| < draft-ietf-tls-tls13-vectors-00.txt | draft-ietf-tls-tls13-vectors-01.txt > | |||
|---|---|---|---|---|
| HTTP M. Thomson | TLS M. Thomson | |||
| Internet-Draft Mozilla | Internet-Draft Mozilla | |||
| Intended status: Standards Track January 3, 2017 | Intended status: Standards Track June 30, 2017 | |||
| Expires: July 7, 2017 | Expires: January 1, 2018 | |||
| Example Handshake Traces for TLS 1.3 | Example Handshake Traces for TLS 1.3 | |||
| draft-ietf-tls-tls13-vectors-00 | draft-ietf-tls-tls13-vectors-01 | |||
| Abstract | Abstract | |||
| Examples of TLS 1.3 handshakes are shown. Private keys and inputs | Examples of TLS 1.3 handshakes are shown. Private keys and inputs | |||
| are provided so that these handshakes might be reproduced. | are provided so that these handshakes might be reproduced. | |||
| Intermediate values, including secrets, traffic keys and ivs are | Intermediate values, including secrets, traffic keys and ivs are | |||
| shown so that implementations might be checked incrementally against | shown so that implementations might be checked incrementally against | |||
| these values. | these values. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 7, 2017. | This Internet-Draft will expire on January 1, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 | 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 15 | 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 14 | |||
| 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 28 | 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 39 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 35 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 39 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 39 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 35 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 39 | 7.2. Informative References . . . . . . . . . . . . . . . . . 36 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 39 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 40 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36 | |||
| 1. Introduction | 1. Introduction | |||
| TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number | TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number | |||
| new cryptographic operations. This document includes sample | new cryptographic operations. This document includes sample | |||
| handshakes that show all intermediate values. This allows an | handshakes that show all intermediate values. This allows an | |||
| implementation to be verified incrementally, examining inputs and | implementation to be verified incrementally, examining inputs and | |||
| outputs of each cryptographic computation independently. | outputs of each cryptographic computation independently. | |||
| Private keys are included with the traces so that implementations can | Private keys are included with the traces so that implementations can | |||
| skipping to change at page 3, line 33 ¶ | skipping to change at page 3, line 33 ¶ | |||
| 37665fe5afa60596 9f8c01dfa5ca969d | 37665fe5afa60596 9f8c01dfa5ca969d | |||
| 3. Simple 1-RTT Handshake | 3. Simple 1-RTT Handshake | |||
| In this example, the simplest possible handshake is completed. The | In this example, the simplest possible handshake is completed. The | |||
| server is authenticated, but the client remains anonymous. After | server is authenticated, but the client remains anonymous. After | |||
| connecting, a few application data octets are exchanged. The server | connecting, a few application data octets are exchanged. The server | |||
| sends a session ticket that permits the use of 0-RTT in any resumed | sends a session ticket that permits the use of 0-RTT in any resumed | |||
| session. | session. | |||
| Note: This example doesn't include the calculation of the exporter | ||||
| secret. Support for that will be added to NSS soon. | ||||
| {client} create an ephemeral x25519 key pair: | {client} create an ephemeral x25519 key pair: | |||
| private key (32 octets): 00b4198a84ed6a7c 218702891735239d | private key (32 octets): 8d471715ed09bd58 e1ea7f90f4bd1b96 | |||
| 40b7c66505330364 3d3c67f7458ecbc9 | b23f5f53f6d1b3c5 8d12f5c06a3921a0 | |||
| public key (32 octets): 35e58b160db6124f 01a1d2475a22b72a | public key (32 octets): 1db0a34c651f3a3f 9011b8c1bdd7714a | |||
| bd6896701eed4c7e fd6124ee231ba458 | a3593833e2e37cea a3a4796f6ee35657 | |||
| {client} send a ClientHello handshake message | {client} send a ClientHello handshake message | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (512 octets): 010001fc03039a46 4db650dcc81fed6f | payload (512 octets): 010001fc0303e864 702db55462aa0e96 | |||
| 1fea635f15861574 c0ed0bfb5778de77 24fb927c5ef10000 | ed08c0d9a1dc18d5 1cffb1d668298ac0 45a2645780f30000 | |||
| 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | |||
| 27c014009eccaa00 3300320067003900 38006b0016001300 | 27c014009eccaa00 3300320067003900 38006b0016001300 | |||
| 9c002f003c003500 3d000a0005000401 000195001500fc00 | 9c002f003c003500 3d000a0005000401 0001950000000b00 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0900000673657276 6572ff0100010000 0a00140012001d00 | |||
| 1700180019010001 0101020103010400 0b00020100002300 | ||||
| 0000280026002400 1d00201db0a34c65 1f3a3f9011b8c1bd | ||||
| d7714aa3593833e2 e37ceaa3a4796f6e e35657002b000706 | ||||
| 7f1403030302000d 0020001e04030503 0603020308040805 | ||||
| 0806040105010601 0201040205020602 0202002d00020101 | ||||
| 001500fc00000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000b00 0900000673657276 | 0000000000000000 0000000000000000 | |||
| 6572ff0100010000 0a00140012001d00 1700180019010001 | ||||
| 0101020103010400 0b00020100002300 0000280026002400 | ||||
| 1d002035e58b160d b6124f01a1d2475a 22b72abd6896701e | ||||
| ed4c7efd6124ee23 1ba458002b000706 7f1203030302000d | ||||
| 0020001e04030503 0603020308040805 0806040105010601 | ||||
| 0201040205020602 0202002d00020101 | ||||
| ciphertext (517 octets): 1603010200010001 fc03039a464db650 | ciphertext (517 octets): 1603010200010001 fc0303e864702db5 | |||
| dcc81fed6f1fea63 5f15861574c0ed0b fb5778de7724fb92 | 5462aa0e96ed08c0 d9a1dc18d51cffb1 d668298ac045a264 | |||
| 7c5ef100003e1301 13031302c02bc02f cca9cca8c00ac009 | 5780f300003e1301 13031302c02bc02f cca9cca8c00ac009 | |||
| c013c023c027c014 009eccaa00330032 006700390038006b | c013c023c027c014 009eccaa00330032 006700390038006b | |||
| 00160013009c002f 003c0035003d000a 0005000401000195 | 00160013009c002f 003c0035003d000a 0005000401000195 | |||
| 001500fc00000000 0000000000000000 0000000000000000 | 0000000b00090000 06736572766572ff 01000100000a0014 | |||
| 0012001d00170018 0019010001010102 01030104000b0002 | ||||
| 0100002300000028 00260024001d0020 1db0a34c651f3a3f | ||||
| 9011b8c1bdd7714a a3593833e2e37cea a3a4796f6ee35657 | ||||
| 002b0007067f1403 030302000d002000 1e04030503060302 | ||||
| 0308040805080604 0105010601020104 0205020602020200 | ||||
| 2d00020101001500 fc00000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 0000000b00090000 | 0000000000000000 0000000000000000 0000000000 | |||
| 06736572766572ff 01000100000a0014 0012001d00170018 | ||||
| 0019010001010102 01030104000b0002 0100002300000028 | ||||
| 00260024001d0020 35e58b160db6124f 01a1d2475a22b72a | ||||
| bd6896701eed4c7e fd6124ee231ba458 002b0007067f1203 | ||||
| 030302000d002000 1e04030503060302 0308040805080604 | ||||
| 0105010601020104 0205020602020200 2d00020101 | ||||
| {server} extract secret "early": | {server} extract secret "early": | |||
| salt: (absent) | salt: (absent) | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| {server} create an ephemeral x25519 key pair: | {server} create an ephemeral x25519 key pair: | |||
| private key (32 octets): 03d43f48ed52076f 4ce9bab73d1f39ec | private key (32 octets): 8b587c8205a29c7e 7bce7475cfa595d3 | |||
| 689cf304075829f5 2b90f9f13bea6f34 | 78d09e79b25d7db9 07cd92259a628dc3 | |||
| public key (32 octets): a20ed1b7f2d96a7f 12568f0e460bb0fc | public key (32 octets): b80ea5ef65d8ee1b 524abb29c857142e | |||
| 86dc8d1db6c07d6b 10d4dc74aaac9219 | a9e4591fc0e38dc2 4d2361a3988be019 | |||
| {server} send a ServerHello handshake message | {server} send a ServerHello handshake message | |||
| {server} extract secret "handshake": | {server} derive secret for handshake "tls13 derived": | |||
| salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| ikm (32 octets): c08acc73ba101d7f ea86d223de32d9fc | hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 4948e14549368059 4b83b0a109f83649 | 27ae41e4649b934c a495991b7852b855 | |||
| secret (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | info (49 octets): 00200d746c733133 2064657269766564 | |||
| 23c406a12e652a8d 3ae4217694f49844 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 4ca495991b7852b8 55 | ||||
| {server} derive secret "client handshake traffic secret": | output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| 16c076189c48250c ebeac3576c3611ba | ||||
| PRK (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | {server} extract secret "handshake": | |||
| 23c406a12e652a8d 3ae4217694f49844 | ||||
| handshake hash (32 octets): 52c04472bdfe9297 72c98b91cf425f78 | salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| f47659be9d4a7d68 b9e29d162935e9b9 | 16c076189c48250c ebeac3576c3611ba | |||
| info (76 octets): 002028544c532031 2e332c20636c6965 | ikm (32 octets): 5aa03a79c923fa4c 683d9cba739516c4 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | c69ad15c0db40b7c 6e21e2ff71f40f06 | |||
| 7265742052c04472 bdfe929772c98b91 cf425f78f47659be | ||||
| 9d4a7d68b9e29d16 2935e9b9 | ||||
| output (32 octets): 6c6f274b1eae09b8 bbd2039b7eb56147 | secret (32 octets): e4e77cf10307c913 575026d3d193b181 | |||
| 201a5e19288a3fd5 04fa52b1178a6e93 | f90ee4aa69f53f17 3426d62704623e85 | |||
| {server} derive secret "server handshake traffic secret": | {server} derive secret "tls13 c hs traffic": | |||
| PRK (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | PRK (32 octets): e4e77cf10307c913 575026d3d193b181 | |||
| 23c406a12e652a8d 3ae4217694f49844 | f90ee4aa69f53f17 3426d62704623e85 | |||
| handshake hash (32 octets): 52c04472bdfe9297 72c98b91cf425f78 | hash (32 octets): 1d88ec0fc94ca5fc dbf7bd3f4be8dac8 | |||
| f47659be9d4a7d68 b9e29d162935e9b9 | 09f98d58af751934 771d7268c79310e3 | |||
| info (76 octets): 002028544c532031 2e332c2073657276 | info (54 octets): 002012746c733133 2063206873207472 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 6166666963201d88 ec0fc94ca5fcdbf7 bd3f4be8dac809f9 | |||
| 7265742052c04472 bdfe929772c98b91 cf425f78f47659be | 8d58af751934771d 7268c79310e3 | |||
| 9d4a7d68b9e29d16 2935e9b9 | ||||
| output (32 octets): b2c2663ed59e833b 17c68823516f11f1 | output (32 octets): 041ae38c959b6d93 7dba0da43d2b3bc0 | |||
| cb311855045d3ce4 6bfe8ac8889268d9 | a81da11279935399 5720bc155657934a | |||
| {server} derive secret "tls13 s hs traffic": | ||||
| PRK (32 octets): e4e77cf10307c913 575026d3d193b181 | ||||
| f90ee4aa69f53f17 3426d62704623e85 | ||||
| hash (32 octets): 1d88ec0fc94ca5fc dbf7bd3f4be8dac8 | ||||
| 09f98d58af751934 771d7268c79310e3 | ||||
| info (54 octets): 002012746c733133 2073206873207472 | ||||
| 6166666963201d88 ec0fc94ca5fcdbf7 bd3f4be8dac809f9 | ||||
| 8d58af751934771d 7268c79310e3 | ||||
| output (32 octets): b05eae2a3c213f62 9ff677f9afff5589 | ||||
| 368b1baf54b1bdc6 80f43b4e523f1e3b | ||||
| {server} derive secret for master "tls13 derived": | ||||
| PRK (32 octets): e4e77cf10307c913 575026d3d193b181 | ||||
| f90ee4aa69f53f17 3426d62704623e85 | ||||
| hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | ||||
| 27ae41e4649b934c a495991b7852b855 | ||||
| info (49 octets): 00200d746c733133 2064657269766564 | ||||
| 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | ||||
| 4ca495991b7852b8 55 | ||||
| output (32 octets): 7ed62a7bc6fb30cf 5f526ab9cb7dcc25 | ||||
| cdd239c36a2985b6 938ce1619bf2647d | ||||
| {server} extract secret "master": | {server} extract secret "master": | |||
| salt (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | salt (32 octets): 7ed62a7bc6fb30cf 5f526ab9cb7dcc25 | |||
| 23c406a12e652a8d 3ae4217694f49844 | cdd239c36a2985b6 938ce1619bf2647d | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | secret (32 octets): e845be8dbb7556ed 9a4921f663c88cd6 | |||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | 8387f72e4e2572dc 59f22c5cda035862 | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (82 octets): 0200004e7f1298e3 4364038683391cbe | payload (82 octets): 0200004e7f14a6b9 ce3215b325616f22 | |||
| c1039aa0fba2f496 d8c8e6327151cc94 bbc5ef7390751301 | 48f11f776a98d174 8e895118182143cc 67c46f3f11831301 | |||
| 002800280024001d 0020a20ed1b7f2d9 6a7f12568f0e460b | 002800280024001d 0020b80ea5ef65d8 ee1b524abb29c857 | |||
| b0fc86dc8d1db6c0 7d6b10d4dc74aaac 9219 | 142ea9e4591fc0e3 8dc24d2361a3988b e019 | |||
| ciphertext (87 octets): 1603010052020000 4e7f1298e3436403 | ciphertext (87 octets): 1603010052020000 4e7f14a6b9ce3215 | |||
| 8683391cbec1039a a0fba2f496d8c8e6 327151cc94bbc5ef | b325616f2248f11f 776a98d1748e8951 18182143cc67c46f | |||
| 7390751301002800 280024001d0020a2 0ed1b7f2d96a7f12 | 3f11831301002800 280024001d0020b8 0ea5ef65d8ee1b52 | |||
| 568f0e460bb0fc86 dc8d1db6c07d6b10 d4dc74aaac9219 | 4abb29c857142ea9 e4591fc0e38dc24d 2361a3988be019 | |||
| {server} derive write traffic keys using label "handshake data": | {server} derive write traffic keys for handshake data: | |||
| PRK (32 octets): b2c2663ed59e833b 17c68823516f11f1 | PRK (32 octets): b05eae2a3c213f62 9ff677f9afff5589 | |||
| cb311855045d3ce4 6bfe8ac8889268d9 | 368b1baf54b1bdc6 80f43b4e523f1e3b | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): acd79b9ecb64a1ab 61b77b11a03eb976 | key output (16 octets): 1837f9353c2e7a0d 279923526c53aead | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): a353bfcdf9695a2a 09c2e293 | iv output (12 octets): 876dd44a5f0cc952 08425386 | |||
| {server} send a EncryptedExtensions handshake message | {server} send a EncryptedExtensions handshake message | |||
| {server} send a Certificate handshake message | {server} send a Certificate handshake message | |||
| {server} send a CertificateVerify handshake message | {server} send a CertificateVerify handshake message | |||
| {server} calculate finished: | {server} calculate finished "tls13 finished": | |||
| PRK (32 octets): b2c2663ed59e833b 17c68823516f11f1 | PRK (32 octets): b05eae2a3c213f62 9ff677f9afff5589 | |||
| cb311855045d3ce4 6bfe8ac8889268d9 | 368b1baf54b1bdc6 80f43b4e523f1e3b | |||
| handshake hash (0 octets): (empty) | hash (0 octets): (empty) | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| output (32 octets): 6378b7e68a7b3a12 8c3de8df9346e410 | output (32 octets): 15348eafde4ec0f8 3808818c95c7b285 | |||
| 9fdf04ca088904df 69115284c9e34d8a | acf763920eef62ac 0e314b391632ad9e | |||
| {server} send a Finished handshake message | {server} send a Finished handshake message | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (651 octets): 0800001e001c000a 00140012001d0017 | payload (651 octets): 0800001e001c000a 00140012001d0017 | |||
| 0018001901000101 0102010301040000 00000b0001b90000 | 0018001901000101 0102010301040000 00000b0001b90000 | |||
| 01b50001b0308201 ac30820115a00302 0102020102300d06 | 01b50001b0308201 ac30820115a00302 0102020102300d06 | |||
| 092a864886f70d01 010b0500300e310c 300a060355040313 | 092a864886f70d01 010b0500300e310c 300a060355040313 | |||
| 03727361301e170d 3136303733303031 323335395a170d32 | 03727361301e170d 3136303733303031 323335395a170d32 | |||
| 3630373330303132 3335395a300e310c 300a060355040313 | 3630373330303132 3335395a300e310c 300a060355040313 | |||
| 0372736130819f30 0d06092a864886f7 0d01010105000381 | 0372736130819f30 0d06092a864886f7 0d01010105000381 | |||
| 8d00308189028181 00b4bb498f827930 3d980836399b36c6 | 8d00308189028181 00b4bb498f827930 3d980836399b36c6 | |||
| 988c0c68de55e1bd b826d3901a2461ea fd2de49a91d015ab | 988c0c68de55e1bd b826d3901a2461ea fd2de49a91d015ab | |||
| bc9a95137ace6c1a f19eaa6af98c7ced 43120998e187a80e | bc9a95137ace6c1a f19eaa6af98c7ced 43120998e187a80e | |||
| e0ccb0524b1b018c 3e0b63264d449a6d 38e22a5fda430846 | e0ccb0524b1b018c 3e0b63264d449a6d 38e22a5fda430846 | |||
| 748030530ef0461c 8ca9d9efbfae8ea6 d1d03e2bd193eff0 | 748030530ef0461c 8ca9d9efbfae8ea6 d1d03e2bd193eff0 | |||
| ab9a8002c47428a6 d35a8d88d79f7f1e 3f0203010001a31a | ab9a8002c47428a6 d35a8d88d79f7f1e 3f0203010001a31a | |||
| 301830090603551d 1304023000300b06 03551d0f04040302 | 301830090603551d 1304023000300b06 03551d0f04040302 | |||
| 05a0300d06092a86 4886f70d01010b05 000381810085aad2 | 05a0300d06092a86 4886f70d01010b05 000381810085aad2 | |||
| a0e5b9276b908c65 f73a7267170618a5 4c5f8a7b337d2df7 | a0e5b9276b908c65 f73a7267170618a5 4c5f8a7b337d2df7 | |||
| a594365417f2eae8 f8a58c8f8172f931 9cf36b7fd6c55b80 | a594365417f2eae8 f8a58c8f8172f931 9cf36b7fd6c55b80 | |||
| f21a030151567260 96fd335e5e67f2db f102702e608ccae6 | f21a030151567260 96fd335e5e67f2db f102702e608ccae6 | |||
| bec1fc63a42a99be 5c3eb7107c3c54e9 b9eb2bd5203b1c3b | bec1fc63a42a99be 5c3eb7107c3c54e9 b9eb2bd5203b1c3b | |||
| 84e0a8b2f759409b a3eac9d91d402dcc 0cc8f8961229ac91 | 84e0a8b2f759409b a3eac9d91d402dcc 0cc8f8961229ac91 | |||
| 87b42b4de100000f 000084080400808d 8d5ed7ee8e4fa552 | 87b42b4de100000f 0000840804008052 e8915b097ea305da | |||
| aaa1279b8f5c39e4 394cf20e8c53ef1a de12f9bd92337169 | d8a511a03ea45c34 a14e04a1f13a8b45 279654262702f9d8 | |||
| b218e4746b19817c bdef9410151cbf31 43ecc1c075076d97 | b2b1897bfebae516 09b265eae67dc898 0ef9aac9514e84b3 | |||
| 71379ccca365ce01 d0dcce2ba1ea4a5e 4e37f362594574c3 | 3b1d8dc3105e5139 5854964d9bca28e8 aab0b968808c4d99 | |||
| e6cb1a4afcfa3547 ce08155de7a6cc3d b9752478913db105 | 4c963253d13dc1ed c98945fa0c72cb74 959d9204740e968b | |||
| 47cf2013b24f3fcd 61a2dbe6d2a7dc25 97ddf880ec1f5814 | 9dbc9d97914fb2fb e9671300d3aeb5eb 40d3fe5ad425e014 | |||
| 00002051f933cd8e fe503845c33b8711 9fc67d4991b6ffa9 | 0000200d2c10fab6 abf8cbaa97b91816 2516fdfb4a1129c3 | |||
| f520ae0b1a37f7ea bb2ecc | 98bb5fe97848d910 208036 | |||
| ciphertext (673 octets): 170301029c4e1f34 2dba17a54a09f7a1 | ciphertext (673 octets): 170301029cda8377 df12c42a7c157681 | |||
| 8ffb2c6a29df17a6 db843044c52861bf 78988527ce366159 | 92a0a724c1a2a070 4f4901e91dd4a873 3dcee9461401f7c7 | |||
| e6a24871b704d2b9 fade56488921796d 719173a753bdfec8 | ad2b7584fe18d87b d12d05d718c46c04 3deef39e63b7a50e | |||
| 0554c8c15e128695 450ccfdde1204ffd 2fb1ecdcd87b8070 | 747de04a55d8074a 14ff21803864d8ee 65482da8b307ed8f | |||
| 644eb5a6b86ec951 aba3ed314754a2f3 14d4d2620b92da1f | 11df14701c81bd3b ba9f86f7e83a392f 23532abd49396450 | |||
| 28f24b9559d76b67 a7b35c17cc231ba5 77a94fb2be59c74f | f3cf32d369b27eb9 2427ace4f141defe fa777cb75c5fa511 | |||
| 84c8c78bf5faf4cb b2f8a37091580743 3c67d9f4e1b1923a | 90d2399035164350 f0d59cdba5369141 d453467634ed876c | |||
| 3969b85a2ae9064e 34e84363aae43aa9 f58717836a017b9c | 3e423b715d47272f f84b0e797850c89d ce8119b45af1c439 | |||
| 33c3ad733c2fd3ce 288ae362764403d0 102a371047d9e49d | 0e5c66661f4ed0e6 ca7018d189d71e76 7addc2e28f48ccd3 | |||
| f9b30596262b1704 f0e9839fff5641ba a7041a4bcf9e4d46 | c61b236fb02160f2 38763de832b8f5b1 76d29809e6d95123 | |||
| 7108922fc0ea0bc1 48dab2ebdd155f51 76c632be04a7c610 | 0fb0fb0a66c0d4c4 11a0fdd1fd7b3f54 7b0abfd5f4df3b60 | |||
| 3fbc92754dba7962 4f8a09f8e8d65c17 eee87f98636fbc93 | a4aa4a230a69d7e0 b28c71a1bcbbc071 0474e682c1a27912 | |||
| bb734674b80d183c da904200a20d8f15 0a214902b6953209 | bc4463688b2d781f 0c41e48dd169378f d5a9416ce1e89930 | |||
| aa2431c3973bda3b d92a33878baca7b9 0507f433a55f2fe8 | a5166a4c6cf52b80 14c368a52ed0173e 56758688b99838f9 | |||
| f0db81898ebacf31 b68eaabfa27c39b6 a2453a322c005030 | d54e4139e5bf34ff 4a5295dd6183774a db81074abd9a8ccd | |||
| 4e60bf53f0402b38 65b43fe5a7454c13 17a2dc76d1323fb1 | 621afc59b311cc65 0f28ce32b78fe0bc 5ea36a868bcd43ab | |||
| aa553996876a0dfe 8e789d6adf3dc85b 0636bb58a96e6aad | f2c49223eb02318a 609820cb516afc69 89593e77002be6d8 | |||
| 851e7a6fc1dfa796 ec65e33bf9e3c05d 6de35f11e1f32731 | 4b2b84159ce70e50 868fc8fd42b0d123 976f8caaf363b68d | |||
| fb9550a60cb75e90 9345eb0edb81f99f cad883cb41d4a3ef | c390dc07ee9fa818 22840d3c3bfe2e3c 62df1e98ce6acdb6 | |||
| 7cbe671b92a8176b 472772be401b83a4 99b06b7ab0a1d9cd | 6f65a6b7f39599ab c21a9c6e1e3ec631 3bcf3a3add55f786 | |||
| 795e5ba0b67ce2d6 5c45565028824aa2 08797f405bbcf243 | 595b394e05dbc16d 66953061ffb564d7 2f023f74b3798e16 | |||
| 27dd69a1d986032f 544b15d110e4d8c4 681cb85c09960adb | 3454e8d206aa0e0a a737f5abe22df433 9ba24ce9500005aa | |||
| 57fb9723eef0e0bb 275552af25fbdfc1 a4215adf14a9dba2 | 82ea5af110a202f8 24fd9f561e57f2cd 5a54b42d672401cc | |||
| 4462dd095f1a78f5 6ed6db3de139936f 14b091ab7f4adc81 | ea1ef5a9967ecc65 b735a7b860156954 04e027e756157a3f | |||
| c277e68bfb6fd925 d92c06c0a4ddd105 9c071073a8a2e987 | 88546d127c53d638 54032aafb7760205 60defc8e8f98853c | |||
| f98948599f27bf6d 1f4369ac6c5a3323 2932fb8aa52ec4e1 | 40dd3c2772e619e4 723f2936c3b6da21 9d00caa6c13d77d9 | |||
| 85790dff0ef5eee0 13b4e90b5bc1cd4a c42b7ce82d856cc0 | cfb6acfa3148fb1a 45ffcc9594f43fb2 af18f1e54ef1750f | |||
| f5d1c80400e68d61 b434cec56d437141 1e31849d4cf88862 | 21bddce6449807b2 e7e8090ffda954a7 302722f2ea1333eb | |||
| 8ba288548df6a19e c4 | e85fcb49ae7871d2 38 | |||
| {server} derive secret "client application traffic secret": | {server} derive secret "tls13 c ap traffic": | |||
| PRK (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | PRK (32 octets): e845be8dbb7556ed 9a4921f663c88cd6 | |||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | 8387f72e4e2572dc 59f22c5cda035862 | |||
| handshake hash (32 octets): f610f8a56a05fab4 c6fef3579180d575 | hash (32 octets): 0e69e4a8fd0448d1 3862dc670e97c44f | |||
| 79c1a24e01fe709d 97bd49750576c241 | c157d1adc99f3639 c9bd3f9dbc2990cf | |||
| info (78 octets): 00202a544c532031 2e332c20636c6965 | info (54 octets): 002012746c733133 2063206170207472 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 6166666963200e69 e4a8fd0448d13862 dc670e97c44fc157 | |||
| 656372657420f610 f8a56a05fab4c6fe f3579180d57579c1 | d1adc99f3639c9bd 3f9dbc2990cf | |||
| a24e01fe709d97bd 49750576c241 | ||||
| output (32 octets): d0886eee6eef4411 5c74ba22e546e115 | output (32 octets): 9e0bf6b565b4c386 d3f0a7faaecffac8 | |||
| 752832743916a01b 1d6a60517bbf2997 | 76716d97ef7e1920 9b6a82fbc2e78ab6 | |||
| {server} derive secret "server application traffic secret": | {server} derive secret "tls13 s ap traffic": | |||
| PRK (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | PRK (32 octets): e845be8dbb7556ed 9a4921f663c88cd6 | |||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | 8387f72e4e2572dc 59f22c5cda035862 | |||
| handshake hash (32 octets): f610f8a56a05fab4 c6fef3579180d575 | hash (32 octets): 0e69e4a8fd0448d1 3862dc670e97c44f | |||
| 79c1a24e01fe709d 97bd49750576c241 | c157d1adc99f3639 c9bd3f9dbc2990cf | |||
| info (78 octets): 00202a544c532031 2e332c2073657276 | info (54 octets): 002012746c733133 2073206170207472 | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | 6166666963200e69 e4a8fd0448d13862 dc670e97c44fc157 | |||
| 656372657420f610 f8a56a05fab4c6fe f3579180d57579c1 | d1adc99f3639c9bd 3f9dbc2990cf | |||
| a24e01fe709d97bd 49750576c241 | ||||
| output (32 octets): b8dac8d7e56af263 b53ff4cc720ce286 | output (32 octets): d4a9974dc6c15c4b d5e35add69b1a20c | |||
| 41053666877dc200 d3abec0b60ab4a4f | b78affe36ab431e8 264567a25f89d35b | |||
| {server} derive secret "exporter master secret": | {server} derive secret "tls13 exp master": | |||
| PRK (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | PRK (32 octets): e845be8dbb7556ed 9a4921f663c88cd6 | |||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | 8387f72e4e2572dc 59f22c5cda035862 | |||
| handshake hash (32 octets): f610f8a56a05fab4 c6fef3579180d575 | hash (32 octets): 0e69e4a8fd0448d1 3862dc670e97c44f | |||
| 79c1a24e01fe709d 97bd49750576c241 | c157d1adc99f3639 c9bd3f9dbc2990cf | |||
| info (67 octets): 00201f544c532031 2e332c206578706f | info (52 octets): 002010746c733133 20657870206d6173 | |||
| 72746572206d6173 7465722073656372 657420f610f8a56a | 746572200e69e4a8 fd0448d13862dc67 0e97c44fc157d1ad | |||
| 05fab4c6fef35791 80d57579c1a24e01 fe709d97bd497505 76c241 | c99f3639c9bd3f9d bc2990cf | |||
| output (32 octets): 5f52032864fadbcc 0d87afb4cafc7f53 | output (32 octets): 8169817e9b02ed1e b731b3bcfd656f73 | |||
| 3393e51a2cca21fa 2f31a99b0e07f6c4 | a674abad0541074c 9c2ce0f1dda661b2 | |||
| {server} derive write traffic keys using label "application data": | {server} derive write traffic keys for application data: | |||
| PRK (32 octets): b8dac8d7e56af263 b53ff4cc720ce286 | PRK (32 octets): d4a9974dc6c15c4b d5e35add69b1a20c | |||
| 41053666877dc200 d3abec0b60ab4a4f | b78affe36ab431e8 264567a25f89d35b | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): 5fa2db5d9b4c104d 51217b0c144f35b7 | key output (16 octets): 474c6c4d95e3c4a7 c83d2a327573ad7a | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): cbbd55b839920e04 e1d775ab | iv output (12 octets): 57ae1cf30df22bd5 cc6c5903 | |||
| {server} derive read traffic keys using label "handshake data": | {server} derive read traffic keys for handshake data: | |||
| PRK (32 octets): 6c6f274b1eae09b8 bbd2039b7eb56147 | PRK (32 octets): 041ae38c959b6d93 7dba0da43d2b3bc0 | |||
| 201a5e19288a3fd5 04fa52b1178a6e93 | a81da11279935399 5720bc155657934a | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): 86a3c174990039e0 81d021981c5f1465 | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | key output (16 octets): cacd295502a93689 37e8a8c58962b485 | |||
| iv output (12 octets): 53fa86476124ba4a db28355c | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): 692cb0e95a3e2c80 7ac13112 | ||||
| {client} extract secret "early": | {client} extract secret "early": | |||
| salt: (absent) | salt: (absent) | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| {client} extract secret "handshake": | {client} derive secret for handshake "tls13 derived": | |||
| salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| ikm (32 octets): c08acc73ba101d7f ea86d223de32d9fc | hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 4948e14549368059 4b83b0a109f83649 | 27ae41e4649b934c a495991b7852b855 | |||
| secret (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | ||||
| 23c406a12e652a8d 3ae4217694f49844 | ||||
| {client} derive secret "client handshake traffic secret": | ||||
| PRK (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | info (49 octets): 00200d746c733133 2064657269766564 | |||
| 23c406a12e652a8d 3ae4217694f49844 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 4ca495991b7852b8 55 | ||||
| handshake hash (32 octets): 52c04472bdfe9297 72c98b91cf425f78 | output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| f47659be9d4a7d68 b9e29d162935e9b9 | 16c076189c48250c ebeac3576c3611ba | |||
| info (76 octets): 002028544c532031 2e332c20636c6965 | {client} extract secret "handshake": | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | ||||
| 7265742052c04472 bdfe929772c98b91 cf425f78f47659be | ||||
| 9d4a7d68b9e29d16 2935e9b9 | ||||
| output (32 octets): 6c6f274b1eae09b8 bbd2039b7eb56147 | salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| 201a5e19288a3fd5 04fa52b1178a6e93 | 16c076189c48250c ebeac3576c3611ba | |||
| {client} derive secret "server handshake traffic secret": | ikm (32 octets): 5aa03a79c923fa4c 683d9cba739516c4 | |||
| c69ad15c0db40b7c 6e21e2ff71f40f06 | ||||
| PRK (32 octets): 31168cad69862a80 c6f6bfd42897d0fe | secret (32 octets): e4e77cf10307c913 575026d3d193b181 | |||
| 23c406a12e652a8d 3ae4217694f49844 | f90ee4aa69f53f17 3426d62704623e85 | |||
| handshake hash (32 octets): 52c04472bdfe9297 72c98b91cf425f78 | {client} derive secret "tls13 c hs traffic" (same as server) | |||
| f47659be9d4a7d68 b9e29d162935e9b9 | ||||
| info (76 octets): 002028544c532031 2e332c2073657276 | {client} derive secret "tls13 s hs traffic" (same as server) | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | ||||
| 7265742052c04472 bdfe929772c98b91 cf425f78f47659be | ||||
| 9d4a7d68b9e29d16 2935e9b9 | ||||
| output (32 octets): b2c2663ed59e833b 17c68823516f11f1 | {client} derive secret for master "tls13 derived" (same as server) | |||
| cb311855045d3ce4 6bfe8ac8889268d9 | ||||
| {client} extract secret "master" (same as server) | {client} extract secret "master" (same as server) | |||
| {client} derive read traffic keys using label "handshake data": | {client} derive read traffic keys for handshake data: | |||
| PRK (32 octets): b2c2663ed59e833b 17c68823516f11f1 | ||||
| cb311855045d3ce4 6bfe8ac8889268d9 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ||||
| key output (16 octets): acd79b9ecb64a1ab 61b77b11a03eb976 | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): a353bfcdf9695a2a 09c2e293 | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): b2c2663ed59e833b 17c68823516f11f1 | ||||
| cb311855045d3ce4 6bfe8ac8889268d9 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 6378b7e68a7b3a12 8c3de8df9346e410 | ||||
| 9fdf04ca088904df 69115284c9e34d8a | ||||
| {client} derive write traffic keys using label "handshake data" | ||||
| (same as server read traffic keys) | ||||
| {client} derive secret "client application traffic secret": | ||||
| PRK (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | ||||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | ||||
| handshake hash (32 octets): f610f8a56a05fab4 c6fef3579180d575 | PRK (32 octets): b05eae2a3c213f62 9ff677f9afff5589 | |||
| 79c1a24e01fe709d 97bd49750576c241 | 368b1baf54b1bdc6 80f43b4e523f1e3b | |||
| info (78 octets): 00202a544c532031 2e332c20636c6965 | key info (13 octets): 001009746c733133 206b657900 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | ||||
| 656372657420f610 f8a56a05fab4c6fe f3579180d57579c1 | ||||
| a24e01fe709d97bd 49750576c241 | ||||
| output (32 octets): d0886eee6eef4411 5c74ba22e546e115 | key output (16 octets): 1837f9353c2e7a0d 279923526c53aead | |||
| 752832743916a01b 1d6a60517bbf2997 | ||||
| {client} derive secret "server application traffic secret": | iv info (12 octets): 000c08746c733133 20697600 | |||
| PRK (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | iv output (12 octets): 876dd44a5f0cc952 08425386 | |||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | ||||
| handshake hash (32 octets): f610f8a56a05fab4 c6fef3579180d575 | {client} calculate finished "tls13 finished" (same as server) | |||
| 79c1a24e01fe709d 97bd49750576c241 | ||||
| info (78 octets): 00202a544c532031 2e332c2073657276 | {client} derive secret "tls13 c ap traffic" (same as server) | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | ||||
| 656372657420f610 f8a56a05fab4c6fe f3579180d57579c1 | ||||
| a24e01fe709d97bd 49750576c241 | ||||
| output (32 octets): b8dac8d7e56af263 b53ff4cc720ce286 | {client} derive secret "tls13 s ap traffic" (same as server) | |||
| 41053666877dc200 d3abec0b60ab4a4f | ||||
| {client} derive secret "exporter master secret" (same as server) | {client} derive secret "tls13 exp master" (same as server) | |||
| {client} derive write traffic keys for handshake data (same as | ||||
| server read traffic keys) | ||||
| {client} derive read traffic keys using label "application data" | {client} derive read traffic keys for application data (same as | |||
| (same as server write traffic keys) | server write traffic keys) | |||
| {client} calculate finished: | {client} calculate finished "tls13 finished": | |||
| PRK (32 octets): 6c6f274b1eae09b8 bbd2039b7eb56147 | PRK (32 octets): 041ae38c959b6d93 7dba0da43d2b3bc0 | |||
| 201a5e19288a3fd5 04fa52b1178a6e93 | a81da11279935399 5720bc155657934a | |||
| handshake hash (0 octets): (empty) | hash (0 octets): (empty) | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| output (32 octets): f28fcafbd1390f7c 5d0a306095890ee3 | output (32 octets): 507651b6fa3d5622 34091e1cdf3c7fba | |||
| e62d071262778959 6388fc228d67abac | bf2f235272831b99 dcc2accc8afb563e | |||
| {client} send a Finished handshake message | {client} send a Finished handshake message | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (36 octets): 140000201a5eb0ba 5f92f34ed0059d64 | ||||
| cedd2a7d208f25f0 0e28138117fb3974 d415776a | ||||
| ciphertext (58 octets): 1703010035161e94 818226d7bd618063 | ||||
| 0804644debc52bdd 661034243217ac45 a084228c82086baa | ||||
| 4893ecfc969624d6 8e19d88c3e67ccb4 8bdf | ||||
| {client} derive write traffic keys using label "application data": | ||||
| PRK (32 octets): d0886eee6eef4411 5c74ba22e546e115 | payload (36 octets): 14000020c87d6dd1 50b92a473cbff566 | |||
| 752832743916a01b 1d6a60517bbf2997 | 34f50b2ecba977b4 afa29a0fb654a8be 22124aae | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ciphertext (58 octets): 17030100356d8eca 3665769dee5093cd | |||
| a2cbe4704aa214a9 4e399428cb0d584e 1878ce907f557200 | ||||
| ac1fd645c5285afa cd7570117b61501c 7586 | ||||
| key output (16 octets): 7c0d9bd5eced0f0c cc541dd3b7775490 | {client} derive write traffic keys for application data: | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | PRK (32 octets): 9e0bf6b565b4c386 d3f0a7faaecffac8 | |||
| 76716d97ef7e1920 9b6a82fbc2e78ab6 | ||||
| iv output (12 octets): 41b32fd4039bf79c 1762e25c | key info (13 octets): 001009746c733133 206b657900 | |||
| {client} derive secret "resumption master secret": | key output (16 octets): ac773626f67dfa1b 2bdae44cf89d424f | |||
| PRK (32 octets): 24bc43c2d11c895e b2d5f78b6fdf9cf5 | iv info (12 octets): 000c08746c733133 20697600 | |||
| a50c336573b2d2e9 6d4d5cc82a64c0e9 | ||||
| handshake hash (32 octets): aa0b1e200d4fff65 669d70b742e99143 | iv output (12 octets): 2726987b7549397b 1a8e0363 | |||
| 5bc93874ca864420 620acf75242fb0c3 | ||||
| info (69 octets): 002021544c532031 2e332c2072657375 | {client} derive secret "tls13 res master": | |||
| 6d7074696f6e206d 6173746572207365 6372657420aa0b1e | ||||
| 200d4fff65669d70 b742e991435bc938 74ca864420620acf 75242fb0c3 | ||||
| output (32 octets): 0a3495607f1f8cda df1ca4ca7fb1fe10 | PRK (32 octets): e845be8dbb7556ed 9a4921f663c88cd6 | |||
| 19d122e324eeb81d 8d372d3c6f27ca17 | 8387f72e4e2572dc 59f22c5cda035862 | |||
| {server} calculate finished: | hash (32 octets): 949f8ad1a8ce89e6 ff48d2dfa9da007f | |||
| 3db6820ab1c23d66 0011167a8093751b | ||||
| PRK (32 octets): 6c6f274b1eae09b8 bbd2039b7eb56147 | info (52 octets): 002010746c733133 20726573206d6173 | |||
| 201a5e19288a3fd5 04fa52b1178a6e93 | 74657220949f8ad1 a8ce89e6ff48d2df a9da007f3db6820a | |||
| b1c23d660011167a 8093751b | ||||
| handshake hash (0 octets): (empty) | output (32 octets): 692dcd005454d3f6 1313150d8414bc06 | |||
| f63fdaaad6e60d4d fcf0ee4350b9fc38 | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | {server} calculate finished "tls13 finished" (same as client) | |||
| output (32 octets): f28fcafbd1390f7c 5d0a306095890ee3 | {server} derive read traffic keys for application data (same as | |||
| e62d071262778959 6388fc228d67abac | client write traffic keys) | |||
| {server} derive read traffic keys using label "application data" | {server} derive secret "tls13 res master" (same as client) | |||
| (same as client write traffic keys) | ||||
| {server} derive secret "resumption master secret" (same as client) | ||||
| {server} send a SessionTicket handshake message | {server} send a SessionTicket handshake message | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (170 octets): 040000a60002a300 50fabab700924e53 | payload (186 octets): 040000b60000001e f1655d5400a299b4 | |||
| 5321e5c102aa2498 52ac81f080bc62bd 5e696a0d8a2130e9 | f88531f21efd8d98 e8ad000000007142 3911a9eb9f743d9b | |||
| 80e37b9035aa0050 403a09451c497f08 25609bac976c59f2 | e589bc89f05a0060 b46fab142a9b5055 5b729017a7235dc3 | |||
| d53f159051d2fc5f cf4bd68ae4886dd9 a05144d07c5a2646 | 8f9b80550570fce6 34302954540f8537 20d53a1e3eb34357 | |||
| 177e94015f764edd 5ecf3b7ea4042f29 a6225092b11ba8ec | e6161c2655fde96d 7bcbb978c074c269 2696124089322d61 | |||
| 20e17c5c6fff9a38 c56cf2373b2bd538 60e5b0b983e82aa2 | d5747dfd20d4b19d b61193d698283808 1bf8c7fde1740823 | |||
| ae72cb225b9d6951 67ed0963cceabfa1 09e1b2e5104fec34 | e87e58289843230f 28a9fbe716cb5594 1a5dd7151c873aba | |||
| 0008002e00040002 0000 | 36ae8cff557bb3f7 d2bfc7f126a25234 0008002a00040000 0400 | |||
| ciphertext (192 octets): 17030100bbe6b3e9 89df694688f29f5d | ciphertext (208 octets): 17030100cbf400c9 f93f3a2e22b8c810 | |||
| a42d9f56053fc6d2 f73ee23accad26f9 599ee4dcf4e0cf9e | 0a0ae955290eea5b 8c2288d72ebdb6b1 2a9b4fb321a82c84 | |||
| de80128b48156a65 e5e47dee679a8401 1234862b6728fb12 | ce6a90ea3008d395 0bb54657d46cae9c e4801ee47f688bf3 | |||
| be5198d5c023d6f2 0c355fc417a5eade 1aff0bf9ecba14c8 | 719a02378f7f2ac3 d5c54343da3f6434 3c098094788e3d18 | |||
| 7277ea7aeb30055e a4d9b37bc12f7517 27ca7a1efc9285f8 | 51e786197f4c5ab7 fb1813b4d920f115 d6a54df4aa108908 | |||
| ed5e9e3be42ff475 30f2b7347a90618b 6f7f4eba9b8b6564 | 2e5e93a02aefa91f 755fcd8ea6df0362 3fcb0b552ae026fb | |||
| f2159fcfcf09e4b6 2b4b09bb129e7c76 5c877966ca66e5cd | 8df11d5adfddbf60 c227be282444447e 6816321cdafcdcd5 | |||
| a84cdb6087a07fc0 50c97f275568623c 5d0f459d2b1133d1 | 9889b79c9092886b 021893605d9467cf 7c9b24817fe7ddbc | |||
| d5d37cd441192da7 | 66380a8cf9be9497 d886e999c571fc18 759ee03b20321a10 | |||
| {client} send record: | {client} send application_data record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | payload (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 170301004341b540 bf5adeaf9d209001 | ciphertext (72 octets): 17030100434a1777 5d0e717b22921157 | |||
| 9f0733e281964724 526678a1946852cf 6f586dffacf1151d | 5501be876d5d690b 4b28bd0211495711 bf97d20deaf2e440 | |||
| bf7c9262ef6ae960 4a423fff339fd7e4 0cc3e7604ae661f0 | 63a8e4c48ff3cf9d f3b44540bcdc53d5 1c8d4d184081b566 | |||
| afa2f775c3668867 | 15d323aa833a407a | |||
| {server} send record: | {server} send application_data record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | payload (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 17030100438c3168 1fb21f820ef0603c | ciphertext (72 octets): 1703010043ef6eb6 0c6fc258b170589e | |||
| dc3b9d3deedeb2bb 615aa418fb2590a0 9b0dec00c2299feb | 9a1cbefba4c52d79 15a3afb3e52da65f ef6b1dc37970a3ab | |||
| 17c4206f89ab28d2 7a605e288ac9bd69 657593addd1046be | 79d5e3a513678ae5 b2bfdb2880d60f08 280f4f2ebf94c3d7 | |||
| 51b23940f8746634 | 1ce803e6a9295686 | |||
| {client} send record: | {client} send alert record: | |||
| cleartext (2 octets): 0100 | payload (2 octets): 0100 | |||
| ciphertext (24 octets): 17030100131ce9b1 f21ba236bca94455 | ||||
| ab2aad71c666534a | ||||
| {server} send record: | ciphertext (24 octets): 17030100134b8329 8e645242f1bf8265 | |||
| bcd6f42b795de36d | ||||
| cleartext (2 octets): 0100 | {server} send alert record: | |||
| ciphertext (24 octets): 1703010013aabcdb 9d293d23fb00deb7 | payload (2 octets): 0100 | |||
| 11b562afeddffeed | ||||
| ciphertext (24 octets): 17030100133d38b5 673386ae3d722ccd | ||||
| d2996292b5a12165 | ||||
| 4. Resumed 0-RTT Handshake | 4. Resumed 0-RTT Handshake | |||
| This handshake resumes from the handshake in Section 3. Since the | This handshake resumes from the handshake in Section 3. Since the | |||
| server provided a session ticket that permitted 0-RTT, and the client | server provided a session ticket that permitted 0-RTT, and the client | |||
| is configured for 0-RTT, the client is able to send 0-RTT data. | is configured for 0-RTT, the client is able to send 0-RTT data. | |||
| {client} create an ephemeral x25519 key pair: | {client} create an ephemeral x25519 key pair: | |||
| private key (32 octets): 04c04b641580df25 c7515df0ad895903 | private key (32 octets): ecd667eb15e77201 1a8522a5e9a90a5f | |||
| 2deb52cddaf1f16f 013ef18a59baf88a | 1b4080c508baca79 68f8831d0d10811f | |||
| public key (32 octets): 248c256578c6418e 6c533ec1878cc84b | public key (32 octets): edb6949f0f6c1e2e 47001f5ea2c7d54b | |||
| cfbca6b5e61d6993 8ac34888faf5df47 | d8ec7167b52cfd1a 29dfbe5f5888cd29 | |||
| {client} extract secret "early": | {client} extract secret "early": | |||
| salt: (absent) | salt: (absent) | |||
| ikm (32 octets): 0a3495607f1f8cda df1ca4ca7fb1fe10 | ikm (32 octets): 692dcd005454d3f6 1313150d8414bc06 | |||
| 19d122e324eeb81d 8d372d3c6f27ca17 | f63fdaaad6e60d4d fcf0ee4350b9fc38 | |||
| secret (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | ||||
| 40426eca75a84eab 87900d991db9abfd | ||||
| {client} derive secret "resumption psk binder key": | ||||
| PRK (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | ||||
| 40426eca75a84eab 87900d991db9abfd | ||||
| handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | ||||
| 27ae41e4649b934c a495991b7852b855 | ||||
| info (70 octets): 002022544c532031 2e332c2072657375 | ||||
| 6d7074696f6e2070 736b2062696e6465 72206b657920e3b0 | ||||
| c44298fc1c149afb f4c8996fb92427ae 41e4649b934ca495 991b7852b855 | ||||
| output (32 octets): 17f4f2e4a585caa6 7dc5fe0fcd009df8 | ||||
| a425cbda95f6e05d 1b0d7d81c28b7b8c | ||||
| {client} derive secret "early exporter master secret": | ||||
| PRK (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | ||||
| 40426eca75a84eab 87900d991db9abfd | ||||
| handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | ||||
| 27ae41e4649b934c a495991b7852b855 | ||||
| info (73 octets): 002025544c532031 2e332c206561726c | ||||
| 79206578706f7274 6572206d61737465 7220736563726574 | ||||
| 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | ||||
| 4ca495991b7852b8 55 | ||||
| output (32 octets): 4b3490267b142ccb 9979c56caad0c2f1 | secret (32 octets): bc9ef911288790a9 9e5ca2ea520d231e | |||
| c0941899c9169414 bd4ec1977a706f3c | c60a28e1e958e1c6 551dbbe0bedfe63b | |||
| {client} send a ClientHello handshake message | {client} send a ClientHello handshake message | |||
| {client} calculate finished: | {client} calculate finished "tls13 finished": | |||
| PRK (32 octets): 17f4f2e4a585caa6 7dc5fe0fcd009df8 | PRK (32 octets): 7688634eb081913f 83cc5c987d302235 | |||
| a425cbda95f6e05d 1b0d7d81c28b7b8c | c6fbc79efcd8094b 02ce1030a5f9184b | |||
| handshake hash (0 octets): (empty) | hash (0 octets): (empty) | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| output (32 octets): 2a22df8df852efc1 5265e5b5424db5a7 | output (32 octets): eb21444eb694b6ad 592708e27a9177a9 | |||
| 7a13e3433681189b 71d685515f6b8988 | 96aa9bf9f3c786d8 e88e18a293338a48 | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (512 octets): 010001fc030367bc 45e51e4ea55af6f7 | payload (512 octets): 010001fc03032089 2088de8aa414b2bf | |||
| 0c84056f69d8f14c ac08c88417c9116a 30cb54965bb70000 | 0237acf603f9b20b 532df97f894fc82c aeac2e1a899f0000 | |||
| 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | 3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 | |||
| 27c014009eccaa00 3300320067003900 38006b0016001300 | 27c014009eccaa00 3300320067003900 38006b0016001300 | |||
| 9c002f003c003500 3d000a0005000401 0001950015003b00 | 9c002f003c003500 3d000a0005000401 0001950000000b00 | |||
| 0000000000000000 0000000000000000 0000000000000000 | 0900000673657276 6572ff0100010000 0a00140012001d00 | |||
| 1700180019010001 0101020103010400 0b00020100002800 | ||||
| 260024001d0020ed b6949f0f6c1e2e47 001f5ea2c7d54bd8 | ||||
| ec7167b52cfd1a29 dfbe5f5888cd2900 2a0000002b000706 | ||||
| 7f1403030302000d 0020001e04030503 0603020308040805 | ||||
| 0806040105010601 0201040205020602 0202002d00020101 | ||||
| 0015002b00000000 0000000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 00000000000b0009 0000067365727665 | 2900cd00a800a299 b4f88531f21efd8d 98e8ad0000000071 | |||
| 72ff01000100000a 00140012001d0017 0018001901000101 | 423911a9eb9f743d 9be589bc89f05a00 60b46fab142a9b50 | |||
| 010201030104000b 0002010000280026 0024001d0020248c | 555b729017a7235d c38f9b80550570fc e634302954540f85 | |||
| 256578c6418e6c53 3ec1878cc84bcfbc a6b5e61d69938ac3 | 3720d53a1e3eb343 57e6161c2655fde9 6d7bcbb978c074c2 | |||
| 4888faf5df47002a 0000002b0007067f 1203030302000d00 | 692696124089322d 61d5747dfd20d4b1 9db61193d6982838 | |||
| 20001e0403050306 0302030804080508 0604010501060102 | 081bf8c7fde17408 23e87e5828984323 0f28a9fbe716cb55 | |||
| 0104020502060202 02002d0002010100 2900bd009800924e | 941a5dd7151c873a ba36ae8cff557bb3 f7d2bfc7f126a252 | |||
| 535321e5c102aa24 9852ac81f080bc62 bd5e696a0d8a2130 | 34f1655d5a002120 ce6d44ae651c47df 33882f31a7542f19 | |||
| e980e37b9035aa00 50403a09451c497f 0825609bac976c59 | cab76d4be58175d6 505f2fae5c1ec390 | |||
| f2d53f159051d2fc 5fcf4bd68ae4886d d9a05144d07c5a26 | ||||
| 46177e94015f764e dd5ecf3b7ea4042f 29a6225092b11ba8 | ||||
| ec20e17c5c6fff9a 38c56cf2373b2bd5 3860e5b0b983e82a | ||||
| a2ae72cb225b9d69 5167ed0963cceabf a109e1b2e5104fec | ||||
| 3450fababb002120 b63b26e73c9662e6 db5a9c9608f4df50 | ||||
| ae547ece1b50a359 7de5f7298f86d213 | ||||
| ciphertext (517 octets): 1603010200010001 fc030367bc45e51e | ciphertext (517 octets): 1603010200010001 fc030320892088de | |||
| 4ea55af6f70c8405 6f69d8f14cac08c8 8417c9116a30cb54 | 8aa414b2bf0237ac f603f9b20b532df9 7f894fc82caeac2e | |||
| 965bb700003e1301 13031302c02bc02f cca9cca8c00ac009 | 1a899f00003e1301 13031302c02bc02f cca9cca8c00ac009 | |||
| c013c023c027c014 009eccaa00330032 006700390038006b | c013c023c027c014 009eccaa00330032 006700390038006b | |||
| 00160013009c002f 003c0035003d000a 0005000401000195 | 00160013009c002f 003c0035003d000a 0005000401000195 | |||
| 0015003b00000000 0000000000000000 0000000000000000 | 0000000b00090000 06736572766572ff 01000100000a0014 | |||
| 0012001d00170018 0019010001010102 01030104000b0002 | ||||
| 0100002800260024 001d0020edb6949f 0f6c1e2e47001f5e | ||||
| a2c7d54bd8ec7167 b52cfd1a29dfbe5f 5888cd29002a0000 | ||||
| 002b0007067f1403 030302000d002000 1e04030503060302 | ||||
| 0308040805080604 0105010601020104 0205020602020200 | ||||
| 2d00020101001500 2b00000000000000 0000000000000000 | ||||
| 0000000000000000 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 00000b0009000006 | 00000000002900cd 00a800a299b4f885 31f21efd8d98e8ad | |||
| 736572766572ff01 000100000a001400 12001d0017001800 | 0000000071423911 a9eb9f743d9be589 bc89f05a0060b46f | |||
| 1901000101010201 030104000b000201 0000280026002400 | ab142a9b50555b72 9017a7235dc38f9b 80550570fce63430 | |||
| 1d0020248c256578 c6418e6c533ec187 8cc84bcfbca6b5e6 | 2954540f853720d5 3a1e3eb34357e616 1c2655fde96d7bcb | |||
| 1d69938ac34888fa f5df47002a000000 2b0007067f120303 | b978c074c2692696 124089322d61d574 7dfd20d4b19db611 | |||
| 0302000d0020001e 0403050306030203 0804080508060401 | 93d6982838081bf8 c7fde1740823e87e 58289843230f28a9 | |||
| 0501060102010402 050206020202002d 00020101002900bd | fbe716cb55941a5d d7151c873aba36ae 8cff557bb3f7d2bf | |||
| 009800924e535321 e5c102aa249852ac 81f080bc62bd5e69 | c7f126a25234f165 5d5a002120ce6d44 ae651c47df33882f | |||
| 6a0d8a2130e980e3 7b9035aa0050403a 09451c497f082560 | 31a7542f19cab76d 4be58175d6505f2f ae5c1ec390 | |||
| 9bac976c59f2d53f 159051d2fc5fcf4b d68ae4886dd9a051 | ||||
| 44d07c5a2646177e 94015f764edd5ecf 3b7ea4042f29a622 | ||||
| 5092b11ba8ec20e1 7c5c6fff9a38c56c f2373b2bd53860e5 | ||||
| b0b983e82aa2ae72 cb225b9d695167ed 0963cceabfa109e1 | ||||
| b2e5104fec3450fa babb002120b63b26 e73c9662e6db5a9c | ||||
| 9608f4df50ae547e ce1b50a3597de5f7 298f86d213 | ||||
| {client} derive secret "client early traffic secret": | ||||
| PRK (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | {client} derive secret "tls13 c e traffic": | |||
| 40426eca75a84eab 87900d991db9abfd | ||||
| handshake hash (32 octets): f112c74dce3549fb 905c28fe797b54c2 | PRK (32 octets): bc9ef911288790a9 9e5ca2ea520d231e | |||
| 5d7e66e999e3d2c4 7bdfe302d8eec019 | c60a28e1e958e1c6 551dbbe0bedfe63b | |||
| info (72 octets): 002024544c532031 2e332c20636c6965 | hash (32 octets): 39ce46d03e297f31 b63f1504b052e330 | |||
| 6e74206561726c79 2074726166666963 2073656372657420 | 2f20f7a289b6b9ce 19f2f42172c9446f | |||
| f112c74dce3549fb 905c28fe797b54c2 5d7e66e999e3d2c4 | ||||
| 7bdfe302d8eec019 | ||||
| output (32 octets): c7626bf3ab56db2a bad7e3f9147acff2 | info (53 octets): 002011746c733133 2063206520747261 | |||
| 2aece599a57831b3 ba76db92b5b4e281 | 666669632039ce46 d03e297f31b63f15 04b052e3302f20f7 | |||
| a289b6b9ce19f2f4 2172c9446f | ||||
| {client} derive write traffic keys using label "early application | output (32 octets): 53480f2ff5f8966c 7819a2f4d861b3f7 | |||
| data": | 15bbe2c21c0c6273 6a00526d8de55837 | |||
| PRK (32 octets): c7626bf3ab56db2a bad7e3f9147acff2 | {client} derive write traffic keys for early application data: | |||
| 2aece599a57831b3 ba76db92b5b4e281 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | PRK (32 octets): 53480f2ff5f8966c 7819a2f4d861b3f7 | |||
| 15bbe2c21c0c6273 6a00526d8de55837 | ||||
| key output (16 octets): fd649610caac6474 2a757c31668e4dee | key info (13 octets): 001009746c733133 206b657900 | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | key output (16 octets): a29e150bd59e2b81 5c968627498f96c2 | |||
| iv output (12 octets): e3b86ee7f121da48 6734c5fa | iv info (12 octets): 000c08746c733133 20697600 | |||
| {client} send record: | iv output (12 octets): d96cd2f516516ad1 1a70abb6 | |||
| cleartext (6 octets): 414243444546 | {client} send application_data record: | |||
| ciphertext (28 octets): 170301001761fc9c 67e6ffedb4f96e10 | payload (6 octets): 414243444546 | |||
| 76090e4f6accbf3c c67a8270 | ciphertext (28 octets): 1703010017fb2460 727da934b3a6058f | |||
| c3a4acb6ce74f0a0 8ef7f847 | ||||
| {server} extract secret "early" (same as client) | {server} extract secret "early" (same as client) | |||
| {server} derive secret "resumption psk binder key": | {server} calculate finished "tls13 finished" (same as client) | |||
| PRK (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | {server} create an ephemeral x25519 key pair: | |||
| 40426eca75a84eab 87900d991db9abfd | ||||
| handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | private key (32 octets): 959df6054b219c94 dd0066ffd786a9da | |||
| 27ae41e4649b934c a495991b7852b855 | 86871b99a55b58a7 435ce3a22a3f929d | |||
| info (70 octets): 002022544c532031 2e332c2072657375 | public key (32 octets): df70bd1d47959b2a dfd4b4cc6a62ce45 | |||
| 6d7074696f6e2070 736b2062696e6465 72206b657920e3b0 | a02e45106ef974c6 ccf49720920b0a4a | |||
| c44298fc1c149afb f4c8996fb92427ae 41e4649b934ca495 991b7852b855 | ||||
| output (32 octets): 17f4f2e4a585caa6 7dc5fe0fcd009df8 | {server} derive secret "tls13 c e traffic" (same as client) | |||
| a425cbda95f6e05d 1b0d7d81c28b7b8c | ||||
| {server} derive secret "early exporter master secret": | {server} send a ServerHello handshake message | |||
| PRK (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | {server} derive secret for handshake "tls13 derived": | |||
| 40426eca75a84eab 87900d991db9abfd | ||||
| handshake hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | PRK (32 octets): bc9ef911288790a9 9e5ca2ea520d231e | |||
| c60a28e1e958e1c6 551dbbe0bedfe63b | ||||
| hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | ||||
| 27ae41e4649b934c a495991b7852b855 | 27ae41e4649b934c a495991b7852b855 | |||
| info (73 octets): 002025544c532031 2e332c206561726c | info (49 octets): 00200d746c733133 2064657269766564 | |||
| 79206578706f7274 6572206d61737465 7220736563726574 | ||||
| 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 4ca495991b7852b8 55 | 4ca495991b7852b8 55 | |||
| output (32 octets): 4b3490267b142ccb 9979c56caad0c2f1 | output (32 octets): 1d86e68a77be72ef ffa5684961146be3 | |||
| c0941899c9169414 bd4ec1977a706f3c | d09a83eed9e29c08 0f94cdde489b2e66 | |||
| {server} calculate finished: | ||||
| PRK (32 octets): 17f4f2e4a585caa6 7dc5fe0fcd009df8 | ||||
| a425cbda95f6e05d 1b0d7d81c28b7b8c | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 2a22df8df852efc1 5265e5b5424db5a7 | ||||
| 7a13e3433681189b 71d685515f6b8988 | ||||
| {server} create an ephemeral x25519 key pair: | {server} extract secret "handshake": | |||
| private key (32 octets): 063a96b0215d7e47 08de2984730c25f9 | salt (32 octets): 1d86e68a77be72ef ffa5684961146be3 | |||
| 292938093f701623 58f55b2e417ba725 | d09a83eed9e29c08 0f94cdde489b2e66 | |||
| public key (32 octets): fd8ed5f9bb812fd9 854227d656768386 | ikm (32 octets): df9b4a07733c5460 fc088eb1db60f6eb | |||
| 0b40b1cf93456dce 603f02de5b4a881a | 6a0c67080e3c842e eaa0021cdd860e26 | |||
| {server} derive secret "client early traffic secret" (same as | secret (32 octets): 79975c2bb824f1ec 93b582e0f5bf7030 | |||
| client) | 2a2f9d81bd477d8b c52cf4d669d5392a | |||
| {server} send a ServerHello handshake message | {server} derive secret "tls13 c hs traffic": | |||
| {server} extract secret "handshake": | PRK (32 octets): 79975c2bb824f1ec 93b582e0f5bf7030 | |||
| 2a2f9d81bd477d8b c52cf4d669d5392a | ||||
| salt (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | hash (32 octets): d4999a597a672010 646addfdf8a3583b | |||
| 40426eca75a84eab 87900d991db9abfd | ff3b1217c0c04894 c680910bbd02b86a | |||
| ikm (32 octets): 8137f1033479e363 c531d475456a399c | info (54 octets): 002012746c733133 2063206873207472 | |||
| b60c5e1f13c28f5d dc761b9eac5afc66 | 616666696320d499 9a597a672010646a ddfdf8a3583bff3b | |||
| 1217c0c04894c680 910bbd02b86a | ||||
| secret (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | output (32 octets): e553af85fd9769a9 d3467db9b5b29797 | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | 7526f2f1b9cc25c1 c265093353dbceed | |||
| {server} derive secret "client handshake traffic secret": | {server} derive secret "tls13 s hs traffic": | |||
| PRK (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | PRK (32 octets): 79975c2bb824f1ec 93b582e0f5bf7030 | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | 2a2f9d81bd477d8b c52cf4d669d5392a | |||
| handshake hash (32 octets): 2fd2f168296a08d7 1a1c693b3340f152 | hash (32 octets): d4999a597a672010 646addfdf8a3583b | |||
| 9326ca31c3795190 504e1d0a1261a79d | ff3b1217c0c04894 c680910bbd02b86a | |||
| info (76 octets): 002028544c532031 2e332c20636c6965 | info (54 octets): 002012746c733133 2073206873207472 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | 616666696320d499 9a597a672010646a ddfdf8a3583bff3b | |||
| 726574202fd2f168 296a08d71a1c693b 3340f1529326ca31 | 1217c0c04894c680 910bbd02b86a | |||
| c3795190504e1d0a 1261a79d | ||||
| output (32 octets): 5f9c7ffdc773eaa8 f11886ee8d5bc62e | output (32 octets): a98f17d9d9d01b97 a8a9fcfe1aa80cf2 | |||
| 5bf9acb23983a321 271960d54daa730c | f0efaf4448bab35c 025d0d3658ef495d | |||
| {server} derive secret "server handshake traffic secret": | {server} derive secret for master "tls13 derived": | |||
| PRK (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | PRK (32 octets): 79975c2bb824f1ec 93b582e0f5bf7030 | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | 2a2f9d81bd477d8b c52cf4d669d5392a | |||
| handshake hash (32 octets): 2fd2f168296a08d7 1a1c693b3340f152 | hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 9326ca31c3795190 504e1d0a1261a79d | 27ae41e4649b934c a495991b7852b855 | |||
| info (76 octets): 002028544c532031 2e332c2073657276 | info (49 octets): 00200d746c733133 2064657269766564 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 726574202fd2f168 296a08d71a1c693b 3340f1529326ca31 | 4ca495991b7852b8 55 | |||
| c3795190504e1d0a 1261a79d | ||||
| output (32 octets): eedd9ba9252944fa 8ccd415fe8897fbe | output (32 octets): fbe525046f48f930 eac2f07f1d4c94cf | |||
| 035fbbfbb3f0afbf 71ed64d7f2278cbd | 76aa0844f5e5874e f6512dccc7e5164f | |||
| {server} extract secret "master": | {server} extract secret "master": | |||
| salt (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | salt (32 octets): fbe525046f48f930 eac2f07f1d4c94cf | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | 76aa0844f5e5874e f6512dccc7e5164f | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 5d995a2374a68417 22518bedfcfcd627 | secret (32 octets): 53850ec90133d5cd 448fa5200e7683b1 | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | 19236c0fe93dc8b6 cad87f9ffee80f67 | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (88 octets): 020000547f12eb07 b4e06753eeef8160 | payload (88 octets): 020000547f147535 eed9d16cb9437c49 | |||
| 4e669a35df1850c2 632e80850807693a 2c6f4bba48421301 | bed2329972bacd25 bb6708cef33db49b c96bd1b09cb31301 | |||
| 002e002900020000 00280024001d0020 fd8ed5f9bb812fd9 | 002e002900020000 00280024001d0020 df70bd1d47959b2a | |||
| 854227d656768386 0b40b1cf93456dce 603f02de5b4a881a | dfd4b4cc6a62ce45 a02e45106ef974c6 ccf49720920b0a4a | |||
| ciphertext (93 octets): 1603010058020000 547f12eb07b4e067 | ciphertext (93 octets): 1603010058020000 547f147535eed9d1 | |||
| 53eeef81604e669a 35df1850c2632e80 850807693a2c6f4b | 6cb9437c49bed232 9972bacd25bb6708 cef33db49bc96bd1 | |||
| ba48421301002e00 2900020000002800 24001d0020fd8ed5 | b09cb31301002e00 2900020000002800 24001d0020df70bd | |||
| f9bb812fd9854227 d6567683860b40b1 cf93456dce603f02 de5b4a881a | 1d47959b2adfd4b4 cc6a62ce45a02e45 106ef974c6ccf497 20920b0a4a | |||
| {server} derive write traffic keys using label "handshake data": | {server} derive write traffic keys for handshake data: | |||
| PRK (32 octets): eedd9ba9252944fa 8ccd415fe8897fbe | PRK (32 octets): a98f17d9d9d01b97 a8a9fcfe1aa80cf2 | |||
| 035fbbfbb3f0afbf 71ed64d7f2278cbd | f0efaf4448bab35c 025d0d3658ef495d | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): 33ebfd906881cf62 6df5af4e11583167 | key output (16 octets): 46de8022452f1a01 dae81c9c14282ab6 | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): bee0ca11151aecb4 c09f53a4 | iv output (12 octets): 2d1a4735b9701a76 e6ea43a4 | |||
| {server} send a EncryptedExtensions handshake message | {server} send a EncryptedExtensions handshake message | |||
| {server} calculate finished: | {server} calculate finished "tls13 finished": | |||
| PRK (32 octets): eedd9ba9252944fa 8ccd415fe8897fbe | PRK (32 octets): a98f17d9d9d01b97 a8a9fcfe1aa80cf2 | |||
| 035fbbfbb3f0afbf 71ed64d7f2278cbd | f0efaf4448bab35c 025d0d3658ef495d | |||
| handshake hash (0 octets): (empty) | hash (0 octets): (empty) | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| output (32 octets): 0fbc2652ef380d5e ea99467b0f7f8dd0 | output (32 octets): 50c8ac03c17b913f 6d3e5a1d9f884eaa | |||
| 8f9448439634a056 ebe4f673b6a6df60 | 6a01596674c96228 8b82a3becb43c8c3 | |||
| {server} send a Finished handshake message | {server} send a Finished handshake message | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (74 octets): 080000220020000a 00140012001d0017 | payload (74 octets): 080000220020000a 00140012001d0017 | |||
| 0018001901000101 0102010301040000 0000002a00001400 | 0018001901000101 0102010301040000 0000002a00001400 | |||
| 00202187c7f5b8f2 b388d5ac262db202 fca236b5bc85cbac | 00202f15bde7b069 12686d1dd4e09752 6119fab819f31004 | |||
| 5817aa547ade36d2 15ed | 23cd33cab05d579a aeb8 | |||
| ciphertext (96 octets): 170301005b706a6b 6b735ee383176d5b | ||||
| 79f53c208dbc9637 4da9a2e1660f8993 3901920f749de18a | ||||
| 1988eb9cc5838969 106b05690618419e db0ebd23ac400ef3 | ||||
| 290afea3e3d6c250 ec2ae7c599e2eb81 df4e546b797e55e4 | ||||
| 84b34d8eb4c99c7b | ||||
| {server} derive secret "client application traffic secret": | ciphertext (96 octets): 170301005b19e0b8 d03449cf5ad5a4a8 | |||
| b678b4cff2810a0d 3fb6f4573a3e95df 546560e8edb94ef6 | ||||
| 6ad0ad7757cf572f 60898e54020eed36 8b8024e313750873 | ||||
| b7df20af09b3dd72 06da50583e126217 d3e0ad6c7bcef09f | ||||
| cc70e1f967014842 | ||||
| PRK (32 octets): 5d995a2374a68417 22518bedfcfcd627 | {server} derive secret "tls13 c ap traffic": | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | ||||
| handshake hash (32 octets): 653d913f16296ff2 630594dd59260083 | PRK (32 octets): 53850ec90133d5cd 448fa5200e7683b1 | |||
| 98b1541e334b77e7 5b3aef7988aa68cc | 19236c0fe93dc8b6 cad87f9ffee80f67 | |||
| info (78 octets): 00202a544c532031 2e332c20636c6965 | hash (32 octets): c6cf7192a7fd5f7c dd0a659ac9f46320 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 8fc1bc089670fa8d de33a5ae2135c063 | |||
| 656372657420653d 913f16296ff26305 94dd5926008398b1 | ||||
| 541e334b77e75b3a ef7988aa68cc | ||||
| output (32 octets): 09d0215a03cb3192 b7701429d46a21df | info (54 octets): 002012746c733133 2063206170207472 | |||
| a9d70f7bb8191c94 f7643679dde02858 | 616666696320c6cf 7192a7fd5f7cdd0a 659ac9f463208fc1 | |||
| bc089670fa8dde33 a5ae2135c063 | ||||
| {server} derive secret "server application traffic secret": | output (32 octets): 1053e7b2069c9d9b c6cf82f8deac40ec | |||
| 927bbb9fd5ad49fe ae1ff4278e2a0031 | ||||
| PRK (32 octets): 5d995a2374a68417 22518bedfcfcd627 | {server} derive secret "tls13 s ap traffic": | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | ||||
| handshake hash (32 octets): 653d913f16296ff2 630594dd59260083 | PRK (32 octets): 53850ec90133d5cd 448fa5200e7683b1 | |||
| 98b1541e334b77e7 5b3aef7988aa68cc | 19236c0fe93dc8b6 cad87f9ffee80f67 | |||
| info (78 octets): 00202a544c532031 2e332c2073657276 | hash (32 octets): c6cf7192a7fd5f7c dd0a659ac9f46320 | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | 8fc1bc089670fa8d de33a5ae2135c063 | |||
| 656372657420653d 913f16296ff26305 94dd5926008398b1 | ||||
| 541e334b77e75b3a ef7988aa68cc | ||||
| output (32 octets): 149a37433868240f e334f16978655b84 | info (54 octets): 002012746c733133 2073206170207472 | |||
| f5a41ac33a8bee94 9ccb9210296fd966 | 616666696320c6cf 7192a7fd5f7cdd0a 659ac9f463208fc1 | |||
| bc089670fa8dde33 a5ae2135c063 | ||||
| {server} derive secret "exporter master secret": | output (32 octets): 117f89a3ba4efc76 5b2b940c62a31f06 | |||
| 304cb3877d117131 1edeab60a6abc91f | ||||
| PRK (32 octets): 5d995a2374a68417 22518bedfcfcd627 | {server} derive secret "tls13 exp master": | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | ||||
| handshake hash (32 octets): 653d913f16296ff2 630594dd59260083 | PRK (32 octets): 53850ec90133d5cd 448fa5200e7683b1 | |||
| 98b1541e334b77e7 5b3aef7988aa68cc | 19236c0fe93dc8b6 cad87f9ffee80f67 | |||
| info (67 octets): 00201f544c532031 2e332c206578706f | hash (32 octets): c6cf7192a7fd5f7c dd0a659ac9f46320 | |||
| 72746572206d6173 7465722073656372 657420653d913f16 | 8fc1bc089670fa8d de33a5ae2135c063 | |||
| 296ff2630594dd59 26008398b1541e33 4b77e75b3aef7988 aa68cc | ||||
| output (32 octets): 5db5664ff5226633 6585be23b68f2d9a | info (52 octets): 002010746c733133 20657870206d6173 | |||
| 921d7311026df10e 1df2774d9da2eec7 | 74657220c6cf7192 a7fd5f7cdd0a659a c9f463208fc1bc08 | |||
| 9670fa8dde33a5ae 2135c063 | ||||
| {server} derive write traffic keys using label "application data": | output (32 octets): 882fb13091b8f95e 5c65aa3d807e4323 | |||
| 64731f93c69018ae c054ec387f27982c | ||||
| PRK (32 octets): 149a37433868240f e334f16978655b84 | {server} derive write traffic keys for application data: | |||
| f5a41ac33a8bee94 9ccb9210296fd966 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | PRK (32 octets): 117f89a3ba4efc76 5b2b940c62a31f06 | |||
| 304cb3877d117131 1edeab60a6abc91f | ||||
| key output (16 octets): 820f92209ecf5f71 e4a967edd13fd065 | key info (13 octets): 001009746c733133 206b657900 | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): 5d1478071afaadcb d44ea6cd | key output (16 octets): 40dd3fc22423a700 776b1cce944e7aa3 | |||
| {server} derive read traffic keys using label "early application | iv info (12 octets): 000c08746c733133 20697600 | |||
| data" (same as client write traffic keys) | ||||
| {client} extract secret "handshake": | iv output (12 octets): 4b49f66dd01682ea 569164a7 | |||
| salt (32 octets): 4134d8d48b05dfef 4658fc13f653b21b | {server} derive read traffic keys for early application data (same | |||
| 40426eca75a84eab 87900d991db9abfd | as client write traffic keys) | |||
| ikm (32 octets): 8137f1033479e363 c531d475456a399c | {client} derive secret for handshake "tls13 derived": | |||
| b60c5e1f13c28f5d dc761b9eac5afc66 | ||||
| secret (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | PRK (32 octets): bc9ef911288790a9 9e5ca2ea520d231e | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | c60a28e1e958e1c6 551dbbe0bedfe63b | |||
| {client} derive secret "client handshake traffic secret": | hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| 27ae41e4649b934c a495991b7852b855 | ||||
| PRK (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | info (49 octets): 00200d746c733133 2064657269766564 | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 4ca495991b7852b8 55 | ||||
| handshake hash (32 octets): 2fd2f168296a08d7 1a1c693b3340f152 | output (32 octets): 1d86e68a77be72ef ffa5684961146be3 | |||
| 9326ca31c3795190 504e1d0a1261a79d | d09a83eed9e29c08 0f94cdde489b2e66 | |||
| info (76 octets): 002028544c532031 2e332c20636c6965 | {client} extract secret "handshake": | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | ||||
| 726574202fd2f168 296a08d71a1c693b 3340f1529326ca31 | ||||
| c3795190504e1d0a 1261a79d | ||||
| output (32 octets): 5f9c7ffdc773eaa8 f11886ee8d5bc62e | salt (32 octets): 1d86e68a77be72ef ffa5684961146be3 | |||
| 5bf9acb23983a321 271960d54daa730c | d09a83eed9e29c08 0f94cdde489b2e66 | |||
| {client} derive secret "server handshake traffic secret": | ikm (32 octets): df9b4a07733c5460 fc088eb1db60f6eb | |||
| 6a0c67080e3c842e eaa0021cdd860e26 | ||||
| PRK (32 octets): 2b4389f45c4c468c 1f94bf7bb6b99546 | secret (32 octets): 79975c2bb824f1ec 93b582e0f5bf7030 | |||
| a33c35f4c3a57a35 6dccbe99d3d56302 | 2a2f9d81bd477d8b c52cf4d669d5392a | |||
| handshake hash (32 octets): 2fd2f168296a08d7 1a1c693b3340f152 | {client} derive secret "tls13 c hs traffic" (same as server) | |||
| 9326ca31c3795190 504e1d0a1261a79d | ||||
| info (76 octets): 002028544c532031 2e332c2073657276 | {client} derive secret "tls13 s hs traffic" (same as server) | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | ||||
| 726574202fd2f168 296a08d71a1c693b 3340f1529326ca31 | ||||
| c3795190504e1d0a 1261a79d | ||||
| output (32 octets): eedd9ba9252944fa 8ccd415fe8897fbe | {client} derive secret for master "tls13 derived" (same as server) | |||
| 035fbbfbb3f0afbf 71ed64d7f2278cbd | ||||
| {client} extract secret "master" (same as server) | {client} extract secret "master" (same as server) | |||
| {client} derive read traffic keys using label "handshake data": | {client} derive read traffic keys for handshake data: | |||
| PRK (32 octets): eedd9ba9252944fa 8ccd415fe8897fbe | ||||
| 035fbbfbb3f0afbf 71ed64d7f2278cbd | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ||||
| key output (16 octets): 33ebfd906881cf62 6df5af4e11583167 | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): bee0ca11151aecb4 c09f53a4 | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): eedd9ba9252944fa 8ccd415fe8897fbe | ||||
| 035fbbfbb3f0afbf 71ed64d7f2278cbd | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 0fbc2652ef380d5e ea99467b0f7f8dd0 | ||||
| 8f9448439634a056 ebe4f673b6a6df60 | ||||
| {client} send record: | PRK (32 octets): a98f17d9d9d01b97 a8a9fcfe1aa80cf2 | |||
| f0efaf4448bab35c 025d0d3658ef495d | ||||
| cleartext (2 octets): 0101 | key info (13 octets): 001009746c733133 206b657900 | |||
| ciphertext (24 octets): 170301001329e1af f008e8f9cb64ef78 | key output (16 octets): 46de8022452f1a01 dae81c9c14282ab6 | |||
| 5cb26aa4140396b8 | ||||
| {client} derive write traffic keys using label "handshake data": | iv info (12 octets): 000c08746c733133 20697600 | |||
| PRK (32 octets): 5f9c7ffdc773eaa8 f11886ee8d5bc62e | iv output (12 octets): 2d1a4735b9701a76 e6ea43a4 | |||
| 5bf9acb23983a321 271960d54daa730c | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | {client} calculate finished "tls13 finished" (same as server) | |||
| key output (16 octets): 505a5542bb68c323 0316fedd6a6ef04f | {client} derive secret "tls13 c ap traffic" (same as server) | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | {client} derive secret "tls13 s ap traffic" (same as server) | |||
| iv output (12 octets): 024cb0bcf2c8d436 cfa3a739 | ||||
| {client} derive secret "client application traffic secret": | {client} derive secret "tls13 exp master" (same as server) | |||
| PRK (32 octets): 5d995a2374a68417 22518bedfcfcd627 | {client} send a EndOfEarlyData handshake message | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | ||||
| handshake hash (32 octets): 653d913f16296ff2 630594dd59260083 | {client} send handshake record: | |||
| 98b1541e334b77e7 5b3aef7988aa68cc | ||||
| info (78 octets): 00202a544c532031 2e332c20636c6965 | payload (4 octets): 05000000 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | ||||
| 656372657420653d 913f16296ff26305 94dd5926008398b1 | ||||
| 541e334b77e75b3a ef7988aa68cc | ||||
| output (32 octets): 09d0215a03cb3192 b7701429d46a21df | ciphertext (26 octets): 17030100155d2a07 204498a910fd60e4 | |||
| a9d70f7bb8191c94 f7643679dde02858 | 6eb384049ec93d62 b12c | |||
| {client} derive secret "server application traffic secret": | {client} derive write traffic keys for handshake data: | |||
| PRK (32 octets): 5d995a2374a68417 22518bedfcfcd627 | PRK (32 octets): e553af85fd9769a9 d3467db9b5b29797 | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | 7526f2f1b9cc25c1 c265093353dbceed | |||
| handshake hash (32 octets): 653d913f16296ff2 630594dd59260083 | key info (13 octets): 001009746c733133 206b657900 | |||
| 98b1541e334b77e7 5b3aef7988aa68cc | ||||
| info (78 octets): 00202a544c532031 2e332c2073657276 | key output (16 octets): 867143c4068df3a5 ae6b12a486b9b847 | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | ||||
| 656372657420653d 913f16296ff26305 94dd5926008398b1 | ||||
| 541e334b77e75b3a ef7988aa68cc | ||||
| output (32 octets): 149a37433868240f e334f16978655b84 | iv info (12 octets): 000c08746c733133 20697600 | |||
| f5a41ac33a8bee94 9ccb9210296fd966 | iv output (12 octets): 5e04c80f859988e7 c102c719 | |||
| {client} derive secret "exporter master secret" (same as server) | {client} derive read traffic keys for application data (same as | |||
| server write traffic keys) | ||||
| {client} derive read traffic keys using label "application data" | {client} calculate finished "tls13 finished": | |||
| (same as server write traffic keys) | ||||
| {client} calculate finished: | PRK (32 octets): e553af85fd9769a9 d3467db9b5b29797 | |||
| 7526f2f1b9cc25c1 c265093353dbceed | ||||
| PRK (32 octets): 5f9c7ffdc773eaa8 f11886ee8d5bc62e | hash (0 octets): (empty) | |||
| 5bf9acb23983a321 271960d54daa730c | ||||
| handshake hash (0 octets): (empty) | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | output (32 octets): 17c916392da3bfd7 1448ad824b4ec15e | |||
| output (32 octets): 1b4d3b86f9361dec 4ebb14c934750dd8 | 062a7da6925fd07e 9e3ed647a38555ed | |||
| a35f44362f8cf631 a5f839b73cd08961 | ||||
| {client} send a Finished handshake message | {client} send a Finished handshake message | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (36 octets): 14000020e43a4478 62b160d1d64f872e | ||||
| c81914ac97d6d282 9a2bdea8847b8137 5e0379ee | ||||
| ciphertext (58 octets): 1703010035ae8c37 e2d3e0083135eb7d | ||||
| 35f3ef2d375b4898 fb49295699912130 6c6b367a31cb8563 | ||||
| 87aaad029c1b9218 b53ea4be043bd7fc 2cc1 | ||||
| {client} derive write traffic keys using label "application data": | ||||
| PRK (32 octets): 09d0215a03cb3192 b7701429d46a21df | payload (36 octets): 1400002064283341 14b550e38e4b03ef | |||
| a9d70f7bb8191c94 f7643679dde02858 | e0fba441c3e73804 76bae41722a0ab8e be0f8b67 | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ciphertext (58 octets): 17030100351f82bd 499964e8f8b70cb4 | |||
| 85cc0dd0efe07561 887202f33db44327 3d667fe7d1a48cb2 | ||||
| 7502638cf4fc2b99 bc7efa1f1e33d210 186d | ||||
| key output (16 octets): 979ea306b9b7de91 0adc3c8c72473d6a | {client} derive write traffic keys for application data: | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | PRK (32 octets): 1053e7b2069c9d9b c6cf82f8deac40ec | |||
| 927bbb9fd5ad49fe ae1ff4278e2a0031 | ||||
| iv output (12 octets): a55a4b237184c78c 535b0a22 | key info (13 octets): 001009746c733133 206b657900 | |||
| {client} derive secret "resumption master secret": | key output (16 octets): 38c79b0728fa3451 774f093adac1dd04 | |||
| PRK (32 octets): 5d995a2374a68417 22518bedfcfcd627 | iv info (12 octets): 000c08746c733133 20697600 | |||
| 855c8fb4e18a8759 4416b19c3c4e485d | ||||
| handshake hash (32 octets): a3da757d83c4474f 68222e715e52cdea | iv output (12 octets): a3d605be250cfd5d 209615ee | |||
| 38616f3dab5e9496 2e97536a54efdac8 | ||||
| info (69 octets): 002021544c532031 2e332c2072657375 | {client} derive secret "tls13 res master": | |||
| 6d7074696f6e206d 6173746572207365 6372657420a3da75 | ||||
| 7d83c4474f68222e 715e52cdea38616f 3dab5e94962e9753 6a54efdac8 | ||||
| output (32 octets): 8b587b9e8ad75697 b59f164ff6fbdce4 | PRK (32 octets): 53850ec90133d5cd 448fa5200e7683b1 | |||
| ae176b9d14ea8edb d1ad4429485ce9c6 | 19236c0fe93dc8b6 cad87f9ffee80f67 | |||
| {server} derive read traffic keys using label "handshake data": | hash (32 octets): 2233547d4b607f2b 5f516e0f29f467d9 | |||
| 88e805512434d38a 87154d47488b72b4 | ||||
| PRK (32 octets): 5f9c7ffdc773eaa8 f11886ee8d5bc62e | info (52 octets): 002010746c733133 20726573206d6173 | |||
| 5bf9acb23983a321 271960d54daa730c | 746572202233547d 4b607f2b5f516e0f 29f467d988e80551 | |||
| 2434d38a87154d47 488b72b4 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | output (32 octets): 91eeb3e2bb46fcf6 810ec7bff5c1d905 | |||
| key output (16 octets): 505a5542bb68c323 0316fedd6a6ef04f | 22d1cc1b196e3ef4 a72f6f6bd86f5aae | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | {server} derive read traffic keys for handshake data: | |||
| iv output (12 octets): 024cb0bcf2c8d436 cfa3a739 | PRK (32 octets): e553af85fd9769a9 d3467db9b5b29797 | |||
| 7526f2f1b9cc25c1 c265093353dbceed | ||||
| {server} calculate finished: | key info (13 octets): 001009746c733133 206b657900 | |||
| PRK (32 octets): 5f9c7ffdc773eaa8 f11886ee8d5bc62e | key output (16 octets): 867143c4068df3a5 ae6b12a486b9b847 | |||
| 5bf9acb23983a321 271960d54daa730c | ||||
| handshake hash (0 octets): (empty) | iv info (12 octets): 000c08746c733133 20697600 | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | iv output (12 octets): 5e04c80f859988e7 c102c719 | |||
| output (32 octets): 1b4d3b86f9361dec 4ebb14c934750dd8 | {server} calculate finished "tls13 finished" (same as client) | |||
| a35f44362f8cf631 a5f839b73cd08961 | ||||
| {server} derive read traffic keys using label "application data" | {server} derive read traffic keys for application data (same as | |||
| (same as client write traffic keys) | client write traffic keys) | |||
| {server} derive secret "resumption master secret" (same as client) | {server} derive secret "tls13 res master" (same as client) | |||
| {client} send record: | {client} send application_data record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | payload (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 170301004367c3e4 c2e178aaad5b95f6 | ciphertext (72 octets): 1703010043108855 d836d933a3b33e5e | |||
| 9e41c757ad5575a1 745e2c4c9a8d0088 86d502a466d3f8e4 | 3bcccfe9ebbb75ad 3d4ee46f02063528 384adfec59cede3b | |||
| 86ee73134e3c740a 683a405ac408b1dc 21a4b22caacd90a0 | 13d5dd68442833ef 1c13014af62d56e3 c9661c0eb0ef4fdc | |||
| 58e5f9d98285c204 | e7808b45f077ca2b | |||
| {server} send record: | {server} send application_data record: | |||
| cleartext (50 octets): 0001020304050607 08090a0b0c0d0e0f | payload (50 octets): 0001020304050607 08090a0b0c0d0e0f | |||
| 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | 1011121314151617 18191a1b1c1d1e1f 2021222324252627 | |||
| 28292a2b2c2d2e2f 3031 | 28292a2b2c2d2e2f 3031 | |||
| ciphertext (72 octets): 170301004362928f 4bc451d13e46e29a | ciphertext (72 octets): 1703010043c23be9 5ad85b168bd2e206 | |||
| 9c1b684a0bf984ed 257be4155f3d97dc 727689e84a152fb6 | cd17b2b598f67cdf 558992521a6ed4ec eeff45ec22a93675 | |||
| 2f9103041a5dd045 34959f28fe6017dc 1b3c9d8293b2456d | 1bd733fc63e3a98d 092dcd93ec848c08 afdfda839f524e2e | |||
| 2eb3775029f7bd8a | 69b474197cae81cb | |||
| {client} send record: | {client} send alert record: | |||
| cleartext (2 octets): 0100 | payload (2 octets): 0100 | |||
| ciphertext (24 octets): 17030100139d41ac 5ed9b4f06ae44f09 | ||||
| 1c7ae9cc9e6d9793 | ||||
| {server} send record: | ciphertext (24 octets): 1703010013c4f33d 08ac5ad28a35c0b3 | |||
| 2559bf45718f9bc7 | ||||
| cleartext (2 octets): 0100 | {server} send alert record: | |||
| ciphertext (24 octets): 170301001308d06f 582c7d7294ee1b96 | payload (2 octets): 0100 | |||
| 9aca936f2ced5471 | ||||
| ciphertext (24 octets): 17030100139f73be 8cc18eb517547f85 | ||||
| 26b1219f757cdc2d | ||||
| 5. HelloRetryRequest | 5. HelloRetryRequest | |||
| In this example, the client initiates a handshake with an X25519 | In this example, the client initiates a handshake with an X25519 | |||
| [RFC7748] share. The server however prefers P-256 [FIPS186] and | [RFC7748] share. The server however prefers P-256 [FIPS186] and | |||
| sends a HelloRetryRequest that requires the client to generate a key | sends a HelloRetryRequest that requires the client to generate a key | |||
| share on the P-256 curve. | share on the P-256 curve. | |||
| {client} create an ephemeral x25519 key pair: | {client} create an ephemeral x25519 key pair: | |||
| private key (32 octets): 0a0cb6f0d87f01e3 46cd092736e1b5b7 | private key (32 octets): 68f119d51cf43e70 b7bc4080d5911317 | |||
| 9dc623ed53d5d030 2c46cacc61913e17 | b22482211908f4a0 7cd3ee6148f05a65 | |||
| public key (32 octets): 05efa94d13f5adcd 14219379d5a37dbc | public key (32 octets): fff63faea1e4f9b0 8ae2fc158749f72a | |||
| e4721d9294e572c6 651aeb761838815b | b274015b21903399 434279416a1c3866 | |||
| {client} send a ClientHello handshake message | {client} send a ClientHello handshake message | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (174 octets): 010000aa0303d9e9 898df63d43adbe64 | payload (174 octets): 010000aa03032b47 3d43b9e45db4ff9f | |||
| a2634f0b63bcdc40 19a3e526bc013a60 42e05b14555c0000 | 9ae53f63f495bc90 a308136caa6570cd 6a3d682e23fc0000 | |||
| 0613011303130201 00007b0000000b00 0900000673657276 | 0613011303130201 00007b0000000b00 0900000673657276 | |||
| 6572ff0100010000 0a00080006001d00 1700180028002600 | 6572ff0100010000 0a00080006001d00 1700180028002600 | |||
| 24001d002005efa9 4d13f5adcd142193 79d5a37dbce4721d | 24001d0020fff63f aea1e4f9b08ae2fc 158749f72ab27401 | |||
| 9294e572c6651aeb 761838815b002b00 03027f12000d0020 | 5b21903399434279 416a1c3866002b00 03027f14000d0020 | |||
| 001e040305030603 0203080408050806 0401050106010201 | 001e040305030603 0203080408050806 0401050106010201 | |||
| 0402050206020202 002d00020101 | 0402050206020202 002d00020101 | |||
| ciphertext (179 octets): 16030100ae010000 aa0303d9e9898df6 | ciphertext (179 octets): 16030100ae010000 aa03032b473d43b9 | |||
| 3d43adbe64a2634f 0b63bcdc4019a3e5 26bc013a6042e05b | e45db4ff9f9ae53f 63f495bc90a30813 6caa6570cd6a3d68 | |||
| 14555c0000061301 130313020100007b 0000000b00090000 | 2e23fc0000061301 130313020100007b 0000000b00090000 | |||
| 06736572766572ff 01000100000a0008 0006001d00170018 | 06736572766572ff 01000100000a0008 0006001d00170018 | |||
| 002800260024001d 002005efa94d13f5 adcd14219379d5a3 | 002800260024001d 0020fff63faea1e4 f9b08ae2fc158749 | |||
| 7dbce4721d9294e5 72c6651aeb761838 815b002b0003027f | f72ab274015b2190 3399434279416a1c 3866002b0003027f | |||
| 12000d0020001e04 0305030603020308 0408050806040105 | 14000d0020001e04 0305030603020308 0408050806040105 | |||
| 0106010201040205 0206020202002d00 020101 | 0106010201040205 0206020202002d00 020101 | |||
| {server} send a HelloRetryRequest handshake message | {server} send a HelloRetryRequest handshake message | |||
| {server} send record: | ||||
| cleartext (14 octets): 0600000a7f120006 002800020017 | {server} send handshake record: | |||
| ciphertext (19 octets): 160301000e060000 0a7f120006002800 020017 | payload (16 octets): 0600000c7f141301 0006002800020017 | |||
| ciphertext (21 octets): 1603010010060000 0c7f141301000600 | ||||
| 2800020017 | ||||
| {client} create an ephemeral P-256 key pair: | {client} create an ephemeral P-256 key pair: | |||
| private key (32 octets): 11fa48d153c917ff d89dff13140760a1 | private key (32 octets): 686029ea60fdbf90 952a205f36867184 | |||
| 36265d399fa9f10e 2d766d42a6c84e90 | 21d39ccb83e1332e 6449da8f62a455f7 | |||
| public key (65 octets): 041e5a785f5417fb 18db4293843534a5 | public key (65 octets): 0439a9c0e3dea88c 76323ea8a30a779f | |||
| c0ba6e744baa6846 d0b32f4e9ea39227 24a08f2adb09f071 | caa782d88935df99 ca2f94f386227247 066af9a46ebc7f88 | |||
| f81402e7fd8ca33b 76abe1cd556fd3e8 fe20e0fd2e8202f9 69 | 6f1d8e81a08779f2 6c5420c69609a68a 6762b91329670b5d e1 | |||
| {client} send a ClientHello handshake message | {client} send a ClientHello handshake message | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (207 octets): 010000cb0303d9e9 898df63d43adbe64 | payload (207 octets): 010000cb03032b47 3d43b9e45db4ff9f | |||
| a2634f0b63bcdc40 19a3e526bc013a60 42e05b14555c0000 | 9ae53f63f495bc90 a308136caa6570cd 6a3d682e23fc0000 | |||
| 0613011303130201 00009c0000000b00 0900000673657276 | 0613011303130201 00009c0000000b00 0900000673657276 | |||
| 6572ff0100010000 0a00080006001d00 1700180028004700 | 6572ff0100010000 0a00080006001d00 1700180028004700 | |||
| 4500170041041e5a 785f5417fb18db42 93843534a5c0ba6e | 45001700410439a9 c0e3dea88c76323e a8a30a779fcaa782 | |||
| 744baa6846d0b32f 4e9ea3922724a08f 2adb09f071f81402 | d88935df99ca2f94 f386227247066af9 a46ebc7f886f1d8e | |||
| e7fd8ca33b76abe1 cd556fd3e8fe20e0 fd2e8202f969002b | 81a08779f26c5420 c69609a68a6762b9 1329670b5de1002b | |||
| 0003027f12000d00 20001e0403050306 0302030804080508 | 0003027f14000d00 20001e0403050306 0302030804080508 | |||
| 0604010501060102 0104020502060202 02002d00020101 | 0604010501060102 0104020502060202 02002d00020101 | |||
| ciphertext (212 octets): 16030100cf010000 cb0303d9e9898df6 | ciphertext (212 octets): 16030100cf010000 cb03032b473d43b9 | |||
| 3d43adbe64a2634f 0b63bcdc4019a3e5 26bc013a6042e05b | e45db4ff9f9ae53f 63f495bc90a30813 6caa6570cd6a3d68 | |||
| 14555c0000061301 130313020100009c 0000000b00090000 | 2e23fc0000061301 130313020100009c 0000000b00090000 | |||
| 06736572766572ff 01000100000a0008 0006001d00170018 | 06736572766572ff 01000100000a0008 0006001d00170018 | |||
| 0028004700450017 0041041e5a785f54 17fb18db42938435 | 0028004700450017 00410439a9c0e3de a88c76323ea8a30a | |||
| 34a5c0ba6e744baa 6846d0b32f4e9ea3 922724a08f2adb09 | 779fcaa782d88935 df99ca2f94f38622 7247066af9a46ebc | |||
| f071f81402e7fd8c a33b76abe1cd556f d3e8fe20e0fd2e82 | 7f886f1d8e81a087 79f26c5420c69609 a68a6762b9132967 | |||
| 02f969002b000302 7f12000d0020001e 0403050306030203 | 0b5de1002b000302 7f14000d0020001e 0403050306030203 | |||
| 0804080508060401 0501060102010402 050206020202002d 00020101 | 0804080508060401 0501060102010402 050206020202002d 00020101 | |||
| {server} extract secret "early": | {server} extract secret "early": | |||
| salt: (absent) | salt: (absent) | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| {server} create an ephemeral P-256 key pair: | {server} create an ephemeral P-256 key pair: | |||
| private key (32 octets): ff265d2062c70725 ca22513e1e6841ff | private key (32 octets): cf5cb678b37d617e 4e3b978d52758db3 | |||
| 475e8a00421f0818 186edd1c0080cc6a | 5bee4147c5a4c48d f62ec7f3e26b7b0d | |||
| public key (65 octets): 048a4d09cde58dbc 041955b9a41a43c1 | public key (65 octets): 0438bafba512d58e 57a62ceaee1c0c3e | |||
| 696dc5429ffa96f9 cd194a863ac782f1 8159f072b4f61021 | 5678082cacf126d3 dac009720572d79f 341f7098b24fb7f1 | |||
| 5d86407dd7368b75 4ab2e64f2c1b3f9d 457c264e2b1781a3 6b | b8ee222d6433f310 e8862c8b9f2c9337 fe6eb1a54665d465 3b | |||
| {server} send a ServerHello handshake message | {server} send a ServerHello handshake message | |||
| {server} extract secret "handshake": | {server} derive secret for handshake "tls13 derived": | |||
| salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| ikm (32 octets): 6551f8de88be4c85 a6ec245d84aa63d5 | hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| ce85c9fdeb9398b9 b35512d372637253 | 27ae41e4649b934c a495991b7852b855 | |||
| secret (32 octets): ead65db5900e7b73 cc49689cfed1039d | info (49 octets): 00200d746c733133 2064657269766564 | |||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 4ca495991b7852b8 55 | ||||
| {server} derive secret "client handshake traffic secret": | output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| 16c076189c48250c ebeac3576c3611ba | ||||
| PRK (32 octets): ead65db5900e7b73 cc49689cfed1039d | {server} extract secret "handshake": | |||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | ||||
| handshake hash (32 octets): a5ad44690729db79 d84d7637a8f2915a | salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| 54ab8f4cd52d2862 591392fe3255e1af | 16c076189c48250c ebeac3576c3611ba | |||
| info (76 octets): 002028544c532031 2e332c20636c6965 | ikm (32 octets): df4cde9bf625ee9b e21cc6bd4a51f662 | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | 00c857b0b104cb68 7731c3851eefbc9a | |||
| 72657420a5ad4469 0729db79d84d7637 a8f2915a54ab8f4c | ||||
| d52d2862591392fe 3255e1af | ||||
| output (32 octets): c6cfd0de3536e43c cb8522fa10d9deff | secret (32 octets): 61ebb724b8eaa8d4 83de05c018a83947 | |||
| ff1753ebf96a7d97 c6c8ccc501e57ad0 | b5c2a866847154ce 2b2e33fce8e538cf | |||
| {server} derive secret "server handshake traffic secret": | {server} derive secret "tls13 c hs traffic": | |||
| PRK (32 octets): ead65db5900e7b73 cc49689cfed1039d | PRK (32 octets): 61ebb724b8eaa8d4 83de05c018a83947 | |||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | b5c2a866847154ce 2b2e33fce8e538cf | |||
| handshake hash (32 octets): a5ad44690729db79 d84d7637a8f2915a | hash (32 octets): dad1f7541198d854 97203f23e9856b9a | |||
| 54ab8f4cd52d2862 591392fe3255e1af | 97937e6a2d22f3c0 1e22be12bee0ee56 | |||
| info (76 octets): 002028544c532031 2e332c2073657276 | info (54 octets): 002012746c733133 2063206873207472 | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | 616666696320dad1 f7541198d8549720 3f23e9856b9a9793 | |||
| 72657420a5ad4469 0729db79d84d7637 a8f2915a54ab8f4c | 7e6a2d22f3c01e22 be12bee0ee56 | |||
| d52d2862591392fe 3255e1af | ||||
| output (32 octets): b20106ffa8a023ba be8534eb03dd3683 | output (32 octets): f52e0805a26cd615 ec012fd6b1950258 | |||
| fafa594b2e9c9465 0856b64c3f318939 | a9aae77b336a8cac a443df877e99ec61 | |||
| {server} derive secret "tls13 s hs traffic": | ||||
| PRK (32 octets): 61ebb724b8eaa8d4 83de05c018a83947 | ||||
| b5c2a866847154ce 2b2e33fce8e538cf | ||||
| hash (32 octets): dad1f7541198d854 97203f23e9856b9a | ||||
| 97937e6a2d22f3c0 1e22be12bee0ee56 | ||||
| info (54 octets): 002012746c733133 2073206873207472 | ||||
| 616666696320dad1 f7541198d8549720 3f23e9856b9a9793 | ||||
| 7e6a2d22f3c01e22 be12bee0ee56 | ||||
| output (32 octets): ed0ea7ec428dd7bb 3f89df21b4679286 | ||||
| fb19f61c5fe0ef81 35c0f54d687bc50c | ||||
| {server} derive secret for master "tls13 derived": | ||||
| PRK (32 octets): 61ebb724b8eaa8d4 83de05c018a83947 | ||||
| b5c2a866847154ce 2b2e33fce8e538cf | ||||
| hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | ||||
| 27ae41e4649b934c a495991b7852b855 | ||||
| info (49 octets): 00200d746c733133 2064657269766564 | ||||
| 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | ||||
| 4ca495991b7852b8 55 | ||||
| output (32 octets): 3f0c9f13e5dd95f7 27c7bf2c82b4f75f | ||||
| 91e26cf5e1f89ae5 36becd5b48f08357 | ||||
| {server} extract secret "master": | {server} extract secret "master": | |||
| salt (32 octets): ead65db5900e7b73 cc49689cfed1039d | salt (32 octets): 3f0c9f13e5dd95f7 27c7bf2c82b4f75f | |||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | 91e26cf5e1f89ae5 36becd5b48f08357 | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | secret (32 octets): 23bdfa8bb085b65a 8095c55a79f20ab0 | |||
| d6067a7b6c4e0362 6172eec87a71b5a2 | 7646d7bac8c67803 2aa5985df2a1b7c1 | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (115 octets): 0200006f7f1296ff 693075d8465651a9 | payload (115 octets): 0200006f7f1439d0 5400265319e5a369 | |||
| c28773f549654220 6ba390199b9c9975 45d9a12666151301 | 3e2a5479b46a5e8c 10a12daa5d01cdc0 cb21730536d51301 | |||
| 0049002800450017 0041048a4d09cde5 8dbc041955b9a41a | 0049002800450017 00410438bafba512 d58e57a62ceaee1c | |||
| 43c1696dc5429ffa 96f9cd194a863ac7 82f18159f072b4f6 | 0c3e5678082cacf1 26d3dac009720572 d79f341f7098b24f | |||
| 10215d86407dd736 8b754ab2e64f2c1b 3f9d457c264e2b17 81a36b | b7f1b8ee222d6433 f310e8862c8b9f2c 9337fe6eb1a54665 d4653b | |||
| ciphertext (120 octets): 1603010073020000 6f7f1296ff693075 | ciphertext (120 octets): 1603010073020000 6f7f1439d0540026 | |||
| d8465651a9c28773 f5496542206ba390 199b9c997545d9a1 | 5319e5a3693e2a54 79b46a5e8c10a12d aa5d01cdc0cb2173 | |||
| 2666151301004900 2800450017004104 8a4d09cde58dbc04 | 0536d51301004900 2800450017004104 38bafba512d58e57 | |||
| 1955b9a41a43c169 6dc5429ffa96f9cd 194a863ac782f181 | a62ceaee1c0c3e56 78082cacf126d3da c009720572d79f34 | |||
| 59f072b4f610215d 86407dd7368b754a b2e64f2c1b3f9d45 | 1f7098b24fb7f1b8 ee222d6433f310e8 862c8b9f2c9337fe | |||
| 7c264e2b1781a36b | 6eb1a54665d4653b | |||
| {server} derive write traffic keys using label "handshake data": | {server} derive write traffic keys for handshake data: | |||
| PRK (32 octets): b20106ffa8a023ba be8534eb03dd3683 | PRK (32 octets): ed0ea7ec428dd7bb 3f89df21b4679286 | |||
| fafa594b2e9c9465 0856b64c3f318939 | fb19f61c5fe0ef81 35c0f54d687bc50c | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): f1c0114cbc1391f0 023187ab7ab4eac1 | key output (16 octets): ea3b74f7e0223840 dc5fbc1d3864b73b | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): b28638f5018dbb8f 6b5d1314 | iv output (12 octets): 97621bb779bba789 402021f6 | |||
| {server} send a EncryptedExtensions handshake message | {server} send a EncryptedExtensions handshake message | |||
| {server} send a Certificate handshake message | {server} send a Certificate handshake message | |||
| {server} send a CertificateVerify handshake message | {server} send a CertificateVerify handshake message | |||
| {server} calculate finished: | {server} calculate finished "tls13 finished": | |||
| PRK (32 octets): b20106ffa8a023ba be8534eb03dd3683 | PRK (32 octets): ed0ea7ec428dd7bb 3f89df21b4679286 | |||
| fafa594b2e9c9465 0856b64c3f318939 | fb19f61c5fe0ef81 35c0f54d687bc50c | |||
| handshake hash (0 octets): (empty) | hash (0 octets): (empty) | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| output (32 octets): 7b88ebd4056b7e68 d2477433058cf559 | output (32 octets): 03c5ee66699c919c db206db4053b9314 | |||
| 15ffa712d01141fd a135a49b7e3f7a56 | f56449f899baead8 c0d82b63fefaa19b | |||
| {server} send a Finished handshake message | {server} send a Finished handshake message | |||
| {server} send record: | {server} send handshake record: | |||
| cleartext (639 octets): 080000120010000a 0008000600170018 | payload (639 octets): 080000120010000a 0008000600170018 | |||
| 001d000000000b00 01b9000001b50001 b0308201ac308201 | 001d000000000b00 01b9000001b50001 b0308201ac308201 | |||
| 15a0030201020201 02300d06092a8648 86f70d01010b0500 | 15a0030201020201 02300d06092a8648 86f70d01010b0500 | |||
| 300e310c300a0603 5504031303727361 301e170d31363037 | 300e310c300a0603 5504031303727361 301e170d31363037 | |||
| 3330303132333539 5a170d3236303733 303031323335395a | 3330303132333539 5a170d3236303733 303031323335395a | |||
| 300e310c300a0603 5504031303727361 30819f300d06092a | 300e310c300a0603 5504031303727361 30819f300d06092a | |||
| 864886f70d010101 050003818d003081 8902818100b4bb49 | 864886f70d010101 050003818d003081 8902818100b4bb49 | |||
| 8f8279303d980836 399b36c6988c0c68 de55e1bdb826d390 | 8f8279303d980836 399b36c6988c0c68 de55e1bdb826d390 | |||
| 1a2461eafd2de49a 91d015abbc9a9513 7ace6c1af19eaa6a | 1a2461eafd2de49a 91d015abbc9a9513 7ace6c1af19eaa6a | |||
| f98c7ced43120998 e187a80ee0ccb052 4b1b018c3e0b6326 | f98c7ced43120998 e187a80ee0ccb052 4b1b018c3e0b6326 | |||
| 4d449a6d38e22a5f da43084674803053 0ef0461c8ca9d9ef | 4d449a6d38e22a5f da43084674803053 0ef0461c8ca9d9ef | |||
| bfae8ea6d1d03e2b d193eff0ab9a8002 c47428a6d35a8d88 | bfae8ea6d1d03e2b d193eff0ab9a8002 c47428a6d35a8d88 | |||
| d79f7f1e3f020301 0001a31a30183009 0603551d13040230 | d79f7f1e3f020301 0001a31a30183009 0603551d13040230 | |||
| 00300b0603551d0f 0404030205a0300d 06092a864886f70d | 00300b0603551d0f 0404030205a0300d 06092a864886f70d | |||
| 01010b0500038181 0085aad2a0e5b927 6b908c65f73a7267 | 01010b0500038181 0085aad2a0e5b927 6b908c65f73a7267 | |||
| 170618a54c5f8a7b 337d2df7a5943654 17f2eae8f8a58c8f | 170618a54c5f8a7b 337d2df7a5943654 17f2eae8f8a58c8f | |||
| 8172f9319cf36b7f d6c55b80f21a0301 5156726096fd335e | 8172f9319cf36b7f d6c55b80f21a0301 5156726096fd335e | |||
| 5e67f2dbf102702e 608ccae6bec1fc63 a42a99be5c3eb710 | 5e67f2dbf102702e 608ccae6bec1fc63 a42a99be5c3eb710 | |||
| 7c3c54e9b9eb2bd5 203b1c3b84e0a8b2 f759409ba3eac9d9 | 7c3c54e9b9eb2bd5 203b1c3b84e0a8b2 f759409ba3eac9d9 | |||
| 1d402dcc0cc8f896 1229ac9187b42b4d e100000f00008408 | 1d402dcc0cc8f896 1229ac9187b42b4d e100000f00008408 | |||
| 040080a2427ae5f8 0c99ee8e72b7ddee b2f512458f7f6325 | 0400806f43289ae7 efa4a473bedf613e 4e92e9554fb2871a | |||
| 1b8a77ace3b1577a ac9a8fcd73bb6a33 5a3446d66b2debb7 | df28b8612b27998c be8e8690f4c81b8a cb3fb981396962e0 | |||
| f90d6eb8701f3ab1 69793295b34251b9 e6d5fe0251478e8a | 7a506b790cb6cb07 1caeb49acc217f39 058d7375cf9d2174 | |||
| 6ab8b79651ea64c9 b598c8628893c867 9b7400177bc5e457 | a8fa29ba60dc35ef 7a43827278489428 2c75d4750400532e | |||
| a539316b5ebd7d08 f380593f0541d781 f0dd28b41a062aad | 069fafa01577b431 bbf764f4be901643 07a30b59081c286b | |||
| e8bf20074c6eda9c 01c75b140000208e 0bdf3cb16b0b2560 | 18ba58649637d676 d5cee614000020bc 521faec41d6c9d2d | |||
| 51b37de6704e005d 2a4600cd0c38cae9 0a79eac6ed1bf1 | e9f0de7887121fb7 e7a6000a82caa148 565ab19e0aef8f | |||
| ciphertext (661 octets): 170301029081de4f cfd700da4573d570 | ciphertext (661 octets): 1703010290b02e90 0efe58c26b437b75 | |||
| 5942f14a11e569aa 9aacc95260520102 6f74f2b2ad6abe08 | 4cb31ff7e592e595 405b265fa8c3f2bd 6b9a168fbaf70940 | |||
| 7b53a4940ff94208 9e02d3159b1c6f11 75d7fcb51abad6fd | 91d27872271925ac b0e8d878f17a60ea c39a6b233bcbb2f4 | |||
| d4f7ff4af6590b47 16c1d90e1031e1a1 e32079f531108c6b | 9f6774b77c11827e e77798976db2b76b c236a8cae6751c0b | |||
| 9f79d6120319e0a3 73010e82d780a8f9 c3fdf8474840cdb6 | 498402f364d0118c d21483365d82a82e df95f3bcf5a2a0ed | |||
| 7e4943d3808a27cd 5d9375c766a95ef4 8393c235d83ad26a | 3941ef0be0619fbc 2a4489c241f2fc75 3381cf064813ca4e | |||
| 20628671793f75df aa0be78b11fed206 6506d19a769d9d32 | dec9bd213c29f4cd 5c3d7b52bc34ef9d 6d3db2e3ce370414 | |||
| adc0437784994359 ef5e452609353670 1c46004cf6fc252e | d9e87c18e7190448 8dd0d7cd359fcb2d ee00aba5283c2dd4 | |||
| 546e797238c73b94 b073461158301f78 1498917c32dc0ece | 31afa8e17bf25643 00fbc24f11ae9fb6 6c4cec5f38b03e10 | |||
| 658a53790c667397 f7744775c2bef907 b5f7d5677b2e57fe | fbb510b4f3a716e8 4e395128b526aa00 24425fec5e0d9072 | |||
| 7c4bfd43c7ad1ee4 6fd400c3d3c3c05f e8775f055263e98a | b42fdabfa93686bb 0036963bf3d6d122 fb205fb024c41422 | |||
| 692b49a818d0f698 4400c1db2f429fa8 9fb61d523398e1d0 | 7e2f054787af00aa b17b78ad2d5c31c1 5812c0420b0ea344 | |||
| 2bc5c393027146c0 f326032d18cb8283 473f2b6d554df942 | 2f3f5197533e9325 082f44434e502d4e fb73c5987fd3ee55 | |||
| c7b1a0050694c7b2 bf31a816f7ff77f1 d7db873dbb6e4646 | 228c92bd600e1f81 22a447caba8f2fd2 fbf49d43f99a441d | |||
| acabfa73c317a34c e6212a3469f549e6 cde71ab229a6f220 | 2695809c89dc1c89 9c7975b8a78ec2a9 8399922e58d538f8 | |||
| acda60832b510663 02a23d02c734bd5e 71b04fb248ca47ba | 009bc07b50573da6 1bbe41ef1f251ee9 dcca0e2d9e8c20fb | |||
| 0c7b1fd28fee9b5d 86e6b1a6a2a1a43e 3831210519f54134 | c3659b8eef131094 cc9effc3697ac767 248616db9576ccb1 | |||
| c96486d11ef3125f 74969785690487e0 aa5c0a310ebf9d31 | b937775cd97aeb81 f015dcc4bc53143f 0337e90ad800f7cc | |||
| 95ec5543af8a6ffb 710eb0a90285960d c1ccdc10ecee9669 | 6c09b23352acbf06 59c1d0ac6a145342 9d288a83f2c16ecd | |||
| 9171e97eae526a17 205012ab6f262e44 31ae9a70ff2ed7bd | 419abf7bcfeb05df b70292296847cd7d d91d305ec162436b | |||
| 966ef6bd4563f56a 7a14970dcabf97ae 7e4354db1ea27548 | 6e645028a3d9c068 1cd118093c9a9978 08585fc3ddecab33 | |||
| c55c11542ad07bcd 6f47a7143b86c4e6 678ce7dc6d51a1b7 | fff96c099b607516 4db17fb609747daf c511dcfe212c49e3 | |||
| 75687644d6526efa 3c864f592819e7b7 f9f1bbc02ed8821a | 399c74fe7d36b962 5206204cf411e42c 6b5da8c5cc7d522d | |||
| e66019b240b41f5e ebf9475069700030 7122f7c8a8d6c0da | c8a7747f4cd08e50 a180ed43d8ac0a4c cbc93207e1bd667f | |||
| a264c63183238d72 0eacb86879fab9ba 8a673c51a52c8284 | e2f784eeeb5be6cc 22ffd75c2d134a02 7618bf3f270c4809 | |||
| 75e3211223cd2238 bd8b8a934af3e4dd e10e788df23ad6d8 | 58c2016507f7f825 dc7a116f7f06670b 8c926c47a919b4ec | |||
| 51d68b78082ac667 a854356415e7858b e526307332990d8c | f8eab3c0451be841 e90a55e9ce7fee05 919525b0042e4943 | |||
| c38a5dc4cfc22a2c a2bdd9126a2ce13d 7015264921 | 4c70e792e055a6a6 50d69a4c9697bde8 0d8d004b41 | |||
| {server} derive secret "client application traffic secret": | {server} derive secret "tls13 c ap traffic": | |||
| PRK (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | PRK (32 octets): 23bdfa8bb085b65a 8095c55a79f20ab0 | |||
| d6067a7b6c4e0362 6172eec87a71b5a2 | 7646d7bac8c67803 2aa5985df2a1b7c1 | |||
| handshake hash (32 octets): dd0da93863ed291f 518b94a83093da6b | hash (32 octets): d35385d7ef5cda3f e72850e6b878c915 | |||
| 8edd2d25470c20cd c3becba4eee76c49 | e603150fe9dd009a 83ebf3e8b73525dc | |||
| info (78 octets): 00202a544c532031 2e332c20636c6965 | info (54 octets): 002012746c733133 2063206170207472 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | 616666696320d353 85d7ef5cda3fe728 50e6b878c915e603 | |||
| 656372657420dd0d a93863ed291f518b 94a83093da6b8edd | 150fe9dd009a83eb f3e8b73525dc | |||
| 2d25470c20cdc3be cba4eee76c49 | ||||
| output (32 octets): a754e4ccfbb7363d fdc7a57028da0867 | output (32 octets): 3e97f6ece946f6cf a25aac0c4294f752 | |||
| f804f958c38caead 1e656380d64fd662 | adf68ce3769ba8f1 a72140e960e00b75 | |||
| {server} derive secret "server application traffic secret": | {server} derive secret "tls13 s ap traffic": | |||
| PRK (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | PRK (32 octets): 23bdfa8bb085b65a 8095c55a79f20ab0 | |||
| d6067a7b6c4e0362 6172eec87a71b5a2 | 7646d7bac8c67803 2aa5985df2a1b7c1 | |||
| handshake hash (32 octets): dd0da93863ed291f 518b94a83093da6b | hash (32 octets): d35385d7ef5cda3f e72850e6b878c915 | |||
| 8edd2d25470c20cd c3becba4eee76c49 | e603150fe9dd009a 83ebf3e8b73525dc | |||
| info (78 octets): 00202a544c532031 2e332c2073657276 | info (54 octets): 002012746c733133 2073206170207472 | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | 616666696320d353 85d7ef5cda3fe728 50e6b878c915e603 | |||
| 656372657420dd0d a93863ed291f518b 94a83093da6b8edd | 150fe9dd009a83eb f3e8b73525dc | |||
| 2d25470c20cdc3be cba4eee76c49 | ||||
| output (32 octets): fa2a2be1efe55357 c112071aa4a62c3f | output (32 octets): 9bf644ffdb8feb85 11240075595cb94f | |||
| ec646fa0d7883092 fc9087dc5405c7a4 | 411a5682e3cb4a82 f0b1f7daf0322a92 | |||
| {server} derive secret "exporter master secret": | {server} derive secret "tls13 exp master": | |||
| PRK (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | PRK (32 octets): 23bdfa8bb085b65a 8095c55a79f20ab0 | |||
| d6067a7b6c4e0362 6172eec87a71b5a2 | 7646d7bac8c67803 2aa5985df2a1b7c1 | |||
| handshake hash (32 octets): dd0da93863ed291f 518b94a83093da6b | hash (32 octets): d35385d7ef5cda3f e72850e6b878c915 | |||
| 8edd2d25470c20cd c3becba4eee76c49 | e603150fe9dd009a 83ebf3e8b73525dc | |||
| info (67 octets): 00201f544c532031 2e332c206578706f | info (52 octets): 002010746c733133 20657870206d6173 | |||
| 72746572206d6173 7465722073656372 657420dd0da93863 | 74657220d35385d7 ef5cda3fe72850e6 b878c915e603150f | |||
| ed291f518b94a830 93da6b8edd2d2547 0c20cdc3becba4ee e76c49 | e9dd009a83ebf3e8 b73525dc | |||
| output (32 octets): f8538fa665addfe5 a88955dd68be1d39 | output (32 octets): c8dd1dcfbb99ea14 e3ad390c6a4cd3e0 | |||
| 874aa7a07f5c999d 6658f47a498029b7 | c4f20c2221aa33e2 68eb807de344a179 | |||
| {server} derive write traffic keys using label "application data": | {server} derive write traffic keys for application data: | |||
| PRK (32 octets): fa2a2be1efe55357 c112071aa4a62c3f | PRK (32 octets): 9bf644ffdb8feb85 11240075595cb94f | |||
| ec646fa0d7883092 fc9087dc5405c7a4 | 411a5682e3cb4a82 f0b1f7daf0322a92 | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): 5e7915cfd47985ac cedca500e9d65e13 | key output (16 octets): d46da4e755ba9e74 7a46246bda64c866 | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): b0b11ff319194dc7 c1ba7a3e | iv output (12 octets): 73deb5c4dfcc38ff 19bb9943 | |||
| {server} derive read traffic keys using label "handshake data": | {server} derive read traffic keys for handshake data: | |||
| PRK (32 octets): c6cfd0de3536e43c cb8522fa10d9deff | PRK (32 octets): f52e0805a26cd615 ec012fd6b1950258 | |||
| ff1753ebf96a7d97 c6c8ccc501e57ad0 | a9aae77b336a8cac a443df877e99ec61 | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | key info (13 octets): 001009746c733133 206b657900 | |||
| key output (16 octets): 9a9244d62def9bb2 0e9486b71569fdd3 | key output (16 octets): f34edc87549aca05 6bf5d3ebbfb58934 | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): 564fe61b06a369d1 665cd57a | iv info (12 octets): 000c08746c733133 20697600 | |||
| iv output (12 octets): 018f4bc56b7fa73b 50a1b497 | ||||
| {client} extract secret "early": | {client} extract secret "early": | |||
| salt: (absent) | salt: (absent) | |||
| ikm (32 octets): 0000000000000000 0000000000000000 | ikm (32 octets): 0000000000000000 0000000000000000 | |||
| 0000000000000000 0000000000000000 | 0000000000000000 0000000000000000 | |||
| secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| {client} extract secret "handshake": | {client} derive secret for handshake "tls13 derived": | |||
| salt (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 | |||
| 10adf300aa1f2660 e1b22e10f170f92a | 10adf300aa1f2660 e1b22e10f170f92a | |||
| ikm (32 octets): 6551f8de88be4c85 a6ec245d84aa63d5 | hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 | |||
| ce85c9fdeb9398b9 b35512d372637253 | 27ae41e4649b934c a495991b7852b855 | |||
| secret (32 octets): ead65db5900e7b73 cc49689cfed1039d | ||||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | ||||
| {client} derive secret "client handshake traffic secret": | ||||
| PRK (32 octets): ead65db5900e7b73 cc49689cfed1039d | info (49 octets): 00200d746c733133 2064657269766564 | |||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | 20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 | |||
| 4ca495991b7852b8 55 | ||||
| handshake hash (32 octets): a5ad44690729db79 d84d7637a8f2915a | output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| 54ab8f4cd52d2862 591392fe3255e1af | 16c076189c48250c ebeac3576c3611ba | |||
| info (76 octets): 002028544c532031 2e332c20636c6965 | {client} extract secret "handshake": | |||
| 6e742068616e6473 68616b6520747261 6666696320736563 | ||||
| 72657420a5ad4469 0729db79d84d7637 a8f2915a54ab8f4c | ||||
| d52d2862591392fe 3255e1af | ||||
| output (32 octets): c6cfd0de3536e43c cb8522fa10d9deff | salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 | |||
| ff1753ebf96a7d97 c6c8ccc501e57ad0 | 16c076189c48250c ebeac3576c3611ba | |||
| {client} derive secret "server handshake traffic secret": | ikm (32 octets): df4cde9bf625ee9b e21cc6bd4a51f662 | |||
| 00c857b0b104cb68 7731c3851eefbc9a | ||||
| PRK (32 octets): ead65db5900e7b73 cc49689cfed1039d | secret (32 octets): 61ebb724b8eaa8d4 83de05c018a83947 | |||
| 7a2f34b865915e9f a9c47c5fe6e551a8 | b5c2a866847154ce 2b2e33fce8e538cf | |||
| handshake hash (32 octets): a5ad44690729db79 d84d7637a8f2915a | {client} derive secret "tls13 c hs traffic" (same as server) | |||
| 54ab8f4cd52d2862 591392fe3255e1af | ||||
| info (76 octets): 002028544c532031 2e332c2073657276 | {client} derive secret "tls13 s hs traffic" (same as server) | |||
| 65722068616e6473 68616b6520747261 6666696320736563 | ||||
| 72657420a5ad4469 0729db79d84d7637 a8f2915a54ab8f4c | ||||
| d52d2862591392fe 3255e1af | ||||
| output (32 octets): b20106ffa8a023ba be8534eb03dd3683 | {client} derive secret for master "tls13 derived" (same as server) | |||
| fafa594b2e9c9465 0856b64c3f318939 | ||||
| {client} extract secret "master" (same as server) | {client} extract secret "master" (same as server) | |||
| {client} derive read traffic keys using label "handshake data": | {client} derive read traffic keys for handshake data: | |||
| PRK (32 octets): b20106ffa8a023ba be8534eb03dd3683 | ||||
| fafa594b2e9c9465 0856b64c3f318939 | ||||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ||||
| key output (16 octets): f1c0114cbc1391f0 023187ab7ab4eac1 | ||||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | ||||
| iv output (12 octets): b28638f5018dbb8f 6b5d1314 | ||||
| {client} calculate finished: | ||||
| PRK (32 octets): b20106ffa8a023ba be8534eb03dd3683 | ||||
| fafa594b2e9c9465 0856b64c3f318939 | ||||
| handshake hash (0 octets): (empty) | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | ||||
| output (32 octets): 7b88ebd4056b7e68 d2477433058cf559 | ||||
| 15ffa712d01141fd a135a49b7e3f7a56 | ||||
| {client} derive write traffic keys using label "handshake data" | ||||
| (same as server read traffic keys) | ||||
| {client} derive secret "client application traffic secret": | ||||
| PRK (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | ||||
| d6067a7b6c4e0362 6172eec87a71b5a2 | ||||
| handshake hash (32 octets): dd0da93863ed291f 518b94a83093da6b | PRK (32 octets): ed0ea7ec428dd7bb 3f89df21b4679286 | |||
| 8edd2d25470c20cd c3becba4eee76c49 | fb19f61c5fe0ef81 35c0f54d687bc50c | |||
| info (78 octets): 00202a544c532031 2e332c20636c6965 | key info (13 octets): 001009746c733133 206b657900 | |||
| 6e74206170706c69 636174696f6e2074 7261666669632073 | ||||
| 656372657420dd0d a93863ed291f518b 94a83093da6b8edd | ||||
| 2d25470c20cdc3be cba4eee76c49 | ||||
| output (32 octets): a754e4ccfbb7363d fdc7a57028da0867 | key output (16 octets): ea3b74f7e0223840 dc5fbc1d3864b73b | |||
| f804f958c38caead 1e656380d64fd662 | ||||
| {client} derive secret "server application traffic secret": | iv info (12 octets): 000c08746c733133 20697600 | |||
| PRK (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | iv output (12 octets): 97621bb779bba789 402021f6 | |||
| d6067a7b6c4e0362 6172eec87a71b5a2 | ||||
| handshake hash (32 octets): dd0da93863ed291f 518b94a83093da6b | {client} calculate finished "tls13 finished" (same as server) | |||
| 8edd2d25470c20cd c3becba4eee76c49 | ||||
| info (78 octets): 00202a544c532031 2e332c2073657276 | {client} derive secret "tls13 c ap traffic" (same as server) | |||
| 6572206170706c69 636174696f6e2074 7261666669632073 | {client} derive secret "tls13 s ap traffic" (same as server) | |||
| 656372657420dd0d a93863ed291f518b 94a83093da6b8edd | ||||
| 2d25470c20cdc3be cba4eee76c49 | ||||
| output (32 octets): fa2a2be1efe55357 c112071aa4a62c3f | {client} derive secret "tls13 exp master" (same as server) | |||
| ec646fa0d7883092 fc9087dc5405c7a4 | ||||
| {client} derive secret "exporter master secret" (same as server) | {client} derive write traffic keys for handshake data (same as | |||
| server read traffic keys) | ||||
| {client} derive read traffic keys using label "application data" | {client} derive read traffic keys for application data (same as | |||
| (same as server write traffic keys) | server write traffic keys) | |||
| {client} calculate finished: | {client} calculate finished "tls13 finished": | |||
| PRK (32 octets): c6cfd0de3536e43c cb8522fa10d9deff | PRK (32 octets): f52e0805a26cd615 ec012fd6b1950258 | |||
| ff1753ebf96a7d97 c6c8ccc501e57ad0 | a9aae77b336a8cac a443df877e99ec61 | |||
| handshake hash (0 octets): (empty) | hash (0 octets): (empty) | |||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | info (18 octets): 00200e746c733133 2066696e69736865 6400 | |||
| output (32 octets): 621f7d1de488a6bb 3874e3a03ded00e0 | output (32 octets): c6ceb1fb180f7d97 62734c4b88430995 | |||
| 4c9bd054c85b95e3 b65e7423ac3f3b88 | 2c56d60e95490950 2884f84f4a6be5f0 | |||
| {client} send a Finished handshake message | {client} send a Finished handshake message | |||
| {client} send record: | {client} send handshake record: | |||
| cleartext (36 octets): 14000020fc53f1be b1436fb968319299 | ||||
| a9e3b6088cc99e42 178c77337bc52786 d084882f | ||||
| ciphertext (58 octets): 170301003543adad e592362412fb77d7 | ||||
| 28b181c01b77cd62 a661e4125e6f9851 826e418f4c292ec6 | ||||
| 3254e8b0342d65db 8a7f074eed527ea6 98a6 | ||||
| {client} derive write traffic keys using label "application data": | ||||
| PRK (32 octets): a754e4ccfbb7363d fdc7a57028da0867 | payload (36 octets): 14000020735ebda7 9ccdab14ab392f67 | |||
| f804f958c38caead 1e656380d64fd662 | c0866555678946a1 b1b13f3d1a240d3f 1403efb9 | |||
| key info (16 octets): 00100c544c532031 2e332c206b657900 | ciphertext (58 octets): 17030100357d5aa6 afb0db48fa79159d | |||
| 8074fb1eb26ac08d 6be5c0674197dbd6 efab491f8e99036c | ||||
| c16fe5a80f6207a6 c110c8975d753c84 1fa9 | ||||
| key output (16 octets): 0e2e7a8db77587cf 18388def90b15063 | {client} derive write traffic keys for application data: | |||
| iv info (15 octets): 000c0b544c532031 2e332c20697600 | PRK (32 octets): 3e97f6ece946f6cf a25aac0c4294f752 | |||
| adf68ce3769ba8f1 a72140e960e00b75 | ||||
| iv output (12 octets): 56140ec2f82b9649 b0eefbfa | key info (13 octets): 001009746c733133 206b657900 | |||
| {client} derive secret "resumption master secret": | key output (16 octets): a2a1d780fe8dcc66 a2c9524da5adcb36 | |||
| PRK (32 octets): bf6d13ecadf8826f fed70fa62c0bf904 | iv info (12 octets): 000c08746c733133 20697600 | |||
| d6067a7b6c4e0362 6172eec87a71b5a2 | ||||
| handshake hash (32 octets): ad82e98953633398 4f4733bdac834b98 | iv output (12 octets): 774928e1cb918bb5 fabbdec1 | |||
| 63d05680cfb820cf c07c923029af4642 | ||||
| info (69 octets): 002021544c532031 2e332c2072657375 | {client} derive secret "tls13 res master": | |||
| 6d7074696f6e206d 6173746572207365 6372657420ad82e9 | ||||
| 89536333984f4733 bdac834b9863d056 80cfb820cfc07c92 3029af4642 | ||||
| output (32 octets): 8a4f85ba26bb67b7 0df06509177d7e91 | PRK (32 octets): 23bdfa8bb085b65a 8095c55a79f20ab0 | |||
| 8808eccada5604b1 61e378fe0803c374 | 7646d7bac8c67803 2aa5985df2a1b7c1 | |||
| {server} calculate finished: | hash (32 octets): 24852c1da1686926 86e24b558b6aaa12 | |||
| 698570f0e85c3925 23ad59b8b89e2aae | ||||
| PRK (32 octets): c6cfd0de3536e43c cb8522fa10d9deff | info (52 octets): 002010746c733133 20726573206d6173 | |||
| ff1753ebf96a7d97 c6c8ccc501e57ad0 | 7465722024852c1d a168692686e24b55 8b6aaa12698570f0 | |||
| e85c392523ad59b8 b89e2aae | ||||
| handshake hash (0 octets): (empty) | output (32 octets): a4fccac589ec1324 762aa9ace2eb916b | |||
| 3124acfa5297f8ac b5a025f99375d171 | ||||
| info (21 octets): 002011544c532031 2e332c2066696e69 7368656400 | {server} calculate finished "tls13 finished" (same as client) | |||
| output (32 octets): 621f7d1de488a6bb 3874e3a03ded00e0 | {server} derive read traffic keys for application data (same as | |||
| 4c9bd054c85b95e3 b65e7423ac3f3b88 | client write traffic keys) | |||
| {server} derive read traffic keys using label "application data" | {server} derive secret "tls13 res master" (same as client) | |||
| (same as client write traffic keys) | ||||
| {server} derive secret "resumption master secret" (same as client) | {client} send alert record: | |||
| {client} send record: | ||||
| cleartext (2 octets): 0100 | payload (2 octets): 0100 | |||
| ciphertext (24 octets): 17030100131ef5c9 e7205f31a1edf9b1 | ciphertext (24 octets): 1703010013b48a63 7c14b155f5bc2804 | |||
| 3600fec1271e4f5d | 04056c6a4b0a34e2 | |||
| {server} send record: | {server} send alert record: | |||
| cleartext (2 octets): 0100 | payload (2 octets): 0100 | |||
| ciphertext (24 octets): 170301001350ff6e 907c508b6b191ff6 | ciphertext (24 octets): 1703010013523066 0fa8cae6196c4565 | |||
| 094faf4c0b32d6a8 | ac8207fcaf163e8f | |||
| 6. Security Considerations | 6. Security Considerations | |||
| It probably isn't a good idea to use the private key here. If it | It probably isn't a good idea to use the private key here. If it | |||
| weren't for the fact that it is too small to provide any meaningful | weren't for the fact that it is too small to provide any meaningful | |||
| security, it is now very well known. | security, it is now very well known. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [I-D.ietf-tls-tls13] | [I-D.ietf-tls-tls13] | |||
| Rescorla, E., "The Transport Layer Security (TLS) Protocol | Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", draft-ietf-tls-tls13-18 (work in progress), | Version 1.3", draft-ietf-tls-tls13-20 (work in progress), | |||
| October 2016. | April 2017. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [FIPS186] National Institute of Standards and Technology (NIST), | [FIPS186] National Institute of Standards and Technology (NIST), | |||
| "Digital Signature Standard (DSS)", NIST PUB 186-4 , July | "Digital Signature Standard (DSS)", NIST PUB 186-4 , July | |||
| 2013. | 2013. | |||
| [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves | [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves | |||
| for Security", RFC 7748, DOI 10.17487/RFC7748, January | for Security", RFC 7748, DOI 10.17487/RFC7748, January | |||
| 2016, <http://www.rfc-editor.org/info/rfc7748>. | 2016, <http://www.rfc-editor.org/info/rfc7748>. | |||
| End of changes. 442 change blocks. | ||||
| 1086 lines changed or deleted | 920 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||