e exp master" (same as client)
{server} send a ServerHello handshake message {server} construct a ServerHello handshake message
ServerHello (96 octets): 02 00 00 5c 03 03 3c cf d2 de c8 90 22
27 63 47 2a e8 13 67 77 c9 d7 35 87 77 bb 66 e9 1e a5 12 24 95
f5 59 ea 2d 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00
1d 00 20 12 17 61 ee 42 c3 33 e1 b9 e7 7b 60 dd 57 c2 05 3c d9
45 12 ab 47 f1 15 e8 6e ff 50 94 2c ea 31 00 2b 00 02 03 04
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84 PRK (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20 bb
66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83 expanded (32 octets): 5f 17 90 bb d8 2c 5e 7d 37 6e d2 e1 e5 2f
04 79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec 8e 60 38 c9 34 6d b6 1b 43 be 9a 52 f7 7e f3 99 8e 80
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83 04 salt (32 octets): 5f 17 90 bb d8 2c 5e 7d 37 6e d2 e1 e5 2f 8e 60
79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec 38 c9 34 6d b6 1b 43 be 9a 52 f7 7e f3 99 8e 80
IKM (32 octets): b0 66 a1 5b c1 aa ee f8 79 0e 0b 02 e6 2f 82 dc IKM (32 octets): f4 41 94 75 6f f9 ec 9d 25 18 06 35 d6 6e a6 82
44 64 46 e3 7d 6d 61 22 b0 d3 b9 94 ef 11 dd 3c 4c 6a b3 bf 17 99 77 be 37 f7 23 57 0e 7c cb 2e
secret (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 secret (32 octets): 00 5c b1 12 fd 8e b4 cc c6 23 bb 88 a0 7c 64
c9 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34 b3 ed e1 60 53 63 fc 7d 0d f8 c7 ce 4f f0 fb 4a e6
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 c9 PRK (32 octets): 00 5c b1 12 fd 8e b4 cc c6 23 bb 88 a0 7c 64 b3
0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34 ed e1 60 53 63 fc 7d 0d f8 c7 ce 4f f0 fb 4a e6
hash (32 octets): 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58 f9 hash (32 octets): f7 36 cb 34 fe 25 e7 01 55 1b ee 6f d2 4c 1c c7
0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92 10 2a 7d af 94 05 cb 15 d9 7a af e1 6f 75 7d 03
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58 61 66 66 69 63 20 f7 36 cb 34 fe 25 e7 01 55 1b ee 6f d2 4c 1c
f9 0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92 c7 10 2a 7d af 94 05 cb 15 d9 7a af e1 6f 75 7d 03
output (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc expanded (32 octets): 2f aa c0 8f 85 1d 35 fe a3 60 4f cb 4d e8
78 81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2 2d c6 2c 9b 16 4a 70 97 4d 04 62 e2 7f 1a b2 78 70 0f
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 c9 PRK (32 octets): 00 5c b1 12 fd 8e b4 cc c6 23 bb 88 a0 7c 64 b3
0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34 ed e1 60 53 63 fc 7d 0d f8 c7 ce 4f f0 fb 4a e6
hash (32 octets): 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58 f9 hash (32 octets): f7 36 cb 34 fe 25 e7 01 55 1b ee 6f d2 4c 1c c7
0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92 10 2a 7d af 94 05 cb 15 d9 7a af e1 6f 75 7d 03
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 57 f0 ae 2e 58 8f c2 e6 e9 a1 eb d1 a6 1e 58 61 66 66 69 63 20 f7 36 cb 34 fe 25 e7 01 55 1b ee 6f d2 4c 1c
f9 0c 8b 8d a1 fc 38 f0 cc 9e 9f 33 d2 21 bb ca 92 c7 10 2a 7d af 94 05 cb 15 d9 7a af e1 6f 75 7d 03
output (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 expanded (32 octets): fe 92 7a e2 71 31 2e 8b f0 27 5b 58 1c 54
88 3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06 ee f0 20 45 0d c4 ec ff aa 05 a1 a3 5d 27 51 8e 78 03
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 c9 PRK (32 octets): 00 5c b1 12 fd 8e b4 cc c6 23 bb 88 a0 7c 64 b3
0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34 ed e1 60 53 63 fc 7d 0d f8 c7 ce 4f f0 fb 4a e6
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): d0 83 52 8c fc 36 56 8e 69 05 c2 4b f7 3a df expanded (32 octets): e2 f1 60 30 25 1d f0 87 4b a1 9b 9a ba 25
9f ac a9 90 e3 57 0d e0 35 5f f4 35 f9 53 09 b1 26 76 10 bc 6d 53 1c 1d d2 06 df 0c a6 e8 4a e2 a2 67 42
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): d0 83 52 8c fc 36 56 8e 69 05 c2 4b f7 3a df 9f salt (32 octets): e2 f1 60 30 25 1d f0 87 4b a1 9b 9a ba 25 76 10
ac a9 90 e3 57 0d e0 35 5f f4 35 f9 53 09 b1 26 bc 6d 53 1c 1d d2 06 df 0c a6 e8 4a e2 a2 67 42
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f secret (32 octets): e2 d3 2d 4e d6 6d d3 78 97 a0 e8 0c 84 10 75
a6 b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29 03 ce 58 bf 8a ad 4c b5 5a 50 02 d7 7e cb 89 0e ce
{server} send handshake record: {server} send handshake record:
payload (96 octets): 02 00 00 5c 03 03 22 ac 26 b0 26 b9 d5 71 70 payload (96 octets): 02 00 00 5c 03 03 3c cf d2 de c8 90 22 27 63
2d ad 44 7e 2d 5a 54 d1 5a e1 e0 6f af 78 35 8a 3e 17 7b e8 3a 47 2a e8 13 67 77 c9 d7 35 87 77 bb 66 e9 1e a5 12 24 95 f5 59
ce 94 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00 ea 2d 00 13 01 00 00 34 00 29 00 02 00 00 00 33 00 24 00 1d 00
20 27 e0 06 8f 6e fd 82 54 08 eb 88 c7 4e e8 8d ba 83 e3 51 ed 20 12 17 61 ee 42 c3 33 e1 b9 e7 7b 60 dd 57 c2 05 3c d9 45 12
5a 37 49 ae 94 50 5c fb d4 e7 89 28 00 2b 00 02 03 04 ab 47 f1 15 e8 6e ff 50 94 2c ea 31 00 2b 00 02 03 04
ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 22 ac complete record (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 3c
26 b0 26 b9 d5 71 70 2d ad 44 7e 2d 5a 54 d1 5a e1 e0 6f af 78 cf d2 de c8 90 22 27 63 47 2a e8 13 67 77 c9 d7 35 87 77 bb 66
35 8a 3e 17 7b e8 3a ce 94 00 13 01 00 00 34 00 29 00 02 00 00 e9 1e a5 12 24 95 f5 59 ea 2d 00 13 01 00 00 34 00 29 00 02 00
00 33 00 24 00 1d 00 20 27 e0 06 8f 6e fd 82 54 08 eb 88 c7 4e 00 00 33 00 24 00 1d 00 20 12 17 61 ee 42 c3 33 e1 b9 e7 7b 60
e8 8d ba 83 e3 51 ed 5a 37 49 ae 94 50 5c fb d4 e7 89 28 00 2b dd 57 c2 05 3c d9 45 12 ab 47 f1 15 e8 6e ff 50 94 2c ea 31 00
00 02 03 04 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 88 PRK (32 octets): fe 92 7a e2 71 31 2e 8b f0 27 5b 58 1c 54 ee f0
3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06 20 45 0d c4 ec ff aa 05 a1 a3 5d 27 51 8e 78 03
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key expanded (16 octets): 27 c6 bd c0 a3 dc ea 39 a4 73 26 d7 9b
key output (16 octets): ae 83 82 f6 52 62 a0 36 0e b6 8f fb 45 15 c9 e4 ee
52 6c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 5b 5d 18 b7 ee c7 ed 46 c3 0f c1 3a iv expanded (12 octets): 95 69 ec dd 4d 05 36 70 5e 9e f7 25
{server} send a EncryptedExtensions handshake message {server} construct a EncryptedExtensions handshake message
EncryptedExtensions (44 octets): 08 00 00 28 00 26 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c
00 02 40 01 00 00 00 00 00 2a 00 00
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 88 PRK (32 octets): fe 92 7a e2 71 31 2e 8b f0 27 5b 58 1c 54 ee f0
3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06 20 45 0d c4 ec ff aa 05 a1 a3 5d 27 51 8e 78 03
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 4d 48 4e ab 01 74 3f 01 91 fd 0d c5 10 42 26 expanded (32 octets): 4b b7 4c ae 7a 5d c8 91 46 04 c0 bf be 2f
64 f8 67 b6 04 68 8b 5a 2f 47 12 9c 75 a0 c1 a3 63 0c 06 23 96 88 39 22 be c8 a1 5e 2a 9b 53 2a 5d 39 2c
{server} send a Finished handshake message finished (32 octets): 48 d3 e0 e1 b3 d9 07 c6 ac ff 14 5e 16 09
03 88 c7 7b 05 c0 50 b6 34 ab 1a 88 bb d0 dd 1a 34 b2
{server} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 48 d3 e0 e1 b3 d9 07 c6 ac ff
14 5e 16 09 03 88 c7 7b 05 c0 50 b6 34 ab 1a 88 bb d0 dd 1a 34
b2
{server} send handshake record: {server} send handshake record:
payload (80 octets): 08 00 00 28 00 26 00 0a 00 14 00 12 00 1d 00 payload (80 octets): 08 00 00 28 00 26 00 0a 00 14 00 12 00 1d 00
17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40 01 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40 01
00 00 00 00 00 2a 00 00 14 00 00 20 ef 49 51 b0 98 8b 89 1a 6b 00 00 00 00 00 2a 00 00 14 00 00 20 48 d3 e0 e1 b3 d9 07 c6 ac
9d 71 3b f2 25 a6 7a 7b 37 c2 8e ab bd 52 30 74 bc 01 aa c3 62 ff 14 5e 16 09 03 88 c7 7b 05 c0 50 b6 34 ab 1a 88 bb d0 dd 1a
f8 e2 34 b2
ciphertext (102 octets): 17 03 03 00 61 44 c1 e3 83 6b a6 a7 ba complete record (102 octets): 17 03 03 00 61 dc 48 23 7b 4b 87 9f
0d ed 9d 4c f8 17 f3 29 79 d8 5c 8b 41 da 53 b2 09 55 80 3d 9e 50 d0 d4 d2 62 ea 8b 47 16 eb 40 dd c1 eb 95 7e 11 12 6e 8a 71
a2 e3 42 ef 1a ff d6 6a 02 87 85 e2 19 6a d6 a0 db dd 27 44 3d 49 c2 d0 12 d3 7a 71 15 95 7e 64 ce 30 00 8b 9e 03 23 f2 c0 5a
36 87 26 53 c1 96 8b 0f 9c 01 bd cf de 83 cf c1 b8 43 b7 81 90 9c 1c 77 b4 f3 78 49 a6 95 ab 25 50 60 a3 3f ee 77 0c a9 5c b8
ab ad 0d c3 ea 30 d1 be 40 e3 ce c8 96 19 88 ce f4 95 8f d1 6b 48 6b fd 08 43 b8 70 24 86 5c a3 5c c4 1c 4e 51 5c 64 dc b1 36
7f 1f 9e 47 41 9f 98 63 5b c7 a5
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6 PRK (32 octets): e2 d3 2d 4e d6 6d d3 78 97 a0 e8 0c 84 10 75 03
b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29 ce 58 bf 8a ad 4c b5 5a 50 02 d7 7e cb 89 0e ce
hash (32 octets): d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd hash (32 octets): b0 ae ff c4 6a 2c fe 33 11 4e 6f d7 d5 1f 9f 04
93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55 b1 ca 3c 49 7d ab 08 93 4a 77 4a 9d 9a d7 db f3
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f 61 66 66 69 63 20 b0 ae ff c4 6a 2c fe 33 11 4e 6f d7 d5 1f 9f
cd 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55 04 b1 ca 3c 49 7d ab 08 93 4a 77 4a 9d 9a d7 db f3
output (32 octets): a8 ff a2 6f e0 c9 d1 49 3c 3d 3c 3b 32 bc a1 expanded (32 octets): 2a bb f2 b8 e3 81 d2 3d be be 1d d2 a7 d1
80 f5 9b ba be 25 96 df f8 b2 b0 a1 46 74 0f 8b 00 6a 8b f4 84 cb 49 50 d2 3f b7 fb 7f a8 54 70 62 d9 a1
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6 PRK (32 octets): e2 d3 2d 4e d6 6d d3 78 97 a0 e8 0c 84 10 75 03
b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29 ce 58 bf 8a ad 4c b5 5a 50 02 d7 7e cb 89 0e ce
hash (32 octets): d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd hash (32 octets): b0 ae ff c4 6a 2c fe 33 11 4e 6f d7 d5 1f 9f 04
93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55 b1 ca 3c 49 7d ab 08 93 4a 77 4a 9d 9a d7 db f3
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f 61 66 66 69 63 20 b0 ae ff c4 6a 2c fe 33 11 4e 6f d7 d5 1f 9f
cd 93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55 04 b1 ca 3c 49 7d ab 08 93 4a 77 4a 9d 9a d7 db f3
output (32 octets): 51 a3 db 37 0b d9 f1 ae 7d e1 88 85 09 6b cb expanded (32 octets): cc 21 f1 bf 8f eb 7d d5 fa 50 5b d9 c4 b4
c6 1f ea 9b ce 6c cb c2 a2 76 76 4f 62 26 5a 70 9f 68 a9 98 4d 55 4a 99 3d c4 9e 6d 28 55 98 fb 67 26 91
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6 PRK (32 octets): e2 d3 2d 4e d6 6d d3 78 97 a0 e8 0c 84 10 75 03
b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29 ce 58 bf 8a ad 4c b5 5a 50 02 d7 7e cb 89 0e ce
hash (32 octets): d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd hash (32 octets): b0 ae ff c4 6a 2c fe 33 11 4e 6f d7 d5 1f 9f 04
93 78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55 b1 ca 3c 49 7d ab 08 93 4a 77 4a 9d 9a d7 db f3
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 d9 66 db 0c cf bd 43 bc 19 68 47 fe 1a 60 3f cd 93 74 65 72 20 b0 ae ff c4 6a 2c fe 33 11 4e 6f d7 d5 1f 9f 04 b1
78 65 68 9c a8 76 03 6f 28 ea 20 60 a7 77 55 ca 3c 49 7d ab 08 93 4a 77 4a 9d 9a d7 db f3
output (32 octets): a1 13 c3 cd ff b5 f6 5d 28 21 54 d1 09 93 54 expanded (32 octets): 3f d9 3d 4f fd dc 98 e6 4b 14 dd 10 7a ed
90 a0 e3 7d bd c9 e9 ca 30 8d 36 21 e4 15 e9 7a fd f8 ee 4a dd 23 f4 51 0f 58 a4 59 2d 0b 20 1b ee 56 b4
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 51 a3 db 37 0b d9 f1 ae 7d e1 88 85 09 6b cb c6 PRK (32 octets): cc 21 f1 bf 8f eb 7d d5 fa 50 5b d9 c4 b4 68 a9
1f ea 9b ce 6c cb c2 a2 76 76 4f 62 26 5a 70 9f 98 4d 55 4a 99 3d c4 9e 6d 28 55 98 fb 67 26 91
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 27 c1 35 48 44 71 94 18 ec 91 eb 0b 14 f6 key expanded (16 octets): e8 57 c6 90 a3 4c 5a 91 29 d8 33 61 96
75 3a 84 f9 5e
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): ee b3 48 83 53 db a7 3d 3a fa cd 9e iv expanded (12 octets): 06 85 d6 b5 61 aa b9 ef 10 13 fa f9
{server} derive read traffic keys for early application data (same {server} derive read traffic keys for early application data (same
as client write traffic keys) as client early application data write traffic keys)
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 04 8b 40 aa 09 ff d4 c6 76 9c 54 1a 2f 46 e2 84 PRK (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20 bb
66 06 f7 0d 62 a6 15 97 77 29 c5 b2 81 c7 e7 15 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83 expanded (32 octets): 5f 17 90 bb d8 2c 5e 7d 37 6e d2 e1 e5 2f
04 79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec 8e 60 38 c9 34 6d b6 1b 43 be 9a 52 f7 7e f3 99 8e 80
{client} extract secret "handshake":
salt (32 octets): 9e fc 79 87 0b 08 c4 c6 51 20 52 50 af 9b 83 04
79 11 b7 83 d5 d7 67 8d 7c cc e7 18 18 9e a2 ec
IKM (32 octets): b0 66 a1 5b c1 aa ee f8 79 0e 0b 02 e6 2f 82 dc
44 64 46 e3 7d 6d 61 22 b0 d3 b9 94 ef 11 dd 3c
secret (32 octets): ea d8 b8 c5 9a 15 df 29 d7 9f a4 ac 31 d5 f7 {client} extract secret "handshake" (same as server handshake
c9 0e 2e 5c 87 d9 ea fe d1 fe 69 16 cf 2f 29 37 34 secret)
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server master secret)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 9f a7 18 12 f7 2e 9b cc b4 2b 4b 06 18 95 39 88
3d d5 8f 98 38 78 ef 87 29 12 3b 63 ff 18 fb 06
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): ae 83 82 f6 52 62 a0 36 0e b6 8f fb 45 15
52 6c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 5b 5d 18 b7 ee c7 ed 46 c3 0f c1 3a {client} derive read traffic keys for handshake data (same as server
handshake data write traffic keys)
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send a EndOfEarlyData handshake message {client} construct a EndOfEarlyData handshake message
EndOfEarlyData (4 octets): 05 00 00 00
{client} send handshake record: {client} send handshake record:
payload (4 octets): 05 00 00 00 payload (4 octets): 05 00 00 00
ciphertext (26 octets): 17 03 03 00 15 77 bf ce 7f c1 91 0c fa e9 complete record (26 octets): 17 03 03 00 15 ac a6 fc 94 48 41 29
65 7a 05 f3 15 9c de f8 68 5a 30 cb 8d f9 95 93 72 5f 9b f9 75 44 29 b1 2f 09
{client} derive write traffic keys for handshake data: {client} derive write traffic keys for handshake data:
PRK (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc 78 PRK (32 octets): 2f aa c0 8f 85 1d 35 fe a3 60 4f cb 4d e8 2d c6
81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2 2c 9b 16 4a 70 97 4d 04 62 e2 7f 1a b2 78 70 0f
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): e7 d4 94 88 a4 5c 1f 1d b4 ab 7d 7f e5 46 key expanded (16 octets): b1 53 08 06 f4 ad fe ac 83 f1 41 30 32
c9 fa bb fa 82
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a2 d1 32 5b eb 51 1a 7b 4a 20 c1 0c iv expanded (12 octets): eb 50 c1 6b e7 65 4a bf 99 dd 06 d9
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server application data write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc 78 PRK (32 octets): 2f aa c0 8f 85 1d 35 fe a3 60 4f cb 4d e8 2d c6
81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2 2c 9b 16 4a 70 97 4d 04 62 e2 7f 1a b2 78 70 0f
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): b5 97 08 27 aa 42 a8 db ab 2b da 4c d7 67 89 expanded (32 octets): 5a ce 39 4c 26 98 0d 58 12 43 f6 27 d1 15
5a e6 9a a1 dc f1 b3 d9 78 a0 55 d0 79 80 74 50 11 0a e2 7e 37 fa 52 36 4e 0a 7f 20 ac 68 6d 09 cd 0e 8e
{client} send a Finished handshake message finished (32 octets): 72 30 a9 c9 52 c2 5c d6 13 8f c5 e6 62 83
08 c4 1c 53 35 dd 81 b9 f9 6b ce a5 0f d3 2b da 41 6d
{client} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 72 30 a9 c9 52 c2 5c d6 13 8f
c5 e6 62 83 08 c4 1c 53 35 dd 81 b9 f9 6b ce a5 0f d3 2b da 41
6d
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 e1 75 18 96 9c 9f 46 dc 62 94 55 payload (36 octets): 14 00 00 20 72 30 a9 c9 52 c2 5c d6 13 8f c5
ae cf e2 36 db a5 48 77 fc 3d a0 7a d5 9d 13 45 77 fd 51 6e 18 e6 62 83 08 c4 1c 53 35 dd 81 b9 f9 6b ce a5 0f d3 2b da 41 6d
ciphertext (58 octets): 17 03 03 00 35 d0 af c0 f5 b5 5b 5c 88 3c complete record (58 octets): 17 03 03 00 35 00 f8 b4 67 d1 4c f2
cf 4a 46 1f 7a a1 28 47 17 89 eb 7c e4 1b b6 f0 cd 67 a9 64 16 2a 4b 3f 0b 6a e0 d8 e6 cc 8d 08 e0 db 35 15 ef 5c 2b df 19 22
da 6c 19 ea b0 26 b0 1d f6 89 18 58 81 46 1f 38 2f 7a 7d 63 da ea fb b7 00 09 96 47 16 d8 34 fb 70 c3 d2 a5 6c 5b 1f 5f 6b db
fa 39 a6 c3 33 cf
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): a8 ff a2 6f e0 c9 d1 49 3c 3d 3c 3b 32 bc a1 80 PRK (32 octets): 2a bb f2 b8 e3 81 d2 3d be be 1d d2 a7 d1 6a 8b
f5 9b ba be 25 96 df f8 b2 b0 a1 46 74 0f 8b 00 f4 84 cb 49 50 d2 3f b7 fb 7f a8 54 70 62 d9 a1
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 29 ca d2 48 96 e7 df 25 ff e0 6f cd 6c 03 key expanded (16 octets): 3c f1 22 f3 01 c6 35 8c a7 98 95 53 25
69 09 0e fd 72
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): dc 81 fc 39 54 43 9c ca e1 63 96 70 iv expanded (12 octets): ab 1a ec 26 aa 78 b8 fc 11 76 b9 ac
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 8d f1 2b 80 e8 2e f5 9b da 63 dc 17 f1 3b 4f a6 PRK (32 octets): e2 d3 2d 4e d6 6d d3 78 97 a0 e8 0c 84 10 75 03
b8 05 5a 97 dd 2a 5a e4 57 5e c9 08 b2 7b be 29 ce 58 bf 8a ad 4c b5 5a 50 02 d7 7e cb 89 0e ce
hash (32 octets): a7 87 12 0b d8 96 6c d7 5a 05 ce 0b 9c 5b 26 da hash (32 octets): c3 c1 22 e0 bd 90 7a 4a 3f f6 11 2d 8f d5 3d bf
b9 6b 91 9d c3 61 a3 9e 5f d1 0a 3e 05 18 48 e4 89 c7 73 d9 55 2e 8b 6b 9d 56 d3 61 b3 a9 7b f6
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 a7 87 12 0b d8 96 6c d7 5a 05 ce 0b 9c 5b 26 da b9 74 65 72 20 c3 c1 22 e0 bd 90 7a 4a 3f f6 11 2d 8f d5 3d bf 89
6b 91 9d c3 61 a3 9e 5f d1 0a 3e 05 18 48 e4 c7 73 d9 55 2e 8b 6b 9d 56 d3 61 b3 a9 7b f6
output (32 octets): b0 72 82 ae e5 10 c3 e3 83 02 f4 18 a7 fa fa
9e 44 11 34 69 ae ba 27 1a a1 b6 61 ce 41 52 1c ca
{server} derive read traffic keys for handshake data:
PRK (32 octets): 1f c4 90 4b fb a8 99 0c 23 53 45 e7 a7 6c fc 78
81 a2 40 af 54 10 78 44 ce c0 51 b4 06 5b f4 c2
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): e7 d4 94 88 a4 5c 1f 1d b4 ab 7d 7f e5 46
c9 fa
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 expanded (32 octets): 5e 95 bd f1 f8 90 05 ea 2e 9a a0 ba 85 e7
28 e3 c1 9c 5f e0 c6 99 e3 f5 be e5 9f ae bd 0b 54 06
iv output (12 octets): a2 d1 32 5b eb 51 1a 7b 4a 20 c1 0c {server} derive read traffic keys for handshake data (same as client
handshake data write traffic keys)
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client application data write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 c4 83 d1 89 af 82 8c ee 40 complete record (72 octets): 17 03 03 00 43 b1 ce bc e2 42 aa 20
4d cb 5a 16 64 93 50 2e d9 d0 c9 18 e7 0f d8 25 0c 5f b2 13 44 1b e9 ae 5e 1c b2 a9 aa 4b 33 d4 e8 66 af 1e db 06 89 19 23 77
79 6d 3a 72 bb 0a 4b 5c 59 03 c2 a7 05 6b 82 fc 17 37 7f 72 e7 41 aa 03 1d 7a 74 d4 91 c9 9b 9d 4e 23 2b 74 20 6b c6 fb aa 04
b4 6a 26 a6 97 5b 7e e3 b9 0b 2a b8 65 d4 0c 3c fe 78 be 44 a9 b4 f5 43 20 a1 7e b7 69 92 af ac 31 03
{server} send application_data record: {server} send application_data record:
payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17 03 03 00 43 35 da 03 f1 bd 93 ac 09 82 complete record (72 octets): 17 03 03 00 43 27 5e 9f 20 ac ff 57
d8 8e 1a 9f 6e 0e 86 81 c1 a3 4c 6e 95 ee cf ba 10 54 c5 a2 11 bc 00 06 57 d3 86 7d f0 39 cc cf 79 04 78 84 cf 75 77 17 46 f7
00 e8 7f 2b 78 ab 1f e5 a4 3f 39 a5 8e e8 40 bf 97 f5 c9 1f 97 40 b5 a8 3f 46 2a 09 54 c3 58 13 93 a2 03 a2 5a 7d d1 41 41 ef
3a ce 78 eb 92 f8 27 91 2f 42 31 6d a1 7b 22 b9 1a 37 90 0c db 62 ff 62 de e1 ba 39 ab 25 90 cb f1 94
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 95 2b 05 3c 66 06 d8 96 08 complete record (24 octets): 17 03 03 00 13 0f ac ce 32 46 bd fc
89 e1 77 51 23 0e d7 8f a0 80 63 69 83 8d 6a 82 ae 6d e5 d4 22 dc
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 46 95 47 73 f0 bf 82 91 68 complete record (24 octets): 17 03 03 00 13 5b 18 af 44 4e 8e 1e
34 7b 99 0b 68 bf 73 3a f5 75 ec 71 58 fb 62 d8 f2 57 7d 37 ba 5d
5. HelloRetryRequest 5. HelloRetryRequest
In this example, the client initiates a handshake with an X25519 In this example, the client initiates a handshake with an X25519
[RFC7748] share. The server however prefers P-256 [FIPS186] and [RFC7748] share. The server however prefers P-256 [FIPS186] and
sends a HelloRetryRequest that requires the client to generate a key sends a HelloRetryRequest that requires the client to generate a key
share on the P-256 curve. share on the P-256 curve.
Note: The HelloRetryRequest uses the same handshake message type as
a ServerHello and so is labeled as ServerHello here.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): a8 f7 4c 62 7c 09 56 a7 89 81 aa 60 39 private key (32 octets): 0e d0 2f 8e 81 17 ef c7 5c a7 ac 32 aa
e1 58 56 80 f4 af 93 c6 0b 4a 9c cc 35 1f 3c 1a c9 05 c8 7e 34 ed a6 4c dc 0d da d1 54 a5 e8 52 89 f9 59 f6 32 04
public key (32 octets): 28 90 65 44 eb 46 f9 bc c3 63 92 0e 28 a6 public key (32 octets): e8 e8 e3 f3 b9 3a 25 ed 97 a1 4a 7d ca cb
4c 72 a5 ff d1 fb f5 71 06 36 c0 5b 88 ab a0 35 38 0c 8a 27 2c 62 88 e5 85 c6 48 4d 05 26 2f ca d0 62 ad 1f
{client} send a ClientHello handshake message {client} construct a ClientHello handshake message
ClientHello (180 octets): 01 00 00 b0 03 03 b0 b1 c5 a5 aa 37 c5
91 9f 2e d1 d5 c6 ff f7 fc b7 84 97 16 94 5a 2b 8c ee 92 58 a3
46 67 7b 6f 00 00 06 13 01 13 03 13 02 01 00 00 81 00 00 00 0b
00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00
06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 e8 e8 e3 f3
b9 3a 25 ed 97 a1 4a 7d ca cb 8a 27 2c 62 88 e5 85 c6 48 4d 05
26 2f ca d0 62 ad 1f 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04
03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
{client} send handshake record: {client} send handshake record:
payload (180 octets): 01 00 00 b0 03 03 8f bb 74 7c 54 ca 32 cd payload (180 octets): 01 00 00 b0 03 03 b0 b1 c5 a5 aa 37 c5 91
2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64 e3 4a 3e f6 bc 7e 9f 2e d1 d5 c6 ff f7 fc b7 84 97 16 94 5a 2b 8c ee 92 58 a3 46
98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 00 81 00 00 00 0b 00 67 7b 6f 00 00 06 13 01 13 03 13 02 01 00 00 81 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 28 90 65 44 eb 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 20 e8 e8 e3 f3 b9
46 f9 bc c3 63 92 0e 28 a6 4c 72 a5 ff d1 fb f5 71 06 36 c0 5b 3a 25 ed 97 a1 4a 7d ca cb 8a 27 2c 62 88 e5 85 c6 48 4d 05 26
88 ab a0 35 38 0c 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 2f ca d0 62 ad 1f 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03
05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04
02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
ciphertext (185 octets): 16 03 01 00 b4 01 00 00 b0 03 03 8f bb complete record (185 octets): 16 03 01 00 b4 01 00 00 b0 03 03 b0
74 7c 54 ca 32 cd 2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64 b1 c5 a5 aa 37 c5 91 9f 2e d1 d5 c6 ff f7 fc b7 84 97 16 94 5a
e3 4a 3e f6 bc 7e 98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 00 2b 8c ee 92 58 a3 46 67 7b 6f 00 00 06 13 01 13 03 13 02 01 00
81 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 81 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 26 00 24 00 1d
20 28 90 65 44 eb 46 f9 bc c3 63 92 0e 28 a6 4c 72 a5 ff d1 fb 00 20 e8 e8 e3 f3 b9 3a 25 ed 97 a1 4a 7d ca cb 8a 27 2c 62 88
f5 71 06 36 c0 5b 88 ab a0 35 38 0c 00 2b 00 03 02 03 04 00 0d e5 85 c6 48 4d 05 26 2f ca d0 62 ad 1f 00 2b 00 03 02 03 04 00
00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01
01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00
00 02 40 01 1c 00 02 40 01
{server} send a ServerHello handshake message {server} construct a ServerHello handshake message
ServerHello (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61
11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2
c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00
72 71 dc d0 4b b8 8b c3 18 91 19 39 8a 00 00 00 00 ee fa fc 76
c1 46 b8 23 b0 96 f8 aa ca d3 65 dd 00 30 95 3f 4e df 62 56 36
e5 f2 1b b2 e2 3f cc 65 4b 1b 5b 40 31 8d 10 d1 37 ab cb b8 75
74 e3 6e 8a 1f 02 5f 7d fa 5d 6e 50 78 1b 5e da 4a a1 5b 0c 8b
e7 78 25 7d 16 aa 30 30 e9 e7 84 1d d9 e4 c0 34 22 67 e8 ca 0c
af 57 1f b2 b7 cf f0 f9 34 b0 00 2b 00 02 03 04
{server} send handshake record: {server} send handshake record:
payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11 payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11
be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8
a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 00 2c 00 74 00 72
f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 d4 00 00 00 00 65 a4 46 6b 5a 71 dc d0 4b b8 8b c3 18 91 19 39 8a 00 00 00 00 ee fa fc 76 c1
a7 aa eb be d0 bc 0b 6d 96 5a 58 00 30 df ac fb a2 00 23 21 e1 46 b8 23 b0 96 f8 aa ca d3 65 dd 00 30 95 3f 4e df 62 56 36 e5
2a ec 00 07 b4 da c5 d1 65 20 c4 46 f0 18 49 37 ea 29 a3 07 01 f2 1b b2 e2 3f cc 65 4b 1b 5b 40 31 8d 10 d1 37 ab cb b8 75 74
78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 13 a6 a5 df e6 b9 09 87 8b 44 e3 6e 8a 1f 02 5f 7d fa 5d 6e 50 78 1b 5e da 4a a1 5b 0c 8b e7
ec 76 80 e7 86 75 60 fe bf ed c9 1f af 1a 87 19 1b a8 c3 c8 cd 78 25 7d 16 aa 30 30 e9 e7 84 1d d9 e4 c0 34 22 67 e8 ca 0c af
96 2f 88 13 ff 3f 47 96 ae 00 2b 00 02 03 04 57 1f b2 b7 cf f0 f9 34 b0 00 2b 00 02 03 04
ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21 complete record (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf
ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 21 ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb
5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00 17 8c 5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 33 00 02 00
00 2c 00 74 00 72 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 d4 00 00 00 17 00 2c 00 74 00 72 71 dc d0 4b b8 8b c3 18 91 19 39 8a 00 00
00 65 a4 46 6b 5a a7 aa eb be d0 bc 0b 6d 96 5a 58 00 30 df ac 00 00 ee fa fc 76 c1 46 b8 23 b0 96 f8 aa ca d3 65 dd 00 30 95
fb a2 00 23 21 e1 2a ec 00 07 b4 da c5 d1 65 20 c4 46 f0 18 49 3f 4e df 62 56 36 e5 f2 1b b2 e2 3f cc 65 4b 1b 5b 40 31 8d 10
37 ea 29 a3 07 01 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 13 a6 a5 df d1 37 ab cb b8 75 74 e3 6e 8a 1f 02 5f 7d fa 5d 6e 50 78 1b 5e
e6 b9 09 87 8b 44 ec 76 80 e7 86 75 60 fe bf ed c9 1f af 1a 87 da 4a a1 5b 0c 8b e7 78 25 7d 16 aa 30 30 e9 e7 84 1d d9 e4 c0
19 1b a8 c3 c8 cd 96 2f 88 13 ff 3f 47 96 ae 00 2b 00 02 03 04 34 22 67 e8 ca 0c af 57 1f b2 b7 cf f0 f9 34 b0 00 2b 00 02 03
04
{client} create an ephemeral P-256 key pair: {client} create an ephemeral P-256 key pair:
private key (32 octets): 73 eb 34 d9 e6 f4 90 00 0d 35 bc 12 94 private key (32 octets): ab 54 73 46 7e 19 34 6c eb 0a 04 14 e4
f1 ea 1c 3f 2b f9 95 56 0a 1f 35 a2 b9 cb 21 13 d5 48 b1 1d a2 1d 4d 24 45 bc 30 25 af e9 7c 4e 8d c8 d5 13 da 39
public key (65 octets): 04 35 8d 1d 9c a8 f6 79 5d fa fd 0d d3 88 public key (65 octets): 04 a6 da 73 92 ec 59 1e 17 ab fd 53 59 64
14 65 67 20 14 9b bc 1b 39 8a a1 46 a2 0f 60 d6 17 db 9f 02 68 b9 98 94 d1 3b ef b2 21 b3 de f2 eb e3 83 0e ac 8f 01 51 81 26
3d ac 20 ac 2c 06 a3 a5 ef a3 e2 12 49 03 d6 d2 eb a7 65 b4 42 77 c4 d6 d2 23 7e 85 cf 01 d6 91 0c fb 83 95 4e 76 ba 73 52 83
90 1f 15 51 28 f7 e7 0e 06 05 34 15 98 97 e8 06 57 80
{client} send a ClientHello handshake message {client} construct a ClientHello handshake message
ClientHello (512 octets): 01 00 01 fc 03 03 b0 b1 c5 a5 aa 37 c5
91 9f 2e d1 d5 c6 ff f7 fc b7 84 97 16 94 5a 2b 8c ee 92 58 a3
46 67 7b 6f 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b
00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00
06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 a6 da 73
92 ec 59 1e 17 ab fd 53 59 64 b9 98 94 d1 3b ef b2 21 b3 de f2
eb e3 83 0e ac 8f 01 51 81 26 77 c4 d6 d2 23 7e 85 cf 01 d6 91
0c fb 83 95 4e 76 ba 73 52 83 05 34 15 98 97 e8 06 57 80 00 2b
00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04
08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00
2c 00 74 00 72 71 dc d0 4b b8 8b c3 18 91 19 39 8a 00 00 00 00
ee fa fc 76 c1 46 b8 23 b0 96 f8 aa ca d3 65 dd 00 30 95 3f 4e
df 62 56 36 e5 f2 1b b2 e2 3f cc 65 4b 1b 5b 40 31 8d 10 d1 37
ab cb b8 75 74 e3 6e 8a 1f 02 5f 7d fa 5d 6e 50 78 1b 5e da 4a
a1 5b 0c 8b e7 78 25 7d 16 aa 30 30 e9 e7 84 1d d9 e4 c0 34 22
67 e8 ca 0c af 57 1f b2 b7 cf f0 f9 34 b0 00 2d 00 02 01 01 00
1c 00 02 40 01 00 15 00 af 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
{client} send handshake record: {client} send handshake record:
payload (512 octets): 01 00 01 fc 03 03 8f bb 74 7c 54 ca 32 cd payload (512 octets): 01 00 01 fc 03 03 b0 b1 c5 a5 aa 37 c5 91
2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64 e3 4a 3e f6 bc 7e 9f 2e d1 d5 c6 ff f7 fc b7 84 97 16 94 5a 2b 8c ee 92 58 a3 46
98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00 67 7b 6f 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 35 8d 1d 9c 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 41 04 a6 da 73 92
a8 f6 79 5d fa fd 0d d3 88 14 65 67 20 14 9b bc 1b 39 8a a1 46 ec 59 1e 17 ab fd 53 59 64 b9 98 94 d1 3b ef b2 21 b3 de f2 eb
a2 0f 60 d6 17 db 9f 02 68 3d ac 20 ac 2c 06 a3 a5 ef a3 e2 12 e3 83 0e ac 8f 01 51 81 26 77 c4 d6 d2 23 7e 85 cf 01 d6 91 0c
49 03 d6 d2 eb a7 65 b4 42 90 1f 15 51 28 f7 e7 0e 06 00 2b 00 fb 83 95 4e 76 ba 73 52 83 05 34 15 98 97 e8 06 57 80 00 2b 00
03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c
00 74 00 72 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 d4 00 00 00 00 65 00 74 00 72 71 dc d0 4b b8 8b c3 18 91 19 39 8a 00 00 00 00 ee
a4 46 6b 5a a7 aa eb be d0 bc 0b 6d 96 5a 58 00 30 df ac fb a2 fa fc 76 c1 46 b8 23 b0 96 f8 aa ca d3 65 dd 00 30 95 3f 4e df
00 23 21 e1 2a ec 00 07 b4 da c5 d1 65 20 c4 46 f0 18 49 37 ea 62 56 36 e5 f2 1b b2 e2 3f cc 65 4b 1b 5b 40 31 8d 10 d1 37 ab
29 a3 07 01 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 13 a6 a5 df e6 b9 cb b8 75 74 e3 6e 8a 1f 02 5f 7d fa 5d 6e 50 78 1b 5e da 4a a1
09 87 8b 44 ec 76 80 e7 86 75 60 fe bf ed c9 1f af 1a 87 19 1b 5b 0c 8b e7 78 25 7d 16 aa 30 30 e9 e7 84 1d d9 e4 c0 34 22 67
a8 c3 c8 cd 96 2f 88 13 ff 3f 47 96 ae 00 2d 00 02 01 01 00 1c e8 ca 0c af 57 1f b2 b7 cf f0 f9 34 b0 00 2d 00 02 01 01 00 1c
00 02 40 01 00 15 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 01 00 15 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 8f bb complete record (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 b0
74 7c 54 ca 32 cd 2b a9 d9 26 76 15 ca 2d 28 56 8c 44 0d ce 64 b1 c5 a5 aa 37 c5 91 9f 2e d1 d5 c6 ff f7 fc b7 84 97 16 94 5a
e3 4a 3e f6 bc 7e 98 e9 d3 00 00 06 13 01 13 03 13 02 01 00 01 2b 8c ee 92 58 a3 46 67 7b 6f 00 00 06 13 01 13 03 13 02 01 00
cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 01 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 33 00 47 00 45 00 17
41 04 35 8d 1d 9c a8 f6 79 5d fa fd 0d d3 88 14 65 67 20 14 9b 00 41 04 a6 da 73 92 ec 59 1e 17 ab fd 53 59 64 b9 98 94 d1 3b
bc 1b 39 8a a1 46 a2 0f 60 d6 17 db 9f 02 68 3d ac 20 ac 2c 06 ef b2 21 b3 de f2 eb e3 83 0e ac 8f 01 51 81 26 77 c4 d6 d2 23
a3 a5 ef a3 e2 12 49 03 d6 d2 eb a7 65 b4 42 90 1f 15 51 28 f7 7e 85 cf 01 d6 91 0c fb 83 95 4e 76 ba 73 52 83 05 34 15 98 97
e7 0e 06 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 e8 06 57 80 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05
06 02 02 02 00 2c 00 74 00 72 f7 b8 f7 e4 4a 25 b1 e4 15 e3 a1 02 06 02 02 02 00 2c 00 74 00 72 71 dc d0 4b b8 8b c3 18 91 19
d4 00 00 00 00 65 a4 46 6b 5a a7 aa eb be d0 bc 0b 6d 96 5a 58 39 8a 00 00 00 00 ee fa fc 76 c1 46 b8 23 b0 96 f8 aa ca d3 65
00 30 df ac fb a2 00 23 21 e1 2a ec 00 07 b4 da c5 d1 65 20 c4 dd 00 30 95 3f 4e df 62 56 36 e5 f2 1b b2 e2 3f cc 65 4b 1b 5b
46 f0 18 49 37 ea 29 a3 07 01 78 a7 fc 5b 0f f8 3d b3 f6 7d 0c 40 31 8d 10 d1 37 ab cb b8 75 74 e3 6e 8a 1f 02 5f 7d fa 5d 6e
13 a6 a5 df e6 b9 09 87 8b 44 ec 76 80 e7 86 75 60 fe bf ed c9 50 78 1b 5e da 4a a1 5b 0c 8b e7 78 25 7d 16 aa 30 30 e9 e7 84
1f af 1a 87 19 1b a8 c3 c8 cd 96 2f 88 13 ff 3f 47 96 ae 00 2d 1d d9 e4 c0 34 22 67 e8 ca 0c af 57 1f b2 b7 cf f0 f9 34 b0 00
00 02 01 01 00 1c 00 02 40 01 00 15 00 af 00 00 00 00 00 00 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 af 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: 0 (all zero octets)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral P-256 key pair: {server} create an ephemeral P-256 key pair:
private key (32 octets): 22 da f5 8e bd 87 da df 82 8e 6f 8c 5d private key (32 octets): 8c 51 06 01 f9 76 5b fb 8e d6 93 44 9a
c0 43 df 88 be 8b 63 45 02 44 5c 5c 46 3f 4f f4 2d 37 7b 48 98 98 59 b5 cf a8 79 cb 9f 54 43 c4 1c 5f f1 06 34 ed
public key (65 octets): 04 3c ff 48 7b 22 65 d1 42 f8 08 c0 65 ff public key (65 octets): 04 58 3e 05 4b 7a 66 67 2a e0 20 ad 9d 26
32 b1 2c b3 a6 08 58 25 6f 15 cd de 4e 94 6a 3c b6 67 1a a9 65 86 fc c8 5b 5a d4 1a 13 4a 0f 03 ee 72 b8 93 05 2b d8 5b 4c 8d
2c 31 8d 06 ec d6 5c 84 60 04 58 4a d9 79 d5 47 5c 7e 6b 9d 22 e6 77 6f 5b 04 ac 07 d8 35 40 ea b3 e3 d9 c5 47 bc 65 28 c4 31
7a 14 2c 16 da 45 ac 8b d4 7d 29 46 86 09 3a 6c ad 7d
{server} send a ServerHello handshake message {server} construct a ServerHello handshake message
ServerHello (123 octets): 02 00 00 77 03 03 bb 34 1d 84 7f d7 89
c4 7c 38 71 72 dc 0c 9b f1 47 fc ca cb 50 43 d8 6c a4 c5 98 d3
ff 57 1b 98 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 58 3e
05 4b 7a 66 67 2a e0 20 ad 9d 26 86 fc c8 5b 5a d4 1a 13 4a 0f
03 ee 72 b8 93 05 2b d8 5b 4c 8d e6 77 6f 5b 04 ac 07 d8 35 40
ea b3 e3 d9 c5 47 bc 65 28 c4 31 7d 29 46 86 09 3a 6c ad 7d 00
2b 00 02 03 04
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): 65 ab 95 4f 48 f4 18 7d bd 5f 83 6f 63 95 86 5b IKM (32 octets): c1 42 ce 13 ca 11 b5 c2 23 36 52 e6 3a d3 d9 78
87 a4 39 98 ef ae 26 ad 24 4c ba d2 aa 2c e4 69 44 f1 62 1f bf b9 de 69 d5 47 dc 8f ed ea be b4
secret (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa secret (32 octets): ce 02 2e 5e 6e 81 e5 07 36 d7 73 f2 d3 ad fc
b7 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a e8 22 0d 04 9b f5 10 f0 db fa c9 27 ef 42 43 b1 48
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa b7 PRK (32 octets): ce 02 2e 5e 6e 81 e5 07 36 d7 73 f2 d3 ad fc e8
a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a 22 0d 04 9b f5 10 f0 db fa c9 27 ef 42 43 b1 48
hash (32 octets): b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8 03 hash (32 octets): 8a a8 e8 28 ec 2f 8a 88 4f ec 95 a3 13 9d e0 1c
cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5 15 a3 da a7 ff 5b fc 3f 4b fc c2 1b 43 8d 7b f8
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8 61 66 66 69 63 20 8a a8 e8 28 ec 2f 8a 88 4f ec 95 a3 13 9d e0
03 cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5 1c 15 a3 da a7 ff 5b fc 3f 4b fc c2 1b 43 8d 7b f8
output (32 octets): 37 7b ec 72 bf e0 e9 93 89 e5 e9 13 e2 b2 95 expanded (32 octets): 15 8a a7 ab 88 55 07 35 82 b4 1d 67 4b 40
9b f6 22 13 87 0f fb da 69 25 ae 17 ce de 4b 0c 01 55 ca bc c5 34 72 8f 65 93 14 86 1b 4e 08 e2 01 15 66
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa b7 PRK (32 octets): ce 02 2e 5e 6e 81 e5 07 36 d7 73 f2 d3 ad fc e8
a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a 22 0d 04 9b f5 10 f0 db fa c9 27 ef 42 43 b1 48
hash (32 octets): b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8 03 hash (32 octets): 8a a8 e8 28 ec 2f 8a 88 4f ec 95 a3 13 9d e0 1c
cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5 15 a3 da a7 ff 5b fc 3f 4b fc c2 1b 43 8d 7b f8
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 b3 c1 a8 be 98 f4 11 09 a0 ec 84 d6 0a d0 f8 61 66 66 69 63 20 8a a8 e8 28 ec 2f 8a 88 4f ec 95 a3 13 9d e0
03 cc 0e 3c d8 7a b2 9a 67 fc 17 2e 76 ee 96 69 f5 1c 15 a3 da a7 ff 5b fc 3f 4b fc c2 1b 43 8d 7b f8
output (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 expanded (32 octets): 34 03 e7 81 e2 af 7b 65 08 da 28 57 4f 6e
8e 61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7 95 a1 ab f1 62 de 83 a9 79 27 c3 76 72 a4 a0 ce f8 a1
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa b7 PRK (32 octets): ce 02 2e 5e 6e 81 e5 07 36 d7 73 f2 d3 ad fc e8
a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a 22 0d 04 9b f5 10 f0 db fa c9 27 ef 42 43 b1 48
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 32 25 e8 e6 82 c8 0f 84 51 c2 69 99 ca 10 99 expanded (32 octets): ad 1c bc d3 a0 dc 70 53 ee b3 ed 3a 47 90
36 69 68 8d 8c 6f 82 82 e6 94 18 37 5b 7e 10 6d 51 1d 16 a9 fc 63 a7 3c 64 be b5 67 48 1a 7d fb 3a 2c b3
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 32 25 e8 e6 82 c8 0f 84 51 c2 69 99 ca 10 99 36 salt (32 octets): ad 1c bc d3 a0 dc 70 53 ee b3 ed 3a 47 90 1d 16
69 68 8d 8c 6f 82 82 e6 94 18 37 5b 7e 10 6d 51 a9 fc 63 a7 3c 64 be b5 67 48 1a 7d fb 3a 2c b3
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d secret (32 octets): 11 31 54 5d 0b af 79 dd ce 9b 87 f0 69 45 78
f9 a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9 1a 57 dd 18 ef 37 8d cd 20 60 f8 f9 a5 69 02 7e d8
{server} send handshake record: {server} send handshake record:
payload (123 octets): 02 00 00 77 03 03 3f 2c 62 94 55 ca 56 6e payload (123 octets): 02 00 00 77 03 03 bb 34 1d 84 7f d7 89 c4
8e a2 43 7d f8 73 e2 c4 06 bc a6 1a 51 da 4d b6 cb 7e 95 63 7d 7c 38 71 72 dc 0c 9b f1 47 fc ca cb 50 43 d8 6c a4 c5 98 d3 ff
51 42 7e 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 3c ff 48 57 1b 98 00 13 01 00 00 4f 00 33 00 45 00 17 00 41 04 58 3e 05
7b 22 65 d1 42 f8 08 c0 65 ff 32 b1 2c b3 a6 08 58 25 6f 15 cd 4b 7a 66 67 2a e0 20 ad 9d 26 86 fc c8 5b 5a d4 1a 13 4a 0f 03
de 4e 94 6a 3c b6 67 1a a9 65 2c 31 8d 06 ec d6 5c 84 60 04 58 ee 72 b8 93 05 2b d8 5b 4c 8d e6 77 6f 5b 04 ac 07 d8 35 40 ea
4a d9 79 d5 47 5c 7e 6b 9d 22 7a 14 2c 16 da 45 ac 8b d4 00 2b b3 e3 d9 c5 47 bc 65 28 c4 31 7d 29 46 86 09 3a 6c ad 7d 00 2b
00 02 03 04 00 02 03 04
ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 3f 2c complete record (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 bb
62 94 55 ca 56 6e 8e a2 43 7d f8 73 e2 c4 06 bc a6 1a 51 da 4d 34 1d 84 7f d7 89 c4 7c 38 71 72 dc 0c 9b f1 47 fc ca cb 50 43
b6 cb 7e 95 63 7d 51 42 7e 00 13 01 00 00 4f 00 33 00 45 00 17 d8 6c a4 c5 98 d3 ff 57 1b 98 00 13 01 00 00 4f 00 33 00 45 00
00 41 04 3c ff 48 7b 22 65 d1 42 f8 08 c0 65 ff 32 b1 2c b3 a6 17 00 41 04 58 3e 05 4b 7a 66 67 2a e0 20 ad 9d 26 86 fc c8 5b
08 58 25 6f 15 cd de 4e 94 6a 3c b6 67 1a a9 65 2c 31 8d 06 ec 5a d4 1a 13 4a 0f 03 ee 72 b8 93 05 2b d8 5b 4c 8d e6 77 6f 5b
d6 5c 84 60 04 58 4a d9 79 d5 47 5c 7e 6b 9d 22 7a 14 2c 16 da 04 ac 07 d8 35 40 ea b3 e3 d9 c5 47 bc 65 28 c4 31 7d 29 46 86
45 ac 8b d4 00 2b 00 02 03 04 09 3a 6c ad 7d 00 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 8e PRK (32 octets): 34 03 e7 81 e2 af 7b 65 08 da 28 57 4f 6e 95 a1
61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7 ab f1 62 de 83 a9 79 27 c3 76 72 a4 a0 ce f8 a1
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0d d2 f3 46 9c de 17 30 9f c3 0c 61 64 8d key expanded (16 octets): 46 46 bf ac 17 12 c4 26 cd 78 d8 a2 4a
13 b4 8a 6f 6b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 9e 33 da a8 b6 e9 71 d3 ad 89 ce 2c iv expanded (12 octets): c7 d3 95 c0 8d 62 f2 97 d1 37 68 ea
{server} send a EncryptedExtensions handshake message {server} construct a EncryptedExtensions handshake message
{server} send a Certificate handshake message EncryptedExtensions (28 octets): 08 00 00 18 00 16 00 0a 00 08 00
06 00 17 00 18 00 1d 00 1c 00 02 40 01 00 00 00 00
{server} send a CertificateVerify handshake message {server} construct a Certificate handshake message
Certificate (445 octets): 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03
72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17
0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06
03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7
0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f
82 79 30 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26
d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c
1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52
4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74
80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93
ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03
01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06
03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a
72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea
e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01
51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be
c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b
1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8
96 12 29 ac 91 87 b4 2b 4d e1 00 00
{server} construct a CertificateVerify handshake message
CertificateVerify (136 octets): 0f 00 00 84 08 04 00 80 33 ab 13
d4 46 27 07 23 1b 5d ca e6 c8 19 0b 63 d1 da bc 74 f2 8c 39 53
70 da 0b 07 e5 b8 30 66 d0 24 6a 31 ac d9 5d f4 75 bf d7 99 a4
a7 0d 33 ad 93 d3 a3 17 a9 b2 c0 d2 37 a5 68 5b 21 9e 77 41 12
e3 91 a2 47 60 7d 1a ef f1 bb d0 a3 9f 38 2e e1 a5 fe 88 ae 99
ec 59 22 8e 64 97 e4 5d 48 ce 27 5a 6d 5e f4 0d 16 9f b6 f9 d3
3b 05 2e d3 dc dd 6b 5a 48 ba af ff bc b2 90 12 84 15 bd 38
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 8e PRK (32 octets): 34 03 e7 81 e2 af 7b 65 08 da 28 57 4f 6e 95 a1
61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7 ab f1 62 de 83 a9 79 27 c3 76 72 a4 a0 ce f8 a1
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): e2 03 13 64 a4 a5 64 fc 3f f0 da 32 3b 2b 95 expanded (32 octets): e7 f8 bb 3e a4 b6 c3 0c 47 10 b3 d0 9c 33
c3 9b 9a be 54 8a c7 19 e8 16 3d 7c c6 9f b6 6b 4c 13 65 81 17 e7 0b 09 7e 85 03 68 e2 51 0c a5 63 1f 74
{server} send a Finished handshake message finished (32 octets): 88 63 e6 bf b0 42 0a 92 7f a2 7f 34 33 6a
70 ae 42 6e 96 8e 3e b8 84 94 5b 96 85 6d ba 39 76 d1
{server} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 88 63 e6 bf b0 42 0a 92 7f a2
7f 34 33 6a 70 ae 42 6e 96 8e 3e b8 84 94 5b 96 85 6d ba 39 76
d1
{server} send handshake record: {server} send handshake record:
payload (645 octets): 08 00 00 18 00 16 00 0a 00 08 00 06 00 17 payload (645 octets): 08 00 00 18 00 16 00 0a 00 08 00 06 00 17
00 18 00 1d 00 1c 00 02 40 01 00 00 00 00 0b 00 01 b9 00 00 01 00 18 00 1d 00 1c 00 02 40 01 00 00 00 00 0b 00 01 b9 00 00 01
b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30
0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06
03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31
32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30
0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06
skipping to change at page 33, line 14 skipping to change at page 37, line 33
d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7
9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04
02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a
86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27
6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5
94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5
5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70
2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9
b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d
40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00
84 08 04 00 80 6b b7 6f a4 24 aa d9 99 c2 72 49 23 c1 6c 5e 44 84 08 04 00 80 33 ab 13 d4 46 27 07 23 1b 5d ca e6 c8 19 0b 63
6d 47 2e d4 2c e2 0b 66 f6 e3 3c c0 9a b6 84 09 24 30 17 45 f4 d1 da bc 74 f2 8c 39 53 70 da 0b 07 e5 b8 30 66 d0 24 6a 31 ac
48 f8 22 e8 cd b1 e7 1e 74 2f 41 91 8e df a3 37 54 42 11 11 6c d9 5d f4 75 bf d7 99 a4 a7 0d 33 ad 93 d3 a3 17 a9 b2 c0 d2 37
33 3a 36 9f a8 97 61 07 6d d6 71 3a 28 e0 7a 22 4f c6 4d 1f dc a5 68 5b 21 9e 77 41 12 e3 91 a2 47 60 7d 1a ef f1 bb d0 a3 9f
8d 6f 23 01 90 05 36 f4 a9 2c 00 8d 09 9a cb 68 d8 15 9c ff f0 38 2e e1 a5 fe 88 ae 99 ec 59 22 8e 64 97 e4 5d 48 ce 27 5a 6d
ac c3 71 f8 9e 4a f0 19 b2 35 f0 c5 1d 71 a4 21 b8 ca 8d 03 36 5e f4 0d 16 9f b6 f9 d3 3b 05 2e d3 dc dd 6b 5a 48 ba af ff bc
87 00 74 ce 7b 05 8a 14 00 00 20 d2 0d 7e 67 8b 35 c0 03 2e 96 b2 90 12 84 15 bd 38 14 00 00 20 88 63 e6 bf b0 42 0a 92 7f a2
37 6f 7a 49 40 bc f3 20 4b 90 3e cf 90 ed af ec eb 95 f3 02 3d 7f 34 33 6a 70 ae 42 6e 96 8e 3e b8 84 94 5b 96 85 6d ba 39 76
32 d1
ciphertext (667 octets): 17 03 03 02 96 68 9c 22 eb eb c7 1d df complete record (667 octets): 17 03 03 02 96 99 be e2 0b af 5b 7f
1b 02 14 96 5a 39 a0 61 bf 12 af 84 c2 ee 0e 12 13 ae 3e 1c ab c7 27 bf ab 62 23 92 8a 38 1e 6d 0c f9 c4 da 65 3f 9d 2a 7b 23
c0 ce ca c6 06 37 3e 81 eb 3f 61 55 5e e5 a4 58 bf d4 3e db e1 f7 de 11 cc e8 42 d5 cf 75 63 17 63 45 0f fb 8b 0c c1 d2 38 e6
f2 eb 0c b8 28 01 27 9e 02 15 8c 7b 50 3b 86 a1 42 a7 56 c4 1e 58 af 7a 12 ad c8 62 43 11 4a b1 4a 1d a2 fa e4 26 21 ce 48 3f
d2 40 b8 0f e8 c4 b1 93 66 ec f1 ac 3a b7 64 f0 c5 37 7a ef 35 b6 24 2e ab fa ad 52 56 6b 02 b3 1d 2e dd ed ef eb 80 e6 6a 99
6f 27 d6 01 3e af 26 ad bc 72 fc 49 4b 6e bc 9d c2 55 75 44 18 00 d5 f9 73 b4 0c 4f df 74 71 9e cf 1b 68 d7 f9 c3 b6 ce b9 03
38 cf 02 9e 73 05 72 7e f8 0d 7b 7d 51 21 2e d4 d8 8a f5 bc 1a ca 13 dd 1b b8 f8 18 7a e3 34 17 e1 d1 52 52 2c 58 22 a1 a0 3a
80 37 8e 1c 6a 28 8e e5 14 75 7b ea b7 8a 48 af fc 89 7c 49 20 d5 2c 83 8c 55 95 3d 61 02 22 87 4c ce 8e 17 90 b2 29 a2 aa 0b
2c fd ed 99 a7 81 05 cf 87 69 a4 c3 00 1b 81 82 66 67 03 ce c8 53 c8 d3 77 ee 72 01 82 95 1d c6 18 1d c5 d9 0b d1 f0 10 5e d1
0b 15 a2 c4 61 68 f8 cb 44 23 70 e6 1c 4d cd f5 bc c0 25 53 f7 e8 4a a5 f7 59 57 c6 66 18 97 07 9e 5e a5 00 74 49 e3 19 7b dc
50 31 10 11 9f 15 0e 05 94 d5 a3 63 b2 7e 27 72 dc 96 79 24 d3 7c 9b ee ed dd ea fd d8 44 af a5 c3 15 ec fe 65 e5 76 af e9 09
d6 ce b8 6e 7d d0 01 6b 8f 33 92 51 36 e4 69 6c 6d 43 38 4b 31 81 28 80 62 0e c7 04 8b 42 d7 f5 c7 8d 76 f2 99 d6 d8 25 34 bd
12 ec 7c 15 8a f6 88 ce 18 83 26 67 b4 ff fe 2a c4 17 4a 98 eb d8 f5 12 fe bc 0e d3 81 4a ca 47 0c d8 00 0d 3e 1c b9 96 2b 05
fd c9 17 45 1c 96 76 a4 f3 21 f1 65 64 ec 23 90 ba 37 c3 00 b1 2f bb 95 0d f6 83 a5 2c 2b a7 7e d3 71 3b 12 29 37 a6 e5 17 09
e7 a9 da 6c ce b2 ac 0c 45 13 5b 66 84 32 2b b2 34 f9 46 70 2a 64 e2 ab 79 69 dc d9 80 b3 db 9b 45 8d a7 60 31 24 d6 dc 00 5e
c2 42 c7 55 7c 71 f0 ee 65 a6 c9 a7 93 24 d6 94 fe 1f 7f b2 67 4d 6e 04 b4 d0 c4 ba f3 27 5d b8 27 db ba 0a 6d b0 96 72 17 1f
ce 6e 83 22 5c 9f 10 b5 b8 8d db 25 53 5b f6 cc 73 2f c7 da 79 c0 57 b3 85 1d 7e 02 68 41 e2 97 8f bd 23 46 bb ef dd 03 76 bb
b8 09 28 90 82 7a 00 97 11 74 a5 f0 90 30 d0 b9 bb 5f 22 8b 08 11 08 fe 9a cc 92 18 9f 56 50 aa 5e 85 d8 e8 c7 b6 7a c5 10 db
f7 aa 2f 7c 2c 57 ac 9b 7d 69 c8 1d 56 f0 db 07 98 9e 87 4c 4e a0 03 d3 d7 e1 63 50 bb 66 d4 50 13 ef d4 4c 9b 60 7c 0d 31 8c
42 0e d8 32 aa 87 4d 72 c3 c9 36 c0 85 00 f5 aa 3a 9a 9c 8f 76 4c 7d 1a 1f 5c bc 57 e2 06 11 80 4e 37 87 d7 b4 a4 b5 f0 8e d8
f7 41 b7 dc 20 82 ab 8b 8f f4 e7 4e 8b 47 e6 6b 26 fc c6 ff bc fd 70 bd ae ad e0 22 60 b1 2a b8 42 ef 69 0b 4a 3e e7 91 1e 84
9a 68 b0 5b 1a db 37 bf 6e da 22 99 23 ee 4b 40 f6 3c 34 90 c6 1b 37 4e cd 5e bb bc 2a 54 d0 47 b6 00 33 6d d7 d0 c8 8b 4b c1
63 f6 82 f4 12 58 25 5e 94 2a 36 7a cd 0c 7d f9 c8 7e 6a 75 5e 0e 58 ee 6c b6 56 de 72 47 fa 20 d8 e9 1d eb 84 62 86 08 cf 80
53 7e 7e 1a cb ba b7 b1 a4 30 b9 26 75 e4 5c 97 58 14 ed 91 7e 61 5b 62 e9 6c 14 91 c7 ac 37 55 eb 69 01 40 5d 34 74 fe 1a c7
78 30 7a 5f 99 6b 87 47 f4 41 ca 36 93 2d 45 d5 2a 0b b1 48 6a 9d 10 6a 0c ee 56 c2 57 7f c8 84 80 f9 6c b6 b8 c6 81 b7 b6 8b
6f 53 75 0d 01 23 f0 8a d7 70 ca c6 8c 00 d2 84 e3 ac 09 05 80 53 c1 46 09 39 08 f3 50 88 81 75 bd fb 0b 1e 31 ad 61 e3 0b a0
68 ca af d4 f9 ae 46 92 04 01 cb 57 9c c4 67 ad f7 67 80 08 c5 ad fe 6d 22 3a a0 3c 07 83 b5 00 1a 57 58 7c 32 8a 9a fc fc fb
95 32 06 51 e5 8c 92 cc 99 a6 62 9d 5f bd 57 34 ac 3f cc 34 21 97 8d 1c d4 32 8f 7d 9d 60 53 0e 63 0b ef d9 6c 0c 81 6e e2 0b
5d 31 b6 09 d2 c7 86 11 00 f4 70 12 ae 8d dc 40 bd ba b9 fa 72 01 00 76 8a e2 a6 df 51 fc 68 f1 72 74 0a 79 af 11 39 8e e3 be
2a e6 cc 2a bb b8 93 14 fb 06 be 8f 2f 2b cb 65 af 5b 1e ba 49 12 52 49 1f a9 c6 93 47 9e 87 7f 94 ab 7c 5f 8c ad 48 02 03 e6
c5 9e af 94 a1 a0 f9 33 53 f6 e2 fb 84 c9 48 0c cb 35 be 46 cb ab 7b 87 dd 71 e8 a0 72 91 13 df 17 f5 ee e8 6c e1 08 d1 d7 20
cd 3f b4 12 64 87 f0 72 eb d8 e5 62 5d c9 aa e7 b0 7b 93 e8 de 07 ec 1c d1 3c 85 a6 c1 49 62 1e 77 b7 d7 8d 80 5a 30 f0 be 03
34 21 6f 0c 31 5e 54
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9 PRK (32 octets): 11 31 54 5d 0b af 79 dd ce 9b 87 f0 69 45 78 1a
a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9 57 dd 18 ef 37 8d cd 20 60 f8 f9 a5 69 02 7e d8
hash (32 octets): 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa hash (32 octets): 50 f6 3c bf 36 b0 dd 04 9e 7a 0b a2 7d 64 55 74
33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e 5e a2 aa ac 54 bb 16 7f 99 50 b2 b7 ce 95 09 da
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 61 66 66 69 63 20 50 f6 3c bf 36 b0 dd 04 9e 7a 0b a2 7d 64 55
fa 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e 74 5e a2 aa ac 54 bb 16 7f 99 50 b2 b7 ce 95 09 da
output (32 octets): f3 72 b2 bf 29 76 71 90 a8 e0 fd 31 33 47 d8 expanded (32 octets): 75 ec f4 b9 72 52 5a a0 dc d0 57 c9 94 4d
15 14 2c 37 76 3d c1 00 78 71 91 1f 7b 5c 31 0d 40 4c d5 d8 26 71 d8 84 31 41 d7 dc 2a 4f f1 5a 21 dc 51
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9 PRK (32 octets): 11 31 54 5d 0b af 79 dd ce 9b 87 f0 69 45 78 1a
a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9 57 dd 18 ef 37 8d cd 20 60 f8 f9 a5 69 02 7e d8
hash (32 octets): 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa hash (32 octets): 50 f6 3c bf 36 b0 dd 04 9e 7a 0b a2 7d 64 55 74
33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e 5e a2 aa ac 54 bb 16 7f 99 50 b2 b7 ce 95 09 da
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 61 66 66 69 63 20 50 f6 3c bf 36 b0 dd 04 9e 7a 0b a2 7d 64 55
fa 33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e 74 5e a2 aa ac 54 bb 16 7f 99 50 b2 b7 ce 95 09 da
output (32 octets): a8 b8 89 78 fb a9 0f 05 7c 52 c6 77 6a 01 1a expanded (32 octets): 5c 74 f8 7d f0 42 25 db 0f 82 09 c9 de 64
d5 64 bc 4d 38 ee 6c d7 45 4b a2 21 c2 89 10 08 7a 29 e4 94 35 fd ef a7 ca d6 18 64 87 4d 12 f3 1c fc 8d
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9 PRK (32 octets): 11 31 54 5d 0b af 79 dd ce 9b 87 f0 69 45 78 1a
a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9 57 dd 18 ef 37 8d cd 20 60 f8 f9 a5 69 02 7e d8
hash (32 octets): 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa hash (32 octets): 50 f6 3c bf 36 b0 dd 04 9e 7a 0b a2 7d 64 55 74
33 9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e 5e a2 aa ac 54 bb 16 7f 99 50 b2 b7 ce 95 09 da
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 6c 45 a9 b1 b6 a9 d8 18 94 52 79 25 8e cc 16 fa 33 74 65 72 20 50 f6 3c bf 36 b0 dd 04 9e 7a 0b a2 7d 64 55 74 5e
9c e6 c6 37 17 56 1c 67 ee b2 ca 27 dc d0 0e a2 aa ac 54 bb 16 7f 99 50 b2 b7 ce 95 09 da
output (32 octets): de e8 d9 7e ec e8 97 93 e4 5d 63 b4 10 18 88 expanded (32 octets): 7c 06 d3 ae 10 6a 3a 37 4a ce 48 37 b3 98
df 06 a4 d3 63 c9 d8 ff af ef 2e bd 10 64 4d bc 42 5c ac 67 78 0a 6e 2c 5c 04 b5 83 19 d5 84 df 09 d2 23
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): a8 b8 89 78 fb a9 0f 05 7c 52 c6 77 6a 01 1a d5 PRK (32 octets): 5c 74 f8 7d f0 42 25 db 0f 82 09 c9 de 64 29 e4
64 bc 4d 38 ee 6c d7 45 4b a2 21 c2 89 10 08 7a 94 35 fd ef a7 ca d6 18 64 87 4d 12 f3 1c fc 8d
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): df 25 5c 0d f2 0f 01 26 2c 77 1c b8 74 67 key expanded (16 octets): f2 7a 5d 97 bd 25 55 0c 48 23 b0 f3 e5
7b 4a d2 93 88
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 90 89 9d 4b ab a4 31 d1 e3 1b f7 02 iv expanded (12 octets): 0d d6 31 f7 b7 1c bb c7 97 c3 5f e7
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 37 7b ec 72 bf e0 e9 93 89 e5 e9 13 e2 b2 95 9b PRK (32 octets): 15 8a a7 ab 88 55 07 35 82 b4 1d 67 4b 40 55 ca
f6 22 13 87 0f fb da 69 25 ae 17 ce de 4b 0c 01 bc c5 34 72 8f 65 93 14 86 1b 4e 08 e2 01 15 66
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 67 b6 7b 0d c0 12 44 92 42 dd ad ff c0 b1 key expanded (16 octets): 2f 1f 91 86 63 d5 90 e7 42 11 49 a2 9d
7c 7e 94 b0 b6
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv expanded (12 octets): 41 4d 54 85 23 5e 1a 68 87 93 bd 74
iv output (12 octets): 52 ac 28 15 2f f3 e1 26 02 60 08 cb {client} extract secret "early" (same as server early secret)
{client} extract secret "early":
salt: (absent)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): 65 ab 95 4f 48 f4 18 7d bd 5f 83 6f 63 95 86 5b
87 a4 39 98 ef ae 26 ad 24 4c ba d2 aa 2c e4 69
secret (32 octets): 86 69 c5 a3 9b 4a fb fb 02 93 d4 a7 20 0f aa {client} extract secret "handshake" (same as server handshake
b7 a4 95 e9 3a 7a c3 3f 8a c5 16 24 20 04 df 28 7a secret)
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server master secret)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 19 93 fc e3 6b d1 f0 4e c1 0d 14 b6 9d 3e 12 8e
61 35 d5 1f 62 5e 14 b7 a6 c2 15 4c 63 80 21 a7
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 0d d2 f3 46 9c de 17 30 9f c3 0c 61 64 8d
13 b4
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 9e 33 da a8 b6 e9 71 d3 ad 89 ce 2c {client} derive read traffic keys for handshake data (same as server
handshake data write traffic keys)
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server handshake data read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server application data write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 37 7b ec 72 bf e0 e9 93 89 e5 e9 13 e2 b2 95 9b PRK (32 octets): 15 8a a7 ab 88 55 07 35 82 b4 1d 67 4b 40 55 ca
f6 22 13 87 0f fb da 69 25 ae 17 ce de 4b 0c 01 bc c5 34 72 8f 65 93 14 86 1b 4e 08 e2 01 15 66
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 19 4b 6b 62 26 c8 11 3f e1 24 2a 2b 08 9d 39 expanded (32 octets): 81 be 41 31 fb b9 b6 f4 47 14 50 84 6f 74
9a 26 83 ee 49 68 d9 ff 9b de c3 dd df 25 83 a0 a6 fd 1e 68 c5 22 4b a7 c2 a8 67 7f 5c 53 ad 22 6f dc 13
{client} send a Finished handshake message finished (32 octets): 23 f5 2f db 07 09 a5 5b d7 f7 9b 99 1f 25
48 40 87 bc fd 4d 43 80 b1 23 26 a5 2a 28 b2 e3 68 e1
{client} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 23 f5 2f db 07 09 a5 5b d7 f7
9b 99 1f 25 48 40 87 bc fd 4d 43 80 b1 23 26 a5 2a 28 b2 e3 68
e1
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 a7 da 09 8b 9b 26 83 71 64 64 1f payload (36 octets): 14 00 00 20 23 f5 2f db 07 09 a5 5b d7 f7 9b
9d 0d 1b de c6 e8 eb 48 35 6b e7 c0 b1 7b 6d 19 4b 4b 8f a1 fd 99 1f 25 48 40 87 bc fd 4d 43 80 b1 23 26 a5 2a 28 b2 e3 68 e1
ciphertext (58 octets): 17 03 03 00 35 87 b5 65 69 20 5c c2 cc c4 complete record (58 octets): 17 03 03 00 35 d7 4f 19 23 c6 62 fd
53 67 58 88 e4 d8 79 1c 5d cf f4 26 cf 1a 88 57 84 50 54 bf 28 34 13 7c 6f 50 2f 3d d2 b9 3d 95 1d 1b 3b c9 7e 42 af e2 3c 31
37 3b 9a 8e d0 99 e1 e8 31 77 fb da 25 b3 78 7a ae 3c e1 f1 a0 ab ea 92 fe 91 b4 74 99 9e 85 e3 b7 91 ce 25 2f e8 c3 e9 f9 39
a7 af a4 12 0c b2
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): f3 72 b2 bf 29 76 71 90 a8 e0 fd 31 33 47 d8 15 PRK (32 octets): 75 ec f4 b9 72 52 5a a0 dc d0 57 c9 94 4d 4c d5
14 2c 37 76 3d c1 00 78 71 91 1f 7b 5c 31 0d 40 d8 26 71 d8 84 31 41 d7 dc 2a 4f f1 5a 21 dc 51
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 06 ea a9 34 99 1d 0b 76 0d 56 9f 8e bb 79 key expanded (16 octets): a7 eb 2a 05 25 eb 43 31 d5 8f cb f9 f7
22 8b ca 2e 9c
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 87 c0 5d f1 e8 a1 87 ba 4f e3 28 b3 iv expanded (12 octets): 86 e8 be 22 7c 1b d2 b3 e3 9c b4 44
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): a6 57 77 cf ab f2 b2 7d fc 68 75 6f 4e fd 2d f9 PRK (32 octets): 11 31 54 5d 0b af 79 dd ce 9b 87 f0 69 45 78 1a
a3 ff 0d c3 2e c3 0e 62 5f 2e 7e 18 14 a4 d2 b9 57 dd 18 ef 37 8d cd 20 60 f8 f9 a5 69 02 7e d8
hash (32 octets): f6 d2 e9 99 c9 ce 6e 62 67 b3 83 3d d9 10 cd 91 hash (32 octets): 0e 8b 34 91 58 b8 55 fd cd 0c 11 db bc 4e 83 e4
92 4a f6 89 00 66 d8 51 bd 9e f2 01 65 6c d6 c8 3c aa 6e 48 3c 6c 65 df 53 15 18 88 e5 01 65 f4
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 f6 d2 e9 99 c9 ce 6e 62 67 b3 83 3d d9 10 cd 91 92 74 65 72 20 0e 8b 34 91 58 b8 55 fd cd 0c 11 db bc 4e 83 e4 3c
4a f6 89 00 66 d8 51 bd 9e f2 01 65 6c d6 c8 aa 6e 48 3c 6c 65 df 53 15 18 88 e5 01 65 f4
output (32 octets): 1f 63 61 ef 0f 9d fe 19 ac 0f eb 5d 87 51 5f expanded (32 octets): 09 17 0c 6d 47 27 21 56 6f 9c f9 9b 08 69
ad 41 92 67 6b 79 61 ea 85 fc 2b 31 ba a0 c1 1f fa 9d af f5 61 ec 8f b2 2d 5a 32 c3 f9 4c e0 09 b6 99 75
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client application data write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 a1 93 82 ba 6a cc c4 d0 df complete record (24 octets): 17 03 03 00 13 2e a6 cd f7 49 19 60
e3 46 c6 5b b3 ff 01 95 6f 26 23 e2 b3 a4 94 91 69 55 36 42 60 47
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 6a c7 95 b6 5c a3 13 33 30 complete record (24 octets): 17 03 03 00 13 51 9f c5 07 5c b0 88
22 5c c3 a8 0b 28 f2 39 d2 e9 43 49 75 9f f9 ef 6f 01 1b b4 c6 f2
6. Client Authentication 6. Client Authentication
In this example, the server requests client authentication. The In this example, the server requests client authentication. The
client uses a certificate with an RSA key, the server uses an ECDSA client uses a certificate with an RSA key, the server uses an ECDSA
certificate with a P-256 key. Note that private keys for this certificate with a P-256 key. Note that private keys for the
example are not included in the draft. certificates used this example are not shown.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 51 51 41 c1 11 7c f2 f1 81 f0 63 41 08 private key (32 octets): c0 40 b2 bb 8f 3a dd d2 0f d4 05 8c 54
da 12 41 26 df 69 36 21 2b b4 8c 0a 48 b6 86 4d 14 8a 35 70 03 a3 c6 f9 c1 cd 91 5d 5e 53 5c 87 d8 d1 91 aa f0 71
public key (32 octets): 8e 61 95 b8 3b ea 47 57 fc 4f c5 c9 cc 73 public key (32 octets): 08 9c c2 67 1f 73 8d 9a 67 1e 5b 2e 46 49
2b 87 10 c0 fe 12 1f dc 3b 46 53 85 0e c0 68 bd 6a 03 81 d0 5b 76 e3 61 aa 22 ae a9 1f 1d 49 ca 10 a7 a3 62
{client} send a ClientHello handshake message {client} construct a ClientHello handshake message
ClientHello (192 octets): 01 00 00 bc 03 03 6a 47 22 36 32 8b 83
af 40 38 6d 3a 3e 1f 1c e6 24 fa 4e d8 9a b8 65 a4 ff 0f 41 44
ce 3a e2 33 00 00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b
00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33
00 26 00 24 00 1d 00 20 08 9c c2 67 1f 73 8d 9a 67 1e 5b 2e 46
49 81 d0 5b 76 e3 61 aa 22 ae a9 1f 1d 49 ca 10 a7 a3 62 00 2b
00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04
08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00
2d 00 02 01 01 00 1c 00 02 40 01
{client} send handshake record: {client} send handshake record:
payload (192 octets): 01 00 00 bc 03 03 72 be 9e 03 79 d1 64 11 payload (192 octets): 01 00 00 bc 03 03 6a 47 22 36 32 8b 83 af
d3 5d a6 b5 56 16 bc 37 5d a6 40 55 2b ca 71 9d ae 41 90 f3 94 40 38 6d 3a 3e 1f 1c e6 24 fa 4e d8 9a b8 65 a4 ff 0f 41 44 ce
39 d8 5a 00 00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b 00 3a e2 33 00 00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
26 00 24 00 1d 00 20 8e 61 95 b8 3b ea 47 57 fc 4f c5 c9 cc 73 26 00 24 00 1d 00 20 08 9c c2 67 1f 73 8d 9a 67 1e 5b 2e 46 49
2b 87 10 c0 fe 12 1f dc 3b 46 53 85 0e c0 68 bd 6a 03 00 2b 00 81 d0 5b 76 e3 61 aa 22 ae a9 1f 1d 49 ca 10 a7 a3 62 00 2b 00
03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d
00 02 01 01 00 1c 00 02 40 01 00 02 01 01 00 1c 00 02 40 01
ciphertext (197 octets): 16 03 01 00 c0 01 00 00 bc 03 03 72 be complete record (197 octets): 16 03 01 00 c0 01 00 00 bc 03 03 6a
9e 03 79 d1 64 11 d3 5d a6 b5 56 16 bc 37 5d a6 40 55 2b ca 71 47 22 36 32 8b 83 af 40 38 6d 3a 3e 1f 1c e6 24 fa 4e d8 9a b8
9d ae 41 90 f3 94 39 d8 5a 00 00 06 13 01 13 03 13 02 01 00 00 65 a4 ff 0f 41 44 ce 3a e2 33 00 00 06 13 01 13 03 13 02 01 00
8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02
03 01 04 00 33 00 26 00 24 00 1d 00 20 8e 61 95 b8 3b ea 47 57 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 08 9c c2 67 1f 73 8d
fc 4f c5 c9 cc 73 2b 87 10 c0 fe 12 1f dc 3b 46 53 85 0e c0 68 9a 67 1e 5b 2e 46 49 81 d0 5b 76 e3 61 aa 22 ae a9 1f 1d 49 ca
bd 6a 03 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 10 a7 a3 62 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05
06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: 0 (all zero octets)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 82 0f ba 6b 13 3f a3 bb 45 4e a0 fe 61 private key (32 octets): 73 82 a5 ad 1c dd 20 56 ae 18 cc 70 8b
7e 50 3a 74 c3 09 b3 82 28 07 71 7d e1 ee 3f ee 17 27 57 d0 07 d9 81 30 db e2 cd 4d 9e ad 9b 96 95 2b ec bb 08 88
public key (32 octets): 23 dc 3e 49 2e c4 56 63 c3 ad b5 17 ec 8e public key (32 octets): 6c 2e 50 e8 65 91 9a 6b 5a 12 df af 91 8f
ef a6 5b 76 c0 cf 21 21 f4 af f5 09 50 0c 05 19 7f 0a 92 b4 42 56 7b 0f 89 bc 54 47 8c 69 21 36 66 58 f0 62
{server} send a ServerHello handshake message {server} construct a ServerHello handshake message
ServerHello (90 octets): 02 00 00 56 03 03 3b 50 fd f1 c3 d5 72
e4 0e 68 95 3e 7f ff 4e 27 58 45 9c 59 af a0 58 2c 0e a0 32 87
42 55 fe 6e 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 6c 2e 50
e8 65 91 9a 6b 5a 12 df af 91 8f 92 b4 42 56 7b 0f 89 bc 54 47
8c 69 21 36 66 58 f0 62 00 2b 00 02 03 04
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): b2 0d 9a cb a0 e0 38 1d 9f f5 1e 9d 7c b8 ba 18 IKM (32 octets): 7d c1 14 f6 47 5d fa 79 77 be 73 6e f7 cb eb c4
a9 ba 63 7e e5 93 08 13 da 7f f8 62 e6 62 44 45 8c 70 32 9e 8e 9a 74 b4 d7 03 3c 43 f9 59 7d 4f
secret (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a secret (32 octets): d9 95 24 36 74 fb 64 00 d7 d3 7b c0 e9 86 1b
e4 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6 db d9 ed 09 56 01 dc f2 99 48 74 f2 80 3d e2 2e 39
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a e4 PRK (32 octets): d9 95 24 36 74 fb 64 00 d7 d3 7b c0 e9 86 1b db
bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6 d9 ed 09 56 01 dc f2 99 48 74 f2 80 3d e2 2e 39
hash (32 octets): 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c b7 hash (32 octets): 88 eb c0 42 bd 0d 5a 64 3b 22 fc a7 a4 7d ef d4
33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c 00 7d fe 18 49 49 a6 26 1c 59 6c 4e 00 2a 74 a2
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c 61 66 66 69 63 20 88 eb c0 42 bd 0d 5a 64 3b 22 fc a7 a4 7d ef
b7 33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c d4 00 7d fe 18 49 49 a6 26 1c 59 6c 4e 00 2a 74 a2
output (32 octets): 23 03 a8 1a 55 a9 e2 92 d3 23 cd c8 9a b2 dd expanded (32 octets): ce c7 a3 0c 68 72 07 0f 22 a7 ee b0 65 76
a1 63 40 f8 4f d9 dd 99 5c 72 50 c3 3e d3 82 b2 db 8d b6 7c 45 e2 95 33 db 87 99 08 ce 6d c6 6f 59 11 de
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a e4 PRK (32 octets): d9 95 24 36 74 fb 64 00 d7 d3 7b c0 e9 86 1b db
bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6 d9 ed 09 56 01 dc f2 99 48 74 f2 80 3d e2 2e 39
hash (32 octets): 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c b7 hash (32 octets): 88 eb c0 42 bd 0d 5a 64 3b 22 fc a7 a4 7d ef d4
33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c 00 7d fe 18 49 49 a6 26 1c 59 6c 4e 00 2a 74 a2
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 58 7e dd f9 47 f8 d1 4f e6 32 6b 07 c3 11 0c 61 66 66 69 63 20 88 eb c0 42 bd 0d 5a 64 3b 22 fc a7 a4 7d ef
b7 33 89 d7 ba ed de 2f e3 04 7d 77 20 19 90 2e 4c d4 00 7d fe 18 49 49 a6 26 1c 59 6c 4e 00 2a 74 a2
output (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 expanded (32 octets): 8b 02 d3 c0 04 42 a2 72 2c 40 98 eb e8 67
35 ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5 5b 23 e8 01 51 0f 0d 7e d7 78 d8 eb 0b 8f 42 a1 9a 5e
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a e4 PRK (32 octets): d9 95 24 36 74 fb 64 00 d7 d3 7b c0 e9 86 1b db
bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6 d9 ed 09 56 01 dc f2 99 48 74 f2 80 3d e2 2e 39
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): cc c4 24 b2 2c e3 72 2a 86 5e 45 b8 fc 1c 98 expanded (32 octets): 74 57 55 26 b0 7c 81 a9 c1 b1 7e 6b 34 e0
a6 36 9a 61 15 15 15 bb c8 4d f5 f7 3f e1 c5 e7 fe e6 d0 84 74 7a 61 f3 96 f5 97 eb b9 2c 07 36 ec 60 e8
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): cc c4 24 b2 2c e3 72 2a 86 5e 45 b8 fc 1c 98 a6 salt (32 octets): 74 57 55 26 b0 7c 81 a9 c1 b1 7e 6b 34 e0 e6 d0
36 9a 61 15 15 15 bb c8 4d f5 f7 3f e1 c5 e7 fe 84 74 7a 61 f3 96 f5 97 eb b9 2c 07 36 ec 60 e8
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 secret (32 octets): 57 c1 5d 7b 9d 44 1b 3d 40 a9 c6 ea 8a 3d 73
53 dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1 0e 07 b3 a1 ea 7a 33 39 ed 70 70 b9 a7 4a 3f 4f 28
{server} send handshake record: {server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 ed 3b 39 8e d9 27 26 f8 9e payload (90 octets): 02 00 00 56 03 03 3b 50 fd f1 c3 d5 72 e4 0e
ac 52 ea 27 89 c1 00 9d d6 e2 5f 9f 3e c0 f4 00 3d a5 20 93 e4 68 95 3e 7f ff 4e 27 58 45 9c 59 af a0 58 2c 0e a0 32 87 42 55
c9 34 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 23 dc 3e 49 2e fe 6e 00 13 01 00 00 2e 00 33 00 24 00 1d 00 20 6c 2e 50 e8 65
c4 56 63 c3 ad b5 17 ec 8e ef a6 5b 76 c0 cf 21 21 f4 af f5 09 91 9a 6b 5a 12 df af 91 8f 92 b4 42 56 7b 0f 89 bc 54 47 8c 69
50 0c 05 19 7f 0a 00 2b 00 02 03 04 21 36 66 58 f0 62 00 2b 00 02 03 04
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 ed 3b 39 complete record (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 3b
8e d9 27 26 f8 9e ac 52 ea 27 89 c1 00 9d d6 e2 5f 9f 3e c0 f4 50 fd f1 c3 d5 72 e4 0e 68 95 3e 7f ff 4e 27 58 45 9c 59 af a0
00 3d a5 20 93 e4 c9 34 00 13 01 00 00 2e 00 33 00 24 00 1d 00 58 2c 0e a0 32 87 42 55 fe 6e 00 13 01 00 00 2e 00 33 00 24 00
20 23 dc 3e 49 2e c4 56 63 c3 ad b5 17 ec 8e ef a6 5b 76 c0 cf 1d 00 20 6c 2e 50 e8 65 91 9a 6b 5a 12 df af 91 8f 92 b4 42 56
21 21 f4 af f5 09 50 0c 05 19 7f 0a 00 2b 00 02 03 04 7b 0f 89 bc 54 47 8c 69 21 36 66 58 f0 62 00 2b 00 02 03 04
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 35 PRK (32 octets): 8b 02 d3 c0 04 42 a2 72 2c 40 98 eb e8 67 5b 23
ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5 e8 01 51 0f 0d 7e d7 78 d8 eb 0b 8f 42 a1 9a 5e
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 61 a2 08 f9 c7 7f 35 96 9e 7f 1e 0e a2 75 key expanded (16 octets): 6c b6 e6 06 19 d8 c7 35 5c 5d 4c 4b c2
4c 92 be 90 d5
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 08 a7 d2 9a d2 4b bf 51 1e a2 dd 45 iv expanded (12 octets): 64 f2 39 53 0c 3b 88 8f de 85 e0 be
{server} send a EncryptedExtensions handshake message {server} construct a EncryptedExtensions handshake message
{server} send a CertificateRequest handshake message EncryptedExtensions (40 octets): 08 00 00 24 00 22 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c
00 02 40 01 00 00 00 00
{server} send a Certificate handshake message {server} construct a CertificateRequest handshake message
{server} send a CertificateVerify handshake message CertificateRequest (43 octets): 0d 00 00 27 00 00 24 00 0d 00 20
00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06
01 02 01 04 02 05 02 06 02 02 02
{server} construct a Certificate handshake message
Certificate (319 octets): 0b 00 01 3b 00 00 01 37 00 01 32 30 82
01 2e 30 81 d5 a0 03 02 01 02 02 01 07 30 0a 06 08 2a 86 48 ce
3d 04 03 02 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 63 64 73
61 32 35 36 30 1e 17 0d 31 36 30 37 33 30 30 31 32 34 30 30 5a
17 0d 32 36 30 37 33 30 30 31 32 34 30 30 5a 30 13 31 11 30 0f
06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 59 30 13 06 07
2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04
08 d5 30 16 15 75 f4 cf e7 f1 54 ee 34 48 18 00 86 00 1e 88 43
1a 79 ee 62 ee 6e 2f 83 ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4
d2 f5 b5 6d 1f 04 ec e4 5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d
d0 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55
1d 0f 04 04 03 02 07 80 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03
48 00 30 45 02 21 00 df 30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4
79 ca 69 3f ee ca 3b 71 b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62
e2 a4 72 50 d3 20 fe a8 3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db
d1 3f ee 94 6e 51 3e 01 1d 11 00 00
{server} construct a CertificateVerify handshake message
CertificateVerify (79 octets): 0f 00 00 4b 04 03 00 47 30 45 02
21 00 d7 a4 d3 4b d5 4f 55 fe e1 a8 96 25 67 8c 3d d5 e5 f6 0d
ac 73 ec 94 0c 5c 7b 93 04 a0 20 84 a9 02 20 28 9f 59 5e d4 88
b9 ac 68 9a 3d 19 2b 1a 8b b3 8f 34 af 78 74 c0 59 c9 80 6a 1f
38 26 93 53 e8
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 35 PRK (32 octets): 8b 02 d3 c0 04 42 a2 72 2c 40 98 eb e8 67 5b 23
ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5 e8 01 51 0f 0d 7e d7 78 d8 eb 0b 8f 42 a1 9a 5e
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 9f 46 ac 32 80 c8 66 da b9 27 45 b6 af ec 7c expanded (32 octets): 4e 79 5c de 23 9d 5e 19 0e ae 44 1b 9e 71
b3 5a 58 1a 4a 6c 8e 5e 09 a4 9c 96 d0 ad 30 2e 34 6e eb 13 85 49 05 8c db 76 fa 9a ee af 54 8a ef 56 3e
{server} send a Finished handshake message finished (32 octets): 93 b7 0c df 47 81 98 5b 96 34 5c aa c7 01
b4 e7 50 d3 04 2d f1 a6 89 d8 fa ca 81 22 51 11 3c 11
{server} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 93 b7 0c df 47 81 98 5b 96 34
5c aa c7 01 b4 e7 50 d3 04 2d f1 a6 89 d8 fa ca 81 22 51 11 3c
11
{server} send handshake record: {server} send handshake record:
payload (516 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d payload (517 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40
01 00 00 00 00 0d 00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 01 00 00 00 00 0d 00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05
03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02
05 02 06 02 02 02 0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 05 02 06 02 02 02 0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e
30 81 d5 a0 03 02 01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 30 81 d5 a0 03 02 01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04
03 02 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 03 02 30 13 31 11 30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32
35 36 30 1e 17 0d 31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 35 36 30 1e 17 0d 31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d
32 36 30 37 33 30 30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 32 36 30 37 33 30 30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03
55 04 03 13 08 65 63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 55 04 03 13 08 65 63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86
48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5
30 16 15 75 f4 cf e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 30 16 15 75 f4 cf e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79
ee 62 ee 6e 2f 83 ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 ee 62 ee 6e 2f 83 ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5
b5 6d 1f 04 ec e4 5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 b5 6d 1f 04 ec e4 5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3
1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f
04 04 03 02 07 80 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 04 04 03 02 07 80 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00
30 45 02 21 00 df 30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 30 45 02 21 00 df 30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca
69 3f ee ca 3b 71 b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 69 3f ee ca 3b 71 b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4
72 50 d3 20 fe a8 3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f 72 50 d3 20 fe a8 3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f
ee 94 6e 51 3e 01 1d 11 00 00 0f 00 00 4a 04 03 00 46 30 44 02 ee 94 6e 51 3e 01 1d 11 00 00 0f 00 00 4b 04 03 00 47 30 45 02
20 4e c5 5a 94 22 b9 26 82 ac f6 01 da 8e ad dc a8 43 17 0c 52 21 00 d7 a4 d3 4b d5 4f 55 fe e1 a8 96 25 67 8c 3d d5 e5 f6 0d
94 cb b0 92 64 60 09 a2 22 8f c6 3d 02 20 33 61 b0 78 aa 93 db ac 73 ec 94 0c 5c 7b 93 04 a0 20 84 a9 02 20 28 9f 59 5e d4 88
6e 9c 22 ad f1 88 5b 9e 0a 3e d4 ec dd 5c ef dc ce 63 f9 99 84 b9 ac 68 9a 3d 19 2b 1a 8b b3 8f 34 af 78 74 c0 59 c9 80 6a 1f
82 0b 23 ee 14 00 00 20 65 0d bb 4b 5a 6a ce 4e 23 5c 3a 3a 39 38 26 93 53 e8 14 00 00 20 93 b7 0c df 47 81 98 5b 96 34 5c aa
06 09 41 fc 25 37 58 6e 9b 56 27 2e 5f d1 31 ca 1f d2 74 c7 01 b4 e7 50 d3 04 2d f1 a6 89 d8 fa ca 81 22 51 11 3c 11
ciphertext (538 octets): 17 03 03 02 15 3a cf 25 29 62 4c 10 c3 complete record (539 octets): 17 03 03 02 16 6d 0a 7a c0 79 b3 2a
30 42 26 01 83 6e f0 93 ef ff c9 21 c2 60 9e 77 58 42 c4 65 ea 94 aa 68 c4 e2 89 3e 8b d0 d3 c1 85 f5 49 c2 36 fb bc e3 d6 47
a3 2c ca 23 34 06 4c 8d d8 53 96 ba 07 a8 6b d0 83 28 bc 07 e1 f0 8f 3c 94 a2 bf 42 4d 87 08 88 36 05 ad 89 55 f9 77 18 b0 21
f8 96 9d 93 09 68 79 a8 ee d4 af 92 e3 e3 ea 74 63 28 d6 40 22 3d ea d1 3d fb 23 eb b8 38 1d a5 82 75 66 12 bc b5 a5 d4 08 47
04 a5 9c a9 9c a8 2d 42 18 f0 85 10 60 ab ca 1e d6 c9 24 d6 49 71 9f be 9f 17 9b fa e6 56 f3 ec fd 59 a4 c0 d3 51 32 ce 41 8a
a1 6f 4c 5f 59 37 a6 de dd 36 de aa b7 25 ff 5c ab 8d 05 10 cc 7e 46 f6 b6 a6 06 22 f8 a6 c0 6b 28 d8 33 60 16 35 63 be 9c 37
4d a2 c4 b7 57 7a 06 2a f1 5a 89 f7 ca 9f 8e ae 62 cf ea 55 6c f9 7e b9 02 32 69 24 a7 2b 3e d8 c8 38 12 77 d1 58 1c ab 9c 37
c0 51 be ed c6 db ac 7f b2 1d a9 10 e7 07 5b 39 7c 32 f7 a5 a5 15 ac 24 01 39 84 67 ad 7e bf ab 3d 0c 34 19 e7 50 10 4f 7d 62
0c e7 e8 22 9a 7c f5 db 31 8e f9 be 2a af 45 04 0d 15 96 aa 72 c5 02 79 01 f2 e4 cd 4c a5 b8 07 1e b0 3d 3c 73 2d 83 21 50 66
d7 99 81 3b 79 37 db 78 dc cc df 5c 1a b0 bb ad 95 29 34 f2 a8 df c4 d2 91 d4 c1 ff 3b 8d 7e 42 98 f6 77 d4 d5 1d ea 11 68 d8
e3 0f e2 60 2b 72 d0 11 8e fb 24 02 0c 0f 35 b1 4c bd af 1a b6 f1 6c b2 7b a4 02 66 31 3a 1f ed f9 e2 3c c7 7f 76 54 50 f9 e9
9e 3e 6b a9 f5 1c db 02 9a 88 11 0d 97 59 26 af f0 ba 32 b2 15 6f 05 d0 8f 3d a2 45 b1 4d 49 46 f0 7e c8 1e ed 6d 56 f2 6b d5
1b a6 52 db 21 ed eb a4 6e ba 90 f0 d5 51 8c e1 1c 9e 48 61 34 74 f0 b7 f7 c7 04 70 37 c1 6f ce 3b 23 75 4e 66 2f ad 73 e2 b7
ee 18 6e 98 f2 0c 06 67 93 19 5a 16 7a 38 f9 ae 57 2d 66 4b 84 21 3f 6a f2 96 76 9c 99 a1 d3 8e 62 32 e0 ec 8d c4 f8 4d 6a a6
46 09 36 ca f7 fd 83 58 33 0a 99 a0 41 b5 d6 3d db 52 2a e4 20 f7 de 38 87 be 00 57 86 2f 90 18 e0 ab 39 67 05 aa 40 90 ab 5f
bd 46 e0 7a b1 da 63 4f 43 d3 c2 d6 46 cf df 0d 07 cc e4 1e ed 2d ff 63 25 a5 57 e7 32 0d 4e ff d4 6b b4 f9 97 d1 63 20 7c ce
c7 98 a0 ad 3d 98 51 52 40 48 0c 02 13 b1 87 37 2d 8d a1 d3 aa 66 65 29 4a a4 46 55 41 e3 fe 37 ee 73 50 65 9e a5 50 d6 dc b6
42 9f f8 20 94 34 b0 a5 a1 44 8c d6 30 1e c6 37 5e 5f f6 d9 26 af 3c 51 88 52 c7 a1 4c 3c c1 5b c3 2b 32 73 bd f1 75 1d a1 84
55 d1 ae 13 49 97 ef 3b 97 34 f3 89 6e 5d 2f b4 ce 0c 90 d8 d9 20 31 35 b1 17 d3 00 20 4f b1 2d 58 ca 9a c3 4b 68 ec a2 70 30
ea b9 67 da f2 0f 95 05 71 2e e3 6a 33 48 6f 05 72 2a 0b 9f a7 83 2f 7a 4b 46 d2 a5 57 57 f6 3f e8 f6 e8 5a c4 74 69 e6 19 8d
d8 f6 77 bd 9b 2a b2 45 97 ff 68 0b 2d 51 e7 20 f1 99 6a 58 fa a8 8a 64 58 6b f2 3c 69 59 0d e8 22 26 3b e7 5f d8 36 84 72 40
7f 46 0a 1d 60 6d fb 7a e6 b1 22 e7 a0 9d a4 cc 92 55 dc 82 99 c4 8f 8c 14 5c d6 bd 69 89 62 e7 ed c2 34 eb e5 92 31 35 1e ef
15 b4 be db f1 66 2d 0f f4 56 22 a4 cf 75 0e 41 cd c6 32 a1 e0 8d 76 52 cf 3b 08 ab 3a f6 e5 ec 74 c5 8a 8d a3 4b 39 f9 b0 d6
4c 07 2f e9 2d 32 9a 26 3f 67 62 be ad 32 31 65 92 b5 01 2d 28 c4 27 9a 9a 1f 82 07 17 29 e7 05 9d d7 f7 b9 5b 94 33 c4 68 4c
07 a2 12 17 ae 83 34 59 00 f1 f4 cb 1c 7a 77 05 27 20 60 fb 35 e1 89 1a 6d 33 43 2d 52 ed db 0b 8c ee 91 81 d4 03 ec cc 12 99
12 86 16 8a ce d6 be 48 23 6a 6b c6 e6 88 f6 9d 3a 09 3d d4 89 1f 1a d4 aa 62 c3 60 49 71 3a 7b b1 35 fd da 66 61 a0 5a 93 f8
c1 6f
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53 PRK (32 octets): 57 c1 5d 7b 9d 44 1b 3d 40 a9 c6 ea 8a 3d 73 0e
dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1 07 b3 a1 ea 7a 33 39 ed 70 70 b9 a7 4a 3f 4f 28
hash (32 octets): 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e hash (32 octets): 51 77 a2 9a f5 a1 7f 9b 49 33 e4 31 85 1d 12 83
7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7 45 36 6c 17 20 d3 8f 8f 04 65 ee ea e6 74 03 72
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 61 66 66 69 63 20 51 77 a2 9a f5 a1 7f 9b 49 33 e4 31 85 1d 12
0e 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7 83 45 36 6c 17 20 d3 8f 8f 04 65 ee ea e6 74 03 72
output (32 octets): e6 47 85 57 d7 f3 3b b2 77 01 be 74 7f 2f bf expanded (32 octets): 73 c2 e8 90 fa 8d 06 72 58 d6 d5 0f a9 2f
00 72 e4 91 4f 96 7a 8a b7 20 c9 36 7f f6 61 49 2a e4 56 b0 98 cf 00 d9 72 7e ed 91 e8 89 2e f4 e6 f8 60
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53 PRK (32 octets): 57 c1 5d 7b 9d 44 1b 3d 40 a9 c6 ea 8a 3d 73 0e
dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1 07 b3 a1 ea 7a 33 39 ed 70 70 b9 a7 4a 3f 4f 28
hash (32 octets): 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e hash (32 octets): 51 77 a2 9a f5 a1 7f 9b 49 33 e4 31 85 1d 12 83
7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7 45 36 6c 17 20 d3 8f 8f 04 65 ee ea e6 74 03 72
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 61 66 66 69 63 20 51 77 a2 9a f5 a1 7f 9b 49 33 e4 31 85 1d 12
0e 7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7 83 45 36 6c 17 20 d3 8f 8f 04 65 ee ea e6 74 03 72
output (32 octets): 2e 5d c3 82 75 26 7f 49 ae bd 06 3b 4c 22 70 expanded (32 octets): c4 9a 91 fa f5 7f 8c 54 5d 50 48 a0 15 bf
5d 41 7f 79 b0 4e 63 7c 93 d3 e3 2a 7d 54 6e 2e b3 84 9f f6 39 42 e4 a7 ed cd 31 9f 8b 43 8a 97 c5 2e 21
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53 PRK (32 octets): 57 c1 5d 7b 9d 44 1b 3d 40 a9 c6 ea 8a 3d 73 0e
dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1 07 b3 a1 ea 7a 33 39 ed 70 70 b9 a7 4a 3f 4f 28
hash (32 octets): 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e hash (32 octets): 51 77 a2 9a f5 a1 7f 9b 49 33 e4 31 85 1d 12 83
7f f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7 45 36 6c 17 20 d3 8f 8f 04 65 ee ea e6 74 03 72
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 95 7f 54 ae 99 e3 22 ae 51 0d 51 4d 30 73 1b 0e 7f 74 65 72 20 51 77 a2 9a f5 a1 7f 9b 49 33 e4 31 85 1d 12 83 45
f1 71 0f 69 0a 0b 0c 28 6a 66 0e c4 86 69 d7 36 6c 17 20 d3 8f 8f 04 65 ee ea e6 74 03 72
output (32 octets): c5 10 a7 cd 37 4a 95 c4 47 ba 18 53 71 7b a6 expanded (32 octets): 05 2e 39 79 5e 5f 2b e6 e4 e0 97 4c fd d8
02 25 11 6c 89 2f 2b 62 86 26 28 a5 72 df 54 68 92 6c 6a 7a fe 3e 57 e5 58 98 10 a3 cc cf 64 29 58 be b2
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 2e 5d c3 82 75 26 7f 49 ae bd 06 3b 4c 22 70 5d PRK (32 octets): c4 9a 91 fa f5 7f 8c 54 5d 50 48 a0 15 bf 84 9f
41 7f 79 b0 4e 63 7c 93 d3 e3 2a 7d 54 6e 2e b3 f6 39 42 e4 a7 ed cd 31 9f 8b 43 8a 97 c5 2e 21
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 3f d4 15 17 e6 ab 77 a2 e8 2d 51 f0 34 fc
8c 21 key expanded (16 octets): 88 b3 12 3d de ca df 8c 1b a2 98 e2 c1
81 76 b0
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 8f 51 67 7a 4e 55 3e ce e0 2c c3 48 iv expanded (12 octets): 4e 09 78 51 3f 9d e8 32 7c 08 e4 f3
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 23 03 a8 1a 55 a9 e2 92 d3 23 cd c8 9a b2 dd a1 PRK (32 octets): ce c7 a3 0c 68 72 07 0f 22 a7 ee b0 65 76 8d b6
63 40 f8 4f d9 dd 99 5c 72 50 c3 3e d3 82 b2 db 7c 45 e2 95 33 db 87 99 08 ce 6d c6 6f 59 11 de
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 2f b3 45 4b aa 32 08 04 f1 46 3b 6d 86 9e key expanded (16 octets): 91 69 48 f7 28 d9 82 3f a4 1a 00 4d 08
5c 6e 3f 21 7f
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 8d 74 fa ab ae 3d cf 20 6d 04 dc f8 iv expanded (12 octets): 64 15 3d 79 ba c9 ea 10 ca 5a 0a 88
{client} extract secret "early":
salt: (absent)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c {client} extract secret "early" (same as server early secret)
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): b2 0d 9a cb a0 e0 38 1d 9f f5 1e 9d 7c b8 ba 18
a9 ba 63 7e e5 93 08 13 da 7f f8 62 e6 62 44 45
secret (32 octets): ba c8 e6 23 e4 82 31 e5 f0 96 4f fc 3b f3 5a {client} extract secret "handshake" (same as server handshake
e4 bc 65 59 1a 9e 1a cf f3 6d 18 3f d6 0a 26 bc e6 secret)
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server master secret)
{client} derive read traffic keys for handshake data:
PRK (32 octets): e9 9c 61 c4 f3 08 86 7b f9 7f 1d 30 56 ff 11 35
ad 33 f5 44 b5 c2 c6 79 9c a2 c7 bd d8 bb 56 d5
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 61 a2 08 f9 c7 7f 35 96 9e 7f 1e 0e a2 75
4c 92
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 08 a7 d2 9a d2 4b bf 51 1e a2 dd 45 {client} derive read traffic keys for handshake data (same as server
handshake data write traffic keys)
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server handshake data read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server application data write traffic keys)
{client} send a Certificate handshake message {client} construct a Certificate handshake message
Certificate (451 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82
01 b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06
63 6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35
39 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f
30 0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06
09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81
81 00 c3 81 75 e0 04 a6 8d 09 3f 82 3b 9c 37 9d 20 1f bc 0b b7
a1 c7 91 90 5e 3f bf 76 84 7e 44 e7 51 eb bc d3 60 bd 94 5c 81
e5 22 2b cc 88 46 d3 a8 a0 f9 3e 9b f5 be ba bd 92 ed f1 de 1f
f1 90 21 70 3e 7a b6 c0 90 15 13 f9 7e 39 b1 11 f0 9c 93 48 97
1c 7b 21 19 84 a7 54 cd 45 fe 09 5a f0 ea 42 36 82 9b cc f7 a7
fe 9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7
e0 28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04
02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a
86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0
22 af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91
6d c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80
be 2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e
f0 c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2
17 bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac
0f 78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00
{client} construct a CertificateVerify handshake message
CertificateVerify (136 octets): 0f 00 00 84 08 04 00 80 18 6b 22
23 b5 03 a7 59 c3 5d ba 0e 97 21 b4 b5 79 13 8d 5f 0f 5e 6e c7
fe aa f2 7f 3a d7 f3 86 c2 c7 bd 7c b2 be 52 fb f5 ed 83 93 f4
06 ee 79 36 96 92 ec 7a c6 95 65 1d 85 82 19 e6 72 a8 eb 7b 2a
67 7b 64 0b 46 ab 63 0e dc 5f 3f 2f 82 72 b9 c0 d9 06 f8 1f 84
dd c5 b8 c7 bc f9 55 c7 8a 3c f9 9e 50 16 f7 3e 04 eb 7d fc b2
88 33 f1 3e 8f 75 ec 2f f3 58 1e 2f 09 8a d4 15 7f d6 d6 ad
{client} send a CertificateVerify handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 23 03 a8 1a 55 a9 e2 92 d3 23 cd c8 9a b2 dd a1 PRK (32 octets): ce c7 a3 0c 68 72 07 0f 22 a7 ee b0 65 76 8d b6
63 40 f8 4f d9 dd 99 5c 72 50 c3 3e d3 82 b2 db 7c 45 e2 95 33 db 87 99 08 ce 6d c6 6f 59 11 de
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 9e 53 42 bd 39 7f ac 99 c3 40 bd 4a 58 0f 63 expanded (32 octets): 4f dd d7 6b bc b8 e3 0c 72 61 b1 db 40 1b
20 49 8a 4f 63 6a 61 da 92 7a a2 ef 20 75 e9 74 86 b1 36 ed 39 bc e6 a4 81 5a 21 24 47 6e 27 e6 cb cb f6
{client} send a Finished handshake message finished (32 octets): 9a fe 2b a2 f6 3a 09 d2 29 d8 a4 29 e5 b3
7f fd 9f cc 73 bd b5 91 1b 82 42 59 72 aa 28 92 44 0f
{client} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 9a fe 2b a2 f6 3a 09 d2 29 d8
a4 29 e5 b3 7f fd 9f cc 73 bd b5 91 1b 82 42 59 72 aa 28 92 44
0f
{client} send handshake record: {client} send handshake record:
payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01 payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01
b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86
f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63 f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63
6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39
5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30 5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30
0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09 0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09
2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81
skipping to change at page 47, line 43 skipping to change at page 53, line 12
9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0 9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0
28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02
30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86
48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22
af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d
c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be
2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0 2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0
c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17 c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17
bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f
78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84 78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84
08 04 00 80 bc cd 87 0a 6d 51 75 ab 6a 97 3f 99 0f 44 33 b9 f4 08 04 00 80 18 6b 22 23 b5 03 a7 59 c3 5d ba 0e 97 21 b4 b5 79
ed ea 6a a9 4c e5 c4 a9 0a 07 0f eb b8 9e 1c f5 24 62 d6 a0 5e 13 8d 5f 0f 5e 6e c7 fe aa f2 7f 3a d7 f3 86 c2 c7 bd 7c b2 be
62 1b 81 96 24 eb 9b f7 57 3a 08 bb 75 3d 4a 19 43 34 59 62 19 52 fb f5 ed 83 93 f4 06 ee 79 36 96 92 ec 7a c6 95 65 1d 85 82
68 75 04 54 05 6f 3d 7c e1 22 7f c2 9e 12 31 36 3e 4e ed 5f e0 19 e6 72 a8 eb 7b 2a 67 7b 64 0b 46 ab 63 0e dc 5f 3f 2f 82 72
f4 93 83 7e f6 fe 4a 63 19 52 0b 63 9a ff e7 75 ae 41 76 bb bf b9 c0 d9 06 f8 1f 84 dd c5 b8 c7 bc f9 55 c7 8a 3c f9 9e 50 16
69 13 b3 a1 a6 77 a0 35 6f 3c 0f 95 3d 35 77 fb 53 76 13 eb af f7 3e 04 eb 7d fc b2 88 33 f1 3e 8f 75 ec 2f f3 58 1e 2f 09 8a
84 8e 6a ee b2 1e 14 00 00 20 97 96 f8 14 93 a1 49 f5 37 f9 9b d4 15 7f d6 d6 ad 14 00 00 20 9a fe 2b a2 f6 3a 09 d2 29 d8 a4
3c 4c f8 55 a0 88 5c 64 10 ff a1 db 0e 25 f3 43 a5 ff b5 1d 60 29 e5 b3 7f fd 9f cc 73 bd b5 91 1b 82 42 59 72 aa 28 92 44 0f
ciphertext (645 octets): 17 03 03 02 80 38 0f e4 54 42 85 14 4f complete record (645 octets): 17 03 03 02 80 b4 6a 63 93 4e 67 38
66 58 7c 3f ee 90 97 e2 e5 f4 cf ad 97 31 dc 59 62 36 7e 0f 73 41 ab af 26 74 03 bc 67 7f 6b 6d 2a 1e 2f 12 bb 5f 62 68 3b fe
ea a8 c3 16 51 cf fc da 0c 7f 2a 85 d7 46 36 85 7e 61 91 9e 7a 36 a8 26 73 f0 6d 62 87 dd d6 09 bc f2 f5 fd 32 25 92 3d 24 af
3e 1a dd 24 b1 d0 8f 37 35 04 36 f5 d2 96 78 43 6f 6a df 4e 4e 3c 76 68 2c 18 0e e5 71 a1 7c a4 bf be 2f 51 0d c9 a0 e1 fc a5
46 f9 fb 0c 79 da 40 cb 43 dd 82 50 a5 fa bc 61 cd b3 9a 4c 3d cf f2 ce e8 7d 11 cb 53 1a 6e f9 0b f5 30 9a 6b 63 bb bc 0b 88
31 59 6c e3 1b 4c a9 4c 77 16 f6 f8 0d 09 26 80 d6 ce bf e5 c5 ea 45 10 3a 43 04 09 15 43 85 9f a1 1e c0 32 ed 87 34 44 cd 51
cc 0e 51 15 ff 10 a6 80 1d 82 07 f4 ec ea a8 82 02 e1 bd 55 ab 85 ea d5 f6 a7 64 20 f0 f0 28 6a ce f8 02 c8 e4 78 8c 23 27 5f
b0 ec aa 4f 0e 41 af 70 54 e0 ff df 76 4a 84 cd 01 be a2 0f d7 1b 06 da 60 0f 4a 7d ec d0 bc 59 d7 be f1 0e 64 9a e3 26 90 39
b4 91 e5 c1 20 d9 93 31 4c bd 43 55 65 25 3f b2 4b 6e 67 85 ea 7f c3 d4 ed 6f 30 f8 01 d8 cd 56 9b 71 ad 4f a0 5e a7 cf 2a c2
79 8f 86 2c fe 0d 01 de 13 d5 f0 d8 f3 f8 d2 75 5c 1b 4d 46 d1 df a1 50 d2 20 50 5d 40 11 b3 4d 09 d5 38 53 eb a6 1a 10 1e 4f
d6 a3 b2 43 ea 8b 45 12 51 2e aa 64 27 3a 84 36 3c cc 93 69 a5 8d ca 47 d8 17 1a 88 4b 19 25 9a 3d d4 8c 5a c1 41 98 3e dc 77
3a 0b 60 09 d4 47 23 a8 f5 aa 9d 8b c9 37 1f b0 da dc 45 16 fc 81 4d 25 e7 f6 6b bb db 90 96 83 92 66 e0 65 61 82 8e cf b2 7e
9f 84 2d 2e 3d 89 15 39 3d 2b fa db 11 82 0f 74 2d 94 6a 2a fa af d4 e9 e8 1a 0b 96 e3 bf a4 2d ae 5a d8 03 59 b9 a6 66 14 02
01 4f df d7 da 08 1b 86 26 7c 3c 62 95 7e 91 83 13 3e d8 7f fe c3 a2 10 41 77 03 01 06 db d8 f6 5b b6 a0 15 9d 51 2e b1 3a f2
9e 88 3e 7b 69 8e f9 09 30 ad 93 b4 e6 b3 72 bd ca 6d 77 e1 ed 2a 25 9f 31 3b d5 8c 2e 21 fe 05 3d 57 f2 a9 62 b0 a4 ea 68 2c
20 71 40 2b eb d8 3f 4b 74 94 a8 02 df f2 ab d1 84 d8 c3 9e 6f 96 f7 0b 79 b5 60 13 61 92 82 3b 27 be 6a 2f b7 b1 c7 51 cc c0
c6 4a 94 85 a3 18 f6 8b cb a3 7d 9a f9 8b 61 e7 b5 4b 2a 48 71 e3 30 36 15 54 14 85 b7 b3 07 b4 23 33 2c 11 ef a8 0b 72 f9 b8
9d 41 41 9e 5b b7 03 98 49 3a e4 a4 7f 45 f1 61 22 53 15 4d da 0a 53 e5 3f 7b b3 8a 3a f4 c5 9f 80 08 ba d0 54 4e 56 14 e6 88
bd b8 c6 a3 f7 1d d6 93 69 bd fe a1 af 5c b6 35 d1 8b 97 38 24 ff 57 bc cd 69 35 f8 1f 44 7f 42 0c 1c 1b f4 05 88 18 e9 0b f5
8b cb 9c fc 61 08 e0 90 2b 86 f6 26 03 19 43 15 ae 51 d3 ac b1 dc 71 6c ca e4 25 24 85 6d f8 25 0b cd bd 7a f6 5f 82 dd 53 06
2d 06 b7 d9 86 14 bf 8e 93 f2 d4 d4 a5 6f e8 2d 09 12 e1 57 bc 1d 02 4f 6d 2f f5 c1 1e 37 92 a9 a7 0e 0e e2 a3 c2 0a 1b 96 8a
c5 28 7b 5f 1e f9 a9 db d8 a0 80 19 5f 6b 15 5a f9 16 7c ca 41 c3 91 f8 f9 28 31 13 5d 25 24 2a da 2f e2 41 c2 65 3e c9 96 33
45 35 4c 03 19 51 ab e3 73 4a 49 84 01 37 70 64 a0 d0 08 76 4d 9d fa 12 df ae 7a 33 73 df 88 b0 7c a2 7a ef 6d c2 66 a2 5f 13
75 9f d1 c8 ea 7b d3 6b ec a2 23 e4 86 fc e9 89 9c de fe a6 95 f7 5c 76 03 9c 1f 46 fd 7a 53 ae 63 99 c9 99 f4 b2 ae e1 8e 48
ba 7d da f2 3f 80 6b 09 ff ef 81 47 87 c7 71 ba 60 90 08 13 4d 0d 6d 12 bf ae 22 6b bd c9 2a 6a d5 0b 4d 3b ac 7a bc 3b 36 51
d4 51 1e 26 5f 78 b6 25 91 74 76 42 7b ed b7 9a 50 c3 b7 58 01 eb 5b e5 6f 33 bf 41 12 7b 3c a8 86 dc 71 4a 50 d1 49 03 57 bd
07 5d 13 3f 2e 07 15 e7 1f c0 07 89 eb dc ce f6 b8 cd f2 5d a4 40 d9 fd 6b e4 22 09 a4 dd b9 eb b2 98 7e 29 f1 20 f0 58 14 61
19 bc 00 28 74 4a 75 ba ab 09 25 4a 2b b2 19 81 d1 15 64 64 22 4d 2c 79 32 00 15 b4 61 fe 73 24 44 76 70 a1 af 5f 65 ca ed 15
98 4f 79 eb c7 0a f1 39 0a b1 a2 ac 38 5c 6a d1 28 fd 9d e3 bf b4 74 ab 7f aa 49 50 16 ad f8 08 e5 3b 94 ef 54 af bb 0e 0a 3a
7d be e6 0f 7f e6 d0 09 e7 ce d6 8b d3 7a 06 fd db 83 5f 8e 56 27 32 ab 59 7f 7d 59 23 c7 73 86 aa 51 24 73 1f 8c c7 3e 70 3b
fc eb 59 4f 74 8a 1d a1 e7 7b ea 51 fb 3e 40 b7 b4 70 12 89 ef 34 1c 17 5a 45 49 39 a7 7a b6 43 13 c1 5c f3 fe 03 c4 f3 38 42
7b 37 56 49 76
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): e6 47 85 57 d7 f3 3b b2 77 01 be 74 7f 2f bf 00 PRK (32 octets): 73 c2 e8 90 fa 8d 06 72 58 d6 d5 0f a9 2f e4 56
72 e4 91 4f 96 7a 8a b7 20 c9 36 7f f6 61 49 2a b0 98 cf 00 d9 72 7e ed 91 e8 89 2e f4 e6 f8 60
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): db 34 ce df e4 fc db 0e d7 00 41 8f dd 96 key expanded (16 octets): cd c0 9c 80 6a a8 f8 6d fc d5 1e fc 44
b2 c7 a0 c0 39
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): e1 7e 53 1a ba 3c fa 7f 0f ec 8b f5 iv expanded (12 octets): 6e f8 52 e7 8b 46 d9 13 66 8e 53 e7
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 7a 50 b7 21 1f a2 3c 29 37 31 72 ad f8 50 39 53 PRK (32 octets): 57 c1 5d 7b 9d 44 1b 3d 40 a9 c6 ea 8a 3d 73 0e
dc 76 53 af 95 0b 6b 61 9b 42 ce 1c a9 38 22 f1 07 b3 a1 ea 7a 33 39 ed 70 70 b9 a7 4a 3f 4f 28
hash (32 octets): 41 bf 98 c7 24 79 cf cf 1d 49 9d c2 d6 a8 44 c1 hash (32 octets): 39 1d 00 4b d8 4c 83 1b 15 82 44 44 14 b4 dc 80
7f 49 1e b9 a0 78 21 08 78 b5 5a e5 26 29 94 60 64 01 0e cc 76 f3 7f 88 bf eb 1e 88 fe 13 5c 25
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 41 bf 98 c7 24 79 cf cf 1d 49 9d c2 d6 a8 44 c1 7f 74 65 72 20 39 1d 00 4b d8 4c 83 1b 15 82 44 44 14 b4 dc 80 64
49 1e b9 a0 78 21 08 78 b5 5a e5 26 29 94 60 01 0e cc 76 f3 7f 88 bf eb 1e 88 fe 13 5c 25
output (32 octets): c4 11 50 3f ea fa f0 d7 0a 77 c6 81 3d b0 42 expanded (32 octets): 10 06 dc cb f4 0e b4 eb 97 8b ff 03 92 a9
4e f5 f4 ce f4 b5 e2 4d b7 65 f8 79 d3 7f c5 b6 af e4 52 a4 fb ad 58 aa 14 78 4d 5a 24 1c 6b 49 da cc fb
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client application data write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 d1 3c 7f 7d 16 11 b4 09 df complete record (24 octets): 17 03 03 00 13 e4 ad 7d 44 c2 92 45
45 77 ca 2b e5 a8 a2 8f 33 30 33 9d 35 59 62 c7 79 b8 9e f4 4c 58
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 37 bb 98 68 73 81 3c 79 25 complete record (24 octets): 17 03 03 00 13 1d ec c5 d6 e6 4b ba
aa 29 51 e1 21 b0 58 57 f7 8f 8a 6f 21 b4 fd 07 74 97 da 2a 90 cb
7. Compatibility Mode 7. Compatibility Mode
This example shows use of the handshake with the client requesting This example shows use of the handshake with the client requesting
that the server use compatibility mode as defined in Appendix D.4 of that the server use compatibility mode as defined in Appendix D.4 of
[TLS13]. [TLS13].
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): ea e2 7f 11 4d a0 68 f8 b3 47 2e 62 88 private key (32 octets): de a0 0b 45 69 5d c7 81 f1 9d 34 a6 2c
00 e8 b9 c2 58 13 58 13 6e bb e7 74 38 cb 4f 4b e2 d1 b4 1a fd 31 ab 43 69 af 1e 85 5a 3b bb 25 8d 84 42 cd e6 d7
public key (32 octets): d5 15 42 62 5f 25 a9 2d 44 a3 aa de f5 9c public key (32 octets): 8e 72 92 cf 30 56 db b0 d2 5f cb e5 5c 10
a8 49 ad 2f 8e fa 9f 04 b8 f5 da b4 02 ac bc 57 1f 16 7d c9 bb f8 3d d9 70 8f 39 20 3b a3 41 24 9a 7d 9b 63
{client} send a ClientHello handshake message {client} construct a ClientHello handshake message
ClientHello (224 octets): 01 00 00 dc 03 03 4e 64 0a 3f 2c 27 38
f0 9c 94 18 bd 78 ed cc d7 55 9d 05 31 19 92 76 d4 d9 2a 0e 9e
e9 d7 7d 09 20 a8 0c 16 55 81 a8 e0 d0 6c 00 18 d5 4d 3a 06 dd
32 cf d4 05 1e b0 26 fa d3 fd 0b a9 92 69 e6 ef 00 06 13 01 13
03 13 02 01 00 00 8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65
72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01
00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 8e 72
92 cf 30 56 db b0 d2 5f cb e5 5c 10 7d c9 bb f8 3d d9 70 8f 39
20 3b a3 41 24 9a 7d 9b 63 00 2b 00 03 02 03 04 00 0d 00 20 00
1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01
02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40
01
{client} send handshake record: {client} send handshake record:
payload (224 octets): 01 00 00 dc 03 03 37 b0 76 d2 fa 50 94 39 payload (224 octets): 01 00 00 dc 03 03 4e 64 0a 3f 2c 27 38 f0
5e 99 71 d7 53 c3 c4 cf 07 56 b9 40 70 13 cb ca c7 f4 4a c3 28 9c 94 18 bd 78 ed cc d7 55 9d 05 31 19 92 76 d4 d9 2a 0e 9e e9
13 f6 0f 20 91 41 b7 89 83 d3 67 a0 fe 97 08 df 32 f5 b9 88 8f d7 7d 09 20 a8 0c 16 55 81 a8 e0 d0 6c 00 18 d5 4d 3a 06 dd 32
e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe 00 06 13 01 13 03 cf d4 05 1e b0 26 fa d3 fd 0b a9 92 69 e6 ef 00 06 13 01 13 03
13 02 01 00 00 8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 13 02 01 00 00 8d 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72
ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00
01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 d5 15 42 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 1d 00 20 8e 72 92
62 5f 25 a9 2d 44 a3 aa de f5 9c a8 49 ad 2f 8e fa 9f 04 b8 f5 cf 30 56 db b0 d2 5f cb e5 5c 10 7d c9 bb f8 3d d9 70 8f 39 20
da b4 02 ac bc 57 1f 16 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 3b a3 41 24 9a 7d 9b 63 00 2b 00 03 02 03 04 00 0d 00 20 00 1e
04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02
01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01
ciphertext (229 octets): 16 03 01 00 e0 01 00 00 dc 03 03 37 b0 complete record (229 octets): 16 03 01 00 e0 01 00 00 dc 03 03 4e
76 d2 fa 50 94 39 5e 99 71 d7 53 c3 c4 cf 07 56 b9 40 70 13 cb 64 0a 3f 2c 27 38 f0 9c 94 18 bd 78 ed cc d7 55 9d 05 31 19 92
ca c7 f4 4a c3 28 13 f6 0f 20 91 41 b7 89 83 d3 67 a0 fe 97 08 76 d4 d9 2a 0e 9e e9 d7 7d 09 20 a8 0c 16 55 81 a8 e0 d0 6c 00
df 32 f5 b9 88 8f e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe 18 d5 4d 3a 06 dd 32 cf d4 05 1e b0 26 fa d3 fd 0b a9 92 69 e6
00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b 00 09 00 00 06 ef 00 06 13 01 13 03 13 02 01 00 00 8d 00 00 00 0b 00 09 00 00
73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00 17 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12 00 1d 00
00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00 26 00 24
1d 00 20 d5 15 42 62 5f 25 a9 2d 44 a3 aa de f5 9c a8 49 ad 2f 00 1d 00 20 8e 72 92 cf 30 56 db b0 d2 5f cb e5 5c 10 7d c9 bb
8e fa 9f 04 b8 f5 da b4 02 ac bc 57 1f 16 00 2b 00 03 02 03 04 f8 3d d9 70 8f 39 20 3b a3 41 24 9a 7d 9b 63 00 2b 00 03 02 03
00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06
01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01
00 1c 00 02 40 01 01 00 1c 00 02 40 01
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: 0 (all zero octets)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 6f fc 0f 52 08 bb f6 73 4b 5f 95 23 7d private key (32 octets): 01 7c 38 a3 64 79 21 ca 2d 9e d6 bd 7a
3d 48 0a 08 fc e9 89 e6 1c 2f 4d 71 6b 5b e4 4d 66 90 7e e7 13 2b 94 21 1b 13 31 bb 20 8c 8c cd d5 15 56 40 99 95
public key (32 octets): ab 16 0e 03 51 0f a0 3f d5 bd 6e 7a 94 f4 public key (32 octets): 3e 30 f0 f4 ba 55 1a fd 62 76 83 41 17 5f
00 31 16 35 cd 69 87 2e a6 e4 8a 08 71 5e e3 f0 24 2e 52 65 e4 da f0 c8 84 16 17 aa 4f af dd 21 42 32 0c 22
{server} construct a ServerHello handshake message
ServerHello (122 octets): 02 00 00 76 03 03 e5 dd 59 48 c4 35 f7
a3 8f 0f 01 30 70 8d c3 22 d9 df 09 ab d4 83 81 17 c1 83 a7 bb
6d 99 4f 2c 20 a8 0c 16 55 81 a8 e0 d0 6c 00 18 d5 4d 3a 06 dd
32 cf d4 05 1e b0 26 fa d3 fd 0b a9 92 69 e6 ef 13 01 00 00 2e
00 33 00 24 00 1d 00 20 3e 30 f0 f4 ba 55 1a fd 62 76 83 41 17
5f 52 65 e4 da f0 c8 84 16 17 aa 4f af dd 21 42 32 0c 22 00 2b
00 02 03 04
{server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (122 octets): 02 00 00 76 03 03 32 a4 2f 56 c8 b8 59 cc payload (122 octets): 02 00 00 76 03 03 e5 dd 59 48 c4 35 f7 a3
5d 80 f2 7f 48 d0 f2 96 d3 a5 bb 8e 05 28 08 11 14 de 8c e3 84 8f 0f 01 30 70 8d c3 22 d9 df 09 ab d4 83 81 17 c1 83 a7 bb 6d
d7 e0 df 20 91 41 b7 89 83 d3 67 a0 fe 97 08 df 32 f5 b9 88 8f 99 4f 2c 20 a8 0c 16 55 81 a8 e0 d0 6c 00 18 d5 4d 3a 06 dd 32
e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe 13 01 00 00 2e 00 cf d4 05 1e b0 26 fa d3 fd 0b a9 92 69 e6 ef 13 01 00 00 2e 00
33 00 24 00 1d 00 20 ab 16 0e 03 51 0f a0 3f d5 bd 6e 7a 94 f4 33 00 24 00 1d 00 20 3e 30 f0 f4 ba 55 1a fd 62 76 83 41 17 5f
00 31 16 35 cd 69 87 2e a6 e4 8a 08 71 5e e3 f0 24 2e 00 2b 00 52 65 e4 da f0 c8 84 16 17 aa 4f af dd 21 42 32 0c 22 00 2b 00
02 03 04 02 03 04
ciphertext (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 32 a4 complete record (127 octets): 16 03 03 00 7a 02 00 00 76 03 03 e5
2f 56 c8 b8 59 cc 5d 80 f2 7f 48 d0 f2 96 d3 a5 bb 8e 05 28 08 dd 59 48 c4 35 f7 a3 8f 0f 01 30 70 8d c3 22 d9 df 09 ab d4 83
11 14 de 8c e3 84 d7 e0 df 20 91 41 b7 89 83 d3 67 a0 fe 97 08 81 17 c1 83 a7 bb 6d 99 4f 2c 20 a8 0c 16 55 81 a8 e0 d0 6c 00
df 32 f5 b9 88 8f e5 9e de 4e 61 2c f6 bd b1 fb be e6 f9 ef fe 18 d5 4d 3a 06 dd 32 cf d4 05 1e b0 26 fa d3 fd 0b a9 92 69 e6
13 01 00 00 2e 00 33 00 24 00 1d 00 20 ab 16 0e 03 51 0f a0 3f ef 13 01 00 00 2e 00 33 00 24 00 1d 00 20 3e 30 f0 f4 ba 55 1a
d5 bd 6e 7a 94 f4 00 31 16 35 cd 69 87 2e a6 e4 8a 08 71 5e e3 fd 62 76 83 41 17 5f 52 65 e4 da f0 c8 84 16 17 aa 4f af dd 21
f0 24 2e 00 2b 00 02 03 04 42 32 0c 22 00 2b 00 02 03 04
{server} send change_cipher_spec record: {server} send change_cipher_spec record:
payload (1 octets): 01 payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01 complete record (6 octets): 14 03 03 00 01 01
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): d6 ee 52 33 ce 08 89 3e a5 eb d5 0f 0d 8a 25 bf IKM (32 octets): ee f7 90 55 90 77 db 5b b6 3b 66 84 e4 16 9f 05
ed 5f fd 57 82 32 31 19 46 91 bd 89 2b 8f 9a 50 1e 8f b3 4c e5 9b af ce 2f 9c 8e e6 8c c4 eb 79
secret (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad secret (32 octets): f9 17 61 35 4a 67 e9 b0 7c 6d cc 3a 55 70 7e
48 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3 fa 69 c4 51 9d 80 40 e5 f2 15 12 1e 0d f6 9a fa 4a
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad 48 PRK (32 octets): f9 17 61 35 4a 67 e9 b0 7c 6d cc 3a 55 70 7e fa
a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3 69 c4 51 9d 80 40 e5 f2 15 12 1e 0d f6 9a fa 4a
hash (32 octets): ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd da hash (32 octets): 74 5c 55 ba c3 99 31 0b 7b 5a 7c 81 a2 c1 30 b4
17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b d5 6d ff 6f 68 c3 ab 47 78 57 60 1e 01 f1 f8 d1
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd 61 66 66 69 63 20 74 5c 55 ba c3 99 31 0b 7b 5a 7c 81 a2 c1 30
da 17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b b4 d5 6d ff 6f 68 c3 ab 47 78 57 60 1e 01 f1 f8 d1
output (32 octets): 1b 92 72 16 81 91 bc c8 5e 46 45 96 e1 0b 79 expanded (32 octets): 2c 3c b2 4a 10 81 ed b5 95 18 ee 68 61 e8
b8 09 a4 f6 36 02 e4 ad a5 b4 f2 c9 c0 b2 4d 27 37 9a 6b 72 b3 80 1a fe 77 13 e4 cb bc 21 c0 79 5b f8 31
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad 48 PRK (32 octets): f9 17 61 35 4a 67 e9 b0 7c 6d cc 3a 55 70 7e fa
a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3 69 c4 51 9d 80 40 e5 f2 15 12 1e 0d f6 9a fa 4a
hash (32 octets): ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd da hash (32 octets): 74 5c 55 ba c3 99 31 0b 7b 5a 7c 81 a2 c1 30 b4
17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b d5 6d ff 6f 68 c3 ab 47 78 57 60 1e 01 f1 f8 d1
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 ef ee 6c 01 8a 0f a3 ac 4c 61 ac 11 9c c8 fd 61 66 66 69 63 20 74 5c 55 ba c3 99 31 0b 7b 5a 7c 81 a2 c1 30
da 17 5e b8 c4 bd 4d 11 98 53 59 ca 1a f3 33 87 0b b4 d5 6d ff 6f 68 c3 ab 47 78 57 60 1e 01 f1 f8 d1
output (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d expanded (32 octets): ca ce 3d 55 5c c1 c5 77 cf 97 0c ff 28 cf
5e ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33 97 8d 6a 98 00 08 54 42 e1 8d 69 5b 50 f3 15 1d 18 c8
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad 48 PRK (32 octets): f9 17 61 35 4a 67 e9 b0 7c 6d cc 3a 55 70 7e fa
a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3 69 c4 51 9d 80 40 e5 f2 15 12 1e 0d f6 9a fa 4a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): ef 79 6e a9 37 7c f8 94 b0 52 52 2b 22 9f cd expanded (32 octets): 5d a1 2d c4 78 35 ba 73 fd d9 94 b1 4a b7
70 a1 d7 c3 a3 2d ca 6c f5 1d 62 95 04 ef 1e e1 25 e6 3c c6 3f 0d 79 16 2f 67 56 e9 a4 67 56 c8 b2 b6 42
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): ef 79 6e a9 37 7c f8 94 b0 52 52 2b 22 9f cd 70 salt (32 octets): 5d a1 2d c4 78 35 ba 73 fd d9 94 b1 4a b7 e6 3c
a1 d7 c3 a3 2d ca 6c f5 1d 62 95 04 ef 1e e1 25 c6 3f 0d 79 16 2f 67 56 e9 a4 67 56 c8 b2 b6 42
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c secret (32 octets): 62 81 12 da e2 f7 02 48 80 63 e4 2d e6 c8 50
a3 7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19 a5 c0 82 0b 90 90 3e 00 ab c3 18 75 da 03 d4 bc 5b
{server} derive write traffic keys for handshake data: {server} derive write traffic keys for handshake data:
PRK (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d 5e PRK (32 octets): ca ce 3d 55 5c c1 c5 77 cf 97 0c ff 28 cf 97 8d
ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33 6a 98 00 08 54 42 e1 8d 69 5b 50 f3 15 1d 18 c8
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 7d cd 41 e1 40 51 3f be 6a f5 22 a4 da 7f key expanded (16 octets): 04 10 91 fd ab 29 f2 c8 ab fb 15 6d c5
57 5b fc 8d 54
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 77 ee 98 da ae 5c 82 24 7d 30 40 7f iv expanded (12 octets): 74 64 d7 91 68 5d e0 59 98 fc ba db
{server} send a EncryptedExtensions handshake message {server} construct a EncryptedExtensions handshake message
{server} send a Certificate handshake message EncryptedExtensions (40 octets): 08 00 00 24 00 22 00 0a 00 14 00
12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c
00 02 40 01 00 00 00 00
{server} send a CertificateVerify handshake message {server} construct a Certificate handshake message
Certificate (445 octets): 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03
72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17
0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06
03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7
0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f
82 79 30 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26
d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c
1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52
4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74
80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93
ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03
01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06
03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a
72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea
e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01
51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be
c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b
1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8
96 12 29 ac 91 87 b4 2b 4d e1 00 00
{server} construct a CertificateVerify handshake message
CertificateVerify (136 octets): 0f 00 00 84 08 04 00 80 a2 30 1a
68 dd 1c ee e6 93 8f e9 d4 0c 46 b9 20 1b 34 d5 99 52 a3 7e 06
52 3a 39 cf 8b a6 c9 c8 b6 8a e9 44 92 af 78 05 16 ed 7b 73 c8
28 12 e9 9d d3 fa be a4 5e 09 d9 c6 84 87 21 c2 80 8c 61 50 1b
0c 75 e7 fc ab a5 f7 8b ef 68 a2 c2 b6 9b 19 55 8b 3e 40 38 7e
ea 93 d2 5c 77 81 c1 cc 00 e9 f5 19 f7 e2 e4 ad b7 3e 76 d6 60
89 00 0a 2d c8 66 c2 ed 30 bb a5 0a 0d 45 7f 19 dc 6e b9 f3
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d 5e PRK (32 octets): ca ce 3d 55 5c c1 c5 77 cf 97 0c ff 28 cf 97 8d
ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33 6a 98 00 08 54 42 e1 8d 69 5b 50 f3 15 1d 18 c8
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): d1 61 e3 34 21 df d7 05 aa 4c c8 bf a6 e4 4d expanded (32 octets): 2c 9f 72 f2 7b 81 e7 df 66 8c ac cd 49 37
42 c8 b2 5b f1 c6 e4 e7 b4 dc c6 cb de a9 c2 a3 a1 1f 12 86 d4 11 e1 6c 8c cc 1c 0d 9a ed 72 cb bd c0 80
{server} send a Finished handshake message finished (32 octets): c8 c3 a8 f1 bf f5 27 40 61 f4 bc 3a 7c af
fb dc 96 16 09 4c a6 25 ca a6 5f 8e 76 ed 46 db 74 d3
{server} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 c8 c3 a8 f1 bf f5 27 40 61 f4
bc 3a 7c af fb dc 96 16 09 4c a6 25 ca a6 5f 8e 76 ed 46 db 74
d3
{server} send handshake record: {server} send handshake record:
payload (657 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d payload (657 octets): 08 00 00 24 00 22 00 0a 00 14 00 12 00 1d
00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 1c 00 02 40
01 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 01 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30
82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d
01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61
30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36
30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04
skipping to change at page 54, line 28 skipping to change at page 61, line 13
0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab
9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01
a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d
0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05
00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17
06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5
8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72
60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63
a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84
e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29
ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 84 d9 e6 bb ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 a2 30 1a 68
5f 60 86 63 13 c5 02 3b 34 5b b6 68 4a 63 6c 67 82 34 01 5d c8 dd 1c ee e6 93 8f e9 d4 0c 46 b9 20 1b 34 d5 99 52 a3 7e 06 52
3b 80 3d 81 30 68 ba 48 03 e2 cc 26 7f f0 86 70 35 d4 b4 46 28 3a 39 cf 8b a6 c9 c8 b6 8a e9 44 92 af 78 05 16 ed 7b 73 c8 28
64 4c 1e fb 90 82 0c 47 ce c2 14 23 98 c3 aa d3 cf 9d a6 2d d4 12 e9 9d d3 fa be a4 5e 09 d9 c6 84 87 21 c2 80 8c 61 50 1b 0c
c5 de 51 ac 82 0c 84 af 40 72 1b dd 67 bc 8b bd db 28 3b 75 14 75 e7 fc ab a5 f7 8b ef 68 a2 c2 b6 9b 19 55 8b 3e 40 38 7e ea
25 62 0c f5 b2 76 f2 32 c2 a0 5e 53 f1 6b 6a d6 cd cd a6 04 da 93 d2 5c 77 81 c1 cc 00 e9 f5 19 f7 e2 e4 ad b7 3e 76 d6 60 89
f9 95 e6 f8 42 4a 1d fd 37 0c 58 d0 f7 b4 60 5f 1a 21 a9 14 00 00 0a 2d c8 66 c2 ed 30 bb a5 0a 0d 45 7f 19 dc 6e b9 f3 14 00
00 20 5b 6a d9 10 bc 48 94 47 7b 48 da 86 11 eb c4 de 20 25 72 00 20 c8 c3 a8 f1 bf f5 27 40 61 f4 bc 3a 7c af fb dc 96 16 09
63 5f 9c 4a ac 81 a4 81 2e 82 bf c2 fd 4c a6 25 ca a6 5f 8e 76 ed 46 db 74 d3
ciphertext (679 octets): 17 03 03 02 a2 28 cc 1b 2f 47 22 95 79 complete record (679 octets): 17 03 03 02 a2 48 de 89 1d 9c 36 24
9f 34 2e 49 90 56 09 07 73 a4 57 20 6f 79 a5 4b b8 ca 78 dc 42 a6 7a 6c 6f 06 01 ab 7a c2 0c 1f 6a 9e 14 d2 e6 00 7e 99 9e 13
e7 54 e1 95 6d dd 1a 78 6e 4c e9 6f 8d a4 12 57 ce 53 17 b7 37 03 67 a8 af 1b cf ea 94 98 fb ce 19 df 45 05 ee ce 3a 25 da 52
60 7a c3 b6 f8 6d 6f 6d 1d 71 06 01 af c5 61 0c d8 fb 16 7c 6a 3c be 55 ea 1b 3b da 4e 91 99 5e 45 5d 50 0a 4f aa 62 27 b7 11
29 99 1e 50 a6 f4 83 7f ff 89 c2 d0 66 58 01 de 54 6e c2 8c bf 1e 1c 85 47 e2 d7 c1 79 db 21 53 03 d2 58 27 f3 cd 18 f4 8f 64
f1 d7 d5 c3 30 b0 60 48 4a 44 0c 54 1c b1 1f 58 88 4a 50 31 dd 91 32 8c f5 c0 f8 14 d3 88 15 0b d9 e9 26 4a ae 49 1d b6 99 50
ae ac ac af ea 6c 34 5a 93 8b 8e ee 6a 57 10 68 05 79 52 a2 60 69 be a1 76 65 d5 e0 c8 17 28 4d 4a c2 18 80 05 4c 36 57 33 1e
f9 e4 d6 51 bc e2 d8 57 1c ec aa da 2d 9b 37 15 60 3f f4 77 dd 23 a9 30 4d c8 8a 15 c0 4e c8 0b d3 85 2b f7 f9 d3 c6 61 5b 15
3c cf bf e6 8f 3c 0c b1 4b 0f c0 60 e6 dc 3b 10 f0 1b 43 8f 22 fa c8 3b bc a0 31 c6 d2 31 0d 9f 5d 7a 4b 02 0a 4f 7c 19 06 2b
12 71 3a 4b 87 fb b1 0d fd 9c 5c 29 e7 8d bc 7f a6 03 89 94 0f 65 c0 5a 1d 32 64 b5 57 ec 9d 8e 0f 7c ee 27 e3 6f 79 30 39 de
4e 3e 17 d9 79 f1 45 73 4d 67 66 12 ee 25 c1 15 fc da 0d f5 2c 8d d9 6e df ca 90 09 e0 65 10 34 bf f3 1d 7f 34 9e ec e0 1d 99
d2 35 95 77 fc b1 c2 47 e8 bf 90 0e 7a 59 0c 7e 33 f5 ff 1b 0e fc b5 fc ab 84 0d 77 07 c7 22 99 c3 b5 d0 45 64 e8 80 a3 3c 5e
d0 d2 90 35 b5 f7 77 df d2 0f 02 41 40 61 7e e3 2d 6f 5a 7f 1b 84 6c 76 2e 3d 92 2b b5 53 03 d1 d8 7c c0 f0 65 73 f1 7d cb 9b
09 4e 60 d1 b1 78 2e 73 ca 22 ae c2 5d 1d 5f d7 ac c8 f5 58 17 8f fd 35 bb d8 83 c1 cb 3a a2 4f cc 32 50 05 f7 68 ce 2f b6 24
df 92 fe 17 da 29 13 77 10 e7 aa 2e bb 7c a8 45 6b de 8a dd e7 ca 97 b6 c4 d9 8e 17 f3 5b c2 c7 94 0a 06 10 0c 2d 44 8d b7 18
88 24 19 c1 b1 8d ba d9 a9 70 54 30 bd 94 71 86 53 f3 d2 fb 78 0b 2d 86 21 64 43 5c 9c 21 0e 98 60 39 4e 05 aa b2 3f f1 b0 20
2c 62 f1 7b ef c3 24 73 f4 ec 5c 5d 73 39 e6 32 1c 65 d7 a0 c8 3f 66 2c 58 8d a5 bc 44 11 47 7a 30 b4 11 36 c4 88 a0 a6 3f ca
f3 c5 d5 c5 1b bb c3 a5 3d 16 60 c5 89 eb e5 dd 39 bd 1e 53 6f b5 c1 5a c6 13 22 6d ae 82 7a 1d 1f e9 5e ce 6b 30 bc ee 15 60
f3 ed 09 84 41 36 76 4a b8 8d 51 71 db 6f bd 32 81 ec e9 e5 96 a8 d4 08 d2 64 55 5e 76 0f 9b fc 62 4c 2c 87 fd 04 56 c9 bf b4
07 85 56 0a 6f 51 fc f6 63 e8 fc 82 bb 13 d1 9b 49 c4 56 bc c1 1b cd 1a 7b 21 27 86 d2 b6 7f d5 78 04 fa cf a1 ee f7 cf 29 19
16 32 6a 70 1f 22 3a 19 d4 a4 5d cc f6 87 b3 95 9a a0 36 dd f3 d8 b9 98 c9 78 9f 76 3b 4d 9c aa 09 3a 9d ed 43 17 5d 46 a7 6b
58 30 98 87 4c d6 da 79 6f e1 29 26 c1 2a 2d 49 79 1b 2d 88 1f 4d 54 f0 ce 0c 5d 22 59 b6 07 e3 0a 9d 24 12 63 87 4f a5 9d 6f
13 be c3 ec de b5 fb 69 50 b8 5a 36 14 13 7e ad 5e 26 9e 14 84 57 0d c4 0d 83 a2 d8 3b f9 e9 85 0d 45 4c 57 80 65 35 a8 99 8a
ee 26 2b ba d4 b1 c9 cd 35 09 69 85 75 f8 90 19 a9 28 05 81 5a e0 35 7d f9 2f 00 b9 66 73 44 c2 41 14 cc c9 ef 53 91 24 b2 04
ef 89 91 f8 63 6e a7 d4 87 c1 1c 9c 4c cb aa 91 1c 6c 57 b5 bb e7 e6 e7 48 c3 0a 28 a3 d1 d1 83 99 72 43 ea cc bb d3 3b 0c 11
28 29 95 b7 f9 c9 c7 33 3d 7d 8f b7 40 cd 5f 0b 55 85 cb 87 d8 15 a0 32 71 06 a1 e6 a7 52 71 d4 98 30 86 f6 32 ff 0e b8 b4 c6
7c 91 4d 02 c0 f5 6a 93 88 73 03 b2 93 38 6b 8e fb 26 48 b4 e1 31 02 cb ce f5 bb 72 da e1 27 9d 5d e8 eb 19 09 6d 8c db 07 fa
10 be 9e bc f5 c0 76 92 41 79 da b2 b1 bc a2 ad 05 21 44 fa 3b 8e a9 89 78 8f ac 23 e6 6e 04 88 c1 93 f3 f3 fe a8 c8 83 88 96
eb 38 5c 5c 28 f1 17 01 cc 78 3e 7c d8 f8 cc 92 b9 26 93 af 71 bf 3a e4 b6 84 8d 42 ce d4 bd f4 1a be 6f c3 31 b4 42 25 e7 a1
28 2d ec 09 64 29 66 1d 75 f7 b8 3d 69 b4 39 be 1b f5 4e 74 da f7 d3 56 41 47 d5 45 8e 71 aa 90 9c b0 2b e9 58 bb c4 2e 3a a5
c8 3d e6 62 c5 93 15 15 bf ed 52 e4 cd 3c ce a8 de 9f b2 2a f9 a2 7c c6 ea f4 b6 fe 51 ae 44 95 69 4d 8a b6 32 0a ab 92 01 83
01 a3 40 af a3 3a 7b 06 d5 a5 fd e5 ce 1d 2b 7a 72 c7 e2 ee f5 fd 5b 31 a3 59 04 2f bd 67 39 1e c5 e4 d1 89 2a 2e 52 10 14 1a
ff 46 25 d8 5b bb 99 5f 39 25 da d8 66 c6 5e 49 4e 93 01 b2 4a 11 3c 47 4c 7f 2a 73 45 78 47
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3 PRK (32 octets): 62 81 12 da e2 f7 02 48 80 63 e4 2d e6 c8 50 a5
7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19 c0 82 0b 90 90 3e 00 ab c3 18 75 da 03 d4 bc 5b
hash (32 octets): e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5 hash (32 octets): 07 07 dc ac 7b 2f a4 28 cc 7f 69 16 94 a2 59 0c
9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45 80 6a aa 5c 0c f5 08 7e d5 38 50 12 e7 f9 6c d4
info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 61 66 66 69 63 20 07 07 dc ac 7b 2f a4 28 cc 7f 69 16 94 a2 59
a5 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45 0c 80 6a aa 5c 0c f5 08 7e d5 38 50 12 e7 f9 6c d4
output (32 octets): b3 59 c9 26 e6 22 56 e6 10 3e 70 fb bc f9 07 expanded (32 octets): 74 3e 4c 6b 56 cf 39 09 d1 b0 6d 01 95 6c
cb 5e e7 56 20 f8 95 a8 b0 e8 c0 05 a4 df ff 75 6c cd 2c 4b 37 75 84 49 ae c4 1d 98 da e4 49 24 ea a2 99
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3 PRK (32 octets): 62 81 12 da e2 f7 02 48 80 63 e4 2d e6 c8 50 a5
7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19 c0 82 0b 90 90 3e 00 ab c3 18 75 da 03 d4 bc 5b
hash (32 octets): e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5 hash (32 octets): 07 07 dc ac 7b 2f a4 28 cc 7f 69 16 94 a2 59 0c
9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45 80 6a aa 5c 0c f5 08 7e d5 38 50 12 e7 f9 6c d4
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 61 66 66 69 63 20 07 07 dc ac 7b 2f a4 28 cc 7f 69 16 94 a2 59
a5 9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45 0c 80 6a aa 5c 0c f5 08 7e d5 38 50 12 e7 f9 6c d4
output (32 octets): 7f 64 01 84 e5 99 d2 8e c8 18 84 1c ff 13 92 expanded (32 octets): b6 b8 14 4a a3 35 ed 30 59 c0 c9 c8 f0 ec
30 d5 16 9f 16 3b 1f 52 70 12 a3 8e 5d b8 1f 7b 4e ab f7 af c9 4a f6 64 3b de cd fd 92 10 18 8f ab 74 51
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3 PRK (32 octets): 62 81 12 da e2 f7 02 48 80 63 e4 2d e6 c8 50 a5
7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19 c0 82 0b 90 90 3e 00 ab c3 18 75 da 03 d4 bc 5b
hash (32 octets): e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5 hash (32 octets): 07 07 dc ac 7b 2f a4 28 cc 7f 69 16 94 a2 59 0c
9d 7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45 80 6a aa 5c 0c f5 08 7e d5 38 50 12 e7 f9 6c d4
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 e4 72 ce 71 b4 9c c4 44 32 c4 09 f7 66 4b 84 a5 9d 74 65 72 20 07 07 dc ac 7b 2f a4 28 cc 7f 69 16 94 a2 59 0c 80
7a 68 3d 3d d2 da 22 7c 9b 98 42 3e a2 a1 45 6a aa 5c 0c f5 08 7e d5 38 50 12 e7 f9 6c d4
output (32 octets): 92 a0 34 07 bc bd c9 8d 26 ae 38 80 8b d6 f1 expanded (32 octets): fb 69 12 1c ea 33 4d b4 59 e1 22 72 d1 79
0c d0 47 14 2e c7 ef ac b8 f3 08 9a 7e 3e 52 87 d6 ba ca 23 69 b6 43 d1 1a 6a c7 2b 8b 27 a5 c9 64 fe b1
{server} derive write traffic keys for application data: {server} derive write traffic keys for application data:
PRK (32 octets): 7f 64 01 84 e5 99 d2 8e c8 18 84 1c ff 13 92 30 PRK (32 octets): b6 b8 14 4a a3 35 ed 30 59 c0 c9 c8 f0 ec ab f7
d5 16 9f 16 3b 1f 52 70 12 a3 8e 5d b8 1f 7b 4e af c9 4a f6 64 3b de cd fd 92 10 18 8f ab 74 51
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 9a 33 b7 ff 19 01 80 b3 05 47 fe 9f e3 12 key expanded (16 octets): ed c4 cb d0 04 1c 28 cc 71 67 44 1d 7c
74 09 a5 3e 6a
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): a1 18 3b 47 0d 16 7f 63 62 8d 8b 32 iv expanded (12 octets): bf 6c 7d 8e 0a 95 45 b4 27 dc f1 39
{server} derive read traffic keys for handshake data: {server} derive read traffic keys for handshake data:
PRK (32 octets): 1b 92 72 16 81 91 bc c8 5e 46 45 96 e1 0b 79 b8 PRK (32 octets): 2c 3c b2 4a 10 81 ed b5 95 18 ee 68 61 e8 9a 6b
09 a4 f6 36 02 e4 ad a5 b4 f2 c9 c0 b2 4d 27 37 72 b3 80 1a fe 77 13 e4 cb bc 21 c0 79 5b f8 31
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): e7 37 b9 b1 2f 31 56 81 54 fd 6b f2 53 22 key expanded (16 octets): 62 d1 3c 13 ff d7 40 2f c1 c0 9e 3d 16
ac 53 36 65 cb
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 4a a7 80 6d 4f 81 d5 93 7b 99 3b 26 iv expanded (12 octets): 71 66 f2 00 28 bf 14 6d cf bd 5a 40
{client} extract secret "early":
salt: (absent)
IKM (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c {client} extract secret "early" (same as server early secret)
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
IKM (32 octets): d6 ee 52 33 ce 08 89 3e a5 eb d5 0f 0d 8a 25 bf
ed 5f fd 57 82 32 31 19 46 91 bd 89 2b 8f 9a 50
secret (32 octets): 2e 91 52 b1 5c ec 8f 81 92 f3 d5 a0 72 08 ad {client} extract secret "handshake" (same as server handshake
48 a9 7b 4e 06 f2 b8 22 9d f6 7b 7d 47 3e a8 42 d3 secret)
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server master secret)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 50 56 0b ed 1e 47 38 91 2d 43 d3 15 99 e0 7d 5e
ad ea f2 6b 18 9e 7b 75 e9 87 6f 42 07 2f b0 33
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): 7d cd 41 e1 40 51 3f be 6a f5 22 a4 da 7f
57 5b
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): 77 ee 98 da ae 5c 82 24 7d 30 40 7f {client} derive read traffic keys for handshake data (same as server
handshake data write traffic keys)
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send change_cipher_spec record: {client} send change_cipher_spec record:
payload (1 octets): 01 payload (1 octets): 01
ciphertext (6 octets): 14 03 03 00 01 01 complete record (6 octets): 14 03 03 00 01 01
{client} derive write traffic keys for handshake data (same as {client} derive write traffic keys for handshake data (same as
server read traffic keys) server handshake data read traffic keys)
{client} derive read traffic keys for application data (same as {client} derive read traffic keys for application data (same as
server write traffic keys) server application data write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 1b 92 72 16 81 91 bc c8 5e 46 45 96 e1 0b 79 b8 PRK (32 octets): 2c 3c b2 4a 10 81 ed b5 95 18 ee 68 61 e8 9a 6b
09 a4 f6 36 02 e4 ad a5 b4 f2 c9 c0 b2 4d 27 37 72 b3 80 1a fe 77 13 e4 cb bc 21 c0 79 5b f8 31
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00 64 00
output (32 octets): 89 90 6b c2 96 20 2c dc 3c 10 2a 87 ff fe 99 expanded (32 octets): 77 34 1a bc 8c 0f fa b5 18 07 36 71 3e 41
cc cd b9 2c b1 94 d2 7a 8b 2b 21 10 e6 8b 41 0c 78 d2 f6 65 c4 10 a4 04 c8 c2 1e dc d9 48 a4 44 0f d8 0c
{client} send a Finished handshake message finished (32 octets): 69 2c ab 15 5c c6 c1 00 ea d6 07 33 d0 61
7f 6f b0 9b 71 aa 1e 8c 9a cc bb bc 9e 8e d3 36 c1 dd
{client} construct a Finished handshake message
Finished (36 octets): 14 00 00 20 69 2c ab 15 5c c6 c1 00 ea d6
07 33 d0 61 7f 6f b0 9b 71 aa 1e 8c 9a cc bb bc 9e 8e d3 36 c1
dd
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14 00 00 20 ed 87 35 55 93 d3 ef 08 33 0b 32 payload (36 octets): 14 00 00 20 69 2c ab 15 5c c6 c1 00 ea d6 07
69 13 0f e9 5f cd e6 3e 60 1d b1 85 88 35 e5 5b 45 c4 08 e5 c5 33 d0 61 7f 6f b0 9b 71 aa 1e 8c 9a cc bb bc 9e 8e d3 36 c1 dd
ciphertext (58 octets): 17 03 03 00 35 9a b0 af 58 6e 95 81 22 3d complete record (58 octets): 17 03 03 00 35 32 d0 30 e2 73 77 3a
c2 bb 71 4d 5b e3 9f c2 eb 04 31 35 84 82 25 23 6d 39 24 71 5e 86 96 c7 99 98 1a f6 ce d0 7f 87 48 2e 81 56 5e 39 4e 87 c8 67
f9 10 bc 81 4c 59 f6 d8 5a d2 a9 22 d5 c4 18 ba bc 48 fb 6b 3a f3 3d f3 d6 5b 75 06 f1 a6 26 af 91 d4 82 1d 5f 7a 1f 21 0e f8
bc 5e dd 3c 6d 16
{client} derive write traffic keys for application data: {client} derive write traffic keys for application data:
PRK (32 octets): b3 59 c9 26 e6 22 56 e6 10 3e 70 fb bc f9 07 cb PRK (32 octets): 74 3e 4c 6b 56 cf 39 09 d1 b0 6d 01 95 6c cd 2c
5e e7 56 20 f8 95 a8 b0 e8 c0 05 a4 df ff 75 6c 4b 37 75 84 49 ae c4 1d 98 da e4 49 24 ea a2 99
key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00 key info (13 octets): 00 10 09 74 6c 73 31 33 20 6b 65 79 00
key output (16 octets): de ef 7b 47 f8 c6 cd d2 dc 85 7a cf 80 a4 key expanded (16 octets): 33 d7 f9 70 97 56 c9 66 48 8a d4 43 84
67 5d 37 e6 73
iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00 iv info (12 octets): 00 0c 08 74 6c 73 31 33 20 69 76 00
iv output (12 octets): af b0 ec 8b 9a d9 04 61 f1 ec 04 b2 iv expanded (12 octets): c5 f3 0d 34 b0 e9 1b 7d 6c 8e ea 65
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 63 7d 72 8c c3 81 21 92 85 68 0b 8a bd 98 9c a3 PRK (32 octets): 62 81 12 da e2 f7 02 48 80 63 e4 2d e6 c8 50 a5
7a c7 36 68 0c cb 47 8a 0f 28 11 07 2a 89 88 19 c0 82 0b 90 90 3e 00 ab c3 18 75 da 03 d4 bc 5b
hash (32 octets): e8 2a 79 f7 32 a4 90 44 12 3b 22 ce f3 54 68 fb hash (32 octets): a0 21 d3 a0 5b d4 18 a7 72 81 38 75 ef 79 b0 af
db ab 49 f4 b3 a3 ae 5c 5d 34 e0 f1 12 a3 7c 01 68 c5 12 32 15 42 7a b7 33 3f 8c 27 72 2a 9f d5
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 e8 2a 79 f7 32 a4 90 44 12 3b 22 ce f3 54 68 fb db 74 65 72 20 a0 21 d3 a0 5b d4 18 a7 72 81 38 75 ef 79 b0 af 68
ab 49 f4 b3 a3 ae 5c 5d 34 e0 f1 12 a3 7c 01 c5 12 32 15 42 7a b7 33 3f 8c 27 72 2a 9f d5
output (32 octets): 87 33 e8 d1 4e b4 de f0 0b bb e3 f1 65 92 68 expanded (32 octets): 0b 5d 44 07 ce a0 a4 2a 3a 81 dd 47 76 47
73 44 5f 2b c0 23 3d e0 98 2b 59 35 ec 89 ca 50 78 b7 fe 91 80 db 29 7e 51 14 f1 ad 87 96 b4 dc 47 50 04
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as {server} derive read traffic keys for application data (same as
client write traffic keys) client application data write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 5e 7e 60 d9 38 04 1b 9a fd complete record (24 octets): 17 03 03 00 13 0f 62 91 55 38 2d ba
34 c2 ad ef 72 cb 00 a8 63 43 23 c4 e2 c5 f7 f8 4e 6f 2e d3 08 3d
{server} send alert record: {server} send alert record:
payload (2 octets): 01 00 payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 f8 11 03 38 e0 0b 60 4c f8 complete record (24 octets): 17 03 03 00 13 b7 25 7b 0f ec af 69
82 5f 93 d6 10 ee af 43 91 f8 d4 f0 9e 3f 89 1e 2a 25 d1 e2 88 45
8. Security Considerations 8. Security Considerations
It probably isn't a good idea to use the private key here. If it It probably isn't a good idea to use the private key here. If it
weren't for the fact that it is too small to provide any meaningful weren't for the fact that it is too small to provide any meaningful
security, it is now very well known. security, it is now very well known.
9. IANA Considerations 9. IANA Considerations
This document makes no requests of IANA. This document makes no requests of IANA.
10. References 10. References
10.1. Normative References 10.1. Normative References
[TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol [TLS13] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", draft-ietf-tls-tls13-28 (work in progress), Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
March 2018. <https://www.rfc-editor.org/info/rfc8446>.
10.2. Informative References 10.2. Informative References
[FIPS186] National Institute of Standards and Technology (NIST), [FIPS186] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", NIST PUB 186-4 , July "Digital Signature Standard (DSS)", NIST PUB 186-4 , July
2013. 2013.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869, Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010, DOI 10.17487/RFC5869, May 2010,
 End of changes. 453 change blocks. 
1303 lines changed or deleted 1601 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/