< draft-ietf-tls-tls13-vectors-02.txt   draft-ietf-tls-tls13-vectors-03.txt >
TLS M. Thomson TLS M. Thomson
Internet-Draft Mozilla Internet-Draft Mozilla
Intended status: Standards Track July 16, 2017 Intended status: Standards Track December 4, 2017
Expires: January 17, 2018 Expires: June 7, 2018
Example Handshake Traces for TLS 1.3 Example Handshake Traces for TLS 1.3
draft-ietf-tls-tls13-vectors-02 draft-ietf-tls-tls13-vectors-03
Abstract Abstract
Examples of TLS 1.3 handshakes are shown. Private keys and inputs Examples of TLS 1.3 handshakes are shown. Private keys and inputs
are provided so that these handshakes might be reproduced. are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys and ivs are Intermediate values, including secrets, traffic keys and ivs are
shown so that implementations might be checked incrementally against shown so that implementations might be checked incrementally against
these values. these values.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 17, 2018. This Internet-Draft will expire on June 7, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3 3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3
4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 14 4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 13
5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 25 5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 22
6. Security Considerations . . . . . . . . . . . . . . . . . . . 36 6. Client Authentication . . . . . . . . . . . . . . . . . . . . 33
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 7. Security Considerations . . . . . . . . . . . . . . . . . . . 42
7.1. Normative References . . . . . . . . . . . . . . . . . . 36 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 42
7.2. Informative References . . . . . . . . . . . . . . . . . 36 8.1. Normative References . . . . . . . . . . . . . . . . . . 42
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 36 8.2. Informative References . . . . . . . . . . . . . . . . . 42
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 43
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 43
1. Introduction 1. Introduction
TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number TLS 1.3 [I-D.ietf-tls-tls13] defines a new key schedule and a number
new cryptographic operations. This document includes sample new cryptographic operations. This document includes sample
handshakes that show all intermediate values. This allows an handshakes that show all intermediate values. This allows an
implementation to be verified incrementally, examining inputs and implementation to be verified incrementally, examining inputs and
outputs of each cryptographic computation independently. outputs of each cryptographic computation independently.
Private keys are included with the traces so that implementations can Private keys are included with the traces so that implementations can
be checked by importing these values and verifying that the same be checked by importing these values and verifying that the same
outputs are produced. outputs are produced.
2. Private Keys 2. Private Keys
Ephemeral private keys are shown as they are generated in the traces. Ephemeral private keys are shown as they are generated in the traces.
The server in most examples uses an RSA certificate with a private The server in most examples uses an RSA certificate with a private
key of: key of:
modulus (public): b4bb498f8279303d 980836399b36c698 8c0c68de55e1bdb8 modulus (public): b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c
26d3901a2461eafd 2de49a91d015abbc 9a95137ace6c1af1 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab
9eaa6af98c7ced43 120998e187a80ee0 ccb0524b1b018c3e bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87
0b63264d449a6d38 e22a5fda43084674 8030530ef0461c8c a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f
a9d9efbfae8ea6d1 d03e2bd193eff0ab 9a8002c47428a6d3 da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0
5a8d88d79f7f1e3f 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e
3f
public exponent: 010001 public exponent: 01 00 01
private exponent: 04dea705d43a6ea7 209dd8072111a83c 81e322a59278b334 private exponent: 04 de a7 05 d4 3a 6e a7 20 9d d8 07 21 11 a8 3c 81
80641eaf7c0a6985 b8e31c44f6de62e1 b4c2309f6126e77b e3 22 a5 92 78 b3 34 80 64 1e af 7c 0a 69 85 b8 e3 1c 44 f6 de 62
7c41e923314bbfa3 881305dc1217f16c 819ce538e922f369 e1 b4 c2 30 9f 61 26 e7 7b 7c 41 e9 23 31 4b bf a3 88 13 05 dc 12
828d0e57195d8c84 88460207b2faa726 bcf708bbd7db7f67 17 f1 6c 81 9c e5 38 e9 22 f3 69 82 8d 0e 57 19 5d 8c 84 88 46 02
9f893492fc2a622e 08970aac441ce4e0 c3088df25ae67923 07 b2 fa a7 26 bc f7 08 bb d7 db 7f 67 9f 89 34 92 fc 2a 62 2e 08
3df8a3bda2ff9941 97 0a ac 44 1c e4 e0 c3 08 8d f2 5a e6 79 23 3d f8 a3 bd a2 ff 99
41
prime1: e435fb7cc8373775 6dacea96ab7f59a2 cc1069db7deb190e prime1: e4 35 fb 7c c8 37 37 75 6d ac ea 96 ab 7f 59 a2 cc 10 69 db
17e33a532b273f30 a327aa0aaabc58cd 67466af9845fadc6 7d eb 19 0e 17 e3 3a 53 2b 27 3f 30 a3 27 aa 0a aa bc 58 cd 67 46
75fe094af92c4bd1 f2c1bc33dd2e0515 6a f9 84 5f ad c6 75 fe 09 4a f9 2c 4b d1 f2 c1 bc 33 dd 2e 05 15
prime2: cabd3bc0e0438664 c8d4cc9f99977a94 d9bbfead8e43870a prime2: ca bd 3b c0 e0 43 86 64 c8 d4 cc 9f 99 97 7a 94 d9 bb fe ad
bae3f7eb8b4e0eee 8af1d9b4719ba619 6cf2cbbaeeebf8b3 8e 43 87 0a ba e3 f7 eb 8b 4e 0e ee 8a f1 d9 b4 71 9b a6 19 6c f2
490afe9e9ffa74a8 8aa51fc645629303 cb ba ee eb f8 b3 49 0a fe 9e 9f fa 74 a8 8a a5 1f c6 45 62 93 03
exponent1: 3f57345c27fe1b68 7e6e761627b78b1b 826433dd760fa0be exponent1: 3f 57 34 5c 27 fe 1b 68 7e 6e 76 16 27 b7 8b 1b 82 64 33
a6a6acf39490aa1b 47cda4869d68f584 dd5b5029bd32093b dd 76 0f a0 be a6 a6 ac f3 94 90 aa 1b 47 cd a4 86 9d 68 f5 84 dd
8258661fe715025e 5d70a45a08d3d319 5b 50 29 bd 32 09 3b 82 58 66 1f e7 15 02 5e 5d 70 a4 5a 08 d3 d3
19
exponent2: 183da01363bd2f28 85cacbdc9964bf47 64f1517636f86401 exponent2: 18 3d a0 13 63 bd 2f 28 85 ca cb dc 99 64 bf 47 64 f1 51
286f71893c52ccfe 40a6c23d0d086b47 c6fb10d8fd1041e0 76 36 f8 64 01 28 6f 71 89 3c 52 cc fe 40 a6 c2 3d 0d 08 6b 47 c6
4def7e9a40ce957c 417794e10412d139 fb 10 d8 fd 10 41 e0 4d ef 7e 9a 40 ce 95 7c 41 77 94 e1 04 12 d1
39
coefficient: 839ca9a085e4286b 2c90e466997a2c68 1f21339aa3477814 coefficient: 83 9c a9 a0 85 e4 28 6b 2c 90 e4 66 99 7a 2c 68 1f 21
e4dec11833050ed5 0dd13cc038048a43 c59b2acc416889c0 33 9a a3 47 78 14 e4 de c1 18 33 05 0e d5 0d d1 3c c0 38 04 8a 43
37665fe5afa60596 9f8c01dfa5ca969d c5 9b 2a cc 41 68 89 c0 37 66 5f e5 af a6 05 96 9f 8c 01 df a5 ca
96 9d
3. Simple 1-RTT Handshake 3. Simple 1-RTT Handshake
In this example, the simplest possible handshake is completed. The In this example, the simplest possible handshake is completed. The
server is authenticated, but the client remains anonymous. After server is authenticated, but the client remains anonymous. After
connecting, a few application data octets are exchanged. The server connecting, a few application data octets are exchanged. The server
sends a session ticket that permits the use of 0-RTT in any resumed sends a session ticket that permits the use of 0-RTT in any resumed
session. session.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 304546ef3c866b23 cc42b5e95282e5df private key (32 octets): b1 6a 3c 97 a7 19 0b ec c4 00 2a 2f be
16ab583ffd142c40 743dd4f306e67220 80 40 b5 99 45 df 0b bd 0c e1 ba db f4 aa 6d 4f 0f a1 9e
public key (32 octets): da6a859ad6d2dbb5 1124fbfe6baff63d public key (32 octets): 78 e5 89 74 13 f1 71 53 c7 0c f3 3f a3 4c
8f14365ec990d575 761e4a6164978d31 84 97 72 4b da b4 f5 7f 9d 01 c9 53 f5 88 f0 30 46 61
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (512 octets): 010001fc0303af21 156b04db639e6615 payload (190 octets): 01 00 00 ba 03 03 c4 e2 ea b7 cc 4b bb 43
4a1fe5adfaeadf9e 413416000d57b8e1 126d4d119a8b0000 7d fa b4 7c a5 6a f8 a0 db 07 2b 90 e5 36 f9 c4 a4 9f ac 89 84
3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 9c 10 b2 00 00 06 13 01 13 03 13 02 01 00 00 8b 00 00 00 0b 00
27c014009eccaa00 3300320067003900 38006b0016001300 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
9c002f003c003500 3d000a0005000401 0001950000000b00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 23 00
0900000673657276 6572ff0100010000 0a00140012001d00 00 00 28 00 26 00 24 00 1d 00 20 78 e5 89 74 13 f1 71 53 c7 0c
1700180019010001 0101020103010400 0b00020100002300 f3 3f a3 4c 84 97 72 4b da b4 f5 7f 9d 01 c9 53 f5 88 f0 30 46
0000280026002400 1d0020da6a859ad6 d2dbb51124fbfe6b 61 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02
aff63d8f14365ec9 90d575761e4a6164 978d31002b000706 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
7f1503030302000d 0020001e04030503 0603020308040805 02 02 00 2d 00 02 01 01
0806040105010601 0201040205020602 0202002d00020101
001500fc00000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000
ciphertext (517 octets): 1603010200010001 fc0303af21156b04 ciphertext (195 octets): 16 03 01 00 be 01 00 00 ba 03 03 c4 e2
db639e66154a1fe5 adfaeadf9e413416 000d57b8e1126d4d ea b7 cc 4b bb 43 7d fa b4 7c a5 6a f8 a0 db 07 2b 90 e5 36 f9
119a8b00003e1301 13031302c02bc02f cca9cca8c00ac009 c4 a4 9f ac 89 84 9c 10 b2 00 00 06 13 01 13 03 13 02 01 00 00
c013c023c027c014 009eccaa00330032 006700390038006b 8b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00160013009c002f 003c0035003d000a 0005000401000195 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
0000000b00090000 06736572766572ff 01000100000a0014 03 01 04 00 23 00 00 00 28 00 26 00 24 00 1d 00 20 78 e5 89 74
0012001d00170018 0019010001010102 01030104000b0002 13 f1 71 53 c7 0c f3 3f a3 4c 84 97 72 4b da b4 f5 7f 9d 01 c9
0100002300000028 00260024001d0020 da6a859ad6d2dbb5 53 f5 88 f0 30 46 61 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04
1124fbfe6baff63d 8f14365ec990d575 761e4a6164978d31 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
002b0007067f1503 030302000d002000 1e04030503060302 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
0308040805080604 0105010601020104 0205020602020200
2d00020101001500 fc00000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000000000
0000000000000000 0000000000000000 0000000000
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 0000000000000000 0000000000000000 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
10adf300aa1f2660 e1b22e10f170f92a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 909afec864953420 8dba128dead0445f private key (32 octets): 20 eb 30 48 af fc bf 2b ff 56 df b5 1e
7ddb7104fcad53cf 4252e78111b042b8 93 4d 78 a0 f5 d2 38 29 41 70 b1 0e ea 18 31 69 68 8b 65
public key (32 octets): 9d1bfe8053046d2d bd8e0e6221dad115 public key (32 octets): ee 31 96 ca 63 98 21 a1 7b 51 68 ab 61 0d
87584713c8cf4970 74d9d26d067c432f 70 57 d2 b2 50 84 89 1f 87 ef 26 cf 0c 26 84 e5 d6 7e
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10adf300aa1f2660 e1b22e10f170f92a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
16c076189c48250c ebeac3576c3611ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16c076189c48250c ebeac3576c3611ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): f677c3cdac26a755 455b130efa9b1a3f ikm (32 octets): 61 d3 4a ad f2 5e 22 3a 2c e6 fb 59 f8 a0 f9 d1
3cafb153544ca46a ddf670df199d996e d7 5f 18 87 df b0 6c 0f ff f8 47 6d c3 c5 0f 47
secret (32 octets): 0cefce00d5d29fd0 9f5de36c86fc8e72 secret (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54
99b4ad11ba4211c6 7063c2cc539fc4f9 7f dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 0cefce00d5d29fd0 9f5de36c86fc8e72 PRK (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 7f
99b4ad11ba4211c6 7063c2cc539fc4f9 dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6
hash (32 octets): 8ac51822361c5963 2de3c6b259e5808c hash (32 octets): 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80 94
e52b8278a6493de2 a976f441abbadc8c 22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69
info (54 octets): 002012746c733133 2063206873207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
6166666963208ac5 1822361c59632de3 c6b259e5808ce52b 61 66 66 69 63 20 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80
8278a6493de2a976 f441abbadc8c 94 22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69
output (32 octets): 5a63db760b817b1b da96e72832333aec output (32 octets): 40 2b 60 6f 3c b0 c8 5b 6d bf fb fd a9 df 79
6a177deeadb5b407 501ac10c17dac0a4 14 58 4a 0e b9 21 1b b5 e9 0b a4 81 f2 5c 4b 94 e2
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 0cefce00d5d29fd0 9f5de36c86fc8e72 PRK (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 7f
99b4ad11ba4211c6 7063c2cc539fc4f9 dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6
hash (32 octets): 8ac51822361c5963 2de3c6b259e5808c hash (32 octets): 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80 94
e52b8278a6493de2 a976f441abbadc8c 22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69
info (54 octets): 002012746c733133 2073206873207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
6166666963208ac5 1822361c59632de3 c6b259e5808ce52b 61 66 66 69 63 20 2a 63 e9 0b 84 e5 c9 79 80 56 98 41 19 3b 80
8278a6493de2a976 f441abbadc8c 94 22 19 36 52 19 ad 23 90 b6 80 64 c2 ae bb 09 69
output (32 octets): 3aa72a3c77b791e8 f4de243f9ccce172 output (32 octets): a2 c1 53 5b 55 26 42 8b 49 cb e6 cc 3c 19 23
941f8392aeb05429 320f4b572ccfe744 7c 37 4e 94 db 25 6c 96 4d 4d 13 76 a9 de 1a c5 12
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 0cefce00d5d29fd0 9f5de36c86fc8e72 PRK (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54 7f
99b4ad11ba4211c6 7063c2cc539fc4f9 dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 32cadf38f3089048 5c54bf4f1184eaa5 output (32 octets): 44 50 97 b3 09 4b 9c e8 35 af 72 02 5d 0f d3
569eeef15a43f3c7 6ab33965a47c9ff6 80 ae 2b ae 88 06 08 f6 b2 b9 92 42 92 eb 04 71 d1
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 32cadf38f3089048 5c54bf4f1184eaa5 salt (32 octets): 44 50 97 b3 09 4b 9c e8 35 af 72 02 5d 0f d3 80
569eeef15a43f3c7 6ab33965a47c9ff6 ae 2b ae 88 06 08 f6 b2 b9 92 42 92 eb 04 71 d1
ikm (32 octets): 0000000000000000 0000000000000000 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 6c6d4b3e7c925460 82d7b7a32f6ce219 secret (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a
3804f1bb930fed74 5c6b93c71397f424 1f a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7
{server} send handshake record: {server} send handshake record:
payload (82 octets): 0200004e7f15deac 631669eaf28c6b12 payload (90 octets): 02 00 00 56 03 03 8e 58 c0 e7 0c 99 2d 7f fc
8b2091d36441e618 964dd8f0ec812e31 cda7aec1d0c11301 80 98 eb dc 67 ba 85 05 e4 2e 44 05 bf 77 23 95 49 24 7a b2 ba
002800280024001d 00209d1bfe805304 6d2dbd8e0e6221da 20 3c 00 13 01 00 00 2e 00 28 00 24 00 1d 00 20 ee 31 96 ca 63
d11587584713c8cf 497074d9d26d067c 432f 98 21 a1 7b 51 68 ab 61 0d 70 57 d2 b2 50 84 89 1f 87 ef 26 cf
0c 26 84 e5 d6 7e 00 2b 00 02 7f 16
ciphertext (87 octets): 1603010052020000 4e7f15deac631669
eaf28c6b128b2091 d36441e618964dd8 f0ec812e31cda7ae
c1d0c11301002800 280024001d00209d 1bfe8053046d2dbd
8e0e6221dad11587 584713c8cf497074 d9d26d067c432f
{server} derive write traffic keys for handshake data:
PRK (32 octets): 3aa72a3c77b791e8 f4de243f9ccce172
941f8392aeb05429 320f4b572ccfe744
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 5727465c1d8af9bd dbbaa81aafe54bfb
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 409072c6da71d076 947e7663 ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 8e 58 c0
e7 0c 99 2d 7f fc 80 98 eb dc 67 ba 85 05 e4 2e 44 05 bf 77 23
95 49 24 7a b2 ba 20 3c 00 13 01 00 00 2e 00 28 00 24 00 1d 00
20 ee 31 96 ca 63 98 21 a1 7b 51 68 ab 61 0d 70 57 d2 b2 50 84
89 1f 87 ef 26 cf 0c 26 84 e5 d6 7e 00 2b 00 02 7f 16
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 3aa72a3c77b791e8 f4de243f9ccce172 PRK (32 octets): a2 c1 53 5b 55 26 42 8b 49 cb e6 cc 3c 19 23 7c
941f8392aeb05429 320f4b572ccfe744 37 4e 94 db 25 6c 96 4d 4d 13 76 a9 de 1a c5 12
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): ee38546c6bd4e25a a7fc5c157b096921 output (32 octets): d2 7d 01 ab e2 d9 d6 68 98 dc 10 f8 5d 92 2f
977fa8de266e7284 3a1fddc6783a0d30 d6 ff f5 1d b8 80 f4 af 64 52 b7 1c 05 c3 fc 42 67
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (651 octets): 0800001e001c000a 00140012001d0017 payload (651 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
0018001901000101 0102010301040000 00000b0001b90000 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0b
01b50001b0308201 ac30820115a00302 0102020102300d06 00 01 b9 00 00 01 b5 00 01 b0 30 82 01 ac 30 82 01 15 a0 03 02
092a864886f70d01 010b0500300e310c 300a060355040313 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30
03727361301e170d 3136303733303031 323335395a170d32 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61 30 1e 17 0d 31 36
3630373330303132 3335395a300e310c 300a060355040313 30 37 33 30 30 31 32 33 35 39 5a 17 0d 32 36 30 37 33 30 30 31
0372736130819f30 0d06092a864886f7 0d01010105000381 32 33 35 39 5a 30 0e 31 0c 30 0a 06 03 55 04 03 13 03 72 73 61
8d00308189028181 00b4bb498f827930 3d980836399b36c6 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d
988c0c68de55e1bd b826d3901a2461ea fd2de49a91d015ab 00 30 81 89 02 81 81 00 b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b
bc9a95137ace6c1a f19eaa6af98c7ced 43120998e187a80e 36 c6 98 8c 0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4
e0ccb0524b1b018c 3e0b63264d449a6d 38e22a5fda430846 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed
748030530ef0461c 8ca9d9efbfae8ea6 d1d03e2bd193eff0 43 12 09 98 e1 87 a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d
ab9a8002c47428a6 d35a8d88d79f7f1e 3f0203010001a31a 44 9a 6d 38 e2 2a 5f da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9
301830090603551d 1304023000300b06 03551d0f04040302 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28
05a0300d06092a86 4886f70d01010b05 000381810085aad2 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03 01 00 01 a3 1a 30 18 30 09
a0e5b9276b908c65 f73a7267170618a5 4c5f8a7b337d2df7 06 03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05
a594365417f2eae8 f8a58c8f8172f931 9cf36b7fd6c55b80 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 85
f21a030151567260 96fd335e5e67f2db f102702e608ccae6 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a 72 67 17 06 18 a5 4c 5f 8a
bec1fc63a42a99be 5c3eb7107c3c54e9 b9eb2bd5203b1c3b 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea e8 f8 a5 8c 8f 81 72 f9 31
84e0a8b2f759409b a3eac9d91d402dcc 0cc8f8961229ac91 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01 51 56 72 60 96 fd 33 5e 5e
87b42b4de100000f 0000840804008076 f2f558b47d45ec60 67 f2 db f1 02 70 2e 60 8c ca e6 be c1 fc 63 a4 2a 99 be 5c 3e
40fd4ee50601123a 0d4a3d324428242a 743355c726007d3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b 1c 3b 84 e0 a8 b2 f7 59 40
6d85e77411de68bf 0f97e9e869a4b00e ec8130ccb5c797b8 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8 96 12 29 ac 91 87 b4 2b 4d
73294548dc615ee6 7f8e37b5025b7625 0b00394492bf676d e1 00 00 0f 00 00 84 08 04 00 80 35 dc 65 98 6e 5d 7a 91 25 7a
2cf1dc7122620e6c cf5435424e8658b1 c64200a87126d9f8 91 01 85 5d 87 54 9c 1b 0d 19 6b 6c 19 da a2 67 38 30 ff 73 a4
1fdd9657045a023f 91ea50e76d4465ab 67813911f3a76614 51 ab 79 48 55 ca c3 40 e8 48 fd 10 5a 96 ed b4 23 48 99 8c d9
000020c4d8789445 942fdc425d1c08fd c0e81ee90794595c ac 0d f6 63 d8 92 7e 88 67 25 57 0a 41 52 28 af 19 67 a2 2d 9b
82e340874c019a73 9a7b22 4d 36 7b b0 90 e4 f0 76 ea 5f a4 7d c5 7c ac 77 cb e6 21 7f 3e
fa 6f 10 53 12 9e b9 1a cb 05 48 c6 38 16 89 8d 36 79 8d 6a c0
38 89 c4 13 c9 27 de df f9 39 d0 58 8c 14 00 00 20 4a 81 42 ca
b4 49 41 89 68 94 06 27 07 e6 92 d6 32 a8 6a 12 4c be 2a 81 6b
3d ef a1 b3 15 40 db
ciphertext (673 octets): 170301029cd612d0 b9706b733ac1708a ciphertext (673 octets): 17 03 03 02 9c 6f 0c 3d 25 89 2d 11 1b
fcac1aeec92415c3 7e1c55167e267326 26ef7e4d3e266651 9e 10 b7 bf 9e cb 09 ec 5e 87 75 53 b3 15 3e b9 80 12 4c 44 59
d1179df924b6c2d2 76eddc07880ff0a8 23925d9d60efffc1 58 b1 71 01 41 8b 00 d8 f0 2f af cc 55 ba 06 25 88 ba 53 0e f0
3b3d5acce6c1e8e1 34aab30052cdabfc f54331057918d2fd 9a 8f b4 c7 d6 de 1f 8b 7e b8 d8 b6 d2 1e 01 34 a9 75 74 ae 71
e22bc67b78b5e2fb e9853fe57aad1319 7f9d22767f6fd6fa 2d 5c b6 c1 5d 19 b3 47 c7 8a 88 4a 71 ff b8 c2 e7 60 02 22 16
f82e4c198641fa7e bf6425222d08c310 67a4641ef3e29a7f a7 93 8f 10 81 8c 3f 81 16 b4 5a 39 79 d0 9d 72 52 e3 b4 4f 10
99f704b2ea451b54 e33e1d7749b15ec4 49556d90645a1803 ae 68 f5 a6 1b 31 d8 e0 b4 15 f8 09 7d d5 14 f1 ba d1 49 dc bc
f3d87dc4b5753556 e5ff1970521f75c5 db3fe7f621c2b47e e5 cb 35 48 55 f6 1d 56 08 c7 b9 d5 85 9a d9 f4 e2 02 84 45 5d
6e5519ab4d7363a1 f7da6f35a9f3587d b3d57ee89a8f24f7 9d ab 37 d5 6e 09 5e bd 88 68 89 a2 36 3f c9 7b 16 62 06 63 7c
ba9678a5466497bb 476091cec490a450 b33fdb4978a8fae4 ca 01 ab 37 7e 9d 3f 3d 06 4f 6a fc 87 22 1a bf e6 d5 23 27 e9
18f408e3c9e0992a 274eb6718106c4dc 351b8a6b7435ac8b 96 91 6e d4 a3 ed 24 9d 5e 71 04 44 dc 78 64 e4 31 6d a8 01 83
2214e194e5edfeff d4a59a2056d6a45c 8f177f39b2b39dcd b0 cc 0c 3b 38 0a 0a 87 a8 36 17 13 86 c7 f1 b8 db 0b 15 30 a4
d9813c1fea04e757 6e7a1f5e218bcf8f fbb981e36006dd0b 39 6c 1a d4 53 2a 60 7a 55 31 90 63 83 f7 bb 9c cc 20 da a8 ec
b6bb22a1c3d4926c 505f74f231934a57 0c12834d0582e1bf 47 af 17 e5 7e d6 fc c5 f0 61 b7 cb 5a 42 6d 96 96 19 3f e4 a5
2ea9c2280da0b4aa 152f7dd12c81fd48 682076ecd1cd47d4 13 56 82 a2 2e 0c 3f a2 26 9f 0a bf c6 31 6a 19 6f e8 7c f8 91
149b6352d0975134 3c6b060a61d30ffa 4f8bd1e8a2ab61ff 29 b7 7c 43 41 ae 6c 12 b6 c5 70 d6 fb b5 46 0f f7 c6 5d a5 80
3e9f965dfcd7d1c4 7edb2eae8ff132dd fc1f7774ac77b56a b1 17 0c 49 12 e4 bd b5 9b 2d 14 f2 7a 05 35 3e 51 d2 18 a3 60
ce0d43b8d1163638 6538ceb695da7af0 91f18236aab74859 15 4c bf 08 f2 9c 64 4b 28 8f 3d 42 4e e8 ea bb f1 26 fd 6b e4
656e54cf53fd9960 064702b81b664518 65cd8e0d7804708c b2 b0 f1 97 5f e4 73 a3 df a8 83 78 bd 5b ea ce ee 52 0e 6e 2d
e842204a3dac91ad 826847ce0c3c3f0d e59392fc3b0bbec0 c7 40 8e 83 8f 34 36 29 c1 a4 a3 dd fa 58 c3 c3 f8 08 5a 79 3a
5878c8f56b68eb50 f62798c86c570f1a d9254fa41b152a77 f2 49 38 3d e5 51 a8 a9 50 4a ea 31 31 28 27 ad d1 0c ed b3 39
6fb17707bfab5ea2 a834e9edd05f6239 204127cc0f5cc18b e4 a2 32 11 85 aa 27 6f 76 2b 0a 6b cd 9e f8 f8 2c 0f de ac 3b
1dae4a070890bdf7 642704b5e9961ff2 6b931d069aeb08dd 60 d6 5d 10 94 99 b9 1f 19 4b 88 4a cd c7 b0 d6 3b 8c f6 f0 d8
385f1997f804375d 238f26a9e8e8f007 47ea85747d7a7c61 cb ab f1 3c a9 96 69 42 e1 6a 3d 75 24 ad f3 3e ee e5 de e8 91
6493bd0eff96c576 87e1b409469c3c7a 0c40a9b5ca1eeafd 6b 57 31 c3 6e 21 1a 2d fb fb 65 60 07 91 3b 51 c5 a0 97 50 df
f1998fbc4a671898 d8b8a37769cc0ecb 6c19f22b87d46968 a9 70 8d 38 e0 a2 0b 5c ee c9 58 4b c7 aa 83 70 94 b9 6e fd 55
b9a4c1b660f39373 ea517cbf401fe5af 0f2cc910e5786af2 b0 7a c3 72 00 42 4c f9 eb 54 2d 53 b5 6e 71 32 33 83 c1 93 f2
50a392038be62b93 46b166dbb91ebe46 579f020b1e75d771 cd f6 22 08 35 48 07 a0 19 3e cd 23 78 ed dd 72 74 27 fe 9d f9
be8ab0dcb7ccce81 48 d0 46 28 b8 9c 38 0b 3b 83 b5 e6 95 cf ba 2d 8d 2f 30 ce 0e 19
17 ee 05 2e 7e c9 4d 4d da 39 b6 93 e0 1e a9 68 ad 95 1d 40 cc
99 66 82 0e 7a 95 ff 17 e0 fd 0b 4d d0 d2 a8 70 d0 b5 ab d9 10
79 5a 3e d7 2d 66 54 ba e0 a7 3a 85 fc dc 9b f8 98 53 82 8c 2c
4e 07 51 be e6 e4 a7 de 11
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 6c6d4b3e7c925460 82d7b7a32f6ce219 PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f
3804f1bb930fed74 5c6b93c71397f424 a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7
hash (32 octets): db04b3cd015fe90a 2eb74533d351ee9c hash (32 octets): ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19
daf0b30a09f68391 f24bf32addd4d037 77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b
info (54 octets): 002012746c733133 2063206170207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
616666696320db04 b3cd015fe90a2eb7 4533d351ee9cdaf0 61 66 66 69 63 20 ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47
b30a09f68391f24b f32addd4d037 19 77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b
output (32 octets): 53b154f7205e2193 3794330173b14118 output (32 octets): 4f c9 93 4a 78 39 af bf b1 ad 4a 09 f9 13 90
bcd02305b39d64b8 e5271737a7402c74 aa 58 f8 16 40 60 8d 63 86 38 78 c0 b9 9f 6c da aa
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 6c6d4b3e7c925460 82d7b7a32f6ce219 PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f
3804f1bb930fed74 5c6b93c71397f424 a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7
hash (32 octets): db04b3cd015fe90a 2eb74533d351ee9c hash (32 octets): ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19
daf0b30a09f68391 f24bf32addd4d037 77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b
info (54 octets): 002012746c733133 2073206170207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
616666696320db04 b3cd015fe90a2eb7 4533d351ee9cdaf0 61 66 66 69 63 20 ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47
b30a09f68391f24b f32addd4d037 19 77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b
output (32 octets): 47603e72ab5a85b4 dc480897acd07e96 output (32 octets): 71 9b 77 1c 5c 65 41 32 a7 25 1f 09 12 92 f7
d18e9db0a931bf75 1650698d6512092d 68 b6 d8 9f af 36 f3 1f 79 44 05 00 fc 16 68 b2 b7
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 6c6d4b3e7c925460 82d7b7a32f6ce219 PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f
3804f1bb930fed74 5c6b93c71397f424 a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7
hash (32 octets): db04b3cd015fe90a 2eb74533d351ee9c
daf0b30a09f68391 f24bf32addd4d037
info (52 octets): 002010746c733133 20657870206d6173
74657220db04b3cd 015fe90a2eb74533 d351ee9cdaf0b30a
09f68391f24bf32a ddd4d037
output (32 octets): acf49197383cc5fb 50fde04f506dfd58
68dc798219f5eedf fd4f3b7eb713b0c9
{server} derive write traffic keys for application data:
PRK (32 octets): 47603e72ab5a85b4 dc480897acd07e96
d18e9db0a931bf75 1650698d6512092d
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 698b2aa36a58ceac 77776dd2513fa7fa
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 7fbff5a2c0ac5bd6 7e2cd759
{server} derive read traffic keys for handshake data:
PRK (32 octets): 5a63db760b817b1b da96e72832333aec
6a177deeadb5b407 501ac10c17dac0a4
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 21103162263e8231 34d6916a82b741c2 hash (32 octets): ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19
77 4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b
iv info (12 octets): 000c08746c733133 20697600 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 ad 7f 35 b9 42 29 61 a5 31 91 f1 be 86 0e 47 19 77
4f e9 ee c7 0e d5 3f 29 fa ec af b1 f2 9c 0b
iv output (12 octets): 0e1be2fa84c0bc3c b6d6afe3 output (32 octets): 9d 07 cc 4a ef bc c1 f1 75 81 54 ac 1a ba 78
8b 0e d5 f3 1b bc 7f a4 ca dd ce 7a 09 7a 3e 25 42
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 0000000000000000 0000000000000000 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
10adf300aa1f2660 e1b22e10f170f92a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10adf300aa1f2660 e1b22e10f170f92a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
16c076189c48250c ebeac3576c3611ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16c076189c48250c ebeac3576c3611ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): f677c3cdac26a755 455b130efa9b1a3f ikm (32 octets): 61 d3 4a ad f2 5e 22 3a 2c e6 fb 59 f8 a0 f9 d1
3cafb153544ca46a ddf670df199d996e d7 5f 18 87 df b0 6c 0f ff f8 47 6d c3 c5 0f 47
secret (32 octets): 0cefce00d5d29fd0 9f5de36c86fc8e72 secret (32 octets): 79 07 c2 82 34 f1 6c a8 71 a4 6b eb 25 da 54
99b4ad11ba4211c6 7063c2cc539fc4f9 7f dc 8a ab 96 d1 4e ef f8 0f 5b 12 f9 ad 8a c9 d6
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 3aa72a3c77b791e8 f4de243f9ccce172
941f8392aeb05429 320f4b572ccfe744
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 5727465c1d8af9bd dbbaa81aafe54bfb
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 409072c6da71d076 947e7663
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} derive write traffic keys for handshake data (same as
server read traffic keys)
{client} derive read traffic keys for application data (same as
server write traffic keys)
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 5a63db760b817b1b da96e72832333aec PRK (32 octets): 40 2b 60 6f 3c b0 c8 5b 6d bf fb fd a9 df 79 14
6a177deeadb5b407 501ac10c17dac0a4 58 4a 0e b9 21 1b b5 e9 0b a4 81 f2 5c 4b 94 e2
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): f8acf5aead23c230 5706ce75da058ecb output (32 octets): 47 af c3 66 da 4c 2d 41 64 19 fe c6 f7 af f1
f9393fd656dfb95f db225f9990d4732d 3c 58 9b 56 a2 6a da e0 b6 f3 7a 8d f5 2e a1 d9 33
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14000020eb376f20 1f8bb90bb787263c payload (36 octets): 14 00 00 20 3a d4 3d b6 d0 42 77 0c 3f 79 f7
1dac3472ba34a499 d547793c15f6f812 5a16d2b8 a9 1a cc 0a 41 1f 1b 92 21 f0 3f 9d 2a 6b 92 c4 d1 54 51 19 ed
ciphertext (58 octets): 1703010035f879b9 6aca6de41e53173a
55015f7810bdd941 5ac444002b5d7d19 a221fee902124509
5a56aa57d42966b0 17e0fcbaa53027d5 ba2e
{client} derive write traffic keys for application data:
PRK (32 octets): 53b154f7205e2193 3794330173b14118
bcd02305b39d64b8 e5271737a7402c74
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 459caa9e3914221d 39cc67ae65f9941e
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 54123c2ec7106081 0086c391 ciphertext (58 octets): 17 03 03 00 35 32 d7 1d 7f 1b 8e f2 da f3
58 4c 6c 09 c7 4a ed 85 6e 75 59 4e 6f 14 67 4c d9 48 f2 69 ab
c1 cc 0e b7 bb 10 45 51 78 88 83 8f 51 34 75 a2 59 ef 80 9b 0f
94 1f
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 6c6d4b3e7c925460 82d7b7a32f6ce219 PRK (32 octets): 23 07 37 68 ca 09 44 ef de d6 a1 fd 17 3e 7a 1f
3804f1bb930fed74 5c6b93c71397f424 a7 51 b2 1b 6b f2 07 66 1c b2 94 bc 29 f4 49 c7
hash (32 octets): e170b2cab483b329 c049e0d66646f247 hash (32 octets): 2d eb 11 8e 31 f3 d3 8b 38 de 1f cc 26 46 d2 21
306b56e0a03c93bb c14254b8e075924a ac e6 1f 97 fa 79 75 92 23 7a 65 9c 2b 6b 93 51
info (52 octets): 002010746c733133 20726573206d6173 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74657220e170b2ca b483b329c049e0d6 6646f247306b56e0 74 65 72 20 2d eb 11 8e 31 f3 d3 8b 38 de 1f cc 26 46 d2 21 ac
a03c93bbc14254b8 e075924a e6 1f 97 fa 79 75 92 23 7a 65 9c 2b 6b 93 51
output (32 octets): 1b587a5b2c24f03f d2e2529df1d5f62a output (32 octets): ba dd 11 ad f0 7b 59 f9 d1 90 56 1e 4e 69 d6
d596b014279608a4 ed4f980662fc326e 5d 2d 0c cc 92 3b 08 4a cd 70 6e 00 cd 54 e6 5b 70
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{server} generate resumption secret "tls13 resumption": {server} generate resumption secret "tls13 resumption":
PRK (32 octets): 1b587a5b2c24f03f d2e2529df1d5f62a PRK (32 octets): ba dd 11 ad f0 7b 59 f9 d1 90 56 1e 4e 69 d6 5d
d596b014279608a4 ed4f980662fc326e 2d 0c cc 92 3b 08 4a cd 70 6e 00 cd 54 e6 5b 70
hash (2 octets): 0000 hash (2 octets): 00 00
info (22 octets): 002010746c733133 20726573756d7074 696f6e020000 info (22 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 75 6d 70 74
69 6f 6e 02 00 00
output (32 octets): 581e8e76ee4b9f04 78d727da6d02e506 output (32 octets): 20 b3 ed 07 48 14 86 03 09 cd 47 fb 81 0b 36
02fe2168784575ed 7332b11fd4db81fc 9c f1 86 b7 09 7c b7 76 ff 57 f8 a7 ce 12 18 fa fa
{server} send a NewSessionTicket handshake message {server} send a NewSessionTicket handshake message
{server} send handshake record: {server} send handshake record:
payload (189 octets): 040000b90000001e 1386bfb902000000 payload (205 octets): 04 00 00 c9 00 00 00 1e 1a 46 fe 8d 02 00
a27bf25dc52d2052 79d8e53986000000 00c231b586206110 00 00 b2 f7 34 a8 af 18 42 36 ce f0 ae ea b1 00 00 00 00 68 2d
73b1d40d9b8563f3 7900606f87d2f38d 405738e271331b9a 66 eb 29 13 c9 eb 94 c6 9a 57 51 5d df 2f 00 70 c2 f3 4f 9b 2e
c650572a63fff310 b39620685bad0483 0fb5faa414454633 d5 a5 30 91 16 c9 d7 4f ca eb 2b f8 87 51 9a a5 5a 7c 83 ff 27
af500abb4a25c93e f991bf62fb6629a7 ffab70db6eeff17b fd c3 72 ba ec 38 7d be 58 8e d6 27 4b 1f f5 13 6c eb 68 ea 4a
2ebf1098593f9935 858b4d5764ac3469 c5ada81bc5c527a1 39 ce 79 08 7c 6e 75 42 b4 9c 7c 0e 4b 97 fc 2a 29 73 27 71 8b
10e9f571647fb1f0 bf436ea8c78718f3 82390bc7ae979b1b 29 bf 63 6a dd 4e 6b 46 a4 1d f2 3f 45 01 28 80 20 b2 6c e5 75
03898c946776de01 96c2c473d1f6dee8 714e310008002a00 0400000400 d4 c9 f1 87 eb e5 48 07 1b 51 19 8c 4b 10 f9 4c f7 ce 94 aa 08
17 a7 2a a8 86 64 63 d9 d7 7f 9c db 81 e6 27 82 c1 33 2e 22 0c
55 2c dc 44 48 4b e7 ee f7 64 3d c3 8d 00 08 00 2a 00 04 00 00
04 00
ciphertext (211 octets): 17030100cea307cb 4a28329dbf6879ee ciphertext (227 octets): 17 03 03 00 de ce 84 1b 08 4c ba 5c 21
56d1cb4e0055f889 169b3a04ee050225 69c1ad70115dc655 cd 70 f7 30 28 18 7c c9 a0 e9 e5 b8 88 f8 d0 ca 5a f7 7d df 96
7802c91832e6e5ef b69c65050f06d189 1692561d4ece8d10 eb cd fd 1e 70 c6 8b a2 44 a9 64 3d c8 c2 b3 9c 93 3d 0e a9 1a
813bf7a3ea3fb430 cbb36ba1a1d71276 d405a8dd0fef782b 8d 7a 35 df db 3d c3 45 57 bb eb e8 0c a4 0b 64 b8 45 cd 04 b2
402a8875245eda0b bd548b61639ba45b 9c63689104432850 18 2e 73 59 f5 53 60 0b 1b 1f 8a c1 29 fd 3c f5 eb 79 91 3a e4
f4c7a8a76a2d13a9 746a424a65730fd1 7ab97f3488d93ab4 27 02 a3 10 a7 17 5d e1 15 c7 fd 77 00 06 54 2d cf 8a 7a 94 53
ebdc0f9f8b317855 1faf72ca05f705dd 901815887a0f7f6f 8d 96 d9 71 72 02 28 4b ed af f5 ff ec a0 23 10 92 12 3e a6 b0
7062a3802259d9f2 7bb30b6875be1743 54d6fa59adf24a6b bc 12 99 ae c3 a9 8c 44 27 e4 35 7c 38 16 d0 a6 c5 d0 93 aa d5
85c5415d46173c85 5aaf0dc06296099f c6daa0164ef2848c 2219ae 9c 09 5c 99 76 91 b5 88 cc 3c 10 8e 95 d7 f8 39 f9 ec 2c a5 18
2c 80 53 12 a1 c2 d0 32 88 80 97 c1 4e 38 5a 3c c5 e9 37 0e b6
49 08 05 4b 52 64 4e 35 09 2a 34 4a 74 77 b8 bb be fb 22 a8 ff
c3 9e 84 ac
{client} generate resumption secret "tls13 resumption" (same as
server)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 0001020304050607 08090a0b0c0d0e0f payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
1011121314151617 18191a1b1c1d1e1f 2021222324252627 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
28292a2b2c2d2e2f 3031 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 17030100432e3b59 0791333db65b5632 ciphertext (72 octets): 17 03 03 00 43 18 8a fa 7b 29 8e 8d ef c3
d4c9c7e066120216 08680e714177b07f 06500f28f27617d8 eb 5e f8 2f dc 60 92 3b b5 5c ca 31 a5 64 63 df ec 71 7a aa 99
a92a52ec167530f4 ee7262e40127b997 5c26499c23d8bf6e 77 9c c6 1f bf ca 90 73 b9 95 51 73 a0 b7 1c 1b f2 b9 2d b0 60
713c4b0c126733bf 73 e9 65 5b 64 3e 12 ef 76 d8 c8 86 91 12 aa 35
{server} send application_data record: {server} send application_data record:
payload (50 octets): 0001020304050607 08090a0b0c0d0e0f payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
1011121314151617 18191a1b1c1d1e1f 2021222324252627 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
28292a2b2c2d2e2f 3031 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 1703010043b7a6f5 f971aee65e5386b4
18f1533c8de304b6 bb58fed0062ca441 d49ea52e219f9c0f
10fade977cf7ce2a 0e6c9a46ca1b2b72 3b843dc8c630db6e
64cdb1c27979b6f4
{client} generate resumption secret "tls13 resumption" (same as ciphertext (72 octets): 17 03 03 00 43 d8 27 0a 4b 0b a6 c0 74 c3
server) 83 0b 15 58 a1 cb 89 13 e2 21 d7 08 33 ee 02 74 58 e2 46 11 a0
d4 7f 9c d3 bd 66 ce 03 13 db 71 8e e4 d0 ef bc 3f 8a 4d 7e 35
04 3c 46 48 40 d8 7d eb 66 b7 7d 40 df 36 aa 7d
{client} send alert record: {client} send alert record:
payload (2 octets): 0100 payload (2 octets): 01 00
ciphertext (24 octets): 170301001367bb58 666bd833b0f3a2fc ciphertext (24 octets): 17 03 03 00 13 d5 92 9a 67 ba 50 4f 19 3a
fbb27c1353a50493 59 7d 3a ab 2d c3 f9 04 12 7d
{server} send alert record: {server} send alert record:
payload (2 octets): 0100 payload (2 octets): 01 00
ciphertext (24 octets): 1703010013ae58fd 7ad77fcc262cdbe7 ciphertext (24 octets): 17 03 03 00 13 69 ed b3 40 6d 1e 57 51 97
a3088d493655a29e 75 4a c9 27 19 e0 5d 71 18 67
4. Resumed 0-RTT Handshake 4. Resumed 0-RTT Handshake
This handshake resumes from the handshake in Section 3. Since the This handshake resumes from the handshake in Section 3. Since the
server provided a session ticket that permitted 0-RTT, and the client server provided a session ticket that permitted 0-RTT, and the client
is configured for 0-RTT, the client is able to send 0-RTT data. is configured for 0-RTT, the client is able to send 0-RTT data.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 8da37c24d5e27c29 c76f3c787f43cfb3 private key (32 octets): 25 ee 23 7a 20 17 98 ee e8 7f 37 60 53
45e6d8bab793f6f7 50fec63df70f9502 e1 28 50 9a be 65 e7 87 34 4f f2 b9 ff 9d 04 fd 13 8a fa
public key (32 octets): 4707fcfb129e989d 42c0083f74f3efdf public key (32 octets): fa 5d e3 00 e6 9f 05 d6 19 a4 28 fc fb 02
1e73da08eb317ebc 2d3ce687957e060f 88 b5 57 b6 40 6a 26 fc 51 13 c0 4e 4a 3c 86 9a 44 14
{client} extract secret "early": {client} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 581e8e76ee4b9f04 78d727da6d02e506 ikm (32 octets): 20 b3 ed 07 48 14 86 03 09 cd 47 fb 81 0b 36 9c
02fe2168784575ed 7332b11fd4db81fc f1 86 b7 09 7c b7 76 ff 57 f8 a7 ce 12 18 fa fa
secret (32 octets): 40718b9ebd2b349a 900a2b3742e7a0d2 secret (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc
3f227bee609e9825 4da761f9d145f7cb 0f 52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): e5f760cd1bbab8da 776f4072fc9a9df9 PRK (32 octets): de 0c 49 be 25 cd 0a b1 79 a9 d1 be e0 5a c0 cc
782857770bd141d0 eee570623ec118d9 a0 3d 51 10 4f cc ac db 13 12 b6 35 40 5a db 2c
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): 16be004dc7d281b7 0a71906f294cf508 output (32 octets): e6 12 24 d1 ef b4 01 4b 18 aa e8 db 83 4e 12
2f546f20f6acf9b5 6b43a3da90485020 5b da e8 e8 bf f1 17 2f a6 a8 8c 35 39 77 c6 5a 68
{client} send handshake record: {client} send handshake record:
payload (512 octets): 010001fc03039aa7 6a8dbff0041077bf payload (512 octets): 01 00 01 fc 03 03 f4 74 90 c6 31 61 6b 80
b6ba54cd905c2c88 d89fa2f9f17300dc 2b2282d1245d0000 01 47 e5 62 01 b1 13 6d b0 04 92 f7 e8 d9 56 2a 77 fb f9 77 1d
3e130113031302c0 2bc02fcca9cca8c0 0ac009c013c023c0 8a a4 6c 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
27c014009eccaa00 3300320067003900 38006b0016001300 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
9c002f003c003500 3d000a0005000401 0001950000000b00 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 28 00
0900000673657276 6572ff0100010000 0a00140012001d00 26 00 24 00 1d 00 20 fa 5d e3 00 e6 9f 05 d6 19 a4 28 fc fb 02
1700180019010001 0101020103010400 0b00020100002800 88 b5 57 b6 40 6a 26 fc 51 13 c0 4e 4a 3c 86 9a 44 14 00 2a 00
260024001d002047 07fcfb129e989d42 c0083f74f3efdf1e 00 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02
73da08eb317ebc2d 3ce687957e060f00 2a0000002b000706 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
7f1503030302000d 0020001e04030503 0603020308040805 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00 00 00 00 00 00 00
0806040105010601 0201040205020602 0202002d00020101 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0015002b00000000 0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2900cd00a800a27b f25dc52d205279d8 e5398600000000c2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
31b58620611073b1 d40d9b8563f37900 606f87d2f38d4057 00 29 00 dd 00 b8 00 b2 f7 34 a8 af 18 42 36 ce f0 ae ea b1 00
38e271331b9ac650 572a63fff310b396 20685bad04830fb5 00 00 00 68 2d 66 eb 29 13 c9 eb 94 c6 9a 57 51 5d df 2f 00 70
faa414454633af50 0abb4a25c93ef991 bf62fb6629a7ffab c2 f3 4f 9b 2e d5 a5 30 91 16 c9 d7 4f ca eb 2b f8 87 51 9a a5
70db6eeff17b2ebf 1098593f9935858b 4d5764ac3469c5ad 5a 7c 83 ff 27 fd c3 72 ba ec 38 7d be 58 8e d6 27 4b 1f f5 13
a81bc5c527a110e9 f571647fb1f0bf43 6ea8c78718f38239 6c eb 68 ea 4a 39 ce 79 08 7c 6e 75 42 b4 9c 7c 0e 4b 97 fc 2a
0bc7ae979b1b0389 8c946776de0196c2 c473d1f6dee8714e 29 73 27 71 8b 29 bf 63 6a dd 4e 6b 46 a4 1d f2 3f 45 01 28 80
311386bfbf002120 3ac0405bd6b94bb8 f4759ce048668dee 20 b2 6c e5 75 d4 c9 f1 87 eb e5 48 07 1b 51 19 8c 4b 10 f9 4c
514e4ed62e9dc5f7 37000084cce510a1 f7 ce 94 aa 08 17 a7 2a a8 86 64 63 d9 d7 7f 9c db 81 e6 27 82
c1 33 2e 22 0c 55 2c dc 44 48 4b e7 ee f7 64 3d c3 8d 1a 46 fe
90 00 21 20 34 60 d2 6b d5 55 86 97 91 90 dd 6d 8f 25 3d f3 fa
d7 d1 64 61 28 f3 d9 3d 51 57 21 3b 90 86 b3
ciphertext (517 octets): 1603010200010001 fc03039aa76a8dbf ciphertext (517 octets): 16 03 01 02 00 01 00 01 fc 03 03 f4 74
f0041077bfb6ba54 cd905c2c88d89fa2 f9f17300dc2b2282 90 c6 31 61 6b 80 01 47 e5 62 01 b1 13 6d b0 04 92 f7 e8 d9 56
d1245d00003e1301 13031302c02bc02f cca9cca8c00ac009 2a 77 fb f9 77 1d 8a a4 6c 00 00 06 13 01 13 03 13 02 01 00 01
c013c023c027c014 009eccaa00330032 006700390038006b cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00160013009c002f 003c0035003d000a 0005000401000195 00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
0000000b00090000 06736572766572ff 01000100000a0014 03 01 04 00 28 00 26 00 24 00 1d 00 20 fa 5d e3 00 e6 9f 05 d6
0012001d00170018 0019010001010102 01030104000b0002 19 a4 28 fc fb 02 88 b5 57 b6 40 6a 26 fc 51 13 c0 4e 4a 3c 86
0100002800260024 001d00204707fcfb 129e989d42c0083f 9a 44 14 00 2a 00 00 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04
74f3efdf1e73da08 eb317ebc2d3ce687 957e060f002a0000 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01
002b0007067f1503 030302000d002000 1e04030503060302 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 15 00 5d 00 00 00
0308040805080604 0105010601020104 0205020602020200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2d00020101001500 2b00000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000000002900cd 00a800a27bf25dc5 2d205279d8e53986 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000000c231b586 20611073b1d40d9b 8563f37900606f87 00 00 00 00 00 00 00 29 00 dd 00 b8 00 b2 f7 34 a8 af 18 42 36
d2f38d405738e271 331b9ac650572a63 fff310b39620685b ce f0 ae ea b1 00 00 00 00 68 2d 66 eb 29 13 c9 eb 94 c6 9a 57
ad04830fb5faa414 454633af500abb4a 25c93ef991bf62fb 51 5d df 2f 00 70 c2 f3 4f 9b 2e d5 a5 30 91 16 c9 d7 4f ca eb
6629a7ffab70db6e eff17b2ebf109859 3f9935858b4d5764 2b f8 87 51 9a a5 5a 7c 83 ff 27 fd c3 72 ba ec 38 7d be 58 8e
ac3469c5ada81bc5 c527a110e9f57164 7fb1f0bf436ea8c7 d6 27 4b 1f f5 13 6c eb 68 ea 4a 39 ce 79 08 7c 6e 75 42 b4 9c
8718f382390bc7ae 979b1b03898c9467 76de0196c2c473d1 7c 0e 4b 97 fc 2a 29 73 27 71 8b 29 bf 63 6a dd 4e 6b 46 a4 1d
f6dee8714e311386 bfbf0021203ac040 5bd6b94bb8f4759c f2 3f 45 01 28 80 20 b2 6c e5 75 d4 c9 f1 87 eb e5 48 07 1b 51
e048668dee514e4e d62e9dc5f7370000 84cce510a1 19 8c 4b 10 f9 4c f7 ce 94 aa 08 17 a7 2a a8 86 64 63 d9 d7 7f
9c db 81 e6 27 82 c1 33 2e 22 0c 55 2c dc 44 48 4b e7 ee f7 64
3d c3 8d 1a 46 fe 90 00 21 20 34 60 d2 6b d5 55 86 97 91 90 dd
6d 8f 25 3d f3 fa d7 d1 64 61 28 f3 d9 3d 51 57 21 3b 90 86 b3
{client} derive secret "tls13 c e traffic": {client} derive secret "tls13 c e traffic":
PRK (32 octets): 40718b9ebd2b349a 900a2b3742e7a0d2 PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f
3f227bee609e9825 4da761f9d145f7cb 52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16
hash (32 octets): 4d972fbd827dbe26 746af0014f20f421
1cb6f16cda90f26a fdeac1b81095bbc2
info (53 octets): 002011746c733133 2063206520747261 hash (32 octets): 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 8a
66666963204d972f bd827dbe26746af0 014f20f4211cb6f1 e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a
6cda90f26afdeac1 b81095bbc2
output (32 octets): 12567c821a3a822f 0b5e062b7d7deab4 info (53 octets): 00 20 11 74 6c 73 31 33 20 63 20 65 20 74 72 61
1a7edb836ebb8e65 47cfaf28cd3d23b0 66 66 69 63 20 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 8a
e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a
{client} derive write traffic keys for early application data: output (32 octets): 7b dd 21 10 35 33 b9 d8 2b ae 6c 26 be 3e 78
e9 bd 37 91 42 96 24 db e0 a6 b3 9c e5 bf 69 eb 23
PRK (32 octets): 12567c821a3a822f 0b5e062b7d7deab4 {client} derive secret "tls13 e exp master":
1a7edb836ebb8e65 47cfaf28cd3d23b0
key info (13 octets): 001009746c733133 206b657900 PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f
52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16
key output (16 octets): d260ca7678d4fd53 dce0c09e7d349141 hash (32 octets): 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10 8a
e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a
iv info (12 octets): 000c08746c733133 20697600 info (54 octets): 00 20 12 74 6c 73 31 33 20 65 20 65 78 70 20 6d
61 73 74 65 72 20 89 4e e7 2f 01 a8 67 e9 cc 87 5a 19 44 22 10
8a e9 51 45 f9 43 b0 89 1f 3c ab 07 4f 12 fa c4 0a
iv output (12 octets): 936e9de4fb2b9ca8 acfefc24 output (32 octets): da 05 9b c4 d7 bd 6e 30 45 b3 df d8 ab c8 68
1b 22 47 6f 44 b4 54 22 75 12 af a9 af c0 60 3f c1
{client} send application_data record: {client} send application_data record:
payload (6 octets): 414243444546 payload (6 octets): 41 42 43 44 45 46
ciphertext (28 octets): 170301001713551f 6ab760f07913c0c9 ciphertext (28 octets): 17 03 03 00 17 d8 3a 80 c1 65 49 bf 19 49
b7f44e1a9df88ad9 3025e01b 38 a3 9c c1 54 a1 8b a7 cb bb a7 bf 02 e0
{server} extract secret "early" (same as client) {server} extract secret "early" (same as client)
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} create an ephemeral x25519 key pair: {server} create an ephemeral x25519 key pair:
private key (32 octets): 325497b8ece5b646 c0a841465c720414 private key (32 octets): a3 41 34 2b 44 be 43 fa 13 b5 a2 fa 30
1c3fac2b0fba03c2 1f798774ccd8ba8a 6a d7 24 ef 7f 73 a0 87 ac be 4a 79 10 82 b6 00 cd 08 b5
public key (32 octets): 40ecc2cce32711cc e41494baa7071fb8 public key (32 octets): 66 62 56 0e 42 6c b1 13 d5 63 b1 69 e9 72
3fccf5f18f387422 f3908bc43284e111 b5 c4 81 dd b6 cc f2 a5 79 39 ed d2 4b a9 e9 b6 2f 5f
{server} derive secret "tls13 c e traffic" (same as client) {server} derive secret "tls13 c e traffic" (same as client)
{server} derive secret "tls13 e exp master" (same as client)
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 40718b9ebd2b349a 900a2b3742e7a0d2 PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f
3f227bee609e9825 4da761f9d145f7cb 52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 3f86b90be314a149 af8854fa5c7457e5 output (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e
b814940f059a68f6 58f4f09d5e7811d5 50 f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 3f86b90be314a149 af8854fa5c7457e5 salt (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e 50
b814940f059a68f6 58f4f09d5e7811d5 f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba
ikm (32 octets): 9c9777daeca7583c 81361536a7533e8a ikm (32 octets): ca 49 06 0d 44 b4 58 b8 e2 6f b7 2a 18 6e bc 44
2811abe9a3a2342a d806a04bc4db3635 6b a8 e4 0e 8f b1 39 5c c7 f7 56 59 ee 86 f8 54
secret (32 octets): 735590cdccd25055 6d463feaba32b905 secret (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97
96537834f13d851c dc224338bf3148f4 bb 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 735590cdccd25055 6d463feaba32b905 PRK (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 bb
96537834f13d851c dc224338bf3148f4 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54
hash (32 octets): 1159439062004376 603abad6721bb808 hash (32 octets): ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79 b6
daea34558ebbf936 fa2c8dc05828b392 39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7
info (54 octets): 002012746c733133 2063206873207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
6166666963201159 439062004376603a bad6721bb808daea 61 66 66 69 63 20 ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79
34558ebbf936fa2c 8dc05828b392 b6 39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7
output (32 octets): 28a089b4223c8104 845ff09b7b9e0505 output (32 octets): a2 ba 52 84 b4 0e 7d 65 af af 93 c0 93 06 dd
d6061bdd0ea263a7 40c2bbf5b53d8d44 e4 70 98 a4 ee 28 4c f4 6e 0b 59 09 fe 25 8c a6 4f
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 735590cdccd25055 6d463feaba32b905 PRK (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 bb
96537834f13d851c dc224338bf3148f4 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54
hash (32 octets): 1159439062004376 603abad6721bb808 hash (32 octets): ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79 b6
daea34558ebbf936 fa2c8dc05828b392 39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7
info (54 octets): 002012746c733133 2073206873207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
6166666963201159 439062004376603a bad6721bb808daea 61 66 66 69 63 20 ef 88 42 5a 0d c1 df 66 77 f6 2d de 3e 93 79
34558ebbf936fa2c 8dc05828b392 b6 39 83 b3 a0 89 66 db aa d7 d4 c9 c6 b1 79 b3 b7
output (32 octets): 8115875ae8e698f7 47c3cf569d893ef8 output (32 octets): 58 6f 1a b9 cb 2d 93 70 66 1a 1e 0b c9 fc 8c
7fd6b819c71c9daf 829efe73a33b6e59 39 1a 34 67 b9 9e bd 58 16 c1 8c 46 a5 28 6e 96 77
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 735590cdccd25055 6d463feaba32b905 PRK (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97 bb
96537834f13d851c dc224338bf3148f4 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): ef4b33b2a7895652 b7882b5d4be6abec output (32 octets): 78 31 58 10 11 a6 70 a2 ce 59 0b 80 b8 e5 44
f20c5c49ee18eb05 4dabbf5fe46958fd 12 35 49 d6 bd 44 3c f6 9e 80 e8 0a 7e 38 93 d7 7e
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): ef4b33b2a7895652 b7882b5d4be6abec salt (32 octets): 78 31 58 10 11 a6 70 a2 ce 59 0b 80 b8 e5 44 12
f20c5c49ee18eb05 4dabbf5fe46958fd 35 49 d6 bd 44 3c f6 9e 80 e8 0a 7e 38 93 d7 7e
ikm (32 octets): 0000000000000000 0000000000000000 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 6cfe175844d4b474 fdeb9ef04b2607f7 secret (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6
ca50bc782c804aab 38502015ae8a48c4 d5 c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c
{server} send handshake record: {server} send handshake record:
payload (88 octets): 020000547f158451 4164fe812b870498 payload (96 octets): 02 00 00 5c 03 03 4b 98 9e 4c 47 ca 09 2a 18
b893365b4376cd74 54d12ac987327ce1 670ef1aaaa991301 78 78 ae 45 7f d5 85 6e dc a0 f7 ae cf 00 4e d0 20 3a fe 0d 57
002e002900020000 00280024001d0020 40ecc2cce32711cc e3 86 00 13 01 00 00 34 00 29 00 02 00 00 00 28 00 24 00 1d 00
e41494baa7071fb8 3fccf5f18f387422 f3908bc43284e111 20 66 62 56 0e 42 6c b1 13 d5 63 b1 69 e9 72 b5 c4 81 dd b6 cc
f2 a5 79 39 ed d2 4b a9 e9 b6 2f 5f 00 2b 00 02 7f 16
ciphertext (93 octets): 1603010058020000 547f1584514164fe
812b870498b89336 5b4376cd7454d12a c987327ce1670ef1
aaaa991301002e00 2900020000002800 24001d002040ecc2
cce32711cce41494 baa7071fb83fccf5 f18f387422f3908b c43284e111
{server} derive write traffic keys for handshake data:
PRK (32 octets): 8115875ae8e698f7 47c3cf569d893ef8
7fd6b819c71c9daf 829efe73a33b6e59
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 4c8fba78ab70af97 d3b04500f481ab11
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 5f577c7b334038c1 f02b97fd ciphertext (101 octets): 16 03 03 00 60 02 00 00 5c 03 03 4b 98
9e 4c 47 ca 09 2a 18 78 78 ae 45 7f d5 85 6e dc a0 f7 ae cf 00
4e d0 20 3a fe 0d 57 e3 86 00 13 01 00 00 34 00 29 00 02 00 00
00 28 00 24 00 1d 00 20 66 62 56 0e 42 6c b1 13 d5 63 b1 69 e9
72 b5 c4 81 dd b6 cc f2 a5 79 39 ed d2 4b a9 e9 b6 2f 5f 00 2b
00 02 7f 16
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): 8115875ae8e698f7 47c3cf569d893ef8 PRK (32 octets): 58 6f 1a b9 cb 2d 93 70 66 1a 1e 0b c9 fc 8c 39
7fd6b819c71c9daf 829efe73a33b6e59 1a 34 67 b9 9e bd 58 16 c1 8c 46 a5 28 6e 96 77
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): b0f22d31540198c4 ccac2ad418cbae8e output (32 octets): 98 90 9d e6 86 66 b5 12 80 1c 41 c6 3b 20 f9
0aa427339e820fef 493dfb708a1e2c6c fc 1f 7f 8f e1 19 64 75 d2 07 48 66 e3 a1 5d 14 15
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (74 octets): 080000220020000a 00140012001d0017 payload (74 octets): 08 00 00 22 00 20 00 0a 00 14 00 12 00 1d 00
0018001901000101 0102010301040000 0000002a00001400 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 00 2a
0020d5027b937d18 ab2fb0dbce52a7d6 33f0d74cb903ebf9 00 00 14 00 00 20 c9 f5 11 e0 94 08 c2 b3 ff b5 ac 45 3c 7c 0a
44fd0cab41ebff3d 375f 65 c0 8c 28 c9 bc 4f 38 54 46 91 9e b8 fd 84 7c e0
ciphertext (96 octets): 170301005b543211 a6b0602cc2e55337 ciphertext (96 octets): 17 03 03 00 5b f5 a6 a6 20 f2 db 4e 20 1f
f06c9d80915cb3ad 12f78fa6817185b9 99abd80e9378e2f7 22 8d 73 b4 15 d8 5e a9 76 e1 55 27 5f 2d 89 a4 96 68 d7 be 48
09e51a74dba3652a ff487c27de9e2a98 1fb9a39a70073f9a 9a 8b 85 20 5d 0b 59 30 79 e6 0e 10 6e 15 67 29 c2 11 90 0a de
4dcb5557fd71b847 946ea75804208dcc ebb7b0c037e9c466 1f 72 32 67 d8 c8 2b f5 dd 40 bb c5 63 99 1e bc 01 1e 49 14 ea
47993593815d1825 3a ee 25 37 3e eb 31 00 36 c8 f4 44 be 45 16 4d 3a 50 5d
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 6cfe175844d4b474 fdeb9ef04b2607f7 PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5
ca50bc782c804aab 38502015ae8a48c4 c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c
hash (32 octets): 49115f0895594b92 ed1913be0e9da45f hash (32 octets): bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89
d0f922142c4f13da 77549d789f337ac4 ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd
info (54 octets): 002012746c733133 2063206170207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
6166666963204911 5f0895594b92ed19 13be0e9da45fd0f9 61 66 66 69 63 20 bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59
22142c4f13da7754 9d789f337ac4 89 ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd
output (32 octets): caac7af75d60cc5e dbf362ab55abb794 output (32 octets): c9 d1 12 6d be c2 7c a1 72 21 37 3f ef 10 4e
2f7c966ce8db22c3 c5f7cc05a5b1b58c cf a0 6d c4 a1 c4 5c 1d 55 3f 2b 1a 84 16 b4 6e cb
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 6cfe175844d4b474 fdeb9ef04b2607f7 PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5
ca50bc782c804aab 38502015ae8a48c4 c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c
hash (32 octets): 49115f0895594b92 ed1913be0e9da45f hash (32 octets): bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89
d0f922142c4f13da 77549d789f337ac4 ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd
info (54 octets): 002012746c733133 2073206170207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
6166666963204911 5f0895594b92ed19 13be0e9da45fd0f9 61 66 66 69 63 20 bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59
22142c4f13da7754 9d789f337ac4 89 ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd
output (32 octets): c1ac084ddbd228ed feeeecb6a3a75627 output (32 octets): aa 91 af 99 99 34 3a 32 8e cf ad 72 cb be e1
cc93d862b0af9237 3a90fd6df1040c6d 20 71 d7 79 b3 8a 3d 18 5a 7d c7 c4 e7 f8 33 33 1c
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 6cfe175844d4b474 fdeb9ef04b2607f7 PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5
ca50bc782c804aab 38502015ae8a48c4 c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c
hash (32 octets): 49115f0895594b92 ed1913be0e9da45f
d0f922142c4f13da 77549d789f337ac4
info (52 octets): 002010746c733133 20657870206d6173
7465722049115f08 95594b92ed1913be 0e9da45fd0f92214
2c4f13da77549d78 9f337ac4
output (32 octets): b060de35b5d6c782 0324c761c716efca
bb58870ab264aae8 10a4caa122327656
{server} derive write traffic keys for application data:
PRK (32 octets): c1ac084ddbd228ed feeeecb6a3a75627
cc93d862b0af9237 3a90fd6df1040c6d
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 2326cdc28deb238d 82e7c220c437e78b
iv info (12 octets): 000c08746c733133 20697600 hash (32 octets): bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89
ba 96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd
iv output (12 octets): 8719ac805d15be7d c733a9f2 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 bc be 0c 61 2f 39 63 e4 2c 49 6c b3 03 e9 59 89 ba
96 f6 21 00 34 f4 63 05 b9 75 2a 53 d9 a7 dd
{server} derive read traffic keys for early application data (same output (32 octets): 3d 65 4f f5 ca 07 87 85 69 31 01 cc 71 0f 46
as client write traffic keys) e2 93 5b 5e c4 61 14 ca bb 08 35 41 a0 84 66 d1 84
{client} derive secret for handshake "tls13 derived": {client} derive secret for handshake "tls13 derived":
PRK (32 octets): 40718b9ebd2b349a 900a2b3742e7a0d2 PRK (32 octets): 35 10 b5 e7 47 ce ef 42 b1 fe ff e7 a7 4f dc 0f
3f227bee609e9825 4da761f9d145f7cb 52 a5 ee fc a2 b6 76 b0 82 4e 06 17 c8 64 56 16
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 3f86b90be314a149 af8854fa5c7457e5 output (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e
b814940f059a68f6 58f4f09d5e7811d5 50 f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba
{client} extract secret "handshake": {client} extract secret "handshake":
salt (32 octets): 3f86b90be314a149 af8854fa5c7457e5 salt (32 octets): 3c 5b 59 45 89 ee 0f a2 f1 18 d3 98 fc 3c 3e 50
b814940f059a68f6 58f4f09d5e7811d5 f7 13 21 65 bc 5e 20 1a 97 da df 8e 36 ad 16 ba
ikm (32 octets): 9c9777daeca7583c 81361536a7533e8a ikm (32 octets): ca 49 06 0d 44 b4 58 b8 e2 6f b7 2a 18 6e bc 44
2811abe9a3a2342a d806a04bc4db3635 6b a8 e4 0e 8f b1 39 5c c7 f7 56 59 ee 86 f8 54
secret (32 octets): 735590cdccd25055 6d463feaba32b905 secret (32 octets): 6b a5 c1 83 92 4b a3 2c e0 99 85 c9 11 f2 97
96537834f13d851c dc224338bf3148f4 bb 0a 7c de 27 63 1a 6f 2e e8 88 25 19 88 f3 07 54
{client} derive secret "tls13 c hs traffic" (same as server) {client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server) {client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server) {client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server) {client} extract secret "master" (same as server)
{client} derive read traffic keys for handshake data:
PRK (32 octets): 8115875ae8e698f7 47c3cf569d893ef8
7fd6b819c71c9daf 829efe73a33b6e59
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): 4c8fba78ab70af97 d3b04500f481ab11
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 5f577c7b334038c1 f02b97fd
{client} calculate finished "tls13 finished" (same as server) {client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server) {client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server) {client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server) {client} derive secret "tls13 exp master" (same as server)
{client} send a EndOfEarlyData handshake message {client} send a EndOfEarlyData handshake message
{client} send handshake record:
payload (4 octets): 05000000
ciphertext (26 octets): 1703010015f7ba63 761efb5d0f267ff7
a7b52d308d9dfbd5 7fbb
{client} derive write traffic keys for handshake data:
PRK (32 octets): 28a089b4223c8104 845ff09b7b9e0505 {client} send handshake record:
d6061bdd0ea263a7 40c2bbf5b53d8d44
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): ae0206779a397d39 abc27bf76257a20c
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 92749db888b7a638 c8896347 payload (4 octets): 05 00 00 00
{client} derive read traffic keys for application data (same as ciphertext (26 octets): 17 03 03 00 15 1d ee d3 9b 27 ff 4f 3c 92
server write traffic keys) 2f fd ef 73 89 56 5e cc 79 d1 13 71
{client} calculate finished "tls13 finished": {client} calculate finished "tls13 finished":
PRK (32 octets): 28a089b4223c8104 845ff09b7b9e0505 PRK (32 octets): a2 ba 52 84 b4 0e 7d 65 af af 93 c0 93 06 dd e4
d6061bdd0ea263a7 40c2bbf5b53d8d44 70 98 a4 ee 28 4c f4 6e 0b 59 09 fe 25 8c a6 4f
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): e1e5a35bd3665879 b4aa860ac35bfb7f output (32 octets): 67 02 97 87 4f 08 e5 10 32 72 a8 be 0c 6d c3
260bb3aeffc3382c a0cb136e36350629 b4 39 6e 82 28 34 62 6b 21 e6 be 28 b9 d4 b4 35 05
{client} send a Finished handshake message {client} send a Finished handshake message
{client} send handshake record: {client} send handshake record:
payload (36 octets): 14000020f92d6397 71bceb3174f8bd06 payload (36 octets): 14 00 00 20 60 c3 2e 99 5e c1 0d d0 1d 73 79
7886f673ba9a051e d6c8f46e42bf58db 1921c638 e3 eb f1 9f 75 ef 74 0b 18 d4 24 06 c9 62 db 37 a4 53 74 9d 76
ciphertext (58 octets): 1703010035dcaef2 afb9d1372ab1172f
1a5570b78580d242 fe83be1c779caf21 c3192a14c6a45388
5676124ae5008c2b a38695eb153f48e4 110a
{client} derive write traffic keys for application data:
PRK (32 octets): caac7af75d60cc5e dbf362ab55abb794
2f7c966ce8db22c3 c5f7cc05a5b1b58c
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): a0c4168c98e0c4ad 3a0e96fdd011484d
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 7d97ef662f0667c8 f5041b4c ciphertext (58 octets): 17 03 03 00 35 b1 a4 2d de c8 7d 6a 62 17
a5 53 19 3b 47 a6 6c 32 b4 51 ab f8 48 dc df 68 21 3b 44 21 76
a9 e5 9b 8e cf 5e 1a fe d8 94 43 9a 9d f0 c3 a2 4b da ac 97 fc
34 55
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 6cfe175844d4b474 fdeb9ef04b2607f7 PRK (32 octets): 6b 06 1b 95 b3 81 1d 3a 8a a8 3d a0 1d f0 e6 d5
ca50bc782c804aab 38502015ae8a48c4 c3 be 43 d8 3b 18 b3 bc b8 e8 52 78 14 2b 11 9c
hash (32 octets): 339cbe6f1a5e94b4 199425efb7d37343
2bc262558fd5f948 949bae9ba3d54d2e
info (52 octets): 002010746c733133 20726573206d6173
74657220339cbe6f 1a5e94b4199425ef b7d373432bc26255
8fd5f948949bae9b a3d54d2e
output (32 octets): 500175fc5b33fcf0 727df04f55f97ecb
09cabce818b23fc1 57ea9feb3cd45a61
{server} derive read traffic keys for handshake data:
PRK (32 octets): 28a089b4223c8104 845ff09b7b9e0505
d6061bdd0ea263a7 40c2bbf5b53d8d44
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): ae0206779a397d39 abc27bf76257a20c hash (32 octets): 04 5f 9f 6c d4 c6 84 65 a7 79 f4 89 b7 13 57 7f
42 e9 91 c1 b7 b7 34 db 01 28 a5 7b 88 35 41 27
iv info (12 octets): 000c08746c733133 20697600 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 04 5f 9f 6c d4 c6 84 65 a7 79 f4 89 b7 13 57 7f 42
e9 91 c1 b7 b7 34 db 01 28 a5 7b 88 35 41 27
iv output (12 octets): 92749db888b7a638 c8896347 output (32 octets): 40 7b 7c fa 1a 5d cd 73 e2 75 a6 80 13 16 68
24 4e a8 88 64 19 a6 fe cc 01 f5 7b df d5 5d 15 2a
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send application_data record: {client} send application_data record:
payload (50 octets): 0001020304050607 08090a0b0c0d0e0f payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
1011121314151617 18191a1b1c1d1e1f 2021222324252627 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
28292a2b2c2d2e2f 3031 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 1703010043ff683d 8a38b703fd3ebf8b ciphertext (72 octets): 17 03 03 00 43 89 8d 41 41 71 76 9c 87 23
eac999691ca766db bdf194e607cafe0e ec111de379a8568e f5 46 43 1e c6 80 49 5a fa a6 ac 32 5d 66 2f a5 9d 93 5a 99 d2
716277b5cda1f932 7d1c00f074af3144 42ff59d12762932c f5 94 63 b8 d9 cd d3 c1 b1 36 79 08 1d d0 98 7c 4d 26 40 9a bd
7c7a49bcf2c58657 40 ca d0 be a6 d5 95 85 01 b1 fc 02 15 08 6d b9
{server} send application_data record: {server} send application_data record:
payload (50 octets): 0001020304050607 08090a0b0c0d0e0f payload (50 octets): 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e
1011121314151617 18191a1b1c1d1e1f 2021222324252627 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
28292a2b2c2d2e2f 3031 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31
ciphertext (72 octets): 1703010043aa88fd 1ad3269a01c7cf34 ciphertext (72 octets): 17 03 03 00 43 8e 95 04 14 52 07 ad 99 f9
4970ab14cffe7743 97137cf1575c916a e01f697f81f57283 26 b4 7c 28 f6 0f a5 31 b9 7d 35 4f 55 ac fe 46 59 b0 37 f1 94
d666009af2e153cc 2c7adec41f650bba 42c14b36a75e0a7b 6e 6a 8d c8 da f7 a9 fc 36 27 02 3f c1 df 0b a1 8c a5 90 11 fc
742227357e1fa5b4 2f 39 96 ea bc 2f 6d 50 85 93 d6 0b 23 87 d4 bc
{client} send alert record: {client} send alert record:
payload (2 octets): 0100 payload (2 octets): 01 00
ciphertext (24 octets): 17030100138a3bec b5cee5fbce9f4421 ciphertext (24 octets): 17 03 03 00 13 e4 f4 3b 1b 15 b0 75 40 6c
1058d9b48c308476 2f 32 68 61 99 82 35 6d 78 53
{server} send alert record: {server} send alert record:
payload (2 octets): 0100 payload (2 octets): 01 00
ciphertext (24 octets): 1703010013053a76 936d5b173ba833c9 ciphertext (24 octets): 17 03 03 00 13 06 18 b6 94 51 58 6b 0d b9
dc9f45d4f7d8e04b 6c 39 08 0f 6b d7 d1 f1 0b 41
5. HelloRetryRequest 5. HelloRetryRequest
In this example, the client initiates a handshake with an X25519 In this example, the client initiates a handshake with an X25519
[RFC7748] share. The server however prefers P-256 [FIPS186] and [RFC7748] share. The server however prefers P-256 [FIPS186] and
sends a HelloRetryRequest that requires the client to generate a key sends a HelloRetryRequest that requires the client to generate a key
share on the P-256 curve. share on the P-256 curve.
{client} create an ephemeral x25519 key pair: {client} create an ephemeral x25519 key pair:
private key (32 octets): 674b85de6a82fa78 fc44ed35ea420c56 private key (32 octets): 52 99 b5 dc 31 26 3d a4 eb 70 79 f3 f9
ab2327c447874726 743247b6a68caa24 29 68 d5 1e ce c2 0c 3b aa 64 67 f2 d8 d2 c2 49 88 09 10
public key (32 octets): f40d38599d529b51 72bc83b8f3246657 public key (32 octets): 9e d2 81 f2 d1 e0 f8 c3 99 a4 90 a8 6a cd
1d358f0d48d2b5ac e51901e0123b3b22 71 9d 46 56 77 db dc b4 45 1f 97 39 e1 22 40 8a d4 32
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (174 octets): 010000aa030308b5 ef1846029d644f18 payload (174 octets): 01 00 00 aa 03 03 24 cc 22 ad 4c 8b 8c ed
b00041006116bb12 e2f0f60a209c25ac d1d4dc2daadf0000 c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0 d8 35 f5 d7 81 0d
0613011303130201 00007b0000000b00 0900000673657276 fb b1 80 00 00 06 13 01 13 03 13 02 01 00 00 7b 00 00 00 0b 00
6572ff0100010000 0a00080006001d00 1700180028002600 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
24001d0020f40d38 599d529b5172bc83 b8f32466571d358f 00 1d 00 17 00 18 00 28 00 26 00 24 00 1d 00 20 9e d2 81 f2 d1
0d48d2b5ace51901 e0123b3b22002b00 03027f15000d0020 e0 f8 c3 99 a4 90 a8 6a cd 71 9d 46 56 77 db dc b4 45 1f 97 39
001e040305030603 0203080408050806 0401050106010201 e1 22 40 8a d4 32 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03
0402050206020202 002d00020101 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04
02 05 02 06 02 02 02 00 2d 00 02 01 01
ciphertext (179 octets): 16030100ae010000 aa030308b5ef1846 ciphertext (179 octets): 16 03 01 00 ae 01 00 00 aa 03 03 24 cc
029d644f18b00041 006116bb12e2f0f6 0a209c25acd1d4dc 22 ad 4c 8b 8c ed c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0
2daadf0000061301 130313020100007b 0000000b00090000 d8 35 f5 d7 81 0d fb b1 80 00 00 06 13 01 13 03 13 02 01 00 00
06736572766572ff 01000100000a0008 0006001d00170018 7b 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
002800260024001d 0020f40d38599d52 9b5172bc83b8f324 00 0a 00 08 00 06 00 1d 00 17 00 18 00 28 00 26 00 24 00 1d 00
66571d358f0d48d2 b5ace51901e0123b 3b22002b0003027f 20 9e d2 81 f2 d1 e0 f8 c3 99 a4 90 a8 6a cd 71 9d 46 56 77 db
15000d0020001e04 0305030603020308 0408050806040105 dc b4 45 1f 97 39 e1 22 40 8a d4 32 00 2b 00 03 02 7f 16 00 0d
0106010201040205 0206020202002d00 020101 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08 05 08 06 04 01 05
01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01
{server} send a HelloRetryRequest handshake message {server} send a ServerHello handshake message
{server} send handshake record: {server} send handshake record:
payload (16 octets): 0600000c7f151301 0006002800020017 payload (176 octets): 02 00 00 ac 03 03 cf 21 ad 74 e5 9a 61 11
be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e 09 e2 c8
a8 33 9c 00 13 01 00 00 84 00 28 00 02 00 17 00 2c 00 74 00 72
3c c7 0f 98 68 ee 6d bc bb 7b 7c 21 00 00 00 00 73 d2 77 2a 29
c9 93 b4 e0 c3 78 de 45 9e 99 ea 00 30 97 19 7d a5 86 38 74 31
85 03 d3 dd e2 41 7d 5f b7 8c 92 76 13 14 10 ea a9 2e 9e 8a f5
4e a0 92 86 7b 67 7d 64 4f 96 d8 c5 fd 48 30 d1 70 dd 1b 3f 8a
85 17 ab ee 19 60 52 d8 e4 29 3d 62 f0 3b 6d 29 b6 88 4b 7c 00
cc 5e 6c e7 ac 36 47 0e a7 00 2b 00 02 7f 16
ciphertext (21 octets): 1603010010060000 0c7f151301000600 ciphertext (181 octets): 16 03 03 00 b0 02 00 00 ac 03 03 cf 21
2800020017 ad 74 e5 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c
5e 07 9e 09 e2 c8 a8 33 9c 00 13 01 00 00 84 00 28 00 02 00 17
00 2c 00 74 00 72 3c c7 0f 98 68 ee 6d bc bb 7b 7c 21 00 00 00
00 73 d2 77 2a 29 c9 93 b4 e0 c3 78 de 45 9e 99 ea 00 30 97 19
7d a5 86 38 74 31 85 03 d3 dd e2 41 7d 5f b7 8c 92 76 13 14 10
ea a9 2e 9e 8a f5 4e a0 92 86 7b 67 7d 64 4f 96 d8 c5 fd 48 30
d1 70 dd 1b 3f 8a 85 17 ab ee 19 60 52 d8 e4 29 3d 62 f0 3b 6d
29 b6 88 4b 7c 00 cc 5e 6c e7 ac 36 47 0e a7 00 2b 00 02 7f 16
{client} create an ephemeral P-256 key pair: {client} create an ephemeral P-256 key pair:
private key (32 octets): 3aaa3a2b63029d27 c8dd3a2ed7b1e354 private key (32 octets): e5 d7 d7 16 54 b7 0d 85 b7 ef f8 ff 9f
6fcc42698c293d1c 644156b94a69a643 b4 10 f8 cc 6d 5c 0d 46 cb 4f 3c 96 28 61 c5 20 88 5d e0
public key (65 octets): 04652d99b80ef319 8ea71accdc077352 public key (65 octets): 04 17 35 66 97 92 26 4a 94 82 cf 17 8e 99
4afb7ca17af0bef4 8b4883eebcba3e1e 1f447b9246083536 0a e8 49 a3 55 2f 71 ec b8 4c 7b 02 2b 84 f0 57 eb b9 03 a2 e7
8e0ef8eb56a03d48 7ef6254ce51abd8d ab3e100a1caffc8c 9d ad 9d 2f 7d 44 e3 59 1a d0 04 33 a6 b2 d8 6d 57 9a af 1b 6a 2b
01 72 df 0e 6e 00 08 7a bb
{client} send a ClientHello handshake message {client} send a ClientHello handshake message
{client} send handshake record: {client} send handshake record:
payload (207 octets): 010000cb030308b5 ef1846029d644f18 payload (512 octets): 01 00 01 fc 03 03 24 cc 22 ad 4c 8b 8c ed
b00041006116bb12 e2f0f60a209c25ac d1d4dc2daadf0000 c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0 d8 35 f5 d7 81 0d
0613011303130201 00009c0000000b00 0900000673657276 fb b1 80 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
6572ff0100010000 0a00080006001d00 1700180028004700 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 08 00 06
450017004104652d 99b80ef3198ea71a ccdc0773524afb7c 00 1d 00 17 00 18 00 28 00 47 00 45 00 17 00 41 04 17 35 66 97
a17af0bef48b4883 eebcba3e1e1f447b 92460835368e0ef8 92 26 4a 94 82 cf 17 8e 99 0a e8 49 a3 55 2f 71 ec b8 4c 7b 02
eb56a03d487ef625 4ce51abd8dab3e10 0a1caffc8c9d002b 2b 84 f0 57 eb b9 03 a2 e7 ad 9d 2f 7d 44 e3 59 1a d0 04 33 a6
0003027f15000d00 20001e0403050306 0302030804080508 b2 d8 6d 57 9a af 1b 6a 2b 01 72 df 0e 6e 00 08 7a bb 00 2b 00
0604010501060102 0104020502060202 02002d00020101 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2c
00 74 00 72 3c c7 0f 98 68 ee 6d bc bb 7b 7c 21 00 00 00 00 73
d2 77 2a 29 c9 93 b4 e0 c3 78 de 45 9e 99 ea 00 30 97 19 7d a5
86 38 74 31 85 03 d3 dd e2 41 7d 5f b7 8c 92 76 13 14 10 ea a9
2e 9e 8a f5 4e a0 92 86 7b 67 7d 64 4f 96 d8 c5 fd 48 30 d1 70
dd 1b 3f 8a 85 17 ab ee 19 60 52 d8 e4 29 3d 62 f0 3b 6d 29 b6
88 4b 7c 00 cc 5e 6c e7 ac 36 47 0e a7 00 2d 00 02 01 01 00 15
00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ciphertext (212 octets): 16030100cf010000 cb030308b5ef1846 ciphertext (517 octets): 16 03 03 02 00 01 00 01 fc 03 03 24 cc
029d644f18b00041 006116bb12e2f0f6 0a209c25acd1d4dc 22 ad 4c 8b 8c ed c8 e7 ee ac 95 93 1b 24 9d 3a dd 7d 98 c5 e0
2daadf0000061301 130313020100009c 0000000b00090000 d8 35 f5 d7 81 0d fb b1 80 00 00 06 13 01 13 03 13 02 01 00 01
06736572766572ff 01000100000a0008 0006001d00170018 cd 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
0028004700450017 004104652d99b80e f3198ea71accdc07 00 0a 00 08 00 06 00 1d 00 17 00 18 00 28 00 47 00 45 00 17 00
73524afb7ca17af0 bef48b4883eebcba 3e1e1f447b924608 41 04 17 35 66 97 92 26 4a 94 82 cf 17 8e 99 0a e8 49 a3 55 2f
35368e0ef8eb56a0 3d487ef6254ce51a bd8dab3e100a1caf 71 ec b8 4c 7b 02 2b 84 f0 57 eb b9 03 a2 e7 ad 9d 2f 7d 44 e3
fc8c9d002b000302 7f15000d0020001e 0403050306030203 59 1a d0 04 33 a6 b2 d8 6d 57 9a af 1b 6a 2b 01 72 df 0e 6e 00
0804080508060401 0501060102010402 050206020202002d 00020101 08 7a bb 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2c 00 74 00 72 3c c7 0f 98 68 ee 6d bc bb 7b 7c
21 00 00 00 00 73 d2 77 2a 29 c9 93 b4 e0 c3 78 de 45 9e 99 ea
00 30 97 19 7d a5 86 38 74 31 85 03 d3 dd e2 41 7d 5f b7 8c 92
76 13 14 10 ea a9 2e 9e 8a f5 4e a0 92 86 7b 67 7d 64 4f 96 d8
c5 fd 48 30 d1 70 dd 1b 3f 8a 85 17 ab ee 19 60 52 d8 e4 29 3d
62 f0 3b 6d 29 b6 88 4b 7c 00 cc 5e 6c e7 ac 36 47 0e a7 00 2d
00 02 01 01 00 15 00 b5 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
{server} extract secret "early": {server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 0000000000000000 0000000000000000 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
10adf300aa1f2660 e1b22e10f170f92a e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} create an ephemeral P-256 key pair: {server} create an ephemeral P-256 key pair:
private key (32 octets): fb5b23536a4ef874 f8b4a44bb3b0886d private key (32 octets): b1 6d 06 d1 40 ff d5 a9 3b b1 bf 4d 58
046790b682b9aaac 75233edad5020c7d d7 3d 97 06 62 b9 a5 50 25 ca 63 bc b1 b4 f6 75 ac 73 15
public key (65 octets): 047e759436bca19e d0358962b7d0ded4 public key (65 octets): 04 89 cf b4 c1 91 61 f7 0e b1 5a 43 81 40
2e744076da23ec8a 9633cf172709ee2a c7e8a06b40fbe5bf 02 13 53 46 37 bd b4 fe d0 20 a9 2e 59 d9 58 10 ff eb e3 a8 dd
e41afc03a1b78920 68d610b840301e2d 2e1f40787a183f3a 2b bd f2 e2 cc 65 71 fe 17 df 28 3a 37 22 f1 23 f3 32 fc b0 cb 3d
8b bb 9f 0b 65 e0 07 46 ae
{server} send a ServerHello handshake message {server} send a ServerHello handshake message
{server} derive secret for handshake "tls13 derived": {server} derive secret for handshake "tls13 derived":
PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10adf300aa1f2660 e1b22e10f170f92a 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
16c076189c48250c ebeac3576c3611ba 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{server} extract secret "handshake": {server} extract secret "handshake":
salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16c076189c48250c ebeac3576c3611ba 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 90975442819df737 9e40c060c3b641f3 ikm (32 octets): ba 1c d6 f8 aa 98 a2 de ff b7 ba bb 8e 52 4d 2f
a315ccbf3f4e1542 f3bbe90e0089f7bc d3 e8 2d 5c ff 5d 7b e3 0a 20 80 ef 62 6a 92 b3
secret (32 octets): 5558d9a4084111c3 5092aba9f314a046 secret (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a
852fc282106ad91f 8aad94dc2fcd0a6c 3e 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8
{server} derive secret "tls13 c hs traffic": {server} derive secret "tls13 c hs traffic":
PRK (32 octets): 5558d9a4084111c3 5092aba9f314a046 PRK (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a 3e
852fc282106ad91f 8aad94dc2fcd0a6c 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8
hash (32 octets): d615e55df3513f10 48462b9b7cc7c110 hash (32 octets): 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30 09
71223806e0fff9fa 94ffc0f7432a184b c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27
info (54 octets): 002012746c733133 2063206873207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
616666696320d615 e55df3513f104846 2b9b7cc7c1107122 61 66 66 69 63 20 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30
3806e0fff9fa94ff c0f7432a184b 09 c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27
output (32 octets): c11db498010bc4f6 6242a786c862a985 output (32 octets): 1e af b2 10 3a c5 96 e5 a8 67 3e ae 2c 42 0c
e358018874b6ed04 61fd92e52696ee76 ff b2 d9 45 99 d9 00 08 94 0b db a8 8c a7 71 26 26
{server} derive secret "tls13 s hs traffic": {server} derive secret "tls13 s hs traffic":
PRK (32 octets): 5558d9a4084111c3 5092aba9f314a046 PRK (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a 3e
852fc282106ad91f 8aad94dc2fcd0a6c 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8
hash (32 octets): d615e55df3513f10 48462b9b7cc7c110 hash (32 octets): 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30 09
71223806e0fff9fa 94ffc0f7432a184b c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27
info (54 octets): 002012746c733133 2073206873207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
616666696320d615 e55df3513f104846 2b9b7cc7c1107122 61 66 66 69 63 20 87 73 ef 3f d6 03 64 ff ab 64 c5 f1 66 f8 30
3806e0fff9fa94ff c0f7432a184b 09 c2 9e c6 70 16 76 e5 cc 60 b5 1a 2f 2a dd 9e 27
output (32 octets): fd1b408bf0324ded 52e449708b1c310c output (32 octets): 82 54 e1 25 3f 75 bf a5 bb 5c 4e f2 b1 bb 79
50f0a6cd8dab23b6 e4e5e3a413ba259d 73 e0 b7 b8 32 51 31 2b ce 86 30 8e a1 27 b5 52 e0
{server} derive secret for master "tls13 derived": {server} derive secret for master "tls13 derived":
PRK (32 octets): 5558d9a4084111c3 5092aba9f314a046 PRK (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a 3e
852fc282106ad91f 8aad94dc2fcd0a6c 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27ae41e4649b934c a495991b7852b855 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00200d746c733133 2064657269766564 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
4ca495991b7852b8 55 64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 7d54cbf473252842 3046df3f0d49d87f output (32 octets): 91 74 25 ca 4f 3e 40 22 e2 e6 bb 99 25 f2 f7
6c11ec65b9e21cbf 91163e3b92a68707 08 e9 7c 1c 75 56 cd e8 63 52 1f 40 b3 c8 2f 49 36
{server} extract secret "master": {server} extract secret "master":
salt (32 octets): 7d54cbf473252842 3046df3f0d49d87f salt (32 octets): 91 74 25 ca 4f 3e 40 22 e2 e6 bb 99 25 f2 f7 08
6c11ec65b9e21cbf 91163e3b92a68707 e9 7c 1c 75 56 cd e8 63 52 1f 40 b3 c8 2f 49 36
ikm (32 octets): 0000000000000000 0000000000000000 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0000000000000000 0000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 76b73d53db71bd7a a61471dde13a7364 secret (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9
51802efa6881b88a 77ef23e4029e01d5 3c 18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95
{server} send handshake record: {server} send handshake record:
payload (115 octets): 0200006f7f155007 6d6c334421c0ac06 payload (123 octets): 02 00 00 77 03 03 eb 62 5e d0 a8 a3 3c 5f
4f6e47a6409c0417 95345ee3f78ede5a 3c35c8d279a81301 a3 c2 77 5a eb a4 c6 2a 4f 31 71 f2 ff ea e4 ea 53 38 27 30 41
0049002800450017 0041047e759436bc a19ed0358962b7d0 6f f7 3a 00 13 01 00 00 4f 00 28 00 45 00 17 00 41 04 89 cf b4
ded42e744076da23 ec8a9633cf172709 ee2ac7e8a06b40fb c1 91 61 f7 0e b1 5a 43 81 40 02 13 53 46 37 bd b4 fe d0 20 a9
e5bfe41afc03a1b7 892068d610b84030 1e2d2e1f40787a18 3f3a2b 2e 59 d9 58 10 ff eb e3 a8 dd bd f2 e2 cc 65 71 fe 17 df 28 3a
37 22 f1 23 f3 32 fc b0 cb 3d 8b bb 9f 0b 65 e0 07 46 ae 00 2b
ciphertext (120 octets): 1603010073020000 6f7f1550076d6c33 00 02 7f 16
4421c0ac064f6e47 a6409c041795345e e3f78ede5a3c35c8
d279a81301004900 2800450017004104 7e759436bca19ed0
358962b7d0ded42e 744076da23ec8a96 33cf172709ee2ac7
e8a06b40fbe5bfe4 1afc03a1b7892068 d610b840301e2d2e
1f40787a183f3a2b
{server} derive write traffic keys for handshake data:
PRK (32 octets): fd1b408bf0324ded 52e449708b1c310c
50f0a6cd8dab23b6 e4e5e3a413ba259d
key info (13 octets): 001009746c733133 206b657900
key output (16 octets): e7fc5d7c880935bc 55412aecbc2773fb
iv info (12 octets): 000c08746c733133 20697600
iv output (12 octets): 3a3a4d62924d7a1b d2235c95 ciphertext (128 octets): 16 03 03 00 7b 02 00 00 77 03 03 eb 62
5e d0 a8 a3 3c 5f a3 c2 77 5a eb a4 c6 2a 4f 31 71 f2 ff ea e4
ea 53 38 27 30 41 6f f7 3a 00 13 01 00 00 4f 00 28 00 45 00 17
00 41 04 89 cf b4 c1 91 61 f7 0e b1 5a 43 81 40 02 13 53 46 37
bd b4 fe d0 20 a9 2e 59 d9 58 10 ff eb e3 a8 dd bd f2 e2 cc 65
71 fe 17 df 28 3a 37 22 f1 23 f3 32 fc b0 cb 3d 8b bb 9f 0b 65
e0 07 46 ae 00 2b 00 02 7f 16
{server} send a EncryptedExtensions handshake message {server} send a EncryptedExtensions handshake message
{server} send a Certificate handshake message {server} send a Certificate handshake message
{server} send a CertificateVerify handshake message {server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished": {server} calculate finished "tls13 finished":
PRK (32 octets): fd1b408bf0324ded 52e449708b1c310c PRK (32 octets): 82 54 e1 25 3f 75 bf a5 bb 5c 4e f2 b1 bb 79 73
50f0a6cd8dab23b6 e4e5e3a413ba259d e0 b7 b8 32 51 31 2b ce 86 30 8e a1 27 b5 52 e0
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): e01b611aca50606e 1f247d7bce2467dd output (32 octets): a3 3a 40 a0 16 61 06 92 2f 96 9d 66 28 69 0e
b01bf06041d1e849 a67cdbacc88cc47b ad 71 29 6b 1c 9f 44 14 64 e8 f4 c4 c2 33 14 10 15
{server} send a Finished handshake message {server} send a Finished handshake message
{server} send handshake record: {server} send handshake record:
payload (639 octets): 080000120010000a 0008000600170018 payload (639 octets): 08 00 00 12 00 10 00 0a 00 08 00 06 00 17
001d000000000b00 01b9000001b50001 b0308201ac308201 00 18 00 1d 00 00 00 00 0b 00 01 b9 00 00 01 b5 00 01 b0 30 82
15a0030201020201 02300d06092a8648 86f70d01010b0500 01 ac 30 82 01 15 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48
300e310c300a0603 5504031303727361 301e170d31363037 86 f7 0d 01 01 0b 05 00 30 0e 31 0c 30 0a 06 03 55 04 03 13 03
3330303132333539 5a170d3236303733 303031323335395a 72 73 61 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39 5a 17
300e310c300a0603 5504031303727361 30819f300d06092a 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 0e 31 0c 30 0a 06
864886f70d010101 050003818d003081 8902818100b4bb49 03 55 04 03 13 03 72 73 61 30 81 9f 30 0d 06 09 2a 86 48 86 f7
8f8279303d980836 399b36c6988c0c68 de55e1bdb826d390 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 b4 bb 49 8f
1a2461eafd2de49a 91d015abbc9a9513 7ace6c1af19eaa6a 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c 0c 68 de 55 e1 bd b8 26
f98c7ced43120998 e187a80ee0ccb052 4b1b018c3e0b6326 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab bc 9a 95 13 7a ce 6c
4d449a6d38e22a5f da43084674803053 0ef0461c8ca9d9ef 1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87 a8 0e e0 cc b0 52
bfae8ea6d1d03e2b d193eff0ab9a8002 c47428a6d35a8d88 4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f da 43 08 46 74
d79f7f1e3f020301 0001a31a30183009 0603551d13040230 80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0 3e 2b d1 93
00300b0603551d0f 0404030205a0300d 06092a864886f70d ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e 3f 02 03
01010b0500038181 0085aad2a0e5b927 6b908c65f73a7267 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02 30 00 30 0b 06
170618a54c5f8a7b 337d2df7a5943654 17f2eae8f8a58c8f 03 55 1d 0f 04 04 03 02 05 a0 30 0d 06 09 2a 86 48 86 f7 0d 01
8172f9319cf36b7f d6c55b80f21a0301 5156726096fd335e 01 0b 05 00 03 81 81 00 85 aa d2 a0 e5 b9 27 6b 90 8c 65 f7 3a
5e67f2dbf102702e 608ccae6bec1fc63 a42a99be5c3eb710 72 67 17 06 18 a5 4c 5f 8a 7b 33 7d 2d f7 a5 94 36 54 17 f2 ea
7c3c54e9b9eb2bd5 203b1c3b84e0a8b2 f759409ba3eac9d9 e8 f8 a5 8c 8f 81 72 f9 31 9c f3 6b 7f d6 c5 5b 80 f2 1a 03 01
1d402dcc0cc8f896 1229ac9187b42b4d e100000f00008408 51 56 72 60 96 fd 33 5e 5e 67 f2 db f1 02 70 2e 60 8c ca e6 be
04008004fc5804d8 481fdfd8c6319ef6 3968daf9ec416c6c c1 fc 63 a4 2a 99 be 5c 3e b7 10 7c 3c 54 e9 b9 eb 2b d5 20 3b
819e48253bdf016a bacfadfc69b0bb79 01f899429ffbe89d 1c 3b 84 e0 a8 b2 f7 59 40 9b a3 ea c9 d9 1d 40 2d cc 0c c8 f8
937da491491950ee 29c78ce320226366 fc0575800d3a29b6 96 12 29 ac 91 87 b4 2b 4d e1 00 00 0f 00 00 84 08 04 00 80 96
f383d417454ff4b4 0c12da2ac4d9a474 3ced8e420a43023e ac 87 45 e8 60 64 a1 18 d3 35 75 88 1c c7 db 99 b7 ad 5c f6 42
a1548407dd2b6b4a d0409da648ad80c8 86a6e7cca6764fab 04 2f 0c 6a 4c 65 42 d6 15 3e f7 b4 71 2d 9f 9f 7c 16 7a 9c fe
5b77612380a99dfa 7cf4f314000020e8 7b0043df73761a9f 1b 9f 7a e7 41 4b ff 4c d1 3c dd 81 1d ce 07 ce 22 7b f2 ec 74
1b1a54f7c189a3c8 2f1d7647ee867ad0 db8ea5df20ab7b 38 e9 22 6e 7d da 00 0e f8 34 85 60 ed 21 6b 28 a8 bc 6d b6 10
3c aa 96 00 d8 84 7c a6 f0 ea 40 64 da 4f 7d 6d c7 b5 98 ff 54
36 a0 4e 01 7d e3 2c 12 eb f3 2e 55 3b e2 60 3e 0f 63 20 63 42
b8 14 00 00 20 a4 98 49 23 dd 33 35 94 bd 90 4b 9e 80 1b c1 88
73 31 57 ba 4b 16 c7 62 cd a9 f6 f3 0f e9 a6 88
ciphertext (661 octets): 1703010290f458e3 0169c36dfd1f876f ciphertext (661 octets): 17 03 03 02 90 11 09 c2 d4 04 4a ea 1f
fe054670b609e771 9bc0b24dca1cb156 f6aa69e6d998df26 e6 a7 d0 e1 52 4a 86 e6 b3 fd 43 3a 4a 86 8a 8c 10 1a 58 ab b3
bce69234737c12f3 05f230f03b8a9217 cd4d964ae442f1f7 38 1e 66 c6 9a bc b0 0d c0 ba d7 b4 9c c3 24 55 aa 28 c8 e5 13
358f732e152d9b18 25620233814e8777 f7d046ba44c7c6a4 13 a0 9b 4f 19 fc 3c b9 9b 35 5e 8a 4a fc 74 84 c4 c6 d4 de 32
8eb468739395642b 006fa132e735b8e0 17b51898ece31dd9 d5 75 01 4c 53 71 48 ce 7d df 31 d9 3a f5 fb f1 ac dd b8 c7 13
e9ff44c75cbee059 9dab03d006336d76 505813f8ce64964d 32 e7 ce d7 7a 2f 4d e0 16 dd 98 5a 2c ec 06 8a e2 49 fd a9 bc
6064bd9c90fa5e72 a50b76baeecd9c64 b548be8032c450e6 a4 d7 23 19 5a df d8 b8 03 95 00 e9 e1 d6 c6 01 20 6a 6a 85 33
c2c8abb105bc394d 9bc858f3e2ce6bf8 d6314ba505f3908a 56 1a ab ca f5 cc f2 e2 b7 c5 9e 74 75 1a 41 ca 95 15 03 26 a8
e9990abfc30a8e64 62a6ef98a05d8c53 47dd92a866619a93 f2 25 56 7f bb 9f ad 99 39 b6 d6 ca a2 47 90 05 d9 4b b8 95 18
87803ddb019b25a4 0cfbedab80f920d0 e5e294433b568434 ca 63 84 cf 66 dd 97 36 2f 8c 40 13 26 d4 22 d5 3f bd 68 1b 14
e796610c9e972daa 0d412a5e4e25bf81 97943fbe74604002 09 16 ec 14 31 45 32 49 04 dd 7f 63 26 96 81 a1 36 f2 e6 15 f4
a6111dbe05439010 c1bbfbe50339dfd7 99f4d72e6853fcae 7e e9 e3 2a a3 25 2e 0c 3b 1d 47 a9 92 63 50 b4 98 5b 96 51 ef
7ea453bf0ccf5bfd 338787e45fac53f0 c808861524a7237b c5 14 80 09 61 6d 75 df dd e9 33 1f e2 ae e5 44 c4 a1 40 10 2a
b19484525eb88051 298c4d51cd8b9380 2a73c4ab9cc27084 db c1 12 d4 45 1e 1b 90 46 02 9e 71 b9 36 60 49 c9 ac aa 36 82
a69a0ee03be6b02f cd2cb5a66dde2b44 0920f408be16c408 79 f0 dc 27 00 bb 15 1d 96 6d 2d 71 a7 55 44 6a 74 9f 3f fb 2b
2e0a3dc6d8e15d37 e1f37c44c8433fcf ab9be408c54c074e 10 11 0d 2f 9d c2 1e f7 1d b7 2b 53 ae 2b a8 70 70 f2 79 15 b8
bfa45f2af3d20559 23d2fd8a7c3c3c3d d7bf84d2826784af a3 4a 4c 92 03 70 36 3b f7 75 98 a8 99 3d 6d 97 45 53 f7 6a 83
154ca2f5ca7ad8f7 c0e88cdbd7673551 4b49578726a8a26e dd e2 a5 5c 30 10 ed bf 86 ec 45 6c 5e 12 f4 fb 28 3f d5 25 e2
33ff1133d60d8f0e 2fddb6eea294b78d abdd2974dfb1cf53 2b f8 4e 28 03 41 9a 1f 5c 0d 83 7c e5 bc b1 8c 36 18 06 35 c1
3032d0aa71e3e603 e1d1a370c01fd1e9 0aefc1691f63c051 d3 28 30 f4 af f6 60 7a 72 81 1e 4e 19 02 b1 c0 88 4e 3c 97 dd
c5957bea4c4a5033 63627279fec18a72 276b7cb3af42c92e 44 3f 69 5e e3 fe 76 db 3e cc d4 36 ae 87 0f 7f 1d b1 3e 00 cc
24a605e1316f303e 80a01c4f386b5aae bcef58cc09db8b29 41 9c c4 5a 44 69 29 92 c2 e1 62 41 fb 31 d4 ed e3 95 77 2b 31
7b38ba6ac277a38f 67d78960d36ea48b 6685abf0cbe9b542 fd e3 cc 4d b3 27 64 0f 48 d8 3f 63 5f 95 be f6 7f b3 60 c3 c9
caa644931dc22656 216cdcf145228c5e eafb8a930bb97619 8e db d6 ae 57 4f ae d0 dc 59 38 20 b2 48 3e 6f 2d ae 39 51 5d
e772ed92f89a80da dee692e5cd3985db 2edc81cde6306a6a 9c 54 b9 d1 66 5a 7c ac 02 16 fa 32 55 0a a4 46 a5 e3 7c 9d af
93751e35f6054f84 96e26a2015ef0edc 502f8e96f19579aa 54 ed 38 71 39 eb 85 47 cc 53 13 7b 02 37 4b 4a 03 4d 38 18 69
3ff80c8ef8ab691e 498cf0f8d58a3c3c fcf3aed23f81e43b 57 81 da 2a 23 ec 82 b5 81 98 3d 69 5b 84 37 94 07 cc 87 dc 85
2546fdcabd7c9a80 ad1e59b8dc9a6d0f 674c177eec 4e 0d 06 3e 6d 62 d2 3c 97 97 5e 91 7d b6 d5 21 82 83 a2 e8 15
16 43 37 5f 0b a1 84 59 91 ed 6f 40 9a 68 31 b5 7a 1c 5d dd 88
fe b6 e9 cc 66 ee 1f 3c 28 60 f6 1d f0 f8 1e bb 3b 0a 87 2d 0c
2d 00 ae 84 44 5f 47 89 31 7d 02 e1 b6 75 a8 db cc 45 66 34 28
95 ff 20 77 d8 9d 20 2d 86 43 22 be 4c c6 b3 f0 bf df
{server} derive secret "tls13 c ap traffic": {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 76b73d53db71bd7a a61471dde13a7364 PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c
51802efa6881b88a 77ef23e4029e01d5 18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95
hash (32 octets): 3f44e23dcedd02ac fb53fa70cf0721d8 hash (32 octets): 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89
e00d9e39bfa3ce91 705d1dc55caf300d cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42
info (54 octets): 002012746c733133 2063206170207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
6166666963203f44 e23dcedd02acfb53 fa70cf0721d8e00d 61 66 66 69 63 20 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12
9e39bfa3ce91705d 1dc55caf300d 89 cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42
output (32 octets): 7bbda44aef92ee2d a1523590895f2249 output (32 octets): de 2e 40 35 e0 1c 52 ea e4 d5 b8 b3 46 50 c3
b1bed03647d8bfee 273fb3ef3b25457c 32 04 53 6b 07 03 09 21 e4 31 95 37 b4 a0 90 1e e0
{server} derive secret "tls13 s ap traffic": {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 76b73d53db71bd7a a61471dde13a7364 PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c
51802efa6881b88a 77ef23e4029e01d5 18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95
hash (32 octets): 3f44e23dcedd02ac fb53fa70cf0721d8 hash (32 octets): 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89
e00d9e39bfa3ce91 705d1dc55caf300d cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42
info (54 octets): 002012746c733133 2073206170207472 info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
6166666963203f44 e23dcedd02acfb53 fa70cf0721d8e00d 61 66 66 69 63 20 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12
9e39bfa3ce91705d 1dc55caf300d 89 cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42
output (32 octets): 8e7767fb35fb9d93 341b5fe1ac2691b4 output (32 octets): 14 ff 87 2f 92 e2 e2 5c c2 18 e0 15 bf db f7
f5cafb6bbe792b53 858b44acb3b6005e b9 1d b3 42 c7 20 00 e2 bd 1d 5c 08 06 d7 56 ab 4d
{server} derive secret "tls13 exp master": {server} derive secret "tls13 exp master":
PRK (32 octets): 76b73d53db71bd7a a61471dde13a7364 PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c
51802efa6881b88a 77ef23e4029e01d5 18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95
hash (32 octets): 3f44e23dcedd02ac fb53fa70cf0721d8 hash (32 octets): 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89
e00d9e39bfa3ce91 705d1dc55caf300d cd 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42
info (52 octets): 002010746c733133 20657870206d6173 info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
746572203f44e23d cedd02acfb53fa70 cf0721d8e00d9e39 74 65 72 20 62 05 ce 54 b4 21 f2 e9 c4 2e ed 68 3d 19 12 89 cd
bfa3ce91705d1dc5 5caf300d 9b 1f 9a 84 4d 94 c2 3e 95 b8 94 cc 4e 8a 42
output (32 octets): ba9a598a87e25c0c 963757951c84b1fa output (32 octets): 10 9f ba 7b bc 8d 86 f3 f8 56 bf d6 a1 0e f3
6930ae37b7f10330 c79dec315bfb6f0f c2 fb f6 8c 6e 06 70 1b ab 97 6b a8 0c bf 00 12 d5
{server} derive write traffic keys for application data: {client} extract secret "early":
PRK (32 octets): 8e7767fb35fb9d93 341b5fe1ac2691b4 salt: (absent)
f5cafb6bbe792b53 858b44acb3b6005e
key info (13 octets): 001009746c733133 206b657900 ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
key output (16 octets): 6b3b6463ee2e9c63 167930f1cb496857 secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
iv info (12 octets): 000c08746c733133 20697600 {client} derive secret for handshake "tls13 derived":
iv output (12 octets): 870b39a26785a453 dd0683a7 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{server} derive read traffic keys for handshake data: hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
PRK (32 octets): c11db498010bc4f6 6242a786c862a985 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
e358018874b6ed04 61fd92e52696ee76 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
key info (13 octets): 001009746c733133 206b657900 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
key output (16 octets): 5fa4fe8df22a8449 86c47c46981a291a 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
iv info (12 octets): 000c08746c733133 20697600 {client} extract secret "handshake":
iv output (12 octets): d3bd79ca448e5692 571b9fe3 salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "early": ikm (32 octets): ba 1c d6 f8 aa 98 a2 de ff b7 ba bb 8e 52 4d 2f
d3 e8 2d 5c ff 5d 7b e3 0a 20 80 ef 62 6a 92 b3
secret (32 octets): 8e f8 e6 41 ab fd 33 02 a2 4a c0 03 d0 98 2a
3e 6e ef cd 99 46 ed 19 82 b8 1b 4d e2 ab c8 7d e8
{client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server)
{client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server)
{client} calculate finished "tls13 finished":
PRK (32 octets): 1e af b2 10 3a c5 96 e5 a8 67 3e ae 2c 42 0c ff
b2 d9 45 99 d9 00 08 94 0b db a8 8c a7 71 26 26
hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): 19 3b 17 c6 19 fb 94 85 1f 97 91 db 7b 9a 9e
03 9d 4f 81 96 9a 93 71 02 06 4b 45 a3 be e9 a3 12
{client} send a Finished handshake message
{client} send handshake record:
payload (36 octets): 14 00 00 20 3c 9c 63 c4 72 e5 d6 ab 04 4d 14
59 2e 5a d8 a2 ef 4c 1d 70 f7 f7 7a 13 3c 8d cc fc 05 a6 df 52
ciphertext (58 octets): 17 03 03 00 35 cd db d8 39 c3 4d 8d b2 a1
fc 58 5e 55 78 f6 5f ec 70 81 d6 95 00 88 09 02 5c 0c 9d 4f 87
5a f9 e7 10 d7 52 a2 0a 3d 2c 59 86 7e 92 6e b4 39 52 e2 8f 91
83 da
{client} derive secret "tls13 res master":
PRK (32 octets): 5f 5f 3a b7 4a c0 3b 74 79 0f 0f 40 33 f9 e9 3c
18 44 95 ac 41 03 a9 f2 2d 43 d8 dc 57 86 a2 95
hash (32 octets): cb 0c c7 bc 35 ef 49 7c be e7 ea fa 2b ff a2 2f
8d a5 b8 28 5e 83 35 48 0c 33 65 81 32 22 2c c2
info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74 65 72 20 cb 0c c7 bc 35 ef 49 7c be e7 ea fa 2b ff a2 2f 8d
a5 b8 28 5e 83 35 48 0c 33 65 81 32 22 2c c2
output (32 octets): 18 8c 90 bc 6f a9 7a 8d d5 55 1d 80 b1 ae 18
42 4c f3 e2 f6 90 bc 70 54 e3 6b 33 3f 17 30 17 f3
{server} calculate finished "tls13 finished" (same as client)
{server} derive secret "tls13 res master" (same as client)
{client} send alert record:
payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 93 21 5e 8c f7 98 69 b6 9a
28 57 8f 90 f4 c6 94 6e 5c 9b
{server} send alert record:
payload (2 octets): 01 00
ciphertext (24 octets): 17 03 03 00 13 4a b5 80 73 c0 a8 93 de 17
76 47 6d ec d2 5e 97 84 e3 d1
6. Client Authentication
In this example, the server requests client authentication. The
client uses a certificate with an RSA key, the server uses an ECDSA
certificate with a P-256 key.
{client} create an ephemeral x25519 key pair:
private key (32 octets): a4 0d c1 93 0c 00 af 0e 9d 3b c2 6c f9
0f 5e ee 7d ba 97 17 1f 53 2b 71 7f ef bf bf 87 08 38 c9
public key (32 octets): d5 dd 20 0f ad 08 39 7b 40 f3 e6 14 45 24
0c 75 78 5e b2 e5 0b 72 7c 5a 04 91 64 0d c1 2c 3a 0e
{client} send a ClientHello handshake message
{client} send handshake record:
payload (186 octets): 01 00 00 b6 03 03 a3 ce 03 a9 0c 76 17 79
2d ee d9 6e 55 b1 6a b8 fc 10 91 2c 67 f3 3d db d1 50 b3 25 d5
ca d6 58 00 00 06 13 01 13 03 13 02 01 00 00 87 00 00 00 0b 00
09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 28 00
26 00 24 00 1d 00 20 d5 dd 20 0f ad 08 39 7b 40 f3 e6 14 45 24
0c 75 78 5e b2 e5 0b 72 7c 5a 04 91 64 0d c1 2c 3a 0e 00 2b 00
03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08 04 08
05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02 00 2d
00 02 01 01
ciphertext (191 octets): 16 03 01 00 ba 01 00 00 b6 03 03 a3 ce
03 a9 0c 76 17 79 2d ee d9 6e 55 b1 6a b8 fc 10 91 2c 67 f3 3d
db d1 50 b3 25 d5 ca d6 58 00 00 06 13 01 13 03 13 02 01 00 00
87 00 00 00 0b 00 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00
00 0a 00 14 00 12 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01
03 01 04 00 28 00 26 00 24 00 1d 00 20 d5 dd 20 0f ad 08 39 7b
40 f3 e6 14 45 24 0c 75 78 5e b2 e5 0b 72 7c 5a 04 91 64 0d c1
2c 3a 0e 00 2b 00 03 02 7f 16 00 0d 00 20 00 1e 04 03 05 03 06
03 02 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02
06 02 02 02 00 2d 00 02 01 01
{server} extract secret "early":
salt: (absent) salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ikm (32 octets): 0000000000000000 0000000000000000 secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
0000000000000000 0000000000000000 e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
secret (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 {server} create an ephemeral x25519 key pair:
10adf300aa1f2660 e1b22e10f170f92a
{client} derive secret for handshake "tls13 derived": private key (32 octets): 01 f2 df a3 5d 2f f7 47 3c b2 b2 85 25
74 2d a0 58 a0 35 c7 f8 21 bc 86 bf c2 11 72 16 be cc aa
PRK (32 octets): 33ad0a1c607ec03b 09e6cd9893680ce2 public key (32 octets): b5 89 13 10 62 da ed c2 12 1b b7 5c 36 88
10adf300aa1f2660 e1b22e10f170f92a 0b 71 12 c1 96 7f fe 17 db 5f a7 ef ef 22 90 90 1e 3d
hash (32 octets): e3b0c44298fc1c14 9afbf4c8996fb924 {server} send a ServerHello handshake message
27ae41e4649b934c a495991b7852b855
info (49 octets): 00200d746c733133 2064657269766564 {server} derive secret for handshake "tls13 derived":
20e3b0c44298fc1c 149afbf4c8996fb9 2427ae41e4649b93
4ca495991b7852b8 55
output (32 octets): 6f2615a108c702c5 678f54fc9dbab697 PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
16c076189c48250c ebeac3576c3611ba 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} extract secret "handshake": hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
salt (32 octets): 6f2615a108c702c5 678f54fc9dbab697 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
16c076189c48250c ebeac3576c3611ba 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
ikm (32 octets): 90975442819df737 9e40c060c3b641f3 output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
a315ccbf3f4e1542 f3bbe90e0089f7bc 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
secret (32 octets): 5558d9a4084111c3 5092aba9f314a046 {server} extract secret "handshake":
852fc282106ad91f 8aad94dc2fcd0a6c
{client} derive secret "tls13 c hs traffic" (same as server) salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} derive secret "tls13 s hs traffic" (same as server) ikm (32 octets): 94 2f 83 fa ee 2f ad ad 24 2e eb fb c7 a6 6d 5e
c7 71 04 b1 3c d4 97 e0 b1 0d 9d 70 69 1d e8 6a
{client} derive secret for master "tls13 derived" (same as server) secret (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49
{client} extract secret "master" (same as server) e5 e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f
{client} derive read traffic keys for handshake data: {server} derive secret "tls13 c hs traffic":
PRK (32 octets): fd1b408bf0324ded 52e449708b1c310c PRK (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 e5
50f0a6cd8dab23b6 e4e5e3a413ba259d e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f
key info (13 octets): 001009746c733133 206b657900 hash (32 octets): 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59 8c
e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b
key output (16 octets): e7fc5d7c880935bc 55412aecbc2773fb info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 68 73 20 74 72
61 66 66 69 63 20 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59
8c e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b
iv info (12 octets): 000c08746c733133 20697600 output (32 octets): e8 d4 bb 93 8c a3 de 6d 1d 7c 78 01 a5 57 20
aa df cd 34 2d c8 a4 47 04 1d 21 7c 83 c8 df f3 94
iv output (12 octets): 3a3a4d62924d7a1b d2235c95 {server} derive secret "tls13 s hs traffic":
{client} calculate finished "tls13 finished" (same as server) PRK (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 e5
e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f
{client} derive secret "tls13 c ap traffic" (same as server) hash (32 octets): 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59 8c
e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b
{client} derive secret "tls13 s ap traffic" (same as server) info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 68 73 20 74 72
61 66 66 69 63 20 7a a6 f3 63 a4 49 35 45 a9 31 9b da 72 05 59
8c e1 5c bc 83 48 40 ce 04 c0 0e 8f 96 0b 27 80 7b
{client} derive secret "tls13 exp master" (same as server) output (32 octets): 8b fc e8 b0 11 4e ac cd 83 64 68 b5 e4 60 30
fd 32 1c 37 20 7a 41 cd 22 66 4f 56 53 14 f2 1e 05
{client} derive write traffic keys for handshake data (same as {server} derive secret for master "tls13 derived":
server read traffic keys)
{client} derive read traffic keys for application data (same as PRK (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49 e5
server write traffic keys) e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f
{client} calculate finished "tls13 finished": hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
PRK (32 octets): c11db498010bc4f6 6242a786c862a985 info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
e358018874b6ed04 61fd92e52696ee76 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f d8 3c 95 03 f0 45 fb a0 08 69 a3 23 22 28
0f 38 85 3f cd 95 15 f1 3c e5 09 60 f0 e6 00 24 84
{server} extract secret "master":
salt (32 octets): 6f d8 3c 95 03 f0 45 fb a0 08 69 a3 23 22 28 0f
38 85 3f cd 95 15 f1 3c e5 09 60 f0 e6 00 24 84
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00
0a b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba
{server} send handshake record:
payload (90 octets): 02 00 00 56 03 03 0b 21 fe 7a 05 5c 66 77 67
7b 21 e0 7d fc 22 f9 65 92 1c 5c 3e 0c c8 85 b1 71 5e 2e 01 a8
91 3d 00 13 01 00 00 2e 00 28 00 24 00 1d 00 20 b5 89 13 10 62
da ed c2 12 1b b7 5c 36 88 0b 71 12 c1 96 7f fe 17 db 5f a7 ef
ef 22 90 90 1e 3d 00 2b 00 02 7f 16
ciphertext (95 octets): 16 03 03 00 5a 02 00 00 56 03 03 0b 21 fe
7a 05 5c 66 77 67 7b 21 e0 7d fc 22 f9 65 92 1c 5c 3e 0c c8 85
b1 71 5e 2e 01 a8 91 3d 00 13 01 00 00 2e 00 28 00 24 00 1d 00
20 b5 89 13 10 62 da ed c2 12 1b b7 5c 36 88 0b 71 12 c1 96 7f
fe 17 db 5f a7 ef ef 22 90 90 1e 3d 00 2b 00 02 7f 16
{server} send a EncryptedExtensions handshake message
{server} send a CertificateRequest handshake message
{server} send a Certificate handshake message
{server} send a CertificateVerify handshake message
{server} calculate finished "tls13 finished":
PRK (32 octets): 8b fc e8 b0 11 4e ac cd 83 64 68 b5 e4 60 30 fd
32 1c 37 20 7a 41 cd 22 66 4f 56 53 14 f2 1e 05
hash (0 octets): (empty) hash (0 octets): (empty)
info (18 octets): 00200e746c733133 2066696e69736865 6400 info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): 7e08634d5b4ddeed 131202f8be9528c6 output (32 octets): 23 48 7f 1e 47 29 a3 ef 3d fb e1 61 bd 0c d1
541e38e44f50f0ce 9e483307b1244d69 c0 42 51 86 74 be 62 54 5b f1 62 25 7a d7 d9 4e 9d
{client} send a Finished handshake message {server} send a Finished handshake message
{client} send handshake record: {server} send handshake record:
payload (36 octets): 14000020088d1825 a09b055ba971f7c1 payload (512 octets): 08 00 00 1e 00 1c 00 0a 00 14 00 12 00 1d
cb072dad901d7d66 b07a12fe90a532b4 90e98d11 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 00 00 00 0d
00 00 27 00 00 24 00 0d 00 20 00 1e 04 03 05 03 06 03 02 03 08
04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02 02 02
0b 00 01 3b 00 00 01 37 00 01 32 30 82 01 2e 30 81 d5 a0 03 02
01 02 02 01 07 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 13 31 11
30 0f 06 03 55 04 03 13 08 65 63 64 73 61 32 35 36 30 1e 17 0d
31 36 30 37 33 30 30 31 32 34 30 30 5a 17 0d 32 36 30 37 33 30
30 31 32 34 30 30 5a 30 13 31 11 30 0f 06 03 55 04 03 13 08 65
63 64 73 61 32 35 36 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06
08 2a 86 48 ce 3d 03 01 07 03 42 00 04 08 d5 30 16 15 75 f4 cf
e7 f1 54 ee 34 48 18 00 86 00 1e 88 43 1a 79 ee 62 ee 6e 2f 83
ef 38 ba 61 e9 fb 37 f3 4e 00 7a 7d f4 d2 f5 b5 6d 1f 04 ec e4
5d 62 1f 46 84 06 f5 c3 a1 51 58 94 8d d0 a3 1a 30 18 30 09 06
03 55 1d 13 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80
30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 00 30 45 02 21 00 df
30 fd 45 07 f5 ed d2 2c 1a 6f f8 6d b4 79 ca 69 3f ee ca 3b 71
b3 f9 ef 55 6b 29 37 c0 59 4d 02 20 62 e2 a4 72 50 d3 20 fe a8
3c 7e 2d cb 5b 76 a5 0e 02 00 c0 9a db d1 3f ee 94 6e 51 3e 01
1d 11 00 00 0f 00 00 4c 04 03 00 48 30 46 02 21 00 f7 46 ae b2
e0 10 2f 37 94 0d d8 90 2b 0a 80 63 33 b7 63 69 06 28 9b ae f0
a9 7d 92 12 ab 14 30 02 21 00 a7 81 31 62 2d 82 7b ce 23 d5 04
c7 f8 1e 2a 78 d7 fb d6 59 fa 09 e1 e7 4c 5a 74 b9 b0 e5 5f 3e
14 00 00 20 c6 c0 d6 02 f0 3c e5 92 6c 9e 53 05 04 a0 0a 5f d5
40 97 5d de c4 6a fd 8a 18 fa 20 85 17 08 d6
ciphertext (58 octets): 170301003501a1ee 3aeb36cd4afa9c7c ciphertext (534 octets): 17 03 03 02 11 17 bf 02 f6 e5 be bf f8
e7184c1bd778fbc3 2ff3cb5c6c734869 062d8e3a786fd33e 97 3f de b8 5f 0c cd 77 d7 5e 02 12 69 d8 47 5d 82 a4 26 74 bf
6b89241f063274ac 12e559bd780c2dae 5fa1 e3 6c c7 a2 89 6f 63 42 3a aa 5f e2 b2 f8 96 6a 85 61 cb 25 f4
c4 e2 8e c2 df 74 64 85 cf 64 fd f4 28 e6 fb c9 02 49 89 3a 62
a8 15 c5 7a f9 8d 03 73 44 4f 90 85 40 1c e2 5f 4b fb 30 e9 99
85 6a b0 eb 87 70 ef b0 1a cb 7e 30 c3 be d5 3d a3 03 32 b7 dc
1b 31 78 89 49 a8 05 71 4a 06 81 75 4b 41 d4 57 93 c8 b8 28 29
b1 9f 6a fa ea b5 bc c1 78 3d 0b 5e 39 63 03 67 7e fc 73 26 5a
2c 0c cc 07 02 6f e0 98 46 3b 7e e1 d7 c7 e9 81 ff 7c 89 61 d0
9d e7 fc be 92 77 98 25 98 a5 e9 0f 53 3a 23 5e 1a e3 81 01 fc
87 07 69 3e c3 ff 90 47 75 52 87 91 74 65 d3 a6 44 12 2c 73 6c
1f e5 98 a2 a9 45 87 c3 d2 4f b8 6a d2 18 97 2d 99 38 c0 89 42
ce 28 64 20 db a4 3a 39 84 46 55 5f 3b 12 d0 84 5b e9 c8 fe 0c
8d 71 f6 99 97 b7 08 b7 51 9c 7b 78 70 98 5d ad 45 89 40 a5 8f
e4 1a 93 be 45 1f 31 08 42 7a d7 fd 3a 6f 27 ef e0 9f 35 d4 ad
b3 a5 61 b3 41 87 ad 07 59 90 ac a8 b1 4c ec 21 cd c3 1b 78 e8
bb b8 e0 30 d7 f7 c8 0c 56 dc 7c 2f f8 b5 53 0f 95 8c 0f ab 81
3b c8 3e b3 d7 a9 72 5d 36 0f b2 d8 33 7c df c9 3c b3 d7 ed ea
ea 75 75 cd cc 43 64 a1 a9 f2 19 e4 ae a9 3c c0 6e 2a 31 51 a8
c7 f0 ef 15 16 a2 fd 34 1a bf b5 b3 9f 32 7c 6b 31 54 33 6e 5c
6e 94 ed 2c c2 ca 95 ff 69 d4 25 48 3c 63 d2 a4 04 60 b0 03 c0
4a b6 f5 bf 0e dc 3c 4e 66 21 a7 6f ff ff 1a 4d ae 84 7b 17 b8
e5 ea 2b b5 47 e0 5f e3 8a 0f dc 63 78 fd cf 45 5c b9 92 17 8f
e6 12 9d bd a3 49 a4 c5 6c d3 1e 04 ab bc 4c 5d 2d f5 0d 0c 06
04 75 ec 11 8b 0e 3d 82 f0 79 cb 5e ec 44 1f c1 f1 78 88 db f7
9b 04 f4 fa 89 39 ab be 4f 65 c4 b6 26 43 5c c8 dc
{client} derive write traffic keys for application data: {server} derive secret "tls13 c ap traffic":
PRK (32 octets): 7bbda44aef92ee2d a1523590895f2249 PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a
b1bed03647d8bfee 273fb3ef3b25457c b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba
key info (13 octets): 001009746c733133 206b657900 hash (32 octets): 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18
3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06
key output (16 octets): 0655d9562ee2ccb1 33f5c62d280d0d15 info (54 octets): 00 20 12 74 6c 73 31 33 20 63 20 61 70 20 74 72
61 66 66 69 63 20 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa
18 3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06
iv info (12 octets): 000c08746c733133 20697600 output (32 octets): 49 94 c4 1b d3 5f 90 84 9c da c8 1c ee eb 48
cf 0a 25 08 9c da 15 66 d0 c8 51 ce 42 67 55 0e 42
iv output (12 octets): 48964508543bc1ec d9b0e6db {server} derive secret "tls13 s ap traffic":
PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a
b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba
hash (32 octets): 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18
3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06
info (54 octets): 00 20 12 74 6c 73 31 33 20 73 20 61 70 20 74 72
61 66 66 69 63 20 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa
18 3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06
output (32 octets): 04 94 45 e6 ca b5 c5 4c 87 af 8a d9 c9 4f c1
28 14 f5 4c 22 bb c4 6a 08 5e 9e 3f 55 91 1e 77 0c
{server} derive secret "tls13 exp master":
PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a
b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba
hash (32 octets): 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18
3e 44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06
info (52 octets): 00 20 10 74 6c 73 31 33 20 65 78 70 20 6d 61 73
74 65 72 20 35 56 64 82 3a 07 6c 67 8f 60 11 3d f2 c4 fa 18 3e
44 c0 0b 0a 94 38 c7 93 d2 96 e9 2a 76 e3 06
output (32 octets): 84 69 2c 16 37 b0 91 ce 55 73 7a bc e2 46 9b
74 5c f4 77 80 ea d7 68 be 99 35 59 2c 16 0d 0d 57
{client} extract secret "early":
salt: (absent)
ikm (32 octets): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
{client} derive secret for handshake "tls13 derived":
PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a
hash (32 octets): e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24
27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55
info (49 octets): 00 20 0d 74 6c 73 31 33 20 64 65 72 69 76 65 64
20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4
64 9b 93 4c a4 95 99 1b 78 52 b8 55
output (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6
97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
{client} extract secret "handshake":
salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba
ikm (32 octets): 94 2f 83 fa ee 2f ad ad 24 2e eb fb c7 a6 6d 5e
c7 71 04 b1 3c d4 97 e0 b1 0d 9d 70 69 1d e8 6a
secret (32 octets): 53 d7 91 87 9a 6b 33 f3 86 45 35 3b 3e 03 49
e5 e0 88 e4 0b 6c 37 00 12 0c 80 04 25 d3 d5 e9 9f
{client} derive secret "tls13 c hs traffic" (same as server)
{client} derive secret "tls13 s hs traffic" (same as server)
{client} derive secret for master "tls13 derived" (same as server)
{client} extract secret "master" (same as server)
{client} calculate finished "tls13 finished" (same as server)
{client} derive secret "tls13 c ap traffic" (same as server)
{client} derive secret "tls13 s ap traffic" (same as server)
{client} derive secret "tls13 exp master" (same as server)
{client} send a Certificate handshake message
{client} send a CertificateVerify handshake message
{client} calculate finished "tls13 finished":
PRK (32 octets): e8 d4 bb 93 8c a3 de 6d 1d 7c 78 01 a5 57 20 aa
df cd 34 2d c8 a4 47 04 1d 21 7c 83 c8 df f3 94
hash (0 octets): (empty)
info (18 octets): 00 20 0e 74 6c 73 31 33 20 66 69 6e 69 73 68 65
64 00
output (32 octets): 03 c1 ff eb e1 ec af c1 16 94 42 a3 5f b7 8c
4a f4 3d 55 4e c8 5b 94 ae 3f e9 18 3f 54 55 f1 84
{client} send a Finished handshake message
{client} send handshake record:
payload (623 octets): 0b 00 01 bf 00 00 01 bb 00 01 b6 30 82 01
b2 30 82 01 1b a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86
f7 0d 01 01 0b 05 00 30 11 31 0f 30 0d 06 03 55 04 03 13 06 63
6c 69 65 6e 74 30 1e 17 0d 31 36 30 37 33 30 30 31 32 33 35 39
5a 17 0d 32 36 30 37 33 30 30 31 32 33 35 39 5a 30 11 31 0f 30
0d 06 03 55 04 03 13 06 63 6c 69 65 6e 74 30 81 9f 30 0d 06 09
2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81
00 c3 81 75 e0 04 a6 8d 09 3f 82 3b 9c 37 9d 20 1f bc 0b b7 a1
c7 91 90 5e 3f bf 76 84 7e 44 e7 51 eb bc d3 60 bd 94 5c 81 e5
22 2b cc 88 46 d3 a8 a0 f9 3e 9b f5 be ba bd 92 ed f1 de 1f f1
90 21 70 3e 7a b6 c0 90 15 13 f9 7e 39 b1 11 f0 9c 93 48 97 1c
7b 21 19 84 a7 54 cd 45 fe 09 5a f0 ea 42 36 82 9b cc f7 a7 fe
9b 28 88 e7 8a b4 77 69 0a 5b 9e 1c cb e9 1c 6a 4a 0f 97 a7 e0
28 42 01 02 03 01 00 01 a3 1a 30 18 30 09 06 03 55 1d 13 04 02
30 00 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 30 0d 06 09 2a 86
48 86 f7 0d 01 01 0b 05 00 03 81 81 00 1a 7a 5a 01 85 32 b0 22
af 07 67 d4 86 16 0c ff 2d 16 7a 19 15 d2 38 35 b5 45 94 91 6d
c6 80 be 5d 2e 62 60 76 c5 d5 27 22 eb cc 77 5d 7d 99 f9 80 be
2f c9 4d 34 ac f6 cc 00 ba 90 cb cf b0 60 8a a1 e7 e3 97 1e f0
c0 7a 41 d4 7a d8 34 5d 1f 81 fe 41 8a 1c f4 10 54 42 9f d2 17
bd 77 7d c1 cf 08 f0 5d f9 07 99 c6 59 36 1e 0f 1a 8e e4 ac 0f
78 97 42 0b db c8 23 da 80 a2 f2 ba 23 08 1c 00 00 0f 00 00 84
08 04 00 80 84 10 d9 4d 75 9a c5 a1 87 9c 61 71 49 48 04 09 7f
9d 94 6f 41 e0 02 2a 66 ee 8e 0d 3b bc f4 37 c2 6f db cb 1d b6
69 45 94 f9 01 71 82 e2 80 5c 1a 68 24 e1 06 d1 86 dd 42 37 53
60 89 14 3d 06 12 ec 33 08 50 2c d5 a1 54 3e 82 fb 9d b5 58 7e
54 07 6e 18 7a d6 ad 9b 89 35 42 a7 54 1d f0 47 49 7f fb 6c e2
5d df f8 fd e7 ed 8a 67 98 f2 b7 de 1f a8 d9 f9 67 76 15 3a 3d
01 9c 5a cc af 97 14 00 00 20 49 3e e4 87 b7 fc 2b f5 19 b7 cd
2b 6b 33 b5 0f 5b e6 d5 23 37 a4 96 2e 39 d0 ec 13 92 f0 76 80
ciphertext (645 octets): 17 03 03 02 80 4d 75 ab 8f 1d 72 06 a6
3e 00 ac cd 41 c6 aa d6 3f e1 4d df 20 42 8f 59 68 d7 fc 60 61
2f d2 5f f6 49 ae 82 c6 2e 3b 1e 6b 0d 07 d4 26 ae d4 3f a8 1f
c2 76 15 43 92 5d 9a 8c 53 57 b2 0d 5d f1 7d fe 67 7d 8f df 7c
b3 5f 07 48 02 a0 c5 5a 12 31 de a8 d4 27 1d fa 5f 5d 65 21 a4
f4 67 c4 78 5d b0 54 1d f1 fb 84 8f 8b 01 e6 8d cb 9c 63 a3 86
3a 6b d3 e8 8d b5 a3 67 34 53 2d f3 68 b0 f5 7a 12 b5 65 94 b2
e1 6b 69 4e 5c e6 c1 e6 f3 ab 6f 1f a0 a9 f5 40 e3 80 2d 6b f2
4f eb e4 2b 72 1f 13 ab 80 90 f1 54 e4 14 54 72 f9 1b 9a fe d6
c5 b4 51 39 7e a0 fd 19 8c 04 48 af 73 44 42 91 57 43 11 53 4d
22 91 07 65 9b 88 00 5c f0 51 db 32 70 83 44 4c 2c 00 14 e9 22
a2 bd 94 a2 c9 d8 40 70 7b 4c 76 0c 56 ff 09 36 b1 b7 ad 8c 76
f7 bf c2 dc 8b 75 19 d2 29 ad 7b a5 6d 0a 16 12 d0 56 f8 78 da
5a b9 91 c9 ce 3d d0 44 62 8c 5a 0f ab 4d 51 14 af 7f 95 7e f1
f5 27 05 6b 5d 16 0e 8b b2 ad 6d b0 a9 3b e2 3c 5f 68 7e 0a 28
ec 76 32 a2 1f 24 4f 9e ac 1d 04 4f f9 2d 3c 1f b1 8e f8 1a bb
cf 38 08 24 d4 cb 1c e4 51 7a d6 c1 45 f0 56 8b 41 b9 36 26 65
68 ac 23 1e c9 48 eb b3 32 1f 5f b0 14 36 21 af 9b 3c e7 51 7b
08 88 e0 71 c6 17 4b 7b 05 a7 bf ce a2 d9 e2 50 16 1a f7 0f 93
73 a9 c2 fc 2d 41 06 85 52 38 bc 54 f0 78 40 6c 75 82 7a 46 1e
c2 c3 59 19 f6 75 16 44 fd ce b6 11 31 3e f5 57 09 b5 2b 32 69
24 12 32 92 d1 bd 9d 1d 19 2f 6d 4d d6 bd e8 f3 c8 2c 30 49 f4
f6 dd f7 4d 18 4d 72 76 57 9f ce 90 a6 6b bd 6b 50 17 82 6d cd
0d 31 25 bc a5 47 df b2 f9 ab 53 43 fd a4 2a bb eb 5b f9 ca 6d
02 45 8e 7e 7b af 21 04 70 e5 e6 93 ee a4 c2 ca 50 2f e8 e6 d4
78 7b 57 18 6d 85 40 7d df 0d 5e 0c 8a be 1a 73 46 d6 cd 30 86
5a c5 fc 9d f2 d3 8e 84 1e f3 67 91 be e0 dd 3a 1a 95 b9 c3 2d
3e 8e 97 04 c8 7b fe bd 35 ea f5 cb db 4a 72 32 46 82 04 a5 75
63 2c ed 27 76 70 6c d5 02 a5 66 d1 30 c1 ab 40 9a 1c e4 ab 08
c5 8c 04 ae 75 33 94 8b 63 4b ff 14 54 b6 91 a1 e9 88 c6 de 54
85 7e 12 05 65 fc bc 6e 3d 01 ed fa 7a ab c5 f9 2c 45 b4 df 22
50 c0
{client} derive secret "tls13 res master": {client} derive secret "tls13 res master":
PRK (32 octets): 76b73d53db71bd7a a61471dde13a7364 PRK (32 octets): 86 05 00 52 9e e3 a6 0a 26 44 3e 62 2a 4c 00 0a
51802efa6881b88a 77ef23e4029e01d5 b3 ff 0d ea 05 05 5c c3 ed f3 bf 01 f7 11 db ba
hash (32 octets): ddc2b704b9dd57a1 bd2a6794bc485029 hash (32 octets): 7f 2d 4e 12 6e 73 62 ae 2f ea 3c b9 1f 32 ec b0
96c0d6dab1c8fbda c3b05262bc530964 f7 ba 7f 60 c4 ee a4 41 0f 80 26 dc 33 25 77 88
info (52 octets): 002010746c733133 20726573206d6173 info (52 octets): 00 20 10 74 6c 73 31 33 20 72 65 73 20 6d 61 73
74657220ddc2b704 b9dd57a1bd2a6794 bc48502996c0d6da 74 65 72 20 7f 2d 4e 12 6e 73 62 ae 2f ea 3c b9 1f 32 ec b0 f7
b1c8fbdac3b05262 bc530964 ba 7f 60 c4 ee a4 41 0f 80 26 dc 33 25 77 88
output (32 octets): 130658d2f9ab0026 cee5f482b5320a27 output (32 octets): 42 f1 0b 54 0d ee 84 7b 5b 1c 5b 0d 89 2c f7
1c79695c97eb5401 7c60f7178382d14e 11 7d 9a 13 9b 89 20 64 88 a3 52 eb ee d8 cb 6f 90
{server} calculate finished "tls13 finished" (same as client) {server} calculate finished "tls13 finished" (same as client)
{server} derive read traffic keys for application data (same as
client write traffic keys)
{server} derive secret "tls13 res master" (same as client) {server} derive secret "tls13 res master" (same as client)
{client} send alert record: {client} send alert record:
payload (2 octets): 0100 payload (2 octets): 01 00
ciphertext (24 octets): 1703010013392fc8 5183e3e957e6ed7e ciphertext (24 octets): 17 03 03 00 13 70 16 fa 95 9e 65 31 0b cf
f3bb003751ff121c 54 11 09 dd 74 cc 4b bd 42 95
{server} send alert record: {server} send alert record:
payload (2 octets): 0100 payload (2 octets): 01 00
ciphertext (24 octets): 17030100130c01d2 788b80b62142f34b ciphertext (24 octets): 17 03 03 00 13 92 e3 7d 92 18 1a 14 ec cf
8cf68e07610a9d64 3e 35 13 f4 54 63 4f b1 70 d9
6. Security Considerations 7. Security Considerations
It probably isn't a good idea to use the private key here. If it It probably isn't a good idea to use the private key here. If it
weren't for the fact that it is too small to provide any meaningful weren't for the fact that it is too small to provide any meaningful
security, it is now very well known. security, it is now very well known.
7. References 8. References
7.1. Normative References 8.1. Normative References
[I-D.ietf-tls-tls13] [I-D.ietf-tls-tls13]
Rescorla, E., "The Transport Layer Security (TLS) Protocol Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", draft-ietf-tls-tls13-21 (work in progress), Version 1.3", draft-ietf-tls-tls13-22 (work in progress),
July 2017. November 2017.
7.2. Informative References 8.2. Informative References
[FIPS186] National Institute of Standards and Technology (NIST), [FIPS186] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", NIST PUB 186-4 , July "Digital Signature Standard (DSS)", NIST PUB 186-4 , July
2013. 2013.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <http://www.rfc-editor.org/info/rfc7748>. 2016, <https://www.rfc-editor.org/info/rfc7748>.
8.3. URIs
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
Appendix A. Acknowledgements Appendix A. Acknowledgements
This draft is generated using tests that were written for NSS [1].
None of this would have been possible without Franziskus Kiefer, Eric None of this would have been possible without Franziskus Kiefer, Eric
Rescorla and Tim Taubert, who did a lot of the work in NSS. Rescorla and Tim Taubert, who did a lot of the work in NSS.
Author's Address Author's Address
Martin Thomson Martin Thomson
Mozilla Mozilla
Email: martin.thomson@gmail.com Email: martin.thomson@gmail.com
 End of changes. 321 change blocks. 
1041 lines changed or deleted 1339 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/