Update prebuilts to go 1.12.1
From https://ci.android.com/builds/submitted/5389456/darwin_mac/latest/go.zip
Also includes a cherry-pick of
https://github.com/golang/go/commit/ff048033e4304898245d843e79ed1a0897006c6d
Fixes: 126298064
Test: m blueprint_tools
Change-Id: I5b44319547aac0211a7a6248ba7f23dde3cb9116
diff --git a/src/crypto/tls/alert.go b/src/crypto/tls/alert.go
index 4929868..24199a7 100644
--- a/src/crypto/tls/alert.go
+++ b/src/crypto/tls/alert.go
@@ -38,6 +38,8 @@
alertInappropriateFallback alert = 86
alertUserCanceled alert = 90
alertNoRenegotiation alert = 100
+ alertMissingExtension alert = 109
+ alertUnsupportedExtension alert = 110
alertNoApplicationProtocol alert = 120
)
@@ -65,6 +67,8 @@
alertInappropriateFallback: "inappropriate fallback",
alertUserCanceled: "user canceled",
alertNoRenegotiation: "no renegotiation",
+ alertMissingExtension: "missing extension",
+ alertUnsupportedExtension: "unsupported extension",
alertNoApplicationProtocol: "no application protocol",
}
diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go
index 88face4..6fe9718 100644
--- a/src/crypto/tls/auth.go
+++ b/src/crypto/tls/auth.go
@@ -7,10 +7,13 @@
import (
"crypto"
"crypto/ecdsa"
+ "crypto/elliptic"
"crypto/rsa"
"encoding/asn1"
"errors"
"fmt"
+ "hash"
+ "io"
)
// pickSignatureAlgorithm selects a signature algorithm that is compatible with
@@ -23,10 +26,9 @@
func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []SignatureScheme, tlsVersion uint16) (sigAlg SignatureScheme, sigType uint8, hashFunc crypto.Hash, err error) {
if tlsVersion < VersionTLS12 || len(peerSigAlgs) == 0 {
// For TLS 1.1 and before, the signature algorithm could not be
- // negotiated and the hash is fixed based on the signature type.
- // For TLS 1.2, if the client didn't send signature_algorithms
- // extension then we can assume that it supports SHA1. See
- // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+ // negotiated and the hash is fixed based on the signature type. For TLS
+ // 1.2, if the client didn't send signature_algorithms extension then we
+ // can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1.
switch pubkey.(type) {
case *rsa.PublicKey:
if tlsVersion < VersionTLS12 {
@@ -44,7 +46,7 @@
if !isSupportedSignatureAlgorithm(sigAlg, ourSigAlgs) {
continue
}
- hashAlg, err := lookupTLSHash(sigAlg)
+ hashAlg, err := hashFromSignatureScheme(sigAlg)
if err != nil {
panic("tls: supported signature algorithm has an unknown hash function")
}
@@ -106,3 +108,114 @@
}
return nil
}
+
+const (
+ serverSignatureContext = "TLS 1.3, server CertificateVerify\x00"
+ clientSignatureContext = "TLS 1.3, client CertificateVerify\x00"
+)
+
+var signaturePadding = []byte{
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+}
+
+// writeSignedMessage writes the content to be signed by certificate keys in TLS
+// 1.3 to sigHash. See RFC 8446, Section 4.4.3.
+func writeSignedMessage(sigHash io.Writer, context string, transcript hash.Hash) {
+ sigHash.Write(signaturePadding)
+ io.WriteString(sigHash, context)
+ sigHash.Write(transcript.Sum(nil))
+}
+
+// signatureSchemesForCertificate returns the list of supported SignatureSchemes
+// for a given certificate, based on the public key and the protocol version. It
+// does not support the crypto.Decrypter interface, so shouldn't be used on the
+// server side in TLS 1.2 and earlier.
+func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme {
+ priv, ok := cert.PrivateKey.(crypto.Signer)
+ if !ok {
+ return nil
+ }
+
+ switch pub := priv.Public().(type) {
+ case *ecdsa.PublicKey:
+ if version != VersionTLS13 {
+ // In TLS 1.2 and earlier, ECDSA algorithms are not
+ // constrained to a single curve.
+ return []SignatureScheme{
+ ECDSAWithP256AndSHA256,
+ ECDSAWithP384AndSHA384,
+ ECDSAWithP521AndSHA512,
+ ECDSAWithSHA1,
+ }
+ }
+ switch pub.Curve {
+ case elliptic.P256():
+ return []SignatureScheme{ECDSAWithP256AndSHA256}
+ case elliptic.P384():
+ return []SignatureScheme{ECDSAWithP384AndSHA384}
+ case elliptic.P521():
+ return []SignatureScheme{ECDSAWithP521AndSHA512}
+ default:
+ return nil
+ }
+ case *rsa.PublicKey:
+ if version != VersionTLS13 {
+ return []SignatureScheme{
+ PSSWithSHA256,
+ PSSWithSHA384,
+ PSSWithSHA512,
+ PKCS1WithSHA256,
+ PKCS1WithSHA384,
+ PKCS1WithSHA512,
+ PKCS1WithSHA1,
+ }
+ }
+ // RSA keys with RSA-PSS OID are not supported by crypto/x509.
+ return []SignatureScheme{
+ PSSWithSHA256,
+ PSSWithSHA384,
+ PSSWithSHA512,
+ }
+ default:
+ return nil
+ }
+}
+
+// unsupportedCertificateError returns a helpful error for certificates with
+// an unsupported private key.
+func unsupportedCertificateError(cert *Certificate) error {
+ switch cert.PrivateKey.(type) {
+ case rsa.PrivateKey, ecdsa.PrivateKey:
+ return fmt.Errorf("tls: unsupported certificate: private key is %T, expected *%T",
+ cert.PrivateKey, cert.PrivateKey)
+ }
+
+ signer, ok := cert.PrivateKey.(crypto.Signer)
+ if !ok {
+ return fmt.Errorf("tls: certificate private key (%T) does not implement crypto.Signer",
+ cert.PrivateKey)
+ }
+
+ switch pub := signer.Public().(type) {
+ case *ecdsa.PublicKey:
+ switch pub.Curve {
+ case elliptic.P256():
+ case elliptic.P384():
+ case elliptic.P521():
+ default:
+ return fmt.Errorf("tls: unsupported certificate curve (%s)", pub.Curve.Params().Name)
+ }
+ case *rsa.PublicKey:
+ default:
+ return fmt.Errorf("tls: unsupported certificate key (%T)", pub)
+ }
+
+ return fmt.Errorf("tls: internal error: unsupported key (%T)", cert.PrivateKey)
+}
diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go
index 3c8dc4b..ecb4db2 100644
--- a/src/crypto/tls/cipher_suites.go
+++ b/src/crypto/tls/cipher_suites.go
@@ -5,6 +5,7 @@
package tls
import (
+ "crypto"
"crypto/aes"
"crypto/cipher"
"crypto/des"
@@ -14,8 +15,7 @@
"crypto/sha256"
"crypto/x509"
"hash"
-
- "golang_org/x/crypto/chacha20poly1305"
+ "internal/x/crypto/chacha20poly1305"
)
// a keyAgreement implements the client and server side of a TLS key agreement
@@ -59,8 +59,7 @@
suiteDefaultOff
)
-// A cipherSuite is a specific combination of key agreement, cipher and MAC
-// function. All cipher suites currently assume RSA key agreement.
+// A cipherSuite is a specific combination of key agreement, cipher and MAC function.
type cipherSuite struct {
id uint16
// the lengths, in bytes, of the key material needed for each component.
@@ -72,7 +71,7 @@
flags int
cipher func(key, iv []byte, isRead bool) interface{}
mac func(version uint16, macKey []byte) macFunction
- aead func(key, fixedNonce []byte) cipher.AEAD
+ aead func(key, fixedNonce []byte) aead
}
var cipherSuites = []*cipherSuite{
@@ -104,6 +103,21 @@
{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil},
}
+// A cipherSuiteTLS13 defines only the pair of the AEAD algorithm and hash
+// algorithm to be used with HKDF. See RFC 8446, Appendix B.4.
+type cipherSuiteTLS13 struct {
+ id uint16
+ keyLen int
+ aead func(key, fixedNonce []byte) aead
+ hash crypto.Hash
+}
+
+var cipherSuitesTLS13 = []*cipherSuiteTLS13{
+ {TLS_AES_128_GCM_SHA256, 16, aeadAESGCMTLS13, crypto.SHA256},
+ {TLS_CHACHA20_POLY1305_SHA256, 32, aeadChaCha20Poly1305, crypto.SHA256},
+ {TLS_AES_256_GCM_SHA384, 32, aeadAESGCMTLS13, crypto.SHA384},
+}
+
func cipherRC4(key, iv []byte, isRead bool) interface{} {
cipher, _ := rc4.NewCipher(key)
return cipher
@@ -135,59 +149,68 @@
copy(mac.key, key)
return mac
}
- return tls10MAC{hmac.New(newConstantTimeHash(sha1.New), key)}
+ return tls10MAC{h: hmac.New(newConstantTimeHash(sha1.New), key)}
}
// macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2
// so the given version is ignored.
func macSHA256(version uint16, key []byte) macFunction {
- return tls10MAC{hmac.New(sha256.New, key)}
+ return tls10MAC{h: hmac.New(sha256.New, key)}
}
type macFunction interface {
+ // Size returns the length of the MAC.
Size() int
- MAC(digestBuf, seq, header, data, extra []byte) []byte
+ // MAC appends the MAC of (seq, header, data) to out. The extra data is fed
+ // into the MAC after obtaining the result to normalize timing. The result
+ // is only valid until the next invocation of MAC as the buffer is reused.
+ MAC(seq, header, data, extra []byte) []byte
}
type aead interface {
cipher.AEAD
- // explicitIVLen returns the number of bytes used by the explicit nonce
- // that is included in the record. This is eight for older AEADs and
+ // explicitNonceLen returns the number of bytes of explicit nonce
+ // included in each record. This is eight for older AEADs and
// zero for modern ones.
explicitNonceLen() int
}
-// fixedNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to
+const (
+ aeadNonceLength = 12
+ noncePrefixLength = 4
+)
+
+// prefixNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to
// each call.
-type fixedNonceAEAD struct {
+type prefixNonceAEAD struct {
// nonce contains the fixed part of the nonce in the first four bytes.
- nonce [12]byte
+ nonce [aeadNonceLength]byte
aead cipher.AEAD
}
-func (f *fixedNonceAEAD) NonceSize() int { return 8 }
-func (f *fixedNonceAEAD) Overhead() int { return f.aead.Overhead() }
-func (f *fixedNonceAEAD) explicitNonceLen() int { return 8 }
+func (f *prefixNonceAEAD) NonceSize() int { return aeadNonceLength - noncePrefixLength }
+func (f *prefixNonceAEAD) Overhead() int { return f.aead.Overhead() }
+func (f *prefixNonceAEAD) explicitNonceLen() int { return f.NonceSize() }
-func (f *fixedNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte {
+func (f *prefixNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte {
copy(f.nonce[4:], nonce)
return f.aead.Seal(out, f.nonce[:], plaintext, additionalData)
}
-func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) {
+func (f *prefixNonceAEAD) Open(out, nonce, ciphertext, additionalData []byte) ([]byte, error) {
copy(f.nonce[4:], nonce)
- return f.aead.Open(out, f.nonce[:], plaintext, additionalData)
+ return f.aead.Open(out, f.nonce[:], ciphertext, additionalData)
}
// xoredNonceAEAD wraps an AEAD by XORing in a fixed pattern to the nonce
// before each call.
type xorNonceAEAD struct {
- nonceMask [12]byte
+ nonceMask [aeadNonceLength]byte
aead cipher.AEAD
}
-func (f *xorNonceAEAD) NonceSize() int { return 8 }
+func (f *xorNonceAEAD) NonceSize() int { return 8 } // 64-bit sequence number
func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() }
func (f *xorNonceAEAD) explicitNonceLen() int { return 0 }
@@ -203,11 +226,11 @@
return result
}
-func (f *xorNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) {
+func (f *xorNonceAEAD) Open(out, nonce, ciphertext, additionalData []byte) ([]byte, error) {
for i, b := range nonce {
f.nonceMask[4+i] ^= b
}
- result, err := f.aead.Open(out, f.nonceMask[:], plaintext, additionalData)
+ result, err := f.aead.Open(out, f.nonceMask[:], ciphertext, additionalData)
for i, b := range nonce {
f.nonceMask[4+i] ^= b
}
@@ -215,7 +238,10 @@
return result, err
}
-func aeadAESGCM(key, fixedNonce []byte) cipher.AEAD {
+func aeadAESGCM(key, noncePrefix []byte) aead {
+ if len(noncePrefix) != noncePrefixLength {
+ panic("tls: internal error: wrong nonce length")
+ }
aes, err := aes.NewCipher(key)
if err != nil {
panic(err)
@@ -225,19 +251,40 @@
panic(err)
}
- ret := &fixedNonceAEAD{aead: aead}
- copy(ret.nonce[:], fixedNonce)
+ ret := &prefixNonceAEAD{aead: aead}
+ copy(ret.nonce[:], noncePrefix)
return ret
}
-func aeadChaCha20Poly1305(key, fixedNonce []byte) cipher.AEAD {
+func aeadAESGCMTLS13(key, nonceMask []byte) aead {
+ if len(nonceMask) != aeadNonceLength {
+ panic("tls: internal error: wrong nonce length")
+ }
+ aes, err := aes.NewCipher(key)
+ if err != nil {
+ panic(err)
+ }
+ aead, err := cipher.NewGCM(aes)
+ if err != nil {
+ panic(err)
+ }
+
+ ret := &xorNonceAEAD{aead: aead}
+ copy(ret.nonceMask[:], nonceMask)
+ return ret
+}
+
+func aeadChaCha20Poly1305(key, nonceMask []byte) aead {
+ if len(nonceMask) != aeadNonceLength {
+ panic("tls: internal error: wrong nonce length")
+ }
aead, err := chacha20poly1305.New(key)
if err != nil {
panic(err)
}
ret := &xorNonceAEAD{aead: aead}
- copy(ret.nonceMask[:], fixedNonce)
+ copy(ret.nonceMask[:], nonceMask)
return ret
}
@@ -246,6 +293,7 @@
type ssl30MAC struct {
h hash.Hash
key []byte
+ buf []byte
}
func (s ssl30MAC) Size() int {
@@ -258,7 +306,7 @@
// MAC does not offer constant timing guarantees for SSL v3.0, since it's deemed
// useless considering the similar, protocol-level POODLE vulnerability.
-func (s ssl30MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte {
+func (s ssl30MAC) MAC(seq, header, data, extra []byte) []byte {
padLength := 48
if s.h.Size() == 20 {
padLength = 40
@@ -271,13 +319,13 @@
s.h.Write(header[:1])
s.h.Write(header[3:5])
s.h.Write(data)
- digestBuf = s.h.Sum(digestBuf[:0])
+ s.buf = s.h.Sum(s.buf[:0])
s.h.Reset()
s.h.Write(s.key)
s.h.Write(ssl30Pad2[:padLength])
- s.h.Write(digestBuf)
- return s.h.Sum(digestBuf[:0])
+ s.h.Write(s.buf)
+ return s.h.Sum(s.buf[:0])
}
type constantTimeHash interface {
@@ -303,9 +351,10 @@
}
}
-// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3.
+// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, Section 6.2.3.
type tls10MAC struct {
- h hash.Hash
+ h hash.Hash
+ buf []byte
}
func (s tls10MAC) Size() int {
@@ -315,12 +364,12 @@
// MAC is guaranteed to take constant time, as long as
// len(seq)+len(header)+len(data)+len(extra) is constant. extra is not fed into
// the MAC, but is only provided to make the timing profile constant.
-func (s tls10MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte {
+func (s tls10MAC) MAC(seq, header, data, extra []byte) []byte {
s.h.Reset()
s.h.Write(seq)
s.h.Write(header)
s.h.Write(data)
- res := s.h.Sum(digestBuf[:0])
+ res := s.h.Sum(s.buf[:0])
if extra != nil {
s.h.Write(extra)
}
@@ -350,12 +399,34 @@
func mutualCipherSuite(have []uint16, want uint16) *cipherSuite {
for _, id := range have {
if id == want {
- for _, suite := range cipherSuites {
- if suite.id == want {
- return suite
- }
- }
- return nil
+ return cipherSuiteByID(id)
+ }
+ }
+ return nil
+}
+
+func cipherSuiteByID(id uint16) *cipherSuite {
+ for _, cipherSuite := range cipherSuites {
+ if cipherSuite.id == id {
+ return cipherSuite
+ }
+ }
+ return nil
+}
+
+func mutualCipherSuiteTLS13(have []uint16, want uint16) *cipherSuiteTLS13 {
+ for _, id := range have {
+ if id == want {
+ return cipherSuiteTLS13ByID(id)
+ }
+ }
+ return nil
+}
+
+func cipherSuiteTLS13ByID(id uint16) *cipherSuiteTLS13 {
+ for _, cipherSuite := range cipherSuitesTLS13 {
+ if cipherSuite.id == id {
+ return cipherSuite
}
}
return nil
@@ -366,6 +437,7 @@
//
// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
const (
+ // TLS 1.0 - 1.2 cipher suites.
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a
TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
@@ -389,8 +461,12 @@
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca8
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca9
+ // TLS 1.3 cipher suites.
+ TLS_AES_128_GCM_SHA256 uint16 = 0x1301
+ TLS_AES_256_GCM_SHA384 uint16 = 0x1302
+ TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303
+
// TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
- // that the client is doing version fallback. See
- // https://tools.ietf.org/html/rfc7507.
+ // that the client is doing version fallback. See RFC 7507.
TLS_FALLBACK_SCSV uint16 = 0x5600
)
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 7b627fc..f695528 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -16,6 +16,7 @@
"io"
"math/big"
"net"
+ "os"
"strings"
"sync"
"time"
@@ -26,17 +27,16 @@
VersionTLS10 = 0x0301
VersionTLS11 = 0x0302
VersionTLS12 = 0x0303
+ VersionTLS13 = 0x0304
)
const (
- maxPlaintext = 16384 // maximum plaintext payload length
- maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
- recordHeaderLen = 5 // record header length
- maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
- maxWarnAlertCount = 5 // maximum number of consecutive warning alerts
-
- minVersion = VersionTLS10
- maxVersion = VersionTLS12
+ maxPlaintext = 16384 // maximum plaintext payload length
+ maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
+ maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3
+ recordHeaderLen = 5 // record header length
+ maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
+ maxUselessRecords = 16 // maximum number of consecutive non-advancing records
)
// TLS record types.
@@ -51,19 +51,23 @@
// TLS handshake message types.
const (
- typeHelloRequest uint8 = 0
- typeClientHello uint8 = 1
- typeServerHello uint8 = 2
- typeNewSessionTicket uint8 = 4
- typeCertificate uint8 = 11
- typeServerKeyExchange uint8 = 12
- typeCertificateRequest uint8 = 13
- typeServerHelloDone uint8 = 14
- typeCertificateVerify uint8 = 15
- typeClientKeyExchange uint8 = 16
- typeFinished uint8 = 20
- typeCertificateStatus uint8 = 22
- typeNextProtocol uint8 = 67 // Not IANA assigned
+ typeHelloRequest uint8 = 0
+ typeClientHello uint8 = 1
+ typeServerHello uint8 = 2
+ typeNewSessionTicket uint8 = 4
+ typeEndOfEarlyData uint8 = 5
+ typeEncryptedExtensions uint8 = 8
+ typeCertificate uint8 = 11
+ typeServerKeyExchange uint8 = 12
+ typeCertificateRequest uint8 = 13
+ typeServerHelloDone uint8 = 14
+ typeCertificateVerify uint8 = 15
+ typeClientKeyExchange uint8 = 16
+ typeFinished uint8 = 20
+ typeCertificateStatus uint8 = 22
+ typeKeyUpdate uint8 = 24
+ typeNextProtocol uint8 = 67 // Not IANA assigned
+ typeMessageHash uint8 = 254 // synthetic message
)
// TLS compression types.
@@ -73,16 +77,24 @@
// TLS extension numbers
const (
- extensionServerName uint16 = 0
- extensionStatusRequest uint16 = 5
- extensionSupportedCurves uint16 = 10
- extensionSupportedPoints uint16 = 11
- extensionSignatureAlgorithms uint16 = 13
- extensionALPN uint16 = 16
- extensionSCT uint16 = 18 // https://tools.ietf.org/html/rfc6962#section-6
- extensionSessionTicket uint16 = 35
- extensionNextProtoNeg uint16 = 13172 // not IANA assigned
- extensionRenegotiationInfo uint16 = 0xff01
+ extensionServerName uint16 = 0
+ extensionStatusRequest uint16 = 5
+ extensionSupportedCurves uint16 = 10 // supported_groups in TLS 1.3, see RFC 8446, Section 4.2.7
+ extensionSupportedPoints uint16 = 11
+ extensionSignatureAlgorithms uint16 = 13
+ extensionALPN uint16 = 16
+ extensionSCT uint16 = 18
+ extensionSessionTicket uint16 = 35
+ extensionPreSharedKey uint16 = 41
+ extensionEarlyData uint16 = 42
+ extensionSupportedVersions uint16 = 43
+ extensionCookie uint16 = 44
+ extensionPSKModes uint16 = 45
+ extensionCertificateAuthorities uint16 = 47
+ extensionSignatureAlgorithmsCert uint16 = 50
+ extensionKeyShare uint16 = 51
+ extensionNextProtoNeg uint16 = 13172 // not IANA assigned
+ extensionRenegotiationInfo uint16 = 0xff01
)
// TLS signaling cipher suite values
@@ -91,7 +103,10 @@
)
// CurveID is the type of a TLS identifier for an elliptic curve. See
-// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
+// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8.
+//
+// In TLS 1.3, this type is called NamedGroup, but at this time this library
+// only supports Elliptic Curve based groups. See RFC 8446, Section 4.2.7.
type CurveID uint16
const (
@@ -101,6 +116,25 @@
X25519 CurveID = 29
)
+// TLS 1.3 Key Share. See RFC 8446, Section 4.2.8.
+type keyShare struct {
+ group CurveID
+ data []byte
+}
+
+// TLS 1.3 PSK Key Exchange Modes. See RFC 8446, Section 4.2.9.
+const (
+ pskModePlain uint8 = 0
+ pskModeDHE uint8 = 1
+)
+
+// TLS 1.3 PSK Identity. Can be a Session Ticket, or a reference to a saved
+// session. See RFC 8446, Section 4.2.11.
+type pskIdentity struct {
+ label []byte
+ obfuscatedTicketAge uint32
+}
+
// TLS Elliptic Curve Point Formats
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
const (
@@ -114,21 +148,12 @@
// Certificate types (for certificateRequestMsg)
const (
- certTypeRSASign = 1 // A certificate containing an RSA key
- certTypeDSSSign = 2 // A certificate containing a DSA key
- certTypeRSAFixedDH = 3 // A certificate containing a static DH key
- certTypeDSSFixedDH = 4 // A certificate containing a static DH key
-
- // See RFC 4492 sections 3 and 5.5.
- certTypeECDSASign = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
- certTypeRSAFixedECDH = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
- certTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
-
- // Rest of these are reserved by the TLS spec
+ certTypeRSASign = 1
+ certTypeECDSASign = 64 // RFC 4492, Section 5.5
)
// Signature algorithms (for internal signaling use). Starting at 16 to avoid overlap with
-// TLS 1.2 codepoints (RFC 5246, section A.4.1), with which these have nothing to do.
+// TLS 1.2 codepoints (RFC 5246, Appendix A.4.1), with which these have nothing to do.
const (
signaturePKCS1v15 uint8 = iota + 16
signatureECDSA
@@ -136,10 +161,13 @@
)
// supportedSignatureAlgorithms contains the signature and hash algorithms that
-// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2
+// the code advertises as supported in a TLS 1.2+ ClientHello and in a TLS 1.2+
// CertificateRequest. The two fields are merged to match with TLS 1.3.
// Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
var supportedSignatureAlgorithms = []SignatureScheme{
+ PSSWithSHA256,
+ PSSWithSHA384,
+ PSSWithSHA512,
PKCS1WithSHA256,
ECDSAWithP256AndSHA256,
PKCS1WithSHA384,
@@ -150,19 +178,39 @@
ECDSAWithSHA1,
}
+// RSA-PSS is disabled in TLS 1.2 for Go 1.12. See Issue 30055.
+var supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms[3:]
+
+// helloRetryRequestRandom is set as the Random value of a ServerHello
+// to signal that the message is actually a HelloRetryRequest.
+var helloRetryRequestRandom = []byte{ // See RFC 8446, Section 4.1.3.
+ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+ 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
+ 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
+ 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C,
+}
+
+const (
+ // downgradeCanaryTLS12 or downgradeCanaryTLS11 is embedded in the server
+ // random as a downgrade protection if the server would be capable of
+ // negotiating a higher version. See RFC 8446, Section 4.1.3.
+ downgradeCanaryTLS12 = "DOWNGRD\x01"
+ downgradeCanaryTLS11 = "DOWNGRD\x00"
+)
+
// ConnectionState records basic TLS details about the connection.
type ConnectionState struct {
Version uint16 // TLS version used by the connection (e.g. VersionTLS12)
HandshakeComplete bool // TLS handshake is complete
DidResume bool // connection resumes a previous TLS connection
- CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
+ CipherSuite uint16 // cipher suite in use (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ...)
NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos)
NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only)
ServerName string // server name requested by client, if any (server side only)
PeerCertificates []*x509.Certificate // certificate chain presented by remote peer
VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates
- SignedCertificateTimestamps [][]byte // SCTs from the server, if any
- OCSPResponse []byte // stapled OCSP response from server, if any
+ SignedCertificateTimestamps [][]byte // SCTs from the peer, if any
+ OCSPResponse []byte // stapled OCSP response from peer, if any
// ekm is a closure exposed via ExportKeyingMaterial.
ekm func(label string, context []byte, length int) ([]byte, error)
@@ -172,14 +220,14 @@
// because resumption does not include enough context (see
// https://mitls.org/pages/attacks/3SHAKE#channelbindings). This will
// change in future versions of Go once the TLS master-secret fix has
- // been standardized and implemented.
+ // been standardized and implemented. It is not defined in TLS 1.3.
TLSUnique []byte
}
// ExportKeyingMaterial returns length bytes of exported key material in a new
-// slice as defined in https://tools.ietf.org/html/rfc5705. If context is nil,
-// it is not used as part of the seed. If the connection was set to allow
-// renegotiation via Config.Renegotiation, this function will return an error.
+// slice as defined in RFC 5705. If context is nil, it is not used as part of
+// the seed. If the connection was set to allow renegotiation via
+// Config.Renegotiation, this function will return an error.
func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
return cs.ekm(label, context, length)
}
@@ -196,50 +244,74 @@
RequireAndVerifyClientCert
)
+// requiresClientCert reports whether the ClientAuthType requires a client
+// certificate to be provided.
+func requiresClientCert(c ClientAuthType) bool {
+ switch c {
+ case RequireAnyClientCert, RequireAndVerifyClientCert:
+ return true
+ default:
+ return false
+ }
+}
+
// ClientSessionState contains the state needed by clients to resume TLS
// sessions.
type ClientSessionState struct {
sessionTicket []uint8 // Encrypted ticket used for session resumption with server
vers uint16 // SSL/TLS version negotiated for the session
cipherSuite uint16 // Ciphersuite negotiated for the session
- masterSecret []byte // MasterSecret generated by client on a full handshake
+ masterSecret []byte // Full handshake MasterSecret, or TLS 1.3 resumption_master_secret
serverCertificates []*x509.Certificate // Certificate chain presented by the server
verifiedChains [][]*x509.Certificate // Certificate chains we built for verification
+ receivedAt time.Time // When the session ticket was received from the server
+
+ // TLS 1.3 fields.
+ nonce []byte // Ticket nonce sent by the server, to derive PSK
+ useBy time.Time // Expiration of the ticket lifetime as set by the server
+ ageAdd uint32 // Random obfuscation factor for sending the ticket age
}
// ClientSessionCache is a cache of ClientSessionState objects that can be used
// by a client to resume a TLS session with a given server. ClientSessionCache
// implementations should expect to be called concurrently from different
-// goroutines. Only ticket-based resumption is supported, not SessionID-based
-// resumption.
+// goroutines. Up to TLS 1.2, only ticket-based resumption is supported, not
+// SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which
+// are supported via this interface.
type ClientSessionCache interface {
// Get searches for a ClientSessionState associated with the given key.
// On return, ok is true if one was found.
Get(sessionKey string) (session *ClientSessionState, ok bool)
- // Put adds the ClientSessionState to the cache with the given key.
+ // Put adds the ClientSessionState to the cache with the given key. It might
+ // get called multiple times in a connection if a TLS 1.3 server provides
+ // more than one session ticket. If called with a nil *ClientSessionState,
+ // it should remove the cache entry.
Put(sessionKey string, cs *ClientSessionState)
}
// SignatureScheme identifies a signature algorithm supported by TLS. See
-// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3.
+// RFC 8446, Section 4.2.3.
type SignatureScheme uint16
const (
- PKCS1WithSHA1 SignatureScheme = 0x0201
+ // RSASSA-PKCS1-v1_5 algorithms.
PKCS1WithSHA256 SignatureScheme = 0x0401
PKCS1WithSHA384 SignatureScheme = 0x0501
PKCS1WithSHA512 SignatureScheme = 0x0601
+ // RSASSA-PSS algorithms with public key OID rsaEncryption.
PSSWithSHA256 SignatureScheme = 0x0804
PSSWithSHA384 SignatureScheme = 0x0805
PSSWithSHA512 SignatureScheme = 0x0806
+ // ECDSA algorithms. Only constrained to a specific curve in TLS 1.3.
ECDSAWithP256AndSHA256 SignatureScheme = 0x0403
ECDSAWithP384AndSHA384 SignatureScheme = 0x0503
ECDSAWithP521AndSHA512 SignatureScheme = 0x0603
// Legacy signature and hash algorithms for TLS 1.2.
+ PKCS1WithSHA1 SignatureScheme = 0x0201
ECDSAWithSHA1 SignatureScheme = 0x0203
)
@@ -247,37 +319,32 @@
// guide certificate selection in the GetCertificate callback.
type ClientHelloInfo struct {
// CipherSuites lists the CipherSuites supported by the client (e.g.
- // TLS_RSA_WITH_RC4_128_SHA).
+ // TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256).
CipherSuites []uint16
// ServerName indicates the name of the server requested by the client
// in order to support virtual hosting. ServerName is only set if the
- // client is using SNI (see
- // https://tools.ietf.org/html/rfc4366#section-3.1).
+ // client is using SNI (see RFC 4366, Section 3.1).
ServerName string
// SupportedCurves lists the elliptic curves supported by the client.
// SupportedCurves is set only if the Supported Elliptic Curves
- // Extension is being used (see
- // https://tools.ietf.org/html/rfc4492#section-5.1.1).
+ // Extension is being used (see RFC 4492, Section 5.1.1).
SupportedCurves []CurveID
// SupportedPoints lists the point formats supported by the client.
// SupportedPoints is set only if the Supported Point Formats Extension
- // is being used (see
- // https://tools.ietf.org/html/rfc4492#section-5.1.2).
+ // is being used (see RFC 4492, Section 5.1.2).
SupportedPoints []uint8
// SignatureSchemes lists the signature and hash schemes that the client
// is willing to verify. SignatureSchemes is set only if the Signature
- // Algorithms Extension is being used (see
- // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1).
+ // Algorithms Extension is being used (see RFC 5246, Section 7.4.1.4.1).
SignatureSchemes []SignatureScheme
// SupportedProtos lists the application protocols supported by the client.
// SupportedProtos is set only if the Application-Layer Protocol
- // Negotiation Extension is being used (see
- // https://tools.ietf.org/html/rfc7301#section-3.1).
+ // Negotiation Extension is being used (see RFC 7301, Section 3.1).
//
// Servers can select a protocol by setting Config.NextProtos in a
// GetConfigForClient return value.
@@ -322,6 +389,8 @@
// handshake and application data flow is not permitted so renegotiation can
// only be used with protocols that synchronise with the renegotiation, such as
// HTTPS.
+//
+// Renegotiation is not defined in TLS 1.3.
type RenegotiationSupport int
const (
@@ -429,7 +498,8 @@
// If RootCAs is nil, TLS uses the host's root CA set.
RootCAs *x509.CertPool
- // NextProtos is a list of supported, application level protocols.
+ // NextProtos is a list of supported application level protocols, in
+ // order of preference.
NextProtos []string
// ServerName is used to verify the hostname on the returned
@@ -455,8 +525,11 @@
// This should be used only for testing.
InsecureSkipVerify bool
- // CipherSuites is a list of supported cipher suites. If CipherSuites
- // is nil, TLS uses a list of suites supported by the implementation.
+ // CipherSuites is a list of supported cipher suites for TLS versions up to
+ // TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites
+ // is used, with a preference order based on hardware performance. The
+ // default cipher suites might change over Go versions. Note that TLS 1.3
+ // ciphersuites are not configurable.
CipherSuites []uint16
// PreferServerCipherSuites controls whether the server selects the
@@ -465,19 +538,19 @@
// the order of elements in CipherSuites, is used.
PreferServerCipherSuites bool
- // SessionTicketsDisabled may be set to true to disable session ticket
- // (resumption) support. Note that on clients, session ticket support is
+ // SessionTicketsDisabled may be set to true to disable session ticket and
+ // PSK (resumption) support. Note that on clients, session ticket support is
// also disabled if ClientSessionCache is nil.
SessionTicketsDisabled bool
- // SessionTicketKey is used by TLS servers to provide session
- // resumption. See RFC 5077. If zero, it will be filled with
- // random data before the first server handshake.
+ // SessionTicketKey is used by TLS servers to provide session resumption.
+ // See RFC 5077 and the PSK mode of RFC 8446. If zero, it will be filled
+ // with random data before the first server handshake.
//
// If multiple servers are terminating connections for the same host
// they should all have the same SessionTicketKey. If the
// SessionTicketKey leaks, previously recorded and future TLS
- // connections using that key are compromised.
+ // connections using that key might be compromised.
SessionTicketKey [32]byte
// ClientSessionCache is a cache of ClientSessionState entries for TLS
@@ -490,12 +563,13 @@
// MaxVersion contains the maximum SSL/TLS version that is acceptable.
// If zero, then the maximum version supported by this package is used,
- // which is currently TLS 1.2.
+ // which is currently TLS 1.3.
MaxVersion uint16
// CurvePreferences contains the elliptic curves that will be used in
// an ECDHE handshake, in preference order. If empty, the default will
- // be used.
+ // be used. The client will use the first preference as the type for
+ // its key share in TLS 1.3. This may change in the future.
CurvePreferences []CurveID
// DynamicRecordSizingDisabled disables adaptive sizing of TLS records.
@@ -551,6 +625,10 @@
return key
}
+// maxSessionTicketLifetime is the maximum allowed lifetime of a TLS 1.3 session
+// ticket, and the lifetime we set for tickets we send.
+const maxSessionTicketLifetime = 7 * 24 * time.Hour
+
// Clone returns a shallow clone of c. It is safe to clone a Config that is
// being used concurrently by a TLS client or server.
func (c *Config) Clone() *Config {
@@ -680,18 +758,94 @@
return s
}
-func (c *Config) minVersion() uint16 {
- if c == nil || c.MinVersion == 0 {
- return minVersion
- }
- return c.MinVersion
+var supportedVersions = []uint16{
+ VersionTLS13,
+ VersionTLS12,
+ VersionTLS11,
+ VersionTLS10,
+ VersionSSL30,
}
-func (c *Config) maxVersion() uint16 {
- if c == nil || c.MaxVersion == 0 {
- return maxVersion
+func (c *Config) supportedVersions(isClient bool) []uint16 {
+ versions := make([]uint16, 0, len(supportedVersions))
+ for _, v := range supportedVersions {
+ if c != nil && c.MinVersion != 0 && v < c.MinVersion {
+ continue
+ }
+ if c != nil && c.MaxVersion != 0 && v > c.MaxVersion {
+ continue
+ }
+ // TLS 1.0 is the minimum version supported as a client.
+ if isClient && v < VersionTLS10 {
+ continue
+ }
+ // TLS 1.3 is opt-in in Go 1.12.
+ if v == VersionTLS13 && !isTLS13Supported() {
+ continue
+ }
+ versions = append(versions, v)
}
- return c.MaxVersion
+ return versions
+}
+
+// tls13Support caches the result for isTLS13Supported.
+var tls13Support struct {
+ sync.Once
+ cached bool
+}
+
+// isTLS13Supported returns whether the program opted into TLS 1.3 via
+// GODEBUG=tls13=1. It's cached after the first execution.
+func isTLS13Supported() bool {
+ tls13Support.Do(func() {
+ tls13Support.cached = goDebugString("tls13") == "1"
+ })
+ return tls13Support.cached
+}
+
+// goDebugString returns the value of the named GODEBUG key.
+// GODEBUG is of the form "key=val,key2=val2".
+func goDebugString(key string) string {
+ s := os.Getenv("GODEBUG")
+ for i := 0; i < len(s)-len(key)-1; i++ {
+ if i > 0 && s[i-1] != ',' {
+ continue
+ }
+ afterKey := s[i+len(key):]
+ if afterKey[0] != '=' || s[i:i+len(key)] != key {
+ continue
+ }
+ val := afterKey[1:]
+ for i, b := range val {
+ if b == ',' {
+ return val[:i]
+ }
+ }
+ return val
+ }
+ return ""
+}
+
+func (c *Config) maxSupportedVersion(isClient bool) uint16 {
+ supportedVersions := c.supportedVersions(isClient)
+ if len(supportedVersions) == 0 {
+ return 0
+ }
+ return supportedVersions[0]
+}
+
+// supportedVersionsFromMax returns a list of supported versions derived from a
+// legacy maximum version value. Note that only versions supported by this
+// library are returned. Any newer peer will use supportedVersions anyway.
+func supportedVersionsFromMax(maxVersion uint16) []uint16 {
+ versions := make([]uint16, 0, len(supportedVersions))
+ for _, v := range supportedVersions {
+ if v > maxVersion {
+ continue
+ }
+ versions = append(versions, v)
+ }
+ return versions
}
var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521}
@@ -704,18 +858,17 @@
}
// mutualVersion returns the protocol version to use given the advertised
-// version of the peer.
-func (c *Config) mutualVersion(vers uint16) (uint16, bool) {
- minVersion := c.minVersion()
- maxVersion := c.maxVersion()
-
- if vers < minVersion {
- return 0, false
+// versions of the peer. Priority is given to the peer preference order.
+func (c *Config) mutualVersion(isClient bool, peerVersions []uint16) (uint16, bool) {
+ supportedVersions := c.supportedVersions(isClient)
+ for _, peerVersion := range peerVersions {
+ for _, v := range supportedVersions {
+ if v == peerVersion {
+ return v, true
+ }
+ }
}
- if vers > maxVersion {
- vers = maxVersion
- }
- return vers, true
+ return 0, false
}
// getCertificate returns the best certificate for the given ClientHelloInfo,
@@ -769,9 +922,13 @@
c.NameToCertificate = make(map[string]*Certificate)
for i := range c.Certificates {
cert := &c.Certificates[i]
- x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
- if err != nil {
- continue
+ x509Cert := cert.Leaf
+ if x509Cert == nil {
+ var err error
+ x509Cert, err = x509.ParseCertificate(cert.Certificate[0])
+ if err != nil {
+ continue
+ }
}
if len(x509Cert.Subject.CommonName) > 0 {
c.NameToCertificate[x509Cert.Subject.CommonName] = cert
@@ -782,14 +939,20 @@
}
}
-// writeKeyLog logs client random and master secret if logging was enabled by
-// setting c.KeyLogWriter.
-func (c *Config) writeKeyLog(clientRandom, masterSecret []byte) error {
+const (
+ keyLogLabelTLS12 = "CLIENT_RANDOM"
+ keyLogLabelClientHandshake = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
+ keyLogLabelServerHandshake = "SERVER_HANDSHAKE_TRAFFIC_SECRET"
+ keyLogLabelClientTraffic = "CLIENT_TRAFFIC_SECRET_0"
+ keyLogLabelServerTraffic = "SERVER_TRAFFIC_SECRET_0"
+)
+
+func (c *Config) writeKeyLog(label string, clientRandom, secret []byte) error {
if c.KeyLogWriter == nil {
return nil
}
- logLine := []byte(fmt.Sprintf("CLIENT_RANDOM %x %x\n", clientRandom, masterSecret))
+ logLine := []byte(fmt.Sprintf("%s %x %x\n", label, clientRandom, secret))
writerMutex.Lock()
_, err := c.KeyLogWriter.Write(logLine)
@@ -805,11 +968,10 @@
// A Certificate is a chain of one or more certificates, leaf first.
type Certificate struct {
Certificate [][]byte
- // PrivateKey contains the private key corresponding to the public key
- // in Leaf. For a server, this must implement crypto.Signer and/or
- // crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client
- // (performing client authentication), this must be a crypto.Signer
- // with an RSA or ECDSA PublicKey.
+ // PrivateKey contains the private key corresponding to the public key in
+ // Leaf. This must implement crypto.Signer with an RSA or ECDSA PublicKey.
+ // For a server up to TLS 1.2, it can also implement crypto.Decrypter with
+ // an RSA PublicKey.
PrivateKey crypto.PrivateKey
// OCSPStaple contains an optional OCSP response which will be served
// to clients that request it.
@@ -860,15 +1022,21 @@
}
}
-// Put adds the provided (sessionKey, cs) pair to the cache.
+// Put adds the provided (sessionKey, cs) pair to the cache. If cs is nil, the entry
+// corresponding to sessionKey is removed from the cache instead.
func (c *lruSessionCache) Put(sessionKey string, cs *ClientSessionState) {
c.Lock()
defer c.Unlock()
if elem, ok := c.m[sessionKey]; ok {
- entry := elem.Value.(*lruSessionCacheEntry)
- entry.state = cs
- c.q.MoveToFront(elem)
+ if cs == nil {
+ c.q.Remove(elem)
+ delete(c.m, sessionKey)
+ } else {
+ entry := elem.Value.(*lruSessionCacheEntry)
+ entry.state = cs
+ c.q.MoveToFront(elem)
+ }
return
}
@@ -914,8 +1082,9 @@
}
var (
- once sync.Once
- varDefaultCipherSuites []uint16
+ once sync.Once
+ varDefaultCipherSuites []uint16
+ varDefaultCipherSuitesTLS13 []uint16
)
func defaultCipherSuites() []uint16 {
@@ -923,19 +1092,24 @@
return varDefaultCipherSuites
}
+func defaultCipherSuitesTLS13() []uint16 {
+ once.Do(initDefaultCipherSuites)
+ return varDefaultCipherSuitesTLS13
+}
+
func initDefaultCipherSuites() {
var topCipherSuites []uint16
// Check the cpu flags for each platform that has optimized GCM implementations.
- // Worst case, these variables will just all be false
- hasGCMAsmAMD64 := cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+ // Worst case, these variables will just all be false.
+ var (
+ hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+ hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+ // Keep in sync with crypto/aes/cipher_s390x.go.
+ hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
- hasGCMAsmARM64 := cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
-
- // Keep in sync with crypto/aes/cipher_s390x.go.
- hasGCMAsmS390X := cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
-
- hasGCMAsm := hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
+ hasGCMAsm = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
+ )
if hasGCMAsm {
// If AES-GCM hardware is provided then prioritise AES-GCM
@@ -948,6 +1122,11 @@
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
}
+ varDefaultCipherSuitesTLS13 = []uint16{
+ TLS_AES_128_GCM_SHA256,
+ TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_256_GCM_SHA384,
+ }
} else {
// Without AES-GCM hardware, we put the ChaCha20-Poly1305
// cipher suites first.
@@ -959,6 +1138,11 @@
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
}
+ varDefaultCipherSuitesTLS13 = []uint16{
+ TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_128_GCM_SHA256,
+ TLS_AES_256_GCM_SHA384,
+ }
}
varDefaultCipherSuites = make([]uint16, 0, len(cipherSuites))
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index 6e27e69..f61d432 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -57,6 +57,9 @@
secureRenegotiation bool
// ekm is a closure for exporting keying material.
ekm func(label string, context []byte, length int) ([]byte, error)
+ // resumptionSecret is the resumption_master_secret for handling
+ // NewSessionTicket messages. nil if config.SessionTicketsDisabled.
+ resumptionSecret []byte
// clientFinishedIsFirst is true if the client sent the first Finished
// message during the most recent handshake. This is recorded because
@@ -82,9 +85,10 @@
// input/output
in, out halfConn
- rawInput *block // raw input, right off the wire
- input *block // application data waiting to be read
+ rawInput bytes.Buffer // raw input, starting with a record header
+ input bytes.Reader // application data waiting to be read, from rawInput.Next
hand bytes.Buffer // handshake data waiting to be read
+ outBuf []byte // scratch buffer used by out.encrypt
buffering bool // whether records are buffered in sendBuf
sendBuf []byte // a buffer of records waiting to be sent
@@ -93,9 +97,10 @@
bytesSent int64
packetsSent int64
- // warnCount counts the number of consecutive warning alerts received
- // by Conn.readRecord. Protected by in.Mutex.
- warnCount int
+ // retryCount counts the number of consecutive non-advancing records
+ // received by Conn.readRecord. That is, records that neither advance the
+ // handshake, nor deliver application data. Protected by in.Mutex.
+ retryCount int
// activeCall is an atomic int32; the low bit is whether Close has
// been called. the rest of the bits are the number of goroutines
@@ -149,14 +154,12 @@
cipher interface{} // cipher algorithm
mac macFunction
seq [8]byte // 64-bit sequence number
- bfree *block // list of free blocks
additionalData [13]byte // to avoid allocs; interface method args escape
nextCipher interface{} // next encryption state
nextMac macFunction // next MAC algorithm
- // used to save allocating a new buffer for each MAC.
- inDigestBuf, outDigestBuf []byte
+ trafficSecret []byte // current TLS 1.3 traffic secret
}
func (hc *halfConn) setErrorLocked(err error) error {
@@ -175,7 +178,7 @@
// changeCipherSpec changes the encryption and MAC states
// to the ones previously passed to prepareCipherSpec.
func (hc *halfConn) changeCipherSpec() error {
- if hc.nextCipher == nil {
+ if hc.nextCipher == nil || hc.version == VersionTLS13 {
return alertInternalError
}
hc.cipher = hc.nextCipher
@@ -188,6 +191,15 @@
return nil
}
+func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, secret []byte) {
+ hc.trafficSecret = secret
+ key, iv := suite.trafficKey(secret)
+ hc.cipher = suite.aead(key, iv)
+ for i := range hc.seq {
+ hc.seq[i] = 0
+ }
+}
+
// incSeq increments the sequence number.
func (hc *halfConn) incSeq() {
for i := 7; i >= 0; i-- {
@@ -203,9 +215,33 @@
panic("TLS: sequence number wraparound")
}
+// explicitNonceLen returns the number of bytes of explicit nonce or IV included
+// in each record. Explicit nonces are present only in CBC modes after TLS 1.0
+// and in certain AEAD modes in TLS 1.2.
+func (hc *halfConn) explicitNonceLen() int {
+ if hc.cipher == nil {
+ return 0
+ }
+
+ switch c := hc.cipher.(type) {
+ case cipher.Stream:
+ return 0
+ case aead:
+ return c.explicitNonceLen()
+ case cbcMode:
+ // TLS 1.1 introduced a per-record explicit IV to fix the BEAST attack.
+ if hc.version >= VersionTLS11 {
+ return c.BlockSize()
+ }
+ return 0
+ default:
+ panic("unknown cipher type")
+ }
+}
+
// extractPadding returns, in constant time, the length of the padding to remove
// from the end of payload. It also returns a byte which is equal to 255 if the
-// padding was valid and 0 otherwise. See RFC 2246, section 6.2.3.2
+// padding was valid and 0 otherwise. See RFC 2246, Section 6.2.3.2.
func extractPadding(payload []byte) (toRemove int, good byte) {
if len(payload) < 1 {
return 0, 0
@@ -268,377 +304,335 @@
SetIV([]byte)
}
-// decrypt checks and strips the mac and decrypts the data in b. Returns a
-// success boolean, the number of bytes to skip from the start of the record in
-// order to get the application payload, and an optional alert value.
-func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, alertValue alert) {
- // pull out payload
- payload := b.data[recordHeaderLen:]
+// decrypt authenticates and decrypts the record if protection is active at
+// this stage. The returned plaintext might overlap with the input.
+func (hc *halfConn) decrypt(record []byte) ([]byte, recordType, error) {
+ var plaintext []byte
+ typ := recordType(record[0])
+ payload := record[recordHeaderLen:]
- macSize := 0
- if hc.mac != nil {
- macSize = hc.mac.Size()
+ // In TLS 1.3, change_cipher_spec messages are to be ignored without being
+ // decrypted. See RFC 8446, Appendix D.4.
+ if hc.version == VersionTLS13 && typ == recordTypeChangeCipherSpec {
+ return payload, typ, nil
}
paddingGood := byte(255)
paddingLen := 0
- explicitIVLen := 0
- // decrypt
+ explicitNonceLen := hc.explicitNonceLen()
+
if hc.cipher != nil {
switch c := hc.cipher.(type) {
case cipher.Stream:
c.XORKeyStream(payload, payload)
case aead:
- explicitIVLen = c.explicitNonceLen()
- if len(payload) < explicitIVLen {
- return false, 0, alertBadRecordMAC
+ if len(payload) < explicitNonceLen {
+ return nil, 0, alertBadRecordMAC
}
- nonce := payload[:explicitIVLen]
- payload = payload[explicitIVLen:]
-
+ nonce := payload[:explicitNonceLen]
if len(nonce) == 0 {
nonce = hc.seq[:]
}
+ payload = payload[explicitNonceLen:]
- copy(hc.additionalData[:], hc.seq[:])
- copy(hc.additionalData[8:], b.data[:3])
- n := len(payload) - c.Overhead()
- hc.additionalData[11] = byte(n >> 8)
- hc.additionalData[12] = byte(n)
- var err error
- payload, err = c.Open(payload[:0], nonce, payload, hc.additionalData[:])
- if err != nil {
- return false, 0, alertBadRecordMAC
+ additionalData := hc.additionalData[:]
+ if hc.version == VersionTLS13 {
+ additionalData = record[:recordHeaderLen]
+ } else {
+ copy(additionalData, hc.seq[:])
+ copy(additionalData[8:], record[:3])
+ n := len(payload) - c.Overhead()
+ additionalData[11] = byte(n >> 8)
+ additionalData[12] = byte(n)
}
- b.resize(recordHeaderLen + explicitIVLen + len(payload))
+
+ var err error
+ plaintext, err = c.Open(payload[:0], nonce, payload, additionalData)
+ if err != nil {
+ return nil, 0, alertBadRecordMAC
+ }
case cbcMode:
blockSize := c.BlockSize()
- if hc.version >= VersionTLS11 {
- explicitIVLen = blockSize
+ minPayload := explicitNonceLen + roundUp(hc.mac.Size()+1, blockSize)
+ if len(payload)%blockSize != 0 || len(payload) < minPayload {
+ return nil, 0, alertBadRecordMAC
}
- if len(payload)%blockSize != 0 || len(payload) < roundUp(explicitIVLen+macSize+1, blockSize) {
- return false, 0, alertBadRecordMAC
- }
-
- if explicitIVLen > 0 {
- c.SetIV(payload[:explicitIVLen])
- payload = payload[explicitIVLen:]
+ if explicitNonceLen > 0 {
+ c.SetIV(payload[:explicitNonceLen])
+ payload = payload[explicitNonceLen:]
}
c.CryptBlocks(payload, payload)
+
+ // In a limited attempt to protect against CBC padding oracles like
+ // Lucky13, the data past paddingLen (which is secret) is passed to
+ // the MAC function as extra data, to be fed into the HMAC after
+ // computing the digest. This makes the MAC roughly constant time as
+ // long as the digest computation is constant time and does not
+ // affect the subsequent write, modulo cache effects.
if hc.version == VersionSSL30 {
paddingLen, paddingGood = extractPaddingSSL30(payload)
} else {
paddingLen, paddingGood = extractPadding(payload)
-
- // To protect against CBC padding oracles like Lucky13, the data
- // past paddingLen (which is secret) is passed to the MAC
- // function as extra data, to be fed into the HMAC after
- // computing the digest. This makes the MAC constant time as
- // long as the digest computation is constant time and does not
- // affect the subsequent write.
}
default:
panic("unknown cipher type")
}
+
+ if hc.version == VersionTLS13 {
+ if typ != recordTypeApplicationData {
+ return nil, 0, alertUnexpectedMessage
+ }
+ if len(plaintext) > maxPlaintext+1 {
+ return nil, 0, alertRecordOverflow
+ }
+ // Remove padding and find the ContentType scanning from the end.
+ for i := len(plaintext) - 1; i >= 0; i-- {
+ if plaintext[i] != 0 {
+ typ = recordType(plaintext[i])
+ plaintext = plaintext[:i]
+ break
+ }
+ if i == 0 {
+ return nil, 0, alertUnexpectedMessage
+ }
+ }
+ }
+ } else {
+ plaintext = payload
}
- // check, strip mac
if hc.mac != nil {
+ macSize := hc.mac.Size()
if len(payload) < macSize {
- return false, 0, alertBadRecordMAC
+ return nil, 0, alertBadRecordMAC
}
- // strip mac off payload, b.data
n := len(payload) - macSize - paddingLen
n = subtle.ConstantTimeSelect(int(uint32(n)>>31), 0, n) // if n < 0 { n = 0 }
- b.data[3] = byte(n >> 8)
- b.data[4] = byte(n)
+ record[3] = byte(n >> 8)
+ record[4] = byte(n)
remoteMAC := payload[n : n+macSize]
- localMAC := hc.mac.MAC(hc.inDigestBuf, hc.seq[0:], b.data[:recordHeaderLen], payload[:n], payload[n+macSize:])
+ localMAC := hc.mac.MAC(hc.seq[0:], record[:recordHeaderLen], payload[:n], payload[n+macSize:])
if subtle.ConstantTimeCompare(localMAC, remoteMAC) != 1 || paddingGood != 255 {
- return false, 0, alertBadRecordMAC
+ return nil, 0, alertBadRecordMAC
}
- hc.inDigestBuf = localMAC
- b.resize(recordHeaderLen + explicitIVLen + n)
+ plaintext = payload[:n]
}
- hc.incSeq()
- return true, recordHeaderLen + explicitIVLen, 0
+ hc.incSeq()
+ return plaintext, typ, nil
}
-// padToBlockSize calculates the needed padding block, if any, for a payload.
-// On exit, prefix aliases payload and extends to the end of the last full
-// block of payload. finalBlock is a fresh slice which contains the contents of
-// any suffix of payload as well as the needed padding to make finalBlock a
-// full block.
-func padToBlockSize(payload []byte, blockSize int) (prefix, finalBlock []byte) {
- overrun := len(payload) % blockSize
- paddingLen := blockSize - overrun
- prefix = payload[:len(payload)-overrun]
- finalBlock = make([]byte, blockSize)
- copy(finalBlock, payload[len(payload)-overrun:])
- for i := overrun; i < blockSize; i++ {
- finalBlock[i] = byte(paddingLen - 1)
+// sliceForAppend extends the input slice by n bytes. head is the full extended
+// slice, while tail is the appended part. If the original slice has sufficient
+// capacity no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+ if total := len(in) + n; cap(in) >= total {
+ head = in[:total]
+ } else {
+ head = make([]byte, total)
+ copy(head, in)
}
+ tail = head[len(in):]
return
}
-// encrypt encrypts and macs the data in b.
-func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
- // mac
+// encrypt encrypts payload, adding the appropriate nonce and/or MAC, and
+// appends it to record, which contains the record header.
+func (hc *halfConn) encrypt(record, payload []byte, rand io.Reader) ([]byte, error) {
+ if hc.cipher == nil {
+ return append(record, payload...), nil
+ }
+
+ var explicitNonce []byte
+ if explicitNonceLen := hc.explicitNonceLen(); explicitNonceLen > 0 {
+ record, explicitNonce = sliceForAppend(record, explicitNonceLen)
+ if _, isCBC := hc.cipher.(cbcMode); !isCBC && explicitNonceLen < 16 {
+ // The AES-GCM construction in TLS has an explicit nonce so that the
+ // nonce can be random. However, the nonce is only 8 bytes which is
+ // too small for a secure, random nonce. Therefore we use the
+ // sequence number as the nonce. The 3DES-CBC construction also has
+ // an 8 bytes nonce but its nonces must be unpredictable (see RFC
+ // 5246, Appendix F.3), forcing us to use randomness. That's not
+ // 3DES' biggest problem anyway because the birthday bound on block
+ // collision is reached first due to its simlarly small block size
+ // (see the Sweet32 attack).
+ copy(explicitNonce, hc.seq[:])
+ } else {
+ if _, err := io.ReadFull(rand, explicitNonce); err != nil {
+ return nil, err
+ }
+ }
+ }
+
+ var mac []byte
if hc.mac != nil {
- mac := hc.mac.MAC(hc.outDigestBuf, hc.seq[0:], b.data[:recordHeaderLen], b.data[recordHeaderLen+explicitIVLen:], nil)
-
- n := len(b.data)
- b.resize(n + len(mac))
- copy(b.data[n:], mac)
- hc.outDigestBuf = mac
+ mac = hc.mac.MAC(hc.seq[:], record[:recordHeaderLen], payload, nil)
}
- payload := b.data[recordHeaderLen:]
-
- // encrypt
- if hc.cipher != nil {
- switch c := hc.cipher.(type) {
- case cipher.Stream:
- c.XORKeyStream(payload, payload)
- case aead:
- payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
- b.resize(len(b.data) + c.Overhead())
- nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
- if len(nonce) == 0 {
- nonce = hc.seq[:]
- }
- payload := b.data[recordHeaderLen+explicitIVLen:]
- payload = payload[:payloadLen]
-
- copy(hc.additionalData[:], hc.seq[:])
- copy(hc.additionalData[8:], b.data[:3])
- hc.additionalData[11] = byte(payloadLen >> 8)
- hc.additionalData[12] = byte(payloadLen)
-
- c.Seal(payload[:0], nonce, payload, hc.additionalData[:])
- case cbcMode:
- blockSize := c.BlockSize()
- if explicitIVLen > 0 {
- c.SetIV(payload[:explicitIVLen])
- payload = payload[explicitIVLen:]
- }
- prefix, finalBlock := padToBlockSize(payload, blockSize)
- b.resize(recordHeaderLen + explicitIVLen + len(prefix) + len(finalBlock))
- c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen:], prefix)
- c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen+len(prefix):], finalBlock)
- default:
- panic("unknown cipher type")
+ var dst []byte
+ switch c := hc.cipher.(type) {
+ case cipher.Stream:
+ record, dst = sliceForAppend(record, len(payload)+len(mac))
+ c.XORKeyStream(dst[:len(payload)], payload)
+ c.XORKeyStream(dst[len(payload):], mac)
+ case aead:
+ nonce := explicitNonce
+ if len(nonce) == 0 {
+ nonce = hc.seq[:]
}
+
+ if hc.version == VersionTLS13 {
+ record = append(record, payload...)
+
+ // Encrypt the actual ContentType and replace the plaintext one.
+ record = append(record, record[0])
+ record[0] = byte(recordTypeApplicationData)
+
+ n := len(payload) + 1 + c.Overhead()
+ record[3] = byte(n >> 8)
+ record[4] = byte(n)
+
+ record = c.Seal(record[:recordHeaderLen],
+ nonce, record[recordHeaderLen:], record[:recordHeaderLen])
+ } else {
+ copy(hc.additionalData[:], hc.seq[:])
+ copy(hc.additionalData[8:], record)
+ record = c.Seal(record, nonce, payload, hc.additionalData[:])
+ }
+ case cbcMode:
+ blockSize := c.BlockSize()
+ plaintextLen := len(payload) + len(mac)
+ paddingLen := blockSize - plaintextLen%blockSize
+ record, dst = sliceForAppend(record, plaintextLen+paddingLen)
+ copy(dst, payload)
+ copy(dst[len(payload):], mac)
+ for i := plaintextLen; i < len(dst); i++ {
+ dst[i] = byte(paddingLen - 1)
+ }
+ if len(explicitNonce) > 0 {
+ c.SetIV(explicitNonce)
+ }
+ c.CryptBlocks(dst, dst)
+ default:
+ panic("unknown cipher type")
}
- // update length to include MAC and any block padding needed.
- n := len(b.data) - recordHeaderLen
- b.data[3] = byte(n >> 8)
- b.data[4] = byte(n)
+ // Update length to include nonce, MAC and any block padding needed.
+ n := len(record) - recordHeaderLen
+ record[3] = byte(n >> 8)
+ record[4] = byte(n)
hc.incSeq()
- return true, 0
+ return record, nil
}
-// A block is a simple data buffer.
-type block struct {
- data []byte
- off int // index for Read
- link *block
-}
-
-// resize resizes block to be n bytes, growing if necessary.
-func (b *block) resize(n int) {
- if n > cap(b.data) {
- b.reserve(n)
- }
- b.data = b.data[0:n]
-}
-
-// reserve makes sure that block contains a capacity of at least n bytes.
-func (b *block) reserve(n int) {
- if cap(b.data) >= n {
- return
- }
- m := cap(b.data)
- if m == 0 {
- m = 1024
- }
- for m < n {
- m *= 2
- }
- data := make([]byte, len(b.data), m)
- copy(data, b.data)
- b.data = data
-}
-
-// readFromUntil reads from r into b until b contains at least n bytes
-// or else returns an error.
-func (b *block) readFromUntil(r io.Reader, n int) error {
- // quick case
- if len(b.data) >= n {
- return nil
- }
-
- // read until have enough.
- b.reserve(n)
- for {
- m, err := r.Read(b.data[len(b.data):cap(b.data)])
- b.data = b.data[0 : len(b.data)+m]
- if len(b.data) >= n {
- // TODO(bradfitz,agl): slightly suspicious
- // that we're throwing away r.Read's err here.
- break
- }
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-func (b *block) Read(p []byte) (n int, err error) {
- n = copy(p, b.data[b.off:])
- b.off += n
- return
-}
-
-// newBlock allocates a new block, from hc's free list if possible.
-func (hc *halfConn) newBlock() *block {
- b := hc.bfree
- if b == nil {
- return new(block)
- }
- hc.bfree = b.link
- b.link = nil
- b.resize(0)
- return b
-}
-
-// freeBlock returns a block to hc's free list.
-// The protocol is such that each side only has a block or two on
-// its free list at a time, so there's no need to worry about
-// trimming the list, etc.
-func (hc *halfConn) freeBlock(b *block) {
- b.link = hc.bfree
- hc.bfree = b
-}
-
-// splitBlock splits a block after the first n bytes,
-// returning a block with those n bytes and a
-// block with the remainder. the latter may be nil.
-func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) {
- if len(b.data) <= n {
- return b, nil
- }
- bb := hc.newBlock()
- bb.resize(len(b.data) - n)
- copy(bb.data, b.data[n:])
- b.data = b.data[0:n]
- return b, bb
-}
-
-// RecordHeaderError results when a TLS record header is invalid.
+// RecordHeaderError is returned when a TLS record header is invalid.
type RecordHeaderError struct {
// Msg contains a human readable string that describes the error.
Msg string
// RecordHeader contains the five bytes of TLS record header that
// triggered the error.
RecordHeader [5]byte
+ // Conn provides the underlying net.Conn in the case that a client
+ // sent an initial handshake that didn't look like TLS.
+ // It is nil if there's already been a handshake or a TLS alert has
+ // been written to the connection.
+ Conn net.Conn
}
func (e RecordHeaderError) Error() string { return "tls: " + e.Msg }
-func (c *Conn) newRecordHeaderError(msg string) (err RecordHeaderError) {
+func (c *Conn) newRecordHeaderError(conn net.Conn, msg string) (err RecordHeaderError) {
err.Msg = msg
- copy(err.RecordHeader[:], c.rawInput.data)
+ err.Conn = conn
+ copy(err.RecordHeader[:], c.rawInput.Bytes())
return err
}
-// readRecord reads the next TLS record from the connection
-// and updates the record layer state.
-func (c *Conn) readRecord(want recordType) error {
- // Caller must be in sync with connection:
- // handshake data if handshake not yet completed,
- // else application data.
- switch want {
- default:
- c.sendAlert(alertInternalError)
- return c.in.setErrorLocked(errors.New("tls: unknown record type requested"))
- case recordTypeHandshake, recordTypeChangeCipherSpec:
- if c.handshakeComplete() {
- c.sendAlert(alertInternalError)
- return c.in.setErrorLocked(errors.New("tls: handshake or ChangeCipherSpec requested while not in handshake"))
- }
- case recordTypeApplicationData:
- if !c.handshakeComplete() {
- c.sendAlert(alertInternalError)
- return c.in.setErrorLocked(errors.New("tls: application data record requested while in handshake"))
- }
- }
+func (c *Conn) readRecord() error {
+ return c.readRecordOrCCS(false)
+}
-Again:
- if c.rawInput == nil {
- c.rawInput = c.in.newBlock()
+func (c *Conn) readChangeCipherSpec() error {
+ return c.readRecordOrCCS(true)
+}
+
+// readRecordOrCCS reads one or more TLS records from the connection and
+// updates the record layer state. Some invariants:
+// * c.in must be locked
+// * c.input must be empty
+// During the handshake one and only one of the following will happen:
+// - c.hand grows
+// - c.in.changeCipherSpec is called
+// - an error is returned
+// After the handshake one and only one of the following will happen:
+// - c.hand grows
+// - c.input is set
+// - an error is returned
+func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
+ if c.in.err != nil {
+ return c.in.err
}
- b := c.rawInput
+ handshakeComplete := c.handshakeComplete()
+
+ // This function modifies c.rawInput, which owns the c.input memory.
+ if c.input.Len() != 0 {
+ return c.in.setErrorLocked(errors.New("tls: internal error: attempted to read record with pending application data"))
+ }
+ c.input.Reset(nil)
// Read header, payload.
- if err := b.readFromUntil(c.conn, recordHeaderLen); err != nil {
- // RFC suggests that EOF without an alertCloseNotify is
- // an error, but popular web sites seem to do this,
- // so we can't make it an error.
- // if err == io.EOF {
- // err = io.ErrUnexpectedEOF
- // }
+ if err := c.readFromUntil(c.conn, recordHeaderLen); err != nil {
+ // RFC 8446, Section 6.1 suggests that EOF without an alertCloseNotify
+ // is an error, but popular web sites seem to do this, so we accept it
+ // if and only if at the record boundary.
+ if err == io.ErrUnexpectedEOF && c.rawInput.Len() == 0 {
+ err = io.EOF
+ }
if e, ok := err.(net.Error); !ok || !e.Temporary() {
c.in.setErrorLocked(err)
}
return err
}
- typ := recordType(b.data[0])
+ hdr := c.rawInput.Bytes()[:recordHeaderLen]
+ typ := recordType(hdr[0])
// No valid TLS record has a type of 0x80, however SSLv2 handshakes
// start with a uint16 length where the MSB is set and the first record
// is always < 256 bytes long. Therefore typ == 0x80 strongly suggests
// an SSLv2 client.
- if want == recordTypeHandshake && typ == 0x80 {
+ if !handshakeComplete && typ == 0x80 {
c.sendAlert(alertProtocolVersion)
- return c.in.setErrorLocked(c.newRecordHeaderError("unsupported SSLv2 handshake received"))
+ return c.in.setErrorLocked(c.newRecordHeaderError(nil, "unsupported SSLv2 handshake received"))
}
- vers := uint16(b.data[1])<<8 | uint16(b.data[2])
- n := int(b.data[3])<<8 | int(b.data[4])
- if c.haveVers && vers != c.vers {
+ vers := uint16(hdr[1])<<8 | uint16(hdr[2])
+ n := int(hdr[3])<<8 | int(hdr[4])
+ if c.haveVers && c.vers != VersionTLS13 && vers != c.vers {
c.sendAlert(alertProtocolVersion)
msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers)
- return c.in.setErrorLocked(c.newRecordHeaderError(msg))
- }
- if n > maxCiphertext {
- c.sendAlert(alertRecordOverflow)
- msg := fmt.Sprintf("oversized record received with length %d", n)
- return c.in.setErrorLocked(c.newRecordHeaderError(msg))
+ return c.in.setErrorLocked(c.newRecordHeaderError(nil, msg))
}
if !c.haveVers {
// First message, be extra suspicious: this might not be a TLS
// client. Bail out before reading a full 'body', if possible.
// The current max version is 3.3 so if the version is >= 16.0,
// it's probably not real.
- if (typ != recordTypeAlert && typ != want) || vers >= 0x1000 {
- c.sendAlert(alertUnexpectedMessage)
- return c.in.setErrorLocked(c.newRecordHeaderError("first record does not look like a TLS handshake"))
+ if (typ != recordTypeAlert && typ != recordTypeHandshake) || vers >= 0x1000 {
+ return c.in.setErrorLocked(c.newRecordHeaderError(c.conn, "first record does not look like a TLS handshake"))
}
}
- if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil {
- if err == io.EOF {
- err = io.ErrUnexpectedEOF
- }
+ if c.vers == VersionTLS13 && n > maxCiphertextTLS13 || n > maxCiphertext {
+ c.sendAlert(alertRecordOverflow)
+ msg := fmt.Sprintf("oversized record received with length %d", n)
+ return c.in.setErrorLocked(c.newRecordHeaderError(nil, msg))
+ }
+ if err := c.readFromUntil(c.conn, recordHeaderLen+n); err != nil {
if e, ok := err.(net.Error); !ok || !e.Temporary() {
c.in.setErrorLocked(err)
}
@@ -646,91 +640,148 @@
}
// Process message.
- b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
- ok, off, alertValue := c.in.decrypt(b)
- if !ok {
- c.in.freeBlock(b)
- return c.in.setErrorLocked(c.sendAlert(alertValue))
+ record := c.rawInput.Next(recordHeaderLen + n)
+ data, typ, err := c.in.decrypt(record)
+ if err != nil {
+ return c.in.setErrorLocked(c.sendAlert(err.(alert)))
}
- b.off = off
- data := b.data[b.off:]
if len(data) > maxPlaintext {
- err := c.sendAlert(alertRecordOverflow)
- c.in.freeBlock(b)
- return c.in.setErrorLocked(err)
+ return c.in.setErrorLocked(c.sendAlert(alertRecordOverflow))
}
- if typ != recordTypeAlert && len(data) > 0 {
- // this is a valid non-alert message: reset the count of alerts
- c.warnCount = 0
+ // Application Data messages are always protected.
+ if c.in.cipher == nil && typ == recordTypeApplicationData {
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+ }
+
+ if typ != recordTypeAlert && typ != recordTypeChangeCipherSpec && len(data) > 0 {
+ // This is a state-advancing message: reset the retry count.
+ c.retryCount = 0
+ }
+
+ // Handshake messages MUST NOT be interleaved with other record types in TLS 1.3.
+ if c.vers == VersionTLS13 && typ != recordTypeHandshake && c.hand.Len() > 0 {
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
switch typ {
default:
- c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
case recordTypeAlert:
if len(data) != 2 {
- c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
- break
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
if alert(data[1]) == alertCloseNotify {
- c.in.setErrorLocked(io.EOF)
- break
+ return c.in.setErrorLocked(io.EOF)
+ }
+ if c.vers == VersionTLS13 {
+ return c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])})
}
switch data[0] {
case alertLevelWarning:
- // drop on the floor
- c.in.freeBlock(b)
-
- c.warnCount++
- if c.warnCount > maxWarnAlertCount {
- c.sendAlert(alertUnexpectedMessage)
- return c.in.setErrorLocked(errors.New("tls: too many warn alerts"))
- }
-
- goto Again
+ // Drop the record on the floor and retry.
+ return c.retryReadRecord(expectChangeCipherSpec)
case alertLevelError:
- c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])})
+ return c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])})
default:
- c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
case recordTypeChangeCipherSpec:
- if typ != want || len(data) != 1 || data[0] != 1 {
- c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
- break
+ if len(data) != 1 || data[0] != 1 {
+ return c.in.setErrorLocked(c.sendAlert(alertDecodeError))
}
- // Handshake messages are not allowed to fragment across the CCS
+ // Handshake messages are not allowed to fragment across the CCS.
if c.hand.Len() > 0 {
- c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
- break
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
- err := c.in.changeCipherSpec()
- if err != nil {
- c.in.setErrorLocked(c.sendAlert(err.(alert)))
+ // In TLS 1.3, change_cipher_spec records are ignored until the
+ // Finished. See RFC 8446, Appendix D.4. Note that according to Section
+ // 5, a server can send a ChangeCipherSpec before its ServerHello, when
+ // c.vers is still unset. That's not useful though and suspicious if the
+ // server then selects a lower protocol version, so don't allow that.
+ if c.vers == VersionTLS13 {
+ return c.retryReadRecord(expectChangeCipherSpec)
+ }
+ if !expectChangeCipherSpec {
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+ }
+ if err := c.in.changeCipherSpec(); err != nil {
+ return c.in.setErrorLocked(c.sendAlert(err.(alert)))
}
case recordTypeApplicationData:
- if typ != want {
- c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
- break
+ if !handshakeComplete || expectChangeCipherSpec {
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
- c.input = b
- b = nil
+ // Some OpenSSL servers send empty records in order to randomize the
+ // CBC IV. Ignore a limited number of empty records.
+ if len(data) == 0 {
+ return c.retryReadRecord(expectChangeCipherSpec)
+ }
+ // Note that data is owned by c.rawInput, following the Next call above,
+ // to avoid copying the plaintext. This is safe because c.rawInput is
+ // not read from or written to until c.input is drained.
+ c.input.Reset(data)
case recordTypeHandshake:
- // TODO(rsc): Should at least pick off connection close.
- if typ != want && !(c.isClient && c.config.Renegotiation != RenegotiateNever) {
- return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation))
+ if len(data) == 0 || expectChangeCipherSpec {
+ return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
c.hand.Write(data)
}
- if b != nil {
- c.in.freeBlock(b)
+ return nil
+}
+
+// retryReadRecord recurses into readRecordOrCCS to drop a non-advancing record, like
+// a warning alert, empty application_data, or a change_cipher_spec in TLS 1.3.
+func (c *Conn) retryReadRecord(expectChangeCipherSpec bool) error {
+ c.retryCount++
+ if c.retryCount > maxUselessRecords {
+ c.sendAlert(alertUnexpectedMessage)
+ return c.in.setErrorLocked(errors.New("tls: too many ignored records"))
}
- return c.in.err
+ return c.readRecordOrCCS(expectChangeCipherSpec)
+}
+
+// atLeastReader reads from R, stopping with EOF once at least N bytes have been
+// read. It is different from an io.LimitedReader in that it doesn't cut short
+// the last Read call, and in that it considers an early EOF an error.
+type atLeastReader struct {
+ R io.Reader
+ N int64
+}
+
+func (r *atLeastReader) Read(p []byte) (int, error) {
+ if r.N <= 0 {
+ return 0, io.EOF
+ }
+ n, err := r.R.Read(p)
+ r.N -= int64(n) // won't underflow unless len(p) >= n > 9223372036854775809
+ if r.N > 0 && err == io.EOF {
+ return n, io.ErrUnexpectedEOF
+ }
+ if r.N <= 0 && err == nil {
+ return n, io.EOF
+ }
+ return n, err
+}
+
+// readFromUntil reads from r into c.rawInput until c.rawInput contains
+// at least n bytes or else returns an error.
+func (c *Conn) readFromUntil(r io.Reader, n int) error {
+ if c.rawInput.Len() >= n {
+ return nil
+ }
+ needs := n - c.rawInput.Len()
+ // There might be extra input waiting on the wire. Make a best effort
+ // attempt to fetch it so that it can be used in (*Conn).Read to
+ // "predict" closeNotify alerts.
+ c.rawInput.Grow(needs + bytes.MinRead)
+ _, err := c.rawInput.ReadFrom(&atLeastReader{r, int64(needs)})
+ return err
}
// sendAlert sends a TLS alert message.
@@ -789,7 +840,7 @@
//
// In the interests of simplicity and determinism, this code does not attempt
// to reset the record size once the connection is idle, however.
-func (c *Conn) maxPayloadSizeForWrite(typ recordType, explicitIVLen int) int {
+func (c *Conn) maxPayloadSizeForWrite(typ recordType) int {
if c.config.DynamicRecordSizingDisabled || typ != recordTypeApplicationData {
return maxPlaintext
}
@@ -799,16 +850,11 @@
}
// Subtract TLS overheads to get the maximum payload size.
- macSize := 0
- if c.out.mac != nil {
- macSize = c.out.mac.Size()
- }
-
- payloadBytes := tcpMSSEstimate - recordHeaderLen - explicitIVLen
+ payloadBytes := tcpMSSEstimate - recordHeaderLen - c.out.explicitNonceLen()
if c.out.cipher != nil {
switch ciph := c.out.cipher.(type) {
case cipher.Stream:
- payloadBytes -= macSize
+ payloadBytes -= c.out.mac.Size()
case cipher.AEAD:
payloadBytes -= ciph.Overhead()
case cbcMode:
@@ -818,11 +864,14 @@
payloadBytes = (payloadBytes & ^(blockSize - 1)) - 1
// The MAC is appended before padding so affects the
// payload size directly.
- payloadBytes -= macSize
+ payloadBytes -= c.out.mac.Size()
default:
panic("unknown cipher type")
}
}
+ if c.vers == VersionTLS13 {
+ payloadBytes-- // encrypted ContentType
+ }
// Allow packet growth in arithmetic progression up to max.
pkt := c.packetsSent
@@ -864,70 +913,43 @@
// writeRecordLocked writes a TLS record with the given type and payload to the
// connection and updates the record layer state.
func (c *Conn) writeRecordLocked(typ recordType, data []byte) (int, error) {
- b := c.out.newBlock()
- defer c.out.freeBlock(b)
-
var n int
for len(data) > 0 {
- explicitIVLen := 0
- explicitIVIsSeq := false
-
- var cbc cbcMode
- if c.out.version >= VersionTLS11 {
- var ok bool
- if cbc, ok = c.out.cipher.(cbcMode); ok {
- explicitIVLen = cbc.BlockSize()
- }
- }
- if explicitIVLen == 0 {
- if c, ok := c.out.cipher.(aead); ok {
- explicitIVLen = c.explicitNonceLen()
-
- // The AES-GCM construction in TLS has an
- // explicit nonce so that the nonce can be
- // random. However, the nonce is only 8 bytes
- // which is too small for a secure, random
- // nonce. Therefore we use the sequence number
- // as the nonce.
- explicitIVIsSeq = explicitIVLen > 0
- }
- }
m := len(data)
- if maxPayload := c.maxPayloadSizeForWrite(typ, explicitIVLen); m > maxPayload {
+ if maxPayload := c.maxPayloadSizeForWrite(typ); m > maxPayload {
m = maxPayload
}
- b.resize(recordHeaderLen + explicitIVLen + m)
- b.data[0] = byte(typ)
+
+ _, c.outBuf = sliceForAppend(c.outBuf[:0], recordHeaderLen)
+ c.outBuf[0] = byte(typ)
vers := c.vers
if vers == 0 {
// Some TLS servers fail if the record version is
// greater than TLS 1.0 for the initial ClientHello.
vers = VersionTLS10
+ } else if vers == VersionTLS13 {
+ // TLS 1.3 froze the record layer version to 1.2.
+ // See RFC 8446, Section 5.1.
+ vers = VersionTLS12
}
- b.data[1] = byte(vers >> 8)
- b.data[2] = byte(vers)
- b.data[3] = byte(m >> 8)
- b.data[4] = byte(m)
- if explicitIVLen > 0 {
- explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
- if explicitIVIsSeq {
- copy(explicitIV, c.out.seq[:])
- } else {
- if _, err := io.ReadFull(c.config.rand(), explicitIV); err != nil {
- return n, err
- }
- }
+ c.outBuf[1] = byte(vers >> 8)
+ c.outBuf[2] = byte(vers)
+ c.outBuf[3] = byte(m >> 8)
+ c.outBuf[4] = byte(m)
+
+ var err error
+ c.outBuf, err = c.out.encrypt(c.outBuf, data[:m], c.config.rand())
+ if err != nil {
+ return n, err
}
- copy(b.data[recordHeaderLen+explicitIVLen:], data)
- c.out.encrypt(b, explicitIVLen)
- if _, err := c.write(b.data); err != nil {
+ if _, err := c.write(c.outBuf); err != nil {
return n, err
}
n += m
data = data[m:]
}
- if typ == recordTypeChangeCipherSpec {
+ if typ == recordTypeChangeCipherSpec && c.vers != VersionTLS13 {
if err := c.out.changeCipherSpec(); err != nil {
return n, c.sendAlertLocked(err.(alert))
}
@@ -949,10 +971,7 @@
// the record layer.
func (c *Conn) readHandshake() (interface{}, error) {
for c.hand.Len() < 4 {
- if err := c.in.err; err != nil {
- return nil, err
- }
- if err := c.readRecord(recordTypeHandshake); err != nil {
+ if err := c.readRecord(); err != nil {
return nil, err
}
}
@@ -964,10 +983,7 @@
return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake))
}
for c.hand.Len() < 4+n {
- if err := c.in.err; err != nil {
- return nil, err
- }
- if err := c.readRecord(recordTypeHandshake); err != nil {
+ if err := c.readRecord(); err != nil {
return nil, err
}
}
@@ -981,12 +997,24 @@
case typeServerHello:
m = new(serverHelloMsg)
case typeNewSessionTicket:
- m = new(newSessionTicketMsg)
+ if c.vers == VersionTLS13 {
+ m = new(newSessionTicketMsgTLS13)
+ } else {
+ m = new(newSessionTicketMsg)
+ }
case typeCertificate:
- m = new(certificateMsg)
+ if c.vers == VersionTLS13 {
+ m = new(certificateMsgTLS13)
+ } else {
+ m = new(certificateMsg)
+ }
case typeCertificateRequest:
- m = &certificateRequestMsg{
- hasSignatureAndHash: c.vers >= VersionTLS12,
+ if c.vers == VersionTLS13 {
+ m = new(certificateRequestMsgTLS13)
+ } else {
+ m = &certificateRequestMsg{
+ hasSignatureAlgorithm: c.vers >= VersionTLS12,
+ }
}
case typeCertificateStatus:
m = new(certificateStatusMsg)
@@ -998,12 +1026,18 @@
m = new(clientKeyExchangeMsg)
case typeCertificateVerify:
m = &certificateVerifyMsg{
- hasSignatureAndHash: c.vers >= VersionTLS12,
+ hasSignatureAlgorithm: c.vers >= VersionTLS12,
}
case typeNextProtocol:
m = new(nextProtoMsg)
case typeFinished:
m = new(finishedMsg)
+ case typeEncryptedExtensions:
+ m = new(encryptedExtensionsMsg)
+ case typeEndOfEarlyData:
+ m = new(endOfEarlyDataMsg)
+ case typeKeyUpdate:
+ m = new(keyUpdateMsg)
default:
return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
@@ -1083,15 +1117,19 @@
// handleRenegotiation processes a HelloRequest handshake message.
func (c *Conn) handleRenegotiation() error {
+ if c.vers == VersionTLS13 {
+ return errors.New("tls: internal error: unexpected renegotiation")
+ }
+
msg, err := c.readHandshake()
if err != nil {
return err
}
- _, ok := msg.(*helloRequestMsg)
+ helloReq, ok := msg.(*helloRequestMsg)
if !ok {
c.sendAlert(alertUnexpectedMessage)
- return alertUnexpectedMessage
+ return unexpectedMessageError(helloReq, msg)
}
if !c.isClient {
@@ -1122,73 +1160,106 @@
return c.handshakeErr
}
+// handlePostHandshakeMessage processes a handshake message arrived after the
+// handshake is complete. Up to TLS 1.2, it indicates the start of a renegotiation.
+func (c *Conn) handlePostHandshakeMessage() error {
+ if c.vers != VersionTLS13 {
+ return c.handleRenegotiation()
+ }
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ c.retryCount++
+ if c.retryCount > maxUselessRecords {
+ c.sendAlert(alertUnexpectedMessage)
+ return c.in.setErrorLocked(errors.New("tls: too many non-advancing records"))
+ }
+
+ switch msg := msg.(type) {
+ case *newSessionTicketMsgTLS13:
+ return c.handleNewSessionTicket(msg)
+ case *keyUpdateMsg:
+ return c.handleKeyUpdate(msg)
+ default:
+ c.sendAlert(alertUnexpectedMessage)
+ return fmt.Errorf("tls: received unexpected handshake message of type %T", msg)
+ }
+}
+
+func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error {
+ cipherSuite := cipherSuiteTLS13ByID(c.cipherSuite)
+ if cipherSuite == nil {
+ return c.in.setErrorLocked(c.sendAlert(alertInternalError))
+ }
+
+ newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret)
+ c.in.setTrafficSecret(cipherSuite, newSecret)
+
+ if keyUpdate.updateRequested {
+ c.out.Lock()
+ defer c.out.Unlock()
+
+ msg := &keyUpdateMsg{}
+ _, err := c.writeRecordLocked(recordTypeHandshake, msg.marshal())
+ if err != nil {
+ // Surface the error at the next write.
+ c.out.setErrorLocked(err)
+ return nil
+ }
+
+ newSecret := cipherSuite.nextTrafficSecret(c.out.trafficSecret)
+ c.out.setTrafficSecret(cipherSuite, newSecret)
+ }
+
+ return nil
+}
+
// Read can be made to time out and return a net.Error with Timeout() == true
// after a fixed time limit; see SetDeadline and SetReadDeadline.
-func (c *Conn) Read(b []byte) (n int, err error) {
- if err = c.Handshake(); err != nil {
- return
+func (c *Conn) Read(b []byte) (int, error) {
+ if err := c.Handshake(); err != nil {
+ return 0, err
}
if len(b) == 0 {
// Put this after Handshake, in case people were calling
// Read(nil) for the side effect of the Handshake.
- return
+ return 0, nil
}
c.in.Lock()
defer c.in.Unlock()
- // Some OpenSSL servers send empty records in order to randomize the
- // CBC IV. So this loop ignores a limited number of empty records.
- const maxConsecutiveEmptyRecords = 100
- for emptyRecordCount := 0; emptyRecordCount <= maxConsecutiveEmptyRecords; emptyRecordCount++ {
- for c.input == nil && c.in.err == nil {
- if err := c.readRecord(recordTypeApplicationData); err != nil {
- // Soft error, like EAGAIN
- return 0, err
- }
- if c.hand.Len() > 0 {
- // We received handshake bytes, indicating the
- // start of a renegotiation.
- if err := c.handleRenegotiation(); err != nil {
- return 0, err
- }
- }
- }
- if err := c.in.err; err != nil {
+ for c.input.Len() == 0 {
+ if err := c.readRecord(); err != nil {
return 0, err
}
-
- n, err = c.input.Read(b)
- if c.input.off >= len(c.input.data) {
- c.in.freeBlock(c.input)
- c.input = nil
- }
-
- // If a close-notify alert is waiting, read it so that
- // we can return (n, EOF) instead of (n, nil), to signal
- // to the HTTP response reading goroutine that the
- // connection is now closed. This eliminates a race
- // where the HTTP response reading goroutine would
- // otherwise not observe the EOF until its next read,
- // by which time a client goroutine might have already
- // tried to reuse the HTTP connection for a new
- // request.
- // See https://codereview.appspot.com/76400046
- // and https://golang.org/issue/3514
- if ri := c.rawInput; ri != nil &&
- n != 0 && err == nil &&
- c.input == nil && len(ri.data) > 0 && recordType(ri.data[0]) == recordTypeAlert {
- if recErr := c.readRecord(recordTypeApplicationData); recErr != nil {
- err = recErr // will be io.EOF on closeNotify
+ for c.hand.Len() > 0 {
+ if err := c.handlePostHandshakeMessage(); err != nil {
+ return 0, err
}
}
-
- if n != 0 || err != nil {
- return n, err
- }
}
- return 0, io.ErrNoProgress
+ n, _ := c.input.Read(b)
+
+ // If a close-notify alert is waiting, read it so that we can return (n,
+ // EOF) instead of (n, nil), to signal to the HTTP response reading
+ // goroutine that the connection is now closed. This eliminates a race
+ // where the HTTP response reading goroutine would otherwise not observe
+ // the EOF until its next read, by which time a client goroutine might
+ // have already tried to reuse the HTTP connection for a new request.
+ // See https://golang.org/cl/76400046 and https://golang.org/issue/3514
+ if n != 0 && c.input.Len() == 0 && c.rawInput.Len() > 0 &&
+ recordType(c.rawInput.Bytes()[0]) == recordTypeAlert {
+ if err := c.readRecord(); err != nil {
+ return n, err // will be io.EOF on closeNotify
+ }
+ }
+
+ return n, nil
}
// Close closes the connection.
@@ -1282,7 +1353,7 @@
}
if c.handshakeErr == nil && !c.handshakeComplete() {
- panic("handshake should have had a result.")
+ c.handshakeErr = errors.New("tls: internal error: handshake should have had a result")
}
return c.handshakeErr
@@ -1307,7 +1378,7 @@
state.VerifiedChains = c.verifiedChains
state.SignedCertificateTimestamps = c.scts
state.OCSPResponse = c.ocspResponse
- if !c.didResume {
+ if !c.didResume && c.vers != VersionTLS13 {
if c.clientFinishedIsFirst {
state.TLSUnique = c.clientFinished[:]
} else {
diff --git a/src/crypto/tls/conn_test.go b/src/crypto/tls/conn_test.go
index 5c7f7ce..57f6105 100644
--- a/src/crypto/tls/conn_test.go
+++ b/src/crypto/tls/conn_test.go
@@ -134,13 +134,15 @@
// Run with multiple crypto configs to test the logic for computing TLS record overheads.
func runDynamicRecordSizingTest(t *testing.T, config *Config) {
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(t)
serverConfig := config.Clone()
serverConfig.DynamicRecordSizingDisabled = false
tlsConn := Server(serverConn, serverConfig)
+ handshakeDone := make(chan struct{})
recordSizesChan := make(chan []int, 1)
+ defer func() { <-recordSizesChan }() // wait for the goroutine to exit
go func() {
// This goroutine performs a TLS handshake over clientConn and
// then reads TLS records until EOF. It writes a slice that
@@ -153,6 +155,7 @@
t.Errorf("Error from client handshake: %v", err)
return
}
+ close(handshakeDone)
var recordHeader [recordHeaderLen]byte
var record []byte
@@ -179,11 +182,7 @@
return
}
- // The last record will be a close_notify alert, which
- // we don't wish to record.
- if recordType(recordHeader[0]) == recordTypeApplicationData {
- recordSizes = append(recordSizes, recordHeaderLen+length)
- }
+ recordSizes = append(recordSizes, recordHeaderLen+length)
}
recordSizesChan <- recordSizes
@@ -192,6 +191,7 @@
if err := tlsConn.Handshake(); err != nil {
t.Fatalf("Error from server handshake: %s", err)
}
+ <-handshakeDone
// The server writes these plaintexts in order.
plaintext := bytes.Join([][]byte{
@@ -212,8 +212,9 @@
t.Fatalf("Client encountered an error")
}
- // Drop the size of last record, which is likely to be truncated.
- recordSizes = recordSizes[:len(recordSizes)-1]
+ // Drop the size of the second to last record, which is likely to be
+ // truncated, and the last record, which is a close_notify alert.
+ recordSizes = recordSizes[:len(recordSizes)-2]
// recordSizes should contain a series of records smaller than
// tcpMSSEstimate followed by some larger than maxPlaintext.
@@ -238,22 +239,30 @@
func TestDynamicRecordSizingWithStreamCipher(t *testing.T) {
config := testConfig.Clone()
+ config.MaxVersion = VersionTLS12
config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA}
runDynamicRecordSizingTest(t, config)
}
func TestDynamicRecordSizingWithCBC(t *testing.T) {
config := testConfig.Clone()
+ config.MaxVersion = VersionTLS12
config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA}
runDynamicRecordSizingTest(t, config)
}
func TestDynamicRecordSizingWithAEAD(t *testing.T) {
config := testConfig.Clone()
+ config.MaxVersion = VersionTLS12
config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
runDynamicRecordSizingTest(t, config)
}
+func TestDynamicRecordSizingWithTLSv13(t *testing.T) {
+ config := testConfig.Clone()
+ runDynamicRecordSizingTest(t, config)
+}
+
// hairpinConn is a net.Conn that makes a “hairpin” call when closed, back into
// the tls.Conn which is calling it.
type hairpinConn struct {
@@ -269,7 +278,7 @@
func TestHairpinInClose(t *testing.T) {
// This tests that the underlying net.Conn can call back into the
// tls.Conn when being closed without deadlocking.
- client, server := net.Pipe()
+ client, server := localPipe(t)
defer server.Close()
defer client.Close()
diff --git a/src/crypto/tls/example_test.go b/src/crypto/tls/example_test.go
index fef4efe..5995ea6 100644
--- a/src/crypto/tls/example_test.go
+++ b/src/crypto/tls/example_test.go
@@ -110,9 +110,6 @@
// The resulting file can be used with Wireshark to decrypt the TLS
// connection by setting (Pre)-Master-Secret log filename in SSL Protocol
// preferences.
-
- // Output:
- // CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80
}
func ExampleLoadX509KeyPair() {
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 32fdc6d..e760fbf 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -18,6 +18,7 @@
"strconv"
"strings"
"sync/atomic"
+ "time"
)
type clientHandshakeState struct {
@@ -30,28 +31,42 @@
session *ClientSessionState
}
-func makeClientHello(config *Config) (*clientHelloMsg, error) {
+func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
+ config := c.config
if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
- return nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
+ return nil, nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
}
nextProtosLength := 0
for _, proto := range config.NextProtos {
if l := len(proto); l == 0 || l > 255 {
- return nil, errors.New("tls: invalid NextProtos value")
+ return nil, nil, errors.New("tls: invalid NextProtos value")
} else {
nextProtosLength += 1 + l
}
}
-
if nextProtosLength > 0xffff {
- return nil, errors.New("tls: NextProtos values too large")
+ return nil, nil, errors.New("tls: NextProtos values too large")
+ }
+
+ supportedVersions := config.supportedVersions(true)
+ if len(supportedVersions) == 0 {
+ return nil, nil, errors.New("tls: no supported versions satisfy MinVersion and MaxVersion")
+ }
+
+ clientHelloVersion := supportedVersions[0]
+ // The version at the beginning of the ClientHello was capped at TLS 1.2
+ // for compatibility reasons. The supported_versions extension is used
+ // to negotiate versions now. See RFC 8446, Section 4.2.1.
+ if clientHelloVersion > VersionTLS12 {
+ clientHelloVersion = VersionTLS12
}
hello := &clientHelloMsg{
- vers: config.maxVersion(),
+ vers: clientHelloVersion,
compressionMethods: []uint8{compressionNone},
random: make([]byte, 32),
+ sessionId: make([]byte, 32),
ocspStapling: true,
scts: true,
serverName: hostnameInSNI(config.ServerName),
@@ -60,7 +75,13 @@
nextProtoNeg: len(config.NextProtos) > 0,
secureRenegotiationSupported: true,
alpnProtocols: config.NextProtos,
+ supportedVersions: supportedVersions,
}
+
+ if c.handshakes > 0 {
+ hello.secureRenegotiation = c.clientFinished[:]
+ }
+
possibleCipherSuites := config.cipherSuites()
hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
@@ -82,17 +103,39 @@
_, err := io.ReadFull(config.rand(), hello.random)
if err != nil {
- return nil, errors.New("tls: short read from Rand: " + err.Error())
+ return nil, nil, errors.New("tls: short read from Rand: " + err.Error())
+ }
+
+ // A random session ID is used to detect when the server accepted a ticket
+ // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
+ // a compatibility measure (see RFC 8446, Section 4.1.2).
+ if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
+ return nil, nil, errors.New("tls: short read from Rand: " + err.Error())
}
if hello.vers >= VersionTLS12 {
hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms
}
- return hello, nil
+ var params ecdheParameters
+ if hello.supportedVersions[0] == VersionTLS13 {
+ hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13()...)
+
+ curveID := config.curvePreferences()[0]
+ if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
+ return nil, nil, errors.New("tls: CurvePreferences includes unsupported curve")
+ }
+ params, err = generateECDHEParameters(config.rand(), curveID)
+ if err != nil {
+ return nil, nil, err
+ }
+ hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
+ }
+
+ return hello, params, nil
}
-func (c *Conn) clientHandshake() error {
+func (c *Conn) clientHandshake() (err error) {
if c.config == nil {
c.config = defaultConfig()
}
@@ -101,90 +144,27 @@
// need to be reset.
c.didResume = false
- hello, err := makeClientHello(c.config)
+ hello, ecdheParams, err := c.makeClientHello()
if err != nil {
return err
}
- if c.handshakes > 0 {
- hello.secureRenegotiation = c.clientFinished[:]
- }
-
- var session *ClientSessionState
- var cacheKey string
- sessionCache := c.config.ClientSessionCache
- if c.config.SessionTicketsDisabled {
- sessionCache = nil
- }
-
- if sessionCache != nil {
- hello.ticketSupported = true
- }
-
- // Session resumption is not allowed if renegotiating because
- // renegotiation is primarily used to allow a client to send a client
- // certificate, which would be skipped if session resumption occurred.
- if sessionCache != nil && c.handshakes == 0 {
- // Try to resume a previously negotiated TLS session, if
- // available.
- cacheKey = clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
- candidateSession, ok := sessionCache.Get(cacheKey)
- if ok {
- // Check that the ciphersuite/version used for the
- // previous session are still valid.
- cipherSuiteOk := false
- for _, id := range hello.cipherSuites {
- if id == candidateSession.cipherSuite {
- cipherSuiteOk = true
- break
- }
+ cacheKey, session, earlySecret, binderKey := c.loadSession(hello)
+ if cacheKey != "" && session != nil {
+ defer func() {
+ // If we got a handshake failure when resuming a session, throw away
+ // the session ticket. See RFC 5077, Section 3.2.
+ //
+ // RFC 8446 makes no mention of dropping tickets on failure, but it
+ // does require servers to abort on invalid binders, so we need to
+ // delete tickets to recover from a corrupted PSK.
+ if err != nil {
+ c.config.ClientSessionCache.Put(cacheKey, nil)
}
-
- versOk := candidateSession.vers >= c.config.minVersion() &&
- candidateSession.vers <= c.config.maxVersion()
- if versOk && cipherSuiteOk {
- session = candidateSession
- }
- }
+ }()
}
- if session != nil {
- hello.sessionTicket = session.sessionTicket
- // A random session ID is used to detect when the
- // server accepted the ticket and is resuming a session
- // (see RFC 5077).
- hello.sessionId = make([]byte, 16)
- if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil {
- return errors.New("tls: short read from Rand: " + err.Error())
- }
- }
-
- hs := &clientHandshakeState{
- c: c,
- hello: hello,
- session: session,
- }
-
- if err = hs.handshake(); err != nil {
- return err
- }
-
- // If we had a successful handshake and hs.session is different from
- // the one already cached - cache a new one
- if sessionCache != nil && hs.session != nil && session != hs.session {
- sessionCache.Put(cacheKey, hs.session)
- }
-
- return nil
-}
-
-// Does the handshake, either a full one or resumes old session.
-// Requires hs.c, hs.hello, and, optionally, hs.session to be set.
-func (hs *clientHandshakeState) handshake() error {
- c := hs.c
-
- // send ClientHello
- if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
+ if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil {
return err
}
@@ -193,20 +173,192 @@
return err
}
- var ok bool
- if hs.serverHello, ok = msg.(*serverHelloMsg); !ok {
+ serverHello, ok := msg.(*serverHelloMsg)
+ if !ok {
c.sendAlert(alertUnexpectedMessage)
- return unexpectedMessageError(hs.serverHello, msg)
+ return unexpectedMessageError(serverHello, msg)
}
- if err = hs.pickTLSVersion(); err != nil {
+ if err := c.pickTLSVersion(serverHello); err != nil {
return err
}
- if err = hs.pickCipherSuite(); err != nil {
+ if c.vers == VersionTLS13 {
+ hs := &clientHandshakeStateTLS13{
+ c: c,
+ serverHello: serverHello,
+ hello: hello,
+ ecdheParams: ecdheParams,
+ session: session,
+ earlySecret: earlySecret,
+ binderKey: binderKey,
+ }
+
+ // In TLS 1.3, session tickets are delivered after the handshake.
+ return hs.handshake()
+ }
+
+ hs := &clientHandshakeState{
+ c: c,
+ serverHello: serverHello,
+ hello: hello,
+ session: session,
+ }
+
+ if err := hs.handshake(); err != nil {
return err
}
+ // If we had a successful handshake and hs.session is different from
+ // the one already cached - cache a new one.
+ if cacheKey != "" && hs.session != nil && session != hs.session {
+ c.config.ClientSessionCache.Put(cacheKey, hs.session)
+ }
+
+ return nil
+}
+
+func (c *Conn) loadSession(hello *clientHelloMsg) (cacheKey string,
+ session *ClientSessionState, earlySecret, binderKey []byte) {
+ if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil {
+ return "", nil, nil, nil
+ }
+
+ hello.ticketSupported = true
+
+ if hello.supportedVersions[0] == VersionTLS13 {
+ // Require DHE on resumption as it guarantees forward secrecy against
+ // compromise of the session ticket key. See RFC 8446, Section 4.2.9.
+ hello.pskModes = []uint8{pskModeDHE}
+ }
+
+ // Session resumption is not allowed if renegotiating because
+ // renegotiation is primarily used to allow a client to send a client
+ // certificate, which would be skipped if session resumption occurred.
+ if c.handshakes != 0 {
+ return "", nil, nil, nil
+ }
+
+ // Try to resume a previously negotiated TLS session, if available.
+ cacheKey = clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
+ session, ok := c.config.ClientSessionCache.Get(cacheKey)
+ if !ok || session == nil {
+ return cacheKey, nil, nil, nil
+ }
+
+ // Check that version used for the previous session is still valid.
+ versOk := false
+ for _, v := range hello.supportedVersions {
+ if v == session.vers {
+ versOk = true
+ break
+ }
+ }
+ if !versOk {
+ return cacheKey, nil, nil, nil
+ }
+
+ // Check that the cached server certificate is not expired, and that it's
+ // valid for the ServerName. This should be ensured by the cache key, but
+ // protect the application from a faulty ClientSessionCache implementation.
+ if !c.config.InsecureSkipVerify {
+ if len(session.verifiedChains) == 0 {
+ // The original connection had InsecureSkipVerify, while this doesn't.
+ return cacheKey, nil, nil, nil
+ }
+ serverCert := session.serverCertificates[0]
+ if c.config.time().After(serverCert.NotAfter) {
+ // Expired certificate, delete the entry.
+ c.config.ClientSessionCache.Put(cacheKey, nil)
+ return cacheKey, nil, nil, nil
+ }
+ if err := serverCert.VerifyHostname(c.config.ServerName); err != nil {
+ return cacheKey, nil, nil, nil
+ }
+ }
+
+ if session.vers != VersionTLS13 {
+ // In TLS 1.2 the cipher suite must match the resumed session. Ensure we
+ // are still offering it.
+ if mutualCipherSuite(hello.cipherSuites, session.cipherSuite) == nil {
+ return cacheKey, nil, nil, nil
+ }
+
+ hello.sessionTicket = session.sessionTicket
+ return
+ }
+
+ // Check that the session ticket is not expired.
+ if c.config.time().After(session.useBy) {
+ c.config.ClientSessionCache.Put(cacheKey, nil)
+ return cacheKey, nil, nil, nil
+ }
+
+ // In TLS 1.3 the KDF hash must match the resumed session. Ensure we
+ // offer at least one cipher suite with that hash.
+ cipherSuite := cipherSuiteTLS13ByID(session.cipherSuite)
+ if cipherSuite == nil {
+ return cacheKey, nil, nil, nil
+ }
+ cipherSuiteOk := false
+ for _, offeredID := range hello.cipherSuites {
+ offeredSuite := cipherSuiteTLS13ByID(offeredID)
+ if offeredSuite != nil && offeredSuite.hash == cipherSuite.hash {
+ cipherSuiteOk = true
+ break
+ }
+ }
+ if !cipherSuiteOk {
+ return cacheKey, nil, nil, nil
+ }
+
+ // Set the pre_shared_key extension. See RFC 8446, Section 4.2.11.1.
+ ticketAge := uint32(c.config.time().Sub(session.receivedAt) / time.Millisecond)
+ identity := pskIdentity{
+ label: session.sessionTicket,
+ obfuscatedTicketAge: ticketAge + session.ageAdd,
+ }
+ hello.pskIdentities = []pskIdentity{identity}
+ hello.pskBinders = [][]byte{make([]byte, cipherSuite.hash.Size())}
+
+ // Compute the PSK binders. See RFC 8446, Section 4.2.11.2.
+ psk := cipherSuite.expandLabel(session.masterSecret, "resumption",
+ session.nonce, cipherSuite.hash.Size())
+ earlySecret = cipherSuite.extract(psk, nil)
+ binderKey = cipherSuite.deriveSecret(earlySecret, resumptionBinderLabel, nil)
+ transcript := cipherSuite.hash.New()
+ transcript.Write(hello.marshalWithoutBinders())
+ pskBinders := [][]byte{cipherSuite.finishedHash(binderKey, transcript)}
+ hello.updateBinders(pskBinders)
+
+ return
+}
+
+func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
+ peerVersion := serverHello.vers
+ if serverHello.supportedVersion != 0 {
+ peerVersion = serverHello.supportedVersion
+ }
+
+ vers, ok := c.config.mutualVersion(true, []uint16{peerVersion})
+ if !ok {
+ c.sendAlert(alertProtocolVersion)
+ return fmt.Errorf("tls: server selected unsupported protocol version %x", peerVersion)
+ }
+
+ c.vers = vers
+ c.haveVers = true
+ c.in.version = vers
+ c.out.version = vers
+
+ return nil
+}
+
+// Does the handshake, either a full one or resumes old session. Requires hs.c,
+// hs.hello, hs.serverHello, and, optionally, hs.session to be set.
+func (hs *clientHandshakeState) handshake() error {
+ c := hs.c
+
isResume, err := hs.processServerHello()
if err != nil {
return err
@@ -272,20 +424,6 @@
return nil
}
-func (hs *clientHandshakeState) pickTLSVersion() error {
- vers, ok := hs.c.config.mutualVersion(hs.serverHello.vers)
- if !ok || vers < VersionTLS10 {
- // TLS 1.0 is the minimum version supported as a client.
- hs.c.sendAlert(alertProtocolVersion)
- return fmt.Errorf("tls: server selected unsupported protocol version %x", hs.serverHello.vers)
- }
-
- hs.c.vers = vers
- hs.c.haveVers = true
-
- return nil
-}
-
func (hs *clientHandshakeState) pickCipherSuite() error {
if hs.suite = mutualCipherSuite(hs.hello.cipherSuites, hs.serverHello.cipherSuite); hs.suite == nil {
hs.c.sendAlert(alertHandshakeFailure)
@@ -313,53 +451,9 @@
if c.handshakes == 0 {
// If this is the first handshake on a connection, process and
// (optionally) verify the server's certificates.
- certs := make([]*x509.Certificate, len(certMsg.certificates))
- for i, asn1Data := range certMsg.certificates {
- cert, err := x509.ParseCertificate(asn1Data)
- if err != nil {
- c.sendAlert(alertBadCertificate)
- return errors.New("tls: failed to parse certificate from server: " + err.Error())
- }
- certs[i] = cert
+ if err := c.verifyServerCertificate(certMsg.certificates); err != nil {
+ return err
}
-
- if !c.config.InsecureSkipVerify {
- opts := x509.VerifyOptions{
- Roots: c.config.RootCAs,
- CurrentTime: c.config.time(),
- DNSName: c.config.ServerName,
- Intermediates: x509.NewCertPool(),
- }
-
- for i, cert := range certs {
- if i == 0 {
- continue
- }
- opts.Intermediates.AddCert(cert)
- }
- c.verifiedChains, err = certs[0].Verify(opts)
- if err != nil {
- c.sendAlert(alertBadCertificate)
- return err
- }
- }
-
- if c.config.VerifyPeerCertificate != nil {
- if err := c.config.VerifyPeerCertificate(certMsg.certificates, c.verifiedChains); err != nil {
- c.sendAlert(alertBadCertificate)
- return err
- }
- }
-
- switch certs[0].PublicKey.(type) {
- case *rsa.PublicKey, *ecdsa.PublicKey:
- break
- default:
- c.sendAlert(alertUnsupportedCertificate)
- return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", certs[0].PublicKey)
- }
-
- c.peerCertificates = certs
} else {
// This is a renegotiation handshake. We require that the
// server's identity (i.e. leaf certificate) is unchanged and
@@ -393,9 +487,7 @@
}
hs.finishedHash.Write(cs.marshal())
- if cs.statusType == statusTypeOCSP {
- c.ocspResponse = cs.response
- }
+ c.ocspResponse = cs.response
msg, err = c.readHandshake()
if err != nil {
@@ -427,7 +519,8 @@
certRequested = true
hs.finishedHash.Write(certReq.marshal())
- if chainToSend, err = hs.getCertificate(certReq); err != nil {
+ cri := certificateRequestInfoFromMsg(certReq)
+ if chainToSend, err = c.getClientCertificate(cri); err != nil {
c.sendAlert(alertInternalError)
return err
}
@@ -471,7 +564,7 @@
if chainToSend != nil && len(chainToSend.Certificate) > 0 {
certVerify := &certificateVerifyMsg{
- hasSignatureAndHash: c.vers >= VersionTLS12,
+ hasSignatureAlgorithm: c.vers >= VersionTLS12,
}
key, ok := chainToSend.PrivateKey.(crypto.Signer)
@@ -480,13 +573,13 @@
return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey)
}
- signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, hs.hello.supportedSignatureAlgorithms, c.vers)
+ signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, c.vers)
if err != nil {
c.sendAlert(alertInternalError)
return err
}
// SignatureAndHashAlgorithm was introduced in TLS 1.2.
- if certVerify.hasSignatureAndHash {
+ if certVerify.hasSignatureAlgorithm {
certVerify.signatureAlgorithm = signatureAlgorithm
}
digest, err := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
@@ -511,7 +604,7 @@
}
hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random)
- if err := c.config.writeKeyLog(hs.hello.random, hs.masterSecret); err != nil {
+ if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil {
c.sendAlert(alertInternalError)
return errors.New("tls: failed to write to key log: " + err.Error())
}
@@ -553,6 +646,10 @@
func (hs *clientHandshakeState) processServerHello() (bool, error) {
c := hs.c
+ if err := hs.pickCipherSuite(); err != nil {
+ return false, err
+ }
+
if hs.serverHello.compressionMethod != compressionNone {
c.sendAlert(alertUnexpectedMessage)
return false, errors.New("tls: server selected unsupported compression format")
@@ -626,9 +723,8 @@
func (hs *clientHandshakeState) readFinished(out []byte) error {
c := hs.c
- c.readRecord(recordTypeChangeCipherSpec)
- if c.in.err != nil {
- return c.in.err
+ if err := c.readChangeCipherSpec(); err != nil {
+ return err
}
msg, err := c.readHandshake()
@@ -676,6 +772,7 @@
masterSecret: hs.masterSecret,
serverCertificates: c.peerCertificates,
verifiedChains: c.verifiedChains,
+ receivedAt: c.config.time(),
}
return nil
@@ -710,22 +807,72 @@
return nil
}
+// verifyServerCertificate parses and verifies the provided chain, setting
+// c.verifiedChains and c.peerCertificates or sending the appropriate alert.
+func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
+ certs := make([]*x509.Certificate, len(certificates))
+ for i, asn1Data := range certificates {
+ cert, err := x509.ParseCertificate(asn1Data)
+ if err != nil {
+ c.sendAlert(alertBadCertificate)
+ return errors.New("tls: failed to parse certificate from server: " + err.Error())
+ }
+ certs[i] = cert
+ }
+
+ if !c.config.InsecureSkipVerify {
+ opts := x509.VerifyOptions{
+ Roots: c.config.RootCAs,
+ CurrentTime: c.config.time(),
+ DNSName: c.config.ServerName,
+ Intermediates: x509.NewCertPool(),
+ }
+
+ for i, cert := range certs {
+ if i == 0 {
+ continue
+ }
+ opts.Intermediates.AddCert(cert)
+ }
+ var err error
+ c.verifiedChains, err = certs[0].Verify(opts)
+ if err != nil {
+ c.sendAlert(alertBadCertificate)
+ return err
+ }
+ }
+
+ if c.config.VerifyPeerCertificate != nil {
+ if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil {
+ c.sendAlert(alertBadCertificate)
+ return err
+ }
+ }
+
+ switch certs[0].PublicKey.(type) {
+ case *rsa.PublicKey, *ecdsa.PublicKey:
+ break
+ default:
+ c.sendAlert(alertUnsupportedCertificate)
+ return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", certs[0].PublicKey)
+ }
+
+ c.peerCertificates = certs
+
+ return nil
+}
+
// tls11SignatureSchemes contains the signature schemes that we synthesise for
// a TLS <= 1.1 connection, based on the supported certificate types.
-var tls11SignatureSchemes = []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512, PKCS1WithSHA1}
-
-const (
- // tls11SignatureSchemesNumECDSA is the number of initial elements of
- // tls11SignatureSchemes that use ECDSA.
- tls11SignatureSchemesNumECDSA = 3
- // tls11SignatureSchemesNumRSA is the number of trailing elements of
- // tls11SignatureSchemes that use RSA.
- tls11SignatureSchemesNumRSA = 4
+var (
+ tls11SignatureSchemes = []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512, PKCS1WithSHA1}
+ tls11SignatureSchemesECDSA = tls11SignatureSchemes[:3]
+ tls11SignatureSchemesRSA = tls11SignatureSchemes[3:]
)
-func (hs *clientHandshakeState) getCertificate(certReq *certificateRequestMsg) (*Certificate, error) {
- c := hs.c
-
+// certificateRequestInfoFromMsg generates a CertificateRequestInfo from a TLS
+// <= 1.2 CertificateRequest, making an effort to fill in missing information.
+func certificateRequestInfoFromMsg(certReq *certificateRequestMsg) *CertificateRequestInfo {
var rsaAvail, ecdsaAvail bool
for _, certType := range certReq.certificateTypes {
switch certType {
@@ -736,77 +883,84 @@
}
}
- if c.config.GetClientCertificate != nil {
- var signatureSchemes []SignatureScheme
-
- if !certReq.hasSignatureAndHash {
- // Prior to TLS 1.2, the signature schemes were not
- // included in the certificate request message. In this
- // case we use a plausible list based on the acceptable
- // certificate types.
- signatureSchemes = tls11SignatureSchemes
- if !ecdsaAvail {
- signatureSchemes = signatureSchemes[tls11SignatureSchemesNumECDSA:]
- }
- if !rsaAvail {
- signatureSchemes = signatureSchemes[:len(signatureSchemes)-tls11SignatureSchemesNumRSA]
- }
- } else {
- signatureSchemes = certReq.supportedSignatureAlgorithms
- }
-
- return c.config.GetClientCertificate(&CertificateRequestInfo{
- AcceptableCAs: certReq.certificateAuthorities,
- SignatureSchemes: signatureSchemes,
- })
+ cri := &CertificateRequestInfo{
+ AcceptableCAs: certReq.certificateAuthorities,
}
- // RFC 4346 on the certificateAuthorities field: A list of the
- // distinguished names of acceptable certificate authorities.
- // These distinguished names may specify a desired
- // distinguished name for a root CA or for a subordinate CA;
- // thus, this message can be used to describe both known roots
- // and a desired authorization space. If the
- // certificate_authorities list is empty then the client MAY
- // send any certificate of the appropriate
- // ClientCertificateType, unless there is some external
- // arrangement to the contrary.
+ if !certReq.hasSignatureAlgorithm {
+ // Prior to TLS 1.2, the signature schemes were not
+ // included in the certificate request message. In this
+ // case we use a plausible list based on the acceptable
+ // certificate types.
+ switch {
+ case rsaAvail && ecdsaAvail:
+ cri.SignatureSchemes = tls11SignatureSchemes
+ case rsaAvail:
+ cri.SignatureSchemes = tls11SignatureSchemesRSA
+ case ecdsaAvail:
+ cri.SignatureSchemes = tls11SignatureSchemesECDSA
+ }
+ return cri
+ }
+
+ // In TLS 1.2, the signature schemes apply to both the certificate chain and
+ // the leaf key, while the certificate types only apply to the leaf key.
+ // See RFC 5246, Section 7.4.4 (where it calls this "somewhat complicated").
+ // Filter the signature schemes based on the certificate type.
+ cri.SignatureSchemes = make([]SignatureScheme, 0, len(certReq.supportedSignatureAlgorithms))
+ for _, sigScheme := range certReq.supportedSignatureAlgorithms {
+ switch signatureFromSignatureScheme(sigScheme) {
+ case signatureECDSA:
+ if ecdsaAvail {
+ cri.SignatureSchemes = append(cri.SignatureSchemes, sigScheme)
+ }
+ case signatureRSAPSS, signaturePKCS1v15:
+ if rsaAvail {
+ cri.SignatureSchemes = append(cri.SignatureSchemes, sigScheme)
+ }
+ }
+ }
+
+ return cri
+}
+
+func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate, error) {
+ if c.config.GetClientCertificate != nil {
+ return c.config.GetClientCertificate(cri)
+ }
// We need to search our list of client certs for one
// where SignatureAlgorithm is acceptable to the server and the
- // Issuer is in certReq.certificateAuthorities
-findCert:
+ // Issuer is in AcceptableCAs.
for i, chain := range c.config.Certificates {
- if !rsaAvail && !ecdsaAvail {
+ sigOK := false
+ for _, alg := range signatureSchemesForCertificate(c.vers, &chain) {
+ if isSupportedSignatureAlgorithm(alg, cri.SignatureSchemes) {
+ sigOK = true
+ break
+ }
+ }
+ if !sigOK {
continue
}
+ if len(cri.AcceptableCAs) == 0 {
+ return &chain, nil
+ }
+
for j, cert := range chain.Certificate {
x509Cert := chain.Leaf
- // parse the certificate if this isn't the leaf
- // node, or if chain.Leaf was nil
+ // Parse the certificate if this isn't the leaf node, or if
+ // chain.Leaf was nil.
if j != 0 || x509Cert == nil {
var err error
if x509Cert, err = x509.ParseCertificate(cert); err != nil {
c.sendAlert(alertInternalError)
- return nil, errors.New("tls: failed to parse client certificate #" + strconv.Itoa(i) + ": " + err.Error())
+ return nil, errors.New("tls: failed to parse configured certificate chain #" + strconv.Itoa(i) + ": " + err.Error())
}
}
- switch {
- case rsaAvail && x509Cert.PublicKeyAlgorithm == x509.RSA:
- case ecdsaAvail && x509Cert.PublicKeyAlgorithm == x509.ECDSA:
- default:
- continue findCert
- }
-
- if len(certReq.certificateAuthorities) == 0 {
- // they gave us an empty list, so just take the
- // first cert from c.config.Certificates
- return &chain, nil
- }
-
- for _, ca := range certReq.certificateAuthorities {
+ for _, ca := range cri.AcceptableCAs {
if bytes.Equal(x509Cert.RawIssuer, ca) {
return &chain, nil
}
@@ -845,7 +999,7 @@
// hostnameInSNI converts name into an approriate hostname for SNI.
// Literal IP addresses and absolute FQDNs are not permitted as SNI values.
-// See https://tools.ietf.org/html/rfc6066#section-3.
+// See RFC 6066, Section 3.
func hostnameInSNI(name string) string {
host := name
if len(host) > 0 && host[0] == '[' && host[len(host)-1] == ']' {
diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
index 1f1c93d..8c4125b 100644
--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -22,11 +22,22 @@
"path/filepath"
"strconv"
"strings"
- "sync"
"testing"
"time"
)
+func init() {
+ // TLS 1.3 cipher suites preferences are not configurable and change based
+ // on the architecture. Force them to the version with AES accelleration for
+ // test consistency.
+ once.Do(initDefaultCipherSuites)
+ varDefaultCipherSuitesTLS13 = []uint16{
+ TLS_AES_128_GCM_SHA256,
+ TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_256_GCM_SHA384,
+ }
+}
+
// Note: see comment in handshake_test.go for details of how the reference
// tests work.
@@ -42,6 +53,10 @@
// opensslSendBanner causes OpenSSL to send the contents of
// opensslSentinel on the connection.
opensslSendSentinel
+
+ // opensslKeyUpdate causes OpenSSL to send send a key update message to the
+ // client and request one back.
+ opensslKeyUpdate
)
const opensslSentinel = "SENTINEL\n"
@@ -53,6 +68,8 @@
switch event {
case opensslRenegotiate:
return copy(buf, []byte("R\n")), nil
+ case opensslKeyUpdate:
+ return copy(buf, []byte("K\n")), nil
case opensslSendSentinel:
return copy(buf, []byte(opensslSentinel)), nil
default:
@@ -63,23 +80,28 @@
return 0, io.EOF
}
-// opensslOutputSink is an io.Writer that receives the stdout and stderr from
-// an `openssl` process and sends a value to handshakeComplete when it sees a
-// log message from a completed server handshake.
+// opensslOutputSink is an io.Writer that receives the stdout and stderr from an
+// `openssl` process and sends a value to handshakeComplete or readKeyUpdate
+// when certain messages are seen.
type opensslOutputSink struct {
handshakeComplete chan struct{}
+ readKeyUpdate chan struct{}
all []byte
line []byte
}
func newOpensslOutputSink() *opensslOutputSink {
- return &opensslOutputSink{make(chan struct{}), nil, nil}
+ return &opensslOutputSink{make(chan struct{}), make(chan struct{}), nil, nil}
}
// opensslEndOfHandshake is a message that the “openssl s_server” tool will
// print when a handshake completes if run with “-state”.
const opensslEndOfHandshake = "SSL_accept:SSLv3/TLS write finished"
+// opensslReadKeyUpdate is a message that the “openssl s_server” tool will
+// print when a KeyUpdate message is received if run with “-state”.
+const opensslReadKeyUpdate = "SSL_accept:TLSv1.3 read client key update"
+
func (o *opensslOutputSink) Write(data []byte) (n int, err error) {
o.line = append(o.line, data...)
o.all = append(o.all, data...)
@@ -93,15 +115,17 @@
if bytes.Equal([]byte(opensslEndOfHandshake), o.line[:i]) {
o.handshakeComplete <- struct{}{}
}
+ if bytes.Equal([]byte(opensslReadKeyUpdate), o.line[:i]) {
+ o.readKeyUpdate <- struct{}{}
+ }
o.line = o.line[i+1:]
}
return len(data), nil
}
-func (o *opensslOutputSink) WriteTo(w io.Writer) (int64, error) {
- n, err := w.Write(o.all)
- return int64(n), err
+func (o *opensslOutputSink) String() string {
+ return string(o.all)
}
// clientTest represents a test of the TLS client handshake against a reference
@@ -110,9 +134,9 @@
// name is a freeform string identifying the test and the file in which
// the expected results will be stored.
name string
- // command, if not empty, contains a series of arguments for the
+ // args, if not empty, contains a series of arguments for the
// command to run for the reference server.
- command []string
+ args []string
// config, if not nil, contains a custom Config to use for this test.
config *Config
// cert, if not empty, contains a DER-encoded certificate for the
@@ -139,9 +163,11 @@
// arising from renegotiation. It can map expected errors to nil to
// ignore them.
checkRenegotiationError func(renegotiationNum int, err error) error
+ // sendKeyUpdate will cause the server to send a KeyUpdate message.
+ sendKeyUpdate bool
}
-var defaultServerCommand = []string{"openssl", "s_server"}
+var serverCommand = []string{"openssl", "s_server", "-no_ticket", "-num_tickets", "0"}
// connFromCommand starts the reference server process, connects to it and
// returns a recordingConn for the connection. The stdin return value is an
@@ -179,15 +205,12 @@
var pemOut bytes.Buffer
pem.Encode(&pemOut, &pem.Block{Type: pemType + " PRIVATE KEY", Bytes: derBytes})
- keyPath := tempFile(string(pemOut.Bytes()))
+ keyPath := tempFile(pemOut.String())
defer os.Remove(keyPath)
var command []string
- if len(test.command) > 0 {
- command = append(command, test.command...)
- } else {
- command = append(command, defaultServerCommand...)
- }
+ command = append(command, serverCommand...)
+ command = append(command, test.args...)
command = append(command, "-cert", certPath, "-certform", "DER", "-key", keyPath)
// serverPort contains the port that OpenSSL will listen on. OpenSSL
// can't take "0" as an argument here so we have to pick a number and
@@ -210,7 +233,7 @@
command = append(command, "-serverinfo", serverInfoPath)
}
- if test.numRenegotiations > 0 {
+ if test.numRenegotiations > 0 || test.sendKeyUpdate {
found := false
for _, flag := range command[1:] {
if flag == "-state" {
@@ -220,7 +243,7 @@
}
if !found {
- panic("-state flag missing to OpenSSL. You need this if testing renegotiation")
+ panic("-state flag missing to OpenSSL, you need this if testing renegotiation or KeyUpdate")
}
}
@@ -251,9 +274,9 @@
}
if err != nil {
close(stdin)
- out.WriteTo(os.Stdout)
cmd.Process.Kill()
- return nil, nil, nil, nil, cmd.Wait()
+ err = fmt.Errorf("error connecting to the OpenSSL server: %v (%v)\n\n%s", err, cmd.Wait(), out)
+ return nil, nil, nil, nil, err
}
record := &recordingConn{
@@ -292,20 +315,28 @@
t.Fatalf("Failed to start subcommand: %s", err)
}
clientConn = recordingConn
+ defer func() {
+ if t.Failed() {
+ t.Logf("OpenSSL output:\n\n%s", stdout.all)
+ }
+ }()
} else {
- clientConn, serverConn = net.Pipe()
+ clientConn, serverConn = localPipe(t)
}
- config := test.config
- if config == nil {
- config = testConfig
- }
- client := Client(clientConn, config)
-
doneChan := make(chan bool)
+ defer func() {
+ clientConn.Close()
+ <-doneChan
+ }()
go func() {
- defer func() { doneChan <- true }()
- defer clientConn.Close()
+ defer close(doneChan)
+
+ config := test.config
+ if config == nil {
+ config = testConfig
+ }
+ client := Client(clientConn, config)
defer client.Close()
if _, err := client.Write([]byte("hello\n")); err != nil {
@@ -335,7 +366,7 @@
signalChan := make(chan struct{})
go func() {
- defer func() { signalChan <- struct{}{} }()
+ defer close(signalChan)
buf := make([]byte, 256)
n, err := client.Read(buf)
@@ -370,11 +401,59 @@
<-signalChan
}
+ if test.sendKeyUpdate {
+ if write {
+ <-stdout.handshakeComplete
+ stdin <- opensslKeyUpdate
+ }
+
+ doneRead := make(chan struct{})
+
+ go func() {
+ defer close(doneRead)
+
+ buf := make([]byte, 256)
+ n, err := client.Read(buf)
+
+ if err != nil {
+ t.Errorf("Client.Read failed after KeyUpdate: %s", err)
+ return
+ }
+
+ buf = buf[:n]
+ if !bytes.Equal([]byte(opensslSentinel), buf) {
+ t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel)
+ }
+ }()
+
+ if write {
+ // There's no real reason to wait for the client KeyUpdate to
+ // send data with the new server keys, except that s_server
+ // drops writes if they are sent at the wrong time.
+ <-stdout.readKeyUpdate
+ stdin <- opensslSendSentinel
+ }
+ <-doneRead
+
+ if _, err := client.Write([]byte("hello again\n")); err != nil {
+ t.Errorf("Client.Write failed: %s", err)
+ return
+ }
+ }
+
if test.validate != nil {
if err := test.validate(client.ConnectionState()); err != nil {
t.Errorf("validate callback returned error: %s", err)
}
}
+
+ // If the server sent us an alert after our last flight, give it a
+ // chance to arrive.
+ if write && test.renegotiationExpectedToFail == 0 {
+ if err := peekError(client); err != nil {
+ t.Errorf("final Read returned an error: %s", err)
+ }
+ }
}()
if !write {
@@ -384,22 +463,26 @@
}
for i, b := range flows {
if i%2 == 1 {
+ serverConn.SetWriteDeadline(time.Now().Add(1 * time.Minute))
serverConn.Write(b)
continue
}
bb := make([]byte, len(b))
+ serverConn.SetReadDeadline(time.Now().Add(1 * time.Minute))
_, err := io.ReadFull(serverConn, bb)
if err != nil {
- t.Fatalf("%s #%d: %s", test.name, i, err)
+ t.Fatalf("%s, flow %d: %s", test.name, i+1, err)
}
if !bytes.Equal(b, bb) {
- t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i, bb, b)
+ t.Fatalf("%s, flow %d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b)
}
}
- serverConn.Close()
}
<-doneChan
+ if !write {
+ serverConn.Close()
+ }
if write {
path := test.dataPath()
@@ -413,60 +496,65 @@
childProcess.Process.Kill()
childProcess.Wait()
if len(recordingConn.flows) < 3 {
- os.Stdout.Write(childProcess.Stdout.(*opensslOutputSink).all)
t.Fatalf("Client connection didn't work")
}
recordingConn.WriteTo(out)
- fmt.Printf("Wrote %s\n", path)
+ t.Logf("Wrote %s\n", path)
}
}
-var (
- didParMu sync.Mutex
- didPar = map[*testing.T]bool{}
-)
-
-// setParallel calls t.Parallel once. If you call it twice, it would
-// panic.
-func setParallel(t *testing.T) {
- didParMu.Lock()
- v := didPar[t]
- didPar[t] = true
- didParMu.Unlock()
- if !v {
- t.Parallel()
+// peekError does a read with a short timeout to check if the next read would
+// cause an error, for example if there is an alert waiting on the wire.
+func peekError(conn net.Conn) error {
+ conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond))
+ if n, err := conn.Read(make([]byte, 1)); n != 0 {
+ return errors.New("unexpectedly read data")
+ } else if err != nil {
+ if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() {
+ return err
+ }
}
+ return nil
}
-func runClientTestForVersion(t *testing.T, template *clientTest, prefix, option string) {
- setParallel(t)
+func runClientTestForVersion(t *testing.T, template *clientTest, version, option string) {
+ t.Run(version, func(t *testing.T) {
+ // Make a deep copy of the template before going parallel.
+ test := *template
+ if template.config != nil {
+ test.config = template.config.Clone()
+ }
- test := *template
- test.name = prefix + test.name
- if len(test.command) == 0 {
- test.command = defaultClientCommand
- }
- test.command = append([]string(nil), test.command...)
- test.command = append(test.command, option)
- test.run(t, *update)
+ if !*update {
+ t.Parallel()
+ }
+
+ test.name = version + "-" + test.name
+ test.args = append([]string{option}, test.args...)
+ test.run(t, *update)
+ })
}
func runClientTestTLS10(t *testing.T, template *clientTest) {
- runClientTestForVersion(t, template, "TLSv10-", "-tls1")
+ runClientTestForVersion(t, template, "TLSv10", "-tls1")
}
func runClientTestTLS11(t *testing.T, template *clientTest) {
- runClientTestForVersion(t, template, "TLSv11-", "-tls1_1")
+ runClientTestForVersion(t, template, "TLSv11", "-tls1_1")
}
func runClientTestTLS12(t *testing.T, template *clientTest) {
- runClientTestForVersion(t, template, "TLSv12-", "-tls1_2")
+ runClientTestForVersion(t, template, "TLSv12", "-tls1_2")
+}
+
+func runClientTestTLS13(t *testing.T, template *clientTest) {
+ runClientTestForVersion(t, template, "TLSv13", "-tls1_3")
}
func TestHandshakeClientRSARC4(t *testing.T) {
test := &clientTest{
- name: "RSA-RC4",
- command: []string{"openssl", "s_server", "-cipher", "RC4-SHA"},
+ name: "RSA-RC4",
+ args: []string{"-cipher", "RC4-SHA"},
}
runClientTestTLS10(t, test)
runClientTestTLS11(t, test)
@@ -475,24 +563,24 @@
func TestHandshakeClientRSAAES128GCM(t *testing.T) {
test := &clientTest{
- name: "AES128-GCM-SHA256",
- command: []string{"openssl", "s_server", "-cipher", "AES128-GCM-SHA256"},
+ name: "AES128-GCM-SHA256",
+ args: []string{"-cipher", "AES128-GCM-SHA256"},
}
runClientTestTLS12(t, test)
}
func TestHandshakeClientRSAAES256GCM(t *testing.T) {
test := &clientTest{
- name: "AES256-GCM-SHA384",
- command: []string{"openssl", "s_server", "-cipher", "AES256-GCM-SHA384"},
+ name: "AES256-GCM-SHA384",
+ args: []string{"-cipher", "AES256-GCM-SHA384"},
}
runClientTestTLS12(t, test)
}
func TestHandshakeClientECDHERSAAES(t *testing.T) {
test := &clientTest{
- name: "ECDHE-RSA-AES",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-SHA"},
+ name: "ECDHE-RSA-AES",
+ args: []string{"-cipher", "ECDHE-RSA-AES128-SHA"},
}
runClientTestTLS10(t, test)
runClientTestTLS11(t, test)
@@ -501,10 +589,10 @@
func TestHandshakeClientECDHEECDSAAES(t *testing.T) {
test := &clientTest{
- name: "ECDHE-ECDSA-AES",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA"},
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ECDHE-ECDSA-AES",
+ args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA"},
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS10(t, test)
runClientTestTLS11(t, test)
@@ -513,46 +601,46 @@
func TestHandshakeClientECDHEECDSAAESGCM(t *testing.T) {
test := &clientTest{
- name: "ECDHE-ECDSA-AES-GCM",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-GCM-SHA256"},
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ECDHE-ECDSA-AES-GCM",
+ args: []string{"-cipher", "ECDHE-ECDSA-AES128-GCM-SHA256"},
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS12(t, test)
}
func TestHandshakeClientAES256GCMSHA384(t *testing.T) {
test := &clientTest{
- name: "ECDHE-ECDSA-AES256-GCM-SHA384",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES256-GCM-SHA384"},
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ECDHE-ECDSA-AES256-GCM-SHA384",
+ args: []string{"-cipher", "ECDHE-ECDSA-AES256-GCM-SHA384"},
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS12(t, test)
}
func TestHandshakeClientAES128CBCSHA256(t *testing.T) {
test := &clientTest{
- name: "AES128-SHA256",
- command: []string{"openssl", "s_server", "-cipher", "AES128-SHA256"},
+ name: "AES128-SHA256",
+ args: []string{"-cipher", "AES128-SHA256"},
}
runClientTestTLS12(t, test)
}
func TestHandshakeClientECDHERSAAES128CBCSHA256(t *testing.T) {
test := &clientTest{
- name: "ECDHE-RSA-AES128-SHA256",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-SHA256"},
+ name: "ECDHE-RSA-AES128-SHA256",
+ args: []string{"-cipher", "ECDHE-RSA-AES128-SHA256"},
}
runClientTestTLS12(t, test)
}
func TestHandshakeClientECDHEECDSAAES128CBCSHA256(t *testing.T) {
test := &clientTest{
- name: "ECDHE-ECDSA-AES128-SHA256",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA256"},
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ECDHE-ECDSA-AES128-SHA256",
+ args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA256"},
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS12(t, test)
}
@@ -562,12 +650,40 @@
config.CurvePreferences = []CurveID{X25519}
test := &clientTest{
- name: "X25519-ECDHE-RSA-AES-GCM",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"},
- config: config,
+ name: "X25519-ECDHE",
+ args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "X25519"},
+ config: config,
}
runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
+}
+
+func TestHandshakeClientP256(t *testing.T) {
+ config := testConfig.Clone()
+ config.CurvePreferences = []CurveID{CurveP256}
+
+ test := &clientTest{
+ name: "P256-ECDHE",
+ args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"},
+ config: config,
+ }
+
+ runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
+}
+
+func TestHandshakeClientHelloRetryRequest(t *testing.T) {
+ config := testConfig.Clone()
+ config.CurvePreferences = []CurveID{X25519, CurveP256}
+
+ test := &clientTest{
+ name: "HelloRetryRequest",
+ args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"},
+ config: config,
+ }
+
+ runClientTestTLS13(t, test)
}
func TestHandshakeClientECDHERSAChaCha20(t *testing.T) {
@@ -575,9 +691,9 @@
config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305}
test := &clientTest{
- name: "ECDHE-RSA-CHACHA20-POLY1305",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305"},
- config: config,
+ name: "ECDHE-RSA-CHACHA20-POLY1305",
+ args: []string{"-cipher", "ECDHE-RSA-CHACHA20-POLY1305"},
+ config: config,
}
runClientTestTLS12(t, test)
@@ -588,47 +704,79 @@
config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305}
test := &clientTest{
- name: "ECDHE-ECDSA-CHACHA20-POLY1305",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-CHACHA20-POLY1305"},
- config: config,
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ECDHE-ECDSA-CHACHA20-POLY1305",
+ args: []string{"-cipher", "ECDHE-ECDSA-CHACHA20-POLY1305"},
+ config: config,
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS12(t, test)
}
+func TestHandshakeClientAES128SHA256(t *testing.T) {
+ test := &clientTest{
+ name: "AES128-SHA256",
+ args: []string{"-ciphersuites", "TLS_AES_128_GCM_SHA256"},
+ }
+ runClientTestTLS13(t, test)
+}
+func TestHandshakeClientAES256SHA384(t *testing.T) {
+ test := &clientTest{
+ name: "AES256-SHA384",
+ args: []string{"-ciphersuites", "TLS_AES_256_GCM_SHA384"},
+ }
+ runClientTestTLS13(t, test)
+}
+func TestHandshakeClientCHACHA20SHA256(t *testing.T) {
+ test := &clientTest{
+ name: "CHACHA20-SHA256",
+ args: []string{"-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"},
+ }
+ runClientTestTLS13(t, test)
+}
+
+func TestHandshakeClientECDSATLS13(t *testing.T) {
+ test := &clientTest{
+ name: "ECDSA",
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
+ }
+ runClientTestTLS13(t, test)
+}
+
func TestHandshakeClientCertRSA(t *testing.T) {
config := testConfig.Clone()
cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM))
config.Certificates = []Certificate{cert}
test := &clientTest{
- name: "ClientCert-RSA-RSA",
- command: []string{"openssl", "s_server", "-cipher", "AES128", "-verify", "1"},
- config: config,
+ name: "ClientCert-RSA-RSA",
+ args: []string{"-cipher", "AES128", "-Verify", "1"},
+ config: config,
}
runClientTestTLS10(t, test)
runClientTestTLS12(t, test)
test = &clientTest{
- name: "ClientCert-RSA-ECDSA",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"},
- config: config,
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ClientCert-RSA-ECDSA",
+ args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"},
+ config: config,
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS10(t, test)
runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
test = &clientTest{
- name: "ClientCert-RSA-AES256-GCM-SHA384",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-verify", "1"},
- config: config,
- cert: testRSACertificate,
- key: testRSAPrivateKey,
+ name: "ClientCert-RSA-AES256-GCM-SHA384",
+ args: []string{"-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-Verify", "1"},
+ config: config,
+ cert: testRSACertificate,
+ key: testRSAPrivateKey,
}
runClientTestTLS12(t, test)
@@ -640,28 +788,145 @@
config.Certificates = []Certificate{cert}
test := &clientTest{
- name: "ClientCert-ECDSA-RSA",
- command: []string{"openssl", "s_server", "-cipher", "AES128", "-verify", "1"},
- config: config,
+ name: "ClientCert-ECDSA-RSA",
+ args: []string{"-cipher", "AES128", "-Verify", "1"},
+ config: config,
}
runClientTestTLS10(t, test)
runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
test = &clientTest{
- name: "ClientCert-ECDSA-ECDSA",
- command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"},
- config: config,
- cert: testECDSACertificate,
- key: testECDSAPrivateKey,
+ name: "ClientCert-ECDSA-ECDSA",
+ args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"},
+ config: config,
+ cert: testECDSACertificate,
+ key: testECDSAPrivateKey,
}
runClientTestTLS10(t, test)
runClientTestTLS12(t, test)
}
-func TestClientResumption(t *testing.T) {
+// TestHandshakeClientCertRSAPSS tests a few separate things:
+// * that our client can serve a PSS-signed certificate
+// * that our client can validate a PSS-signed certificate
+// * that our client can use rsa_pss_rsae_sha256 in its CertificateVerify
+// * that our client can accpet rsa_pss_rsae_sha256 in the server CertificateVerify
+func TestHandshakeClientCertRSAPSS(t *testing.T) {
+ issuer, err := x509.ParseCertificate(testRSAPSSCertificate)
+ if err != nil {
+ panic(err)
+ }
+ rootCAs := x509.NewCertPool()
+ rootCAs.AddCert(issuer)
+
+ config := testConfig.Clone()
+ cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM))
+ config.Certificates = []Certificate{cert}
+ config.RootCAs = rootCAs
+
+ test := &clientTest{
+ name: "ClientCert-RSA-RSAPSS",
+ args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs",
+ "rsa_pss_rsae_sha256", "-sigalgs", "rsa_pss_rsae_sha256"},
+ config: config,
+ cert: testRSAPSSCertificate,
+ key: testRSAPrivateKey,
+ }
+
+ runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
+}
+
+func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) {
+ config := testConfig.Clone()
+ cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM))
+ config.Certificates = []Certificate{cert}
+
+ test := &clientTest{
+ name: "ClientCert-RSA-RSAPKCS1v15",
+ args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs",
+ "rsa_pkcs1_sha256", "-sigalgs", "rsa_pkcs1_sha256"},
+ config: config,
+ }
+
+ runClientTestTLS12(t, test)
+}
+
+func TestHandshakeClientCertPSSDisabled(t *testing.T) {
+ config := testConfig.Clone()
+ cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM))
+ config.Certificates = []Certificate{cert}
+
+ test := &clientTest{
+ name: "ClientCert-RSA-PSS-Disabled",
+ args: []string{"-cipher", "AES128", "-Verify", "1"},
+ config: config,
+ }
+
+ // Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2,
+ // and check that handshakes still work.
+ testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+ defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+ supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+ // Use t.Run to ensure the defer runs after all parallel tests end.
+ t.Run("1024", func(t *testing.T) {
+ runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
+ })
+
+ // Use a 512-bit key to check that the TLS 1.2 handshake is actually using
+ // PKCS#1 v1.5. PSS would be failing here.
+ cert, err := X509KeyPair([]byte(`-----BEGIN CERTIFICATE-----
+MIIBcTCCARugAwIBAgIQGjQnkCFlUqaFlt6ixyz/tDANBgkqhkiG9w0BAQsFADAS
+MRAwDgYDVQQKEwdBY21lIENvMB4XDTE5MDExODIzMjMyOFoXDTIwMDExODIzMjMy
+OFowEjEQMA4GA1UEChMHQWNtZSBDbzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDd
+ez1rFUDwax2HTxbcnFUP9AhcgEGMHVV2nn4VVEWFJB6I8C/Nkx0XyyQlrmFYBzEQ
+nIPhKls4T0hFoLvjJnXpAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
+DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUu
+Y29tMA0GCSqGSIb3DQEBCwUAA0EAxDuUS+BrrS3c+h+k+fQPOmOScy6yTX9mHw0Q
+KbucGamXYEy0URIwOdO0tQ3LHPc1YGvYSPwkDjkjqECs2Vm/AA==
+-----END CERTIFICATE-----`), []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T
+HRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/
+yt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z
+4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz
+nKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd
+hXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s
+T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
+-----END RSA PRIVATE KEY-----`))
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ test.name = "ClientCert-RSA-PSS-Disabled-512"
+ config.Certificates = []Certificate{cert}
+
+ t.Run("512", func(t *testing.T) {
+ runClientTestTLS12(t, test)
+ })
+}
+
+func TestClientKeyUpdate(t *testing.T) {
+ test := &clientTest{
+ name: "KeyUpdate",
+ args: []string{"-state"},
+ sendKeyUpdate: true,
+ }
+ runClientTestTLS13(t, test)
+}
+
+func TestResumption(t *testing.T) {
+ t.Run("TLSv12", func(t *testing.T) { testResumption(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testResumption(t, VersionTLS13) })
+}
+
+func testResumption(t *testing.T, version uint16) {
serverConfig := &Config{
+ MaxVersion: version,
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Certificates: testConfig.Certificates,
}
@@ -675,6 +940,7 @@
rootCAs.AddCert(issuer)
clientConfig := &Config{
+ MaxVersion: version,
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
ClientSessionCache: NewLRUClientSessionCache(32),
RootCAs: rootCAs,
@@ -682,7 +948,7 @@
}
testResumeState := func(test string, didResume bool) {
- _, hs, err := testHandshake(clientConfig, serverConfig)
+ _, hs, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("%s: handshake failed: %s", test, err)
}
@@ -697,6 +963,13 @@
getTicket := func() []byte {
return clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.sessionTicket
}
+ deleteTicket := func() {
+ ticketKey := clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).sessionKey
+ clientConfig.ClientSessionCache.Put(ticketKey, nil)
+ }
+ corruptTicket := func() {
+ clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.masterSecret[0] ^= 0xff
+ }
randomKey := func() [32]byte {
var k [32]byte
if _, err := io.ReadFull(serverConfig.rand(), k[:]); err != nil {
@@ -708,9 +981,12 @@
testResumeState("Handshake", false)
ticket := getTicket()
testResumeState("Resume", true)
- if !bytes.Equal(ticket, getTicket()) {
+ if !bytes.Equal(ticket, getTicket()) && version != VersionTLS13 {
t.Fatal("first ticket doesn't match ticket after resumption")
}
+ if bytes.Equal(ticket, getTicket()) && version == VersionTLS13 {
+ t.Fatal("ticket didn't change after resumption")
+ }
key1 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key1})
@@ -730,6 +1006,7 @@
// Reset serverConfig to ensure that calling SetSessionTicketKeys
// before the serverConfig is used works.
serverConfig = &Config{
+ MaxVersion: version,
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Certificates: testConfig.Certificates,
}
@@ -737,9 +1014,35 @@
testResumeState("FreshConfig", true)
- clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}
- testResumeState("DifferentCipherSuite", false)
- testResumeState("DifferentCipherSuiteRecovers", true)
+ // In TLS 1.3, cross-cipher suite resumption is allowed as long as the KDF
+ // hash matches. Also, Config.CipherSuites does not apply to TLS 1.3.
+ if version != VersionTLS13 {
+ clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}
+ testResumeState("DifferentCipherSuite", false)
+ testResumeState("DifferentCipherSuiteRecovers", true)
+ }
+
+ deleteTicket()
+ testResumeState("WithoutSessionTicket", false)
+
+ // Session resumption should work when using client certificates
+ deleteTicket()
+ serverConfig.ClientCAs = rootCAs
+ serverConfig.ClientAuth = RequireAndVerifyClientCert
+ clientConfig.Certificates = serverConfig.Certificates
+ testResumeState("InitialHandshake", false)
+ testResumeState("WithClientCertificates", true)
+ serverConfig.ClientAuth = NoClientCert
+
+ // Tickets should be removed from the session cache on TLS handshake
+ // failure, and the client should recover from a corrupted PSK
+ testResumeState("FetchTicketToCorrupt", false)
+ corruptTicket()
+ _, _, err = testHandshake(t, clientConfig, serverConfig)
+ if err == nil {
+ t.Fatalf("handshake did not fail with a corrupted client secret")
+ }
+ testResumeState("AfterHandshakeFailure", false)
clientConfig.ClientSessionCache = nil
testResumeState("WithoutSessionCache", false)
@@ -784,23 +1087,36 @@
t.Fatalf("session cache failed update for key 0")
}
- // Adding a nil entry is valid.
+ // Calling Put with a nil entry deletes the key.
cache.Put(keys[0], nil)
- if s, ok := cache.Get(keys[0]); !ok || s != nil {
- t.Fatalf("failed to add nil entry to cache")
+ if _, ok := cache.Get(keys[0]); ok {
+ t.Fatalf("session cache failed to delete key 0")
+ }
+
+ // Delete entry 2. LRU should keep 4 and 5
+ cache.Put(keys[2], nil)
+ if _, ok := cache.Get(keys[2]); ok {
+ t.Fatalf("session cache failed to delete key 4")
+ }
+ for i := 4; i < 6; i++ {
+ if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] {
+ t.Fatalf("session cache should not have deleted key: %s", keys[i])
+ }
}
}
-func TestKeyLog(t *testing.T) {
+func TestKeyLogTLS12(t *testing.T) {
var serverBuf, clientBuf bytes.Buffer
clientConfig := testConfig.Clone()
clientConfig.KeyLogWriter = &clientBuf
+ clientConfig.MaxVersion = VersionTLS12
serverConfig := testConfig.Clone()
serverConfig.KeyLogWriter = &serverBuf
+ serverConfig.MaxVersion = VersionTLS12
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
go func() {
@@ -838,8 +1154,49 @@
}
}
- checkKeylogLine("client", string(clientBuf.Bytes()))
- checkKeylogLine("server", string(serverBuf.Bytes()))
+ checkKeylogLine("client", clientBuf.String())
+ checkKeylogLine("server", serverBuf.String())
+}
+
+func TestKeyLogTLS13(t *testing.T) {
+ var serverBuf, clientBuf bytes.Buffer
+
+ clientConfig := testConfig.Clone()
+ clientConfig.KeyLogWriter = &clientBuf
+
+ serverConfig := testConfig.Clone()
+ serverConfig.KeyLogWriter = &serverBuf
+
+ c, s := localPipe(t)
+ done := make(chan bool)
+
+ go func() {
+ defer close(done)
+
+ if err := Server(s, serverConfig).Handshake(); err != nil {
+ t.Errorf("server: %s", err)
+ return
+ }
+ s.Close()
+ }()
+
+ if err := Client(c, clientConfig).Handshake(); err != nil {
+ t.Fatalf("client: %s", err)
+ }
+
+ c.Close()
+ <-done
+
+ checkKeylogLines := func(side, loggedLines string) {
+ loggedLines = strings.TrimSpace(loggedLines)
+ lines := strings.Split(loggedLines, "\n")
+ if len(lines) != 4 {
+ t.Errorf("Expected the %s to log 4 lines, got %d", side, len(lines))
+ }
+ }
+
+ checkKeylogLines("client", clientBuf.String())
+ checkKeylogLines("server", serverBuf.String())
}
func TestHandshakeClientALPNMatch(t *testing.T) {
@@ -850,8 +1207,8 @@
name: "ALPN",
// Note that this needs OpenSSL 1.0.2 because that is the first
// version that supports the -alpn flag.
- command: []string{"openssl", "s_server", "-alpn", "proto1,proto2"},
- config: config,
+ args: []string{"-alpn", "proto1,proto2"},
+ config: config,
validate: func(state ConnectionState) error {
// The server's preferences should override the client.
if state.NegotiatedProtocol != "proto1" {
@@ -861,6 +1218,7 @@
},
}
runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
}
// sctsBase64 contains data from `openssl s_client -serverinfo 18 -connect ritter.vg:443`
@@ -874,11 +1232,10 @@
t.Fatal(err)
}
+ // Note that this needs OpenSSL 1.0.2 because that is the first
+ // version that supports the -serverinfo flag.
test := &clientTest{
- name: "SCT",
- // Note that this needs OpenSSL 1.0.2 because that is the first
- // version that supports the -serverinfo flag.
- command: []string{"openssl", "s_server"},
+ name: "SCT",
config: config,
extensions: [][]byte{scts},
validate: func(state ConnectionState) error {
@@ -899,13 +1256,16 @@
},
}
runClientTestTLS12(t, test)
+
+ // TLS 1.3 moved SCTs to the Certificate extensions and -serverinfo only
+ // supports ServerHello extensions.
}
func TestRenegotiationRejected(t *testing.T) {
config := testConfig.Clone()
test := &clientTest{
name: "RenegotiationRejected",
- command: []string{"openssl", "s_server", "-state"},
+ args: []string{"-state"},
config: config,
numRenegotiations: 1,
renegotiationExpectedToFail: 1,
@@ -919,7 +1279,6 @@
return nil
},
}
-
runClientTestTLS12(t, test)
}
@@ -929,7 +1288,7 @@
test := &clientTest{
name: "RenegotiateOnce",
- command: []string{"openssl", "s_server", "-state"},
+ args: []string{"-state"},
config: config,
numRenegotiations: 1,
}
@@ -943,7 +1302,7 @@
test := &clientTest{
name: "RenegotiateTwice",
- command: []string{"openssl", "s_server", "-state"},
+ args: []string{"-state"},
config: config,
numRenegotiations: 2,
}
@@ -957,7 +1316,7 @@
test := &clientTest{
name: "RenegotiateTwiceRejected",
- command: []string{"openssl", "s_server", "-state"},
+ args: []string{"-state"},
config: config,
numRenegotiations: 2,
renegotiationExpectedToFail: 2,
@@ -981,9 +1340,8 @@
func TestHandshakeClientExportKeyingMaterial(t *testing.T) {
test := &clientTest{
- name: "ExportKeyingMaterial",
- command: []string{"openssl", "s_server"},
- config: testConfig.Clone(),
+ name: "ExportKeyingMaterial",
+ config: testConfig.Clone(),
validate: func(state ConnectionState) error {
if km, err := state.ExportKeyingMaterial("test", nil, 42); err != nil {
return fmt.Errorf("ExportKeyingMaterial failed: %v", err)
@@ -995,6 +1353,7 @@
}
runClientTestTLS10(t, test)
runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
}
var hostnameInSNITests = []struct {
@@ -1021,7 +1380,7 @@
func TestHostnameInSNI(t *testing.T) {
for _, tt := range hostnameInSNITests {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func(host string) {
Client(c, &Config{ServerName: host, InsecureSkipVerify: true}).Handshake()
@@ -1059,7 +1418,7 @@
// This checks that the server can't select a cipher suite that the
// client didn't offer. See #13174.
- c, s := net.Pipe()
+ c, s := localPipe(t)
errChan := make(chan error, 1)
go func() {
@@ -1106,6 +1465,11 @@
}
func TestVerifyPeerCertificate(t *testing.T) {
+ t.Run("TLSv12", func(t *testing.T) { testVerifyPeerCertificate(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testVerifyPeerCertificate(t, VersionTLS13) })
+}
+
+func testVerifyPeerCertificate(t *testing.T, version uint16) {
issuer, err := x509.ParseCertificate(testRSACertificateIssuer)
if err != nil {
panic(err)
@@ -1228,7 +1592,7 @@
}
for i, test := range tests {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan error)
var clientCalled, serverCalled bool
@@ -1239,6 +1603,7 @@
config.ClientAuth = RequireAndVerifyClientCert
config.ClientCAs = rootCAs
config.Time = now
+ config.MaxVersion = version
test.configureServer(config, &serverCalled)
err = Server(s, config).Handshake()
@@ -1250,6 +1615,7 @@
config.ServerName = "example.golang"
config.RootCAs = rootCAs
config.Time = now
+ config.MaxVersion = version
test.configureClient(config, &clientCalled)
clientErr := Client(c, config).Handshake()
c.Close()
@@ -1287,7 +1653,7 @@
func TestFailedWrite(t *testing.T) {
// Test that a write error during the handshake is returned.
for _, breakAfter := range []int{0, 1} {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
go func() {
@@ -1321,14 +1687,21 @@
}
func TestBuffering(t *testing.T) {
- c, s := net.Pipe()
+ t.Run("TLSv12", func(t *testing.T) { testBuffering(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testBuffering(t, VersionTLS13) })
+}
+
+func testBuffering(t *testing.T, version uint16) {
+ c, s := localPipe(t)
done := make(chan bool)
clientWCC := &writeCountingConn{Conn: c}
serverWCC := &writeCountingConn{Conn: s}
go func() {
- Server(serverWCC, testConfig).Handshake()
+ config := testConfig.Clone()
+ config.MaxVersion = version
+ Server(serverWCC, config).Handshake()
serverWCC.Close()
done <- true
}()
@@ -1340,17 +1713,26 @@
clientWCC.Close()
<-done
- if n := clientWCC.numWrites; n != 2 {
- t.Errorf("expected client handshake to complete with only two writes, but saw %d", n)
+ var expectedClient, expectedServer int
+ if version == VersionTLS13 {
+ expectedClient = 2
+ expectedServer = 1
+ } else {
+ expectedClient = 2
+ expectedServer = 2
}
- if n := serverWCC.numWrites; n != 2 {
- t.Errorf("expected server handshake to complete with only two writes, but saw %d", n)
+ if n := clientWCC.numWrites; n != expectedClient {
+ t.Errorf("expected client handshake to complete with %d writes, but saw %d", expectedClient, n)
+ }
+
+ if n := serverWCC.numWrites; n != expectedServer {
+ t.Errorf("expected server handshake to complete with %d writes, but saw %d", expectedServer, n)
}
}
func TestAlertFlushing(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
clientWCC := &writeCountingConn{Conn: c}
@@ -1377,17 +1759,13 @@
t.Fatal("client unexpectedly returned no error")
}
- const expectedError = "remote error: tls: handshake failure"
+ const expectedError = "remote error: tls: internal error"
if e := err.Error(); !strings.Contains(e, expectedError) {
t.Fatalf("expected to find %q in error but error was %q", expectedError, e)
}
clientWCC.Close()
<-done
- if n := clientWCC.numWrites; n != 1 {
- t.Errorf("expected client handshake to complete with one write, but saw %d", n)
- }
-
if n := serverWCC.numWrites; n != 1 {
t.Errorf("expected server handshake to complete with one write, but saw %d", n)
}
@@ -1399,7 +1777,7 @@
// order to provide some evidence that there are no races or deadlocks
// in the handshake locking.
for i := 0; i < 32; i++ {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
server := Server(s, testConfig)
@@ -1430,7 +1808,7 @@
go func() {
<-startRead
var reply [1]byte
- if n, err := client.Read(reply[:]); err != nil || n != 1 {
+ if _, err := io.ReadFull(client, reply[:]); err != nil {
panic(err)
}
c.Close()
@@ -1448,13 +1826,6 @@
}
}
-func TestTLS11SignatureSchemes(t *testing.T) {
- expected := tls11SignatureSchemesNumECDSA + tls11SignatureSchemesNumRSA
- if expected != len(tls11SignatureSchemes) {
- t.Errorf("expected to find %d TLS 1.1 signature schemes, but found %d", expected, len(tls11SignatureSchemes))
- }
-}
-
var getClientCertificateTests = []struct {
setup func(*Config, *Config)
expectedClientError string
@@ -1537,6 +1908,11 @@
}
func TestGetClientCertificate(t *testing.T) {
+ t.Run("TLSv12", func(t *testing.T) { testGetClientCertificate(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testGetClientCertificate(t, VersionTLS13) })
+}
+
+func testGetClientCertificate(t *testing.T, version uint16) {
issuer, err := x509.ParseCertificate(testRSACertificateIssuer)
if err != nil {
panic(err)
@@ -1549,8 +1925,10 @@
serverConfig.RootCAs.AddCert(issuer)
serverConfig.ClientCAs = serverConfig.RootCAs
serverConfig.Time = func() time.Time { return time.Unix(1476984729, 0) }
+ serverConfig.MaxVersion = version
clientConfig := testConfig.Clone()
+ clientConfig.MaxVersion = version
test.setup(clientConfig, serverConfig)
@@ -1559,7 +1937,7 @@
err error
}
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan serverResult)
go func() {
@@ -1598,9 +1976,9 @@
}
func TestRSAPSSKeyError(t *testing.T) {
- // crypto/tls does not support the rsa_pss_pss_xxx SignatureSchemes. If support for
+ // crypto/tls does not support the rsa_pss_pss_* SignatureSchemes. If support for
// public keys with OID RSASSA-PSS is added to crypto/x509, they will be misused with
- // the rsa_pss_rsae_xxx SignatureSchemes. Assert that RSASSA-PSS certificates don't
+ // the rsa_pss_rsae_* SignatureSchemes. Assert that RSASSA-PSS certificates don't
// parse, or that they don't carry *rsa.PublicKey keys.
b, _ := pem.Decode([]byte(`
-----BEGIN CERTIFICATE-----
@@ -1632,23 +2010,23 @@
return
}
if _, ok := cert.PublicKey.(*rsa.PublicKey); ok {
- t.Error("A RSA-PSS certificate was parsed like a PKCS1 one, and it will be mistakenly used with rsa_pss_rsae_xxx signature algorithms")
+ t.Error("A RSASSA-PSS certificate was parsed like a PKCS#1 v1.5 one, and it will be mistakenly used with rsa_pss_rsae_* signature algorithms")
}
}
func TestCloseClientConnectionOnIdleServer(t *testing.T) {
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(t)
client := Client(clientConn, testConfig.Clone())
go func() {
var b [1]byte
serverConn.Read(b[:])
client.Close()
}()
- client.SetWriteDeadline(time.Now().Add(time.Second))
+ client.SetWriteDeadline(time.Now().Add(time.Minute))
err := client.Handshake()
if err != nil {
- if !strings.Contains(err.Error(), "read/write on closed pipe") {
- t.Errorf("Error expected containing 'read/write on closed pipe' but got '%s'", err.Error())
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ t.Errorf("Expected a closed network connection error but got '%s'", err.Error())
}
} else {
t.Errorf("Error expected, but no error returned")
diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
new file mode 100644
index 0000000..85715b7
--- /dev/null
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -0,0 +1,673 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+ "bytes"
+ "crypto"
+ "crypto/hmac"
+ "crypto/rsa"
+ "errors"
+ "hash"
+ "sync/atomic"
+ "time"
+)
+
+type clientHandshakeStateTLS13 struct {
+ c *Conn
+ serverHello *serverHelloMsg
+ hello *clientHelloMsg
+ ecdheParams ecdheParameters
+
+ session *ClientSessionState
+ earlySecret []byte
+ binderKey []byte
+
+ certReq *certificateRequestMsgTLS13
+ usingPSK bool
+ sentDummyCCS bool
+ suite *cipherSuiteTLS13
+ transcript hash.Hash
+ masterSecret []byte
+ trafficSecret []byte // client_application_traffic_secret_0
+}
+
+// handshake requires hs.c, hs.hello, hs.serverHello, hs.ecdheParams, and,
+// optionally, hs.session, hs.earlySecret and hs.binderKey to be set.
+func (hs *clientHandshakeStateTLS13) handshake() error {
+ c := hs.c
+
+ // The server must not select TLS 1.3 in a renegotiation. See RFC 8446,
+ // sections 4.1.2 and 4.1.3.
+ if c.handshakes > 0 {
+ c.sendAlert(alertProtocolVersion)
+ return errors.New("tls: server selected TLS 1.3 in a renegotiation")
+ }
+
+ // Consistency check on the presence of a keyShare and its parameters.
+ if hs.ecdheParams == nil || len(hs.hello.keyShares) != 1 {
+ return c.sendAlert(alertInternalError)
+ }
+
+ if err := hs.checkServerHelloOrHRR(); err != nil {
+ return err
+ }
+
+ hs.transcript = hs.suite.hash.New()
+ hs.transcript.Write(hs.hello.marshal())
+
+ if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) {
+ if err := hs.sendDummyChangeCipherSpec(); err != nil {
+ return err
+ }
+ if err := hs.processHelloRetryRequest(); err != nil {
+ return err
+ }
+ }
+
+ hs.transcript.Write(hs.serverHello.marshal())
+
+ c.buffering = true
+ if err := hs.processServerHello(); err != nil {
+ return err
+ }
+ if err := hs.sendDummyChangeCipherSpec(); err != nil {
+ return err
+ }
+ if err := hs.establishHandshakeKeys(); err != nil {
+ return err
+ }
+ if err := hs.readServerParameters(); err != nil {
+ return err
+ }
+ if err := hs.readServerCertificate(); err != nil {
+ return err
+ }
+ if err := hs.readServerFinished(); err != nil {
+ return err
+ }
+ if err := hs.sendClientCertificate(); err != nil {
+ return err
+ }
+ if err := hs.sendClientFinished(); err != nil {
+ return err
+ }
+ if _, err := c.flush(); err != nil {
+ return err
+ }
+
+ atomic.StoreUint32(&c.handshakeStatus, 1)
+
+ return nil
+}
+
+// checkServerHelloOrHRR does validity checks that apply to both ServerHello and
+// HelloRetryRequest messages. It sets hs.suite.
+func (hs *clientHandshakeStateTLS13) checkServerHelloOrHRR() error {
+ c := hs.c
+
+ if hs.serverHello.supportedVersion == 0 {
+ c.sendAlert(alertMissingExtension)
+ return errors.New("tls: server selected TLS 1.3 using the legacy version field")
+ }
+
+ if hs.serverHello.supportedVersion != VersionTLS13 {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server selected an invalid version after a HelloRetryRequest")
+ }
+
+ if hs.serverHello.vers != VersionTLS12 {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server sent an incorrect legacy version")
+ }
+
+ if hs.serverHello.nextProtoNeg ||
+ len(hs.serverHello.nextProtos) != 0 ||
+ hs.serverHello.ocspStapling ||
+ hs.serverHello.ticketSupported ||
+ hs.serverHello.secureRenegotiationSupported ||
+ len(hs.serverHello.secureRenegotiation) != 0 ||
+ len(hs.serverHello.alpnProtocol) != 0 ||
+ len(hs.serverHello.scts) != 0 {
+ c.sendAlert(alertUnsupportedExtension)
+ return errors.New("tls: server sent a ServerHello extension forbidden in TLS 1.3")
+ }
+
+ if !bytes.Equal(hs.hello.sessionId, hs.serverHello.sessionId) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server did not echo the legacy session ID")
+ }
+
+ if hs.serverHello.compressionMethod != compressionNone {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server selected unsupported compression format")
+ }
+
+ selectedSuite := mutualCipherSuiteTLS13(hs.hello.cipherSuites, hs.serverHello.cipherSuite)
+ if hs.suite != nil && selectedSuite != hs.suite {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server changed cipher suite after a HelloRetryRequest")
+ }
+ if selectedSuite == nil {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server chose an unconfigured cipher suite")
+ }
+ hs.suite = selectedSuite
+ c.cipherSuite = hs.suite.id
+
+ return nil
+}
+
+// sendDummyChangeCipherSpec sends a ChangeCipherSpec record for compatibility
+// with middleboxes that didn't implement TLS correctly. See RFC 8446, Appendix D.4.
+func (hs *clientHandshakeStateTLS13) sendDummyChangeCipherSpec() error {
+ if hs.sentDummyCCS {
+ return nil
+ }
+ hs.sentDummyCCS = true
+
+ _, err := hs.c.writeRecord(recordTypeChangeCipherSpec, []byte{1})
+ return err
+}
+
+// processHelloRetryRequest handles the HRR in hs.serverHello, modifies and
+// resends hs.hello, and reads the new ServerHello into hs.serverHello.
+func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
+ c := hs.c
+
+ // The first ClientHello gets double-hashed into the transcript upon a
+ // HelloRetryRequest. See RFC 8446, Section 4.4.1.
+ chHash := hs.transcript.Sum(nil)
+ hs.transcript.Reset()
+ hs.transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))})
+ hs.transcript.Write(chHash)
+ hs.transcript.Write(hs.serverHello.marshal())
+
+ if hs.serverHello.serverShare.group != 0 {
+ c.sendAlert(alertDecodeError)
+ return errors.New("tls: received malformed key_share extension")
+ }
+
+ curveID := hs.serverHello.selectedGroup
+ if curveID == 0 {
+ c.sendAlert(alertMissingExtension)
+ return errors.New("tls: received HelloRetryRequest without selected group")
+ }
+ curveOK := false
+ for _, id := range hs.hello.supportedCurves {
+ if id == curveID {
+ curveOK = true
+ break
+ }
+ }
+ if !curveOK {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server selected unsupported group")
+ }
+ if hs.ecdheParams.CurveID() == curveID {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server sent an unnecessary HelloRetryRequest message")
+ }
+ if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
+ c.sendAlert(alertInternalError)
+ return errors.New("tls: CurvePreferences includes unsupported curve")
+ }
+ params, err := generateECDHEParameters(c.config.rand(), curveID)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ hs.ecdheParams = params
+ hs.hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
+
+ hs.hello.cookie = hs.serverHello.cookie
+
+ hs.hello.raw = nil
+ if len(hs.hello.pskIdentities) > 0 {
+ pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite)
+ if pskSuite == nil {
+ return c.sendAlert(alertInternalError)
+ }
+ if pskSuite.hash == hs.suite.hash {
+ // Update binders and obfuscated_ticket_age.
+ ticketAge := uint32(c.config.time().Sub(hs.session.receivedAt) / time.Millisecond)
+ hs.hello.pskIdentities[0].obfuscatedTicketAge = ticketAge + hs.session.ageAdd
+
+ transcript := hs.suite.hash.New()
+ transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))})
+ transcript.Write(chHash)
+ transcript.Write(hs.serverHello.marshal())
+ transcript.Write(hs.hello.marshalWithoutBinders())
+ pskBinders := [][]byte{hs.suite.finishedHash(hs.binderKey, transcript)}
+ hs.hello.updateBinders(pskBinders)
+ } else {
+ // Server selected a cipher suite incompatible with the PSK.
+ hs.hello.pskIdentities = nil
+ hs.hello.pskBinders = nil
+ }
+ }
+
+ hs.transcript.Write(hs.hello.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
+ return err
+ }
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ serverHello, ok := msg.(*serverHelloMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(serverHello, msg)
+ }
+ hs.serverHello = serverHello
+
+ if err := hs.checkServerHelloOrHRR(); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) processServerHello() error {
+ c := hs.c
+
+ if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) {
+ c.sendAlert(alertUnexpectedMessage)
+ return errors.New("tls: server sent two HelloRetryRequest messages")
+ }
+
+ if len(hs.serverHello.cookie) != 0 {
+ c.sendAlert(alertUnsupportedExtension)
+ return errors.New("tls: server sent a cookie in a normal ServerHello")
+ }
+
+ if hs.serverHello.selectedGroup != 0 {
+ c.sendAlert(alertDecodeError)
+ return errors.New("tls: malformed key_share extension")
+ }
+
+ if hs.serverHello.serverShare.group == 0 {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server did not send a key share")
+ }
+ if hs.serverHello.serverShare.group != hs.ecdheParams.CurveID() {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server selected unsupported group")
+ }
+
+ if !hs.serverHello.selectedIdentityPresent {
+ return nil
+ }
+
+ if int(hs.serverHello.selectedIdentity) >= len(hs.hello.pskIdentities) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server selected an invalid PSK")
+ }
+
+ if len(hs.hello.pskIdentities) != 1 || hs.session == nil {
+ return c.sendAlert(alertInternalError)
+ }
+ pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite)
+ if pskSuite == nil {
+ return c.sendAlert(alertInternalError)
+ }
+ if pskSuite.hash != hs.suite.hash {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: server selected an invalid PSK and cipher suite pair")
+ }
+
+ hs.usingPSK = true
+ c.didResume = true
+ c.peerCertificates = hs.session.serverCertificates
+ c.verifiedChains = hs.session.verifiedChains
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
+ c := hs.c
+
+ sharedKey := hs.ecdheParams.SharedKey(hs.serverHello.serverShare.data)
+ if sharedKey == nil {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid server key share")
+ }
+
+ earlySecret := hs.earlySecret
+ if !hs.usingPSK {
+ earlySecret = hs.suite.extract(nil, nil)
+ }
+ handshakeSecret := hs.suite.extract(sharedKey,
+ hs.suite.deriveSecret(earlySecret, "derived", nil))
+
+ clientSecret := hs.suite.deriveSecret(handshakeSecret,
+ clientHandshakeTrafficLabel, hs.transcript)
+ c.out.setTrafficSecret(hs.suite, clientSecret)
+ serverSecret := hs.suite.deriveSecret(handshakeSecret,
+ serverHandshakeTrafficLabel, hs.transcript)
+ c.in.setTrafficSecret(hs.suite, serverSecret)
+
+ err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.hello.random, clientSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ err = c.config.writeKeyLog(keyLogLabelServerHandshake, hs.hello.random, serverSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+
+ hs.masterSecret = hs.suite.extract(nil,
+ hs.suite.deriveSecret(handshakeSecret, "derived", nil))
+
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) readServerParameters() error {
+ c := hs.c
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ encryptedExtensions, ok := msg.(*encryptedExtensionsMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(encryptedExtensions, msg)
+ }
+ hs.transcript.Write(encryptedExtensions.marshal())
+
+ if len(encryptedExtensions.alpnProtocol) != 0 && len(hs.hello.alpnProtocols) == 0 {
+ c.sendAlert(alertUnsupportedExtension)
+ return errors.New("tls: server advertised unrequested ALPN extension")
+ }
+ c.clientProtocol = encryptedExtensions.alpnProtocol
+
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
+ c := hs.c
+
+ // Either a PSK or a certificate is always used, but not both.
+ // See RFC 8446, Section 4.1.1.
+ if hs.usingPSK {
+ return nil
+ }
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ certReq, ok := msg.(*certificateRequestMsgTLS13)
+ if ok {
+ hs.transcript.Write(certReq.marshal())
+
+ hs.certReq = certReq
+
+ msg, err = c.readHandshake()
+ if err != nil {
+ return err
+ }
+ }
+
+ certMsg, ok := msg.(*certificateMsgTLS13)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(certMsg, msg)
+ }
+ if len(certMsg.certificate.Certificate) == 0 {
+ c.sendAlert(alertDecodeError)
+ return errors.New("tls: received empty certificates message")
+ }
+ hs.transcript.Write(certMsg.marshal())
+
+ c.scts = certMsg.certificate.SignedCertificateTimestamps
+ c.ocspResponse = certMsg.certificate.OCSPStaple
+
+ if err := c.verifyServerCertificate(certMsg.certificate.Certificate); err != nil {
+ return err
+ }
+
+ msg, err = c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ certVerify, ok := msg.(*certificateVerifyMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(certVerify, msg)
+ }
+
+ // See RFC 8446, Section 4.4.3.
+ if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid certificate signature algorithm")
+ }
+ sigType := signatureFromSignatureScheme(certVerify.signatureAlgorithm)
+ sigHash, err := hashFromSignatureScheme(certVerify.signatureAlgorithm)
+ if sigType == 0 || err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid certificate signature algorithm")
+ }
+ h := sigHash.New()
+ writeSignedMessage(h, serverSignatureContext, hs.transcript)
+ if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
+ sigHash, h.Sum(nil), certVerify.signature); err != nil {
+ c.sendAlert(alertDecryptError)
+ return errors.New("tls: invalid certificate signature")
+ }
+
+ hs.transcript.Write(certVerify.marshal())
+
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) readServerFinished() error {
+ c := hs.c
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ finished, ok := msg.(*finishedMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(finished, msg)
+ }
+
+ expectedMAC := hs.suite.finishedHash(c.in.trafficSecret, hs.transcript)
+ if !hmac.Equal(expectedMAC, finished.verifyData) {
+ c.sendAlert(alertDecryptError)
+ return errors.New("tls: invalid server finished hash")
+ }
+
+ hs.transcript.Write(finished.marshal())
+
+ // Derive secrets that take context through the server Finished.
+
+ hs.trafficSecret = hs.suite.deriveSecret(hs.masterSecret,
+ clientApplicationTrafficLabel, hs.transcript)
+ serverSecret := hs.suite.deriveSecret(hs.masterSecret,
+ serverApplicationTrafficLabel, hs.transcript)
+ c.in.setTrafficSecret(hs.suite, serverSecret)
+
+ err = c.config.writeKeyLog(keyLogLabelClientTraffic, hs.hello.random, hs.trafficSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.hello.random, serverSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+
+ c.ekm = hs.suite.exportKeyingMaterial(hs.masterSecret, hs.transcript)
+
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) sendClientCertificate() error {
+ c := hs.c
+
+ if hs.certReq == nil {
+ return nil
+ }
+
+ cert, err := c.getClientCertificate(&CertificateRequestInfo{
+ AcceptableCAs: hs.certReq.certificateAuthorities,
+ SignatureSchemes: hs.certReq.supportedSignatureAlgorithms,
+ })
+ if err != nil {
+ return err
+ }
+
+ certMsg := new(certificateMsgTLS13)
+
+ certMsg.certificate = *cert
+ certMsg.scts = hs.certReq.scts && len(cert.SignedCertificateTimestamps) > 0
+ certMsg.ocspStapling = hs.certReq.ocspStapling && len(cert.OCSPStaple) > 0
+
+ hs.transcript.Write(certMsg.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil {
+ return err
+ }
+
+ // If we sent an empty certificate message, skip the CertificateVerify.
+ if len(cert.Certificate) == 0 {
+ return nil
+ }
+
+ certVerifyMsg := new(certificateVerifyMsg)
+ certVerifyMsg.hasSignatureAlgorithm = true
+
+ supportedAlgs := signatureSchemesForCertificate(c.vers, cert)
+ if supportedAlgs == nil {
+ c.sendAlert(alertInternalError)
+ return unsupportedCertificateError(cert)
+ }
+ // Pick signature scheme in server preference order, as the client
+ // preference order is not configurable.
+ for _, preferredAlg := range hs.certReq.supportedSignatureAlgorithms {
+ if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
+ certVerifyMsg.signatureAlgorithm = preferredAlg
+ break
+ }
+ }
+ if certVerifyMsg.signatureAlgorithm == 0 {
+ // getClientCertificate returned a certificate incompatible with the
+ // CertificateRequestInfo supported signature algorithms.
+ c.sendAlert(alertHandshakeFailure)
+ return errors.New("tls: server doesn't support selected certificate")
+ }
+
+ sigType := signatureFromSignatureScheme(certVerifyMsg.signatureAlgorithm)
+ sigHash, err := hashFromSignatureScheme(certVerifyMsg.signatureAlgorithm)
+ if sigType == 0 || err != nil {
+ return c.sendAlert(alertInternalError)
+ }
+ h := sigHash.New()
+ writeSignedMessage(h, clientSignatureContext, hs.transcript)
+
+ signOpts := crypto.SignerOpts(sigHash)
+ if sigType == signatureRSAPSS {
+ signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
+ }
+ sig, err := cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), h.Sum(nil), signOpts)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return errors.New("tls: failed to sign handshake: " + err.Error())
+ }
+ certVerifyMsg.signature = sig
+
+ hs.transcript.Write(certVerifyMsg.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, certVerifyMsg.marshal()); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (hs *clientHandshakeStateTLS13) sendClientFinished() error {
+ c := hs.c
+
+ finished := &finishedMsg{
+ verifyData: hs.suite.finishedHash(c.out.trafficSecret, hs.transcript),
+ }
+
+ hs.transcript.Write(finished.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil {
+ return err
+ }
+
+ c.out.setTrafficSecret(hs.suite, hs.trafficSecret)
+
+ if !c.config.SessionTicketsDisabled && c.config.ClientSessionCache != nil {
+ c.resumptionSecret = hs.suite.deriveSecret(hs.masterSecret,
+ resumptionLabel, hs.transcript)
+ }
+
+ return nil
+}
+
+func (c *Conn) handleNewSessionTicket(msg *newSessionTicketMsgTLS13) error {
+ if !c.isClient {
+ c.sendAlert(alertUnexpectedMessage)
+ return errors.New("tls: received new session ticket from a client")
+ }
+
+ if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil {
+ return nil
+ }
+
+ // See RFC 8446, Section 4.6.1.
+ if msg.lifetime == 0 {
+ return nil
+ }
+ lifetime := time.Duration(msg.lifetime) * time.Second
+ if lifetime > maxSessionTicketLifetime {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: received a session ticket with invalid lifetime")
+ }
+
+ cipherSuite := cipherSuiteTLS13ByID(c.cipherSuite)
+ if cipherSuite == nil || c.resumptionSecret == nil {
+ return c.sendAlert(alertInternalError)
+ }
+
+ // Save the resumption_master_secret and nonce instead of deriving the PSK
+ // to do the least amount of work on NewSessionTicket messages before we
+ // know if the ticket will be used. Forward secrecy of resumed connections
+ // is guaranteed by the requirement for pskModeDHE.
+ session := &ClientSessionState{
+ sessionTicket: msg.label,
+ vers: c.vers,
+ cipherSuite: c.cipherSuite,
+ masterSecret: c.resumptionSecret,
+ serverCertificates: c.peerCertificates,
+ verifiedChains: c.verifiedChains,
+ receivedAt: c.config.time(),
+ nonce: msg.nonce,
+ useBy: c.config.time().Add(lifetime),
+ ageAdd: msg.ageAdd,
+ }
+
+ cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
+ c.config.ClientSessionCache.Put(cacheKey, session)
+
+ return nil
+}
diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index a5bf10e..c0e049b 100644
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go
@@ -5,55 +5,93 @@
package tls
import (
- "bytes"
+ "fmt"
+ "internal/x/crypto/cryptobyte"
"strings"
)
-type clientHelloMsg struct {
- raw []byte
- vers uint16
- random []byte
- sessionId []byte
- cipherSuites []uint16
- compressionMethods []uint8
- nextProtoNeg bool
- serverName string
- ocspStapling bool
- scts bool
- supportedCurves []CurveID
- supportedPoints []uint8
- ticketSupported bool
- sessionTicket []uint8
- supportedSignatureAlgorithms []SignatureScheme
- secureRenegotiation []byte
- secureRenegotiationSupported bool
- alpnProtocols []string
+// The marshalingFunction type is an adapter to allow the use of ordinary
+// functions as cryptobyte.MarshalingValue.
+type marshalingFunction func(b *cryptobyte.Builder) error
+
+func (f marshalingFunction) Marshal(b *cryptobyte.Builder) error {
+ return f(b)
}
-func (m *clientHelloMsg) equal(i interface{}) bool {
- m1, ok := i.(*clientHelloMsg)
- if !ok {
+// addBytesWithLength appends a sequence of bytes to the cryptobyte.Builder. If
+// the length of the sequence is not the value specified, it produces an error.
+func addBytesWithLength(b *cryptobyte.Builder, v []byte, n int) {
+ b.AddValue(marshalingFunction(func(b *cryptobyte.Builder) error {
+ if len(v) != n {
+ return fmt.Errorf("invalid value length: expected %d, got %d", n, len(v))
+ }
+ b.AddBytes(v)
+ return nil
+ }))
+}
+
+// addUint64 appends a big-endian, 64-bit value to the cryptobyte.Builder.
+func addUint64(b *cryptobyte.Builder, v uint64) {
+ b.AddUint32(uint32(v >> 32))
+ b.AddUint32(uint32(v))
+}
+
+// readUint64 decodes a big-endian, 64-bit value into out and advances over it.
+// It reports whether the read was successful.
+func readUint64(s *cryptobyte.String, out *uint64) bool {
+ var hi, lo uint32
+ if !s.ReadUint32(&hi) || !s.ReadUint32(&lo) {
return false
}
+ *out = uint64(hi)<<32 | uint64(lo)
+ return true
+}
- return bytes.Equal(m.raw, m1.raw) &&
- m.vers == m1.vers &&
- bytes.Equal(m.random, m1.random) &&
- bytes.Equal(m.sessionId, m1.sessionId) &&
- eqUint16s(m.cipherSuites, m1.cipherSuites) &&
- bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
- m.nextProtoNeg == m1.nextProtoNeg &&
- m.serverName == m1.serverName &&
- m.ocspStapling == m1.ocspStapling &&
- m.scts == m1.scts &&
- eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
- bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
- m.ticketSupported == m1.ticketSupported &&
- bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
- eqSignatureAlgorithms(m.supportedSignatureAlgorithms, m1.supportedSignatureAlgorithms) &&
- m.secureRenegotiationSupported == m1.secureRenegotiationSupported &&
- bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
- eqStrings(m.alpnProtocols, m1.alpnProtocols)
+// readUint8LengthPrefixed acts like s.ReadUint8LengthPrefixed, but targets a
+// []byte instead of a cryptobyte.String.
+func readUint8LengthPrefixed(s *cryptobyte.String, out *[]byte) bool {
+ return s.ReadUint8LengthPrefixed((*cryptobyte.String)(out))
+}
+
+// readUint16LengthPrefixed acts like s.ReadUint16LengthPrefixed, but targets a
+// []byte instead of a cryptobyte.String.
+func readUint16LengthPrefixed(s *cryptobyte.String, out *[]byte) bool {
+ return s.ReadUint16LengthPrefixed((*cryptobyte.String)(out))
+}
+
+// readUint24LengthPrefixed acts like s.ReadUint24LengthPrefixed, but targets a
+// []byte instead of a cryptobyte.String.
+func readUint24LengthPrefixed(s *cryptobyte.String, out *[]byte) bool {
+ return s.ReadUint24LengthPrefixed((*cryptobyte.String)(out))
+}
+
+type clientHelloMsg struct {
+ raw []byte
+ vers uint16
+ random []byte
+ sessionId []byte
+ cipherSuites []uint16
+ compressionMethods []uint8
+ nextProtoNeg bool
+ serverName string
+ ocspStapling bool
+ supportedCurves []CurveID
+ supportedPoints []uint8
+ ticketSupported bool
+ sessionTicket []uint8
+ supportedSignatureAlgorithms []SignatureScheme
+ supportedSignatureAlgorithmsCert []SignatureScheme
+ secureRenegotiationSupported bool
+ secureRenegotiation []byte
+ alpnProtocols []string
+ scts bool
+ supportedVersions []uint16
+ cookie []byte
+ keyShares []keyShare
+ earlyData bool
+ pskModes []uint8
+ pskIdentities []pskIdentity
+ pskBinders [][]byte
}
func (m *clientHelloMsg) marshal() []byte {
@@ -61,443 +99,499 @@
return m.raw
}
- length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
- numExtensions := 0
- extensionsLength := 0
- if m.nextProtoNeg {
- numExtensions++
- }
- if m.ocspStapling {
- extensionsLength += 1 + 2 + 2
- numExtensions++
- }
- if len(m.serverName) > 0 {
- extensionsLength += 5 + len(m.serverName)
- numExtensions++
- }
- if len(m.supportedCurves) > 0 {
- extensionsLength += 2 + 2*len(m.supportedCurves)
- numExtensions++
- }
- if len(m.supportedPoints) > 0 {
- extensionsLength += 1 + len(m.supportedPoints)
- numExtensions++
- }
- if m.ticketSupported {
- extensionsLength += len(m.sessionTicket)
- numExtensions++
- }
- if len(m.supportedSignatureAlgorithms) > 0 {
- extensionsLength += 2 + 2*len(m.supportedSignatureAlgorithms)
- numExtensions++
- }
- if m.secureRenegotiationSupported {
- extensionsLength += 1 + len(m.secureRenegotiation)
- numExtensions++
- }
- if len(m.alpnProtocols) > 0 {
- extensionsLength += 2
- for _, s := range m.alpnProtocols {
- if l := len(s); l == 0 || l > 255 {
- panic("invalid ALPN protocol")
+ var b cryptobyte.Builder
+ b.AddUint8(typeClientHello)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16(m.vers)
+ addBytesWithLength(b, m.random, 32)
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.sessionId)
+ })
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, suite := range m.cipherSuites {
+ b.AddUint16(suite)
}
- extensionsLength++
- extensionsLength += len(s)
+ })
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.compressionMethods)
+ })
+
+ // If extensions aren't present, omit them.
+ var extensionsPresent bool
+ bWithoutExtensions := *b
+
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ if m.nextProtoNeg {
+ // draft-agl-tls-nextprotoneg-04
+ b.AddUint16(extensionNextProtoNeg)
+ b.AddUint16(0) // empty extension_data
+ }
+ if len(m.serverName) > 0 {
+ // RFC 6066, Section 3
+ b.AddUint16(extensionServerName)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8(0) // name_type = host_name
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes([]byte(m.serverName))
+ })
+ })
+ })
+ }
+ if m.ocspStapling {
+ // RFC 4366, Section 3.6
+ b.AddUint16(extensionStatusRequest)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8(1) // status_type = ocsp
+ b.AddUint16(0) // empty responder_id_list
+ b.AddUint16(0) // empty request_extensions
+ })
+ }
+ if len(m.supportedCurves) > 0 {
+ // RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7
+ b.AddUint16(extensionSupportedCurves)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, curve := range m.supportedCurves {
+ b.AddUint16(uint16(curve))
+ }
+ })
+ })
+ }
+ if len(m.supportedPoints) > 0 {
+ // RFC 4492, Section 5.1.2
+ b.AddUint16(extensionSupportedPoints)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.supportedPoints)
+ })
+ })
+ }
+ if m.ticketSupported {
+ // RFC 5077, Section 3.2
+ b.AddUint16(extensionSessionTicket)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.sessionTicket)
+ })
+ }
+ if len(m.supportedSignatureAlgorithms) > 0 {
+ // RFC 5246, Section 7.4.1.4.1
+ b.AddUint16(extensionSignatureAlgorithms)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, sigAlgo := range m.supportedSignatureAlgorithms {
+ b.AddUint16(uint16(sigAlgo))
+ }
+ })
+ })
+ }
+ if len(m.supportedSignatureAlgorithmsCert) > 0 {
+ // RFC 8446, Section 4.2.3
+ b.AddUint16(extensionSignatureAlgorithmsCert)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, sigAlgo := range m.supportedSignatureAlgorithmsCert {
+ b.AddUint16(uint16(sigAlgo))
+ }
+ })
+ })
+ }
+ if m.secureRenegotiationSupported {
+ // RFC 5746, Section 3.2
+ b.AddUint16(extensionRenegotiationInfo)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.secureRenegotiation)
+ })
+ })
+ }
+ if len(m.alpnProtocols) > 0 {
+ // RFC 7301, Section 3.1
+ b.AddUint16(extensionALPN)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, proto := range m.alpnProtocols {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes([]byte(proto))
+ })
+ }
+ })
+ })
+ }
+ if m.scts {
+ // RFC 6962, Section 3.3.1
+ b.AddUint16(extensionSCT)
+ b.AddUint16(0) // empty extension_data
+ }
+ if len(m.supportedVersions) > 0 {
+ // RFC 8446, Section 4.2.1
+ b.AddUint16(extensionSupportedVersions)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, vers := range m.supportedVersions {
+ b.AddUint16(vers)
+ }
+ })
+ })
+ }
+ if len(m.cookie) > 0 {
+ // RFC 8446, Section 4.2.2
+ b.AddUint16(extensionCookie)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.cookie)
+ })
+ })
+ }
+ if len(m.keyShares) > 0 {
+ // RFC 8446, Section 4.2.8
+ b.AddUint16(extensionKeyShare)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, ks := range m.keyShares {
+ b.AddUint16(uint16(ks.group))
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(ks.data)
+ })
+ }
+ })
+ })
+ }
+ if m.earlyData {
+ // RFC 8446, Section 4.2.10
+ b.AddUint16(extensionEarlyData)
+ b.AddUint16(0) // empty extension_data
+ }
+ if len(m.pskModes) > 0 {
+ // RFC 8446, Section 4.2.9
+ b.AddUint16(extensionPSKModes)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.pskModes)
+ })
+ })
+ }
+ if len(m.pskIdentities) > 0 { // pre_shared_key must be the last extension
+ // RFC 8446, Section 4.2.11
+ b.AddUint16(extensionPreSharedKey)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, psk := range m.pskIdentities {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(psk.label)
+ })
+ b.AddUint32(psk.obfuscatedTicketAge)
+ }
+ })
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, binder := range m.pskBinders {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(binder)
+ })
+ }
+ })
+ })
+ }
+
+ extensionsPresent = len(b.BytesOrPanic()) > 2
+ })
+
+ if !extensionsPresent {
+ *b = bWithoutExtensions
}
- numExtensions++
- }
- if m.scts {
- numExtensions++
- }
- if numExtensions > 0 {
- extensionsLength += 4 * numExtensions
- length += 2 + extensionsLength
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
+}
+
+// marshalWithoutBinders returns the ClientHello through the
+// PreSharedKeyExtension.identities field, according to RFC 8446, Section
+// 4.2.11.2. Note that m.pskBinders must be set to slices of the correct length.
+func (m *clientHelloMsg) marshalWithoutBinders() []byte {
+ bindersLen := 2 // uint16 length prefix
+ for _, binder := range m.pskBinders {
+ bindersLen += 1 // uint8 length prefix
+ bindersLen += len(binder)
}
- x := make([]byte, 4+length)
- x[0] = typeClientHello
- x[1] = uint8(length >> 16)
- x[2] = uint8(length >> 8)
- x[3] = uint8(length)
- x[4] = uint8(m.vers >> 8)
- x[5] = uint8(m.vers)
- copy(x[6:38], m.random)
- x[38] = uint8(len(m.sessionId))
- copy(x[39:39+len(m.sessionId)], m.sessionId)
- y := x[39+len(m.sessionId):]
- y[0] = uint8(len(m.cipherSuites) >> 7)
- y[1] = uint8(len(m.cipherSuites) << 1)
- for i, suite := range m.cipherSuites {
- y[2+i*2] = uint8(suite >> 8)
- y[3+i*2] = uint8(suite)
- }
- z := y[2+len(m.cipherSuites)*2:]
- z[0] = uint8(len(m.compressionMethods))
- copy(z[1:], m.compressionMethods)
+ fullMessage := m.marshal()
+ return fullMessage[:len(fullMessage)-bindersLen]
+}
- z = z[1+len(m.compressionMethods):]
- if numExtensions > 0 {
- z[0] = byte(extensionsLength >> 8)
- z[1] = byte(extensionsLength)
- z = z[2:]
+// updateBinders updates the m.pskBinders field, if necessary updating the
+// cached marshalled representation. The supplied binders must have the same
+// length as the current m.pskBinders.
+func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) {
+ if len(pskBinders) != len(m.pskBinders) {
+ panic("tls: internal error: pskBinders length mismatch")
}
- if m.nextProtoNeg {
- z[0] = byte(extensionNextProtoNeg >> 8)
- z[1] = byte(extensionNextProtoNeg & 0xff)
- // The length is always 0
- z = z[4:]
- }
- if len(m.serverName) > 0 {
- z[0] = byte(extensionServerName >> 8)
- z[1] = byte(extensionServerName & 0xff)
- l := len(m.serverName) + 5
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- z = z[4:]
-
- // RFC 3546, section 3.1
- //
- // struct {
- // NameType name_type;
- // select (name_type) {
- // case host_name: HostName;
- // } name;
- // } ServerName;
- //
- // enum {
- // host_name(0), (255)
- // } NameType;
- //
- // opaque HostName<1..2^16-1>;
- //
- // struct {
- // ServerName server_name_list<1..2^16-1>
- // } ServerNameList;
-
- z[0] = byte((len(m.serverName) + 3) >> 8)
- z[1] = byte(len(m.serverName) + 3)
- z[3] = byte(len(m.serverName) >> 8)
- z[4] = byte(len(m.serverName))
- copy(z[5:], []byte(m.serverName))
- z = z[l:]
- }
- if m.ocspStapling {
- // RFC 4366, section 3.6
- z[0] = byte(extensionStatusRequest >> 8)
- z[1] = byte(extensionStatusRequest)
- z[2] = 0
- z[3] = 5
- z[4] = 1 // OCSP type
- // Two zero valued uint16s for the two lengths.
- z = z[9:]
- }
- if len(m.supportedCurves) > 0 {
- // https://tools.ietf.org/html/rfc4492#section-5.5.1
- z[0] = byte(extensionSupportedCurves >> 8)
- z[1] = byte(extensionSupportedCurves)
- l := 2 + 2*len(m.supportedCurves)
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- l -= 2
- z[4] = byte(l >> 8)
- z[5] = byte(l)
- z = z[6:]
- for _, curve := range m.supportedCurves {
- z[0] = byte(curve >> 8)
- z[1] = byte(curve)
- z = z[2:]
+ for i := range m.pskBinders {
+ if len(pskBinders[i]) != len(m.pskBinders[i]) {
+ panic("tls: internal error: pskBinders length mismatch")
}
}
- if len(m.supportedPoints) > 0 {
- // https://tools.ietf.org/html/rfc4492#section-5.5.2
- z[0] = byte(extensionSupportedPoints >> 8)
- z[1] = byte(extensionSupportedPoints)
- l := 1 + len(m.supportedPoints)
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- l--
- z[4] = byte(l)
- z = z[5:]
- for _, pointFormat := range m.supportedPoints {
- z[0] = pointFormat
- z = z[1:]
+ m.pskBinders = pskBinders
+ if m.raw != nil {
+ lenWithoutBinders := len(m.marshalWithoutBinders())
+ // TODO(filippo): replace with NewFixedBuilder once CL 148882 is imported.
+ b := cryptobyte.NewBuilder(m.raw[:lenWithoutBinders])
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, binder := range m.pskBinders {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(binder)
+ })
+ }
+ })
+ if len(b.BytesOrPanic()) != len(m.raw) {
+ panic("tls: internal error: failed to update binders")
}
}
- if m.ticketSupported {
- // https://tools.ietf.org/html/rfc5077#section-3.2
- z[0] = byte(extensionSessionTicket >> 8)
- z[1] = byte(extensionSessionTicket)
- l := len(m.sessionTicket)
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- z = z[4:]
- copy(z, m.sessionTicket)
- z = z[len(m.sessionTicket):]
- }
- if len(m.supportedSignatureAlgorithms) > 0 {
- // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
- z[0] = byte(extensionSignatureAlgorithms >> 8)
- z[1] = byte(extensionSignatureAlgorithms)
- l := 2 + 2*len(m.supportedSignatureAlgorithms)
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- z = z[4:]
-
- l -= 2
- z[0] = byte(l >> 8)
- z[1] = byte(l)
- z = z[2:]
- for _, sigAlgo := range m.supportedSignatureAlgorithms {
- z[0] = byte(sigAlgo >> 8)
- z[1] = byte(sigAlgo)
- z = z[2:]
- }
- }
- if m.secureRenegotiationSupported {
- z[0] = byte(extensionRenegotiationInfo >> 8)
- z[1] = byte(extensionRenegotiationInfo & 0xff)
- z[2] = 0
- z[3] = byte(len(m.secureRenegotiation) + 1)
- z[4] = byte(len(m.secureRenegotiation))
- z = z[5:]
- copy(z, m.secureRenegotiation)
- z = z[len(m.secureRenegotiation):]
- }
- if len(m.alpnProtocols) > 0 {
- z[0] = byte(extensionALPN >> 8)
- z[1] = byte(extensionALPN & 0xff)
- lengths := z[2:]
- z = z[6:]
-
- stringsLength := 0
- for _, s := range m.alpnProtocols {
- l := len(s)
- z[0] = byte(l)
- copy(z[1:], s)
- z = z[1+l:]
- stringsLength += 1 + l
- }
-
- lengths[2] = byte(stringsLength >> 8)
- lengths[3] = byte(stringsLength)
- stringsLength += 2
- lengths[0] = byte(stringsLength >> 8)
- lengths[1] = byte(stringsLength)
- }
- if m.scts {
- // https://tools.ietf.org/html/rfc6962#section-3.3.1
- z[0] = byte(extensionSCT >> 8)
- z[1] = byte(extensionSCT)
- // zero uint16 for the zero-length extension_data
- z = z[4:]
- }
-
- m.raw = x
-
- return x
}
func (m *clientHelloMsg) unmarshal(data []byte) bool {
- if len(data) < 42 {
+ *m = clientHelloMsg{raw: data}
+ s := cryptobyte.String(data)
+
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint16(&m.vers) || !s.ReadBytes(&m.random, 32) ||
+ !readUint8LengthPrefixed(&s, &m.sessionId) {
return false
}
- m.raw = data
- m.vers = uint16(data[4])<<8 | uint16(data[5])
- m.random = data[6:38]
- sessionIdLen := int(data[38])
- if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
+
+ var cipherSuites cryptobyte.String
+ if !s.ReadUint16LengthPrefixed(&cipherSuites) {
return false
}
- m.sessionId = data[39 : 39+sessionIdLen]
- data = data[39+sessionIdLen:]
- if len(data) < 2 {
- return false
- }
- // cipherSuiteLen is the number of bytes of cipher suite numbers. Since
- // they are uint16s, the number must be even.
- cipherSuiteLen := int(data[0])<<8 | int(data[1])
- if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
- return false
- }
- numCipherSuites := cipherSuiteLen / 2
- m.cipherSuites = make([]uint16, numCipherSuites)
- for i := 0; i < numCipherSuites; i++ {
- m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
- if m.cipherSuites[i] == scsvRenegotiation {
+ m.cipherSuites = []uint16{}
+ m.secureRenegotiationSupported = false
+ for !cipherSuites.Empty() {
+ var suite uint16
+ if !cipherSuites.ReadUint16(&suite) {
+ return false
+ }
+ if suite == scsvRenegotiation {
m.secureRenegotiationSupported = true
}
+ m.cipherSuites = append(m.cipherSuites, suite)
}
- data = data[2+cipherSuiteLen:]
- if len(data) < 1 {
+
+ if !readUint8LengthPrefixed(&s, &m.compressionMethods) {
return false
}
- compressionMethodsLen := int(data[0])
- if len(data) < 1+compressionMethodsLen {
- return false
- }
- m.compressionMethods = data[1 : 1+compressionMethodsLen]
- data = data[1+compressionMethodsLen:]
-
- m.nextProtoNeg = false
- m.serverName = ""
- m.ocspStapling = false
- m.ticketSupported = false
- m.sessionTicket = nil
- m.supportedSignatureAlgorithms = nil
- m.alpnProtocols = nil
- m.scts = false
-
- if len(data) == 0 {
+ if s.Empty() {
// ClientHello is optionally followed by extension data
return true
}
- if len(data) < 2 {
+
+ var extensions cryptobyte.String
+ if !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() {
return false
}
- extensionsLength := int(data[0])<<8 | int(data[1])
- data = data[2:]
- if extensionsLength != len(data) {
- return false
- }
-
- for len(data) != 0 {
- if len(data) < 4 {
- return false
- }
- extension := uint16(data[0])<<8 | uint16(data[1])
- length := int(data[2])<<8 | int(data[3])
- data = data[4:]
- if len(data) < length {
+ for !extensions.Empty() {
+ var extension uint16
+ var extData cryptobyte.String
+ if !extensions.ReadUint16(&extension) ||
+ !extensions.ReadUint16LengthPrefixed(&extData) {
return false
}
switch extension {
case extensionServerName:
- d := data[:length]
- if len(d) < 2 {
+ // RFC 6066, Section 3
+ var nameList cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&nameList) || nameList.Empty() {
return false
}
- namesLen := int(d[0])<<8 | int(d[1])
- d = d[2:]
- if len(d) != namesLen {
- return false
- }
- for len(d) > 0 {
- if len(d) < 3 {
+ for !nameList.Empty() {
+ var nameType uint8
+ var serverName cryptobyte.String
+ if !nameList.ReadUint8(&nameType) ||
+ !nameList.ReadUint16LengthPrefixed(&serverName) ||
+ serverName.Empty() {
return false
}
- nameType := d[0]
- nameLen := int(d[1])<<8 | int(d[2])
- d = d[3:]
- if len(d) < nameLen {
+ if nameType != 0 {
+ continue
+ }
+ if len(m.serverName) != 0 {
+ // Multiple names of the same name_type are prohibited.
return false
}
- if nameType == 0 {
- m.serverName = string(d[:nameLen])
- // An SNI value may not include a
- // trailing dot. See
- // https://tools.ietf.org/html/rfc6066#section-3.
- if strings.HasSuffix(m.serverName, ".") {
- return false
- }
- break
+ m.serverName = string(serverName)
+ // An SNI value may not include a trailing dot.
+ if strings.HasSuffix(m.serverName, ".") {
+ return false
}
- d = d[nameLen:]
}
case extensionNextProtoNeg:
- if length > 0 {
- return false
- }
+ // draft-agl-tls-nextprotoneg-04
m.nextProtoNeg = true
case extensionStatusRequest:
- m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
+ // RFC 4366, Section 3.6
+ var statusType uint8
+ var ignored cryptobyte.String
+ if !extData.ReadUint8(&statusType) ||
+ !extData.ReadUint16LengthPrefixed(&ignored) ||
+ !extData.ReadUint16LengthPrefixed(&ignored) {
+ return false
+ }
+ m.ocspStapling = statusType == statusTypeOCSP
case extensionSupportedCurves:
- // https://tools.ietf.org/html/rfc4492#section-5.5.1
- if length < 2 {
+ // RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7
+ var curves cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&curves) || curves.Empty() {
return false
}
- l := int(data[0])<<8 | int(data[1])
- if l%2 == 1 || length != l+2 {
- return false
- }
- numCurves := l / 2
- m.supportedCurves = make([]CurveID, numCurves)
- d := data[2:]
- for i := 0; i < numCurves; i++ {
- m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
- d = d[2:]
- }
- case extensionSupportedPoints:
- // https://tools.ietf.org/html/rfc4492#section-5.5.2
- if length < 1 {
- return false
- }
- l := int(data[0])
- if length != l+1 {
- return false
- }
- m.supportedPoints = make([]uint8, l)
- copy(m.supportedPoints, data[1:])
- case extensionSessionTicket:
- // https://tools.ietf.org/html/rfc5077#section-3.2
- m.ticketSupported = true
- m.sessionTicket = data[:length]
- case extensionSignatureAlgorithms:
- // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
- if length < 2 || length&1 != 0 {
- return false
- }
- l := int(data[0])<<8 | int(data[1])
- if l != length-2 {
- return false
- }
- n := l / 2
- d := data[2:]
- m.supportedSignatureAlgorithms = make([]SignatureScheme, n)
- for i := range m.supportedSignatureAlgorithms {
- m.supportedSignatureAlgorithms[i] = SignatureScheme(d[0])<<8 | SignatureScheme(d[1])
- d = d[2:]
- }
- case extensionRenegotiationInfo:
- if length == 0 {
- return false
- }
- d := data[:length]
- l := int(d[0])
- d = d[1:]
- if l != len(d) {
- return false
- }
-
- m.secureRenegotiation = d
- m.secureRenegotiationSupported = true
- case extensionALPN:
- if length < 2 {
- return false
- }
- l := int(data[0])<<8 | int(data[1])
- if l != length-2 {
- return false
- }
- d := data[2:length]
- for len(d) != 0 {
- stringLen := int(d[0])
- d = d[1:]
- if stringLen == 0 || stringLen > len(d) {
+ for !curves.Empty() {
+ var curve uint16
+ if !curves.ReadUint16(&curve) {
return false
}
- m.alpnProtocols = append(m.alpnProtocols, string(d[:stringLen]))
- d = d[stringLen:]
+ m.supportedCurves = append(m.supportedCurves, CurveID(curve))
}
- case extensionSCT:
- m.scts = true
- if length != 0 {
+ case extensionSupportedPoints:
+ // RFC 4492, Section 5.1.2
+ if !readUint8LengthPrefixed(&extData, &m.supportedPoints) ||
+ len(m.supportedPoints) == 0 {
return false
}
+ case extensionSessionTicket:
+ // RFC 5077, Section 3.2
+ m.ticketSupported = true
+ extData.ReadBytes(&m.sessionTicket, len(extData))
+ case extensionSignatureAlgorithms:
+ // RFC 5246, Section 7.4.1.4.1
+ var sigAndAlgs cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() {
+ return false
+ }
+ for !sigAndAlgs.Empty() {
+ var sigAndAlg uint16
+ if !sigAndAlgs.ReadUint16(&sigAndAlg) {
+ return false
+ }
+ m.supportedSignatureAlgorithms = append(
+ m.supportedSignatureAlgorithms, SignatureScheme(sigAndAlg))
+ }
+ case extensionSignatureAlgorithmsCert:
+ // RFC 8446, Section 4.2.3
+ var sigAndAlgs cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() {
+ return false
+ }
+ for !sigAndAlgs.Empty() {
+ var sigAndAlg uint16
+ if !sigAndAlgs.ReadUint16(&sigAndAlg) {
+ return false
+ }
+ m.supportedSignatureAlgorithmsCert = append(
+ m.supportedSignatureAlgorithmsCert, SignatureScheme(sigAndAlg))
+ }
+ case extensionRenegotiationInfo:
+ // RFC 5746, Section 3.2
+ if !readUint8LengthPrefixed(&extData, &m.secureRenegotiation) {
+ return false
+ }
+ m.secureRenegotiationSupported = true
+ case extensionALPN:
+ // RFC 7301, Section 3.1
+ var protoList cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&protoList) || protoList.Empty() {
+ return false
+ }
+ for !protoList.Empty() {
+ var proto cryptobyte.String
+ if !protoList.ReadUint8LengthPrefixed(&proto) || proto.Empty() {
+ return false
+ }
+ m.alpnProtocols = append(m.alpnProtocols, string(proto))
+ }
+ case extensionSCT:
+ // RFC 6962, Section 3.3.1
+ m.scts = true
+ case extensionSupportedVersions:
+ // RFC 8446, Section 4.2.1
+ var versList cryptobyte.String
+ if !extData.ReadUint8LengthPrefixed(&versList) || versList.Empty() {
+ return false
+ }
+ for !versList.Empty() {
+ var vers uint16
+ if !versList.ReadUint16(&vers) {
+ return false
+ }
+ m.supportedVersions = append(m.supportedVersions, vers)
+ }
+ case extensionCookie:
+ // RFC 8446, Section 4.2.2
+ if !readUint16LengthPrefixed(&extData, &m.cookie) ||
+ len(m.cookie) == 0 {
+ return false
+ }
+ case extensionKeyShare:
+ // RFC 8446, Section 4.2.8
+ var clientShares cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&clientShares) {
+ return false
+ }
+ for !clientShares.Empty() {
+ var ks keyShare
+ if !clientShares.ReadUint16((*uint16)(&ks.group)) ||
+ !readUint16LengthPrefixed(&clientShares, &ks.data) ||
+ len(ks.data) == 0 {
+ return false
+ }
+ m.keyShares = append(m.keyShares, ks)
+ }
+ case extensionEarlyData:
+ // RFC 8446, Section 4.2.10
+ m.earlyData = true
+ case extensionPSKModes:
+ // RFC 8446, Section 4.2.9
+ if !readUint8LengthPrefixed(&extData, &m.pskModes) {
+ return false
+ }
+ case extensionPreSharedKey:
+ // RFC 8446, Section 4.2.11
+ if !extensions.Empty() {
+ return false // pre_shared_key must be the last extension
+ }
+ var identities cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&identities) || identities.Empty() {
+ return false
+ }
+ for !identities.Empty() {
+ var psk pskIdentity
+ if !readUint16LengthPrefixed(&identities, &psk.label) ||
+ !identities.ReadUint32(&psk.obfuscatedTicketAge) ||
+ len(psk.label) == 0 {
+ return false
+ }
+ m.pskIdentities = append(m.pskIdentities, psk)
+ }
+ var binders cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&binders) || binders.Empty() {
+ return false
+ }
+ for !binders.Empty() {
+ var binder []byte
+ if !readUint8LengthPrefixed(&binders, &binder) ||
+ len(binder) == 0 {
+ return false
+ }
+ m.pskBinders = append(m.pskBinders, binder)
+ }
+ default:
+ // Ignore unknown extensions.
+ continue
}
- data = data[length:]
+
+ if !extData.Empty() {
+ return false
+ }
}
return true
@@ -513,41 +607,19 @@
nextProtoNeg bool
nextProtos []string
ocspStapling bool
- scts [][]byte
ticketSupported bool
- secureRenegotiation []byte
secureRenegotiationSupported bool
+ secureRenegotiation []byte
alpnProtocol string
-}
+ scts [][]byte
+ supportedVersion uint16
+ serverShare keyShare
+ selectedIdentityPresent bool
+ selectedIdentity uint16
-func (m *serverHelloMsg) equal(i interface{}) bool {
- m1, ok := i.(*serverHelloMsg)
- if !ok {
- return false
- }
-
- if len(m.scts) != len(m1.scts) {
- return false
- }
- for i, sct := range m.scts {
- if !bytes.Equal(sct, m1.scts[i]) {
- return false
- }
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- m.vers == m1.vers &&
- bytes.Equal(m.random, m1.random) &&
- bytes.Equal(m.sessionId, m1.sessionId) &&
- m.cipherSuite == m1.cipherSuite &&
- m.compressionMethod == m1.compressionMethod &&
- m.nextProtoNeg == m1.nextProtoNeg &&
- eqStrings(m.nextProtos, m1.nextProtos) &&
- m.ocspStapling == m1.ocspStapling &&
- m.ticketSupported == m1.ticketSupported &&
- m.secureRenegotiationSupported == m1.secureRenegotiationSupported &&
- bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
- m.alpnProtocol == m1.alpnProtocol
+ // HelloRetryRequest extensions
+ cookie []byte
+ selectedGroup CurveID
}
func (m *serverHelloMsg) marshal() []byte {
@@ -555,280 +627,589 @@
return m.raw
}
- length := 38 + len(m.sessionId)
- numExtensions := 0
- extensionsLength := 0
+ var b cryptobyte.Builder
+ b.AddUint8(typeServerHello)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16(m.vers)
+ addBytesWithLength(b, m.random, 32)
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.sessionId)
+ })
+ b.AddUint16(m.cipherSuite)
+ b.AddUint8(m.compressionMethod)
- nextProtoLen := 0
- if m.nextProtoNeg {
- numExtensions++
- for _, v := range m.nextProtos {
- nextProtoLen += len(v)
- }
- nextProtoLen += len(m.nextProtos)
- extensionsLength += nextProtoLen
- }
- if m.ocspStapling {
- numExtensions++
- }
- if m.ticketSupported {
- numExtensions++
- }
- if m.secureRenegotiationSupported {
- extensionsLength += 1 + len(m.secureRenegotiation)
- numExtensions++
- }
- if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
- if alpnLen >= 256 {
- panic("invalid ALPN protocol")
- }
- extensionsLength += 2 + 1 + alpnLen
- numExtensions++
- }
- sctLen := 0
- if len(m.scts) > 0 {
- for _, sct := range m.scts {
- sctLen += len(sct) + 2
- }
- extensionsLength += 2 + sctLen
- numExtensions++
- }
+ // If extensions aren't present, omit them.
+ var extensionsPresent bool
+ bWithoutExtensions := *b
- if numExtensions > 0 {
- extensionsLength += 4 * numExtensions
- length += 2 + extensionsLength
- }
-
- x := make([]byte, 4+length)
- x[0] = typeServerHello
- x[1] = uint8(length >> 16)
- x[2] = uint8(length >> 8)
- x[3] = uint8(length)
- x[4] = uint8(m.vers >> 8)
- x[5] = uint8(m.vers)
- copy(x[6:38], m.random)
- x[38] = uint8(len(m.sessionId))
- copy(x[39:39+len(m.sessionId)], m.sessionId)
- z := x[39+len(m.sessionId):]
- z[0] = uint8(m.cipherSuite >> 8)
- z[1] = uint8(m.cipherSuite)
- z[2] = m.compressionMethod
-
- z = z[3:]
- if numExtensions > 0 {
- z[0] = byte(extensionsLength >> 8)
- z[1] = byte(extensionsLength)
- z = z[2:]
- }
- if m.nextProtoNeg {
- z[0] = byte(extensionNextProtoNeg >> 8)
- z[1] = byte(extensionNextProtoNeg & 0xff)
- z[2] = byte(nextProtoLen >> 8)
- z[3] = byte(nextProtoLen)
- z = z[4:]
-
- for _, v := range m.nextProtos {
- l := len(v)
- if l > 255 {
- l = 255
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ if m.nextProtoNeg {
+ b.AddUint16(extensionNextProtoNeg)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, proto := range m.nextProtos {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes([]byte(proto))
+ })
+ }
+ })
}
- z[0] = byte(l)
- copy(z[1:], []byte(v[0:l]))
- z = z[1+l:]
+ if m.ocspStapling {
+ b.AddUint16(extensionStatusRequest)
+ b.AddUint16(0) // empty extension_data
+ }
+ if m.ticketSupported {
+ b.AddUint16(extensionSessionTicket)
+ b.AddUint16(0) // empty extension_data
+ }
+ if m.secureRenegotiationSupported {
+ b.AddUint16(extensionRenegotiationInfo)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.secureRenegotiation)
+ })
+ })
+ }
+ if len(m.alpnProtocol) > 0 {
+ b.AddUint16(extensionALPN)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes([]byte(m.alpnProtocol))
+ })
+ })
+ })
+ }
+ if len(m.scts) > 0 {
+ b.AddUint16(extensionSCT)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, sct := range m.scts {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(sct)
+ })
+ }
+ })
+ })
+ }
+ if m.supportedVersion != 0 {
+ b.AddUint16(extensionSupportedVersions)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16(m.supportedVersion)
+ })
+ }
+ if m.serverShare.group != 0 {
+ b.AddUint16(extensionKeyShare)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16(uint16(m.serverShare.group))
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.serverShare.data)
+ })
+ })
+ }
+ if m.selectedIdentityPresent {
+ b.AddUint16(extensionPreSharedKey)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16(m.selectedIdentity)
+ })
+ }
+
+ if len(m.cookie) > 0 {
+ b.AddUint16(extensionCookie)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.cookie)
+ })
+ })
+ }
+ if m.selectedGroup != 0 {
+ b.AddUint16(extensionKeyShare)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16(uint16(m.selectedGroup))
+ })
+ }
+
+ extensionsPresent = len(b.BytesOrPanic()) > 2
+ })
+
+ if !extensionsPresent {
+ *b = bWithoutExtensions
}
- }
- if m.ocspStapling {
- z[0] = byte(extensionStatusRequest >> 8)
- z[1] = byte(extensionStatusRequest)
- z = z[4:]
- }
- if m.ticketSupported {
- z[0] = byte(extensionSessionTicket >> 8)
- z[1] = byte(extensionSessionTicket)
- z = z[4:]
- }
- if m.secureRenegotiationSupported {
- z[0] = byte(extensionRenegotiationInfo >> 8)
- z[1] = byte(extensionRenegotiationInfo & 0xff)
- z[2] = 0
- z[3] = byte(len(m.secureRenegotiation) + 1)
- z[4] = byte(len(m.secureRenegotiation))
- z = z[5:]
- copy(z, m.secureRenegotiation)
- z = z[len(m.secureRenegotiation):]
- }
- if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
- z[0] = byte(extensionALPN >> 8)
- z[1] = byte(extensionALPN & 0xff)
- l := 2 + 1 + alpnLen
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- l -= 2
- z[4] = byte(l >> 8)
- z[5] = byte(l)
- l -= 1
- z[6] = byte(l)
- copy(z[7:], []byte(m.alpnProtocol))
- z = z[7+alpnLen:]
- }
- if sctLen > 0 {
- z[0] = byte(extensionSCT >> 8)
- z[1] = byte(extensionSCT)
- l := sctLen + 2
- z[2] = byte(l >> 8)
- z[3] = byte(l)
- z[4] = byte(sctLen >> 8)
- z[5] = byte(sctLen)
+ })
- z = z[6:]
- for _, sct := range m.scts {
- z[0] = byte(len(sct) >> 8)
- z[1] = byte(len(sct))
- copy(z[2:], sct)
- z = z[len(sct)+2:]
- }
- }
-
- m.raw = x
-
- return x
+ m.raw = b.BytesOrPanic()
+ return m.raw
}
func (m *serverHelloMsg) unmarshal(data []byte) bool {
- if len(data) < 42 {
- return false
- }
- m.raw = data
- m.vers = uint16(data[4])<<8 | uint16(data[5])
- m.random = data[6:38]
- sessionIdLen := int(data[38])
- if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
- return false
- }
- m.sessionId = data[39 : 39+sessionIdLen]
- data = data[39+sessionIdLen:]
- if len(data) < 3 {
- return false
- }
- m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
- m.compressionMethod = data[2]
- data = data[3:]
+ *m = serverHelloMsg{raw: data}
+ s := cryptobyte.String(data)
- m.nextProtoNeg = false
- m.nextProtos = nil
- m.ocspStapling = false
- m.scts = nil
- m.ticketSupported = false
- m.alpnProtocol = ""
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint16(&m.vers) || !s.ReadBytes(&m.random, 32) ||
+ !readUint8LengthPrefixed(&s, &m.sessionId) ||
+ !s.ReadUint16(&m.cipherSuite) ||
+ !s.ReadUint8(&m.compressionMethod) {
+ return false
+ }
- if len(data) == 0 {
+ if s.Empty() {
// ServerHello is optionally followed by extension data
return true
}
- if len(data) < 2 {
+
+ var extensions cryptobyte.String
+ if !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() {
return false
}
- extensionsLength := int(data[0])<<8 | int(data[1])
- data = data[2:]
- if len(data) != extensionsLength {
- return false
- }
-
- for len(data) != 0 {
- if len(data) < 4 {
- return false
- }
- extension := uint16(data[0])<<8 | uint16(data[1])
- length := int(data[2])<<8 | int(data[3])
- data = data[4:]
- if len(data) < length {
+ for !extensions.Empty() {
+ var extension uint16
+ var extData cryptobyte.String
+ if !extensions.ReadUint16(&extension) ||
+ !extensions.ReadUint16LengthPrefixed(&extData) {
return false
}
switch extension {
case extensionNextProtoNeg:
m.nextProtoNeg = true
- d := data[:length]
- for len(d) > 0 {
- l := int(d[0])
- d = d[1:]
- if l == 0 || l > len(d) {
+ for !extData.Empty() {
+ var proto cryptobyte.String
+ if !extData.ReadUint8LengthPrefixed(&proto) ||
+ proto.Empty() {
return false
}
- m.nextProtos = append(m.nextProtos, string(d[:l]))
- d = d[l:]
+ m.nextProtos = append(m.nextProtos, string(proto))
}
case extensionStatusRequest:
- if length > 0 {
- return false
- }
m.ocspStapling = true
case extensionSessionTicket:
- if length > 0 {
- return false
- }
m.ticketSupported = true
case extensionRenegotiationInfo:
- if length == 0 {
+ if !readUint8LengthPrefixed(&extData, &m.secureRenegotiation) {
return false
}
- d := data[:length]
- l := int(d[0])
- d = d[1:]
- if l != len(d) {
- return false
- }
-
- m.secureRenegotiation = d
m.secureRenegotiationSupported = true
case extensionALPN:
- d := data[:length]
- if len(d) < 3 {
+ var protoList cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&protoList) || protoList.Empty() {
return false
}
- l := int(d[0])<<8 | int(d[1])
- if l != len(d)-2 {
+ var proto cryptobyte.String
+ if !protoList.ReadUint8LengthPrefixed(&proto) ||
+ proto.Empty() || !protoList.Empty() {
return false
}
- d = d[2:]
- l = int(d[0])
- if l != len(d)-1 {
- return false
- }
- d = d[1:]
- if len(d) == 0 {
- // ALPN protocols must not be empty.
- return false
- }
- m.alpnProtocol = string(d)
+ m.alpnProtocol = string(proto)
case extensionSCT:
- d := data[:length]
-
- if len(d) < 2 {
+ var sctList cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&sctList) || sctList.Empty() {
return false
}
- l := int(d[0])<<8 | int(d[1])
- d = d[2:]
- if len(d) != l || l == 0 {
+ for !sctList.Empty() {
+ var sct []byte
+ if !readUint16LengthPrefixed(&sctList, &sct) ||
+ len(sct) == 0 {
+ return false
+ }
+ m.scts = append(m.scts, sct)
+ }
+ case extensionSupportedVersions:
+ if !extData.ReadUint16(&m.supportedVersion) {
return false
}
-
- m.scts = make([][]byte, 0, 3)
- for len(d) != 0 {
- if len(d) < 2 {
- return false
- }
- sctLen := int(d[0])<<8 | int(d[1])
- d = d[2:]
- if sctLen == 0 || len(d) < sctLen {
- return false
- }
- m.scts = append(m.scts, d[:sctLen])
- d = d[sctLen:]
+ case extensionCookie:
+ if !readUint16LengthPrefixed(&extData, &m.cookie) ||
+ len(m.cookie) == 0 {
+ return false
}
+ case extensionKeyShare:
+ // This extension has different formats in SH and HRR, accept either
+ // and let the handshake logic decide. See RFC 8446, Section 4.2.8.
+ if len(extData) == 2 {
+ if !extData.ReadUint16((*uint16)(&m.selectedGroup)) {
+ return false
+ }
+ } else {
+ if !extData.ReadUint16((*uint16)(&m.serverShare.group)) ||
+ !readUint16LengthPrefixed(&extData, &m.serverShare.data) {
+ return false
+ }
+ }
+ case extensionPreSharedKey:
+ m.selectedIdentityPresent = true
+ if !extData.ReadUint16(&m.selectedIdentity) {
+ return false
+ }
+ default:
+ // Ignore unknown extensions.
+ continue
}
- data = data[length:]
+
+ if !extData.Empty() {
+ return false
+ }
+ }
+
+ return true
+}
+
+type encryptedExtensionsMsg struct {
+ raw []byte
+ alpnProtocol string
+}
+
+func (m *encryptedExtensionsMsg) marshal() []byte {
+ if m.raw != nil {
+ return m.raw
+ }
+
+ var b cryptobyte.Builder
+ b.AddUint8(typeEncryptedExtensions)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ if len(m.alpnProtocol) > 0 {
+ b.AddUint16(extensionALPN)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes([]byte(m.alpnProtocol))
+ })
+ })
+ })
+ }
+ })
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
+}
+
+func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool {
+ *m = encryptedExtensionsMsg{raw: data}
+ s := cryptobyte.String(data)
+
+ var extensions cryptobyte.String
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() {
+ return false
+ }
+
+ for !extensions.Empty() {
+ var extension uint16
+ var extData cryptobyte.String
+ if !extensions.ReadUint16(&extension) ||
+ !extensions.ReadUint16LengthPrefixed(&extData) {
+ return false
+ }
+
+ switch extension {
+ case extensionALPN:
+ var protoList cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&protoList) || protoList.Empty() {
+ return false
+ }
+ var proto cryptobyte.String
+ if !protoList.ReadUint8LengthPrefixed(&proto) ||
+ proto.Empty() || !protoList.Empty() {
+ return false
+ }
+ m.alpnProtocol = string(proto)
+ default:
+ // Ignore unknown extensions.
+ continue
+ }
+
+ if !extData.Empty() {
+ return false
+ }
+ }
+
+ return true
+}
+
+type endOfEarlyDataMsg struct{}
+
+func (m *endOfEarlyDataMsg) marshal() []byte {
+ x := make([]byte, 4)
+ x[0] = typeEndOfEarlyData
+ return x
+}
+
+func (m *endOfEarlyDataMsg) unmarshal(data []byte) bool {
+ return len(data) == 4
+}
+
+type keyUpdateMsg struct {
+ raw []byte
+ updateRequested bool
+}
+
+func (m *keyUpdateMsg) marshal() []byte {
+ if m.raw != nil {
+ return m.raw
+ }
+
+ var b cryptobyte.Builder
+ b.AddUint8(typeKeyUpdate)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ if m.updateRequested {
+ b.AddUint8(1)
+ } else {
+ b.AddUint8(0)
+ }
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
+}
+
+func (m *keyUpdateMsg) unmarshal(data []byte) bool {
+ m.raw = data
+ s := cryptobyte.String(data)
+
+ var updateRequested uint8
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint8(&updateRequested) || !s.Empty() {
+ return false
+ }
+ switch updateRequested {
+ case 0:
+ m.updateRequested = false
+ case 1:
+ m.updateRequested = true
+ default:
+ return false
+ }
+ return true
+}
+
+type newSessionTicketMsgTLS13 struct {
+ raw []byte
+ lifetime uint32
+ ageAdd uint32
+ nonce []byte
+ label []byte
+ maxEarlyData uint32
+}
+
+func (m *newSessionTicketMsgTLS13) marshal() []byte {
+ if m.raw != nil {
+ return m.raw
+ }
+
+ var b cryptobyte.Builder
+ b.AddUint8(typeNewSessionTicket)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint32(m.lifetime)
+ b.AddUint32(m.ageAdd)
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.nonce)
+ })
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.label)
+ })
+
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ if m.maxEarlyData > 0 {
+ b.AddUint16(extensionEarlyData)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint32(m.maxEarlyData)
+ })
+ }
+ })
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
+}
+
+func (m *newSessionTicketMsgTLS13) unmarshal(data []byte) bool {
+ *m = newSessionTicketMsgTLS13{raw: data}
+ s := cryptobyte.String(data)
+
+ var extensions cryptobyte.String
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint32(&m.lifetime) ||
+ !s.ReadUint32(&m.ageAdd) ||
+ !readUint8LengthPrefixed(&s, &m.nonce) ||
+ !readUint16LengthPrefixed(&s, &m.label) ||
+ !s.ReadUint16LengthPrefixed(&extensions) ||
+ !s.Empty() {
+ return false
+ }
+
+ for !extensions.Empty() {
+ var extension uint16
+ var extData cryptobyte.String
+ if !extensions.ReadUint16(&extension) ||
+ !extensions.ReadUint16LengthPrefixed(&extData) {
+ return false
+ }
+
+ switch extension {
+ case extensionEarlyData:
+ if !extData.ReadUint32(&m.maxEarlyData) {
+ return false
+ }
+ default:
+ // Ignore unknown extensions.
+ continue
+ }
+
+ if !extData.Empty() {
+ return false
+ }
+ }
+
+ return true
+}
+
+type certificateRequestMsgTLS13 struct {
+ raw []byte
+ ocspStapling bool
+ scts bool
+ supportedSignatureAlgorithms []SignatureScheme
+ supportedSignatureAlgorithmsCert []SignatureScheme
+ certificateAuthorities [][]byte
+}
+
+func (m *certificateRequestMsgTLS13) marshal() []byte {
+ if m.raw != nil {
+ return m.raw
+ }
+
+ var b cryptobyte.Builder
+ b.AddUint8(typeCertificateRequest)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ // certificate_request_context (SHALL be zero length unless used for
+ // post-handshake authentication)
+ b.AddUint8(0)
+
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ if m.ocspStapling {
+ b.AddUint16(extensionStatusRequest)
+ b.AddUint16(0) // empty extension_data
+ }
+ if m.scts {
+ // RFC 8446, Section 4.4.2.1 makes no mention of
+ // signed_certificate_timestamp in CertificateRequest, but
+ // "Extensions in the Certificate message from the client MUST
+ // correspond to extensions in the CertificateRequest message
+ // from the server." and it appears in the table in Section 4.2.
+ b.AddUint16(extensionSCT)
+ b.AddUint16(0) // empty extension_data
+ }
+ if len(m.supportedSignatureAlgorithms) > 0 {
+ b.AddUint16(extensionSignatureAlgorithms)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, sigAlgo := range m.supportedSignatureAlgorithms {
+ b.AddUint16(uint16(sigAlgo))
+ }
+ })
+ })
+ }
+ if len(m.supportedSignatureAlgorithmsCert) > 0 {
+ b.AddUint16(extensionSignatureAlgorithmsCert)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, sigAlgo := range m.supportedSignatureAlgorithmsCert {
+ b.AddUint16(uint16(sigAlgo))
+ }
+ })
+ })
+ }
+ if len(m.certificateAuthorities) > 0 {
+ b.AddUint16(extensionCertificateAuthorities)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, ca := range m.certificateAuthorities {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(ca)
+ })
+ }
+ })
+ })
+ }
+ })
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
+}
+
+func (m *certificateRequestMsgTLS13) unmarshal(data []byte) bool {
+ *m = certificateRequestMsgTLS13{raw: data}
+ s := cryptobyte.String(data)
+
+ var context, extensions cryptobyte.String
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint8LengthPrefixed(&context) || !context.Empty() ||
+ !s.ReadUint16LengthPrefixed(&extensions) ||
+ !s.Empty() {
+ return false
+ }
+
+ for !extensions.Empty() {
+ var extension uint16
+ var extData cryptobyte.String
+ if !extensions.ReadUint16(&extension) ||
+ !extensions.ReadUint16LengthPrefixed(&extData) {
+ return false
+ }
+
+ switch extension {
+ case extensionStatusRequest:
+ m.ocspStapling = true
+ case extensionSCT:
+ m.scts = true
+ case extensionSignatureAlgorithms:
+ var sigAndAlgs cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() {
+ return false
+ }
+ for !sigAndAlgs.Empty() {
+ var sigAndAlg uint16
+ if !sigAndAlgs.ReadUint16(&sigAndAlg) {
+ return false
+ }
+ m.supportedSignatureAlgorithms = append(
+ m.supportedSignatureAlgorithms, SignatureScheme(sigAndAlg))
+ }
+ case extensionSignatureAlgorithmsCert:
+ var sigAndAlgs cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&sigAndAlgs) || sigAndAlgs.Empty() {
+ return false
+ }
+ for !sigAndAlgs.Empty() {
+ var sigAndAlg uint16
+ if !sigAndAlgs.ReadUint16(&sigAndAlg) {
+ return false
+ }
+ m.supportedSignatureAlgorithmsCert = append(
+ m.supportedSignatureAlgorithmsCert, SignatureScheme(sigAndAlg))
+ }
+ case extensionCertificateAuthorities:
+ var auths cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&auths) || auths.Empty() {
+ return false
+ }
+ for !auths.Empty() {
+ var ca []byte
+ if !readUint16LengthPrefixed(&auths, &ca) || len(ca) == 0 {
+ return false
+ }
+ m.certificateAuthorities = append(m.certificateAuthorities, ca)
+ }
+ default:
+ // Ignore unknown extensions.
+ continue
+ }
+
+ if !extData.Empty() {
+ return false
+ }
}
return true
@@ -839,16 +1220,6 @@
certificates [][]byte
}
-func (m *certificateMsg) equal(i interface{}) bool {
- m1, ok := i.(*certificateMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- eqByteSlices(m.certificates, m1.certificates)
-}
-
func (m *certificateMsg) marshal() (x []byte) {
if m.raw != nil {
return m.raw
@@ -921,19 +1292,155 @@
return true
}
-type serverKeyExchangeMsg struct {
- raw []byte
- key []byte
+type certificateMsgTLS13 struct {
+ raw []byte
+ certificate Certificate
+ ocspStapling bool
+ scts bool
}
-func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
- m1, ok := i.(*serverKeyExchangeMsg)
- if !ok {
+func (m *certificateMsgTLS13) marshal() []byte {
+ if m.raw != nil {
+ return m.raw
+ }
+
+ var b cryptobyte.Builder
+ b.AddUint8(typeCertificate)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8(0) // certificate_request_context
+
+ certificate := m.certificate
+ if !m.ocspStapling {
+ certificate.OCSPStaple = nil
+ }
+ if !m.scts {
+ certificate.SignedCertificateTimestamps = nil
+ }
+ marshalCertificate(b, certificate)
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
+}
+
+func marshalCertificate(b *cryptobyte.Builder, certificate Certificate) {
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ for i, cert := range certificate.Certificate {
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(cert)
+ })
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ if i > 0 {
+ // This library only supports OCSP and SCT for leaf certificates.
+ return
+ }
+ if certificate.OCSPStaple != nil {
+ b.AddUint16(extensionStatusRequest)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8(statusTypeOCSP)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(certificate.OCSPStaple)
+ })
+ })
+ }
+ if certificate.SignedCertificateTimestamps != nil {
+ b.AddUint16(extensionSCT)
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ for _, sct := range certificate.SignedCertificateTimestamps {
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(sct)
+ })
+ }
+ })
+ })
+ }
+ })
+ }
+ })
+}
+
+func (m *certificateMsgTLS13) unmarshal(data []byte) bool {
+ *m = certificateMsgTLS13{raw: data}
+ s := cryptobyte.String(data)
+
+ var context cryptobyte.String
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint8LengthPrefixed(&context) || !context.Empty() ||
+ !unmarshalCertificate(&s, &m.certificate) ||
+ !s.Empty() {
return false
}
- return bytes.Equal(m.raw, m1.raw) &&
- bytes.Equal(m.key, m1.key)
+ m.scts = m.certificate.SignedCertificateTimestamps != nil
+ m.ocspStapling = m.certificate.OCSPStaple != nil
+
+ return true
+}
+
+func unmarshalCertificate(s *cryptobyte.String, certificate *Certificate) bool {
+ var certList cryptobyte.String
+ if !s.ReadUint24LengthPrefixed(&certList) {
+ return false
+ }
+ for !certList.Empty() {
+ var cert []byte
+ var extensions cryptobyte.String
+ if !readUint24LengthPrefixed(&certList, &cert) ||
+ !certList.ReadUint16LengthPrefixed(&extensions) {
+ return false
+ }
+ certificate.Certificate = append(certificate.Certificate, cert)
+ for !extensions.Empty() {
+ var extension uint16
+ var extData cryptobyte.String
+ if !extensions.ReadUint16(&extension) ||
+ !extensions.ReadUint16LengthPrefixed(&extData) {
+ return false
+ }
+ if len(certificate.Certificate) > 1 {
+ // This library only supports OCSP and SCT for leaf certificates.
+ continue
+ }
+
+ switch extension {
+ case extensionStatusRequest:
+ var statusType uint8
+ if !extData.ReadUint8(&statusType) || statusType != statusTypeOCSP ||
+ !readUint24LengthPrefixed(&extData, &certificate.OCSPStaple) ||
+ len(certificate.OCSPStaple) == 0 {
+ return false
+ }
+ case extensionSCT:
+ var sctList cryptobyte.String
+ if !extData.ReadUint16LengthPrefixed(&sctList) || sctList.Empty() {
+ return false
+ }
+ for !sctList.Empty() {
+ var sct []byte
+ if !readUint16LengthPrefixed(&sctList, &sct) ||
+ len(sct) == 0 {
+ return false
+ }
+ certificate.SignedCertificateTimestamps = append(
+ certificate.SignedCertificateTimestamps, sct)
+ }
+ default:
+ // Ignore unknown extensions.
+ continue
+ }
+
+ if !extData.Empty() {
+ return false
+ }
+ }
+ }
+ return true
+}
+
+type serverKeyExchangeMsg struct {
+ raw []byte
+ key []byte
}
func (m *serverKeyExchangeMsg) marshal() []byte {
@@ -962,20 +1469,8 @@
}
type certificateStatusMsg struct {
- raw []byte
- statusType uint8
- response []byte
-}
-
-func (m *certificateStatusMsg) equal(i interface{}) bool {
- m1, ok := i.(*certificateStatusMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- m.statusType == m1.statusType &&
- bytes.Equal(m.response, m1.response)
+ raw []byte
+ response []byte
}
func (m *certificateStatusMsg) marshal() []byte {
@@ -983,57 +1478,35 @@
return m.raw
}
- var x []byte
- if m.statusType == statusTypeOCSP {
- x = make([]byte, 4+4+len(m.response))
- x[0] = typeCertificateStatus
- l := len(m.response) + 4
- x[1] = byte(l >> 16)
- x[2] = byte(l >> 8)
- x[3] = byte(l)
- x[4] = statusTypeOCSP
+ var b cryptobyte.Builder
+ b.AddUint8(typeCertificateStatus)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddUint8(statusTypeOCSP)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.response)
+ })
+ })
- l -= 4
- x[5] = byte(l >> 16)
- x[6] = byte(l >> 8)
- x[7] = byte(l)
- copy(x[8:], m.response)
- } else {
- x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
- }
-
- m.raw = x
- return x
+ m.raw = b.BytesOrPanic()
+ return m.raw
}
func (m *certificateStatusMsg) unmarshal(data []byte) bool {
m.raw = data
- if len(data) < 5 {
- return false
- }
- m.statusType = data[4]
+ s := cryptobyte.String(data)
- m.response = nil
- if m.statusType == statusTypeOCSP {
- if len(data) < 8 {
- return false
- }
- respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
- if uint32(len(data)) != 4+4+respLen {
- return false
- }
- m.response = data[8:]
+ var statusType uint8
+ if !s.Skip(4) || // message type and uint24 length field
+ !s.ReadUint8(&statusType) || statusType != statusTypeOCSP ||
+ !readUint24LengthPrefixed(&s, &m.response) ||
+ len(m.response) == 0 || !s.Empty() {
+ return false
}
return true
}
type serverHelloDoneMsg struct{}
-func (m *serverHelloDoneMsg) equal(i interface{}) bool {
- _, ok := i.(*serverHelloDoneMsg)
- return ok
-}
-
func (m *serverHelloDoneMsg) marshal() []byte {
x := make([]byte, 4)
x[0] = typeServerHelloDone
@@ -1049,16 +1522,6 @@
ciphertext []byte
}
-func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
- m1, ok := i.(*clientKeyExchangeMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- bytes.Equal(m.ciphertext, m1.ciphertext)
-}
-
func (m *clientKeyExchangeMsg) marshal() []byte {
if m.raw != nil {
return m.raw
@@ -1093,36 +1556,27 @@
verifyData []byte
}
-func (m *finishedMsg) equal(i interface{}) bool {
- m1, ok := i.(*finishedMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- bytes.Equal(m.verifyData, m1.verifyData)
-}
-
-func (m *finishedMsg) marshal() (x []byte) {
+func (m *finishedMsg) marshal() []byte {
if m.raw != nil {
return m.raw
}
- x = make([]byte, 4+len(m.verifyData))
- x[0] = typeFinished
- x[3] = byte(len(m.verifyData))
- copy(x[4:], m.verifyData)
- m.raw = x
- return
+ var b cryptobyte.Builder
+ b.AddUint8(typeFinished)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.verifyData)
+ })
+
+ m.raw = b.BytesOrPanic()
+ return m.raw
}
func (m *finishedMsg) unmarshal(data []byte) bool {
m.raw = data
- if len(data) < 4 {
- return false
- }
- m.verifyData = data[4:]
- return true
+ s := cryptobyte.String(data)
+ return s.Skip(1) &&
+ readUint24LengthPrefixed(&s, &m.verifyData) &&
+ s.Empty()
}
type nextProtoMsg struct {
@@ -1130,16 +1584,6 @@
proto string
}
-func (m *nextProtoMsg) equal(i interface{}) bool {
- m1, ok := i.(*nextProtoMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- m.proto == m1.proto
-}
-
func (m *nextProtoMsg) marshal() []byte {
if m.raw != nil {
return m.raw
@@ -1197,34 +1641,21 @@
type certificateRequestMsg struct {
raw []byte
- // hasSignatureAndHash indicates whether this message includes a list
- // of signature and hash functions. This change was introduced with TLS
- // 1.2.
- hasSignatureAndHash bool
+ // hasSignatureAlgorithm indicates whether this message includes a list of
+ // supported signature algorithms. This change was introduced with TLS 1.2.
+ hasSignatureAlgorithm bool
certificateTypes []byte
supportedSignatureAlgorithms []SignatureScheme
certificateAuthorities [][]byte
}
-func (m *certificateRequestMsg) equal(i interface{}) bool {
- m1, ok := i.(*certificateRequestMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
- eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
- eqSignatureAlgorithms(m.supportedSignatureAlgorithms, m1.supportedSignatureAlgorithms)
-}
-
func (m *certificateRequestMsg) marshal() (x []byte) {
if m.raw != nil {
return m.raw
}
- // See https://tools.ietf.org/html/rfc4346#section-7.4.4
+ // See RFC 4346, Section 7.4.4.
length := 1 + len(m.certificateTypes) + 2
casLength := 0
for _, ca := range m.certificateAuthorities {
@@ -1232,7 +1663,7 @@
}
length += casLength
- if m.hasSignatureAndHash {
+ if m.hasSignatureAlgorithm {
length += 2 + 2*len(m.supportedSignatureAlgorithms)
}
@@ -1247,7 +1678,7 @@
copy(x[5:], m.certificateTypes)
y := x[5+len(m.certificateTypes):]
- if m.hasSignatureAndHash {
+ if m.hasSignatureAlgorithm {
n := len(m.supportedSignatureAlgorithms) * 2
y[0] = uint8(n >> 8)
y[1] = uint8(n)
@@ -1299,7 +1730,7 @@
data = data[numCertTypes:]
- if m.hasSignatureAndHash {
+ if m.hasSignatureAlgorithm {
if len(data) < 2 {
return false
}
@@ -1351,22 +1782,10 @@
}
type certificateVerifyMsg struct {
- raw []byte
- hasSignatureAndHash bool
- signatureAlgorithm SignatureScheme
- signature []byte
-}
-
-func (m *certificateVerifyMsg) equal(i interface{}) bool {
- m1, ok := i.(*certificateVerifyMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- m.hasSignatureAndHash == m1.hasSignatureAndHash &&
- m.signatureAlgorithm == m1.signatureAlgorithm &&
- bytes.Equal(m.signature, m1.signature)
+ raw []byte
+ hasSignatureAlgorithm bool // format change introduced in TLS 1.2
+ signatureAlgorithm SignatureScheme
+ signature []byte
}
func (m *certificateVerifyMsg) marshal() (x []byte) {
@@ -1374,62 +1793,34 @@
return m.raw
}
- // See https://tools.ietf.org/html/rfc4346#section-7.4.8
- siglength := len(m.signature)
- length := 2 + siglength
- if m.hasSignatureAndHash {
- length += 2
- }
- x = make([]byte, 4+length)
- x[0] = typeCertificateVerify
- x[1] = uint8(length >> 16)
- x[2] = uint8(length >> 8)
- x[3] = uint8(length)
- y := x[4:]
- if m.hasSignatureAndHash {
- y[0] = uint8(m.signatureAlgorithm >> 8)
- y[1] = uint8(m.signatureAlgorithm)
- y = y[2:]
- }
- y[0] = uint8(siglength >> 8)
- y[1] = uint8(siglength)
- copy(y[2:], m.signature)
+ var b cryptobyte.Builder
+ b.AddUint8(typeCertificateVerify)
+ b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
+ if m.hasSignatureAlgorithm {
+ b.AddUint16(uint16(m.signatureAlgorithm))
+ }
+ b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.signature)
+ })
+ })
- m.raw = x
-
- return
+ m.raw = b.BytesOrPanic()
+ return m.raw
}
func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
m.raw = data
+ s := cryptobyte.String(data)
- if len(data) < 6 {
+ if !s.Skip(4) { // message type and uint24 length field
return false
}
-
- length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
- if uint32(len(data))-4 != length {
- return false
+ if m.hasSignatureAlgorithm {
+ if !s.ReadUint16((*uint16)(&m.signatureAlgorithm)) {
+ return false
+ }
}
-
- data = data[4:]
- if m.hasSignatureAndHash {
- m.signatureAlgorithm = SignatureScheme(data[0])<<8 | SignatureScheme(data[1])
- data = data[2:]
- }
-
- if len(data) < 2 {
- return false
- }
- siglength := int(data[0])<<8 + int(data[1])
- data = data[2:]
- if len(data) != siglength {
- return false
- }
-
- m.signature = data
-
- return true
+ return readUint16LengthPrefixed(&s, &m.signature) && s.Empty()
}
type newSessionTicketMsg struct {
@@ -1437,22 +1828,12 @@
ticket []byte
}
-func (m *newSessionTicketMsg) equal(i interface{}) bool {
- m1, ok := i.(*newSessionTicketMsg)
- if !ok {
- return false
- }
-
- return bytes.Equal(m.raw, m1.raw) &&
- bytes.Equal(m.ticket, m1.ticket)
-}
-
func (m *newSessionTicketMsg) marshal() (x []byte) {
if m.raw != nil {
return m.raw
}
- // See https://tools.ietf.org/html/rfc5077#section-3.3
+ // See RFC 5077, Section 3.3.
ticketLen := len(m.ticket)
length := 2 + 4 + ticketLen
x = make([]byte, 4+length)
@@ -1501,63 +1882,3 @@
func (*helloRequestMsg) unmarshal(data []byte) bool {
return len(data) == 4
}
-
-func eqUint16s(x, y []uint16) bool {
- if len(x) != len(y) {
- return false
- }
- for i, v := range x {
- if y[i] != v {
- return false
- }
- }
- return true
-}
-
-func eqCurveIDs(x, y []CurveID) bool {
- if len(x) != len(y) {
- return false
- }
- for i, v := range x {
- if y[i] != v {
- return false
- }
- }
- return true
-}
-
-func eqStrings(x, y []string) bool {
- if len(x) != len(y) {
- return false
- }
- for i, v := range x {
- if y[i] != v {
- return false
- }
- }
- return true
-}
-
-func eqByteSlices(x, y [][]byte) bool {
- if len(x) != len(y) {
- return false
- }
- for i, v := range x {
- if !bytes.Equal(v, y[i]) {
- return false
- }
- }
- return true
-}
-
-func eqSignatureAlgorithms(x, y []SignatureScheme) bool {
- if len(x) != len(y) {
- return false
- }
- for i, v := range x {
- if v != y[i] {
- return false
- }
- }
- return true
-}
diff --git a/src/crypto/tls/handshake_messages_test.go b/src/crypto/tls/handshake_messages_test.go
index 37eb748..21beb8e 100644
--- a/src/crypto/tls/handshake_messages_test.go
+++ b/src/crypto/tls/handshake_messages_test.go
@@ -11,6 +11,7 @@
"strings"
"testing"
"testing/quick"
+ "time"
)
var tests = []interface{}{
@@ -20,22 +21,25 @@
&certificateMsg{},
&certificateRequestMsg{},
- &certificateVerifyMsg{},
+ &certificateVerifyMsg{
+ hasSignatureAlgorithm: true,
+ },
&certificateStatusMsg{},
&clientKeyExchangeMsg{},
&nextProtoMsg{},
&newSessionTicketMsg{},
&sessionState{},
-}
-
-type testMessage interface {
- marshal() []byte
- unmarshal([]byte) bool
- equal(interface{}) bool
+ &sessionStateTLS13{},
+ &encryptedExtensionsMsg{},
+ &endOfEarlyDataMsg{},
+ &keyUpdateMsg{},
+ &newSessionTicketMsgTLS13{},
+ &certificateRequestMsgTLS13{},
+ &certificateMsgTLS13{},
}
func TestMarshalUnmarshal(t *testing.T) {
- rand := rand.New(rand.NewSource(0))
+ rand := rand.New(rand.NewSource(time.Now().UnixNano()))
for i, iface := range tests {
ty := reflect.ValueOf(iface).Type()
@@ -51,16 +55,16 @@
break
}
- m1 := v.Interface().(testMessage)
+ m1 := v.Interface().(handshakeMessage)
marshaled := m1.marshal()
- m2 := iface.(testMessage)
+ m2 := iface.(handshakeMessage)
if !m2.unmarshal(marshaled) {
t.Errorf("#%d failed to unmarshal %#v %x", i, m1, marshaled)
break
}
m2.marshal() // to fill any marshal cache in the message
- if !m1.equal(m2) {
+ if !reflect.DeepEqual(m1, m2) {
t.Errorf("#%d got:%#v want:%#v %x", i, m2, m1, marshaled)
break
}
@@ -85,7 +89,7 @@
func TestFuzz(t *testing.T) {
rand := rand.New(rand.NewSource(0))
for _, iface := range tests {
- m := iface.(testMessage)
+ m := iface.(handshakeMessage)
for j := 0; j < 1000; j++ {
len := rand.Intn(100)
@@ -136,24 +140,60 @@
m.supportedPoints = randomBytes(rand.Intn(5)+1, rand)
m.supportedCurves = make([]CurveID, rand.Intn(5)+1)
for i := range m.supportedCurves {
- m.supportedCurves[i] = CurveID(rand.Intn(30000))
+ m.supportedCurves[i] = CurveID(rand.Intn(30000) + 1)
}
if rand.Intn(10) > 5 {
m.ticketSupported = true
if rand.Intn(10) > 5 {
m.sessionTicket = randomBytes(rand.Intn(300), rand)
+ } else {
+ m.sessionTicket = make([]byte, 0)
}
}
if rand.Intn(10) > 5 {
m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
}
- m.alpnProtocols = make([]string, rand.Intn(5))
- for i := range m.alpnProtocols {
- m.alpnProtocols[i] = randomString(rand.Intn(20)+1, rand)
+ if rand.Intn(10) > 5 {
+ m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ m.alpnProtocols = append(m.alpnProtocols, randomString(rand.Intn(20)+1, rand))
}
if rand.Intn(10) > 5 {
m.scts = true
}
+ if rand.Intn(10) > 5 {
+ m.secureRenegotiationSupported = true
+ m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ m.supportedVersions = append(m.supportedVersions, uint16(rand.Intn(0xffff)+1))
+ }
+ if rand.Intn(10) > 5 {
+ m.cookie = randomBytes(rand.Intn(500)+1, rand)
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ var ks keyShare
+ ks.group = CurveID(rand.Intn(30000) + 1)
+ ks.data = randomBytes(rand.Intn(200)+1, rand)
+ m.keyShares = append(m.keyShares, ks)
+ }
+ switch rand.Intn(3) {
+ case 1:
+ m.pskModes = []uint8{pskModeDHE}
+ case 2:
+ m.pskModes = []uint8{pskModeDHE, pskModePlain}
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ var psk pskIdentity
+ psk.obfuscatedTicketAge = uint32(rand.Intn(500000))
+ psk.label = randomBytes(rand.Intn(500)+1, rand)
+ m.pskIdentities = append(m.pskIdentities, psk)
+ m.pskBinders = append(m.pskBinders, randomBytes(rand.Intn(50)+32, rand))
+ }
+ if rand.Intn(10) > 5 {
+ m.earlyData = true
+ }
return reflect.ValueOf(m)
}
@@ -168,11 +208,8 @@
if rand.Intn(10) > 5 {
m.nextProtoNeg = true
-
- n := rand.Intn(10)
- m.nextProtos = make([]string, n)
- for i := 0; i < n; i++ {
- m.nextProtos[i] = randomString(20, rand)
+ for i := 0; i < rand.Intn(10); i++ {
+ m.nextProtos = append(m.nextProtos, randomString(20, rand))
}
}
@@ -182,14 +219,45 @@
if rand.Intn(10) > 5 {
m.ticketSupported = true
}
- m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
+ if rand.Intn(10) > 5 {
+ m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
+ }
+
+ for i := 0; i < rand.Intn(4); i++ {
+ m.scts = append(m.scts, randomBytes(rand.Intn(500)+1, rand))
+ }
if rand.Intn(10) > 5 {
- numSCTs := rand.Intn(4)
- m.scts = make([][]byte, numSCTs)
- for i := range m.scts {
- m.scts[i] = randomBytes(rand.Intn(500), rand)
+ m.secureRenegotiationSupported = true
+ m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ m.supportedVersion = uint16(rand.Intn(0xffff) + 1)
+ }
+ if rand.Intn(10) > 5 {
+ m.cookie = randomBytes(rand.Intn(500)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ for i := 0; i < rand.Intn(5); i++ {
+ m.serverShare.group = CurveID(rand.Intn(30000) + 1)
+ m.serverShare.data = randomBytes(rand.Intn(200)+1, rand)
}
+ } else if rand.Intn(10) > 5 {
+ m.selectedGroup = CurveID(rand.Intn(30000) + 1)
+ }
+ if rand.Intn(10) > 5 {
+ m.selectedIdentityPresent = true
+ m.selectedIdentity = uint16(rand.Intn(0xffff))
+ }
+
+ return reflect.ValueOf(m)
+}
+
+func (*encryptedExtensionsMsg) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &encryptedExtensionsMsg{}
+
+ if rand.Intn(10) > 5 {
+ m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
}
return reflect.ValueOf(m)
@@ -208,28 +276,23 @@
func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m := &certificateRequestMsg{}
m.certificateTypes = randomBytes(rand.Intn(5)+1, rand)
- numCAs := rand.Intn(100)
- m.certificateAuthorities = make([][]byte, numCAs)
- for i := 0; i < numCAs; i++ {
- m.certificateAuthorities[i] = randomBytes(rand.Intn(15)+1, rand)
+ for i := 0; i < rand.Intn(100); i++ {
+ m.certificateAuthorities = append(m.certificateAuthorities, randomBytes(rand.Intn(15)+1, rand))
}
return reflect.ValueOf(m)
}
func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m := &certificateVerifyMsg{}
+ m.hasSignatureAlgorithm = true
+ m.signatureAlgorithm = SignatureScheme(rand.Intn(30000))
m.signature = randomBytes(rand.Intn(15)+1, rand)
return reflect.ValueOf(m)
}
func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m := &certificateStatusMsg{}
- if rand.Intn(10) > 5 {
- m.statusType = statusTypeOCSP
- m.response = randomBytes(rand.Intn(10)+1, rand)
- } else {
- m.statusType = 42
- }
+ m.response = randomBytes(rand.Intn(10)+1, rand)
return reflect.ValueOf(m)
}
@@ -270,9 +333,95 @@
return reflect.ValueOf(s)
}
+func (*sessionStateTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ s := &sessionStateTLS13{}
+ s.cipherSuite = uint16(rand.Intn(10000))
+ s.resumptionSecret = randomBytes(rand.Intn(100)+1, rand)
+ s.createdAt = uint64(rand.Int63())
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ s.certificate.Certificate = append(
+ s.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
+ }
+ if rand.Intn(10) > 5 {
+ s.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ s.certificate.SignedCertificateTimestamps = append(
+ s.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
+ }
+ }
+ return reflect.ValueOf(s)
+}
+
+func (*endOfEarlyDataMsg) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &endOfEarlyDataMsg{}
+ return reflect.ValueOf(m)
+}
+
+func (*keyUpdateMsg) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &keyUpdateMsg{}
+ m.updateRequested = rand.Intn(10) > 5
+ return reflect.ValueOf(m)
+}
+
+func (*newSessionTicketMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &newSessionTicketMsgTLS13{}
+ m.lifetime = uint32(rand.Intn(500000))
+ m.ageAdd = uint32(rand.Intn(500000))
+ m.nonce = randomBytes(rand.Intn(100), rand)
+ m.label = randomBytes(rand.Intn(1000), rand)
+ if rand.Intn(10) > 5 {
+ m.maxEarlyData = uint32(rand.Intn(500000))
+ }
+ return reflect.ValueOf(m)
+}
+
+func (*certificateRequestMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &certificateRequestMsgTLS13{}
+ if rand.Intn(10) > 5 {
+ m.ocspStapling = true
+ }
+ if rand.Intn(10) > 5 {
+ m.scts = true
+ }
+ if rand.Intn(10) > 5 {
+ m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+ }
+ if rand.Intn(10) > 5 {
+ m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
+ }
+ if rand.Intn(10) > 5 {
+ m.certificateAuthorities = make([][]byte, 3)
+ for i := 0; i < 3; i++ {
+ m.certificateAuthorities[i] = randomBytes(rand.Intn(10)+1, rand)
+ }
+ }
+ return reflect.ValueOf(m)
+}
+
+func (*certificateMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &certificateMsgTLS13{}
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ m.certificate.Certificate = append(
+ m.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
+ }
+ if rand.Intn(10) > 5 {
+ m.ocspStapling = true
+ m.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ m.scts = true
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ m.certificate.SignedCertificateTimestamps = append(
+ m.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
+ }
+ }
+ return reflect.ValueOf(m)
+}
+
func TestRejectEmptySCTList(t *testing.T) {
- // https://tools.ietf.org/html/rfc6962#section-3.3.1 specifies that
- // empty SCT lists are invalid.
+ // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid.
var random [32]byte
sct := []byte{0x42, 0x42, 0x42, 0x42}
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index ac491ba..4f4b60a 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -19,20 +19,18 @@
// serverHandshakeState contains details of a server handshake in progress.
// It's discarded once the handshake has completed.
type serverHandshakeState struct {
- c *Conn
- clientHello *clientHelloMsg
- hello *serverHelloMsg
- suite *cipherSuite
- ellipticOk bool
- ecdsaOk bool
- rsaDecryptOk bool
- rsaSignOk bool
- sessionState *sessionState
- finishedHash finishedHash
- masterSecret []byte
- certsFromClient [][]byte
- cert *Certificate
- cachedClientHelloInfo *ClientHelloInfo
+ c *Conn
+ clientHello *clientHelloMsg
+ hello *serverHelloMsg
+ suite *cipherSuite
+ ellipticOk bool
+ ecdsaOk bool
+ rsaDecryptOk bool
+ rsaSignOk bool
+ sessionState *sessionState
+ finishedHash finishedHash
+ masterSecret []byte
+ cert *Certificate
}
// serverHandshake performs a TLS handshake as a server.
@@ -41,17 +39,36 @@
// encrypt the tickets with.
c.config.serverInitOnce.Do(func() { c.config.serverInit(nil) })
- hs := serverHandshakeState{
- c: c,
- }
- isResume, err := hs.readClientHello()
+ clientHello, err := c.readClientHello()
if err != nil {
return err
}
- // For an overview of TLS handshaking, see https://tools.ietf.org/html/rfc5246#section-7.3
+ if c.vers == VersionTLS13 {
+ hs := serverHandshakeStateTLS13{
+ c: c,
+ clientHello: clientHello,
+ }
+ return hs.handshake()
+ }
+
+ hs := serverHandshakeState{
+ c: c,
+ clientHello: clientHello,
+ }
+ return hs.handshake()
+}
+
+func (hs *serverHandshakeState) handshake() error {
+ c := hs.c
+
+ if err := hs.processClientHello(); err != nil {
+ return err
+ }
+
+ // For an overview of TLS handshaking, see RFC 5246, Section 7.3.
c.buffering = true
- if isResume {
+ if hs.checkForResumption() {
// The client has included a session ticket and so we do an abbreviated handshake.
if err := hs.doResumeHandshake(); err != nil {
return err
@@ -81,6 +98,9 @@
} else {
// The client didn't include a session ticket, or it wasn't
// valid so we do a full handshake.
+ if err := hs.pickCipherSuite(); err != nil {
+ return err
+ }
if err := hs.doFullHandshake(); err != nil {
return err
}
@@ -109,40 +129,50 @@
return nil
}
-// readClientHello reads a ClientHello message from the client and decides
-// whether we will perform session resumption.
-func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
- c := hs.c
-
+// readClientHello reads a ClientHello message and selects the protocol version.
+func (c *Conn) readClientHello() (*clientHelloMsg, error) {
msg, err := c.readHandshake()
if err != nil {
- return false, err
+ return nil, err
}
- var ok bool
- hs.clientHello, ok = msg.(*clientHelloMsg)
+ clientHello, ok := msg.(*clientHelloMsg)
if !ok {
c.sendAlert(alertUnexpectedMessage)
- return false, unexpectedMessageError(hs.clientHello, msg)
+ return nil, unexpectedMessageError(clientHello, msg)
}
if c.config.GetConfigForClient != nil {
- if newConfig, err := c.config.GetConfigForClient(hs.clientHelloInfo()); err != nil {
+ chi := clientHelloInfo(c, clientHello)
+ if newConfig, err := c.config.GetConfigForClient(chi); err != nil {
c.sendAlert(alertInternalError)
- return false, err
+ return nil, err
} else if newConfig != nil {
newConfig.serverInitOnce.Do(func() { newConfig.serverInit(c.config) })
c.config = newConfig
}
}
- c.vers, ok = c.config.mutualVersion(hs.clientHello.vers)
+ clientVersions := clientHello.supportedVersions
+ if len(clientHello.supportedVersions) == 0 {
+ clientVersions = supportedVersionsFromMax(clientHello.vers)
+ }
+ c.vers, ok = c.config.mutualVersion(false, clientVersions)
if !ok {
c.sendAlert(alertProtocolVersion)
- return false, fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", hs.clientHello.vers)
+ return nil, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions)
}
c.haveVers = true
+ c.in.version = c.vers
+ c.out.version = c.vers
+
+ return clientHello, nil
+}
+
+func (hs *serverHandshakeState) processClientHello() error {
+ c := hs.c
hs.hello = new(serverHelloMsg)
+ hs.hello.vers = c.vers
supportedCurve := false
preferredCurves := c.config.curvePreferences()
@@ -176,20 +206,30 @@
if !foundCompression {
c.sendAlert(alertHandshakeFailure)
- return false, errors.New("tls: client does not support uncompressed connections")
+ return errors.New("tls: client does not support uncompressed connections")
}
- hs.hello.vers = c.vers
hs.hello.random = make([]byte, 32)
- _, err = io.ReadFull(c.config.rand(), hs.hello.random)
+ serverRandom := hs.hello.random
+ // Downgrade protection canaries. See RFC 8446, Section 4.1.3.
+ maxVers := c.config.maxSupportedVersion(false)
+ if maxVers >= VersionTLS12 && c.vers < maxVers {
+ if c.vers == VersionTLS12 {
+ copy(serverRandom[24:], downgradeCanaryTLS12)
+ } else {
+ copy(serverRandom[24:], downgradeCanaryTLS11)
+ }
+ serverRandom = serverRandom[:24]
+ }
+ _, err := io.ReadFull(c.config.rand(), serverRandom)
if err != nil {
c.sendAlert(alertInternalError)
- return false, err
+ return err
}
if len(hs.clientHello.secureRenegotiation) != 0 {
c.sendAlert(alertHandshakeFailure)
- return false, errors.New("tls: initial handshake had non-empty renegotiation extension")
+ return errors.New("tls: initial handshake had non-empty renegotiation extension")
}
hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported
@@ -214,10 +254,10 @@
}
}
- hs.cert, err = c.config.getCertificate(hs.clientHelloInfo())
+ hs.cert, err = c.config.getCertificate(clientHelloInfo(c, hs.clientHello))
if err != nil {
c.sendAlert(alertInternalError)
- return false, err
+ return err
}
if hs.clientHello.scts {
hs.hello.scts = hs.cert.SignedCertificateTimestamps
@@ -231,7 +271,7 @@
hs.rsaSignOk = true
default:
c.sendAlert(alertInternalError)
- return false, fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public())
+ return fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public())
}
}
if priv, ok := hs.cert.PrivateKey.(crypto.Decrypter); ok {
@@ -240,13 +280,15 @@
hs.rsaDecryptOk = true
default:
c.sendAlert(alertInternalError)
- return false, fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public())
+ return fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public())
}
}
- if hs.checkForResumption() {
- return true, nil
- }
+ return nil
+}
+
+func (hs *serverHandshakeState) pickCipherSuite() error {
+ c := hs.c
var preferenceList, supportedList []uint16
if c.config.PreferServerCipherSuites {
@@ -265,22 +307,21 @@
if hs.suite == nil {
c.sendAlert(alertHandshakeFailure)
- return false, errors.New("tls: no cipher suite supported by both client and server")
+ return errors.New("tls: no cipher suite supported by both client and server")
}
- // See https://tools.ietf.org/html/rfc7507.
for _, id := range hs.clientHello.cipherSuites {
if id == TLS_FALLBACK_SCSV {
- // The client is doing a fallback connection.
- if hs.clientHello.vers < c.config.maxVersion() {
+ // The client is doing a fallback connection. See RFC 7507.
+ if hs.clientHello.vers < c.config.maxSupportedVersion(false) {
c.sendAlert(alertInappropriateFallback)
- return false, errors.New("tls: client using inappropriate protocol fallback")
+ return errors.New("tls: client using inappropriate protocol fallback")
}
break
}
}
- return false, nil
+ return nil
}
// checkForResumption reports whether we should perform resumption on this connection.
@@ -291,9 +332,13 @@
return false
}
- var ok bool
- var sessionTicket = append([]uint8{}, hs.clientHello.sessionTicket...)
- if hs.sessionState, ok = c.decryptTicket(sessionTicket); !ok {
+ plaintext, usedOldKey := c.decryptTicket(hs.clientHello.sessionTicket)
+ if plaintext == nil {
+ return false
+ }
+ hs.sessionState = &sessionState{usedOldKey: usedOldKey}
+ ok := hs.sessionState.unmarshal(plaintext)
+ if !ok {
return false
}
@@ -320,7 +365,7 @@
}
sessionHasClientCerts := len(hs.sessionState.certificates) != 0
- needClientCerts := c.config.ClientAuth == RequireAnyClientCert || c.config.ClientAuth == RequireAndVerifyClientCert
+ needClientCerts := requiresClientCert(c.config.ClientAuth)
if needClientCerts && !sessionHasClientCerts {
return false
}
@@ -347,10 +392,10 @@
return err
}
- if len(hs.sessionState.certificates) > 0 {
- if _, err := hs.processCertsFromClient(hs.sessionState.certificates); err != nil {
- return err
- }
+ if err := c.processCertsFromClient(Certificate{
+ Certificate: hs.sessionState.certificates,
+ }); err != nil {
+ return err
}
hs.masterSecret = hs.sessionState.masterSecret
@@ -389,7 +434,6 @@
if hs.hello.ocspStapling {
certStatus := new(certificateStatusMsg)
- certStatus.statusType = statusTypeOCSP
certStatus.response = hs.cert.OCSPStaple
hs.finishedHash.Write(certStatus.marshal())
if _, err := c.writeRecord(recordTypeHandshake, certStatus.marshal()); err != nil {
@@ -418,8 +462,8 @@
byte(certTypeECDSASign),
}
if c.vers >= VersionTLS12 {
- certReq.hasSignatureAndHash = true
- certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+ certReq.hasSignatureAlgorithm = true
+ certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12
}
// An empty list of certificateAuthorities signals to
@@ -453,29 +497,24 @@
return err
}
- var ok bool
// If we requested a client certificate, then the client must send a
// certificate message, even if it's empty.
if c.config.ClientAuth >= RequestClientCert {
- if certMsg, ok = msg.(*certificateMsg); !ok {
+ certMsg, ok := msg.(*certificateMsg)
+ if !ok {
c.sendAlert(alertUnexpectedMessage)
return unexpectedMessageError(certMsg, msg)
}
hs.finishedHash.Write(certMsg.marshal())
- if len(certMsg.certificates) == 0 {
- // The client didn't actually send a certificate
- switch c.config.ClientAuth {
- case RequireAnyClientCert, RequireAndVerifyClientCert:
- c.sendAlert(alertBadCertificate)
- return errors.New("tls: client didn't provide a certificate")
- }
- }
-
- pub, err = hs.processCertsFromClient(certMsg.certificates)
- if err != nil {
+ if err := c.processCertsFromClient(Certificate{
+ Certificate: certMsg.certificates,
+ }); err != nil {
return err
}
+ if len(certMsg.certificates) != 0 {
+ pub = c.peerCertificates[0].PublicKey
+ }
msg, err = c.readHandshake()
if err != nil {
@@ -497,7 +536,7 @@
return err
}
hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random)
- if err := c.config.writeKeyLog(hs.clientHello.random, hs.masterSecret); err != nil {
+ if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil {
c.sendAlert(alertInternalError)
return err
}
@@ -520,7 +559,7 @@
}
// Determine the signature type.
- _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms, c.vers)
+ _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithmsTLS12, c.vers)
if err != nil {
c.sendAlert(alertIllegalParameter)
return err
@@ -571,9 +610,8 @@
func (hs *serverHandshakeState) readFinished(out []byte) error {
c := hs.c
- c.readRecord(recordTypeChangeCipherSpec)
- if c.in.err != nil {
- return c.in.err
+ if err := c.readChangeCipherSpec(); err != nil {
+ return err
}
if hs.hello.nextProtoNeg {
@@ -620,14 +658,18 @@
c := hs.c
m := new(newSessionTicketMsg)
- var err error
+ var certsFromClient [][]byte
+ for _, cert := range c.peerCertificates {
+ certsFromClient = append(certsFromClient, cert.Raw)
+ }
state := sessionState{
vers: c.vers,
cipherSuite: hs.suite.id,
masterSecret: hs.masterSecret,
- certificates: hs.certsFromClient,
+ certificates: certsFromClient,
}
- m.ticket, err = c.encryptTicket(&state)
+ var err error
+ m.ticket, err = c.encryptTicket(state.marshal())
if err != nil {
return err
}
@@ -663,19 +705,22 @@
// processCertsFromClient takes a chain of client certificates either from a
// Certificates message or from a sessionState and verifies them. It returns
// the public key of the leaf certificate.
-func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (crypto.PublicKey, error) {
- c := hs.c
-
- hs.certsFromClient = certificates
+func (c *Conn) processCertsFromClient(certificate Certificate) error {
+ certificates := certificate.Certificate
certs := make([]*x509.Certificate, len(certificates))
var err error
for i, asn1Data := range certificates {
if certs[i], err = x509.ParseCertificate(asn1Data); err != nil {
c.sendAlert(alertBadCertificate)
- return nil, errors.New("tls: failed to parse client certificate: " + err.Error())
+ return errors.New("tls: failed to parse client certificate: " + err.Error())
}
}
+ if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) {
+ c.sendAlert(alertBadCertificate)
+ return errors.New("tls: client didn't provide a certificate")
+ }
+
if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
opts := x509.VerifyOptions{
Roots: c.config.ClientCAs,
@@ -691,7 +736,7 @@
chains, err := certs[0].Verify(opts)
if err != nil {
c.sendAlert(alertBadCertificate)
- return nil, errors.New("tls: failed to verify client's certificate: " + err.Error())
+ return errors.New("tls: failed to verify client's certificate: " + err.Error())
}
c.verifiedChains = chains
@@ -700,24 +745,25 @@
if c.config.VerifyPeerCertificate != nil {
if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil {
c.sendAlert(alertBadCertificate)
- return nil, err
+ return err
}
}
if len(certs) == 0 {
- return nil, nil
+ return nil
}
- var pub crypto.PublicKey
- switch key := certs[0].PublicKey.(type) {
+ switch certs[0].PublicKey.(type) {
case *ecdsa.PublicKey, *rsa.PublicKey:
- pub = key
default:
c.sendAlert(alertUnsupportedCertificate)
- return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
+ return fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
}
+
c.peerCertificates = certs
- return pub, nil
+ c.ocspResponse = certificate.OCSPStaple
+ c.scts = certificate.SignedCertificateTimestamps
+ return nil
}
// setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState
@@ -726,14 +772,7 @@
func (hs *serverHandshakeState) setCipherSuite(id uint16, supportedCipherSuites []uint16, version uint16) bool {
for _, supported := range supportedCipherSuites {
if id == supported {
- var candidate *cipherSuite
-
- for _, s := range cipherSuites {
- if s.id == id {
- candidate = s
- break
- }
- }
+ candidate := cipherSuiteByID(id)
if candidate == nil {
continue
}
@@ -763,31 +802,20 @@
return false
}
-// suppVersArray is the backing array of ClientHelloInfo.SupportedVersions
-var suppVersArray = [...]uint16{VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30}
-
-func (hs *serverHandshakeState) clientHelloInfo() *ClientHelloInfo {
- if hs.cachedClientHelloInfo != nil {
- return hs.cachedClientHelloInfo
+func clientHelloInfo(c *Conn, clientHello *clientHelloMsg) *ClientHelloInfo {
+ supportedVersions := clientHello.supportedVersions
+ if len(clientHello.supportedVersions) == 0 {
+ supportedVersions = supportedVersionsFromMax(clientHello.vers)
}
- var supportedVersions []uint16
- if hs.clientHello.vers > VersionTLS12 {
- supportedVersions = suppVersArray[:]
- } else if hs.clientHello.vers >= VersionSSL30 {
- supportedVersions = suppVersArray[VersionTLS12-hs.clientHello.vers:]
- }
-
- hs.cachedClientHelloInfo = &ClientHelloInfo{
- CipherSuites: hs.clientHello.cipherSuites,
- ServerName: hs.clientHello.serverName,
- SupportedCurves: hs.clientHello.supportedCurves,
- SupportedPoints: hs.clientHello.supportedPoints,
- SignatureSchemes: hs.clientHello.supportedSignatureAlgorithms,
- SupportedProtos: hs.clientHello.alpnProtocols,
+ return &ClientHelloInfo{
+ CipherSuites: clientHello.cipherSuites,
+ ServerName: clientHello.serverName,
+ SupportedCurves: clientHello.supportedCurves,
+ SupportedPoints: clientHello.supportedPoints,
+ SignatureSchemes: clientHello.supportedSignatureAlgorithms,
+ SupportedProtos: clientHello.alpnProtocols,
SupportedVersions: supportedVersions,
- Conn: hs.c.conn,
+ Conn: c.conn,
}
-
- return hs.cachedClientHelloInfo
}
diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index c366f47..c23f98f 100644
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -16,6 +16,7 @@
"errors"
"fmt"
"io"
+ "io/ioutil"
"math/big"
"net"
"os"
@@ -55,7 +56,7 @@
Certificates: make([]Certificate, 2),
InsecureSkipVerify: true,
MinVersion: VersionSSL30,
- MaxVersion: VersionTLS12,
+ MaxVersion: VersionTLS13,
CipherSuites: allCipherSuites(),
}
testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
@@ -63,6 +64,13 @@
testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate}
testConfig.Certificates[1].PrivateKey = testRSAPrivateKey
testConfig.BuildNameToCertificate()
+ if keyFile := os.Getenv("SSLKEYLOGFILE"); keyFile != "" {
+ f, err := os.OpenFile(keyFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+ if err != nil {
+ panic("failed to open SSLKEYLOGFILE: " + err.Error())
+ }
+ testConfig.KeyLogWriter = f
+ }
}
func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) {
@@ -70,10 +78,7 @@
}
func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) {
- // Create in-memory network connection,
- // send message to server. Should return
- // expected error.
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
cli := Client(c, testConfig)
if ch, ok := m.(*clientHelloMsg); ok {
@@ -82,17 +87,25 @@
cli.writeRecord(recordTypeHandshake, m.marshal())
c.Close()
}()
+ conn := Server(s, serverConfig)
+ ch, err := conn.readClientHello()
hs := serverHandshakeState{
- c: Server(s, serverConfig),
+ c: conn,
+ clientHello: ch,
}
- _, err := hs.readClientHello()
+ if err == nil {
+ err = hs.processClientHello()
+ }
+ if err == nil {
+ err = hs.pickCipherSuite()
+ }
s.Close()
if len(expectedSubStr) == 0 {
if err != nil && err != io.EOF {
t.Errorf("Got error: %s; expected to succeed", err)
}
} else if err == nil || !strings.Contains(err.Error(), expectedSubStr) {
- t.Errorf("Got error: %s; expected to match substring '%s'", err, expectedSubStr)
+ t.Errorf("Got error: %v; expected to match substring '%s'", err, expectedSubStr)
}
}
@@ -104,13 +117,22 @@
func TestRejectBadProtocolVersion(t *testing.T) {
for _, v := range badProtocolVersions {
- testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: v}, "unsupported, maximum protocol version")
+ testClientHelloFailure(t, testConfig, &clientHelloMsg{
+ vers: v,
+ random: make([]byte, 32),
+ }, "unsupported versions")
}
+ testClientHelloFailure(t, testConfig, &clientHelloMsg{
+ vers: VersionTLS12,
+ supportedVersions: badProtocolVersions,
+ random: make([]byte, 32),
+ }, "unsupported versions")
}
func TestNoSuiteOverlap(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{0xff00},
compressionMethods: []uint8{compressionNone},
}
@@ -120,6 +142,7 @@
func TestNoCompressionOverlap(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{0xff},
}
@@ -129,6 +152,7 @@
func TestNoRC4ByDefault(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{compressionNone},
}
@@ -140,7 +164,11 @@
}
func TestRejectSNIWithTrailingDot(t *testing.T) {
- testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: VersionTLS12, serverName: "foo.com."}, "unexpected message")
+ testClientHelloFailure(t, testConfig, &clientHelloMsg{
+ vers: VersionTLS12,
+ random: make([]byte, 32),
+ serverName: "foo.com.",
+ }, "unexpected message")
}
func TestDontSelectECDSAWithRSAKey(t *testing.T) {
@@ -148,6 +176,7 @@
// won't be selected if the server's private key doesn't support it.
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
compressionMethods: []uint8{compressionNone},
supportedCurves: []CurveID{CurveP256},
@@ -173,6 +202,7 @@
// won't be selected if the server's private key doesn't support it.
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
compressionMethods: []uint8{compressionNone},
supportedCurves: []CurveID{CurveP256},
@@ -201,25 +231,26 @@
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
}
- var buf []byte
- c, s := net.Pipe()
+ bufChan := make(chan []byte)
+ c, s := localPipe(t)
go func() {
cli := Client(c, testConfig)
cli.vers = clientHello.vers
cli.writeRecord(recordTypeHandshake, clientHello.marshal())
- buf = make([]byte, 1024)
+ buf := make([]byte, 1024)
n, err := c.Read(buf)
if err != nil {
t.Errorf("Server read returned error: %s", err)
return
}
- buf = buf[:n]
c.Close()
+ bufChan <- buf[:n]
}()
Server(s, testConfig).Handshake()
+ buf := <-bufChan
if len(buf) < 5+4 {
t.Fatalf("Server returned short message of length %d", len(buf))
@@ -244,11 +275,9 @@
func TestTLS12OnlyCipherSuites(t *testing.T) {
// Test that a Server doesn't select a TLS 1.2-only cipher suite when
// the client negotiates TLS 1.1.
- var zeros [32]byte
-
clientHello := &clientHelloMsg{
vers: VersionTLS11,
- random: zeros[:],
+ random: make([]byte, 32),
cipherSuites: []uint16{
// The Server, by default, will use the client's
// preference order. So the GCM cipher suite
@@ -262,22 +291,27 @@
supportedPoints: []uint8{pointFormatUncompressed},
}
- c, s := net.Pipe()
- var reply interface{}
- var clientErr error
+ c, s := localPipe(t)
+ replyChan := make(chan interface{})
go func() {
cli := Client(c, testConfig)
cli.vers = clientHello.vers
cli.writeRecord(recordTypeHandshake, clientHello.marshal())
- reply, clientErr = cli.readHandshake()
+ reply, err := cli.readHandshake()
c.Close()
+ if err != nil {
+ replyChan <- err
+ } else {
+ replyChan <- reply
+ }
}()
config := testConfig.Clone()
config.CipherSuites = clientHello.cipherSuites
Server(s, config).Handshake()
s.Close()
- if clientErr != nil {
- t.Fatal(clientErr)
+ reply := <-replyChan
+ if err, ok := reply.(error); ok {
+ t.Fatal(err)
}
serverHello, ok := reply.(*serverHelloMsg)
if !ok {
@@ -289,7 +323,7 @@
}
func TestAlertForwarding(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
Client(c, testConfig).sendAlert(alertUnknownCA)
c.Close()
@@ -303,7 +337,7 @@
}
func TestClose(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go c.Close()
err := Server(s, testConfig).Handshake()
@@ -313,23 +347,43 @@
}
}
-func testHandshake(clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
- c, s := net.Pipe()
- done := make(chan bool)
+func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
+ c, s := localPipe(t)
+ errChan := make(chan error)
go func() {
cli := Client(c, clientConfig)
- cli.Handshake()
+ err := cli.Handshake()
+ if err != nil {
+ errChan <- fmt.Errorf("client: %v", err)
+ c.Close()
+ return
+ }
+ defer cli.Close()
clientState = cli.ConnectionState()
- c.Close()
- done <- true
+ buf, err := ioutil.ReadAll(cli)
+ if err != nil {
+ t.Errorf("failed to call cli.Read: %v", err)
+ }
+ if got := string(buf); got != opensslSentinel {
+ t.Errorf("read %q from TLS connection, but expected %q", got, opensslSentinel)
+ }
+ errChan <- nil
}()
server := Server(s, serverConfig)
err = server.Handshake()
if err == nil {
serverState = server.ConnectionState()
+ if _, err := io.WriteString(server, opensslSentinel); err != nil {
+ t.Errorf("failed to call server.Write: %v", err)
+ }
+ if err := server.Close(); err != nil {
+ t.Errorf("failed to call server.Close: %v", err)
+ }
+ err = <-errChan
+ } else {
+ s.Close()
+ <-errChan
}
- s.Close()
- <-done
return
}
@@ -341,7 +395,7 @@
clientConfig := &Config{
InsecureSkipVerify: true,
}
- state, _, err := testHandshake(clientConfig, serverConfig)
+ state, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -360,7 +414,7 @@
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA},
InsecureSkipVerify: true,
}
- state, _, err := testHandshake(clientConfig, serverConfig)
+ state, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -370,7 +424,7 @@
}
serverConfig.PreferServerCipherSuites = true
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -380,6 +434,11 @@
}
func TestSCTHandshake(t *testing.T) {
+ t.Run("TLSv12", func(t *testing.T) { testSCTHandshake(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testSCTHandshake(t, VersionTLS13) })
+}
+
+func testSCTHandshake(t *testing.T, version uint16) {
expected := [][]byte{[]byte("certificate"), []byte("transparency")}
serverConfig := &Config{
Certificates: []Certificate{{
@@ -387,11 +446,12 @@
PrivateKey: testRSAPrivateKey,
SignedCertificateTimestamps: expected,
}},
+ MaxVersion: version,
}
clientConfig := &Config{
InsecureSkipVerify: true,
}
- _, state, err := testHandshake(clientConfig, serverConfig)
+ _, state, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -407,6 +467,11 @@
}
func TestCrossVersionResume(t *testing.T) {
+ t.Run("TLSv12", func(t *testing.T) { testCrossVersionResume(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testCrossVersionResume(t, VersionTLS13) })
+}
+
+func testCrossVersionResume(t *testing.T, version uint16) {
serverConfig := &Config{
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
Certificates: testConfig.Certificates,
@@ -420,13 +485,13 @@
// Establish a session at TLS 1.1.
clientConfig.MaxVersion = VersionTLS11
- _, _, err := testHandshake(clientConfig, serverConfig)
+ _, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
// The client session cache now contains a TLS 1.1 session.
- state, _, err := testHandshake(clientConfig, serverConfig)
+ state, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -436,7 +501,7 @@
// Test that the server will decline to resume at a lower version.
clientConfig.MaxVersion = VersionTLS10
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -445,7 +510,7 @@
}
// The client session cache now contains a TLS 1.0 session.
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -455,7 +520,7 @@
// Test that the server will decline to resume at a higher version.
clientConfig.MaxVersion = VersionTLS11
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
@@ -488,6 +553,9 @@
// ConnectionState of the resulting connection. It returns false if the
// ConnectionState is unacceptable.
validate func(ConnectionState) error
+ // wait, if true, prevents this subtest from calling t.Parallel.
+ // If false, runServerTest* returns immediately.
+ wait bool
}
var defaultClientCommand = []string{"openssl", "s_client", "-no_ticket"}
@@ -540,7 +608,6 @@
}
tcpConn = connOrError.(net.Conn)
case <-time.After(2 * time.Second):
- output.WriteTo(os.Stdout)
return nil, nil, errors.New("timed out waiting for connection from child process")
}
@@ -578,8 +645,13 @@
t.Fatalf("Failed to start subcommand: %s", err)
}
serverConn = recordingConn
+ defer func() {
+ if t.Failed() {
+ t.Logf("OpenSSL output:\n\n%s", childProcess.Stdout)
+ }
+ }()
} else {
- clientConn, serverConn = net.Pipe()
+ clientConn, serverConn = localPipe(t)
}
config := test.config
if config == nil {
@@ -612,10 +684,12 @@
}
for i, b := range flows {
if i%2 == 0 {
+ clientConn.SetWriteDeadline(time.Now().Add(1 * time.Minute))
clientConn.Write(b)
continue
}
bb := make([]byte, len(b))
+ clientConn.SetReadDeadline(time.Now().Add(1 * time.Minute))
n, err := io.ReadFull(clientConn, bb)
if err != nil {
t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b)
@@ -655,43 +729,56 @@
defer out.Close()
recordingConn.Close()
if len(recordingConn.flows) < 3 {
- childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout)
if len(test.expectHandshakeErrorIncluding) == 0 {
t.Fatalf("Handshake failed")
}
}
recordingConn.WriteTo(out)
- fmt.Printf("Wrote %s\n", path)
+ t.Logf("Wrote %s\n", path)
childProcess.Wait()
}
}
-func runServerTestForVersion(t *testing.T, template *serverTest, prefix, option string) {
- setParallel(t)
- test := *template
- test.name = prefix + test.name
- if len(test.command) == 0 {
- test.command = defaultClientCommand
- }
- test.command = append([]string(nil), test.command...)
- test.command = append(test.command, option)
- test.run(t, *update)
+func runServerTestForVersion(t *testing.T, template *serverTest, version, option string) {
+ t.Run(version, func(t *testing.T) {
+ // Make a deep copy of the template before going parallel.
+ test := *template
+ if template.config != nil {
+ test.config = template.config.Clone()
+ }
+
+ if !*update && !template.wait {
+ t.Parallel()
+ }
+
+ test.name = version + "-" + test.name
+ if len(test.command) == 0 {
+ test.command = defaultClientCommand
+ }
+ test.command = append([]string(nil), test.command...)
+ test.command = append(test.command, option)
+ test.run(t, *update)
+ })
}
func runServerTestSSLv3(t *testing.T, template *serverTest) {
- runServerTestForVersion(t, template, "SSLv3-", "-ssl3")
+ runServerTestForVersion(t, template, "SSLv3", "-ssl3")
}
func runServerTestTLS10(t *testing.T, template *serverTest) {
- runServerTestForVersion(t, template, "TLSv10-", "-tls1")
+ runServerTestForVersion(t, template, "TLSv10", "-tls1")
}
func runServerTestTLS11(t *testing.T, template *serverTest) {
- runServerTestForVersion(t, template, "TLSv11-", "-tls1_1")
+ runServerTestForVersion(t, template, "TLSv11", "-tls1_1")
}
func runServerTestTLS12(t *testing.T, template *serverTest) {
- runServerTestForVersion(t, template, "TLSv12-", "-tls1_2")
+ runServerTestForVersion(t, template, "TLSv12", "-tls1_2")
+}
+
+func runServerTestTLS13(t *testing.T, template *serverTest) {
+ runServerTestForVersion(t, template, "TLSv13", "-tls1_3")
}
func TestHandshakeServerRSARC4(t *testing.T) {
@@ -741,6 +828,28 @@
runServerTestTLS12(t, test)
}
+func TestHandshakeServerAES128SHA256(t *testing.T) {
+ test := &serverTest{
+ name: "AES128-SHA256",
+ command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_AES_128_GCM_SHA256"},
+ }
+ runServerTestTLS13(t, test)
+}
+func TestHandshakeServerAES256SHA384(t *testing.T) {
+ test := &serverTest{
+ name: "AES256-SHA384",
+ command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_AES_256_GCM_SHA384"},
+ }
+ runServerTestTLS13(t, test)
+}
+func TestHandshakeServerCHACHA20SHA256(t *testing.T) {
+ test := &serverTest{
+ name: "CHACHA20-SHA256",
+ command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"},
+ }
+ runServerTestTLS13(t, test)
+}
+
func TestHandshakeServerECDHEECDSAAES(t *testing.T) {
config := testConfig.Clone()
config.Certificates = make([]Certificate, 1)
@@ -750,11 +859,12 @@
test := &serverTest{
name: "ECDHE-ECDSA-AES",
- command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"},
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256"},
config: config,
}
runServerTestTLS10(t, test)
runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
}
func TestHandshakeServerX25519(t *testing.T) {
@@ -762,11 +872,37 @@
config.CurvePreferences = []CurveID{X25519}
test := &serverTest{
- name: "X25519-ECDHE-RSA-AES-GCM",
- command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"},
+ name: "X25519",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "X25519"},
config: config,
}
runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+}
+
+func TestHandshakeServerP256(t *testing.T) {
+ config := testConfig.Clone()
+ config.CurvePreferences = []CurveID{CurveP256}
+
+ test := &serverTest{
+ name: "P256",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"},
+ config: config,
+ }
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+}
+
+func TestHandshakeServerHelloRetryRequest(t *testing.T) {
+ config := testConfig.Clone()
+ config.CurvePreferences = []CurveID{CurveP256}
+
+ test := &serverTest{
+ name: "HelloRetryRequest",
+ command: []string{"openssl", "s_client", "-no_ticket", "-curves", "X25519:P-256"},
+ config: config,
+ }
+ runServerTestTLS13(t, test)
}
func TestHandshakeServerALPN(t *testing.T) {
@@ -788,6 +924,7 @@
},
}
runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
}
func TestHandshakeServerALPNNoMatch(t *testing.T) {
@@ -810,6 +947,7 @@
},
}
runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
}
// TestHandshakeServerSNI involves a client sending an SNI extension of
@@ -832,7 +970,7 @@
nameToCert := config.NameToCertificate
config.NameToCertificate = nil
config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
- cert, _ := nameToCert[clientHello.ServerName]
+ cert := nameToCert[clientHello.ServerName]
return cert, nil
}
test := &serverTest{
@@ -873,6 +1011,7 @@
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{compressionNone},
serverName: "test",
@@ -893,6 +1032,7 @@
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{compressionNone},
}
@@ -904,6 +1044,7 @@
clientHello = &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{compressionNone},
}
@@ -941,47 +1082,83 @@
runServerTestTLS12(t, test)
}
-func TestResumption(t *testing.T) {
+func TestServerResumption(t *testing.T) {
sessionFilePath := tempFile("")
defer os.Remove(sessionFilePath)
- test := &serverTest{
+ testIssue := &serverTest{
name: "IssueTicket",
command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath},
+ wait: true,
}
- runServerTestTLS12(t, test)
-
- test = &serverTest{
+ testResume := &serverTest{
name: "Resume",
command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath},
+ validate: func(state ConnectionState) error {
+ if !state.DidResume {
+ return errors.New("did not resume")
+ }
+ return nil
+ },
}
- runServerTestTLS12(t, test)
+
+ runServerTestTLS12(t, testIssue)
+ runServerTestTLS12(t, testResume)
+
+ runServerTestTLS13(t, testIssue)
+ runServerTestTLS13(t, testResume)
+
+ config := testConfig.Clone()
+ config.CurvePreferences = []CurveID{CurveP256}
+
+ testResumeHRR := &serverTest{
+ name: "Resume-HelloRetryRequest",
+ command: []string{"openssl", "s_client", "-curves", "X25519:P-256", "-sess_in", sessionFilePath},
+ config: config,
+ validate: func(state ConnectionState) error {
+ if !state.DidResume {
+ return errors.New("did not resume")
+ }
+ return nil
+ },
+ }
+
+ runServerTestTLS13(t, testResumeHRR)
}
-func TestResumptionDisabled(t *testing.T) {
+func TestServerResumptionDisabled(t *testing.T) {
sessionFilePath := tempFile("")
defer os.Remove(sessionFilePath)
config := testConfig.Clone()
- test := &serverTest{
+ testIssue := &serverTest{
name: "IssueTicketPreDisable",
command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath},
config: config,
+ wait: true,
}
- runServerTestTLS12(t, test)
-
- config.SessionTicketsDisabled = true
-
- test = &serverTest{
+ testResume := &serverTest{
name: "ResumeDisabled",
command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath},
config: config,
+ validate: func(state ConnectionState) error {
+ if state.DidResume {
+ return errors.New("resumed with SessionTicketsDisabled")
+ }
+ return nil
+ },
}
- runServerTestTLS12(t, test)
- // One needs to manually confirm that the handshake in the golden data
- // file for ResumeDisabled does not include a resumption handshake.
+ config.SessionTicketsDisabled = false
+ runServerTestTLS12(t, testIssue)
+ config.SessionTicketsDisabled = true
+ runServerTestTLS12(t, testResume)
+
+ config.SessionTicketsDisabled = false
+ runServerTestTLS13(t, testIssue)
+ config.SessionTicketsDisabled = true
+ runServerTestTLS13(t, testResume)
}
func TestFallbackSCSV(t *testing.T) {
@@ -1014,9 +1191,54 @@
}
runServerTestTLS10(t, test)
runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
}
-func benchmarkHandshakeServer(b *testing.B, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) {
+func TestHandshakeServerRSAPKCS1v15(t *testing.T) {
+ test := &serverTest{
+ name: "RSA-RSAPKCS1v15",
+ command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pkcs1_sha256"},
+ }
+ runServerTestTLS12(t, test)
+}
+
+func TestHandshakeServerRSAPSS(t *testing.T) {
+ test := &serverTest{
+ name: "RSA-RSAPSS",
+ command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"},
+ }
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+}
+
+func TestHandshakeServerPSSDisabled(t *testing.T) {
+ test := &serverTest{
+ name: "RSA-PSS-Disabled",
+ command: []string{"openssl", "s_client", "-no_ticket"},
+ wait: true,
+ }
+
+ // Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2,
+ // and check that handshakes still work.
+ testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+ defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+ supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+
+ test = &serverTest{
+ name: "RSA-PSS-Disabled-Required",
+ command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"},
+ wait: true,
+
+ expectHandshakeErrorIncluding: "peer doesn't support any common signature algorithms",
+ }
+
+ runServerTestTLS12(t, test)
+}
+
+func benchmarkHandshakeServer(b *testing.B, version uint16, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) {
config := testConfig.Clone()
config.CipherSuites = []uint16{cipherSuite}
config.CurvePreferences = []CurveID{curve}
@@ -1025,10 +1247,13 @@
config.Certificates[0].PrivateKey = key
config.BuildNameToCertificate()
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(b)
serverConn = &recordingConn{Conn: serverConn}
go func() {
- client := Client(clientConn, testConfig)
+ config := testConfig.Clone()
+ config.MaxVersion = version
+ config.CurvePreferences = []CurveID{curve}
+ client := Client(clientConn, config)
client.Handshake()
}()
server := Server(serverConn, config)
@@ -1039,7 +1264,7 @@
flows := serverConn.(*recordingConn).flows
feeder := make(chan struct{})
- clientConn, serverConn = net.Pipe()
+ clientConn, serverConn = localPipe(b)
go func() {
for range feeder {
@@ -1051,10 +1276,10 @@
ff := make([]byte, len(f))
n, err := io.ReadFull(clientConn, ff)
if err != nil {
- b.Fatalf("#%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", i+1, err, n, len(ff), ff[:n], f)
+ b.Errorf("#%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", i+1, err, n, len(ff), ff[:n], f)
}
if !bytes.Equal(f, ff) {
- b.Fatalf("#%d: mismatch on read: got:%x want:%x", i+1, ff, f)
+ b.Errorf("#%d: mismatch on read: got:%x want:%x", i+1, ff, f)
}
}
}
@@ -1073,34 +1298,54 @@
func BenchmarkHandshakeServer(b *testing.B) {
b.Run("RSA", func(b *testing.B) {
- benchmarkHandshakeServer(b, TLS_RSA_WITH_AES_128_GCM_SHA256,
+ benchmarkHandshakeServer(b, VersionTLS12, TLS_RSA_WITH_AES_128_GCM_SHA256,
0, testRSACertificate, testRSAPrivateKey)
})
b.Run("ECDHE-P256-RSA", func(b *testing.B) {
- benchmarkHandshakeServer(b, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
- CurveP256, testRSACertificate, testRSAPrivateKey)
+ b.Run("TLSv13", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ CurveP256, testRSACertificate, testRSAPrivateKey)
+ })
+ b.Run("TLSv12", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+ CurveP256, testRSACertificate, testRSAPrivateKey)
+ })
})
b.Run("ECDHE-P256-ECDSA-P256", func(b *testing.B) {
- benchmarkHandshakeServer(b, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- CurveP256, testP256Certificate, testP256PrivateKey)
+ b.Run("TLSv13", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ CurveP256, testP256Certificate, testP256PrivateKey)
+ })
+ b.Run("TLSv12", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ CurveP256, testP256Certificate, testP256PrivateKey)
+ })
})
b.Run("ECDHE-X25519-ECDSA-P256", func(b *testing.B) {
- benchmarkHandshakeServer(b, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- X25519, testP256Certificate, testP256PrivateKey)
+ b.Run("TLSv13", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ X25519, testP256Certificate, testP256PrivateKey)
+ })
+ b.Run("TLSv12", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ X25519, testP256Certificate, testP256PrivateKey)
+ })
})
b.Run("ECDHE-P521-ECDSA-P521", func(b *testing.B) {
if testECDSAPrivateKey.PublicKey.Curve != elliptic.P521() {
b.Fatal("test ECDSA key doesn't use curve P-521")
}
- benchmarkHandshakeServer(b, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- CurveP521, testECDSACertificate, testECDSAPrivateKey)
+ b.Run("TLSv13", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ CurveP521, testECDSACertificate, testECDSAPrivateKey)
+ })
+ b.Run("TLSv12", func(b *testing.B) {
+ benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ CurveP521, testECDSACertificate, testECDSAPrivateKey)
+ })
})
}
-// clientCertificatePEM and clientKeyPEM were generated with generate_cert.go
-// Thus, they have no ExtKeyUsage fields and trigger an error when verification
-// is turned on.
-
const clientCertificatePEM = `
-----BEGIN CERTIFICATE-----
MIIB7zCCAVigAwIBAgIQXBnBiWWDVW/cC8m5k5/pvDANBgkqhkiG9w0BAQsFADAS
@@ -1161,7 +1406,6 @@
-----END EC PRIVATE KEY-----`
func TestClientAuth(t *testing.T) {
- setParallel(t)
var certPath, keyPath, ecdsaCertPath, ecdsaKeyPath string
if *update {
@@ -1175,31 +1419,80 @@
defer os.Remove(ecdsaKeyPath)
}
- config := testConfig.Clone()
- config.ClientAuth = RequestClientCert
+ t.Run("Normal", func(t *testing.T) {
+ config := testConfig.Clone()
+ config.ClientAuth = RequestClientCert
- test := &serverTest{
- name: "ClientAuthRequestedNotGiven",
- command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
- config: config,
- }
- runServerTestTLS12(t, test)
+ test := &serverTest{
+ name: "ClientAuthRequestedNotGiven",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
+ config: config,
+ }
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
- test = &serverTest{
- name: "ClientAuthRequestedAndGiven",
- command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", certPath, "-key", keyPath},
- config: config,
- expectedPeerCerts: []string{clientCertificatePEM},
- }
- runServerTestTLS12(t, test)
+ config.ClientAuth = RequireAnyClientCert
- test = &serverTest{
- name: "ClientAuthRequestedAndECDSAGiven",
- command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", ecdsaCertPath, "-key", ecdsaKeyPath},
- config: config,
- expectedPeerCerts: []string{clientECDSACertificatePEM},
- }
- runServerTestTLS12(t, test)
+ test = &serverTest{
+ name: "ClientAuthRequestedAndGiven",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+ "-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pss_rsae_sha256"},
+ config: config,
+ expectedPeerCerts: []string{clientCertificatePEM},
+ }
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+
+ test = &serverTest{
+ name: "ClientAuthRequestedAndECDSAGiven",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+ "-cert", ecdsaCertPath, "-key", ecdsaKeyPath},
+ config: config,
+ expectedPeerCerts: []string{clientECDSACertificatePEM},
+ }
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+
+ test = &serverTest{
+ name: "ClientAuthRequestedAndPKCS1v15Given",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+ "-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pkcs1_sha256"},
+ config: config,
+ expectedPeerCerts: []string{clientCertificatePEM},
+ }
+ runServerTestTLS12(t, test)
+ })
+
+ // Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2,
+ // and check that handshakes still work.
+ testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+ defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+ supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+ t.Run("PSSDisabled", func(t *testing.T) {
+ config := testConfig.Clone()
+ config.ClientAuth = RequireAnyClientCert
+
+ test := &serverTest{
+ name: "ClientAuthRequestedAndGiven-PSS-Disabled",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+ "-cert", certPath, "-key", keyPath},
+ config: config,
+ expectedPeerCerts: []string{clientCertificatePEM},
+ }
+ runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
+
+ test = &serverTest{
+ name: "ClientAuthRequestedAndGiven-PSS-Disabled-Required",
+ command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
+ "-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pss_rsae_sha256"},
+ config: config,
+
+ expectHandshakeErrorIncluding: "client didn't provide a certificate",
+ }
+ runServerTestTLS12(t, test)
+ })
}
func TestSNIGivenOnFailure(t *testing.T) {
@@ -1207,6 +1500,7 @@
clientHello := &clientHelloMsg{
vers: VersionTLS10,
+ random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{compressionNone},
serverName: expectedServerName,
@@ -1216,17 +1510,25 @@
// Erase the server's cipher suites to ensure the handshake fails.
serverConfig.CipherSuites = nil
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
cli := Client(c, testConfig)
cli.vers = clientHello.vers
cli.writeRecord(recordTypeHandshake, clientHello.marshal())
c.Close()
}()
+ conn := Server(s, serverConfig)
+ ch, err := conn.readClientHello()
hs := serverHandshakeState{
- c: Server(s, serverConfig),
+ c: conn,
+ clientHello: ch,
}
- _, err := hs.readClientHello()
+ if err == nil {
+ err = hs.processClientHello()
+ }
+ if err == nil {
+ err = hs.pickCipherSuite()
+ }
defer s.Close()
if err == nil {
@@ -1270,11 +1572,11 @@
func(clientHello *ClientHelloInfo) (*Config, error) {
config := testConfig.Clone()
// Setting a maximum version of TLS 1.1 should cause
- // the handshake to fail.
+ // the handshake to fail, as the client MinVersion is TLS 1.2.
config.MaxVersion = VersionTLS11
return config, nil
},
- "version 301 when expecting version 302",
+ "client offered only unsupported versions",
nil,
},
{
@@ -1346,7 +1648,7 @@
configReturned = config
return config, err
}
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan error)
go func() {
@@ -1393,6 +1695,11 @@
var testRSACertificateIssuer = fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76")
+// testRSAPSSCertificate has signatureAlgorithm rsassaPss, and subjectPublicKeyInfo
+// algorithm rsaEncryption, for use with the rsa_pss_rsae_* SignatureSchemes.
+// See also TestRSAPSSKeyError. testRSAPSSCertificate is self-signed.
+var testRSAPSSCertificate = fromHex("308202583082018da003020102021100f29926eb87ea8a0db9fcc247347c11b0304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a20302012030123110300e060355040a130741636d6520436f301e170d3137313132333136313631305a170d3138313132333136313631305a30123110300e060355040a130741636d6520436f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3463044300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000300f0603551d110408300687047f000001304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a20302012003818100cdac4ef2ce5f8d79881042707f7cbf1b5a8a00ef19154b40151771006cd41626e5496d56da0c1a139fd84695593cb67f87765e18aa03ea067522dd78d2a589b8c92364e12838ce346c6e067b51f1a7e6f4b37ffab13f1411896679d18e880e0ba09e302ac067efca460288e9538122692297ad8093d4f7dd701424d7700a46a1")
+
var testECDSACertificate = fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a")
var testSNICertificate = fromHex("0441883421114c81480804c430820237308201a0a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a3023310b3009060355040a1302476f311430120603550403130b736e69746573742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3773075300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b0500038181007beeecff0230dbb2e7a334af65430b7116e09f327c3bbf918107fc9c66cb497493207ae9b4dbb045cb63d605ec1b5dd485bb69124d68fa298dc776699b47632fd6d73cab57042acb26f083c4087459bc5a3bb3ca4d878d7fe31016b7bc9a627438666566e3389bfaeebe6becc9a0093ceed18d0f9ac79d56f3a73f18188988ed")
@@ -1423,19 +1730,85 @@
var testP256PrivateKey, _ = x509.ParseECPrivateKey(fromHex("30770201010420012f3b52bc54c36ba3577ad45034e2e8efe1e6999851284cb848725cfe029991a00a06082a8648ce3d030107a14403420004c02c61c9b16283bbcc14956d886d79b358aa614596975f78cece787146abf74c2d5dc578c0992b4f3c631373479ebf3892efe53d21c4f4f1cc9a11c3536b7f75"))
func TestCloseServerConnectionOnIdleClient(t *testing.T) {
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(t)
server := Server(serverConn, testConfig.Clone())
go func() {
clientConn.Write([]byte{'0'})
server.Close()
}()
- server.SetReadDeadline(time.Now().Add(time.Second))
+ server.SetReadDeadline(time.Now().Add(time.Minute))
err := server.Handshake()
if err != nil {
- if !strings.Contains(err.Error(), "read/write on closed pipe") {
- t.Errorf("Error expected containing 'read/write on closed pipe' but got '%s'", err.Error())
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ t.Errorf("Expected a closed network connection error but got '%s'", err.Error())
}
} else {
t.Errorf("Error expected, but no error returned")
}
}
+
+func TestCloneHash(t *testing.T) {
+ h1 := crypto.SHA256.New()
+ h1.Write([]byte("test"))
+ s1 := h1.Sum(nil)
+ h2 := cloneHash(h1, crypto.SHA256)
+ s2 := h2.Sum(nil)
+ if !bytes.Equal(s1, s2) {
+ t.Error("cloned hash generated a different sum")
+ }
+}
+
+func TestKeyTooSmallForRSAPSS(t *testing.T) {
+ clientConn, serverConn := localPipe(t)
+ client := Client(clientConn, testConfig)
+ cert, err := X509KeyPair([]byte(`-----BEGIN CERTIFICATE-----
+MIIBcTCCARugAwIBAgIQGjQnkCFlUqaFlt6ixyz/tDANBgkqhkiG9w0BAQsFADAS
+MRAwDgYDVQQKEwdBY21lIENvMB4XDTE5MDExODIzMjMyOFoXDTIwMDExODIzMjMy
+OFowEjEQMA4GA1UEChMHQWNtZSBDbzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDd
+ez1rFUDwax2HTxbcnFUP9AhcgEGMHVV2nn4VVEWFJB6I8C/Nkx0XyyQlrmFYBzEQ
+nIPhKls4T0hFoLvjJnXpAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
+DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUu
+Y29tMA0GCSqGSIb3DQEBCwUAA0EAxDuUS+BrrS3c+h+k+fQPOmOScy6yTX9mHw0Q
+KbucGamXYEy0URIwOdO0tQ3LHPc1YGvYSPwkDjkjqECs2Vm/AA==
+-----END CERTIFICATE-----`), []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T
+HRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/
+yt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z
+4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz
+nKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd
+hXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s
+T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
+-----END RSA PRIVATE KEY-----`))
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ done := make(chan struct{})
+ go func() {
+ config := testConfig.Clone()
+ config.Certificates = []Certificate{cert}
+ config.MinVersion = VersionTLS13
+ server := Server(serverConn, config)
+ err := server.Handshake()
+ if !strings.Contains(err.Error(), "key size too small for PSS signature") {
+ t.Errorf(`expected "key size too small for PSS signature", got %q`, err)
+ }
+ close(done)
+ }()
+ err = client.Handshake()
+ if !strings.Contains(err.Error(), "handshake failure") {
+ t.Errorf(`expected "handshake failure", got %q`, err)
+ }
+ <-done
+
+ // With RSA-PSS disabled and TLS 1.2, this should work.
+
+ testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12
+ defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }()
+ supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12
+
+ serverConfig := testConfig.Clone()
+ serverConfig.Certificates = []Certificate{cert}
+ serverConfig.MaxVersion = VersionTLS12
+ testHandshake(t, testConfig, serverConfig)
+}
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
new file mode 100644
index 0000000..fd65ac1
--- /dev/null
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -0,0 +1,860 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+ "bytes"
+ "crypto"
+ "crypto/hmac"
+ "crypto/rsa"
+ "errors"
+ "hash"
+ "io"
+ "sync/atomic"
+ "time"
+)
+
+// maxClientPSKIdentities is the number of client PSK identities the server will
+// attempt to validate. It will ignore the rest not to let cheap ClientHello
+// messages cause too much work in session ticket decryption attempts.
+const maxClientPSKIdentities = 5
+
+type serverHandshakeStateTLS13 struct {
+ c *Conn
+ clientHello *clientHelloMsg
+ hello *serverHelloMsg
+ sentDummyCCS bool
+ usingPSK bool
+ suite *cipherSuiteTLS13
+ cert *Certificate
+ sigAlg SignatureScheme
+ earlySecret []byte
+ sharedKey []byte
+ handshakeSecret []byte
+ masterSecret []byte
+ trafficSecret []byte // client_application_traffic_secret_0
+ transcript hash.Hash
+ clientFinished []byte
+}
+
+func (hs *serverHandshakeStateTLS13) handshake() error {
+ c := hs.c
+
+ // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2.
+ if err := hs.processClientHello(); err != nil {
+ return err
+ }
+ if err := hs.checkForResumption(); err != nil {
+ return err
+ }
+ if err := hs.pickCertificate(); err != nil {
+ return err
+ }
+ c.buffering = true
+ if err := hs.sendServerParameters(); err != nil {
+ return err
+ }
+ if err := hs.sendServerCertificate(); err != nil {
+ return err
+ }
+ if err := hs.sendServerFinished(); err != nil {
+ return err
+ }
+ // Note that at this point we could start sending application data without
+ // waiting for the client's second flight, but the application might not
+ // expect the lack of replay protection of the ClientHello parameters.
+ if _, err := c.flush(); err != nil {
+ return err
+ }
+ if err := hs.readClientCertificate(); err != nil {
+ return err
+ }
+ if err := hs.readClientFinished(); err != nil {
+ return err
+ }
+
+ atomic.StoreUint32(&c.handshakeStatus, 1)
+
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) processClientHello() error {
+ c := hs.c
+
+ hs.hello = new(serverHelloMsg)
+
+ // TLS 1.3 froze the ServerHello.legacy_version field, and uses
+ // supported_versions instead. See RFC 8446, sections 4.1.3 and 4.2.1.
+ hs.hello.vers = VersionTLS12
+ hs.hello.supportedVersion = c.vers
+
+ if len(hs.clientHello.supportedVersions) == 0 {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: client used the legacy version field to negotiate TLS 1.3")
+ }
+
+ // Abort if the client is doing a fallback and landing lower than what we
+ // support. See RFC 7507, which however does not specify the interaction
+ // with supported_versions. The only difference is that with
+ // supported_versions a client has a chance to attempt a [TLS 1.2, TLS 1.4]
+ // handshake in case TLS 1.3 is broken but 1.2 is not. Alas, in that case,
+ // it will have to drop the TLS_FALLBACK_SCSV protection if it falls back to
+ // TLS 1.2, because a TLS 1.3 server would abort here. The situation before
+ // supported_versions was not better because there was just no way to do a
+ // TLS 1.4 handshake without risking the server selecting TLS 1.3.
+ for _, id := range hs.clientHello.cipherSuites {
+ if id == TLS_FALLBACK_SCSV {
+ // Use c.vers instead of max(supported_versions) because an attacker
+ // could defeat this by adding an arbitrary high version otherwise.
+ if c.vers < c.config.maxSupportedVersion(false) {
+ c.sendAlert(alertInappropriateFallback)
+ return errors.New("tls: client using inappropriate protocol fallback")
+ }
+ break
+ }
+ }
+
+ if len(hs.clientHello.compressionMethods) != 1 ||
+ hs.clientHello.compressionMethods[0] != compressionNone {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: TLS 1.3 client supports illegal compression methods")
+ }
+
+ hs.hello.random = make([]byte, 32)
+ if _, err := io.ReadFull(c.config.rand(), hs.hello.random); err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+
+ if len(hs.clientHello.secureRenegotiation) != 0 {
+ c.sendAlert(alertHandshakeFailure)
+ return errors.New("tls: initial handshake had non-empty renegotiation extension")
+ }
+
+ if hs.clientHello.earlyData {
+ // See RFC 8446, Section 4.2.10 for the complicated behavior required
+ // here. The scenario is that a different server at our address offered
+ // to accept early data in the past, which we can't handle. For now, all
+ // 0-RTT enabled session tickets need to expire before a Go server can
+ // replace a server or join a pool. That's the same requirement that
+ // applies to mixing or replacing with any TLS 1.2 server.
+ c.sendAlert(alertUnsupportedExtension)
+ return errors.New("tls: client sent unexpected early data")
+ }
+
+ hs.hello.sessionId = hs.clientHello.sessionId
+ hs.hello.compressionMethod = compressionNone
+
+ var preferenceList, supportedList []uint16
+ if c.config.PreferServerCipherSuites {
+ preferenceList = defaultCipherSuitesTLS13()
+ supportedList = hs.clientHello.cipherSuites
+ } else {
+ preferenceList = hs.clientHello.cipherSuites
+ supportedList = defaultCipherSuitesTLS13()
+ }
+ for _, suiteID := range preferenceList {
+ hs.suite = mutualCipherSuiteTLS13(supportedList, suiteID)
+ if hs.suite != nil {
+ break
+ }
+ }
+ if hs.suite == nil {
+ c.sendAlert(alertHandshakeFailure)
+ return errors.New("tls: no cipher suite supported by both client and server")
+ }
+ c.cipherSuite = hs.suite.id
+ hs.hello.cipherSuite = hs.suite.id
+ hs.transcript = hs.suite.hash.New()
+
+ // Pick the ECDHE group in server preference order, but give priority to
+ // groups with a key share, to avoid a HelloRetryRequest round-trip.
+ var selectedGroup CurveID
+ var clientKeyShare *keyShare
+GroupSelection:
+ for _, preferredGroup := range c.config.curvePreferences() {
+ for _, ks := range hs.clientHello.keyShares {
+ if ks.group == preferredGroup {
+ selectedGroup = ks.group
+ clientKeyShare = &ks
+ break GroupSelection
+ }
+ }
+ if selectedGroup != 0 {
+ continue
+ }
+ for _, group := range hs.clientHello.supportedCurves {
+ if group == preferredGroup {
+ selectedGroup = group
+ break
+ }
+ }
+ }
+ if selectedGroup == 0 {
+ c.sendAlert(alertHandshakeFailure)
+ return errors.New("tls: no ECDHE curve supported by both client and server")
+ }
+ if clientKeyShare == nil {
+ if err := hs.doHelloRetryRequest(selectedGroup); err != nil {
+ return err
+ }
+ clientKeyShare = &hs.clientHello.keyShares[0]
+ }
+
+ if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && !ok {
+ c.sendAlert(alertInternalError)
+ return errors.New("tls: CurvePreferences includes unsupported curve")
+ }
+ params, err := generateECDHEParameters(c.config.rand(), selectedGroup)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()}
+ hs.sharedKey = params.SharedKey(clientKeyShare.data)
+ if hs.sharedKey == nil {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid client key share")
+ }
+
+ c.serverName = hs.clientHello.serverName
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) checkForResumption() error {
+ c := hs.c
+
+ if c.config.SessionTicketsDisabled {
+ return nil
+ }
+
+ modeOK := false
+ for _, mode := range hs.clientHello.pskModes {
+ if mode == pskModeDHE {
+ modeOK = true
+ break
+ }
+ }
+ if !modeOK {
+ return nil
+ }
+
+ if len(hs.clientHello.pskIdentities) != len(hs.clientHello.pskBinders) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid or missing PSK binders")
+ }
+ if len(hs.clientHello.pskIdentities) == 0 {
+ return nil
+ }
+
+ for i, identity := range hs.clientHello.pskIdentities {
+ if i >= maxClientPSKIdentities {
+ break
+ }
+
+ plaintext, _ := c.decryptTicket(identity.label)
+ if plaintext == nil {
+ continue
+ }
+ sessionState := new(sessionStateTLS13)
+ if ok := sessionState.unmarshal(plaintext); !ok {
+ continue
+ }
+
+ createdAt := time.Unix(int64(sessionState.createdAt), 0)
+ if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
+ continue
+ }
+
+ // We don't check the obfuscated ticket age because it's affected by
+ // clock skew and it's only a freshness signal useful for shrinking the
+ // window for replay attacks, which don't affect us as we don't do 0-RTT.
+
+ pskSuite := cipherSuiteTLS13ByID(sessionState.cipherSuite)
+ if pskSuite == nil || pskSuite.hash != hs.suite.hash {
+ continue
+ }
+
+ // PSK connections don't re-establish client certificates, but carry
+ // them over in the session ticket. Ensure the presence of client certs
+ // in the ticket is consistent with the configured requirements.
+ sessionHasClientCerts := len(sessionState.certificate.Certificate) != 0
+ needClientCerts := requiresClientCert(c.config.ClientAuth)
+ if needClientCerts && !sessionHasClientCerts {
+ continue
+ }
+ if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
+ continue
+ }
+
+ psk := hs.suite.expandLabel(sessionState.resumptionSecret, "resumption",
+ nil, hs.suite.hash.Size())
+ hs.earlySecret = hs.suite.extract(psk, nil)
+ binderKey := hs.suite.deriveSecret(hs.earlySecret, resumptionBinderLabel, nil)
+ // Clone the transcript in case a HelloRetryRequest was recorded.
+ transcript := cloneHash(hs.transcript, hs.suite.hash)
+ if transcript == nil {
+ c.sendAlert(alertInternalError)
+ return errors.New("tls: internal error: failed to clone hash")
+ }
+ transcript.Write(hs.clientHello.marshalWithoutBinders())
+ pskBinder := hs.suite.finishedHash(binderKey, transcript)
+ if !hmac.Equal(hs.clientHello.pskBinders[i], pskBinder) {
+ c.sendAlert(alertDecryptError)
+ return errors.New("tls: invalid PSK binder")
+ }
+
+ if err := c.processCertsFromClient(sessionState.certificate); err != nil {
+ return err
+ }
+
+ hs.hello.selectedIdentityPresent = true
+ hs.hello.selectedIdentity = uint16(i)
+ hs.usingPSK = true
+ c.didResume = true
+ return nil
+ }
+
+ return nil
+}
+
+// cloneHash uses the encoding.BinaryMarshaler and encoding.BinaryUnmarshaler
+// interfaces implemented by standard library hashes to clone the state of in
+// to a new instance of h. It returns nil if the operation fails.
+func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash {
+ // Recreate the interface to avoid importing encoding.
+ type binaryMarshaler interface {
+ MarshalBinary() (data []byte, err error)
+ UnmarshalBinary(data []byte) error
+ }
+ marshaler, ok := in.(binaryMarshaler)
+ if !ok {
+ return nil
+ }
+ state, err := marshaler.MarshalBinary()
+ if err != nil {
+ return nil
+ }
+ out := h.New()
+ unmarshaler, ok := out.(binaryMarshaler)
+ if !ok {
+ return nil
+ }
+ if err := unmarshaler.UnmarshalBinary(state); err != nil {
+ return nil
+ }
+ return out
+}
+
+func (hs *serverHandshakeStateTLS13) pickCertificate() error {
+ c := hs.c
+
+ // Only one of PSK and certificates are used at a time.
+ if hs.usingPSK {
+ return nil
+ }
+
+ // This implements a very simplistic certificate selection strategy for now:
+ // getCertificate delegates to the application Config.GetCertificate, or
+ // selects based on the server_name only. If the selected certificate's
+ // public key does not match the client signature_algorithms, the handshake
+ // is aborted. No attention is given to signature_algorithms_cert, and it is
+ // not passed to the application Config.GetCertificate. This will need to
+ // improve according to RFC 8446, sections 4.4.2.2 and 4.2.3.
+ certificate, err := c.config.getCertificate(clientHelloInfo(c, hs.clientHello))
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ supportedAlgs := signatureSchemesForCertificate(c.vers, certificate)
+ if supportedAlgs == nil {
+ c.sendAlert(alertInternalError)
+ return unsupportedCertificateError(certificate)
+ }
+ // Pick signature scheme in client preference order, as the server
+ // preference order is not configurable.
+ for _, preferredAlg := range hs.clientHello.supportedSignatureAlgorithms {
+ if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
+ hs.sigAlg = preferredAlg
+ break
+ }
+ }
+ if hs.sigAlg == 0 {
+ // getCertificate returned a certificate incompatible with the
+ // ClientHello supported signature algorithms.
+ c.sendAlert(alertHandshakeFailure)
+ return errors.New("tls: client doesn't support selected certificate")
+ }
+ hs.cert = certificate
+
+ return nil
+}
+
+// sendDummyChangeCipherSpec sends a ChangeCipherSpec record for compatibility
+// with middleboxes that didn't implement TLS correctly. See RFC 8446, Appendix D.4.
+func (hs *serverHandshakeStateTLS13) sendDummyChangeCipherSpec() error {
+ if hs.sentDummyCCS {
+ return nil
+ }
+ hs.sentDummyCCS = true
+
+ _, err := hs.c.writeRecord(recordTypeChangeCipherSpec, []byte{1})
+ return err
+}
+
+func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) error {
+ c := hs.c
+
+ // The first ClientHello gets double-hashed into the transcript upon a
+ // HelloRetryRequest. See RFC 8446, Section 4.4.1.
+ hs.transcript.Write(hs.clientHello.marshal())
+ chHash := hs.transcript.Sum(nil)
+ hs.transcript.Reset()
+ hs.transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))})
+ hs.transcript.Write(chHash)
+
+ helloRetryRequest := &serverHelloMsg{
+ vers: hs.hello.vers,
+ random: helloRetryRequestRandom,
+ sessionId: hs.hello.sessionId,
+ cipherSuite: hs.hello.cipherSuite,
+ compressionMethod: hs.hello.compressionMethod,
+ supportedVersion: hs.hello.supportedVersion,
+ selectedGroup: selectedGroup,
+ }
+
+ hs.transcript.Write(helloRetryRequest.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, helloRetryRequest.marshal()); err != nil {
+ return err
+ }
+
+ if err := hs.sendDummyChangeCipherSpec(); err != nil {
+ return err
+ }
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ clientHello, ok := msg.(*clientHelloMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(clientHello, msg)
+ }
+
+ if len(clientHello.keyShares) != 1 || clientHello.keyShares[0].group != selectedGroup {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: client sent invalid key share in second ClientHello")
+ }
+
+ if clientHello.earlyData {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: client indicated early data in second ClientHello")
+ }
+
+ if illegalClientHelloChange(clientHello, hs.clientHello) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: client illegally modified second ClientHello")
+ }
+
+ hs.clientHello = clientHello
+ return nil
+}
+
+// illegalClientHelloChange reports whether the two ClientHello messages are
+// different, with the exception of the changes allowed before and after a
+// HelloRetryRequest. See RFC 8446, Section 4.1.2.
+func illegalClientHelloChange(ch, ch1 *clientHelloMsg) bool {
+ if len(ch.supportedVersions) != len(ch1.supportedVersions) ||
+ len(ch.cipherSuites) != len(ch1.cipherSuites) ||
+ len(ch.supportedCurves) != len(ch1.supportedCurves) ||
+ len(ch.supportedSignatureAlgorithms) != len(ch1.supportedSignatureAlgorithms) ||
+ len(ch.supportedSignatureAlgorithmsCert) != len(ch1.supportedSignatureAlgorithmsCert) ||
+ len(ch.alpnProtocols) != len(ch1.alpnProtocols) {
+ return true
+ }
+ for i := range ch.supportedVersions {
+ if ch.supportedVersions[i] != ch1.supportedVersions[i] {
+ return true
+ }
+ }
+ for i := range ch.cipherSuites {
+ if ch.cipherSuites[i] != ch1.cipherSuites[i] {
+ return true
+ }
+ }
+ for i := range ch.supportedCurves {
+ if ch.supportedCurves[i] != ch1.supportedCurves[i] {
+ return true
+ }
+ }
+ for i := range ch.supportedSignatureAlgorithms {
+ if ch.supportedSignatureAlgorithms[i] != ch1.supportedSignatureAlgorithms[i] {
+ return true
+ }
+ }
+ for i := range ch.supportedSignatureAlgorithmsCert {
+ if ch.supportedSignatureAlgorithmsCert[i] != ch1.supportedSignatureAlgorithmsCert[i] {
+ return true
+ }
+ }
+ for i := range ch.alpnProtocols {
+ if ch.alpnProtocols[i] != ch1.alpnProtocols[i] {
+ return true
+ }
+ }
+ return ch.vers != ch1.vers ||
+ !bytes.Equal(ch.random, ch1.random) ||
+ !bytes.Equal(ch.sessionId, ch1.sessionId) ||
+ !bytes.Equal(ch.compressionMethods, ch1.compressionMethods) ||
+ ch.nextProtoNeg != ch1.nextProtoNeg ||
+ ch.serverName != ch1.serverName ||
+ ch.ocspStapling != ch1.ocspStapling ||
+ !bytes.Equal(ch.supportedPoints, ch1.supportedPoints) ||
+ ch.ticketSupported != ch1.ticketSupported ||
+ !bytes.Equal(ch.sessionTicket, ch1.sessionTicket) ||
+ ch.secureRenegotiationSupported != ch1.secureRenegotiationSupported ||
+ !bytes.Equal(ch.secureRenegotiation, ch1.secureRenegotiation) ||
+ ch.scts != ch1.scts ||
+ !bytes.Equal(ch.cookie, ch1.cookie) ||
+ !bytes.Equal(ch.pskModes, ch1.pskModes)
+}
+
+func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
+ c := hs.c
+
+ hs.transcript.Write(hs.clientHello.marshal())
+ hs.transcript.Write(hs.hello.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
+ return err
+ }
+
+ if err := hs.sendDummyChangeCipherSpec(); err != nil {
+ return err
+ }
+
+ earlySecret := hs.earlySecret
+ if earlySecret == nil {
+ earlySecret = hs.suite.extract(nil, nil)
+ }
+ hs.handshakeSecret = hs.suite.extract(hs.sharedKey,
+ hs.suite.deriveSecret(earlySecret, "derived", nil))
+
+ clientSecret := hs.suite.deriveSecret(hs.handshakeSecret,
+ clientHandshakeTrafficLabel, hs.transcript)
+ c.in.setTrafficSecret(hs.suite, clientSecret)
+ serverSecret := hs.suite.deriveSecret(hs.handshakeSecret,
+ serverHandshakeTrafficLabel, hs.transcript)
+ c.out.setTrafficSecret(hs.suite, serverSecret)
+
+ err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.clientHello.random, clientSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ err = c.config.writeKeyLog(keyLogLabelServerHandshake, hs.clientHello.random, serverSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+
+ encryptedExtensions := new(encryptedExtensionsMsg)
+
+ if len(hs.clientHello.alpnProtocols) > 0 {
+ if selectedProto, fallback := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); !fallback {
+ encryptedExtensions.alpnProtocol = selectedProto
+ c.clientProtocol = selectedProto
+ }
+ }
+
+ hs.transcript.Write(encryptedExtensions.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, encryptedExtensions.marshal()); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) requestClientCert() bool {
+ return hs.c.config.ClientAuth >= RequestClientCert && !hs.usingPSK
+}
+
+func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
+ c := hs.c
+
+ // Only one of PSK and certificates are used at a time.
+ if hs.usingPSK {
+ return nil
+ }
+
+ if hs.requestClientCert() {
+ // Request a client certificate
+ certReq := new(certificateRequestMsgTLS13)
+ certReq.ocspStapling = true
+ certReq.scts = true
+ certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+ if c.config.ClientCAs != nil {
+ certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
+ }
+
+ hs.transcript.Write(certReq.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, certReq.marshal()); err != nil {
+ return err
+ }
+ }
+
+ certMsg := new(certificateMsgTLS13)
+
+ certMsg.certificate = *hs.cert
+ certMsg.scts = hs.clientHello.scts && len(hs.cert.SignedCertificateTimestamps) > 0
+ certMsg.ocspStapling = hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0
+
+ hs.transcript.Write(certMsg.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil {
+ return err
+ }
+
+ certVerifyMsg := new(certificateVerifyMsg)
+ certVerifyMsg.hasSignatureAlgorithm = true
+ certVerifyMsg.signatureAlgorithm = hs.sigAlg
+
+ sigType := signatureFromSignatureScheme(hs.sigAlg)
+ sigHash, err := hashFromSignatureScheme(hs.sigAlg)
+ if sigType == 0 || err != nil {
+ return c.sendAlert(alertInternalError)
+ }
+ h := sigHash.New()
+ writeSignedMessage(h, serverSignatureContext, hs.transcript)
+
+ signOpts := crypto.SignerOpts(sigHash)
+ if sigType == signatureRSAPSS {
+ signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
+ }
+ sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), h.Sum(nil), signOpts)
+ if err != nil {
+ public := hs.cert.PrivateKey.(crypto.Signer).Public()
+ if rsaKey, ok := public.(*rsa.PublicKey); ok && sigType == signatureRSAPSS &&
+ rsaKey.N.BitLen()/8 < sigHash.Size()*2+2 { // key too small for RSA-PSS
+ c.sendAlert(alertHandshakeFailure)
+ } else {
+ c.sendAlert(alertInternalError)
+ }
+ return errors.New("tls: failed to sign handshake: " + err.Error())
+ }
+ certVerifyMsg.signature = sig
+
+ hs.transcript.Write(certVerifyMsg.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, certVerifyMsg.marshal()); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) sendServerFinished() error {
+ c := hs.c
+
+ finished := &finishedMsg{
+ verifyData: hs.suite.finishedHash(c.out.trafficSecret, hs.transcript),
+ }
+
+ hs.transcript.Write(finished.marshal())
+ if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil {
+ return err
+ }
+
+ // Derive secrets that take context through the server Finished.
+
+ hs.masterSecret = hs.suite.extract(nil,
+ hs.suite.deriveSecret(hs.handshakeSecret, "derived", nil))
+
+ hs.trafficSecret = hs.suite.deriveSecret(hs.masterSecret,
+ clientApplicationTrafficLabel, hs.transcript)
+ serverSecret := hs.suite.deriveSecret(hs.masterSecret,
+ serverApplicationTrafficLabel, hs.transcript)
+ c.out.setTrafficSecret(hs.suite, serverSecret)
+
+ err := c.config.writeKeyLog(keyLogLabelClientTraffic, hs.clientHello.random, hs.trafficSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.clientHello.random, serverSecret)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+
+ c.ekm = hs.suite.exportKeyingMaterial(hs.masterSecret, hs.transcript)
+
+ // If we did not request client certificates, at this point we can
+ // precompute the client finished and roll the transcript forward to send
+ // session tickets in our first flight.
+ if !hs.requestClientCert() {
+ if err := hs.sendSessionTickets(); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) shouldSendSessionTickets() bool {
+ if hs.c.config.SessionTicketsDisabled {
+ return false
+ }
+
+ // Don't send tickets the client wouldn't use. See RFC 8446, Section 4.2.9.
+ for _, pskMode := range hs.clientHello.pskModes {
+ if pskMode == pskModeDHE {
+ return true
+ }
+ }
+ return false
+}
+
+func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
+ c := hs.c
+
+ hs.clientFinished = hs.suite.finishedHash(c.in.trafficSecret, hs.transcript)
+ finishedMsg := &finishedMsg{
+ verifyData: hs.clientFinished,
+ }
+ hs.transcript.Write(finishedMsg.marshal())
+
+ if !hs.shouldSendSessionTickets() {
+ return nil
+ }
+
+ resumptionSecret := hs.suite.deriveSecret(hs.masterSecret,
+ resumptionLabel, hs.transcript)
+
+ m := new(newSessionTicketMsgTLS13)
+
+ var certsFromClient [][]byte
+ for _, cert := range c.peerCertificates {
+ certsFromClient = append(certsFromClient, cert.Raw)
+ }
+ state := sessionStateTLS13{
+ cipherSuite: hs.suite.id,
+ createdAt: uint64(c.config.time().Unix()),
+ resumptionSecret: resumptionSecret,
+ certificate: Certificate{
+ Certificate: certsFromClient,
+ OCSPStaple: c.ocspResponse,
+ SignedCertificateTimestamps: c.scts,
+ },
+ }
+ var err error
+ m.label, err = c.encryptTicket(state.marshal())
+ if err != nil {
+ return err
+ }
+ m.lifetime = uint32(maxSessionTicketLifetime / time.Second)
+
+ if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
+ c := hs.c
+
+ if !hs.requestClientCert() {
+ return nil
+ }
+
+ // If we requested a client certificate, then the client must send a
+ // certificate message. If it's empty, no CertificateVerify is sent.
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ certMsg, ok := msg.(*certificateMsgTLS13)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(certMsg, msg)
+ }
+ hs.transcript.Write(certMsg.marshal())
+
+ if err := c.processCertsFromClient(certMsg.certificate); err != nil {
+ return err
+ }
+
+ if len(certMsg.certificate.Certificate) != 0 {
+ msg, err = c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ certVerify, ok := msg.(*certificateVerifyMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(certVerify, msg)
+ }
+
+ // See RFC 8446, Section 4.4.3.
+ if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid certificate signature algorithm")
+ }
+ sigType := signatureFromSignatureScheme(certVerify.signatureAlgorithm)
+ sigHash, err := hashFromSignatureScheme(certVerify.signatureAlgorithm)
+ if sigType == 0 || err != nil {
+ c.sendAlert(alertInternalError)
+ return err
+ }
+ if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: invalid certificate signature algorithm")
+ }
+ h := sigHash.New()
+ writeSignedMessage(h, clientSignatureContext, hs.transcript)
+ if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
+ sigHash, h.Sum(nil), certVerify.signature); err != nil {
+ c.sendAlert(alertDecryptError)
+ return errors.New("tls: invalid certificate signature")
+ }
+
+ hs.transcript.Write(certVerify.marshal())
+ }
+
+ // If we waited until the client certificates to send session tickets, we
+ // are ready to do it now.
+ if err := hs.sendSessionTickets(); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (hs *serverHandshakeStateTLS13) readClientFinished() error {
+ c := hs.c
+
+ msg, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+
+ finished, ok := msg.(*finishedMsg)
+ if !ok {
+ c.sendAlert(alertUnexpectedMessage)
+ return unexpectedMessageError(finished, msg)
+ }
+
+ if !hmac.Equal(hs.clientFinished, finished.verifyData) {
+ c.sendAlert(alertDecryptError)
+ return errors.New("tls: invalid client finished hash")
+ }
+
+ c.in.setTrafficSecret(hs.suite, hs.trafficSecret)
+
+ return nil
+}
diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go
index 4b3fa23..aa072ce 100644
--- a/src/crypto/tls/handshake_test.go
+++ b/src/crypto/tls/handshake_test.go
@@ -13,6 +13,7 @@
"io"
"io/ioutil"
"net"
+ "os"
"os/exec"
"strconv"
"strings"
@@ -67,17 +68,17 @@
}
version := string(output)
- if strings.HasPrefix(version, "OpenSSL 1.1.0") {
+ if strings.HasPrefix(version, "OpenSSL 1.1.1") {
return
}
println("***********************************************")
println("")
- println("You need to build OpenSSL 1.1.0 from source in order")
+ println("You need to build OpenSSL 1.1.1 from source in order")
println("to update the test data.")
println("")
println("Configure it with:")
- println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method -static linux-x86_64")
+ println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method")
println("and then add the apps/ directory at the front of your PATH.")
println("***********************************************")
@@ -224,3 +225,45 @@
file.Close()
return path
}
+
+// localListener is set up by TestMain and used by localPipe to create Conn
+// pairs like net.Pipe, but connected by an actual buffered TCP connection.
+var localListener struct {
+ sync.Mutex
+ net.Listener
+}
+
+func localPipe(t testing.TB) (net.Conn, net.Conn) {
+ localListener.Lock()
+ defer localListener.Unlock()
+ c := make(chan net.Conn)
+ go func() {
+ conn, err := localListener.Accept()
+ if err != nil {
+ t.Errorf("Failed to accept local connection: %v", err)
+ }
+ c <- conn
+ }()
+ addr := localListener.Addr()
+ c1, err := net.Dial(addr.Network(), addr.String())
+ if err != nil {
+ t.Fatalf("Failed to dial local connection: %v", err)
+ }
+ c2 := <-c
+ return c1, c2
+}
+
+func TestMain(m *testing.M) {
+ l, err := net.Listen("tcp", "127.0.0.1:0")
+ if err != nil {
+ l, err = net.Listen("tcp6", "[::1]:0")
+ }
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Failed to open local listener: %v", err)
+ os.Exit(1)
+ }
+ localListener.Listener = l
+ exitCode := m.Run()
+ localListener.Close()
+ os.Exit(exitCode)
+}
diff --git a/src/crypto/tls/key_agreement.go b/src/crypto/tls/key_agreement.go
index 1e77fac..05fe77b 100644
--- a/src/crypto/tls/key_agreement.go
+++ b/src/crypto/tls/key_agreement.go
@@ -6,16 +6,12 @@
import (
"crypto"
- "crypto/elliptic"
"crypto/md5"
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
"errors"
"io"
- "math/big"
-
- "golang_org/x/crypto/curve25519"
)
var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message")
@@ -125,86 +121,54 @@
return md5SHA1Hash(slices), nil
}
-func curveForCurveID(id CurveID) (elliptic.Curve, bool) {
- switch id {
- case CurveP256:
- return elliptic.P256(), true
- case CurveP384:
- return elliptic.P384(), true
- case CurveP521:
- return elliptic.P521(), true
- default:
- return nil, false
- }
-
-}
-
// ecdheKeyAgreement implements a TLS key agreement where the server
// generates an ephemeral EC public/private key pair and signs it. The
// pre-master secret is then calculated using ECDH. The signature may
// either be ECDSA or RSA.
type ecdheKeyAgreement struct {
- version uint16
- isRSA bool
- privateKey []byte
- curveid CurveID
+ version uint16
+ isRSA bool
+ params ecdheParameters
- // publicKey is used to store the peer's public value when X25519 is
- // being used.
- publicKey []byte
- // x and y are used to store the peer's public value when one of the
- // NIST curves is being used.
- x, y *big.Int
+ // ckx and preMasterSecret are generated in processServerKeyExchange
+ // and returned in generateClientKeyExchange.
+ ckx *clientKeyExchangeMsg
+ preMasterSecret []byte
}
func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
preferredCurves := config.curvePreferences()
+ var curveID CurveID
NextCandidate:
for _, candidate := range preferredCurves {
for _, c := range clientHello.supportedCurves {
if candidate == c {
- ka.curveid = c
+ curveID = c
break NextCandidate
}
}
}
- if ka.curveid == 0 {
+ if curveID == 0 {
return nil, errors.New("tls: no supported elliptic curves offered")
}
-
- var ecdhePublic []byte
-
- if ka.curveid == X25519 {
- var scalar, public [32]byte
- if _, err := io.ReadFull(config.rand(), scalar[:]); err != nil {
- return nil, err
- }
-
- curve25519.ScalarBaseMult(&public, &scalar)
- ka.privateKey = scalar[:]
- ecdhePublic = public[:]
- } else {
- curve, ok := curveForCurveID(ka.curveid)
- if !ok {
- return nil, errors.New("tls: preferredCurves includes unsupported curve")
- }
-
- var x, y *big.Int
- var err error
- ka.privateKey, x, y, err = elliptic.GenerateKey(curve, config.rand())
- if err != nil {
- return nil, err
- }
- ecdhePublic = elliptic.Marshal(curve, x, y)
+ if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
+ return nil, errors.New("tls: CurvePreferences includes unsupported curve")
}
- // https://tools.ietf.org/html/rfc4492#section-5.4
+ params, err := generateECDHEParameters(config.rand(), curveID)
+ if err != nil {
+ return nil, err
+ }
+ ka.params = params
+
+ // See RFC 4492, Section 5.4.
+ ecdhePublic := params.PublicKey()
serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic))
serverECDHParams[0] = 3 // named curve
- serverECDHParams[1] = byte(ka.curveid >> 8)
- serverECDHParams[2] = byte(ka.curveid)
+ serverECDHParams[1] = byte(curveID >> 8)
+ serverECDHParams[2] = byte(curveID)
serverECDHParams[3] = byte(len(ecdhePublic))
copy(serverECDHParams[4:], ecdhePublic)
@@ -213,7 +177,7 @@
return nil, errors.New("tls: certificate private key does not implement crypto.Signer")
}
- signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithms, ka.version)
+ signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, ka.version)
if err != nil {
return nil, err
}
@@ -260,30 +224,10 @@
return nil, errClientKeyExchange
}
- if ka.curveid == X25519 {
- if len(ckx.ciphertext) != 1+32 {
- return nil, errClientKeyExchange
- }
-
- var theirPublic, sharedKey, scalar [32]byte
- copy(theirPublic[:], ckx.ciphertext[1:])
- copy(scalar[:], ka.privateKey)
- curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic)
- return sharedKey[:], nil
- }
-
- curve, ok := curveForCurveID(ka.curveid)
- if !ok {
- panic("internal error")
- }
- x, y := elliptic.Unmarshal(curve, ckx.ciphertext[1:]) // Unmarshal also checks whether the given point is on the curve
- if x == nil {
+ preMasterSecret := ka.params.SharedKey(ckx.ciphertext[1:])
+ if preMasterSecret == nil {
return nil, errClientKeyExchange
}
- x, _ = curve.ScalarMult(x, y, ka.privateKey)
- preMasterSecret := make([]byte, (curve.Params().BitSize+7)>>3)
- xBytes := x.Bytes()
- copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
return preMasterSecret, nil
}
@@ -295,7 +239,7 @@
if skx.key[0] != 3 { // named curve
return errors.New("tls: server selected unsupported curve")
}
- ka.curveid = CurveID(skx.key[1])<<8 | CurveID(skx.key[2])
+ curveID := CurveID(skx.key[1])<<8 | CurveID(skx.key[2])
publicLen := int(skx.key[3])
if publicLen+4 > len(skx.key) {
@@ -309,22 +253,27 @@
return errServerKeyExchange
}
- if ka.curveid == X25519 {
- if len(publicKey) != 32 {
- return errors.New("tls: bad X25519 public value")
- }
- ka.publicKey = publicKey
- } else {
- curve, ok := curveForCurveID(ka.curveid)
- if !ok {
- return errors.New("tls: server selected unsupported curve")
- }
- ka.x, ka.y = elliptic.Unmarshal(curve, publicKey) // Unmarshal also checks whether the given point is on the curve
- if ka.x == nil {
- return errServerKeyExchange
- }
+ if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
+ return errors.New("tls: server selected unsupported curve")
}
+ params, err := generateECDHEParameters(config.rand(), curveID)
+ if err != nil {
+ return err
+ }
+ ka.params = params
+
+ ka.preMasterSecret = params.SharedKey(publicKey)
+ if ka.preMasterSecret == nil {
+ return errServerKeyExchange
+ }
+
+ ourPublicKey := params.PublicKey()
+ ka.ckx = new(clientKeyExchangeMsg)
+ ka.ckx.ciphertext = make([]byte, 1+len(ourPublicKey))
+ ka.ckx.ciphertext[0] = byte(len(ourPublicKey))
+ copy(ka.ckx.ciphertext[1:], ourPublicKey)
+
var signatureAlgorithm SignatureScheme
if ka.version >= VersionTLS12 {
// handle SignatureAndHashAlgorithm
@@ -356,45 +305,9 @@
}
func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
- if ka.curveid == 0 {
+ if ka.ckx == nil {
return nil, nil, errors.New("tls: missing ServerKeyExchange message")
}
- var serialized, preMasterSecret []byte
-
- if ka.curveid == X25519 {
- var ourPublic, theirPublic, sharedKey, scalar [32]byte
-
- if _, err := io.ReadFull(config.rand(), scalar[:]); err != nil {
- return nil, nil, err
- }
-
- copy(theirPublic[:], ka.publicKey)
- curve25519.ScalarBaseMult(&ourPublic, &scalar)
- curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic)
- serialized = ourPublic[:]
- preMasterSecret = sharedKey[:]
- } else {
- curve, ok := curveForCurveID(ka.curveid)
- if !ok {
- panic("internal error")
- }
- priv, mx, my, err := elliptic.GenerateKey(curve, config.rand())
- if err != nil {
- return nil, nil, err
- }
- x, _ := curve.ScalarMult(ka.x, ka.y, priv)
- preMasterSecret = make([]byte, (curve.Params().BitSize+7)>>3)
- xBytes := x.Bytes()
- copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
-
- serialized = elliptic.Marshal(curve, mx, my)
- }
-
- ckx := new(clientKeyExchangeMsg)
- ckx.ciphertext = make([]byte, 1+len(serialized))
- ckx.ciphertext[0] = byte(len(serialized))
- copy(ckx.ciphertext[1:], serialized)
-
- return preMasterSecret, ckx, nil
+ return ka.preMasterSecret, ka.ckx, nil
}
diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go
new file mode 100644
index 0000000..2cfc226
--- /dev/null
+++ b/src/crypto/tls/key_schedule.go
@@ -0,0 +1,200 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+ "crypto/elliptic"
+ "crypto/hmac"
+ "errors"
+ "hash"
+ "internal/x/crypto/cryptobyte"
+ "internal/x/crypto/curve25519"
+ "internal/x/crypto/hkdf"
+ "io"
+ "math/big"
+)
+
+// This file contains the functions necessary to compute the TLS 1.3 key
+// schedule. See RFC 8446, Section 7.
+
+const (
+ resumptionBinderLabel = "res binder"
+ clientHandshakeTrafficLabel = "c hs traffic"
+ serverHandshakeTrafficLabel = "s hs traffic"
+ clientApplicationTrafficLabel = "c ap traffic"
+ serverApplicationTrafficLabel = "s ap traffic"
+ exporterLabel = "exp master"
+ resumptionLabel = "res master"
+ trafficUpdateLabel = "traffic upd"
+)
+
+// expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.
+func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []byte, length int) []byte {
+ var hkdfLabel cryptobyte.Builder
+ hkdfLabel.AddUint16(uint16(length))
+ hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes([]byte("tls13 "))
+ b.AddBytes([]byte(label))
+ })
+ hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(context)
+ })
+ out := make([]byte, length)
+ n, err := hkdf.Expand(c.hash.New, secret, hkdfLabel.BytesOrPanic()).Read(out)
+ if err != nil || n != length {
+ panic("tls: HKDF-Expand-Label invocation failed unexpectedly")
+ }
+ return out
+}
+
+// deriveSecret implements Derive-Secret from RFC 8446, Section 7.1.
+func (c *cipherSuiteTLS13) deriveSecret(secret []byte, label string, transcript hash.Hash) []byte {
+ if transcript == nil {
+ transcript = c.hash.New()
+ }
+ return c.expandLabel(secret, label, transcript.Sum(nil), c.hash.Size())
+}
+
+// extract implements HKDF-Extract with the cipher suite hash.
+func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte {
+ if newSecret == nil {
+ newSecret = make([]byte, c.hash.Size())
+ }
+ return hkdf.Extract(c.hash.New, newSecret, currentSecret)
+}
+
+// nextTrafficSecret generates the next traffic secret, given the current one,
+// according to RFC 8446, Section 7.2.
+func (c *cipherSuiteTLS13) nextTrafficSecret(trafficSecret []byte) []byte {
+ return c.expandLabel(trafficSecret, trafficUpdateLabel, nil, c.hash.Size())
+}
+
+// trafficKey generates traffic keys according to RFC 8446, Section 7.3.
+func (c *cipherSuiteTLS13) trafficKey(trafficSecret []byte) (key, iv []byte) {
+ key = c.expandLabel(trafficSecret, "key", nil, c.keyLen)
+ iv = c.expandLabel(trafficSecret, "iv", nil, aeadNonceLength)
+ return
+}
+
+// finishedHash generates the Finished verify_data or PskBinderEntry according
+// to RFC 8446, Section 4.4.4. See sections 4.4 and 4.2.11.2 for the baseKey
+// selection.
+func (c *cipherSuiteTLS13) finishedHash(baseKey []byte, transcript hash.Hash) []byte {
+ finishedKey := c.expandLabel(baseKey, "finished", nil, c.hash.Size())
+ verifyData := hmac.New(c.hash.New, finishedKey)
+ verifyData.Write(transcript.Sum(nil))
+ return verifyData.Sum(nil)
+}
+
+// exportKeyingMaterial implements RFC5705 exporters for TLS 1.3 according to
+// RFC 8446, Section 7.5.
+func (c *cipherSuiteTLS13) exportKeyingMaterial(masterSecret []byte, transcript hash.Hash) func(string, []byte, int) ([]byte, error) {
+ expMasterSecret := c.deriveSecret(masterSecret, exporterLabel, transcript)
+ return func(label string, context []byte, length int) ([]byte, error) {
+ secret := c.deriveSecret(expMasterSecret, label, nil)
+ h := c.hash.New()
+ h.Write(context)
+ return c.expandLabel(secret, "exporter", h.Sum(nil), length), nil
+ }
+}
+
+// ecdheParameters implements Diffie-Hellman with either NIST curves or X25519,
+// according to RFC 8446, Section 4.2.8.2.
+type ecdheParameters interface {
+ CurveID() CurveID
+ PublicKey() []byte
+ SharedKey(peerPublicKey []byte) []byte
+}
+
+func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, error) {
+ if curveID == X25519 {
+ p := &x25519Parameters{}
+ if _, err := io.ReadFull(rand, p.privateKey[:]); err != nil {
+ return nil, err
+ }
+ curve25519.ScalarBaseMult(&p.publicKey, &p.privateKey)
+ return p, nil
+ }
+
+ curve, ok := curveForCurveID(curveID)
+ if !ok {
+ return nil, errors.New("tls: internal error: unsupported curve")
+ }
+
+ p := &nistParameters{curveID: curveID}
+ var err error
+ p.privateKey, p.x, p.y, err = elliptic.GenerateKey(curve, rand)
+ if err != nil {
+ return nil, err
+ }
+ return p, nil
+}
+
+func curveForCurveID(id CurveID) (elliptic.Curve, bool) {
+ switch id {
+ case CurveP256:
+ return elliptic.P256(), true
+ case CurveP384:
+ return elliptic.P384(), true
+ case CurveP521:
+ return elliptic.P521(), true
+ default:
+ return nil, false
+ }
+}
+
+type nistParameters struct {
+ privateKey []byte
+ x, y *big.Int // public key
+ curveID CurveID
+}
+
+func (p *nistParameters) CurveID() CurveID {
+ return p.curveID
+}
+
+func (p *nistParameters) PublicKey() []byte {
+ curve, _ := curveForCurveID(p.curveID)
+ return elliptic.Marshal(curve, p.x, p.y)
+}
+
+func (p *nistParameters) SharedKey(peerPublicKey []byte) []byte {
+ curve, _ := curveForCurveID(p.curveID)
+ // Unmarshal also checks whether the given point is on the curve.
+ x, y := elliptic.Unmarshal(curve, peerPublicKey)
+ if x == nil {
+ return nil
+ }
+
+ xShared, _ := curve.ScalarMult(x, y, p.privateKey)
+ sharedKey := make([]byte, (curve.Params().BitSize+7)>>3)
+ xBytes := xShared.Bytes()
+ copy(sharedKey[len(sharedKey)-len(xBytes):], xBytes)
+
+ return sharedKey
+}
+
+type x25519Parameters struct {
+ privateKey [32]byte
+ publicKey [32]byte
+}
+
+func (p *x25519Parameters) CurveID() CurveID {
+ return X25519
+}
+
+func (p *x25519Parameters) PublicKey() []byte {
+ return p.publicKey[:]
+}
+
+func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte {
+ if len(peerPublicKey) != 32 {
+ return nil
+ }
+ var theirPublicKey, sharedKey [32]byte
+ copy(theirPublicKey[:], peerPublicKey)
+ curve25519.ScalarMult(&sharedKey, &p.privateKey, &theirPublicKey)
+ return sharedKey[:]
+}
diff --git a/src/crypto/tls/key_schedule_test.go b/src/crypto/tls/key_schedule_test.go
new file mode 100644
index 0000000..79ff6a6
--- /dev/null
+++ b/src/crypto/tls/key_schedule_test.go
@@ -0,0 +1,175 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+ "bytes"
+ "encoding/hex"
+ "hash"
+ "strings"
+ "testing"
+ "unicode"
+)
+
+// This file contains tests derived from draft-ietf-tls-tls13-vectors-07.
+
+func parseVector(v string) []byte {
+ v = strings.Map(func(c rune) rune {
+ if unicode.IsSpace(c) {
+ return -1
+ }
+ return c
+ }, v)
+ parts := strings.Split(v, ":")
+ v = parts[len(parts)-1]
+ res, err := hex.DecodeString(v)
+ if err != nil {
+ panic(err)
+ }
+ return res
+}
+
+func TestDeriveSecret(t *testing.T) {
+ chTranscript := cipherSuitesTLS13[0].hash.New()
+ chTranscript.Write(parseVector(`
+ payload (512 octets): 01 00 01 fc 03 03 1b c3 ce b6 bb e3 9c ff
+ 93 83 55 b5 a5 0a db 6d b2 1b 7a 6a f6 49 d7 b4 bc 41 9d 78 76
+ 48 7d 95 00 00 06 13 01 13 03 13 02 01 00 01 cd 00 00 00 0b 00
+ 09 00 00 06 73 65 72 76 65 72 ff 01 00 01 00 00 0a 00 14 00 12
+ 00 1d 00 17 00 18 00 19 01 00 01 01 01 02 01 03 01 04 00 33 00
+ 26 00 24 00 1d 00 20 e4 ff b6 8a c0 5f 8d 96 c9 9d a2 66 98 34
+ 6c 6b e1 64 82 ba dd da fe 05 1a 66 b4 f1 8d 66 8f 0b 00 2a 00
+ 00 00 2b 00 03 02 03 04 00 0d 00 20 00 1e 04 03 05 03 06 03 02
+ 03 08 04 08 05 08 06 04 01 05 01 06 01 02 01 04 02 05 02 06 02
+ 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01 00 15 00 57 00 00 00
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ 00 29 00 dd 00 b8 00 b2 2c 03 5d 82 93 59 ee 5f f7 af 4e c9 00
+ 00 00 00 26 2a 64 94 dc 48 6d 2c 8a 34 cb 33 fa 90 bf 1b 00 70
+ ad 3c 49 88 83 c9 36 7c 09 a2 be 78 5a bc 55 cd 22 60 97 a3 a9
+ 82 11 72 83 f8 2a 03 a1 43 ef d3 ff 5d d3 6d 64 e8 61 be 7f d6
+ 1d 28 27 db 27 9c ce 14 50 77 d4 54 a3 66 4d 4e 6d a4 d2 9e e0
+ 37 25 a6 a4 da fc d0 fc 67 d2 ae a7 05 29 51 3e 3d a2 67 7f a5
+ 90 6c 5b 3f 7d 8f 92 f2 28 bd a4 0d da 72 14 70 f9 fb f2 97 b5
+ ae a6 17 64 6f ac 5c 03 27 2e 97 07 27 c6 21 a7 91 41 ef 5f 7d
+ e6 50 5e 5b fb c3 88 e9 33 43 69 40 93 93 4a e4 d3 57 fa d6 aa
+ cb 00 21 20 3a dd 4f b2 d8 fd f8 22 a0 ca 3c f7 67 8e f5 e8 8d
+ ae 99 01 41 c5 92 4d 57 bb 6f a3 1b 9e 5f 9d`))
+
+ type args struct {
+ secret []byte
+ label string
+ transcript hash.Hash
+ }
+ tests := []struct {
+ name string
+ args args
+ want []byte
+ }{
+ {
+ `derive secret for handshake "tls13 derived"`,
+ args{
+ parseVector(`PRK (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c e2
+ 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a`),
+ "derived",
+ nil,
+ },
+ parseVector(`expanded (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba
+ b6 97 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba`),
+ },
+ {
+ `derive secret "tls13 c e traffic"`,
+ args{
+ parseVector(`PRK (32 octets): 9b 21 88 e9 b2 fc 6d 64 d7 1d c3 29 90 0e 20 bb
+ 41 91 50 00 f6 78 aa 83 9c bb 79 7c b7 d8 33 2c`),
+ "c e traffic",
+ chTranscript,
+ },
+ parseVector(`expanded (32 octets): 3f bb e6 a6 0d eb 66 c3 0a 32 79 5a ba 0e
+ ff 7e aa 10 10 55 86 e7 be 5c 09 67 8d 63 b6 ca ab 62`),
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ c := cipherSuitesTLS13[0]
+ if got := c.deriveSecret(tt.args.secret, tt.args.label, tt.args.transcript); !bytes.Equal(got, tt.want) {
+ t.Errorf("cipherSuiteTLS13.deriveSecret() = % x, want % x", got, tt.want)
+ }
+ })
+ }
+}
+
+func TestTrafficKey(t *testing.T) {
+ trafficSecret := parseVector(
+ `PRK (32 octets): b6 7b 7d 69 0c c1 6c 4e 75 e5 42 13 cb 2d 37 b4
+ e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38`)
+ wantKey := parseVector(
+ `key expanded (16 octets): 3f ce 51 60 09 c2 17 27 d0 f2 e4 e8 6e
+ e4 03 bc`)
+ wantIV := parseVector(
+ `iv expanded (12 octets): 5d 31 3e b2 67 12 76 ee 13 00 0b 30`)
+
+ c := cipherSuitesTLS13[0]
+ gotKey, gotIV := c.trafficKey(trafficSecret)
+ if !bytes.Equal(gotKey, wantKey) {
+ t.Errorf("cipherSuiteTLS13.trafficKey() gotKey = % x, want % x", gotKey, wantKey)
+ }
+ if !bytes.Equal(gotIV, wantIV) {
+ t.Errorf("cipherSuiteTLS13.trafficKey() gotIV = % x, want % x", gotIV, wantIV)
+ }
+}
+
+func TestExtract(t *testing.T) {
+ type args struct {
+ newSecret []byte
+ currentSecret []byte
+ }
+ tests := []struct {
+ name string
+ args args
+ want []byte
+ }{
+ {
+ `extract secret "early"`,
+ args{
+ nil,
+ nil,
+ },
+ parseVector(`secret (32 octets): 33 ad 0a 1c 60 7e c0 3b 09 e6 cd 98 93 68 0c
+ e2 10 ad f3 00 aa 1f 26 60 e1 b2 2e 10 f1 70 f9 2a`),
+ },
+ {
+ `extract secret "master"`,
+ args{
+ nil,
+ parseVector(`salt (32 octets): 43 de 77 e0 c7 77 13 85 9a 94 4d b9 db 25 90 b5
+ 31 90 a6 5b 3e e2 e4 f1 2d d7 a0 bb 7c e2 54 b4`),
+ },
+ parseVector(`secret (32 octets): 18 df 06 84 3d 13 a0 8b f2 a4 49 84 4c 5f 8a
+ 47 80 01 bc 4d 4c 62 79 84 d5 a4 1d a8 d0 40 29 19`),
+ },
+ {
+ `extract secret "handshake"`,
+ args{
+ parseVector(`IKM (32 octets): 8b d4 05 4f b5 5b 9d 63 fd fb ac f9 f0 4b 9f 0d
+ 35 e6 d6 3f 53 75 63 ef d4 62 72 90 0f 89 49 2d`),
+ parseVector(`salt (32 octets): 6f 26 15 a1 08 c7 02 c5 67 8f 54 fc 9d ba b6 97
+ 16 c0 76 18 9c 48 25 0c eb ea c3 57 6c 36 11 ba`),
+ },
+ parseVector(`secret (32 octets): 1d c8 26 e9 36 06 aa 6f dc 0a ad c1 2f 74 1b
+ 01 04 6a a6 b9 9f 69 1e d2 21 a9 f0 ca 04 3f be ac`),
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ c := cipherSuitesTLS13[0]
+ if got := c.extract(tt.args.newSecret, tt.args.currentSecret); !bytes.Equal(got, tt.want) {
+ t.Errorf("cipherSuiteTLS13.extract() = % x, want % x", got, tt.want)
+ }
+ })
+ }
+}
diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go
index a8cf21d..5379397 100644
--- a/src/crypto/tls/prf.go
+++ b/src/crypto/tls/prf.go
@@ -16,14 +16,14 @@
"hash"
)
-// Split a premaster secret in two as specified in RFC 4346, section 5.
+// Split a premaster secret in two as specified in RFC 4346, Section 5.
func splitPreMasterSecret(secret []byte) (s1, s2 []byte) {
s1 = secret[0 : (len(secret)+1)/2]
s2 = secret[len(secret)/2:]
return
}
-// pHash implements the P_hash function, as defined in RFC 4346, section 5.
+// pHash implements the P_hash function, as defined in RFC 4346, Section 5.
func pHash(result, secret, seed []byte, hash func() hash.Hash) {
h := hmac.New(hash, secret)
h.Write(seed)
@@ -44,7 +44,7 @@
}
}
-// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5.
+// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5.
func prf10(result, secret, label, seed []byte) {
hashSHA1 := sha1.New
hashMD5 := md5.New
@@ -63,7 +63,7 @@
}
}
-// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, section 5.
+// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5.
func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) {
return func(result, secret, label, seed []byte) {
labelAndSeed := make([]byte, len(label)+len(seed))
@@ -108,7 +108,6 @@
}
const (
- tlsRandomLength = 32 // Length of a random nonce in TLS 1.1.
masterSecretLength = 48 // Length of a master secret in TLS 1.1.
finishedVerifyLength = 12 // Length of verify_data in a Finished message.
)
@@ -140,7 +139,7 @@
}
// masterFromPreMasterSecret generates the master secret from the pre-master
-// secret. See https://tools.ietf.org/html/rfc5246#section-8.1
+// secret. See RFC 5246, Section 8.1.
func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte {
seed := make([]byte, 0, len(clientRandom)+len(serverRandom))
seed = append(seed, clientRandom...)
@@ -153,7 +152,7 @@
// keysFromMasterSecret generates the connection keys from the master
// secret, given the lengths of the MAC key, cipher key and IV, as defined in
-// RFC 2246, section 6.3.
+// RFC 2246, Section 6.3.
func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) {
seed := make([]byte, 0, len(serverRandom)+len(clientRandom))
seed = append(seed, serverRandom...)
@@ -176,9 +175,9 @@
return
}
-// lookupTLSHash looks up the corresponding crypto.Hash for a given
+// hashFromSignatureScheme returns the corresponding crypto.Hash for a given
// hash from a TLS SignatureScheme.
-func lookupTLSHash(signatureAlgorithm SignatureScheme) (crypto.Hash, error) {
+func hashFromSignatureScheme(signatureAlgorithm SignatureScheme) (crypto.Hash, error) {
switch signatureAlgorithm {
case PKCS1WithSHA1, ECDSAWithSHA1:
return crypto.SHA1, nil
@@ -353,8 +352,7 @@
return nil, errors.New("crypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled")
}
-// ekmFromMasterSecret generates exported keying material as defined in
-// https://tools.ietf.org/html/rfc5705.
+// ekmFromMasterSecret generates exported keying material as defined in RFC 5705.
func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte) func(string, []byte, int) ([]byte, error) {
return func(label string, context []byte, length int) ([]byte, error) {
switch label {
diff --git a/src/crypto/tls/prf_test.go b/src/crypto/tls/prf_test.go
index f201253..ec54aac 100644
--- a/src/crypto/tls/prf_test.go
+++ b/src/crypto/tls/prf_test.go
@@ -87,20 +87,11 @@
}
}
-func cipherSuiteById(id uint16) *cipherSuite {
- for _, cipherSuite := range cipherSuites {
- if cipherSuite.id == id {
- return cipherSuite
- }
- }
- panic("ciphersuite not found")
-}
-
// These test vectors were generated from GnuTLS using `gnutls-cli --insecure -d 9 `
var testKeysFromTests = []testKeysFromTest{
{
VersionTLS10,
- cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA),
+ cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA),
"0302cac83ad4b1db3b9ab49ad05957de2a504a634a386fc600889321e1a971f57479466830ac3e6f468e87f5385fa0c5",
"4ae66303755184a3917fcb44880605fcc53baa01912b22ed94473fc69cebd558",
"4ae663020ec16e6bb5130be918cfcafd4d765979a3136a5d50c593446e4e44db",
@@ -116,7 +107,7 @@
},
{
VersionTLS10,
- cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA),
+ cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA),
"03023f7527316bc12cbcd69e4b9e8275d62c028f27e65c745cfcddc7ce01bd3570a111378b63848127f1c36e5f9e4890",
"4ae66364b5ea56b20ce4e25555aed2d7e67f42788dd03f3fee4adae0459ab106",
"4ae66363ab815cbf6a248b87d6b556184e945e9b97fbdf247858b0bdafacfa1c",
@@ -132,7 +123,7 @@
},
{
VersionTLS10,
- cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA),
+ cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA),
"832d515f1d61eebb2be56ba0ef79879efb9b527504abb386fb4310ed5d0e3b1f220d3bb6b455033a2773e6d8bdf951d278a187482b400d45deb88a5d5a6bb7d6a7a1decc04eb9ef0642876cd4a82d374d3b6ff35f0351dc5d411104de431375355addc39bfb1f6329fb163b0bc298d658338930d07d313cd980a7e3d9196cac1",
"4ae663b2ee389c0de147c509d8f18f5052afc4aaf9699efe8cb05ece883d3a5e",
"4ae664d503fd4cff50cfc1fb8fc606580f87b0fcdac9554ba0e01d785bdf278e",
@@ -148,7 +139,7 @@
},
{
VersionSSL30,
- cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA),
+ cipherSuiteByID(TLS_RSA_WITH_RC4_128_SHA),
"832d515f1d61eebb2be56ba0ef79879efb9b527504abb386fb4310ed5d0e3b1f220d3bb6b455033a2773e6d8bdf951d278a187482b400d45deb88a5d5a6bb7d6a7a1decc04eb9ef0642876cd4a82d374d3b6ff35f0351dc5d411104de431375355addc39bfb1f6329fb163b0bc298d658338930d07d313cd980a7e3d9196cac1",
"4ae663b2ee389c0de147c509d8f18f5052afc4aaf9699efe8cb05ece883d3a5e",
"4ae664d503fd4cff50cfc1fb8fc606580f87b0fcdac9554ba0e01d785bdf278e",
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
index f7b6612..009e658 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 37 4c 3d 48 47 |....Y...U..7L=HG|
-00000010 2c b1 fb 63 1d 94 a6 b7 57 87 72 ec 4d 29 f9 4e |,..c....W.r.M).N|
-00000020 81 d1 b6 27 8c 6a 27 c0 d3 c5 32 20 2d 80 95 68 |...'.j'...2 -..h|
-00000030 a9 f9 2a 79 af be 9f d3 ce 4f 6a 2c 6b b3 dd 9e |..*y.....Oj,k...|
-00000040 62 e2 08 b9 24 a3 fe 23 11 f8 cd ab c0 09 00 00 |b...$..#........|
+00000000 16 03 01 00 59 02 00 00 55 03 01 80 87 8d 86 82 |....Y...U.......|
+00000010 b7 ab d8 7d 1c b5 86 ca 1c af 7e c0 07 6d 43 3e |...}......~..mC>|
+00000020 10 59 aa 08 19 ae d0 b8 a1 f5 23 20 b6 3d 32 8b |.Y........# .=2.|
+00000030 f9 52 1a 01 eb 69 35 7c be 2d a9 ca 55 21 f3 b3 |.R...i5|.-..U!..|
+00000040 87 89 1e 05 cb cb 5d af 97 84 7e 07 c0 09 00 00 |......]...~.....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,18 +55,18 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 14 a7 |*............ ..|
-00000280 f5 4f 06 cf f6 92 3d 98 59 e2 36 72 2c 45 ce 98 |.O....=.Y.6r,E..|
-00000290 a2 97 c3 3c ba 67 b3 6a fe 0a 2c f7 ae 03 00 8b |...<.g.j..,.....|
-000002a0 30 81 88 02 42 00 cd a1 a2 cc 81 c9 7a c5 a9 54 |0...B.......z..T|
-000002b0 19 61 0a d3 23 7a cb f8 52 54 16 c3 38 b6 9e f2 |.a..#z..RT..8...|
-000002c0 a6 7f 5a 5c e7 3f ae c8 85 c1 01 6f 90 94 c4 e1 |..Z\.?.....o....|
-000002d0 c3 56 b3 da 4c 92 9c 11 0f 4d 06 31 3f d9 a4 77 |.V..L....M.1?..w|
-000002e0 1e 99 f6 3d ef 5e 06 02 42 01 4c f6 ac 3b 87 7b |...=.^..B.L..;.{|
-000002f0 a1 3b 59 28 ab 00 dd 06 e7 9c 8a 8b 0e 50 48 49 |.;Y(.........PHI|
-00000300 4d b8 56 34 94 6a 7f 7a 6c 17 b0 2a 29 42 18 aa |M.V4.j.zl..*)B..|
-00000310 a6 86 ce e0 d7 77 c1 e0 ea 40 96 50 79 ee e0 3c |.....w...@.Py..<|
-00000320 6b 4e c1 07 b3 05 f5 9a 71 aa 9d 16 03 01 00 0a |kN......q.......|
+00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 db cd |*............ ..|
+00000280 1a f4 85 72 91 7c ee 8c 5c 02 c7 5b 09 c3 97 5b |...r.|..\..[...[|
+00000290 5a 5c 2a af 84 5d 40 e9 2a e6 71 29 85 5d 00 8b |Z\*..]@.*.q).]..|
+000002a0 30 81 88 02 42 00 ec 5a 5c b8 29 7d b6 58 15 62 |0...B..Z\.)}.X.b|
+000002b0 b4 45 21 84 d6 d8 3a cc b8 c5 ff 79 66 07 57 28 |.E!...:....yf.W(|
+000002c0 29 af 1d e3 cf db 1b 23 bb 5a 2f 23 8f 29 ed d4 |)......#.Z/#.)..|
+000002d0 6c 3b ab a4 09 76 38 cf 63 bf 74 f9 5b 87 a2 e2 |l;...v8.c.t.[...|
+000002e0 b7 1c 03 29 bd c6 1e 02 42 01 65 17 a6 34 04 01 |...)....B.e..4..|
+000002f0 f4 f6 57 95 85 44 57 f5 34 02 aa fa 8b 63 57 69 |..W..DW.4....cWi|
+00000300 6f e4 23 8a e6 c2 c4 4a b9 ac a9 44 3e c7 bc 47 |o.#....J...D>..G|
+00000310 77 ae fe 22 14 5f bc 1c e2 20 ab 3f f6 dd c3 8f |w.."._... .?....|
+00000320 ed dd 39 c3 47 01 28 66 33 e6 c6 16 03 01 00 0a |..9.G.(f3.......|
00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........|
00000340 00 00 00 |...|
>>> Flow 3 (client to server)
@@ -99,30 +105,30 @@
00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..|
00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b|
00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......|
-00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 90 0f 00 |...._X.;t.......|
-00000240 00 8c 00 8a 30 81 87 02 41 69 90 2d 22 89 47 af |....0...Ai.-".G.|
-00000250 7e ab 99 d8 fc 71 00 e0 03 d8 03 36 2c 9f 5d 59 |~....q.....6,.]Y|
-00000260 27 2e c8 88 6f ba 7f 61 5a 86 8e 87 fd 3e 92 23 |'...o..aZ....>.#|
-00000270 e3 4e 49 af fe 2b 34 80 63 dd e3 e4 6b ca bd 08 |.NI..+4.c...k...|
-00000280 31 c8 54 27 d2 31 75 68 56 5d 02 42 01 1c 80 ed |1.T'.1uhV].B....|
-00000290 fc 67 1a e1 cd c0 dc 9d 22 2b 7f 9b 0a 6d 3e 3b |.g......"+...m>;|
-000002a0 ac 37 90 20 67 50 a1 e0 16 3c 3c 8c a1 46 2b 81 |.7. gP...<<..F+.|
-000002b0 48 b3 c3 c7 57 3b 26 17 51 4e d7 30 08 9c 2e d9 |H...W;&.QN.0....|
-000002c0 87 41 93 21 94 fe 47 34 16 a1 e3 dc 68 a7 14 03 |.A.!..G4....h...|
-000002d0 01 00 01 01 16 03 01 00 30 68 22 41 51 d1 f0 15 |........0h"AQ...|
-000002e0 e5 19 86 95 89 c2 a1 65 23 b2 61 44 fa 7e 07 9e |.......e#.aD.~..|
-000002f0 f9 91 4b 17 a5 3b 7c 6e e5 ee bf 06 4c 91 00 f5 |..K..;|n....L...|
-00000300 be b7 d5 b5 7c 88 21 0d ae |....|.!..|
+00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......|
+00000240 00 8d 00 8b 30 81 88 02 42 01 b1 4c 5b 98 0d 02 |....0...B..L[...|
+00000250 57 ed 5a 6a ba b2 25 b8 fe ab 0b c2 d2 f7 4f cf |W.Zj..%.......O.|
+00000260 05 fd 66 85 85 10 da 84 b5 30 76 92 70 5f 73 5b |..f......0v.p_s[|
+00000270 5e c1 ce 1d 3c 88 1d 50 b1 85 f8 66 07 a8 16 6a |^...<..P...f...j|
+00000280 f0 d5 61 80 e2 8e 75 dc e2 e1 45 02 42 01 2f 2f |..a...u...E.B.//|
+00000290 17 58 50 18 25 9e 99 9c 89 69 aa 55 69 26 6d 88 |.XP.%....i.Ui&m.|
+000002a0 8d c9 76 8b d5 40 5e 9d 0b f5 9f 6f dd 93 94 50 |..v..@^....o...P|
+000002b0 c0 6e c5 7a 4d 9e fb 64 61 31 88 be fa 0c 11 b8 |.n.zM..da1......|
+000002c0 ab 7e 7c 3d bf 4e da de aa aa 19 af 1c 1f 35 14 |.~|=.N........5.|
+000002d0 03 01 00 01 01 16 03 01 00 30 58 e2 f6 52 c6 6f |.........0X..R.o|
+000002e0 8d ba 2d be 84 8d fd 19 b7 2a e6 c4 b9 47 0d 3b |..-......*...G.;|
+000002f0 af a8 8d 91 90 9d ff a1 f0 65 af 8e fe 8a 9b 39 |.........e.....9|
+00000300 1c b1 e4 0b e3 c5 9a bf 86 18 |..........|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 22 37 a1 e7 52 |..........0"7..R|
-00000010 94 4a e6 d8 e2 0a 96 37 9e 3e f2 a1 96 42 0f c9 |.J.....7.>...B..|
-00000020 ba 95 15 27 3e 9c 01 04 0e 41 01 e5 a6 c7 b4 c7 |...'>....A......|
-00000030 c6 54 b2 0e 96 52 6c cd 73 11 d3 |.T...Rl.s..|
+00000000 14 03 01 00 01 01 16 03 01 00 30 bc 72 19 6f bb |..........0.r.o.|
+00000010 a0 79 dd 23 cf 44 0c be 48 9e ef 94 f3 47 fb 03 |.y.#.D..H....G..|
+00000020 7d c6 af 0d 35 e2 4d 73 92 42 04 fa 5b 74 be 4d |}...5.Ms.B..[t.M|
+00000030 0e 1b bf 3d 4a c9 d9 66 10 02 9f |...=J..f...|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 fa c5 7a 84 51 d8 01 1a bf c9 1c |.... ..z.Q......|
-00000010 74 79 18 31 01 37 d3 65 64 34 1b 29 4e 94 d3 51 |ty.1.7.ed4.)N..Q|
-00000020 e2 97 dd 9a af 17 03 01 00 20 bc 47 62 6c 06 28 |......... .Gbl.(|
-00000030 4d 7d 61 26 0f 06 00 2a a9 cb cf a2 a9 5a 20 2f |M}a&...*.....Z /|
-00000040 f5 57 40 06 46 06 cd 31 bb 2c 15 03 01 00 20 53 |.W@.F..1.,.... S|
-00000050 b1 0e 13 ba 83 40 ff 9c 2b f2 70 05 29 0f 27 a1 |.....@..+.p.).'.|
-00000060 32 98 b6 96 ab d7 2b 0e 70 53 6e 09 d8 82 99 |2.....+.pSn....|
+00000000 17 03 01 00 20 96 d0 e8 8d 10 80 14 f0 61 fa a9 |.... ........a..|
+00000010 61 f0 52 a9 22 b3 78 66 9d a4 79 6f 77 1e dc 2f |a.R.".xf..yow../|
+00000020 0d f7 83 86 58 17 03 01 00 20 f9 91 e6 bf d9 c6 |....X.... ......|
+00000030 34 5c 2c a2 94 55 55 74 83 03 58 5f 02 a8 00 da |4\,..UUt..X_....|
+00000040 70 22 e8 1d 54 c8 43 17 4e b8 15 03 01 00 20 b1 |p"..T.C.N..... .|
+00000050 6f a7 15 cc e5 50 e3 ab 70 14 ed 7f 8d fc 3a ff |o....P..p.....:.|
+00000060 6a ea 4f bd b0 58 59 b7 38 36 2c b2 df 3c 4a |j.O..XY.86,..<J|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
index 082c05d..8eae220 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 af af 0f 49 f7 |....Y...U.....I.|
-00000010 fa 29 30 cb 90 30 b4 70 d2 94 96 db 99 f9 4d 10 |.)0..0.p......M.|
-00000020 4c 14 67 a0 2f ac cc e6 7f 89 c2 20 d8 e0 15 ba |L.g./...... ....|
-00000030 55 99 b7 20 04 e2 84 e4 5d 97 4b ea 6e d5 6b db |U.. ....].K.n.k.|
-00000040 dc 23 2a a1 76 4c fd c0 5f a6 4a e1 c0 13 00 00 |.#*.vL.._.J.....|
+00000000 16 03 01 00 59 02 00 00 55 03 01 a1 68 ff ed 89 |....Y...U...h...|
+00000010 15 1b 21 de e0 23 e9 b0 ea 6c 1a 10 c7 f2 bb c1 |..!..#...l......|
+00000020 c7 7a 76 6c df 17 45 2d 71 8d 6a 20 12 5b 28 d2 |.zvl..E-q.j .[(.|
+00000030 94 ed d3 f5 6d 0b 40 2b 6f ec 7d 1f 8b 37 5c da |....m.@+o.}..7\.|
+00000040 ae b3 47 fd e5 13 36 c0 2f 50 33 58 c0 13 00 00 |..G...6./P3X....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,17 +60,17 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......|
-000002c0 aa 0c 00 00 a6 03 00 1d 20 b7 12 77 ce bd 55 19 |........ ..w..U.|
-000002d0 d6 16 92 11 72 ad dc b4 9c fd 7a cd dc 31 53 0f |....r.....z..1S.|
-000002e0 bc bf 12 0a 9f 32 c9 e3 09 00 80 6e 49 99 f1 c2 |.....2.....nI...|
-000002f0 6c 4e cd c1 bb cc b1 db fd e5 3a 12 c9 94 dd 11 |lN........:.....|
-00000300 84 b3 5f 43 15 7c f5 05 a0 13 90 05 0e bb 13 60 |.._C.|.........`|
-00000310 c5 ef 30 e6 cb 5d b2 50 10 99 1f 01 13 43 37 e8 |..0..].P.....C7.|
-00000320 6c 95 aa ae 3e f6 53 25 92 48 d1 f6 e1 7d 88 0e |l...>.S%.H...}..|
-00000330 23 fb ee 72 e8 84 83 6b bc d6 96 3c 1d 62 98 3e |#..r...k...<.b.>|
-00000340 89 c7 19 cc cd 08 d3 cb b2 fe 39 51 f0 62 89 71 |..........9Q.b.q|
-00000350 d7 83 78 33 0d de f8 81 5a e4 f3 ea 55 e9 58 41 |..x3....Z...U.XA|
-00000360 94 b2 1b b9 1f 3b 52 f1 d3 d0 51 16 03 01 00 0a |.....;R...Q.....|
+000002c0 aa 0c 00 00 a6 03 00 1d 20 67 3f fc ee e2 3f 93 |........ g?...?.|
+000002d0 c9 f9 f3 a2 41 97 86 04 ce f5 e5 6d ac 00 85 64 |....A......m...d|
+000002e0 01 83 89 75 5f 27 7c 5f 41 00 80 30 d3 2d ce bc |...u_'|_A..0.-..|
+000002f0 9a 45 ea 21 4c 28 9b 36 ba a9 d0 24 c9 1a 1b 3b |.E.!L(.6...$...;|
+00000300 6c 2d c3 72 3d d6 09 b2 07 d2 f2 54 b0 02 29 d7 |l-.r=......T..).|
+00000310 99 f6 5e ee 71 d9 6f 1d 0a 74 f3 ee 23 79 60 d3 |..^.q.o..t..#y`.|
+00000320 fd 14 99 d9 12 bd f7 5b 73 08 24 f2 3e 1f f5 38 |.......[s.$.>..8|
+00000330 6a c9 43 72 ea 97 78 b9 48 7b aa 05 b2 9a fc 6a |j.Cr..x.H{.....j|
+00000340 1f 4d 01 6a 9f 05 a3 0e 84 1f 09 9d e3 1a 07 6b |.M.j...........k|
+00000350 c6 82 5f cc 4a db 33 86 4a 03 50 21 d7 9e ca a1 |.._.J.3.J.P!....|
+00000360 9a 4f 52 53 43 67 81 53 3b ed fd 16 03 01 00 0a |.ORSCg.S;.......|
00000370 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........|
00000380 00 00 00 |...|
>>> Flow 3 (client to server)
@@ -104,29 +110,29 @@
00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b|
00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......|
00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......|
-00000240 00 8d 00 8b 30 81 88 02 42 01 8b 84 b3 ac 64 4e |....0...B.....dN|
-00000250 77 d2 47 77 13 2f 45 ec 0b 3f 92 ef 55 cc 78 8e |w.Gw./E..?..U.x.|
-00000260 d9 c1 ae 4b c5 6f 01 d0 55 ca 0b 12 cf 3c ac c8 |...K.o..U....<..|
-00000270 46 7b 6a c4 22 f3 16 85 1a 2a ea 4f f6 65 1c c9 |F{j."....*.O.e..|
-00000280 90 7b d1 c5 9f c8 59 73 43 47 bd 02 42 00 93 a3 |.{....YsCG..B...|
-00000290 35 0a 1f 14 de 23 fa 92 a4 d6 5e dc fd c0 85 87 |5....#....^.....|
-000002a0 fb 23 12 bd 8e d7 f3 98 33 49 fc 88 92 13 8a 7d |.#......3I.....}|
-000002b0 ee 12 e5 d6 b3 ff bf 04 7e 48 ff 83 6b 76 70 b8 |........~H..kvp.|
-000002c0 8c 1f f5 44 4b a7 fb 48 81 87 a0 6b 66 45 15 14 |...DK..H...kfE..|
-000002d0 03 01 00 01 01 16 03 01 00 30 83 d6 1c 9f e9 ef |.........0......|
-000002e0 49 45 e4 97 17 2c af 6f 4e 59 0e 4d 43 69 88 fd |IE...,.oNY.MCi..|
-000002f0 3d 99 00 9e 02 3c 33 78 d6 37 6e f9 55 43 ac 16 |=....<3x.7n.UC..|
-00000300 2e 14 0e 0e 44 a1 f7 1e fc 09 |....D.....|
+00000240 00 8d 00 8b 30 81 88 02 42 00 a6 8c ff 5a 40 01 |....0...B....Z@.|
+00000250 bc 1c 28 f7 95 34 93 1b 78 58 34 04 d9 3e 8b 1e |..(..4..xX4..>..|
+00000260 bb 2a 3f aa a8 a0 24 38 05 c2 38 4f 8b 55 08 17 |.*?...$8..8O.U..|
+00000270 e4 68 9b 9a 6c f1 94 cc 61 52 90 8a 38 6e 76 f5 |.h..l...aR..8nv.|
+00000280 0b 59 60 94 67 b5 78 83 93 eb cd 02 42 00 eb 7b |.Y`.g.x.....B..{|
+00000290 a4 90 f5 8a 07 ab 80 49 41 48 6e 37 7b e2 f8 b8 |.......IAHn7{...|
+000002a0 27 2d 06 2b cf 5a e9 eb 5c 36 a3 de 50 b9 40 b5 |'-.+.Z..\6..P.@.|
+000002b0 14 0a 5c a4 ec 8f 2b 0c d4 ca a3 45 db 2a 3a 65 |..\...+....E.*:e|
+000002c0 b4 8e c4 a6 d8 e9 f7 c3 48 34 f7 e7 65 b9 90 14 |........H4..e...|
+000002d0 03 01 00 01 01 16 03 01 00 30 a3 4b 62 d6 25 40 |.........0.Kb.%@|
+000002e0 84 6c 3f 2c d8 fa 69 93 49 4f 4e 75 06 09 0c 1a |.l?,..i.IONu....|
+000002f0 01 b9 09 2e 9d 4d 0a f7 57 c0 8b d8 d0 44 5d f4 |.....M..W....D].|
+00000300 c1 19 61 a7 a7 36 05 ad 96 92 |..a..6....|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 75 1b 70 70 73 |..........0u.pps|
-00000010 c3 2d d5 7a a5 ca 63 b3 b7 b1 57 a8 bc fd 5c 95 |.-.z..c...W...\.|
-00000020 ed e7 88 26 b3 9b a6 8d c7 3f 02 70 a7 98 1c 33 |...&.....?.p...3|
-00000030 86 67 f7 ca 76 42 53 99 3b 17 ef |.g..vBS.;..|
+00000000 14 03 01 00 01 01 16 03 01 00 30 0a 75 fa 5e 6e |..........0.u.^n|
+00000010 50 48 e9 b1 67 e2 e1 04 c4 d9 27 63 7a a3 74 9e |PH..g.....'cz.t.|
+00000020 0d 70 13 b9 1c b6 f5 e4 43 eb e1 20 86 08 d0 39 |.p......C.. ...9|
+00000030 91 5e 72 f7 9b 30 25 db aa 8c 72 |.^r..0%...r|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 61 40 b2 4d fe 8d 3c a1 d2 4b 36 |.... a@.M..<..K6|
-00000010 bb 5d 6c 77 65 6e 66 55 57 12 a5 62 9d 56 f6 53 |.]lwenfUW..b.V.S|
-00000020 dd a6 38 7c 32 17 03 01 00 20 e5 98 82 47 a0 cc |..8|2.... ...G..|
-00000030 a7 02 98 71 01 00 d7 ee 1c 35 16 d6 7a 03 80 95 |...q.....5..z...|
-00000040 d0 69 9a e9 bb 4c 9c 0a 92 59 15 03 01 00 20 a2 |.i...L...Y.... .|
-00000050 96 8a 21 a9 a4 28 83 f8 fb 3c aa 6e 53 fb 23 7e |..!..(...<.nS.#~|
-00000060 a1 08 4f 16 8f 34 02 27 34 e2 c2 71 1e a2 c7 |..O..4.'4..q...|
+00000000 17 03 01 00 20 9a f8 b3 97 b0 90 7e c7 2c 15 74 |.... ......~.,.t|
+00000010 03 c9 15 5d 95 fa 5c 37 ca 1e 8f 5a 3c af dc 9b |...]..\7...Z<...|
+00000020 30 64 41 66 d0 17 03 01 00 20 1f 65 3e 77 1b 39 |0dAf..... .e>w.9|
+00000030 c4 b9 de 44 67 a2 1d 73 a8 83 bf dd 4f 50 ad d2 |...Dg..s....OP..|
+00000040 67 cf 45 9d 48 19 d8 67 fd 70 15 03 01 00 20 2d |g.E.H..g.p.... -|
+00000050 6e d3 18 d1 55 6a 68 88 9d c0 3b a7 2e 93 fe e5 |n...Ujh...;.....|
+00000060 f9 6c b9 b4 3e 28 f0 9a 3f f0 67 4f 32 ab 6b |.l..>(..?.gO2.k|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
index 65bc278..14ed93c 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 3b ff d1 3d 27 |....Y...U..;..='|
-00000010 af 29 b4 e8 d8 71 40 08 5c 7b 8b a9 23 8a 70 1a |.)...q@.\{..#.p.|
-00000020 c8 a4 19 11 71 7b 92 58 03 af 99 20 c8 18 fc 7d |....q{.X... ...}|
-00000030 e6 ed 7b d7 1c 2a 5e d5 5b 22 d9 dc 9e b1 aa 88 |..{..*^.["......|
-00000040 0a 9f fb 4a 8a d7 27 d9 65 df 76 3a c0 09 00 00 |...J..'.e.v:....|
+00000000 16 03 01 00 59 02 00 00 55 03 01 04 4a 64 8e 4f |....Y...U...Jd.O|
+00000010 f1 4e 06 19 e2 cb b8 92 93 7b f5 ec 1b 0e 30 8e |.N.......{....0.|
+00000020 1f 89 6c a1 28 e7 87 7f 9e 9e 19 20 cf aa b7 1f |..l.(...... ....|
+00000030 77 43 26 3e 15 5e 67 68 0d a6 a3 b1 25 e5 63 27 |wC&>.^gh....%.c'|
+00000040 00 f9 59 23 e0 a3 1c d7 49 e9 dc b3 c0 09 00 00 |..Y#....I.......|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,18 +55,18 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 01 00 b4 0c 00 00 b0 03 00 1d 20 80 a2 |*............ ..|
-00000280 7b 8d 6e 35 2d f1 f5 f3 1b 97 df 4b 1e df a7 bc |{.n5-......K....|
-00000290 2d 16 b7 3b bb 2a 97 8e 1f b6 e3 9f 05 76 00 8a |-..;.*.......v..|
-000002a0 30 81 87 02 42 01 ca 48 71 d3 b9 18 46 c7 9b e3 |0...B..Hq...F...|
-000002b0 e8 af 4c 6c 7d 9a 9b 00 1f b1 cf 90 a6 63 38 b0 |..Ll}........c8.|
-000002c0 a3 cb e3 9a a1 ae 79 25 bb 6b 08 d6 b2 4f 32 a8 |......y%.k...O2.|
-000002d0 91 bc c8 5a 59 25 ff 00 eb 33 4f b4 e8 d7 97 80 |...ZY%...3O.....|
-000002e0 ad 9c 66 a2 73 78 d7 02 41 5e 26 e2 cf d4 cf 8e |..f.sx..A^&.....|
-000002f0 40 7f 18 f0 e6 d7 1e 3b 3f f4 ed c6 d5 05 2c 67 |@......;?.....,g|
-00000300 0d 73 0f a0 db 03 cb 5c bf c3 a5 c3 02 1f b8 64 |.s.....\.......d|
-00000310 6f e7 35 74 ba f1 b8 1b d1 a8 c2 43 c9 b9 83 ba |o.5t.......C....|
-00000320 30 2b 0b c0 00 a0 be b1 f1 33 16 03 01 00 0a 0d |0+.......3......|
+00000270 2a 16 03 01 00 b4 0c 00 00 b0 03 00 1d 20 6c 3b |*............ l;|
+00000280 3f 6b 18 21 57 c4 df bf 3d ac 92 ee bc 99 0b 2f |?k.!W...=....../|
+00000290 d5 b3 f5 ff 5f 6c 6b 33 db a9 7c 02 f8 4c 00 8a |...._lk3..|..L..|
+000002a0 30 81 87 02 42 00 8e 15 e5 bb dc f5 3d c6 10 d7 |0...B.......=...|
+000002b0 67 54 3d 80 b5 6a 4d 69 f1 2c fe 99 bc 32 e1 ab |gT=..jMi.,...2..|
+000002c0 42 c0 7d f2 5d e0 d6 22 95 58 25 5e 63 ba f0 9c |B.}.]..".X%^c...|
+000002d0 9f 29 91 c9 a9 42 99 ab b0 4f ed a9 42 8e 1f 3a |.)...B...O..B..:|
+000002e0 44 34 48 d9 5a dd 9b 02 41 44 21 e1 54 b5 a3 e7 |D4H.Z...AD!.T...|
+000002f0 0a 57 45 52 ae 9d b5 fe 45 8a 3f 8b e7 50 e8 01 |.WER....E.?..P..|
+00000300 8c 26 27 85 f4 ef 80 30 7e d6 d8 27 4f d5 5e 9d |.&'....0~..'O.^.|
+00000310 7b 65 1a c6 5a ab 57 17 3f 6e 5c 66 aa cd 46 bc |{e..Z.W.?n\f..F.|
+00000320 5d 32 db a5 48 f8 f8 35 11 8b 16 03 01 00 0a 0d |]2..H..5........|
00000330 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e 00 |......@.........|
00000340 00 00 |..|
>>> Flow 3 (client to server)
@@ -99,29 +105,29 @@
00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....|
-00000230 86 0f 00 00 82 00 80 35 95 c1 44 9d 66 18 82 91 |.......5..D.f...|
-00000240 5b 25 68 80 9c 07 78 c6 ed da 98 25 07 9a c4 08 |[%h...x....%....|
-00000250 b3 10 a2 67 b0 5b 0e c2 3d 25 af ea bc e1 5f a7 |...g.[..=%...._.|
-00000260 d2 58 e9 a7 0c c8 c4 10 d0 44 a4 a1 a6 07 12 b1 |.X.......D......|
-00000270 7f 22 6c 54 4e 97 ad b5 55 a0 58 ed c7 52 7a d6 |."lTN...U.X..Rz.|
-00000280 5a 23 4f 6b b2 41 0f 01 2b 97 93 02 6f ce bd 32 |Z#Ok.A..+...o..2|
-00000290 12 d3 af 32 09 0c a8 1a 16 58 f3 d8 d6 fe ba 84 |...2.....X......|
-000002a0 57 b0 18 5c 86 35 83 54 6e f7 04 21 29 62 1c 76 |W..\.5.Tn..!)b.v|
-000002b0 dc 44 03 5c 3a 1a 41 14 03 01 00 01 01 16 03 01 |.D.\:.A.........|
-000002c0 00 30 2e 3f d7 4c 32 5f 13 48 47 46 b0 30 c1 00 |.0.?.L2_.HGF.0..|
-000002d0 49 5d 6d 58 b6 1c ea f4 f9 1c 48 b9 01 9c 9c 94 |I]mX......H.....|
-000002e0 7f 83 5a e7 c3 10 92 ad 9f fa a8 c6 57 49 ae 3a |..Z.........WI.:|
-000002f0 3a 2a |:*|
+00000230 86 0f 00 00 82 00 80 9a 02 82 fb dd 68 e7 91 9f |............h...|
+00000240 83 12 57 35 23 7c de 88 97 07 a3 b2 67 77 0f c1 |..W5#|......gw..|
+00000250 bd 33 36 b3 ce fb f7 96 26 91 ab dc 96 26 64 fa |.36.....&....&d.|
+00000260 34 66 31 2b fa 6d 52 60 3e fb a3 87 27 a7 7c ac |4f1+.mR`>...'.|.|
+00000270 8c 87 ff c5 5e 6f 6f e1 db bf bc 58 3d b3 f6 89 |....^oo....X=...|
+00000280 a0 8e 0b 9d 26 74 68 57 ca e9 c2 ab 79 7b 6a dd |....&thW....y{j.|
+00000290 c7 89 ef 0d 62 aa 47 7b 67 18 f2 ad 00 98 56 45 |....b.G{g.....VE|
+000002a0 12 ca de 6a d1 1a b5 a9 d2 53 ba 3b 90 a6 cf 69 |...j.....S.;...i|
+000002b0 12 65 32 c2 95 46 01 14 03 01 00 01 01 16 03 01 |.e2..F..........|
+000002c0 00 30 f7 2d b9 19 66 b2 2c 1b 96 08 bc 70 5b f5 |.0.-..f.,....p[.|
+000002d0 6d 58 9e 51 fb b5 3c a6 4f 4a fc 52 1f 10 20 c4 |mX.Q..<.OJ.R.. .|
+000002e0 3f d6 3c 0e 99 e3 1c b5 21 7f 0d fa 08 ec 17 27 |?.<.....!......'|
+000002f0 75 9f |u.|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 29 fc da 17 09 |..........0)....|
-00000010 5a 69 1b 4f 2e 4f 40 1d 9e 69 6c 62 ee 8b f9 53 |Zi.O.O@..ilb...S|
-00000020 48 6a ae b6 85 df ab f3 89 8d f3 6e df f0 8f 14 |Hj.........n....|
-00000030 79 a3 d8 d5 e4 3c 6b dd fb 77 24 |y....<k..w$|
+00000000 14 03 01 00 01 01 16 03 01 00 30 db ac b4 71 dc |..........0...q.|
+00000010 92 06 9c fe 87 11 69 eb a6 4e e9 50 29 6d 06 37 |......i..N.P)m.7|
+00000020 02 73 b8 6d 7e ca 89 02 cf fa ad 0c 7c d0 90 cb |.s.m~.......|...|
+00000030 af e5 50 68 fc 76 c5 09 a1 a1 d3 |..Ph.v.....|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 89 6b 03 b2 9d cc f2 6f 8f 27 6c |.... .k.....o.'l|
-00000010 d4 49 61 4f 88 c1 6c b6 ef 2e 75 b9 0d d4 06 b0 |.IaO..l...u.....|
-00000020 cb 6f 80 70 f6 17 03 01 00 20 ab 92 7f df 5f 38 |.o.p..... ...._8|
-00000030 87 d7 7e ff 9c 17 14 cc 41 8d 28 98 7d 6a 59 78 |..~.....A.(.}jYx|
-00000040 f0 9f d1 f1 f1 5a 75 27 fa 57 15 03 01 00 20 a3 |.....Zu'.W.... .|
-00000050 3b 0c 84 bc d7 5d f6 87 b1 14 bd c4 6e a8 14 ae |;....]......n...|
-00000060 e8 fd f2 50 67 b9 fa 6c 86 d8 6d 84 87 5e fe |...Pg..l..m..^.|
+00000000 17 03 01 00 20 cd b3 a4 99 da 5d 59 36 6f f8 26 |.... .....]Y6o.&|
+00000010 2d b2 4a 47 a1 54 7f b0 b3 df 0d 52 cc 13 7a 8b |-.JG.T.....R..z.|
+00000020 a3 6a 8b 1f ee 17 03 01 00 20 d6 ab 8a 3e b3 41 |.j....... ...>.A|
+00000030 0a be 61 50 79 19 1a 45 03 c6 b9 b4 84 b2 18 46 |..aPy..E.......F|
+00000040 86 1f c3 b7 78 77 fc 7f 4f 30 15 03 01 00 20 2d |....xw..O0.... -|
+00000050 c0 f2 71 06 dc 19 9d 88 82 b9 3a 6b be a4 77 98 |..q.......:k..w.|
+00000060 87 32 46 54 27 e4 17 47 8a 83 9c 5a 45 6e 6b |.2FT'..G...ZEnk|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA
index fef2ac0..c5b33c0 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 58 89 71 77 b1 |....Y...U..X.qw.|
-00000010 c2 2a 4e e4 5a 4f bb 76 8a b5 9b f3 b1 c6 fc 30 |.*N.ZO.v.......0|
-00000020 a8 ca 7e 5c d6 29 41 7d 17 04 5d 20 86 f6 c6 6f |..~\.)A}..] ...o|
-00000030 5f 48 2c 43 07 ea d1 b3 81 da 6d 2f 70 aa 4c 2e |_H,C......m/p.L.|
-00000040 d4 87 bb 4c 38 c9 67 bc 80 38 d0 c3 c0 13 00 00 |...L8.g..8......|
+00000000 16 03 01 00 59 02 00 00 55 03 01 6b 8a f7 68 78 |....Y...U..k..hx|
+00000010 f1 ea ad 9b 20 40 42 52 eb fa 55 fb 37 a7 21 22 |.... @BR..U.7.!"|
+00000020 71 0d f7 4d 46 bf 38 df 6e 00 e0 20 17 73 28 32 |q..MF.8.n.. .s(2|
+00000030 30 3f f4 01 df 70 98 ce 33 d0 c3 8c 0a fd 0a ba |0?...p..3.......|
+00000040 6b 56 d7 f9 16 a2 24 0d 07 b1 32 47 c0 13 00 00 |kV....$...2G....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,17 +60,17 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......|
-000002c0 aa 0c 00 00 a6 03 00 1d 20 0c 12 68 b0 30 bb 4b |........ ..h.0.K|
-000002d0 b0 c2 38 4d fa 65 f1 43 4a f1 47 dc 6e 6d ae 6b |..8M.e.CJ.G.nm.k|
-000002e0 35 f5 4a 3c fa bc a6 6e 27 00 80 38 ef 5d 08 06 |5.J<...n'..8.]..|
-000002f0 e5 f9 86 86 2e f3 6d b6 d4 12 94 5d 18 6b 11 67 |......m....].k.g|
-00000300 17 65 d3 5c 0b fe 09 2d bb ca a6 2d c4 d7 fc b9 |.e.\...-...-....|
-00000310 71 c1 4a 38 bb 14 bf dc 1b 4d 61 38 c6 76 3e 24 |q.J8.....Ma8.v>$|
-00000320 ff e6 c5 7e f8 5d 5f 80 3d 8a 4e 5f bb 91 b7 c5 |...~.]_.=.N_....|
-00000330 59 f8 b7 a1 7b d5 c3 72 57 83 de 52 40 75 1c ec |Y...{..rW..R@u..|
-00000340 77 e9 0e a6 3a ad e4 57 ae d4 92 44 40 00 74 fa |w...:..W...D@.t.|
-00000350 ae 16 b9 82 0d 9e 2a 43 12 1b a6 bb a1 89 6a 99 |......*C......j.|
-00000360 09 80 d1 ad b6 9c 92 01 60 14 bb 16 03 01 00 0a |........`.......|
+000002c0 aa 0c 00 00 a6 03 00 1d 20 b1 de e2 91 3f 1f be |........ ....?..|
+000002d0 0e 21 49 44 db d1 d3 a7 89 db 61 56 97 bf 4c 73 |.!ID......aV..Ls|
+000002e0 7b d3 da 81 a5 cc 0a e3 13 00 80 66 fd 15 8d 8a |{..........f....|
+000002f0 a2 f9 8d b9 d9 cb a5 6b 45 7c 11 05 24 6d de e5 |.......kE|..$m..|
+00000300 8f 3e 42 ba 3e bd 5a b8 f7 51 c0 b9 55 06 db d7 |.>B.>.Z..Q..U...|
+00000310 2d 78 d2 5d 47 2d 52 c9 7b 59 20 73 1a 1d 26 c4 |-x.]G-R.{Y s..&.|
+00000320 84 3d 5b 57 5f 1a fd 52 8c 40 87 be 58 58 73 d2 |.=[W_..R.@..XXs.|
+00000330 4b 84 9a 6c 96 c0 36 82 95 13 f9 12 74 c3 3b dd |K..l..6.....t.;.|
+00000340 27 11 c3 66 fa de 28 b4 c0 d9 6e 65 e0 8a 5e b6 |'..f..(...ne..^.|
+00000350 3a a8 52 db 62 89 2b 1d d0 be fb b7 6e 03 bd f7 |:.R.b.+.....n...|
+00000360 e3 a5 df c2 b3 5a 16 09 d8 1e df 16 03 01 00 0a |.....Z..........|
00000370 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........|
00000380 00 00 00 |...|
>>> Flow 3 (client to server)
@@ -103,29 +109,29 @@
00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....|
-00000230 86 0f 00 00 82 00 80 1d 64 73 05 fa f9 5e ef eb |........ds...^..|
-00000240 c7 1b 07 99 0e d1 52 83 9e 19 ba 62 11 14 0a c2 |......R....b....|
-00000250 11 e0 ff 6e 43 03 85 1d ef 73 f8 c2 4d b0 c6 5a |...nC....s..M..Z|
-00000260 ba 14 14 1e 95 d1 f8 1a 3f 7f c3 08 f4 86 e6 2c |........?......,|
-00000270 43 2f 00 fd d7 e1 4e 07 45 09 19 98 33 ad 6e e2 |C/....N.E...3.n.|
-00000280 17 21 3b 8c a4 5e 50 6c 5a a3 75 68 93 a5 ee 42 |.!;..^PlZ.uh...B|
-00000290 a9 88 6d c4 4e 9c 3f ce ee e1 a1 9b c4 c6 8e f7 |..m.N.?.........|
-000002a0 65 b8 7f 10 a9 5f b8 07 70 8a 4f 89 2c 59 a1 46 |e...._..p.O.,Y.F|
-000002b0 f9 a2 05 bc 01 45 7e 14 03 01 00 01 01 16 03 01 |.....E~.........|
-000002c0 00 30 43 ec 90 51 04 0a 70 f7 8b a4 15 63 df 1b |.0C..Q..p....c..|
-000002d0 70 eb 59 63 d1 54 41 4e 7e 82 e4 fb fe ca 87 6e |p.Yc.TAN~......n|
-000002e0 86 2d c6 d2 ee 1c 7b 9e 72 2d d6 d6 12 15 a8 8b |.-....{.r-......|
-000002f0 b2 9d |..|
+00000230 86 0f 00 00 82 00 80 9c f0 ab 90 83 2a 47 ba 5c |............*G.\|
+00000240 37 a4 19 b8 62 b1 01 74 35 4d 1a 62 5e 3f 0b 54 |7...b..t5M.b^?.T|
+00000250 5a 6f b7 b5 99 4b b4 84 68 90 46 2b 95 e6 10 77 |Zo...K..h.F+...w|
+00000260 bf 68 81 b1 96 11 5c e9 93 a4 d5 78 42 c0 c4 92 |.h....\....xB...|
+00000270 cf 4e ce 25 e7 da 7d d9 2c 4d ab 71 2d b5 a7 1c |.N.%..}.,M.q-...|
+00000280 5f b5 a3 32 f6 3e 38 79 17 36 45 94 8a e3 f8 1e |_..2.>8y.6E.....|
+00000290 9e 95 23 48 0f f6 aa 1b 00 d2 45 85 c7 95 b2 d1 |..#H......E.....|
+000002a0 c1 81 e8 31 34 45 bd 28 32 26 a8 d1 23 90 cb 40 |...14E.(2&..#..@|
+000002b0 1c ed db eb c3 ec b6 14 03 01 00 01 01 16 03 01 |................|
+000002c0 00 30 16 97 3e a2 2a 11 d5 3f 29 f6 5b b8 7a d5 |.0..>.*..?).[.z.|
+000002d0 83 24 51 f0 0c c3 79 18 9c 58 b6 f4 2f 70 9f c0 |.$Q...y..X../p..|
+000002e0 52 be a0 f0 eb d7 0e de 42 36 14 39 84 fc 84 ed |R.......B6.9....|
+000002f0 77 0c |w.|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 d2 8f 01 3c 0e |..........0...<.|
-00000010 0d 9e 0d bb 92 0b e8 90 b8 39 53 b8 50 7a b0 c1 |.........9S.Pz..|
-00000020 f3 89 3d 5c 1c a0 e8 97 21 c5 30 0f f1 14 11 6b |..=\....!.0....k|
-00000030 ec 6e 8f 75 c8 7f 89 dd 3e 19 44 |.n.u....>.D|
+00000000 14 03 01 00 01 01 16 03 01 00 30 8a 97 aa 38 29 |..........0...8)|
+00000010 a4 7a 25 ae d5 5f 66 17 cb 8e de d3 ac 0f b3 9d |.z%.._f.........|
+00000020 ba 61 54 31 cb c8 fc 1f 4c f5 76 b0 7e 7e 74 04 |.aT1....L.v.~~t.|
+00000030 8a 2e 45 a8 5f c7 43 d7 d5 f4 7d |..E._.C...}|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 19 f5 38 97 ac a5 5a 25 d4 1e 3a |.... ..8...Z%..:|
-00000010 8c e6 89 36 88 80 f9 95 09 b2 f5 1d a8 09 02 b6 |...6............|
-00000020 ec aa 8e aa c6 17 03 01 00 20 3e ee df 1b 09 ff |......... >.....|
-00000030 88 77 4a da 5c 74 cf 64 3d 92 a0 08 1c 7b 12 db |.wJ.\t.d=....{..|
-00000040 72 99 0f d4 4e 20 55 17 1d d3 15 03 01 00 20 19 |r...N U....... .|
-00000050 ee bc fc da 0b 15 72 da 43 bc 0b 0a 49 4d 67 63 |......r.C...IMgc|
-00000060 3d 04 78 00 c3 9d 66 a5 16 96 68 80 88 27 47 |=.x...f...h..'G|
+00000000 17 03 01 00 20 22 4d 00 3f 2a 41 f0 53 06 93 fe |.... "M.?*A.S...|
+00000010 aa 79 9b 69 bb d5 9b e5 e4 3b 48 ff e5 ce 7d db |.y.i.....;H...}.|
+00000020 d8 e8 e6 e1 04 17 03 01 00 20 e8 01 13 cb f1 1f |......... ......|
+00000030 17 68 33 6a ad 74 ae a7 c5 d9 00 ea 0b dc bb 9c |.h3j.t..........|
+00000040 5c 5f 49 01 1e 53 74 30 58 e6 15 03 01 00 20 bb |\_I..St0X..... .|
+00000050 30 7d c2 43 c3 0d b9 b5 3a 70 14 2c 4a 64 c9 fe |0}.C....:p.,Jd..|
+00000060 20 25 a7 0a 01 11 3c 62 ca d6 28 80 ed cd 73 | %....<b..(...s|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES b/src/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES
index ca39d9b..248ab45 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES
+++ b/src/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 b2 70 62 50 ad |....Y...U...pbP.|
-00000010 93 c5 c2 a6 66 60 f0 ed 9a 44 56 1a 9a 9c c0 00 |....f`...DV.....|
-00000020 a4 5b 59 ee d5 b5 91 c2 04 c8 7d 20 d3 a3 00 df |.[Y.......} ....|
-00000030 93 72 69 c9 d6 dd 3b ba 45 5c d2 7a cc 0e 10 3b |.ri...;.E\.z...;|
-00000040 6b 6f eb 6a 7a d3 55 d6 eb e9 0a 8a c0 09 00 00 |ko.jz.U.........|
+00000000 16 03 01 00 59 02 00 00 55 03 01 ec 11 a0 ef 24 |....Y...U......$|
+00000010 30 9c 83 8c 12 7c 61 a8 39 bd 40 41 22 5c 58 7f |0....|a.9.@A"\X.|
+00000020 ca 0c b2 41 66 dc 87 2d f1 4c cc 20 f6 53 42 ce |...Af..-.L. .SB.|
+00000030 56 81 58 c1 70 30 37 55 64 f1 28 e4 63 50 e0 f4 |V.X.p07Ud.(.cP..|
+00000040 af 7d 01 af 5e 1a 50 19 64 e6 c2 76 c0 09 00 00 |.}..^.P.d..v....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,37 +55,37 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 01 00 b3 0c 00 00 af 03 00 1d 20 a3 a5 |*............ ..|
-00000280 47 e6 96 56 75 cb d6 1e b7 1b 3d 23 95 be 97 ac |G..Vu.....=#....|
-00000290 03 a5 15 60 c2 ab 91 aa 52 ac e6 e7 f3 16 00 89 |...`....R.......|
-000002a0 30 81 86 02 41 73 1b 9c 5b 66 9d b2 a7 74 83 ad |0...As..[f...t..|
-000002b0 18 8e 29 ce 37 2f 44 a1 0e dd 80 df 60 3e 0c e1 |..).7/D.....`>..|
-000002c0 06 ad e6 1e 2f 31 75 90 f1 22 28 39 d3 af 96 73 |..../1u.."(9...s|
-000002d0 52 76 34 9b cd 7c 5d 46 6b 48 30 9a d9 b7 63 23 |Rv4..|]FkH0...c#|
-000002e0 f8 7f c2 80 22 55 02 41 6c bb 0c 49 c3 a3 57 a7 |...."U.Al..I..W.|
-000002f0 cf 2b 3e 96 a1 53 01 72 d0 5a e4 af 54 8f 23 6c |.+>..S.r.Z..T.#l|
-00000300 2d 60 91 f2 4a 93 1f 75 0f cc a4 0a 5c 2d 40 7b |-`..J..u....\-@{|
-00000310 11 8c a1 96 fb 2b ad 6f eb 07 78 e5 70 26 37 7b |.....+.o..x.p&7{|
-00000320 f4 19 1c d7 98 43 11 be 88 16 03 01 00 04 0e 00 |.....C..........|
-00000330 00 00 |..|
+00000270 2a 16 03 01 00 b4 0c 00 00 b0 03 00 1d 20 cc 73 |*............ .s|
+00000280 bf 89 65 cc cf f2 dc ed df d3 25 9b b2 16 f8 df |..e.......%.....|
+00000290 97 56 f6 29 4e 08 17 19 f0 5a 2f 9d e3 57 00 8a |.V.)N....Z/..W..|
+000002a0 30 81 87 02 42 01 91 4e d1 9a 13 69 44 6c 79 01 |0...B..N...iDly.|
+000002b0 99 bb ac 65 c7 bd 0c c3 d1 4c ed 54 e3 7b ff ef |...e.....L.T.{..|
+000002c0 c3 c2 44 ee ec 3b 8d b4 22 98 31 89 07 a7 b7 c9 |..D..;..".1.....|
+000002d0 dc 6f 0c e0 78 a9 79 fc 74 20 0b 55 48 16 d7 d6 |.o..x.y.t .UH...|
+000002e0 c8 c8 f8 81 67 e2 50 02 41 61 43 bd 1f e1 68 f1 |....g.P.AaC...h.|
+000002f0 7c e1 bf 10 3f 58 16 74 5c 98 ee 4c 18 17 bf f0 ||...?X.t\..L....|
+00000300 64 d9 9e be c6 d7 73 e8 20 89 b6 4e fa 93 7d 82 |d.....s. ..N..}.|
+00000310 7c 78 96 d1 d9 d1 81 1b 66 5f 87 7b a1 20 40 3c ||x......f_.{. @<|
+00000320 13 49 e1 73 8e e9 52 e4 f0 46 16 03 01 00 04 0e |.I.s..R..F......|
+00000330 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......|
-00000030 16 03 01 00 30 7a cf 24 f7 f6 69 1a ab 34 31 d5 |....0z.$..i..41.|
-00000040 af ed 37 9f 1d 8d 3a 6b 72 a3 b0 fc b9 49 fb bc |..7...:kr....I..|
-00000050 c5 94 9e 37 ce b0 87 8f ed 52 25 eb 2d 53 b9 39 |...7.....R%.-S.9|
-00000060 d2 d3 f0 d6 97 |.....|
+00000030 16 03 01 00 30 c6 44 20 88 b8 3b e4 a9 67 ca 54 |....0.D ..;..g.T|
+00000040 f6 98 79 0e c5 8d d4 da 71 ce 40 51 59 e9 3f ee |..y.....q.@QY.?.|
+00000050 a0 bb 7d 8a 84 4d 0a be 37 37 a8 cc fe bb 5d b6 |..}..M..77....].|
+00000060 37 1b a8 a0 04 |7....|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 92 72 cc c3 1f |..........0.r...|
-00000010 4b a5 c4 d7 6f d1 17 4b 4e 27 b7 f5 72 fd c2 a0 |K...o..KN'..r...|
-00000020 30 cb 4c cf 82 1f 0a 49 3d 23 bc 47 f1 e8 a7 b5 |0.L....I=#.G....|
-00000030 c7 6a 92 25 55 3a f0 0f b0 30 74 |.j.%U:...0t|
+00000000 14 03 01 00 01 01 16 03 01 00 30 d3 c0 74 ba 22 |..........0..t."|
+00000010 e5 c6 8d c6 82 ac f4 63 90 28 73 a4 7a c3 43 ca |.......c.(s.z.C.|
+00000020 0d 09 5a 84 70 d6 64 de 4b 06 9b fc b9 a9 3f d8 |..Z.p.d.K.....?.|
+00000030 a0 02 67 2b 63 1e 61 91 b7 f9 a2 |..g+c.a....|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 85 49 7a 58 80 e9 59 63 d0 74 a1 |.... .IzX..Yc.t.|
-00000010 b7 d9 1b 46 41 5f 51 c0 66 4a 10 e1 ad dd 9f 9a |...FA_Q.fJ......|
-00000020 c3 cf 32 77 72 17 03 01 00 20 05 7d 08 38 3d f0 |..2wr.... .}.8=.|
-00000030 02 f7 17 71 b7 1c 29 c3 a6 c8 ff 7a 82 36 1e 42 |...q..)....z.6.B|
-00000040 00 1e 6c d8 b1 39 22 ec 62 43 15 03 01 00 20 0d |..l..9".bC.... .|
-00000050 80 5b da 89 4d 42 ab 95 17 11 0f 9b 79 2f c8 3f |.[..MB......y/.?|
-00000060 f2 fd 54 2e ea 4a f9 de fc 5d 7f 75 51 86 e5 |..T..J...].uQ..|
+00000000 17 03 01 00 20 b2 55 db d3 41 5d 5c 9b b5 b8 c8 |.... .U..A]\....|
+00000010 fd ab 30 74 08 59 22 e3 8c e0 43 d0 63 14 33 f8 |..0t.Y"...C.c.3.|
+00000020 00 b6 3d 1e a0 17 03 01 00 20 fa 14 95 a5 e3 a0 |..=...... ......|
+00000030 09 04 e1 49 35 c5 ef c1 b4 c5 7d b5 6a c7 13 db |...I5.....}.j...|
+00000040 88 2f 4c 65 f8 c4 d5 2a a5 3a 15 03 01 00 20 05 |./Le...*.:.... .|
+00000050 21 da 3d 87 62 0c a7 e6 eb aa f6 bd 2f 77 fd a4 |!.=.b......./w..|
+00000060 cd 2a ac 22 73 7c 75 60 59 db 0f 8f df 86 73 |.*."s|u`Y.....s|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES b/src/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES
index 2cae087..ccc71f6 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES
+++ b/src/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 f8 80 7d dd cc |....Y...U....}..|
-00000010 ab 8c 66 56 c7 e9 18 88 87 44 39 67 57 91 e8 ee |..fV.....D9gW...|
-00000020 3a c0 bc 2e bf 50 54 5e 8d c2 61 20 da b0 2d 85 |:....PT^..a ..-.|
-00000030 e2 ed f5 5f 2b af 14 87 e6 26 6b af a4 4a 24 2d |..._+....&k..J$-|
-00000040 1a bc 15 96 11 c8 c0 8b e9 0c 27 91 c0 13 00 00 |..........'.....|
+00000000 16 03 01 00 59 02 00 00 55 03 01 29 ae 9f 95 df |....Y...U..)....|
+00000010 c0 c9 77 0a cc 61 5e f2 7b bb 50 28 95 30 cd 6f |..w..a^.{.P(.0.o|
+00000020 7f 23 ca 62 ee 35 20 31 85 6b 77 20 16 82 4f 3a |.#.b.5 1.kw ..O:|
+00000030 13 67 6e cc 71 5c f8 7a 4a b2 1f 02 a6 1a a4 2b |.gn.q\.zJ......+|
+00000040 32 cd 5a 81 4b 82 a2 e3 7e 67 fa e7 c0 13 00 00 |2.Z.K...~g......|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,36 +60,36 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......|
-000002c0 aa 0c 00 00 a6 03 00 1d 20 0a d4 a1 84 63 ba 2d |........ ....c.-|
-000002d0 23 89 b1 37 eb 97 d3 a7 09 36 3d ac 2a 30 7c f9 |#..7.....6=.*0|.|
-000002e0 f6 87 67 86 22 fa f5 f9 06 00 80 c9 ea 8a 76 f2 |..g.".........v.|
-000002f0 a5 1b e8 14 2c 2a 2f 2e a0 78 ac 06 9b 48 a8 d9 |....,*/..x...H..|
-00000300 03 91 e7 c1 e5 e6 a3 9e 5e 33 73 0a f4 b3 d7 64 |........^3s....d|
-00000310 5f 86 d6 36 e5 88 25 90 3c a2 d6 3f d6 07 7a 5c |_..6..%.<..?..z\|
-00000320 64 c4 0f ac a9 3e c9 f6 b6 35 2a df a3 a3 79 8f |d....>...5*...y.|
-00000330 b3 a6 f4 d8 e4 0a 4f 5f 11 3a 85 9a 0c 48 7b 3b |......O_.:...H{;|
-00000340 a2 24 ec c0 44 7e eb b5 f3 f8 52 e6 83 bf 45 91 |.$..D~....R...E.|
-00000350 9a 7c a4 e3 29 97 ea 9c 94 28 66 73 45 ed 52 2f |.|..)....(fsE.R/|
-00000360 df a8 44 8b a5 0b 7a 31 92 eb 72 16 03 01 00 04 |..D...z1..r.....|
+000002c0 aa 0c 00 00 a6 03 00 1d 20 89 38 c8 65 ea 1e 0f |........ .8.e...|
+000002d0 6d 85 41 9e c4 f2 51 fd 0f f5 18 7d 60 1b c1 79 |m.A...Q....}`..y|
+000002e0 55 dc eb 35 8b 0b 64 9c 1e 00 80 d0 9c 8a 95 1b |U..5..d.........|
+000002f0 0b 44 37 fc b7 53 98 05 23 e4 83 40 38 f5 1b 68 |.D7..S..#..@8..h|
+00000300 dd 4b eb 46 cf 26 7b 0b 37 89 b2 fd 13 2d 5d cd |.K.F.&{.7....-].|
+00000310 c5 16 8f e5 ff c6 51 45 77 c5 59 02 71 2e d6 51 |......QEw.Y.q..Q|
+00000320 2a 2b ce 93 52 d9 56 e4 37 25 04 2e 5d 95 3d ea |*+..R.V.7%..].=.|
+00000330 40 5e 86 8a ae 51 5a 87 17 00 a6 a1 77 c1 ec 40 |@^...QZ.....w..@|
+00000340 88 f9 a5 6f ec 73 b3 3e b6 15 14 a1 5f 9a 85 18 |...o.s.>...._...|
+00000350 0b 19 82 2a d7 5a 37 4c 7b 4e 06 f7 86 24 15 25 |...*.Z7L{N...$.%|
+00000360 58 95 a0 aa 56 f2 3c 36 18 5d 2f 16 03 01 00 04 |X...V.<6.]/.....|
00000370 0e 00 00 00 |....|
>>> Flow 3 (client to server)
00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......|
-00000030 16 03 01 00 30 19 34 cf 68 d1 8f ea be 56 24 71 |....0.4.h....V$q|
-00000040 e4 ad ad f8 b3 dd 57 43 46 d5 8d f3 1c 0c df 4f |......WCF......O|
-00000050 1c af 3b 2a 24 e4 8a 98 b5 b7 61 6f 5f 48 68 20 |..;*$.....ao_Hh |
-00000060 b7 6a 9c ee 80 |.j...|
+00000030 16 03 01 00 30 85 63 fe 57 56 dc ee 8c e6 66 e0 |....0.c.WV....f.|
+00000040 5c 06 37 0c 15 76 a2 51 b8 95 d6 b8 64 a3 dc 70 |\.7..v.Q....d..p|
+00000050 e7 2d 70 a8 73 ff fb 11 5a 96 bb 0e 23 b4 0a 5b |.-p.s...Z...#..[|
+00000060 5e 6e c0 45 91 |^n.E.|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 fc 42 2b 0f 86 |..........0.B+..|
-00000010 73 e1 a1 1a 09 1e 78 7d 61 f1 7c a4 94 14 26 53 |s.....x}a.|...&S|
-00000020 de 28 f3 63 63 c3 65 7b e4 fd 10 2d 66 ed f7 dd |.(.cc.e{...-f...|
-00000030 f9 9e 13 5c c1 e8 94 6a 32 c0 db |...\...j2..|
+00000000 14 03 01 00 01 01 16 03 01 00 30 3b 02 9e ba 9e |..........0;....|
+00000010 ae 5c 03 81 ba c4 13 9e a8 0f 29 3c a3 e8 bd 2e |.\........)<....|
+00000020 af 2c c7 45 c2 05 b1 03 2c 4b 45 07 5d ad 09 c6 |.,.E....,KE.]...|
+00000030 4d 9a fb 72 53 54 d7 a7 59 72 c9 |M..rST..Yr.|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 36 9a 1b 7f 79 a7 ff 31 92 36 5f |.... 6...y..1.6_|
-00000010 7c d2 21 69 01 b6 24 da ea b4 b2 42 81 b5 55 94 ||.!i..$....B..U.|
-00000020 8e b8 25 83 35 17 03 01 00 20 27 28 1c 8a fa 21 |..%.5.... '(...!|
-00000030 57 39 77 57 5b bd ef 05 5b 39 e2 07 1b c9 3c f7 |W9wW[...[9....<.|
-00000040 b9 ac be ce 7e 16 87 6d 5b a7 15 03 01 00 20 c0 |....~..m[..... .|
-00000050 9b 05 b5 eb ac 65 08 ae 12 c7 18 be 00 a4 d6 30 |.....e.........0|
-00000060 15 dd 90 5d d7 25 89 37 be 3d 56 d3 8c a9 3d |...].%.7.=V...=|
+00000000 17 03 01 00 20 b4 b4 ad 09 c7 2f ce 80 0b ec 5b |.... ...../....[|
+00000010 3f 59 b9 fb 8e 73 fe 23 d6 b0 39 c3 7f a9 61 12 |?Y...s.#..9...a.|
+00000020 a7 0f 76 08 f1 17 03 01 00 20 84 c5 c4 22 c8 0c |..v...... ..."..|
+00000030 9c c7 04 f9 85 49 fb 8f 0b 49 4e c3 6b b4 5c 62 |.....I...IN.k.\b|
+00000040 2a 41 91 41 01 a2 17 43 7c 3d 15 03 01 00 20 e6 |*A.A...C|=.... .|
+00000050 5d fa 04 a1 72 9a b3 34 0e 59 e3 0b 8f 3e 6d f7 |]...r..4.Y...>m.|
+00000060 cd 85 4e d8 62 27 2c 21 c3 2e c6 64 d2 66 10 |..N.b',!...d.f.|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial b/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial
index 571769e..a212b07 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial
+++ b/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 59 02 00 00 55 03 01 67 4f 02 da 87 |....Y...U..gO...|
-00000010 52 30 9a f0 3b e0 63 42 bf 6c 18 58 00 06 70 cf |R0..;.cB.l.X..p.|
-00000020 2a 27 5a 00 a7 57 49 fe 03 dd 3b 20 7c 2c 74 00 |*'Z..WI...; |,t.|
-00000030 6e b2 35 ca 1b b5 8c 46 f7 78 ab 11 92 43 8c f6 |n.5....F.x...C..|
-00000040 97 d3 b8 07 4c 9c 95 2b 08 fe e8 82 c0 13 00 00 |....L..+........|
+00000000 16 03 01 00 59 02 00 00 55 03 01 65 28 68 37 bf |....Y...U..e(h7.|
+00000010 79 50 5d e6 20 07 ea 1c 6d 46 3b f9 95 a9 97 fa |yP]. ...mF;.....|
+00000020 3c 37 87 45 e7 62 f2 e8 44 bb 02 20 e9 e0 63 8e |<7.E.b..D.. ..c.|
+00000030 a1 0a cc a4 b3 e6 a9 3b b0 88 c7 af cd d5 73 0a |.......;......s.|
+00000040 b4 30 14 cf d9 f5 e0 e8 e2 2e fa 47 c0 13 00 00 |.0.........G....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,36 +60,36 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......|
-000002c0 aa 0c 00 00 a6 03 00 1d 20 a0 0e 1d 92 2d b0 a5 |........ ....-..|
-000002d0 f0 ab d5 79 a0 bb 12 ff 23 46 bc 27 0d 73 ff 3e |...y....#F.'.s.>|
-000002e0 ad 06 d6 57 6b c2 11 76 2d 00 80 77 bf cd 2b cb |...Wk..v-..w..+.|
-000002f0 66 c2 fa 30 ed b1 e7 44 79 1b 28 e6 89 62 17 07 |f..0...Dy.(..b..|
-00000300 82 c1 5f dc b2 20 4e 42 ed 54 d6 28 3a 2a e3 a3 |.._.. NB.T.(:*..|
-00000310 79 06 e3 08 3c c1 3e b9 c6 41 71 2f d0 29 82 36 |y...<.>..Aq/.).6|
-00000320 ef 8d 67 c8 77 d0 32 d3 33 5f 77 92 dd 98 bb 03 |..g.w.2.3_w.....|
-00000330 cc 0b a6 75 8f 4a 1d f5 6e 1b 06 5b 4a 8b 16 a4 |...u.J..n..[J...|
-00000340 c1 ce 11 9d 70 bc 62 7f 58 a5 86 76 91 3d 3a 04 |....p.b.X..v.=:.|
-00000350 93 92 89 42 9b a7 7d 9d 75 25 6d 98 f3 e6 68 7e |...B..}.u%m...h~|
-00000360 a8 c6 b1 db a7 95 63 39 94 5a 05 16 03 01 00 04 |......c9.Z......|
+000002c0 aa 0c 00 00 a6 03 00 1d 20 33 83 7d 9b d5 61 57 |........ 3.}..aW|
+000002d0 d1 d3 73 b8 f2 76 f8 31 fd 65 30 5a 6b ab c1 2f |..s..v.1.e0Zk../|
+000002e0 0f 38 eb 54 bf 8b 09 a3 5a 00 80 34 a3 a6 86 46 |.8.T....Z..4...F|
+000002f0 e5 4d d9 73 23 6a 19 fb f8 77 38 e1 00 74 00 c6 |.M.s#j...w8..t..|
+00000300 b2 58 3c 14 a3 7e 57 6d 85 5c 37 4d 82 f1 70 2a |.X<..~Wm.\7M..p*|
+00000310 55 c9 e8 89 d1 45 03 e1 ac 84 2e ed 36 1c d5 90 |U....E......6...|
+00000320 cf 2d fe a6 9b f0 41 ee 0f 0a 3c 2b bd 18 da a3 |.-....A...<+....|
+00000330 f3 21 07 a4 4b 52 1e 3c c4 cf 71 60 c7 05 39 75 |.!..KR.<..q`..9u|
+00000340 16 20 f0 6c 18 e8 82 28 3e fc f0 a0 43 6e 77 df |. .l...(>...Cnw.|
+00000350 2f fd a1 6a fe 37 9c 67 4e a1 2a 86 23 79 a9 1f |/..j.7.gN.*.#y..|
+00000360 4c 9f 2f 04 0c be 27 58 97 57 1d 16 03 01 00 04 |L./...'X.W......|
00000370 0e 00 00 00 |....|
>>> Flow 3 (client to server)
00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......|
-00000030 16 03 01 00 30 73 ad 46 66 66 e8 bd 44 e4 bf 71 |....0s.Fff..D..q|
-00000040 a2 d4 87 e2 4b a3 4a b2 a0 ca ed ac 61 8c 1e 7f |....K.J.....a...|
-00000050 68 bf 6f 98 b1 fb 10 1a 5a e6 36 61 91 ac c4 55 |h.o.....Z.6a...U|
-00000060 a3 4d 69 66 6e |.Mifn|
+00000030 16 03 01 00 30 2a f4 6d db f7 d5 12 3d 3a c0 46 |....0*.m....=:.F|
+00000040 cb db 19 82 70 5c 4d 98 f4 42 27 85 eb 90 77 2a |....p\M..B'...w*|
+00000050 d7 60 f0 0a 98 a5 da 59 85 ac 65 68 79 91 64 bd |.`.....Y..ehy.d.|
+00000060 3a c6 d6 3f 6d |:..?m|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 57 aa 5c d5 dc |..........0W.\..|
-00000010 83 4b 23 80 34 4e 36 e8 d6 f3 40 7e ae 12 44 a6 |.K#.4N6...@~..D.|
-00000020 c7 48 99 99 0a 85 3c 59 75 32 4e 88 3c 98 a0 23 |.H....<Yu2N.<..#|
-00000030 78 c8 a7 2b 43 25 6a ad d1 78 54 |x..+C%j..xT|
+00000000 14 03 01 00 01 01 16 03 01 00 30 e2 d4 12 a3 5d |..........0....]|
+00000010 dd 4b 72 a2 0b 5c 47 52 f1 2d cd 5f 13 c7 e8 a6 |.Kr..\GR.-._....|
+00000020 7c 7c ba 94 f8 f3 54 73 3f c0 1f 90 e7 d3 78 78 |||....Ts?.....xx|
+00000030 0b be f9 b2 d9 9a 39 83 45 f5 2c |......9.E.,|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 20 e4 9c f4 fa 6b e8 85 87 6f 20 45 |.... ....k...o E|
-00000010 71 d3 e2 9e e3 14 2a 7c 64 e8 11 53 fd 93 c1 4a |q.....*|d..S...J|
-00000020 1b 94 f8 48 78 17 03 01 00 20 b9 41 32 1d e8 70 |...Hx.... .A2..p|
-00000030 87 5f 2c c6 67 d1 77 3c 30 83 0c 66 35 eb 1d da |._,.g.w<0..f5...|
-00000040 6e dd 30 ff 82 05 5f f1 cd e7 15 03 01 00 20 6c |n.0..._....... l|
-00000050 47 82 5e 90 5b 84 15 78 05 bd 48 63 d5 46 2f 7e |G.^.[..x..Hc.F/~|
-00000060 83 49 ce 3c 0f 04 92 52 5b e7 d5 cf 2c bf 65 |.I.<...R[...,.e|
+00000000 17 03 01 00 20 a0 51 37 c8 db c1 c9 03 41 35 7e |.... .Q7.....A5~|
+00000010 7c b4 c1 d2 b8 b4 63 e6 ac e7 6d 15 db ef 2d 4e ||.....c...m...-N|
+00000020 70 c3 62 51 2c 17 03 01 00 20 55 0e e9 5a 5c 57 |p.bQ,.... U..Z\W|
+00000030 fb d9 f9 1b ae c5 ad fc 13 e3 5e 7c 79 c6 f8 92 |..........^|y...|
+00000040 9f b9 0e 94 e4 8b d4 cf 75 5c 15 03 01 00 20 bf |........u\.... .|
+00000050 76 01 09 a9 b4 1e 54 cd 27 77 35 9e 5c 10 d5 dc |v.....T.'w5.\...|
+00000060 3e 6c d6 1c 0b b0 97 b2 27 81 59 92 75 db 90 |>l......'.Y.u..|
diff --git a/src/crypto/tls/testdata/Client-TLSv10-RSA-RC4 b/src/crypto/tls/testdata/Client-TLSv10-RSA-RC4
index 2e10537..8a56408 100644
--- a/src/crypto/tls/testdata/Client-TLSv10-RSA-RC4
+++ b/src/crypto/tls/testdata/Client-TLSv10-RSA-RC4
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 01 00 51 02 00 00 4d 03 01 ba 66 88 b5 b3 |....Q...M...f...|
-00000010 17 e1 9a c1 b6 27 e0 3f 1c 80 73 b6 6c 16 c9 4e |.....'.?..s.l..N|
-00000020 33 c4 8c 75 26 46 01 1b 31 dc a3 20 e3 57 4f 91 |3..u&F..1.. .WO.|
-00000030 3e 5b 91 cf 75 77 71 66 2f be 84 20 1c 7f 02 dd |>[..uwqf/.. ....|
-00000040 8b 63 43 6c 4d 1d a4 7a da 89 35 5a 00 05 00 00 |.cClM..z..5Z....|
+00000000 16 03 01 00 51 02 00 00 4d 03 01 d8 84 eb 07 33 |....Q...M......3|
+00000010 03 0d 9d c7 6d 90 a7 1f 92 33 6e d0 fc 67 7b 4f |....m....3n..g{O|
+00000020 c5 47 84 9c 6b 1d 6d 15 82 0d e2 20 78 95 16 fc |.G..k.m.... x...|
+00000030 9a c6 a9 8d 29 d7 5b aa 24 6a 60 48 88 85 f7 b5 |....).[.$j`H....|
+00000040 a0 72 f9 c0 ae 3d 01 ae f7 6c b1 3a 00 05 00 00 |.r...=...l.:....|
00000050 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.|
00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -64,15 +70,15 @@
00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..|
00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..|
00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 01 00 01 |.Y(.....ia5.....|
-00000090 01 16 03 01 00 24 b6 4b 4c 75 2d d9 8d 1c 85 df |.....$.KLu-.....|
-000000a0 f1 8d ff 7a 24 6b 02 3f fa 80 d7 f4 71 76 77 97 |...z$k.?....qvw.|
-000000b0 fd b3 59 d7 91 9f 3a e9 ec 3b |..Y...:..;|
+00000090 01 16 03 01 00 24 c5 cc 6d 58 66 41 6e 24 3d 77 |.....$..mXfAn$=w|
+000000a0 c6 dd b2 2e 39 6f 84 4c e8 32 0b 0b 22 8b 8f d3 |....9o.L.2.."...|
+000000b0 e0 fc 8a 0e 88 8f 69 35 88 48 |......i5.H|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 24 b6 51 7e 95 65 |..........$.Q~.e|
-00000010 c5 85 08 c3 31 5c ae 2e e9 9e 6e bb 3d e8 68 c5 |....1\....n.=.h.|
-00000020 26 a0 8c 61 a8 96 09 3c ec c7 9a 80 ff a2 5d |&..a...<......]|
+00000000 14 03 01 00 01 01 16 03 01 00 24 9c 13 f1 b9 96 |..........$.....|
+00000010 4a dc 99 34 51 3e 5f 00 e4 93 94 ee 91 25 9d f2 |J..4Q>_......%..|
+00000020 5d f1 8c 7e df b7 4a 42 9c 51 cb c0 83 92 cb |]..~..JB.Q.....|
>>> Flow 5 (client to server)
-00000000 17 03 01 00 1a 0b 83 3a 24 a0 b4 7f cc 86 6c 4f |.......:$.....lO|
-00000010 db 19 1b 09 23 77 a6 91 c6 09 db aa 3c 1a f3 15 |....#w......<...|
-00000020 03 01 00 16 80 dc 14 9b a7 ff 08 af 25 5e 67 8c |............%^g.|
-00000030 2d 2a 8e c9 bc 17 5a 29 48 99 |-*....Z)H.|
+00000000 17 03 01 00 1a 7f 06 af 43 39 09 7b c7 52 fd 67 |........C9.{.R.g|
+00000010 cd 4f 44 8f b5 d4 60 db ed dd 7e 10 5e df 1c 15 |.OD...`...~.^...|
+00000020 03 01 00 16 7b 2b ee 08 a0 6a c5 64 d8 6d dc 91 |....{+...j.d.m..|
+00000030 e8 e0 44 11 23 a9 c8 4c 9d 5b |..D.#..L.[|
diff --git a/src/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES b/src/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES
index 2ef4407..e7a6cf5 100644
--- a/src/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES
+++ b/src/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 02 00 59 02 00 00 55 03 02 cd 65 75 71 6d |....Y...U...euqm|
-00000010 da bd fe 6b ac ce 01 2f 8e 17 f6 5c 25 37 16 0d |...k.../...\%7..|
-00000020 bb 5f 39 e1 c3 14 94 d8 9f 26 02 20 ba 75 d9 3c |._9......&. .u.<|
-00000030 2d 56 1f 77 0d 36 52 38 20 44 e2 33 83 4d 93 a0 |-V.w.6R8 D.3.M..|
-00000040 fa fe 38 58 d3 1e db 72 ee 14 76 12 c0 09 00 00 |..8X...r..v.....|
+00000000 16 03 02 00 59 02 00 00 55 03 02 48 df b9 04 7d |....Y...U..H...}|
+00000010 92 50 cb 8f f7 03 8d 34 76 f5 4f 3a a0 d3 8e cc |.P.....4v.O:....|
+00000020 2a cd 5d 31 1a 55 d8 08 48 3f d9 20 0c 3b c2 e1 |*.]1.U..H?. .;..|
+00000030 8f 94 68 6e e2 31 e4 f9 a6 3d bf 27 84 38 43 95 |..hn.1...=.'.8C.|
+00000040 b6 d9 d3 4b fa 0a a2 c6 5a ae 83 bd c0 09 00 00 |...K....Z.......|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 02 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,39 +55,39 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 02 00 b3 0c 00 00 af 03 00 1d 20 63 d9 |*............ c.|
-00000280 4a 4e 6b ef 1c 95 89 ab f8 93 20 46 3f 51 40 a3 |JNk....... F?Q@.|
-00000290 2a d5 e7 6b 18 04 01 55 6f d7 3f de 6f 20 00 89 |*..k...Uo.?.o ..|
-000002a0 30 81 86 02 41 72 0a a5 28 94 81 35 17 04 6b 6c |0...Ar..(..5..kl|
-000002b0 9b 66 0f 31 2e 83 55 bb af 97 87 8b 41 cd eb 2c |.f.1..U.....A..,|
-000002c0 d0 71 87 4f d8 80 33 ec d2 57 6e 16 20 7a a7 aa |.q.O..3..Wn. z..|
-000002d0 93 9a 14 5b 56 cb df ff b6 bc 5f 98 64 3c e2 cb |...[V....._.d<..|
-000002e0 e3 45 0c ac 94 a5 02 41 41 97 c8 5e 64 74 93 ee |.E.....AA..^dt..|
-000002f0 2e 56 fb 8a 0b ca f8 e7 5e 80 c7 8c 78 89 37 1b |.V......^...x.7.|
-00000300 f2 ff de a0 df 54 9b 58 32 26 c7 cf ad af 5d 06 |.....T.X2&....].|
-00000310 d9 7e 0b 96 a0 e0 64 64 e7 f4 04 08 40 b2 d6 a5 |.~....dd....@...|
-00000320 bd 75 f4 7c 33 cd 3f 34 02 16 03 02 00 04 0e 00 |.u.|3.?4........|
-00000330 00 00 |..|
+00000270 2a 16 03 02 00 b4 0c 00 00 b0 03 00 1d 20 1d 08 |*............ ..|
+00000280 90 e5 39 31 40 7a 35 73 66 ff 41 e5 02 1f 8d a0 |..91@z5sf.A.....|
+00000290 12 e6 14 c8 24 b0 cc 1e 0f ad 4b 1b f9 1a 00 8a |....$.....K.....|
+000002a0 30 81 87 02 42 00 bf 9d 0c 38 71 af 56 52 d7 5d |0...B....8q.VR.]|
+000002b0 35 98 50 d2 fa 31 29 83 6d 53 9d 2a ef ae 6a 5f |5.P..1).mS.*..j_|
+000002c0 4d aa 8b 27 a4 73 51 e7 eb 2d c2 13 54 87 41 23 |M..'.sQ..-..T.A#|
+000002d0 98 0b 47 96 ba 50 95 c2 58 ed 23 8e 0b 78 9f cf |..G..P..X.#..x..|
+000002e0 6c 61 e6 e5 2b 0e b9 02 41 4b e0 f9 d6 03 cf b4 |la..+...AK......|
+000002f0 fa 6f 08 51 b7 3a 2a 60 d0 76 72 c8 28 8e 6e 67 |.o.Q.:*`.vr.(.ng|
+00000300 69 42 e3 e0 49 85 e9 cc 6a a0 c4 30 52 3b 3e 46 |iB..I...j..0R;>F|
+00000310 a7 a7 2b 95 7f bf 25 6e 54 ea 3c 48 1e 1d 28 96 |..+...%nT.<H..(.|
+00000320 86 ed 12 18 3c 68 6f 72 31 e9 16 03 02 00 04 0e |....<hor1.......|
+00000330 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 02 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 02 00 01 01 |....._X.;t......|
00000030 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000040 00 00 00 00 00 e8 63 07 7b aa d4 3b ce 03 91 f7 |......c.{..;....|
-00000050 4e 28 74 df 52 5f 3e 80 81 30 9d 4e e3 a5 f5 11 |N(t.R_>..0.N....|
-00000060 57 80 db 52 1d 4c c4 f3 38 c0 62 3d 84 57 1b 5d |W..R.L..8.b=.W.]|
-00000070 1a 51 b3 bb c3 |.Q...|
+00000040 00 00 00 00 00 3b 28 96 4f 03 dd 04 4e a3 73 73 |.....;(.O...N.ss|
+00000050 48 40 ef e3 4f 9d ab 39 3b db c6 0e fa 7f 0c 18 |H@..O..9;.......|
+00000060 f5 94 cd 55 23 2f f5 5c 69 14 bb 0b 49 e3 98 d7 |...U#/.\i...I...|
+00000070 c0 db 9e 3a 8b |...:.|
>>> Flow 4 (server to client)
-00000000 14 03 02 00 01 01 16 03 02 00 40 25 b2 b4 08 64 |..........@%...d|
-00000010 e0 09 4f 9a 25 35 7a 29 d8 0f 6d c6 39 3e 9e 17 |..O.%5z)..m.9>..|
-00000020 9f bb a2 cc e5 17 5c 76 36 b2 10 13 a2 c5 e9 ba |......\v6.......|
-00000030 08 5b f5 ff 8e 64 cc 3a 72 54 22 84 e9 d5 15 8e |.[...d.:rT".....|
-00000040 85 44 f4 d3 e2 a8 48 46 32 9d b5 |.D....HF2..|
+00000000 14 03 02 00 01 01 16 03 02 00 40 76 98 c8 7d 95 |..........@v..}.|
+00000010 ac 40 73 36 c1 49 ae 20 f4 a0 ef 70 59 bf d3 5e |.@s6.I. ...pY..^|
+00000020 71 ec 2e f8 c5 ea 9d cc 4d 06 44 e3 aa 46 cd c3 |q.......M.D..F..|
+00000030 c9 1b a0 5a 9a 76 ce 3b b5 16 85 33 cf ba 46 08 |...Z.v.;...3..F.|
+00000040 b8 c0 a7 da 2a 4d 23 b9 02 cc 3f |....*M#...?|
>>> Flow 5 (client to server)
00000000 17 03 02 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 29 6a 84 08 a0 1e eb 43 8e c2 c7 |.....)j.....C...|
-00000020 db 45 cc ee 39 0d a7 17 5f da e4 f5 70 d4 10 73 |.E..9..._...p..s|
-00000030 40 94 f4 81 4c 15 03 02 00 30 00 00 00 00 00 00 |@...L....0......|
-00000040 00 00 00 00 00 00 00 00 00 00 17 41 90 a8 d4 70 |...........A...p|
-00000050 c2 5e 89 b6 4e d9 49 83 31 58 c1 ca 59 ec 55 a7 |.^..N.I.1X..Y.U.|
-00000060 78 83 63 d0 97 32 a0 78 f5 61 |x.c..2.x.a|
+00000010 00 00 00 00 00 03 dd b7 03 45 4d 4c 0a 7a e7 36 |.........EML.z.6|
+00000020 a0 93 82 4e 15 73 b1 b8 18 17 35 c6 e1 84 47 4b |...N.s....5...GK|
+00000030 8c 3f 5c a2 9d 15 03 02 00 30 00 00 00 00 00 00 |.?\......0......|
+00000040 00 00 00 00 00 00 00 00 00 00 c2 f9 0f cb 78 53 |..............xS|
+00000050 43 55 f3 fd 8a cc 16 32 19 0b 81 5d 90 a4 31 ff |CU.....2...]..1.|
+00000060 58 ea 70 73 92 ad e8 ed 0c e3 |X.ps......|
diff --git a/src/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES b/src/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES
index ccf3001..02175ac 100644
--- a/src/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES
+++ b/src/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 02 00 59 02 00 00 55 03 02 25 c4 bc bf ab |....Y...U..%....|
-00000010 16 38 05 55 b8 78 a8 b6 e4 0c cb 70 f9 72 a9 5f |.8.U.x.....p.r._|
-00000020 f3 59 86 32 ca 92 b6 dd 66 83 42 20 e8 b9 6d 35 |.Y.2....f.B ..m5|
-00000030 25 ec e2 37 91 f1 9e 8b 0b 7f 15 cf fd 34 16 9e |%..7.........4..|
-00000040 ff 44 67 72 df bd 95 75 d3 fd 89 a5 c0 13 00 00 |.Dgr...u........|
+00000000 16 03 02 00 59 02 00 00 55 03 02 98 e4 68 fc f9 |....Y...U....h..|
+00000010 df 3e 77 31 50 88 fb c7 9c 53 37 20 97 9d 66 e1 |.>w1P....S7 ..f.|
+00000020 7f 2b bd 1f 59 2e b4 e1 12 71 0a 20 fe dc fa 3d |.+..Y....q. ...=|
+00000030 a5 41 2c 4c 0f 30 73 a8 35 4a 6a 14 1b 6c b6 22 |.A,L.0s.5Jj..l."|
+00000040 aa be ae be 7c 53 6d 29 c1 da 0e 6b c0 13 00 00 |....|Sm)...k....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 02 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,38 +60,38 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 02 00 |.=.`.\!.;.......|
-000002c0 aa 0c 00 00 a6 03 00 1d 20 07 e7 bf ce 93 eb a9 |........ .......|
-000002d0 c7 5d 78 3f bc 62 d4 d3 88 10 98 5e 6e 90 3e b5 |.]x?.b.....^n.>.|
-000002e0 11 cb 3d ed 42 1a d8 ac 2b 00 80 17 fa bd aa a4 |..=.B...+.......|
-000002f0 9c 14 78 9f d8 e7 65 3f 1f 54 b8 37 fc 2f a4 61 |..x...e?.T.7./.a|
-00000300 aa 47 ce ca 0f 59 f0 22 8c 5a e6 c8 ed 4e aa 91 |.G...Y.".Z...N..|
-00000310 c3 ce a8 08 21 7d d7 ef 88 c6 fc 04 6b b2 c8 d6 |....!}......k...|
-00000320 f0 3e aa dc 25 8c bd e7 fd 35 ea 44 7f 6d 2f bb |.>..%....5.D.m/.|
-00000330 f4 8d a2 39 f9 a1 69 9e 8e bc 08 50 1b 3d fe a9 |...9..i....P.=..|
-00000340 91 bd ab 67 2f 7a 71 a2 85 b2 3e ef 3f a5 45 c7 |...g/zq...>.?.E.|
-00000350 b1 2c 69 a0 ae 50 f8 12 73 c2 26 6a f0 7d 1f 28 |.,i..P..s.&j.}.(|
-00000360 49 1b c0 96 45 d8 e9 19 bd 47 af 16 03 02 00 04 |I...E....G......|
+000002c0 aa 0c 00 00 a6 03 00 1d 20 e7 c9 40 dc 8c e7 4a |........ ..@...J|
+000002d0 52 c5 47 3d 41 9e 43 75 9a 3e 01 db 85 dd 6e 27 |R.G=A.Cu.>....n'|
+000002e0 89 c1 88 3f d3 1b 62 50 6b 00 80 26 d0 b2 dc c7 |...?..bPk..&....|
+000002f0 2f 94 03 ff be db bc ee d1 2b 83 29 6e 73 6b 69 |/........+.)nski|
+00000300 39 eb a7 38 c3 4b d7 93 1d c7 94 ae 83 1e 70 2c |9..8.K........p,|
+00000310 18 bb 82 b6 fe 18 74 a1 33 aa f8 a5 8a 41 c3 b8 |......t.3....A..|
+00000320 5d 30 7e 5e cd 05 ef df bf 8a 77 96 1c cb e9 c5 |]0~^......w.....|
+00000330 82 0e 79 e0 04 2f ba 0a 63 f5 de 70 b6 ef 09 08 |..y../..c..p....|
+00000340 24 36 b6 01 c3 8c d7 3e 54 1b f1 39 08 2e 18 79 |$6.....>T..9...y|
+00000350 85 58 73 a2 f4 51 2b 04 1b c5 da b4 47 b0 a8 ca |.Xs..Q+.....G...|
+00000360 38 35 75 78 2b 53 97 93 50 01 c3 16 03 02 00 04 |85ux+S..P.......|
00000370 0e 00 00 00 |....|
>>> Flow 3 (client to server)
00000000 16 03 02 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 02 00 01 01 |....._X.;t......|
00000030 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000040 00 00 00 00 00 f4 1e 67 b5 2c 02 b9 fc 49 44 f1 |.......g.,...ID.|
-00000050 85 9f df bd 47 03 f5 68 a4 54 68 ea 13 c8 4c f8 |....G..h.Th...L.|
-00000060 81 5e 06 c3 df 2c bb f9 9c a6 99 36 26 60 e0 ac |.^...,.....6&`..|
-00000070 5f 82 0a c1 ea |_....|
+00000040 00 00 00 00 00 46 e7 d3 6c ca df 1e 98 43 dd fc |.....F..l....C..|
+00000050 7c 0e 51 7c 32 0a 76 41 7a c5 19 4a b2 75 e0 43 ||.Q|2.vAz..J.u.C|
+00000060 27 7e 84 b3 e2 2b ee fd 6f a5 11 f3 f8 68 e2 b1 |'~...+..o....h..|
+00000070 5e 7e ec 3a 89 |^~.:.|
>>> Flow 4 (server to client)
-00000000 14 03 02 00 01 01 16 03 02 00 40 82 b5 a3 75 27 |..........@...u'|
-00000010 3d 41 d0 00 f7 7d 1a e8 97 98 f6 f1 df f7 00 37 |=A...}.........7|
-00000020 a7 2e 29 e6 5a 26 ca ef 94 2c 05 06 c4 94 66 01 |..).Z&...,....f.|
-00000030 94 65 e3 45 50 7d 7a f4 78 ab 24 f6 9b 84 4b 7d |.e.EP}z.x.$...K}|
-00000040 a7 02 9c 32 f7 90 39 ac a6 61 47 |...2..9..aG|
+00000000 14 03 02 00 01 01 16 03 02 00 40 a1 8f f2 23 62 |..........@...#b|
+00000010 42 71 dd dc d6 8c 5e 3e d7 cf ef 8b b8 26 d4 99 |Bq....^>.....&..|
+00000020 d9 4f 58 ac cf eb 5d 56 00 be 20 3e 32 c2 72 2a |.OX...]V.. >2.r*|
+00000030 46 6a c4 b6 51 8c 3d c7 b3 e7 28 32 8c b7 f6 4c |Fj..Q.=...(2...L|
+00000040 9a 3d 30 56 42 84 25 c7 aa f4 e7 |.=0VB.%....|
>>> Flow 5 (client to server)
00000000 17 03 02 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 76 c0 94 ff b2 5a f4 4a 17 47 43 |.....v....Z.J.GC|
-00000020 94 d0 b3 7a 77 c0 e6 5d 0e 92 6d 6b 72 b9 d4 58 |...zw..]..mkr..X|
-00000030 d3 d5 be 50 95 15 03 02 00 30 00 00 00 00 00 00 |...P.....0......|
-00000040 00 00 00 00 00 00 00 00 00 00 25 f0 64 c9 b4 f7 |..........%.d...|
-00000050 3c 36 ea e2 df 8c 47 aa 1d a9 ba 5e d0 ce 10 6b |<6....G....^...k|
-00000060 a3 4b 08 04 10 60 ce 75 a1 5b |.K...`.u.[|
+00000010 00 00 00 00 00 c1 55 65 98 a8 15 c1 80 95 e0 85 |......Ue........|
+00000020 c0 0e f5 68 27 b1 f2 27 c2 cc 0e fd 36 15 ed 75 |...h'..'....6..u|
+00000030 9f 87 78 ae 3a 15 03 02 00 30 00 00 00 00 00 00 |..x.:....0......|
+00000040 00 00 00 00 00 00 00 00 00 00 b1 1a 15 9d f2 93 |................|
+00000050 4b 2d 0c 32 9d e6 34 1b 37 bf 89 b2 ca 44 95 16 |K-.2..4.7....D..|
+00000060 10 26 bd 47 e9 cb 62 76 1e 72 |.&.G..bv.r|
diff --git a/src/crypto/tls/testdata/Client-TLSv11-RSA-RC4 b/src/crypto/tls/testdata/Client-TLSv11-RSA-RC4
index 0c8ae35..6340eb1 100644
--- a/src/crypto/tls/testdata/Client-TLSv11-RSA-RC4
+++ b/src/crypto/tls/testdata/Client-TLSv11-RSA-RC4
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 02 00 51 02 00 00 4d 03 02 17 49 a0 13 8a |....Q...M...I...|
-00000010 1d 7a e5 dd dd f3 ba 71 8c 9f b9 16 55 98 4e 56 |.z.....q....U.NV|
-00000020 74 da 97 99 09 b7 5a cb 16 17 a8 20 b4 67 96 70 |t.....Z.... .g.p|
-00000030 f5 7c 25 f3 5e 47 6b 38 fb 2a 18 67 a7 35 b6 93 |.|%.^Gk8.*.g.5..|
-00000040 88 26 c7 da 67 7c d7 d9 4d 23 46 15 00 05 00 00 |.&..g|..M#F.....|
+00000000 16 03 02 00 51 02 00 00 4d 03 02 63 10 cc 62 2c |....Q...M..c..b,|
+00000010 7c 1f 2a 30 cc 2f fc cf 57 4e b1 a8 48 1a e8 e6 ||.*0./..WN..H...|
+00000020 fe 3c ec cd e6 bf b4 0b 90 4f 28 20 f4 f9 6a 6d |.<.......O( ..jm|
+00000030 73 cf 9f 86 7e d1 10 ab 7f 48 9c 1e c2 14 1d 18 |s...~....H......|
+00000040 cc e8 57 48 65 c5 2e 86 a8 e2 da 4a 00 05 00 00 |..WHe......J....|
00000050 05 ff 01 00 01 00 16 03 02 02 59 0b 00 02 55 00 |..........Y...U.|
00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -64,15 +70,15 @@
00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..|
00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..|
00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 02 00 01 |.Y(.....ia5.....|
-00000090 01 16 03 02 00 24 57 25 f5 73 5b e7 e4 e5 41 29 |.....$W%.s[...A)|
-000000a0 0f 6f c5 92 93 17 17 fe 3f 84 cb 62 c0 69 ef ae |.o......?..b.i..|
-000000b0 c4 96 c7 32 76 b9 fb 2a 01 03 |...2v..*..|
+00000090 01 16 03 02 00 24 cf ee c8 cd b5 06 a4 5a 3a 3e |.....$.......Z:>|
+000000a0 6a 11 9b 40 48 b2 89 95 5c ba 30 59 df 05 63 46 |j..@H...\.0Y..cF|
+000000b0 0c 23 54 34 a8 f5 b2 51 1b 3c |.#T4...Q.<|
>>> Flow 4 (server to client)
-00000000 14 03 02 00 01 01 16 03 02 00 24 74 40 46 d2 01 |..........$t@F..|
-00000010 85 de 99 2e 04 b7 c4 a6 50 61 22 01 23 fd 77 be |........Pa".#.w.|
-00000020 55 6a 6d 1a 79 17 c7 3d 75 64 99 fc bb 42 a7 |Ujm.y..=ud...B.|
+00000000 14 03 02 00 01 01 16 03 02 00 24 5e 7b 1a c0 81 |..........$^{...|
+00000010 94 bc 22 87 6f 6a 09 9d ad b4 9c 90 ae 80 4f ed |..".oj........O.|
+00000020 3f 6d ac 40 7a 20 0a 9a 7f b2 f9 7d c2 50 7a |?m.@z .....}.Pz|
>>> Flow 5 (client to server)
-00000000 17 03 02 00 1a d0 cc 3e 2e f5 09 1d 14 b6 ec f4 |.......>........|
-00000010 19 64 30 40 eb 86 31 8b 61 fd 94 b5 3a 0c d5 15 |.d0@..1.a...:...|
-00000020 03 02 00 16 f2 d9 24 a4 f7 65 0e 26 1e c0 c9 7d |......$..e.&...}|
-00000030 5c 57 59 fb 80 fd ab ab 83 e4 |\WY.......|
+00000000 17 03 02 00 1a bb f8 a5 2d ef c6 34 c7 1a 1b 87 |........-..4....|
+00000010 8c 59 31 72 64 19 a3 d4 ab 40 b3 b9 75 1c 92 15 |.Y1rd....@..u...|
+00000020 03 02 00 16 e0 65 24 90 8e 53 9c 2e 48 52 83 ec |.....e$..S..HR..|
+00000030 09 b0 92 2b 21 42 c1 ed 45 bb |...+!B..E.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-AES128-GCM-SHA256 b/src/crypto/tls/testdata/Client-TLSv12-AES128-GCM-SHA256
index c63e71a..dde8506 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-AES128-GCM-SHA256
+++ b/src/crypto/tls/testdata/Client-TLSv12-AES128-GCM-SHA256
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 51 02 00 00 4d 03 03 49 4c e7 e2 d1 |....Q...M..IL...|
-00000010 f6 48 5a 9c 53 86 a7 b4 43 a2 35 a1 6a cd 40 8d |.HZ.S...C.5.j.@.|
-00000020 db 5a 93 d2 66 1a 9e b3 cd ab 8b 20 52 21 cc 8d |.Z..f...... R!..|
-00000030 24 23 ed 26 f1 c0 44 17 74 1a ef 01 5c c5 8e 79 |$#.&..D.t...\..y|
-00000040 f6 e5 00 e8 b3 71 72 99 a5 2d 4d cf 00 9c 00 00 |.....qr..-M.....|
+00000000 16 03 03 00 51 02 00 00 4d 03 03 4c 7d 80 b6 78 |....Q...M..L}..x|
+00000010 9f 5c 70 7d fe 4a 0a b2 e3 12 80 14 6d 20 e3 cc |.\p}.J......m ..|
+00000020 ec c9 08 8e 44 f6 c2 92 65 90 56 20 86 57 75 b4 |....D...e.V .Wu.|
+00000030 3d 5a 00 5f bb 25 f3 21 a9 e2 1e 10 4a 1e 8a 30 |=Z._.%.!....J..0|
+00000040 9a 93 b0 87 04 a1 d5 c6 ad 0f c9 fc 00 9c 00 00 |................|
00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -64,17 +70,17 @@
00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..|
00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..|
00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....|
-00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 c5 41 |.....(.........A|
-000000a0 79 78 69 d0 e6 8f 11 e0 19 7a a2 51 0f b4 1f 8f |yxi......z.Q....|
-000000b0 8a a5 d9 48 1a b8 cd 2f ea e2 04 9b e8 9f |...H.../......|
+00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 14 74 |.....(.........t|
+000000a0 ff 19 e7 d3 2c b4 5e 43 c2 38 d2 53 ca a2 3e f6 |....,.^C.8.S..>.|
+000000b0 f0 12 92 0c 68 6f d7 5c 37 ff 8e d7 98 bf |....ho.\7.....|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 f3 72 0c 34 0f |..........(.r.4.|
-00000010 59 fa 8d 0f d1 37 6d 3b 9c e6 41 66 8b 30 4a d0 |Y....7m;..Af.0J.|
-00000020 ef 21 f1 42 79 f0 55 0e a1 43 d5 d7 b1 d6 45 aa |.!.By.U..C....E.|
-00000030 5a 3a 69 |Z:i|
+00000000 14 03 03 00 01 01 16 03 03 00 28 20 60 01 e9 d0 |..........( `...|
+00000010 f7 5a 03 c6 6c 6e 37 5e ad e2 2f 93 84 31 88 38 |.Z..ln7^../..1.8|
+00000020 da b7 55 4d 3d 0c 8a 6b 7c 57 05 2a ef 6f 24 6b |..UM=..k|W.*.o$k|
+00000030 6f 1d d6 |o..|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 7d bd ac |.............}..|
-00000010 69 1a 3c b3 4d 0f 1b 25 40 95 34 f0 b1 97 60 39 |i.<.M..%@.4...`9|
-00000020 93 42 10 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.B..............|
-00000030 a0 65 f5 b0 94 a5 2e 1a c4 a5 97 76 12 8f 82 70 |.e.........v...p|
-00000040 49 0c |I.|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 4f 20 33 |.............O 3|
+00000010 83 73 86 0a ca 92 4d 8b d5 cf 2e e8 b1 f0 81 9c |.s....M.........|
+00000020 c1 3b 0a 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.;..............|
+00000030 9c a9 02 e8 ad cf 5f 33 f0 15 86 c7 4a 11 85 20 |......_3....J.. |
+00000040 06 04 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-AES128-SHA256 b/src/crypto/tls/testdata/Client-TLSv12-AES128-SHA256
index 17826d3..8714fdb 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-AES128-SHA256
+++ b/src/crypto/tls/testdata/Client-TLSv12-AES128-SHA256
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 51 02 00 00 4d 03 03 89 90 c7 c5 d0 |....Q...M.......|
-00000010 21 e2 50 ac 35 a7 b1 10 8a 32 45 b8 48 02 0e 19 |!.P.5....2E.H...|
-00000020 45 58 31 81 a4 db 0f 19 21 53 80 20 ca a7 7f 02 |EX1.....!S. ....|
-00000030 5a f4 9b cc 70 72 fa e8 ed 4f 0c 1b c7 7a b2 58 |Z...pr...O...z.X|
-00000040 e1 c1 b3 c8 3e a1 82 8e 78 3b c6 02 00 3c 00 00 |....>...x;...<..|
+00000000 16 03 03 00 51 02 00 00 4d 03 03 fa f4 c1 2c 7a |....Q...M.....,z|
+00000010 a0 09 f0 35 06 c3 79 90 a4 df fa 3c 14 1a 95 92 |...5..y....<....|
+00000020 23 16 19 9d 38 83 89 6f ee 7e 7b 20 1f 2d 6c 2b |#...8..o.~{ .-l+|
+00000030 bf 93 e4 58 00 13 6d ac 4d 0b c2 b4 4a e5 b3 39 |...X..m.M...J..9|
+00000040 80 8e 35 1b 7b ec 9a 2e b8 bb 0b 04 00 3c 00 00 |..5.{........<..|
00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -65,25 +71,25 @@
00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..|
00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....|
00000090 01 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 |.....P..........|
-000000a0 00 00 00 00 00 00 e0 31 66 d7 3b a5 a2 cd 61 c5 |.......1f.;...a.|
-000000b0 76 26 ce b4 a7 a3 86 8b 68 98 8a 0c 14 df 71 39 |v&......h.....q9|
-000000c0 29 b0 29 05 97 87 2f d5 81 25 0b 46 e7 91 2a fc |).).../..%.F..*.|
-000000d0 bb 76 d3 19 31 37 ad 8b 01 f0 66 1f 0f 7f 7a 0f |.v..17....f...z.|
-000000e0 bd 2b 76 3f 84 2b |.+v?.+|
+000000a0 00 00 00 00 00 00 ab 11 61 9b 81 32 bc 64 54 55 |........a..2.dTU|
+000000b0 4d 76 5d 75 77 10 c4 df 34 43 af a5 83 37 24 e9 |Mv]uw...4C...7$.|
+000000c0 6c c8 73 ad 28 24 a8 3a be 5d a9 22 21 fc e5 95 |l.s.($.:.]."!...|
+000000d0 7e 27 18 d4 c4 b4 c5 70 f6 48 73 a6 97 2a c7 5d |~'.....p.Hs..*.]|
+000000e0 46 78 37 9f f1 30 |Fx7..0|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 50 b7 1d 0b ad 4a |..........P....J|
-00000010 05 27 59 4e 95 11 58 6e 90 02 12 52 40 b2 0e 1d |.'YN..Xn...R@...|
-00000020 ca 82 a6 85 2f 01 ad 9c 29 41 f9 a0 3d b2 39 be |..../...)A..=.9.|
-00000030 9f 76 72 3e de db 17 de d7 9e 4e 0a 89 be 27 9c |.vr>......N...'.|
-00000040 37 88 46 87 8c a9 a9 41 70 01 72 60 18 4a 3b ac |7.F....Ap.r`.J;.|
-00000050 97 8e 4f 2c 4b 4e 87 0b bd e4 89 |..O,KN.....|
+00000000 14 03 03 00 01 01 16 03 03 00 50 c3 5f 95 d2 ee |..........P._...|
+00000010 3d 98 c9 29 ab 06 fc 8c 9b 9c fa 98 36 f1 6c f4 |=..)........6.l.|
+00000020 0c bd c6 d3 79 7e ce 90 fa 23 04 d3 41 ea 35 f0 |....y~...#..A.5.|
+00000030 3e bc dc 02 ae 0d 87 27 1a 8b d8 f0 e4 32 7d 89 |>......'.....2}.|
+00000040 9c 89 50 38 ae 02 e2 c7 65 43 a9 1f ce 42 c9 e3 |..P8....eC...B..|
+00000050 ce 0d 68 16 f6 46 6d 40 47 66 3c |..h..Fm@Gf<|
>>> Flow 5 (client to server)
00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000010 00 00 00 00 00 b6 0c c1 ab 01 1a 69 8f 48 80 5e |...........i.H.^|
-00000020 f8 d6 b7 b9 7c 9e 30 01 ff 4d 27 94 ef 3e 05 c3 |....|.0..M'..>..|
-00000030 64 fd 38 f9 b9 29 fe 49 bf 6a fc 6f ac 1e 6d ee |d.8..).I.j.o..m.|
-00000040 42 a2 2f 05 e5 15 03 03 00 40 00 00 00 00 00 00 |B./......@......|
-00000050 00 00 00 00 00 00 00 00 00 00 37 ca 1c 12 fd 31 |..........7....1|
-00000060 2b 9e 56 51 a7 f5 3e 37 48 fe 08 b9 a3 8d 4c 26 |+.VQ..>7H.....L&|
-00000070 7d c2 9d 04 f8 7f b9 47 00 87 bd 86 51 36 83 a7 |}......G....Q6..|
-00000080 98 cf de ac 76 d6 78 ac bd 95 |....v.x...|
+00000010 00 00 00 00 00 55 d6 ad fe d9 c9 28 f1 6e 80 e3 |.....U.....(.n..|
+00000020 54 38 52 96 9f cb cb 94 67 ef a1 ed e0 6b 83 c6 |T8R.....g....k..|
+00000030 c8 48 c2 bb ed 18 a5 ec cc 6d cc f1 78 a1 be 45 |.H.......m..x..E|
+00000040 88 e9 c9 5a 03 15 03 03 00 40 00 00 00 00 00 00 |...Z.....@......|
+00000050 00 00 00 00 00 00 00 00 00 00 8a 47 d5 d1 ba 89 |...........G....|
+00000060 cb 14 1a a7 99 6b 41 14 4c 85 f3 df f2 51 42 23 |.....kA.L....QB#|
+00000070 0d 44 b1 a4 52 3c e8 34 5c 09 cc 92 06 3a 3f 75 |.D..R<.4\....:?u|
+00000080 b1 b2 cb bf c7 ff da f7 7a 90 |........z.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-AES256-GCM-SHA384 b/src/crypto/tls/testdata/Client-TLSv12-AES256-GCM-SHA384
index 598430d..61abb55 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-AES256-GCM-SHA384
+++ b/src/crypto/tls/testdata/Client-TLSv12-AES256-GCM-SHA384
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 51 02 00 00 4d 03 03 de 31 eb 89 cf |....Q...M...1...|
-00000010 06 df 45 b2 68 3c 70 8e ef ec 11 14 d1 f3 8c 95 |..E.h<p.........|
-00000020 c7 11 b6 f9 63 d1 f3 12 5e ec 4b 20 b9 eb 00 03 |....c...^.K ....|
-00000030 2b 2e ff 13 96 50 36 9e 9c 38 ce a7 c8 1b a3 5b |+....P6..8.....[|
-00000040 a2 c2 99 af c7 0b cb 71 17 56 23 e8 00 9d 00 00 |.......q.V#.....|
+00000000 16 03 03 00 51 02 00 00 4d 03 03 f9 28 80 d0 c1 |....Q...M...(...|
+00000010 26 36 81 01 db 60 7a 37 77 ff 57 da 2a 4c ab f3 |&6...`z7w.W.*L..|
+00000020 5d 00 df f9 84 db bd 2d 95 37 ae 20 f7 00 8d 5d |]......-.7. ...]|
+00000030 1e ba e7 cc ed 36 d6 a5 87 63 5d c3 9b 4b a0 9c |.....6...c]..K..|
+00000040 cf ee bc b3 de 8a ec 61 41 a3 3a df 00 9d 00 00 |.......aA.:.....|
00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -64,17 +70,17 @@
00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..|
00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..|
00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....|
-00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 26 0c |.....(........&.|
-000000a0 81 5b e0 e4 c5 0f 8b b4 53 f3 84 f8 7c 63 76 2e |.[......S...|cv.|
-000000b0 47 23 b3 48 a4 2b c0 e8 30 68 0c 34 42 03 |G#.H.+..0h.4B.|
+00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 0c e7 |.....(..........|
+000000a0 cc 31 51 9b 03 cc bb 21 51 a7 5f 23 59 cf 5f 29 |.1Q....!Q._#Y._)|
+000000b0 4e bd db 3d d2 fb 92 73 27 2b 6f 9a b7 f2 |N..=...s'+o...|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 f0 52 59 4b c1 |..........(.RYK.|
-00000010 54 7c 0d 0c 4a 82 96 0a 50 d2 6d ce 7c 2f e9 3c |T|..J...P.m.|/.<|
-00000020 55 ea da ea 8a 1a 6f 1d fe 96 01 0f 42 61 61 45 |U.....o.....BaaE|
-00000030 ef 31 97 |.1.|
+00000000 14 03 03 00 01 01 16 03 03 00 28 68 27 f4 6c ac |..........(h'.l.|
+00000010 ae 31 68 1a b3 7c 5f 6f 41 18 5a 24 d3 04 00 d2 |.1h..|_oA.Z$....|
+00000020 2d ce 9b 30 a1 55 df f6 7a ff 80 42 9c 86 c7 13 |-..0.U..z..B....|
+00000030 c8 fc ca |...|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 cb 28 8f |..............(.|
-00000010 dd 5d cf 29 ef 92 72 71 43 85 c1 1b fe 41 a4 f8 |.].)..rqC....A..|
-00000020 07 f7 96 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 25 52 2c d6 5a f4 95 ea 21 bb 35 70 d1 78 cc 15 |%R,.Z...!.5p.x..|
-00000040 d5 79 |.y|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 e3 e7 af |................|
+00000010 ee cc 1b e2 13 85 a7 37 85 e9 bd a7 3e 18 e2 f0 |.......7....>...|
+00000020 e3 2d 64 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.-d.............|
+00000030 3d fe 35 3c b3 13 25 f8 a3 b8 81 da 91 3b 8d 69 |=.5<..%......;.i|
+00000040 fc c5 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ALPN b/src/crypto/tls/testdata/Client-TLSv12-ALPN
index 05c4afb..72d2b7c 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ALPN
+++ b/src/crypto/tls/testdata/Client-TLSv12-ALPN
@@ -1,22 +1,28 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 ad 01 00 00 a9 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 01 10 01 00 01 0c 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 54 33 74 |.............T3t|
-00000060 00 00 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 |................|
-00000070 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 |................|
-00000080 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 |................|
-00000090 03 02 01 02 03 ff 01 00 01 00 00 10 00 10 00 0e |................|
-000000a0 06 70 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 12 |.proto2.proto1..|
-000000b0 00 00 |..|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 91 33 74 00 00 00 05 00 05 01 00 00 00 |....3t..........|
+00000090 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 |................|
+000000a0 0b 00 02 01 00 00 0d 00 18 00 16 08 04 08 05 08 |................|
+000000b0 06 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
+000000c0 03 ff 01 00 01 00 00 10 00 10 00 0e 06 70 72 6f |.............pro|
+000000d0 74 6f 32 06 70 72 6f 74 6f 31 00 12 00 00 00 2b |to2.proto1.....+|
+000000e0 00 09 08 03 04 03 03 03 02 03 01 00 33 00 26 00 |............3.&.|
+000000f0 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da |$... /.}.G.bC.(.|
+00000100 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
+00000110 5f 58 cb 3b 74 |_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 66 02 00 00 62 03 03 cb 8e 3f a0 07 |....f...b....?..|
-00000010 c3 0e b3 b2 07 39 e2 2d b9 5f 03 31 05 b0 0d b6 |.....9.-._.1....|
-00000020 c7 c5 4d 39 2b 3f 1a d7 38 43 69 20 f5 35 e2 93 |..M9+?..8Ci .5..|
-00000030 75 c4 eb b3 eb a3 ad cd 9f e3 c6 dc b8 ea 20 7c |u............. ||
-00000040 94 1b 9c 73 bd 2e af f1 4d 97 6d eb cc a8 00 00 |...s....M.m.....|
+00000000 16 03 03 00 66 02 00 00 62 03 03 44 df ea e4 67 |....f...b..D...g|
+00000010 62 77 d5 ee 65 9f 25 8b 54 86 1a 1f 09 46 9c 41 |bw..e.%.T....F.A|
+00000020 d3 13 bb 6c f5 73 9a 22 eb cf 8d 20 e8 2e 63 9f |...l.s."... ..c.|
+00000030 a3 64 aa 59 7b 88 f8 28 7e 57 00 7c 3a cc 80 5e |.d.Y{..(~W.|:..^|
+00000040 7d 9a 03 1e 5d 89 c0 ff 53 aa c0 4d cc a8 00 00 |}...]...S..M....|
00000050 1a ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 10 |................|
00000060 00 09 00 07 06 70 72 6f 74 6f 31 16 03 03 02 59 |.....proto1....Y|
00000070 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 |...U..R..O0..K0.|
@@ -57,31 +63,31 @@
000002a0 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 |.....@.a.Lr+...F|
000002b0 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 |..M...>...B...=.|
000002c0 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 |`.\!.;..........|
-000002d0 00 a8 03 00 1d 20 4c d6 65 c1 74 2c 78 ab 45 87 |..... L.e.t,x.E.|
-000002e0 bc 6e 9a cd 6c d4 2f 1e ed 1b ed 68 e0 20 3b 13 |.n..l./....h. ;.|
-000002f0 7b b9 45 a1 38 78 04 01 00 80 31 26 2b b6 f8 fe |{.E.8x....1&+...|
-00000300 bf 3c c6 8e ec 30 87 09 18 87 27 ec 9f 4f 93 74 |.<...0....'..O.t|
-00000310 6b 65 94 12 3e 4d 5e a8 f7 0f ec 9e 60 c5 d5 a0 |ke..>M^.....`...|
-00000320 c1 53 10 1d 8a 5b 82 2e 64 07 59 2e 0c b8 e3 90 |.S...[..d.Y.....|
-00000330 20 a5 0a 88 3e 7e d6 b9 85 58 78 f1 58 56 a6 d8 | ...>~...Xx.XV..|
-00000340 ee 60 52 59 d1 5b 16 58 de ce bc 09 79 99 65 e0 |.`RY.[.X....y.e.|
-00000350 6b 0b 4e 3d fb 80 35 6b 56 48 33 b3 17 4e 61 cf |k.N=..5kVH3..Na.|
-00000360 88 78 41 14 c8 fa 41 32 f9 2b 87 27 40 d7 2b 51 |.xA...A2.+.'@.+Q|
-00000370 bd 16 54 cd f3 79 3a 7d c9 f0 16 03 03 00 04 0e |..T..y:}........|
+000002d0 00 a8 03 00 1d 20 5e d1 0b 33 b0 c2 e9 12 eb 00 |..... ^..3......|
+000002e0 4d 2f b8 1b 74 b0 b2 a0 01 7a 67 5a 54 9e a5 d1 |M/..t....zgZT...|
+000002f0 c5 a5 2e 59 af 53 08 04 00 80 1f ac 73 b9 62 55 |...Y.S......s.bU|
+00000300 a2 53 ae 64 db 2a f7 a1 a8 69 09 2d a2 fa 0c d8 |.S.d.*...i.-....|
+00000310 9e e8 9a 2f b6 8f f0 e1 5e 53 bb 4c 9e fa e4 7a |.../....^S.L...z|
+00000320 68 06 20 d5 e7 d0 de cf 29 a8 bd 6b 54 82 e4 bb |h. .....)..kT...|
+00000330 dd 6e ab d1 d1 c9 af 77 01 b1 06 e1 9d 2f 00 7a |.n.....w...../.z|
+00000340 2b e7 6f d1 da 7c 6f f5 2c 03 0d 57 9e 19 41 be |+.o..|o.,..W..A.|
+00000350 91 85 17 c2 4a 5e 9b 87 44 0e df 81 64 b1 2e 4b |....J^..D...d..K|
+00000360 64 80 fb f2 7f 23 f1 19 2c 8a 8d 6d 08 1e e9 0d |d....#..,..m....|
+00000370 47 ec 94 b0 db c6 7a 44 79 04 16 03 03 00 04 0e |G.....zDy.......|
00000380 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 40 b0 f2 80 ce 38 b3 98 fd 34 ba |.... @....8...4.|
-00000040 84 d3 f7 30 dc 9f 09 4b 0e 44 0b 79 b1 28 39 53 |...0...K.D.y.(9S|
-00000050 94 03 db c8 2b |....+|
+00000030 16 03 03 00 20 b9 03 a2 50 29 94 cc 5b 6c 3c 7f |.... ...P)..[l<.|
+00000040 71 13 4b f0 3e 1a 13 df a0 a6 e3 15 a7 36 a2 40 |q.K.>........6.@|
+00000050 86 88 d4 63 c0 |...c.|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 6f 6c ec 1a 29 |.......... ol..)|
-00000010 d8 29 6c 10 67 12 4f 45 d3 64 85 e4 bc 28 5b 52 |.)l.g.OE.d...([R|
-00000020 d0 46 45 3c ac bc fa 51 c1 00 84 |.FE<...Q...|
+00000000 14 03 03 00 01 01 16 03 03 00 20 c0 4e 72 ff 58 |.......... .Nr.X|
+00000010 40 70 90 8a ac 4e 94 28 ae 45 5e 2f 5f f4 c3 61 |@p...N.(.E^/_..a|
+00000020 64 5d d9 af 43 a0 c1 65 78 2a 5e |d]..C..ex*^|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 7d 3e 49 f0 a6 61 18 fc 10 f4 7f |.....}>I..a.....|
-00000010 e2 df b7 58 7d ad 31 84 de 60 e0 15 03 03 00 12 |...X}.1..`......|
-00000020 08 cd 3f b6 58 d8 72 12 e0 f5 c6 8f f7 76 d5 29 |..?.X.r......v.)|
-00000030 4f b2 |O.|
+00000000 17 03 03 00 16 e3 fb 93 b5 c4 17 c2 6a 9c 15 ca |............j...|
+00000010 de ca c6 49 67 d6 59 65 4a ee d2 15 03 03 00 12 |...Ig.YeJ.......|
+00000020 8b f7 3f 3d ad 68 2b bf f2 96 18 21 d0 0f ea e8 |..?=.h+....!....|
+00000030 a0 d9 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
index 6fc1b1b..0968c16 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 3d c4 44 53 fd |....Y...U..=.DS.|
-00000010 1d ce 32 ba 0a ba 77 43 7a ba d1 e1 5b 7d 78 d4 |..2...wCz...[}x.|
-00000020 d3 29 5f e2 2b ab a1 e0 20 70 bd 20 4c 6b 28 a6 |.)_.+... p. Lk(.|
-00000030 f0 d0 51 92 3d ed 65 5c bd 26 8f 81 93 14 b0 93 |..Q.=.e\.&......|
-00000040 80 af ae f6 3c 59 1f 1c 65 45 f0 13 c0 09 00 00 |....<Y..eE......|
+00000000 16 03 03 00 59 02 00 00 55 03 03 8d 42 b5 ca 09 |....Y...U...B...|
+00000010 22 3a a8 c0 09 57 81 1c e9 40 20 14 a6 b5 6d c7 |":...W...@ ...m.|
+00000020 2a 62 69 7f 5f a8 e2 74 d5 c1 b0 20 9a bf c7 2c |*bi._..t... ...,|
+00000030 b9 1b d5 45 8a a1 49 fa 0f 3b d2 74 da 6f ef 6a |...E..I..;.t.o.j|
+00000040 87 75 9a be 04 8a 9e ef 7e ea d7 16 c0 09 00 00 |.u......~.......|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,22 +55,23 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 b4 47 |*............ .G|
-00000280 68 85 aa c9 1b 4f ac c6 c6 08 39 e2 91 a8 0f a7 |h....O....9.....|
-00000290 26 d0 60 1a 68 62 7d 22 61 d2 66 1f 42 71 04 03 |&.`.hb}"a.f.Bq..|
-000002a0 00 8b 30 81 88 02 42 00 86 22 15 eb 04 d8 98 69 |..0...B..".....i|
-000002b0 71 75 c9 d7 17 61 d2 dc a7 2f 21 22 fd b9 da 6e |qu...a.../!"...n|
-000002c0 b2 36 65 22 1a 20 c8 49 3e a6 2a e4 4e a1 93 8d |.6e". .I>.*.N...|
-000002d0 47 59 42 4f 54 51 3f dd fc b9 b0 b4 fe d2 77 28 |GYBOTQ?.......w(|
-000002e0 15 58 4f b5 f5 56 da b2 02 02 42 00 cb 0b 69 b7 |.XO..V....B...i.|
-000002f0 1b 48 85 7e e3 bf be 27 64 c7 38 4d dc a1 49 73 |.H.~...'d.8M..Is|
-00000300 ba f9 45 6b cc 95 d1 72 d8 45 9c 39 3d 3a 93 85 |..Ek...r.E.9=:..|
-00000310 a7 22 20 c3 ce 48 e3 0d 31 9c f4 cf 2c dc d7 9d |." ..H..1...,...|
-00000320 d3 b4 6a fe 98 31 d9 32 dc 37 1a c0 fa 16 03 03 |..j..1.2.7......|
-00000330 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......|
-00000340 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000350 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................|
-00000360 04 0e 00 00 00 |.....|
+00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 1c 45 |*............ .E|
+00000280 5f 18 e9 5f 2f 0d 3b 3f f2 a8 dc f8 15 1c 03 e4 |_.._/.;?........|
+00000290 c1 fa f8 f7 75 cb 74 17 cd 82 7d 26 8e 41 04 03 |....u.t...}&.A..|
+000002a0 00 8b 30 81 88 02 42 01 6c ae 9f 61 16 bb 03 50 |..0...B.l..a...P|
+000002b0 52 94 7f 89 59 92 a5 3e 74 54 97 7a f0 22 a5 7d |R...Y..>tT.z.".}|
+000002c0 de 80 c4 6a 0d a0 cb 50 e1 aa 27 a9 44 4f 24 db |...j...P..'.DO$.|
+000002d0 69 b2 d2 6c 6e 26 79 99 d8 31 9d 2d 47 26 f1 c6 |i..ln&y..1.-G&..|
+000002e0 42 25 f5 66 6b 03 7a 19 b1 02 42 00 f4 5c 98 a4 |B%.fk.z...B..\..|
+000002f0 d3 d7 af 36 42 cc 95 91 be 7e b1 3c 61 df a9 9c |...6B....~.<a...|
+00000300 22 4d 22 82 e1 fa bc ff 8d b0 fe 3d 0e 5e d0 ef |"M"........=.^..|
+00000310 d5 dc 62 88 9a f5 1b 66 1d d3 54 cc 4d 1d 2c ea |..b....f..T.M.,.|
+00000320 bd 65 34 9a 15 b5 ad f6 7e 17 a5 96 c2 16 03 03 |.e4.....~.......|
+00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+00000370 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0|
00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5|
@@ -101,32 +108,32 @@
00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..|
00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b|
00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......|
-00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......|
-00000240 00 8e 06 03 00 8a 30 81 87 02 42 00 cb 61 7d bc |......0...B..a}.|
-00000250 af 48 88 32 98 9b 34 a0 71 0e 3a 33 bd da 73 16 |.H.2..4.q.:3..s.|
-00000260 05 f4 8e d8 30 11 c8 da dd 7a 84 80 57 a1 76 d8 |....0....z..W.v.|
-00000270 af 3d 90 d7 e2 44 85 78 c4 12 ed 8d dc 4e 82 08 |.=...D.x.....N..|
-00000280 51 20 59 d7 38 26 29 c9 2b 5b 77 fc d2 02 41 3b |Q Y.8&).+[w...A;|
-00000290 70 99 7c 46 bf 8e 85 40 d7 75 c5 43 36 f8 e3 30 |p.|F...@.u.C6..0|
-000002a0 28 ac 20 1e 79 43 b2 f3 6d b1 ae 6e cf 41 b5 ed |(. .yC..m..n.A..|
-000002b0 76 2b d5 17 78 2c fa 91 75 ba 63 8f e9 1c c8 c0 |v+..x,..u.c.....|
-000002c0 1e 02 63 70 53 41 e0 98 77 a5 ae 54 6a 74 c0 91 |..cpSA..w..Tjt..|
-000002d0 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-000002e0 00 00 00 00 00 00 00 00 00 00 00 7d 12 bc ba f4 |...........}....|
-000002f0 34 59 b7 c2 a9 5d 11 88 38 cc bc cc 1c 14 b7 5a |4Y...]..8......Z|
-00000300 ae d8 0a 45 bc 61 b5 bc d6 8e c4 69 80 10 7a ea |...E.a.....i..z.|
-00000310 07 f4 dc 1a c9 dc b8 90 66 6c bc |........fl.|
+00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......|
+00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 83 b1 39 05 |......0...B...9.|
+00000250 25 f1 1b 2b 55 c0 7e 56 e1 0e 33 bc 03 c7 0a 17 |%..+U.~V..3.....|
+00000260 b7 c2 b7 da ab 9d 5d 22 da 60 74 7d 85 5e 53 ff |......]".`t}.^S.|
+00000270 57 4e c3 0a 47 fd e5 f6 dc 05 56 4c 7a 9f e4 5c |WN..G.....VLz..\|
+00000280 04 97 80 61 d5 9f db a5 74 9b ec fc bf 02 42 01 |...a....t.....B.|
+00000290 27 f8 0e 21 c2 c2 68 72 82 1b 4b cf d8 0c 1a 09 |'..!..hr..K.....|
+000002a0 b0 f5 0f b9 3b e9 63 dc 68 33 5e 41 e2 2c a4 04 |....;.c.h3^A.,..|
+000002b0 ec ee 84 6d f3 28 fc 6d c4 f1 04 8c 1d 38 6e e9 |...m.(.m.....8n.|
+000002c0 ae 0d 0a 82 0e 42 c4 42 e7 12 33 c5 38 4f 19 51 |.....B.B..3.8O.Q|
+000002d0 61 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |a..........@....|
+000002e0 00 00 00 00 00 00 00 00 00 00 00 00 9e b0 80 10 |................|
+000002f0 4c da e3 cd 1e 56 e6 90 10 c5 ea d6 25 f9 34 31 |L....V......%.41|
+00000300 cd 42 60 5d ab 3b 13 05 48 cd f6 53 c3 b7 ea ea |.B`].;..H..S....|
+00000310 30 f0 58 2d 17 3c 77 fb a7 8f 9f a8 |0.X-.<w.....|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 40 df ff fd 43 0b |..........@...C.|
-00000010 d1 28 4b db ce 29 8b 01 56 e7 44 9d 69 92 e7 11 |.(K..)..V.D.i...|
-00000020 7c 57 f2 a1 cf 35 d4 3a 8f 90 69 ce 80 4e 8b 6c ||W...5.:..i..N.l|
-00000030 e9 eb 90 65 0e 89 49 20 41 ae 32 62 66 f4 aa 85 |...e..I A.2bf...|
-00000040 cd ca f7 a2 37 8f ef 22 ab b6 7b |....7.."..{|
+00000000 14 03 03 00 01 01 16 03 03 00 40 68 2a 2b af 97 |..........@h*+..|
+00000010 68 8d 96 ed 55 bc aa d2 d3 81 97 54 a1 01 88 7f |h...U......T....|
+00000020 72 b7 3a 38 66 c2 53 9a 01 56 0d e0 02 b5 93 66 |r.:8f.S..V.....f|
+00000030 b3 93 74 e2 e0 c5 22 1c 0d 8f bb 7d e1 43 bf bd |..t..."....}.C..|
+00000040 bc 69 2e 58 96 7b 39 f0 55 6f 1b |.i.X.{9.Uo.|
>>> Flow 5 (client to server)
00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 76 a4 88 f6 fb 0a 0f 8d a6 1f e0 |.....v..........|
-00000020 96 4d d0 93 30 c9 b6 27 1e 3c 87 d7 98 f9 d6 e9 |.M..0..'.<......|
-00000030 96 f7 e0 af b6 15 03 03 00 30 00 00 00 00 00 00 |.........0......|
-00000040 00 00 00 00 00 00 00 00 00 00 82 01 3b 93 6f 78 |............;.ox|
-00000050 1b e8 b6 ed 45 11 85 26 0f 40 63 2a a6 c9 f8 7b |....E..&.@c*...{|
-00000060 7f 01 42 6b c1 8b 4f c0 a6 b5 |..Bk..O...|
+00000010 00 00 00 00 00 a6 98 ea d6 b2 81 83 18 5d 73 13 |.............]s.|
+00000020 dc e9 e9 bc 4c 1e a8 ec a5 62 93 f6 b8 0c 0f f0 |....L....b......|
+00000030 91 6e 51 2c fe 15 03 03 00 30 00 00 00 00 00 00 |.nQ,.....0......|
+00000040 00 00 00 00 00 00 00 00 00 00 7f e8 f5 80 8e 27 |...............'|
+00000050 1b 31 aa d0 ec 91 51 d0 18 21 de e3 63 1f ee 80 |.1....Q..!..c...|
+00000060 bc db 2f 4f ce 26 46 ce 65 2e |../O.&F.e.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
index 47c083e..995e9a9 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 b1 01 db c2 3f |....Y...U......?|
-00000010 11 0c d0 d2 fd 1d 5f 54 f6 62 4a 47 f9 62 e6 88 |......_T.bJG.b..|
-00000020 72 d7 f5 91 78 73 99 94 72 26 ed 20 51 91 b2 bf |r...xs..r&. Q...|
-00000030 78 94 0c 1f bb 7b ff a2 b6 8f 57 5d 03 f2 97 b8 |x....{....W]....|
-00000040 c2 20 99 cd 48 f3 14 fc 63 38 97 44 c0 2f 00 00 |. ..H...c8.D./..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 87 08 05 c4 11 |....Y...U.......|
+00000010 d3 bb ca 40 4a 0a 95 79 8c b9 82 54 6f e2 11 ba |...@J..y...To...|
+00000020 bd 7b 0d e4 f4 64 0d 35 a0 66 0b 20 41 e2 af c4 |.{...d.5.f. A...|
+00000030 e0 db f1 52 6a 6b f3 77 0d 83 f7 00 d0 05 3f 3e |...Rjk.w......?>|
+00000040 d8 3f d2 66 fa 19 3d 36 bd ff ae 13 c0 2f 00 00 |.?.f..=6...../..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,21 +60,22 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 22 78 15 4f d2 33 df |........ "x.O.3.|
-000002d0 3e 82 b7 10 ca 8b 5c d6 f2 84 8f e7 cb cf 3e 2f |>.....\.......>/|
-000002e0 65 dd 5b 5c 0a 48 f4 f6 1e 04 01 00 80 40 08 09 |e.[\.H.......@..|
-000002f0 e5 bc a2 e3 27 a9 7e 2d e2 1d 47 7c 8c 95 44 28 |....'.~-..G|..D(|
-00000300 f8 3d 00 5d f7 38 26 31 8f f3 61 27 f6 c0 a0 12 |.=.].8&1..a'....|
-00000310 ed 3b 59 18 ed aa 4c 4a 54 8a 23 0a 13 7a 7d 1c |.;Y...LJT.#..z}.|
-00000320 26 5e 7a f1 55 d5 68 dc f9 97 ef 6d 98 0f 87 41 |&^z.U.h....m...A|
-00000330 31 e5 a0 f1 84 19 3a 19 cf b3 f7 9d 34 13 05 ab |1.....:.....4...|
-00000340 85 2e 6f 4e 8f fd c3 37 63 3e c9 3d 48 87 6a 9b |..oN...7c>.=H.j.|
-00000350 c1 21 d1 4f 89 7d a1 dc 23 bb cf d8 b1 d9 91 e0 |.!.O.}..#.......|
-00000360 f6 48 f0 20 64 8b f8 f1 86 5c b3 6c 70 16 03 03 |.H. d....\.lp...|
-00000370 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......|
-00000380 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000390 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................|
-000003a0 04 0e 00 00 00 |.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 39 84 75 e0 64 4e 6d |........ 9.u.dNm|
+000002d0 37 4a cd ae 78 6f d3 b5 bd 3e fb dc 9b f8 51 39 |7J..xo...>....Q9|
+000002e0 85 35 a2 11 4b 59 be 57 01 08 04 00 80 a1 dd a6 |.5..KY.W........|
+000002f0 f4 e0 89 8a c1 ff e6 20 1e cf 73 41 94 e6 4a 4f |....... ..sA..JO|
+00000300 64 49 43 0e 53 90 61 31 92 a5 af 13 2e 00 2b e2 |dIC.S.a1......+.|
+00000310 61 6e 3f a1 9a e3 7d f6 79 0e cd f6 c1 84 e0 62 |an?...}.y......b|
+00000320 15 69 5a 94 8f af c5 c9 db b8 f4 4b 40 4c ea f7 |.iZ........K@L..|
+00000330 bb e9 cd f2 3a 00 c3 f1 c9 5e 43 67 36 c5 73 f1 |....:....^Cg6.s.|
+00000340 88 c1 6d 14 2f 92 63 ae 30 9d 3c 59 33 aa 78 62 |..m./.c.0.<Y3.xb|
+00000350 00 32 73 60 25 ed 4c 06 d4 ee 14 32 58 35 57 c6 |.2s`%.L....2X5W.|
+00000360 4c 10 3c 1b 16 6f f4 59 ad 52 74 42 0d 16 03 03 |L.<..o.Y.RtB....|
+00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+000003b0 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0|
00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5|
@@ -106,27 +113,27 @@
00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b|
00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......|
00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......|
-00000240 00 8f 06 03 00 8b 30 81 88 02 42 01 9e be 18 6a |......0...B....j|
-00000250 b3 8d c4 2f b9 ed db b9 89 cf 2f e5 d6 13 64 68 |.../....../...dh|
-00000260 72 e4 51 01 12 a9 83 08 d7 2e fa cc 64 09 80 79 |r.Q.........d..y|
-00000270 ce 3d 51 a1 e1 f7 3c 5c 2c dd 97 a2 f9 61 c3 7a |.=Q...<\,....a.z|
-00000280 bc 25 ad c1 04 a1 cf bf 06 f5 e2 b5 15 02 42 00 |.%............B.|
-00000290 bf 72 20 6f 0e 49 f2 07 bd 07 ef f3 e8 9c 1a 61 |.r o.I.........a|
-000002a0 b0 7a 6c b0 14 71 4a aa 76 05 9f d1 ef 5b 41 be |.zl..qJ.v....[A.|
-000002b0 4c 20 7b 5c 31 86 da e3 3b 54 0f af 79 6b 54 84 |L {\1...;T..ykT.|
-000002c0 72 0b 0a e4 ea 33 48 a2 1a e8 8d dd 16 45 80 d1 |r....3H......E..|
-000002d0 88 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 |...........(....|
-000002e0 00 00 00 00 4d 58 00 50 6d 12 ea c2 6c f8 1c 51 |....MX.Pm...l..Q|
-000002f0 e8 91 8c 24 dd c2 28 af c7 c7 ed 28 29 34 62 2c |...$..(....()4b,|
-00000300 c0 d3 06 7d |...}|
+00000240 00 8f 04 03 00 8b 30 81 88 02 42 01 cd 89 13 12 |......0...B.....|
+00000250 a4 7f e0 a5 f9 37 30 53 ed 49 39 ca 42 44 cf f0 |.....70S.I9.BD..|
+00000260 b3 ab 3f 70 eb ca 82 4d 9e a7 d5 47 0c df c2 fb |..?p...M...G....|
+00000270 f3 92 6b 0f 21 92 06 6d 48 e7 ba 36 22 56 d2 f3 |..k.!..mH..6"V..|
+00000280 b7 28 00 ab 46 46 f5 32 b9 45 93 57 21 02 42 01 |.(..FF.2.E.W!.B.|
+00000290 37 7c d6 f3 bd eb fa 1c 9b c8 83 0b 5c 73 66 42 |7|..........\sfB|
+000002a0 0c cd 8d da 40 32 c6 35 26 46 be db 48 56 55 d2 |....@2.5&F..HVU.|
+000002b0 e9 33 6e e0 da b8 45 f8 24 f2 59 6e 4f 4a 34 e2 |.3n...E.$.YnOJ4.|
+000002c0 51 d7 0f 25 f0 ae 83 d5 fa cd 4f 4a e6 c5 82 3d |Q..%......OJ...=|
+000002d0 a5 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 |...........(....|
+000002e0 00 00 00 00 fb 21 d8 50 53 e6 13 13 bc d4 f4 d4 |.....!.PS.......|
+000002f0 b5 f1 6c fe ed eb 15 ce 18 a1 3d cf 7f ae 40 d5 |..l.......=...@.|
+00000300 0c 91 41 69 |..Ai|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 b3 71 11 c5 31 |..........(.q..1|
-00000010 7b 22 87 23 7b 71 05 ca 95 fc d1 7d 0e fd 68 d3 |{".#{q.....}..h.|
-00000020 7f 08 af 41 16 ff cf 87 a4 5a 6b fb b1 5e 89 e0 |...A.....Zk..^..|
-00000030 8e 0c 88 |...|
+00000000 14 03 03 00 01 01 16 03 03 00 28 36 f9 5d 31 f6 |..........(6.]1.|
+00000010 a2 62 16 db 9b ea 79 28 52 1b 06 e1 59 39 f3 4a |.b....y(R...Y9.J|
+00000020 67 77 6d 2b 98 80 9d e9 80 55 53 82 37 17 61 65 |gwm+.....US.7.ae|
+00000030 f5 fa 06 |...|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 3b 83 10 |.............;..|
-00000010 ee 6d c5 a9 6a 9e 61 7f df 00 c4 03 39 6a b8 4a |.m..j.a.....9j.J|
-00000020 0f 0c e6 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 35 b9 7d a7 29 d0 ba e1 5e 4e f1 67 4a 81 12 e7 |5.}.)...^N.gJ...|
-00000040 62 72 |br|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 a0 3f 7e |..............?~|
+00000010 ce c3 cf 73 0f 2f 9d ba 5d 2e 3b 84 8b ef cd c4 |...s./..].;.....|
+00000020 2a 31 32 15 03 03 00 1a 00 00 00 00 00 00 00 02 |*12.............|
+00000030 58 7e 4f 75 06 0d 16 f5 6d 06 0f af 5a 40 9b bd |X~Ou....m...Z@..|
+00000040 79 f4 |y.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
index 892db8a..e6791c0 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 76 09 a7 74 97 |....Y...U..v..t.|
-00000010 df 92 1b 14 fb 0f 5c 82 a9 04 22 5f 32 1f 04 50 |......\..."_2..P|
-00000020 52 8c ec 30 c1 5e 73 51 8a 0d 22 20 12 f5 11 b3 |R..0.^sQ.." ....|
-00000030 3b 8e 49 9a 0b 79 3e 0a a8 7f a8 01 eb b0 ea 4e |;.I..y>........N|
-00000040 d5 19 0d 4e c5 7d d7 a0 ff 6e 75 a1 c0 30 00 00 |...N.}...nu..0..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 10 af 03 5d d2 |....Y...U.....].|
+00000010 4d c8 e6 2e 88 08 57 65 8c c6 fa af b5 e7 bd 49 |M.....We.......I|
+00000020 4c d0 dc 04 e6 14 e0 83 40 79 dd 20 5a 11 db 9d |L.......@y. Z...|
+00000030 c0 10 71 f5 27 89 5a 7e 17 80 9b 26 39 09 cc ad |..q.'.Z~...&9...|
+00000040 be 1a 24 37 d7 08 a2 e1 fe 75 54 71 c0 30 00 00 |..$7.....uTq.0..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,21 +60,22 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 24 0d ab 23 1c 61 5d |........ $..#.a]|
-000002d0 26 01 04 dd ea 32 2d e4 a1 95 28 fc a7 17 93 6f |&....2-...(....o|
-000002e0 ce b8 ef 0a 74 cf 28 ca 33 04 01 00 80 1e e1 03 |....t.(.3.......|
-000002f0 e6 a7 bd 38 7b 32 52 01 47 b3 fa 0a 8f 29 2c 98 |...8{2R.G....),.|
-00000300 58 37 21 3d 9e 78 48 dc 74 a9 ec d2 9a cb 56 8e |X7!=.xH.t.....V.|
-00000310 4a 90 d6 b6 87 82 03 b8 60 04 bf 73 b2 61 e6 ab |J.......`..s.a..|
-00000320 7d cd eb ba cf e8 16 86 db 38 7e 96 6b 14 c4 4f |}........8~.k..O|
-00000330 05 fb 2b b5 6e 50 9a f5 02 f3 a2 84 95 8d a6 91 |..+.nP..........|
-00000340 d2 16 33 98 16 c0 61 55 fe a8 70 02 d1 db 86 d1 |..3...aU..p.....|
-00000350 37 0c 02 36 cf b2 10 6d 63 94 f6 18 29 a7 6b 1b |7..6...mc...).k.|
-00000360 8f 7c 51 8e 8f e4 ef a8 2b 99 0b ae 1b 16 03 03 |.|Q.....+.......|
-00000370 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......|
-00000380 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000390 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................|
-000003a0 04 0e 00 00 00 |.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 42 0e 6e 06 83 b5 4e |........ B.n...N|
+000002d0 d9 f5 45 2b 82 1c 30 c7 65 5d 40 44 10 b8 63 aa |..E+..0.e]@D..c.|
+000002e0 6f ef 92 13 4b 8d fd 1b 0e 08 04 00 80 63 8f 8a |o...K........c..|
+000002f0 f3 6a 42 b9 e2 6d c3 06 c5 04 2d df 4b 06 0f b7 |.jB..m....-.K...|
+00000300 e5 36 d2 5f be aa 36 83 82 eb e8 06 e9 a5 b8 47 |.6._..6........G|
+00000310 db 43 fb 7d ab 0b 3a db 13 df ab 62 16 7d 80 57 |.C.}..:....b.}.W|
+00000320 4b 07 79 f6 d9 9c ad d4 1b b5 cd cb 92 44 bc 74 |K.y..........D.t|
+00000330 d0 f3 67 0c e6 1a 5a 18 53 bc bc 65 19 7a 13 f3 |..g...Z.S..e.z..|
+00000340 78 36 e7 14 7d 36 6d 85 ea d7 96 18 e2 bc 1d af |x6..}6m.........|
+00000350 58 50 f3 f7 a3 27 49 a4 89 10 e2 cc 2d db c5 4a |XP...'I.....-..J|
+00000360 4c 24 3e 9b 70 17 ae 2f f9 d0 96 8f b0 16 03 03 |L$>.p../........|
+00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+000003b0 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
@@ -105,26 +112,26 @@
00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
-00000230 88 0f 00 00 84 06 01 00 80 9f 32 29 c2 47 12 3b |..........2).G.;|
-00000240 c1 2a f5 02 2b be 51 88 68 ed d6 f6 06 72 b8 02 |.*..+.Q.h....r..|
-00000250 32 5f f6 c6 a0 72 d1 df d4 01 8c f7 37 ca 3a 8f |2_...r......7.:.|
-00000260 cb ee d8 1d 7b 8a 80 0b 21 30 14 55 32 19 ba 8e |....{...!0.U2...|
-00000270 a0 6a 0a 8b 53 01 71 09 d2 1c 19 b2 50 4f a4 35 |.j..S.q.....PO.5|
-00000280 4d 22 71 74 62 fb 24 8d d1 b2 0e d7 60 ae 9e a9 |M"qtb.$.....`...|
-00000290 07 60 84 99 da c9 a4 04 09 35 da c3 98 4e ab fe |.`.......5...N..|
-000002a0 41 68 f2 0c 8a 94 b3 26 af 2c 19 52 48 08 8d 00 |Ah.....&.,.RH...|
-000002b0 05 69 d8 9f 35 b5 9e 00 2e 14 03 03 00 01 01 16 |.i..5...........|
-000002c0 03 03 00 28 00 00 00 00 00 00 00 00 bf fd 71 87 |...(..........q.|
-000002d0 c2 8c 1e 69 59 95 8a 75 da 56 7e db e6 5c fd 6c |...iY..u.V~..\.l|
-000002e0 74 97 46 66 37 23 3f 39 91 23 c0 d1 |t.Ff7#?9.#..|
+00000230 88 0f 00 00 84 08 04 00 80 0d 7c 62 81 7d fc c9 |..........|b.}..|
+00000240 d4 4c 3e dd 4c b0 fe ce 43 90 27 39 2c be 01 24 |.L>.L...C.'9,..$|
+00000250 bc 55 f5 87 d7 31 00 47 6c 49 ce 82 db 0e 3d af |.U...1.GlI....=.|
+00000260 a5 f3 4a 28 c9 f7 0b d3 68 e2 b8 de 2d b3 d8 5d |..J(....h...-..]|
+00000270 c6 6d da 2f 74 c4 0a f4 93 ed 58 10 00 94 55 d6 |.m./t.....X...U.|
+00000280 c8 62 d0 35 20 cc 90 dc 70 bf 1d 6f c9 76 10 de |.b.5 ...p..o.v..|
+00000290 c2 50 ba e9 b4 bd 80 d7 01 b2 aa 1d 27 03 0f ad |.P..........'...|
+000002a0 39 46 ec 30 b0 fb 68 0f 1f b3 4c 0c 26 70 4c 33 |9F.0..h...L.&pL3|
+000002b0 bf 18 79 81 11 c0 7f b9 ae 14 03 03 00 01 01 16 |..y.............|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 a2 ee 76 00 |...(..........v.|
+000002d0 77 2b 70 9d f7 0a 11 b4 25 00 07 92 d4 4c 9c 68 |w+p.....%....L.h|
+000002e0 64 54 11 6d 39 46 6c ea 20 0c 15 ed |dT.m9Fl. ...|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 16 d9 d6 d4 2f |..........(..../|
-00000010 8c 6f 50 8d e6 6f ea eb 6a 55 6a 12 10 d2 dc aa |.oP..o..jUj.....|
-00000020 83 7a 38 6a bc 10 aa da 62 ab 94 7b ac f2 03 1a |.z8j....b..{....|
-00000030 2f 95 6d |/.m|
+00000000 14 03 03 00 01 01 16 03 03 00 28 f5 f7 fe 25 12 |..........(...%.|
+00000010 d8 e2 d9 ee b3 c8 02 a9 6e d9 80 ee 7b 7e 95 1f |........n...{~..|
+00000020 8e 97 a6 5f e8 4c ee 67 e9 a1 43 ab 0e 17 ce 92 |..._.L.g..C.....|
+00000030 7c 03 0f ||..|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 36 84 d7 |.............6..|
-00000010 5c ef b0 3e 11 86 a9 a1 2c 0c 05 2f fa 86 3b dc |\..>....,../..;.|
-00000020 fb 8c 94 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 86 fb 4d dd 33 11 53 9c c2 9f e6 48 79 19 69 f3 |..M.3.S....Hy.i.|
-00000040 db 3b |.;|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 4c 67 fb |.............Lg.|
+00000010 76 75 0d a4 56 d5 9c 1a 6d 7d 94 06 df 6d 05 98 |vu..V...m}...m..|
+00000020 39 be 1e 15 03 03 00 1a 00 00 00 00 00 00 00 02 |9...............|
+00000030 31 e3 f4 a1 b7 0e cc 48 17 a6 69 4d ba 43 a0 2d |1......H..iM.C.-|
+00000040 12 a2 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
index 9f717b1..06a9be8 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 63 c7 66 ed 90 |....Y...U..c.f..|
-00000010 6f f2 a3 65 32 55 e2 00 ce 15 46 33 22 ad 1a 6f |o..e2U....F3"..o|
-00000020 ac 21 89 0e b0 66 a8 04 98 f2 99 20 02 7c 4f 57 |.!...f..... .|OW|
-00000030 f4 69 17 6f 23 f5 a6 db 8f a6 ef eb 83 70 53 5d |.i.o#........pS]|
-00000040 0e 85 b9 d7 53 01 10 9b 65 97 c0 c1 c0 09 00 00 |....S...e.......|
+00000000 16 03 03 00 59 02 00 00 55 03 03 69 98 98 c5 21 |....Y...U..i...!|
+00000010 2e b7 a6 8e ba d1 11 b4 0a 84 ad 33 b9 8c 81 d7 |...........3....|
+00000020 26 ba 77 32 24 e5 c2 95 5f d2 b8 20 23 79 50 e0 |&.w2$..._.. #yP.|
+00000030 59 94 e1 05 47 58 ce a0 52 32 3f 96 1a e5 d8 15 |Y...GX..R2?.....|
+00000040 ec ae c9 51 a1 1c 19 e0 ac 40 28 9d c0 09 00 00 |...Q.....@(.....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,22 +55,23 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 e2 11 |*............ ..|
-00000280 47 88 ee 44 bb 63 68 cc aa 2e ee 22 66 93 25 2b |G..D.ch...."f.%+|
-00000290 19 c4 a1 0c 2f c0 a4 9e bb f3 f1 4d de 18 04 03 |..../......M....|
-000002a0 00 8a 30 81 87 02 41 7b fc 56 81 1e f9 fe 44 a7 |..0...A{.V....D.|
-000002b0 d3 b9 4e 4e 0b 5e d9 11 c1 11 c1 b5 94 60 1d e4 |..NN.^.......`..|
-000002c0 82 4b 6d 14 45 02 e3 06 d8 32 b4 c1 da 64 e4 92 |.Km.E....2...d..|
-000002d0 b7 52 a4 39 19 4e 21 53 03 4f 64 40 23 7a 75 db |.R.9.N!S.Od@#zu.|
-000002e0 e1 67 a8 29 d4 90 56 af 02 42 01 2d c0 14 ed 33 |.g.)..V..B.-...3|
-000002f0 7e f9 7d d2 6b 4c ba 06 7d 41 e1 7c d1 82 51 03 |~.}.kL..}A.|..Q.|
-00000300 ea b1 66 e5 c5 27 34 b1 b4 36 8e 5d d0 69 f9 10 |..f..'4..6.].i..|
-00000310 cc 60 f2 f1 30 2a ff a7 09 4f 87 93 28 26 9d 8d |.`..0*...O..(&..|
-00000320 75 a0 11 17 dd 6c e2 33 87 21 6d 0f 16 03 03 00 |u....l.3.!m.....|
-00000330 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 06 |*...&...@.......|
-00000340 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 |................|
-00000350 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 04 |................|
-00000360 0e 00 00 00 |....|
+00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 b8 1d |*............ ..|
+00000280 dd 31 88 3e 51 9e d8 b3 7f f0 93 7c 77 70 79 2c |.1.>Q......|wpy,|
+00000290 cb 21 d3 b8 8d 3d 65 33 2b a0 0d bb 5f 6a 04 03 |.!...=e3+..._j..|
+000002a0 00 8b 30 81 88 02 42 01 50 71 c1 68 9b a3 b3 7f |..0...B.Pq.h....|
+000002b0 ab 3f b0 32 d8 57 36 db 3f e5 5b 26 36 51 ed 89 |.?.2.W6.?.[&6Q..|
+000002c0 33 a5 e3 e3 49 2b ac d7 b2 9c 3f 6b 4d 8e 21 3d |3...I+....?kM.!=|
+000002d0 f6 bc 22 af 0a 48 f0 14 ff ed 14 95 16 e3 45 b3 |.."..H........E.|
+000002e0 b3 e7 c2 09 a5 e9 12 a1 4b 02 42 01 35 34 64 1c |........K.B.54d.|
+000002f0 d3 28 48 66 82 f3 93 8e 36 0b f7 ac ad f7 f5 4f |.(Hf....6......O|
+00000300 e5 fc b7 a8 a3 f0 fb 28 70 9e 36 bc c3 82 1b 22 |.......(p.6...."|
+00000310 ef 95 ab 70 28 07 0d aa c0 42 d6 c6 0e ed 37 d7 |...p(....B....7.|
+00000320 a6 a0 75 e6 db 03 b7 3c 61 26 8a 47 e1 16 03 03 |..u....<a&.G....|
+00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+00000370 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
@@ -101,31 +108,31 @@
00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
-00000230 88 0f 00 00 84 06 01 00 80 0a d6 0d 0a 0f 6b 18 |..............k.|
-00000240 f4 e3 3a b7 84 cd 56 53 ae 81 3f e8 50 a4 6a ab |..:...VS..?.P.j.|
-00000250 4e f7 f5 8f e6 c5 6f e1 88 47 a9 ba 35 07 a3 5d |N.....o..G..5..]|
-00000260 d0 e3 f3 b9 2a 33 33 1c af d5 91 4b 92 3d da eb |....*33....K.=..|
-00000270 96 3f 4c 0e ac 55 3e 32 8c 56 f9 3e 64 d1 51 03 |.?L..U>2.V.>d.Q.|
-00000280 a1 46 2a 47 0b d6 fd 0c 94 15 de 66 22 24 11 06 |.F*G.......f"$..|
-00000290 ed 17 ab f0 c5 5b 39 7d f2 ce 02 3f 3a 16 b4 14 |.....[9}...?:...|
-000002a0 81 f7 4f 38 a9 46 ee 09 bf ed 14 b5 d8 3c d6 32 |..O8.F.......<.2|
-000002b0 26 48 6d 9d 49 70 12 a0 f3 14 03 03 00 01 01 16 |&Hm.Ip..........|
+00000230 88 0f 00 00 84 08 04 00 80 0a f0 58 cc 8a d0 1c |...........X....|
+00000240 77 22 05 20 40 d3 74 f8 af d9 17 ed 01 61 5e c2 |w". @.t......a^.|
+00000250 9d 3a 53 ce 55 c6 11 9c 63 01 14 97 38 5f d8 17 |.:S.U...c...8_..|
+00000260 68 6f ee 09 73 42 23 dc 40 f8 4a 41 4d ca c8 98 |ho..sB#.@.JAM...|
+00000270 65 09 22 ca cd 27 00 8b 27 36 8a f9 1c 07 7f 3b |e."..'..'6.....;|
+00000280 98 46 2e fc 50 8e ca 4c 0e 2a f0 c4 e5 87 e2 24 |.F..P..L.*.....$|
+00000290 46 8b 3b 03 d3 03 78 f1 76 f5 14 12 c1 63 f7 21 |F.;...x.v....c.!|
+000002a0 e7 27 17 ce 2d a6 eb 50 ef e4 aa 32 14 89 f4 02 |.'..-..P...2....|
+000002b0 02 b7 9b 47 27 ca 56 5b 32 14 03 03 00 01 01 16 |...G'.V[2.......|
000002c0 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 |...@............|
-000002d0 00 00 00 00 d5 b2 cc f7 6b 74 c0 77 c3 05 7f 09 |........kt.w....|
-000002e0 28 54 fe 44 ef b1 4c 40 ff 47 00 59 ae 22 96 53 |(T.D..L@.G.Y.".S|
-000002f0 6d db b1 5b fd af 24 10 ca 0d f6 8b 24 7a c0 38 |m..[..$.....$z.8|
-00000300 d7 92 7c c2 |..|.|
+000002d0 00 00 00 00 5e ab 60 05 38 88 e6 d3 ba fd 13 2a |....^.`.8......*|
+000002e0 8a 17 c8 6e 54 d4 4e fd c4 12 87 c4 20 ef de 62 |...nT.N..... ..b|
+000002f0 fd d3 50 6f 5f 6b 9d b2 00 aa 5a ab 2c d1 3d 39 |..Po_k....Z.,.=9|
+00000300 46 20 ab d7 |F ..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 40 c3 48 00 56 17 |..........@.H.V.|
-00000010 16 d1 dd 17 a2 c7 48 c9 d6 3e 6a 1e 4c cc 0a a2 |......H..>j.L...|
-00000020 40 3e 31 2e 50 69 d6 06 15 48 87 45 2f f0 a1 04 |@>1.Pi...H.E/...|
-00000030 38 b2 81 15 b9 0d ac f4 9e 51 9f b0 9c 79 20 57 |8........Q...y W|
-00000040 ab 8a 56 08 97 2b d0 62 12 7d b3 |..V..+.b.}.|
+00000000 14 03 03 00 01 01 16 03 03 00 40 d7 80 4d 81 26 |..........@..M.&|
+00000010 8f 46 5b b4 63 56 cd bd a6 ca 31 ba 8e b8 5b a2 |.F[.cV....1...[.|
+00000020 47 a3 ef 5f ca a2 6a af d2 2c f9 bb c9 1b 20 fc |G.._..j..,.... .|
+00000030 a1 78 ca 7e 79 09 66 08 2c cb 0c a5 a3 35 01 ed |.x.~y.f.,....5..|
+00000040 90 90 3d 32 f3 7b 30 25 ca 5c 66 |..=2.{0%.\f|
>>> Flow 5 (client to server)
00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 27 df 11 a5 71 1a f9 c9 fb d3 a8 |.....'...q......|
-00000020 cd f1 5f 88 e4 db ca 2f ec c7 26 e2 c9 69 11 c5 |.._..../..&..i..|
-00000030 a4 ba 6f 58 69 15 03 03 00 30 00 00 00 00 00 00 |..oXi....0......|
-00000040 00 00 00 00 00 00 00 00 00 00 e8 9d f0 1d f8 4b |...............K|
-00000050 fc d1 7e ac 10 b2 5d af ea 87 b9 d8 4b 0d 24 d6 |..~...].....K.$.|
-00000060 ff 44 9f 93 bf 51 9d 21 9d 1d |.D...Q.!..|
+00000010 00 00 00 00 00 58 dc 0e 2b 4a 58 05 aa 22 cb 21 |.....X..+JX..".!|
+00000020 1c 6b 93 40 ab 6b 99 aa ae c0 e0 f8 31 22 a3 1b |.k.@.k......1"..|
+00000030 4a 98 bc 70 08 15 03 03 00 30 00 00 00 00 00 00 |J..p.....0......|
+00000040 00 00 00 00 00 00 00 00 00 00 8a 7b b8 60 83 23 |...........{.`.#|
+00000050 53 04 cf 14 b7 cf a9 d8 70 51 fe 92 f3 9c 25 6a |S.......pQ....%j|
+00000060 bf 43 e0 bd ca 33 33 6c 30 dc |.C...33l0.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled
new file mode 100644
index 0000000..71d26ea
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled
@@ -0,0 +1,137 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 59 02 00 00 55 03 03 05 c1 62 2b 2f |....Y...U....b+/|
+00000010 12 46 4d c5 47 61 bd 43 6d bb 3a 60 42 c1 cf da |.FM.Ga.Cm.:`B...|
+00000020 47 96 0a 11 35 f0 71 d8 f6 39 69 20 0f 9c c1 3f |G...5.q..9i ...?|
+00000030 9c 68 e7 86 13 7c 1f 83 6b 56 39 ee 0d c0 82 0b |.h...|..kV9.....|
+00000040 24 1b 8a 39 a6 dc bf 57 79 27 02 e4 c0 2f 00 00 |$..9...Wy'.../..|
+00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
+00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
+00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
+00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....|
+00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...|
+000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go|
+000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010|
+000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100|
+000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..|
+000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G|
+000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....|
+00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F|
+00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...|
+00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.|
+00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...|
+00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+|
+00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<|
+00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]|
+00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.|
+00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...|
+00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..|
+000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%|
+000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........|
+000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...|
+000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....|
+000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....|
+000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.|
+00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.|
+00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp|
+00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H|
+00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@|
+00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X|
+00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-|
+00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....|
+00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...|
+00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C|
+00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
+000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
+000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 94 54 54 4c 52 a7 a5 |........ .TTLR..|
+000002d0 c0 01 ed 59 bf 46 03 59 25 3b 57 f8 24 99 1b dc |...Y.F.Y%;W.$...|
+000002e0 f6 f4 1d 42 0e 2e c3 7c 02 08 04 00 80 5a 42 35 |...B...|.....ZB5|
+000002f0 78 c8 a9 37 6f 61 a4 ef 3a a3 12 03 f7 ee 44 be |x..7oa..:.....D.|
+00000300 8b c9 52 4f de db f5 1e 9c c8 33 32 3c 0a 9e d6 |..RO......32<...|
+00000310 32 bf 2e 12 f7 b0 9b 15 dc eb 24 6e d6 f2 ad 5d |2.........$n...]|
+00000320 9e 77 c4 a7 7a a1 a0 13 0b 90 b4 aa 3e 51 a1 3d |.w..z.......>Q.=|
+00000330 71 09 15 84 1c c5 98 bb 12 db 11 e2 4c 2c d1 a9 |q...........L,..|
+00000340 5a ed 8e fb c6 ae ec d5 6d ec d8 d8 2a a7 23 ae |Z.......m...*.#.|
+00000350 d7 d2 03 d0 23 8a 21 ac 7e 56 b4 23 7f c6 2a 72 |....#.!.~V.#..*r|
+00000360 85 0b 6d 6c 9d 6f ad ee 15 20 d9 2b b9 16 03 03 |..ml.o... .+....|
+00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+000003b0 04 0e 00 00 00 |.....|
+>>> Flow 3 (client to server)
+00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
+00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
+00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523|
+00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.|
+00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
+000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x|
+000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.|
+000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4|
+000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..|
+000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#|
+000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....|
+00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......|
+00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..|
+00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U|
+00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U|
+00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......|
+00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.|
+00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0|
+00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........|
+00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..|
+00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]|
+000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A|
+000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...|
+000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...|
+000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
+000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
+000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
+00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
+00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
+00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
+00000230 88 0f 00 00 84 04 01 00 80 61 11 ba 1a fe 08 7c |.........a.....||
+00000240 40 68 88 01 a4 3a 46 bf f6 e9 bb b6 08 92 20 f0 |@h...:F....... .|
+00000250 13 90 c2 4b 53 83 a1 12 c2 d5 8d e6 67 82 df 80 |...KS.......g...|
+00000260 85 a5 b4 e0 cf 1b d6 3a 46 1e 62 e5 7f 21 bc 91 |.......:F.b..!..|
+00000270 4a 8c c0 79 16 64 5f 7e 40 c5 fb 7a 52 5b bf db |J..y.d_~@..zR[..|
+00000280 cc 31 f8 b8 37 ef df dc 5f 96 30 ad dd 0b 8a 87 |.1..7..._.0.....|
+00000290 af 4d c6 5c a5 5e d7 2e fa c7 72 68 85 71 c3 0e |.M.\.^....rh.q..|
+000002a0 1b 26 87 ff 46 47 4a 1b ce b7 a5 aa 13 d2 5a e3 |.&..FGJ.......Z.|
+000002b0 36 02 35 df 68 d9 bf 3f 24 14 03 03 00 01 01 16 |6.5.h..?$.......|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 e3 8e cc e5 |...(............|
+000002d0 2e ab 40 fa 3d 47 c1 4f 3f de 97 a9 3d 96 73 ba |..@.=G.O?...=.s.|
+000002e0 eb a0 ce 67 f6 d1 14 b8 7e cd 1f 85 |...g....~...|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 6a 0a 74 70 75 |..........(j.tpu|
+00000010 0b 39 33 a5 15 0d 7c 7f f8 13 de 0e 0a 8f 13 3b |.93...|........;|
+00000020 62 4f 8a 0b bd 0a aa 9b 5a 52 d5 e6 9f e5 b9 3f |bO......ZR.....?|
+00000030 bd d8 3b |..;|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 0e 4d 62 |..............Mb|
+00000010 d3 ac cd 11 15 6d 24 c7 00 fa f9 d2 91 ba eb 06 |.....m$.........|
+00000020 f2 44 f1 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.D..............|
+00000030 d1 5a 58 ba ae 65 15 67 79 1f 52 f1 1a da 50 99 |.ZX..e.gy.R...P.|
+00000040 e8 50 |.P|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled-512 b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled-512
new file mode 100644
index 0000000..0e04729
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled-512
@@ -0,0 +1,125 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 59 02 00 00 55 03 03 68 11 23 f1 8d |....Y...U..h.#..|
+00000010 2b a0 71 8f 6e ad 9f ae 43 58 c2 93 2e f5 01 3d |+.q.n...CX.....=|
+00000020 15 b6 d6 0d f5 42 25 ca b7 b4 96 20 00 c7 86 06 |.....B%.... ....|
+00000030 ed d1 23 99 dd e3 c4 f5 f9 31 42 51 a3 51 5a 40 |..#......1BQ.QZ@|
+00000040 11 f6 07 90 51 04 f8 a2 f6 66 c1 f7 c0 2f 00 00 |....Q....f.../..|
+00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
+00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
+00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
+00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....|
+00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...|
+000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go|
+000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010|
+000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100|
+000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..|
+000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G|
+000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....|
+00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F|
+00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...|
+00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.|
+00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...|
+00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+|
+00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<|
+00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]|
+00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.|
+00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...|
+00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..|
+000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%|
+000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........|
+000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...|
+000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....|
+000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....|
+000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.|
+00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.|
+00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp|
+00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H|
+00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@|
+00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X|
+00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-|
+00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....|
+00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...|
+00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C|
+00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
+000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
+000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 fe 68 1c bf 2b d7 75 |........ .h..+.u|
+000002d0 c2 dd 96 03 5d 77 61 c1 7d dd 6f bc ea 3c aa 27 |....]wa.}.o..<.'|
+000002e0 ba cf 93 e2 8b d8 66 a1 1c 08 04 00 80 5e 16 b9 |......f......^..|
+000002f0 53 17 7d 8d bb 46 4b 1f 37 be cd fe e1 45 c3 10 |S.}..FK.7....E..|
+00000300 68 54 e4 61 20 a5 a5 98 4b df a7 5d 41 4a aa f8 |hT.a ...K..]AJ..|
+00000310 0e 36 c2 02 a6 56 a9 f1 aa 76 86 fd a7 86 fb 06 |.6...V...v......|
+00000320 94 55 56 bd eb 57 10 9a d5 ba 70 59 46 75 e3 b3 |.UV..W....pYFu..|
+00000330 29 14 c2 65 0e 5c a1 47 e6 bf 12 9d 31 8f 65 4d |)..e.\.G....1.eM|
+00000340 af dc 1b 6e d2 de d7 fb 85 e7 5a 42 4f de bf d8 |...n......ZBO...|
+00000350 d5 d8 5c 95 71 27 e7 04 af 58 0a d8 77 fb 3d 22 |..\.q'...X..w.="|
+00000360 84 f6 f6 53 c0 79 7a 72 01 6e 5c e1 a8 16 03 03 |...S.yzr.n\.....|
+00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+000003b0 04 0e 00 00 00 |.....|
+>>> Flow 3 (client to server)
+00000000 16 03 03 01 7f 0b 00 01 7b 00 01 78 00 01 75 30 |........{..x..u0|
+00000010 82 01 71 30 82 01 1b a0 03 02 01 02 02 10 1a 34 |..q0...........4|
+00000020 27 90 21 65 52 a6 85 96 de a2 c7 2c ff b4 30 0d |'.!eR......,..0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 39 30 31 31 38 32 33 32 33 32 |o0...19011823232|
+00000060 38 5a 17 0d 32 30 30 31 31 38 32 33 32 33 32 38 |8Z..200118232328|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 5c 30 0d 06 09 2a 86 48 86 f7 |me Co0\0...*.H..|
+00000090 0d 01 01 01 05 00 03 4b 00 30 48 02 41 00 dd 7b |.......K.0H.A..{|
+000000a0 3d 6b 15 40 f0 6b 1d 87 4f 16 dc 9c 55 0f f4 08 |=k.@.k..O...U...|
+000000b0 5c 80 41 8c 1d 55 76 9e 7e 15 54 45 85 24 1e 88 |\.A..Uv.~.TE.$..|
+000000c0 f0 2f cd 93 1d 17 cb 24 25 ae 61 58 07 31 10 9c |./.....$%.aX.1..|
+000000d0 83 e1 2a 5b 38 4f 48 45 a0 bb e3 26 75 e9 02 03 |..*[8OHE...&u...|
+000000e0 01 00 01 a3 4d 30 4b 30 0e 06 03 55 1d 0f 01 01 |....M0K0...U....|
+000000f0 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c |.......0...U.%..|
+00000100 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 03 |0...+.......0...|
+00000110 55 1d 13 01 01 ff 04 02 30 00 30 16 06 03 55 1d |U.......0.0...U.|
+00000120 11 04 0f 30 0d 82 0b 65 78 61 6d 70 6c 65 2e 63 |...0...example.c|
+00000130 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |om0...*.H.......|
+00000140 00 03 41 00 c4 3b 94 4b e0 6b ad 2d dc fa 1f a4 |..A..;.K.k.-....|
+00000150 f9 f4 0f 3a 63 92 73 2e b2 4d 7f 66 1f 0d 10 29 |...:c.s..M.f...)|
+00000160 bb 9c 19 a9 97 60 4c b4 51 12 30 39 d3 b4 b5 0d |.....`L.Q.09....|
+00000170 cb 1c f7 35 60 6b d8 48 fc 24 0e 39 23 a8 40 ac |...5`k.H.$.9#.@.|
+00000180 d9 59 bf 00 16 03 03 00 25 10 00 00 21 20 2f e5 |.Y......%...! /.|
+00000190 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff |}.G.bC.(.._.).0.|
+000001a0 f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 |........._X.;t..|
+000001b0 03 00 48 0f 00 00 44 04 01 00 40 15 33 b2 27 d6 |..H...D...@.3.'.|
+000001c0 ad 7f 45 86 df a0 83 5e 7c fb a7 0e 04 8e 3c a1 |..E....^|.....<.|
+000001d0 5b 9a 8f 98 04 cf 66 bb cf 6a d4 63 d7 ff b2 a4 |[.....f..j.c....|
+000001e0 f1 08 27 f7 53 1c ec 76 35 b1 09 93 91 db 63 e3 |..'.S..v5.....c.|
+000001f0 a6 2b e5 55 da 06 5b 2f c7 8d c3 14 03 03 00 01 |.+.U..[/........|
+00000200 01 16 03 03 00 28 00 00 00 00 00 00 00 00 98 d8 |.....(..........|
+00000210 99 fa 5a fb 79 57 1f 02 4e 07 51 d6 c6 32 9c e8 |..Z.yW..N.Q..2..|
+00000220 54 50 6c f9 63 fb 38 e2 ef 88 4b 7e 8d 7a |TPl.c.8...K~.z|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 4c 6b f0 26 84 |..........(Lk.&.|
+00000010 97 e6 54 cf 1f 25 1c 91 5d 10 63 22 66 73 d2 ce |..T..%..].c"fs..|
+00000020 0d 7c 0b 3d 7d 31 3c 0b 6c be 30 72 9e 04 c0 fb |.|.=}1<.l.0r....|
+00000030 73 88 75 |s.u|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 2a b2 2d |.............*.-|
+00000010 7f 6e 12 2d d7 63 05 e8 c4 fd 81 de b6 65 2f 2b |.n.-.c.......e/+|
+00000020 00 0e 13 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
+00000030 9c c0 ae 5a b4 5f b5 4f cd 3f 27 78 f9 b3 b5 b5 |...Z._.O.?'x....|
+00000040 57 f2 |W.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
index 656281c..a0aff25 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 cd 8e 54 03 73 |....Y...U....T.s|
-00000010 80 fb 7a 0a 38 a0 cd d3 5c 1a 84 a2 66 43 47 68 |..z.8...\...fCGh|
-00000020 7b d9 c0 5b c3 14 2f 51 45 12 62 20 9e 32 b0 17 |{..[../QE.b .2..|
-00000030 85 6e 8a de ae 7a f7 09 76 79 5f 74 eb b1 3c e9 |.n...z..vy_t..<.|
-00000040 4f 36 09 ef b2 f9 8f 25 c1 db 37 46 c0 2f 00 00 |O6.....%..7F./..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 82 19 ee 7f ef |....Y...U.......|
+00000010 86 a3 70 b1 75 84 05 bc 43 ed 52 df bf 42 c4 e3 |..p.u...C.R..B..|
+00000020 87 50 59 5d 88 4f df b6 85 0c 5d 20 c3 1b c3 9d |.PY].O....] ....|
+00000030 a0 2c 6b 16 1c 35 7a 3b 98 eb ba 8a 55 7a 10 af |.,k..5z;....Uz..|
+00000040 c4 7f cd 74 e5 f2 e4 6b c1 58 5f 18 c0 2f 00 00 |...t...k.X_../..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,21 +60,22 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 57 b6 34 6b 1c 97 1f |........ W.4k...|
-000002d0 51 f1 d5 38 68 a2 2f 69 fb 9e 94 cf 7e c3 25 97 |Q..8h./i....~.%.|
-000002e0 82 e9 32 c0 0e 99 0c 7c 50 04 01 00 80 2d 08 85 |..2....|P....-..|
-000002f0 c5 bc d6 3b 94 c5 7e 26 80 bc 0d 63 50 84 d0 77 |...;..~&...cP..w|
-00000300 f8 4b cd 2c d4 cb e0 f2 7c 63 dc 9e 42 4e 3f 3c |.K.,....|c..BN?<|
-00000310 a3 b7 c7 41 e6 e9 2c da ff 06 6d ec b5 f3 57 22 |...A..,...m...W"|
-00000320 3a 6b cc 6b 00 d0 53 6e b1 89 7c 09 cc db 8e f1 |:k.k..Sn..|.....|
-00000330 00 32 d1 68 2f ae 7a 83 00 71 a8 81 e6 66 c2 e7 |.2.h/.z..q...f..|
-00000340 13 94 bf 9b 30 84 23 3d 95 03 11 4d 3a e7 4c 0a |....0.#=...M:.L.|
-00000350 43 c7 6d 31 c1 92 b1 ab 7d 11 a1 2f 4a 2d bd fe |C.m1....}../J-..|
-00000360 f5 d4 b1 ab ef 2d e3 79 ee 2f 6b 44 29 16 03 03 |.....-.y./kD)...|
-00000370 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......|
-00000380 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000390 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................|
-000003a0 04 0e 00 00 00 |.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 5f 4e f4 61 c0 7a 45 |........ _N.a.zE|
+000002d0 82 9e 8e d4 dc cc cf 75 7e 22 47 c4 61 17 fc ae |.......u~"G.a...|
+000002e0 b0 0b 10 eb 4b b5 74 38 25 08 04 00 80 d1 db f1 |....K.t8%.......|
+000002f0 bf 1a 22 33 54 0f 85 11 3d 07 05 63 c7 1c 71 90 |.."3T...=..c..q.|
+00000300 e5 30 8d e6 3b 48 b3 42 e4 2e 72 9d 3e 6b 10 09 |.0..;H.B..r.>k..|
+00000310 d6 32 ae 37 d4 37 5e 46 52 52 40 e5 d2 03 a9 db |.2.7.7^FRR@.....|
+00000320 89 06 11 db be 67 73 3c 80 51 ce 09 df b0 ea 2a |.....gs<.Q.....*|
+00000330 e3 aa 3e c0 4a c4 7d 88 ec 45 7d e8 a8 1e 46 28 |..>.J.}..E}...F(|
+00000340 26 9e 38 d2 2a 97 dc a2 90 1a 7c 98 01 d9 f6 22 |&.8.*.....|...."|
+00000350 9e 46 4a a2 2f ae 6e a4 3d 00 82 46 8e 8e 04 21 |.FJ./.n.=..F...!|
+00000360 e7 39 23 de f6 51 6c 59 5c 63 40 c5 57 16 03 03 |.9#..QlY\c@.W...|
+00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+000003b0 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
@@ -105,26 +112,26 @@
00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
-00000230 88 0f 00 00 84 06 01 00 80 72 5e f2 3f d2 7d 33 |.........r^.?.}3|
-00000240 ec 01 70 e5 91 5b 71 ac 48 88 99 5a af ad 40 82 |..p..[q.H..Z..@.|
-00000250 a7 de 2f 25 16 67 e1 e3 7d e6 d5 0f 79 63 63 56 |../%.g..}...yccV|
-00000260 1b 45 da 38 f7 99 4d a2 8e 6f 70 02 92 21 da 69 |.E.8..M..op..!.i|
-00000270 ba 2d 95 ea e5 5a f1 be 23 bb d2 8c 8b 36 b8 bf |.-...Z..#....6..|
-00000280 c3 b5 c8 48 3c 27 26 c8 52 9c a4 53 d0 4e a6 7e |...H<'&.R..S.N.~|
-00000290 cf 95 01 20 62 e1 47 59 82 b0 f1 64 e7 8e f4 f4 |... b.GY...d....|
-000002a0 c7 50 67 83 ec 56 10 9d 0b 54 60 5a 1a 0f 0d 31 |.Pg..V...T`Z...1|
-000002b0 31 c6 2d 12 e6 e4 22 77 6a 14 03 03 00 01 01 16 |1.-..."wj.......|
-000002c0 03 03 00 28 00 00 00 00 00 00 00 00 91 d6 08 d4 |...(............|
-000002d0 74 3f 02 78 ed c3 9d 0b a7 f0 10 c7 e8 4a a3 a7 |t?.x.........J..|
-000002e0 d7 b7 c1 ca d4 fc e9 dc b5 ca 35 39 |..........59|
+00000230 88 0f 00 00 84 08 04 00 80 41 a2 d2 32 db ce 5b |.........A..2..[|
+00000240 04 45 ad 1c 31 7d f0 bc bb c0 53 65 38 b6 75 10 |.E..1}....Se8.u.|
+00000250 de 25 38 c2 3b 54 5b 1e 3d bb d2 6a 70 77 16 62 |.%8.;T[.=..jpw.b|
+00000260 c2 e8 d0 17 bd 01 89 89 26 28 75 69 ba 5e a1 4a |........&(ui.^.J|
+00000270 6d 7e e6 be 6c 64 7e 8b 0c 45 3b 4b ef 1d 75 69 |m~..ld~..E;K..ui|
+00000280 1f 51 4b 02 8e a0 19 de 47 41 44 14 4f e7 1e 23 |.QK.....GAD.O..#|
+00000290 b0 c0 41 3f 6a 64 0e 30 80 01 ea d8 a9 75 6d 97 |..A?jd.0.....um.|
+000002a0 28 4c ae df b1 6e 53 3b c3 aa 48 f1 5a e8 1c 8f |(L...nS;..H.Z...|
+000002b0 ed 8c 59 5d e1 0e 57 b1 7d 14 03 03 00 01 01 16 |..Y]..W.}.......|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 ee 41 37 7b |...(.........A7{|
+000002d0 ea 1e c3 d1 a7 7d 76 5c f8 b6 70 57 3c 02 71 49 |.....}v\..pW<.qI|
+000002e0 c5 14 35 bb c3 43 63 61 6c 46 6c 11 |..5..CcalFl.|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 d8 3b 3c 00 02 |..........(.;<..|
-00000010 7d c2 88 cf 6e 9b b3 99 cb b6 60 74 da 07 cb 6d |}...n.....`t...m|
-00000020 95 ce dd 08 d4 a3 5f 0d 79 89 40 8f 71 03 76 0a |......_.y.@.q.v.|
-00000030 c3 c0 d3 |...|
+00000000 14 03 03 00 01 01 16 03 03 00 28 87 e9 a4 2c 0f |..........(...,.|
+00000010 b5 52 a7 1b d0 99 86 27 d0 20 3e b5 44 77 0b 8f |.R.....'. >.Dw..|
+00000020 d5 4e db dc 52 ab 01 c0 1c fd 85 2c 41 3b d0 14 |.N..R......,A;..|
+00000030 11 26 29 |.&)|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 3e 3d cd |.............>=.|
-00000010 9b 8c 53 b7 86 e1 60 bc 3c 3a 7b b1 cf a5 d1 c8 |..S...`.<:{.....|
-00000020 1b d1 92 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 83 58 15 c4 87 a3 bf 7b cf e6 e0 b4 10 37 ad 3b |.X.....{.....7.;|
-00000040 d9 9a |..|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 e7 09 a0 |................|
+00000010 90 12 35 3f 8f 87 41 fc aa 13 24 50 9f 69 a5 c7 |..5?..A...$P.i..|
+00000020 37 38 02 15 03 03 00 1a 00 00 00 00 00 00 00 02 |78..............|
+00000030 08 53 f5 80 5c eb b2 3b 9d be a3 49 46 24 da 5a |.S..\..;...IF$.Z|
+00000040 7d 84 |}.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15 b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
new file mode 100644
index 0000000..48c2868
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
@@ -0,0 +1,134 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 59 02 00 00 55 03 03 27 d5 26 b1 eb |....Y...U..'.&..|
+00000010 43 b9 e2 34 e7 3a e2 5e 73 ee b6 d7 4b 0c 88 49 |C..4.:.^s...K..I|
+00000020 04 a8 0e fa f7 a1 79 39 e3 a6 29 20 75 68 40 36 |......y9..) uh@6|
+00000030 ee c2 11 37 2f ae 43 85 f1 d0 eb ee 3d 69 99 e2 |...7/.C.....=i..|
+00000040 3f f1 91 03 5d 00 af c5 f8 0d 4d dc c0 2f 00 00 |?...].....M../..|
+00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
+00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
+00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
+00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....|
+00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...|
+000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go|
+000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010|
+000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100|
+000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..|
+000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G|
+000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....|
+00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F|
+00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...|
+00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.|
+00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...|
+00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+|
+00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<|
+00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]|
+00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.|
+00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...|
+00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..|
+000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%|
+000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........|
+000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...|
+000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....|
+000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....|
+000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.|
+00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.|
+00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp|
+00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H|
+00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@|
+00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X|
+00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-|
+00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....|
+00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...|
+00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C|
+00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
+000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
+000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 41 51 d5 70 34 15 c0 |........ AQ.p4..|
+000002d0 76 3e 2b 5c e2 de 36 69 a9 2e bf b8 60 b4 3a 56 |v>+\..6i....`.:V|
+000002e0 00 73 c1 85 4a b2 3e a6 54 04 01 00 80 5d 44 f2 |.s..J.>.T....]D.|
+000002f0 28 99 f6 4f 45 bc 83 ce f7 98 ab 29 21 05 a6 c3 |(..OE......)!...|
+00000300 8c a9 ef c2 82 b5 b3 bd 31 09 ae 11 15 fa 21 02 |........1.....!.|
+00000310 43 59 00 fb 53 9d 0f bb b0 ab ca ba ce e8 41 28 |CY..S.........A(|
+00000320 0a 7b ff cb d4 eb 81 8a a2 ce a6 32 f8 d7 f2 a0 |.{.........2....|
+00000330 3b 0d c8 fc 8d 45 a8 4c 66 ef 48 ce 4a fc d3 7a |;....E.Lf.H.J..z|
+00000340 19 1d 7f bd 71 c6 61 4a 93 b9 01 c9 39 32 48 ec |....q.aJ....92H.|
+00000350 fd 01 c9 32 6b 9f d1 0e c1 62 bc 78 32 34 af 7e |...2k....b.x24.~|
+00000360 58 16 d0 4c c7 44 a6 3a e5 4c 89 d6 f3 16 03 03 |X..L.D.:.L......|
+00000370 00 0c 0d 00 00 08 01 01 00 02 04 01 00 00 16 03 |................|
+00000380 03 00 04 0e 00 00 00 |.......|
+>>> Flow 3 (client to server)
+00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
+00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
+00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523|
+00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.|
+00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
+000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x|
+000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.|
+000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4|
+000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..|
+000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#|
+000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....|
+00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......|
+00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..|
+00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U|
+00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U|
+00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......|
+00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.|
+00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0|
+00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........|
+00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..|
+00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]|
+000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A|
+000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...|
+000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...|
+000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
+000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
+000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
+00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
+00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
+00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
+00000230 88 0f 00 00 84 04 01 00 80 02 7e 43 b4 4e a2 07 |..........~C.N..|
+00000240 a4 97 70 3f 80 91 5c b5 a0 f9 d7 c4 52 c9 ee 8a |..p?..\.....R...|
+00000250 af 59 63 58 bb ac 55 47 cc 25 27 ea ca 48 0e fb |.YcX..UG.%'..H..|
+00000260 87 e3 3e 5f 55 67 d8 60 8c 47 45 10 36 aa 66 6c |..>_Ug.`.GE.6.fl|
+00000270 6b 16 2b 9e e5 da 50 73 dc 30 ef 2c 01 01 87 2e |k.+...Ps.0.,....|
+00000280 68 eb 14 35 f5 ef c4 45 ae 8e 95 29 86 96 6e 04 |h..5...E...)..n.|
+00000290 03 d6 3c 29 49 55 7c 7d ea 6c 1a a8 bf f9 5a e1 |..<)IU|}.l....Z.|
+000002a0 a9 c4 66 5b 8d b5 78 b8 05 ce 44 ca 98 77 a2 7d |..f[..x...D..w.}|
+000002b0 74 26 f4 ed 41 a3 97 2b 29 14 03 03 00 01 01 16 |t&..A..+).......|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 ac ec 0d 5a |...(...........Z|
+000002d0 c7 81 fe c3 b3 ff 3a 6e d0 f3 f7 8e 17 6a 53 db |......:n.....jS.|
+000002e0 58 5f 44 bb ce 59 0a 99 06 21 62 24 |X_D..Y...!b$|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 59 19 13 9f ea |..........(Y....|
+00000010 68 14 58 ab 09 0c af 4d b4 a1 05 09 47 08 50 cd |h.X....M....G.P.|
+00000020 b0 40 a0 3a 3f 89 68 c9 9c ea 8f 69 0a ea e1 75 |.@.:?.h....i...u|
+00000030 11 97 ab |...|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 38 f1 0f |.............8..|
+00000010 d6 4f 5c 0a 60 1a 9f 97 6d 4a 43 e8 c8 a8 18 7e |.O\.`...mJC....~|
+00000020 30 6f 67 15 03 03 00 1a 00 00 00 00 00 00 00 02 |0og.............|
+00000030 d9 ac f7 69 ca a2 58 78 10 c2 eb 1a 61 da af 28 |...i..Xx....a..(|
+00000040 20 02 | .|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
new file mode 100644
index 0000000..8c901f0
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
@@ -0,0 +1,135 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 59 02 00 00 55 03 03 ce d1 7f 55 bc |....Y...U.....U.|
+00000010 b8 a8 fb 08 cc d4 2d a2 e9 fa ff 43 24 d2 14 04 |......-....C$...|
+00000020 ad 5a 05 77 d4 67 04 8b c1 3e 5c 20 31 6e ba 32 |.Z.w.g...>\ 1n.2|
+00000030 70 bd f0 c8 55 74 a1 49 f3 9f 93 86 e9 b3 ee 81 |p...Ut.I........|
+00000040 3e 54 09 e9 15 78 78 7e 71 2b f5 cd c0 2f 00 00 |>T...xx~q+.../..|
+00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
+00000060 03 02 66 0b 00 02 62 00 02 5f 00 02 5c 30 82 02 |..f...b.._..\0..|
+00000070 58 30 82 01 8d a0 03 02 01 02 02 11 00 f2 99 26 |X0.............&|
+00000080 eb 87 ea 8a 0d b9 fc c2 47 34 7c 11 b0 30 41 06 |........G4|..0A.|
+00000090 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 0f 30 0d |.*.H......04..0.|
+000000a0 06 09 60 86 48 01 65 03 04 02 01 05 00 a1 1c 30 |..`.H.e........0|
+000000b0 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 0d 06 09 |...*.H......0...|
+000000c0 60 86 48 01 65 03 04 02 01 05 00 a2 03 02 01 20 |`.H.e.......... |
+000000d0 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 6d |0.1.0...U....Acm|
+000000e0 65 20 43 6f 30 1e 17 0d 31 37 31 31 32 33 31 36 |e Co0...17112316|
+000000f0 31 36 31 30 5a 17 0d 31 38 31 31 32 33 31 36 31 |1610Z..181123161|
+00000100 36 31 30 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 |610Z0.1.0...U...|
+00000110 07 41 63 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a |.Acme Co0..0...*|
+00000120 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 |.H............0.|
+00000130 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc 06 |......F}...'.H..|
+00000140 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 47 |(!.~...]..RE.z6G|
+00000150 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb 4f |....B[.....y.@.O|
+00000160 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 22 |m..+.....g....."|
+00000170 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 74 |8.J.ts+.4......t|
+00000180 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 23 |{.X.la<..A..++$#|
+00000190 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d 1e |w[.;.u]. T..c...|
+000001a0 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 62 |$....P....C...ub|
+000001b0 f4 14 c8 52 d7 02 03 01 00 01 a3 46 30 44 30 0e |...R.......F0D0.|
+000001c0 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 |..U...........0.|
+000001d0 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 |..U.%..0...+....|
+000001e0 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 |...0...U.......0|
+000001f0 00 30 0f 06 03 55 1d 11 04 08 30 06 87 04 7f 00 |.0...U....0.....|
+00000200 00 01 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 |..0A..*.H......0|
+00000210 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 |4..0...`.H.e....|
+00000220 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 |....0...*.H.....|
+00000230 08 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 |.0...`.H.e......|
+00000240 a2 03 02 01 20 03 81 81 00 cd ac 4e f2 ce 5f 8d |.... ......N.._.|
+00000250 79 88 10 42 70 7f 7c bf 1b 5a 8a 00 ef 19 15 4b |y..Bp.|..Z.....K|
+00000260 40 15 17 71 00 6c d4 16 26 e5 49 6d 56 da 0c 1a |@..q.l..&.ImV...|
+00000270 13 9f d8 46 95 59 3c b6 7f 87 76 5e 18 aa 03 ea |...F.Y<...v^....|
+00000280 06 75 22 dd 78 d2 a5 89 b8 c9 23 64 e1 28 38 ce |.u".x.....#d.(8.|
+00000290 34 6c 6e 06 7b 51 f1 a7 e6 f4 b3 7f fa b1 3f 14 |4ln.{Q........?.|
+000002a0 11 89 66 79 d1 8e 88 0e 0b a0 9e 30 2a c0 67 ef |..fy.......0*.g.|
+000002b0 ca 46 02 88 e9 53 81 22 69 22 97 ad 80 93 d4 f7 |.F...S."i"......|
+000002c0 dd 70 14 24 d7 70 0a 46 a1 16 03 03 00 ac 0c 00 |.p.$.p.F........|
+000002d0 00 a8 03 00 1d 20 62 1f 63 aa 80 a5 b5 a3 e3 71 |..... b.c......q|
+000002e0 71 63 0d be 4d d2 bd f4 3b 0d 78 e8 c1 fe 43 0d |qc..M...;.x...C.|
+000002f0 e3 09 9a 01 ed 72 08 04 00 80 59 a7 96 03 f4 60 |.....r....Y....`|
+00000300 fa 56 73 a2 14 e8 1e 0b 66 d5 7e 91 7c 99 50 6b |.Vs.....f.~.|.Pk|
+00000310 c0 74 8d 24 a5 98 2d df 47 e4 42 73 09 a0 c4 6a |.t.$..-.G.Bs...j|
+00000320 42 22 3d 85 f0 a4 05 f8 b5 74 96 85 f7 b0 22 9a |B"=......t....".|
+00000330 ee 25 b5 19 c1 ec f0 3b 32 bd 28 6a eb ac 32 e4 |.%.....;2.(j..2.|
+00000340 54 18 2e 6c b9 c0 74 d5 e8 36 2b 47 67 65 ba fb |T..l..t..6+Gge..|
+00000350 53 18 b2 e3 30 6c 49 4c 8f 07 91 54 93 47 3b b9 |S...0lIL...T.G;.|
+00000360 f1 92 81 53 b9 de 5a f5 28 08 e7 4a 46 fa 63 8f |...S..Z.(..JF.c.|
+00000370 d0 66 29 0d 6d f0 6b 11 c1 2b 16 03 03 00 0c 0d |.f).m.k..+......|
+00000380 00 00 08 01 01 00 02 08 04 00 00 16 03 03 00 04 |................|
+00000390 0e 00 00 00 |....|
+>>> Flow 3 (client to server)
+00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
+00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
+00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523|
+00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.|
+00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
+000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x|
+000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.|
+000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4|
+000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..|
+000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#|
+000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....|
+00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......|
+00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..|
+00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U|
+00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U|
+00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......|
+00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.|
+00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0|
+00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........|
+00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..|
+00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]|
+000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A|
+000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...|
+000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...|
+000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
+000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
+000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
+00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
+00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
+00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
+00000230 88 0f 00 00 84 08 04 00 80 a4 3b 32 76 8f fd 9a |..........;2v...|
+00000240 42 99 24 e1 58 f8 21 39 b7 b2 55 ed 25 5c 67 a7 |B.$.X.!9..U.%\g.|
+00000250 d3 79 f2 04 36 03 18 ad 76 4e db 9f ce 4f 97 86 |.y..6...vN...O..|
+00000260 6f 0c 72 f5 8e 52 44 16 01 f2 4d c2 74 9f 75 51 |o.r..RD...M.t.uQ|
+00000270 ea a4 0a 9c 1f a0 96 7e 2b e2 fc f9 80 c8 31 f9 |.......~+.....1.|
+00000280 40 19 fe 40 d2 62 fd 9c 1a 29 ed ea 33 b3 ac f7 |@..@.b...)..3...|
+00000290 e6 52 b6 2b 69 62 b2 a4 8d 62 db 4b 67 d9 fb b0 |.R.+ib...b.Kg...|
+000002a0 2a 25 c5 c1 7e ca 7d 56 75 a0 b4 8e 65 18 ea ba |*%..~.}Vu...e...|
+000002b0 fb 86 dc 60 b1 d3 fb 4b ce 14 03 03 00 01 01 16 |...`...K........|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 40 48 84 70 |...(........@H.p|
+000002d0 05 89 8a 4d 25 4b 4f 14 96 bd 29 5f f8 1a e5 c0 |...M%KO...)_....|
+000002e0 87 f5 b7 1e 1f ba 73 b4 66 e7 9f ea |......s.f...|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 9b d9 9c b6 21 |..........(....!|
+00000010 4f 16 83 6d 53 a4 df 76 a4 79 60 9d fb 92 b0 57 |O..mS..v.y`....W|
+00000020 7f 9b 4e 35 80 d6 d4 04 e6 a9 93 62 f7 41 8a 23 |..N5.......b.A.#|
+00000030 78 22 4e |x"N|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 81 49 a3 |..............I.|
+00000010 c8 46 e1 9a 79 fa 94 02 69 94 24 0d e2 44 95 76 |.F..y...i.$..D.v|
+00000020 ee a0 ca 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
+00000030 41 df 97 11 9e 64 12 ce 6f 96 be 90 af d8 4a 13 |A....d..o.....J.|
+00000040 c5 01 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES
index 3403023..4e02120 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 78 e9 9b 0c e1 |....Y...U..x....|
-00000010 45 f0 55 05 58 ef 80 4f 22 88 e4 7d eb af a5 b2 |E.U.X..O"..}....|
-00000020 75 36 9f a2 cc 6d 51 27 ca 7e 38 20 c8 89 89 e7 |u6...mQ'.~8 ....|
-00000030 95 70 01 01 67 b0 9a 1a 7a 54 d8 bb 22 72 c6 9c |.p..g...zT.."r..|
-00000040 09 ff d4 2c 0a 94 86 bc 51 cb 56 7d c0 09 00 00 |...,....Q.V}....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 fa c6 67 00 b7 |....Y...U....g..|
+00000010 e2 10 1e 8e b4 64 0e 4e 78 38 25 ff fb 5f bf 9f |.....d.Nx8%.._..|
+00000020 b6 de b2 91 50 6c 67 0a bd dc dd 20 83 f5 41 e7 |....Plg.... ..A.|
+00000030 98 0c 38 d9 3b 09 18 d2 2e 16 f5 ef 98 a9 ce 38 |..8.;..........8|
+00000040 f1 36 3e bb 6d 45 81 b8 03 82 57 3d c0 09 00 00 |.6>.mE....W=....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,39 +55,39 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 0f 61 |*............ .a|
-00000280 6e 56 ec 74 54 e2 24 09 61 64 45 89 44 aa cb 79 |nV.tT.$.adE.D..y|
-00000290 18 37 12 42 07 f8 d7 a3 42 b8 d7 06 21 28 04 03 |.7.B....B...!(..|
-000002a0 00 8a 30 81 87 02 42 00 af 5c 33 04 e8 e1 fa b7 |..0...B..\3.....|
-000002b0 98 38 96 ea c1 ee 7d 2c 45 85 ab 41 bd d8 88 af |.8....},E..A....|
-000002c0 a6 0b e4 22 56 7d 3a e6 a6 8e 0d b5 81 cb 38 43 |..."V}:.......8C|
-000002d0 e7 b6 94 ee 20 e7 61 89 00 99 69 18 b3 06 d0 15 |.... .a...i.....|
-000002e0 0e f4 10 e9 5a dd 74 10 d1 02 41 27 4c dc 89 d4 |....Z.t...A'L...|
-000002f0 75 56 d4 c2 82 7d 53 a0 61 c5 ba 6a 9a ca fa 36 |uV...}S.a..j...6|
-00000300 16 db 82 5d 5e b7 9b 6a b8 13 0b 69 2f b5 c9 8e |...]^..j...i/...|
-00000310 53 18 03 24 b3 31 b1 48 8c b9 e0 16 96 cc e2 5d |S..$.1.H.......]|
-00000320 71 6a 1d 70 8c 1b 57 8e 5d 9a f2 e1 16 03 03 00 |qj.p..W.].......|
-00000330 04 0e 00 00 00 |.....|
+00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 da 76 |*............ .v|
+00000280 af 3a be 2d da 07 b1 41 61 16 f3 ad c1 3f b5 95 |.:.-...Aa....?..|
+00000290 27 4a 91 9d de f0 b8 a3 c7 ad c8 64 47 35 04 03 |'J.........dG5..|
+000002a0 00 8b 30 81 88 02 42 01 86 ea 56 df 52 76 06 31 |..0...B...V.Rv.1|
+000002b0 ae d9 80 6b 51 a0 61 84 9c a2 e5 aa dc d5 54 ba |...kQ.a.......T.|
+000002c0 ca c9 88 d2 90 f6 a1 76 6c 38 39 d4 0b 2e e0 e5 |.......vl89.....|
+000002d0 6a f5 f1 98 97 d4 a9 5a 73 a8 c7 67 eb 8b e2 8a |j......Zs..g....|
+000002e0 2c 2a 80 a3 7e 5d 5e d8 0c 02 42 01 96 20 c9 4a |,*..~]^...B.. .J|
+000002f0 a5 43 f1 c0 08 20 72 ea d2 9c 89 2b ef aa f1 37 |.C... r....+...7|
+00000300 ff 00 78 3a 51 61 6a 13 61 7b e9 ea 37 bf 35 18 |..x:Qaj.a{..7.5.|
+00000310 5a 19 33 29 4d fe e6 d4 0e cc 1e 21 13 6e ed 62 |Z.3)M......!.n.b|
+00000320 bc d5 66 26 a4 82 d5 e0 99 3b ed 70 78 16 03 03 |..f&.....;.px...|
+00000330 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
00000030 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000040 00 00 00 00 00 c1 47 dc 05 80 89 9f 04 e8 88 58 |......G........X|
-00000050 bc 59 78 df ce bb d4 f7 cf 45 e2 2a ff ce 09 9c |.Yx......E.*....|
-00000060 07 f3 90 49 ad 4d 07 b4 21 46 e3 37 e9 54 82 4d |...I.M..!F.7.T.M|
-00000070 a2 05 ad 83 fa |.....|
+00000040 00 00 00 00 00 08 0a dc 8c c5 3e 8d 03 ab e1 c3 |..........>.....|
+00000050 ea aa 03 d8 1d 19 99 9c 2c 15 09 4b 39 a8 51 c6 |........,..K9.Q.|
+00000060 4e 15 46 1c d2 7c b0 a9 4b 7f be c9 35 99 ab db |N.F..|..K...5...|
+00000070 4b e0 6c 62 17 |K.lb.|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 40 a6 27 61 cd 85 |..........@.'a..|
-00000010 3a 7c 35 bb 33 61 ed 4b 0f 0c 42 bd 25 a5 5a a8 |:|5.3a.K..B.%.Z.|
-00000020 ef 27 b3 d7 d2 38 64 c7 46 51 5c f2 4b 32 a1 eb |.'...8d.FQ\.K2..|
-00000030 b2 6a ba af fc d0 2d 7a 9d 72 d5 23 ae 15 2a fc |.j....-z.r.#..*.|
-00000040 1c 03 cd 99 dd ac b0 31 83 0a 1e |.......1...|
+00000000 14 03 03 00 01 01 16 03 03 00 40 ae ce d9 46 bc |..........@...F.|
+00000010 2f df aa fb d6 7d 52 e3 e9 a0 e6 e9 22 14 ae fe |/....}R....."...|
+00000020 ce 34 c2 b2 16 ae aa 6b 72 90 d3 a6 e9 1e 96 3f |.4.....kr......?|
+00000030 fd 45 d7 cc 28 db ac f7 42 55 3e 24 2c 5e dc 3e |.E..(...BU>$,^.>|
+00000040 5f 6e 36 76 6e ab 1c 35 76 e5 4b |_n6vn..5v.K|
>>> Flow 5 (client to server)
00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 a7 0f 50 52 17 a2 5b 19 33 4e 97 |.......PR..[.3N.|
-00000020 33 4e 56 2e 1e bf 93 ca ae fa 4c ca ff 47 08 7b |3NV.......L..G.{|
-00000030 d2 f8 e1 29 29 15 03 03 00 30 00 00 00 00 00 00 |...))....0......|
-00000040 00 00 00 00 00 00 00 00 00 00 a5 ac 57 1c ca 5f |............W.._|
-00000050 f2 39 b2 85 a5 4a 06 11 a2 8f e5 1d 55 1d 4f 89 |.9...J......U.O.|
-00000060 6c d9 47 bd a2 8b d3 d0 eb d6 |l.G.......|
+00000010 00 00 00 00 00 48 f8 b0 95 19 6b 5f 9a 03 5d 10 |.....H....k_..].|
+00000020 d6 1a 3c ed d1 f8 73 4f 84 52 63 a2 3a f5 3c 4d |..<...sO.Rc.:.<M|
+00000030 94 d7 a3 cf a4 15 03 03 00 30 00 00 00 00 00 00 |.........0......|
+00000040 00 00 00 00 00 00 00 00 00 00 09 9d 9d 6b 46 62 |.............kFb|
+00000050 f2 78 42 c0 f8 07 4e 58 8c a9 fa f2 8c 80 c9 fc |.xB...NX........|
+00000060 ad 32 75 f8 9b 3b d7 32 7f 38 |.2u..;.2.8|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
index 3ae5fac..a0c3f30 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 e1 a8 35 92 15 |....Y...U....5..|
-00000010 b2 f2 02 ae 4f 1b c5 1c 46 04 d1 bf 60 d6 bd 66 |....O...F...`..f|
-00000020 d0 c4 d5 18 26 10 6d 53 19 35 d2 20 15 d3 4b 3f |....&.mS.5. ..K?|
-00000030 de 5a f3 8d f7 02 c4 71 8b 4f c2 b6 69 49 f1 2a |.Z.....q.O..iI.*|
-00000040 79 66 40 45 ee 9d 1b d8 72 7e b0 23 c0 2b 00 00 |yf@E....r~.#.+..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 d1 cf 2d 7a f6 |....Y...U....-z.|
+00000010 a2 09 06 6e 67 c1 ce 6e ae 25 49 da fc 24 4f d1 |...ng..n.%I..$O.|
+00000020 8a a0 2e d0 7f 87 a4 8b 58 c8 37 20 22 d2 39 81 |........X.7 ".9.|
+00000030 5b 59 bd 0f 7b 59 b4 2c 38 d4 e0 03 1c 3b 5a 99 |[Y..{Y.,8....;Z.|
+00000040 20 57 75 30 3d 3f a8 d9 cd 33 41 17 c0 2b 00 00 | Wu0=?...3A..+..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,34 +55,34 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 2e b4 |*............ ..|
-00000280 dd 41 46 08 4d c2 c9 37 b8 50 0b 50 6f c7 bd 13 |.AF.M..7.P.Po...|
-00000290 de 59 d4 9f d0 2b 44 2a 8c 6f 2a f9 67 7a 04 03 |.Y...+D*.o*.gz..|
-000002a0 00 8a 30 81 87 02 41 7c 9a e0 93 cc 65 a2 af 0e |..0...A|....e...|
-000002b0 32 9c 37 b7 39 9a 45 95 fb 2e b2 a9 34 f8 ab 47 |2.7.9.E.....4..G|
-000002c0 d8 3b 6f 7d b8 03 32 a9 d0 30 1a 37 cc fd 4a 16 |.;o}..2..0.7..J.|
-000002d0 94 f9 23 ce b7 8a e6 91 d7 33 00 25 d3 c7 88 d8 |..#......3.%....|
-000002e0 49 2c 81 73 e2 b1 b8 78 02 42 01 c8 58 dc 43 96 |I,.s...x.B..X.C.|
-000002f0 40 00 c3 4c 9c a1 ba ef 4a 20 e6 ee 53 28 6e 82 |@..L....J ..S(n.|
-00000300 97 ba f3 0b 71 5c f9 4f 05 1e 61 a7 ba 03 60 5c |....q\.O..a...`\|
-00000310 f5 61 1e fd 53 c1 74 30 5c 92 b4 4c 6e d2 9f 05 |.a..S.t0\..Ln...|
-00000320 6b ad 92 e5 14 b8 a9 07 a0 f3 34 71 16 03 03 00 |k.........4q....|
+00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 1a b3 |*............ ..|
+00000280 9a e4 c6 dd ca 36 10 16 55 e4 97 36 a5 b2 e7 e9 |.....6..U..6....|
+00000290 42 b3 f3 a0 bb df d8 a5 00 be 40 35 8c 50 04 03 |B.........@5.P..|
+000002a0 00 8a 30 81 87 02 42 01 90 c8 0f 71 3e 83 c9 6b |..0...B....q>..k|
+000002b0 f2 b0 75 7d 9c 54 d4 33 59 fd ef 69 b4 d9 4d 9b |..u}.T.3Y..i..M.|
+000002c0 48 fd cd 45 e5 e4 6c 8a 3a d5 1d 60 dc 88 65 3b |H..E..l.:..`..e;|
+000002d0 98 81 e1 69 38 d9 bf fe 19 65 6b d9 da 57 8b d3 |...i8....ek..W..|
+000002e0 b3 ef 54 db 4b dc f5 42 02 02 41 0d ab cd 01 a9 |..T.K..B..A.....|
+000002f0 fc b8 10 40 2c 1a c7 46 e1 54 c0 5b 7f 24 28 49 |...@,..F.T.[.$(I|
+00000300 fc 8b 62 e5 3e 99 db 2f 3d 69 d9 4c 86 c2 45 bb |..b.>../=i.L..E.|
+00000310 89 0a f7 2e 7d 9f fb f8 fc 49 f9 c3 fb 21 f6 21 |....}....I...!.!|
+00000320 10 35 7f 92 14 09 37 76 8b 2c 6c f2 16 03 03 00 |.5....7v.,l.....|
00000330 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 71 c9 39 |....(........q.9|
-00000040 50 b8 91 9e eb f6 48 c6 04 d0 ae 99 dc 63 14 1b |P.....H......c..|
-00000050 e9 4f 6b c0 18 46 b6 ca 38 bc 58 c3 85 |.Ok..F..8.X..|
+00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 0b f4 58 |....(..........X|
+00000040 bd 46 cf 10 2b 5b f7 6b 89 44 12 a2 25 95 cd a3 |.F..+[.k.D..%...|
+00000050 df ce 5c e4 e2 50 5f ef 06 84 06 03 8f |..\..P_......|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 e3 f3 fe 51 7c |..........(...Q||
-00000010 7c f9 ad fe 85 6c 37 fd 8f e2 76 2f 10 38 62 b0 ||....l7...v/.8b.|
-00000020 37 7c cf 6e e6 65 c6 f4 5e 67 33 03 10 62 14 29 |7|.n.e..^g3..b.)|
-00000030 8a ca 2e |...|
+00000000 14 03 03 00 01 01 16 03 03 00 28 2f 02 07 37 3f |..........(/..7?|
+00000010 3c 9d 0a fb 03 31 a2 df 0f d6 b4 53 f8 fa 38 bb |<....1.....S..8.|
+00000020 47 ed 9d 69 b7 64 72 75 8a 06 f2 fa 9f 06 a4 91 |G..i.dru........|
+00000030 65 c5 6e |e.n|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 5a 2d fa |.............Z-.|
-00000010 9d 55 ff 55 ee 77 9e c0 60 3d 37 aa 82 14 a9 8c |.U.U.w..`=7.....|
-00000020 7b d3 92 15 03 03 00 1a 00 00 00 00 00 00 00 02 |{...............|
-00000030 8a 69 ad 03 ec 4f 06 55 e6 0c 3a 59 ea 15 26 e7 |.i...O.U..:Y..&.|
-00000040 17 de |..|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 31 4a a6 |.............1J.|
+00000010 a1 88 d0 36 6a 11 b7 4f 81 a8 f5 1d c1 c6 d1 51 |...6j..O.......Q|
+00000020 3b a2 b1 15 03 03 00 1a 00 00 00 00 00 00 00 02 |;...............|
+00000030 0e 35 89 7d 67 0e 8d b7 6f c9 86 6d 33 05 9f 7c |.5.}g...o..m3..||
+00000040 ab 8e |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
index 9d79b14..12b87c9 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 c7 69 06 a9 64 |....Y...U...i..d|
-00000010 53 1a 6c 7b 39 f3 2e e3 01 5e ef e0 ac 69 a6 2e |S.l{9....^...i..|
-00000020 39 59 c4 a8 06 60 9c 5b 0a 93 f2 20 b1 ba 93 61 |9Y...`.[... ...a|
-00000030 3f c3 a8 d0 e7 22 60 8a 0b c2 68 14 69 c5 8a 9c |?...."`...h.i...|
-00000040 35 b2 ba 8a d2 9b a4 e0 13 d8 fc bb c0 23 00 00 |5............#..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 bd b8 d6 c0 5c |....Y...U......\|
+00000010 0c 7f e3 50 4c 1c d3 b0 0f 67 1a 32 cc 49 18 03 |...PL....g.2.I..|
+00000020 41 91 87 43 0c eb 40 53 a4 2c 0c 20 ec a4 59 bd |A..C..@S.,. ..Y.|
+00000030 cb 3e b8 94 d9 74 ee ab 8e 7a 24 c8 cc af 08 87 |.>...t...z$.....|
+00000040 e7 9c d1 01 4e fe 7d 1d 5d cf e0 2c c0 23 00 00 |....N.}.]..,.#..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,43 +55,43 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 bd cd |*............ ..|
-00000280 69 00 ff 76 9e 27 f5 4d cb f2 be 87 ec f3 c6 08 |i..v.'.M........|
-00000290 79 fa cc 4e a5 db e6 dd 19 cb b1 66 e5 2b 04 03 |y..N.......f.+..|
-000002a0 00 8a 30 81 87 02 41 33 72 4b 8e 13 f1 3c 7b 9b |..0...A3rK...<{.|
-000002b0 4e 63 e0 28 1c 62 b0 a9 bf 70 96 68 93 52 4b 64 |Nc.(.b...p.h.RKd|
-000002c0 02 4b 79 0b 50 7c 16 df 21 8f e4 8b c2 c6 4b cc |.Ky.P|..!.....K.|
-000002d0 96 b8 bb 4a cc 89 f6 a5 6d c2 a3 70 b6 5a 25 26 |...J....m..p.Z%&|
-000002e0 ad aa 56 95 72 fa d6 13 02 42 01 de 8a 1f 83 51 |..V.r....B.....Q|
-000002f0 ce 3e 37 ff 3e ba 0e ed bd f3 95 0c 1b 69 8f f3 |.>7.>........i..|
-00000300 f4 a9 26 cb c6 f4 70 79 da 93 5b 25 76 89 e8 3d |..&...py..[%v..=|
-00000310 94 7f a9 5b 4f 25 83 63 a2 cb 71 27 41 5e 41 a1 |...[O%.c..q'A^A.|
-00000320 5c 65 f2 2d a4 81 91 ca 79 bc 45 d3 16 03 03 00 |\e.-....y.E.....|
+00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 6d 7f |*............ m.|
+00000280 23 3f 8c 08 0f db 54 cc dc 84 d7 97 f0 18 85 68 |#?....T........h|
+00000290 e3 17 94 f6 48 f3 c2 9c 4c 3e 58 47 ed 29 04 03 |....H...L>XG.)..|
+000002a0 00 8a 30 81 87 02 42 01 c1 d9 7a d0 fb d9 ff 31 |..0...B...z....1|
+000002b0 78 20 9e 2e 5c f0 22 97 1b 24 e8 50 6f 5d 8c db |x ..\."..$.Po]..|
+000002c0 fb 97 0d 2d 73 08 ae 46 14 1c 76 2b 38 ad 75 2d |...-s..F..v+8.u-|
+000002d0 a2 8e 5a 99 40 47 51 1f 11 af c0 86 bc c9 3b e3 |..Z.@GQ.......;.|
+000002e0 a0 ff 6a e6 87 e6 74 d8 fd 02 41 7a 72 6a 93 12 |..j...t...Azrj..|
+000002f0 4b 48 f9 46 af 95 90 1e 3b c7 2c fe 67 a1 44 d8 |KH.F....;.,.g.D.|
+00000300 77 1c 7e 03 fe be ba 9d a1 85 81 42 fb 18 7d 08 |w.~........B..}.|
+00000310 e6 04 1f 3e 05 eb 48 87 4e 28 1c e9 00 db 7f c4 |...>..H.N(......|
+00000320 17 cb 21 02 37 90 47 fd 2f db 95 a7 16 03 03 00 |..!.7.G./.......|
00000330 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
00000030 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 00 |....P...........|
-00000040 00 00 00 00 00 fe 52 a2 0a 9f de 8c 45 36 c5 0e |......R.....E6..|
-00000050 a0 b5 f6 06 80 9f 2b 0e 72 4b 86 a7 4c 2a 37 0c |......+.rK..L*7.|
-00000060 a0 a3 4c 2c 32 32 cf ed 45 ee e3 a2 1c 17 7d 4f |..L,22..E.....}O|
-00000070 d8 60 d6 79 08 01 d7 35 0c 40 c8 85 f1 3e 73 b5 |.`.y...5.@...>s.|
-00000080 5d 89 c9 db 03 |]....|
+00000040 00 00 00 00 00 7a c5 98 1b ac 30 7c ea 9b cc 6d |.....z....0|...m|
+00000050 5d 40 19 5d 6e 47 8a 46 d4 de 8c a3 f8 9b b1 2c |]@.]nG.F.......,|
+00000060 9f 90 e9 83 2c a6 18 9f 39 92 d5 1f ab d5 5a 03 |....,...9.....Z.|
+00000070 79 44 36 e3 0d b5 c9 e4 36 73 08 7d 55 e0 23 d6 |yD6.....6s.}U.#.|
+00000080 82 f3 d7 4e ba |...N.|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 50 99 8b 66 fc b2 |..........P..f..|
-00000010 0c 18 de 47 7b 72 a2 9b 47 64 58 45 00 70 b6 d3 |...G{r..GdXE.p..|
-00000020 33 62 c2 c6 41 da 5d 08 37 16 5c 24 50 06 e0 e6 |3b..A.].7.\$P...|
-00000030 7c 90 5e 32 5e 3f 2e bc 70 d2 77 b5 29 d8 d4 fb ||.^2^?..p.w.)...|
-00000040 38 8c 05 40 e1 42 1a 25 44 79 fa a6 cc f6 50 5a |8..@.B.%Dy....PZ|
-00000050 da e0 85 99 30 20 7d ee 04 fe ca |....0 }....|
+00000000 14 03 03 00 01 01 16 03 03 00 50 a4 84 15 44 2e |..........P...D.|
+00000010 6e e3 20 8d 7c a0 e4 85 36 7b a6 19 35 38 52 d0 |n. .|...6{..58R.|
+00000020 bf 47 7e b4 09 a7 5b 5b e6 7c ad 4a b0 56 0a 28 |.G~...[[.|.J.V.(|
+00000030 50 ef 94 89 8b 54 80 06 7a d8 b2 5d 75 ab e2 ff |P....T..z..]u...|
+00000040 b1 6c 11 60 d2 0d 06 af bf 45 fd d8 5a 7b 2d 9c |.l.`.....E..Z{-.|
+00000050 7c a1 b7 5e 4c 77 c9 ed 56 f0 68 ||..^Lw..V.h|
>>> Flow 5 (client to server)
00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000010 00 00 00 00 00 cb cb 98 55 3f 17 18 42 7b 52 0c |........U?..B{R.|
-00000020 6f 6c 50 87 b1 af ef 25 ac a5 24 4a d2 bc 39 33 |olP....%..$J..93|
-00000030 29 81 c0 4f cf 20 8f 0c 4c a8 64 5f 97 4d da f4 |)..O. ..L.d_.M..|
-00000040 89 7c 28 f3 d4 15 03 03 00 40 00 00 00 00 00 00 |.|(......@......|
-00000050 00 00 00 00 00 00 00 00 00 00 6b c5 03 a6 9b 87 |..........k.....|
-00000060 ac df 05 8d 79 3c 46 12 70 3a 1d a0 d0 29 7c 2a |....y<F.p:...)|*|
-00000070 7e 33 ee 58 99 46 0a f0 8c 03 60 b8 ee 70 c9 b7 |~3.X.F....`..p..|
-00000080 40 ba 19 d9 d4 8a e3 95 ef 16 |@.........|
+00000010 00 00 00 00 00 0b 1a da c8 8a 8e 62 45 0b b3 69 |...........bE..i|
+00000020 6a 6e 43 20 54 ae 4e 10 4b 64 0c e0 d6 1c 77 9d |jnC T.N.Kd....w.|
+00000030 bd 23 f7 0a 7d eb 2e 54 9a d7 08 1d c6 af eb a9 |.#..}..T........|
+00000040 6e c2 18 b5 95 15 03 03 00 40 00 00 00 00 00 00 |n........@......|
+00000050 00 00 00 00 00 00 00 00 00 00 c7 9c 8c 71 7f 00 |.............q..|
+00000060 42 8e 5b 14 4a 9b 88 a1 5b 68 b4 45 16 c0 c1 91 |B.[.J...[h.E....|
+00000070 3e 9a 9f 84 b2 9b b3 f2 f5 e3 50 53 2e d8 4b 7c |>.........PS..K||
+00000080 2a e8 e9 91 64 81 5a f4 43 f3 |*...d.Z.C.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
index 85f4607..70608d8 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 93 2e 79 54 e7 |....Y...U....yT.|
-00000010 e4 ce 82 cd 46 2b d1 99 d2 ba c7 37 1e f5 86 2f |....F+.....7.../|
-00000020 6c 7d b1 10 e1 98 03 b1 93 a9 d9 20 c2 b6 55 f9 |l}......... ..U.|
-00000030 d0 b3 65 3e 99 33 4c a4 5d a3 58 8b b4 ee c3 91 |..e>.3L.].X.....|
-00000040 80 34 1c 07 c2 b9 9c bf e4 c0 bd f2 c0 2c 00 00 |.4...........,..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 97 16 31 62 59 |....Y...U....1bY|
+00000010 8f a6 1c c4 b2 65 e5 d3 85 92 16 5e 52 06 03 9f |.....e.....^R...|
+00000020 5a 20 35 3f c2 68 a7 3f 40 18 44 20 d1 5f 9f a0 |Z 5?.h.?@.D ._..|
+00000030 2c f9 83 69 98 2f 3f ff ad 1c d8 bc ba 36 33 a7 |,..i./?......63.|
+00000040 72 8e a4 a7 1e cb 42 db ef 3c ee b0 c0 2c 00 00 |r.....B..<...,..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -49,34 +55,34 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 d2 39 |*............ .9|
-00000280 f6 fc 9c 40 cb ba 04 7c 37 ac df 95 5f 46 44 f4 |...@...|7..._FD.|
-00000290 2b 0c 63 24 4e 95 1d 35 b3 68 ab 27 d1 5a 04 03 |+.c$N..5.h.'.Z..|
-000002a0 00 8b 30 81 88 02 42 01 3e ff 73 74 01 f5 c8 32 |..0...B.>.st...2|
-000002b0 31 f1 d5 0b 26 db 0c ef d0 c9 a7 aa 21 c8 0f 50 |1...&.......!..P|
-000002c0 2f ce eb 41 ce 1e de 5d 29 8d c1 20 f2 d9 5d 39 |/..A...]).. ..]9|
-000002d0 9d 1d c1 10 b1 a8 35 33 cc 58 f3 fd df 5d 7e fc |......53.X...]~.|
-000002e0 ee 8b 15 02 03 2e b0 2b b1 02 42 00 e0 f1 cf e9 |.......+..B.....|
-000002f0 e7 e2 1a a7 e1 3c 47 40 c4 fb b2 0d 15 47 4e 26 |.....<G@.....GN&|
-00000300 46 bc 16 49 dd 17 2c ef 2c 4a d0 ba e5 76 90 f1 |F..I..,.,J...v..|
-00000310 e8 4b 2c d3 83 ef 36 2a 6d b7 83 52 ff b0 a0 44 |.K,...6*m..R...D|
-00000320 52 9b 25 7e 8a 20 af 74 e3 fc b3 75 cd 16 03 03 |R.%~. .t...u....|
-00000330 00 04 0e 00 00 00 |......|
+00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 71 52 |*............ qR|
+00000280 57 ca a4 04 3b 72 37 67 bc 0f 5d 37 ac 33 21 9f |W...;r7g..]7.3!.|
+00000290 65 cd 27 a1 5f b5 19 ff 9b cb 35 ce 98 76 04 03 |e.'._.....5..v..|
+000002a0 00 8a 30 81 87 02 41 13 01 36 e8 6e a5 85 d8 65 |..0...A..6.n...e|
+000002b0 d4 0c 38 31 bb 99 5f 39 f9 49 6f b7 bd 75 ef 5c |..81.._9.Io..u.\|
+000002c0 87 d6 86 b4 76 25 87 72 50 e7 20 14 5f c4 1e b0 |....v%.rP. ._...|
+000002d0 fe c0 8c 44 a7 e0 18 1b 01 38 4d 11 d1 c5 ad 05 |...D.....8M.....|
+000002e0 87 09 dd dd 8a f0 96 9c 02 42 00 e4 50 9b 26 b0 |.........B..P.&.|
+000002f0 3c 00 7f 66 8b 71 12 cc 7f ba 03 6e b5 d9 3c a5 |<..f.q.....n..<.|
+00000300 2e 0a 10 d0 66 0b 82 10 97 45 4e 19 6e 95 7c 52 |....f....EN.n.|R|
+00000310 ca b1 ae 96 b7 c4 ee 93 67 41 d7 e4 4c 28 7a d6 |........gA..L(z.|
+00000320 70 10 dc 95 f9 22 52 3a 38 74 73 54 16 03 03 00 |p...."R:8tsT....|
+00000330 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 5c 78 1d |....(........\x.|
-00000040 a7 00 de 4e 5e 13 6a 1d 1d 82 28 f6 b6 8a 88 fe |...N^.j...(.....|
-00000050 00 81 fe 04 95 a0 4e 93 e0 01 19 a3 6d |......N.....m|
+00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 1a c4 04 |....(...........|
+00000040 eb 27 48 c1 ed 93 75 73 01 06 e3 55 70 6c c6 a0 |.'H...us...Upl..|
+00000050 62 eb f5 a9 f3 8c a5 8a e3 e9 43 a4 2e |b.........C..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 0a 61 1d 77 66 |..........(.a.wf|
-00000010 67 ca 17 5a 94 fc bf 36 07 33 f8 7e 34 bc 65 aa |g..Z...6.3.~4.e.|
-00000020 0f 28 7d 40 80 6e 33 99 83 09 02 78 b7 d1 cd 56 |.(}@.n3....x...V|
-00000030 a7 f7 e5 |...|
+00000000 14 03 03 00 01 01 16 03 03 00 28 6e bc 2f ed 32 |..........(n./.2|
+00000010 53 00 47 5c 73 6c e3 86 38 e5 df e2 db 40 bf 31 |S.G\sl..8....@.1|
+00000020 87 a5 33 fb af dd c9 c7 1c 98 7b ba 11 42 5e 0a |..3.......{..B^.|
+00000030 f1 65 3b |.e;|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 56 48 af |.............VH.|
-00000010 45 e1 76 a8 67 ef 80 cc 92 03 aa b5 88 fc 48 84 |E.v.g.........H.|
-00000020 1b 81 39 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..9.............|
-00000030 5a 53 90 c9 25 a6 99 ce e7 09 74 97 63 68 fe 0c |ZS..%.....t.ch..|
-00000040 5e 89 |^.|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 75 32 a8 |.............u2.|
+00000010 ce 12 60 b4 d6 83 2c 4a e5 43 cb 6d c8 f3 f2 ee |..`...,J.C.m....|
+00000020 8e 1e 2c 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..,.............|
+00000030 4e bb e9 81 44 f2 44 90 7c ac 8a 35 a3 ef e2 9b |N...D.D.|..5....|
+00000040 d9 2b |.+|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
index 4d3fbfe..9acc6be 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
@@ -1,17 +1,24 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 6b 01 00 00 67 03 03 00 00 00 00 00 |....k...g.......|
+00000000 16 03 01 00 ce 01 00 00 ca 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 cc a9 |................|
-00000030 01 00 00 3c 00 05 00 05 01 00 00 00 00 00 0a 00 |...<............|
-00000040 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
-00000050 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 |................|
-00000060 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 08 cc a9 |................|
+00000050 13 01 13 03 13 02 01 00 00 79 00 05 00 05 01 00 |.........y......|
+00000060 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 |................|
+00000070 19 00 0b 00 02 01 00 00 0d 00 18 00 16 08 04 08 |................|
+00000080 05 08 06 04 01 04 03 05 01 05 03 06 01 06 03 02 |................|
+00000090 01 02 03 ff 01 00 01 00 00 12 00 00 00 2b 00 09 |.............+..|
+000000a0 08 03 04 03 03 03 02 03 01 00 33 00 26 00 24 00 |..........3.&.$.|
+000000b0 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f |.. /.}.G.bC.(.._|
+000000c0 bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 |.).0.........._X|
+000000d0 cb 3b 74 |.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 3c 9c e9 fb 22 |....Y...U..<..."|
-00000010 8b 32 cb 0d 56 1d a7 a2 c7 c5 d4 41 3d 9f 84 1b |.2..V......A=...|
-00000020 26 50 b6 a3 fa f2 c5 20 0d f9 a6 20 38 86 ba 26 |&P..... ... 8..&|
-00000030 db 6e d9 ab 3c 73 ec d8 34 56 d1 f2 d3 60 42 9a |.n..<s..4V...`B.|
-00000040 b5 e6 2f 24 c5 a7 fa 42 bc b8 13 df cc a9 00 00 |../$...B........|
+00000000 16 03 03 00 59 02 00 00 55 03 03 81 32 be f7 42 |....Y...U...2..B|
+00000010 de 0a 50 a4 4e a3 58 2f 7c 6b a8 14 d9 d4 66 ec |..P.N.X/|k....f.|
+00000020 ca 4b 07 2e 59 2d f0 b2 24 1d 69 20 53 20 08 85 |.K..Y-..$.i S ..|
+00000030 8a 10 34 6d 41 d8 12 02 38 49 d6 1c c8 f5 e3 6c |..4mA...8I.....l|
+00000040 bb ac 77 2d 2a 06 69 e9 6c fd d0 da cc a9 00 00 |..w-*.i.l.......|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -46,32 +53,32 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 ef e6 |*............ ..|
-00000280 9e e3 b7 29 0e db 15 72 e8 a8 14 db 99 9c 81 05 |...)...r........|
-00000290 29 a0 52 3d 4b a8 76 a3 6d 45 9a 19 72 50 04 03 |).R=K.v.mE..rP..|
-000002a0 00 8a 30 81 87 02 41 59 79 0e 40 7d ee 88 af a4 |..0...AYy.@}....|
-000002b0 23 dd 4e 18 6a 15 20 af 98 d9 f7 4f 0a ff 7a c6 |#.N.j. ....O..z.|
-000002c0 a7 36 53 f0 1e 1a a7 90 25 e6 bd 82 69 cc bc aa |.6S.....%...i...|
-000002d0 5d dd c5 0d 01 ed f8 75 57 18 3b d9 52 9d e2 3b |]......uW.;.R..;|
-000002e0 a2 fb 7a 71 ea 61 7c 34 02 42 01 f3 ed 1f 6d e8 |..zq.a|4.B....m.|
-000002f0 15 ce a1 af ff f5 2f fb e4 6f 83 9c ac f4 05 e2 |....../..o......|
-00000300 27 15 bb dd 63 9c ea ac 06 a1 08 4c 5f ad 1a 80 |'...c......L_...|
-00000310 cd ee d6 b7 d0 96 6d 42 54 ff cb 42 9b 48 24 0c |......mBT..B.H$.|
-00000320 fe fa 07 2a 0a 7a d3 c0 58 4b cd 79 16 03 03 00 |...*.z..XK.y....|
-00000330 04 0e 00 00 00 |.....|
+00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 fd 29 |*............ .)|
+00000280 57 4f 25 0b 83 38 bb da 84 c4 39 52 60 97 83 88 |WO%..8....9R`...|
+00000290 31 5e 38 df 9c 24 29 8b 29 d7 90 6d 19 56 04 03 |1^8..$).)..m.V..|
+000002a0 00 8b 30 81 88 02 42 01 04 ae 1f e9 dd fe 81 62 |..0...B........b|
+000002b0 5b 68 b5 2b dd fb d0 92 18 b4 8d 6b ed 87 0e d2 |[h.+.......k....|
+000002c0 ba 3c 83 ca f4 a1 09 87 89 bf 0e 5d 40 04 a5 e3 |.<.........]@...|
+000002d0 30 22 19 0d 0c be 64 3d c4 8a b4 22 79 98 91 0e |0"....d=..."y...|
+000002e0 7a d6 f8 71 75 7f 5b 30 c5 02 42 01 c0 0b 0a 14 |z..qu.[0..B.....|
+000002f0 93 15 f3 b4 36 4f 06 7d 70 42 52 b5 10 66 66 db |....6O.}pBR..ff.|
+00000300 55 40 2b b9 4c aa 77 11 b8 27 5c aa eb df df a0 |U@+.L.w..'\.....|
+00000310 d3 54 ee 14 54 c9 fc e0 a4 10 01 c7 b2 0c 82 6b |.T..T..........k|
+00000320 7d c0 b5 80 4d 04 e7 61 63 f9 1e 78 6b 16 03 03 |}...M..ac..xk...|
+00000330 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 6e 2a ec f4 3a e8 88 99 f1 77 94 |.... n*..:....w.|
-00000040 b3 a2 c5 3a 59 c2 9a f5 4a fb 89 e4 51 1a 54 a4 |...:Y...J...Q.T.|
-00000050 72 d9 54 99 c3 |r.T..|
+00000030 16 03 03 00 20 51 20 c3 d5 2d 48 50 98 1a 00 5c |.... Q ..-HP...\|
+00000040 35 83 1d c6 22 8d a3 aa 2b 3a ac bf 68 51 a8 9f |5..."...+:..hQ..|
+00000050 23 4b c7 91 df |#K...|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 be 1a 60 4e 4a |.......... ..`NJ|
-00000010 2d 81 19 6b 7c f2 80 15 18 9c 38 70 6d a3 49 88 |-..k|.....8pm.I.|
-00000020 93 4b e8 cc 9f b2 0e cc ed 29 64 |.K.......)d|
+00000000 14 03 03 00 01 01 16 03 03 00 20 09 1f 51 48 37 |.......... ..QH7|
+00000010 b5 c7 d8 b3 8a 17 48 1d cc b7 32 5d 82 73 ad a2 |......H...2].s..|
+00000020 db 4a dc 4a 0d 3b 0b 26 32 56 ee |.J.J.;.&2V.|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 bd 4c d9 d3 ea d0 d3 4e db dc ea |......L.....N...|
-00000010 ad e7 20 17 ec 36 04 29 a5 7c ab 15 03 03 00 12 |.. ..6.).|......|
-00000020 7b e1 b6 9b fc f9 18 83 87 31 b3 02 e7 b2 e3 c6 |{........1......|
-00000030 37 d8 |7.|
+00000000 17 03 03 00 16 de 17 a1 32 d6 09 f3 0d 72 19 eb |........2....r..|
+00000010 05 c6 41 f9 0f c6 f7 68 b9 f6 cf 15 03 03 00 12 |..A....h........|
+00000020 79 da 43 1b 80 2b d1 46 81 f3 33 78 53 58 79 bc |y.C..+.F..3xSXy.|
+00000030 df 51 |.Q|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES
index 9cc3e8f..8feca53 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 66 3d ff 45 dc |....Y...U..f=.E.|
-00000010 ea f8 4c 56 5d 55 71 63 c1 64 33 9f f5 09 aa 38 |..LV]Uqc.d3....8|
-00000020 bd 13 27 d7 85 ed 0a b4 68 83 9a 20 98 69 c4 d9 |..'.....h.. .i..|
-00000030 a1 46 f4 30 ed 4d ae 31 7b 3c 18 23 fa b5 b4 a1 |.F.0.M.1{<.#....|
-00000040 74 98 34 7f b8 d0 00 e5 22 35 eb 4f c0 13 00 00 |t.4....."5.O....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 1c 68 c5 b0 f8 |....Y...U...h...|
+00000010 30 5e df 4e ef 13 06 3c 38 33 bd 70 40 9c 90 cb |0^.N...<83.p@...|
+00000020 80 bc 8e 68 af 8f c4 59 1e fd 0d 20 40 58 a4 e2 |...h...Y... @X..|
+00000030 32 5a d7 19 11 6c d3 66 94 94 21 02 ca 42 ef 25 |2Z...l.f..!..B.%|
+00000040 ce 51 d8 d3 70 07 4f 70 8d c2 8f 55 c0 13 00 00 |.Q..p.Op...U....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,38 +60,38 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 f1 a9 e3 69 c6 9b 08 |........ ...i...|
-000002d0 76 5c 45 2f 7d 16 73 79 b2 c5 9f 01 05 13 74 56 |v\E/}.sy......tV|
-000002e0 93 4a dd b2 db 97 61 f9 11 04 01 00 80 81 a1 58 |.J....a........X|
-000002f0 99 41 95 ab 7b cc ac 46 e8 04 3e c9 2d 9c 66 63 |.A..{..F..>.-.fc|
-00000300 0d 80 19 43 85 bc b5 cf d2 a4 db 9d 28 c2 f4 f7 |...C........(...|
-00000310 fe a1 f3 8f 6b e3 b5 6e e2 c2 e2 ac b9 0f f8 8d |....k..n........|
-00000320 29 d2 ba 46 dc 10 ae c2 f3 0f b0 8f 1c e6 22 54 |)..F.........."T|
-00000330 84 9f 10 c9 a5 ae 53 43 15 61 eb 0c ad 49 78 47 |......SC.a...IxG|
-00000340 69 f9 52 9e 58 23 dc df d7 92 0d f5 50 b2 43 44 |i.R.X#......P.CD|
-00000350 fe 8b 8b b3 ed 69 e7 15 9c 10 20 51 67 bd b9 40 |.....i.... Qg..@|
-00000360 0e 0a f9 65 bf e7 bf 5d 33 5c 71 3d 4c 16 03 03 |...e...]3\q=L...|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 5a a4 2f e5 a1 8d 85 |........ Z./....|
+000002d0 b5 4e f8 ac 27 83 77 b5 f5 ec c7 0a 92 39 a3 9e |.N..'.w......9..|
+000002e0 31 7f e7 10 8f ac 56 07 74 08 04 00 80 6c 8c 2e |1.....V.t....l..|
+000002f0 e8 7c d9 a6 d3 e9 bc 74 20 6a ad 01 80 ca 44 0c |.|.....t j....D.|
+00000300 14 5d da 64 bd a3 32 07 03 2c 0a cf 87 56 af 01 |.].d..2..,...V..|
+00000310 32 4c 46 df c7 3b 34 56 a6 7a f6 1c 43 fb f0 43 |2LF..;4V.z..C..C|
+00000320 54 7c c8 47 0b 02 8e 2d 07 e8 bc 4c b2 9e ea 1d |T|.G...-...L....|
+00000330 2b 29 9b e4 5d 5f ee 8a 4a 50 eb ec b7 09 68 e4 |+)..]_..JP....h.|
+00000340 c1 99 6a 2d b9 d6 11 b2 9f d9 ee 13 ee 2e b3 d2 |..j-............|
+00000350 1e be a0 6a 13 86 f0 53 7f aa 60 8e 87 5f ab 5d |...j...S..`.._.]|
+00000360 f1 5a a4 1f 0b 85 b1 31 5f 2f af e9 7a 16 03 03 |.Z.....1_/..z...|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
00000030 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000040 00 00 00 00 00 8a cb 7f 37 ba e5 13 2b db f4 15 |........7...+...|
-00000050 97 6e b5 08 7b 89 16 21 f8 45 1b ef df 17 e0 ad |.n..{..!.E......|
-00000060 44 12 39 4a e6 fb 78 9d aa ab 8a 95 2a 02 1d 74 |D.9J..x.....*..t|
-00000070 25 f1 3d 38 21 |%.=8!|
+00000040 00 00 00 00 00 d8 4d 17 e4 39 b7 4e 96 d1 1f 75 |......M..9.N...u|
+00000050 db 2c 1d df b9 72 c0 c8 5c b3 22 75 98 81 82 67 |.,...r..\."u...g|
+00000060 26 2c 45 d3 f0 34 0f 21 0a dd 6b 99 f8 82 70 3c |&,E..4.!..k...p<|
+00000070 f3 7d 6a 15 91 |.}j..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 40 1c 73 dd bb 45 |..........@.s..E|
-00000010 89 89 e4 a9 05 db 10 5d 22 20 75 c7 b7 82 c5 64 |.......]" u....d|
-00000020 2e 30 70 fc 0c a7 a8 c0 cb da ab 60 1e 68 12 bc |.0p........`.h..|
-00000030 47 68 87 01 00 96 e1 f4 a1 a3 20 d1 05 31 7f 79 |Gh........ ..1.y|
-00000040 28 36 f9 5c 24 a7 ba 68 b0 b6 e2 |(6.\$..h...|
+00000000 14 03 03 00 01 01 16 03 03 00 40 27 83 f0 1d 2e |..........@'....|
+00000010 f9 99 0e 36 76 7f 1e 8f 67 5d a8 26 27 c7 ad a1 |...6v...g].&'...|
+00000020 9f 51 ab d8 2e c8 1c 62 a3 01 b6 f3 6a 95 69 5f |.Q.....b....j.i_|
+00000030 5b 09 eb d1 e6 19 76 72 4a 67 26 01 78 89 ac 77 |[.....vrJg&.x..w|
+00000040 e3 5c 7d 5b 17 79 a7 e4 19 bc 1a |.\}[.y.....|
>>> Flow 5 (client to server)
00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 5d f7 4e 68 f6 93 58 4d 14 ae 10 |.....].Nh..XM...|
-00000020 14 93 a4 01 58 59 b2 cf 18 da 91 13 5d be da 9e |....XY......]...|
-00000030 12 a4 2c 02 f9 15 03 03 00 30 00 00 00 00 00 00 |..,......0......|
-00000040 00 00 00 00 00 00 00 00 00 00 71 41 f1 68 4e 97 |..........qA.hN.|
-00000050 b6 30 45 8b b9 89 4c 95 04 da 3e cb 4c ab 05 41 |.0E...L...>.L..A|
-00000060 65 af 4e 60 91 34 8b 07 a3 10 |e.N`.4....|
+00000010 00 00 00 00 00 24 63 76 ce f0 2a 88 0f 9b 51 b7 |.....$cv..*...Q.|
+00000020 15 86 74 ac c9 72 88 7a 26 34 ff c5 ec bb a8 6d |..t..r.z&4.....m|
+00000030 44 97 00 3f ff 15 03 03 00 30 00 00 00 00 00 00 |D..?.....0......|
+00000040 00 00 00 00 00 00 00 00 00 00 f4 9d 5b 90 05 e6 |............[...|
+00000050 42 af 3c 4c 86 d8 ba d5 b7 88 8e ec 8c 07 24 5e |B.<L..........$^|
+00000060 5b 3f e4 41 89 7e 1f 3a ca 2d |[?.A.~.:.-|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
index 480ff42..265bc21 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 6a 17 b0 7f 77 |....Y...U..j...w|
-00000010 da 35 bb 45 c1 43 37 52 59 4d 8f 61 1f f8 77 dc |.5.E.C7RYM.a..w.|
-00000020 fd 9d 55 5d a7 7f 58 4f dd 3d 42 20 cf e2 65 8f |..U]..XO.=B ..e.|
-00000030 7a b8 d3 2c 99 cc 31 2f d7 fa b2 0b 34 2c 72 7e |z..,..1/....4,r~|
-00000040 86 a1 c6 e7 b7 55 26 1f 9a 69 43 63 c0 27 00 00 |.....U&..iCc.'..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 9a 06 bc 4a 08 |....Y...U.....J.|
+00000010 7c e9 b0 32 64 21 d8 bc 41 77 d0 9f a2 0e 9a d4 ||..2d!..Aw......|
+00000020 a8 ef ec 18 b7 8b a9 20 27 0a 85 20 46 c0 6b 77 |....... '.. F.kw|
+00000030 56 12 53 90 e4 36 72 c4 cb b8 eb 79 6c ed e8 53 |V.S..6r....yl..S|
+00000040 c4 36 48 89 fc 3f ff 07 99 47 2d 9e c0 27 00 00 |.6H..?...G-..'..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,42 +60,42 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 35 8c 3a f9 8a 04 e7 |........ 5.:....|
-000002d0 2e dd 2c 82 05 62 da 91 3f 60 2b 0d a8 4d ec 50 |..,..b..?`+..M.P|
-000002e0 d1 b1 e0 f6 34 38 e5 7c 11 04 01 00 80 97 25 9e |....48.|......%.|
-000002f0 22 b3 40 b2 b9 ec 0f 0e 44 92 11 82 06 70 26 23 |".@.....D....p&#|
-00000300 38 b5 fe de 08 32 cd 8e e5 d7 19 3a ba 40 76 74 |8....2.....:.@vt|
-00000310 22 cf 19 dd cc 33 cf 34 a9 3a d4 82 e8 92 79 23 |"....3.4.:....y#|
-00000320 c1 14 10 79 08 65 43 e9 02 93 32 c8 5f a4 68 ed |...y.eC...2._.h.|
-00000330 24 b7 aa 4c 71 4e 01 63 74 2a f5 36 1a d0 15 95 |$..LqN.ct*.6....|
-00000340 10 9c 46 87 75 16 55 88 b7 38 14 10 1c b8 34 84 |..F.u.U..8....4.|
-00000350 4f 4a 99 0f 17 95 26 a4 31 e3 8f 71 5b 92 f3 27 |OJ....&.1..q[..'|
-00000360 df d7 c4 6d 34 8d 14 e7 8e 62 ae 27 12 16 03 03 |...m4....b.'....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 9e a1 5f 87 14 ff b2 |........ .._....|
+000002d0 0c b8 82 0d 24 d8 bb 98 6d 3a ca 09 0b 6d 94 98 |....$...m:...m..|
+000002e0 16 20 ed 31 0e 54 23 d5 47 08 04 00 80 4a e0 aa |. .1.T#.G....J..|
+000002f0 d0 e9 cb 75 f0 c0 6e 2d 74 8f c9 91 d9 32 98 22 |...u..n-t....2."|
+00000300 99 ef 91 77 41 80 c6 83 11 9a ed 55 61 fd b7 58 |...wA......Ua..X|
+00000310 70 7a a6 ce e1 28 40 7d 94 8a 96 64 7f f1 b4 97 |pz...(@}...d....|
+00000320 db 83 2c 77 55 f4 38 c6 4b 9a 77 74 9d 6b ae 06 |..,wU.8.K.wt.k..|
+00000330 b6 f0 07 61 7a e1 dc d9 e3 c4 32 5c c5 91 23 8d |...az.....2\..#.|
+00000340 a3 53 db 37 4d ee e4 65 ef 58 42 af 63 72 06 5c |.S.7M..e.XB.cr.\|
+00000350 4e aa f5 07 4c bc b3 1a 00 82 9f 72 34 64 52 e7 |N...L......r4dR.|
+00000360 1f 85 7a c3 36 3f 8d 4e 53 89 7b c2 d3 16 03 03 |..z.6?.NS.{.....|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
00000030 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 00 |....P...........|
-00000040 00 00 00 00 00 6d a8 40 a4 2f 8d ea bb a0 fb f3 |.....m.@./......|
-00000050 a7 38 78 1b 25 57 5c 8a c8 e6 e6 be e2 78 78 c1 |.8x.%W\......xx.|
-00000060 dc ec ca 48 9a 85 56 6b da 40 bd 0b cc 0a aa 08 |...H..Vk.@......|
-00000070 02 31 57 31 c2 57 ff ac 57 7e e5 08 3a 14 b0 11 |.1W1.W..W~..:...|
-00000080 fb 46 83 db 37 |.F..7|
+00000040 00 00 00 00 00 ec b0 fe b3 cf eb b0 61 c3 77 f0 |............a.w.|
+00000050 ad 63 39 5f 7b 17 0e d7 07 7f cb ea 65 0c b0 8b |.c9_{.......e...|
+00000060 45 ab 39 c4 d9 06 c7 3b 2e 98 a2 1f c7 e8 e7 e2 |E.9....;........|
+00000070 56 a9 6a b3 75 5e c9 27 66 16 af 0e e4 b4 3d 80 |V.j.u^.'f.....=.|
+00000080 8b 1c fd ff 34 |....4|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 50 b7 d0 f9 1f 96 |..........P.....|
-00000010 64 b8 99 14 da c9 ae d9 40 ff 8f 3f 69 9d bf 56 |d.......@..?i..V|
-00000020 ac 9d 15 d7 84 82 bb e9 1e f3 15 1a b3 3a 96 58 |.............:.X|
-00000030 9f a7 9e 7a fb 50 5f f2 9d 46 8d ed fc cb 3b 2c |...z.P_..F....;,|
-00000040 6e fd 5a fc d5 8f 8b 11 f8 28 3d c7 e2 36 c4 1b |n.Z......(=..6..|
-00000050 da ce ec b2 89 f1 80 a5 ec 7f a2 |...........|
+00000000 14 03 03 00 01 01 16 03 03 00 50 8b 01 85 06 02 |..........P.....|
+00000010 9c 71 ac 29 4c 4c 54 28 26 f7 1b d0 81 17 2c 95 |.q.)LLT(&.....,.|
+00000020 01 73 45 fe f3 1e bd 43 56 83 50 84 ad 13 9c 3f |.sE....CV.P....?|
+00000030 2e bc 2b 25 67 ce 76 cc e7 4d cc bb 8f 2e 09 3b |..+%g.v..M.....;|
+00000040 48 3b 9c c5 fd 17 73 01 18 41 02 46 c1 9c fe 8f |H;....s..A.F....|
+00000050 76 a4 6b 1d 6d 2c 6d c1 73 55 fd |v.k.m,m.sU.|
>>> Flow 5 (client to server)
00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000010 00 00 00 00 00 78 0e 09 23 37 5d ad e5 97 da 83 |.....x..#7].....|
-00000020 93 90 d8 dc 96 5a 61 85 8c 8b e8 35 46 46 ac ac |.....Za....5FF..|
-00000030 42 fa ee e1 88 41 bd 1c 9c 6a 0c 00 29 cc a4 56 |B....A...j..)..V|
-00000040 40 27 8f 6c e3 15 03 03 00 40 00 00 00 00 00 00 |@'.l.....@......|
-00000050 00 00 00 00 00 00 00 00 00 00 51 8d 6f 62 be c4 |..........Q.ob..|
-00000060 aa d0 f1 83 04 67 7e c2 0a 8b 50 32 71 17 87 95 |.....g~...P2q...|
-00000070 a6 31 f6 3d 3f a8 14 00 5d e0 5b c1 db b4 fa 79 |.1.=?...].[....y|
-00000080 01 0f 63 0b fe 8c c9 e1 b4 6b |..c......k|
+00000010 00 00 00 00 00 ed 8d fb 10 4e 11 3f 61 35 bd 9c |.........N.?a5..|
+00000020 40 16 78 f2 06 68 65 d0 06 85 8e 31 f7 8e d6 b0 |@.x..he....1....|
+00000030 a4 bb e6 03 f6 2d 36 12 4e b7 96 4b 42 b2 22 9d |.....-6.N..KB.".|
+00000040 93 92 10 8b 0a 15 03 03 00 40 00 00 00 00 00 00 |.........@......|
+00000050 00 00 00 00 00 00 00 00 00 00 4c 59 01 7a 1e 64 |..........LY.z.d|
+00000060 c9 2a d4 a6 d6 e1 64 a2 e9 7d c0 29 32 53 68 e7 |.*....d..}.)2Sh.|
+00000070 a0 66 68 87 70 b5 c3 38 cc ac 18 8b bd 3a 50 85 |.fh.p..8.....:P.|
+00000080 d9 9a ca 67 c7 13 5c 74 76 68 |...g..\tvh|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
index 0ddfbdc..7a015de 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
+++ b/src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
@@ -1,17 +1,24 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 6b 01 00 00 67 03 03 00 00 00 00 00 |....k...g.......|
+00000000 16 03 01 00 ce 01 00 00 ca 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 cc a8 |................|
-00000030 01 00 00 3c 00 05 00 05 01 00 00 00 00 00 0a 00 |...<............|
-00000040 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
-00000050 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 |................|
-00000060 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 08 cc a8 |................|
+00000050 13 01 13 03 13 02 01 00 00 79 00 05 00 05 01 00 |.........y......|
+00000060 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 |................|
+00000070 19 00 0b 00 02 01 00 00 0d 00 18 00 16 08 04 08 |................|
+00000080 05 08 06 04 01 04 03 05 01 05 03 06 01 06 03 02 |................|
+00000090 01 02 03 ff 01 00 01 00 00 12 00 00 00 2b 00 09 |.............+..|
+000000a0 08 03 04 03 03 03 02 03 01 00 33 00 26 00 24 00 |..........3.&.$.|
+000000b0 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f |.. /.}.G.bC.(.._|
+000000c0 bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 |.).0.........._X|
+000000d0 cb 3b 74 |.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 34 5a e3 34 22 |....Y...U..4Z.4"|
-00000010 a6 72 28 26 73 2d 3c 9e f1 39 88 13 07 dd 75 7c |.r(&s-<..9....u||
-00000020 00 58 04 bc 18 28 d0 75 4d 80 96 20 46 c7 3c b7 |.X...(.uM.. F.<.|
-00000030 05 16 0d ef 32 51 ab 46 47 95 4b 49 e8 cc 8b 47 |....2Q.FG.KI...G|
-00000040 d2 41 e8 05 9a de 5a c3 05 7d d4 b2 cc a8 00 00 |.A....Z..}......|
+00000000 16 03 03 00 59 02 00 00 55 03 03 94 bf 96 6e 08 |....Y...U.....n.|
+00000010 c5 59 6f b5 bc 22 4b 73 4a ba 5f f4 ea 2b 77 1d |.Yo.."KsJ._..+w.|
+00000020 f4 6d 45 46 51 3d 0b 60 d8 6b 4e 20 00 4b 00 f8 |.mEFQ=.`.kN .K..|
+00000030 a2 81 c9 1c 44 4f 90 73 ea c7 88 70 d9 56 d9 27 |....DO.s...p.V.'|
+00000040 c5 0e e2 42 f0 bb 33 73 08 f1 12 ed cc a8 00 00 |...B..3s........|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -51,31 +58,31 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 1a 1c c4 a1 b6 04 70 |........ ......p|
-000002d0 b8 b9 cd 26 b1 c0 74 56 6c b5 5c ff e7 20 79 74 |...&..tVl.\.. yt|
-000002e0 f7 84 d5 8d 62 57 fa 40 49 04 01 00 80 1b d8 2a |....bW.@I......*|
-000002f0 60 af a6 8c 2d 7e 23 be b8 53 c8 8e 32 b2 29 49 |`...-~#..S..2.)I|
-00000300 8c 54 c5 fc 7b 2e e4 b9 6c c3 26 21 84 89 2e cd |.T..{...l.&!....|
-00000310 7c c1 e0 1e 16 dc 8f 76 1e c2 65 f0 c2 21 6e f7 ||......v..e..!n.|
-00000320 cf 91 f9 d5 c5 bf 33 5e 4f bb 8a 85 86 dd 10 c0 |......3^O.......|
-00000330 85 22 e6 c0 36 0b 67 48 10 0a 04 49 1d dd aa 97 |."..6.gH...I....|
-00000340 11 4f 80 f0 66 cd 82 85 e1 fa 0c b6 3d e7 bd 16 |.O..f.......=...|
-00000350 20 82 cd cc 44 bb 67 47 2a db 9f 22 1b 9e cc 13 | ...D.gG*.."....|
-00000360 e2 de d1 1d 9f 16 0e 6f 01 5e de f4 72 16 03 03 |.......o.^..r...|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 cd 60 09 2c c1 3b d6 |........ .`.,.;.|
+000002d0 3b d1 c2 3c 9f 30 81 bb 6b 47 a3 cd 26 48 f4 41 |;..<.0..kG..&H.A|
+000002e0 c0 d4 36 57 05 33 93 f8 75 08 04 00 80 9a 67 4b |..6W.3..u.....gK|
+000002f0 36 41 f9 c1 5c 80 67 9d 0d bc 64 f1 0d 08 e1 9f |6A..\.g...d.....|
+00000300 85 88 44 e3 bc c9 b7 f4 86 ec 5c 79 e6 2c ac 07 |..D.......\y.,..|
+00000310 e9 cd 6a 7e 68 41 67 71 34 cb c5 13 7c ec 1a 73 |..j~hAgq4...|..s|
+00000320 f8 30 da 08 d0 14 c6 4b e4 11 ac c6 34 f9 2f ca |.0.....K....4./.|
+00000330 b4 81 35 76 17 9e 7b 4c f3 f7 ac 6d d3 d8 f7 7c |..5v..{L...m...||
+00000340 70 b8 36 fa cc 85 fb 15 8e 82 c6 50 0e 90 c0 39 |p.6........P...9|
+00000350 13 d9 02 b1 ae 17 ea 63 c4 e8 21 c2 c0 eb 5c 63 |.......c..!...\c|
+00000360 e4 43 c5 1e ae 01 ee 64 23 42 b2 2a 52 16 03 03 |.C.....d#B.*R...|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 3a 2e f4 52 80 92 77 cb e3 54 43 |.... :..R..w..TC|
-00000040 cb d5 ba c4 62 e4 77 81 eb fe fc f1 88 c6 e6 46 |....b.w........F|
-00000050 7f d9 23 38 e4 |..#8.|
+00000030 16 03 03 00 20 8f 97 a6 c4 c1 81 4e 87 8c 17 3a |.... ......N...:|
+00000040 6b 85 ad 17 6c 5c 14 b6 84 6b 7e a8 c1 ed 2e 6b |k...l\...k~....k|
+00000050 fc e8 8f 8b 84 |.....|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 21 4e a1 16 d0 |.......... !N...|
-00000010 35 9f 19 c6 cc 64 64 f7 a0 25 13 3b 97 75 81 9f |5....dd..%.;.u..|
-00000020 2f d3 30 d9 02 ad c7 72 8d 32 20 |/.0....r.2 |
+00000000 14 03 03 00 01 01 16 03 03 00 20 51 59 b7 f0 cf |.......... QY...|
+00000010 07 d4 9a 45 15 b6 2f dd 03 5e 46 f9 c8 87 dc 99 |...E../..^F.....|
+00000020 d2 56 cd 95 f9 3e 2e 42 19 2e e3 |.V...>.B...|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 af 57 12 aa e5 9b e4 c3 54 d9 a8 |......W......T..|
-00000010 af ce 8c 28 39 ba df 5d 71 9d 0f 15 03 03 00 12 |...(9..]q.......|
-00000020 69 3f 95 18 31 04 5b 17 2a cf 53 9c ca 2d 07 7f |i?..1.[.*.S..-..|
-00000030 c1 f8 |..|
+00000000 17 03 03 00 16 6d 16 3b 26 a8 60 d8 2c 9f 08 42 |.....m.;&.`.,..B|
+00000010 51 bb 2a 58 c3 3b 42 cb 59 46 02 15 03 03 00 12 |Q.*X.;B.YF......|
+00000020 1e c6 5e 68 40 58 9c df 5e 11 a3 c2 1e 50 11 d4 |..^h@X..^....P..|
+00000030 ff 17 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial b/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial
index 29964f0..1a97dda 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial
+++ b/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 fc 37 e8 a4 e3 |....Y...U...7...|
-00000010 5d da a5 95 0b fb e0 c3 d9 78 8b 91 bd 5c 1c b1 |]........x...\..|
-00000020 c6 8d 69 62 f9 c6 0f 12 da 46 ba 20 34 a3 22 f2 |..ib.....F. 4.".|
-00000030 a9 f7 da 3a c4 5f 6f f7 4b be df 03 e5 b6 d0 ff |...:._o.K.......|
-00000040 ca 54 68 59 57 53 63 a5 2f 91 1d 1e cc a8 00 00 |.ThYWSc./.......|
+00000000 16 03 03 00 59 02 00 00 55 03 03 de e9 5f 9c 20 |....Y...U...._. |
+00000010 c7 37 0d ba e1 2c 21 ad 4b 8a 10 fe 66 4c c2 88 |.7...,!.K...fL..|
+00000020 87 fa 43 aa 42 ce e4 ca d8 c2 2d 20 9c cc ef b1 |..C.B.....- ....|
+00000030 48 e2 9a e8 5a 61 16 6a 64 dd e9 6e d1 13 06 44 |H...Za.jd..n...D|
+00000040 c2 f6 9f e7 68 d3 cc 82 67 54 a0 66 cc a8 00 00 |....h...gT.f....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,31 +60,31 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 cc e9 71 f5 36 52 5a |........ ..q.6RZ|
-000002d0 d8 19 ce e4 0d 41 8d a6 9b f3 19 56 8d 81 fe 84 |.....A.....V....|
-000002e0 71 2f d7 fb e7 86 23 4c 04 04 01 00 80 90 da 29 |q/....#L.......)|
-000002f0 79 18 70 e8 81 66 83 70 97 f1 d1 5f dc 1d a2 0a |y.p..f.p..._....|
-00000300 94 d8 e8 b8 32 4f 03 34 0b af e8 2d 94 b2 eb 30 |....2O.4...-...0|
-00000310 57 b5 a5 92 9e 9a df a6 bc 3e 25 0e 18 cb ea 84 |W........>%.....|
-00000320 34 89 08 8a d4 be 16 a3 5d 3a 7d 32 10 9b 41 1c |4.......]:}2..A.|
-00000330 2a 1e 05 68 5f fa d9 56 30 b6 44 08 b0 a5 25 5a |*..h_..V0.D...%Z|
-00000340 c3 60 c0 9a 98 fd 48 5f a4 18 d0 15 0f fb b3 ea |.`....H_........|
-00000350 b9 c4 e3 c6 0c 27 51 64 01 de 65 78 c7 a0 57 df |.....'Qd..ex..W.|
-00000360 9b de 2f 74 bc 72 e5 e0 57 7c 59 e6 ae 16 03 03 |../t.r..W|Y.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 30 ef c9 70 70 23 9c |........ 0..pp#.|
+000002d0 b6 1c 35 b7 86 6c 9f 82 62 df e3 6e 47 6d 03 61 |..5..l..b..nGm.a|
+000002e0 e6 98 5b ca 86 b9 58 e4 18 08 04 00 80 30 82 41 |..[...X......0.A|
+000002f0 64 c8 03 a9 25 d8 b9 2f 9e a1 8d 6e 5b 1c b6 da |d...%../...n[...|
+00000300 eb c0 63 2b 72 08 2b 50 2a 2e 4b 91 c1 9f fc df |..c+r.+P*.K.....|
+00000310 87 6e 07 6c c5 38 24 02 b4 e8 c5 11 32 17 48 49 |.n.l.8$.....2.HI|
+00000320 ce d3 3d d8 58 e6 be 1a fb c1 f2 2a 03 54 8f ae |..=.X......*.T..|
+00000330 2a f7 84 2a 65 c3 b7 cd 80 64 b1 8c a8 25 ce 1c |*..*e....d...%..|
+00000340 73 eb ae 42 7d 9c 87 72 fe f9 cf bd e1 36 ca bd |s..B}..r.....6..|
+00000350 69 78 13 9f c8 16 03 9c 0a 02 1e f3 70 6b ed 38 |ix..........pk.8|
+00000360 d8 a5 b6 8a 7e 33 7b 62 44 8b 5e 99 ef 16 03 03 |....~3{bD.^.....|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 92 0a 4e aa 2d b3 9b c8 b9 80 28 |.... ..N.-.....(|
-00000040 f3 22 e2 57 15 ff a1 9a 33 9b e8 4c 5c dc f4 29 |.".W....3..L\..)|
-00000050 7d 25 d7 df bc |}%...|
+00000030 16 03 03 00 20 04 8f 3f 72 37 39 12 c4 21 b2 45 |.... ..?r79..!.E|
+00000040 5d 90 b9 fa d2 24 70 5f 86 d4 8b 24 e6 af 6e 9f |]....$p_...$..n.|
+00000050 71 41 17 a8 54 |qA..T|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 91 85 06 0e 00 |.......... .....|
-00000010 ad 96 2e 1c a5 4d f7 63 f9 84 1c 6e da 54 0b e0 |.....M.c...n.T..|
-00000020 44 37 6a 90 4c fd f5 e8 45 1d ce |D7j.L...E..|
+00000000 14 03 03 00 01 01 16 03 03 00 20 b0 70 aa d3 44 |.......... .p..D|
+00000010 df ef 57 0f bb 69 b3 09 70 1a ad b0 33 e5 97 8e |..W..i..p...3...|
+00000020 bc 34 7f aa 27 a2 81 a3 08 7e b1 |.4..'....~.|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 4c e8 8a e0 a6 95 f3 df 37 8a 2d |.....L.......7.-|
-00000010 4f 11 ce a6 53 16 2c b0 bb c5 7f 15 03 03 00 12 |O...S.,.........|
-00000020 4e 91 d8 67 c5 16 d2 4e cc b8 0a 00 76 91 68 7a |N..g...N....v.hz|
-00000030 85 2e |..|
+00000000 17 03 03 00 16 52 71 2d 1a 29 2c 84 b7 58 d2 b0 |.....Rq-.),..X..|
+00000010 92 c3 64 7f 29 3a da d8 c4 7b 73 15 03 03 00 12 |..d.):...{s.....|
+00000020 63 04 d5 2b 6c fc 35 82 bb ba ba 9b 01 a0 0c ac |c..+l.5.........|
+00000030 2c 12 |,.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-P256-ECDHE b/src/crypto/tls/testdata/Client-TLSv12-P256-ECDHE
new file mode 100644
index 0000000..819a061
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-P256-ECDHE
@@ -0,0 +1,98 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 01 13 01 00 01 0f 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 94 00 05 00 05 01 00 00 00 00 00 0a 00 |................|
+00000090 04 00 02 00 17 00 0b 00 02 01 00 00 0d 00 18 00 |................|
+000000a0 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 06 |................|
+000000b0 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................|
+000000c0 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 33 00 |.+............3.|
+000000d0 47 00 45 00 17 00 41 04 1e 18 37 ef 0d 19 51 88 |G.E...A...7...Q.|
+000000e0 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 |5uq..T[....g..$ |
+000000f0 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f |>.V...(^.+-O....|
+00000100 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 |lK[.V.2B.X..I..h|
+00000110 1a 41 03 56 6b dc 5a 89 |.A.Vk.Z.|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 59 02 00 00 55 03 03 39 5a 55 c9 46 |....Y...U..9ZU.F|
+00000010 87 68 62 04 99 88 9e 60 93 a3 79 c3 d6 e0 30 9f |.hb....`..y...0.|
+00000020 e5 2b 70 df 81 1f 33 53 f5 89 91 20 ce 7b aa 43 |.+p...3S... .{.C|
+00000030 a2 83 d7 6d 3f b9 86 38 1d 52 da 75 82 2b c6 05 |...m?..8.R.u.+..|
+00000040 6f a4 e2 15 27 21 18 36 0d 04 ba 42 c0 2f 00 00 |o...'!.6...B./..|
+00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
+00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
+00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
+00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....|
+00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...|
+000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go|
+000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010|
+000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100|
+000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..|
+000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G|
+000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....|
+00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F|
+00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...|
+00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.|
+00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...|
+00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+|
+00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<|
+00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]|
+00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.|
+00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...|
+00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..|
+000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%|
+000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........|
+000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...|
+000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....|
+000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....|
+000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.|
+00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.|
+00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp|
+00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H|
+00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@|
+00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X|
+00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-|
+00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....|
+00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...|
+00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C|
+00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
+000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
+000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
+000002c0 cd 0c 00 00 c9 03 00 17 41 04 76 c4 5d a9 b6 96 |........A.v.]...|
+000002d0 aa 4c e2 26 30 ce 69 90 11 42 fe a4 56 4d 4b 1c |.L.&0.i..B..VMK.|
+000002e0 5e 1f e1 23 10 c7 8b 52 5a 04 1f 32 85 98 6b d8 |^..#...RZ..2..k.|
+000002f0 97 3a 7b 90 79 94 de f4 85 c8 c5 2a 05 b9 6d 79 |.:{.y......*..my|
+00000300 6f fb f8 1e b8 ab b8 e9 c3 91 08 04 00 80 b9 00 |o...............|
+00000310 a1 01 7d c7 fd 3e bc ba 44 42 64 68 21 7b b7 98 |..}..>..DBdh!{..|
+00000320 c1 9f 17 a6 a1 a3 7f 9e 63 d7 ee b7 53 d4 7c 48 |........c...S.|H|
+00000330 89 6e 20 0d 29 a1 b4 56 2c 83 7e d7 ab 3a 28 65 |.n .)..V,.~..:(e|
+00000340 03 a1 be 6b 0d 89 39 c4 c9 fc fd 41 f0 bd c2 cb |...k..9....A....|
+00000350 40 d5 54 2e 98 0a b1 a0 86 65 cc 6a e9 5f 47 51 |@.T......e.j._GQ|
+00000360 a4 b4 40 47 25 ae df 93 c2 b6 eb fe b6 71 fe 04 |..@G%........q..|
+00000370 1e 98 d0 91 8b c7 ea 58 91 23 a7 76 67 ba 7a fd |.......X.#.vg.z.|
+00000380 49 f0 c2 70 70 50 06 23 5e 31 90 4e 58 98 16 03 |I..ppP.#^1.NX...|
+00000390 03 00 04 0e 00 00 00 |.......|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..|
+00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.|
+00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.|
+00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I|
+00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......|
+00000050 01 16 03 03 00 28 00 00 00 00 00 00 00 00 e8 f8 |.....(..........|
+00000060 61 5f dc c0 12 cd e2 09 7a a9 61 4f 77 29 aa 9d |a_......z.aOw)..|
+00000070 52 11 b9 35 66 1d ac e1 e7 05 f8 f7 d7 cc |R..5f.........|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 dd 5b e0 29 02 |..........(.[.).|
+00000010 9a 71 85 fb c1 d6 c0 fe 89 22 8d 86 9f 64 ab 70 |.q......."...d.p|
+00000020 ec 07 9a 61 a0 af 13 7b 04 e2 73 df f6 c2 06 86 |...a...{..s.....|
+00000030 a7 b2 65 |..e|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 d8 7a 81 |..............z.|
+00000010 28 a5 af fc 7d 02 4a 1c f5 a2 0f 65 65 ad d1 c2 |(...}.J....ee...|
+00000020 2b fe 49 15 03 03 00 1a 00 00 00 00 00 00 00 02 |+.I.............|
+00000030 94 20 af f9 53 43 6e c0 bd 0a fb ce b8 cc b5 3f |. ..SCn........?|
+00000040 39 73 |9s|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RSA-RC4 b/src/crypto/tls/testdata/Client-TLSv12-RSA-RC4
index b743b56..6b7f116 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RSA-RC4
+++ b/src/crypto/tls/testdata/Client-TLSv12-RSA-RC4
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 51 02 00 00 4d 03 03 90 26 c2 6e 52 |....Q...M...&.nR|
-00000010 59 b2 e8 f1 c5 fc 4d 59 13 76 43 4e a4 ab 0b 33 |Y.....MY.vCN...3|
-00000020 96 d0 4e 89 bd 1e bd 89 f6 2b d7 20 39 94 41 68 |..N......+. 9.Ah|
-00000030 81 74 78 60 e1 5f f7 7d e3 9d 81 f1 62 bd 45 67 |.tx`._.}....b.Eg|
-00000040 51 50 bd 84 76 70 52 c3 ce 32 90 51 00 05 00 00 |QP..vpR..2.Q....|
+00000000 16 03 03 00 51 02 00 00 4d 03 03 c1 47 51 e7 59 |....Q...M...GQ.Y|
+00000010 d9 0d ae 9b 9c 93 c6 36 c6 33 e9 38 ba 37 4c 60 |.......6.3.8.7L`|
+00000020 ec 0b 63 49 11 67 56 29 1b 78 dd 20 1a 60 41 ea |..cI.gV).x. .`A.|
+00000030 93 07 16 61 e4 55 11 3f d1 e2 e6 9d 9f 05 c8 3e |...a.U.?.......>|
+00000040 37 47 31 0d f9 5d 7a a5 7b 82 63 23 00 05 00 00 |7G1..]z.{.c#....|
00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -64,15 +70,15 @@
00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..|
00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..|
00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....|
-00000090 01 16 03 03 00 24 4b 7c 05 1b 5d ed 28 c0 ce db |.....$K|..].(...|
-000000a0 c9 1d bb e8 a1 94 d7 30 ac aa 54 08 2a 82 a2 a0 |.......0..T.*...|
-000000b0 52 e7 cb 32 0f c2 f8 ad f3 c9 |R..2......|
+00000090 01 16 03 03 00 24 f7 0e a5 ad 5d 6d ab c8 04 b7 |.....$....]m....|
+000000a0 07 e7 e7 28 30 72 63 a9 02 05 18 7c 07 61 68 58 |...(0rc....|.ahX|
+000000b0 6f 7a 5c d2 4f 32 b5 d3 b1 09 |oz\.O2....|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 24 ad ef e3 a0 c4 |..........$.....|
-00000010 2c a0 ca 82 a6 f0 eb 8f 73 f3 48 11 0f 1f cc 6f |,.......s.H....o|
-00000020 6f 63 fa d8 9d 47 6b b2 ab 3e fe bc 0e 44 ce |oc...Gk..>...D.|
+00000000 14 03 03 00 01 01 16 03 03 00 24 93 ef cc 6a e8 |..........$...j.|
+00000010 8c e4 16 6e 05 cd 2f 9a 31 52 e8 67 3b 93 83 0e |...n../.1R.g;...|
+00000020 f0 29 04 29 40 b7 6a c8 c4 51 a4 6a 9d 5c 17 |.).)@.j..Q.j.\.|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1a e7 90 92 8b a5 a6 4f 22 97 2f 23 |...........O"./#|
-00000010 f1 3c 54 65 2c 14 7e fd 1d 8f c7 76 97 e8 f8 15 |.<Te,.~....v....|
-00000020 03 03 00 16 c0 c9 cc 98 62 c6 ac 36 0f a5 2d a5 |........b..6..-.|
-00000030 73 9a 9c 0f 26 5a f6 89 3b c9 |s...&Z..;.|
+00000000 17 03 03 00 1a c0 49 e8 30 49 75 60 93 ec 04 e9 |......I.0Iu`....|
+00000010 3e 54 66 78 15 8e 1e 31 2e ab 1b c1 43 a3 44 15 |>Tfx...1....C.D.|
+00000020 03 03 00 16 34 97 5d 52 01 da 5d 45 c6 51 14 1a |....4.]R..]E.Q..|
+00000030 45 8f 96 af fd 6a ea d2 37 cf |E....j..7.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce
index 9304adf..9810f52 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 f1 85 19 85 1e |....Y...U.......|
-00000010 f5 97 e1 e6 08 15 6f a9 05 93 6f b9 41 ad 11 ae |......o...o.A...|
-00000020 92 90 5e 00 97 46 42 af 2f b0 5d 20 b7 f3 e7 76 |..^..FB./.] ...v|
-00000030 20 e4 c2 99 6e ba 87 79 21 5c 5c 62 d9 1f 08 88 | ...n..y!\\b....|
-00000040 e1 1f 05 0c 31 9c d5 b3 65 19 26 4c cc a8 00 00 |....1...e.&L....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 8a b7 29 8f 35 |....Y...U....).5|
+00000010 0f 6b 07 77 95 15 94 08 ad b8 e3 8f 97 72 17 b5 |.k.w.........r..|
+00000020 79 1d b9 ab 57 d2 58 e0 63 04 8f 20 3b 5d 60 f3 |y...W.X.c.. ;]`.|
+00000030 d6 92 21 98 27 3d 20 69 ec c8 47 d0 27 ce 42 39 |..!.'= i..G.'.B9|
+00000040 1d 82 b0 e7 ef ca 59 f9 f8 fe 06 79 cc a8 00 00 |......Y....y....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,126 +60,185 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 f8 4d 81 d8 29 29 e9 |........ .M..)).|
-000002d0 2a 96 44 4b e3 d2 95 11 19 7a d5 26 ed 60 f2 d8 |*.DK.....z.&.`..|
-000002e0 e7 7d 96 9e 06 9f 37 f8 3e 04 01 00 80 51 70 fb |.}....7.>....Qp.|
-000002f0 66 2e 1f 40 97 95 47 34 e5 69 8b a7 f6 d2 d1 71 |f..@..G4.i.....q|
-00000300 0a 4c 34 d8 4f 8a 59 fc a0 93 db 10 77 12 a9 52 |.L4.O.Y.....w..R|
-00000310 b6 be 1b 48 2c 56 9a ad 89 57 58 30 90 03 bb 46 |...H,V...WX0...F|
-00000320 df 8a 4b 81 9a 14 6a a0 c9 60 76 e5 c6 73 da 35 |..K...j..`v..s.5|
-00000330 e5 98 81 31 6c c4 ff 41 0c b1 7c 6e fd 82 75 de |...1l..A..|n..u.|
-00000340 d8 84 db 3e fa 80 bc a8 6a 77 6f c9 9b 78 1a 0a |...>....jwo..x..|
-00000350 dc 7b f0 65 4d 0f 14 b2 78 e8 db fb ee ca 74 83 |.{.eM...x.....t.|
-00000360 2c d5 78 1e 48 09 17 0a d8 08 de f9 9d 16 03 03 |,.x.H...........|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 0d 87 80 0d 1d 7c ad |........ .....|.|
+000002d0 a2 da 94 09 a5 23 c9 f2 23 cc f2 0a 2e 94 2d 74 |.....#..#.....-t|
+000002e0 01 5f 60 63 5b c7 1e a0 45 08 04 00 80 2f 2f 55 |._`c[...E....//U|
+000002f0 44 fb f1 5a 0d 37 7c b0 5d 63 bb 7a e3 a8 f3 e9 |D..Z.7|.]c.z....|
+00000300 b4 5d a0 ba 31 ec a8 4b 70 5f ce af 98 91 28 0c |.]..1..Kp_....(.|
+00000310 47 a2 c9 03 a3 07 e6 67 1e 34 76 cc b8 14 3d 8f |G......g.4v...=.|
+00000320 83 6a 10 34 dc 53 7c 57 39 77 49 48 3e dc 0d 37 |.j.4.S|W9wIH>..7|
+00000330 8f 37 f7 28 aa 13 19 b1 2f 31 e1 b6 94 45 b1 0d |.7.(..../1...E..|
+00000340 ec 9f 39 78 90 24 31 c6 03 88 67 28 72 fa 24 41 |..9x.$1...g(r.$A|
+00000350 5c 5e 3f d8 cd e4 58 00 fb 1a ba c9 cc ff 1b 7a |\^?...X........z|
+00000360 23 9a fd 38 04 18 6a 82 69 bd e4 59 87 16 03 03 |#..8..j.i..Y....|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 c9 e3 4a a0 72 57 a2 c6 8d e9 98 |.... ..J.rW.....|
-00000040 28 8d 40 22 6e ed 46 50 0d 08 38 b4 b0 6e a6 0b |(.@"n.FP..8..n..|
-00000050 16 57 3f 6a 96 |.W?j.|
+00000030 16 03 03 00 20 cb 26 0a 53 64 81 75 f6 f6 17 78 |.... .&.Sd.u...x|
+00000040 3f a7 96 52 91 70 91 2d 92 67 cb ae f0 8f 84 9d |?..R.p.-.g......|
+00000050 ea 17 3f a1 38 |..?.8|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 28 1b b9 e9 46 |.......... (...F|
-00000010 3d 61 64 fe 84 b5 ea ff 79 e3 b9 5f 7e 1d 9c e1 |=ad.....y.._~...|
-00000020 84 0f 17 9b be 67 0e b7 71 b3 de |.....g..q..|
+00000000 14 03 03 00 01 01 16 03 03 00 20 83 7c 41 9e 33 |.......... .|A.3|
+00000010 b0 89 6c 2f 88 99 61 b1 71 30 04 9f df 48 e9 9e |..l/..a.q0...H..|
+00000020 50 5f 22 d8 09 49 f6 17 7f 6a 10 |P_"..I...j.|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 0d d9 98 93 d7 c2 0e 48 53 34 1c |............HS4.|
-00000010 b6 58 70 58 af 24 7c 3e 43 55 8a |.XpX.$|>CU.|
+00000000 17 03 03 00 16 63 50 67 b6 7a 7d 4e 3d f5 a9 93 |.....cPg.z}N=...|
+00000010 f9 6d 61 ea 46 c7 5d 28 77 ad 12 |.ma.F.](w..|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 96 19 2b 56 4c 10 ea 1a c4 6e e3 |.......+VL....n.|
-00000010 95 31 61 ed 22 ce 87 b2 bb |.1a."....|
+00000000 16 03 03 00 14 f4 d1 27 84 c9 8f 32 7c 0f ff e8 |.......'...2|...|
+00000010 ee ba 2e 93 29 cb fa 22 52 |....).."R|
>>> Flow 7 (client to server)
-00000000 16 03 03 00 b1 a7 01 a1 b3 16 21 88 5a 74 bd a0 |..........!.Zt..|
-00000010 58 fa d2 fa ba e3 a2 21 ae b6 92 28 a4 90 e7 f7 |X......!...(....|
-00000020 fc 1b 6e dd 12 19 18 30 5d 6e fe be b7 12 16 fc |..n....0]n......|
-00000030 26 27 8d e0 8c 18 25 3e 97 fa 5b 3c 06 c0 ee 49 |&'....%>..[<...I|
-00000040 6e 6f 29 28 ac 46 02 92 38 c3 e1 1b d8 cc 6e 23 |no)(.F..8.....n#|
-00000050 a1 4e 67 58 3e 33 45 ed 85 da f1 e6 76 0d ab f5 |.NgX>3E.....v...|
-00000060 25 a7 a1 ac 67 f5 b7 14 52 04 57 6b e7 7f ac 5e |%...g...R.Wk...^|
-00000070 bb c4 3f 0b 3b 54 86 a0 9c 4f 9b b5 1e 9d f5 8a |..?.;T...O......|
-00000080 0b 62 fd 89 84 16 ee 13 49 40 32 3d 90 d1 4a 11 |.b......I@2=..J.|
-00000090 ea 13 84 b8 18 4c 50 9b 18 54 ab f1 b8 77 e7 b2 |.....LP..T...w..|
-000000a0 8b 7a 85 34 47 0a 83 fb 86 f2 94 e6 4a 17 db a8 |.z.4G.......J...|
-000000b0 31 61 8e e7 d8 f9 |1a....|
+00000000 16 03 03 01 14 ba 60 c0 bb d9 cb 55 0f 08 fc 18 |......`....U....|
+00000010 15 81 5d 69 a0 b2 c7 87 94 af c1 63 a6 46 e1 57 |..]i.......c.F.W|
+00000020 1e c5 9e 2e f1 aa db ad c9 20 4e a2 88 69 48 b5 |......... N..iH.|
+00000030 ed 91 14 f1 d0 ec d2 28 9f e3 b7 de 03 7d 53 a6 |.......(.....}S.|
+00000040 25 7f 2f e3 5b 6a 79 29 15 4b 25 90 bf a6 49 0a |%./.[jy).K%...I.|
+00000050 29 94 86 29 4b 8b a2 6c 82 1e 0a 57 91 1c 46 f1 |)..)K..l...W..F.|
+00000060 94 e3 ef e5 6c d5 e7 c8 82 86 82 dc 48 04 9d 11 |....l.......H...|
+00000070 d9 85 1a 41 27 ec 1c 25 72 a5 15 53 ef 70 90 a8 |...A'..%r..S.p..|
+00000080 a8 17 ae 4f 22 71 1c d3 7e 00 55 67 67 3b 3d cb |...O"q..~.Ugg;=.|
+00000090 2c f3 03 39 f3 d8 46 30 4d 60 c4 58 d1 20 f6 1c |,..9..F0M`.X. ..|
+000000a0 f2 13 8d c8 58 36 08 97 c6 82 9e 6d a4 bd 0a 71 |....X6.....m...q|
+000000b0 e4 e2 7f 76 69 6f 39 19 43 9f 9c ea 8d fb ec ea |...vio9.C.......|
+000000c0 90 a0 e7 67 ea d7 48 c6 e5 ce 7c f6 98 fb 0f 8a |...g..H...|.....|
+000000d0 5b 9f 85 0b 9e 6b 50 40 32 12 a0 9e c2 5d d7 af |[....kP@2....]..|
+000000e0 b1 57 e0 bf 05 59 3b 4c 93 4f 4b 85 6f 8d bf 65 |.W...Y;L.OK.o..e|
+000000f0 94 a9 7c fc ab ef 1a 3a 4e 70 bd 54 35 6d f9 68 |..|....:Np.T5m.h|
+00000100 36 8d 5e 30 d7 01 5c 1e b1 91 7c 9a fb 18 08 63 |6.^0..\...|....c|
+00000110 28 d8 28 5d 53 1c f9 88 cb |(.(]S....|
>>> Flow 8 (server to client)
-00000000 16 03 03 00 81 8b 09 74 4a 5b 74 ef c4 91 26 84 |.......tJ[t...&.|
-00000010 25 33 c2 f7 05 1c 13 cf 00 ba 54 dd 16 e9 f3 4d |%3........T....M|
-00000020 80 f5 1f f9 9b 7e a8 a9 60 f1 d6 be f9 c1 75 b0 |.....~..`.....u.|
-00000030 1b 98 c4 d2 f0 69 c5 d5 d9 07 dd 19 56 4f cd 6f |.....i......VO.o|
-00000040 b0 df 58 a8 da 66 23 e6 8e 20 03 75 33 1a ee 61 |..X..f#.. .u3..a|
-00000050 ab 31 f7 2e e0 ea f4 29 26 34 1d 8e 52 0d 1a 6f |.1.....)&4..R..o|
-00000060 cc c7 bf 14 dc 1c 47 80 42 b7 d0 ac 26 f5 e1 8e |......G.B...&...|
-00000070 08 d7 63 8a 3b c4 d3 e7 15 a1 46 e3 9b c1 4a 5a |..c.;.....F...JZ|
-00000080 14 30 da 62 8f 3a 16 03 03 02 69 54 7c 6d 38 37 |.0.b.:....iT|m87|
-00000090 01 fe 7c fe 75 30 f1 c0 e8 16 89 b7 d8 7e e0 70 |..|.u0.......~.p|
-000000a0 90 4e c5 7d 37 1b 44 57 7b 91 50 cc aa 71 47 9d |.N.}7.DW{.P..qG.|
-000000b0 64 67 42 2c b0 01 64 b1 05 6f b3 a9 07 61 f9 99 |dgB,..d..o...a..|
-000000c0 f8 2c 59 08 12 80 c5 48 0c 88 67 05 74 da 91 e0 |.,Y....H..g.t...|
-000000d0 6d 53 2a ac 02 14 cb f9 f5 c1 dd c2 29 29 e6 7d |mS*.........)).}|
-000000e0 78 52 cb 19 74 80 6f 1b ab a9 4c b7 88 09 01 b8 |xR..t.o...L.....|
-000000f0 66 a1 8c 1d 1a 06 08 05 7d 60 5d e6 a7 da 36 17 |f.......}`]...6.|
-00000100 ef 5c 90 c3 77 d8 34 d4 99 e5 bd 1d 70 15 78 db |.\..w.4.....p.x.|
-00000110 71 23 4d 4a 18 bd ac ab 36 86 79 05 70 1c 51 15 |q#MJ....6.y.p.Q.|
-00000120 82 c9 a0 c2 cd 80 d0 41 a1 51 10 c5 96 44 1f 97 |.......A.Q...D..|
-00000130 a7 20 0a 80 a4 7c fe 6d f3 b4 ae 19 17 17 d4 97 |. ...|.m........|
-00000140 37 cf 69 34 8e ad 5a e6 66 fc f3 07 7d a7 5c 0d |7.i4..Z.f...}.\.|
-00000150 c2 fd d6 3d 69 dc 41 6f b0 fd 3b db 3a 95 25 52 |...=i.Ao..;.:.%R|
-00000160 a0 82 54 7c f3 4d d2 65 8b c6 55 3a 9c 89 19 f1 |..T|.M.e..U:....|
-00000170 aa c0 49 7a bf 1c ec 7a 78 d2 11 c0 8f ab 53 2d |..Iz...zx.....S-|
-00000180 68 69 9e 12 db ec 77 df 7d 7b 5f 75 76 df 76 1e |hi....w.}{_uv.v.|
-00000190 b4 c3 32 3f c9 cb 58 bd c4 b0 45 61 2a dc 14 fb |..2?..X...Ea*...|
-000001a0 3a 83 84 e0 ad a0 25 16 e7 1c 3c 4b f6 4e 6d a8 |:.....%...<K.Nm.|
-000001b0 60 f5 ba b8 69 c5 90 f8 45 05 2c 28 4e ab ff d9 |`...i...E.,(N...|
-000001c0 f6 4a de 83 ec 2b fa 64 3b 59 40 86 b6 7a 8c e3 |.J...+.d;Y@..z..|
-000001d0 0e 02 b2 59 fa cb 58 f2 ca e2 ce f3 44 25 51 bc |...Y..X.....D%Q.|
-000001e0 6c 10 5f 8b 9b 57 3e 7d 61 ad 3e d0 62 2b bc 18 |l._..W>}a.>.b+..|
-000001f0 0b 71 d8 1d ae 65 c0 f8 71 98 aa 08 af 10 09 6f |.q...e..q......o|
-00000200 9d 79 9b 70 d5 48 5c 96 ac d0 2d ee 61 1f 8a 96 |.y.p.H\...-.a...|
-00000210 5e 8b 04 06 80 20 f1 cc 61 93 9f ea c3 3a f0 ba |^.... ..a....:..|
-00000220 ed 7c 80 25 4c ba e8 a6 97 62 04 cd 8b 58 00 d6 |.|.%L....b...X..|
-00000230 e1 0d 0b f3 c0 73 b9 0d 57 e3 76 8d f8 a9 43 72 |.....s..W.v...Cr|
-00000240 c0 37 d9 f5 16 02 0a 0c d1 44 2d e6 fe 57 3d 9f |.7.......D-..W=.|
-00000250 64 ef a6 f6 9b 44 7a 16 de f7 64 94 6f 4c c4 57 |d....Dz...d.oL.W|
-00000260 f8 ba dd 64 61 87 55 6e ac 96 1c 68 f4 68 b2 90 |...da.Un...h.h..|
-00000270 ec 7a a5 f3 7c dd f0 30 af 27 9d c4 dc fe 05 c7 |.z..|..0.'......|
-00000280 4b d3 44 63 5c bb e0 e0 eb 0d bc ef ea fa dd 17 |K.Dc\...........|
-00000290 1f 27 a6 b7 79 6c 0c 64 25 91 4d a1 cf ae 5b 81 |.'..yl.d%.M...[.|
-000002a0 2b d3 18 0b 82 3e 4a 4b 02 6c cb be c7 b7 a7 e0 |+....>JK.l......|
-000002b0 2f a7 a0 32 f4 5d b2 5b 6e 9f b4 cd ee 58 e4 bd |/..2.].[n....X..|
-000002c0 ac 44 4d 0d 37 31 8b d1 d5 01 83 0a 63 85 14 e3 |.DM.71......c...|
-000002d0 55 93 1d 25 61 4b 43 b5 a4 e5 d3 50 e9 01 96 02 |U..%aKC....P....|
-000002e0 10 aa 58 6a 9d e0 e4 80 c4 a9 20 c9 b5 0c 79 bb |..Xj...... ...y.|
-000002f0 5c 5f 22 43 16 03 03 00 bc 56 b6 aa ae 4c 5f f5 |\_"C.....V...L_.|
-00000300 4f 16 84 92 4b d3 be 30 7f ab 74 d2 5e eb 23 de |O...K..0..t.^.#.|
-00000310 2f 5b 6e c4 1a b4 e6 39 33 f8 c9 0f a3 b0 d5 bb |/[n....93.......|
-00000320 77 21 76 6d 6e 45 b9 75 d1 86 b8 be ad 31 85 db |w!vmnE.u.....1..|
-00000330 90 39 92 74 3a fc e1 5c 71 b9 64 b5 ae d8 5b a5 |.9.t:..\q.d...[.|
-00000340 ac ca b5 9c 3a ad 58 a3 b3 2d 80 52 47 8f 5c 9b |....:.X..-.RG.\.|
-00000350 fd 09 a9 b0 b9 84 e5 01 03 69 ca b3 79 bc 61 da |.........i..y.a.|
-00000360 f9 58 0a 0e 86 a3 aa 3a b9 e8 8d 87 a5 0b 62 fa |.X.....:......b.|
-00000370 7f de 17 29 ed 75 38 49 4a f9 5f a3 cd 92 f7 bd |...).u8IJ._.....|
-00000380 fd 5d d3 0e 2f 49 38 a1 ba b5 87 e2 65 e0 68 c1 |.]../I8.....e.h.|
-00000390 c1 3d f2 57 06 25 9e b8 54 6e 9a 33 ee 3f 6a fc |.=.W.%..Tn.3.?j.|
-000003a0 53 1c cc 1f ee 6a 0f 43 c5 68 08 02 4e d7 3e 5e |S....j.C.h..N.>^|
-000003b0 a6 c9 aa da 0b 16 03 03 00 14 8b 31 f6 f0 2c bf |...........1..,.|
-000003c0 d1 fa 59 12 4a 4d 9d 51 d2 79 ff 58 3a fa |..Y.JM.Q.y.X:.|
+00000000 16 03 03 00 81 b9 47 ca 9a 81 1b 3e 4e 21 cf 05 |......G....>N!..|
+00000010 99 31 4c 2a d4 72 9d 71 1f b9 87 e7 19 36 60 84 |.1L*.r.q.....6`.|
+00000020 e4 be 4a d9 7d 10 ad b1 d2 28 58 5b 47 09 cd 19 |..J.}....(X[G...|
+00000030 de d3 76 c4 56 e1 19 f5 a3 e2 e3 bd 8b d0 d9 e0 |..v.V...........|
+00000040 75 b2 d3 23 04 f0 65 ef 22 f6 10 13 28 80 1b c5 |u..#..e."...(...|
+00000050 69 75 7b 8c e6 cb 0e f5 e7 e8 fa 1e d0 e3 c3 24 |iu{............$|
+00000060 52 83 c9 a2 5b 57 94 da b9 f2 5e 0a bc f4 a0 da |R...[W....^.....|
+00000070 a1 02 b5 18 20 de 40 4e 52 97 12 6b e6 00 b6 eb |.... .@NR..k....|
+00000080 af 82 f0 08 d7 33 16 03 03 02 69 26 88 2e 6e 74 |.....3....i&..nt|
+00000090 21 8d 66 37 b3 77 37 52 0d 04 e6 89 99 00 3f e6 |!.f7.w7R......?.|
+000000a0 e5 6b 56 68 8e 07 0b 2b 35 8f 59 81 f0 b0 82 77 |.kVh...+5.Y....w|
+000000b0 dd 13 b8 16 a9 e0 84 9c bc 2d cf c4 30 a4 43 f6 |.........-..0.C.|
+000000c0 01 04 c3 7d 9d a1 84 16 73 45 f8 85 c8 fc c2 25 |...}....sE.....%|
+000000d0 49 24 07 e1 d8 1c 8f da ce 04 0e ca 1a 4f 97 a0 |I$...........O..|
+000000e0 ba 8f 0f 2d 87 02 f9 a1 08 33 4e 53 a7 a1 bb c8 |...-.....3NS....|
+000000f0 41 d2 9b c6 44 0a 7e 8e 21 ff 0d 23 61 d0 b9 4d |A...D.~.!..#a..M|
+00000100 27 74 3a de 3a 7e 76 1e 8f a1 f8 57 ca 6b 1d dc |'t:.:~v....W.k..|
+00000110 75 e9 2b 95 ae dc 5e 93 de 23 43 6e 1f b1 4d df |u.+...^..#Cn..M.|
+00000120 f7 e6 d8 bd 3d 31 0a 7f 97 7b 07 c5 ac 8a 1e 51 |....=1...{.....Q|
+00000130 95 a1 c5 b3 93 ba ec 41 d8 1a 57 28 2f 53 14 d0 |.......A..W(/S..|
+00000140 e0 e9 e9 e2 f4 a8 b1 67 15 2d d8 3b 96 82 75 16 |.......g.-.;..u.|
+00000150 f9 4e a1 55 1d b0 e1 48 95 bb ee 46 5f dd 48 4a |.N.U...H...F_.HJ|
+00000160 6a ae b4 a0 24 21 85 70 20 80 22 dc c0 cc 0e 15 |j...$!.p .".....|
+00000170 55 c8 e1 15 1c 8c 38 c3 fb 38 31 0e 3c d8 49 bf |U.....8..81.<.I.|
+00000180 63 4d d4 20 09 a4 b1 57 f8 a3 1c b2 8e 8d 28 c8 |cM. ...W......(.|
+00000190 af 20 4c 46 ae b5 eb aa 54 ca 74 cc bc b4 5c a5 |. LF....T.t...\.|
+000001a0 a0 ab c1 41 fb cc 0d d6 6a 25 58 c9 f1 10 32 59 |...A....j%X...2Y|
+000001b0 6a d3 04 5a fe bb 84 58 94 04 aa fd a4 f9 79 6c |j..Z...X......yl|
+000001c0 f8 da 28 7f 16 73 5e 4c a2 07 9d cc 8f 8d 25 27 |..(..s^L......%'|
+000001d0 2d 60 a3 a0 0d e3 65 0b 69 1f 44 92 97 d7 1e b8 |-`....e.i.D.....|
+000001e0 43 f4 ed f5 3c 6c ce 0e f6 cb a2 83 80 c3 ee 00 |C...<l..........|
+000001f0 85 dd 25 2b 31 59 ba 88 07 df 04 8d a0 88 02 cc |..%+1Y..........|
+00000200 d4 b3 5b 7b f1 72 72 7f 2d 4d af 43 c6 a0 9c 46 |..[{.rr.-M.C...F|
+00000210 10 63 30 d1 cb 43 20 f8 5c d7 45 f8 48 3e 29 17 |.c0..C .\.E.H>).|
+00000220 ba 26 31 6e e8 a8 d4 d5 da e0 9f d1 8c 76 9a bf |.&1n.........v..|
+00000230 18 f9 02 1d a0 c5 07 b7 fe cd d2 34 47 27 84 b4 |...........4G'..|
+00000240 d4 07 3b 37 72 74 64 bb c4 31 5e 7b a9 c6 a9 a2 |..;7rtd..1^{....|
+00000250 06 03 ea 32 41 64 b2 6c 57 70 bb 5c 0a a0 3f 48 |...2Ad.lWp.\..?H|
+00000260 78 e8 0b 8a b7 dd 67 68 43 aa 8e d9 ff 81 a2 f4 |x.....ghC.......|
+00000270 c6 25 9d 06 30 a4 6a 24 e0 b1 cd b4 7a d4 09 6e |.%..0.j$....z..n|
+00000280 e3 d4 4c 3e b5 16 c3 44 9d f7 92 d6 40 95 d8 3e |..L>...D....@..>|
+00000290 22 61 a3 29 87 8d 63 e0 98 0c db 9b eb 86 84 fe |"a.)..c.........|
+000002a0 f3 ca 9f ce 7b de a9 04 3a 61 d4 bf d4 d6 51 60 |....{...:a....Q`|
+000002b0 02 06 cb 13 e1 a6 bf db f0 f1 53 c6 62 a6 1a 42 |..........S.b..B|
+000002c0 11 6f 5d 0c 13 c3 12 ff f5 7c 9b ef 58 54 14 3d |.o]......|..XT.=|
+000002d0 4d 4b c2 fc ae 33 4a 00 24 e9 3c 6f 6f 5b ef c4 |MK...3J.$.<oo[..|
+000002e0 dc be 36 c5 ae 09 c2 c8 fb ac b4 ac af 79 5a 8e |..6..........yZ.|
+000002f0 0d 8a 9d 38 16 03 03 00 bc 67 81 2a 98 2a ee 5d |...8.....g.*.*.]|
+00000300 cd 33 df de c0 78 96 ad f6 d1 e2 fe 9a e1 ab d6 |.3...x..........|
+00000310 95 f0 c8 24 da 49 2d 5a d8 da 29 e6 31 c0 94 cc |...$.I-Z..).1...|
+00000320 e3 9d 7e e6 e8 61 c9 e9 3a 0b 21 65 12 d8 20 87 |..~..a..:.!e.. .|
+00000330 fe fa ca 0e 69 98 70 01 a6 23 4e fb d4 02 cb aa |....i.p..#N.....|
+00000340 6a cc f9 f3 cf fe 60 b6 2c 01 c6 b9 fd 72 fb 6e |j.....`.,....r.n|
+00000350 d9 f9 40 35 3a 06 5d f6 63 42 ec 0b ae b7 88 08 |..@5:.].cB......|
+00000360 a8 74 b0 4f a3 ec 85 e9 ce 81 74 00 e4 b0 b8 08 |.t.O......t.....|
+00000370 a8 f2 a0 d6 84 7e b8 04 35 73 4a 15 1d cf 49 a2 |.....~..5sJ...I.|
+00000380 13 a2 a0 5b bb 98 17 67 76 76 c9 0a 4c 62 80 25 |...[...gvv..Lb.%|
+00000390 b4 06 32 3b 31 d5 00 08 6a c2 fe d6 8f 3d c3 1f |..2;1...j....=..|
+000003a0 aa 9c 9f 38 8a db fc 8b 7f f5 83 bb f2 2d c9 ec |...8.........-..|
+000003b0 90 ae ec 93 71 16 03 03 00 4a 93 37 97 13 36 1e |....q....J.7..6.|
+000003c0 02 ff d7 c6 86 d4 ef b6 8a b6 70 0c 3d 77 69 d8 |..........p.=wi.|
+000003d0 9c 5c 6e a7 55 b6 c8 1b 04 eb 4b bc d3 49 36 4f |.\n.U.....K..I6O|
+000003e0 1b b5 1b 10 d5 12 48 80 7f fc 2f 61 8b 02 12 09 |......H.../a....|
+000003f0 4a 13 44 28 9d 8e d5 ea 5d b7 ae 61 d5 38 e1 50 |J.D(....]..a.8.P|
+00000400 fe 4b bc bb 16 03 03 00 14 90 03 cf f7 ec 97 ef |.K..............|
+00000410 a3 9a 41 89 ac f5 99 9a cf ab f6 eb 06 |..A..........|
>>> Flow 9 (client to server)
-00000000 16 03 03 00 35 24 68 32 63 8a 43 11 1f 91 a5 8b |....5$h2c.C.....|
-00000010 4f 57 63 f6 de a8 23 c2 d2 68 33 d0 fc 9d 41 b1 |OWc...#..h3...A.|
-00000020 5f 71 d8 e4 fb b6 71 e6 83 2f cc 15 53 e1 70 48 |_q....q../..S.pH|
-00000030 34 92 68 ae 1f f4 88 b0 d0 59 14 03 03 00 11 e9 |4.h......Y......|
-00000040 01 e9 1d fa c2 c3 2a 60 68 98 83 fa f5 7e 5f 2a |......*`h....~_*|
-00000050 16 03 03 00 20 33 0c 00 8d 8a 60 06 dc 43 9d ae |.... 3....`..C..|
-00000060 a5 a7 23 05 3a 55 53 e4 41 42 46 bb 35 ef a6 2c |..#.:US.ABF.5..,|
-00000070 d4 d8 4d 85 d4 |..M..|
+00000000 16 03 03 02 69 74 87 f6 35 08 6b 36 04 33 bd 50 |....it..5.k6.3.P|
+00000010 d8 de c9 0b 8e 98 d4 2a ca f1 68 50 10 03 d4 83 |.......*..hP....|
+00000020 56 e2 12 fd 8d 5f ff 7c 16 9b 43 d9 75 f7 c6 ee |V...._.|..C.u...|
+00000030 ee dc f6 e9 19 d0 ae 8a 54 fb c6 7e 9e b4 15 79 |........T..~...y|
+00000040 17 fa d2 32 8d b4 b0 ff 15 44 ac 4f 28 5d ba 10 |...2.....D.O(]..|
+00000050 6e e6 cb b3 ad e8 ef 06 c4 3e aa 1f a8 df 1b 82 |n........>......|
+00000060 38 bd 5f 88 5c 0e 5b e7 03 df 9b 6f c2 d9 b8 5f |8._.\.[....o..._|
+00000070 bf 60 de 69 f3 12 4f b8 50 28 fc 2d 15 70 92 3b |.`.i..O.P(.-.p.;|
+00000080 76 7d 36 13 5e e6 39 e6 29 6d d0 99 14 ca 52 a5 |v}6.^.9.)m....R.|
+00000090 12 db 96 d4 d0 38 ef 42 6c 09 ca dc 06 f2 d3 8f |.....8.Bl.......|
+000000a0 49 c8 a3 c2 77 c3 c1 f6 18 6a 91 95 36 1b d6 47 |I...w....j..6..G|
+000000b0 f6 87 0c 3e 82 b4 22 62 a5 cb 5b e8 73 6e 71 52 |...>.."b..[.snqR|
+000000c0 4f 7c 9f b8 b4 f1 5b 77 96 a6 8e 22 52 b6 cf cc |O|....[w..."R...|
+000000d0 b4 5b a9 a9 63 4b 9b 1c db a0 ad f4 35 04 20 6c |.[..cK......5. l|
+000000e0 33 b2 c6 5c 6f 2a 1e 5f d9 c4 c1 b1 82 4f 6d 12 |3..\o*._.....Om.|
+000000f0 e1 6e f9 9f e8 0f e7 9e cf 80 eb 1a 72 de 9e df |.n..........r...|
+00000100 b2 6f d4 57 1f cc 01 89 b2 e3 2f 65 dd 05 ae 0d |.o.W....../e....|
+00000110 d0 9f 74 21 45 3c c4 00 67 61 2c 37 8e 96 a4 38 |..t!E<..ga,7...8|
+00000120 b2 1d d8 58 25 7a 3f 99 0c 7b e7 fd 67 92 e2 3f |...X%z?..{..g..?|
+00000130 14 32 79 25 d3 df cd cf 1f fc 5d 67 53 e0 7d 28 |.2y%......]gS.}(|
+00000140 60 b1 b0 d8 d9 81 d4 b4 22 81 e4 c2 09 8e 8d 37 |`......."......7|
+00000150 82 35 61 37 6c 6e 8e 2d 9f 41 63 b3 e9 f9 1f 73 |.5a7ln.-.Ac....s|
+00000160 8f bf 7d 08 65 b8 a2 5a 32 5a 0f 96 70 fc 11 d5 |..}.e..Z2Z..p...|
+00000170 b3 af 85 2c 22 cc 8d da 18 80 74 6c d9 64 1e e5 |...,".....tl.d..|
+00000180 8a 10 ee 28 6b 3b 85 d9 af b7 65 bd 39 c4 4c 1e |...(k;....e.9.L.|
+00000190 c6 40 b7 26 cd 07 1a e1 42 c9 a0 e6 94 34 60 11 |.@.&....B....4`.|
+000001a0 5e 1c c1 76 f5 59 70 fb 73 8e 2f 44 53 ea b2 55 |^..v.Yp.s./DS..U|
+000001b0 ed 0c 6f 39 f0 0a 04 b9 6c 7e c9 15 dc 3f c7 72 |..o9....l~...?.r|
+000001c0 85 78 02 ce 96 49 57 cd 56 dc 9c 76 b9 ae 08 6c |.x...IW.V..v...l|
+000001d0 52 82 b2 a0 05 20 f6 2e 28 0d 4c 46 58 42 d5 2f |R.... ..(.LFXB./|
+000001e0 83 55 b1 e1 47 f1 b1 70 72 b0 73 7f a5 7f 4d 73 |.U..G..pr.s...Ms|
+000001f0 e8 09 46 d7 16 3e 3d df 04 79 24 38 23 e2 a6 e3 |..F..>=..y$8#...|
+00000200 e7 70 b5 69 b7 42 fb 45 84 d3 e8 cc eb e5 25 67 |.p.i.B.E......%g|
+00000210 ee 71 b9 24 05 8c cc e0 2b 86 1d ac 54 24 e8 7a |.q.$....+...T$.z|
+00000220 c3 8f 22 df 01 21 f7 d1 a9 b6 96 3c e8 b4 c9 95 |.."..!.....<....|
+00000230 5a e1 2e 46 ac e3 6b a5 14 60 d4 63 c1 37 5e d5 |Z..F..k..`.c.7^.|
+00000240 14 d1 97 ae c0 cf 01 d3 b0 b0 3d d7 7e 9f 5a 52 |..........=.~.ZR|
+00000250 73 f3 e0 70 22 09 44 85 b9 1e 2f 78 a1 33 cc 39 |s..p".D.../x.3.9|
+00000260 fd ff bc 68 1e 96 7e 26 be 31 8e 73 64 21 16 03 |...h..~&.1.sd!..|
+00000270 03 00 35 96 4d ac f1 b3 1b 7b e0 ab 2b 47 40 be |..5.M....{..+G@.|
+00000280 46 a3 02 2c eb 74 b8 4f 53 b5 7d 05 47 dc 72 d9 |F..,.t.OS.}.G.r.|
+00000290 6a 8e 7d 6f 66 2a 6b e2 27 e7 6a bf 39 68 f3 9c |j.}of*k.'.j.9h..|
+000002a0 89 51 dc 4e 8c 82 38 57 16 03 03 00 98 fb 44 b6 |.Q.N..8W......D.|
+000002b0 36 4a 3e 0a 41 01 3d 78 8b 5d fe 95 69 a5 53 d5 |6J>.A.=x.]..i.S.|
+000002c0 d6 37 c3 e3 03 ae b7 33 57 1a 1a dd d0 cf 86 34 |.7.....3W......4|
+000002d0 6e 06 30 ac 09 08 13 8b 18 9f a6 ec 96 e4 bc ca |n.0.............|
+000002e0 06 6b 01 2d 2e 7c ff 34 9e 16 7e fc e3 0e 3c 0e |.k.-.|.4..~...<.|
+000002f0 5c d0 13 88 7d af ec a4 91 fd a1 48 ef b3 fb 2a |\...}......H...*|
+00000300 d8 e5 a3 c7 4b 50 34 fc c1 33 dd 43 88 8d 6e 16 |....KP4..3.C..n.|
+00000310 9e 0c d7 b0 7f b2 77 cc da e0 8e 02 9e db 2f 12 |......w......./.|
+00000320 3b 4f 5b 7b c2 eb e3 10 5c 6f 43 d6 54 e1 8c 55 |;O[{....\oC.T..U|
+00000330 ec 51 93 f8 12 5e f6 09 92 a1 95 51 db 75 97 17 |.Q...^.....Q.u..|
+00000340 bc cd 80 71 e9 14 03 03 00 11 4b d7 45 5f 00 cd |...q......K.E_..|
+00000350 ad 58 83 c6 14 13 d2 89 fa a8 2b 16 03 03 00 20 |.X........+.... |
+00000360 33 77 49 9f ff 97 4c 6a f7 42 45 d4 59 6a 1e 6e |3wI...Lj.BE.Yj.n|
+00000370 12 29 e7 62 01 0c 9e 8c e2 f1 7f fb aa a4 05 e2 |.).b............|
>>> Flow 10 (server to client)
-00000000 14 03 03 00 11 ce 28 cc ba 60 2b 9a 92 b1 a1 fc |......(..`+.....|
-00000010 73 25 71 fd f5 59 16 03 03 00 20 5d 9c a5 c1 2f |s%q..Y.... ].../|
-00000020 2a f3 af 84 9b 15 cd fa a1 6e ca a0 09 2b a4 b8 |*........n...+..|
-00000030 e9 e2 b8 eb 17 84 d0 fb 20 7e fc 17 03 03 00 19 |........ ~......|
-00000040 43 86 e9 94 82 d6 08 ac a3 90 97 05 b6 f0 54 28 |C.............T(|
-00000050 3d d1 c9 f8 d9 19 5a d4 ed |=.....Z..|
+00000000 14 03 03 00 11 b3 52 01 6f eb 60 f2 1e 3c 03 47 |......R.o.`..<.G|
+00000010 0b be 2c 14 06 9c 16 03 03 00 20 ac c1 ed 57 1b |..,....... ...W.|
+00000020 87 8a c6 78 a7 36 17 2b 61 fd db d3 cc 23 88 5e |...x.6.+a....#.^|
+00000030 8c 40 1b 04 10 40 1c 51 75 a3 3f 17 03 03 00 19 |.@...@.Qu.?.....|
+00000040 16 55 b1 d2 86 e7 fa be 59 4a 7f 13 b5 aa af d1 |.U......YJ......|
+00000050 0c 50 2a 7f a9 b9 c5 eb 45 |.P*.....E|
>>> Flow 11 (client to server)
-00000000 15 03 03 00 12 05 a9 95 98 5c 81 dc ae eb bc 17 |.........\......|
-00000010 2e 08 b5 32 82 45 23 |...2.E#|
+00000000 15 03 03 00 12 4c e2 da 21 11 be 48 2d 52 09 32 |.....L..!..H-R.2|
+00000010 83 9b 6f dc a8 6c 5c |..o..l\|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice
index fb5ca90..f85c690 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 72 05 00 95 36 |....Y...U..r...6|
-00000010 6c a5 d1 0f 06 bd 25 80 25 19 16 0d 70 56 8f c4 |l.....%.%...pV..|
-00000020 b4 e9 17 be d2 06 09 b4 05 bc 2e 20 bc b9 5a 92 |........... ..Z.|
-00000030 44 a5 91 7c 82 7e b6 c3 50 da cd f2 98 e1 26 14 |D..|.~..P.....&.|
-00000040 d3 eb e2 98 c7 f6 6c 96 71 d3 7e b4 cc a8 00 00 |......l.q.~.....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 51 2d ad 23 79 |....Y...U..Q-.#y|
+00000010 a1 68 89 d6 6d 78 78 ba 0d 65 e7 86 46 c7 5c c9 |.h..mxx..e..F.\.|
+00000020 3c fd 70 0e 82 d3 fa 66 5d 98 8a 20 db 5d a5 7f |<.p....f].. .]..|
+00000030 85 73 11 b9 cd 80 4c f1 87 a2 5a 33 d7 4d af 49 |.s....L...Z3.M.I|
+00000040 ed 3b 5f 3d 13 6f a4 38 1e c9 75 13 cc a8 00 00 |.;_=.o.8..u.....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,219 +60,284 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 f0 1b 05 7a 25 88 37 |........ ...z%.7|
-000002d0 65 0d 93 e7 44 ff b4 bd 8d 9a eb ca 4f 31 c6 42 |e...D.......O1.B|
-000002e0 f8 83 aa 1e 33 6c c8 3f 2a 04 01 00 80 0c 5b 0c |....3l.?*.....[.|
-000002f0 92 86 55 5a 05 c9 f0 df 0a 1f 57 46 24 53 a6 77 |..UZ......WF$S.w|
-00000300 f9 6b b0 a0 2e a3 64 f0 21 f1 93 10 de 9c 6f fb |.k....d.!.....o.|
-00000310 68 8c f0 d4 f6 b4 81 f6 60 8a 64 ee af f6 ee 3c |h.......`.d....<|
-00000320 d8 45 fc 3a 70 1d 89 c2 11 94 4e 9a 5c ee 67 64 |.E.:p.....N.\.gd|
-00000330 24 91 2c 97 09 ba 1f 76 2d ca e4 a1 52 e9 d6 8a |$.,....v-...R...|
-00000340 e5 21 42 66 80 95 72 61 6e d7 09 eb db 30 fc b7 |.!Bf..ran....0..|
-00000350 8e d6 3a 91 97 14 09 33 15 9a 5d 45 a9 53 0b 3d |..:....3..]E.S.=|
-00000360 49 3b ba 95 8c ae 96 06 e1 e9 4c 2f 72 16 03 03 |I;........L/r...|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 68 e3 7e b2 34 ed 21 |........ h.~.4.!|
+000002d0 05 68 aa 61 70 f7 67 5b ab 93 87 9c 8d 70 96 a7 |.h.ap.g[.....p..|
+000002e0 63 b8 ab 89 84 6b 89 08 13 08 04 00 80 94 a2 04 |c....k..........|
+000002f0 de e3 fa 20 2b ea 31 3b c6 d9 ef 04 d9 7f 83 f8 |... +.1;........|
+00000300 f1 1e f3 9b d8 d6 db f1 bc 52 52 15 09 c7 6b 17 |.........RR...k.|
+00000310 56 ed 2c 51 2f ba 9c 23 1b 49 0f c6 d9 05 5c 66 |V.,Q/..#.I....\f|
+00000320 d0 19 af 29 d3 65 60 75 06 4e 15 7b c1 08 fe ac |...).e`u.N.{....|
+00000330 0d b2 8c 65 67 f0 5a 9d 9f ed 33 dd 6a 09 58 0b |...eg.Z...3.j.X.|
+00000340 25 ed 45 57 ea 61 a1 72 cb 39 ef fc 8b 06 94 b9 |%.EW.a.r.9......|
+00000350 68 ff 73 c5 52 8e 2b ef c5 39 e7 93 34 2a cf c1 |h.s.R.+..9..4*..|
+00000360 54 cf c3 63 a2 2c 06 92 9f d9 8b 24 2c 16 03 03 |T..c.,.....$,...|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 f7 8a a0 59 29 4a b5 a1 1a d2 9c |.... ...Y)J.....|
-00000040 d7 4f f7 eb 76 ed 9f d5 93 cb 30 dc dd a1 28 0a |.O..v.....0...(.|
-00000050 82 3e fb 3b d0 |.>.;.|
+00000030 16 03 03 00 20 c5 ed 46 65 cc 21 42 fc 0f 93 4b |.... ..Fe.!B...K|
+00000040 0e 73 eb 8f 8e e2 fe 45 f0 0e 64 f5 1b db 79 a6 |.s.....E..d...y.|
+00000050 60 7f ca 5c 72 |`..\r|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 01 ce 8d 74 22 |.......... ...t"|
-00000010 4a 7e 22 fe ab b4 ed 5e 05 27 3f e9 35 97 f4 ef |J~"....^.'?.5...|
-00000020 c5 df 0c 7f d7 6a 10 94 a0 72 dc |.....j...r.|
+00000000 14 03 03 00 01 01 16 03 03 00 20 eb 22 65 3b 95 |.......... ."e;.|
+00000010 dd f8 04 5c 3e cc cb e7 e3 d0 bf 86 bf d6 70 f7 |...\>.........p.|
+00000020 1d 75 87 28 bb be 28 e3 b4 fd 7b |.u.(..(...{|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 cc f5 66 f6 5e d6 b5 53 e6 d6 29 |.......f.^..S..)|
-00000010 90 c6 dc b3 ad b5 43 ea 16 80 88 |......C....|
+00000000 17 03 03 00 16 d0 03 3c 9c 0a 2f 8e 12 d7 9b 3f |.......<../....?|
+00000010 66 d3 6b e4 4d 2b be bf 61 e0 f1 |f.k.M+..a..|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 0e 28 a6 a0 4a 78 90 fa d5 ed 0a |......(..Jx.....|
-00000010 45 b8 21 75 18 de 93 16 12 |E.!u.....|
+00000000 16 03 03 00 14 f2 1c 0c 2c 61 9c 59 eb b5 b2 17 |........,a.Y....|
+00000010 50 46 fd a1 3f 06 2c fc ef |PF..?.,..|
>>> Flow 7 (client to server)
-00000000 16 03 03 00 b1 60 7a a2 91 30 f4 5b a4 5f 4c 38 |.....`z..0.[._L8|
-00000010 5e 44 34 09 02 13 c3 1b 02 d3 64 e4 f3 c2 35 87 |^D4.......d...5.|
-00000020 b2 4b 39 fd 89 10 12 42 97 b9 97 e5 67 82 0a 5c |.K9....B....g..\|
-00000030 24 28 5a 0c be db d2 0b f7 ac b7 f4 9d c1 0f 0a |$(Z.............|
-00000040 76 e4 6f 41 e2 31 e3 35 0b 39 71 a9 31 56 b0 41 |v.oA.1.5.9q.1V.A|
-00000050 13 d6 0f 2c 10 e9 e7 bb 37 2a e9 b2 4d 8a f3 8a |...,....7*..M...|
-00000060 5a ab 12 02 99 ba e4 45 b9 2d c6 be 45 35 37 6a |Z......E.-..E57j|
-00000070 e5 24 be db 79 39 df 5e c8 a8 58 42 2d 40 00 96 |.$..y9.^..XB-@..|
-00000080 89 8a 2e 45 32 61 3e 65 18 c1 8f bf 90 da 60 bd |...E2a>e......`.|
-00000090 03 34 ad 93 ac aa 33 55 31 8c 41 fa d0 85 42 a8 |.4....3U1.A...B.|
-000000a0 dd 69 2f fb e5 21 c6 64 39 42 8c af b6 1d 21 e2 |.i/..!.d9B....!.|
-000000b0 47 ec 11 ed 4d 6d |G...Mm|
+00000000 16 03 03 01 14 06 cd f6 16 2c a0 d5 ee c5 42 68 |.........,....Bh|
+00000010 c9 5f a9 b0 e7 79 0f 20 7c 0c 85 a9 ad df ee d6 |._...y. |.......|
+00000020 3e 8c ce ea c0 db 1a d4 9d b7 7d db 9f 37 91 93 |>.........}..7..|
+00000030 90 1e 48 ce a4 71 df 23 03 0d 29 82 7a 63 ee 2a |..H..q.#..).zc.*|
+00000040 82 83 e6 e1 50 ab d2 9b 82 94 de 3d ae 0c e4 8a |....P......=....|
+00000050 eb e7 3a d9 cb fb 87 24 2d 91 a3 65 e5 df 36 03 |..:....$-..e..6.|
+00000060 ef e4 93 4b 24 aa a5 04 17 60 68 2b 0d c9 e0 24 |...K$....`h+...$|
+00000070 18 69 7b 28 59 48 d6 1a 6e 74 23 7c 54 65 8c 3f |.i{(YH..nt#|Te.?|
+00000080 51 67 e2 94 35 ce 60 2c 04 3d 04 15 31 b1 42 8a |Qg..5.`,.=..1.B.|
+00000090 34 6c b6 47 d9 e0 3c e9 77 62 5f 76 c1 4a d3 f6 |4l.G..<.wb_v.J..|
+000000a0 56 b9 08 28 b7 c3 a5 ae 45 0e 26 95 3d fe 97 b4 |V..(....E.&.=...|
+000000b0 30 52 6d 57 5a 1f 95 97 67 18 b4 03 f3 b8 8d 0b |0RmWZ...g.......|
+000000c0 49 bb 66 87 fb aa 36 35 00 7b fe d9 f1 7b 2b 7e |I.f...65.{...{+~|
+000000d0 03 47 80 87 2b c9 17 c9 2e 45 82 af cd 67 49 e2 |.G..+....E...gI.|
+000000e0 a7 b5 fb 30 21 23 c6 22 a1 e7 f1 a1 3b 19 ff 04 |...0!#."....;...|
+000000f0 1c b4 99 7d b0 5e 49 43 5d 0e d4 62 04 7d 52 ed |...}.^IC]..b.}R.|
+00000100 b4 50 86 06 83 d6 e6 9e 42 3d ee 9d 27 f7 6a 11 |.P......B=..'.j.|
+00000110 f6 c8 da 92 a2 23 49 8d 80 |.....#I..|
>>> Flow 8 (server to client)
-00000000 16 03 03 00 81 1b 98 a8 9a 8f 4f c6 d0 1f b0 21 |..........O....!|
-00000010 74 47 2a af 9f 6d a0 fb 4e 99 ed ad 05 99 5a 34 |tG*..m..N.....Z4|
-00000020 ab 9c 4d c0 24 72 15 f4 6f ba 8f d2 43 33 d5 8b |..M.$r..o...C3..|
-00000030 3a f6 10 cd d3 50 3e 8c b7 d6 03 b7 1c 28 d7 fb |:....P>......(..|
-00000040 47 1c b9 a7 14 a4 6e 8e 06 65 d3 b8 8a 8c 73 ee |G.....n..e....s.|
-00000050 36 63 24 bf 5a c8 0a 27 1f 93 a4 fc 50 c9 48 d0 |6c$.Z..'....P.H.|
-00000060 43 27 63 6d c3 d9 ca bf 2c 03 c8 d1 e3 d1 94 43 |C'cm....,......C|
-00000070 e0 12 87 b1 96 14 b4 7f ac 8a 85 50 5d f7 64 0e |...........P].d.|
-00000080 05 cd 47 43 59 5e 16 03 03 02 69 90 f1 fe ba 32 |..GCY^....i....2|
-00000090 b5 0d 2f 98 95 2f c1 95 9a 09 32 ab 9f a8 a8 bc |../../....2.....|
-000000a0 2d f0 cf 7e 7f d0 f8 b9 0c e0 11 84 03 8e d3 27 |-..~...........'|
-000000b0 c5 15 07 81 02 fa 64 7b eb 21 63 59 15 ba 9e 4e |......d{.!cY...N|
-000000c0 6d 03 81 f4 d8 8b 4d f4 82 fd 62 1f 9f 28 64 80 |m.....M...b..(d.|
-000000d0 5b af d3 fc fc 2e dd 6c b0 5c 28 5e 58 e7 01 07 |[......l.\(^X...|
-000000e0 86 d1 40 35 f2 9c 2c 45 c0 2a 86 67 30 d4 d4 51 |..@5..,E.*.g0..Q|
-000000f0 6c 18 31 bd 22 2e d0 6c ea d8 f4 9b 87 30 ea 09 |l.1."..l.....0..|
-00000100 66 11 36 a3 ae f5 a7 91 a0 76 8e 77 c1 3d f7 3a |f.6......v.w.=.:|
-00000110 88 29 b2 c4 2f 4e cd c6 d9 93 80 7f 9b 29 3a a4 |.)../N.......):.|
-00000120 f5 63 77 7d 54 07 62 8c bc 23 c8 36 ea a8 e5 c4 |.cw}T.b..#.6....|
-00000130 46 4b 59 dc 02 58 9d 21 00 47 39 29 60 9a 14 d8 |FKY..X.!.G9)`...|
-00000140 ae 55 5c 03 fd 05 b7 66 30 de 81 87 9c 45 9f 52 |.U\....f0....E.R|
-00000150 1e c5 2d d8 6a 7d d0 64 7b 0c 3a 47 b9 ff dd dd |..-.j}.d{.:G....|
-00000160 60 a6 fa 69 f9 a0 43 a5 97 27 e8 fe 2d 99 94 01 |`..i..C..'..-...|
-00000170 d7 52 c2 b2 ec 77 10 af ed 5e f6 82 d4 15 60 aa |.R...w...^....`.|
-00000180 d3 cd 39 e5 a6 92 c9 f8 9e 63 e1 83 71 33 f2 dc |..9......c..q3..|
-00000190 dd 7a eb de ac 91 46 06 ef 23 b2 6f 39 33 69 75 |.z....F..#.o93iu|
-000001a0 43 d7 e5 e1 b0 5c 2f 0f 2d 39 d6 14 11 cd 6b a2 |C....\/.-9....k.|
-000001b0 37 d2 32 0b b6 45 ad 2c b8 26 ef 43 3e 63 b0 1f |7.2..E.,.&.C>c..|
-000001c0 a1 79 d2 c7 84 f9 7a 5f b2 c2 fd 4e 22 89 23 1d |.y....z_...N".#.|
-000001d0 b7 4c 6c b5 b1 c1 19 a9 7c f7 23 bf 91 0e aa 8c |.Ll.....|.#.....|
-000001e0 da 67 68 57 84 b9 68 5f 69 16 ad c7 32 86 98 81 |.ghW..h_i...2...|
-000001f0 06 01 91 66 fd 5e e3 f5 63 4b e3 05 6d 41 f0 4e |...f.^..cK..mA.N|
-00000200 f2 b1 70 26 de ed e5 83 87 d3 cf 5d 5c 7b d5 14 |..p&.......]\{..|
-00000210 08 e9 e3 88 9a d0 9a e4 d6 40 44 1b 61 57 8f a3 |.........@D.aW..|
-00000220 8a 52 5e 83 75 07 3d c2 16 00 3c a3 e9 61 cb 41 |.R^.u.=...<..a.A|
-00000230 66 e7 54 7c e1 e5 7b 85 cb 0d f6 50 93 7d 85 c1 |f.T|..{....P.}..|
-00000240 de 98 a8 8d 5a 0d 12 80 25 78 25 15 a3 0c 7a 7f |....Z...%x%...z.|
-00000250 43 45 2e 0f e0 47 05 9f b2 2a 0d 9f 23 e3 0b 62 |CE...G...*..#..b|
-00000260 33 91 d9 d8 7f f5 ac ed ef fd ea a5 f5 df 04 e8 |3...............|
-00000270 6f 4a bd a2 bf aa fe 56 49 13 7a d3 58 2b ef ab |oJ.....VI.z.X+..|
-00000280 ed f8 4b 6f 77 18 1e 37 59 2c 98 85 c4 59 f5 08 |..Kow..7Y,...Y..|
-00000290 a6 03 f3 9b b0 79 24 cc 61 55 e3 b7 a7 f5 96 58 |.....y$.aU.....X|
-000002a0 39 57 ec 40 33 a8 94 a2 c8 7f d4 5a f6 5e b0 be |9W.@3......Z.^..|
-000002b0 89 b8 4d 45 73 ef 9f e9 cc d1 31 f8 46 97 82 be |..MEs.....1.F...|
-000002c0 fa 44 de 62 36 47 6f 7b 5e 50 af b6 1b d2 0b 02 |.D.b6Go{^P......|
-000002d0 17 df 6b c4 b5 ca 60 39 49 2e 86 d7 84 60 37 34 |..k...`9I....`74|
-000002e0 65 43 0d f7 04 88 38 e4 5f 65 19 d0 62 8c 29 b6 |eC....8._e..b.).|
-000002f0 2d d2 52 0f 16 03 03 00 bc 30 b3 f2 e1 bd 5e ec |-.R......0....^.|
-00000300 c3 68 8a cc b4 4d e1 f1 76 e7 c1 47 0a c2 54 c1 |.h...M..v..G..T.|
-00000310 9d d9 2d 72 1b 44 2d 3e 3d 22 5b 7d a1 c0 17 27 |..-r.D->="[}...'|
-00000320 97 dd fe 9e a1 c5 5b ce 5f eb 9d 72 0e 14 ca b1 |......[._..r....|
-00000330 61 f6 03 6e 84 d5 c4 53 91 ed 22 41 6e c9 84 91 |a..n...S.."An...|
-00000340 59 a2 30 38 2a 29 b3 b8 9e 45 3a 1f 98 30 ce a4 |Y.08*)...E:..0..|
-00000350 41 8a d9 ea e8 8d ee 43 cc 29 94 8c e5 86 cc 7b |A......C.).....{|
-00000360 04 a7 31 1e 87 2b aa da 6c d0 4a a7 08 6e 31 2f |..1..+..l.J..n1/|
-00000370 c3 95 06 3e 6d 9c 1b bb db 74 f5 a2 7e 6a 17 5f |...>m....t..~j._|
-00000380 4c 2f f5 56 69 89 04 f7 17 41 85 ea 35 2f 59 db |L/.Vi....A..5/Y.|
-00000390 d3 b9 f9 7a 6c 08 f8 f2 2d ba 04 ef 57 b5 d0 2f |...zl...-...W../|
-000003a0 f3 3d 31 e6 c1 f8 26 9d 06 be 38 94 ba 8e ca 3f |.=1...&...8....?|
-000003b0 4c 5b 70 c6 09 16 03 03 00 14 1e 86 bf c9 1e 7c |L[p............||
-000003c0 08 0c 5a fb e4 92 8c f9 78 85 34 e3 56 86 |..Z.....x.4.V.|
+00000000 16 03 03 00 81 7b f1 ac 76 fd 28 ba 97 a6 8e 3a |.....{..v.(....:|
+00000010 ae f0 9a f6 ed 64 5d 2a 50 7d b2 83 e5 de b9 3c |.....d]*P}.....<|
+00000020 3c 5b ab 48 db ec a7 18 d6 fd af a1 98 32 82 1e |<[.H.........2..|
+00000030 b4 8d 83 3f 44 ff e6 1e 86 2b e3 f9 39 f8 30 a4 |...?D....+..9.0.|
+00000040 26 f9 cc 3f 73 d5 88 f5 90 c7 b4 20 0b d3 6b c3 |&..?s...... ..k.|
+00000050 4c 81 e6 4e 83 81 a7 9d 47 0d 0b 29 4c 2a 45 e2 |L..N....G..)L*E.|
+00000060 0d 8b 40 61 0d f1 ee e1 e8 db 8f 43 e4 75 71 44 |..@a.......C.uqD|
+00000070 f5 e3 69 99 a7 6d 67 79 06 02 65 4a 80 84 ee d8 |..i..mgy..eJ....|
+00000080 56 30 f2 a6 ad b5 16 03 03 02 69 c9 6d 2c 0f ed |V0........i.m,..|
+00000090 9c 35 b6 61 29 70 0f ab a0 61 00 cc d6 aa 9c 37 |.5.a)p...a.....7|
+000000a0 9a 55 e7 a7 73 77 44 1b bb f0 be 1d 28 6a 45 03 |.U..swD.....(jE.|
+000000b0 d1 7e c4 ef 42 e2 37 1d 5e 5a 5e cd 73 54 05 bd |.~..B.7.^Z^.sT..|
+000000c0 a5 d9 d3 0d 7d 65 a3 a2 72 86 e0 c3 2d e1 91 96 |....}e..r...-...|
+000000d0 d5 11 34 e1 f0 24 97 84 95 12 9f e1 89 f5 1b e0 |..4..$..........|
+000000e0 fb 59 5b c4 fa 4e d1 f4 44 34 21 5a 5e 97 1a f7 |.Y[..N..D4!Z^...|
+000000f0 ba 06 e8 83 b2 4a ca b4 90 ef f2 06 d5 48 2f 18 |.....J.......H/.|
+00000100 11 2b fc 5c 41 ef 73 c4 78 8c 43 3f 63 3a bd ab |.+.\A.s.x.C?c:..|
+00000110 5b 61 bc 18 6c ce e3 f1 5c 55 3a 4b 78 70 91 06 |[a..l...\U:Kxp..|
+00000120 8f 79 19 4b aa 02 1d 86 f9 96 e6 2c a6 01 70 19 |.y.K.......,..p.|
+00000130 3a 84 f2 71 0e 18 6d 9a d6 33 d6 4d 45 7e 83 c9 |:..q..m..3.ME~..|
+00000140 21 6a dd 3d 82 1d 18 21 d7 fd b3 6f 8b 7e db ef |!j.=...!...o.~..|
+00000150 5e 7c 99 5a dd d1 03 22 d1 cf 2e 73 d5 09 33 2e |^|.Z..."...s..3.|
+00000160 8c 51 0b a4 7e e5 da 1b bc ed 13 ed d7 ba a9 25 |.Q..~..........%|
+00000170 b7 8a 3f 1c 54 bd 1f a8 53 4b 47 37 44 55 a5 4b |..?.T...SKG7DU.K|
+00000180 75 de 9c 86 d7 80 eb f5 f7 76 ff 5c 4d 70 69 02 |u........v.\Mpi.|
+00000190 a8 4f b4 a0 65 d7 c5 55 34 3f b0 83 5c a8 bc 60 |.O..e..U4?..\..`|
+000001a0 d3 46 c1 33 3c ef f9 53 3e 8d 86 3e c8 22 c4 e5 |.F.3<..S>..>."..|
+000001b0 dd 6c 59 55 6b fe 3e 04 10 eb 7d c7 bd d8 3d 71 |.lYUk.>...}...=q|
+000001c0 c2 2d 0b cd 29 a0 d9 3c cc c6 21 97 3d 24 36 1c |.-..)..<..!.=$6.|
+000001d0 f5 6a b5 12 48 98 ec 91 42 85 cb 45 c2 b6 f6 64 |.j..H...B..E...d|
+000001e0 c4 76 53 27 64 d3 89 f2 4e d6 98 23 25 a0 5b 54 |.vS'd...N..#%.[T|
+000001f0 83 ab 53 29 5d 39 59 67 77 d0 4f 82 9e 0c 45 ae |..S)]9Ygw.O...E.|
+00000200 6d 94 1a 9d 69 45 f0 37 0d 11 ee 46 4f 6a f3 81 |m...iE.7...FOj..|
+00000210 ce 9b 74 02 54 a6 d6 49 98 e7 3f 7b 4c fc 53 91 |..t.T..I..?{L.S.|
+00000220 80 d3 87 dd 55 91 04 ef 33 27 71 98 ef 1f df b8 |....U...3'q.....|
+00000230 d6 5c 31 6f ba 58 f3 89 7b ba b6 ea 9f 75 cd 08 |.\1o.X..{....u..|
+00000240 11 84 c9 e8 9f f8 8e 02 7d b7 4a 3b 6f 4d 25 46 |........}.J;oM%F|
+00000250 46 5d 7c 60 71 b5 02 d1 91 59 a8 10 c2 fa e8 56 |F]|`q....Y.....V|
+00000260 0f 6e 93 d1 dd c6 af e9 e1 c1 bf 64 8f 5b 04 78 |.n.........d.[.x|
+00000270 74 1c f5 af ef 48 b0 9e 29 a9 6c a0 ff e4 69 bb |t....H..).l...i.|
+00000280 e1 95 12 be 73 b0 35 89 82 93 b4 69 84 79 cc 78 |....s.5....i.y.x|
+00000290 1d 93 05 a4 85 25 c5 a3 da 4b c7 72 66 2f 35 78 |.....%...K.rf/5x|
+000002a0 62 94 d6 f3 1c dd 23 c8 86 11 fe b0 cb 2f 5c 78 |b.....#....../\x|
+000002b0 45 8d 2e 0c 08 c6 7c 5c 92 80 70 25 3b 25 53 a8 |E.....|\..p%;%S.|
+000002c0 86 f4 54 b6 a5 94 38 10 ff f9 3e 78 bb ce 86 fa |..T...8...>x....|
+000002d0 9d 91 df 9e c1 ef 79 db 1b f8 ed b5 53 6d 24 0f |......y.....Sm$.|
+000002e0 18 a8 eb cd 25 bb bb 24 64 25 4a 3e 04 00 16 f2 |....%..$d%J>....|
+000002f0 9a 8b 8f 25 16 03 03 00 bc 05 1a 5b 08 49 0c 86 |...%.......[.I..|
+00000300 8b 23 78 13 9e a7 3f ce 73 6b 30 ff 65 e5 a7 ba |.#x...?.sk0.e...|
+00000310 a4 14 8e e2 4e 14 3a 43 d7 03 50 79 8a fb ea a6 |....N.:C..Py....|
+00000320 03 06 8b d1 0b 2b 19 49 5c 50 34 67 ae 02 e7 f7 |.....+.I\P4g....|
+00000330 c4 91 ff 33 ad 87 62 bd 35 e4 bf bf c8 01 9f f7 |...3..b.5.......|
+00000340 69 74 b0 45 eb 10 f8 82 f6 bc 56 fa 0f 26 b7 cf |it.E......V..&..|
+00000350 13 ad fa 0a 55 c1 06 b2 e7 4f 9f 75 fc 65 d6 ff |....U....O.u.e..|
+00000360 e8 2d 21 22 52 bc a1 60 27 f9 7c 18 70 25 f1 76 |.-!"R..`'.|.p%.v|
+00000370 8d 4a f9 83 6e a0 52 d7 37 fe 2b 1c f2 03 8e d7 |.J..n.R.7.+.....|
+00000380 7d 51 a8 07 0b b8 9c e0 5d a3 ac cc bd d0 c9 8f |}Q......].......|
+00000390 36 62 b7 9e 19 0d 62 82 fb c2 68 e3 0f 4f eb 3f |6b....b...h..O.?|
+000003a0 33 ec f9 1a 3d c1 3d 68 46 1a 03 e1 fc 65 36 45 |3...=.=hF....e6E|
+000003b0 76 c2 87 6e 21 16 03 03 00 4a 7e 1f 28 4d ae 0e |v..n!....J~.(M..|
+000003c0 d3 90 13 53 ba 15 7a 68 88 1a ed 5f 50 3c 5d b2 |...S..zh..._P<].|
+000003d0 11 5a 40 3a 11 44 a8 ce fa 37 b3 0a d0 02 1e cc |.Z@:.D...7......|
+000003e0 f9 2f 6d 28 a8 f1 26 ea 52 36 52 5a 70 3f de 89 |./m(..&.R6RZp?..|
+000003f0 5c 11 5f e0 ba 5e 18 b6 b8 b4 55 74 44 c5 a0 7c |\._..^....UtD..||
+00000400 73 7c 51 e5 16 03 03 00 14 2d fe a4 59 be 8a e0 |s|Q......-..Y...|
+00000410 4a 6c e0 1a ae 8b ce 04 a0 f2 2f 1b f8 |Jl......../..|
>>> Flow 9 (client to server)
-00000000 16 03 03 00 35 a7 bb 37 bb b1 b0 8e 12 72 8b a8 |....5..7.....r..|
-00000010 c5 d4 cc 44 1c 4b 87 1f bc cb 39 35 60 fb 06 de |...D.K....95`...|
-00000020 44 ac 0a c5 13 cb 15 1b ce 6b d8 45 28 d6 80 1b |D........k.E(...|
-00000030 06 1f 32 4c 26 81 77 08 9c 23 14 03 03 00 11 c0 |..2L&.w..#......|
-00000040 1b 3b 4d e8 9d ba d9 2c 50 10 03 b9 0c 57 83 60 |.;M....,P....W.`|
-00000050 16 03 03 00 20 e0 d7 07 fe 04 89 25 3c b6 c0 8a |.... ......%<...|
-00000060 33 14 6c 3e f4 48 5c 17 33 f8 f0 11 3a cb d8 17 |3.l>.H\.3...:...|
-00000070 cd 42 be 22 68 |.B."h|
+00000000 16 03 03 02 69 70 17 aa 0e 85 63 a2 39 31 b1 d9 |....ip....c.91..|
+00000010 b5 a0 4b 6d 29 eb 23 6c fb 66 11 6f 46 16 65 5e |..Km).#l.f.oF.e^|
+00000020 79 75 aa 45 1f eb 07 99 0d 34 fa 10 90 32 5a 94 |yu.E.....4...2Z.|
+00000030 2c 85 b2 8f 27 1d ae 15 49 c0 92 49 58 84 54 2a |,...'...I..IX.T*|
+00000040 35 d2 f5 56 fd ed c7 0f 33 fe b4 b8 9c 5c 7e 1e |5..V....3....\~.|
+00000050 59 ee 41 3e 0c b1 30 f7 2a f4 ca 2c c3 9a 0a a1 |Y.A>..0.*..,....|
+00000060 96 96 81 61 77 e4 f2 f5 59 9a 57 71 31 89 7e 25 |...aw...Y.Wq1.~%|
+00000070 55 ef 4c 45 8b 54 c8 83 09 41 49 c6 3e cb fe ff |U.LE.T...AI.>...|
+00000080 15 ee 48 51 b4 06 c0 c0 27 fb df d1 99 c5 f0 bf |..HQ....'.......|
+00000090 fe 07 0b 49 88 fe 53 cf d7 58 12 16 77 5a d1 27 |...I..S..X..wZ.'|
+000000a0 29 a2 00 de 48 a6 d3 e6 b2 87 86 55 03 f5 84 3a |)...H......U...:|
+000000b0 84 bf 58 ab 48 bc d0 1e f9 89 be 03 d5 af 4b 06 |..X.H.........K.|
+000000c0 f2 b5 42 c7 ef a4 bb 92 d1 23 64 ba 36 16 bc ed |..B......#d.6...|
+000000d0 ff 3a 43 3a 71 31 66 b5 34 a4 bb 92 3c e2 3e 7c |.:C:q1f.4...<.>||
+000000e0 b2 bb b4 c5 db 1a d4 a8 9a da 16 44 b3 8f 31 39 |...........D..19|
+000000f0 3e a7 58 2d 58 af d3 bb ff 70 7e 9d 54 de 90 01 |>.X-X....p~.T...|
+00000100 c8 ef d9 24 50 b5 12 c2 ca 7d f6 bf c6 38 1b ad |...$P....}...8..|
+00000110 4f 78 70 3d 64 4b 25 4f bc 84 67 5c e1 c6 a4 b7 |Oxp=dK%O..g\....|
+00000120 7e 05 30 ad 53 42 d7 40 c8 c0 4d 1b 0c fe 10 a9 |~.0.SB.@..M.....|
+00000130 dd 4a 5e 11 3a 79 b7 10 59 a6 5e ef 51 6f cc 4a |.J^.:y..Y.^.Qo.J|
+00000140 43 fb fd 5a 51 56 7d d7 d6 23 20 13 13 33 91 43 |C..ZQV}..# ..3.C|
+00000150 80 9a 4c e7 f6 78 18 25 02 4a dc 38 19 16 91 ef |..L..x.%.J.8....|
+00000160 c9 a6 67 c0 66 85 77 13 3a ff 21 01 ba 65 fc d3 |..g.f.w.:.!..e..|
+00000170 23 d8 92 ae 46 a7 a4 7f 5f 57 3d 6d 7c f9 9c d7 |#...F..._W=m|...|
+00000180 3d 56 54 4a 69 1d 62 38 d3 75 5c 9b a8 c9 b5 4e |=VTJi.b8.u\....N|
+00000190 b7 d6 9e 1a 51 76 57 7b bd bb bd 4b e8 ed 2f df |....QvW{...K../.|
+000001a0 34 72 6a 9c 54 3f ff f4 fe 30 3a 4f 2c 74 97 59 |4rj.T?...0:O,t.Y|
+000001b0 03 8c cc 71 f3 63 c8 04 55 37 e7 39 5c 0a 84 c6 |...q.c..U7.9\...|
+000001c0 75 fc b1 7f 24 59 e0 ca 59 50 29 1a 0d d3 27 47 |u...$Y..YP)...'G|
+000001d0 9e ea 6d 66 5a 22 e7 0d 10 56 a2 95 de 84 0e 7e |..mfZ"...V.....~|
+000001e0 6d 3a 63 d3 b4 c3 8c 61 79 f5 0a 69 51 a6 c9 69 |m:c....ay..iQ..i|
+000001f0 8d 3a f8 e5 7c 04 6b ed c7 5e 70 61 d4 38 c2 93 |.:..|.k..^pa.8..|
+00000200 84 26 23 c9 84 a5 ee b5 35 a9 18 6d 84 b1 bd de |.&#.....5..m....|
+00000210 72 14 73 a4 ab db 68 47 b3 13 37 e7 56 a3 35 0d |r.s...hG..7.V.5.|
+00000220 2c 54 88 21 d4 f1 2f ed 74 85 d6 19 45 9d 62 fa |,T.!../.t...E.b.|
+00000230 02 45 d3 14 c9 8f df bd 9f fe da ab c7 e7 4c 96 |.E............L.|
+00000240 62 92 ee 4f 41 99 4a 04 18 01 63 cf d1 f6 8a b0 |b..OA.J...c.....|
+00000250 b5 d5 f7 26 c6 4a c7 a2 d0 f1 72 3b bf 20 82 c3 |...&.J....r;. ..|
+00000260 23 c7 be 4c 55 35 c6 53 27 aa 99 38 8c da 16 03 |#..LU5.S'..8....|
+00000270 03 00 35 ba 6e aa 5f 90 48 ee 19 33 dd 0d fc 31 |..5.n._.H..3...1|
+00000280 cb ce 1e f2 7b 6b ff 44 60 90 88 13 c6 50 2b f5 |....{k.D`....P+.|
+00000290 50 ba 48 ce 6e 3c e5 96 a8 30 bf bd de ba ab 21 |P.H.n<...0.....!|
+000002a0 da ff 8b 50 4b 65 5f a3 16 03 03 00 98 87 74 48 |...PKe_.......tH|
+000002b0 d2 88 7a b1 67 57 b0 c2 01 be e0 e9 41 6a 56 8f |..z.gW......AjV.|
+000002c0 87 6c d2 37 09 45 40 59 9c 50 83 1b 48 6c b4 e4 |.l.7.E@Y.P..Hl..|
+000002d0 d3 9b 6d 46 89 83 2a 88 4c b3 b2 58 29 3e 41 76 |..mF..*.L..X)>Av|
+000002e0 4c 8a a0 cb aa e9 17 7f 48 7b 14 8a f7 ba 31 b4 |L.......H{....1.|
+000002f0 b6 3a e0 12 e6 88 8c 24 5f 97 93 46 bf 27 f3 fd |.:.....$_..F.'..|
+00000300 e4 d4 54 54 9e 46 b6 1d 8e 8d 20 49 7e bd 6f 09 |..TT.F.... I~.o.|
+00000310 55 af 5d 7f 24 df 69 1b dc a5 76 0c 34 e7 af 4c |U.].$.i...v.4..L|
+00000320 2c 1d 2c db 97 37 81 29 41 c1 4e 65 65 33 44 7c |,.,..7.)A.Nee3D||
+00000330 34 a2 dd fd 38 e4 e3 e1 dc af 2f 3f 64 2c 40 80 |4...8...../?d,@.|
+00000340 cc ff d2 d4 a7 14 03 03 00 11 8a 81 be 84 7b 14 |..............{.|
+00000350 28 fc b3 a5 ad 75 d6 ee 6e 5d 9b 16 03 03 00 20 |(....u..n]..... |
+00000360 87 3c 57 93 46 06 f0 6f 18 ce 33 5d 77 33 6c a6 |.<W.F..o..3]w3l.|
+00000370 7a d8 cb 6f 43 74 0a 56 30 72 bc 25 0e 2b e6 91 |z..oCt.V0r.%.+..|
>>> Flow 10 (server to client)
-00000000 14 03 03 00 11 05 69 30 af cd 8e 28 8b 04 3c de |......i0...(..<.|
-00000010 39 2c cc 79 60 dc 16 03 03 00 20 64 e4 49 e1 a5 |9,.y`..... d.I..|
-00000020 59 be ed d9 04 59 24 01 16 65 aa b9 22 7d 91 5f |Y....Y$..e.."}._|
-00000030 e5 e4 db a7 67 a0 10 51 7e 3b 77 17 03 03 00 19 |....g..Q~;w.....|
-00000040 70 cc 7d 13 21 aa ac d3 fb a7 ee cc f6 db 51 4b |p.}.!.........QK|
-00000050 2d 2a e2 66 f4 ba 29 aa e1 16 03 03 00 14 e2 ba |-*.f..).........|
-00000060 56 31 77 97 4a 4a a5 f0 05 28 d5 9f b7 3e 38 50 |V1w.JJ...(...>8P|
-00000070 1f 1b |..|
+00000000 14 03 03 00 11 79 d6 72 03 0f 48 d1 78 b5 5e 31 |.....y.r..H.x.^1|
+00000010 d6 e0 42 bc 6e 60 16 03 03 00 20 3b f1 7f a5 ab |..B.n`.... ;....|
+00000020 b7 b7 10 db 3d d6 7a 8a 5a bc c5 af 58 ca 5a 0b |....=.z.Z...X.Z.|
+00000030 07 27 2d df e9 aa 44 47 73 ab c5 17 03 03 00 19 |.'-...DGs.......|
+00000040 0c d2 a9 df 85 db f3 99 1d 4a ce 4e 40 69 2f d7 |.........J.N@i/.|
+00000050 d7 0b e3 dc b8 af 56 99 89 16 03 03 00 14 01 f2 |......V.........|
+00000060 5b 6b c9 00 1c 12 e6 14 8d b6 ea 0d 18 19 a9 bd |[k..............|
+00000070 07 e3 |..|
>>> Flow 11 (client to server)
-00000000 16 03 03 00 b1 86 78 3d 4f eb 03 b0 00 ca a5 94 |......x=O.......|
-00000010 9d 70 04 ff 30 82 59 9c ea 95 44 02 f0 14 fa 3c |.p..0.Y...D....<|
-00000020 aa af fa e8 17 3c ac 69 91 3d b6 23 85 85 7a be |.....<.i.=.#..z.|
-00000030 11 9e 17 4e 32 79 de 3e 04 54 71 d0 ae 94 03 97 |...N2y.>.Tq.....|
-00000040 d1 90 50 1f d5 8d d3 ff aa ce 0a fb 81 bd e9 11 |..P.............|
-00000050 3f c2 c5 68 f9 e6 71 00 4f d9 ef cb c9 fd 0e 0d |?..h..q.O.......|
-00000060 23 ce 04 f3 19 86 cb 4c a0 71 52 8e c2 90 a1 5b |#......L.qR....[|
-00000070 e2 1e f4 e7 24 4c 9a b0 0c fc eb 70 d0 94 44 4e |....$L.....p..DN|
-00000080 fc 5d 2e 16 2d 0f ff 61 20 3a 4d 19 cd 1c 22 d7 |.]..-..a :M...".|
-00000090 d0 23 ff a9 a1 bf 79 7c 91 ba d8 15 47 9a a3 88 |.#....y|....G...|
-000000a0 cb 06 f9 5d bd 8b c1 cb f6 16 ee 5d af 9c 7a 54 |...].......]..zT|
-000000b0 0c af 31 ee 4a d0 |..1.J.|
+00000000 16 03 03 01 14 5d 6b cf 2d 1d 78 18 d3 88 51 6c |.....]k.-.x...Ql|
+00000010 34 c2 bb f0 e6 a9 8c d9 19 7f f8 3e c1 13 19 2b |4..........>...+|
+00000020 61 65 46 cd 4b 3d 2e 91 a4 32 5e 49 ac 4c 67 8c |aeF.K=...2^I.Lg.|
+00000030 4a 82 70 18 ac c5 70 b5 c8 9b 6b be 01 0d 91 ca |J.p...p...k.....|
+00000040 ea 4d 78 e3 e5 e7 0c db 6b f4 03 31 11 e8 32 ea |.Mx.....k..1..2.|
+00000050 bf 6b c2 0d f8 5f 5b 56 20 e9 81 41 53 59 e9 0e |.k..._[V ..ASY..|
+00000060 a6 53 59 2e d3 cd 36 02 54 b3 c3 d5 70 64 41 b7 |.SY...6.T...pdA.|
+00000070 82 55 10 89 7e 3e 4d 5b c3 32 57 ee 6c 80 6c b7 |.U..~>M[.2W.l.l.|
+00000080 4e 20 ac 13 cb 9c 78 b3 eb fb 8d 0c 8a e4 4a 58 |N ....x.......JX|
+00000090 de 71 71 6a 54 74 5f 12 3a 52 0f 14 93 1b f7 8f |.qqjTt_.:R......|
+000000a0 14 fa 76 76 19 5b eb 8d 61 d7 ed c7 68 ed 1b 9d |..vv.[..a...h...|
+000000b0 1b 91 e4 92 df 88 4f af 3c 43 38 fa 0d 19 51 3a |......O.<C8...Q:|
+000000c0 2b 05 7d e4 28 56 0f 01 bf 2f 38 0c ea 7c f8 83 |+.}.(V.../8..|..|
+000000d0 c1 a2 2a 2b b7 7f ad 40 de 85 8e 07 22 cb 0f 3e |..*+...@...."..>|
+000000e0 90 6e 9c 03 ff 9e 44 34 43 38 b6 0f 1f 57 11 cf |.n....D4C8...W..|
+000000f0 c3 ad 0d 70 98 6e e5 70 7b 76 c7 f1 6b 69 2f 40 |...p.n.p{v..ki/@|
+00000100 df fe 47 c4 32 35 1d 03 42 a0 cc ee dd 5f 34 da |..G.25..B...._4.|
+00000110 74 85 4d 56 de e4 bd 0d b5 |t.MV.....|
>>> Flow 12 (server to client)
-00000000 16 03 03 00 81 d3 34 51 a2 7a 93 5e f9 ef 8f f7 |......4Q.z.^....|
-00000010 a3 be aa 40 2c 53 e4 5d 62 2e 19 4a bf f3 dc ce |...@,S.]b..J....|
-00000020 da e8 49 8e 4d 0c 68 72 3f 79 74 59 e2 8d 0c 78 |..I.M.hr?ytY...x|
-00000030 b7 13 05 0f 4f df 4f 01 71 40 38 f3 79 b2 33 51 |....O.O.q@8.y.3Q|
-00000040 f5 25 73 11 9a 30 b9 3c 5f d2 8b 32 71 6f 0d ef |.%s..0.<_..2qo..|
-00000050 6a 42 da f6 c5 1d a4 90 ad e4 08 60 39 55 19 97 |jB.........`9U..|
-00000060 a6 2c 5e 2c e3 96 ba 0c 54 50 bc b9 0f 3c 53 bd |.,^,....TP...<S.|
-00000070 e7 63 5f 13 e8 ce 35 34 c4 d0 1b da 1a fd 5a 52 |.c_...54......ZR|
-00000080 6e 5f 43 e8 d0 22 16 03 03 02 69 42 85 86 7e 3e |n_C.."....iB..~>|
-00000090 92 4c 49 8e 40 86 28 53 c2 aa 43 2f 49 00 fa ee |.LI.@.(S..C/I...|
-000000a0 48 0d 01 ec 94 e0 37 1a 05 97 6e ec a4 71 1e aa |H.....7...n..q..|
-000000b0 50 5a 49 e9 cc 21 b0 d6 ab 38 4a 30 a7 84 ec 7d |PZI..!...8J0...}|
-000000c0 38 34 91 63 3f 1a 59 eb 22 91 9b 23 23 b1 3f 7d |84.c?.Y."..##.?}|
-000000d0 0c 70 23 71 0d 50 09 80 21 56 fe f2 c8 14 3d 19 |.p#q.P..!V....=.|
-000000e0 91 04 a8 10 b8 2b b0 cb ff b7 6f 53 62 86 61 22 |.....+....oSb.a"|
-000000f0 4e 6d 67 12 d3 18 ac 90 ab 62 42 0f cb 08 47 73 |Nmg......bB...Gs|
-00000100 42 97 01 37 67 13 99 49 d6 f1 7f 0d 8a 83 6b 01 |B..7g..I......k.|
-00000110 00 76 d9 3a bd 0c 7a 64 c7 49 9e 06 d6 6c 04 48 |.v.:..zd.I...l.H|
-00000120 07 cc 96 03 f1 fe 38 76 b2 c3 97 ae 37 57 25 5e |......8v....7W%^|
-00000130 54 18 07 b5 e2 6a ca fe 07 01 d7 9c a6 5c 95 df |T....j.......\..|
-00000140 02 66 88 53 51 23 ba f2 0f b2 66 b2 df 14 61 28 |.f.SQ#....f...a(|
-00000150 50 cd 7a 56 47 79 33 6e 75 0d b6 0d 66 69 eb c6 |P.zVGy3nu...fi..|
-00000160 07 31 97 10 46 ec a7 59 b6 02 0b ab 40 d3 ce 88 |.1..F..Y....@...|
-00000170 62 aa ab ce 1b 73 9a 62 d7 8c 7c ca 40 a0 bb 1d |b....s.b..|.@...|
-00000180 ff f4 85 54 fe ae 83 61 10 ec 38 64 ab 60 36 e1 |...T...a..8d.`6.|
-00000190 88 92 ba 74 e0 68 30 0b 61 7b da eb 3b d3 6b ed |...t.h0.a{..;.k.|
-000001a0 fc eb 3f 98 dd 30 f1 28 bd e0 07 6b 77 53 29 02 |..?..0.(...kwS).|
-000001b0 d7 18 69 2b ac 0b 4c 38 3b 35 e0 15 91 c4 34 42 |..i+..L8;5....4B|
-000001c0 74 67 c0 2a 2b df 2f 70 13 7c 99 ba f6 cc e4 f4 |tg.*+./p.|......|
-000001d0 bd 3c 7f cd 08 b4 3c 05 da bf c7 01 61 93 21 d6 |.<....<.....a.!.|
-000001e0 1b ca b0 35 d1 89 f3 08 67 85 93 c9 da 6f cf a4 |...5....g....o..|
-000001f0 ad 1e a8 70 71 4a ac 56 73 25 8f 9c 25 13 5f 2c |...pqJ.Vs%..%._,|
-00000200 20 bc f2 56 af a0 03 38 43 9c 83 79 33 ea 81 8c | ..V...8C..y3...|
-00000210 d8 5d c0 50 d4 44 cd df 55 e7 4e fc f6 67 55 92 |.].P.D..U.N..gU.|
-00000220 39 a2 ec 25 3e 1f 7e 14 28 3b d8 84 f5 83 66 c4 |9..%>.~.(;....f.|
-00000230 e1 d7 c3 63 51 d7 4e e4 72 1a da 76 ce 91 6b 56 |...cQ.N.r..v..kV|
-00000240 0a 68 42 63 7e 57 31 98 cc d0 e0 3c 7c 7e 81 be |.hBc~W1....<|~..|
-00000250 be 37 8d cd e7 da df 91 55 8c 71 e3 67 ec bf 6e |.7......U.q.g..n|
-00000260 4c 5a a6 b6 2b 2c 31 0b da 19 66 26 f1 92 c2 7e |LZ..+,1...f&...~|
-00000270 fd 12 50 6f 04 ee 83 85 bb d0 f1 77 12 10 c9 e7 |..Po.......w....|
-00000280 4a 2f 17 96 55 0f 7e 1e fd 6d 18 13 74 a8 54 38 |J/..U.~..m..t.T8|
-00000290 a5 ef bb 70 c9 71 07 09 c5 a3 26 f9 73 1f d0 e8 |...p.q....&.s...|
-000002a0 a2 23 a1 46 46 1b f6 b1 e7 ac 22 22 ee df b9 5b |.#.FF.....""...[|
-000002b0 38 02 c6 59 33 e5 12 0b 9f 49 e2 d7 de 77 30 ac |8..Y3....I...w0.|
-000002c0 1e a0 ee 20 9f 1b 1d e0 8c fd d4 02 09 7b 1b d6 |... .........{..|
-000002d0 c7 41 de 67 90 71 5f 06 ea ac 18 e7 5f 11 67 c3 |.A.g.q_....._.g.|
-000002e0 d6 5d c1 37 0a 67 5b f7 93 93 eb 29 70 e3 cb 7f |.].7.g[....)p...|
-000002f0 2c c9 bb 6b 16 03 03 00 bc ab 60 8e 1d 2e e1 42 |,..k......`....B|
-00000300 81 91 89 69 78 5d 99 9c e7 1b d1 ac 36 39 c5 32 |...ix]......69.2|
-00000310 58 4e 4c 48 b9 15 eb 21 b6 24 df 8e b2 16 f0 95 |XNLH...!.$......|
-00000320 cd 57 8e 14 3b 5b a2 f9 7a 10 0d fa 57 52 70 f9 |.W..;[..z...WRp.|
-00000330 b8 a9 b0 fd 22 0a 51 ef dd ba 3c fb 68 00 05 45 |....".Q...<.h..E|
-00000340 d6 c3 1f 56 91 b4 06 80 a4 28 84 a5 bb 11 72 af |...V.....(....r.|
-00000350 b7 f6 14 58 76 b7 76 ad 1b e6 65 57 af f7 46 a2 |...Xv.v...eW..F.|
-00000360 bc 60 12 6d 30 d3 cf 26 62 9d 9f 19 b0 28 96 d2 |.`.m0..&b....(..|
-00000370 e2 43 de 64 90 49 1d 29 2c bb 59 4c c7 d1 9b be |.C.d.I.),.YL....|
-00000380 c3 e9 ae 8e 74 36 1b 03 00 43 65 56 30 3b e6 8b |....t6...CeV0;..|
-00000390 4c d9 98 a2 f7 2b 06 77 4b 9c 53 c4 7f 24 88 75 |L....+.wK.S..$.u|
-000003a0 30 91 66 fa ba 9c 7f 84 ab c1 51 21 1c d3 2e 93 |0.f.......Q!....|
-000003b0 f9 4d db 6e 08 16 03 03 00 14 ed f9 cc ef c4 2b |.M.n...........+|
-000003c0 fd 97 fe 35 ad 33 01 46 9b 52 d7 e9 49 c2 |...5.3.F.R..I.|
+00000000 16 03 03 00 81 06 1c 3a f7 71 f8 76 6c b0 7b fc |.......:.q.vl.{.|
+00000010 04 d3 69 d9 6d 26 1c 0b fb 7e 16 41 78 bc ba b8 |..i.m&...~.Ax...|
+00000020 ee 1f f5 00 e7 1d 32 84 7f 87 66 cb f9 5e e5 6c |......2...f..^.l|
+00000030 26 f9 64 83 13 49 a6 ab 98 a2 74 25 61 e1 3a ec |&.d..I....t%a.:.|
+00000040 f8 8f 0b e4 ca c3 0d 52 76 38 e2 d1 86 ac ee 7b |.......Rv8.....{|
+00000050 5c 69 96 e3 ec 3b f0 5a 4c 5e 8b 73 8f 24 75 bc |\i...;.ZL^.s.$u.|
+00000060 7a 48 b3 b2 cc 55 7d 20 4a e1 9b 90 5e 47 b5 71 |zH...U} J...^G.q|
+00000070 88 e6 8a a1 a4 f6 45 8e 8b 5b ed 45 96 95 96 7d |......E..[.E...}|
+00000080 8b 7c 4d 03 64 34 16 03 03 02 69 d5 41 cd af 43 |.|M.d4....i.A..C|
+00000090 42 5f f3 98 87 0a 55 7f c3 02 9c dd b5 8c 22 2e |B_....U.......".|
+000000a0 8f 52 71 29 8a 33 dc 22 45 fc 61 bf b4 db fe 4c |.Rq).3."E.a....L|
+000000b0 de 69 10 69 df a2 45 e5 fa 78 e8 1c 0a d0 c6 7d |.i.i..E..x.....}|
+000000c0 7e 26 3b 12 e0 56 a2 c7 b8 cd 2a 15 8d 20 2a 86 |~&;..V....*.. *.|
+000000d0 67 f6 e8 36 3d c6 3e 75 09 15 ba 36 37 46 f0 45 |g..6=.>u...67F.E|
+000000e0 de 7a 49 fd 32 3c fc 2f ab de 9c 28 f7 20 ad aa |.zI.2<./...(. ..|
+000000f0 e7 10 60 24 71 35 bf 1c ba 4e 98 92 e0 44 0a 39 |..`$q5...N...D.9|
+00000100 3c f6 7d 0f 4f aa b4 db 22 7b b5 cc f6 0a 59 46 |<.}.O..."{....YF|
+00000110 ba 8d ef dc 13 b5 bd 55 cd 73 50 e7 cb b3 08 3e |.......U.sP....>|
+00000120 0c a2 d7 5a 12 bf ce 99 8d 05 ee 4a 03 e9 b7 65 |...Z.......J...e|
+00000130 0c 1e 41 46 08 bb 2c 9e 7e e2 c1 6f 3d 9f f4 e2 |..AF..,.~..o=...|
+00000140 cc c5 7c b6 87 aa 49 8e a6 67 46 88 d0 ae 17 c9 |..|...I..gF.....|
+00000150 14 ae 63 67 bc 57 02 8f 84 90 17 e0 1d 48 80 c2 |..cg.W.......H..|
+00000160 7a f2 be c1 5a 44 b3 f3 3a 9a ac b0 41 87 a7 07 |z...ZD..:...A...|
+00000170 bb b2 7d 7c 0d 42 a3 c6 d8 d9 ef 0c c6 5b 14 f6 |..}|.B.......[..|
+00000180 82 cd 12 01 39 78 dc b2 46 59 22 22 1f d9 39 cf |....9x..FY""..9.|
+00000190 b6 ac 13 be 22 50 37 10 33 01 0e 13 ee bc f3 bf |...."P7.3.......|
+000001a0 55 c6 61 2a e0 ee 25 f3 01 35 69 7a 74 70 bd 6c |U.a*..%..5iztp.l|
+000001b0 d5 08 c5 a3 09 71 8d ea 39 ec 0e c0 f0 16 2f 71 |.....q..9...../q|
+000001c0 86 af 28 d9 3e d4 45 b2 ce e7 f8 2b bd 54 9c 98 |..(.>.E....+.T..|
+000001d0 85 7d 2a f8 fe a5 95 0b da 08 2a 32 f7 c3 ad 09 |.}*.......*2....|
+000001e0 2a aa ee ee 54 fa d5 2d 84 45 cf a0 2c 9c 9b 4a |*...T..-.E..,..J|
+000001f0 3c 86 4f 20 12 a7 8a b5 91 36 a9 d2 1a 76 2d 1f |<.O .....6...v-.|
+00000200 61 8d 5c 69 15 a1 36 ce 6b 99 48 c9 73 b0 58 69 |a.\i..6.k.H.s.Xi|
+00000210 38 c2 48 5d 74 69 7b fb e8 b1 0f a1 03 d6 bd 5f |8.H]ti{........_|
+00000220 5c 44 fa 0f 33 33 ce f0 ab 02 f3 26 9f bc 5b 3d |\D..33.....&..[=|
+00000230 3f 08 00 a9 1b a5 ee 92 8c 62 a5 32 22 10 05 0e |?........b.2"...|
+00000240 bb 59 03 03 6f 5f d1 39 3e 14 66 2f 92 e6 5a 21 |.Y..o_.9>.f/..Z!|
+00000250 3a ae b0 12 2c 74 f1 b1 d7 55 9b e9 0c 2a c5 db |:...,t...U...*..|
+00000260 ac ae a3 69 49 de 4b 10 68 d4 05 f2 ff 4b c6 21 |...iI.K.h....K.!|
+00000270 f8 a7 8f dc 5f 82 f9 4f cf 2e 68 1a 7b 6f 3a eb |...._..O..h.{o:.|
+00000280 13 a8 c3 9f 86 aa 80 d3 5c f0 b0 f5 7b 8b 91 2c |........\...{..,|
+00000290 e3 d2 bd 9c ad 66 dc 7c 77 0d 73 4e 0b 51 91 23 |.....f.|w.sN.Q.#|
+000002a0 f3 38 bb 2b 5a ee 1a 1e 39 40 b1 a3 b9 14 0f 16 |.8.+Z...9@......|
+000002b0 78 c9 4a 6e df c4 a4 ce 53 e9 a1 f9 17 14 0a e6 |x.Jn....S.......|
+000002c0 b6 3e 4a 25 6f 6e 00 8c a5 67 98 ec e3 22 fe 30 |.>J%on...g...".0|
+000002d0 1d 43 c7 62 c8 2a a5 6f 88 99 f6 d1 ba 8a 73 16 |.C.b.*.o......s.|
+000002e0 2f 11 b6 a3 46 25 59 67 6e 8b 38 ec ad a4 06 19 |/...F%Ygn.8.....|
+000002f0 6e 2e 6c 39 16 03 03 00 bc b5 1d 9a f1 bd 76 6b |n.l9..........vk|
+00000300 01 48 91 51 c4 d1 9a a6 35 f5 a8 b3 51 f3 98 cb |.H.Q....5...Q...|
+00000310 6d 0e 6d 4f 6f 8b 2b dd 2c 3b b5 0e f0 c5 6a e6 |m.mOo.+.,;....j.|
+00000320 ed 04 60 94 3f d2 6a af cf 9b 25 7f d9 56 4e 48 |..`.?.j...%..VNH|
+00000330 2c 6b 9c 2c 68 da ed 83 87 13 90 0a 77 39 7e 69 |,k.,h.......w9~i|
+00000340 ec 2c 4b bb 51 82 55 9d 8e 59 69 6e 72 dd 4d fb |.,K.Q.U..Yinr.M.|
+00000350 2a 5c cf ef 47 13 8d 94 48 5e e8 8f 2c d4 47 14 |*\..G...H^..,.G.|
+00000360 82 aa e4 24 04 3f 8c ef c8 3b 15 c0 53 63 b5 6b |...$.?...;..Sc.k|
+00000370 ee f7 16 45 17 e4 6b 41 99 4b 18 34 c8 7c 09 f5 |...E..kA.K.4.|..|
+00000380 3a f3 79 06 ea 5d f8 96 48 9d 6f c7 ac 55 b0 9e |:.y..]..H.o..U..|
+00000390 f9 95 6d e2 31 ce ac 6a b6 4e 8d 66 16 1f dd d9 |..m.1..j.N.f....|
+000003a0 e2 2a c6 7d fa ef 37 e6 7b 01 a1 f7 71 76 14 9a |.*.}..7.{...qv..|
+000003b0 08 ed a9 f7 8d 16 03 03 00 14 aa 66 05 9c d7 08 |...........f....|
+000003c0 9e d8 82 f7 91 18 57 23 4d 9f e9 17 ee f3 |......W#M.....|
>>> Flow 13 (client to server)
-00000000 16 03 03 00 35 77 aa f6 e5 92 a0 83 9f b7 0e e3 |....5w..........|
-00000010 d2 ae 3e 72 3d 67 59 0a 67 04 10 3c 44 9c 6f 8e |..>r=gY.g..<D.o.|
-00000020 ea 0c 79 ed da e5 b8 51 79 45 b2 9a 23 fd b5 5a |..y....QyE..#..Z|
-00000030 40 3d 84 90 b1 72 45 36 98 80 14 03 03 00 11 69 |@=...rE6.......i|
-00000040 3d 4e 7a a6 d0 a3 08 5f 5c 11 12 a6 78 7f ec c3 |=Nz...._\...x...|
-00000050 16 03 03 00 20 6f 61 99 d2 0f 9b 70 f4 13 0a 15 |.... oa....p....|
-00000060 66 d9 05 22 40 db 66 cb 75 16 de c3 91 d7 71 21 |f.."@.f.u.....q!|
-00000070 5d 9c 4c 5a 87 |].LZ.|
+00000000 16 03 03 00 35 9c d8 7f 73 12 30 50 85 5c 45 76 |....5...s.0P.\Ev|
+00000010 ea c9 c6 4d af 5a 6a 4d a1 89 1e cd 6d 6a b7 49 |...M.ZjM....mj.I|
+00000020 cc 3f d5 19 6e 20 d7 f0 8f 1f 62 a1 17 a5 b8 68 |.?..n ....b....h|
+00000030 c0 67 f4 5d 97 76 42 00 4f 51 14 03 03 00 11 bb |.g.].vB.OQ......|
+00000040 bc 4b 90 9d cd a7 c1 2a c2 e0 26 0e 56 ff 13 53 |.K.....*..&.V..S|
+00000050 16 03 03 00 20 79 6d 6d 5a c5 0c 6e be bb 5b f7 |.... ymmZ..n..[.|
+00000060 66 02 50 f4 47 bf b3 bf 7c 76 e2 e1 ae dc 99 57 |f.P.G...|v.....W|
+00000070 2c 31 bb 7f c9 |,1...|
>>> Flow 14 (server to client)
-00000000 14 03 03 00 11 d8 e7 6c 77 f7 f2 11 7c 9b 9b 4e |.......lw...|..N|
-00000010 3a a6 e5 d6 2b 47 16 03 03 00 20 b6 28 ee e6 7b |:...+G.... .(..{|
-00000020 27 b1 3d c7 b4 d0 ba aa 65 b8 44 f1 8b 1e c2 1a |'.=.....e.D.....|
-00000030 1c 63 4d d6 d8 f6 08 e2 9b bb 34 17 03 03 00 19 |.cM.......4.....|
-00000040 ed 7c 4e b7 db f6 88 4f 68 85 e9 ff a3 48 96 39 |.|N....Oh....H.9|
-00000050 5d 39 69 5b 92 8f 43 c5 ba |]9i[..C..|
+00000000 14 03 03 00 11 1b d5 02 f0 2f 26 af 60 d4 c5 18 |........./&.`...|
+00000010 86 d6 d3 7a 70 7e 16 03 03 00 20 03 bd c7 ba 11 |...zp~.... .....|
+00000020 ab 10 4e 29 23 6c c9 7e 04 b2 da f4 87 3b d7 f1 |..N)#l.~.....;..|
+00000030 55 e7 09 29 99 f0 8f cc 3c 98 25 17 03 03 00 19 |U..)....<.%.....|
+00000040 6b 68 7e 24 a0 ce 39 e6 1e ca 06 59 71 a1 b1 8a |kh~$..9....Yq...|
+00000050 f0 eb 5d 30 84 04 46 64 5f |..]0..Fd_|
>>> Flow 15 (client to server)
-00000000 15 03 03 00 12 45 0b 80 2d f1 c6 08 39 3c 70 07 |.....E..-...9<p.|
-00000010 1d d1 b6 33 01 79 ef |...3.y.|
+00000000 15 03 03 00 12 91 57 e3 8e 3b e2 17 df 7d 1a d1 |......W..;...}..|
+00000010 cc 0d 9b bf fc f6 42 |......B|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected
index a89bd2d..45c7804 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 15 c2 a7 b9 2f |....Y...U....../|
-00000010 c7 f0 d8 ce 09 47 ff 49 c2 09 ea b1 59 ab ab cf |.....G.I....Y...|
-00000020 d8 97 31 dd e6 5a 84 6e 39 af 23 20 7d 9c ed cb |..1..Z.n9.# }...|
-00000030 b4 fc 4f 6b ec 07 75 b2 c4 ca 44 63 12 f5 35 95 |..Ok..u...Dc..5.|
-00000040 93 c8 6e d0 59 7e 58 cb 00 05 ae d7 cc a8 00 00 |..n.Y~X.........|
+00000000 16 03 03 00 59 02 00 00 55 03 03 e7 f0 26 e8 9f |....Y...U....&..|
+00000010 05 30 9e e5 7c 31 a5 b8 a9 38 35 c3 9c c1 d2 d3 |.0..|1...85.....|
+00000020 65 ab 3b 55 62 f9 c8 1f 6e 2e 57 20 0e 70 71 1a |e.;Ub...n.W .pq.|
+00000030 59 05 45 40 2d 93 c4 0a 15 0b 16 0f 23 bb 28 33 |Y.E@-.......#.(3|
+00000040 03 db 44 75 0a 0f 5e 0a 7b 9e 47 63 cc a8 00 00 |..Du..^.{.Gc....|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,129 +60,188 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 85 eb 3a 12 97 d7 9a |........ ..:....|
-000002d0 a3 11 49 ba 0f 32 c8 4c 09 68 b4 15 22 1f fb 78 |..I..2.L.h.."..x|
-000002e0 71 25 40 8c 83 1e 0d 6e 65 04 01 00 80 a4 2b 3a |q%@....ne.....+:|
-000002f0 aa 92 ce 24 47 ab 1f 02 4e e2 65 34 b3 15 65 0a |...$G...N.e4..e.|
-00000300 57 73 d7 a9 27 c5 c7 da cd 23 e1 8a 02 00 56 b8 |Ws..'....#....V.|
-00000310 44 90 d2 66 ad a2 05 f6 d6 27 dc 07 52 a9 e5 e6 |D..f.....'..R...|
-00000320 af 00 74 ea f0 42 d0 bc f2 c7 94 bd 19 27 cb ca |..t..B.......'..|
-00000330 53 96 6c 2e f6 87 8f 68 93 24 4d 8b 62 cd 15 a4 |S.l....h.$M.b...|
-00000340 7e 99 86 41 1f 4e 9b ac 3b 2a 23 64 8a 98 8b 0d |~..A.N..;*#d....|
-00000350 4a 1c 37 f6 f4 bc fa 11 e7 07 e6 8f 3b 59 06 fd |J.7.........;Y..|
-00000360 27 30 e1 45 ef 9f 91 30 42 86 31 11 9f 16 03 03 |'0.E...0B.1.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 04 06 15 25 55 6d c0 |........ ...%Um.|
+000002d0 d0 71 c9 f8 4e d2 48 f3 7d 0b dc 99 a0 67 2a 5d |.q..N.H.}....g*]|
+000002e0 eb ce a1 00 b3 d3 8d cd 4c 08 04 00 80 d3 0d 6d |........L......m|
+000002f0 a1 41 2e b5 06 c0 e0 9b 70 c0 1a c3 45 61 3e 86 |.A......p...Ea>.|
+00000300 02 a8 04 76 f2 87 1d 58 98 82 38 dc 01 9d 5a 53 |...v...X..8...ZS|
+00000310 07 3c 65 66 68 bc e4 8f e9 d4 65 b1 0d 90 0f 7f |.<efh.....e.....|
+00000320 c3 1e 49 51 47 c5 45 f2 de 52 a6 e3 f5 7a 2d cb |..IQG.E..R...z-.|
+00000330 bd 0d a7 1d 5b f0 f5 c9 f8 18 17 91 b0 1a 44 a8 |....[.........D.|
+00000340 72 19 b5 d9 f4 47 52 40 68 1c f3 15 3f b2 d1 df |r....GR@h...?...|
+00000350 9f 5d 27 73 43 78 ba 6d 24 43 16 05 6b e2 a9 e5 |.]'sCx.m$C..k...|
+00000360 cc e2 cd 5c d0 15 b3 a5 30 3d 98 be 3d 16 03 03 |...\....0=..=...|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 1d 93 0e bd 9d 79 c8 be 62 9e c3 |.... .....y..b..|
-00000040 5b 6d 1e e7 3a d1 35 32 1b 20 3b 66 70 71 95 f4 |[m..:.52. ;fpq..|
-00000050 88 58 6d b8 f1 |.Xm..|
+00000030 16 03 03 00 20 50 ea 05 19 9b 2d ea a4 e3 96 6c |.... P....-....l|
+00000040 df b1 de db 80 da e9 65 da dd ad 35 42 7f ce fa |.......e...5B...|
+00000050 43 79 b5 b7 60 |Cy..`|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 76 95 22 fc b0 |.......... v."..|
-00000010 06 76 53 a8 f5 41 60 39 2b 22 ce 5e d9 d1 1b 6a |.vS..A`9+".^...j|
-00000020 36 cc a2 3a 59 a0 a1 51 48 db d3 |6..:Y..QH..|
+00000000 14 03 03 00 01 01 16 03 03 00 20 79 ce b5 0f d4 |.......... y....|
+00000010 dd 4d 4b 19 9e d4 8c 49 41 2c 14 e3 2e b7 89 d1 |.MK....IA,......|
+00000020 3f 9f 2f 90 21 8c 91 98 bf 0c 4a |?./.!.....J|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 67 62 ca a7 ec ee 51 18 ad 90 65 |.....gb....Q...e|
-00000010 fc 87 10 13 5c 2d 66 6f e2 5b d6 |....\-fo.[.|
+00000000 17 03 03 00 16 97 1a f9 8d c2 df 57 b3 c1 10 b9 |...........W....|
+00000010 2f 8f 3b 47 95 83 03 af 88 97 b1 |/.;G.......|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 11 51 b5 e4 d5 d7 df 48 69 2c f8 |......Q.....Hi,.|
-00000010 ff 11 fc 02 b2 00 80 30 aa |.......0.|
+00000000 16 03 03 00 14 30 98 ac 88 1f db 08 3a be 39 26 |.....0......:.9&|
+00000010 d8 5a df b9 5e fe 26 72 09 |.Z..^.&r.|
>>> Flow 7 (client to server)
-00000000 16 03 03 00 b1 92 1a 73 ea 30 62 10 b9 c7 83 ec |.......s.0b.....|
-00000010 55 24 17 f7 ba a1 3a 13 5f cb 8b ff 64 79 5e 5b |U$....:._...dy^[|
-00000020 6c 34 7b c8 0b 38 92 b6 14 7f fd 35 be ba 72 2d |l4{..8.....5..r-|
-00000030 bd 78 e3 f6 bc 61 ba 65 83 a6 6a 5e cd 1f 34 ab |.x...a.e..j^..4.|
-00000040 5d 84 58 03 06 a0 4d 32 a0 a9 42 92 8f d4 27 3d |].X...M2..B...'=|
-00000050 e8 a5 75 9b b7 06 c2 3b 4f 8e 83 10 be 12 4f ea |..u....;O.....O.|
-00000060 d1 e7 37 9c 29 dc a9 0f aa f6 a1 0c 1c 3b 19 67 |..7.)........;.g|
-00000070 b1 7c 41 9a fd b8 dd 86 92 49 4f 7e 23 75 df 82 |.|A......IO~#u..|
-00000080 d0 ca 43 94 61 a8 d4 1f 3f 15 69 b0 6c bf f7 15 |..C.a...?.i.l...|
-00000090 1c 8d dc 61 11 73 3c 5e b0 bd 23 a9 3d fb ed 1d |...a.s<^..#.=...|
-000000a0 d5 3d 6d de b7 29 fe 85 0d af 85 6c 8a 32 90 09 |.=m..).....l.2..|
-000000b0 87 c2 a2 4f f9 9b |...O..|
+00000000 16 03 03 01 14 a4 24 c3 2f 54 1c 65 c6 79 11 73 |......$./T.e.y.s|
+00000010 a8 9b 6e 8b 81 08 e4 e1 8a 12 56 5d 93 cd 1a 0c |..n.......V]....|
+00000020 a4 88 fe 2f a5 dc cf d0 1d 1b e8 d3 76 9e 8e a0 |.../........v...|
+00000030 d8 70 44 7d b5 1e be 95 2d 21 c8 0d 0d d0 fe ae |.pD}....-!......|
+00000040 b0 0b 73 35 f7 82 6d 0e 36 0f e1 34 cf b7 d4 51 |..s5..m.6..4...Q|
+00000050 af d1 bc 83 3e 36 35 10 87 fd 59 ba 4b b5 fb 10 |....>65...Y.K...|
+00000060 da 41 f2 ce cb ce 4f 4f 42 4c 11 71 5e 60 c3 13 |.A....OOBL.q^`..|
+00000070 6a 10 44 3d 93 49 f4 01 aa c4 a1 6e 81 16 60 66 |j.D=.I.....n..`f|
+00000080 d2 7f 22 df e2 68 86 13 d8 e9 e2 2a a3 d5 81 11 |.."..h.....*....|
+00000090 af 36 9b 78 2e 33 e5 05 b6 47 1d 1c 3e 2c 43 57 |.6.x.3...G..>,CW|
+000000a0 a5 1e 1b a6 b2 20 fa 53 80 cb 11 92 51 93 89 f6 |..... .S....Q...|
+000000b0 1c 52 1d 32 c9 b4 ac b3 ac ad a1 02 a5 e1 50 e5 |.R.2..........P.|
+000000c0 24 6e 91 75 58 72 39 c9 9b 59 f8 79 ed 08 40 7a |$n.uXr9..Y.y..@z|
+000000d0 c5 3c 1c fc 44 9d d9 f6 35 f0 2a 61 a4 7a 8c f3 |.<..D...5.*a.z..|
+000000e0 d5 81 e4 54 9d cf a2 14 aa 59 e7 6e 9d 0d e7 f1 |...T.....Y.n....|
+000000f0 36 d9 db ef 56 c5 8d 95 89 3d 7c 99 f2 e7 b1 12 |6...V....=|.....|
+00000100 4e 53 ca e8 84 cb ca 3c 2a 1d fd 4a e7 af 9b 35 |NS.....<*..J...5|
+00000110 20 24 49 ff 95 67 b1 e1 98 | $I..g...|
>>> Flow 8 (server to client)
-00000000 16 03 03 00 81 69 80 3b d5 74 82 55 ad c5 6d 92 |.....i.;.t.U..m.|
-00000010 5c d6 02 a0 5a e5 c7 a9 64 94 20 5f b4 03 7d 25 |\...Z...d. _..}%|
-00000020 aa 6b de 09 09 cb 92 a1 73 fa 58 bc 02 a2 01 d4 |.k......s.X.....|
-00000030 e6 c6 56 42 4e 8e c5 09 de 2d e1 6a 96 9e 1a b4 |..VBN....-.j....|
-00000040 1f 73 44 f2 20 07 3d 99 5f 8e 6e 76 ba 6f 8f d5 |.sD. .=._.nv.o..|
-00000050 a1 f9 78 22 9d 84 b3 b1 9c 91 88 3c a7 0f d4 64 |..x".......<...d|
-00000060 6d 6e 16 54 b4 1c 38 07 3c 56 b7 67 b5 ab d7 79 |mn.T..8.<V.g...y|
-00000070 8b 93 87 75 e2 45 a6 0c e7 0c 10 49 ab 53 c9 d7 |...u.E.....I.S..|
-00000080 22 04 72 b9 da eb 16 03 03 02 69 23 fa 4f 38 89 |".r.......i#.O8.|
-00000090 93 c7 ba 31 52 1a 67 e9 b0 77 8b f6 0a e5 81 b7 |...1R.g..w......|
-000000a0 ea eb 7b 9d 23 a4 00 94 63 5d 91 e9 f7 33 a2 e5 |..{.#...c]...3..|
-000000b0 8f 7f 03 8d e6 92 09 a3 a5 22 af 90 f2 2d 8b b7 |........."...-..|
-000000c0 26 0d dd 3a 3c ee 45 d0 f4 e0 b6 cd d0 f6 74 95 |&..:<.E.......t.|
-000000d0 c8 92 40 a1 7a 2f 97 4b 29 90 8c 17 8f c9 57 70 |..@.z/.K).....Wp|
-000000e0 20 9f 8a cc 60 ea 78 c5 ab eb bf 79 f3 2d ef de | ...`.x....y.-..|
-000000f0 09 32 6e e7 b4 1f 4e 01 32 9f 38 b0 4b e0 ec 8a |.2n...N.2.8.K...|
-00000100 0e 39 bb b5 43 55 72 ad 27 1a 61 53 76 a7 ec ec |.9..CUr.'.aSv...|
-00000110 29 38 8c e7 2f 08 8e 2e 0f 76 a5 5f 8f 5c b2 90 |)8../....v._.\..|
-00000120 da da b1 9b c1 8a 2c 16 15 d1 f5 cd f3 86 38 71 |......,.......8q|
-00000130 40 b5 b5 63 08 57 7c b2 d1 f5 23 f8 30 4c d1 96 |@..c.W|...#.0L..|
-00000140 e1 3c 28 4c b6 49 d5 d4 31 00 a2 72 65 36 51 92 |.<(L.I..1..re6Q.|
-00000150 f8 14 89 a2 9b 2e 93 7e 30 62 03 21 68 db 6a 94 |.......~0b.!h.j.|
-00000160 a4 67 b2 19 b7 ff 54 cd 4b 56 ff d9 c3 ab 5f 31 |.g....T.KV...._1|
-00000170 8a cb bb a3 05 3b ce 81 ac 6a b0 94 0f 2e 2a 9f |.....;...j....*.|
-00000180 d3 c8 5a 61 33 d6 94 af 4e 5a 1d 37 48 96 89 d4 |..Za3...NZ.7H...|
-00000190 42 78 5e 65 40 69 8d 2e 11 5b c9 a7 92 3b 68 ec |Bx^e@i...[...;h.|
-000001a0 37 1b 13 37 c2 b5 a4 9e 98 6b 52 e1 41 fc 8f 36 |7..7.....kR.A..6|
-000001b0 a1 ae 93 26 ae 09 5c 8f bf b4 a8 9e cd 6e 4d 9d |...&..\......nM.|
-000001c0 b0 7e 19 e0 40 79 b0 ab 22 23 7d d0 f7 d7 eb 8e |.~..@y.."#}.....|
-000001d0 41 b6 9b 5c 17 51 bf a7 ff fb 12 2c fd ca 8b 23 |A..\.Q.....,...#|
-000001e0 1c df 59 d4 d8 01 d7 7c 96 a3 49 5a d5 29 78 5a |..Y....|..IZ.)xZ|
-000001f0 10 1e 3c 32 4e c3 f1 c1 c8 49 f8 d8 4d 29 74 b7 |..<2N....I..M)t.|
-00000200 8b db a7 9c 7d f4 21 65 ef f5 a2 ff 1a 4e 72 44 |....}.!e.....NrD|
-00000210 54 1b cd a3 a7 3d c4 f4 2d a5 42 2b e4 ff 15 6b |T....=..-.B+...k|
-00000220 26 18 69 15 46 24 3a e4 fb ee 3e 9c 15 bc a3 dc |&.i.F$:...>.....|
-00000230 7b 65 85 82 ba 23 3d 78 22 17 d0 03 02 a0 04 1d |{e...#=x".......|
-00000240 e5 b0 be d7 4d a4 6e 40 83 b2 ae ee b9 c3 18 ce |....M.n@........|
-00000250 45 7d d8 2e 6d d1 92 7d 60 bd 44 dd 29 11 cd 7d |E}..m..}`.D.)..}|
-00000260 13 2f a2 97 b1 ca 6a 76 e0 88 fd 6a b4 cc f3 f1 |./....jv...j....|
-00000270 63 4b 4a 74 cb c6 49 ba 82 2b 29 22 0e a0 23 78 |cKJt..I..+)"..#x|
-00000280 ad 25 59 85 a8 b2 6e d3 34 1f 31 ff 94 ac 3b 42 |.%Y...n.4.1...;B|
-00000290 84 97 17 8a 21 1d 3f 7c e5 ac 17 50 d9 77 a9 54 |....!.?|...P.w.T|
-000002a0 2f bd 19 3b b9 de 90 64 8a 02 46 bf 7e 02 ac 60 |/..;...d..F.~..`|
-000002b0 55 0c 6f c3 58 04 3a a7 fd e9 26 26 41 a1 8f 43 |U.o.X.:...&&A..C|
-000002c0 7a 9e dd a6 1a 7f cf 1d 0c 40 11 59 4f 36 bc e1 |z........@.YO6..|
-000002d0 63 20 0b ef 3c e7 de 25 e2 e0 d2 4d 42 62 84 97 |c ..<..%...MBb..|
-000002e0 23 64 b2 b5 22 e4 8f f5 b2 1f 9e 99 00 e5 27 f6 |#d..".........'.|
-000002f0 02 b9 b3 d0 16 03 03 00 bc 9c 9e 74 fe d3 9f c5 |...........t....|
-00000300 50 2a 35 af 0d 27 96 94 a0 0a b4 79 f5 ca 9e 30 |P*5..'.....y...0|
-00000310 8c 03 87 75 9c ac 63 a4 96 a5 d8 05 ef cd d5 1a |...u..c.........|
-00000320 13 24 81 a7 84 aa 69 a2 e4 a4 13 85 25 c0 ca c8 |.$....i.....%...|
-00000330 ec 8f 27 68 77 12 78 bc 98 b2 4e 8b b4 ae c8 47 |..'hw.x...N....G|
-00000340 53 b8 7f d6 cf f0 9a 1e 65 33 b0 77 11 9e f4 72 |S.......e3.w...r|
-00000350 57 f5 c4 55 06 07 1f a7 3e 3e 31 ce 52 97 58 0c |W..U....>>1.R.X.|
-00000360 23 6e 3c 4c b6 a7 f5 c5 ec 3a fa 96 a4 f6 ee 0d |#n<L.....:......|
-00000370 c7 71 e8 7b df dc 8f 8a 09 cb 27 68 91 e7 6a c5 |.q.{......'h..j.|
-00000380 84 16 51 66 ae c1 9c d6 dd 80 89 a9 78 95 de 2b |..Qf........x..+|
-00000390 d4 d7 74 86 5d fa e6 9c 07 bb ea 15 3d 5b e5 b8 |..t.].......=[..|
-000003a0 f0 f5 69 06 61 16 56 49 7f a1 18 78 c8 68 d4 4f |..i.a.VI...x.h.O|
-000003b0 5b d4 5e a9 1a 16 03 03 00 14 7e 53 00 b2 e5 d6 |[.^.......~S....|
-000003c0 8e 63 25 c3 33 89 49 ee a8 39 65 ba c1 af |.c%.3.I..9e...|
+00000000 16 03 03 00 81 4b cf ec d9 bc 7a 0e d9 ad 98 1f |.....K....z.....|
+00000010 a2 53 ff dd 05 f6 97 21 f3 e1 25 28 2d a3 72 5c |.S.....!..%(-.r\|
+00000020 ce bd 73 ab da 53 56 78 05 d2 6d 61 8c 7c 68 bc |..s..SVx..ma.|h.|
+00000030 b2 be b9 ac ff 6a 57 e2 96 62 b1 22 5f 82 cd 87 |.....jW..b."_...|
+00000040 24 d8 19 ca d4 9a 68 b3 12 7d 32 6f ff 35 d8 b7 |$.....h..}2o.5..|
+00000050 7a 41 b7 05 ba be f2 c6 b8 58 fb 3d f5 ca 9d 97 |zA.......X.=....|
+00000060 b3 c4 48 b0 33 2d 92 25 a2 ec 52 f0 e5 4e 72 65 |..H.3-.%..R..Nre|
+00000070 4d bb ce 30 da 8d 99 3b 69 04 b3 f1 e0 43 82 ab |M..0...;i....C..|
+00000080 98 f8 f0 a8 4f fc 16 03 03 02 69 7e a5 80 32 0a |....O.....i~..2.|
+00000090 ca 95 73 07 76 d9 80 87 f4 5a cd 91 02 86 fa dc |..s.v....Z......|
+000000a0 c8 06 b1 77 a6 52 b6 51 fa 1d 27 1e 95 e8 ec 36 |...w.R.Q..'....6|
+000000b0 43 29 87 33 09 4e 67 8a cc 20 66 77 b2 7e 36 7d |C).3.Ng.. fw.~6}|
+000000c0 1c 06 95 4d ea 73 28 0f 07 2b 9b c7 ab eb fe c0 |...M.s(..+......|
+000000d0 65 b1 87 5b 40 c6 11 92 21 18 90 c2 23 32 f1 e0 |e..[@...!...#2..|
+000000e0 39 30 c9 c2 78 be 0f 89 9e 73 f3 c1 4b 39 d8 2e |90..x....s..K9..|
+000000f0 59 59 38 6e 82 7e 9e cc 41 ab e3 94 14 b8 22 80 |YY8n.~..A.....".|
+00000100 63 c9 ca 16 df ce 7f de 17 d5 52 2d b7 a1 a4 c9 |c.........R-....|
+00000110 13 1b d9 c3 55 6d 60 48 b3 bf 4e 28 49 9f 30 a6 |....Um`H..N(I.0.|
+00000120 3f d5 e7 55 ed 9f 1b 69 5b 16 48 d5 76 01 09 ba |?..U...i[.H.v...|
+00000130 1d 0d e6 4e 39 34 8c 42 62 1d 23 b5 77 d5 4f c6 |...N94.Bb.#.w.O.|
+00000140 61 d9 1f b5 ab 3c ec f1 c4 a1 ec 7f 96 d2 1c fb |a....<..........|
+00000150 d3 c6 60 2c 55 38 3e 66 5d 5e 81 fb f0 23 95 9e |..`,U8>f]^...#..|
+00000160 b1 e0 f7 e9 af 4c e2 d4 7d 92 df ef c5 16 57 de |.....L..}.....W.|
+00000170 1d 68 23 53 46 8b 22 8c d0 8d 25 f6 07 75 b0 19 |.h#SF."...%..u..|
+00000180 e1 80 82 67 d5 74 f2 2e 51 34 f0 84 56 5b 45 de |...g.t..Q4..V[E.|
+00000190 d1 eb 00 41 94 f4 15 ef 60 23 39 63 cb f0 86 e7 |...A....`#9c....|
+000001a0 ee cc 34 cc b4 14 f7 f9 71 48 0c f0 66 9f d3 0c |..4.....qH..f...|
+000001b0 92 a4 20 9c 40 44 da e5 4f a2 91 de a4 6b c3 5f |.. .@D..O....k._|
+000001c0 0c dd b4 22 e7 6a b8 f3 46 2d aa 0d f3 c6 b6 10 |...".j..F-......|
+000001d0 9a 69 f1 3c a4 89 6f d5 b6 45 6c e5 7b 10 d8 f4 |.i.<..o..El.{...|
+000001e0 7f 9e 83 eb 44 5f 6c 00 e0 a9 5a 56 c8 80 5a 92 |....D_l...ZV..Z.|
+000001f0 20 48 7c ee 22 65 8a e2 35 55 3f 7c 1a bd 4c cf | H|."e..5U?|..L.|
+00000200 84 2e af 26 d1 d1 1a fc 81 d3 90 a8 9e d0 56 c3 |...&..........V.|
+00000210 f4 f9 7e ac 29 9e d8 91 57 a0 a2 7b 00 b2 42 0f |..~.)...W..{..B.|
+00000220 d0 5e ce 26 3c de f7 75 2d c9 74 c7 98 72 c8 b1 |.^.&<..u-.t..r..|
+00000230 86 33 81 21 f5 f7 4c c9 f3 04 c2 48 24 d0 3e a6 |.3.!..L....H$.>.|
+00000240 c4 8d 0f 3e 25 09 32 36 66 4c e4 67 27 4d 09 71 |...>%.26fL.g'M.q|
+00000250 45 91 8e 6a ca a1 ab 69 4a 20 ea e6 a5 a1 8a 53 |E..j...iJ .....S|
+00000260 b3 85 4f de de c8 4d a5 ec bd 4e 11 e7 78 f8 4c |..O...M...N..x.L|
+00000270 7a 46 28 a7 0b 3d ce 1f 4a be 2d c3 1b 7c 79 9c |zF(..=..J.-..|y.|
+00000280 da ae f3 ee ae 58 1f 93 6e ca f4 03 b7 4d be ac |.....X..n....M..|
+00000290 d8 32 d9 0a 4e 3b dd a8 c3 b6 24 c7 e5 78 bc 7d |.2..N;....$..x.}|
+000002a0 be 12 d9 c4 f9 c1 16 23 79 ba 00 27 fd 0c 93 38 |.......#y..'...8|
+000002b0 2c 36 0f e1 a3 9f 27 46 82 2b 60 b5 3f f9 9b cd |,6....'F.+`.?...|
+000002c0 60 39 85 96 60 aa 1c 3d 0a 9e 53 46 90 0e 49 68 |`9..`..=..SF..Ih|
+000002d0 67 96 db 82 02 c9 4e f4 d7 fe 06 bf d7 01 ae db |g.....N.........|
+000002e0 c5 eb 70 c2 51 72 2d 41 ca 2c ae 48 2c 19 bb ae |..p.Qr-A.,.H,...|
+000002f0 7f 2f d4 cf 16 03 03 00 bc 75 f7 cb 92 aa 8c ab |./.......u......|
+00000300 d7 ea 79 a1 b6 31 a5 5b 5a 19 98 a2 e2 a7 5a a6 |..y..1.[Z.....Z.|
+00000310 9c c8 d5 84 1e f0 cc 18 a3 ba 1b 21 2f 9a 0e 3d |...........!/..=|
+00000320 54 10 17 ee a4 40 4d 0f b9 36 bf 4a 41 76 7b 0a |T....@M..6.JAv{.|
+00000330 7f d8 50 1c 1f 99 5b bf 50 87 e4 24 67 fe 45 93 |..P...[.P..$g.E.|
+00000340 a4 a2 41 ce e4 17 67 08 af 35 43 5c 12 ea c3 0e |..A...g..5C\....|
+00000350 1f e6 80 89 76 4f 36 71 fe a2 51 ef 05 cb 10 55 |....vO6q..Q....U|
+00000360 16 fd 6d 07 aa ba 6a 68 d8 e5 53 cb 9e 17 cd 25 |..m...jh..S....%|
+00000370 98 83 62 a6 55 74 79 36 87 1c 5c ef 4a 65 85 a1 |..b.Uty6..\.Je..|
+00000380 a4 1b 5d 7c 0d cf e3 63 37 14 b2 ac 74 12 d9 f3 |..]|...c7...t...|
+00000390 25 52 d7 a9 d8 f2 c4 75 08 57 5b 48 c5 5e 07 78 |%R.....u.W[H.^.x|
+000003a0 c6 74 f3 6e 5a fb 09 67 4d a0 6a d0 f8 b4 0a 00 |.t.nZ..gM.j.....|
+000003b0 71 f2 ce e0 20 16 03 03 00 4a 1d 3b c4 a4 6e e3 |q... ....J.;..n.|
+000003c0 a0 43 f3 44 b6 eb d7 bb 47 dc 18 b6 84 4a c1 4d |.C.D....G....J.M|
+000003d0 05 ee 71 1a 40 75 d1 ac be c3 cb f0 4b f2 a3 c3 |..q.@u......K...|
+000003e0 03 6a 1d 3e 77 09 61 f0 0a 35 47 af 67 23 a1 76 |.j.>w.a..5G.g#.v|
+000003f0 9e 90 be 10 a0 6b 9d 49 9e 79 38 b8 6a c4 53 ba |.....k.I.y8.j.S.|
+00000400 37 88 86 f2 16 03 03 00 14 c7 e1 2e 8a 83 d1 b0 |7...............|
+00000410 3e a6 81 d3 6b 62 89 d1 a3 43 c4 7b 4e |>...kb...C.{N|
>>> Flow 9 (client to server)
-00000000 16 03 03 00 35 01 62 fd 6b 2e 24 0f 01 03 98 44 |....5.b.k.$....D|
-00000010 7a 1a 51 4c 09 f0 da 53 b7 cf 31 06 94 9d 09 bd |z.QL...S..1.....|
-00000020 d2 ec 3a 20 47 1e 28 e6 d6 66 4d bb dd 2f 9d 4b |..: G.(..fM../.K|
-00000030 ff e5 4e ed 84 1d 9b 0c 40 a4 14 03 03 00 11 58 |..N.....@......X|
-00000040 2f a4 8e f0 38 bb f8 44 b2 e9 61 68 63 ba 8e 63 |/...8..D..ahc..c|
-00000050 16 03 03 00 20 f3 0f ac 3d e2 65 c4 0e c8 b7 22 |.... ...=.e...."|
-00000060 2f c9 08 d3 b1 75 e1 f8 91 ea 98 c3 9b c8 9b 21 |/....u.........!|
-00000070 cb cd 35 b3 ce |..5..|
+00000000 16 03 03 02 69 07 d0 f5 52 49 69 16 9e a0 95 ae |....i...RIi.....|
+00000010 90 23 85 b7 03 e7 93 76 bc 81 8f 30 73 d3 0b 58 |.#.....v...0s..X|
+00000020 cb 9a 18 00 66 cd 4c 43 a7 a7 8d e3 84 1a dc 86 |....f.LC........|
+00000030 11 c2 2e 02 07 94 9f 64 2d 77 8a 60 60 07 22 be |.......d-w.``.".|
+00000040 dc 36 14 b4 04 b8 94 46 f6 d4 db bc 68 82 14 7e |.6.....F....h..~|
+00000050 d9 cf 60 4b a3 ff 03 d7 05 e0 a5 f4 94 1f ee 76 |..`K...........v|
+00000060 4e 96 d0 70 1b cc 4e ad ef d4 4d df 71 82 a1 b5 |N..p..N...M.q...|
+00000070 96 97 63 dc cc 13 75 29 bb b5 b7 46 fb b6 dd 17 |..c...u)...F....|
+00000080 fd 8d be 54 14 35 a9 2b 66 c5 80 fb 41 e6 92 c1 |...T.5.+f...A...|
+00000090 4b db 97 30 12 d1 4c c4 bc 4e 91 a4 17 c7 4e 22 |K..0..L..N....N"|
+000000a0 bd 81 69 26 b4 8e d8 63 c8 33 0c 89 b5 12 6e af |..i&...c.3....n.|
+000000b0 ea 09 10 66 5e c3 f2 9f c5 c2 0c 91 75 d5 c8 cc |...f^.......u...|
+000000c0 4b dd 1f 42 22 29 fe f5 15 3f e6 96 b5 af 41 5d |K..B")...?....A]|
+000000d0 06 59 33 40 da 8e c8 2f 00 9c 6b 7c fc fe 45 fe |.Y3@.../..k|..E.|
+000000e0 fd 9c b4 87 18 f8 90 9c 8f 22 0d f4 d5 39 96 a0 |........."...9..|
+000000f0 77 55 4e 52 f7 31 15 cb ea d6 dd 65 5c 91 f4 36 |wUNR.1.....e\..6|
+00000100 a2 d3 c0 d5 c7 9c 07 38 6e 38 e2 00 c9 82 c9 d3 |.......8n8......|
+00000110 e5 b0 77 11 4f 3b 82 7e 28 2c c0 69 7e 5d 76 ff |..w.O;.~(,.i~]v.|
+00000120 c7 e0 f2 13 5e 5f 8d a0 51 f5 07 8c f2 4f 1c e9 |....^_..Q....O..|
+00000130 eb 36 62 3e 9f db 15 11 b7 b0 c2 9f 92 84 37 81 |.6b>..........7.|
+00000140 92 aa ea 5e 2a 70 74 3a 16 06 88 9a 98 1a de a9 |...^*pt:........|
+00000150 08 91 01 b0 d8 f1 1f fa 54 bd 44 ef 25 49 4d 81 |........T.D.%IM.|
+00000160 ec 3b 59 ec 3c b0 ba 08 d4 30 71 66 c1 46 c1 ba |.;Y.<....0qf.F..|
+00000170 9d 56 8c b0 b9 b0 3d fa 35 51 7c 91 1f 3c b6 8f |.V....=.5Q|..<..|
+00000180 05 fa d2 70 62 78 17 1e 27 68 3b e4 65 ca c4 dc |...pbx..'h;.e...|
+00000190 b3 6b 91 27 7c 12 49 36 93 c6 62 5d d8 1f e2 de |.k.'|.I6..b]....|
+000001a0 e7 2e 36 6b c5 9c 68 6d 91 29 d3 eb 8c 07 7c fa |..6k..hm.)....|.|
+000001b0 42 3e 90 62 c0 0a eb 63 a5 2c b3 4b 3d 2e 5a 36 |B>.b...c.,.K=.Z6|
+000001c0 78 71 c1 5a 94 a7 b9 5a b2 e2 8d dd b7 95 0d 94 |xq.Z...Z........|
+000001d0 63 38 8f 60 94 c0 2a b9 d6 77 14 34 a2 ac 2c 7e |c8.`..*..w.4..,~|
+000001e0 97 f4 76 87 c9 31 bf 73 97 37 9e ef a0 3e dc 49 |..v..1.s.7...>.I|
+000001f0 db e1 4b 61 52 2a 1f 73 cd 76 49 28 f2 73 28 6f |..KaR*.s.vI(.s(o|
+00000200 75 12 91 c6 5c 55 34 66 63 5f 79 22 9e 13 31 25 |u...\U4fc_y"..1%|
+00000210 42 c0 68 59 38 37 85 dd ec 47 65 d1 9b 24 44 d2 |B.hY87...Ge..$D.|
+00000220 37 d9 8f d8 f9 e4 37 7b a8 cd ad 25 65 f0 a1 27 |7.....7{...%e..'|
+00000230 5e d8 8b 69 1f a7 0b 26 d1 d8 cd b2 e5 ba 31 20 |^..i...&......1 |
+00000240 f0 9e 6a 39 6f 9d 04 cf 96 1f 4c 69 cc 4d 16 32 |..j9o.....Li.M.2|
+00000250 59 d6 4e eb b7 c5 bc 33 c2 18 9d 58 82 73 64 c0 |Y.N....3...X.sd.|
+00000260 a6 09 00 2b 04 1b 05 68 77 dd bb 73 b4 b3 16 03 |...+...hw..s....|
+00000270 03 00 35 3a 50 32 09 27 fd 20 17 11 7b 7b e1 42 |..5:P2.'. ..{{.B|
+00000280 9c af b2 bb 38 5a 89 c7 e5 eb c4 8e 1e 04 94 1f |....8Z..........|
+00000290 40 17 4e b4 94 5b c7 fd d9 14 6e 0d f8 4c f6 cc |@.N..[....n..L..|
+000002a0 76 a3 08 02 7e a7 a2 4c 16 03 03 00 98 08 77 4a |v...~..L......wJ|
+000002b0 7a f0 ba 64 6e 14 8e fd d9 2f 67 57 1f 4b 05 7b |z..dn..../gW.K.{|
+000002c0 99 ed 0d e9 03 de 88 60 44 0c 04 d2 5a 24 4a 9d |.......`D...Z$J.|
+000002d0 9b bf fd d6 2f 60 03 63 e4 82 58 bb 69 92 41 c5 |..../`.c..X.i.A.|
+000002e0 30 18 cf 9b cc c5 66 b2 b6 ef 15 5f b3 60 93 c6 |0.....f...._.`..|
+000002f0 27 59 27 bc d5 dd 3b 5a 9d f7 ad 05 11 b7 9e bc |'Y'...;Z........|
+00000300 ff 43 f8 0c 83 0f 6c fa d1 23 09 03 42 60 61 d4 |.C....l..#..B`a.|
+00000310 ff 3b c9 ee 15 4a 02 fa d9 60 97 91 50 03 7d 6b |.;...J...`..P.}k|
+00000320 c1 a2 64 00 5b b1 12 62 bd e5 c9 8a 2e 0c c1 71 |..d.[..b.......q|
+00000330 a8 e2 94 45 be 8b ba a7 c0 6e e7 5e a5 bc 7a f8 |...E.....n.^..z.|
+00000340 48 06 e2 27 3f 14 03 03 00 11 ef 57 1d e6 74 e2 |H..'?......W..t.|
+00000350 9f 49 cd dc 7a 7d 0b 21 f7 1b e8 16 03 03 00 20 |.I..z}.!....... |
+00000360 39 a4 df 59 44 4c b2 99 aa 0c c6 90 b3 a1 0d 00 |9..YDL..........|
+00000370 38 ee 40 d2 b0 62 b4 cf e3 20 e7 d7 5f f8 cf aa |8.@..b... .._...|
>>> Flow 10 (server to client)
-00000000 14 03 03 00 11 c0 ed 05 6a 71 44 98 9a d6 b8 ae |........jqD.....|
-00000010 ab 10 43 a9 27 91 16 03 03 00 20 93 fe ed 5f 3e |..C.'..... ..._>|
-00000020 61 9f 10 95 c9 f6 82 c5 68 14 3d 9e 3e c3 9d e9 |a.......h.=.>...|
-00000030 f2 2d a1 a5 ff ec b9 31 ae 78 e8 17 03 03 00 19 |.-.....1.x......|
-00000040 27 c4 6c 54 03 88 b2 36 38 79 1f 1d 68 c2 ca fd |'.lT...68y..h...|
-00000050 bf 47 67 44 e1 13 3b f2 fb 16 03 03 00 14 9d 9d |.GgD..;.........|
-00000060 67 bf 0e 28 3c 56 a3 7b 49 cb 56 b5 5d 3e 39 45 |g..(<V.{I.V.]>9E|
-00000070 c8 c5 |..|
+00000000 14 03 03 00 11 be d5 20 ab dc c2 df f6 29 bc b7 |....... .....)..|
+00000010 a3 7e 70 b9 48 73 16 03 03 00 20 b2 f3 25 a9 70 |.~p.Hs.... ..%.p|
+00000020 7f 99 0d f4 01 0a 58 ad b8 6d 02 e8 6f 89 7b 77 |......X..m..o.{w|
+00000030 bf 22 89 b3 23 a8 02 28 00 94 f1 17 03 03 00 19 |."..#..(........|
+00000040 e3 22 a6 cd a4 dd 9d 2b 6f 6c 84 08 a5 dd 97 0d |.".....+ol......|
+00000050 9a 37 a7 ac e4 6b 03 1f db 16 03 03 00 14 ec d7 |.7...k..........|
+00000060 d4 fd ec 94 6c 0a 46 8f ec ee 87 61 5c 0a 82 a2 |....l.F....a\...|
+00000070 03 91 |..|
>>> Flow 11 (client to server)
-00000000 15 03 03 00 12 00 dc 08 22 b1 d3 cc d2 f7 6b 03 |........".....k.|
-00000010 92 e9 4d 62 8d 5d f6 15 03 03 00 12 ce e8 8d 1b |..Mb.]..........|
-00000020 78 a3 63 10 bc 77 e8 88 1f 91 9c a5 b5 f2 |x.c..w........|
+00000000 15 03 03 00 12 4b bc 67 b6 13 0f 0c df e1 42 46 |.....K.g......BF|
+00000010 05 97 85 e5 97 bc 81 15 03 03 00 12 d7 e8 b7 5c |...............\|
+00000020 a4 d8 8e fb b3 a7 1f 06 2f bb 77 f1 13 35 |......../.w..5|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiationRejected b/src/crypto/tls/testdata/Client-TLSv12-RenegotiationRejected
index 71d9841..57febfb 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiationRejected
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiationRejected
@@ -1,20 +1,26 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 db bb 55 42 4d |....Y...U....UBM|
-00000010 7e 2c 47 97 1c 97 97 e4 35 a1 a9 f4 d6 1a 2f 97 |~,G.....5...../.|
-00000020 96 f7 d6 3b 7e 81 7c 96 f4 42 f8 20 b1 92 02 f0 |...;~.|..B. ....|
-00000030 91 56 81 2c 4e ba e0 02 26 c7 f6 d9 0a ef e9 40 |.V.,N...&......@|
-00000040 54 10 60 a4 d3 e1 b5 cf d3 ad 59 c7 cc a8 00 00 |T.`.......Y.....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 e0 77 db d2 ca |....Y...U...w...|
+00000010 46 29 bc ce 1a ee 39 d0 58 35 74 c0 1f 17 86 c0 |F)....9.X5t.....|
+00000020 a8 58 ad b6 e3 f5 e0 80 ae 71 43 20 cd a1 49 bb |.X.......qC ..I.|
+00000030 94 bc fc 26 a5 56 ea dc 9d 9a b4 ee c7 70 fa 72 |...&.V.......p.r|
+00000040 04 c1 d8 e2 a9 63 24 9a 07 18 a5 fa cc a8 00 00 |.....c$.........|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -54,36 +60,36 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 7c 4a f0 08 30 5f 04 |........ |J..0_.|
-000002d0 46 3d 38 6c 55 57 44 82 a5 98 a1 fd 60 26 ce 03 |F=8lUWD.....`&..|
-000002e0 cd 93 14 0a 0b 69 02 bf 03 04 01 00 80 c6 a5 05 |.....i..........|
-000002f0 fa 60 d4 cb 47 ad 03 16 04 bf a7 43 7c 84 54 b3 |.`..G......C|.T.|
-00000300 29 dc 73 29 d2 43 29 90 3b 1f ff dd da 8b 56 06 |).s).C).;.....V.|
-00000310 08 9d fd 1f f6 42 7a 3e f9 ab 76 87 0b 42 e3 d8 |.....Bz>..v..B..|
-00000320 29 32 55 50 d0 1a 1e 00 8e c9 83 cc 08 bc e5 39 |)2UP...........9|
-00000330 9c 58 79 ab 27 5a 55 21 99 fb 2b ee 3a 3a a2 27 |.Xy.'ZU!..+.::.'|
-00000340 d6 64 a7 d9 c9 c6 46 dc 03 0a 30 b4 1b 8a 61 36 |.d....F...0...a6|
-00000350 b8 22 46 6a ea cc ee 30 e5 58 8e 7e 09 b2 0d 6a |."Fj...0.X.~...j|
-00000360 b5 84 54 ea ab ed d5 29 1e 7e 67 17 48 16 03 03 |..T....).~g.H...|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 96 83 76 7c af 6c af |........ ..v|.l.|
+000002d0 be 20 ec 79 87 9e e0 23 fa 34 78 96 91 30 3b 78 |. .y...#.4x..0;x|
+000002e0 1b 3f 0f 73 b4 45 05 2f 22 08 04 00 80 38 fe 9b |.?.s.E./"....8..|
+000002f0 e1 c2 82 13 ce 00 c2 0e 08 98 22 d0 4d 86 38 97 |..........".M.8.|
+00000300 c1 78 b9 11 a4 9d af e0 75 d1 c9 dc a1 dc 25 03 |.x......u.....%.|
+00000310 cd ba 15 2e be 0a 61 39 4f 4f d3 48 95 61 3f 2c |......a9OO.H.a?,|
+00000320 fb e1 63 e7 8f 51 b4 1f c8 98 f7 3e 23 11 8c 4a |..c..Q.....>#..J|
+00000330 b4 76 15 cc 83 bd dc 6f af 0c d9 f1 80 0d 9b a2 |.v.....o........|
+00000340 a3 ac 2f 26 c8 d3 23 94 bc c9 3d fb 44 4e 47 3e |../&..#...=.DNG>|
+00000350 3b de ce 24 b8 ab 52 f3 5f 26 96 7f e6 a4 ec 9e |;..$..R._&......|
+00000360 fc 44 4a 1b 73 d1 ea 2a a9 b9 c8 ba f6 16 03 03 |.DJ.s..*........|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 c8 0e 66 f9 0a 9c 23 fb ed 6a 04 |.... ..f...#..j.|
-00000040 83 b3 72 c4 5f 7b 2f 9f 03 c9 32 d5 60 30 6d 07 |..r._{/...2.`0m.|
-00000050 e7 d3 fc ed 83 |.....|
+00000030 16 03 03 00 20 f3 a4 06 da e0 55 ed 41 d1 71 2a |.... .....U.A.q*|
+00000040 d5 aa 00 31 eb 23 23 52 20 43 36 8f 10 70 d3 e0 |...1.##R C6..p..|
+00000050 6d cc 77 f9 68 |m.w.h|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 2e 07 51 3c b8 |.......... ..Q<.|
-00000010 97 34 f5 21 da 22 b1 e9 e6 98 61 83 22 06 45 c2 |.4.!."....a.".E.|
-00000020 db 60 08 27 bc 64 30 3e 1c 77 70 |.`.'.d0>.wp|
+00000000 14 03 03 00 01 01 16 03 03 00 20 f5 84 89 dc 37 |.......... ....7|
+00000010 bf d9 75 10 c2 30 50 9e 2c 71 00 30 46 f3 af 00 |..u..0P.,q.0F...|
+00000020 9c 6c fd 78 2d d1 54 88 98 c4 8a |.l.x-.T....|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 89 dc 04 82 f8 16 f2 0d 91 53 80 |..............S.|
-00000010 7a a7 7b 43 66 f4 95 b3 c2 db ec |z.{Cf......|
+00000000 17 03 03 00 16 e7 10 a8 74 64 64 01 ea af 4a f2 |........tdd...J.|
+00000010 6a 09 c7 60 49 ba 59 71 bc f6 90 |j..`I.Yq...|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 c7 99 03 a6 e5 88 0c f4 31 22 67 |.............1"g|
-00000010 ee 08 ff ff df d8 5d 63 ad |......]c.|
+00000000 16 03 03 00 14 4c ff 21 fb 5d ef 36 28 6f f8 7b |.....L.!.].6(o.{|
+00000010 c0 08 b6 1b e3 17 c3 6e 49 |.......nI|
>>> Flow 7 (client to server)
-00000000 15 03 03 00 12 ea 8d 5d 03 03 80 85 91 ca cf 7e |.......].......~|
-00000010 10 53 60 44 f6 86 3d 15 03 03 00 12 96 b9 d3 2b |.S`D..=........+|
-00000020 c9 d0 bd 38 c3 4d 32 10 4c e9 c4 9a b3 01 |...8.M2.L.....|
+00000000 15 03 03 00 12 ab 44 a2 47 b2 14 a3 5f 40 1b 56 |......D.G..._@.V|
+00000010 d0 f0 3f ea 95 cf aa 15 03 03 00 12 28 1b e3 5f |..?.........(.._|
+00000020 8c c4 87 b4 d6 28 2f c9 93 30 66 7a 35 ce |.....(/..0fz5.|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-SCT b/src/crypto/tls/testdata/Client-TLSv12-SCT
index e081554..f817ea5 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-SCT
+++ b/src/crypto/tls/testdata/Client-TLSv12-SCT
@@ -1,44 +1,50 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 95 01 00 00 91 03 03 00 00 00 00 00 |................|
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 3c 00 05 |.............<..|
-00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................|
-00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 |................|
-00000080 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
-00000090 03 ff 01 00 01 00 00 12 00 00 |..........|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 01 c6 02 00 01 c2 03 03 7c 81 f9 b1 c8 |...........|....|
-00000010 a6 92 26 e6 ef 52 6b 33 51 64 e1 e8 77 73 c2 c6 |..&..Rk3Qd..ws..|
-00000020 9a 7c 38 c8 df 43 8e da 8c ea 21 20 6b ea 4c 41 |.|8..C....! k.LA|
-00000030 1e 3d d0 b9 e9 d8 e9 0b 12 e1 a2 82 b7 69 0a d7 |.=...........i..|
-00000040 42 57 8e 24 62 77 3d e0 af 5b 97 2c cc a8 00 01 |BW.$bw=..[.,....|
-00000050 7a ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 12 |z...............|
-00000060 01 69 01 67 00 75 00 a4 b9 09 90 b4 18 58 14 87 |.i.g.u.......X..|
-00000070 bb 13 a2 cc 67 70 0a 3c 35 98 04 f9 1b df b8 e3 |....gp.<5.......|
-00000080 77 cd 0e c8 0d dc 10 00 00 01 47 97 99 ee 16 00 |w.........G.....|
-00000090 00 04 03 00 46 30 44 02 20 1c 4b 82 5d 95 6e 67 |....F0D. .K.].ng|
-000000a0 5b db 04 95 4b f6 ce f4 32 3e 86 7a 7a 32 ab 18 |[...K...2>.zz2..|
-000000b0 60 74 de 08 da 05 91 4c 2f 02 20 73 54 1b 6e 7f |`t.....L/. sT.n.|
-000000c0 a1 b0 7d 11 bc e6 f3 85 2f 97 66 1a f7 8a e4 10 |..}...../.f.....|
-000000d0 25 8f 12 f4 6f 39 0f d2 9e 18 f0 00 76 00 68 f6 |%...o9......v.h.|
-000000e0 98 f8 1f 64 82 be 3a 8c ee b9 28 1d 4c fc 71 51 |...d..:...(.L.qQ|
-000000f0 5d 67 93 d4 44 d1 0a 67 ac bb 4f 4f fb c4 00 00 |]g..D..g..OO....|
-00000100 01 47 97 e1 b5 70 00 00 04 03 00 47 30 45 02 20 |.G...p.....G0E. |
-00000110 32 21 14 38 06 d8 72 2e 00 30 64 1a e2 e8 6d 4e |2!.8..r..0d...mN|
-00000120 5a e1 d9 42 1e 82 4b 96 25 89 d5 26 13 d3 9c fa |Z..B..K.%..&....|
-00000130 02 21 00 8f 12 28 64 51 4f 44 d5 8c 18 62 23 b2 |.!...(dQOD...b#.|
-00000140 43 93 33 05 f3 43 55 a1 d9 ee cd c5 71 35 91 dd |C.3..CU.....q5..|
-00000150 49 d1 0b 00 76 00 ee 4b bd b7 75 ce 60 ba e1 42 |I...v..K..u.`..B|
-00000160 69 1f ab e1 9e 66 a3 0f 7e 5f b0 72 d8 83 00 c4 |i....f..~_.r....|
-00000170 7b 89 7a a8 fd cb 00 00 01 48 5c 64 8a 87 00 00 |{.z......H\d....|
-00000180 04 03 00 47 30 45 02 20 29 89 d6 b0 53 d3 d2 e9 |...G0E. )...S...|
-00000190 91 bc f1 b5 40 be 1e 2e e7 5c b4 74 27 ed 8f 9b |....@....\.t'...|
-000001a0 02 e9 fa c2 4c ba a2 be 02 21 00 af 43 64 52 71 |....L....!..CdRq|
-000001b0 15 29 58 40 91 c7 08 16 96 03 a8 73 a5 65 a0 6c |.)X@.......s.e.l|
-000001c0 b8 48 56 5a b6 29 83 64 6d 2a 9d 16 03 03 02 59 |.HVZ.).dm*.....Y|
+00000000 16 03 03 01 c6 02 00 01 c2 03 03 cb c8 2f af ab |............./..|
+00000010 d1 5b 34 64 8e 3f b3 6e b7 bf 0b e8 15 0f c3 97 |.[4d.?.n........|
+00000020 a1 99 64 45 ac 8f 2a 60 9c 03 a3 20 41 c5 a1 11 |..dE..*`... A...|
+00000030 79 cd 6b 70 27 1f 0f e8 59 ac d3 d7 ae ae 1e d4 |y.kp'...Y.......|
+00000040 e2 74 81 43 26 b1 37 d1 14 87 a6 20 cc a8 00 01 |.t.C&.7.... ....|
+00000050 7a 00 12 01 69 01 67 00 75 00 a4 b9 09 90 b4 18 |z...i.g.u.......|
+00000060 58 14 87 bb 13 a2 cc 67 70 0a 3c 35 98 04 f9 1b |X......gp.<5....|
+00000070 df b8 e3 77 cd 0e c8 0d dc 10 00 00 01 47 97 99 |...w.........G..|
+00000080 ee 16 00 00 04 03 00 46 30 44 02 20 1c 4b 82 5d |.......F0D. .K.]|
+00000090 95 6e 67 5b db 04 95 4b f6 ce f4 32 3e 86 7a 7a |.ng[...K...2>.zz|
+000000a0 32 ab 18 60 74 de 08 da 05 91 4c 2f 02 20 73 54 |2..`t.....L/. sT|
+000000b0 1b 6e 7f a1 b0 7d 11 bc e6 f3 85 2f 97 66 1a f7 |.n...}...../.f..|
+000000c0 8a e4 10 25 8f 12 f4 6f 39 0f d2 9e 18 f0 00 76 |...%...o9......v|
+000000d0 00 68 f6 98 f8 1f 64 82 be 3a 8c ee b9 28 1d 4c |.h....d..:...(.L|
+000000e0 fc 71 51 5d 67 93 d4 44 d1 0a 67 ac bb 4f 4f fb |.qQ]g..D..g..OO.|
+000000f0 c4 00 00 01 47 97 e1 b5 70 00 00 04 03 00 47 30 |....G...p.....G0|
+00000100 45 02 20 32 21 14 38 06 d8 72 2e 00 30 64 1a e2 |E. 2!.8..r..0d..|
+00000110 e8 6d 4e 5a e1 d9 42 1e 82 4b 96 25 89 d5 26 13 |.mNZ..B..K.%..&.|
+00000120 d3 9c fa 02 21 00 8f 12 28 64 51 4f 44 d5 8c 18 |....!...(dQOD...|
+00000130 62 23 b2 43 93 33 05 f3 43 55 a1 d9 ee cd c5 71 |b#.C.3..CU.....q|
+00000140 35 91 dd 49 d1 0b 00 76 00 ee 4b bd b7 75 ce 60 |5..I...v..K..u.`|
+00000150 ba e1 42 69 1f ab e1 9e 66 a3 0f 7e 5f b0 72 d8 |..Bi....f..~_.r.|
+00000160 83 00 c4 7b 89 7a a8 fd cb 00 00 01 48 5c 64 8a |...{.z......H\d.|
+00000170 87 00 00 04 03 00 47 30 45 02 20 29 89 d6 b0 53 |......G0E. )...S|
+00000180 d3 d2 e9 91 bc f1 b5 40 be 1e 2e e7 5c b4 74 27 |.......@....\.t'|
+00000190 ed 8f 9b 02 e9 fa c2 4c ba a2 be 02 21 00 af 43 |.......L....!..C|
+000001a0 64 52 71 15 29 58 40 91 c7 08 16 96 03 a8 73 a5 |dRq.)X@.......s.|
+000001b0 65 a0 6c b8 48 56 5a b6 29 83 64 6d 2a 9d ff 01 |e.l.HVZ.).dm*...|
+000001c0 00 01 00 00 0b 00 04 03 00 01 02 16 03 03 02 59 |...............Y|
000001d0 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 |...U..R..O0..K0.|
000001e0 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b |.............?.[|
000001f0 ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |..0...*.H.......|
@@ -77,31 +83,31 @@
00000400 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 |.....@.a.Lr+...F|
00000410 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 |..M...>...B...=.|
00000420 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 |`.\!.;..........|
-00000430 00 a8 03 00 1d 20 46 5e b3 7c 5b 77 d3 2d ff 1a |..... F^.|[w.-..|
-00000440 60 d8 56 9b c8 f0 fa 09 ec 33 89 08 8f 9e 54 86 |`.V......3....T.|
-00000450 7e 5d 72 e5 3d 37 04 01 00 80 6e e6 45 b9 1d b5 |~]r.=7....n.E...|
-00000460 03 a5 d6 ec 37 ca 35 a1 b0 e9 3f b5 b8 2f 65 d2 |....7.5...?../e.|
-00000470 f6 8e 28 e8 23 76 23 f7 26 b6 96 64 89 bb ab 88 |..(.#v#.&..d....|
-00000480 4b c5 9a b0 f5 df f2 44 19 15 25 67 5e 66 8c f7 |K......D..%g^f..|
-00000490 3d 9a 6a 2a c7 1d 85 d3 7c 2e 5e 9c 9d ca 87 c3 |=.j*....|.^.....|
-000004a0 ee 12 ec bd ba 19 fd bc 86 0e d7 8e d2 6a 90 f6 |.............j..|
-000004b0 bf bb 15 ab 2e 6b 6a 4d 6f 59 dd c9 ca 40 f5 60 |.....kjMoY...@.`|
-000004c0 b0 ab 47 2a 6e ee 1b 20 d8 ca c4 8c 8b f3 51 65 |..G*n.. ......Qe|
-000004d0 18 25 41 d3 1f 4e 6b fe ef 10 16 03 03 00 04 0e |.%A..Nk.........|
+00000430 00 a8 03 00 1d 20 c5 a7 0f f6 d3 e0 dd fe c0 6f |..... .........o|
+00000440 b9 d5 82 34 0f 6d e9 5c e2 38 3e 23 83 17 07 f8 |...4.m.\.8>#....|
+00000450 00 1c 5e e6 6b 40 08 04 00 80 93 f8 75 72 dc 74 |..^.k@......ur.t|
+00000460 68 62 98 55 f6 64 81 d1 03 9f f8 8c 17 77 d3 a6 |hb.U.d.......w..|
+00000470 f9 3e 41 b8 f7 73 e6 c7 83 21 3b e8 72 cf 5f 08 |.>A..s...!;.r._.|
+00000480 84 51 cf e5 f6 b0 f2 83 d9 cf b9 fc d7 3c 0d 39 |.Q...........<.9|
+00000490 a2 14 ae 78 07 24 25 95 13 90 71 f9 ac 0f 64 c7 |...x.$%...q...d.|
+000004a0 e9 15 35 37 83 02 10 38 be c1 d1 00 3d 4b f2 36 |..57...8....=K.6|
+000004b0 f6 7f ac 3e b2 ef 51 eb df d6 8b 92 a6 8e 71 17 |...>..Q.......q.|
+000004c0 63 bd 6a 92 15 b7 b1 2d 0a 4c 58 68 65 23 ff ad |c.j....-.LXhe#..|
+000004d0 59 03 85 9c a2 cf 02 3b 70 d4 16 03 03 00 04 0e |Y......;p.......|
000004e0 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 5f a3 77 a5 b0 8f 47 73 4c a9 1d |.... _.w...GsL..|
-00000040 84 17 76 fe a5 17 6e c8 cd a4 dc 47 e5 76 23 2f |..v...n....G.v#/|
-00000050 18 8b 59 41 12 |..YA.|
+00000030 16 03 03 00 20 62 1f 1a 94 94 88 9c 0c 3c ab d1 |.... b.......<..|
+00000040 32 32 9f 8d be 28 a8 86 43 e6 53 d3 c4 bf 13 84 |22...(..C.S.....|
+00000050 50 7f 30 84 e1 |P.0..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 3e 65 a2 34 77 |.......... >e.4w|
-00000010 84 52 61 db 52 89 e8 f0 27 f3 ab 70 17 38 1f 37 |.Ra.R...'..p.8.7|
-00000020 17 ad d8 56 23 32 2d 2d e2 b3 d0 |...V#2--...|
+00000000 14 03 03 00 01 01 16 03 03 00 20 bf 16 ab 1a 98 |.......... .....|
+00000010 d0 c1 95 b7 fe c2 45 fd 01 79 6b 8a 13 80 e4 96 |......E..yk.....|
+00000020 64 15 1b 6e 31 12 19 1d 6f ba b0 |d..n1...o..|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 92 d2 88 0c 8a ac 62 fe fd d5 d4 |...........b....|
-00000010 fd 98 b2 60 02 97 a2 80 d7 5f f9 15 03 03 00 12 |...`....._......|
-00000020 e9 3d 30 95 1b f8 fd 05 3b ba ac af f9 66 f7 ac |.=0.....;....f..|
-00000030 e5 ec |..|
+00000000 17 03 03 00 16 a4 27 40 7a 6a 54 03 b6 ec 5f 4a |......'@zjT..._J|
+00000010 56 a5 6e cb cc 4c 49 2e 08 29 37 15 03 03 00 12 |V.n..LI..)7.....|
+00000020 88 20 fe 73 46 06 a7 f0 31 1a d9 89 7a fe a8 28 |. .sF...1...z..(|
+00000030 d6 e8 |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE b/src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE
new file mode 100644
index 0000000..178106f
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE
@@ -0,0 +1,92 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f2 01 00 00 ee 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 73 00 05 00 05 01 00 00 00 00 00 0a 00 |...s............|
+00000090 04 00 02 00 1d 00 0b 00 02 01 00 00 0d 00 18 00 |................|
+000000a0 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 06 |................|
+000000b0 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................|
+000000c0 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 33 00 |.+............3.|
+000000d0 26 00 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 |&.$... /.}.G.bC.|
+000000e0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
+000000f0 90 99 5f 58 cb 3b 74 |.._X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 59 02 00 00 55 03 03 14 f0 64 fb 80 |....Y...U....d..|
+00000010 40 49 f6 48 a5 65 9d e1 2e 37 c3 f7 b9 27 fe 6b |@I.H.e...7...'.k|
+00000020 de 49 93 da 97 0d 59 c5 a8 5d 42 20 f9 10 79 a2 |.I....Y..]B ..y.|
+00000030 e6 33 e8 eb 6c 7d 3b 1d e2 e9 3e df 5f 5a 40 d5 |.3..l};...>._Z@.|
+00000040 a2 0d c7 35 f2 db a1 e0 1f 90 bb 6b c0 2f 00 00 |...5.......k./..|
+00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
+00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
+00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
+00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....|
+00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...|
+000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go|
+000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010|
+000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100|
+000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..|
+000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G|
+000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....|
+00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F|
+00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...|
+00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.|
+00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...|
+00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+|
+00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<|
+00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]|
+00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.|
+00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...|
+00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..|
+000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%|
+000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........|
+000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...|
+000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....|
+000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....|
+000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.|
+00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.|
+00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp|
+00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H|
+00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@|
+00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X|
+00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-|
+00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....|
+00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...|
+00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C|
+00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
+000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
+000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 45 79 ac ef 3b d5 3e |........ Ey..;.>|
+000002d0 81 e1 7d 8a 9e 94 b3 d8 15 49 3c 2a 71 0a 31 74 |..}......I<*q.1t|
+000002e0 2b 7a cc f7 5d 2d 72 d5 60 08 04 00 80 d1 63 69 |+z..]-r.`.....ci|
+000002f0 e9 5f 99 c1 43 18 29 04 39 f2 ec 2b d8 dc e6 59 |._..C.).9..+...Y|
+00000300 80 ff 27 f9 96 39 de 2c 26 9c f0 15 39 fa 42 ba |..'..9.,&...9.B.|
+00000310 80 d8 1b f6 64 07 e4 2e b3 1e ce 20 51 59 82 97 |....d...... QY..|
+00000320 a1 2f d5 3f 18 05 12 12 1e aa cf 29 93 34 89 18 |./.?.......).4..|
+00000330 0b 19 e0 30 21 5f ce c2 75 58 a1 aa 98 44 cb c0 |...0!_..uX...D..|
+00000340 08 db 6e c5 95 9c a7 f5 a2 30 c7 9d 9d 31 1d a1 |..n......0...1..|
+00000350 b8 3f 05 b8 13 b6 89 a8 3c 78 fe ae e5 6f 2a 91 |.?......<x...o*.|
+00000360 35 14 95 c5 89 4c 1e 68 2d 18 9b 36 81 16 03 03 |5....L.h-..6....|
+00000370 00 04 0e 00 00 00 |......|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
+00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
+00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
+00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 b5 c1 dc |....(...........|
+00000040 8e c0 bc 78 74 a7 c6 36 23 67 55 5d bc 82 db 77 |...xt..6#gU]...w|
+00000050 85 d8 76 c8 98 65 63 8e f2 47 0b 5b 10 |..v..ec..G.[.|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 6e 20 eb fc d1 |..........(n ...|
+00000010 a1 0e 6c a5 d9 6c ab fc 4d 0e f3 f0 61 84 2d 14 |..l..l..M...a.-.|
+00000020 06 53 eb 69 18 b3 e3 f1 32 e8 19 00 5e 74 97 e5 |.S.i....2...^t..|
+00000030 98 a7 8a |...|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 32 91 ac |.............2..|
+00000010 63 b8 71 f1 26 18 ac 15 45 58 6c 60 18 77 bc 5c |c.q.&...EXl`.w.\|
+00000020 ff 5b cd 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.[..............|
+00000030 ad 89 71 22 f0 e0 61 3e 2b f7 d9 da 96 34 51 72 |..q"..a>+....4Qr|
+00000040 c9 be |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM b/src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM
deleted file mode 100644
index 7a265ea..0000000
--- a/src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM
+++ /dev/null
@@ -1,86 +0,0 @@
->>> Flow 1 (client to server)
-00000000 16 03 01 00 8f 01 00 00 8b 03 03 00 00 00 00 00 |................|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..|
-00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
-00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
-00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 36 00 05 |.............6..|
-00000060 00 05 01 00 00 00 00 00 0a 00 04 00 02 00 1d 00 |................|
-00000070 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 |................|
-00000080 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 |................|
-00000090 00 12 00 00 |....|
->>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 ff 52 25 9b 48 |....Y...U...R%.H|
-00000010 77 0c cd cf 49 c4 b4 5e 02 32 d4 56 99 d0 ce ad |w...I..^.2.V....|
-00000020 d4 9d 8b e9 ae 4c 50 26 4b 65 c3 20 99 54 f7 5d |.....LP&Ke. .T.]|
-00000030 68 da 00 e0 88 d8 0c ed b1 8f 60 d1 70 16 c4 c6 |h.........`.p...|
-00000040 84 69 55 23 43 27 22 b7 94 2a 79 4c c0 2f 00 00 |.iU#C'"..*yL./..|
-00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
-00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
-00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
-00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....|
-00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...|
-000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go|
-000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010|
-000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100|
-000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..|
-000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G|
-000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....|
-00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F|
-00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...|
-00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.|
-00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...|
-00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+|
-00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<|
-00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]|
-00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.|
-00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...|
-00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..|
-000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%|
-000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........|
-000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...|
-000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....|
-000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....|
-000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.|
-00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.|
-00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp|
-00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H|
-00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@|
-00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X|
-00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-|
-00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....|
-00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...|
-00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C|
-00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
-000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
-000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 7e 24 e6 eb 12 22 e0 |........ ~$...".|
-000002d0 7b 1e ad 2d 1e a8 3a ea ff 9e 87 bf 38 21 6e 51 |{..-..:.....8!nQ|
-000002e0 a8 42 0b 13 a2 3f 01 b9 7d 04 01 00 80 be e8 7e |.B...?..}......~|
-000002f0 db 65 e8 0c 5e 31 4c 72 b4 fb 42 ca f0 e2 e2 32 |.e..^1Lr..B....2|
-00000300 26 46 f5 62 e5 09 71 8c 82 60 d3 e1 3b 1d d4 3d |&F.b..q..`..;..=|
-00000310 6f 9d 5e 22 e7 22 41 44 1b b1 77 18 dc 5a 82 18 |o.^"."AD..w..Z..|
-00000320 f3 ae 31 a2 46 32 86 cb 6e f7 37 b3 a4 7e 5c 62 |..1.F2..n.7..~\b|
-00000330 11 8d 78 aa 78 6b 6f 78 da 75 26 bf 9b fc 5a 4b |..x.xkox.u&...ZK|
-00000340 18 d7 28 84 9d 66 70 69 2f f5 24 c5 90 ef 33 14 |..(..fpi/.$...3.|
-00000350 2e c8 14 3f 46 5c 61 c1 a5 2e ee 81 b5 4e 32 01 |...?F\a......N2.|
-00000360 85 8b 3a 30 de 0d e7 23 07 be 36 9a 66 16 03 03 |..:0...#..6.f...|
-00000370 00 04 0e 00 00 00 |......|
->>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
-00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
-00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 71 e9 b4 |....(........q..|
-00000040 8b 8a 93 23 22 6a 61 09 5f e6 5b 05 53 f6 7e b0 |...#"ja._.[.S.~.|
-00000050 18 53 da 44 b4 04 4d a4 d6 8e fe 8e d8 |.S.D..M......|
->>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 b0 0e df 0e b0 |..........(.....|
-00000010 b0 3b 09 c7 9e 23 21 34 35 3a 15 94 64 8e 54 c9 |.;...#!45:..d.T.|
-00000020 5c c7 e3 3f b6 8f ca 10 4e d9 60 60 b7 b4 f9 13 |\..?....N.``....|
-00000030 5d c4 53 |].S|
->>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 6b a1 83 |.............k..|
-00000010 cc af 9b e1 88 55 43 c2 7d 05 b7 2d 7d 33 d9 b6 |.....UC.}..-}3..|
-00000020 a3 9b 85 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 e2 8b 82 76 99 3d 8b b7 7d 69 76 d5 cd 6c aa 7c |...v.=..}iv..l.||
-00000040 64 82 |d.|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-AES128-SHA256 b/src/crypto/tls/testdata/Client-TLSv13-AES128-SHA256
new file mode 100644
index 0000000..c35db9e
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-AES128-SHA256
@@ -0,0 +1,90 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 e6 6e e6 44 9a |....z...v...n.D.|
+00000010 c9 e2 51 58 ac ba 02 48 ea 6f dd 09 7a 08 04 d2 |..QX...H.o..z...|
+00000020 df b6 96 2f 31 d4 6b bf ab 0e 8e 20 00 00 00 00 |.../1.k.... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 98 |..+.....3.$... .|
+00000060 b2 16 47 4d 82 da 23 5b 2a a4 63 29 11 a8 d4 c0 |..GM..#[*.c)....|
+00000070 0b 5e 2d 73 0d d6 e7 1e 15 78 1a c2 58 93 70 14 |.^-s.....x..X.p.|
+00000080 03 03 00 01 01 17 03 03 00 17 c3 65 82 87 0c 61 |...........e...a|
+00000090 57 28 08 d5 da fc 59 8d a3 76 49 0f d5 80 68 3d |W(....Y..vI...h=|
+000000a0 03 17 03 03 02 6d c5 f1 b7 8a 61 03 06 9e 0f 3b |.....m....a....;|
+000000b0 be 71 5b 29 17 c7 ed 0e 23 40 90 c6 7a 22 4e ad |.q[)....#@..z"N.|
+000000c0 d5 f1 60 f6 db d9 37 73 1f b6 43 f7 7b fe 7b aa |..`...7s..C.{.{.|
+000000d0 f7 16 28 e5 a8 b6 be 69 da 79 09 b5 dc ab bf d3 |..(....i.y......|
+000000e0 36 ca 19 ae 8c de 27 5c 0d 44 5e 4a e2 ac ff bc |6.....'\.D^J....|
+000000f0 33 4e 35 d3 8d 21 22 4d 12 38 e2 f9 73 3b 3d d1 |3N5..!"M.8..s;=.|
+00000100 a7 b1 06 6a 6a 8d 25 0f 47 b1 d1 f2 da 32 cc 58 |...jj.%.G....2.X|
+00000110 9e 78 b6 b4 4e c1 bc 9d 91 38 44 ff 35 71 a7 c3 |.x..N....8D.5q..|
+00000120 39 67 5b 50 b1 9b 87 5d fd 6d 87 42 25 10 1a 19 |9g[P...].m.B%...|
+00000130 e1 95 19 2f a1 2c 95 6e ce 6c c9 d9 92 1d e6 7f |.../.,.n.l......|
+00000140 9d d0 98 60 f3 6c cf 64 8e 66 bb a4 af de 1e b6 |...`.l.d.f......|
+00000150 6a 6d 7b 11 a7 ca e1 29 49 f3 57 50 73 e8 36 79 |jm{....)I.WPs.6y|
+00000160 81 fe 33 f7 04 1a 04 e3 60 8e e7 11 fa 07 bb 79 |..3.....`......y|
+00000170 73 c0 b7 5e 0f 61 b7 3a 50 85 a4 e1 8e 3b a3 43 |s..^.a.:P....;.C|
+00000180 79 8a 14 78 0a ff 66 b4 c3 c0 fe 0a 6a c6 66 72 |y..x..f.....j.fr|
+00000190 a8 8a e1 9c a6 ad ee 74 53 d9 b8 07 17 b3 9b f6 |.......tS.......|
+000001a0 eb 28 1b 64 97 aa 17 fa 80 36 cb b1 35 6e ec e1 |.(.d.....6..5n..|
+000001b0 16 1f ba 00 0c 26 fb 17 0e 00 8a e3 28 0d 6a 76 |.....&......(.jv|
+000001c0 8c 78 ee 55 02 78 66 90 5b 87 f2 16 e2 af ef fb |.x.U.xf.[.......|
+000001d0 a1 f3 8f fd b9 8e e3 16 68 7a ec c0 54 2f 88 c4 |........hz..T/..|
+000001e0 08 6c 55 48 58 56 ac 3e 26 5b 67 42 18 72 6e a1 |.lUHXV.>&[gB.rn.|
+000001f0 b5 86 cf 55 d1 29 c5 9b 2c 7b 7d f3 a5 26 2e 5e |...U.)..,{}..&.^|
+00000200 21 3a 40 97 5a c1 c8 13 3d c3 12 4e d8 88 e1 8f |!:@.Z...=..N....|
+00000210 e8 c5 d3 9b 0f 49 24 42 da 27 ac e5 5e 21 2e 2c |.....I$B.'..^!.,|
+00000220 8b 27 ae c4 39 49 6f 43 69 a3 e4 0d f1 fc 62 9f |.'..9IoCi.....b.|
+00000230 be 65 78 01 d8 c8 4e 0f b5 d7 12 d1 fc 73 cc 6e |.ex...N......s.n|
+00000240 cc df d3 df 33 e4 f8 8e 4f 82 60 cd 1f a1 71 74 |....3...O.`...qt|
+00000250 20 7a e2 46 fc 7a 83 15 dc 6c 5d b3 4f 92 de a2 | z.F.z...l].O...|
+00000260 99 b5 33 4e b0 5d 19 0f 84 ae de 65 2e ee ef 40 |..3N.].....e...@|
+00000270 e9 5b c6 53 86 0d 88 fc 2a b2 2c 5c 76 66 95 a7 |.[.S....*.,\vf..|
+00000280 96 ad 7f ba 27 ea e4 54 5e 77 97 0d 6f 9e b8 e5 |....'..T^w..o...|
+00000290 b7 2f 75 13 42 7e 61 08 e3 69 31 d4 e6 d0 c0 6d |./u.B~a..i1....m|
+000002a0 e3 e2 e4 69 5d d0 7d c2 f1 48 a1 e0 23 f1 19 81 |...i].}..H..#...|
+000002b0 23 ed a7 ac ed 88 70 60 c6 eb cf 11 23 39 cb 91 |#.....p`....#9..|
+000002c0 35 3b 32 6c 20 fc 61 cb 49 77 9c d9 5d e2 b4 41 |5;2l .a.Iw..]..A|
+000002d0 b9 c6 22 af 36 e4 a4 c4 45 47 f4 53 3f 7f b4 25 |..".6...EG.S?..%|
+000002e0 a0 34 f4 40 42 04 17 63 3b fa 05 35 c3 76 ec f7 |.4.@B..c;..5.v..|
+000002f0 b3 ee 62 fb 03 dc 06 22 90 4b fd 07 62 3b cd 27 |..b....".K..b;.'|
+00000300 da 87 32 73 3d 46 5c e7 b6 22 f7 02 8e 43 f4 46 |..2s=F\.."...C.F|
+00000310 79 cb 9b 17 03 03 00 99 81 e1 c1 b3 1d 11 4b 61 |y.............Ka|
+00000320 6a 4a f2 9a 97 52 36 2a fc ef 77 54 aa 28 a7 4f |jJ...R6*..wT.(.O|
+00000330 46 c5 69 2a a7 d7 da d6 ff 28 b1 21 3b 66 ac a7 |F.i*.....(.!;f..|
+00000340 ff 66 0a 10 20 1d 24 9b f3 46 1a a7 04 4b b5 3d |.f.. .$..F...K.=|
+00000350 e8 49 fc 3a f0 74 a8 02 b9 2d 5d e4 de 91 ef 4d |.I.:.t...-]....M|
+00000360 ab 47 10 2c ba 70 c1 aa a9 79 a8 96 27 71 90 e3 |.G.,.p...y..'q..|
+00000370 91 4d 4e dd 96 e0 4c ad c5 0b 44 0a c0 4d 17 42 |.MN...L...D..M.B|
+00000380 65 12 8a ba fb 7c 66 7c 92 61 87 07 cd e3 a0 16 |e....|f|.a......|
+00000390 8b 94 23 77 85 70 88 d2 22 64 14 16 b5 ab db 6a |..#w.p.."d.....j|
+000003a0 b9 23 26 ee c8 33 6e 9b a6 e4 d1 85 d2 81 3a 5d |.#&..3n.......:]|
+000003b0 33 17 03 03 00 35 b2 85 a7 fd fc 27 46 25 8f cd |3....5.....'F%..|
+000003c0 ac ff 84 0a 54 cf f2 11 94 41 d0 7e 04 50 61 7d |....T....A.~.Pa}|
+000003d0 71 40 df bc 48 0f c1 32 50 83 5c 05 c9 a5 02 95 |q@..H..2P.\.....|
+000003e0 77 04 8c 76 ee 44 32 44 94 e3 8b |w..v.D2D...|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 11 f3 e0 d9 39 |..........5....9|
+00000010 43 24 33 e1 54 01 5d f2 c7 50 21 9f db 2d 31 81 |C$3.T.]..P!..-1.|
+00000020 3f d5 9c cb 59 cb 24 40 2a 77 da 0a 9e 52 12 11 |?...Y.$@*w...R..|
+00000030 1e a8 f8 e2 f2 9e 32 6c 06 8c 48 e8 bf 9d ef 0f |......2l..H.....|
+00000040 17 03 03 00 17 bc a1 a2 8a a1 6c c3 19 d1 49 7f |..........l...I.|
+00000050 57 af 58 5b ff 7b 11 b2 bb 45 3c 6f 17 03 03 00 |W.X[.{...E<o....|
+00000060 13 54 2f ac 2b 0f 9d de 27 bc f6 90 e5 ef f3 fd |.T/.+...'.......|
+00000070 f7 cd 07 f9 |....|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-AES256-SHA384 b/src/crypto/tls/testdata/Client-TLSv13-AES256-SHA384
new file mode 100644
index 0000000..723a9e9
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-AES256-SHA384
@@ -0,0 +1,92 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 fa ff 71 26 f0 |....z...v....q&.|
+00000010 2c ee 80 2c 1c f9 ea 4b de ad d0 61 83 7f 89 6f |,..,...K...a...o|
+00000020 db e6 a9 53 ff c5 b5 ec 04 08 4c 20 00 00 00 00 |...S......L ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 02 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 6f |..+.....3.$... o|
+00000060 2a 3a fe 8e dc cf 2e 7d 26 bd 12 fb da 0a 00 16 |*:.....}&.......|
+00000070 b7 12 79 72 a0 a8 95 11 81 d5 b3 ae f8 d7 26 14 |..yr..........&.|
+00000080 03 03 00 01 01 17 03 03 00 17 42 95 95 65 84 db |..........B..e..|
+00000090 3e dc c4 41 bb e2 21 94 27 2d 9e 27 4e dd 3e 9d |>..A..!.'-.'N.>.|
+000000a0 6e 17 03 03 02 6d 71 24 bb 82 cf aa 37 52 4c 15 |n....mq$....7RL.|
+000000b0 6d 5c 74 44 c5 08 21 31 ab 47 5a 75 b9 31 d6 97 |m\tD..!1.GZu.1..|
+000000c0 69 64 40 b5 09 1c 2b 36 1d 54 19 52 4b ad c9 1c |id@...+6.T.RK...|
+000000d0 d4 51 33 80 a4 b9 df 47 17 6a eb 7a d7 bc 12 3e |.Q3....G.j.z...>|
+000000e0 7b 28 fa 15 16 aa 23 6f b5 5f a4 f6 8e 2b 00 11 |{(....#o._...+..|
+000000f0 1b f2 00 e4 c8 31 38 ee 61 71 bc 7f dd a1 45 2d |.....18.aq....E-|
+00000100 ac 1c 2b fd cd 40 51 29 4e 07 fd f4 04 45 09 56 |..+..@Q)N....E.V|
+00000110 72 c8 83 22 3e 20 06 3a 93 16 89 21 4a 9f 3b bc |r.."> .:...!J.;.|
+00000120 63 7f c0 1b 6a b2 30 d1 49 43 90 08 af 28 4a c1 |c...j.0.IC...(J.|
+00000130 79 96 a1 72 0a 82 fe fb 20 1d 18 f8 b7 03 01 89 |y..r.... .......|
+00000140 05 04 d7 98 1b 77 2e ad 81 56 de 08 f1 83 1e 9c |.....w...V......|
+00000150 7d 2b 16 e1 15 87 12 db 5f 59 5d a3 95 75 ab f8 |}+......_Y]..u..|
+00000160 54 87 91 0d 7f 80 76 6e d8 44 f3 c5 ef d6 b4 3d |T.....vn.D.....=|
+00000170 6e 91 4c 65 b7 94 2d 05 d1 1e e6 49 d4 78 1c 34 |n.Le..-....I.x.4|
+00000180 48 4a 5b 8c ed ad f7 cb 60 98 56 b5 98 ed 7e 88 |HJ[.....`.V...~.|
+00000190 4b 98 ec aa 7d 79 71 2c f2 2f 15 5e c1 ed a6 14 |K...}yq,./.^....|
+000001a0 01 df 25 df 79 35 1c f0 52 85 7b 2b 46 2c 09 14 |..%.y5..R.{+F,..|
+000001b0 26 86 2c 6a d5 ec cf 24 04 49 9c d8 61 65 02 aa |&.,j...$.I..ae..|
+000001c0 d6 ce 55 07 2f b6 23 f3 a7 8d 78 f9 72 fc 77 8b |..U./.#...x.r.w.|
+000001d0 45 72 0e 61 c2 e8 8d 65 00 50 8b 00 42 48 d1 10 |Er.a...e.P..BH..|
+000001e0 1f 3e cc ca 21 10 4c 0b 6b fc f8 c1 b7 83 3e 25 |.>..!.L.k.....>%|
+000001f0 8e 40 11 55 32 34 83 0b 98 38 ad 2a ff e0 ae 71 |.@.U24...8.*...q|
+00000200 86 0d 9a ef 50 e8 8a 32 53 ba c8 71 4e 96 46 95 |....P..2S..qN.F.|
+00000210 c2 31 b5 64 6c 74 8e b6 be 8c e7 bd 5c 79 fd 87 |.1.dlt......\y..|
+00000220 db 7e 39 82 7c 7b 38 58 42 34 a1 64 e9 15 f8 f3 |.~9.|{8XB4.d....|
+00000230 56 2c ec c9 4f f3 4d e0 3d a6 ec 87 5f 48 be 75 |V,..O.M.=..._H.u|
+00000240 d0 9e a6 6c ef 97 db a8 66 ff 8b 5e 34 28 bb 34 |...l....f..^4(.4|
+00000250 e0 9c a0 a1 18 2a f4 98 71 e7 8b 18 2c 7c 37 a9 |.....*..q...,|7.|
+00000260 c0 75 b4 24 7f ce 85 42 fe ed 7f fd 6d 7c 3d 5b |.u.$...B....m|=[|
+00000270 bf d4 72 b9 2f 6d b6 09 86 cd 48 2f 69 a5 94 86 |..r./m....H/i...|
+00000280 ab e9 04 b7 b3 88 3b 49 6b 28 e5 8a 30 73 60 9a |......;Ik(..0s`.|
+00000290 c9 ff c5 ff 62 0b cc 3a ec 8b 4b a5 f2 2e c3 9d |....b..:..K.....|
+000002a0 a1 5d 51 9d f0 2d 88 20 24 cc bf cf 79 69 aa 4d |.]Q..-. $...yi.M|
+000002b0 f0 86 ba 9f 7c b4 f0 e3 97 54 7b f5 68 f8 da 26 |....|....T{.h..&|
+000002c0 38 a5 5c 86 c5 0a f5 06 af 58 66 e3 40 a0 33 d4 |8.\......Xf.@.3.|
+000002d0 cb 90 52 1b 81 3d 31 9d f9 8f 4f d9 38 80 f3 ea |..R..=1...O.8...|
+000002e0 79 c4 2c 55 3f ea 9b 79 51 24 dc 70 6e 5c 68 ce |y.,U?..yQ$.pn\h.|
+000002f0 b0 65 58 ec 3d 62 27 f3 1c 34 b4 7c b5 8e 91 1d |.eX.=b'..4.|....|
+00000300 dc 6b 21 b5 3d 9c 6f 30 91 f8 39 d8 11 03 65 95 |.k!.=.o0..9...e.|
+00000310 72 71 36 17 03 03 00 99 4f 82 32 b2 1c df 6d 0d |rq6.....O.2...m.|
+00000320 c5 6f d7 89 39 07 42 4d d5 ae 7d 0d 6f a8 68 41 |.o..9.BM..}.o.hA|
+00000330 ca 64 5c 38 5a 31 85 02 d7 99 28 ac 0d 33 1b e2 |.d\8Z1....(..3..|
+00000340 d8 f7 f2 d3 13 30 50 0f e9 21 3c 9e 53 1c fb cd |.....0P..!<.S...|
+00000350 96 e7 00 ef 35 5d d6 a7 64 77 fd 76 07 fa e6 e0 |....5]..dw.v....|
+00000360 04 ec cf c0 76 41 a7 12 37 e0 c3 42 43 11 54 7e |....vA..7..BC.T~|
+00000370 4f b8 38 3a 3e 60 0f 9c ac 65 d1 84 d3 6e b1 c2 |O.8:>`...e...n..|
+00000380 fc be a7 96 59 89 87 c7 b9 d7 09 c0 ef 68 d7 10 |....Y........h..|
+00000390 a5 08 8a 45 23 17 47 e3 eb f7 9f d3 ab 54 d1 4a |...E#.G......T.J|
+000003a0 8c 69 1f aa a3 43 af dd ce 76 a3 9a 6f e5 4c 6a |.i...C...v..o.Lj|
+000003b0 07 17 03 03 00 45 b8 72 a2 fb af 1c 5e 8f ed 0a |.....E.r....^...|
+000003c0 53 85 d3 cd 32 ad 56 ba 38 82 1c 23 40 83 7e c1 |S...2.V.8..#@.~.|
+000003d0 ce 0f 53 f5 74 a0 54 39 aa fb f1 13 8d 5f 3a 93 |..S.t.T9....._:.|
+000003e0 fc 98 72 3f e5 70 e2 e5 97 fb 92 ca 2b 52 50 96 |..r?.p......+RP.|
+000003f0 3f d0 8d 94 d5 17 2b 0d 90 4a 12 |?.....+..J.|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 f6 a2 b0 dd 25 |..........E....%|
+00000010 6e 65 f4 c5 74 2b 60 e0 14 12 92 b3 fc 8c 18 06 |ne..t+`.........|
+00000020 fb 5d c4 de d9 41 df 39 47 b1 d0 2f 3c 4e 90 fb |.]...A.9G../<N..|
+00000030 d3 8f 32 93 2c 7e 66 5d a2 96 91 91 df ec a5 6f |..2.,~f].......o|
+00000040 2e 4a 7b b4 1b 77 1e 16 76 66 c3 80 c8 d9 b0 eb |.J{..w..vf......|
+00000050 17 03 03 00 17 8e d8 13 8e af f8 41 d2 63 19 3b |...........A.c.;|
+00000060 e0 a8 0a 73 6c dd 76 31 b8 51 17 bc 17 03 03 00 |...sl.v1.Q......|
+00000070 13 1a ee 55 37 e1 4c d3 fc 81 4d 37 84 e6 88 52 |...U7.L...M7...R|
+00000080 65 b5 02 78 |e..x|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ALPN b/src/crypto/tls/testdata/Client-TLSv13-ALPN
new file mode 100644
index 0000000..77b0342
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ALPN
@@ -0,0 +1,93 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 01 10 01 00 01 0c 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 91 33 74 00 00 00 05 00 05 01 00 00 00 |....3t..........|
+00000090 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 |................|
+000000a0 0b 00 02 01 00 00 0d 00 18 00 16 08 04 08 05 08 |................|
+000000b0 06 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 |................|
+000000c0 03 ff 01 00 01 00 00 10 00 10 00 0e 06 70 72 6f |.............pro|
+000000d0 74 6f 32 06 70 72 6f 74 6f 31 00 12 00 00 00 2b |to2.proto1.....+|
+000000e0 00 09 08 03 04 03 03 03 02 03 01 00 33 00 26 00 |............3.&.|
+000000f0 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 28 da |$... /.}.G.bC.(.|
+00000100 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
+00000110 5f 58 cb 3b 74 |_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 8b 65 4e 74 f0 |....z...v...eNt.|
+00000010 c4 05 7a a1 58 a7 fd b0 55 9e d2 15 67 1f 19 f9 |..z.X...U...g...|
+00000020 25 e1 3e 89 4f a6 79 90 95 5a 8c 20 00 00 00 00 |%.>.O.y..Z. ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 a5 |..+.....3.$... .|
+00000060 e3 ac d0 3c 26 f8 66 41 ac b5 47 6f 63 a0 8f 0a |...<&.fA..Goc...|
+00000070 6f 79 62 23 15 01 d0 57 5d 66 9c 09 50 c5 45 14 |oyb#...W]f..P.E.|
+00000080 03 03 00 01 01 17 03 03 00 24 7d dc b2 50 38 8e |.........$}..P8.|
+00000090 15 52 73 25 90 d3 d3 f2 19 da 76 ae 64 42 29 eb |.Rs%......v.dB).|
+000000a0 21 1b 7d b1 d9 04 94 ac 71 b9 b3 e1 d7 59 17 03 |!.}.....q....Y..|
+000000b0 03 02 6d cb 4e 30 d0 df 41 b8 1a 76 1d e2 a2 14 |..m.N0..A..v....|
+000000c0 24 ec e4 b8 e4 5b 98 49 ed 4e 48 98 3d a7 89 d4 |$....[.I.NH.=...|
+000000d0 d1 35 2f d4 12 dc 0b c3 3f e7 0c df 11 20 41 fb |.5/.....?.... A.|
+000000e0 5c 24 62 82 26 ad 28 25 59 c0 c0 81 41 9d 80 b7 |\$b.&.(%Y...A...|
+000000f0 db cd 41 bb 27 66 ba 55 e6 2f 52 5d 71 d4 77 6a |..A.'f.U./R]q.wj|
+00000100 5c 5d 72 34 e6 83 9d c6 24 d1 be 3b 99 90 9b 22 |\]r4....$..;..."|
+00000110 7f d8 81 39 d4 7b a8 f9 d7 61 82 a1 72 f9 27 0b |...9.{...a..r.'.|
+00000120 b8 6a 5c 72 bd 8f 84 34 c6 d0 c8 1a b9 27 d6 7b |.j\r...4.....'.{|
+00000130 12 20 37 b7 64 85 19 7e b4 37 46 df 51 77 23 be |. 7.d..~.7F.Qw#.|
+00000140 c4 7a e4 7e 37 3b 53 3e 3b 86 8f 22 31 28 4b 8f |.z.~7;S>;.."1(K.|
+00000150 89 0d dc 8d 67 37 53 9d 38 f2 5f 99 2c f4 76 64 |....g7S.8._.,.vd|
+00000160 87 e4 ce b7 4f d0 83 99 b2 55 8c 38 8c d0 89 d1 |....O....U.8....|
+00000170 2f 91 e8 ae ec b1 a6 29 65 3a 8f af 69 e0 48 00 |/......)e:..i.H.|
+00000180 db 3e 30 bd 7f 4b 82 56 cf f9 5b 5e 74 d7 d5 4b |.>0..K.V..[^t..K|
+00000190 47 4f 22 17 53 fc e6 98 a4 5a 25 ca 7d ca 39 e9 |GO".S....Z%.}.9.|
+000001a0 fe 11 f5 ca 91 e1 25 3c 6d f2 b3 d0 9f ee 88 d2 |......%<m.......|
+000001b0 dd a5 9f 7c a8 33 59 20 62 fd 4e d6 98 4b ef af |...|.3Y b.N..K..|
+000001c0 a6 fa 79 f5 26 90 fe 32 0a 6a e4 40 b9 e5 4d 1a |..y.&..2.j.@..M.|
+000001d0 1f 02 49 4b 1b 6b 31 53 3d 0e 04 98 17 6e 1e 4a |..IK.k1S=....n.J|
+000001e0 a3 8d ba 0e 8f 33 f6 23 41 5f f8 aa 1f 57 b1 7b |.....3.#A_...W.{|
+000001f0 a2 fb c6 7f da b4 56 cf d3 5e 78 de 3c 15 c5 6c |......V..^x.<..l|
+00000200 62 ef 46 c4 a2 c0 fd a6 86 91 fb f2 98 57 cc 82 |b.F..........W..|
+00000210 7e e7 88 1b f4 65 eb df 2a 7c 7a 81 95 e8 3c 0d |~....e..*|z...<.|
+00000220 c1 85 8f 55 49 c0 50 d0 c8 5f e7 32 7c 8c c2 ae |...UI.P.._.2|...|
+00000230 8c af 3f 4c 4f 23 f6 80 0b c1 c3 1c a2 50 6b 37 |..?LO#.......Pk7|
+00000240 38 53 59 66 9c 5a d3 6d 39 59 99 14 79 d5 17 e3 |8SYf.Z.m9Y..y...|
+00000250 89 73 9e fe ed 43 2c 4a 2f 55 c7 c6 9e cf 82 64 |.s...C,J/U.....d|
+00000260 f5 5e 90 88 67 05 7a 00 b1 88 87 9c b2 51 61 1c |.^..g.z......Qa.|
+00000270 c2 8a ea 9f b1 07 0c 17 ed b6 6e cc 4d 14 04 91 |..........n.M...|
+00000280 65 00 3b 8f ae d0 14 64 63 92 bd 3b 14 9c 1d 40 |e.;....dc..;...@|
+00000290 67 01 b1 38 26 86 4d e6 f3 20 ed f5 63 17 fc d0 |g..8&.M.. ..c...|
+000002a0 fb ad 5c 17 c8 d5 18 53 8b 89 70 13 2f 83 6a 3f |..\....S..p./.j?|
+000002b0 4c 57 be 71 43 1d 9f bf eb 30 7e de 7f 17 78 f1 |LW.qC....0~...x.|
+000002c0 af 69 13 9b f3 4a e6 69 4e 30 dc 99 af be 6f ee |.i...J.iN0....o.|
+000002d0 1d d5 39 b4 19 29 ed 5c 58 bc 4a 08 7b 34 90 21 |..9..).\X.J.{4.!|
+000002e0 a5 ae 74 4c 17 95 79 8b 9c ee 47 99 32 f9 7d f2 |..tL..y...G.2.}.|
+000002f0 98 93 ec 12 52 7d 36 cc a7 ca a2 cd fc ce 12 0e |....R}6.........|
+00000300 32 e7 28 69 ce d4 a7 19 56 9f 90 1a d0 af f1 ee |2.(i....V.......|
+00000310 77 a4 29 45 cb 2c ff 1a 90 9d 98 73 65 2a 82 77 |w.)E.,.....se*.w|
+00000320 17 03 03 00 99 76 fe 3b d7 a3 d2 ec a0 28 bd ed |.....v.;.....(..|
+00000330 64 41 ac 1c d0 60 79 29 26 f9 ad a1 2d 79 b6 f0 |dA...`y)&...-y..|
+00000340 cc de 8f c3 92 4a 1e 02 76 7a b4 86 d3 64 b3 a6 |.....J..vz...d..|
+00000350 2d bb d9 92 1e 12 1d e4 96 64 3c 41 7f 11 28 51 |-........d<A..(Q|
+00000360 69 83 64 45 fb a6 2c 34 97 e8 4b e8 48 92 b0 de |i.dE..,4..K.H...|
+00000370 a0 37 8e fa d8 88 29 4c 8e e4 7e 1e d2 c1 b8 f2 |.7....)L..~.....|
+00000380 d3 5c 2f 09 9d e2 0b 4d 64 25 52 dc 77 d2 a4 fc |.\/....Md%R.w...|
+00000390 c3 de 83 3c 04 19 f0 d9 d6 40 bb f1 8b c7 40 b3 |...<.....@....@.|
+000003a0 a9 62 99 4c 64 96 a4 67 a0 6b 7c 09 b3 10 97 e1 |.b.Ld..g.k|.....|
+000003b0 b5 83 9e 7e b4 97 bd b7 f9 70 48 2b aa f6 17 03 |...~.....pH+....|
+000003c0 03 00 35 a6 fc 3f d4 90 93 91 02 e8 0a a6 c1 6f |..5..?.........o|
+000003d0 fa ee e2 6a 41 8d fd ac 53 ae 83 73 e1 d1 17 de |...jA...S..s....|
+000003e0 36 5d db c6 06 98 f9 23 db d9 8a 35 c1 9b bc a5 |6].....#...5....|
+000003f0 f8 a8 8f 70 e2 c8 4e 22 |...p..N"|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 f6 6b cb 4a 37 |..........5.k.J7|
+00000010 3e e2 61 7e 5b ac c5 25 cc 54 a2 6d 4e 7c 37 19 |>.a~[..%.T.mN|7.|
+00000020 ea 21 af df 7b dc 04 2d db 84 ad 06 04 bd 50 f5 |.!..{..-......P.|
+00000030 05 9b 19 01 37 22 d2 6f 06 c2 63 dd 95 e6 ef 45 |....7".o..c....E|
+00000040 17 03 03 00 17 6d 03 e7 38 f9 a4 3c a7 c2 ee 8d |.....m..8..<....|
+00000050 07 49 bd e6 e4 be 3f a3 ec 64 6c 3a 17 03 03 00 |.I....?..dl:....|
+00000060 13 cc a9 19 b1 03 56 99 c1 4c d0 f5 fd 3b e2 dd |......V..L...;..|
+00000070 0e ef a0 20 |... |
diff --git a/src/crypto/tls/testdata/Client-TLSv13-CHACHA20-SHA256 b/src/crypto/tls/testdata/Client-TLSv13-CHACHA20-SHA256
new file mode 100644
index 0000000..98c3c52
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-CHACHA20-SHA256
@@ -0,0 +1,90 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 49 41 93 3b 12 |....z...v..IA.;.|
+00000010 17 ef c7 e6 29 09 70 0e 6b df f7 3d bb 01 9d 27 |....).p.k..=...'|
+00000020 cb 0d 97 6b ce 4c 49 60 3e ff 18 20 00 00 00 00 |...k.LI`>.. ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 03 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 a6 |..+.....3.$... .|
+00000060 16 ca 24 6e e9 b1 38 c9 3c 45 0e 35 98 32 c5 7c |..$n..8.<E.5.2.||
+00000070 87 14 3f ec ae 4d 4a 00 13 40 e6 81 9d 4f 78 14 |..?..MJ..@...Ox.|
+00000080 03 03 00 01 01 17 03 03 00 17 61 33 7b cd 54 2c |..........a3{.T,|
+00000090 a6 a4 0d 2d b8 cf fe 0f 75 1d af cf f3 81 9a 7c |...-....u......||
+000000a0 8c 17 03 03 02 6d 64 52 27 5a 66 dd c4 51 24 a3 |.....mdR'Zf..Q$.|
+000000b0 fb 72 7c 68 ed 79 1c 3d 4d ed a0 18 c9 9e c1 0c |.r|h.y.=M.......|
+000000c0 3c 16 20 18 f5 ce 59 fd bb fa fd 12 a5 de 4a 58 |<. ...Y.......JX|
+000000d0 d0 59 6c d3 9b 1f e9 f0 61 af aa 93 57 07 8d e0 |.Yl.....a...W...|
+000000e0 be d3 3c 9a 01 1e 70 50 b3 30 f5 e5 e2 0b ef b5 |..<...pP.0......|
+000000f0 a6 dc 6a 3c 17 1c 8a 73 db 44 38 11 59 be 87 54 |..j<...s.D8.Y..T|
+00000100 c5 43 4f da c0 93 16 c9 ef 38 22 b8 32 2b e8 22 |.CO......8".2+."|
+00000110 b7 c5 d3 94 70 5e b6 48 89 c0 2b cd 5b 59 f5 6c |....p^.H..+.[Y.l|
+00000120 18 0e 65 6e 23 9e a4 b1 12 38 2b b1 5f 9c c9 4f |..en#....8+._..O|
+00000130 7d 32 d9 50 97 dc 7a 26 e4 ee 00 f9 ed b8 1a 5e |}2.P..z&.......^|
+00000140 8a fe d3 09 3d 67 68 c6 58 e1 f8 3e b3 e0 55 3c |....=gh.X..>..U<|
+00000150 00 77 9a 72 ba fc 13 ad 7a dc 34 0f aa 26 f9 c6 |.w.r....z.4..&..|
+00000160 fe b7 ef 0f e8 d7 46 d0 a7 ee e8 39 4d c1 13 a2 |......F....9M...|
+00000170 5c 00 e2 3e 47 08 71 b7 53 94 38 f6 31 3a 60 a5 |\..>G.q.S.8.1:`.|
+00000180 57 82 4c bc c0 f7 9b c3 4e 00 5e 5e 40 ef ae 61 |W.L.....N.^^@..a|
+00000190 09 37 38 40 b7 93 12 0a 7c 02 22 b9 39 a2 43 e3 |.78@....|.".9.C.|
+000001a0 f3 09 36 a7 2a c9 2b 35 fc 2c fc 1c 82 d0 3f 03 |..6.*.+5.,....?.|
+000001b0 a9 fc bc 53 79 23 5a ce 2d 07 80 5c 2c aa 34 52 |...Sy#Z.-..\,.4R|
+000001c0 9d 71 2d 16 4a f0 09 e6 95 94 2b dd bf d5 9c 84 |.q-.J.....+.....|
+000001d0 79 fc 41 15 a6 68 81 23 7e dc 83 55 b0 a4 a4 1c |y.A..h.#~..U....|
+000001e0 4e 1e 4d 78 6d 62 45 59 1d bb c3 98 d5 0b 3a 8c |N.MxmbEY......:.|
+000001f0 f1 98 49 6b 0f 64 29 d5 38 ad 6a ea 8b 34 29 99 |..Ik.d).8.j..4).|
+00000200 c0 04 ce 5a 4f 74 e8 ec bb 0a a5 cd 23 6d 31 7a |...ZOt......#m1z|
+00000210 d6 6e 1a 74 53 57 59 76 e9 e7 b2 5d 9f 5d 9a 53 |.n.tSWYv...].].S|
+00000220 b0 e6 d1 ad ba 43 b6 40 65 65 3a 04 35 12 e1 f7 |.....C.@ee:.5...|
+00000230 0e 91 f6 0c 1e 74 65 e3 90 ed e6 ec fd 88 99 e8 |.....te.........|
+00000240 20 64 90 33 b9 a9 d8 a2 f0 d7 e8 e0 cf 8d d4 2a | d.3...........*|
+00000250 91 12 44 28 3b 99 69 93 aa 3e b2 3b 6a f0 dc 0a |..D(;.i..>.;j...|
+00000260 8b 2e 7c d9 c0 c7 b7 d6 f2 07 69 81 97 7b d9 6a |..|.......i..{.j|
+00000270 56 c3 6a e5 d5 6a 06 e7 60 b2 72 1c 4f cc 3f 6e |V.j..j..`.r.O.?n|
+00000280 e9 fe 94 79 49 36 a6 5f 6d bf b2 87 a1 59 a3 c4 |...yI6._m....Y..|
+00000290 39 ad 9a ea 57 a5 69 47 f0 9b 60 4a a6 45 e8 70 |9...W.iG..`J.E.p|
+000002a0 6c 6b 1b 17 8a 4e 5e 56 89 40 de 91 c3 8a 05 06 |lk...N^V.@......|
+000002b0 57 9e 68 87 1e 00 c8 08 93 1c f1 57 0f 91 dd 32 |W.h........W...2|
+000002c0 b7 e8 96 99 e3 90 44 5e 7a 68 d8 e0 55 67 80 a0 |......D^zh..Ug..|
+000002d0 e3 bd d5 f7 01 f4 30 58 a7 b4 62 d7 7b 9c 5b 9b |......0X..b.{.[.|
+000002e0 62 20 b6 01 25 1b ff 6f b3 4f bc 41 ae 9c 88 71 |b ..%..o.O.A...q|
+000002f0 51 f5 25 06 44 a1 49 6b 1b db ac 4b 37 41 78 29 |Q.%.D.Ik...K7Ax)|
+00000300 1c c9 33 82 f4 fe d3 0a f9 e0 e8 ca 8c 7b 76 3d |..3..........{v=|
+00000310 8b 3c 3b 17 03 03 00 99 3e 4c 63 66 48 fa 43 7a |.<;.....>LcfH.Cz|
+00000320 4d 4b 8b 95 25 ca 9a e7 cf d8 d6 e2 4d e7 15 07 |MK..%.......M...|
+00000330 d2 cb 07 79 66 63 b5 8f 3a 7d 00 f4 3a 05 b4 ae |...yfc..:}..:...|
+00000340 e6 7e 0e b5 a2 20 ee 0e cc 85 de c2 5d d5 49 32 |.~... ......].I2|
+00000350 83 d8 2a 11 36 36 86 93 46 ac ce 7e b4 4d e6 20 |..*.66..F..~.M. |
+00000360 24 7d 8e c7 37 5f 05 aa 5e a7 de e6 c7 79 88 a7 |$}..7_..^....y..|
+00000370 e7 f7 86 51 07 e0 80 63 76 b2 03 a9 6c c4 86 1a |...Q...cv...l...|
+00000380 8d 98 e7 16 e0 a2 dc 6e 5c 19 d1 98 c4 10 2b 39 |.......n\.....+9|
+00000390 f4 03 b9 0f b5 ab c3 25 18 bf 8c 59 16 7a 06 60 |.......%...Y.z.`|
+000003a0 73 9a 7c 6f d1 1e e1 de 07 23 21 0e 28 c2 fb 19 |s.|o.....#!.(...|
+000003b0 64 17 03 03 00 35 e0 fd 9c 49 88 45 b3 c7 da a3 |d....5...I.E....|
+000003c0 02 ee 8e 0c e0 33 64 01 35 7e aa 31 aa 43 75 64 |.....3d.5~.1.Cud|
+000003d0 30 fc 89 d8 f0 dc 6e 49 68 e8 4e 01 41 0d 31 07 |0.....nIh.N.A.1.|
+000003e0 c4 e1 bd db 83 b1 e6 46 f0 06 56 |.......F..V|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 a3 4c 7d ed 56 |..........5.L}.V|
+00000010 62 f5 7a b9 39 08 02 7f 12 72 c2 de 2f dc 35 a2 |b.z.9....r../.5.|
+00000020 1f d0 8e 1a 7b c2 19 17 93 df 83 84 66 9e 8d 1a |....{.......f...|
+00000030 fa 8c 37 74 04 13 b5 a2 81 7f dc 85 4c 37 f0 f1 |..7t........L7..|
+00000040 17 03 03 00 17 51 47 a8 1b bc 86 62 90 79 8a c7 |.....QG....b.y..|
+00000050 db 2c 99 95 bf 7c d0 27 6c c3 b6 24 17 03 03 00 |.,...|.'l..$....|
+00000060 13 e2 a8 b5 52 61 b0 66 54 50 60 83 78 3d 26 ef |....Ra.fTP`.x=&.|
+00000070 f5 5e 36 58 |.^6X|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
new file mode 100644
index 0000000..6333975
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
@@ -0,0 +1,139 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 9b d5 46 91 59 |....z...v....F.Y|
+00000010 c3 26 be 21 ae 20 5f 26 4f 5f 19 ae 3c fe b9 df |.&.!. _&O_..<...|
+00000020 16 1b 16 45 4b da 4e 08 58 e9 05 20 00 00 00 00 |...EK.N.X.. ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 08 |..+.....3.$... .|
+00000060 7c 10 a4 69 11 21 4e 78 e3 38 76 c1 4a c2 da 5e ||..i.!Nx.8v.J..^|
+00000070 8f 82 b8 4a 32 d8 7c 48 b6 78 e2 61 1d b6 21 14 |...J2.|H.x.a..!.|
+00000080 03 03 00 01 01 17 03 03 00 17 7f ac 84 c7 d4 6a |...............j|
+00000090 fc 73 53 a6 ae 25 f9 ad e4 4c b9 31 71 4f ba b1 |.sS..%...L.1qO..|
+000000a0 55 17 03 03 00 42 61 ac 61 81 87 40 f1 15 d1 7a |U....Ba.a..@...z|
+000000b0 44 ef c0 c8 4a 79 99 f1 16 28 36 4b 31 24 95 b7 |D...Jy...(6K1$..|
+000000c0 38 49 60 00 a9 aa 51 40 91 52 2f 39 20 d1 37 92 |8I`...Q@.R/9 .7.|
+000000d0 cf e1 cb 42 4a 7a 83 27 d3 77 20 4c 3c 22 0b 65 |...BJz.'.w L<".e|
+000000e0 8f ce 2a ec c2 5f 90 b0 17 03 03 02 6d 3a d2 ce |..*.._......m:..|
+000000f0 b7 7b d3 94 d4 33 91 be 81 f1 af 80 e6 3e 28 d5 |.{...3.......>(.|
+00000100 d8 2f 23 08 b6 a6 80 ec b4 bb 2e 85 31 ed 90 46 |./#.........1..F|
+00000110 74 34 90 77 0d d3 51 2d 6e 67 f0 4c 36 7c f2 30 |t4.w..Q-ng.L6|.0|
+00000120 08 86 6e 53 08 01 c5 06 c8 a4 c6 6a c0 32 80 d4 |..nS.......j.2..|
+00000130 0f 05 ff 91 96 a6 75 5f 71 72 be 63 fb 88 dc 5c |......u_qr.c...\|
+00000140 06 06 eb 06 57 94 04 61 11 b5 03 1a 96 a3 c4 10 |....W..a........|
+00000150 7b b9 ee 83 3e 73 42 71 93 52 a3 44 b8 9d fb 8e |{...>sBq.R.D....|
+00000160 5b 5d e4 af 22 0b dc 40 09 34 aa dc 08 d3 e9 54 |[].."..@.4.....T|
+00000170 0a b6 ea 87 33 e6 f5 eb 59 e0 6e c3 24 be 81 b3 |....3...Y.n.$...|
+00000180 93 89 d1 f4 dd 8f ab c9 a4 1f bf ed 58 86 f4 41 |............X..A|
+00000190 de bf 87 2e 1c fb b0 99 f0 ab 4e ec 3e 22 80 78 |..........N.>".x|
+000001a0 45 71 eb 6a f0 0a 89 bf fe 37 e4 1d a6 90 f4 f3 |Eq.j.....7......|
+000001b0 7c 96 26 47 9d 07 53 16 7c 15 b1 8a 60 ec ad 55 ||.&G..S.|...`..U|
+000001c0 e3 50 7c 1f 5f 67 bc 29 b0 c5 12 99 db d9 b2 1f |.P|._g.)........|
+000001d0 6c b6 bc 7d ed 0c d3 76 a0 1d c3 f1 f3 10 9d 63 |l..}...v.......c|
+000001e0 22 fd 66 f4 12 4d 4f 2e 7a 81 6e 9f 55 cb 40 26 |".f..MO.z.n.U.@&|
+000001f0 77 6a 9c 44 5b c2 cf ae 2d de 7c 85 ca 3e f6 c9 |wj.D[...-.|..>..|
+00000200 22 d0 34 f8 36 f2 a4 56 5d dc aa 7d f4 9d 3a e0 |".4.6..V]..}..:.|
+00000210 3e 4a b8 77 be 7e 8c c1 f0 0f 42 e7 54 a3 a0 b7 |>J.w.~....B.T...|
+00000220 76 33 fd 51 8c 2b e8 c3 85 de 0c d3 d7 1a 34 16 |v3.Q.+........4.|
+00000230 41 fb e4 eb fb 0f 8b b2 71 45 a7 3e 8f 82 ac b9 |A.......qE.>....|
+00000240 85 54 6f 5a 66 a0 16 90 00 24 e0 91 6e 7f 11 55 |.ToZf....$..n..U|
+00000250 cb 1a 6f f1 89 b2 a7 23 52 a7 ec 54 cc 0c 51 71 |..o....#R..T..Qq|
+00000260 e8 21 fc b2 ca 90 0d 44 ab 05 18 62 4c 01 41 44 |.!.....D...bL.AD|
+00000270 eb a9 ca 97 31 a8 0f 5f b9 3a d3 18 a0 be a1 cc |....1.._.:......|
+00000280 2f 88 54 b6 c3 8d e7 12 9f 2d 53 62 2e 05 ba 6e |/.T......-Sb...n|
+00000290 9c 75 69 cb 4e 3d 2a 46 20 c0 92 c8 e6 e4 1a 16 |.ui.N=*F .......|
+000002a0 4b 09 7d 02 ec 8e 7f a2 b9 e9 05 32 88 4b be 39 |K.}........2.K.9|
+000002b0 30 c5 f9 ed ca 2a 1d a3 3b fe 18 76 2e f2 51 d4 |0....*..;..v..Q.|
+000002c0 b3 aa 61 67 3b eb 90 9c bb ea 1a 6c 11 7b ba 86 |..ag;......l.{..|
+000002d0 38 f1 cd c7 3c 64 56 f3 ca ff fd b2 14 bf 37 7f |8...<dV.......7.|
+000002e0 88 07 0c 82 49 05 06 50 5d 54 15 33 0a b3 38 a6 |....I..P]T.3..8.|
+000002f0 b8 e1 20 37 42 d6 0e c1 80 f4 37 e2 d7 96 9a 86 |.. 7B.....7.....|
+00000300 d9 87 a0 34 3a a2 e1 15 5f 5d 4b 36 5f 1a e5 8c |...4:..._]K6_...|
+00000310 45 d5 10 10 3d 01 01 49 e1 3f 97 16 8a b6 08 30 |E...=..I.?.....0|
+00000320 e2 80 14 21 a3 d4 90 50 ee f7 37 91 25 c9 8a b3 |...!...P..7.%...|
+00000330 ad 99 15 c1 31 8d 4d 83 4b d0 7a a6 af 9b ed 85 |....1.M.K.z.....|
+00000340 88 be 68 af f0 dc ad 09 ca 9e 56 31 11 ba 0f bd |..h.......V1....|
+00000350 76 d5 58 c4 db ad bc dd 77 b5 17 03 03 00 99 d6 |v.X.....w.......|
+00000360 c8 48 f5 8f e5 40 94 0e 47 da a8 99 05 3c 80 7f |.H...@..G....<..|
+00000370 9d 03 73 06 dc d1 c3 21 23 0a 16 ae 0a bd a7 5b |..s....!#......[|
+00000380 c7 e1 15 44 bd 47 94 ef c0 fb 1e 1b 47 0d b8 c4 |...D.G......G...|
+00000390 e7 34 de b2 7f 75 f4 9e 02 5d 2a 90 68 4e 78 1f |.4...u...]*.hNx.|
+000003a0 2a 06 40 4c f4 cd c7 82 f2 16 db b4 a4 d3 18 1c |*.@L............|
+000003b0 7d ae 8b bc 29 c9 31 d7 ff 32 07 33 c5 0b 79 01 |}...).1..2.3..y.|
+000003c0 c9 91 f7 b1 4b 4a fc f9 f7 17 44 88 93 ad e4 f6 |....KJ....D.....|
+000003d0 21 d5 3d d3 a6 17 1e ac 12 df 41 eb b9 87 b7 bb |!.=.......A.....|
+000003e0 60 b2 7d 98 ed f1 0c 4f 1c 5f 4b 16 7e 02 ba d6 |`.}....O._K.~...|
+000003f0 2d 9c c7 9b 07 fb 46 6a 17 03 03 00 35 0e 95 be |-.....Fj....5...|
+00000400 c4 e1 78 98 78 30 95 a9 65 5b e7 e6 a4 13 47 83 |..x.x0..e[....G.|
+00000410 41 9b 87 bc ab 12 0a 85 33 7c 03 ca 73 3d c2 0f |A.......3|..s=..|
+00000420 75 89 b7 c2 7f b1 1b 57 23 85 0c 74 25 a9 2c 53 |u......W#..t%.,S|
+00000430 12 d5 |..|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 1e e2 06 ae 3e 78 |..............>x|
+00000010 b4 85 1b 44 b7 6d 04 4b 9f 2c ea 23 79 66 d5 7d |...D.m.K.,.#yf.}|
+00000020 c5 39 57 5c 15 49 9a 6e c8 19 1b ed 5d 95 ce 6f |.9W\.I.n....]..o|
+00000030 df 96 3a 16 87 88 c0 25 6a 36 fc 62 05 01 bd c1 |..:....%j6.b....|
+00000040 00 a8 11 da 7f 0e a3 6c 28 26 9f 4a 18 e2 44 b9 |.......l(&.J..D.|
+00000050 aa 71 b2 f6 fa 8b cc 67 c5 29 72 32 cf 78 36 6b |.q.....g.)r2.x6k|
+00000060 22 67 86 ac 71 19 cb 9d 9e 36 7b 03 42 01 e5 4b |"g..q....6{.B..K|
+00000070 4c c0 0d 93 22 51 a6 d3 65 00 87 ef 92 f3 08 33 |L..."Q..e......3|
+00000080 4b e1 18 bc ba 2b 43 90 0f 2f d5 8e 4c 79 9f a7 |K....+C../..Ly..|
+00000090 bd 00 2a b7 89 27 b3 e3 db b7 a7 26 b4 8e 48 6f |..*..'.....&..Ho|
+000000a0 e7 12 55 f0 8e 02 a8 3f 30 d4 22 a4 d0 e3 89 63 |..U....?0."....c|
+000000b0 7d cf c2 46 27 31 8c 10 5f 28 9f 85 fb 02 64 6a |}..F'1.._(....dj|
+000000c0 8d 50 26 e6 73 57 43 53 39 c7 bb 72 4e c2 dd 07 |.P&.sWCS9..rN...|
+000000d0 86 b0 96 30 f5 d8 f0 5a a0 09 1c 42 26 65 50 d1 |...0...Z...B&eP.|
+000000e0 65 1f 97 fd a0 3a c2 ae d6 a4 08 af 5c 9d 30 12 |e....:......\.0.|
+000000f0 fc d8 a2 cd d3 b1 7b de 4b be df 54 aa 31 48 32 |......{.K..T.1H2|
+00000100 7a d2 d5 59 f1 39 bc cd 23 2b ac 17 ff e4 0e ec |z..Y.9..#+......|
+00000110 55 d2 b9 6b a0 30 65 db 5b e9 b4 ab b9 1e dd 3c |U..k.0e.[......<|
+00000120 fd 38 7b 19 7f ea 79 56 90 f8 41 bc 3d 64 0b df |.8{...yV..A.=d..|
+00000130 05 a3 6c b8 14 5f f5 41 4f 3c 6d 46 a3 24 92 22 |..l.._.AO<mF.$."|
+00000140 65 f5 42 52 c7 56 0c 14 e2 3d e4 5c 68 33 91 5e |e.BR.V...=.\h3.^|
+00000150 a2 8e b4 fc d9 2b 8d 2f b9 32 4f 86 b1 6f 58 b2 |.....+./.2O..oX.|
+00000160 ae 55 2d 75 a6 8c 2b f1 2b b6 2b 47 5f 9d b1 71 |.U-u..+.+.+G_..q|
+00000170 64 8d a3 c1 48 29 b5 ef aa d3 10 05 05 9c 73 10 |d...H)........s.|
+00000180 76 b5 c2 3f 5d 91 3f e8 1e b0 f7 62 74 3f 59 ea |v..?].?....bt?Y.|
+00000190 db c8 ac d1 f2 e6 9d bd 08 f3 bf 8a 2a 0c 5a 10 |............*.Z.|
+000001a0 c7 4b ee f3 1a 7d fa 69 4b 5e e5 43 79 07 ce c8 |.K...}.iK^.Cy...|
+000001b0 29 96 e3 4e e6 fb c6 2c cd 2a 78 72 0a 4e c6 44 |)..N...,.*xr.N.D|
+000001c0 53 d7 8b 16 1b 98 4c 39 8f 8f 1a f5 00 0a e5 e8 |S.....L9........|
+000001d0 31 62 d0 fb e5 0e e6 c0 95 6e d6 7c 6e b0 9d 63 |1b.......n.|n..c|
+000001e0 f0 74 38 d5 08 9d d1 b6 62 95 59 bf 6e d2 75 5d |.t8.....b.Y.n.u]|
+000001f0 7a dd f0 11 3c 6f 55 b7 19 91 fc 5b cd e0 8f c6 |z...<oU....[....|
+00000200 28 e4 38 45 1b e3 4d d6 39 96 b3 4a 00 e7 ea 78 |(.8E..M.9..J...x|
+00000210 f7 a1 a7 00 83 04 ba c3 9f f9 21 07 c4 9a fd ed |..........!.....|
+00000220 e9 a0 2a 3b 11 92 80 4e 89 17 03 03 00 a4 fd af |..*;...N........|
+00000230 e1 d4 b1 20 76 34 06 f3 cc 9b 11 3d bc f3 5b e5 |... v4.....=..[.|
+00000240 0f 5f 32 40 6d 16 68 92 12 32 3e cd df e3 9b da |._2@m.h..2>.....|
+00000250 18 9d de 95 a3 d2 00 98 88 90 4d d0 19 a0 47 60 |..........M...G`|
+00000260 6f 1b 36 e4 c0 d8 02 52 b8 0b f4 78 44 8d 72 56 |o.6....R...xD.rV|
+00000270 e4 68 ce c0 cd 71 34 60 6b 6c 8f 22 cb 78 d2 d7 |.h...q4`kl.".x..|
+00000280 fc 89 b9 d6 34 34 c9 f1 44 78 84 36 27 bc 73 0e |....44..Dx.6'.s.|
+00000290 ae 43 72 66 07 e4 6c fd ee da ca 99 a2 25 21 a7 |.Crf..l......%!.|
+000002a0 eb 63 11 21 c4 30 45 b3 82 27 7d 8c 9d 37 86 8d |.c.!.0E..'}..7..|
+000002b0 35 90 5c 13 be 21 fc bd 65 af ec 65 3d c0 9a 1d |5.\..!..e..e=...|
+000002c0 6b 75 38 17 8d d1 92 ba 43 c1 e8 a5 43 f5 0b ab |ku8.....C...C...|
+000002d0 16 4d 17 03 03 00 35 a9 24 2a fd af f5 da 3b ed |.M....5.$*....;.|
+000002e0 d7 15 86 16 c5 e8 bf 95 bc e1 90 fb 0f be f2 3c |...............<|
+000002f0 75 b0 30 1b ce f9 ac f7 97 ae 7e 29 d7 17 aa a4 |u.0.......~)....|
+00000300 ba c3 2a db 1a 7c 5e bc 18 84 6e e0 17 03 03 00 |..*..|^...n.....|
+00000310 17 52 2f 82 87 2d ca 50 2c 51 f6 99 9d 54 5a 68 |.R/..-.P,Q...TZh|
+00000320 38 61 ca 02 81 2c 62 dc 17 03 03 00 13 35 e5 58 |8a...,b......5.X|
+00000330 b4 26 e0 83 2a 8e 61 e9 96 1a cd 1a 6e c9 67 c0 |.&..*.a.....n.g.|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
new file mode 100644
index 0000000..74163f0
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
@@ -0,0 +1,134 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 dd 25 8d f2 41 |....z...v...%..A|
+00000010 0b 2f 7b 80 24 03 af 9d 81 4e fd a8 ae e4 00 ee |./{.$....N......|
+00000020 99 5f 09 05 8b 2a c2 0a 7c 92 ad 20 00 00 00 00 |._...*..|.. ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 fd |..+.....3.$... .|
+00000060 03 d1 75 4e 57 ae b0 cc 43 4f 7e 2b de a8 01 46 |..uNW...CO~+...F|
+00000070 98 c7 f9 8e a5 46 95 68 fa 5e 07 c3 a1 55 5e 14 |.....F.h.^...U^.|
+00000080 03 03 00 01 01 17 03 03 00 17 df 30 a4 ce 8e db |...........0....|
+00000090 20 0d 74 59 0a df 8e 67 23 af 3d 2f 87 8f 31 a0 | .tY...g#.=/..1.|
+000000a0 bf 17 03 03 00 42 0f 0a 20 4e 21 cd d8 01 13 ea |.....B.. N!.....|
+000000b0 74 29 8d e4 a0 1b 6a a5 be 89 03 8d 2b 39 c4 23 |t)....j.....+9.#|
+000000c0 5e b1 f7 4f e4 1f dd ea f8 38 fe 07 89 ca f1 e6 |^..O.....8......|
+000000d0 11 e9 2d 40 ca f1 63 11 ac 29 44 c2 25 18 4d 29 |..-@..c..)D.%.M)|
+000000e0 30 aa cb 35 b4 33 27 8a 17 03 03 02 22 36 fb 97 |0..5.3'....."6..|
+000000f0 fd ba 12 9b e5 19 14 79 2b 78 0e 6c a9 d8 13 a2 |.......y+x.l....|
+00000100 51 d8 c1 4b 53 ac a4 73 cf b1 2d 2c 4d 14 b8 10 |Q..KS..s..-,M...|
+00000110 de 5d 86 81 19 77 19 a0 b4 1b eb 85 f4 dc 21 2f |.]...w........!/|
+00000120 c5 5c 62 44 1b ca f2 91 06 95 14 7a 07 02 1f 98 |.\bD.......z....|
+00000130 0d bc a4 89 7c 96 21 6b 37 1c 47 4a 10 e8 e2 b6 |....|.!k7.GJ....|
+00000140 f9 e2 97 06 a5 88 ad 5c f1 08 28 4b f5 d5 9a a0 |.......\..(K....|
+00000150 51 74 30 ab 9c 52 b0 b9 2d 38 bb 25 b8 6e 71 a7 |Qt0..R..-8.%.nq.|
+00000160 7b c9 76 56 13 e6 60 bf 70 15 11 0c 21 12 cd a1 |{.vV..`.p...!...|
+00000170 b8 e5 3a 49 00 ad 9c 2f e5 2b 1f cc 4e 4f 0b 90 |..:I.../.+..NO..|
+00000180 e1 77 64 5f b5 fc 7b 1c f3 09 cb 0e c4 94 d7 33 |.wd_..{........3|
+00000190 59 5b 8f ae e1 9c e4 f6 83 10 f0 71 5f 17 4b b3 |Y[.........q_.K.|
+000001a0 3f 81 2c 0a 22 c5 f4 6b bd 83 32 37 4a 2a 9a db |?.,."..k..27J*..|
+000001b0 7b 42 c2 c0 7d 13 e0 e7 ea d7 58 a6 b1 20 68 bc |{B..}.....X.. h.|
+000001c0 ba 4e 1a 91 6d dd 11 b9 fc 57 02 4d d4 e8 47 74 |.N..m....W.M..Gt|
+000001d0 9d e1 a0 25 2f d9 7d 21 39 b9 ca 4c ff de 42 8c |...%/.}!9..L..B.|
+000001e0 36 bb 46 79 d3 52 be bc 1c dc 1f e3 6e 18 b8 4e |6.Fy.R......n..N|
+000001f0 b2 47 e6 74 d3 50 fa cf fd 5a c8 33 9a 17 2f 48 |.G.t.P...Z.3../H|
+00000200 e6 20 29 b3 7b e3 de a1 c8 e7 74 f0 ca eb f9 6e |. ).{.....t....n|
+00000210 29 2c 73 17 df 5f 8f ed dc ae 2a a6 37 f2 b7 f7 |),s.._....*.7...|
+00000220 38 da 45 63 cd 2e e6 bf c7 a4 3c 15 c2 89 6f 59 |8.Ec......<...oY|
+00000230 c2 19 29 19 13 4f a4 59 57 f9 da 8c 7d 5a 82 7a |..)..O.YW...}Z.z|
+00000240 9f 79 01 51 94 7c 25 46 7e c2 b2 bf b4 dd c1 e8 |.y.Q.|%F~.......|
+00000250 12 14 3e 77 44 8c 47 8b 9b ab 88 47 5d 12 cd 63 |..>wD.G....G]..c|
+00000260 17 c2 15 29 a3 cf 8c 08 e0 12 f6 36 ff ae a6 72 |...).......6...r|
+00000270 3b 71 4d c7 a2 3b 38 63 be 77 43 67 fb 78 e6 a8 |;qM..;8c.wCg.x..|
+00000280 1d aa 3a 42 f5 47 f8 d4 8d 83 f7 f0 93 ba 90 6d |..:B.G.........m|
+00000290 25 65 e1 49 f5 3e fe e9 76 ea fb 23 38 6f b2 8f |%e.I.>..v..#8o..|
+000002a0 3c 72 d3 fc 85 92 a0 d1 11 7c 6a 0b 0f 31 5d 8b |<r.......|j..1].|
+000002b0 ab 61 bf 8b 06 a5 54 06 ff a0 70 da 38 e0 58 3d |.a....T...p.8.X=|
+000002c0 d1 79 2b d8 ea 93 b2 0f 11 02 24 46 7f 27 e1 22 |.y+.......$F.'."|
+000002d0 42 b2 39 86 c7 08 62 5f d4 18 0b 8b e3 40 80 76 |B.9...b_.....@.v|
+000002e0 f0 ad 86 48 54 52 d8 7a ff da 3a 3a 93 d5 46 b5 |...HTR.z..::..F.|
+000002f0 67 0d 17 b3 43 c2 e3 73 de 49 cf a4 35 b8 17 db |g...C..s.I..5...|
+00000300 ea 2c 8d e8 ba 1f a6 b2 a6 91 26 19 a2 b8 95 17 |.,........&.....|
+00000310 03 03 00 a3 d2 c7 70 d0 6d ab a9 63 7e 35 b4 a4 |......p.m..c~5..|
+00000320 7c 32 ea c9 25 83 88 3d 1a e3 a5 5e b9 7e 60 99 ||2..%..=...^.~`.|
+00000330 23 5e 28 13 61 77 ad e7 74 34 4c c8 60 7a a0 07 |#^(.aw..t4L.`z..|
+00000340 c7 e8 6e cd a2 03 33 62 43 dc 24 e8 1e 43 07 c3 |..n...3bC.$..C..|
+00000350 95 89 26 e4 7c 86 43 26 08 08 bc 62 74 1a d7 50 |..&.|.C&...bt..P|
+00000360 8d 43 e6 2b fe 47 8e 35 4c 09 99 7d 02 cc a8 51 |.C.+.G.5L..}...Q|
+00000370 ae 87 79 5e e1 c9 88 f2 1a 40 74 4b 72 3b b0 07 |..y^.....@tKr;..|
+00000380 0b 4a c2 df b4 ad 7a 07 c2 18 fa 53 4d 3d e7 19 |.J....z....SM=..|
+00000390 54 62 eb d1 da 5e 9f 0d 3a a2 a1 72 a3 aa 77 2b |Tb...^..:..r..w+|
+000003a0 21 59 aa cb a1 f3 4a b6 e5 b2 bb 81 3d 1c c1 9b |!Y....J.....=...|
+000003b0 ef 1b e2 cd 73 67 18 17 03 03 00 35 29 3e 2e 10 |....sg.....5)>..|
+000003c0 4a ba 5a 91 7b d1 b9 0e d1 98 5e 95 4d 1c 7f 77 |J.Z.{.....^.M..w|
+000003d0 6e eb b9 8c 95 ce d4 04 5c 69 8f 7e 48 89 30 2b |n.......\i.~H.0+|
+000003e0 71 27 a3 54 c2 b7 f2 ad 23 7b ee 64 88 a0 0d 75 |q'.T....#{.d...u|
+000003f0 76 |v|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 11 1d fa f6 f0 5f |..............._|
+00000010 36 d9 1a b8 03 4b b5 2e ba ca 43 ea 31 c2 08 05 |6....K....C.1...|
+00000020 e5 a1 55 2e 93 82 3b d5 5a b3 ca fe 11 92 9a 30 |..U...;.Z......0|
+00000030 7e d8 02 b4 95 29 8f 29 ba b5 34 22 97 99 bc a9 |~....).)..4"....|
+00000040 43 1f 18 5c e2 26 7e 2e 5d ff 2c 68 86 82 7c da |C..\.&~.].,h..|.|
+00000050 7e da c5 46 21 69 37 3b f5 65 a4 cd 70 ed e3 c8 |~..F!i7;.e..p...|
+00000060 47 21 88 8d 45 3a 0f c9 1e 37 a9 0a 6e 2e 59 0e |G!..E:...7..n.Y.|
+00000070 1b 6b 08 22 10 81 74 00 0c 15 6f c6 1e a0 2d 60 |.k."..t...o...-`|
+00000080 b1 c6 ec 65 ff 91 16 1a e4 18 86 1b 43 04 dc b1 |...e........C...|
+00000090 a0 f2 1d e8 4e 46 72 84 20 14 75 1e 72 52 1b 46 |....NFr. .u.rR.F|
+000000a0 1f 8a ed 08 c8 e0 07 1b 6d e3 44 68 ec 52 74 d5 |........m.Dh.Rt.|
+000000b0 8d 7f 41 96 b4 77 01 25 0c 1f aa 50 2f 8b d7 1a |..A..w.%...P/...|
+000000c0 77 1b 24 01 0b 1f 0f c2 0f e1 00 db 0a 28 e9 c5 |w.$..........(..|
+000000d0 a7 22 a2 fd c2 98 c5 69 51 91 d4 55 0f 52 da 33 |.".....iQ..U.R.3|
+000000e0 47 f2 34 bd 06 bb 22 53 55 8c 6c e1 95 b5 0f b8 |G.4..."SU.l.....|
+000000f0 e5 8a 64 51 50 47 5d ca 5b 1a 20 22 99 b2 d4 74 |..dQPG].[. "...t|
+00000100 9e 6b 01 44 6b 7c 40 a0 e3 95 eb 96 53 c0 8d c0 |.k.Dk|@.....S...|
+00000110 c1 e1 2b 21 04 f1 64 03 ba 0f d9 34 57 f2 2e 62 |..+!..d....4W..b|
+00000120 5e f6 69 d6 86 3e f0 00 96 ca b7 ed 7d b4 1c 79 |^.i..>......}..y|
+00000130 f3 ea f4 10 79 d2 6d 6e 49 6c e4 32 c1 81 da 9d |....y.mnIl.2....|
+00000140 cc 59 ea 41 3f 1e 62 34 61 6b 0e a4 07 4f ef f7 |.Y.A?.b4ak...O..|
+00000150 a3 31 ee 52 14 60 4c 06 5c 69 49 8e 6a ab e9 94 |.1.R.`L.\iI.j...|
+00000160 bf cc a5 12 b7 94 10 87 2f cc d8 40 b1 f3 a9 27 |......../..@...'|
+00000170 97 5c 7f 85 f9 14 dd e0 66 27 9e 3d f4 eb 75 ab |.\......f'.=..u.|
+00000180 1d 1a c0 c3 72 af 6e 13 bb 24 ac fe f0 fb 47 d0 |....r.n..$....G.|
+00000190 1d 79 37 70 86 d3 43 9b 64 8c d0 f5 2b a8 7a 77 |.y7p..C.d...+.zw|
+000001a0 4a e7 92 a3 bf 1e db 22 5a 40 39 07 76 1c 71 de |J......"Z@9.v.q.|
+000001b0 9c ff 75 b7 0d 6e 3e 14 69 8d 08 e5 f3 24 ae 6a |..u..n>.i....$.j|
+000001c0 61 f3 dd a7 57 52 9e da f1 de aa 07 11 65 41 64 |a...WR.......eAd|
+000001d0 61 57 23 71 47 aa 8e 47 9c 5f 99 84 90 2d 9a fd |aW#qG..G._...-..|
+000001e0 5b 15 27 44 41 5c a0 41 87 05 8a 53 8f ed 93 22 |[.'DA\.A...S..."|
+000001f0 50 15 b4 60 55 c7 78 20 b5 d8 dd 9d 5d 8c 69 bc |P..`U.x ....].i.|
+00000200 74 da d6 a6 a6 86 fe 93 e1 48 48 f2 f0 36 93 86 |t........HH..6..|
+00000210 d6 62 9d 09 3a 19 f7 9d 01 9b 87 85 17 03 03 00 |.b..:...........|
+00000220 99 37 bf 65 e8 18 ef 10 d7 02 e2 73 3f 13 4a 6f |.7.e.......s?.Jo|
+00000230 ea f0 e2 c8 a3 fc a4 3a d2 ea 96 2d 77 cb cc b3 |.......:...-w...|
+00000240 1d 8a 77 4d 97 a6 e9 6e 6e b5 af 67 d1 e4 e6 be |..wM...nn..g....|
+00000250 0b 05 b1 da 15 83 ca af 19 cf 57 60 05 16 47 bd |..........W`..G.|
+00000260 ce 94 f9 bf 48 5c 2c 38 57 57 c3 39 9b 84 19 59 |....H\,8WW.9...Y|
+00000270 db fc 09 06 29 4d e7 71 be d4 86 12 fa 8e 54 e8 |....)M.q......T.|
+00000280 b0 7e 79 56 dc b2 7a 30 08 e2 8b c7 fa 46 ce 84 |.~yV..z0.....F..|
+00000290 d3 3e 6d 1c 8d 4c 5e 76 c7 d2 1d 8b 85 5d be a3 |.>m..L^v.....]..|
+000002a0 1b d8 92 72 6d b1 73 d9 b4 a7 14 00 58 80 79 a9 |...rm.s.....X.y.|
+000002b0 75 55 96 af d9 d2 20 92 ef ca 17 03 03 00 35 b0 |uU.... .......5.|
+000002c0 fe 3f 36 6e 82 b5 d3 7c e9 7b 75 d6 b1 4d f6 7b |.?6n...|.{u..M.{|
+000002d0 d0 10 68 32 9a 7b 04 69 38 bf a2 42 1b 3d 14 75 |..h2.{.i8..B.=.u|
+000002e0 31 00 90 d4 1b b1 bf 5b 76 65 50 42 21 60 75 30 |1......[vePB!`u0|
+000002f0 f9 b8 ee 45 17 03 03 00 17 0b b8 78 9e a2 94 45 |...E.......x...E|
+00000300 47 f4 8e af 08 d0 80 75 09 7b c6 44 45 82 19 30 |G......u.{.DE..0|
+00000310 17 03 03 00 13 0e fb b9 24 58 7c ab 97 b3 6e 2e |........$X|...n.|
+00000320 55 50 ff 05 5d 04 dc 72 |UP..]..r|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled
new file mode 100644
index 0000000..98d718b
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled
@@ -0,0 +1,138 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 e5 55 1c 7e bc |....z...v...U.~.|
+00000010 05 a3 af 8b 02 03 6a 08 34 35 43 9f 35 c1 39 36 |......j.45C.5.96|
+00000020 97 ab d9 4f 77 26 88 31 f8 1c a4 20 00 00 00 00 |...Ow&.1... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 63 |..+.....3.$... c|
+00000060 74 2f 45 26 f4 7c cd d6 cb 8d 9f b5 6b 88 41 ef |t/E&.|......k.A.|
+00000070 f4 cd 00 54 91 29 98 e4 a0 6b 6d b5 2f 39 01 14 |...T.)...km./9..|
+00000080 03 03 00 01 01 17 03 03 00 17 e6 81 13 75 85 fe |.............u..|
+00000090 7d c6 09 24 01 bf 44 78 65 4e 5f d0 37 b9 89 15 |}..$..DxeN_.7...|
+000000a0 98 17 03 03 00 42 88 5c b3 19 ee 62 c0 2d 95 51 |.....B.\...b.-.Q|
+000000b0 fd 88 e0 13 aa 53 e5 5a 45 be 0f 07 6f 46 c8 1b |.....S.ZE...oF..|
+000000c0 a2 b5 2a 7c 46 5f b5 90 46 95 b9 a4 ce 44 a8 a7 |..*|F_..F....D..|
+000000d0 3d 8e ce d2 76 57 44 e0 0e 83 af f3 2f 00 55 cb |=...vWD...../.U.|
+000000e0 1f e7 d2 42 22 6f 78 0c 17 03 03 02 6d 45 f7 95 |...B"ox.....mE..|
+000000f0 68 b9 ad 32 13 34 84 c2 dd 62 a7 f5 18 0f 0b a6 |h..2.4...b......|
+00000100 b8 5c dd 06 69 0d 07 ea 6b ec ad ad a7 13 ea f3 |.\..i...k.......|
+00000110 87 9b 74 a9 53 49 b3 a9 ff f3 eb 71 1b 25 63 8b |..t.SI.....q.%c.|
+00000120 c6 0f 6a 21 bc f1 fb 4b 8e d4 07 6e c6 8e 9f bf |..j!...K...n....|
+00000130 73 eb 1e a5 d7 e4 a1 cd 6e 7e de 45 a2 b4 6f 25 |s.......n~.E..o%|
+00000140 fe c2 a1 84 b8 09 d1 65 90 6d ef 07 ea d0 25 01 |.......e.m....%.|
+00000150 54 f2 8e f8 53 38 1e 35 a9 af be 2a 8d 81 9b 77 |T...S8.5...*...w|
+00000160 38 22 42 b8 56 ea 72 ab c3 ac 9b 17 1a 0b 65 94 |8"B.V.r.......e.|
+00000170 8a 81 6d 83 c6 f4 76 32 ed f7 84 4d ec 17 0e 45 |..m...v2...M...E|
+00000180 74 e8 ba b0 46 92 62 8c 73 07 a8 1f d5 d3 44 d1 |t...F.b.s.....D.|
+00000190 53 21 62 8b 02 c6 20 40 1d f1 75 2b 8a 6a 60 2a |S!b... @..u+.j`*|
+000001a0 ee 04 5f c0 46 6d 74 7a 18 4a e0 ca d4 a6 6a a2 |.._.Fmtz.J....j.|
+000001b0 11 21 20 4a 3e 57 3c 67 ff 61 3d 15 32 14 f2 01 |.! J>W<g.a=.2...|
+000001c0 a2 cc 96 f6 d1 2d 4f ba 67 ed 02 ae a9 08 13 74 |.....-O.g......t|
+000001d0 33 f6 b5 ad e3 e3 ee 0e 65 f6 89 db 80 d4 f5 23 |3.......e......#|
+000001e0 7b 5d 7a af 5f c6 43 b7 87 f6 90 25 5a f0 f6 76 |{]z._.C....%Z..v|
+000001f0 63 9c 93 d0 f3 94 9c 55 f7 e7 8f 2d cb 83 fb a1 |c......U...-....|
+00000200 b3 db 11 d7 f9 f7 4b 66 50 55 64 31 3f fc 97 df |......KfPUd1?...|
+00000210 65 f9 e0 eb a2 5e 4d 9d c7 35 fb 1c 22 79 b1 00 |e....^M..5.."y..|
+00000220 28 e9 54 28 a9 e6 97 e8 33 92 ac 8e f7 c0 82 ac |(.T(....3.......|
+00000230 99 04 f0 f0 cc e7 4f 04 ad fe dc 9f 25 82 93 12 |......O.....%...|
+00000240 64 4a f6 34 da 41 8a f7 a9 3e fe 24 ae be 40 b7 |dJ.4.A...>.$..@.|
+00000250 10 59 17 11 6f 3c 11 8b eb b2 42 e7 d5 b7 ee d2 |.Y..o<....B.....|
+00000260 ae 95 9c 21 48 34 d9 5a 20 95 7c 72 35 05 5e 6c |...!H4.Z .|r5.^l|
+00000270 a2 05 46 30 e6 33 d3 91 ac c8 17 4b b1 15 cc f0 |..F0.3.....K....|
+00000280 af bb 7c 56 e0 5b 25 8e 35 e0 2e 35 91 0d e0 bc |..|V.[%.5..5....|
+00000290 f6 9c 3b 15 f8 96 dc 4e 6c aa 57 c9 f0 1f 55 e2 |..;....Nl.W...U.|
+000002a0 d9 5d 09 71 f9 af 17 69 29 d5 94 8a 5f fa b2 ad |.].q...i)..._...|
+000002b0 1b b9 ce 90 e7 bd 02 1b ad 9d 91 19 7e f3 8f 2d |............~..-|
+000002c0 70 d5 af 2c e7 29 b1 f9 3c 5a 7f 04 6f 73 88 da |p..,.)..<Z..os..|
+000002d0 84 bd d7 ad 01 dd 35 b7 1f 64 79 89 ab cb 21 d1 |......5..dy...!.|
+000002e0 20 c5 71 b7 78 fe 93 c0 41 33 d8 aa a2 ed a4 64 | .q.x...A3.....d|
+000002f0 fb 5b c1 6e 0d 1e f7 ca f6 01 a1 9a fc 82 af 34 |.[.n...........4|
+00000300 e3 45 d8 5a b9 81 e7 e4 c2 26 a7 79 b7 f4 87 9f |.E.Z.....&.y....|
+00000310 2e 16 ab 96 21 e2 5f 1f c9 e0 30 3e 97 27 42 15 |....!._...0>.'B.|
+00000320 6f 13 da a1 b2 b1 43 76 69 eb f1 c6 e2 b5 6c 57 |o.....Cvi.....lW|
+00000330 e0 88 c9 0d 7d 37 1b 0b a0 b7 cd 6b ba 3a 52 55 |....}7.....k.:RU|
+00000340 61 c6 5c 71 ce 1e 69 b9 ea b4 c6 a5 78 c5 b8 b6 |a.\q..i.....x...|
+00000350 4e b1 94 84 a3 d4 31 d9 3b 15 17 03 03 00 99 6c |N.....1.;......l|
+00000360 5d dd 43 24 9d 6e 5d 64 d3 54 30 aa 98 c3 7e 21 |].C$.n]d.T0...~!|
+00000370 05 06 fc 3b eb 52 12 36 6b 2e e1 32 5a 59 30 a7 |...;.R.6k..2ZY0.|
+00000380 b0 bb 52 1a 36 e6 78 20 84 8c cf 0d 90 da c7 88 |..R.6.x ........|
+00000390 c4 2f bc b4 b6 03 1b 34 9b c8 12 db bc 87 95 d3 |./.....4........|
+000003a0 84 4e 41 c1 de 2f 4c 66 d9 13 fc 78 31 05 6c 67 |.NA../Lf...x1.lg|
+000003b0 e3 3d 28 36 0f fe 5f 45 29 d2 1b 4d a5 60 dc f7 |.=(6.._E)..M.`..|
+000003c0 20 74 cf f5 7b 3f f7 58 53 0c 64 7d 3f c6 f1 ac | t..{?.XS.d}?...|
+000003d0 a9 1b 60 d8 ea a5 32 11 23 6d 66 19 70 2b fa ce |..`...2.#mf.p+..|
+000003e0 c8 f6 9d cc 12 83 a1 e1 4b be 98 d3 c2 56 65 34 |........K....Ve4|
+000003f0 73 3a b3 6e d8 2c db 3b 17 03 03 00 35 e6 ce 17 |s:.n.,.;....5...|
+00000400 e5 92 38 9e 00 2d 66 bf a9 e2 13 66 01 af 64 15 |..8..-f....f..d.|
+00000410 8d da 6b f3 a7 f6 5c 76 e1 f4 c4 2f dc 93 c4 3c |..k...\v.../...<|
+00000420 69 5a 30 e5 db 5a b5 0b 98 4e 43 a3 51 ba 41 9d |iZ0..Z...NC.Q.A.|
+00000430 18 c0 |..|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 11 24 0f 0c cc 6a |...........$...j|
+00000010 8e 07 9c d7 f9 84 55 cc 79 a7 c1 c5 fb 6e 29 5e |......U.y....n)^|
+00000020 31 e1 b1 00 c0 c9 a8 94 59 75 f4 b5 86 7c a4 8c |1.......Yu...|..|
+00000030 8d 79 dd 42 45 67 69 f5 fb f0 02 54 f5 8f 1a 86 |.y.BEgi....T....|
+00000040 2f a0 4e 9b 68 e2 69 36 48 cb 8e cc 26 fa 1b 60 |/.N.h.i6H...&..`|
+00000050 c8 f3 b7 7c 36 dd 59 71 a3 f8 9a 7a bc 8a e1 10 |...|6.Yq...z....|
+00000060 8f 6d 69 60 07 b6 62 6d d3 2b fa a4 81 eb ae 3f |.mi`..bm.+.....?|
+00000070 9d 7e 1d d7 d1 89 24 4e 7e 65 4b d2 37 58 b2 56 |.~....$N~eK.7X.V|
+00000080 a1 8e 10 73 44 9c f1 c7 60 97 49 99 e2 82 74 58 |...sD...`.I...tX|
+00000090 e3 1f 41 ec 1d 13 85 f1 95 98 39 cb d1 51 f7 0e |..A.......9..Q..|
+000000a0 fe e4 fa 04 20 1a f2 c5 ae 64 9d eb f8 ff 03 ce |.... ....d......|
+000000b0 ca 12 7c dd a6 b4 2c a3 eb 8e 83 2c cf 77 6b 82 |..|...,....,.wk.|
+000000c0 68 77 58 5d 3e ef 01 0b 78 e9 37 b0 36 9c 62 44 |hwX]>...x.7.6.bD|
+000000d0 88 ae f1 5a d7 93 81 0a 84 cf 4f 3b db 05 41 92 |...Z......O;..A.|
+000000e0 4d 31 3d 06 9e 73 11 43 de 3e ec b8 b0 48 99 84 |M1=..s.C.>...H..|
+000000f0 bc 0c 7c 86 93 03 d5 5f c5 21 34 a5 cc c7 d5 42 |..|...._.!4....B|
+00000100 1d 69 94 53 39 d9 56 07 40 46 44 89 e6 95 8d e9 |.i.S9.V.@FD.....|
+00000110 ca 6d f0 e0 2a 22 70 bc e7 7f 8e 15 0c 56 51 e3 |.m..*"p......VQ.|
+00000120 46 5c b9 66 c5 8b 07 d3 f0 bb 84 fe 71 d6 a2 90 |F\.f........q...|
+00000130 d9 ec 46 00 82 10 38 9c 8f 35 e5 48 d8 82 7f 65 |..F...8..5.H...e|
+00000140 68 f5 42 48 74 6b 29 79 f3 32 b6 a1 aa 42 73 e3 |h.BHtk)y.2...Bs.|
+00000150 c3 f6 fc 76 9e 32 59 26 a6 75 4a dc 65 23 73 10 |...v.2Y&.uJ.e#s.|
+00000160 35 79 a5 41 7b 72 d5 cd 33 1f 7d 98 b3 39 4b f6 |5y.A{r..3.}..9K.|
+00000170 e8 09 ed d6 62 a0 48 b5 76 47 2e 7e 1a 5d 75 6d |....b.H.vG.~.]um|
+00000180 c2 98 22 17 b1 8f 2e a5 a2 b3 b3 5e d9 89 c5 a0 |.."........^....|
+00000190 46 2a ac af 20 66 e9 f3 02 84 26 51 c0 0a 2e 0c |F*.. f....&Q....|
+000001a0 d3 90 3c 9f 19 3f 25 3e 7d 3a 38 6f f3 ce 2f c4 |..<..?%>}:8o../.|
+000001b0 7b 84 e4 d5 c2 c8 90 54 6d 2c 59 70 34 44 53 25 |{......Tm,Yp4DS%|
+000001c0 ee ee d6 7e 13 30 1e 09 ff f2 79 bd 7c a1 af a9 |...~.0....y.|...|
+000001d0 a9 7b 51 6a d8 17 41 22 f5 d0 5d 84 00 a7 5f 1a |.{Qj..A"..]..._.|
+000001e0 b6 15 98 de f4 bd cd fe 70 38 5c 0f 44 60 5a 7d |........p8\.D`Z}|
+000001f0 be df 6e 56 bb 83 0b 10 fa 5d 3a 2c 9e 4a 00 7f |..nV.....]:,.J..|
+00000200 ec f4 42 52 52 95 5e e1 bd cc cf a0 45 c2 79 2c |..BRR.^.....E.y,|
+00000210 10 4d 14 35 ad bd 18 d4 b1 aa 09 65 17 03 03 00 |.M.5.......e....|
+00000220 99 a4 2c 7a c2 25 ba 3b a2 84 1f e8 a0 d1 5c c4 |..,z.%.;......\.|
+00000230 bb c6 f8 fc eb 19 3e f5 e6 53 9f c3 35 d3 7a 00 |......>..S..5.z.|
+00000240 68 e1 e0 2f 73 75 d7 2d df 44 aa 34 43 bf 66 c1 |h../su.-.D.4C.f.|
+00000250 31 0d e6 86 f8 71 6b 71 ac 89 c5 26 cf d9 1e 43 |1....qkq...&...C|
+00000260 33 c3 48 68 e0 4d f5 d5 69 ff fc 02 47 cc 91 41 |3.Hh.M..i...G..A|
+00000270 83 41 58 04 2a 02 53 3c 3b 0a 4c 18 16 00 fd e8 |.AX.*.S<;.L.....|
+00000280 64 54 0d 34 a1 3d a5 4b bd c2 54 17 c3 5a 82 7a |dT.4.=.K..T..Z.z|
+00000290 55 5d a9 57 63 62 ef 8b 3a 75 f2 cd 34 ef d6 30 |U].Wcb..:u..4..0|
+000002a0 08 7f 03 0b c3 eb 29 94 88 11 38 42 40 6f bf cc |......)...8B@o..|
+000002b0 d4 01 3f 8a 90 11 f9 da fd 9e 17 03 03 00 35 7d |..?...........5}|
+000002c0 2d 12 d7 58 d0 76 43 25 d1 8d 5c 5c b1 7f fa 48 |-..X.vC%..\\...H|
+000002d0 a9 21 48 02 64 76 91 6c 79 7e b9 22 33 f7 32 cb |.!H.dv.ly~."3.2.|
+000002e0 50 22 78 02 96 4e 2d f6 09 68 06 8e 44 e6 fd 7f |P"x..N-..h..D...|
+000002f0 cf 0a 7e a3 17 03 03 00 17 84 cd d8 f2 e2 38 2e |..~...........8.|
+00000300 57 e5 47 76 48 50 34 9e 65 d4 c6 1d 7d b3 4e 91 |W.GvHP4.e...}.N.|
+00000310 17 03 03 00 13 e5 05 98 5b 87 5d db ae 89 38 2c |........[.]...8,|
+00000320 35 89 31 14 73 cd 16 54 |5.1.s..T|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
new file mode 100644
index 0000000..d2092ba
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
@@ -0,0 +1,136 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 01 26 b2 48 f5 |....z...v...&.H.|
+00000010 b7 cc 24 54 75 e5 9d cd 17 e1 02 e4 2d e1 32 28 |..$Tu.......-.2(|
+00000020 4e 19 1e 6d 8a 1e 3f 0e 37 3c 5f 20 00 00 00 00 |N..m..?.7<_ ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 67 |..+.....3.$... g|
+00000060 35 32 50 33 37 9b 04 46 e4 7d 40 53 9d 3b c3 53 |52P37..F.}@S.;.S|
+00000070 6d 16 d3 7a 95 ec 2b 09 37 ff 01 55 60 9c 53 14 |m..z..+.7..U`.S.|
+00000080 03 03 00 01 01 17 03 03 00 17 b9 d8 da 19 0a e9 |................|
+00000090 37 9a 76 b8 b1 e6 38 27 83 aa 0a 3a d5 cc 9a 25 |7.v...8'...:...%|
+000000a0 1c 17 03 03 00 20 17 a1 70 92 5e 78 bf 9f e3 0c |..... ..p.^x....|
+000000b0 cc e8 a3 6d c9 ba 77 e1 b5 0c 4b 1e 84 08 04 33 |...m..w...K....3|
+000000c0 88 a3 05 4a e2 6a 17 03 03 02 7a f0 39 57 69 59 |...J.j....z.9WiY|
+000000d0 dd 3d b1 be 1a 06 fc 7b 21 a1 7a cb b9 6e f6 ce |.=.....{!.z..n..|
+000000e0 62 13 c8 b6 b3 85 b2 93 22 ab 5c f2 32 a2 af 32 |b.......".\.2..2|
+000000f0 42 d1 c0 94 08 f4 ba 1f bb d9 16 f7 2b 40 8d dd |B...........+@..|
+00000100 43 a2 80 0e 3a e4 ff 2d a3 18 59 b4 08 88 46 bf |C...:..-..Y...F.|
+00000110 bb 46 58 82 b2 db 98 c0 9f 3a f8 c4 71 f0 87 ac |.FX......:..q...|
+00000120 c5 ee 30 ea c4 b2 63 ee d0 cb 17 06 5c 80 19 3a |..0...c.....\..:|
+00000130 bc f8 07 a1 e8 47 b4 b2 77 e0 14 ea 5d 16 c1 31 |.....G..w...]..1|
+00000140 e6 34 bc 50 92 1a e8 9f e5 e9 0d 60 af 00 ad 9b |.4.P.......`....|
+00000150 e3 10 bc 64 bd d4 c0 35 e8 26 67 df fb 3d d4 e8 |...d...5.&g..=..|
+00000160 11 f2 24 13 d9 fb 68 5d 69 ce 23 98 07 e8 4a 4a |..$...h]i.#...JJ|
+00000170 d9 d1 a7 b1 63 e1 01 08 ae e5 d1 57 1c e6 9a 5a |....c......W...Z|
+00000180 ac 4a f8 f7 9a 33 51 d1 3b 68 42 1a 0d e0 08 f3 |.J...3Q.;hB.....|
+00000190 a1 ea 83 5c 8f 95 7f ee bb 45 e3 72 72 2c a0 39 |...\.....E.rr,.9|
+000001a0 86 f1 e0 58 6c 82 01 b0 3c 17 09 82 f3 d9 99 0c |...Xl...<.......|
+000001b0 24 33 7d 50 b0 b7 84 3e 9b 91 a8 1f 91 02 95 aa |$3}P...>........|
+000001c0 44 b6 de 0e 35 e1 b7 f6 ca 73 f8 6f f4 5a 21 db |D...5....s.o.Z!.|
+000001d0 d6 f8 04 88 4e d6 04 7c 67 93 22 9a ff d0 0e 79 |....N..|g."....y|
+000001e0 e6 cb b2 03 b9 f2 46 27 a3 1a 89 2e 8f 46 4f c5 |......F'.....FO.|
+000001f0 4a ad 09 e7 79 38 a4 84 43 19 c9 1f 62 a0 5a 4a |J...y8..C...b.ZJ|
+00000200 fa e4 98 14 e7 34 a6 3f 07 93 ab 6a fb 1c 3e 1f |.....4.?...j..>.|
+00000210 a2 82 0a 42 43 d7 ef e7 aa fa 42 e0 be a1 dd 4e |...BC.....B....N|
+00000220 2e 9e 49 da 81 da bc 5f 40 fa f8 00 99 19 d0 13 |..I...._@.......|
+00000230 50 77 8b c5 69 f0 ec 7c bd 2d 9e c5 66 16 56 ca |Pw..i..|.-..f.V.|
+00000240 bd 51 67 7b 87 5e 1f 4d 21 05 30 72 ac a8 ab 13 |.Qg{.^.M!.0r....|
+00000250 12 dd 4c f7 e0 cc 95 c3 3e f0 94 95 40 ea c5 f1 |..L.....>...@...|
+00000260 31 f9 53 32 40 64 5f c8 29 52 7a d6 22 5c 2d e8 |1.S2@d_.)Rz."\-.|
+00000270 f9 eb f8 b9 e6 66 09 48 ad ed 73 6a 42 bc a8 7c |.....f.H..sjB..||
+00000280 d6 f9 62 45 25 f6 bf 8a 56 13 b4 50 cb 1b 5e 8b |..bE%...V..P..^.|
+00000290 92 f3 9d 50 fc 7d 3c e4 b1 55 ae b2 3f 6a a8 a2 |...P.}<..U..?j..|
+000002a0 f1 dd 83 9a 97 0e 3f 93 a9 6d 94 e5 cc a9 53 14 |......?..m....S.|
+000002b0 24 44 80 28 a2 6a 21 57 07 63 96 78 3f 05 40 7d |$D.(.j!W.c.x?.@}|
+000002c0 be 83 b2 b8 b3 0a 58 a7 50 29 dc bb b1 7f c6 c7 |......X.P)......|
+000002d0 4b 5a ff 95 4a c8 50 0b 8e 44 ec 9b 0f 95 ac 8f |KZ..J.P..D......|
+000002e0 f9 b3 19 d0 aa a6 67 f8 ce dc 67 34 0e c9 98 98 |......g...g4....|
+000002f0 82 b1 54 4a a0 0e 02 d7 02 d3 36 06 4d 51 6f e4 |..TJ......6.MQo.|
+00000300 f5 68 ff 4d 8f 00 94 a6 6b 6c 33 41 31 1a 9e 2c |.h.M....kl3A1..,|
+00000310 f5 df 4a 43 b7 00 01 5b 6e 59 af 9c 9f bb c5 37 |..JC...[nY.....7|
+00000320 22 32 35 25 bf 69 0a 9d 75 7e aa 19 b9 4e b1 17 |"25%.i..u~...N..|
+00000330 cb f8 b5 8f 0f 81 9c df b1 ce a0 5b f2 ed df 20 |...........[... |
+00000340 5a bd 8a 88 b1 17 03 03 00 99 15 09 f2 8d 63 c0 |Z.............c.|
+00000350 f2 00 9f e8 1a d3 0f cc 35 0b ce eb 3c 45 87 59 |........5...<E.Y|
+00000360 d9 8f f1 59 08 00 2f 6f 67 78 30 b4 cc f9 bb 7c |...Y../ogx0....||
+00000370 ef ab 74 f5 23 fb 3d d3 95 98 2a 39 31 8b a9 88 |..t.#.=...*91...|
+00000380 12 18 36 c7 aa 7c 5c bf 16 44 b5 69 ff e4 91 96 |..6..|\..D.i....|
+00000390 c8 f9 c0 3b d2 50 18 18 21 d1 6a 36 12 2d 8c 08 |...;.P..!.j6.-..|
+000003a0 40 64 c2 cd b0 ee 73 31 ac f3 18 9f c6 d0 23 b7 |@d....s1......#.|
+000003b0 c1 bf 99 a6 62 d6 b8 6c 0e 96 2a 99 fe aa 58 60 |....b..l..*...X`|
+000003c0 3c c7 60 d6 05 64 6b 68 62 62 38 13 1e fc a9 4f |<.`..dkhbb8....O|
+000003d0 ad e9 99 4e 7f b0 70 7d 38 79 d9 c7 d5 39 84 a8 |...N..p}8y...9..|
+000003e0 4e 63 66 17 03 03 00 35 fd 5c 31 7d ad c3 bf a2 |Ncf....5.\1}....|
+000003f0 a9 d8 15 8f aa 72 e9 db f4 4c e7 19 e0 ca 98 65 |.....r...L.....e|
+00000400 8f 0e ac d9 e9 12 c7 37 cf 6e 0e 68 64 6e cd 29 |.......7.n.hdn.)|
+00000410 94 05 63 79 9c c6 c7 17 5a 26 c1 6f 3b |..cy....Z&.o;|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 11 7e e6 cb d5 bf |...........~....|
+00000010 e1 5f 0a a5 6f 08 47 a4 27 a0 a0 2d 8e 6b 56 c6 |._..o.G.'..-.kV.|
+00000020 2e d4 7d 3d 83 f0 25 31 59 9d e5 61 a0 95 21 2e |..}=..%1Y..a..!.|
+00000030 f8 39 8c 16 4b 6e d9 e0 19 23 05 b0 6c 89 2c f2 |.9..Kn...#..l.,.|
+00000040 e2 60 fb 83 99 2b 33 37 38 b0 85 67 cf 91 5f 22 |.`...+378..g.._"|
+00000050 32 8b 10 f6 0b 2b 0d 4a 18 32 e7 41 fc 07 58 54 |2....+.J.2.A..XT|
+00000060 d1 e2 6e da bb f7 4a 45 60 34 02 01 95 5e b3 4f |..n...JE`4...^.O|
+00000070 0a df 33 d6 07 06 fc 20 5a 97 2f b8 bf 66 23 40 |..3.... Z./..f#@|
+00000080 32 24 0d f5 c8 a2 aa e4 6a 85 21 d5 a3 95 a8 3b |2$......j.!....;|
+00000090 8f 6a 43 5c 96 64 80 ef 04 ed a4 10 2f e4 a8 8d |.jC\.d....../...|
+000000a0 ff fb 77 53 28 30 cd ca df 8e 25 08 51 ee 56 b8 |..wS(0....%.Q.V.|
+000000b0 3a ae 2f 27 a4 4a 71 9e 77 cc 70 af 62 d1 a7 2f |:./'.Jq.w.p.b../|
+000000c0 2b 2f 98 2f e5 62 b5 3b 65 b6 2e a5 a5 19 1f c2 |+/./.b.;e.......|
+000000d0 a9 ef d8 2a 95 25 fc 10 32 31 da 29 bf 7e 58 d0 |...*.%..21.).~X.|
+000000e0 b5 2f 62 bf ed 57 c8 b4 55 85 29 66 07 52 6f 25 |./b..W..U.)f.Ro%|
+000000f0 02 2b 98 22 a5 e8 41 50 de f5 e3 e9 ce 60 f2 af |.+."..AP.....`..|
+00000100 b3 c8 80 f1 27 2a 04 7a 1f 3b 13 0f 76 ec 6a 74 |....'*.z.;..v.jt|
+00000110 ad a9 8f e9 0d 67 9d 1c a3 54 b3 14 a0 5c 36 80 |.....g...T...\6.|
+00000120 a7 be 7f 2b d1 89 c0 19 3f 25 c6 7a fd 04 44 c2 |...+....?%.z..D.|
+00000130 18 75 a9 44 7b cc 20 2b f3 6a 9a e1 cc 4f aa 76 |.u.D{. +.j...O.v|
+00000140 e2 0a 45 75 81 0d d7 72 a1 e7 b2 82 02 77 45 e9 |..Eu...r.....wE.|
+00000150 f8 07 93 8b e5 79 c2 06 65 52 a5 0e 13 73 a7 f6 |.....y..eR...s..|
+00000160 be 85 5c 00 af 90 ed 83 3f b4 53 68 cf 0b b9 a6 |..\.....?.Sh....|
+00000170 06 43 3c 7a 15 6a b1 74 be af 70 3b fa 70 f3 4b |.C<z.j.t..p;.p.K|
+00000180 d6 f7 92 8a 46 3d 46 f3 27 8b 74 6d c7 9f f4 64 |....F=F.'.tm...d|
+00000190 9b de b3 f7 1d 81 ab 8c ca 97 fd e1 99 25 23 9f |.............%#.|
+000001a0 54 15 fa a9 fb ab ba dd a0 c1 b0 ad b9 4d b3 d6 |T............M..|
+000001b0 82 a1 85 06 d2 11 ff ce 03 e3 26 67 67 0e 59 17 |..........&gg.Y.|
+000001c0 ec f1 10 51 c6 26 6d ef de e1 38 41 a0 2c 40 64 |...Q.&m...8A.,@d|
+000001d0 76 cf f7 2c 86 1f 26 4b 97 26 3c 10 cd dc 3f 3d |v..,..&K.&<...?=|
+000001e0 27 92 50 ee d1 aa da 08 2f 01 c8 1c af 1d 39 02 |'.P...../.....9.|
+000001f0 c1 f1 17 19 64 35 70 81 9b f6 74 ec 50 42 95 ad |....d5p...t.PB..|
+00000200 a0 72 52 67 cd 95 30 2f c8 ad 47 11 fe 2e 60 20 |.rRg..0/..G...` |
+00000210 2c ea d5 eb 2c a2 82 6b 18 82 95 1e 17 03 03 00 |,...,..k........|
+00000220 99 7f 6a 21 64 26 3c 38 a6 39 72 58 a3 22 3d 69 |..j!d&<8.9rX."=i|
+00000230 89 1c 3d c6 79 4d 1a 92 44 4f ce 25 09 bb 8a c7 |..=.yM..DO.%....|
+00000240 ef 0c 61 85 1f 1a 0d 21 4b bd 8a 1f f9 ee 92 af |..a....!K.......|
+00000250 78 7f 6f 3b 1b 26 09 fe b7 fe c0 49 2a ac bf 13 |x.o;.&.....I*...|
+00000260 c3 73 b1 c4 69 bc 4c e6 b6 b5 cd 0c 69 18 57 b8 |.s..i.L.....i.W.|
+00000270 77 5a 21 8c 99 ad 09 14 26 93 fd 2e 60 03 ba 1e |wZ!.....&...`...|
+00000280 d1 45 db c6 c9 ce c1 5c 06 67 66 68 b5 e8 43 2f |.E.....\.gfh..C/|
+00000290 f8 ae 73 16 8a 90 75 f2 0d bc f2 6b d1 9d 99 f4 |..s...u....k....|
+000002a0 82 53 4a 54 4f 68 44 53 24 7f b3 b4 c1 4a 5d a0 |.SJTOhDS$....J].|
+000002b0 93 7a 40 12 c0 68 68 15 86 a9 17 03 03 00 35 8e |.z@..hh.......5.|
+000002c0 86 f7 bc 9e 4e 4f 7c 69 fc 40 be 1e 71 05 42 99 |....NO|i.@..q.B.|
+000002d0 95 04 c0 a8 91 ce b8 e4 90 b9 4a 3a 3b d4 3c 27 |..........J:;.<'|
+000002e0 7b 37 27 80 17 bf 52 17 59 00 8c 67 f1 28 55 f3 |{7'...R.Y..g.(U.|
+000002f0 75 60 1e 25 17 03 03 00 17 0a 37 72 c3 59 07 9b |u`.%......7r.Y..|
+00000300 5e 22 ec 33 fa 96 3e d2 c5 b7 87 7b 45 e1 52 24 |^".3..>....{E.R$|
+00000310 17 03 03 00 13 3b 43 97 33 75 c2 b6 9a f7 cd 96 |.....;C.3u......|
+00000320 e3 67 b7 2d cf ac d8 0a |.g.-....|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ECDSA b/src/crypto/tls/testdata/Client-TLSv13-ECDSA
new file mode 100644
index 0000000..96c8e8c
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ECDSA
@@ -0,0 +1,86 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 05 cf 30 74 87 |....z...v....0t.|
+00000010 37 6e f2 12 86 19 bd ec 54 21 42 4c 2d 1a 71 4f |7n......T!BL-.qO|
+00000020 fe de 90 2b a0 c4 73 d1 3e 57 40 20 00 00 00 00 |...+..s.>W@ ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 16 |..+.....3.$... .|
+00000060 4c 6f 4f d1 32 2e 2e b5 4c 48 29 0f cb 65 23 b2 |LoO.2...LH)..e#.|
+00000070 ab 2e 41 d8 c4 70 30 88 4f a1 d9 bb 52 e8 35 14 |..A..p0.O...R.5.|
+00000080 03 03 00 01 01 17 03 03 00 17 a7 86 3a 06 dc db |............:...|
+00000090 c6 bc d5 8e 55 0f 93 b5 fc f4 d4 17 40 dc 3e d7 |....U.......@.>.|
+000000a0 16 17 03 03 02 22 b3 07 3f ab 52 ac c4 0d 50 75 |....."..?.R...Pu|
+000000b0 18 37 a5 f5 4b ba e7 e7 c0 30 3c b4 3f e4 11 2d |.7..K....0<.?..-|
+000000c0 d1 33 07 a7 9d 41 47 61 40 ec db bb dd 7c 89 7b |.3...AGa@....|.{|
+000000d0 e4 3e db 5a 30 c6 a3 74 7c 7a b1 53 d2 0a 48 65 |.>.Z0..t|z.S..He|
+000000e0 2c f6 d9 ca b4 f4 88 d2 d8 7e a6 ce b0 30 c6 32 |,........~...0.2|
+000000f0 36 fa 73 b2 0e 39 8e d5 af 41 ab 88 8c 3d d1 56 |6.s..9...A...=.V|
+00000100 2e 7b 7d 93 77 c6 51 66 d6 ed 20 52 a9 b1 98 ae |.{}.w.Qf.. R....|
+00000110 c9 04 a5 1a 97 36 91 b9 38 39 7c 7c 8c bb 0f 37 |.....6..89||...7|
+00000120 e2 37 9c c0 49 fb a7 59 7d f2 0f 97 ee 15 9c e9 |.7..I..Y}.......|
+00000130 5a 9b 6d fd 7e 36 61 fb 30 69 ea 2f e8 37 70 b0 |Z.m.~6a.0i./.7p.|
+00000140 b5 65 1c 05 25 7a 32 36 6e 24 c9 e2 ca 6c c2 82 |.e..%z26n$...l..|
+00000150 d0 5b 1f 85 ba 1b f0 b2 49 71 2a bd 8d ae 16 95 |.[......Iq*.....|
+00000160 2c b9 ab ce f1 05 47 59 e5 65 02 57 34 85 df 26 |,.....GY.e.W4..&|
+00000170 cf 97 94 29 09 4d aa a6 dd 18 ef 9d 15 38 10 90 |...).M.......8..|
+00000180 ea a3 76 b7 25 c8 9c cd b6 1e 88 a6 4e b8 b1 34 |..v.%.......N..4|
+00000190 70 1f 7b a1 83 e2 2e 3f d8 e8 f2 2e 74 f1 93 bc |p.{....?....t...|
+000001a0 ee 80 8a c3 d0 e0 d2 7a 16 5a 97 a5 57 1c c6 37 |.......z.Z..W..7|
+000001b0 ba 8a cd 07 8f ca 93 3a d7 57 82 be 69 1d 83 5e |.......:.W..i..^|
+000001c0 62 0e 65 f3 7f 3b 28 8f 51 f0 96 da 55 4c f5 55 |b.e..;(.Q...UL.U|
+000001d0 60 59 7c c4 61 1f 1d 50 38 09 e0 7b 90 ed b9 35 |`Y|.a..P8..{...5|
+000001e0 4d 70 37 f8 c8 59 09 9e 77 02 27 cc 5a cc 7c 8d |Mp7..Y..w.'.Z.|.|
+000001f0 a8 cc 83 9d 3d dc e1 85 89 98 65 e9 aa 16 f9 e9 |....=.....e.....|
+00000200 85 f9 ec 6d 28 8d 20 4b 33 01 2f df fb 7d 6c 6e |...m(. K3./..}ln|
+00000210 b8 28 d4 2e 72 1d af 66 15 1a ff ba bc 68 31 cb |.(..r..f.....h1.|
+00000220 3e c8 62 d3 3e fd e8 ce 90 bc 30 36 31 e2 6d 47 |>.b.>.....061.mG|
+00000230 06 d4 df ad e8 51 3d 61 b7 8f b6 16 d5 e1 81 ff |.....Q=a........|
+00000240 c7 ad 99 04 e1 af d0 a8 37 5e 57 44 93 7b e0 6d |........7^WD.{.m|
+00000250 c2 23 f2 b7 7d 14 41 c6 ab 17 c8 3b de 48 20 73 |.#..}.A....;.H s|
+00000260 78 78 78 4a c4 1f ea 55 11 6e dc 55 48 5d 9b f1 |xxxJ...U.n.UH]..|
+00000270 33 84 17 35 cc b9 8d d4 6e 86 87 f1 c3 ab 31 46 |3..5....n.....1F|
+00000280 79 39 5f 41 19 40 7b 54 44 79 21 25 06 a1 ca 36 |y9_A.@{TDy!%...6|
+00000290 e0 9f d6 70 7c 3f 9f 5c 17 29 cc a3 ed a2 cd 6f |...p|?.\.).....o|
+000002a0 12 19 d9 89 aa a1 fa 51 53 98 9f 34 d2 75 12 22 |.......QS..4.u."|
+000002b0 ea 63 85 3c 32 c8 cb e2 74 15 13 55 61 a1 80 1f |.c.<2...t..Ua...|
+000002c0 85 5e 45 95 9c 92 4a 8d 17 03 03 00 a4 e8 50 d5 |.^E...J.......P.|
+000002d0 71 f4 21 a6 79 63 11 6a 8e 5e 3e 5d 96 63 4e 42 |q.!.yc.j.^>].cNB|
+000002e0 08 27 34 b7 4c 36 8a fe b1 ed f2 f1 3c 72 00 99 |.'4.L6......<r..|
+000002f0 c6 09 9b 19 9c 96 e9 41 7f 09 89 17 ff 48 db 94 |.......A.....H..|
+00000300 f6 17 55 ef b0 48 34 a2 b7 14 b9 e6 b6 74 21 e1 |..U..H4......t!.|
+00000310 48 e2 ed 17 27 b9 93 55 1f b7 84 3a 18 e1 19 16 |H...'..U...:....|
+00000320 4f 5d be d0 59 39 90 be 94 74 e0 ad 79 84 31 01 |O]..Y9...t..y.1.|
+00000330 ab bc f2 34 39 cd 34 e8 f5 a0 00 94 75 0a 3d 78 |...49.4.....u.=x|
+00000340 f7 a2 9b eb ac 0e 5d 1a ba c1 be 4f 1c 60 65 0d |......]....O.`e.|
+00000350 2c a2 9c 99 66 d8 31 a0 02 ce bd 27 99 9c e3 48 |,...f.1....'...H|
+00000360 0a 1f 8c 65 24 a9 b6 de bf d2 e7 66 fe 43 d3 8d |...e$......f.C..|
+00000370 ea 17 03 03 00 35 d1 19 b3 a5 0c 0e 63 4d 32 bf |.....5......cM2.|
+00000380 49 85 97 14 ac 78 ab e7 cc 59 48 96 d2 3c 66 0f |I....x...YH..<f.|
+00000390 5e a2 a9 30 2a 3e 97 44 ab c0 68 1a 53 f9 71 41 |^..0*>.D..h.S.qA|
+000003a0 61 17 e3 da 92 ff 5a 8f 21 06 f5 |a.....Z.!..|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 a3 d4 49 e5 82 |..........5..I..|
+00000010 8d 09 1b 33 8a 0d 9b 4f 8d a8 95 66 0e 50 e0 85 |...3...O...f.P..|
+00000020 a7 0d f2 09 f6 05 44 f5 59 c3 48 92 9d 80 a7 db |......D.Y.H.....|
+00000030 d0 18 7e 7b 5c fa 31 bf c5 94 71 60 cf 0c d1 c7 |..~{\.1...q`....|
+00000040 17 03 03 00 17 f7 61 d6 c4 fa 7f 34 e7 cf cb b0 |......a....4....|
+00000050 9f 5d 13 25 8c 75 6c 1a 87 91 44 84 17 03 03 00 |.].%.ul...D.....|
+00000060 13 89 68 71 8d be 27 8e 31 f5 ca 7a 4e c5 b6 38 |..hq..'.1..zN..8|
+00000070 b2 68 b8 0d |.h..|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-ExportKeyingMaterial b/src/crypto/tls/testdata/Client-TLSv13-ExportKeyingMaterial
new file mode 100644
index 0000000..a30a262
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-ExportKeyingMaterial
@@ -0,0 +1,90 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 fe a9 2f 00 0c |....z...v..../..|
+00000010 0b 91 a0 86 1d 9b 21 19 35 a1 07 9e 36 1d d2 82 |......!.5...6...|
+00000020 51 b7 d2 3e a6 42 ce 6f 86 e9 69 20 00 00 00 00 |Q..>.B.o..i ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 20 |..+.....3.$... |
+00000060 8c d2 dd d7 17 cc 15 f7 0b dc 75 48 d0 82 54 36 |..........uH..T6|
+00000070 b0 f6 ae fe 29 7b 0d af 9f 06 4e 58 8c 66 10 14 |....){....NX.f..|
+00000080 03 03 00 01 01 17 03 03 00 17 8c ef b2 76 05 ee |.............v..|
+00000090 eb e8 55 a3 56 d6 4a b7 d7 10 8e f0 f9 7e 49 eb |..U.V.J......~I.|
+000000a0 fd 17 03 03 02 6d c2 33 a8 17 70 1e 66 4c b8 32 |.....m.3..p.fL.2|
+000000b0 99 41 79 b8 85 98 c8 f7 f4 c6 25 41 9b 30 ea f5 |.Ay.......%A.0..|
+000000c0 24 6c ad 7c b6 c1 c7 a6 d5 2c 0b d8 78 e0 ec df |$l.|.....,..x...|
+000000d0 bb 8d ea 0a ff ba c9 aa ec 24 05 63 2a ff 13 37 |.........$.c*..7|
+000000e0 5e fe c1 7b 6e c0 dd e1 09 c1 87 33 fc 18 90 28 |^..{n......3...(|
+000000f0 5b b2 ba 7e 69 06 dc 8e ac c4 ca 08 84 aa df 0c |[..~i...........|
+00000100 2a a7 74 46 e7 c8 db 23 96 67 95 f4 79 9b 6e 3d |*.tF...#.g..y.n=|
+00000110 94 fc 80 07 d9 e7 cf 0d 31 27 84 08 66 23 2d 05 |........1'..f#-.|
+00000120 64 2f 63 27 5c e2 1c 2e f7 6f 99 4f 59 4c f4 3d |d/c'\....o.OYL.=|
+00000130 cf a9 ff 32 f4 6a 7d b4 c4 11 01 9d f2 8a ce da |...2.j}.........|
+00000140 21 51 b0 99 0c a8 a6 fa 09 b1 c4 cf a9 84 96 7d |!Q.............}|
+00000150 aa 80 b4 b3 c7 ed 70 08 1b 50 b9 07 a5 2c a0 21 |......p..P...,.!|
+00000160 da 97 a7 5f 35 d4 55 24 8b 2d 14 85 0d 63 10 7f |..._5.U$.-...c..|
+00000170 0b 22 03 a5 e3 26 e4 2b ca c4 54 39 4d 52 41 8b |."...&.+..T9MRA.|
+00000180 8e b0 60 2f 61 f5 7f d2 62 2c a3 f9 f2 46 08 76 |..`/a...b,...F.v|
+00000190 37 92 d0 bc 6c 0e 75 a2 f5 c1 f4 b3 7d f9 83 8e |7...l.u.....}...|
+000001a0 bd 30 4f 04 77 98 b7 d0 e9 a0 19 4c 61 c1 58 09 |.0O.w......La.X.|
+000001b0 04 82 60 38 55 51 c1 94 46 40 a2 12 68 0a 83 7b |..`8UQ..F@..h..{|
+000001c0 30 71 a3 08 83 f7 67 86 df 44 df ea 6d 56 65 25 |0q....g..D..mVe%|
+000001d0 16 55 5d cd 8a f4 03 10 86 1d 5a fd d8 2e 23 7e |.U].......Z...#~|
+000001e0 34 77 b7 af 4b 2c 8a 36 ad 07 a5 5a 3b 39 c8 90 |4w..K,.6...Z;9..|
+000001f0 4b 77 60 81 2e ac 51 37 09 ac c0 e7 6b 18 a5 76 |Kw`...Q7....k..v|
+00000200 52 91 62 95 6d 1c 9d 8e 6c 03 f5 12 cd 80 7f 40 |R.b.m...l......@|
+00000210 4e f3 e6 7d d2 f1 3d 94 a7 16 ec fc 0c c9 72 b9 |N..}..=.......r.|
+00000220 ee 33 bb 76 d0 6d 27 3d 58 cd ed 34 60 f4 bb 23 |.3.v.m'=X..4`..#|
+00000230 49 a8 8d 94 7c 46 85 04 65 26 c2 5e 4f 22 f6 7d |I...|F..e&.^O".}|
+00000240 46 ae 1b 63 eb 6b 43 c5 64 fa 9d 43 86 e5 29 8f |F..c.kC.d..C..).|
+00000250 98 20 9e 21 b2 f3 32 c9 82 75 4d 97 5e cf dd cb |. .!..2..uM.^...|
+00000260 1d 6b 6e fc 8f 61 86 a9 71 12 96 e3 18 42 d3 28 |.kn..a..q....B.(|
+00000270 f9 86 7e ab 90 9b f6 5c c2 46 fb 93 e6 51 7d f5 |..~....\.F...Q}.|
+00000280 8a b2 e9 c6 e1 70 62 fa 08 e1 91 0b ee 89 12 01 |.....pb.........|
+00000290 ca dd 25 56 8f 2d 45 0d a5 47 26 f0 a2 4d f5 4b |..%V.-E..G&..M.K|
+000002a0 8b dd 6f ab 0f f1 5b 60 9c b0 dc 88 24 df 1c 5b |..o...[`....$..[|
+000002b0 a9 90 66 44 e1 e1 6b 96 b5 3f e2 69 76 a7 84 d6 |..fD..k..?.iv...|
+000002c0 2b 68 b0 f5 8a ba e7 83 83 88 45 78 2d e0 a4 82 |+h........Ex-...|
+000002d0 74 53 4a cf 14 84 fa 49 78 ce 3b 9a 24 66 00 a9 |tSJ....Ix.;.$f..|
+000002e0 5b 0b 83 20 fb 20 a8 20 45 10 53 76 7d ee b2 d6 |[.. . . E.Sv}...|
+000002f0 af 33 f9 29 d0 f7 16 7e d6 59 b0 4a 06 ac d4 7d |.3.)...~.Y.J...}|
+00000300 84 1d 50 64 d0 f8 67 65 54 2f a3 2c 50 9e 93 43 |..Pd..geT/.,P..C|
+00000310 58 59 67 17 03 03 00 99 62 ac 15 76 89 cb 8d 67 |XYg.....b..v...g|
+00000320 25 75 a7 57 b6 65 8c 73 24 a6 71 ba c4 75 ad f8 |%u.W.e.s$.q..u..|
+00000330 2a a6 94 12 c2 8d ca 7e 1a 75 e4 21 da cb 1e 77 |*......~.u.!...w|
+00000340 69 d0 e1 4b 25 46 ce 99 1b e0 10 9d 12 d6 16 62 |i..K%F.........b|
+00000350 f9 42 3b b8 3a 7b 3a 11 1f d7 04 fe 88 0b 62 ba |.B;.:{:.......b.|
+00000360 a9 d6 51 c4 f5 be d9 92 e6 d6 05 94 9b f9 76 0d |..Q...........v.|
+00000370 ca da 55 45 e4 fe a9 f3 dc d5 08 db 50 7c 4a 7c |..UE........P|J||
+00000380 f1 9c a7 5d e6 0d f9 cf 32 67 c0 66 a6 85 26 8b |...]....2g.f..&.|
+00000390 57 f0 2c 5e b7 7e c1 cb 3d 6c 23 e2 18 3e c2 67 |W.,^.~..=l#..>.g|
+000003a0 97 23 3f 86 f2 38 b5 a7 df 98 68 57 89 a3 e4 86 |.#?..8....hW....|
+000003b0 d7 17 03 03 00 35 4a d4 e1 fb d1 39 57 90 d1 19 |.....5J....9W...|
+000003c0 b9 f2 1b 0b 1a 0d 8f fb 4b f3 f1 f8 31 d2 ac 3b |........K...1..;|
+000003d0 25 ad e7 da 8a 78 ab 2a d6 97 9b 66 88 6a db ef |%....x.*...f.j..|
+000003e0 bf b6 ed b9 8a 39 72 8c ea 8f 0d |.....9r....|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 8c 85 73 71 98 |..........5..sq.|
+00000010 40 37 77 e7 8c fd d1 f0 42 a8 97 f3 7c 68 f4 a7 |@7w.....B...|h..|
+00000020 ac dc 7a ff 9b 2e f4 fe 2a c0 37 f9 56 a4 00 f5 |..z.....*.7.V...|
+00000030 b1 40 34 53 89 48 9a a6 9d af a1 75 3f 34 53 fd |.@4S.H.....u?4S.|
+00000040 17 03 03 00 17 92 cf 4a 20 2e 0c 2b 4a dc 86 2a |.......J ..+J..*|
+00000050 75 cd 8f 73 b3 b3 4b 3b 3a e4 39 c3 17 03 03 00 |u..s..K;:.9.....|
+00000060 13 83 08 42 b1 a8 95 2d a5 4c 8b e8 e8 35 d2 4c |...B...-.L...5.L|
+00000070 23 8b 83 73 |#..s|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-HelloRetryRequest b/src/crypto/tls/testdata/Client-TLSv13-HelloRetryRequest
new file mode 100644
index 0000000..c06837e
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-HelloRetryRequest
@@ -0,0 +1,118 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f4 01 00 00 f0 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 75 00 05 00 05 01 00 00 00 00 00 0a 00 |...u............|
+00000090 06 00 04 00 1d 00 17 00 0b 00 02 01 00 00 0d 00 |................|
+000000a0 18 00 16 08 04 08 05 08 06 04 01 04 03 05 01 05 |................|
+000000b0 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 |................|
+000000c0 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 |...+............|
+000000d0 33 00 26 00 24 00 1d 00 20 2f e5 7d a3 47 cd 62 |3.&.$... /.}.G.b|
+000000e0 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......|
+000000f0 c2 ed 90 99 5f 58 cb 3b 74 |...._X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.|
+00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z|
+00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 00 00 00 00 |..^......3. ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 14 03 03 |..+.....3.......|
+00000060 00 01 01 |...|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 16 03 03 01 15 01 00 01 11 03 |................|
+00000010 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000030 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |. ..............|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000050 00 00 00 32 cc a8 cc a9 c0 2f c0 2b c0 30 c0 2c |...2...../.+.0.,|
+00000060 c0 27 c0 13 c0 23 c0 09 c0 14 c0 0a 00 9c 00 9d |.'...#..........|
+00000070 00 3c 00 2f 00 35 c0 12 00 0a 00 05 c0 11 c0 07 |.<./.5..........|
+00000080 13 01 13 03 13 02 01 00 00 96 00 05 00 05 01 00 |................|
+00000090 00 00 00 00 0a 00 06 00 04 00 1d 00 17 00 0b 00 |................|
+000000a0 02 01 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 |................|
+000000b0 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff |................|
+000000c0 01 00 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 |.........+......|
+000000d0 03 03 02 03 01 00 33 00 47 00 45 00 17 00 41 04 |......3.G.E...A.|
+000000e0 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.|
+000000f0 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^|
+00000100 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B|
+00000110 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.|
+>>> Flow 4 (server to client)
+00000000 16 03 03 00 9b 02 00 00 97 03 03 84 0c ed 20 38 |.............. 8|
+00000010 61 6f 28 24 e6 70 28 71 1d 3e 38 fc e2 94 da fa |ao($.p(q.>8.....|
+00000020 34 04 33 99 7a 18 e2 2a cc d1 67 20 00 00 00 00 |4.3.z..*..g ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.|
+00000060 c8 a0 2b 32 b8 d5 a7 19 a7 5e 02 f6 f1 e9 ad 34 |..+2.....^.....4|
+00000070 72 59 97 9e 05 a8 46 42 21 53 06 06 81 ea b6 f1 |rY....FB!S......|
+00000080 ca b6 c6 a1 b6 2e c6 b7 93 17 8e bc 92 3f ac 9c |.............?..|
+00000090 7a 74 d0 f9 b2 00 68 e3 f2 1d b6 b8 66 7b 8a cd |zt....h.....f{..|
+000000a0 17 03 03 00 17 69 26 9c 4e 1d ec 10 61 5f 5b ef |.....i&.N...a_[.|
+000000b0 d1 ad 5d 6a c5 0c d4 ef a8 c4 8c ee 17 03 03 02 |..]j............|
+000000c0 6d c1 89 98 5a 1d 09 68 1a cd 6e 75 e6 d7 9c d4 |m...Z..h..nu....|
+000000d0 fb c4 70 dd c4 0d 6b 28 09 9b 59 53 81 44 80 f3 |..p...k(..YS.D..|
+000000e0 9f 16 7a 04 e2 15 8a 80 58 2d 98 1e aa 1c ac dc |..z.....X-......|
+000000f0 f4 60 d9 b3 ff d3 da 56 4a d4 dc 99 89 78 7b 0e |.`.....VJ....x{.|
+00000100 0a 76 93 08 9f c4 a6 22 de fe 9f ad 19 19 92 20 |.v....."....... |
+00000110 f3 2f ba c7 dd bc 15 54 03 8a ed 2f 5f 75 32 f2 |./.....T.../_u2.|
+00000120 2b cf 0e 08 2e c6 7e 6a 4c 3f 40 4e 89 3f c5 de |+.....~jL?@N.?..|
+00000130 f0 0d a2 f3 e7 b6 48 ac a6 c8 e9 78 8b ee a3 f1 |......H....x....|
+00000140 7c 87 ff 5d d0 9b 4c 98 bc fc 25 1b b8 56 00 22 ||..]..L...%..V."|
+00000150 e0 7e 52 24 c6 12 a3 21 39 2a 63 77 da ff de 21 |.~R$...!9*cw...!|
+00000160 98 85 1d 73 57 df 21 6c e3 f8 de 06 4b 50 39 0e |...sW.!l....KP9.|
+00000170 7c c9 c9 bc 7b 16 1e d7 e3 b2 e4 9e d3 a9 94 35 ||...{..........5|
+00000180 fb 65 22 b9 a9 f8 ef 13 5e 54 ef 4b d7 09 b8 72 |.e".....^T.K...r|
+00000190 a9 a5 30 a2 67 d3 ef 6e aa 00 7c fb fa 63 28 e7 |..0.g..n..|..c(.|
+000001a0 48 18 23 9b 7e 0f dd 8b b2 13 4f f6 d2 e4 75 42 |H.#.~.....O...uB|
+000001b0 27 8a 42 0c 02 d8 1e 45 82 ef 1b 65 a7 eb b5 19 |'.B....E...e....|
+000001c0 26 e5 42 06 80 80 d7 84 1e 05 c5 d5 f4 ea 53 51 |&.B...........SQ|
+000001d0 78 ba f3 47 47 01 7b 25 ab 34 f7 fc 52 71 ff a4 |x..GG.{%.4..Rq..|
+000001e0 d5 50 2b b5 7d e2 62 6a e9 8e 9c 8d b2 6f d4 78 |.P+.}.bj.....o.x|
+000001f0 07 da 3a 9c 51 a3 d4 f5 24 a6 c0 c8 39 85 5f e1 |..:.Q...$...9._.|
+00000200 03 b0 65 8b 50 c4 5d 03 f6 36 d2 3d f2 36 e3 c6 |..e.P.]..6.=.6..|
+00000210 26 5b 82 d1 bd 54 e7 90 50 23 a8 e3 36 d9 d9 a0 |&[...T..P#..6...|
+00000220 07 df 1b 47 17 9c 2a ab 56 07 d5 ea e5 c7 71 0b |...G..*.V.....q.|
+00000230 fb 0c 4e f3 5b 0e 1d d6 75 df 21 50 c3 c9 18 5f |..N.[...u.!P..._|
+00000240 55 e1 84 91 5c 9c 13 68 95 15 ab 0e db 17 b1 b7 |U...\..h........|
+00000250 ee 3e 89 61 0f 6f 09 8b 6a 67 b5 bc 2a 61 cd 42 |.>.a.o..jg..*a.B|
+00000260 79 9a 9c a4 99 98 0d 1c 43 2c bd 8d ee ac a9 2e |y.......C,......|
+00000270 6d 73 cc b3 a0 b7 b7 8f 8f 09 32 8a 9f 00 87 5f |ms........2...._|
+00000280 ae b4 0f 47 22 0b ec f4 e2 be 4e 6f 13 8d 30 97 |...G".....No..0.|
+00000290 5a a8 f0 38 46 dd 1a 28 10 8b a8 4a e4 e6 fb 84 |Z..8F..(...J....|
+000002a0 c4 85 15 11 3d 0b 08 f7 9d fd 45 6a 6b f5 bf d4 |....=.....Ejk...|
+000002b0 2b 84 e5 20 5a a8 cb df 1f a3 af 96 17 df e8 b2 |+.. Z...........|
+000002c0 61 f1 d0 d1 85 91 d2 02 a5 38 a0 5e 19 ba c4 2c |a........8.^...,|
+000002d0 80 64 77 13 e1 27 86 d3 d4 17 07 86 c7 11 c0 38 |.dw..'.........8|
+000002e0 11 69 89 48 39 7e b2 e5 d9 72 c1 b4 29 50 ab 9b |.i.H9~...r..)P..|
+000002f0 49 cd 74 b9 4a ce c5 67 46 47 73 81 b1 a1 82 8f |I.t.J..gFGs.....|
+00000300 76 ee 81 28 70 66 da 94 2a 8e 20 b0 ab 2e e4 d4 |v..(pf..*. .....|
+00000310 ef 26 8b 31 07 85 b6 b0 c2 5b 05 0a 32 2e e7 73 |.&.1.....[..2..s|
+00000320 41 e7 a1 97 f7 5e 2f 9c 73 25 c1 f7 77 12 17 03 |A....^/.s%..w...|
+00000330 03 00 99 92 0a 8c 17 e9 0d 77 a3 6f ab 1a 4f dd |.........w.o..O.|
+00000340 de 1d 0f 72 39 5c 8f 9f 80 00 b2 e5 fe 28 79 a2 |...r9\.......(y.|
+00000350 16 21 e3 a2 25 90 c6 cd f2 28 6d b6 08 5b 51 0d |.!..%....(m..[Q.|
+00000360 58 22 a6 11 ac 29 5d 54 aa 05 35 28 87 da 54 39 |X"...)]T..5(..T9|
+00000370 b6 7f ef 94 3e 1c 80 59 f1 12 06 77 66 20 a1 00 |....>..Y...wf ..|
+00000380 82 ed 0b 7a 1f 5d 55 5e 31 11 85 93 69 94 2a 44 |...z.]U^1...i.*D|
+00000390 96 1c 39 7b 5b 7f 5b a6 05 6a 6d 52 79 20 52 f7 |..9{[.[..jmRy R.|
+000003a0 1f 79 50 36 f1 a9 00 aa 9d 46 57 fd 00 70 7b 4a |.yP6.....FW..p{J|
+000003b0 7a 14 75 20 91 83 3e 1b 47 2a 90 c9 09 71 b6 95 |z.u ..>.G*...q..|
+000003c0 48 53 2a 3f 22 5f 9c 46 d6 12 27 b1 17 03 03 00 |HS*?"_.F..'.....|
+000003d0 35 98 15 74 4c d4 52 cf 0c 78 88 8f 82 9b c5 23 |5..tL.R..x.....#|
+000003e0 14 02 71 da 63 6c 28 36 aa 91 a0 14 74 0a 47 59 |..q.cl(6....t.GY|
+000003f0 ea 6f b1 46 1e a7 c4 5f 76 33 96 ae 82 eb 4b b4 |.o.F..._v3....K.|
+00000400 88 6a ce 37 db fd |.j.7..|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 35 7b c5 88 f4 a0 83 1e 6e 67 e6 05 |....5{......ng..|
+00000010 05 fa b4 40 e3 7f fc f8 bc 50 11 76 93 22 92 5f |...@.....P.v."._|
+00000020 9a 67 e5 65 a1 a3 af bc ae 3b c7 aa b3 fb 99 f0 |.g.e.....;......|
+00000030 2a c2 65 aa 4b bd 91 20 17 22 17 03 03 00 17 1d |*.e.K.. ."......|
+00000040 4f a0 06 07 65 2e 10 e7 15 c9 56 f3 2c 18 10 51 |O...e.....V.,..Q|
+00000050 c7 d5 ac 09 e6 93 17 03 03 00 13 34 b2 1d 5e da |...........4..^.|
+00000060 55 b2 dd 2b c1 e0 ac 65 7e a2 52 f8 a4 5b |U..+...e~.R..[|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-KeyUpdate b/src/crypto/tls/testdata/Client-TLSv13-KeyUpdate
new file mode 100644
index 0000000..a613b78
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-KeyUpdate
@@ -0,0 +1,102 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............|
+00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................|
+000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................|
+000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................|
+000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........|
+000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}|
+000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..|
+000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 59 2c d4 a8 e3 |....z...v..Y,...|
+00000010 ec 72 f1 2f 9b ff af 2f ab 13 fe 21 80 a5 c1 71 |.r./.../...!...q|
+00000020 02 55 9b 06 67 0f 7b dd 27 32 66 20 00 00 00 00 |.U..g.{.'2f ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 3e |..+.....3.$... >|
+00000060 13 b1 51 26 01 be c0 e5 85 a7 18 aa b5 83 21 6e |..Q&..........!n|
+00000070 85 48 1b ea 4c 99 13 ba b8 de 07 30 f4 9f 5b 14 |.H..L......0..[.|
+00000080 03 03 00 01 01 17 03 03 00 17 9f 78 1e 98 cb 85 |...........x....|
+00000090 0e 65 2b e5 20 c1 63 c1 b7 49 49 76 e3 90 0c c9 |.e+. .c..IIv....|
+000000a0 b6 17 03 03 02 6d 8f 91 03 6b b7 0d 7d 79 4c 16 |.....m...k..}yL.|
+000000b0 fc cb 62 11 62 12 2a 52 9a 19 7c b6 1c fc 31 d2 |..b.b.*R..|...1.|
+000000c0 11 4d b4 e9 23 3c 58 3e 87 f1 9e e0 27 04 a2 fb |.M..#<X>....'...|
+000000d0 21 9a 82 59 3b ea 6b 29 ec a8 0e 1c 58 99 46 9b |!..Y;.k)....X.F.|
+000000e0 2b c2 90 10 5d bc df d1 a0 71 00 8f 9b 90 10 49 |+...]....q.....I|
+000000f0 97 1d b5 d2 8f e2 a6 78 b1 2a e9 2d 8d 13 38 2f |.......x.*.-..8/|
+00000100 db 56 bb cd 0f 08 69 f7 04 de 53 ec 3c 90 97 ca |.V....i...S.<...|
+00000110 9f 63 d0 96 7f 3a 98 98 77 21 c8 ee 0f 5c 4e 97 |.c...:..w!...\N.|
+00000120 3c 72 88 13 48 82 1b 70 b2 83 b4 95 03 81 05 ef |<r..H..p........|
+00000130 81 40 69 36 29 44 75 0f 10 6c 8e a4 af 67 15 45 |.@i6)Du..l...g.E|
+00000140 42 bc 35 3f a5 c1 a7 c2 0a e0 7f bc f2 b6 a3 53 |B.5?...........S|
+00000150 b4 14 56 ed 45 5b e0 35 c6 93 3a f5 90 a7 4c 78 |..V.E[.5..:...Lx|
+00000160 01 3d 6a 16 41 52 31 e7 a9 8c 29 5e e5 e4 6a 3a |.=j.AR1...)^..j:|
+00000170 95 59 a0 d9 67 b5 62 ed 13 98 82 b8 9b e1 f3 cf |.Y..g.b.........|
+00000180 1f 39 0e 58 d4 19 a1 59 b3 c9 d9 dc 7a 2c 78 da |.9.X...Y....z,x.|
+00000190 f2 54 58 91 36 59 24 dc 90 78 53 2f d7 e5 74 10 |.TX.6Y$..xS/..t.|
+000001a0 f3 ab f2 7e f8 8e 4d a9 15 b5 d8 65 85 0f e2 aa |...~..M....e....|
+000001b0 40 ec b6 a6 3c d9 2e 11 17 72 6d 11 ab b5 65 8c |@...<....rm...e.|
+000001c0 c1 62 8a 2e 0d b1 84 45 fa 23 b4 4e 39 9d 6b b7 |.b.....E.#.N9.k.|
+000001d0 91 3c 29 87 59 2c 95 40 29 4c af 7f 67 4c e4 fb |.<).Y,.@)L..gL..|
+000001e0 9b 91 5f 96 bc 0b 4a b0 8b 52 d5 92 91 42 83 85 |.._...J..R...B..|
+000001f0 9a ec 81 56 ee 90 03 e7 d5 36 e9 ca e5 ed 07 4b |...V.....6.....K|
+00000200 c8 ba c8 45 1b fc a8 95 b8 ff a0 9b 32 de 35 da |...E........2.5.|
+00000210 af 6e 3a 0a 3a 94 6f 23 29 78 c1 21 07 7d 5e c2 |.n:.:.o#)x.!.}^.|
+00000220 9f 32 6d 78 75 58 c6 81 e2 6a ee d3 ea 69 8a 31 |.2mxuX...j...i.1|
+00000230 dc 86 9b ad b4 f6 29 0e 5f e3 aa e2 32 13 60 e5 |......)._...2.`.|
+00000240 b8 5a 45 7b bc ad f1 ae 42 18 4c dd 10 aa 60 88 |.ZE{....B.L...`.|
+00000250 b2 d5 e2 e6 cd 83 85 4d ba c4 a4 94 52 bd 70 8e |.......M....R.p.|
+00000260 85 4e ef 57 f9 9f ae f0 40 50 6b 5c 3a d2 cb 7b |.N.W....@Pk\:..{|
+00000270 53 c7 01 60 7c 0b 53 39 bf a8 a2 f7 ef 6c 99 a5 |S..`|.S9.....l..|
+00000280 b5 23 3d d1 d5 a5 93 bc 40 41 10 29 4c a6 2d 91 |.#=.....@A.)L.-.|
+00000290 5a 43 2c 7b fb ef 70 73 5f f0 13 9a 5d f2 f3 41 |ZC,{..ps_...]..A|
+000002a0 7e 8b 09 f3 6f 5a c8 40 b7 18 b9 ff 4c 93 ee 8e |~...oZ.@....L...|
+000002b0 f2 cb 6b 02 b8 d8 b7 d2 8d dd 2f 19 83 f7 7d bc |..k......./...}.|
+000002c0 71 62 78 b4 43 29 62 76 a0 82 17 bc d8 d4 09 dd |qbx.C)bv........|
+000002d0 8e 48 bf 4b dd 44 45 7a 1f 9c bd ae 0c 26 fc 71 |.H.K.DEz.....&.q|
+000002e0 dc c7 49 ee 13 46 c8 dd f9 45 46 34 4c ac 02 33 |..I..F...EF4L..3|
+000002f0 64 89 02 d7 93 dd 03 3e 3a 12 d7 c1 8e 18 55 33 |d......>:.....U3|
+00000300 76 5f ce 26 f6 53 d0 23 3a e2 78 0f 0a fe 2f 89 |v_.&.S.#:.x.../.|
+00000310 43 27 b3 17 03 03 00 99 61 da d2 f7 6d 84 f0 08 |C'......a...m...|
+00000320 b0 89 f8 a4 1f b4 99 6a cf d1 08 d6 a7 03 fa f9 |.......j........|
+00000330 db c2 8a 9a 74 62 0c 93 7d 7c 22 c0 2d 84 5d 96 |....tb..}|".-.].|
+00000340 f8 66 05 6c c5 ab b6 5b 2d f5 10 27 c6 c3 81 13 |.f.l...[-..'....|
+00000350 94 3c af 56 ca 37 ca a6 24 86 34 54 f2 60 e2 51 |.<.V.7..$.4T.`.Q|
+00000360 67 5e dd 81 7f 87 81 84 15 cf b9 92 01 9c fc 90 |g^..............|
+00000370 18 21 ad 6a 4a b8 4f fe 03 c8 83 08 fd 55 5a 4d |.!.jJ.O......UZM|
+00000380 75 b7 e3 2d ff 9d 0a e5 61 b2 e9 82 bf 65 6a 05 |u..-....a....ej.|
+00000390 d1 8d 36 82 07 8d a0 95 78 26 9e 3a c7 99 27 3f |..6.....x&.:..'?|
+000003a0 54 0e a3 dd 9a 93 a6 6c 9b a3 14 46 bb cc f8 70 |T......l...F...p|
+000003b0 f1 17 03 03 00 35 34 03 e6 68 dc f1 3e ae 38 69 |.....54..h..>.8i|
+000003c0 87 ce 72 92 13 4a c0 4a 0d 22 28 3a 9f df 7d d5 |..r..J.J."(:..}.|
+000003d0 de 5f 3c 0d 49 be b7 63 85 67 90 be 68 dc e7 88 |._<.I..c.g..h...|
+000003e0 e3 58 90 43 99 0a db ee ad be 6d |.X.C......m|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 ea a5 10 9a 0a |..........5.....|
+00000010 57 40 9c b7 f8 e6 01 28 9e 3f ae ce ec 73 7f 2e |W@.....(.?...s..|
+00000020 84 8e a9 e3 cb 03 3b b3 1b 98 3c 09 5b 23 c2 10 |......;...<.[#..|
+00000030 c1 18 47 74 a8 a5 0e 33 93 5f 83 e9 e6 aa ed f5 |..Gt...3._......|
+00000040 17 03 03 00 17 80 72 fb 00 25 ff 83 4c df 43 66 |......r..%..L.Cf|
+00000050 cd e5 64 2e 78 44 e4 b7 58 61 fe 01 |..d.xD..Xa..|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 16 54 f1 cd 5a 87 da 6a e7 a6 e5 00 |.....T..Z..j....|
+00000010 60 f8 cd 6b af db 1b 85 3b 40 23 |`..k....;@#|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 16 b2 74 fa c8 c6 6e 4f 62 4f ea 02 |......t...nObO..|
+00000010 4d 10 78 f1 b3 4a e2 e5 1d 8f 33 |M.x..J....3|
+>>> Flow 6 (server to client)
+00000000 17 03 03 00 1a ba bc 59 f7 ad b4 77 2f bc 3d 60 |.......Y...w/.=`|
+00000010 5c bd 6c 6e 37 86 75 bd e1 41 b9 07 f6 87 47 |\.ln7.u..A....G|
+>>> Flow 7 (client to server)
+00000000 17 03 03 00 1d 7d 12 1b b2 a7 b7 ae 37 fb 2d 71 |.....}......7.-q|
+00000010 98 ec c2 f0 7f 16 e9 b9 f9 49 05 e2 b2 c3 c6 ec |.........I......|
+00000020 38 32 17 03 03 00 13 9f c4 f4 f7 e9 c9 5f e2 70 |82..........._.p|
+00000030 b4 33 9f 35 f3 2a b1 cd 01 d5 |.3.5.*....|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-P256-ECDHE b/src/crypto/tls/testdata/Client-TLSv13-P256-ECDHE
new file mode 100644
index 0000000..20cafb4
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-P256-ECDHE
@@ -0,0 +1,94 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 01 13 01 00 01 0f 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 94 00 05 00 05 01 00 00 00 00 00 0a 00 |................|
+00000090 04 00 02 00 17 00 0b 00 02 01 00 00 0d 00 18 00 |................|
+000000a0 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 06 |................|
+000000b0 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................|
+000000c0 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 33 00 |.+............3.|
+000000d0 47 00 45 00 17 00 41 04 1e 18 37 ef 0d 19 51 88 |G.E...A...7...Q.|
+000000e0 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 |5uq..T[....g..$ |
+000000f0 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f |>.V...(^.+-O....|
+00000100 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 |lK[.V.2B.X..I..h|
+00000110 1a 41 03 56 6b dc 5a 89 |.A.Vk.Z.|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 9b 02 00 00 97 03 03 42 8e 0f 88 bb |...........B....|
+00000010 99 f5 32 74 2a 0a 66 98 59 da 0c 3f df 23 8c 72 |..2t*.f.Y..?.#.r|
+00000020 a7 ba f5 52 78 88 22 a0 db 3d cc 20 00 00 00 00 |...Rx."..=. ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.|
+00000060 42 55 a6 b0 22 e7 51 7f ce 3c 15 f5 ef db 69 89 |BU..".Q..<....i.|
+00000070 80 e1 5a 54 37 d9 df 4c bd 83 72 43 5f b5 bf 28 |..ZT7..L..rC_..(|
+00000080 21 41 0f 4c 71 a4 42 ae 90 20 8b 2e 95 88 1d a0 |!A.Lq.B.. ......|
+00000090 4d 50 6f 05 3d 71 26 e2 ca 12 2b bf 5b 18 b6 16 |MPo.=q&...+.[...|
+000000a0 14 03 03 00 01 01 17 03 03 00 17 fd a0 c1 f6 d6 |................|
+000000b0 f5 7c 39 25 4c 67 ad fa 10 18 d1 90 b2 61 90 3f |.|9%Lg.......a.?|
+000000c0 71 49 17 03 03 02 6d 28 31 4d 75 d8 9d 93 a0 ee |qI....m(1Mu.....|
+000000d0 ad ef a3 dc 14 12 a8 af 17 b4 46 20 50 96 26 54 |..........F P.&T|
+000000e0 78 4d d7 4f 08 e9 93 61 b6 53 da b2 e9 9c 67 54 |xM.O...a.S....gT|
+000000f0 e8 87 0d 64 0c cc 14 cd d0 b5 df 1e d7 25 58 ce |...d.........%X.|
+00000100 0b c9 a6 dc 38 9d 00 85 ce c3 01 29 3a 74 26 d4 |....8......):t&.|
+00000110 71 db c0 92 2b 95 d2 00 d0 38 8d 85 f5 22 05 c7 |q...+....8..."..|
+00000120 3b d4 d5 c7 a6 36 0d 3e 39 2c d5 0f 0d 84 80 22 |;....6.>9,....."|
+00000130 e5 f0 71 24 0d 93 68 21 db 51 e2 24 84 0c 30 2a |..q$..h!.Q.$..0*|
+00000140 87 e5 b5 a2 b6 b8 9c 53 a1 bb 76 7d e8 10 e4 59 |.......S..v}...Y|
+00000150 f2 be 69 6f 39 75 e2 ed 70 f3 f0 fd 70 2f ce 2a |..io9u..p...p/.*|
+00000160 24 d0 05 3e 13 ee 76 f5 6b b8 ed ee 34 40 cc e5 |$..>..v.k...4@..|
+00000170 11 58 62 22 99 04 3c 22 43 24 46 78 66 a0 04 11 |.Xb"..<"C$Fxf...|
+00000180 86 b4 b7 87 71 ff f9 ed 6f 4f 7e 9f 2d 08 ed ae |....q...oO~.-...|
+00000190 cc 03 29 6f 34 9b 18 2c ae d7 d5 e9 03 51 5d 37 |..)o4..,.....Q]7|
+000001a0 d5 ac 93 07 2a 78 8f 7d b0 85 ae 19 37 a5 e8 d6 |....*x.}....7...|
+000001b0 e4 b3 01 14 04 fc ab 36 d6 5e 31 45 47 14 f8 d9 |.......6.^1EG...|
+000001c0 c8 a0 a0 49 56 74 68 5b b4 20 f7 e0 54 34 41 45 |...IVth[. ..T4AE|
+000001d0 c0 5e ed a6 1c 84 d8 3a c7 2d 17 5a 4c bd 7d d1 |.^.....:.-.ZL.}.|
+000001e0 a8 9e 5e d1 31 b1 6b 48 64 11 d8 89 01 9f ed 12 |..^.1.kHd.......|
+000001f0 60 73 66 80 38 13 23 8d 31 ca 94 06 22 e9 45 ff |`sf.8.#.1...".E.|
+00000200 d6 a3 0b 7c 30 c8 d7 30 4f c0 62 84 ac f9 b0 3d |...|0..0O.b....=|
+00000210 68 76 d2 02 27 d9 1e 7e da ae 85 47 e1 08 0f 4f |hv..'..~...G...O|
+00000220 74 a9 fc ca f2 38 68 6d c6 f3 3c e9 99 c5 48 79 |t....8hm..<...Hy|
+00000230 88 37 b6 5d 4f f8 8b 53 41 9a 39 a7 2f 8e 39 81 |.7.]O..SA.9./.9.|
+00000240 75 cf 70 2f 28 4c 10 32 73 9b 6e 4f 58 1f ae 28 |u.p/(L.2s.nOX..(|
+00000250 3f 6c 3d 60 49 48 15 10 2a af ea d7 ce 55 07 47 |?l=`IH..*....U.G|
+00000260 90 3a c8 0d 6a 4a 88 c2 9c d3 08 99 02 c9 88 be |.:..jJ..........|
+00000270 91 5b c9 41 46 cf b1 5e fe 28 1e 97 8a 44 5a e0 |.[.AF..^.(...DZ.|
+00000280 d0 a3 a9 ea f7 51 27 87 b3 0f fd dc 7d d4 96 4a |.....Q'.....}..J|
+00000290 39 2c 0a 58 9c 23 0d 41 89 42 5e fd 19 ab 19 a8 |9,.X.#.A.B^.....|
+000002a0 e4 70 3f ef c6 54 fb ed 80 9b 68 d6 d9 6f 21 53 |.p?..T....h..o!S|
+000002b0 89 40 06 c9 0c 56 40 8c 36 61 91 18 81 ce 76 5d |.@...V@.6a....v]|
+000002c0 78 f5 01 9f 2e de 3e 89 61 d7 81 a5 f9 32 24 44 |x.....>.a....2$D|
+000002d0 6b fa 0b 9c 8b a4 f6 df a1 2a 31 91 b2 40 cd 7e |k........*1..@.~|
+000002e0 6c d1 75 c9 56 48 e3 36 eb 13 00 cf ea d5 d9 98 |l.u.VH.6........|
+000002f0 71 4c d2 af 06 e5 f1 f7 8f ce 79 7a 93 4c 1c 99 |qL........yz.L..|
+00000300 61 8f 93 76 de 1d ca ff 1b e5 c3 8f 99 ac 65 92 |a..v..........e.|
+00000310 74 a9 d6 fd 9d bd a7 da f6 d5 94 7f 66 87 e1 7e |t...........f..~|
+00000320 16 43 04 8a 9f 00 cc 89 1b 33 32 a2 26 e1 62 76 |.C.......32.&.bv|
+00000330 30 07 5d 0e 17 03 03 00 99 22 4f 7b 1f 73 59 91 |0.]......"O{.sY.|
+00000340 1e dc 62 ce 8b 32 7f 7d 99 b0 71 7a fb 79 09 5a |..b..2.}..qz.y.Z|
+00000350 2e 0c b4 f2 00 13 5d ae 7d ae 80 1c 5f 8a a1 99 |......].}..._...|
+00000360 c9 20 39 a9 66 36 f0 2b de 2e 1d ef 1f e1 ce 34 |. 9.f6.+.......4|
+00000370 9a db f7 7b 17 52 91 ac 76 ff 22 63 8c 07 dd 7d |...{.R..v."c...}|
+00000380 72 eb 9b 34 0f e9 a4 43 6b e3 fa e1 00 e3 dc 65 |r..4...Ck......e|
+00000390 7a 49 bf a6 cd 97 4f e9 49 ae 91 4c be c3 3a b1 |zI....O.I..L..:.|
+000003a0 a1 ee 09 55 ce 87 e7 59 58 24 cb 43 16 c9 5f d6 |...U...YX$.C.._.|
+000003b0 11 32 83 47 dd 14 8d 11 c9 29 ac b8 57 7d 1e 07 |.2.G.....)..W}..|
+000003c0 34 cc 79 13 22 00 62 39 4c 7e 5f 89 dc 94 b9 ca |4.y.".b9L~_.....|
+000003d0 d9 ef 17 03 03 00 35 6a 70 22 84 c0 ed d6 70 b1 |......5jp"....p.|
+000003e0 d5 8c 29 f9 0d 03 69 d1 0e 4c 01 79 1b 97 2f 24 |..)...i..L.y../$|
+000003f0 45 08 25 4e 56 58 7c d7 d1 79 67 73 7c e2 30 54 |E.%NVX|..ygs|.0T|
+00000400 54 2f c0 e2 28 e3 5a 87 47 0f f9 33 |T/..(.Z.G..3|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 f1 7c 55 b2 e9 |..........5.|U..|
+00000010 01 cd 57 d5 17 17 30 51 43 74 46 00 83 c7 d2 73 |..W...0QCtF....s|
+00000020 2b ff 57 45 5c 13 d9 9e ec 56 c5 f1 d2 26 00 76 |+.WE\....V...&.v|
+00000030 75 5c f0 3c 80 39 74 4e 38 72 35 39 a3 29 4d ff |u\.<.9tN8r59.)M.|
+00000040 17 03 03 00 17 43 aa f1 73 de 22 92 8c 54 2c 3f |.....C..s."..T,?|
+00000050 c6 f2 f1 07 27 b2 f6 0e 54 79 4d 05 17 03 03 00 |....'...TyM.....|
+00000060 13 a5 64 ef ae 3f f0 52 08 71 9e 24 dc ea f1 50 |..d..?.R.q.$...P|
+00000070 b5 27 20 54 |.' T|
diff --git a/src/crypto/tls/testdata/Client-TLSv13-X25519-ECDHE b/src/crypto/tls/testdata/Client-TLSv13-X25519-ECDHE
new file mode 100644
index 0000000..7de7d27
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv13-X25519-ECDHE
@@ -0,0 +1,90 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f2 01 00 00 ee 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..|
+00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#|
+00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5|
+00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................|
+00000080 01 00 00 73 00 05 00 05 01 00 00 00 00 00 0a 00 |...s............|
+00000090 04 00 02 00 1d 00 0b 00 02 01 00 00 0d 00 18 00 |................|
+000000a0 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 06 |................|
+000000b0 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................|
+000000c0 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 33 00 |.+............3.|
+000000d0 26 00 24 00 1d 00 20 2f e5 7d a3 47 cd 62 43 15 |&.$... /.}.G.bC.|
+000000e0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
+000000f0 90 99 5f 58 cb 3b 74 |.._X.;t|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 cd c7 29 34 e2 |....z...v....)4.|
+00000010 96 86 e5 32 80 01 ea b9 3f d1 c5 90 da 7d 6e b9 |...2....?....}n.|
+00000020 6f c2 f3 de 0f 16 7c c6 be 22 9f 20 00 00 00 00 |o.....|..". ....|
+00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 71 |..+.....3.$... q|
+00000060 a3 1e 19 38 17 d7 fb c4 d7 c0 c5 0b 1a 4f 43 b8 |...8.........OC.|
+00000070 36 73 5b ba ac 71 44 76 e5 18 a8 5f f0 e9 53 14 |6s[..qDv..._..S.|
+00000080 03 03 00 01 01 17 03 03 00 17 2b d0 f2 01 36 99 |..........+...6.|
+00000090 3c fe 38 af 22 1c 4f ec 1f 31 a2 48 31 a4 b9 83 |<.8.".O..1.H1...|
+000000a0 74 17 03 03 02 6d 87 69 ac 88 28 88 6e 62 c8 96 |t....m.i..(.nb..|
+000000b0 b9 32 1a 3d f6 a3 10 70 06 bd a6 3b d1 e4 a6 3a |.2.=...p...;...:|
+000000c0 be e0 93 61 27 d4 bf 1f b0 17 f0 19 b3 30 e1 5e |...a'........0.^|
+000000d0 94 18 13 78 9b 9d d5 16 b2 c7 8a 21 54 c9 f0 31 |...x.......!T..1|
+000000e0 09 5b 6c 7f 22 79 9f 33 66 b7 e7 ea d4 11 63 5f |.[l."y.3f.....c_|
+000000f0 05 21 e2 1a 66 96 ac 62 10 be 4b 51 73 df 29 9e |.!..f..b..KQs.).|
+00000100 71 92 1a cb d2 d3 99 0c a7 35 7d 12 b4 44 d7 96 |q........5}..D..|
+00000110 2b 29 9d 49 70 11 8c f8 5c 80 a4 98 56 21 66 2b |+).Ip...\...V!f+|
+00000120 ac 72 1c 2e 86 e3 62 d2 e5 f1 7f 58 97 7b ac 85 |.r....b....X.{..|
+00000130 a8 c1 99 62 3b 8c 7f 47 95 09 e7 dc 7d 31 ed d2 |...b;..G....}1..|
+00000140 9b f8 71 fb 15 9c 80 1c cc 28 dd 4d ef 95 89 92 |..q......(.M....|
+00000150 1f e8 c0 c3 78 b9 8f 92 88 e9 57 f6 2b 30 90 f1 |....x.....W.+0..|
+00000160 27 b8 d8 65 0e 12 6d 51 9c e8 f2 5d b0 58 90 88 |'..e..mQ...].X..|
+00000170 22 e3 fb 0e 2e 1f 6b 6b a2 8e 52 2c a7 2a 32 03 |".....kk..R,.*2.|
+00000180 a4 e9 fc b7 e4 ec f5 73 37 fc bb d3 62 68 90 3d |.......s7...bh.=|
+00000190 69 02 65 d5 35 6c 9b 89 68 c2 93 df 84 e3 f0 5f |i.e.5l..h......_|
+000001a0 35 c7 05 d1 4d 60 93 b9 1d 5e 39 78 fd ed 85 f7 |5...M`...^9x....|
+000001b0 1b 82 f6 cc 0a 02 5e f6 e0 7a 78 55 3a 12 e3 b3 |......^..zxU:...|
+000001c0 45 ab 7e f0 12 2e 28 11 fd 73 7e 05 ef e1 c2 a0 |E.~...(..s~.....|
+000001d0 45 ac 2e 3c 0b 00 69 ad 01 78 c7 2b 15 4e 6b eb |E..<..i..x.+.Nk.|
+000001e0 65 3d d8 c2 4b e6 9d 73 35 62 4f 58 d1 ec 7f 8d |e=..K..s5bOX....|
+000001f0 6e 56 66 06 cf 90 56 09 70 53 bd ed 16 ff c1 14 |nVf...V.pS......|
+00000200 7f 1b 13 80 73 d2 7d f3 85 99 bd f2 f8 16 65 00 |....s.}.......e.|
+00000210 97 51 12 64 7a 34 20 b1 1a d9 fb 5c 38 e6 b7 ae |.Q.dz4 ....\8...|
+00000220 99 34 6d 1a 87 30 09 96 13 04 f9 4d 51 b7 f5 76 |.4m..0.....MQ..v|
+00000230 30 ac 18 05 ba e4 0e 3d 28 6e 09 5e ec 52 18 d4 |0......=(n.^.R..|
+00000240 1e da d3 7e b4 16 ff 76 4e 31 10 42 5a 7e 75 ea |...~...vN1.BZ~u.|
+00000250 86 82 4e ad 7a 11 1d a8 6b ab 5c 7d bd 7b 07 b8 |..N.z...k.\}.{..|
+00000260 aa bb 13 57 4a 24 d1 92 1d bb b9 7b 46 8b 7e 69 |...WJ$.....{F.~i|
+00000270 9c a5 ea a6 9d 20 42 b1 92 4f b6 0e 48 8a 29 be |..... B..O..H.).|
+00000280 67 19 b8 5b 27 7f fd c0 7e b1 01 e0 19 42 bb 19 |g..['...~....B..|
+00000290 c4 91 b0 52 3e 0b 4c a6 2b 03 ff e3 e2 b9 d7 54 |...R>.L.+......T|
+000002a0 77 4c 04 83 c6 41 3b 8f ee 8a 70 d8 16 e7 02 6f |wL...A;...p....o|
+000002b0 13 9c a4 22 1d 1b cc 9e 6a 0e e8 96 94 54 df 2e |..."....j....T..|
+000002c0 8a 60 53 e2 45 30 7b 8f 46 d2 ab 0e c1 6d 75 e2 |.`S.E0{.F....mu.|
+000002d0 cf 6c fe 9e 2d 31 af 9e 51 73 a6 39 02 ff 7b c2 |.l..-1..Qs.9..{.|
+000002e0 da 66 d6 27 87 9d 51 99 c9 7e 1b e7 43 8d 1e dc |.f.'..Q..~..C...|
+000002f0 49 93 0e 9c 47 5c d6 97 19 ee 80 6d 4f 92 9d 25 |I...G\.....mO..%|
+00000300 ff ea bf ab 9a 64 a6 d4 70 80 5e 13 42 48 75 4e |.....d..p.^.BHuN|
+00000310 8c c3 9b 17 03 03 00 99 7b 4a 09 b6 85 dc 5c 10 |........{J....\.|
+00000320 76 05 e8 11 e1 bc 63 ec ec b8 19 14 f3 95 16 6b |v.....c........k|
+00000330 2a a6 e1 ae b9 1c e0 5c 94 20 49 62 8c fd 76 7e |*......\. Ib..v~|
+00000340 0e f9 9f ec 0d 01 47 4b 86 a8 b1 9f a2 bc 83 85 |......GK........|
+00000350 de e8 e0 2f c4 a4 f6 90 72 57 38 ad 2e aa 1e 4f |.../....rW8....O|
+00000360 d4 8b e1 a2 b8 ba 80 99 ad 57 09 72 98 1c 5b 7b |.........W.r..[{|
+00000370 a7 35 a2 c5 4a be 76 14 ee d4 63 a9 96 5e 33 7c |.5..J.v...c..^3||
+00000380 0a e0 15 0d 14 19 f1 5a 5a e4 2c 9c 22 19 db e3 |.......ZZ.,."...|
+00000390 ea ee a1 c6 f8 1d 22 cc 5c 34 94 fa af 02 b0 26 |......".\4.....&|
+000003a0 8d 25 67 e6 f5 74 a9 38 38 37 57 ee 11 ac 0a 73 |.%g..t.887W....s|
+000003b0 01 17 03 03 00 35 bf ef 2c 2e 6c ae 90 ba d7 e0 |.....5..,.l.....|
+000003c0 99 b3 ea 42 db 8e ad 03 5b af 93 1e 35 3a fb f7 |...B....[...5:..|
+000003d0 87 bc 90 b6 98 ad e2 e6 1c 24 3b c1 20 8c 1a 79 |.........$;. ..y|
+000003e0 97 ad e3 8b 08 7b cc 7e 2b 98 fa |.....{.~+..|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 ce 50 b5 dc 27 |..........5.P..'|
+00000010 34 5b ea 1b 27 76 67 d1 9e 24 cf f9 51 4a 9a 6b |4[..'vg..$..QJ.k|
+00000020 cd 57 12 b2 5a 52 03 be e8 62 e2 29 64 1e 16 f1 |.W..ZR...b.)d...|
+00000030 61 af 70 a7 11 f1 41 ef e3 44 da 0e 9b 90 05 ad |a.p...A..D......|
+00000040 17 03 03 00 17 b4 9d 4e de fb da 13 02 ad 51 40 |.......N......Q@|
+00000050 b0 55 1d 89 ec 09 2b 52 e5 51 34 1f 17 03 03 00 |.U....+R.Q4.....|
+00000060 13 52 89 42 ba d7 14 f0 53 b4 b1 5a a5 a3 37 55 |.R.B....S..Z..7U|
+00000070 bd f8 e9 e5 |....|
diff --git a/src/crypto/tls/testdata/Server-SSLv3-RSA-3DES b/src/crypto/tls/testdata/Server-SSLv3-RSA-3DES
index 11a8a1c..869b22b 100644
--- a/src/crypto/tls/testdata/Server-SSLv3-RSA-3DES
+++ b/src/crypto/tls/testdata/Server-SSLv3-RSA-3DES
@@ -1,12 +1,12 @@
>>> Flow 1 (client to server)
-00000000 16 03 00 00 2f 01 00 00 2b 03 00 47 b4 bd 36 64 |..../...+..G..6d|
-00000010 0a 7d 37 1d 99 ac fd 1c 7a 3f d5 0f 9d 90 e3 59 |.}7.....z?.....Y|
-00000020 64 e4 fb 59 3a 4a 5f 53 d2 af 88 00 00 04 00 0a |d..Y:J_S........|
+00000000 16 03 00 00 2f 01 00 00 2b 03 00 6b 1d 6c 38 1a |..../...+..k.l8.|
+00000010 50 71 9a 32 88 4f 4a fe 47 00 8f 2a 58 08 72 cf |Pq.2.OJ.G..*X.r.|
+00000020 b5 f8 27 9d f9 17 76 32 8a 3b 29 00 00 04 00 0a |..'...v2.;).....|
00000030 00 ff 01 00 |....|
>>> Flow 2 (server to client)
00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 00 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,30 +47,30 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 00 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 00 00 84 10 00 00 80 43 4d 76 6b 7f b3 e6 |.........CMvk...|
-00000010 82 18 f9 8a a5 cd 45 ab 8f 1a 1d d4 9a 0a 1d 50 |......E........P|
-00000020 96 f2 08 14 a7 6b e3 ef d1 31 6b 18 d2 f5 ee e3 |.....k...1k.....|
-00000030 cd df 67 23 3d ec 70 09 07 df 32 c2 cd 60 6c 2b |..g#=.p...2..`l+|
-00000040 7f 04 cd b3 77 87 78 e5 90 60 41 0c fc 22 1a 3a |....w.x..`A..".:|
-00000050 82 29 28 92 9c f8 33 3a 72 ee 08 58 55 d5 ea 9c |.)(...3:r..XU...|
-00000060 37 96 a4 92 75 e0 29 8a 18 ad 5a c1 1f 4c aa c7 |7...u.)...Z..L..|
-00000070 49 89 6e ff 29 32 a3 c8 51 e8 50 3f 41 10 36 27 |I.n.)2..Q.P?A.6'|
-00000080 0b 60 a2 96 4b 82 a9 c6 52 14 03 00 00 01 01 16 |.`..K...R.......|
-00000090 03 00 00 40 b3 59 d0 de d1 47 8e 9e 1a 27 16 41 |...@.Y...G...'.A|
-000000a0 f7 38 4e 91 12 a0 71 89 1c 68 29 dc 60 7e 2c 39 |.8N...q..h).`~,9|
-000000b0 45 cb e6 98 8d 43 5e 76 34 ca 5b 86 24 9d 77 0a |E....C^v4.[.$.w.|
-000000c0 90 60 19 75 67 74 3d 95 1d e7 82 ee a8 9f 3a 60 |.`.ugt=.......:`|
-000000d0 8e ac 28 74 |..(t|
+00000000 16 03 00 00 84 10 00 00 80 24 e4 7a 2a e8 1b 68 |.........$.z*..h|
+00000010 c5 87 ac 26 72 70 76 c6 3a 2c 9d ed ff 63 3c 5b |...&rpv.:,...c<[|
+00000020 97 17 3e d4 e9 ab 5b f1 30 ed 29 07 1a 6b 69 f6 |..>...[.0.)..ki.|
+00000030 65 b1 c7 b9 15 9f b1 69 7d 74 c4 73 04 2a 45 77 |e......i}t.s.*Ew|
+00000040 ba f7 8f 98 65 ed 19 2d a4 de 74 1e 4e 96 78 11 |....e..-..t.N.x.|
+00000050 33 9f be a5 20 e4 bd a8 a4 1a 4d 02 e7 7a ac 01 |3... .....M..z..|
+00000060 f4 12 01 8d 51 9a 52 26 ac a4 f6 52 fc cf 91 97 |....Q.R&...R....|
+00000070 b5 d7 9f 25 92 b4 16 c4 33 46 bd 41 27 89 a2 72 |...%....3F.A'..r|
+00000080 7b 50 d3 ed b3 29 17 aa ab 14 03 00 00 01 01 16 |{P...)..........|
+00000090 03 00 00 40 ba 01 09 10 84 68 0c 97 25 b5 2d ef |...@.....h..%.-.|
+000000a0 be c6 d9 21 85 fe bf ef d4 f3 24 2f 79 04 fd e6 |...!......$/y...|
+000000b0 d3 c1 d2 1b a9 94 10 2e 1f dd dd 1f 97 de 63 e9 |..............c.|
+000000c0 8f 8a c1 d0 ac e1 69 de 92 fa 16 10 2c 9e 5f 3a |......i.....,._:|
+000000d0 45 7c 3f 88 |E|?.|
>>> Flow 4 (server to client)
-00000000 14 03 00 00 01 01 16 03 00 00 40 e8 3e 89 b5 10 |..........@.>...|
-00000010 e4 c9 eb f7 3f 83 e5 6a 7c 04 fd e6 96 69 25 fb |....?..j|....i%.|
-00000020 0b 0b 0e f7 13 4e 99 45 d2 0e 13 22 6b d1 0e 32 |.....N.E..."k..2|
-00000030 30 b5 c4 a2 03 cf 22 59 68 5c cc 63 96 f5 01 f3 |0....."Yh\.c....|
-00000040 2c b3 b5 13 e1 9d 19 45 c0 4f 28 17 03 00 00 18 |,......E.O(.....|
-00000050 2e cb 8c b3 d4 d5 c2 18 fd 6e dc 72 7b b3 4b b8 |.........n.r{.K.|
-00000060 10 56 0a 01 af 55 e8 5a 17 03 00 00 28 3f df 74 |.V...U.Z....(?.t|
-00000070 2f b9 5b a4 43 ec 24 68 ad ff 6c 52 b5 6a 91 0c |/.[.C.$h..lR.j..|
-00000080 be 3b 25 c9 e4 40 59 66 17 cb f0 e7 6b 6e cd 43 |.;%..@Yf....kn.C|
-00000090 ac be b7 62 d0 15 03 00 00 18 43 4d 3c fd 83 6e |...b......CM<..n|
-000000a0 e0 3f ae 40 0c 8a a1 08 d2 74 e2 60 7b d0 97 d5 |.?.@.....t.`{...|
-000000b0 e8 a5 |..|
+00000000 14 03 00 00 01 01 16 03 00 00 40 3b 60 e6 62 bc |..........@;`.b.|
+00000010 53 0f 95 32 d8 95 33 1b 29 78 49 fd 1f a9 bf 64 |S..2..3.)xI....d|
+00000020 71 2d b5 3e 03 80 a0 06 7a ca cd f6 f3 45 e9 d9 |q-.>....z....E..|
+00000030 c1 fc da 4f 5d 77 a3 07 82 89 3b 77 00 9a 99 a2 |...O]w....;w....|
+00000040 ac bf 73 78 31 a9 8c bf eb d1 2c 17 03 00 00 18 |..sx1.....,.....|
+00000050 e9 c8 b2 91 db fa 9f 3c d4 ed 7d 43 f6 b3 53 d2 |.......<..}C..S.|
+00000060 46 12 d2 6c a5 50 bd e1 17 03 00 00 28 2e 6f 91 |F..l.P......(.o.|
+00000070 21 18 89 7b 94 3d c0 6f 8a 4c b4 95 44 4c fe 1a |!..{.=.o.L..DL..|
+00000080 78 f5 6a fd 8f d0 79 c0 12 2f 4c 12 c4 29 9a 88 |x.j...y../L..)..|
+00000090 43 1c b7 93 3a 15 03 00 00 18 ae 35 00 1f 79 99 |C...:......5..y.|
+000000a0 cd 9f b1 16 a8 0f d6 28 29 e2 0a 16 e2 c2 de b3 |.......().......|
+000000b0 5c 41 |\A|
diff --git a/src/crypto/tls/testdata/Server-SSLv3-RSA-AES b/src/crypto/tls/testdata/Server-SSLv3-RSA-AES
index 771373c..5b09409 100644
--- a/src/crypto/tls/testdata/Server-SSLv3-RSA-AES
+++ b/src/crypto/tls/testdata/Server-SSLv3-RSA-AES
@@ -1,12 +1,12 @@
>>> Flow 1 (client to server)
-00000000 16 03 00 00 2f 01 00 00 2b 03 00 26 1e 06 cd 27 |..../...+..&...'|
-00000010 f5 2a b4 8d 00 07 47 16 02 23 aa 5e 92 02 95 4a |.*....G..#.^...J|
-00000020 1a 0b a8 51 8a 6f 4a 31 3c e9 a2 00 00 04 00 2f |...Q.oJ1<....../|
+00000000 16 03 00 00 2f 01 00 00 2b 03 00 c0 74 e5 6f 1e |..../...+...t.o.|
+00000010 3d 51 26 e2 34 31 68 10 ee 99 ca 45 0f 7d d6 7d |=Q&.41h....E.}.}|
+00000020 29 82 15 23 3f af d1 48 36 1f ac 00 00 04 00 2f |)..#?..H6....../|
00000030 00 ff 01 00 |....|
>>> Flow 2 (server to client)
00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 00 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,31 +47,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 00 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 00 00 84 10 00 00 80 66 67 59 2f 21 b9 e3 |.........fgY/!..|
-00000010 0d a9 78 0c 6b fc dc 6f 69 4e f9 00 8b 40 a2 0f |..x.k..oiN...@..|
-00000020 5a d8 8c d2 59 ab 33 78 f6 42 2f fa cf d6 48 7a |Z...Y.3x.B/...Hz|
-00000030 59 30 94 1c 10 49 30 69 4a 6c a2 e5 ce 59 6d e3 |Y0...I0iJl...Ym.|
-00000040 49 0c a7 0a ab 17 8b c6 48 82 71 44 d5 7d 80 e5 |I.......H.qD.}..|
-00000050 6d 45 6c 10 12 01 85 71 ee dc c5 e3 19 41 ed 22 |mEl....q.....A."|
-00000060 11 5c c4 25 c6 90 ad c8 4c 48 45 8d ad 6c f4 ef |.\.%....LHE..l..|
-00000070 fb b4 2b 53 90 cc 78 b0 9e 22 e7 2c 1a 64 0e 8b |..+S..x..".,.d..|
-00000080 d8 57 54 74 c5 33 20 3f 42 14 03 00 00 01 01 16 |.WTt.3 ?B.......|
-00000090 03 00 00 40 18 b6 0a d4 9e 4d fa 8a 67 ce 8e d5 |...@.....M..g...|
-000000a0 51 31 75 65 f1 ff 54 a2 1b 80 c5 c3 a0 fc d2 78 |Q1ue..T........x|
-000000b0 0b 99 3b 65 6c 1d 52 6d a9 9f 64 13 97 d5 2e b1 |..;el.Rm..d.....|
-000000c0 76 0b a0 fb f6 16 f7 72 28 a5 8a 11 a7 46 d5 59 |v......r(....F.Y|
-000000d0 e1 f4 f3 6f |...o|
+00000000 16 03 00 00 84 10 00 00 80 62 6a 6e 2e 83 74 fe |.........bjn..t.|
+00000010 08 7b e3 38 de be 06 18 ed c3 aa e0 27 5e bb 5d |.{.8........'^.]|
+00000020 a3 22 38 92 d4 94 ec 18 02 f1 fd 57 98 ac 84 3c |."8........W...<|
+00000030 07 ef c9 e2 c4 05 03 9c 89 69 dd cb 47 7c 61 5c |.........i..G|a\|
+00000040 7b c7 02 7b e4 4c 94 28 ea d7 34 ed 03 ef eb de |{..{.L.(..4.....|
+00000050 c0 75 e3 75 46 24 8a ed 33 33 5c 19 65 a2 f8 0c |.u.uF$..33\.e...|
+00000060 69 f9 ce 3e b6 88 e3 f4 2a ba 5c 0d 85 2f 64 88 |i..>....*.\../d.|
+00000070 cb 0e af 03 58 1b 54 71 21 fb 4c 13 ff 67 dd e9 |....X.Tq!.L..g..|
+00000080 1a 83 08 a9 ad 46 85 2b 95 14 03 00 00 01 01 16 |.....F.+........|
+00000090 03 00 00 40 65 17 83 78 12 b1 50 a8 7e 91 ad cf |...@e..x..P.~...|
+000000a0 ff da 1b c3 c2 62 d7 7b dc 85 6a 1e 64 65 2e fc |.....b.{..j.de..|
+000000b0 71 ea bd 4b a6 61 e3 95 27 78 f5 93 e6 6e 4c 83 |q..K.a..'x...nL.|
+000000c0 78 f4 a0 ac 3b 23 08 61 b5 b6 96 3f a5 fd 50 be |x...;#.a...?..P.|
+000000d0 20 ef 8f af | ...|
>>> Flow 4 (server to client)
-00000000 14 03 00 00 01 01 16 03 00 00 40 6c 5b 64 b5 f9 |..........@l[d..|
-00000010 76 cc 7e 51 72 46 ab 21 17 b3 fb 2b 48 c5 5a 9f |v.~QrF.!...+H.Z.|
-00000020 e6 35 14 ff df c7 a7 4b 5e 5a 9b 82 57 b5 bf 4d |.5.....K^Z..W..M|
-00000030 5f 7c a5 be 67 96 71 3a 63 ad 76 86 66 06 e9 a2 |_|..g.q:c.v.f...|
-00000040 35 39 6f 79 13 21 4b 19 c1 83 0e 17 03 00 00 20 |59oy.!K........ |
-00000050 1a 80 c5 d1 8b 33 79 89 39 fc 11 44 80 33 1a f7 |.....3y.9..D.3..|
-00000060 9f 63 96 5d c9 1a d4 56 2a ee 68 24 68 83 5d ca |.c.]...V*.h$h.].|
-00000070 17 03 00 00 30 7c d4 88 17 d0 10 66 6a b3 61 ed |....0|.....fj.a.|
-00000080 0a b5 72 55 ca fb c4 ec e2 f2 e2 bf 67 dd 3d c9 |..rU........g.=.|
-00000090 01 3b 50 5c 35 ce 28 2d e6 9c 1f 5c 70 14 46 2a |.;P\5.(-...\p.F*|
-000000a0 d8 9e ef 6a 66 15 03 00 00 20 c7 af e1 86 10 30 |...jf.... .....0|
-000000b0 41 73 88 b2 86 02 a8 60 38 61 92 32 11 22 2d 47 |As.....`8a.2."-G|
-000000c0 76 fe 22 9c 76 c2 00 ee e9 03 |v.".v.....|
+00000000 14 03 00 00 01 01 16 03 00 00 40 c1 63 5c 1e 81 |..........@.c\..|
+00000010 ef 1c 55 e7 5b ee 19 2b 89 c9 19 7a 53 96 ae f6 |..U.[..+...zS...|
+00000020 47 22 4b b2 b9 64 38 06 99 b1 58 39 bc c2 7f 1c |G"K..d8...X9....|
+00000030 c4 8e 0a ec f2 3d 41 ac a9 a2 34 d9 a2 66 4e 35 |.....=A...4..fN5|
+00000040 a1 a5 a5 ad 70 c2 62 67 f7 83 3f 17 03 00 00 20 |....p.bg..?.... |
+00000050 bf 4b 66 00 de 5f 75 f1 57 a1 47 e3 35 cb 1a 1b |.Kf.._u.W.G.5...|
+00000060 1e f4 3b f5 96 84 bc ed 36 74 8a 8b 62 46 94 fd |..;.....6t..bF..|
+00000070 17 03 00 00 30 a2 a7 8c ac 1b 27 d7 1a 6a 2b 37 |....0.....'..j+7|
+00000080 cc 76 03 e3 93 6e ee 3d 12 d5 cd d7 b2 fc 59 ae |.v...n.=......Y.|
+00000090 a5 e5 d5 9d 61 86 0b bf 2c 61 de ef 38 95 de 0c |....a...,a..8...|
+000000a0 01 80 15 04 71 15 03 00 00 20 85 70 23 62 cb 0a |....q.... .p#b..|
+000000b0 e0 fd f4 36 a6 7d 1a 85 50 36 70 c1 77 85 0d 94 |...6.}..P6p.w...|
+000000c0 fd 90 8a eb cd ce a4 b5 d8 fc |..........|
diff --git a/src/crypto/tls/testdata/Server-SSLv3-RSA-RC4 b/src/crypto/tls/testdata/Server-SSLv3-RSA-RC4
index f5674cc..6feee48 100644
--- a/src/crypto/tls/testdata/Server-SSLv3-RSA-RC4
+++ b/src/crypto/tls/testdata/Server-SSLv3-RSA-RC4
@@ -1,12 +1,12 @@
>>> Flow 1 (client to server)
-00000000 16 03 00 00 2f 01 00 00 2b 03 00 3f cc 8d 3f f0 |..../...+..?..?.|
-00000010 c9 36 6f 43 43 c1 46 45 cd bf e5 ba 02 e6 55 2c |.6oCC.FE......U,|
-00000020 3a 24 4a db cb a8 f2 1d 26 3e ef 00 00 04 00 05 |:$J.....&>......|
+00000000 16 03 00 00 2f 01 00 00 2b 03 00 d6 26 87 86 f3 |..../...+...&...|
+00000010 3f e3 08 85 7a fc 3c fe 91 44 1a 68 9f c8 77 10 |?...z.<..D.h..w.|
+00000020 5e af fa b9 e1 09 5f fb fa ad dd 00 00 04 00 05 |^....._.........|
00000030 00 ff 01 00 |....|
>>> Flow 2 (server to client)
00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 05 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 00 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,26 +47,26 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 00 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 00 00 84 10 00 00 80 13 5d 75 f0 6d 24 54 |..........]u.m$T|
-00000010 f5 a1 f0 13 86 61 ce ea 66 86 06 eb c8 27 78 9f |.....a..f....'x.|
-00000020 10 0d ef 94 3f 1b fb 8c 11 14 67 2a 0e 2a 1b cf |....?.....g*.*..|
-00000030 ae 5a cb ac b8 b2 ea a8 70 85 ee fd 88 a9 61 a4 |.Z......p.....a.|
-00000040 75 66 86 a5 88 96 a0 0d 6f 77 fe 63 5e 88 60 4d |uf......ow.c^.`M|
-00000050 f6 b7 93 28 99 72 e8 60 ed 64 9a 3f e6 12 ea ee |...(.r.`.d.?....|
-00000060 83 58 d4 0c 19 e0 2b ce b0 b4 fa 73 9f 78 d9 09 |.X....+....s.x..|
-00000070 8c 17 b8 f5 04 e1 de c4 fe a9 1a aa ba 0d be f3 |................|
-00000080 c8 e1 e4 e8 cc 39 4c f0 b9 14 03 00 00 01 01 16 |.....9L.........|
-00000090 03 00 00 3c 1b 70 07 7f ad 8f a7 78 fd e8 eb b2 |...<.p.....x....|
-000000a0 9a 54 86 a2 dd bc fa b6 0a 52 48 24 79 6a 04 f6 |.T.......RH$yj..|
-000000b0 28 80 1f b7 b1 c6 4e 07 a3 52 60 5a 5a 81 14 11 |(.....N..R`ZZ...|
-000000c0 d2 ee 33 71 e7 d3 ba 3e 4b 31 81 f2 f0 49 ee e4 |..3q...>K1...I..|
+00000000 16 03 00 00 84 10 00 00 80 d2 67 c1 73 bb 95 8d |..........g.s...|
+00000010 b2 e7 30 ca 6c 53 eb f0 34 e5 26 11 0b 91 e9 0a |..0.lS..4.&.....|
+00000020 cb 7d 9f d8 f9 01 38 06 01 83 29 a7 1d 69 b8 a1 |.}....8...)..i..|
+00000030 1f aa bf 73 1e 26 82 ed 44 f5 82 ec 95 69 88 4b |...s.&..D....i.K|
+00000040 b7 ce dd 52 c1 a6 3f be b8 02 23 a5 f3 0c 1e 36 |...R..?...#....6|
+00000050 f9 c9 00 1f da e9 d5 38 48 b0 24 5e 25 c1 d4 cb |.......8H.$^%...|
+00000060 64 c2 16 ff 94 d6 bd e2 e1 bf 7a 98 d9 77 09 a1 |d.........z..w..|
+00000070 c4 f0 99 e6 57 89 02 c8 dd f0 d5 94 d8 44 34 0b |....W........D4.|
+00000080 7a 08 52 95 75 20 02 0a 83 14 03 00 00 01 01 16 |z.R.u ..........|
+00000090 03 00 00 3c e9 19 7a 94 45 9a b0 ec 3f 8f 1d 19 |...<..z.E...?...|
+000000a0 64 65 45 6c e8 4e e3 c8 c8 c6 dc d3 a1 05 cf ea |deEl.N..........|
+000000b0 fa cf 59 74 93 84 53 a3 bd 7b f0 07 64 92 ea a2 |..Yt..S..{..d...|
+000000c0 f1 2a ea 29 4a 80 c6 99 76 3c 7e c3 f7 b0 e5 e2 |.*.)J...v<~.....|
>>> Flow 4 (server to client)
-00000000 14 03 00 00 01 01 16 03 00 00 3c 47 20 7c b9 0d |..........<G |..|
-00000010 f8 59 c0 79 25 ae 8a f3 f5 7d 0c f5 62 d4 a5 5b |.Y.y%....}..b..[|
-00000020 f6 08 36 cc 99 21 ac 80 04 48 49 2c 04 7c 87 08 |..6..!...HI,.|..|
-00000030 d3 10 43 a9 6a ec 99 96 99 0a fa cb db 95 6f fe |..C.j.........o.|
-00000040 b1 75 77 1e b7 a9 9d 17 03 00 00 21 1a 2f bc 70 |.uw........!./.p|
-00000050 2c 00 6b 55 e1 e5 81 17 1c b7 a1 11 d7 21 c1 2f |,.kU.........!./|
-00000060 3e 95 f8 48 74 a4 97 0a 9d a2 0b bc d4 15 03 00 |>..Ht...........|
-00000070 00 16 67 0d 6d 69 53 87 92 23 21 51 72 f6 31 73 |..g.miS..#!Qr.1s|
-00000080 db bd 3c e6 f4 12 4c 69 |..<...Li|
+00000000 14 03 00 00 01 01 16 03 00 00 3c 14 6c 96 8a 5e |..........<.l..^|
+00000010 ab 93 c2 65 9b 22 57 31 e6 f1 ce 6a a2 28 31 e8 |...e."W1...j.(1.|
+00000020 b5 c3 e7 07 98 2f 0b 40 b7 65 ec 92 f5 60 61 c2 |...../.@.e...`a.|
+00000030 25 40 91 2f fa a4 4e 4a ad 7b b3 2a 26 23 d3 04 |%@./..NJ.{.*&#..|
+00000040 0f c2 2e 95 82 9d 4b 17 03 00 00 21 5e c6 1e 2c |......K....!^..,|
+00000050 49 23 4d 14 b2 87 4b c2 f9 09 17 f0 1a 11 15 50 |I#M...K........P|
+00000060 52 d3 85 7b 25 0e e5 2c 7b 74 4b 5e 9d 15 03 00 |R..{%..,{tK^....|
+00000070 00 16 6b aa 31 b5 e4 ff 02 0a 39 bc d7 57 51 a1 |..k.1.....9..WQ.|
+00000080 42 07 c9 ba 2b 35 26 b7 |B...+5&.|
diff --git a/src/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/src/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES
index 3e17081..c5494af 100644
--- a/src/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES
+++ b/src/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES
@@ -1,14 +1,15 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 4f 01 00 00 4b 03 01 f1 86 d0 c8 69 |....O...K......i|
-00000010 46 0b 0b 89 08 c0 82 c0 f7 f1 9a b6 d2 2b e1 46 |F............+.F|
-00000020 e6 e1 44 65 de 39 0a 68 a8 d5 1c 00 00 04 c0 0a |..De.9.h........|
-00000030 00 ff 01 00 00 1e 00 0b 00 04 03 00 01 02 00 0a |................|
-00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 16 00 00 |................|
-00000050 00 17 00 00 |....|
+00000000 16 03 01 00 63 01 00 00 5f 03 01 c7 00 ca ac 5f |....c..._......_|
+00000010 08 6c a0 aa e8 a0 55 6f fb 20 ae 5d 6c 07 fa 6b |.l....Uo. .]l..k|
+00000020 f8 2b 16 e2 46 ce f7 e7 c1 ba 5c 00 00 04 c0 0a |.+..F.....\.....|
+00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 |........|
>>> Flow 2 (server to client)
00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 c0 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 01 02 0e 0b 00 02 0a 00 |................|
00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...|
00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.|
@@ -42,37 +43,37 @@
00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7|
00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.|
00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1|
-00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 01 00 b5 0c 00 |{j.9....*.......|
-00000250 00 b1 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(|
+00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 01 00 b4 0c 00 |{j.9....*.......|
+00000250 00 b0 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(|
00000260 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........|
-00000270 99 5f 58 cb 3b 74 00 8b 30 81 88 02 42 00 ad 93 |._X.;t..0...B...|
-00000280 e2 c2 3d 7e 95 63 17 5d 45 cf cd 27 af d2 db b3 |..=~.c.]E..'....|
-00000290 d0 bc 13 1e 6f 0a 61 3a fb 3c b3 03 61 2c 36 ae |....o.a:.<..a,6.|
-000002a0 4f be 27 e9 43 3c cf 57 9b 82 5e 7d 54 36 ed 7e |O.'.C<.W..^}T6.~|
-000002b0 0b 34 68 26 90 00 20 02 0f c1 18 bc 79 1b 90 02 |.4h&.. .....y...|
-000002c0 42 01 6b 66 9d 56 48 8e 5e 38 93 48 03 6b b9 d7 |B.kf.VH.^8.H.k..|
-000002d0 bd 14 a0 3e 8a 27 81 7f fe 4d e5 8a 12 4d 95 16 |...>.'...M...M..|
-000002e0 ef c7 8d 60 07 1d 22 f8 5d 72 0d cc be c3 51 69 |...`..".]r....Qi|
-000002f0 7a 04 e3 84 e5 ba dd 04 1d d4 4c 6f 9f 6b 12 e0 |z.........Lo.k..|
-00000300 2f 83 3c 16 03 01 00 04 0e 00 00 00 |/.<.........|
+00000270 99 5f 58 cb 3b 74 00 8a 30 81 87 02 41 4f 15 dd |._X.;t..0...AO..|
+00000280 a7 4a 1e 90 6f f5 4b 31 f7 8f c5 5f 26 60 0c d2 |.J..o.K1..._&`..|
+00000290 ab 71 cf e4 3e 20 2e 83 9e 94 00 fc 92 4f 87 43 |.q..> .......O.C|
+000002a0 e8 53 2f a3 ee 4a 4e 58 6e d5 5f 11 64 54 de cc |.S/..JNXn._.dT..|
+000002b0 ae 83 b1 53 4a 16 1d 14 5c f0 fe 6b c1 7a 02 42 |...SJ...\..k.z.B|
+000002c0 00 89 a0 e3 33 70 5f 20 c3 72 e7 93 1a fa b1 49 |....3p_ .r.....I|
+000002d0 4a 46 83 f4 a3 88 24 c0 22 72 e6 09 ad a7 bd d1 |JF....$."r......|
+000002e0 c8 c1 b3 7c 21 04 dc 67 58 8e 8e d4 bf 2d f3 d7 |...|!..gX....-..|
+000002f0 c4 5a 06 d6 c1 65 84 dc 97 5c 0d 6f a4 64 d2 5f |.Z...e...\.o.d._|
+00000300 47 99 16 03 01 00 04 0e 00 00 00 |G..........|
>>> Flow 3 (client to server)
-00000000 16 03 01 00 25 10 00 00 21 20 18 40 ea d1 e1 17 |....%...! .@....|
-00000010 b6 a2 a5 db 20 13 70 81 90 fc ac e8 96 7c b1 e1 |.... .p......|..|
-00000020 ff 6f 57 1f c1 64 72 94 f7 05 14 03 01 00 01 01 |.oW..dr.........|
-00000030 16 03 01 00 30 05 33 48 f0 2a 3a df df 1d c4 3d |....0.3H.*:....=|
-00000040 87 ea 9d 04 04 eb 84 bf a0 ed bc 56 2f ab 36 52 |...........V/.6R|
-00000050 d5 b2 2c 6f 8c 58 49 51 33 d5 fc df 5d 09 df e9 |..,o.XIQ3...]...|
-00000060 be 20 30 9a 37 |. 0.7|
+00000000 16 03 01 00 25 10 00 00 21 20 91 71 e4 59 10 64 |....%...! .q.Y.d|
+00000010 19 77 13 21 9c 60 ee 81 58 ba 41 10 39 61 e0 a7 |.w.!.`..X.A.9a..|
+00000020 73 4d ec e8 cd cc b5 e0 cc 6d 14 03 01 00 01 01 |sM.......m......|
+00000030 16 03 01 00 30 5c 35 d5 37 46 1e 28 52 32 ed 35 |....0\5.7F.(R2.5|
+00000040 44 37 9c ca 83 4c 06 80 ff 17 7c cd 7d e5 22 14 |D7...L....|.}.".|
+00000050 0e 70 12 01 f0 e5 ce 5a ca be 41 e2 ee 48 9d 95 |.p.....Z..A..H..|
+00000060 c3 51 0c 15 bb |.Q...|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 8c b6 5b 83 03 |..........0..[..|
-00000010 c0 d8 83 f7 1d 24 2e ec 39 68 00 91 73 d2 5a 15 |.....$..9h..s.Z.|
-00000020 3f 83 aa e3 6d fd cc 31 58 90 e9 a9 e3 e4 78 5d |?...m..1X.....x]|
-00000030 ce 8e b3 ba cd 71 aa a2 fd f4 7c 17 03 01 00 20 |.....q....|.... |
-00000040 62 98 34 9d 01 13 13 2d 1b 27 3a 4f 10 28 48 d6 |b.4....-.':O.(H.|
-00000050 32 8c 99 2a c8 64 14 6e dc f5 7c 6d 16 59 45 8e |2..*.d.n..|m.YE.|
-00000060 17 03 01 00 30 1e ed f9 40 ad 5c 5d f6 94 c9 fd |....0...@.\]....|
-00000070 a1 ac fc 00 7b 48 9a 59 6d f5 b7 06 a4 66 25 04 |....{H.Ym....f%.|
-00000080 61 33 08 f3 66 86 21 00 fb f3 03 78 83 4c b6 c8 |a3..f.!....x.L..|
-00000090 9d 5e ea f5 7e 15 03 01 00 20 98 d8 f6 2a 79 60 |.^..~.... ...*y`|
-000000a0 8d fb c9 45 2f 27 59 17 a9 79 eb e7 b9 46 f1 57 |...E/'Y..y...F.W|
-000000b0 a6 fa ea e1 d0 23 8c 03 4f 72 |.....#..Or|
+00000000 14 03 01 00 01 01 16 03 01 00 30 ba 12 b3 9d e1 |..........0.....|
+00000010 9a 4d 9d d4 74 50 d7 b0 db 05 68 53 ba 1f 4b 3a |.M..tP....hS..K:|
+00000020 b5 c4 91 ee e6 ed d4 e9 07 c7 12 c5 90 42 f5 44 |.............B.D|
+00000030 5a 34 59 07 9d fa 8c ec a4 7e 5f 17 03 01 00 20 |Z4Y......~_.... |
+00000040 04 58 11 87 90 9b fe ae 63 39 15 07 ec 74 fd 9a |.X......c9...t..|
+00000050 15 28 ec b0 75 c4 e8 7a c5 59 73 9c cf 85 75 af |.(..u..z.Ys...u.|
+00000060 17 03 01 00 30 24 12 78 fc 37 d4 d8 ec 25 67 38 |....0$.x.7...%g8|
+00000070 63 91 68 3a fc 97 26 ab 11 b9 4b 8f 20 8f 75 4f |c.h:..&...K. .uO|
+00000080 ca 02 ef 2b 43 b1 4e 7a ed dd dc 36 93 ae 79 6f |...+C.Nz...6..yo|
+00000090 c5 8c a2 39 d6 15 03 01 00 20 b0 a0 fb f1 40 b2 |...9..... ....@.|
+000000a0 09 00 94 fd b3 f5 98 1e d6 fb e8 96 20 36 bb 4b |............ 6.K|
+000000b0 4a 28 fb 51 0e 6e 7b fe 05 48 |J(.Q.n{..H|
diff --git a/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial b/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial
index 84e0e37..7e6b5bc 100644
--- a/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial
+++ b/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial
@@ -1,15 +1,16 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 61 01 00 00 5d 03 01 f4 ec 99 73 ec |....a...].....s.|
-00000010 36 30 c7 0b 26 33 a2 c4 26 8e 9f 04 f7 5b e7 4f |60..&3..&....[.O|
-00000020 86 85 14 bf f7 49 96 a4 ae c9 1d 00 00 12 c0 0a |.....I..........|
+00000000 16 03 01 00 75 01 00 00 71 03 01 7c 54 5c c6 6c |....u...q..|T\.l|
+00000010 e9 bc 40 7a 4b 4e 46 5d 0a 37 3b d9 8f d7 97 47 |..@zKNF].7;....G|
+00000020 44 42 d4 23 db 0d d2 3b 60 83 c3 00 00 12 c0 0a |DB.#...;`.......|
00000030 c0 14 00 39 c0 09 c0 13 00 33 00 35 00 2f 00 ff |...9.....3.5./..|
-00000040 01 00 00 22 00 0b 00 04 03 00 01 02 00 0a 00 0a |..."............|
-00000050 00 08 00 1d 00 17 00 19 00 18 00 23 00 00 00 16 |...........#....|
-00000060 00 00 00 17 00 00 |......|
+00000040 01 00 00 36 00 00 00 0e 00 0c 00 00 09 31 32 37 |...6.........127|
+00000050 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 00 0a |.0.0.1..........|
+00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#|
+00000070 00 00 00 16 00 00 00 17 00 00 |..........|
>>> Flow 2 (server to client)
00000000 16 03 01 00 35 02 00 00 31 03 01 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 c0 14 00 00 |...DOWNGRD......|
00000030 09 00 23 00 00 ff 01 00 01 00 16 03 01 02 59 0b |..#...........Y.|
00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..|
00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.|
@@ -51,42 +52,42 @@
00000290 84 5c 21 d3 3b e9 fa e7 16 03 01 00 aa 0c 00 00 |.\!.;...........|
000002a0 a6 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 da |.... /.}.G.bC.(.|
000002b0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
-000002c0 5f 58 cb 3b 74 00 80 8e fe 28 f2 06 d8 b9 d6 74 |_X.;t....(.....t|
-000002d0 72 34 dc fa 00 38 56 1a fc a1 68 e8 ca 8f 7a 61 |r4...8V...h...za|
-000002e0 92 e2 2a 63 ce 4d 96 c6 bb 84 82 41 2d 97 35 13 |..*c.M.....A-.5.|
-000002f0 e1 ff 4c ec f2 e6 62 16 15 35 da 8a 57 55 cb 28 |..L...b..5..WU.(|
-00000300 26 35 e6 86 00 b0 92 44 b7 40 7b 6a c4 b0 b8 10 |&5.....D.@{j....|
-00000310 b7 16 97 a7 26 eb 1e 0b 99 b3 22 4a 6b 7f 0b 69 |....&....."Jk..i|
-00000320 0d 21 1e 33 6d fd 78 b5 62 68 53 db 62 69 ba b4 |.!.3m.x.bhS.bi..|
-00000330 bc 74 b3 d4 ce a2 41 d7 ba 62 aa cc b2 39 65 86 |.t....A..b...9e.|
-00000340 5f 00 68 e2 16 a5 13 16 03 01 00 04 0e 00 00 00 |_.h.............|
+000002c0 5f 58 cb 3b 74 00 80 67 06 ef c8 04 2d a2 ae 6b |_X.;t..g....-..k|
+000002d0 4f 9b d7 94 aa a4 db dc 37 65 ac c5 49 96 7e 48 |O.......7e..I.~H|
+000002e0 0f ea 82 62 d9 74 c8 e2 b4 20 72 77 b9 c1 b3 72 |...b.t... rw...r|
+000002f0 4c 67 78 4b c9 4d 98 63 6d b7 df 16 43 65 d1 37 |LgxK.M.cm...Ce.7|
+00000300 41 48 a3 4e 75 59 83 b9 7a 10 78 d3 84 d9 21 54 |AH.NuY..z.x...!T|
+00000310 c2 86 b3 45 22 e7 e1 35 b7 74 0b 96 fc 7e 81 fa |...E"..5.t...~..|
+00000320 27 9e 44 8b a7 87 b3 cb 39 d9 7f d2 dc 7f 98 f1 |'.D.....9.......|
+00000330 45 34 cb c1 73 6a 1d 3e 01 f6 0b 9a 26 cf 48 d7 |E4..sj.>....&.H.|
+00000340 ef 56 f2 fb 75 c3 af 16 03 01 00 04 0e 00 00 00 |.V..u...........|
>>> Flow 3 (client to server)
-00000000 16 03 01 00 25 10 00 00 21 20 81 08 e4 37 1d 03 |....%...! ...7..|
-00000010 87 5a 00 68 ae 49 76 08 4a e2 20 82 0b e5 7c 3e |.Z.h.Iv.J. ...|>|
-00000020 90 49 9b c3 b9 c7 c9 3c 29 24 14 03 01 00 01 01 |.I.....<)$......|
-00000030 16 03 01 00 30 33 07 d5 08 ca ae f9 70 50 93 0a |....03......pP..|
-00000040 55 2e e0 df 1d 88 ae 1e 06 17 47 64 a3 52 36 37 |U.........Gd.R67|
-00000050 d5 ca f1 b1 d2 76 7b f8 89 59 13 e9 ab b1 cb dc |.....v{..Y......|
-00000060 1f a8 89 f4 2f |..../|
+00000000 16 03 01 00 25 10 00 00 21 20 67 7e 47 91 48 7e |....%...! g~G.H~|
+00000010 09 88 9e e7 6c 17 a8 36 3a fb b8 bf f3 1d 51 01 |....l..6:.....Q.|
+00000020 b1 b4 fb 16 a6 9c 19 74 a0 65 14 03 01 00 01 01 |.......t.e......|
+00000030 16 03 01 00 30 f5 06 6c 15 ad 06 45 cc 5d 12 67 |....0..l...E.].g|
+00000040 93 63 e8 50 b5 df f8 75 9d 67 e6 45 92 26 a4 60 |.c.P...u.g.E.&.`|
+00000050 3a fe 2e 75 6f 8b a9 da de 12 7d 61 05 b7 50 32 |:..uo.....}a..P2|
+00000060 e9 c9 ab 46 e9 |...F.|
>>> Flow 4 (server to client)
00000000 16 03 01 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6d ec a4 83 61 a4 a1 9c 14 de f8 59 c8 c7 f0 10 |m...a......Y....|
-00000040 08 fe c9 37 29 ed 47 05 d2 bd a8 4c 05 b9 8c f8 |...7).G....L....|
-00000050 b5 4d e4 a6 30 0f 49 4a b1 73 1f 89 73 c8 bb 36 |.M..0.IJ.s..s..6|
-00000060 14 9d d2 95 70 33 94 fb 82 e6 fe 3e 64 8c 9d e8 |....p3.....>d...|
-00000070 e3 e5 93 3d fe 4e 23 a3 97 8a a3 91 80 c9 00 01 |...=.N#.........|
-00000080 a6 f0 47 cf 11 a6 90 14 03 01 00 01 01 16 03 01 |..G.............|
-00000090 00 30 1f 70 17 a1 30 82 5a 32 e7 aa a1 7f 1b f6 |.0.p..0.Z2......|
-000000a0 d8 aa 6a 51 64 1b 4a f1 94 12 08 2f 5d 95 fe 83 |..jQd.J..../]...|
-000000b0 52 c8 3b d4 58 73 50 19 b8 08 61 b3 3a 5d f6 d3 |R.;.XsP...a.:]..|
-000000c0 67 e6 17 03 01 00 20 bd 79 44 08 9d 86 cf 5e e9 |g..... .yD....^.|
-000000d0 e4 3c 80 ed b7 18 10 07 0f 42 85 ca a4 51 fd 9b |.<.......B...Q..|
-000000e0 38 3e 04 7e 72 6e 80 17 03 01 00 30 2c 46 c2 71 |8>.~rn.....0,F.q|
-000000f0 4a 83 46 eb 63 87 f5 83 b4 72 70 4f a3 59 b3 ff |J.F.c....rpO.Y..|
-00000100 3c 00 74 12 db 33 51 4c 7c e0 c1 27 44 20 68 25 |<.t..3QL|..'D h%|
-00000110 95 f1 37 2a 24 f1 85 a3 5a e4 50 fe 15 03 01 00 |..7*$...Z.P.....|
-00000120 20 72 01 cc 74 d5 b4 6b 05 ce de f0 b4 fe 4f 6b | r..t..k......Ok|
-00000130 a8 8f ad 5a c2 7d 40 65 d6 a2 57 52 b8 8a c5 4f |...Z.}@e..WR...O|
-00000140 d9 |.|
+00000030 6d ec a4 83 61 7c 54 a3 1a 2d bb 5f f0 10 99 e1 |m...a|T..-._....|
+00000040 34 de 77 7f ee 2f ff 04 6d d3 d3 ef 66 e2 2d d1 |4.w../..m...f.-.|
+00000050 6b 50 30 3c e0 24 e6 22 e3 f2 26 f3 d1 d7 4d ae |kP0<.$."..&...M.|
+00000060 d3 7e 7f fa 1a 33 94 ef bd 3f 22 57 45 75 6c 1f |.~...3...?"WEul.|
+00000070 fe ca 44 27 c1 20 14 cb 42 92 2d db 34 38 dc 50 |..D'. ..B.-.48.P|
+00000080 3f a0 52 a0 78 7f ca 14 03 01 00 01 01 16 03 01 |?.R.x...........|
+00000090 00 30 fe 05 cc db 6f b4 2b 94 01 56 c0 5e 6e cf |.0....o.+..V.^n.|
+000000a0 29 b0 4d dc 74 ec a7 f6 68 2c 33 d9 cb f5 92 8b |).M.t...h,3.....|
+000000b0 35 d3 e4 21 a1 a8 dc 4b a7 a3 97 8d a8 3b 55 21 |5..!...K.....;U!|
+000000c0 17 bd 17 03 01 00 20 15 02 68 3e 6a 6f b8 4d bf |...... ..h>jo.M.|
+000000d0 1b ef b3 0f 52 a0 9d 07 8f ae 57 50 a0 94 06 9b |....R.....WP....|
+000000e0 29 d7 c9 4c 5d ad 50 17 03 01 00 30 ab 31 2f 85 |)..L].P....0.1/.|
+000000f0 32 54 67 03 49 3c 25 00 9d b0 17 1d 90 07 ca e2 |2Tg.I<%.........|
+00000100 6c 7e b9 cf 5a ea 7c 10 e4 9a 0c cf 0e fc 7d 4a |l~..Z.|.......}J|
+00000110 f6 17 0d dc 5b be 3f cb 78 90 9b 87 15 03 01 00 |....[.?.x.......|
+00000120 20 ab 1d cf 80 17 58 01 98 e7 c1 39 81 9f f5 18 | .....X....9....|
+00000130 3e 88 30 81 64 62 36 89 8b e9 06 55 2b d3 ee 85 |>.0.db6....U+...|
+00000140 b9 |.|
diff --git a/src/crypto/tls/testdata/Server-TLSv10-RSA-3DES b/src/crypto/tls/testdata/Server-TLSv10-RSA-3DES
index 9590b0d..10fade1 100644
--- a/src/crypto/tls/testdata/Server-TLSv10-RSA-3DES
+++ b/src/crypto/tls/testdata/Server-TLSv10-RSA-3DES
@@ -1,12 +1,15 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 39 01 00 00 35 03 01 58 71 a3 0c c4 |....9...5..Xq...|
-00000010 b6 b0 33 0a 66 3c eb c6 f4 d9 0e 99 75 d4 9e b6 |..3.f<......u...|
-00000020 03 b4 ae ae ad bc a8 ab 64 a0 27 00 00 04 00 0a |........d.'.....|
-00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............|
+00000000 16 03 01 00 63 01 00 00 5f 03 01 33 4b 5c 08 a3 |....c..._..3K\..|
+00000010 64 52 8d 1f c9 55 bd 2e 03 e8 9d 88 f4 ff c0 35 |dR...U.........5|
+00000020 33 ad d0 aa 7d f6 2d 42 0c c4 85 00 00 04 00 0a |3...}.-B........|
+00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 |........|
>>> Flow 2 (server to client)
00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,26 +50,26 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 01 00 86 10 00 00 82 00 80 ab 50 cd 04 9e |............P...|
-00000010 db 19 e4 18 26 ff 59 41 20 02 a5 a2 20 a3 1c 44 |....&.YA ... ..D|
-00000020 02 bc 9a 1c d9 d7 5d 5b 55 fc 2a 4d 2b 03 22 b1 |......][U.*M+.".|
-00000030 de 96 10 84 6f e3 f2 22 2d 6f cb 29 07 43 a6 6e |....o.."-o.).C.n|
-00000040 ce 23 64 f7 72 2b dc 9b c0 6f 7f bd 8e cf e2 7f |.#d.r+...o......|
-00000050 75 12 24 72 23 6b 26 08 69 76 17 c0 21 91 c0 7d |u.$r#k&.iv..!..}|
-00000060 8c 8f 20 83 08 02 0d 73 27 23 91 35 5f 3f e6 56 |.. ....s'#.5_?.V|
-00000070 1d 69 d3 1d 3b 0e fa 60 86 8b 40 ad c0 48 59 60 |.i..;..`..@..HY`|
-00000080 45 eb b0 77 2c 91 94 75 fd 6a d3 14 03 01 00 01 |E..w,..u.j......|
-00000090 01 16 03 01 00 28 8b 25 c1 8f 25 32 b5 cb 74 6d |.....(.%..%2..tm|
-000000a0 08 67 59 a3 ae ae 16 f9 fa 03 f6 54 42 f4 56 3f |.gY........TB.V?|
-000000b0 c4 12 66 f3 1a b0 48 95 24 79 fe 41 a5 d1 |..f...H.$y.A..|
+00000000 16 03 01 00 86 10 00 00 82 00 80 69 ea b8 fd 3a |...........i...:|
+00000010 76 cb 76 4d b2 7a 0e 61 4d 9d 9e 26 13 02 07 aa |v.vM.z.aM..&....|
+00000020 31 94 01 9f 57 00 80 f1 aa 75 06 09 65 42 c7 c8 |1...W....u..eB..|
+00000030 6d ea 8c 75 4e 69 35 d2 84 71 89 5a 44 f6 15 91 |m..uNi5..q.ZD...|
+00000040 b0 a9 e1 ff 65 0a 51 fe 06 a3 2d eb cb 33 6e 07 |....e.Q...-..3n.|
+00000050 dd 2f 02 fe d3 ec 89 7c 87 48 27 eb d8 8c 4c 6d |./.....|.H'...Lm|
+00000060 95 4c 6f 8a a8 a0 fe 59 d6 a4 b4 7a a5 48 aa f1 |.Lo....Y...z.H..|
+00000070 37 95 1d 4d 18 ee b0 a7 aa ca a8 18 65 83 8e 26 |7..M........e..&|
+00000080 05 9c d6 76 ff 9b 40 65 b7 2e 47 14 03 01 00 01 |...v..@e..G.....|
+00000090 01 16 03 01 00 28 fa 03 ae d2 47 ef 75 4e 99 79 |.....(....G.uN.y|
+000000a0 69 87 be 5e 61 1f 0f 09 65 56 31 08 09 38 34 1b |i..^a...eV1..84.|
+000000b0 41 6a 9e 2c 3b a9 11 62 34 a8 58 bc 1d 92 |Aj.,;..b4.X...|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 28 ff 69 ed 0f 20 |..........(.i.. |
-00000010 ff e1 42 78 b9 bc a8 61 48 82 08 a0 01 a5 98 91 |..Bx...aH.......|
-00000020 3e 39 d4 6d 17 38 a2 04 18 ed 90 3c f0 cf 6a 9a |>9.m.8.....<..j.|
-00000030 ea c5 45 17 03 01 00 18 b5 76 2c 0e f1 34 51 e5 |..E......v,..4Q.|
-00000040 f5 38 d3 9f c9 c5 d5 19 35 c3 2e ec 18 df 8e c8 |.8......5.......|
-00000050 17 03 01 00 28 47 6f e9 c0 fa b3 21 ec 6c 16 e7 |....(Go....!.l..|
-00000060 71 a8 09 15 17 86 68 1c cf fa ea 37 68 d3 33 ef |q.....h....7h.3.|
-00000070 4a b1 95 46 5b 16 d7 95 f8 13 65 2f 93 15 03 01 |J..F[.....e/....|
-00000080 00 18 1b 0c 09 81 ff fc 6d 82 84 ab 83 98 fc 72 |........m......r|
-00000090 f5 4a a0 eb 08 96 79 01 76 26 |.J....y.v&|
+00000000 14 03 01 00 01 01 16 03 01 00 28 a4 c5 9f 93 86 |..........(.....|
+00000010 fe 08 22 16 05 20 81 e3 a3 38 74 5d 32 24 41 50 |..".. ...8t]2$AP|
+00000020 f4 e4 6b dd 92 0b d6 77 86 44 32 f9 2d f0 52 0e |..k....w.D2.-.R.|
+00000030 c4 98 02 17 03 01 00 18 20 ee 92 bf 46 ce 52 ed |........ ...F.R.|
+00000040 ac 85 df cd 2a a7 c1 6c 82 be ed 55 9e 55 25 b2 |....*..l...U.U%.|
+00000050 17 03 01 00 28 b0 45 3d 83 94 79 d1 a5 a3 b0 0a |....(.E=..y.....|
+00000060 59 63 13 62 1e 66 c2 69 4d a4 8d e0 fb 87 cb dc |Yc.b.f.iM.......|
+00000070 5e 51 49 05 82 4d d6 1e 40 78 f0 cd 4b 15 03 01 |^QI..M..@x..K...|
+00000080 00 18 38 0e 60 43 55 25 82 d2 4c 97 cf cd a9 7a |..8.`CU%..L....z|
+00000090 e8 8a 4a eb c1 8d 54 cb e6 92 |..J...T...|
diff --git a/src/crypto/tls/testdata/Server-TLSv10-RSA-AES b/src/crypto/tls/testdata/Server-TLSv10-RSA-AES
index c175029..10fc9f0 100644
--- a/src/crypto/tls/testdata/Server-TLSv10-RSA-AES
+++ b/src/crypto/tls/testdata/Server-TLSv10-RSA-AES
@@ -1,12 +1,15 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 39 01 00 00 35 03 01 82 f3 04 d5 71 |....9...5......q|
-00000010 d8 65 69 36 46 cb 45 77 b2 ef 00 75 98 e4 16 d2 |.ei6F.Ew...u....|
-00000020 70 f7 3c 97 84 49 ef da 5d cd 64 00 00 04 00 2f |p.<..I..].d..../|
-00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............|
+00000000 16 03 01 00 63 01 00 00 5f 03 01 a1 4c 20 79 0a |....c..._...L y.|
+00000010 35 d6 8b 7d e7 f2 3e eb bd c2 72 73 a9 18 c2 9b |5..}..>...rs....|
+00000020 8a a0 b6 ae 17 21 df 6f d0 b0 f8 00 00 04 00 2f |.....!.o......./|
+00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 |........|
>>> Flow 2 (server to client)
00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,29 +50,29 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 01 00 86 10 00 00 82 00 80 9c a1 18 77 22 |..............w"|
-00000010 f5 a1 cf 4d cc df 27 7c c5 7e 98 24 24 be 2f b2 |...M..'|.~.$$./.|
-00000020 1d d7 b8 2f fe 90 73 d0 fc f6 88 3c 91 a4 bc dc |.../..s....<....|
-00000030 b9 0b 48 0d 55 e5 9f c1 8a 6c 1c 7d 4d a9 12 d5 |..H.U....l.}M...|
-00000040 87 4b 9a 77 74 3d 33 8c c7 17 fb 32 09 df 86 f1 |.K.wt=3....2....|
-00000050 93 cc 17 f9 08 bd bc 0e 38 df 9d 82 ad cc 70 0c |........8.....p.|
-00000060 f5 8b 8d 99 e8 5f 3e e5 a6 c7 c2 6a 67 02 90 82 |....._>....jg...|
-00000070 28 9a 72 e1 3e 77 51 10 84 29 21 09 56 36 f2 6a |(.r.>wQ..)!.V6.j|
-00000080 1d 15 08 7b 44 41 43 59 55 8d 52 14 03 01 00 01 |...{DACYU.R.....|
-00000090 01 16 03 01 00 30 06 5b 20 42 7e 7b 1f 4b 7c 36 |.....0.[ B~{.K|6|
-000000a0 99 bb c6 b4 ea a1 19 3e 02 0c 3b 3a 38 be 80 11 |.......>..;:8...|
-000000b0 29 72 a8 12 92 ad 24 9d bf 01 3e ef 9a f1 db 33 |)r....$...>....3|
-000000c0 3e c1 dc d2 51 b1 |>...Q.|
+00000000 16 03 01 00 86 10 00 00 82 00 80 95 ba 78 12 0e |.............x..|
+00000010 c1 98 6b 93 f6 7d bd f4 8c 77 de 0a 0a 2a 6e 25 |..k..}...w...*n%|
+00000020 18 a9 eb 41 c2 c0 63 26 82 7a ea 84 ad cc e8 e2 |...A..c&.z......|
+00000030 d8 f1 20 e4 fb 39 87 b8 47 f3 8a 6c 9f b6 08 13 |.. ..9..G..l....|
+00000040 b0 76 99 65 cf 68 87 c4 e7 54 ff 6d 5f 81 f2 9f |.v.e.h...T.m_...|
+00000050 57 1d 21 e8 ed aa 50 17 e7 85 a5 74 6e 9c cc 84 |W.!...P....tn...|
+00000060 bb 06 11 ec 67 8b dc cd 7a 31 4c 08 f4 16 5f d5 |....g...z1L..._.|
+00000070 07 0d 17 aa 00 56 51 6a 4c f5 9d 81 40 27 77 45 |.....VQjL...@'wE|
+00000080 78 4d 68 6d 96 f7 28 c8 bd 18 b1 14 03 01 00 01 |xMhm..(.........|
+00000090 01 16 03 01 00 30 df 7f 74 cd e8 0f 09 06 dd a5 |.....0..t.......|
+000000a0 84 46 db ad 71 85 1a 0d e5 f1 d2 f0 2a b2 ef bb |.F..q.......*...|
+000000b0 0b 79 88 ab ad 39 6d 4b 16 ae 0e 07 9b 9c 3a ea |.y...9mK......:.|
+000000c0 b9 4b 8a 4b 73 06 |.K.Ks.|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 30 2e d5 04 91 6d |..........0....m|
-00000010 32 12 8b 41 4a 46 2c f3 7f d4 16 0a 21 c2 ac 88 |2..AJF,.....!...|
-00000020 09 a0 b5 0d 65 4e 44 e1 92 5a ae b8 3f 61 1f 35 |....eND..Z..?a.5|
-00000030 ab 3a fe bd f8 3c 2c 42 dd 68 0f 17 03 01 00 20 |.:...<,B.h..... |
-00000040 6e d4 08 98 bf b7 18 84 ee 68 f8 17 88 c5 13 7a |n........h.....z|
-00000050 73 e0 c6 ca 0d 21 4d 6b 44 dc 94 36 6c e4 a0 2f |s....!MkD..6l../|
-00000060 17 03 01 00 30 a0 45 d0 88 5d 96 48 26 46 37 33 |....0.E..].H&F73|
-00000070 f6 48 f3 38 2e 38 d7 b6 ef d5 25 bf f3 1b b6 78 |.H.8.8....%....x|
-00000080 32 a7 9c fe be 55 35 f2 07 5b b7 14 87 89 80 f2 |2....U5..[......|
-00000090 cc d5 cb c8 57 15 03 01 00 20 80 2a 8e 6c b8 5a |....W.... .*.l.Z|
-000000a0 41 b4 ae 56 ca 3f 8b a2 e1 ea a0 55 64 b5 60 44 |A..V.?.....Ud.`D|
-000000b0 8f de 33 c6 37 f7 df b5 d9 c3 |..3.7.....|
+00000000 14 03 01 00 01 01 16 03 01 00 30 cd 95 e4 10 a8 |..........0.....|
+00000010 1b dd 36 80 7c 9e 04 23 4c 23 57 0a 57 cf 9a 2e |..6.|..#L#W.W...|
+00000020 07 6d 81 b0 27 f8 5c cc 3b a8 80 40 38 be e0 27 |.m..'.\.;..@8..'|
+00000030 25 ed f2 7d b9 5e a0 76 68 f8 06 17 03 01 00 20 |%..}.^.vh...... |
+00000040 9c 12 9d 3b a0 e5 04 8b 78 44 bc 80 68 22 2b 4c |...;....xD..h"+L|
+00000050 64 f1 ca 5c 83 eb 27 e7 29 ad cc 7d d5 e6 ec 1d |d..\..'.)..}....|
+00000060 17 03 01 00 30 6e 42 31 b0 3d 46 7d e6 08 8c 43 |....0nB1.=F}...C|
+00000070 ea 48 53 34 29 b4 6e ac 2e c4 1f a3 fb fa 70 d5 |.HS4).n.......p.|
+00000080 36 9b 94 4f 6f 3f 00 fa e3 f4 4b e6 b3 f2 0d e2 |6..Oo?....K.....|
+00000090 0f 60 e4 34 4d 15 03 01 00 20 21 a1 22 a3 e1 71 |.`.4M.... !."..q|
+000000a0 ab 28 89 7c 12 ed 12 f7 3e 8a 9a 0e c0 f5 2b 2e |.(.|....>.....+.|
+000000b0 91 bd 3f 05 ff 48 1c 3c b5 af |..?..H.<..|
diff --git a/src/crypto/tls/testdata/Server-TLSv10-RSA-RC4 b/src/crypto/tls/testdata/Server-TLSv10-RSA-RC4
index 3d788c3..cbf41d5 100644
--- a/src/crypto/tls/testdata/Server-TLSv10-RSA-RC4
+++ b/src/crypto/tls/testdata/Server-TLSv10-RSA-RC4
@@ -1,12 +1,15 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 39 01 00 00 35 03 01 71 34 00 f7 c4 |....9...5..q4...|
-00000010 e6 94 b4 ca f2 af d5 0a 82 ce d4 f6 b7 4a a7 d1 |.............J..|
-00000020 1a 88 65 b2 3c b2 6c ec f7 eb 4a 00 00 04 00 05 |..e.<.l...J.....|
-00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............|
+00000000 16 03 01 00 63 01 00 00 5f 03 01 79 6a d2 2d 89 |....c..._..yj.-.|
+00000010 ce 1b 74 2f fd 6b ea e2 2d 21 56 0d e9 37 ce b9 |..t/.k..-!V..7..|
+00000020 bc 96 ef 0c 71 66 7a 3b 13 3a 6b 00 00 04 00 05 |....qfz;.:k.....|
+00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 |........|
>>> Flow 2 (server to client)
00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 05 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,23 +50,23 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 01 00 86 10 00 00 82 00 80 a5 75 5a 20 2c |............uZ ,|
-00000010 31 f7 61 dc 73 c7 f6 4c 06 d2 b9 c0 e8 5f cc 0c |1.a.s..L....._..|
-00000020 51 70 0a 30 b2 8a bb 3b 4c 37 f6 d3 38 da 13 48 |Qp.0...;L7..8..H|
-00000030 90 4f fe 41 ec 53 3c fb 07 26 77 68 07 a0 fb 71 |.O.A.S<..&wh...q|
-00000040 b6 cc 3c cd b4 64 03 08 3a 76 97 6e 6c f1 b4 a9 |..<..d..:v.nl...|
-00000050 af f4 e0 ce bf 36 b9 8e 37 12 de 5b ac 24 06 63 |.....6..7..[.$.c|
-00000060 e2 fb 13 33 be 3b 8d 93 e3 10 95 29 21 b2 22 77 |...3.;.....)!."w|
-00000070 cb 95 b2 13 b3 76 47 98 13 1b a8 cc 50 47 ed 50 |.....vG.....PG.P|
-00000080 f0 cc ca 5a c6 a0 1e c9 9c 97 58 14 03 01 00 01 |...Z......X.....|
-00000090 01 16 03 01 00 24 e7 fd a2 7e fd 6f 53 da 29 68 |.....$...~.oS.)h|
-000000a0 c3 49 2e e9 69 a1 94 b9 e4 a0 cb a2 94 14 a6 42 |.I..i..........B|
-000000b0 df 75 1e da 95 e5 60 e3 35 f1 |.u....`.5.|
+00000000 16 03 01 00 86 10 00 00 82 00 80 d4 da 80 53 5a |..............SZ|
+00000010 4c fc 0b c3 91 a0 b4 91 24 5a 6b 59 01 fa 05 52 |L.......$ZkY...R|
+00000020 cb 37 8c de 51 58 d7 ac 24 e2 d3 ac ad e6 00 0f |.7..QX..$.......|
+00000030 72 50 a4 81 c3 18 ef f9 cb 0f 8b 6a cd e5 0e 46 |rP.........j...F|
+00000040 9a f1 3c 61 ed 31 d4 c0 35 61 14 1e e8 b5 0c b2 |..<a.1..5a......|
+00000050 12 d3 98 5b 54 11 41 cb 8c 13 44 3b 22 fd 3f 5e |...[T.A...D;".?^|
+00000060 29 db 5a 46 13 ee 46 50 ba 25 f4 fb 90 ea ba 73 |).ZF..FP.%.....s|
+00000070 3d 8e 9e 4b cd c3 98 e6 34 99 fd 1a 8d f7 c4 53 |=..K....4......S|
+00000080 22 ca 3a 40 85 1e 64 ff bc 29 d8 14 03 01 00 01 |".:@..d..)......|
+00000090 01 16 03 01 00 24 fd 64 7d 03 fb ae e7 36 bd ce |.....$.d}....6..|
+000000a0 c3 76 f7 17 84 bd ca d6 33 b6 c9 04 1e f4 79 b9 |.v......3.....y.|
+000000b0 d1 32 49 cd 85 d9 fe c1 11 d1 |.2I.......|
>>> Flow 4 (server to client)
-00000000 14 03 01 00 01 01 16 03 01 00 24 44 a6 c8 7b 5f |..........$D..{_|
-00000010 b9 4e c2 62 2d e0 c3 9f 76 0f b3 e5 f5 07 b7 c0 |.N.b-...v.......|
-00000020 93 cd 1f 32 3c 0a 7a 83 57 4a 24 59 ac 95 f9 17 |...2<.z.WJ$Y....|
-00000030 03 01 00 21 6f 02 76 2e 70 82 a0 6c 11 ce 3c b8 |...!o.v.p..l..<.|
-00000040 dd d3 9e 2a ee ce d7 7f 63 1a 5b 35 d0 46 68 7d |...*....c.[5.Fh}|
-00000050 21 6e 5b 64 fc 15 03 01 00 16 81 56 32 7d 51 e4 |!n[d.......V2}Q.|
-00000060 08 53 85 45 65 c3 87 ac b0 58 70 4f 6f f7 64 4e |.S.Ee....XpOo.dN|
+00000000 14 03 01 00 01 01 16 03 01 00 24 0a 1c be 60 96 |..........$...`.|
+00000010 78 67 15 22 ac 38 39 87 80 f5 69 2b 08 32 01 23 |xg.".89...i+.2.#|
+00000020 e0 96 b3 89 8c 57 5f e4 27 33 66 90 b9 47 bc 17 |.....W_.'3f..G..|
+00000030 03 01 00 21 fd 10 f3 e3 e6 14 bf b2 72 ab f0 bb |...!........r...|
+00000040 11 04 54 da cd 93 03 14 78 2c 26 32 44 2c 0c e8 |..T.....x,&2D,..|
+00000050 7e 56 25 83 0f 15 03 01 00 16 0c 26 07 14 19 aa |~V%........&....|
+00000060 7e 78 bf 39 96 07 44 3d a9 c6 50 7d dc c9 de f5 |~x.9..D=..P}....|
diff --git a/src/crypto/tls/testdata/Server-TLSv11-FallbackSCSV b/src/crypto/tls/testdata/Server-TLSv11-FallbackSCSV
index 209e621..7bd0341 100644
--- a/src/crypto/tls/testdata/Server-TLSv11-FallbackSCSV
+++ b/src/crypto/tls/testdata/Server-TLSv11-FallbackSCSV
@@ -1,10 +1,11 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 63 01 00 00 5f 03 02 6e 78 cc 6a ea |....c..._..nx.j.|
-00000010 13 aa a8 20 76 7d 32 ca c7 3f be 88 36 ae fb c3 |... v}2..?..6...|
-00000020 ca 95 35 70 54 20 3b 18 3b ba 82 00 00 14 c0 0a |..5pT ;.;.......|
+00000000 16 03 01 00 77 01 00 00 73 03 02 0a 6b c9 55 9d |....w...s...k.U.|
+00000010 bf 4e 61 b2 0a c7 c6 96 9f eb 90 91 87 ca d3 d3 |.Na.............|
+00000020 62 dc b6 b4 db ea 41 fe 43 3e a3 00 00 14 c0 0a |b.....A.C>......|
00000030 c0 14 00 39 c0 09 c0 13 00 33 00 35 00 2f 00 ff |...9.....3.5./..|
-00000040 56 00 01 00 00 22 00 0b 00 04 03 00 01 02 00 0a |V...."..........|
-00000050 00 0a 00 08 00 1d 00 17 00 19 00 18 00 23 00 00 |.............#..|
-00000060 00 16 00 00 00 17 00 00 |........|
+00000040 56 00 01 00 00 36 00 00 00 0e 00 0c 00 00 09 31 |V....6.........1|
+00000050 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000060 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000070 00 23 00 00 00 16 00 00 00 17 00 00 |.#..........|
>>> Flow 2 (server to client)
00000000 15 03 02 00 02 02 56 |......V|
diff --git a/src/crypto/tls/testdata/Server-TLSv11-RSA-RC4 b/src/crypto/tls/testdata/Server-TLSv11-RSA-RC4
index 18debc4..22e2291 100644
--- a/src/crypto/tls/testdata/Server-TLSv11-RSA-RC4
+++ b/src/crypto/tls/testdata/Server-TLSv11-RSA-RC4
@@ -1,12 +1,15 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 39 01 00 00 35 03 02 15 67 73 bf 3f |....9...5...gs.?|
-00000010 6f 15 30 c2 34 2e c6 1b 23 3a 42 45 4d d9 87 a2 |o.0.4...#:BEM...|
-00000020 e7 b8 de 1c b8 2b cc 21 7a 0b a1 00 00 04 00 05 |.....+.!z.......|
-00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............|
+00000000 16 03 01 00 63 01 00 00 5f 03 02 ea cf 4a b4 40 |....c..._....J.@|
+00000010 33 f1 d3 b2 c1 2a f6 d6 bb 3f 48 8c 1a d2 40 0f |3....*...?H...@.|
+00000020 4a 1e e8 07 8a 06 19 45 6a 02 cb 00 00 04 00 05 |J......Ej.......|
+00000030 00 ff 01 00 00 32 00 00 00 0e 00 0c 00 00 09 31 |.....2.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 |........|
>>> Flow 2 (server to client)
00000000 16 03 02 00 31 02 00 00 2d 03 02 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 00 00 00 05 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 02 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -47,23 +50,23 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 02 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 02 00 86 10 00 00 82 00 80 75 8e 85 93 be |...........u....|
-00000010 53 df e0 4f 65 92 ed 3d 58 34 f8 06 fd 36 e4 5a |S..Oe..=X4...6.Z|
-00000020 f7 7a 59 88 f6 ac bd de 21 ed c4 04 0d 35 19 cd |.zY.....!....5..|
-00000030 ff 3b 9f c4 bc 93 4f 21 2a 36 a3 99 a4 6f eb 1e |.;....O!*6...o..|
-00000040 7b b4 a8 a7 6d 69 a5 93 b6 e3 d2 2d be 7a c8 f3 |{...mi.....-.z..|
-00000050 9f 25 9e f9 51 75 d9 4f 05 41 0e 17 56 31 4e 3f |.%..Qu.O.A..V1N?|
-00000060 c0 15 d8 c4 29 4d e5 92 f9 ed 50 b6 88 f1 41 ea |....)M....P...A.|
-00000070 cb 5a 8c 50 12 78 16 e7 21 b6 11 ca 2c 49 cf b6 |.Z.P.x..!...,I..|
-00000080 d2 1a 16 28 f7 08 b5 c9 61 e0 18 14 03 02 00 01 |...(....a.......|
-00000090 01 16 03 02 00 24 a1 cf 1b 5d dc 4c 9c 2c d7 39 |.....$...].L.,.9|
-000000a0 af 13 e9 04 48 c0 2a aa 6f 3a 9c fb 9e 0a 25 55 |....H.*.o:....%U|
-000000b0 7e 82 3d 1b 78 d1 e3 e0 f5 30 |~.=.x....0|
+00000000 16 03 02 00 86 10 00 00 82 00 80 a2 98 fb e6 12 |................|
+00000010 7d 1c 3c de 04 9c 01 11 41 69 a4 e3 74 62 88 36 |}.<.....Ai..tb.6|
+00000020 97 b5 28 14 6a 6d 27 1b 7d 27 0f fd 5b 76 07 3f |..(.jm'.}'..[v.?|
+00000030 3e 99 21 93 46 9d 2c a0 4c d9 54 25 70 11 b8 ac |>.!.F.,.L.T%p...|
+00000040 8e 5c 29 31 2c b2 39 92 10 32 dc b0 60 af 2e d4 |.\)1,.9..2..`...|
+00000050 b3 f7 ba 44 0a 6c e2 4b 38 18 4b 51 60 1b a5 0d |...D.l.K8.KQ`...|
+00000060 bf ec 00 fb fd 53 1f 6e b5 eb cd 32 1b 15 e9 ea |.....S.n...2....|
+00000070 5c 93 72 dc 67 94 39 ed 2d 1e 6f f9 10 da 79 50 |\.r.g.9.-.o...yP|
+00000080 e1 d2 db 6f 34 38 d1 fb 2c 38 cb 14 03 02 00 01 |...o48..,8......|
+00000090 01 16 03 02 00 24 b4 29 aa 9d 48 a3 59 07 f8 a8 |.....$.)..H.Y...|
+000000a0 f0 aa aa 0f 63 dd 0e ca d6 20 45 6d 88 ba 52 e2 |....c.... Em..R.|
+000000b0 f9 cd 2f 25 d3 88 b1 a6 cf 9d |../%......|
>>> Flow 4 (server to client)
-00000000 14 03 02 00 01 01 16 03 02 00 24 7b 68 71 56 0f |..........${hqV.|
-00000010 a5 46 1c 13 34 81 b5 b6 ba 29 fb 41 46 dc fe 78 |.F..4....).AF..x|
-00000020 cc 0b 2d 75 bd fe c1 55 45 b1 fc 04 28 5e b1 17 |..-u...UE...(^..|
-00000030 03 02 00 21 0b fa a9 2f 9e 82 5b 77 30 c2 27 88 |...!.../..[w0.'.|
-00000040 f5 f3 50 47 7b 62 4c 7a d4 07 71 74 46 da 24 de |..PG{bLz..qtF.$.|
-00000050 bf 3f 56 a7 9b 15 03 02 00 16 85 26 8a 89 33 21 |.?V........&..3!|
-00000060 36 ce 69 83 84 50 fc 8f 99 b3 43 ad 6b 14 1e b2 |6.i..P....C.k...|
+00000000 14 03 02 00 01 01 16 03 02 00 24 cc 9a e8 46 cc |..........$...F.|
+00000010 e5 45 8c f6 aa 71 28 f7 1b 2a 51 f8 33 c3 08 a3 |.E...q(..*Q.3...|
+00000020 cd 72 7d 38 a9 d1 6f b8 c6 ce ef ae 4f 3d 50 17 |.r}8..o.....O=P.|
+00000030 03 02 00 21 e1 9b 1e f6 56 28 6d 78 53 96 a4 41 |...!....V(mxS..A|
+00000040 7b a8 15 29 74 40 b5 f4 d3 ae b7 8b b2 01 53 dd |{..)t@........S.|
+00000050 45 bf 3a 55 9d 15 03 02 00 16 cb a8 cb 98 ac 0d |E.:U............|
+00000060 1c eb aa c4 2a 71 65 aa b4 c9 d7 90 f7 88 3b b0 |....*qe.......;.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ALPN b/src/crypto/tls/testdata/Server-TLSv12-ALPN
index f2e7eb7..ec9bf72 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ALPN
+++ b/src/crypto/tls/testdata/Server-TLSv12-ALPN
@@ -1,21 +1,23 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 bf 01 00 00 bb 03 03 dc d0 a1 64 e2 |..............d.|
-00000010 38 c3 1c 2b 8c fc d4 e9 25 b7 20 01 fb 72 37 8f |8..+....%. ..r7.|
-00000020 1b da 7b ec 74 f3 20 c4 78 eb 15 00 00 38 c0 2c |..{.t. .x....8.,|
+00000000 16 03 01 00 e3 01 00 00 df 03 03 2d 48 5c c5 05 |...........-H\..|
+00000010 19 52 14 d8 ed 53 5d 30 50 4d 3a ae d9 58 53 96 |.R...S]0PM:..XS.|
+00000020 0a ce fb 18 ed ef f1 57 fe 42 75 00 00 38 c0 2c |.......W.Bu..8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
-00000060 00 35 00 2f 00 ff 01 00 00 5a 00 0b 00 04 03 00 |.5./.....Z......|
-00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................|
-00000080 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 |.#..... ........|
-00000090 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 |................|
-000000a0 03 03 02 01 02 02 02 03 00 10 00 10 00 0e 06 70 |...............p|
-000000b0 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....|
-000000c0 00 17 00 00 |....|
+00000060 00 35 00 2f 00 ff 01 00 00 7e 00 00 00 0e 00 0c |.5./.....~......|
+00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000090 00 19 00 18 00 23 00 00 00 10 00 10 00 0e 06 70 |.....#.........p|
+000000a0 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....|
+000000b0 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 |.......0........|
+000000c0 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+000000d0 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 |................|
+000000e0 02 02 04 02 05 02 06 02 |........|
>>> Flow 2 (server to client)
00000000 16 03 03 00 42 02 00 00 3e 03 03 00 00 00 00 00 |....B...>.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
00000030 16 00 23 00 00 ff 01 00 01 00 00 10 00 09 00 07 |..#.............|
00000040 06 70 72 6f 74 6f 31 16 03 03 02 59 0b 00 02 55 |.proto1....Y...U|
00000050 00 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 |..R..O0..K0.....|
@@ -58,37 +60,37 @@
000002a0 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 |.;..............|
000002b0 1d 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb |. /.}.G.bC.(.._.|
000002c0 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb |).0.........._X.|
-000002d0 3b 74 06 01 00 80 54 89 2f 46 ff 41 c2 56 47 33 |;t....T./F.A.VG3|
-000002e0 fa d6 91 64 47 df 46 89 75 73 6d 84 c6 8a 54 f8 |...dG.F.usm...T.|
-000002f0 80 34 55 00 34 8d 64 ab 72 94 6e e9 e6 18 a1 e9 |.4U.4.d.r.n.....|
-00000300 15 00 f5 2a 84 9f 22 95 c5 a3 17 91 b3 36 3a 9c |...*.."......6:.|
-00000310 b9 65 54 bd 03 29 69 1a 5b 44 bd 1f c1 16 5a 7d |.eT..)i.[D....Z}|
-00000320 53 35 8c c3 28 5f 3c ac 71 d2 bc c7 86 82 08 e7 |S5..(_<.q.......|
-00000330 72 22 1f 98 68 5d a7 0e 8b 2c 6c 80 b9 36 79 4a |r"..h]...,l..6yJ|
-00000340 f2 64 c1 14 8b b2 61 a8 c2 ca 83 44 e9 5a f8 fb |.d....a....D.Z..|
-00000350 6d 67 b4 d6 7e fa 16 03 03 00 04 0e 00 00 00 |mg..~..........|
+000002d0 3b 74 08 04 00 80 0a 5e 25 64 2c 25 6d 9d 7d da |;t.....^%d,%m.}.|
+000002e0 18 0a 9b ff c7 6a 0b 89 ed f8 96 00 70 6f ab 35 |.....j......po.5|
+000002f0 d3 3b 56 cc a1 78 c8 60 4e 50 12 1a 59 02 d9 4c |.;V..x.`NP..Y..L|
+00000300 07 21 03 65 62 9c a4 06 2d ce 34 68 c8 01 57 f1 |.!.eb...-.4h..W.|
+00000310 b5 33 a0 00 72 9f e8 46 87 7c 18 65 e2 2a 18 5e |.3..r..F.|.e.*.^|
+00000320 d3 9d 60 bc cf b8 38 10 2d 21 c0 9e 2c 5d 89 4c |..`...8.-!..,].L|
+00000330 93 27 02 6b 5a 04 02 60 b0 f0 3f 7c 54 aa 9a f1 |.'.kZ..`..?|T...|
+00000340 30 10 50 31 36 0e 87 0c 86 29 53 92 3b 91 24 72 |0.P16....)S.;.$r|
+00000350 79 6d 5c 09 15 19 16 03 03 00 04 0e 00 00 00 |ym\............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 61 b6 16 25 fb ca |....%...! a..%..|
-00000010 39 11 1b 39 91 0f ad a0 1b 53 cb 23 3a 8b 4c bf |9..9.....S.#:.L.|
-00000020 c3 95 b7 fa 74 2c 44 55 d3 3b 14 03 03 00 01 01 |....t,DU.;......|
-00000030 16 03 03 00 28 2a f0 0e a4 54 25 0c 3f 46 9e d4 |....(*...T%.?F..|
-00000040 32 63 db 36 71 11 9d 63 57 d5 5d e6 70 86 01 f8 |2c.6q..cW.].p...|
-00000050 2f 8e 79 65 b7 39 4f 31 a9 f5 a5 70 9a |/.ye.9O1...p.|
+00000000 16 03 03 00 25 10 00 00 21 20 2e 56 a8 73 0e 9c |....%...! .V.s..|
+00000010 90 0d aa 07 77 a8 09 17 61 e2 11 5c 3a f6 33 6d |....w...a..\:.3m|
+00000020 be 6b 08 77 8a 0d eb 68 2f 21 14 03 03 00 01 01 |.k.w...h/!......|
+00000030 16 03 03 00 28 a7 07 30 a2 67 4f 2d 2f 5f 52 7c |....(..0.gO-/_R||
+00000040 11 81 d0 ea 37 51 73 8a fc 35 fc 58 b2 e6 6b b7 |....7Qs..5.X..k.|
+00000050 66 a9 f0 cf 16 e7 31 b6 83 58 d3 e4 58 |f.....1..X..X|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f ec 80 83 61 19 68 1a 40 8c 4c 8f 85 a2 2e fa |o...a.h.@.L.....|
-00000040 3f b5 7c 5f 46 d1 fa 20 23 89 e7 e6 d6 82 6f 78 |?.|_F.. #.....ox|
-00000050 5b 28 32 89 60 4a e7 22 51 9a 13 f5 0e 82 9c 1e |[(2.`J."Q.......|
-00000060 29 e1 2a 91 62 33 94 51 e1 bf b8 99 2a 20 e6 87 |).*.b3.Q....* ..|
-00000070 c4 1f 65 fe 7e 6e 0e 33 7f 77 f9 33 0c 9d 05 df |..e.~n.3.w.3....|
-00000080 e5 7d 2c db cc 48 f6 14 03 03 00 01 01 16 03 03 |.},..H..........|
-00000090 00 28 00 00 00 00 00 00 00 00 91 05 0e 09 9f b6 |.(..............|
-000000a0 e1 48 98 28 ae 68 0a 89 9f a7 47 1b 67 d5 8c 0a |.H.(.h....G.g...|
-000000b0 3c 4f da 1e 4f 3f 13 80 cd a5 17 03 03 00 25 00 |<O..O?........%.|
-000000c0 00 00 00 00 00 00 01 60 3b c1 2b 3c 20 b8 bc b9 |.......`;.+< ...|
-000000d0 1b d6 07 f9 1d aa 25 3b b1 be 7b de fc 69 86 82 |......%;..{..i..|
-000000e0 56 ca 8b ae 15 03 03 00 1a 00 00 00 00 00 00 00 |V...............|
-000000f0 02 00 8c a8 46 d8 ff b1 5f e3 0f f9 34 81 e1 f5 |....F..._...4...|
-00000100 32 ff cc |2..|
+00000030 6f ec 80 83 61 8a 3f 4b ad 3f 5f 7d 74 f9 cc 19 |o...a.?K.?_}t...|
+00000040 2b 27 d5 b0 1b 12 9a 8c 82 0f e5 b5 99 f8 0d 10 |+'..............|
+00000050 88 4a b2 65 62 bc a0 c2 2d 97 79 ad 69 58 08 fa |.J.eb...-.y.iX..|
+00000060 6e 3b a7 b5 cb 33 94 de ff b6 49 87 3d d4 c7 0d |n;...3....I.=...|
+00000070 65 a6 a7 66 f9 40 27 b1 e2 28 9a b2 db 82 ab 0f |e..f.@'..(......|
+00000080 d8 f6 10 ab f7 d3 d9 14 03 03 00 01 01 16 03 03 |................|
+00000090 00 28 00 00 00 00 00 00 00 00 09 75 fa e0 ab f5 |.(.........u....|
+000000a0 d4 57 a8 a0 0d 15 d1 25 1f b4 f3 2e 39 a3 91 75 |.W.....%....9..u|
+000000b0 5c 37 5e 26 61 6b 95 2f 41 8a 17 03 03 00 25 00 |\7^&ak./A.....%.|
+000000c0 00 00 00 00 00 00 01 64 6b d0 f8 a2 9c 0f 95 11 |.......dk.......|
+000000d0 e6 05 f2 3c 24 c0 d2 95 7f f1 cc 65 ef 5c 6d 80 |...<$......e.\m.|
+000000e0 1d c9 67 f5 15 03 03 00 1a 00 00 00 00 00 00 00 |..g.............|
+000000f0 02 f2 91 0d 39 58 1d 72 61 6e 60 36 96 03 1e 63 |....9X.ran`6...c|
+00000100 e4 d1 4c |..L|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch b/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch
index 8346ea9..90f146b 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch
+++ b/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch
@@ -1,21 +1,23 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 bf 01 00 00 bb 03 03 12 5f 10 32 01 |............_.2.|
-00000010 84 0f 82 05 7e ca 97 58 65 65 d5 ad d3 94 e4 88 |....~..Xee......|
-00000020 e9 15 91 0a 2c 99 55 ca ae 18 aa 00 00 38 c0 2c |....,.U......8.,|
+00000000 16 03 01 00 e3 01 00 00 df 03 03 fc a5 8d 79 5f |..............y_|
+00000010 01 7f 77 df 86 0f 60 10 0a 88 ad 68 7f 7b 3b 63 |..w...`....h.{;c|
+00000020 46 a9 7e c6 4e 7c 47 b5 00 2f a7 00 00 38 c0 2c |F.~.N|G../...8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
-00000060 00 35 00 2f 00 ff 01 00 00 5a 00 0b 00 04 03 00 |.5./.....Z......|
-00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................|
-00000080 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 |.#..... ........|
-00000090 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 |................|
-000000a0 03 03 02 01 02 02 02 03 00 10 00 10 00 0e 06 70 |...............p|
-000000b0 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....|
-000000c0 00 17 00 00 |....|
+00000060 00 35 00 2f 00 ff 01 00 00 7e 00 00 00 0e 00 0c |.5./.....~......|
+00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000090 00 19 00 18 00 23 00 00 00 10 00 10 00 0e 06 70 |.....#.........p|
+000000a0 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....|
+000000b0 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 |.......0........|
+000000c0 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+000000d0 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 |................|
+000000e0 02 02 04 02 05 02 06 02 |........|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.|
00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..|
00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.|
@@ -57,38 +59,38 @@
00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 00 |.\!.;...........|
000002a0 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 da |.... /.}.G.bC.(.|
000002b0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
-000002c0 5f 58 cb 3b 74 06 01 00 80 50 95 28 ab df d3 74 |_X.;t....P.(...t|
-000002d0 7a 9b 7a d8 d2 31 34 87 75 29 a9 d0 fd 3c e4 be |z.z..14.u)...<..|
-000002e0 59 e6 60 52 39 9f 8e 9d e3 1c 1d 75 47 b0 86 57 |Y.`R9......uG..W|
-000002f0 3f e1 a8 a5 72 21 1a 22 49 61 71 83 20 76 8c b6 |?...r!."Iaq. v..|
-00000300 e4 c4 99 de 4e 9c f6 22 df 8d 92 1e a9 c7 0e 83 |....N.."........|
-00000310 d2 93 a9 2d 9b 74 f8 1b 1b 2f 1e 71 b6 7c d0 99 |...-.t.../.q.|..|
-00000320 a3 d2 95 45 87 36 28 be 0a 26 53 89 77 6b b6 e4 |...E.6(..&S.wk..|
-00000330 f9 3a 82 7c 67 81 08 22 cf 3a 94 83 68 29 f3 a5 |.:.|g..".:..h)..|
-00000340 67 b4 95 77 0f fb 06 da 5f 16 03 03 00 04 0e 00 |g..w...._.......|
+000002c0 5f 58 cb 3b 74 08 04 00 80 62 db d2 f4 17 c6 f2 |_X.;t....b......|
+000002d0 73 d1 63 50 1f 26 96 af 9d bd cb 11 9a 95 c4 dd |s.cP.&..........|
+000002e0 49 c3 9a 06 a3 8d 2a 1e b9 74 76 22 36 2e fd 08 |I.....*..tv"6...|
+000002f0 a6 d1 9d 2e 20 75 e6 50 59 49 db 3f d9 b1 0e 81 |.... u.PYI.?....|
+00000300 fb 16 25 67 0d 8b 1c af 35 95 59 d4 56 b2 9f 08 |..%g....5.Y.V...|
+00000310 fd 85 68 46 30 59 2b 66 9e 86 b4 35 4c 4a 9f 6f |..hF0Y+f...5LJ.o|
+00000320 8f 2b 8d 9f 19 c2 9a 4e 91 6e fe 56 cc 9b 39 e7 |.+.....N.n.V..9.|
+00000330 8d e2 5e 07 55 16 76 e0 7f 8b aa 0e 36 94 9f 78 |..^.U.v.....6..x|
+00000340 bd 06 a2 65 a3 f5 83 04 97 16 03 03 00 04 0e 00 |...e............|
00000350 00 00 |..|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 a4 d7 31 f0 60 aa |....%...! ..1.`.|
-00000010 97 48 1f a8 fb 3c 78 77 5f 90 b3 f7 f2 0c 5e ed |.H...<xw_.....^.|
-00000020 3e 2e 77 a4 72 14 b0 bb c2 65 14 03 03 00 01 01 |>.w.r....e......|
-00000030 16 03 03 00 28 6d 3e 7f a1 0e 5b ea 24 ee ec 77 |....(m>...[.$..w|
-00000040 3c 03 eb cb 5c ad b4 21 b2 c1 9c 5e 4f 36 88 01 |<...\..!...^O6..|
-00000050 b6 0c 7c 92 70 70 63 4f d4 e1 98 45 e4 |..|.ppcO...E.|
+00000000 16 03 03 00 25 10 00 00 21 20 56 69 9c 58 80 3e |....%...! Vi.X.>|
+00000010 72 ee ee b1 05 fd a0 a7 8d 78 9c 5a 7d e0 21 63 |r........x.Z}.!c|
+00000020 d4 19 3c e2 b1 72 92 03 ed 6a 14 03 03 00 01 01 |..<..r...j......|
+00000030 16 03 03 00 28 6b c0 b3 6e 77 df ef 99 2d 7a 93 |....(k..nw...-z.|
+00000040 d5 9d 7f 1e 8c 36 eb 7c bb 32 f9 a1 b0 65 b3 85 |.....6.|.2...e..|
+00000050 fb 33 64 9f 73 10 41 5a 01 6f d1 6b 73 |.3d.s.AZ.o.ks|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f ec 80 83 61 34 3a 86 15 18 26 50 d0 12 69 5a |o...a4:...&P..iZ|
-00000040 8e 67 6a ce 99 67 0a 90 09 d5 ad 29 62 08 9b 29 |.gj..g.....)b..)|
-00000050 6c 12 bb d4 74 3c fb 5b dc e5 89 f0 98 93 03 e9 |l...t<.[........|
-00000060 2a ea 31 74 0a 33 94 96 49 53 80 c9 3e 9b 53 32 |*.1t.3..IS..>.S2|
-00000070 4a 15 31 0e fa 90 bd da af 07 d1 a8 fa 15 e8 df |J.1.............|
-00000080 3d f1 d1 7a 21 8c 7a 14 03 03 00 01 01 16 03 03 |=..z!.z.........|
-00000090 00 28 00 00 00 00 00 00 00 00 70 0c c0 3b 84 68 |.(........p..;.h|
-000000a0 4d e5 7d 54 18 ba 77 3d 8c 20 03 3e 50 69 45 0d |M.}T..w=. .>PiE.|
-000000b0 64 a2 0f 1e 4e bf 86 0b 9c 05 17 03 03 00 25 00 |d...N.........%.|
-000000c0 00 00 00 00 00 00 01 43 a9 fa 0f e3 5a 86 46 2a |.......C....Z.F*|
-000000d0 56 3a 6c d5 88 b7 40 a0 d5 59 45 45 ac 06 5d b0 |V:l...@..YEE..].|
-000000e0 d7 c9 ed 00 15 03 03 00 1a 00 00 00 00 00 00 00 |................|
-000000f0 02 ce de ef aa b4 47 77 4c f6 e9 fb 67 e8 fb 7f |......GwL...g...|
-00000100 c6 05 20 |.. |
+00000030 6f ec 80 83 61 59 7e 5a 0d 70 cc 83 b5 c8 ed d4 |o...aY~Z.p......|
+00000040 79 ab 28 49 65 f8 52 5f 78 5a 83 1a d4 b6 76 fa |y.(Ie.R_xZ....v.|
+00000050 b7 e3 ef 12 48 1b 73 42 18 ee 78 5a 4e 05 70 66 |....H.sB..xZN.pf|
+00000060 1a 51 7b 20 e0 33 94 93 4f 86 e2 54 48 67 df 11 |.Q{ .3..O..THg..|
+00000070 ca f2 6d 73 d1 06 3b 88 ef af 91 1c f0 fd 64 4f |..ms..;.......dO|
+00000080 c8 d7 45 cb cc 90 14 14 03 03 00 01 01 16 03 03 |..E.............|
+00000090 00 28 00 00 00 00 00 00 00 00 58 a6 55 c9 de bc |.(........X.U...|
+000000a0 04 23 e7 85 cf 8c 44 d1 da ad c2 73 45 3e 42 f0 |.#....D....sE>B.|
+000000b0 05 58 7e 7b 35 24 1c 86 93 1e 17 03 03 00 25 00 |.X~{5$........%.|
+000000c0 00 00 00 00 00 00 01 c8 90 76 8e 60 ca b3 75 47 |.........v.`..uG|
+000000d0 78 f2 5d a8 62 82 10 0f 3c b5 b6 51 d2 0b 40 40 |x.].b...<..Q..@@|
+000000e0 66 b4 82 11 15 03 03 00 1a 00 00 00 00 00 00 00 |f...............|
+000000f0 02 f4 16 23 56 26 87 e1 22 9f d3 30 e9 fa 99 a5 |...#V&.."..0....|
+00000100 f0 5b 2c |.[,|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA
index 3a84905..cbf7564 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA
+++ b/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA
@@ -1,19 +1,21 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 a7 01 00 00 a3 03 03 7e 8a c0 04 93 |...........~....|
-00000010 7a be 32 5c b3 38 83 b1 ec d0 31 8d a1 61 f3 2b |z.2\.8....1..a.+|
-00000020 b2 6a 0d 08 71 41 fb 20 c2 46 0c 00 00 38 c0 2c |.j..qA. .F...8.,|
+00000000 16 03 01 00 cb 01 00 00 c7 03 03 7c ce 63 72 4d |...........|.crM|
+00000010 0b d9 aa 2f b4 22 f4 e3 88 50 10 11 1a d9 ce 5d |.../."...P.....]|
+00000020 db 14 d4 68 61 48 c1 2d 0d ad dd 00 00 38 c0 2c |...haH.-.....8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
-00000060 00 35 00 2f 00 ff 01 00 00 42 00 0b 00 04 03 00 |.5./.....B......|
-00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................|
-00000080 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 |... ............|
-00000090 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 |................|
-000000a0 02 02 02 03 00 16 00 00 00 17 00 00 |............|
+00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......|
+00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0|
+000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................|
+000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 03 02 0e 0b 00 02 0a 00 |................|
00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...|
00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.|
@@ -47,39 +49,39 @@
00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7|
00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.|
00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1|
-00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 03 00 b6 0c 00 |{j.9....*.......|
-00000250 00 b2 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(|
+00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 03 00 b7 0c 00 |{j.9....*.......|
+00000250 00 b3 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(|
00000260 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........|
-00000270 99 5f 58 cb 3b 74 06 03 00 8a 30 81 87 02 42 01 |._X.;t....0...B.|
-00000280 ed a6 35 6b 28 3f cc 4a 66 c1 21 a0 ba e3 a2 c2 |..5k(?.Jf.!.....|
-00000290 3b 45 41 87 9b c4 5d 01 b7 8b 01 89 b4 b1 16 99 |;EA...].........|
-000002a0 72 e2 94 6d 24 f2 9f be 6a 8b 9b b5 c7 9c cb 65 |r..m$...j......e|
-000002b0 38 ab 29 de 38 e5 64 4c 0b 75 67 c9 9d 5b dc 37 |8.).8.dL.ug..[.7|
-000002c0 86 02 41 33 ac b4 ff f3 db f7 2c c9 0b 43 8a 62 |..A3......,..C.b|
-000002d0 df 9d b9 c5 50 0b 8c f1 da 40 b1 ba a8 41 99 66 |....P....@...A.f|
-000002e0 1b e8 a0 20 0b 4f 0d 1e 55 12 c5 a2 a3 89 88 a0 |... .O..U.......|
-000002f0 9f 91 b9 73 9b b1 19 95 d6 53 3a b3 d7 5d 73 5c |...s.....S:..]s\|
-00000300 c4 d6 6a 1a 16 03 03 00 04 0e 00 00 00 |..j..........|
+00000270 99 5f 58 cb 3b 74 04 03 00 8b 30 81 88 02 42 01 |._X.;t....0...B.|
+00000280 f1 77 f4 3f e9 ed b7 55 54 25 08 68 ab b9 42 7c |.w.?...UT%.h..B||
+00000290 64 71 dc ce c0 13 23 20 f3 cd b7 68 09 23 6d c9 |dq....# ...h.#m.|
+000002a0 c5 1f f3 3a 46 f1 e3 2b b4 92 6a 1c bd c8 60 7c |...:F..+..j...`||
+000002b0 da 63 0e c7 4f 4f c4 5e aa 30 b4 b1 3a d4 11 09 |.c..OO.^.0..:...|
+000002c0 05 02 42 01 dd dc 50 07 2f 51 6c 75 7f 3f fd a2 |..B...P./Qlu.?..|
+000002d0 68 62 1d 7a 49 78 4e 57 1b bc 3a 4d 02 84 d5 f6 |hb.zIxNW..:M....|
+000002e0 2a 37 28 4e c0 30 2b a5 22 cc 28 d8 e0 66 2b 4d |*7(N.0+.".(..f+M|
+000002f0 2a cd d8 01 3d 76 55 72 56 90 dc d0 99 85 ee 45 |*...=vUrV......E|
+00000300 01 03 91 88 a5 16 03 03 00 04 0e 00 00 00 |..............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 5e 83 48 ba 4f 66 |....%...! ^.H.Of|
-00000010 74 7d 8a c6 53 d2 a9 cf 68 f1 50 f4 2a 06 74 ef |t}..S...h.P.*.t.|
-00000020 07 57 b0 f9 3e 1a 49 98 52 44 14 03 03 00 01 01 |.W..>.I.RD......|
-00000030 16 03 03 00 40 1a b1 de ad 95 eb 28 ed 07 ce fe |....@......(....|
-00000040 8b 8a fc 9a 24 a8 c3 d4 2f 27 20 52 9d 47 ac 45 |....$.../' R.G.E|
-00000050 cc 66 c0 a4 03 cb 49 3c 93 05 3c 3e 64 91 d6 5c |.f....I<..<>d..\|
-00000060 f9 73 1b 18 54 0b 67 c7 97 53 c8 7d 72 18 ab 47 |.s..T.g..S.}r..G|
-00000070 98 32 54 4c ff |.2TL.|
+00000000 16 03 03 00 25 10 00 00 21 20 5b 72 c3 fc 0c a5 |....%...! [r....|
+00000010 a3 b1 e6 db 1d e7 f2 4a dd c8 36 97 25 f9 4c 74 |.......J..6.%.Lt|
+00000020 68 04 e5 02 17 ca 67 e2 a6 59 14 03 03 00 01 01 |h.....g..Y......|
+00000030 16 03 03 00 40 f0 40 1c 1a a9 d8 e7 88 c4 9d 6d |....@.@........m|
+00000040 ad bd e7 5c c4 63 1a 06 5a e9 f5 39 6d 15 ac 41 |...\.c..Z..9m..A|
+00000050 2f ed b9 3b f8 68 13 46 20 be 9b f9 be b6 8a cc |/..;.h.F .......|
+00000060 f4 87 31 53 b3 ef 79 4e ce 73 ea a6 45 de 21 3e |..1S..yN.s..E.!>|
+00000070 99 87 6a cb 4d |..j.M|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 21 f3 63 c9 0a |...........!.c..|
-00000020 7e 39 23 21 2d 2b 4b 72 47 65 30 b4 43 21 d1 d7 |~9#!-+KrGe0.C!..|
-00000030 4f fa 00 65 a1 95 fd 62 2c d3 4d 7d 30 d7 fd eb |O..e...b,.M}0...|
-00000040 64 08 41 d6 70 ab cf 9d 75 c5 e1 17 03 03 00 40 |d.A.p...u......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 10 1f 05 23 89 |..............#.|
+00000020 1d 50 5f cb 33 09 57 70 32 fc 01 76 f8 e9 dc ec |.P_.3.Wp2..v....|
+00000030 13 b6 70 95 24 55 52 21 ed e6 5e 59 45 9f c9 c0 |..p.$UR!..^YE...|
+00000040 74 6d d1 2f e6 4d 7c 6e 1e 41 4c 17 03 03 00 40 |tm./.M|n.AL....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 50 e5 5e 3a c1 2a 71 0a ba eb 40 74 f1 70 0d 0a |P.^:.*q...@t.p..|
-00000070 e1 86 22 fd 13 de e8 8f a0 d3 22 a8 62 76 ca fa |..".......".bv..|
-00000080 5f 63 95 ba bb e2 f3 b3 ef 5b d8 bf 56 0b 60 53 |_c.......[..V.`S|
+00000060 e8 04 12 d8 cd fc 76 19 e0 27 c1 f2 12 66 d8 86 |......v..'...f..|
+00000070 a8 25 b6 3f 13 aa 5c c5 43 c5 83 a1 c0 4a 7c c6 |.%.?..\.C....J|.|
+00000080 7b d4 63 86 b8 87 d1 36 af 99 f3 6f 9d 7e 86 37 |{.c....6...o.~.7|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 4d 2c 41 d8 4c 63 71 bd bc 83 5a |.....M,A.Lcq...Z|
-000000b0 1b 2b b7 20 5b 14 51 d4 5b 38 4b fc 61 58 97 34 |.+. [.Q.[8K.aX.4|
-000000c0 1a cf 08 f1 16 |.....|
+000000a0 00 00 00 00 00 f0 fe 4c 32 8b c2 63 78 6c ba de |.......L2..cxl..|
+000000b0 b3 55 0f e4 32 38 53 5e 2b 32 5c b9 23 4a 84 b7 |.U..28S^+2\.#J..|
+000000c0 6f 2f 86 54 11 |o/.T.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA b/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
index 154521d..db7199d 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
+++ b/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
@@ -1,19 +1,21 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 a7 01 00 00 a3 03 03 df fc 06 29 d8 |..............).|
-00000010 a1 69 bd 2c d2 21 97 39 e8 4f 81 94 fa b9 58 6d |.i.,.!.9.O....Xm|
-00000020 aa 15 ae f7 bc 03 7a fa e3 33 bf 00 00 38 c0 2c |......z..3...8.,|
+00000000 16 03 01 00 cb 01 00 00 c7 03 03 39 27 e9 a6 45 |...........9'..E|
+00000010 cf a6 18 8c f0 d1 fb 71 81 b6 bf 16 d7 75 af f2 |.......q.....u..|
+00000020 1e 4f 4c 72 2a ce 66 52 a6 87 32 00 00 38 c0 2c |.OLr*.fR..2..8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
-00000060 00 35 00 2f 00 ff 01 00 00 42 00 0b 00 04 03 00 |.5./.....B......|
-00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................|
-00000080 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 |... ............|
-00000090 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 |................|
-000000a0 02 02 02 03 00 16 00 00 00 17 00 00 |............|
+00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......|
+00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0|
+000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................|
+000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 14 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -55,35 +57,35 @@
00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
-000002c0 74 06 01 00 80 a3 e7 63 ff 8a 7e 1c cb 9b ab 8a |t......c..~.....|
-000002d0 7e f3 d1 fe c0 34 23 10 5e 0c e3 60 0d c5 cc 11 |~....4#.^..`....|
-000002e0 49 37 37 b6 ad b1 9a 29 b7 e4 1f 90 29 bf b3 bd |I77....)....)...|
-000002f0 31 ed e6 20 4d 4c 2a a1 64 d8 cb 44 5e b1 5d b5 |1.. ML*.d..D^.].|
-00000300 a5 d5 67 de 29 e4 89 29 a9 51 bd b9 1f 01 de 72 |..g.)..).Q.....r|
-00000310 8b c1 b2 d0 fd 96 ec 94 29 4d 2e ee da 08 58 81 |........)M....X.|
-00000320 3b db 53 26 26 0e cb 57 37 f4 d0 fe 19 3e 41 a0 |;.S&&..W7....>A.|
-00000330 d5 0e a8 7a bf 29 56 a9 d4 84 da 33 bb bf f9 ba |...z.)V....3....|
-00000340 54 7b d0 4a 95 16 03 03 00 04 0e 00 00 00 |T{.J..........|
+000002c0 74 08 04 00 80 41 cd 5d a0 ba 92 1f 26 47 6d 72 |t....A.]....&Gmr|
+000002d0 33 44 47 a4 80 66 d8 1c 17 93 1e 25 8e c3 8e 95 |3DG..f.....%....|
+000002e0 9c ae b6 99 7e f6 80 3f b1 73 cc c3 db 7a 4b 40 |....~..?.s...zK@|
+000002f0 a1 0b bc ff 0e 4b c1 67 11 b2 ca 33 06 41 f9 ac |.....K.g...3.A..|
+00000300 56 dc f6 26 1b a3 04 2a 28 f9 47 0f 0b 56 05 73 |V..&...*(.G..V.s|
+00000310 93 cb 12 45 4f 6b 93 5d 0f 4c ca d3 f5 64 e2 4a |...EOk.].L...d.J|
+00000320 eb 36 bb 87 3f 71 9b 36 08 99 79 48 fc a6 02 d6 |.6..?q.6..yH....|
+00000330 38 88 09 68 cf 71 e8 d4 51 f8 b1 77 70 42 8b 18 |8..h.q..Q..wpB..|
+00000340 ab cd e1 52 d9 16 03 03 00 04 0e 00 00 00 |...R..........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 36 84 23 91 d3 76 |....%...! 6.#..v|
-00000010 b3 ea 4a a6 39 f6 c9 1a 99 2c 69 c0 70 2d b2 72 |..J.9....,i.p-.r|
-00000020 72 be b3 24 4b d3 72 a1 eb 76 14 03 03 00 01 01 |r..$K.r..v......|
-00000030 16 03 03 00 40 e9 a5 32 9d 72 3d 9d 38 f3 0b fa |....@..2.r=.8...|
-00000040 38 95 0f de 7d 99 42 b2 5b 1c f0 fe e4 66 2b 5a |8...}.B.[....f+Z|
-00000050 98 1c e5 0e bf d9 37 d4 4c 72 29 a3 eb 8a f5 0e |......7.Lr).....|
-00000060 44 ee 1e 21 c7 8c 10 23 dc 41 6d ac ee 72 5b d5 |D..!...#.Am..r[.|
-00000070 4b 3f 66 f3 d1 |K?f..|
+00000000 16 03 03 00 25 10 00 00 21 20 b5 a5 bc 9f 09 79 |....%...! .....y|
+00000010 25 1a 7b af 52 0f 8a c2 16 a8 20 8d 0c 11 26 11 |%.{.R..... ...&.|
+00000020 32 79 35 b9 2f ee 63 ce b7 49 14 03 03 00 01 01 |2y5./.c..I......|
+00000030 16 03 03 00 40 d8 eb b7 d7 b4 a6 62 a1 8d c6 a5 |....@......b....|
+00000040 5f 15 8e 1f de d9 98 90 3b d8 dd b1 13 7e 49 9b |_.......;....~I.|
+00000050 d4 82 15 b9 a9 31 ac ae eb 77 21 dc 9f e0 8e 5b |.....1...w!....[|
+00000060 d8 ea 09 fc a2 35 64 af 8d 1a fb a3 f1 97 0e 09 |.....5d.........|
+00000070 b4 5b c9 e9 19 |.[...|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 f8 fb 0a 12 f2 |................|
-00000020 ee 27 b0 88 5d c9 02 c0 16 3c b8 a5 54 86 4b cb |.'..]....<..T.K.|
-00000030 01 ef d1 6e 31 a8 88 86 e3 9f 71 f5 fb 2a a9 12 |...n1.....q..*..|
-00000040 72 76 98 30 1e 59 49 64 b1 6b e5 17 03 03 00 40 |rv.0.YId.k.....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 3b 2a 79 f1 0d |...........;*y..|
+00000020 65 b8 4a 2a aa a5 87 60 69 8f 8f 87 4b 21 24 9a |e.J*...`i...K!$.|
+00000030 6e 07 f0 a4 be ce 3d 67 29 85 53 98 fb cf a1 ee |n.....=g).S.....|
+00000040 b0 e0 52 61 c1 16 e5 09 b9 0b 9c 17 03 03 00 40 |..Ra...........@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 da fe c6 34 b0 e7 8d 34 78 11 b1 94 43 da 85 21 |...4...4x...C..!|
-00000070 28 9a f3 f8 f0 7f 14 9a 59 be 4e c4 a0 81 17 1b |(.......Y.N.....|
-00000080 08 cd 6d 47 57 73 f1 10 e4 df 25 1b 8b 9d 87 98 |..mGWs....%.....|
+00000060 fe d7 63 a8 10 70 b8 2c 0c 95 da 92 84 2b d3 63 |..c..p.,.....+.c|
+00000070 03 d8 19 94 68 d8 d2 da f7 e2 83 5b 24 78 87 0f |....h......[$x..|
+00000080 ca ce 14 3a 8a d4 da b2 90 eb 6f 0e de 14 30 96 |...:......o...0.|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 41 b6 ed ca 43 0d 83 67 da 4b 0e |.....A...C..g.K.|
-000000b0 5a f4 a8 90 85 7f d6 d7 76 03 62 2e 49 7e 4a 62 |Z.......v.b.I~Jb|
-000000c0 32 03 a8 7c a0 |2..|.|
+000000a0 00 00 00 00 00 ab e5 6b f9 d3 a6 07 ce 0b 64 7e |.......k......d~|
+000000b0 14 42 d3 17 6a d4 89 2c 37 7d cd ee 77 23 0c 60 |.B..j..,7}..w#.`|
+000000c0 e0 db 35 5e 96 |..5^.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
index 8c6a7ed..07a000a 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 5d 01 00 00 59 03 03 ba cf e7 3a 42 |....]...Y.....:B|
-00000010 aa f9 cd ca b8 b7 46 a0 4a 87 2c f8 76 14 d6 d0 |......F.J.,.v...|
-00000020 f8 66 ad ed 80 57 b0 9f bf f5 32 00 00 04 00 2f |.f...W....2..../|
-00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
-00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
-00000060 00 00 |..|
+00000000 16 03 01 00 97 01 00 00 93 03 03 f9 a8 6c 6d 8e |.............lm.|
+00000010 46 32 35 bb 63 0e 00 89 d0 e2 36 04 62 73 5f 1a |F25.c.....6.bs_.|
+00000020 32 39 a1 a8 0d 5d 65 e1 3d 79 43 00 00 04 00 2f |29...]e.=yC..../|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -48,9 +51,10 @@
00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
-00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@|
-000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................|
-000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............|
+00000290 3b e9 fa e7 16 03 03 00 21 0d 00 00 1d 02 01 40 |;.......!......@|
+000002a0 00 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 |................|
+000002b0 06 01 06 03 02 01 02 03 00 00 16 03 03 00 04 0e |................|
+000002c0 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0|
00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5|
@@ -85,36 +89,40 @@
000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.|
000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W|
00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..|
-00000210 03 03 00 86 10 00 00 82 00 80 d4 03 c6 f3 e2 5d |...............]|
-00000220 15 db 9d c5 28 c4 30 e9 80 7b 56 89 0f 20 5b 8f |....(.0..{V.. [.|
-00000230 47 8f bf 04 a5 d4 49 c9 ac 0f 54 c9 3d f0 cc 37 |G.....I...T.=..7|
-00000240 51 3c f8 3e 18 69 5b 58 a9 5a 88 ac 2c ff 5c b9 |Q<.>.i[X.Z..,.\.|
-00000250 65 2e 9a 9d 9e d4 3f 01 6b 47 e3 c8 ec e2 90 23 |e.....?.kG.....#|
-00000260 b9 9f a7 1f bf 7a c4 b3 68 e5 8a ee f5 4e 7b 49 |.....z..h....N{I|
-00000270 f3 3c b7 86 89 76 60 14 d5 a4 8e b1 5e 3f 5c 89 |.<...v`.....^?\.|
-00000280 a5 f8 69 7e 12 88 9d 30 7a 07 c2 ff 8f bb d0 94 |..i~...0z.......|
-00000290 1b 3c c4 fe 73 e6 25 99 77 d3 16 03 03 00 93 0f |.<..s.%.w.......|
-000002a0 00 00 8f 04 03 00 8b 30 81 88 02 42 01 21 35 66 |.......0...B.!5f|
-000002b0 57 df 29 1a e5 10 1d e0 e0 00 ee 2a 0b 20 22 8b |W.)........*. ".|
-000002c0 1d 70 4f 39 cb 96 30 b1 f0 8d 12 ba c8 15 67 05 |.pO9..0.......g.|
-000002d0 45 d2 fe 0a 4e 25 ce f4 8d 14 7b b8 6c 92 8b 99 |E...N%....{.l...|
-000002e0 9b 56 0a 78 ad 45 d6 09 88 ae c7 e6 2d 13 02 42 |.V.x.E......-..B|
-000002f0 01 5e 7e c9 ae 56 9e b6 de 38 fc a9 a6 e7 b9 35 |.^~..V...8.....5|
-00000300 9b 47 cd f7 82 1a 56 1c cc d4 3a 15 79 d9 44 c4 |.G....V...:.y.D.|
-00000310 96 1a 10 69 31 ad c7 96 6b 3f f7 81 b6 04 4c bd |...i1...k?....L.|
-00000320 ee e2 a1 15 8a 83 bc a0 42 b9 0f aa 6a 14 d1 fd |........B...j...|
-00000330 9d 95 14 03 03 00 01 01 16 03 03 00 40 46 6b 0c |............@Fk.|
-00000340 5d 7e 32 26 ef 7c a5 88 f0 ec 50 92 de 5f 87 7c |]~2&.|....P.._.||
-00000350 b4 80 19 80 f4 89 19 f5 28 8f 21 09 fc 19 43 81 |........(.!...C.|
-00000360 92 94 37 f5 9b 6e 07 b1 35 29 ed 9a 87 a5 e9 ce |..7..n..5)......|
-00000370 c3 e3 83 42 dd 2e 5a 0b 8e 22 bf 32 4e |...B..Z..".2N|
+00000210 03 03 00 86 10 00 00 82 00 80 9f 2d b7 51 a0 7b |...........-.Q.{|
+00000220 1f 57 7c 20 9f 8a 3a 23 19 2a 3f 29 31 c9 97 12 |.W| ..:#.*?)1...|
+00000230 fd 40 92 45 eb cd bf 45 19 b1 7a 80 14 22 a4 b7 |.@.E...E..z.."..|
+00000240 68 7a 6e f9 c1 a3 3d 44 ad 22 b1 e1 ae 52 2c a7 |hzn...=D."...R,.|
+00000250 fe 95 30 b7 cc 94 ce 9b 9d 94 ff 80 1f ca 75 90 |..0...........u.|
+00000260 7e d5 20 15 eb 46 b4 78 d8 ca e0 42 fe a0 aa d5 |~. ..F.x...B....|
+00000270 a3 69 34 61 1a 14 93 4e 1b 52 81 6f ae 90 59 3b |.i4a...N.R.o..Y;|
+00000280 ac 7f a1 23 75 0b 97 7f 16 6f 85 99 68 b0 57 34 |...#u....o..h.W4|
+00000290 de 0e 60 62 61 6d 31 a8 46 9a 16 03 03 00 92 0f |..`bam1.F.......|
+000002a0 00 00 8e 04 03 00 8a 30 81 87 02 41 74 3c e9 2d |.......0...At<.-|
+000002b0 47 15 d6 a5 e8 21 b6 2c d4 a4 83 3f ca 90 35 2f |G....!.,...?..5/|
+000002c0 ae 36 26 81 49 ae 6c d9 d3 13 17 7f 8f 8a a0 2f |.6&.I.l......../|
+000002d0 92 a2 6d 29 fb 09 6a 4d b5 ea bc f0 05 43 bc fa |..m)..jM.....C..|
+000002e0 6c ab 89 25 84 21 78 1c f8 86 36 86 1b 02 42 00 |l..%.!x...6...B.|
+000002f0 98 0a bf 1e ee 62 85 43 c1 6c f0 49 9b 9a 46 96 |.....b.C.l.I..F.|
+00000300 32 24 66 3d 1e 09 e1 7e 47 af 6d d1 9e 5d 6f 85 |2$f=...~G.m..]o.|
+00000310 74 dc 7e ac c9 2b b7 e3 40 0a 25 45 76 6b 6e 5c |t.~..+..@.%Evkn\|
+00000320 6f 42 59 5e 5e a4 b3 3d 4a c2 d7 1c 91 74 15 f9 |oBY^^..=J....t..|
+00000330 e3 14 03 03 00 01 01 16 03 03 00 40 57 f7 7c d6 |...........@W.|.|
+00000340 1a da 14 09 b3 8f 75 cc c7 dd fe 2b 4d 11 3e 16 |......u....+M.>.|
+00000350 09 5a a0 d7 c3 05 b6 28 75 27 58 64 37 af 46 28 |.Z.....(u'Xd7.F(|
+00000360 74 a8 4d 9b c4 9d 5c 6c f2 e3 be 45 65 93 be 89 |t.M...\l...Ee...|
+00000370 b6 5f 24 2b 26 3c d0 43 ce 05 91 c7 |._$+&<.C....|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 13 c4 d2 3f b0 |..............?.|
-00000020 84 08 32 74 de cc e0 97 90 8a c6 cc 94 87 ac 48 |..2t...........H|
-00000030 65 f7 20 04 18 42 68 46 8e c0 19 b6 9d 2a 84 58 |e. ..BhF.....*.X|
-00000040 85 20 b3 ed 75 94 71 4e 5b 0a de 17 03 03 00 40 |. ..u.qN[......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 54 54 12 18 10 |...........TT...|
+00000020 cf 34 c3 2d 68 91 25 8e 2f 04 26 74 c1 bc 96 a1 |.4.-h.%./.&t....|
+00000030 65 a5 4e 88 58 fe 95 81 59 57 74 bf 0a 9d f9 98 |e.N.X...YWt.....|
+00000040 cb e2 7d 39 64 3e f4 09 9d e2 aa 17 03 03 00 40 |..}9d>.........@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 c2 6e c5 13 4d 35 ab b1 de e2 1b a6 6f 0e 40 64 |.n..M5......o.@d|
-00000070 cc 67 bf 0d b1 e4 fe 48 c4 01 35 6a 94 50 17 7a |.g.....H..5j.P.z|
-00000080 b3 6b f6 6b 2a 24 c9 b9 7b b0 42 0e 71 4d c2 da |.k.k*$..{.B.qM..|
+00000060 82 e5 1d 01 10 a6 dd 52 42 b6 e7 8b 3f 45 03 39 |.......RB...?E.9|
+00000070 f1 3c 27 73 f0 8b a7 98 99 e9 da b8 88 34 25 49 |.<'s.........4%I|
+00000080 38 4d 6b 3a 8d f8 61 c8 b7 0d 80 4b 7b 83 e3 9a |8Mk:..a....K{...|
+00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
+000000a0 00 00 00 00 00 4c b8 9a e7 90 56 f7 ce 20 41 bf |.....L....V.. A.|
+000000b0 44 f4 b7 85 ff 97 e9 43 4a 09 9e 7d 0e 91 1d 56 |D......CJ..}...V|
+000000c0 2d eb fb 44 4b |-..DK|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
index aa4cfe1..37c813d 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
@@ -1,15 +1,15 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 5d 01 00 00 59 03 03 ed f9 4a 41 31 |....]...Y....JA1|
-00000010 20 6a df af 85 92 37 a1 38 81 ed 3c 1a 7e d2 31 | j....7.8..<.~.1|
-00000020 80 5b 68 87 b6 72 43 8e c0 f0 dd 00 00 04 00 2f |.[h..rC......../|
-00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
-00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
-00000060 00 00 |..|
+00000000 16 03 01 00 6b 01 00 00 67 03 03 e1 81 50 38 7b |....k...g....P8{|
+00000010 dd e5 6f 1c 98 9e 2b 86 2d 50 95 de 00 b7 87 6e |..o...+.-P.....n|
+00000020 b3 d2 20 0f 61 5c 3e 6d 19 0c 76 00 00 04 00 2f |.. .a\>m..v..../|
+00000030 00 ff 01 00 00 3a 00 00 00 0e 00 0c 00 00 09 31 |.....:.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 04 00 02 08 04 |................|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -48,9 +48,10 @@
00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
-00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@|
-000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................|
-000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............|
+00000290 3b e9 fa e7 16 03 03 00 21 0d 00 00 1d 02 01 40 |;.......!......@|
+000002a0 00 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 |................|
+000002b0 06 01 06 03 02 01 02 03 00 00 16 03 03 00 04 0e |................|
+000002c0 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
@@ -84,40 +85,40 @@
000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
-00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 90 96 a6 |.5..............|
-00000210 45 0a 8d 6a 38 86 3a f0 0a cb d6 bb db 9b 27 a6 |E..j8.:.......'.|
-00000220 17 ca 02 6d 67 3c 56 80 74 9b 06 6e 62 58 55 43 |...mg<V.t..nbXUC|
-00000230 7e 7d 08 be cb 46 c4 60 45 e5 1c 3c 7d 89 bd 0d |~}...F.`E..<}...|
-00000240 c1 0a 7f d9 7c c2 c1 c6 c5 62 83 9e 88 a3 20 1c |....|....b.... .|
-00000250 d5 d6 32 b5 f8 4a 44 d5 35 e5 45 c1 68 c3 99 d3 |..2..JD.5.E.h...|
-00000260 f3 7b 0b 46 0a 8d 02 81 ca bb 0c ce b1 53 f0 0a |.{.F.........S..|
-00000270 10 b6 92 b3 b9 2a d5 8d 9d 68 94 54 11 37 69 12 |.....*...h.T.7i.|
-00000280 54 21 8a 95 a2 72 a8 1c 1a 21 74 9c 6f 16 03 03 |T!...r...!t.o...|
-00000290 00 88 0f 00 00 84 04 01 00 80 b9 cf 9f 51 c7 0b |.............Q..|
-000002a0 5c b0 2f ce 33 b0 d9 b6 c6 ae 47 29 09 8c 44 51 |\./.3.....G)..DQ|
-000002b0 40 86 04 66 d2 13 ff 22 f4 97 c6 c2 a0 1f 98 8e |@..f..."........|
-000002c0 a6 6e 9f 61 b1 fe ce 0d 82 43 42 06 9b 47 09 48 |.n.a.....CB..G.H|
-000002d0 a4 94 40 9f d3 2c 0f 22 f8 01 53 f0 a7 2a fd 86 |..@..,."..S..*..|
-000002e0 0b a2 b8 d7 b0 ee 0c a8 b7 c8 61 80 85 28 73 0b |..........a..(s.|
-000002f0 c0 8f 8a 2c 53 cc 2c 8a 5b 72 5a a6 9e 66 ea 96 |...,S.,.[rZ..f..|
-00000300 7d e2 14 47 7e 17 a9 2b d7 27 ca f7 21 ff 28 57 |}..G~..+.'..!.(W|
-00000310 fa 20 88 99 db 4f 91 0a be 07 14 03 03 00 01 01 |. ...O..........|
-00000320 16 03 03 00 40 af 85 82 66 bd 2c 4b c8 17 4c d8 |....@...f.,K..L.|
-00000330 69 6d 62 37 88 70 cf b2 31 f5 46 90 a6 fa ac 3d |imb7.p..1.F....=|
-00000340 02 1e 74 bb 24 83 35 34 ed 3f 7c ba d9 03 e1 4a |..t.$.54.?|....J|
-00000350 cf d5 16 aa 56 47 47 27 0e 68 de 12 bd 56 6e df |....VGG'.h...Vn.|
-00000360 fc 7e f1 34 ad |.~.4.|
+00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 94 94 83 |.5..............|
+00000210 d4 bf 82 86 72 fe 90 aa 36 eb 5a 10 df 59 58 f6 |....r...6.Z..YX.|
+00000220 c9 ee 1f c8 00 d1 8d d6 6b 06 bf 73 84 ca cb ef |........k..s....|
+00000230 08 ba 9f 10 94 70 0f a4 10 e1 de 62 c6 d8 ff e8 |.....p.....b....|
+00000240 2f b1 9d 07 40 1f 34 d4 76 46 53 86 51 66 01 38 |/...@.4.vFS.Qf.8|
+00000250 18 82 16 8c ff e7 29 83 c3 09 25 2d d9 a0 57 d0 |......)...%-..W.|
+00000260 e0 6b 50 dd c2 4a 57 47 b0 1d 5c a0 a5 c3 69 14 |.kP..JWG..\...i.|
+00000270 ec 10 ed 30 b4 c0 25 3c 65 d1 31 59 c1 30 9f 77 |...0..%<e.1Y.0.w|
+00000280 1f 1e 88 a1 18 f0 22 dd c1 8b 63 a2 6e 16 03 03 |......"...c.n...|
+00000290 00 88 0f 00 00 84 08 04 00 80 aa 26 3c 68 a6 ca |...........&<h..|
+000002a0 17 8c ec 7e 57 6c 94 e1 a9 e8 c6 8f 9c 8d b8 09 |...~Wl..........|
+000002b0 ba 45 ea 4f 57 f2 14 b9 4a 4e 18 a2 33 05 55 9b |.E.OW...JN..3.U.|
+000002c0 d7 6a 39 e9 82 9c 66 a0 50 dc 6d 2b 48 2c 76 d1 |.j9...f.P.m+H,v.|
+000002d0 91 4e ef 6d c8 18 00 f4 4b 96 61 1a 58 56 fc 62 |.N.m....K.a.XV.b|
+000002e0 3d 99 9d 12 c9 ea 52 9e a8 1d cf a5 cf b8 c0 2e |=.....R.........|
+000002f0 08 64 57 57 69 bd ee c9 19 fa f6 53 ac 3b e2 69 |.dWWi......S.;.i|
+00000300 d9 a1 8a 7a c3 e5 92 95 6f a6 4f 35 7a 08 4e a8 |...z....o.O5z.N.|
+00000310 8e 60 e0 df 20 14 6f f1 28 9e 14 03 03 00 01 01 |.`.. .o.(.......|
+00000320 16 03 03 00 40 d4 8d e3 39 26 9a 21 09 e6 76 bd |....@...9&.!..v.|
+00000330 93 e6 98 8f 59 b0 4d 5c cc 96 7d 6e cf 29 fd 58 |....Y.M\..}n.).X|
+00000340 81 c5 ae f5 b6 61 46 e4 55 ff 49 5c 4b 63 03 db |.....aF.U.I\Kc..|
+00000350 1e ce 76 92 fb 18 d3 ca 2d 62 3e cd 98 f5 34 25 |..v.....-b>...4%|
+00000360 94 63 17 99 fc |.c...|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 52 d1 34 99 c9 |...........R.4..|
-00000020 60 18 c3 99 36 2d c5 c2 14 ae f4 e5 10 e1 6f af |`...6-........o.|
-00000030 70 3b c3 d6 d1 81 ee da fe 6e a5 96 81 53 cf 9a |p;.......n...S..|
-00000040 cc c2 ac 98 95 0c 75 81 ac 55 6b 17 03 03 00 40 |......u..Uk....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 c6 b8 7e 65 f8 |.............~e.|
+00000020 c4 d9 2c 00 11 f4 ae 2b 13 33 84 31 e6 e6 6e d5 |..,....+.3.1..n.|
+00000030 b0 8c 12 c9 6d 26 c2 8c 9c d0 2e 1b 3d 68 98 27 |....m&......=h.'|
+00000040 a2 f9 92 46 60 40 dc a6 12 c1 ee 17 03 03 00 40 |...F`@.........@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 46 ff 8d a9 0d 65 e1 82 48 4c 31 ec 60 24 61 52 |F....e..HL1.`$aR|
-00000070 33 41 b1 7b 6a a8 96 b3 59 eb c9 2c f8 f2 4d 15 |3A.{j...Y..,..M.|
-00000080 83 3e 99 c4 08 89 24 e3 de 4a bf 54 f4 eb a3 2a |.>....$..J.T...*|
+00000060 70 ae c5 b1 11 36 22 4f 4b 11 cd 75 25 9c 8d 5e |p....6"OK..u%..^|
+00000070 8b 3b f0 e0 fd 78 22 c7 e1 14 67 2e 12 13 53 44 |.;...x"...g...SD|
+00000080 38 7b f9 53 08 90 c8 95 3a 16 b1 b0 81 ce 44 b3 |8{.S....:.....D.|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 dc f3 c7 14 24 b7 a8 fa f4 78 6f |.........$....xo|
-000000b0 7a 0c bd ad 14 d5 83 f7 97 30 58 0a a8 b5 76 88 |z........0X...v.|
-000000c0 60 00 3d 4c 1a |`.=L.|
+000000a0 00 00 00 00 00 a1 82 43 82 46 02 07 98 13 cc a1 |.......C.F......|
+000000b0 9f bd 78 9d 7a d0 c3 cc e1 08 46 84 49 97 fb 5c |..x.z.....F.I..\|
+000000c0 49 62 01 65 de |Ib.e.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled
new file mode 100644
index 0000000..cb626a1
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled
@@ -0,0 +1,126 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 97 01 00 00 93 03 03 9e b1 2a 26 04 |.............*&.|
+00000010 8d 66 df 43 cb 0a 85 80 4f f2 99 7d 80 20 64 7e |.f.C....O..}. d~|
+00000020 30 a0 bb 60 ac 0e d4 ce f0 ae 98 00 00 04 00 2f |0..`.........../|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@|
+000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................|
+000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............|
+>>> Flow 3 (client to server)
+00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
+00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
+00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523|
+00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.|
+00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
+000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x|
+000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.|
+000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4|
+000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..|
+000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#|
+000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....|
+00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......|
+00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..|
+00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U|
+00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U|
+00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......|
+00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.|
+00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0|
+00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........|
+00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..|
+00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]|
+000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A|
+000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...|
+000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...|
+000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
+000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
+000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
+00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 3f 1b ee |.5...........?..|
+00000210 02 ec a5 9f 6e 38 69 2c b7 03 89 65 b4 92 79 a0 |....n8i,...e..y.|
+00000220 b2 0b ab 9b 44 9c 68 d1 8e 5c 40 9c b5 1c a5 70 |....D.h..\@....p|
+00000230 00 a2 2e fb 98 b7 45 7b 9c 63 46 68 1d 55 9e 01 |......E{.cFh.U..|
+00000240 7f 84 31 62 07 c4 2f 20 5f 1a 94 8c 1f f4 3a 6d |..1b../ _.....:m|
+00000250 a8 2b b8 08 5b ec 27 e3 49 9e 51 b3 66 98 09 ba |.+..[.'.I.Q.f...|
+00000260 64 65 c8 3c 11 fb 14 4a c9 ea 3c 5e 52 10 a0 0b |de.<...J..<^R...|
+00000270 a9 fc 10 13 c9 99 0c a0 8b b4 40 66 0e 11 5e 1d |..........@f..^.|
+00000280 8b 45 5c 4d 0d 39 39 f6 0c 59 8f 06 99 16 03 03 |.E\M.99..Y......|
+00000290 00 88 0f 00 00 84 04 01 00 80 71 1c 9c fd b2 c9 |..........q.....|
+000002a0 b9 7f f3 51 e2 63 96 08 56 d2 bd 19 61 9f 3f be |...Q.c..V...a.?.|
+000002b0 e5 4c 22 a8 3f 81 98 2d 67 56 4e 2d 61 6e 51 e5 |.L".?..-gVN-anQ.|
+000002c0 11 24 bd 1b 38 ba dc 8c 76 51 1d 3c 6e 81 50 9a |.$..8...vQ.<n.P.|
+000002d0 b5 24 9c d8 af f7 80 8a 51 43 ec b3 59 18 bd ea |.$......QC..Y...|
+000002e0 8a be af 11 c8 ac 60 88 e3 67 a2 ae c2 95 16 47 |......`..g.....G|
+000002f0 2b e2 ea 42 0a 0a 3f 2b 8b c8 ec 9d e7 b2 a6 ee |+..B..?+........|
+00000300 f4 9b ba 28 47 e2 30 ae 05 89 09 65 3d b6 54 8a |...(G.0....e=.T.|
+00000310 4a df d4 fa a5 4c 30 38 53 f2 14 03 03 00 01 01 |J....L08S.......|
+00000320 16 03 03 00 40 97 50 23 88 56 0d d4 1b ba 6f 3e |....@.P#.V....o>|
+00000330 8d 82 6c f3 04 55 2c 13 d9 5b 0a 73 88 4f 8b 3c |..l..U,..[.s.O.<|
+00000340 cd ef 1a a7 15 7c 33 bb ff fa 01 c4 87 d7 df 47 |.....|3........G|
+00000350 37 b6 fe 1d e6 82 c2 8a 33 b1 c9 ae 85 45 c8 0d |7.......3....E..|
+00000360 38 47 69 2d 54 |8Gi-T|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
+00000010 00 00 00 00 00 00 00 00 00 00 00 20 98 12 44 63 |........... ..Dc|
+00000020 e7 77 e6 e8 c0 c7 d7 b6 f7 c4 4e 13 e3 79 af 33 |.w........N..y.3|
+00000030 3b 6c 86 22 c5 9e dd 25 74 e5 7b 37 fb 24 c6 48 |;l."...%t.{7.$.H|
+00000040 c9 74 a7 9b 9b 32 a7 c1 b9 bb e0 17 03 03 00 40 |.t...2.........@|
+00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000060 80 d7 ec 51 cf ae d4 1a af 11 59 d1 0c 62 a6 67 |...Q......Y..b.g|
+00000070 2e 6f 18 23 29 75 92 07 b1 16 09 8f 2d f8 04 fe |.o.#)u......-...|
+00000080 ce 71 2c b6 00 fd 7b 53 cb 6d 97 06 06 e6 af f4 |.q,...{S.m......|
+00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
+000000a0 00 00 00 00 00 73 14 3a 87 3b ca 3a 2b b2 52 30 |.....s.:.;.:+.R0|
+000000b0 98 62 88 1b a7 58 66 47 66 72 fd bb b6 b7 6b 99 |.b...XfGfr....k.|
+000000c0 20 ab e9 22 62 | .."b|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required
new file mode 100644
index 0000000..86d5415
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required
@@ -0,0 +1,74 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 97 01 00 00 93 03 03 d7 9c de f8 62 |...............b|
+00000010 7e 32 5b bc d5 12 35 89 42 37 be ca 55 74 24 61 |~2[...5.B7..Ut$a|
+00000020 c0 50 91 0f 1b 42 29 9f c1 6a cb 00 00 04 00 2f |.P...B)..j...../|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@|
+000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................|
+000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................|
+00000010 86 10 00 00 82 00 80 1d c6 6c b0 b9 b3 41 06 80 |.........l...A..|
+00000020 e0 f5 df 06 ae 0f 2f 5f 72 14 44 47 16 c4 f0 a6 |....../_r.DG....|
+00000030 68 be fa ee ec 9b 38 b0 e4 bd a3 e9 ca 18 5b 25 |h.....8.......[%|
+00000040 33 31 57 86 63 59 0e ce 10 77 f8 42 a6 5c ad 3f |31W.cY...w.B.\.?|
+00000050 80 85 a5 c1 06 4c 36 aa f3 ee 62 39 66 69 76 51 |.....L6...b9fivQ|
+00000060 57 cc a0 b1 35 81 d5 38 01 2d 83 0e 2e 6b a9 84 |W...5..8.-...k..|
+00000070 0d 8b 29 93 90 78 2d 0d 33 5f 85 0d 00 0c e2 5f |..)..x-.3_....._|
+00000080 83 21 28 27 83 ad 9d 19 2d 01 35 6d 85 2e 8d 6b |.!('....-.5m...k|
+00000090 eb 7a cd 8a 3f 42 e2 14 03 03 00 01 01 16 03 03 |.z..?B..........|
+000000a0 00 40 5e 19 0f d0 4c 17 e0 25 e6 6b a1 d9 ea 59 |.@^...L..%.k...Y|
+000000b0 f4 3a 55 84 2c 50 1e 53 47 78 45 b8 97 f7 7f 3d |.:U.,P.SGxE....=|
+000000c0 af d9 7a ad 30 30 77 1a 93 05 19 5b 9b 13 70 e0 |..z.00w....[..p.|
+000000d0 e0 f8 ba 6a bd 74 c5 71 0d 5a 2c 3f 2d 98 1a 3c |...j.t.q.Z,?-..<|
+000000e0 5a 7d |Z}|
+>>> Flow 4 (server to client)
+00000000 15 03 03 00 02 02 2a |......*|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
new file mode 100644
index 0000000..ebc16c5
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
@@ -0,0 +1,124 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 6b 01 00 00 67 03 03 a5 db 42 40 b5 |....k...g....B@.|
+00000010 57 97 90 6f de 6e 07 7c 3d f6 ce a5 ec 37 52 2e |W..o.n.|=....7R.|
+00000020 d9 cf 7c dc f9 66 34 7f ef a3 90 00 00 04 00 2f |..|..f4......../|
+00000030 00 ff 01 00 00 3a 00 00 00 0e 00 0c 00 00 09 31 |.....:.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 04 00 02 04 01 |................|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 21 0d 00 00 1d 02 01 40 |;.......!......@|
+000002a0 00 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 |................|
+000002b0 06 01 06 03 02 01 02 03 00 00 16 03 03 00 04 0e |................|
+000002c0 00 00 00 |...|
+>>> Flow 3 (client to server)
+00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
+00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
+00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523|
+00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.|
+00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
+000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x|
+000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.|
+000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4|
+000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..|
+000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#|
+000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....|
+00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......|
+00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..|
+00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U|
+00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U|
+00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......|
+00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.|
+00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0|
+00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........|
+00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..|
+00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]|
+000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A|
+000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...|
+000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...|
+000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
+000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
+000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
+00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 50 e9 35 |.5...........P.5|
+00000210 02 8f b8 95 2f 2c 00 92 dd 06 c9 0b 41 13 2b 1a |..../,......A.+.|
+00000220 94 3c 98 24 9e 5b 08 ba aa d2 8c 25 64 01 2c 19 |.<.$.[.....%d.,.|
+00000230 2a 10 3d 85 de e6 9d 7e e3 a6 a1 ca 04 85 78 8e |*.=....~......x.|
+00000240 4e ff 74 d2 0f 5f c9 6a 27 41 71 78 f9 64 e4 b9 |N.t.._.j'Aqx.d..|
+00000250 27 c8 c3 f4 64 f5 e7 9c 5b 02 e5 e7 be a2 aa 5a |'...d...[......Z|
+00000260 a6 77 83 7e 6a 4b 5f 18 5c a2 f8 b9 42 3d 06 21 |.w.~jK_.\...B=.!|
+00000270 65 88 11 cf 0e 8a 9f c2 0b 7d c4 8e a0 aa 2d d8 |e........}....-.|
+00000280 93 15 88 61 8c c4 7c a8 e0 cb 13 6b b0 16 03 03 |...a..|....k....|
+00000290 00 88 0f 00 00 84 04 01 00 80 27 77 f1 9a 6e d1 |..........'w..n.|
+000002a0 d0 2d e1 cc 69 85 64 67 e0 fa 54 de 93 89 ca e8 |.-..i.dg..T.....|
+000002b0 a2 90 09 7b 96 22 f7 d8 f9 3e a5 c3 d0 31 9b 1e |...{."...>...1..|
+000002c0 b8 e6 8b 6e 7b 46 87 c2 21 c6 40 b9 d4 ec 54 67 |...n{F..!.@...Tg|
+000002d0 ce 49 5e a6 9f 14 cc 84 ea 71 dd e6 b6 f9 e1 2d |.I^......q.....-|
+000002e0 d6 dc 35 fa fd ce 39 70 97 15 6e 27 33 a2 da e9 |..5...9p..n'3...|
+000002f0 2c a6 5b 1b 18 57 78 a7 47 b8 04 26 35 55 5a 02 |,.[..Wx.G..&5UZ.|
+00000300 9a e8 48 73 f7 8a ac e8 59 86 61 2d bd c5 02 a6 |..Hs....Y.a-....|
+00000310 72 cc 37 8e ec 93 b5 53 6d f9 14 03 03 00 01 01 |r.7....Sm.......|
+00000320 16 03 03 00 40 e0 2f d8 1c fd 1a d0 e1 0c 92 4a |....@./........J|
+00000330 8b 2b 01 10 58 8c dc 8f c8 b3 22 42 9b 10 d1 a6 |.+..X....."B....|
+00000340 3e fe 3b 94 46 2f 41 ec b6 d3 33 90 95 8c 69 fa |>.;.F/A...3...i.|
+00000350 f6 1d 6c a2 45 27 1f d3 d9 6b cb 2d e4 e2 c1 39 |..l.E'...k.-...9|
+00000360 5d ed fa a1 b8 |]....|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
+00000010 00 00 00 00 00 00 00 00 00 00 00 37 e0 14 c7 88 |...........7....|
+00000020 ef de eb 58 7c bc 28 35 0e 5d 42 c0 45 5e 7c 50 |...X|.(5.]B.E^|P|
+00000030 82 5b f6 4d 28 b6 75 7b b0 bf 01 05 b1 16 e1 d8 |.[.M(.u{........|
+00000040 96 0c 4e c5 84 19 64 1e ee be 4c 17 03 03 00 40 |..N...d...L....@|
+00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000060 6a ca ba a3 69 e8 b8 74 19 dc 93 50 df 1c 62 71 |j...i..t...P..bq|
+00000070 54 c0 55 c0 aa 40 8e b9 f6 3c fe 54 6f 36 b8 26 |T.U..@...<.To6.&|
+00000080 ea 5b e8 83 fc 7b a0 a8 f6 b1 36 7d 8c db c3 8a |.[...{....6}....|
+00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
+000000a0 00 00 00 00 00 2c e0 ed 49 c6 bc 76 c4 9d 2e 1c |.....,..I..v....|
+000000b0 ca f8 80 61 b8 11 4a 3f 9f ad 7e 0e 79 58 25 bf |...a..J?..~.yX%.|
+000000c0 c5 3f 95 9a e9 |.?...|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
index 924ef9d..7b38a99 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 5d 01 00 00 59 03 03 ee 51 24 51 2c |....]...Y...Q$Q,|
-00000010 0b 9f 26 d2 7c e0 8b 8a 9b a8 d3 a9 a7 59 05 a3 |..&.|........Y..|
-00000020 67 92 fc 3f cb e8 cd ba 62 b7 19 00 00 04 00 2f |g..?....b....../|
-00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
-00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
-00000060 00 00 |..|
+00000000 16 03 01 00 97 01 00 00 93 03 03 23 f3 fb 5f cb |...........#.._.|
+00000010 3f 63 8a f2 4c c7 41 cd 64 00 4f 7c 63 66 e1 3f |?c..L.A.d.O|cf.?|
+00000020 b6 8d 4e 24 20 35 9c c5 c3 96 e9 00 00 04 00 2f |..N$ 5........./|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -48,36 +51,37 @@
00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
-00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@|
-000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................|
-000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............|
+00000290 3b e9 fa e7 16 03 03 00 21 0d 00 00 1d 02 01 40 |;.......!......@|
+000002a0 00 16 08 04 08 05 08 06 04 01 04 03 05 01 05 03 |................|
+000002b0 06 01 06 03 02 01 02 03 00 00 16 03 03 00 04 0e |................|
+000002c0 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................|
-00000010 86 10 00 00 82 00 80 0b e8 d9 4f fa 7d 63 8c 89 |..........O.}c..|
-00000020 b7 c8 73 76 9b fa 7f b6 c3 57 f2 54 75 90 90 ec |..sv.....W.Tu...|
-00000030 9e 8d 08 ae 3f dc 6e fa df 2a 32 2b 35 e9 03 f7 |....?.n..*2+5...|
-00000040 c5 d1 7c f5 20 1f 77 0a 24 b8 4e 7e 11 fe b0 87 |..|. .w.$.N~....|
-00000050 db f6 ff 92 1a fc 6a 8d 48 7e ac bc 95 99 4a f8 |......j.H~....J.|
-00000060 1b cc 07 42 48 0c 25 d2 47 82 59 14 76 84 d3 e9 |...BH.%.G.Y.v...|
-00000070 d6 0a 5a b1 0a c6 31 3e 80 e2 29 c8 a6 31 dd 64 |..Z...1>..)..1.d|
-00000080 96 7a f5 ee d9 0f 03 b5 93 05 b8 a2 04 66 ff fc |.z...........f..|
-00000090 f5 2f e7 6c b9 2d 98 14 03 03 00 01 01 16 03 03 |./.l.-..........|
-000000a0 00 40 f2 d2 da 46 89 c4 17 25 b8 33 d6 38 46 5c |.@...F...%.3.8F\|
-000000b0 80 a0 eb cf fd 5a 27 f3 0b 16 e1 29 bd b8 46 28 |.....Z'....)..F(|
-000000c0 11 d3 cc 12 12 96 9b b8 31 52 50 73 81 57 aa 29 |........1RPs.W.)|
-000000d0 5c 66 da 39 2d f8 cb 15 e0 01 86 b5 0b d5 1f 56 |\f.9-..........V|
-000000e0 23 a0 |#.|
+00000010 86 10 00 00 82 00 80 d7 50 22 1d 9e b8 81 12 e5 |........P"......|
+00000020 47 e6 65 cf 82 19 a2 43 9a 5c 7b 44 98 eb d9 ac |G.e....C.\{D....|
+00000030 e1 4e f5 9d ad bd 0a 0e 17 07 81 b9 b5 4b bb b1 |.N...........K..|
+00000040 95 da 0a 82 67 ba 98 1b cc 45 91 62 ee 36 eb e3 |....g....E.b.6..|
+00000050 18 30 34 f6 38 ab 3d 0c a7 2b bd 90 94 49 81 af |.04.8.=..+...I..|
+00000060 67 a0 f2 b4 0f c0 09 eb c3 23 24 4b 76 3f cb b9 |g........#$Kv?..|
+00000070 4c a3 53 a7 f6 53 34 1b 24 24 2f cc 24 d8 fb 12 |L.S..S4.$$/.$...|
+00000080 65 60 cf 06 92 c3 7c 63 18 b1 92 88 e3 a8 1d 9c |e`....|c........|
+00000090 f7 c1 9a a4 af 78 7d 14 03 03 00 01 01 16 03 03 |.....x}.........|
+000000a0 00 40 91 9a 6b 71 c5 3e 88 9a 26 b4 af fa 41 26 |.@..kq.>..&...A&|
+000000b0 72 33 a7 72 9b 22 89 d9 a5 ed 3d 0e 0e af c8 ef |r3.r."....=.....|
+000000c0 3d c8 89 e4 0d 21 df 06 37 23 0f 50 d1 3e ef af |=....!..7#.P.>..|
+000000d0 d8 cd 30 cc c4 18 3a 12 49 c0 0a 21 20 cd ac 66 |..0...:.I..! ..f|
+000000e0 96 c3 |..|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 65 58 5e 2f 25 |...........eX^/%|
-00000020 67 71 87 7d a9 75 73 80 6b 03 76 63 a8 1f 80 06 |gq.}.us.k.vc....|
-00000030 0f 78 b0 75 20 9e ab 36 59 d7 f9 88 22 c1 d1 be |.x.u ..6Y..."...|
-00000040 c9 d2 c1 13 20 6a 75 07 95 00 ca 17 03 03 00 40 |.... ju........@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 2d 70 ad 8f ed |...........-p...|
+00000020 c0 cf ce 73 28 76 8f da 65 41 46 53 dd 06 0d cc |...s(v..eAFS....|
+00000030 36 cb f3 b8 c7 1f df 53 1a 7d 1e 9f d6 b9 e3 9e |6......S.}......|
+00000040 fe a8 d9 91 6c 3b d2 ef b6 30 55 17 03 03 00 40 |....l;...0U....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 25 31 9c 1d 48 d9 c3 e4 59 3a 3a e2 85 3a 78 27 |%1..H...Y::..:x'|
-00000070 85 69 63 8e 3c 32 b2 03 65 3f 7a 7f 3b fe b1 83 |.ic.<2..e?z.;...|
-00000080 f6 64 a1 3e 83 55 7b 39 2a 01 86 de 79 a3 55 b1 |.d.>.U{9*...y.U.|
+00000060 6a 43 95 20 f0 f9 b4 e0 12 24 ae c1 55 c2 ad ec |jC. .....$..U...|
+00000070 de 42 1f 0b ff 5b e5 ab 8b aa 72 69 2f 10 12 ca |.B...[....ri/...|
+00000080 8c f2 77 be 60 81 ef c9 34 dc d7 68 57 d5 17 aa |..w.`...4..hW...|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 40 26 48 75 e5 e0 83 c0 1a 66 5a |.....@&Hu.....fZ|
-000000b0 5f b2 11 a6 b7 a3 4d f2 ca 49 6a f2 48 a1 ee 99 |_.....M..Ij.H...|
-000000c0 ff 0d c1 f7 4f |....O|
+000000a0 00 00 00 00 00 c0 4b 9e e5 6b 45 60 e1 7b 87 b1 |......K..kE`.{..|
+000000b0 76 06 e4 dc d7 01 eb db 04 9c 9b d4 bd 5c e0 18 |v............\..|
+000000c0 72 7a 73 93 4f |rzs.O|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/src/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES
index 8aa11ab..d727468 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES
+++ b/src/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES
@@ -1,16 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 73 01 00 00 6f 03 03 8b 7a 0c fa 8b |....s...o...z...|
-00000010 92 b9 b6 d6 b8 93 50 29 07 2e 8e 70 9b a1 55 65 |......P)...p..Ue|
-00000020 ba 05 9d 74 2e 7e a6 2a 10 e1 3c 00 00 04 c0 0a |...t.~.*..<.....|
-00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........|
-00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... |
-00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................|
-00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................|
-00000070 00 16 00 00 00 17 00 00 |........|
+00000000 16 03 01 00 97 01 00 00 93 03 03 85 04 eb 6f 6a |..............oj|
+00000010 88 25 0b 90 fb 37 a8 63 c7 18 1a ac 91 a9 aa 24 |.%...7.c.......$|
+00000020 c3 99 1a 69 e5 f5 1e 12 73 ef 1a 00 00 04 c0 0a |...i....s.......|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 03 02 0e 0b 00 02 0a 00 |................|
00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...|
00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.|
@@ -47,36 +49,36 @@
00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 03 00 b7 0c 00 |{j.9....*.......|
00000250 00 b3 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(|
00000260 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........|
-00000270 99 5f 58 cb 3b 74 06 03 00 8b 30 81 88 02 42 00 |._X.;t....0...B.|
-00000280 cb 8e af 48 f8 79 66 5b 9a 52 8d 67 ec 13 02 a5 |...H.yf[.R.g....|
-00000290 ab 77 9e 15 17 c2 4e ff 7a b4 5b 53 1a 16 22 3f |.w....N.z.[S.."?|
-000002a0 b8 83 40 99 64 67 b3 54 19 29 6b 2d a8 3c 63 44 |..@.dg.T.)k-.<cD|
-000002b0 d5 45 20 3f 9a 8e b9 71 d6 7a 85 d5 aa 99 7f 02 |.E ?...q.z......|
-000002c0 a8 02 42 00 c1 15 3b 9b 9d de eb 2e 63 52 35 b2 |..B...;.....cR5.|
-000002d0 1e 63 b1 1a 20 58 e5 e7 6d b3 e8 c8 3d 0f af 98 |.c.. X..m...=...|
-000002e0 4a 2a a0 f8 8e aa 2a f2 2a 1e 41 98 be 6f 6c bc |J*....*.*.A..ol.|
-000002f0 ad 57 1d 2b 50 0b d9 47 d2 7a 62 08 a5 e5 28 44 |.W.+P..G.zb...(D|
-00000300 a7 e2 eb 4a b8 16 03 03 00 04 0e 00 00 00 |...J..........|
+00000270 99 5f 58 cb 3b 74 04 03 00 8b 30 81 88 02 42 01 |._X.;t....0...B.|
+00000280 4b 46 70 e2 b9 cb ea 38 8f 00 6e 47 5e 1a 1c a1 |KFp....8..nG^...|
+00000290 fb a9 1c 3d a1 88 0d c4 8a 45 af 50 32 ba 36 e9 |...=.....E.P2.6.|
+000002a0 f5 b0 09 aa 39 1a 96 9e c6 74 98 ad b8 09 79 b4 |....9....t....y.|
+000002b0 5b 01 8f 9a 66 11 0e a8 6a ac 61 f4 40 3d 4f 9b |[...f...j.a.@=O.|
+000002c0 9f 02 42 00 a1 2f b0 46 41 42 35 5a 4b 7b bb 22 |..B../.FAB5ZK{."|
+000002d0 d9 a5 31 23 2c 94 8f 48 39 29 c6 33 6a 52 a6 22 |..1#,..H9).3jR."|
+000002e0 5d 72 5b 2c 45 e9 0d 0a fb f4 24 26 d4 50 5e 20 |]r[,E.....$&.P^ |
+000002f0 f4 fc 6c a9 62 4b db a1 74 88 1a ef bd 78 dd e8 |..l.bK..t....x..|
+00000300 5a 04 be ca 25 16 03 03 00 04 0e 00 00 00 |Z...%.........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 d2 c0 5b 2a f2 05 |....%...! ..[*..|
-00000010 4d 57 b0 d0 8b 51 b0 7f 1f 71 8b d9 55 76 46 c9 |MW...Q...q..UvF.|
-00000020 a8 40 44 2c a1 51 74 50 4a 22 14 03 03 00 01 01 |.@D,.QtPJ"......|
-00000030 16 03 03 00 40 79 6d 1b bc e7 5b 5c 7b 99 62 2b |....@ym...[\{.b+|
-00000040 4a 1a b2 0f 76 72 67 d1 ec 25 04 5f fb 25 f4 9c |J...vrg..%._.%..|
-00000050 9c 47 bb b9 85 28 59 0c 0c 15 3f 86 a5 16 c8 ef |.G...(Y...?.....|
-00000060 a4 e6 8e c0 96 37 47 5a c8 cd f2 90 41 9b 94 dc |.....7GZ....A...|
-00000070 ec fe e2 df d4 |.....|
+00000000 16 03 03 00 25 10 00 00 21 20 80 d6 42 fa 29 87 |....%...! ..B.).|
+00000010 df 45 d0 44 75 c7 bd a9 be e7 8c ef 3f 74 3d bd |.E.Du.......?t=.|
+00000020 e2 49 40 ad f9 7f 90 ff 5e 75 14 03 03 00 01 01 |.I@.....^u......|
+00000030 16 03 03 00 40 dc c3 d3 7b 19 19 67 e1 f1 f7 3b |....@...{..g...;|
+00000040 f7 76 0f da df 38 88 73 61 34 83 04 b9 ab 61 72 |.v...8.sa4....ar|
+00000050 2f 38 cb c3 1b 04 60 20 32 a8 db 46 63 85 f2 21 |/8....` 2..Fc..!|
+00000060 54 6e 9d 5d ba 0a 07 2e 9d 38 af 76 0e 29 b1 c6 |Tn.].....8.v.)..|
+00000070 d5 b0 f8 b3 39 |....9|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 8a 19 1e 82 d0 |................|
-00000020 46 f4 79 8d 9b fd 55 25 a9 6b d8 30 b3 41 f8 df |F.y...U%.k.0.A..|
-00000030 a5 f8 9d 4c fe cc e1 1c 62 70 cf 60 12 cb 14 3e |...L....bp.`...>|
-00000040 86 e9 d1 bb 46 60 7d b5 74 5f f5 17 03 03 00 40 |....F`}.t_.....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 4f dc d7 df d3 |...........O....|
+00000020 ab 43 f7 20 57 51 28 d2 0a ce ac e0 88 5c 01 c5 |.C. WQ(......\..|
+00000030 22 f7 37 e8 ac d3 38 ab 1b 43 53 b1 a7 35 6f 86 |".7...8..CS..5o.|
+00000040 2b a5 9b 98 8f 9d a3 ff 11 d2 c7 17 03 03 00 40 |+..............@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 97 1c 70 9d cf 17 89 8c c7 ad 84 38 6e f5 c6 d1 |..p........8n...|
-00000070 c8 6e b2 a2 69 27 9a 59 fb bc af c0 15 47 40 b9 |.n..i'.Y.....G@.|
-00000080 e1 35 9b 37 50 9f 05 53 60 f8 f9 91 40 67 36 a8 |.5.7P..S`...@g6.|
+00000060 3f 4c d0 ee d7 12 3c ef 73 55 b0 8d b7 78 8a de |?L....<.sU...x..|
+00000070 d9 a5 c0 58 25 95 ae 8c 0f 85 bd ee 93 80 f6 3d |...X%..........=|
+00000080 ac 28 a6 87 98 d2 4c e4 54 a6 a5 ef 12 70 0c 37 |.(....L.T....p.7|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 0f 90 a8 00 9e 0e 51 29 b5 96 da |...........Q)...|
-000000b0 b1 0d 81 7b 71 ff c9 de f8 aa c4 bd e1 7d 0d 35 |...{q........}.5|
-000000c0 b1 ed ae 20 3c |... <|
+000000a0 00 00 00 00 00 e3 51 95 2e 0c 71 a9 e6 c6 4d bc |......Q...q...M.|
+000000b0 2e 89 99 c0 db e8 59 0a e0 a2 f8 46 ef 3b 20 c6 |......Y....F.; .|
+000000c0 8d a4 55 a2 5e |..U.^|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial b/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
index 6415c42..7d7ee63 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
+++ b/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
@@ -1,19 +1,22 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 ab 01 00 00 a7 03 03 7a 49 9d 20 62 |...........zI. b|
-00000010 45 8d 0c 1e 8e eb b1 5e 73 62 6d 48 61 31 cb 1a |E......^sbmHa1..|
-00000020 89 b2 68 1b 2c cb 35 87 2a 17 fb 00 00 38 c0 2c |..h.,.5.*....8.,|
+00000000 16 03 01 00 cf 01 00 00 cb 03 03 79 bf 0b 29 ec |...........y..).|
+00000010 6a 0b 84 1e 2c d5 bf 30 b7 55 b9 7b 77 69 8f 9a |j...,..0.U.{wi..|
+00000020 71 34 c9 83 d1 af de 50 d5 d6 fc 00 00 38 c0 2c |q4.....P.....8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
-00000060 00 35 00 2f 00 ff 01 00 00 46 00 0b 00 04 03 00 |.5./.....F......|
-00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................|
-00000080 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 20 |.#............. |
-00000090 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................|
-000000a0 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................|
+00000060 00 35 00 2f 00 ff 01 00 00 6a 00 00 00 0e 00 0c |.5./.....j......|
+00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000090 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+000000a0 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 |...0............|
+000000b0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000c0 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 |................|
+000000d0 05 02 06 02 |....|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.|
00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..|
00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.|
@@ -55,38 +58,38 @@
00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 00 |.\!.;...........|
000002a0 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 da |.... /.}.G.bC.(.|
000002b0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
-000002c0 5f 58 cb 3b 74 06 01 00 80 7f ee dd 6b 38 23 29 |_X.;t.......k8#)|
-000002d0 56 ff d2 c2 08 86 52 b6 e3 8a d5 fe 47 79 5e ef |V.....R.....Gy^.|
-000002e0 99 7a 0b d7 44 84 b9 2f 7a 2c 64 4f b3 7c aa 44 |.z..D../z,dO.|.D|
-000002f0 aa 38 5d 1b 69 16 9f f2 7d f8 24 43 47 ad 31 bc |.8].i...}.$CG.1.|
-00000300 f5 3d b8 c8 33 6e 3f 6f 2b ea 19 a2 30 32 2b 2a |.=..3n?o+...02+*|
-00000310 81 64 3c ee ed 78 4c fa 80 fd e7 5f ef 85 98 d4 |.d<..xL...._....|
-00000320 48 06 b8 f5 5e 1e e6 f3 42 a8 2f 99 5f ea b3 ba |H...^...B./._...|
-00000330 8e a8 31 99 85 f2 46 11 a3 d2 c6 81 4b f1 22 7d |..1...F.....K."}|
-00000340 d7 45 04 f1 a6 d6 7e 8f 9d 16 03 03 00 04 0e 00 |.E....~.........|
+000002c0 5f 58 cb 3b 74 08 04 00 80 36 12 82 aa d1 40 60 |_X.;t....6....@`|
+000002d0 6c fb da 0b 04 f6 23 94 3f 3d 8c a5 f4 fe ed 1f |l.....#.?=......|
+000002e0 be 25 85 94 c9 2f 19 64 52 2b 8a 13 29 52 ae 77 |.%.../.dR+..)R.w|
+000002f0 ca 24 40 f1 31 1c f3 aa 33 29 1f cc b0 a3 8b e6 |.$@.1...3)......|
+00000300 c3 26 90 e4 11 48 e6 91 a6 5d 5e c6 18 8d 4f 2c |.&...H...]^...O,|
+00000310 21 be bc 13 4d de bb 68 42 0b e1 29 3e 8e fc b9 |!...M..hB..)>...|
+00000320 45 ed c4 87 ed 62 1d 04 c0 4f d5 f5 94 62 65 07 |E....b...O...be.|
+00000330 8c f0 00 3d 47 f6 f5 93 e3 a9 69 ce 79 8a e5 24 |...=G.....i.y..$|
+00000340 01 d4 28 e6 f5 f5 a9 7e ab 16 03 03 00 04 0e 00 |..(....~........|
00000350 00 00 |..|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 22 e7 e7 61 a9 27 |....%...! "..a.'|
-00000010 7b 93 d1 42 76 dd 16 32 e8 92 37 37 2f fd 0d 92 |{..Bv..2..77/...|
-00000020 1f 8e b7 c5 69 40 d3 1a 7d 06 14 03 03 00 01 01 |....i@..}.......|
-00000030 16 03 03 00 28 4e 7f b2 a2 20 5d cf a1 5a de 42 |....(N... ]..Z.B|
-00000040 c5 72 c3 ef c3 23 a7 2c f3 5b 3d a4 81 21 ac db |.r...#.,.[=..!..|
-00000050 44 1c f3 a1 83 aa a1 b7 85 9a c7 23 03 |D..........#.|
+00000000 16 03 03 00 25 10 00 00 21 20 ea 09 8a 21 18 89 |....%...! ...!..|
+00000010 7d 4f ee 95 8e 6c 1a 07 22 59 e7 f9 05 41 2a c2 |}O...l.."Y...A*.|
+00000020 ad 51 71 9c a4 0e 08 eb 49 71 14 03 03 00 01 01 |.Qq.....Iq......|
+00000030 16 03 03 00 28 6a ab 19 f6 b6 cb 70 34 ee 73 d2 |....(j.....p4.s.|
+00000040 05 bf 99 37 44 b7 f9 1e b1 8a 3d f9 13 bd 0c 77 |...7D.....=....w|
+00000050 02 b0 64 08 f9 d9 f2 96 b4 5b 87 ff 0b |..d......[...|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f ec 80 83 61 3f 55 e3 9d ab 39 87 5b d0 ba 44 |o...a?U...9.[..D|
-00000040 07 91 a8 d0 37 8a 7e 51 0d 00 97 ec 1b 61 f3 3b |....7.~Q.....a.;|
-00000050 9f 29 24 d5 98 f7 4d 3b 80 ef 2f 4d aa 02 98 93 |.)$...M;../M....|
-00000060 81 03 87 d8 06 33 94 f5 ed 5d cc 8f 57 97 70 26 |.....3...]..W.p&|
-00000070 00 dc 0d d2 96 16 a2 6d fc be 8d 4b fa 5f b3 04 |.......m...K._..|
-00000080 ce bb 48 ee c0 75 23 14 03 03 00 01 01 16 03 03 |..H..u#.........|
-00000090 00 28 00 00 00 00 00 00 00 00 3a 69 e0 40 e2 d1 |.(........:i.@..|
-000000a0 a6 96 33 0f b3 58 5a dc 41 ea d1 80 44 66 9f 2e |..3..XZ.A...Df..|
-000000b0 00 e4 9e 10 13 56 b4 1b c9 42 17 03 03 00 25 00 |.....V...B....%.|
-000000c0 00 00 00 00 00 00 01 88 f3 d9 5b ed 6b 3c 70 0c |..........[.k<p.|
-000000d0 df 36 9d 1c f6 f6 83 38 53 ad e2 06 47 3c e2 9f |.6.....8S...G<..|
-000000e0 42 87 d7 8a 15 03 03 00 1a 00 00 00 00 00 00 00 |B...............|
-000000f0 02 df 4a 92 13 c4 e6 ac 76 25 c6 72 27 be d6 09 |..J.....v%.r'...|
-00000100 eb 90 ed |...|
+00000030 6f ec 80 83 61 db f0 ce 92 57 a1 db 00 84 5e 78 |o...a....W....^x|
+00000040 0e f7 97 3e f5 f0 e8 73 d6 b0 a7 28 8f bb 24 b1 |...>...s...(..$.|
+00000050 a9 3f 60 a3 7a f2 c1 a6 12 0e 69 3b 72 89 dd 36 |.?`.z.....i;r..6|
+00000060 d8 ff 80 5d 71 33 94 32 01 77 ce 77 5e ac b8 05 |...]q3.2.w.w^...|
+00000070 69 68 e5 81 51 4d 52 f6 e9 c5 cd 70 56 23 3c aa |ih..QMR....pV#<.|
+00000080 2e c6 a2 d6 e3 5f 29 14 03 03 00 01 01 16 03 03 |....._).........|
+00000090 00 28 00 00 00 00 00 00 00 00 59 27 e3 e7 05 60 |.(........Y'...`|
+000000a0 03 68 93 6d 28 1d 8e 7f f1 c8 a6 eb b4 57 a5 22 |.h.m(........W."|
+000000b0 98 ce 7e 56 00 44 fe d5 5e 26 17 03 03 00 25 00 |..~V.D..^&....%.|
+000000c0 00 00 00 00 00 00 01 9d 87 53 e9 29 e4 d7 45 29 |.........S.)..E)|
+000000d0 ef 71 a6 7e b8 99 d4 4f 08 da 11 6b 9b d2 20 b9 |.q.~...O...k.. .|
+000000e0 c4 ae 7f 84 15 03 03 00 1a 00 00 00 00 00 00 00 |................|
+000000f0 02 06 17 a2 45 91 d0 b0 50 aa 8f a2 f1 8b 48 cf |....E...P.....H.|
+00000100 40 87 a4 |@..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-IssueTicket b/src/crypto/tls/testdata/Server-TLSv12-IssueTicket
index feced4b..925fad0 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-IssueTicket
+++ b/src/crypto/tls/testdata/Server-TLSv12-IssueTicket
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 61 01 00 00 5d 03 03 b1 be 1f 18 b6 |....a...].......|
-00000010 a2 5d 4f 2f a0 e5 3b c4 4a 2d 76 bd 98 92 32 85 |.]O/..;.J-v...2.|
-00000020 9d 6b 9e 10 4b fc 03 7b fb bc e4 00 00 04 00 2f |.k..K..{......./|
-00000030 00 ff 01 00 00 30 00 23 00 00 00 0d 00 20 00 1e |.....0.#..... ..|
-00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................|
-00000060 00 00 00 17 00 00 |......|
+00000000 16 03 01 00 9b 01 00 00 97 03 03 d7 1e 2f 33 47 |............./3G|
+00000010 7e 92 97 4b 62 40 60 32 de ee 2e bd 5c 57 3c f8 |~..Kb@`2....\W<.|
+00000020 6a 4a 78 23 4f ad db 3c 33 ea f2 00 00 04 00 2f |jJx#O..<3....../|
+00000030 00 ff 01 00 00 6a 00 00 00 0e 00 0c 00 00 09 31 |.....j.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 30 |.#.............0|
+00000070 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+00000080 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................|
+00000090 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.|
00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..|
00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.|
@@ -51,39 +54,39 @@
00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e 00 00 |.\!.;...........|
000002a0 00 |.|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 8f f0 5a 2f 01 |.............Z/.|
-00000010 99 79 e6 f2 a0 31 a4 02 d8 c0 1e 70 e8 67 58 bd |.y...1.....p.gX.|
-00000020 a0 2a 37 3a 3c 2d 45 53 e7 d2 7d 94 16 ea 10 5c |.*7:<-ES..}....\|
-00000030 07 91 36 87 ab f6 d1 7a c7 40 a7 7f 23 1b ef 33 |..6....z.@..#..3|
-00000040 80 ea 7d 75 d3 62 de 7d d2 6b cf 90 54 0f e7 02 |..}u.b.}.k..T...|
-00000050 03 85 ef 38 f4 e9 88 8f e4 7c 8c ac 95 e6 88 f4 |...8.....|......|
-00000060 05 f7 c7 89 4a 64 de 34 5f 09 c2 84 19 36 c1 42 |....Jd.4_....6.B|
-00000070 ea 03 69 38 7e 32 10 8a b5 cf c7 2f 8e c6 5f 29 |..i8~2...../.._)|
-00000080 4e 8a 8e d4 17 6c 9c 18 7b ea df 14 03 03 00 01 |N....l..{.......|
-00000090 01 16 03 03 00 40 5f 50 47 5a 97 52 9d 11 b5 db |.....@_PGZ.R....|
-000000a0 ab 7b b9 e3 74 52 c5 cd f4 73 18 cf 12 c4 fe 07 |.{..tR...s......|
-000000b0 88 5f a9 18 7a 12 23 67 ec 72 07 9f 19 b5 bf 52 |._..z.#g.r.....R|
-000000c0 2f dd 26 66 25 98 8c 5a 07 0f 26 c1 b0 38 6c 01 |/.&f%..Z..&..8l.|
-000000d0 e4 f4 ee dd b3 72 |.....r|
+00000000 16 03 03 00 86 10 00 00 82 00 80 d7 37 f9 ec 2b |............7..+|
+00000010 61 07 05 d0 90 28 33 64 14 8c 71 16 05 0f 72 31 |a....(3d..q...r1|
+00000020 83 ea 88 be b3 27 1a 4a 09 c5 28 66 ea 14 bb 17 |.....'.J..(f....|
+00000030 2e 12 56 d1 c5 7e cf 35 a8 77 4d 48 1a a1 b1 bd |..V..~.5.wMH....|
+00000040 63 a4 40 8c 04 20 00 5c d7 ac 22 34 ac 46 08 ea |c.@.. .\.."4.F..|
+00000050 53 e6 7e aa 6f 19 03 ec e8 17 3a f9 26 35 0e 3e |S.~.o.....:.&5.>|
+00000060 47 1a 3e 13 57 a9 e9 71 7a 09 78 82 a9 7a ea d5 |G.>.W..qz.x..z..|
+00000070 7d 14 15 b5 98 0b 92 9c e3 e3 82 6f 95 ba 00 b7 |}..........o....|
+00000080 6f b6 24 e1 be 14 39 63 6f 57 cb 14 03 03 00 01 |o.$...9coW......|
+00000090 01 16 03 03 00 40 3a 85 bc 9c 00 57 6c db cf e8 |.....@:....Wl...|
+000000a0 99 7a 7c ee 09 df 56 8a 3a ac dd 1f f9 bf 1f 6c |.z|...V.:......l|
+000000b0 dc 38 5b 2d 6a ad 36 26 b7 4f 23 7f 23 5f 69 fa |.8[-j.6&.O#.#_i.|
+000000c0 e5 ea f4 1e 26 6e e4 a6 80 c1 b6 29 e7 0b b8 03 |....&n.....)....|
+000000d0 8e 88 d3 29 a2 99 |...)..|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f 2c 9f 83 61 0b b1 b7 9e 10 2d 0c 56 e8 70 66 |o,..a.....-.V.pf|
-00000040 ad de b1 15 74 2f 8b 08 8c 96 bb 4b 1b 4e dd 81 |....t/.....K.N..|
-00000050 0e bf 84 4d 43 8f c0 7e a0 7f be c0 59 bf 83 26 |...MC..~....Y..&|
-00000060 0f a2 22 52 2c 33 94 5a 77 54 f3 b5 f2 22 51 d5 |.."R,3.ZwT..."Q.|
-00000070 24 c2 60 c3 2e 0f 9c 5e 33 3b e8 7c 52 2a 76 08 |$.`....^3;.|R*v.|
-00000080 58 ac 47 98 bc 36 b6 14 03 03 00 01 01 16 03 03 |X.G..6..........|
+00000030 6f 2c 9f 83 61 fe 79 79 ae dc c2 a0 99 e2 59 46 |o,..a.yy......YF|
+00000040 79 88 b8 ed 74 da ef da 3e 7e 69 af 34 63 b3 7f |y...t...>~i.4c..|
+00000050 52 e1 07 4d f8 40 69 63 85 8c 66 a6 d6 f7 b7 b0 |R..M.@ic..f.....|
+00000060 f2 d4 12 f4 2a 33 94 64 76 91 5b 6c 7d 49 37 3c |....*3.dv.[l}I7<|
+00000070 0b 76 3e d6 5c 0b 65 79 96 31 51 46 01 51 94 38 |.v>.\.ey.1QF.Q.8|
+00000080 5b 51 d5 2d 1a 8b 19 14 03 03 00 01 01 16 03 03 |[Q.-............|
00000090 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |.@..............|
-000000a0 00 00 31 fa c3 6c 95 c0 86 a5 55 30 41 c3 2d 6b |..1..l....U0A.-k|
-000000b0 a5 00 0b af 33 63 de 80 01 3d 7a 38 8e a7 f4 b1 |....3c...=z8....|
-000000c0 2d bb e3 1d 1a b4 61 18 b5 d9 d1 7f d1 9a e7 e8 |-.....a.........|
-000000d0 49 ee 17 03 03 00 40 00 00 00 00 00 00 00 00 00 |I.....@.........|
-000000e0 00 00 00 00 00 00 00 a6 d5 e4 a8 9b d3 7d 72 1c |.............}r.|
-000000f0 ff 14 03 68 34 c9 ca 0d 2e 80 a1 09 f7 92 f6 86 |...h4...........|
-00000100 44 22 e8 1c ea e9 dd cc a7 92 9a 72 ec 22 5b 82 |D".........r."[.|
-00000110 7b 43 02 f7 fa 59 7b 15 03 03 00 30 00 00 00 00 |{C...Y{....0....|
-00000120 00 00 00 00 00 00 00 00 00 00 00 00 5f ab 03 1d |............_...|
-00000130 08 72 07 6d 78 66 5b 18 ec 3a b7 ea 75 96 ce 95 |.r.mxf[..:..u...|
-00000140 0c c9 6f 86 91 14 30 d6 2e 5d b1 b4 |..o...0..]..|
+000000a0 00 00 99 ca bd 2f c3 31 77 54 b5 70 de 96 e5 30 |...../.1wT.p...0|
+000000b0 ad 2e 6b 03 af f0 42 38 b6 70 dd 81 35 65 b6 fe |..k...B8.p..5e..|
+000000c0 f6 d8 44 f3 c1 98 30 f4 21 16 06 57 b4 e8 c1 ec |..D...0.!..W....|
+000000d0 bc 12 17 03 03 00 40 00 00 00 00 00 00 00 00 00 |......@.........|
+000000e0 00 00 00 00 00 00 00 f8 26 b5 28 2d 4d 0a 05 da |........&.(-M...|
+000000f0 84 66 ae ac ee b1 fa 31 96 76 df bd 52 c6 d6 2c |.f.....1.v..R..,|
+00000100 c5 39 c9 f9 eb c4 97 8f d1 c2 a4 1f e9 28 3d 81 |.9...........(=.|
+00000110 64 7a 7d 41 f3 1d be 15 03 03 00 30 00 00 00 00 |dz}A.......0....|
+00000120 00 00 00 00 00 00 00 00 00 00 00 00 20 cc 54 9c |............ .T.|
+00000130 9e 4a cc fc 9b 0d 35 59 cd 9b 49 74 1a aa fd f6 |.J....5Y..It....|
+00000140 4d dd 0e 9e c8 4f 3a 8b a8 7a a6 d5 |M....O:..z..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable b/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
index 467e332..d1a3480 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
+++ b/src/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 61 01 00 00 5d 03 03 91 2f b7 db 1e |....a...].../...|
-00000010 41 ac c6 17 1d 0f 0c 8e 86 15 e0 de e9 c8 6b f5 |A.............k.|
-00000020 69 c7 bf ad ff 63 58 2b b1 79 a6 00 00 04 00 2f |i....cX+.y...../|
-00000030 00 ff 01 00 00 30 00 23 00 00 00 0d 00 20 00 1e |.....0.#..... ..|
-00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................|
-00000060 00 00 00 17 00 00 |......|
+00000000 16 03 01 00 9b 01 00 00 97 03 03 b9 ed cc cc b2 |................|
+00000010 93 69 38 bf d0 24 20 b1 24 99 8a 4d b2 81 5d 58 |.i8..$ .$..M..]X|
+00000020 b7 a0 b1 a3 ef fd 21 01 75 01 b3 00 00 04 00 2f |......!.u....../|
+00000030 00 ff 01 00 00 6a 00 00 00 0e 00 0c 00 00 09 31 |.....j.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 30 |.#.............0|
+00000070 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+00000080 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................|
+00000090 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.|
00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..|
00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.|
@@ -51,39 +54,39 @@
00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e 00 00 |.\!.;...........|
000002a0 00 |.|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 c5 0c 17 b1 b2 |................|
-00000010 65 0b b7 7b 45 6f cb 7d b4 9c 5c 82 3a 1a 75 11 |e..{Eo.}..\.:.u.|
-00000020 22 6f 41 3a 81 e2 81 2e 74 f8 70 61 fd e1 7c ce |"oA:....t.pa..|.|
-00000030 bf 06 d7 29 77 07 b3 9d cc 33 25 53 17 12 43 ae |...)w....3%S..C.|
-00000040 4f df ad a4 3e 49 6e 97 50 b6 23 d0 fa 3d a6 bc |O...>In.P.#..=..|
-00000050 38 d8 5f 2b 45 a7 d0 aa cd b1 39 03 8f 62 9e 46 |8._+E.....9..b.F|
-00000060 50 d4 83 1d b8 76 41 29 d4 40 9a 65 41 8d 1c f0 |P....vA).@.eA...|
-00000070 d4 4d 88 d2 5e 42 ec c8 86 d6 fd df 65 d8 f1 82 |.M..^B......e...|
-00000080 8f 6a 80 31 1a 0e fc 13 2b 90 a8 14 03 03 00 01 |.j.1....+.......|
-00000090 01 16 03 03 00 40 50 ad ed 91 c4 6a ed f8 aa 06 |.....@P....j....|
-000000a0 9e 13 03 38 bf 83 ef 4b 8e d5 89 d4 a3 f8 d9 8d |...8...K........|
-000000b0 bb 88 72 a6 16 f6 5d d5 ca 55 bb e4 76 47 08 35 |..r...]..U..vG.5|
-000000c0 b9 fb 92 a4 0a b9 36 d7 62 44 81 e8 cf db ad 9a |......6.bD......|
-000000d0 6d 72 c0 af 70 bd |mr..p.|
+00000000 16 03 03 00 86 10 00 00 82 00 80 35 f0 ea c2 96 |...........5....|
+00000010 09 7c b6 2c 8a 53 e4 52 0f 70 ba 1d 61 cf 8f 2d |.|.,.S.R.p..a..-|
+00000020 8a b8 c7 0f 3b 50 41 67 60 f1 e6 5c 72 4a 48 69 |....;PAg`..\rJHi|
+00000030 a5 43 c8 ab cb 3a 33 ab fd 56 f1 53 1f 18 85 c0 |.C...:3..V.S....|
+00000040 c0 3a 2d 97 65 e1 00 89 c0 9f 16 42 c7 ed 74 17 |.:-.e......B..t.|
+00000050 f4 35 e9 6f c5 9f e2 68 70 b1 7d fc 6e 5b a5 5d |.5.o...hp.}.n[.]|
+00000060 d0 16 28 c7 65 8a 7a 50 e4 48 d0 73 4a 94 59 cf |..(.e.zP.H.sJ.Y.|
+00000070 ad 3f 44 78 3d 6b 90 53 2e 28 a2 9b c5 85 ea 51 |.?Dx=k.S.(.....Q|
+00000080 58 2c 6d 40 c2 15 57 ad 76 6d 86 14 03 03 00 01 |X,m@..W.vm......|
+00000090 01 16 03 03 00 40 84 60 b6 51 55 96 d1 32 48 dd |.....@.`.QU..2H.|
+000000a0 d3 31 5e 18 3a fc 94 21 52 81 8f 48 5a a9 f3 71 |.1^.:..!R..HZ..q|
+000000b0 e1 0e d6 1c 20 68 a3 94 c3 4c 84 b3 08 85 96 5c |.... h...L.....\|
+000000c0 16 f3 1e 5d cc 6b 2b 42 3f f8 39 64 65 33 9b 18 |...].k+B?.9de3..|
+000000d0 ee 67 13 ab 57 52 |.g..WR|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f 2c 9f 83 61 2e fe 48 fe f6 bb 98 a0 6f b0 be |o,..a..H.....o..|
-00000040 9e 86 d7 b2 f2 67 c7 44 c7 3d e4 2b de d0 f4 d2 |.....g.D.=.+....|
-00000050 17 51 84 8e 7a a7 80 c4 65 14 f7 49 09 68 15 56 |.Q..z...e..I.h.V|
-00000060 68 32 41 d1 6f 33 94 a1 3a c9 37 20 5d e6 b0 6f |h2A.o3..:.7 ]..o|
-00000070 37 0a 10 e3 28 e1 34 b6 6d e6 7a 44 24 7f 2f cf |7...(.4.m.zD$./.|
-00000080 1b ae dd 4c d0 11 75 14 03 03 00 01 01 16 03 03 |...L..u.........|
+00000030 6f 2c 9f 83 61 70 4f 8e 34 f4 65 e4 64 ba af 8d |o,..apO.4.e.d...|
+00000040 55 d8 8a c4 90 a4 94 d1 84 44 51 72 f0 79 b3 2b |U........DQr.y.+|
+00000050 c3 49 48 58 e7 66 8c 3d 60 dd 65 ba 93 0a f1 45 |.IHX.f.=`.e....E|
+00000060 28 83 56 19 28 33 94 dd d4 29 db f0 80 d1 b2 0a |(.V.(3...)......|
+00000070 ef 69 03 b5 fa 19 82 a9 0e 42 b0 bb c2 b5 c7 b5 |.i.......B......|
+00000080 92 1f e6 3b 38 e3 85 14 03 03 00 01 01 16 03 03 |...;8...........|
00000090 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |.@..............|
-000000a0 00 00 7e 4a 31 e8 7d c6 eb 34 56 3b 62 0c 11 a2 |..~J1.}..4V;b...|
-000000b0 f0 bd 9b 9a 4c c9 39 2d ed 21 dd 0c 72 3a 92 e1 |....L.9-.!..r:..|
-000000c0 0f b3 7f 71 c5 cf 2a 6f 68 bc 8e 84 7e d5 10 2e |...q..*oh...~...|
-000000d0 c3 d4 17 03 03 00 40 00 00 00 00 00 00 00 00 00 |......@.........|
-000000e0 00 00 00 00 00 00 00 43 76 cc 74 b3 1c 89 c0 6b |.......Cv.t....k|
-000000f0 96 f7 2c 84 c1 0a 6e d6 7f b4 76 76 2c 2f 74 6a |..,...n...vv,/tj|
-00000100 c7 4e 18 69 1c 97 cd ca f2 7a 33 01 3e 6f bb 54 |.N.i.....z3.>o.T|
-00000110 49 4e 8e 1d f4 13 74 15 03 03 00 30 00 00 00 00 |IN....t....0....|
-00000120 00 00 00 00 00 00 00 00 00 00 00 00 2d 70 b1 13 |............-p..|
-00000130 a9 e3 72 ca 05 8e 8d b7 f4 97 de 58 46 aa 2a 9c |..r........XF.*.|
-00000140 2f 8c 3e 59 7b 64 e5 51 61 7f a6 39 |/.>Y{d.Qa..9|
+000000a0 00 00 a3 42 c4 79 0d 44 92 ab af f9 a0 f2 3f 10 |...B.y.D......?.|
+000000b0 f6 51 24 66 e4 e1 87 b1 5b 21 4e 0d 77 12 93 b8 |.Q$f....[!N.w...|
+000000c0 19 21 2e c5 0f 29 3c 5a 3b dd 8f 96 41 7b 31 9e |.!...)<Z;...A{1.|
+000000d0 d9 d3 17 03 03 00 40 00 00 00 00 00 00 00 00 00 |......@.........|
+000000e0 00 00 00 00 00 00 00 9f 33 45 e6 aa 63 e0 cd 15 |........3E..c...|
+000000f0 f4 d4 f7 16 a4 dd ba d8 f0 bb 4e 05 ee c5 31 99 |..........N...1.|
+00000100 23 e0 14 f2 6d a1 86 4d 86 40 33 cc db bd cb b2 |#...m..M.@3.....|
+00000110 11 6c 8a 67 c9 0b 57 15 03 03 00 30 00 00 00 00 |.l.g..W....0....|
+00000120 00 00 00 00 00 00 00 00 00 00 00 00 93 12 a5 b3 |................|
+00000130 57 9b df c1 76 3e 81 80 cd 4b 79 d0 a6 69 5c 50 |W...v>...Ky..i\P|
+00000140 24 dc 81 e0 28 97 53 e4 a1 36 ef bc |$...(.S..6..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-P256 b/src/crypto/tls/testdata/Server-TLSv12-P256
new file mode 100644
index 0000000..5295d60
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-P256
@@ -0,0 +1,85 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 8f 01 00 00 8b 03 03 e8 ef f7 4f 44 |..............OD|
+00000010 1a 63 08 10 fe aa 68 d5 75 18 f5 6c de 83 50 d2 |.c....h.u..l..P.|
+00000020 bb 86 6e 48 d0 cb 97 c4 56 46 9f 00 00 04 c0 2f |..nH....VF...../|
+00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 04 00 02 00 17 00 16 00 00 00 17 00 00 |................|
+00000060 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 |...0............|
+00000070 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+00000080 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 |................|
+00000090 05 02 06 02 |....|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 |...DOWNGRD.../..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 cd 0c 00 00 c9 03 00 17 |;...............|
+000002a0 41 04 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 |A...7...Q.5uq..T|
+000002b0 5b 12 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 |[....g..$ >.V...|
+000002c0 28 5e f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 |(^.+-O....lK[.V.|
+000002d0 32 42 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc |2B.X..I..h.A.Vk.|
+000002e0 5a 89 08 04 00 80 b8 fd 6d 56 36 b6 b3 8a 6c cb |Z.......mV6...l.|
+000002f0 6b 52 79 28 45 97 1e 97 1b 7f 96 2e e0 b0 23 af |kRy(E.........#.|
+00000300 cb 13 cf dc e6 11 2b 04 88 08 56 2d a4 3a b1 7e |......+...V-.:.~|
+00000310 79 b5 de 25 35 6b 82 98 d9 9e be 99 d4 37 bf 19 |y..%5k.......7..|
+00000320 bb 0e 25 86 b6 19 e8 58 de ab 63 ed 3c 09 d6 6b |..%....X..c.<..k|
+00000330 f5 da 16 e6 75 5d e7 7b e5 54 1b de 03 1d cd fb |....u].{.T......|
+00000340 3d 9f 24 cc ff 07 d2 cb f2 0b 4a 61 57 ec 84 dd |=.$.......JaW...|
+00000350 92 44 da 71 a2 31 ba 2e 68 19 2b ee 90 19 12 a5 |.D.q.1..h.+.....|
+00000360 59 53 28 9d 0a 87 16 03 03 00 04 0e 00 00 00 |YS(............|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 46 10 00 00 42 41 04 01 9c 4d 77 6b |....F...BA...Mwk|
+00000010 ce 2f a7 9e 8b ae ba 9d f2 6d c8 9e 0e 54 07 c9 |./.......m...T..|
+00000020 6d e3 58 67 c6 a8 9a a5 c2 f7 27 26 84 36 e1 6f |m.Xg......'&.6.o|
+00000030 e3 a1 89 50 7c e0 e6 88 06 b9 94 16 d8 23 cb 2e |...P|........#..|
+00000040 ff 62 67 1e 93 cb d6 1d f5 43 79 14 03 03 00 01 |.bg......Cy.....|
+00000050 01 16 03 03 00 28 83 36 85 d0 b7 23 5e 7d 0a 33 |.....(.6...#^}.3|
+00000060 41 0f bd 31 4d a0 32 6a c2 67 93 cc 8f 41 f5 bd |A..1M.2j.g...A..|
+00000070 b2 57 af 5c 90 d6 17 24 be 76 6b b4 13 ca |.W.\...$.vk...|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
+00000010 00 00 00 80 6a 93 5b 7d 70 3c bc 7c f8 d6 4e 51 |....j.[}p<.|..NQ|
+00000020 5e 34 52 13 06 c4 aa 8c ed b5 9f aa c6 db c0 0d |^4R.............|
+00000030 67 97 36 17 03 03 00 25 00 00 00 00 00 00 00 01 |g.6....%........|
+00000040 d6 24 e8 21 4b 2c fb 5e 79 2d ca 7b 6d 44 dd 2d |.$.!K,.^y-.{mD.-|
+00000050 aa 3a 33 ee ea 6f e3 b7 cd c5 c3 1d 4a 15 03 03 |.:3..o......J...|
+00000060 00 1a 00 00 00 00 00 00 00 02 4f 71 74 9e 63 ad |..........Oqt.c.|
+00000070 d7 61 b9 c7 47 d6 44 9f b3 3d 49 34 |.a..G.D..=I4|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-3DES b/src/crypto/tls/testdata/Server-TLSv12-RSA-3DES
index af50381..8d1cadf 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-3DES
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-3DES
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 5d 01 00 00 59 03 03 0c fb 72 82 e5 |....]...Y....r..|
-00000010 9a 04 90 c8 0d 73 25 9a 3f 88 e3 48 71 a2 33 3e |.....s%.?..Hq.3>|
-00000020 90 32 74 bc 12 38 d6 3a d3 11 1d 00 00 04 00 0a |.2t..8.:........|
-00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
-00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
-00000060 00 00 |..|
+00000000 16 03 01 00 97 01 00 00 93 03 03 48 e2 22 70 f7 |...........H."p.|
+00000010 9a 24 ce 92 69 d1 ff fc c0 c9 ba b2 da 8e 83 7a |.$..i..........z|
+00000020 6e 8d 24 60 e2 e2 81 76 e6 72 37 00 00 04 00 0a |n.$`...v.r7.....|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -50,27 +53,27 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 04 90 54 41 b9 |.............TA.|
-00000010 22 12 39 d9 1d 0b b8 6c d4 b3 8a ec 78 42 80 a5 |".9....l....xB..|
-00000020 03 c9 2a 9e 95 6f a0 28 3a 5c e9 59 28 ba 49 9b |..*..o.(:\.Y(.I.|
-00000030 37 63 61 3f c4 ac ba 55 6b 85 a5 27 ed 37 b9 25 |7ca?...Uk..'.7.%|
-00000040 04 cf 84 ad 43 6b ab 13 fa 72 29 b8 01 d9 aa 0c |....Ck...r).....|
-00000050 be b1 9a c4 5a 05 3d 2d 71 b4 72 f5 3a 77 fb 6b |....Z.=-q.r.:w.k|
-00000060 45 b0 5b 00 f8 1e f9 70 7f a4 64 c9 1e 35 56 0b |E.[....p..d..5V.|
-00000070 68 07 4c 04 95 f4 ca b1 0a b3 25 2b 93 2d be 80 |h.L.......%+.-..|
-00000080 76 15 75 07 23 ee 25 f3 1b a8 2f 14 03 03 00 01 |v.u.#.%.../.....|
-00000090 01 16 03 03 00 30 e5 cd 56 75 e6 a4 58 e5 33 cc |.....0..Vu..X.3.|
-000000a0 95 23 e0 7f 01 f2 45 21 bb 7d 7c 17 1f 59 7c f9 |.#....E!.}|..Y|.|
-000000b0 38 05 a3 95 4d 9b f2 3f 9d 84 2c 31 15 8b 4d d4 |8...M..?..,1..M.|
-000000c0 17 3c 62 2b f6 71 |.<b+.q|
+00000000 16 03 03 00 86 10 00 00 82 00 80 20 44 e6 19 b2 |........... D...|
+00000010 c5 9f 95 af 90 29 b2 5c e9 c5 29 8c a2 bd 72 49 |.....).\..)...rI|
+00000020 8d c8 ea e8 cc bd 65 d9 1c fe 95 f0 60 0e ee 13 |......e.....`...|
+00000030 ea 7b bf 59 3c 08 21 07 73 b7 04 16 a7 a5 98 2e |.{.Y<.!.s.......|
+00000040 ab ee db c3 83 ea c8 b2 07 3e 76 a0 8f d4 8f df |.........>v.....|
+00000050 70 91 b7 ed 12 54 e2 e7 68 cb ed 26 be 84 a9 24 |p....T..h..&...$|
+00000060 fb 89 48 49 4e 9b 14 98 82 ab 64 0c a5 a0 ec 1d |..HIN.....d.....|
+00000070 96 b7 83 c3 14 cb de a5 97 d1 86 28 b6 d4 65 5d |...........(..e]|
+00000080 0b 45 04 37 02 53 8c 96 5d f8 d3 14 03 03 00 01 |.E.7.S..].......|
+00000090 01 16 03 03 00 30 04 43 06 c4 96 f5 f6 23 5d 46 |.....0.C.....#]F|
+000000a0 ec 3d f4 18 44 3f f8 d2 e9 74 37 22 56 df f2 35 |.=..D?...t7"V..5|
+000000b0 3d a0 8d 8a 80 be 4e 40 66 28 4c 37 aa f7 43 cf |=.....N@f(L7..C.|
+000000c0 9e 29 83 7b 39 28 |.).{9(|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 30 00 00 00 00 00 |..........0.....|
-00000010 00 00 00 b3 85 c2 1b ac 9e c2 01 f7 0f 76 6d 09 |.............vm.|
-00000020 5c 4f 9f a6 89 1b 56 e3 05 0b 7e 0d 9d 6b 36 35 |\O....V...~..k65|
-00000030 49 99 aa 4c 14 3b 69 2a 87 71 7d 17 03 03 00 30 |I..L.;i*.q}....0|
-00000040 00 00 00 00 00 00 00 00 15 65 d4 be e5 1b c9 29 |.........e.....)|
-00000050 e9 3a c4 22 72 f8 0c 40 c7 f5 45 a1 a3 c8 a8 64 |.:."r..@..E....d|
-00000060 22 4c 6c 79 3f 32 66 d4 05 09 a8 d4 d8 a8 f3 c7 |"Lly?2f.........|
-00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 fc 8d c6 |.... ...........|
-00000080 3d b1 c4 9f 30 26 e3 b9 46 8f ce 9f 7e 5b 1e a3 |=...0&..F...~[..|
-00000090 d0 98 64 3c 0d |..d<.|
+00000010 00 00 00 27 75 8a 8d 43 68 0e af 19 6d d2 63 1c |...'u..Ch...m.c.|
+00000020 44 51 0b 86 4c fc 16 1c 77 f8 96 1e 72 3d b9 45 |DQ..L...w...r=.E|
+00000030 40 cc 70 bc 72 a3 d3 ff f6 e5 3f 17 03 03 00 30 |@.p.r.....?....0|
+00000040 00 00 00 00 00 00 00 00 f4 cf bc 55 e6 d7 4f d2 |...........U..O.|
+00000050 8f ae 52 8d 16 d0 44 9a c9 39 5b a7 69 bb 04 96 |..R...D..9[.i...|
+00000060 c9 d9 0c 92 a0 da b4 52 c5 dd 20 cb 4b 8c ad 51 |.......R.. .K..Q|
+00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 43 52 b5 |.... ........CR.|
+00000080 d2 98 37 93 69 73 49 27 08 75 76 54 e7 39 b3 4c |..7.isI'.uvT.9.L|
+00000090 da 48 84 00 20 |.H.. |
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
index 813f748..e4d773d 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 5d 01 00 00 59 03 03 7a e5 86 e2 0a |....]...Y..z....|
-00000010 53 e7 ba 32 d1 57 47 ed 45 29 1b 33 2c 58 33 8f |S..2.WG.E).3,X3.|
-00000020 36 2c 50 6f f9 c7 3b 12 40 23 e2 00 00 04 00 2f |6,Po..;.@#...../|
-00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
-00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
-00000060 00 00 |..|
+00000000 16 03 01 00 97 01 00 00 93 03 03 41 7b 60 d8 f5 |...........A{`..|
+00000010 1c 4a 95 f9 03 de 94 0c b6 34 94 3c 6e 82 f2 de |.J.......4.<n...|
+00000020 2c 28 00 98 02 56 5e 8d 53 60 da 00 00 04 00 2f |,(...V^.S`...../|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -50,31 +53,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 8f 13 d1 23 1b |..............#.|
-00000010 8d 28 c7 a3 97 66 9f 8a c1 13 a1 c9 3b 25 93 7a |.(...f......;%.z|
-00000020 ea 54 58 fc 57 41 ca 92 77 99 13 01 61 e4 73 90 |.TX.WA..w...a.s.|
-00000030 c7 f1 2b 5e 5e 79 cf 69 7d 6b 3f 6e 5f 2e b0 f5 |..+^^y.i}k?n_...|
-00000040 f7 53 2b 46 15 92 6c 20 95 6b 44 6a 0a 3d 0b 56 |.S+F..l .kDj.=.V|
-00000050 66 53 ff 55 ec 38 10 cf 76 2c 0e ab 45 7a 02 6a |fS.U.8..v,..Ez.j|
-00000060 75 07 11 80 6c d0 57 79 ed d6 4b b8 a0 04 91 a0 |u...l.Wy..K.....|
-00000070 d4 4b 76 38 9c b3 a6 2e 0c 3e 63 a8 18 15 c9 ab |.Kv8.....>c.....|
-00000080 54 69 cd e5 6f 3c 56 a6 5f a7 e0 14 03 03 00 01 |Ti..o<V._.......|
-00000090 01 16 03 03 00 40 06 07 16 b4 7f fa 1a 8f 9b 1a |.....@..........|
-000000a0 a3 23 ba 5f ce ff 0a 70 b1 11 2b 84 77 7a 78 1a |.#._...p..+.wzx.|
-000000b0 6c 32 93 6c 31 e8 e5 26 12 97 14 33 a9 77 71 19 |l2.l1..&...3.wq.|
-000000c0 0b 20 5d 8f 3c 71 0d a4 b9 94 aa ff 42 8e d3 2d |. ].<q......B..-|
-000000d0 7e 57 3b 35 41 cc |~W;5A.|
+00000000 16 03 03 00 86 10 00 00 82 00 80 15 eb 41 72 e4 |.............Ar.|
+00000010 cf 0f 8b bb 9a ea aa 2a f1 dc 2e c9 db d8 cf bd |.......*........|
+00000020 5e fb 86 30 98 b4 22 62 a5 32 d0 e6 3d 38 49 1a |^..0.."b.2..=8I.|
+00000030 70 6f fa d3 81 c0 8d 00 c6 cd 80 b6 ed 26 8b 98 |po...........&..|
+00000040 3a 26 8b 8e 88 ba 61 a6 8e 19 5a 0e 51 bb 4e 9e |:&....a...Z.Q.N.|
+00000050 a9 21 09 77 cf 42 eb 26 90 3a 08 bb c5 89 88 2c |.!.w.B.&.:.....,|
+00000060 19 db b3 1c 7a d0 60 76 be 9a d5 0c ec df dd 11 |....z.`v........|
+00000070 9e a0 85 a5 36 3d 07 f7 36 47 52 92 cd 84 7b 2e |....6=..6GR...{.|
+00000080 13 18 47 58 8a 00 4b 39 59 bb da 14 03 03 00 01 |..GX..K9Y.......|
+00000090 01 16 03 03 00 40 16 0e 0a 79 db 54 11 36 73 af |.....@...y.T.6s.|
+000000a0 eb cb 9d e8 b4 42 1a f8 94 f0 fb d1 60 f8 9f 9d |.....B......`...|
+000000b0 ba 87 f6 27 ef 54 e4 f9 f7 1f a7 61 f5 82 1a 40 |...'.T.....a...@|
+000000c0 96 81 f6 14 db 89 ec 8b 0c 37 ba 11 55 94 d3 df |.........7..U...|
+000000d0 df 8d 61 ec a7 43 |..a..C|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 51 27 cd 07 6e |...........Q'..n|
-00000020 72 c8 17 ba e7 62 7c d0 49 55 e7 e6 c5 2c 93 39 |r....b|.IU...,.9|
-00000030 55 02 f5 fa 9a 7a 6f c5 79 6f ff 0f 4b b9 3d ad |U....zo.yo..K.=.|
-00000040 23 c7 53 ad 13 2d d6 da 83 d0 67 17 03 03 00 40 |#.S..-....g....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 ef 1a ed 92 e1 |................|
+00000020 e1 81 1e a8 e1 ff 2b 2b 64 89 17 55 2d ce eb be |......++d..U-...|
+00000030 17 a6 b8 a7 55 8a c4 3b 8a 5a c7 56 7c b5 90 c9 |....U..;.Z.V|...|
+00000040 19 bc 13 07 50 91 42 2a 46 13 d1 17 03 03 00 40 |....P.B*F......@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 f5 09 3b 69 c2 1f f8 03 78 1b 13 57 ca 92 96 eb |..;i....x..W....|
-00000070 f8 71 30 09 5a 68 01 47 96 b1 5b 7d b7 57 5e 70 |.q0.Zh.G..[}.W^p|
-00000080 00 77 bb 55 32 7b d9 a5 f7 e2 a8 6d 4b d6 be c6 |.w.U2{.....mK...|
+00000060 9e fe 95 fa 67 a5 af 14 f0 80 fd 65 65 ac 0a 91 |....g......ee...|
+00000070 4a 1d 4a c3 de 3f 35 a7 de 10 94 55 b0 8f be e6 |J.J..?5....U....|
+00000080 76 a2 74 4c 89 47 b9 10 8f 78 a9 01 6b ac bb d9 |v.tL.G...x..k...|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 58 1e a0 14 82 8d e4 c5 92 35 79 |.....X........5y|
-000000b0 3b 5e 3a fe 97 18 db 27 19 7e b5 14 8c 01 fb 6a |;^:....'.~.....j|
-000000c0 e4 26 96 e6 de |.&...|
+000000a0 00 00 00 00 00 36 ce 1a 97 3e e3 0e 62 74 70 10 |.....6...>..btp.|
+000000b0 ec a5 30 16 1f 2d e0 5b c9 38 4d fb 61 2e 45 35 |..0..-.[.8M.a.E5|
+000000c0 4b 69 da 43 39 |Ki.C9|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
index 4c1cbc9..01f9612 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
@@ -1,16 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 73 01 00 00 6f 03 03 38 2b d9 54 15 |....s...o..8+.T.|
-00000010 60 c3 a7 88 e6 c3 73 8f b0 76 4f d0 10 72 2c d6 |`.....s..vO..r,.|
-00000020 55 fc c2 f0 ab 0f 62 43 f1 86 f8 00 00 04 c0 2f |U.....bC......./|
-00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........|
-00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... |
-00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................|
-00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................|
-00000070 00 16 00 00 00 17 00 00 |........|
+00000000 16 03 01 00 97 01 00 00 93 03 03 d3 6a 87 ad b2 |............j...|
+00000010 a0 59 86 0e 34 86 c1 b3 c9 64 17 92 aa 87 04 05 |.Y..4....d......|
+00000020 32 d4 2e aa a1 48 94 87 82 a7 ab 00 00 04 c0 2f |2....H........./|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -52,28 +54,28 @@
00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
-000002c0 74 06 01 00 80 65 4e 5d 69 d6 97 39 e8 dc 13 58 |t....eN]i..9...X|
-000002d0 c1 2a cf 72 12 42 34 8c 4a c1 b5 94 44 0c f2 97 |.*.r.B4.J...D...|
-000002e0 46 ba 59 20 1c f2 9d 23 d7 2e 9f 7c 52 ac 08 fe |F.Y ...#...|R...|
-000002f0 02 23 e3 ee ec 21 1f bd 08 8a 50 48 aa 21 b7 ed |.#...!....PH.!..|
-00000300 be 30 be ac ff 8f e8 71 c9 bc d8 b8 56 63 8a fc |.0.....q....Vc..|
-00000310 52 0e 3d e1 4e ce cc 53 d4 f8 36 70 1f 4e 16 61 |R.=.N..S..6p.N.a|
-00000320 14 4d dd fe 17 08 f5 09 53 9b c6 24 7d de af dc |.M......S..$}...|
-00000330 1b 84 23 c2 72 9c 25 73 1a 4f 42 27 b5 95 b1 06 |..#.r.%s.OB'....|
-00000340 dd 36 de 0c 76 16 03 03 00 04 0e 00 00 00 |.6..v.........|
+000002c0 74 08 04 00 80 65 2f 82 18 27 04 84 db 3d c6 5e |t....e/..'...=.^|
+000002d0 6b 33 f9 87 59 e1 06 0c ce a7 3a f9 bd e7 54 47 |k3..Y.....:...TG|
+000002e0 03 58 f7 0b a3 16 6a 47 4b 61 b6 d9 0d 04 c8 95 |.X....jGKa......|
+000002f0 f5 d5 e5 0f 1b d2 26 3b c5 67 c0 87 dd a5 da a8 |......&;.g......|
+00000300 e1 7e 52 a1 6a 0d 10 e8 dd 2e 09 39 21 3e a2 0f |.~R.j......9!>..|
+00000310 a2 00 e4 a1 a6 df a8 3f 5d 1b d7 22 f8 b8 b5 32 |.......?].."...2|
+00000320 31 3a 36 16 9e 6c ab f1 d5 25 ae 3c 4a 11 c8 ae |1:6..l...%.<J...|
+00000330 de e1 e6 b5 84 0b 3e 9d 63 75 6f b6 ba e9 fa 0a |......>.cuo.....|
+00000340 11 40 c9 7f ca 16 03 03 00 04 0e 00 00 00 |.@............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 95 a4 0d a1 cd 3a |....%...! .....:|
-00000010 5e 81 bb e3 77 39 f0 6b 37 fe 35 e2 dc 29 6c b0 |^...w9.k7.5..)l.|
-00000020 2b e9 b9 84 1d 65 b1 63 d7 0e 14 03 03 00 01 01 |+....e.c........|
-00000030 16 03 03 00 28 13 84 cb 17 e5 aa c8 09 43 ed 1a |....(........C..|
-00000040 08 92 55 3c e1 b8 5a c0 05 00 30 ae 63 6f 4c 78 |..U<..Z...0.coLx|
-00000050 22 42 66 18 91 85 9c 2b c6 88 76 7d bd |"Bf....+..v}.|
+00000000 16 03 03 00 25 10 00 00 21 20 d1 f3 61 78 d1 34 |....%...! ..ax.4|
+00000010 36 b4 9f 5e e5 24 1e 48 02 be f0 13 c2 3d b0 ce |6..^.$.H.....=..|
+00000020 fb 96 39 6b 96 76 aa 87 18 41 14 03 03 00 01 01 |..9k.v...A......|
+00000030 16 03 03 00 28 27 e1 50 92 20 e1 2c 98 b6 15 8f |....('.P. .,....|
+00000040 dd bd 26 98 04 12 5d cb 29 66 ab 2d 37 f3 8e eb |..&...].)f.-7...|
+00000050 3e 14 3b cf 4d 99 c4 2e ea 7c 04 a5 45 |>.;.M....|..E|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 fb 80 e0 2e 22 3e 45 98 c2 64 a1 0d 0a |.......">E..d...|
-00000020 0c 55 40 6e 1b a9 de 29 e3 c8 1a b3 36 ba 5d 88 |.U@n...)....6.].|
-00000030 c0 c9 d6 17 03 03 00 25 00 00 00 00 00 00 00 01 |.......%........|
-00000040 ef 6a 01 41 ec 78 94 2d d5 c3 48 b8 5e 57 93 34 |.j.A.x.-..H.^W.4|
-00000050 82 03 33 ae 03 22 69 9b 32 8f 71 73 6c 15 03 03 |..3.."i.2.qsl...|
-00000060 00 1a 00 00 00 00 00 00 00 02 31 37 35 60 f8 01 |..........175`..|
-00000070 5d 1f ab be 0d 79 ac c8 34 f0 14 f9 |]....y..4...|
+00000010 00 00 00 88 39 9d c1 8d 8c bb c4 79 ba a5 2a bd |....9......y..*.|
+00000020 34 62 bf 66 85 b5 cd 2e f7 1e 6e b4 96 1c f6 b3 |4b.f......n.....|
+00000030 13 ba c9 17 03 03 00 25 00 00 00 00 00 00 00 01 |.......%........|
+00000040 c3 ca b5 57 11 26 ec 18 be 00 6c 8b 79 a5 ed f7 |...W.&....l.y...|
+00000050 7d ae 42 ff a2 8b fb 68 d0 08 0f 2e d1 15 03 03 |}.B....h........|
+00000060 00 1a 00 00 00 00 00 00 00 02 58 ad 11 d2 74 5c |..........X...t\|
+00000070 17 f2 60 e5 d9 fa 0e 47 5a 48 31 f7 |..`....GZH1.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
index f80f166..83a37e0 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
@@ -1,16 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 73 01 00 00 6f 03 03 7c 43 b4 7c 36 |....s...o..|C.|6|
-00000010 56 e5 d4 47 83 a7 ae 17 cb 5e 7d 5f b7 ef 41 dd |V..G.....^}_..A.|
-00000020 63 d3 e6 a0 62 f7 af 91 25 75 15 00 00 04 c0 30 |c...b...%u.....0|
-00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........|
-00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... |
-00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................|
-00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................|
-00000070 00 16 00 00 00 17 00 00 |........|
+00000000 16 03 01 00 97 01 00 00 93 03 03 39 40 da f7 9f |...........9@...|
+00000010 e9 66 91 25 2a d0 74 e1 71 4b 74 ff 47 41 5e f4 |.f.%*.t.qKt.GA^.|
+00000020 d2 71 d0 3e 96 8e 8e 31 ee 81 8b 00 00 04 c0 30 |.q.>...1.......0|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -52,28 +54,28 @@
00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
-000002c0 74 06 01 00 80 8b b6 3e 52 d2 87 bf 9f 82 6d 0e |t......>R.....m.|
-000002d0 8f de 69 34 58 71 9e 36 46 35 7e 73 ad f0 ee 30 |..i4Xq.6F5~s...0|
-000002e0 0c 95 dc cc 28 ce 9b ee e6 44 3d ab ab 60 13 7c |....(....D=..`.||
-000002f0 3d 37 2d d0 36 95 04 74 df 5a a5 ef 9b 68 7c 58 |=7-.6..t.Z...h|X|
-00000300 b4 22 e9 5d 15 aa 18 cc fc 8d 35 f4 ad aa dc 0d |.".]......5.....|
-00000310 86 b6 e5 ac e3 8f ea c7 63 c6 a5 1e 2a 7e e2 9b |........c...*~..|
-00000320 05 33 81 04 d4 87 ad 15 2d 7f 91 fd ca 85 a8 cb |.3......-.......|
-00000330 66 56 e3 7a 4a 90 8c dc 7d 8f d0 af 6e 5e 88 7b |fV.zJ...}...n^.{|
-00000340 34 2e 2f a0 2e 16 03 03 00 04 0e 00 00 00 |4./...........|
+000002c0 74 08 04 00 80 67 b9 f4 b4 4e 00 7c 40 80 f1 77 |t....g...N.|@..w|
+000002d0 2e 09 f6 04 17 bb ab f6 e1 13 03 b3 b6 71 22 0b |.............q".|
+000002e0 38 49 98 65 54 db 3b e0 71 17 2a f3 d4 2a 0d 7e |8I.eT.;.q.*..*.~|
+000002f0 af 56 37 ea a9 1e df 45 24 fd 90 ad 5e 3c aa 2e |.V7....E$...^<..|
+00000300 98 74 b5 dc b5 22 0e 77 70 66 2f 6e d7 49 f6 a1 |.t...".wpf/n.I..|
+00000310 93 c9 0a ce 45 2b 55 bb 02 a3 b1 1d 5f 45 08 cd |....E+U....._E..|
+00000320 4d 34 9e ef 27 f2 f0 af a8 bd 14 60 45 df b4 54 |M4..'......`E..T|
+00000330 2c 6f c8 c8 dc f1 07 9a e8 f3 f3 40 1d 29 39 9e |,o.........@.)9.|
+00000340 a0 28 3a 19 de 16 03 03 00 04 0e 00 00 00 |.(:...........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 a5 ce 37 03 eb 08 |....%...! ..7...|
-00000010 67 8e 6b f8 37 b6 f8 cd c6 62 59 c1 8f 46 22 0d |g.k.7....bY..F".|
-00000020 d8 e1 85 2e 26 dc 40 d3 f0 60 14 03 03 00 01 01 |....&.@..`......|
-00000030 16 03 03 00 28 7d cf e0 cb 63 b3 22 fb b2 94 82 |....(}...c."....|
-00000040 a7 1e 8d 71 15 a8 ba 14 b6 4b 67 37 f9 78 c4 33 |...q.....Kg7.x.3|
-00000050 1b 7d 6c 8b 56 8f 85 d1 3e d3 9c 9f 95 |.}l.V...>....|
+00000000 16 03 03 00 25 10 00 00 21 20 73 eb 70 45 10 e4 |....%...! s.pE..|
+00000010 a7 a6 35 b2 51 59 1e 6d 65 9a 0e d4 5a c2 39 13 |..5.QY.me...Z.9.|
+00000020 81 83 41 f8 60 0c 6b 0e 7f 4c 14 03 03 00 01 01 |..A.`.k..L......|
+00000030 16 03 03 00 28 44 ed a7 2b dc 7a 00 b5 26 bd 56 |....(D..+.z..&.V|
+00000040 0d b7 47 f3 2c d8 b7 c5 f6 21 3a e6 1f b8 fd 3a |..G.,....!:....:|
+00000050 f8 44 65 0d 6e fd b8 32 cf dd f5 25 ce |.De.n..2...%.|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 3e cd 20 97 7b b3 2c 24 f2 cc ac 70 a4 |...>. .{.,$...p.|
-00000020 4f f5 db 05 51 52 a8 ff 6e 01 98 c3 ec c7 2c 97 |O...QR..n.....,.|
-00000030 6f f9 2c 17 03 03 00 25 00 00 00 00 00 00 00 01 |o.,....%........|
-00000040 67 b8 c3 d5 7e 02 18 6f b8 db 10 5c 28 29 3d f6 |g...~..o...\()=.|
-00000050 d0 69 a1 4f e8 a4 ce 22 81 65 10 7e d1 15 03 03 |.i.O...".e.~....|
-00000060 00 1a 00 00 00 00 00 00 00 02 b0 df 28 f8 b8 f2 |............(...|
-00000070 32 43 c3 d0 01 55 8f 47 c1 52 8d e3 |2C...U.G.R..|
+00000010 00 00 00 cb e9 44 b4 25 7e a5 9d ed 8e 8b 5c 4c |.....D.%~.....\L|
+00000020 b9 c4 85 5b 9b 03 02 34 2c 61 40 fe 4a 84 9d 42 |...[...4,a@.J..B|
+00000030 67 67 53 17 03 03 00 25 00 00 00 00 00 00 00 01 |ggS....%........|
+00000040 ec a1 21 b6 85 61 d1 35 71 50 c1 6d 4d 32 81 3f |..!..a.5qP.mM2.?|
+00000050 24 38 1d 8a 45 f7 9e 14 3b be e9 ec 37 15 03 03 |$8..E...;...7...|
+00000060 00 1a 00 00 00 00 00 00 00 02 f7 76 a1 1b bb 55 |...........v...U|
+00000070 aa 1d 10 c2 07 61 b3 0d 54 2d 6b e4 |.....a..T-k.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled b/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled
new file mode 100644
index 0000000..302e64e
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled
@@ -0,0 +1,84 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 cb 01 00 00 c7 03 03 ed 3d 3e 10 95 |............=>..|
+00000010 8b 6f 6c be 5c b7 77 c0 79 91 f8 b3 6f 52 27 18 |.ol.\.w.y...oR'.|
+00000020 0a b7 88 52 df 3c 6c 87 b4 5a 4c 00 00 38 c0 2c |...R.<l..ZL..8.,|
+00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
+00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
+00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
+00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......|
+00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0|
+000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................|
+000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
+000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
+000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
+000002c0 74 04 01 00 80 a5 a9 75 be 51 ff dc b3 bb 77 79 |t......u.Q....wy|
+000002d0 ef 5b 9f d9 27 6c 76 ea ce 5c 66 20 03 2e 94 fd |.[..'lv..\f ....|
+000002e0 28 94 69 ff 06 ab bd 34 43 51 72 fb 15 42 e6 38 |(.i....4CQr..B.8|
+000002f0 c5 7a 5d 7f 35 a7 3c 85 ec df 95 23 0f 28 c7 dc |.z].5.<....#.(..|
+00000300 0e a6 ec fe 5e 77 3f 95 1d a7 73 1d d8 7b 68 92 |....^w?...s..{h.|
+00000310 5b a5 b8 ba f5 7c a5 60 2e 43 d6 60 64 3e 33 c7 |[....|.`.C.`d>3.|
+00000320 8b c2 56 68 e3 28 2b 2e 8b 9a 85 29 77 73 24 3e |..Vh.(+....)ws$>|
+00000330 2b 95 b8 40 a7 f1 60 b5 9e 85 3e 1d ae ab 7f 85 |+..@..`...>.....|
+00000340 63 63 d1 cf 62 16 03 03 00 04 0e 00 00 00 |cc..b.........|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 25 10 00 00 21 20 43 dd 3e 28 34 9f |....%...! C.>(4.|
+00000010 a9 0c 8e 14 66 01 a1 dd 15 8e 71 b4 05 83 d9 a3 |....f.....q.....|
+00000020 5f 5c a3 31 ad 5c d5 5a ad 56 14 03 03 00 01 01 |_\.1.\.Z.V......|
+00000030 16 03 03 00 28 f3 ad d2 ec 9e 1e 85 2d 96 5f bc |....(.......-._.|
+00000040 70 cc 0a c2 22 ef 0a fe fb b0 77 f1 59 59 08 a6 |p...".....w.YY..|
+00000050 57 39 16 00 82 0b 60 1e 9a 74 75 3a 8a |W9....`..tu:.|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
+00000010 00 00 00 cf 63 14 29 73 c7 7b 6c 98 50 db 5f 8e |....c.)s.{l.P._.|
+00000020 f4 de 68 bc c0 60 2c db 9e 1f d9 48 55 51 05 47 |..h..`,....HUQ.G|
+00000030 7e 43 37 17 03 03 00 25 00 00 00 00 00 00 00 01 |~C7....%........|
+00000040 67 0a e7 77 dd 1a 30 87 27 90 b0 42 31 42 09 53 |g..w..0.'..B1B.S|
+00000050 03 bf 0c 10 3a c3 a7 95 e9 6e 63 57 ad 15 03 03 |....:....ncW....|
+00000060 00 1a 00 00 00 00 00 00 00 02 d5 1a ac 66 50 93 |.............fP.|
+00000070 46 0a da 98 1f cc 30 40 c1 47 c7 88 |F.....0@.G..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required b/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required
new file mode 100644
index 0000000..9e9570f
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required
@@ -0,0 +1,54 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 91 01 00 00 8d 03 03 5a 8a 66 22 31 |...........Z.f"1|
+00000010 69 92 30 d5 7b 7c 17 a7 7c 14 d6 3c a9 9e ba dd |i.0.{|..|..<....|
+00000020 7c 73 fe b4 b4 dd d8 28 39 32 0d 00 00 2a c0 30 ||s.....(92...*.0|
+00000030 00 9f cc a8 cc aa c0 2f 00 9e c0 28 00 6b c0 27 |......./...(.k.'|
+00000040 00 67 c0 14 00 39 c0 13 00 33 00 9d 00 9c 00 3d |.g...9...3.....=|
+00000050 00 3c 00 35 00 2f 00 ff 01 00 00 3a 00 00 00 0e |.<.5./.....:....|
+00000060 00 0c 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b |.....127.0.0.1..|
+00000070 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 |................|
+00000080 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d |................|
+00000090 00 04 00 02 08 04 |......|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 15 03 03 00 02 02 28 |;.........(|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-RC4 b/src/crypto/tls/testdata/Server-TLSv12-RSA-RC4
index e49d1bc..da549aa 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-RC4
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-RC4
@@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 5d 01 00 00 59 03 03 55 3e 1a 3f cc |....]...Y..U>.?.|
-00000010 14 18 07 db 5e 97 15 33 62 9d de 56 7b ea 52 bf |....^..3b..V{.R.|
-00000020 a3 ce c2 75 3f 52 0a 2f 3e 99 07 00 00 04 00 05 |...u?R./>.......|
-00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
-00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
-00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
-00000060 00 00 |..|
+00000000 16 03 01 00 97 01 00 00 93 03 03 c7 7f 29 46 41 |.............)FA|
+00000010 08 97 7c 3f 77 e0 11 8f 14 30 23 3e fa fc ca f3 |..|?w....0#>....|
+00000020 45 10 83 10 1f 8f 25 b6 9d c1 4d 00 00 04 00 05 |E.....%...M.....|
+00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
+00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
+00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 05 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -50,23 +53,23 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 a7 55 0a e7 33 |............U..3|
-00000010 8e be 5a 3a b4 f4 06 6e fc 0e 42 6e f3 0c 01 5a |..Z:...n..Bn...Z|
-00000020 65 73 36 bd cd be 0f 65 2f d2 88 1a f0 5e f8 07 |es6....e/....^..|
-00000030 c1 fe 5f 5f d6 f5 fa 79 24 44 0d 33 4f e6 74 88 |..__...y$D.3O.t.|
-00000040 86 f1 76 84 29 b4 f2 ae eb 9b 00 a2 6a e4 97 58 |..v.).......j..X|
-00000050 8b 2e 04 8f 8f 5e fe b4 9d 38 1d 8d 40 a4 9b a2 |.....^...8..@...|
-00000060 17 50 8a e5 39 c9 e9 41 3e 0d 9c 42 2c 7a 88 bf |.P..9..A>..B,z..|
-00000070 f7 09 4e 27 0b fe cc 53 13 07 d5 7e 0e e6 02 3c |..N'...S...~...<|
-00000080 8a 3f f9 03 df b6 65 a0 77 ee 50 14 03 03 00 01 |.?....e.w.P.....|
-00000090 01 16 03 03 00 24 5f 41 3e 38 05 08 74 62 5b 4e |.....$_A>8..tb[N|
-000000a0 94 55 98 74 5c 65 1a 4c 49 08 1d 77 d7 f0 12 47 |.U.t\e.LI..w...G|
-000000b0 d2 ef a6 31 5c 36 03 b5 b5 9d |...1\6....|
+00000000 16 03 03 00 86 10 00 00 82 00 80 d1 b0 57 28 da |.............W(.|
+00000010 7a f8 46 7c c2 24 0d e0 04 48 33 d4 bc d7 f0 d0 |z.F|.$...H3.....|
+00000020 85 fb ff 22 27 20 91 42 19 55 7b ef d8 fd 72 42 |..."' .B.U{...rB|
+00000030 75 e6 71 e4 9f 67 30 72 68 b6 0e 00 34 d3 2f b8 |u.q..g0rh...4./.|
+00000040 23 1b 00 43 17 68 fd 0f 90 ee 97 16 23 36 90 02 |#..C.h......#6..|
+00000050 5c 71 10 03 80 ea 74 ef a4 5a ac e4 9f 48 f0 76 |\q....t..Z...H.v|
+00000060 62 43 17 05 7c 8f 59 1d 16 b1 97 48 99 8d 66 5e |bC..|.Y....H..f^|
+00000070 83 20 b3 02 e4 ac 73 52 b2 24 21 06 5a 49 89 df |. ....sR.$!.ZI..|
+00000080 4b ad 4e f4 a9 7b 0c 3a b1 39 5d 14 03 03 00 01 |K.N..{.:.9].....|
+00000090 01 16 03 03 00 24 8b de 7e 10 53 71 e0 0b 68 f6 |.....$..~.Sq..h.|
+000000a0 36 67 66 c2 b9 0a c0 3e 39 0d ab 2e eb 5e eb 06 |6gf....>9....^..|
+000000b0 a6 45 2b d7 48 8f c0 5e f3 a0 |.E+.H..^..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 24 6f 68 a2 c0 4d |..........$oh..M|
-00000010 f4 cb c0 e5 8b 19 f9 2e 46 c3 3b 92 eb a9 42 8b |........F.;...B.|
-00000020 03 4a e2 62 9d f1 c0 39 b1 63 61 08 15 b0 ca 17 |.J.b...9.ca.....|
-00000030 03 03 00 21 50 9e 16 ce 7e af 8f 43 d1 1c 30 37 |...!P...~..C..07|
-00000040 85 e9 68 3a 9c 7e 26 90 dc 14 b1 ec 91 20 2b 4a |..h:.~&...... +J|
-00000050 24 b4 fa b1 50 15 03 03 00 16 59 74 08 41 73 01 |$...P.....Yt.As.|
-00000060 22 19 0b 35 6b 4d ee d2 15 50 42 de cc cf cc 09 |"..5kM...PB.....|
+00000000 14 03 03 00 01 01 16 03 03 00 24 ee dc 70 d2 3a |..........$..p.:|
+00000010 f1 9c c6 c8 01 01 84 4f 3c 95 a3 ac 7a 78 92 3d |.......O<...zx.=|
+00000020 8c 05 a1 db 34 fe 92 f2 9e f3 81 a1 33 a5 7f 17 |....4.......3...|
+00000030 03 03 00 21 6e a9 f8 f9 99 0b c1 f5 8a d0 ab 93 |...!n...........|
+00000040 15 4d 2f 24 1c 0b 43 77 cf 14 60 87 b0 8d f7 80 |.M/$..Cw..`.....|
+00000050 c0 69 ea f6 9e 15 03 03 00 16 ef 09 73 d8 06 ec |.i..........s...|
+00000060 b8 02 14 9c d3 39 32 d4 3d 94 ec 17 79 1d a9 d3 |.....92.=...y...|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15 b/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15
new file mode 100644
index 0000000..6d98a30
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPKCS1v15
@@ -0,0 +1,81 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 91 01 00 00 8d 03 03 c1 6b f6 4d 77 |............k.Mw|
+00000010 95 dc 8a 54 04 62 4a b4 dc e3 06 51 b8 88 4e 9f |...T.bJ....Q..N.|
+00000020 9a f5 2b 87 82 51 df e9 54 c7 93 00 00 2a c0 30 |..+..Q..T....*.0|
+00000030 00 9f cc a8 cc aa c0 2f 00 9e c0 28 00 6b c0 27 |......./...(.k.'|
+00000040 00 67 c0 14 00 39 c0 13 00 33 00 9d 00 9c 00 3d |.g...9...3.....=|
+00000050 00 3c 00 35 00 2f 00 ff 01 00 00 3a 00 00 00 0e |.<.5./.....:....|
+00000060 00 0c 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b |.....127.0.0.1..|
+00000070 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 |................|
+00000080 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d |................|
+00000090 00 04 00 02 04 01 |......|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
+000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
+000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
+000002c0 74 04 01 00 80 15 c5 ee da 37 f8 6d b8 9e 7c 68 |t........7.m..|h|
+000002d0 b2 08 2a 8d 79 6c 6e 95 4e b5 6f 8e 84 24 31 d4 |..*.yln.N.o..$1.|
+000002e0 e7 8c 6c 7e 9c 58 a4 fe 18 59 aa f7 0d 7d ff 7a |..l~.X...Y...}.z|
+000002f0 f2 b0 eb b6 d3 4f fa 3f 36 0d 2e 43 8e d7 96 14 |.....O.?6..C....|
+00000300 99 a0 34 6a 51 cf 49 48 2f 6a 69 3b e4 ec 8b 61 |..4jQ.IH/ji;...a|
+00000310 a1 f4 ea 20 c5 72 90 b1 c6 54 75 42 4e f6 1f 12 |... .r...TuBN...|
+00000320 da e1 98 36 01 02 30 b4 75 7b 4f 4b f1 4f ac 20 |...6..0.u{OK.O. |
+00000330 ac c8 d2 0f 8f 2a 00 09 b8 2c ab 9e 5f b2 ce 25 |.....*...,.._..%|
+00000340 e3 a3 27 9d 53 16 03 03 00 04 0e 00 00 00 |..'.S.........|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 25 10 00 00 21 20 fe 11 76 84 dd 42 |....%...! ..v..B|
+00000010 d9 fd ad 50 81 7e 62 d4 38 cb b3 5d ec c8 5a 7a |...P.~b.8..]..Zz|
+00000020 40 d9 10 23 2f e6 c7 a8 95 3b 14 03 03 00 01 01 |@..#/....;......|
+00000030 16 03 03 00 28 61 18 1a 65 0c 24 59 01 fe 28 fc |....(a..e.$Y..(.|
+00000040 4f 7f d9 c5 6d b7 bf 9c 5c 8b dc 91 e7 48 40 72 |O...m...\....H@r|
+00000050 06 4d 49 a4 4d 32 e2 10 b9 36 a4 06 a6 |.MI.M2...6...|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
+00000010 00 00 00 6c 7b 84 e6 84 d3 31 8e 6a 3e e7 7e f2 |...l{....1.j>.~.|
+00000020 94 16 6c 6f 01 a9 2d f7 de 5d 94 b2 9c 4b f0 51 |..lo..-..]...K.Q|
+00000030 70 9e 3c 17 03 03 00 25 00 00 00 00 00 00 00 01 |p.<....%........|
+00000040 94 ca c5 e7 58 20 7d 3b 74 9d e0 97 a2 dd 63 ab |....X };t.....c.|
+00000050 33 08 2f 16 69 59 ba 0e 82 52 75 98 eb 15 03 03 |3./.iY...Ru.....|
+00000060 00 1a 00 00 00 00 00 00 00 02 fc 38 72 72 09 6a |...........8rr.j|
+00000070 ee c0 61 39 50 71 ad d3 ec a9 d1 0e |..a9Pq......|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS b/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS
new file mode 100644
index 0000000..5ec0f25
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS
@@ -0,0 +1,81 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 91 01 00 00 8d 03 03 0f 06 da 7d 85 |..............}.|
+00000010 33 d8 3c c3 ad c5 19 f8 06 d8 f6 02 80 9a fb 8c |3.<.............|
+00000020 55 a5 6b 67 c4 6e 68 11 74 61 28 00 00 2a c0 30 |U.kg.nh.ta(..*.0|
+00000030 00 9f cc a8 cc aa c0 2f 00 9e c0 28 00 6b c0 27 |......./...(.k.'|
+00000040 00 67 c0 14 00 39 c0 13 00 33 00 9d 00 9c 00 3d |.g...9...3.....=|
+00000050 00 3c 00 35 00 2f 00 ff 01 00 00 3a 00 00 00 0e |.<.5./.....:....|
+00000060 00 0c 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b |.....127.0.0.1..|
+00000070 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 |................|
+00000080 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d |................|
+00000090 00 04 00 02 08 04 |......|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
+000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
+000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
+000002c0 74 08 04 00 80 49 30 b1 a5 47 19 7f a7 35 61 cb |t....I0..G...5a.|
+000002d0 dc 41 47 f0 6a 96 e1 63 48 d9 4f d3 a4 ac 06 46 |.AG.j..cH.O....F|
+000002e0 f2 8d 07 95 25 c6 61 59 4a df 35 2e ce dd 71 7e |....%.aYJ.5...q~|
+000002f0 1e d6 f4 9f 43 93 84 35 6a 98 41 45 16 ee cb 14 |....C..5j.AE....|
+00000300 dd bb 52 27 08 d5 a2 39 e7 6e f6 d6 e4 c6 bd f3 |..R'...9.n......|
+00000310 b6 9b 6d 61 30 2a 07 c6 04 39 87 fd 99 00 15 78 |..ma0*...9.....x|
+00000320 3d bf 20 8c b9 52 fb 5d c7 b7 77 78 fb 77 2a ac |=. ..R.]..wx.w*.|
+00000330 f5 3e e5 4b 8f 4d 9b ca c2 33 1c 66 3c cb e0 1f |.>.K.M...3.f<...|
+00000340 81 36 78 39 70 16 03 03 00 04 0e 00 00 00 |.6x9p.........|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 25 10 00 00 21 20 79 9a e7 42 96 52 |....%...! y..B.R|
+00000010 f6 52 7d 10 9a 36 9b aa a7 2f 96 be 5b 0a 3b 40 |.R}..6.../..[.;@|
+00000020 d9 32 3a 0b 17 7b 8d 92 7c 7b 14 03 03 00 01 01 |.2:..{..|{......|
+00000030 16 03 03 00 28 92 3e da 41 d2 87 60 b3 e1 4f f7 |....(.>.A..`..O.|
+00000040 bb b7 09 50 47 2e 05 d5 fe f6 ed 94 ba 3b 60 aa |...PG........;`.|
+00000050 38 2d b2 38 c7 07 64 63 dd ca 1a 8e ae |8-.8..dc.....|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
+00000010 00 00 00 8e c6 6e 45 21 eb 35 11 7a b5 74 d7 f7 |.....nE!.5.z.t..|
+00000020 67 53 15 23 9d 61 a1 bc 20 10 c8 8e 7e ee 45 fc |gS.#.a.. ...~.E.|
+00000030 60 13 20 17 03 03 00 25 00 00 00 00 00 00 00 01 |`. ....%........|
+00000040 bf f9 63 b5 b1 39 70 43 c7 62 38 be d1 f5 0d a5 |..c..9pC.b8.....|
+00000050 87 91 95 71 ab 03 c2 08 d0 38 dc 70 9a 15 03 03 |...q.....8.p....|
+00000060 00 1a 00 00 00 00 00 00 00 02 0c 6f b1 f5 45 6d |...........o..Em|
+00000070 44 2c 1f ec a4 fa 5c c1 aa 23 1e 82 |D,....\..#..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-Resume b/src/crypto/tls/testdata/Server-TLSv12-Resume
index 366ca8f..cebc00b 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-Resume
+++ b/src/crypto/tls/testdata/Server-TLSv12-Resume
@@ -1,41 +1,48 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 f9 01 00 00 f5 03 03 23 77 58 99 0e |...........#wX..|
-00000010 44 ed 63 44 e4 e4 eb d1 83 c3 9c d0 24 12 a3 b9 |D.cD........$...|
-00000020 55 6b 4d da bf 84 9d 35 de 43 a0 20 7b 93 cb d3 |UkM....5.C. {...|
-00000030 c5 ce 5e d5 aa 48 91 a4 b2 c2 d7 72 09 0d 21 78 |..^..H.....r..!x|
-00000040 f0 ac 7a ed 9a a9 ad dd 51 8b b2 1c 00 04 00 2f |..z.....Q....../|
-00000050 00 ff 01 00 00 a8 00 23 00 78 50 46 ad c1 db a8 |.......#.xPF....|
-00000060 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 00 |8.{+....B>......|
-00000070 00 00 00 00 00 00 00 00 00 00 94 6f 2c 9f 83 61 |...........o,..a|
-00000080 0b b1 b7 9e 10 2d 0c 56 e8 70 66 ad de b1 15 74 |.....-.V.pf....t|
-00000090 2f 8b 08 8c 96 bb 4b 1b 4e dd 81 0e bf 84 4d 43 |/.....K.N.....MC|
-000000a0 8f c0 7e a0 7f be c0 59 bf 83 26 0f a2 22 52 2c |..~....Y..&.."R,|
-000000b0 33 94 5a 77 54 f3 b5 f2 22 51 d5 24 c2 60 c3 2e |3.ZwT..."Q.$.`..|
-000000c0 0f 9c 5e 33 3b e8 7c 52 2a 76 08 58 ac 47 98 bc |..^3;.|R*v.X.G..|
-000000d0 36 b6 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 |6.... ..........|
-000000e0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................|
-000000f0 02 01 02 02 02 03 00 16 00 00 00 17 00 00 |..............|
+00000000 16 03 01 01 33 01 00 01 2f 03 03 b0 fe 51 14 a8 |....3.../....Q..|
+00000010 15 64 e2 64 e4 8e 4f 93 bf 17 38 50 d8 fb 4c fb |.d.d..O...8P..L.|
+00000020 03 04 a2 c0 9d b9 d2 19 8f e6 9a 20 5e e4 28 dd |........... ^.(.|
+00000030 e1 a6 89 f5 b2 5e 1a 7b d3 af 0a bb 19 dc e1 2f |.....^.{......./|
+00000040 58 d7 9e 59 a7 b7 de 07 bb 06 4d 0c 00 04 00 2f |X..Y......M..../|
+00000050 00 ff 01 00 00 e2 00 00 00 0e 00 0c 00 00 09 31 |...............1|
+00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000080 00 23 00 78 50 46 ad c1 db a8 38 86 7b 2b bb fd |.#.xPF....8.{+..|
+00000090 d0 c3 42 3e 00 00 00 00 00 00 00 00 00 00 00 00 |..B>............|
+000000a0 00 00 00 00 94 6f 2c 9f 83 61 fe 79 79 ae dc c2 |.....o,..a.yy...|
+000000b0 a0 99 e2 59 46 79 88 b8 ed 74 da ef da 3e 7e 69 |...YFy...t...>~i|
+000000c0 af 34 63 b3 7f 52 e1 07 4d f8 40 69 63 85 8c 66 |.4c..R..M.@ic..f|
+000000d0 a6 d6 f7 b7 b0 f2 d4 12 f4 2a 33 94 64 76 91 5b |.........*3.dv.[|
+000000e0 6c 7d 49 37 3c 0b 76 3e d6 5c 0b 65 79 96 31 51 |l}I7<.v>.\.ey.1Q|
+000000f0 46 01 51 94 38 5b 51 d5 2d 1a 8b 19 00 16 00 00 |F.Q.8[Q.-.......|
+00000100 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 |.......0........|
+00000110 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+00000120 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 |................|
+00000130 02 02 04 02 05 02 06 02 |........|
>>> Flow 2 (server to client)
00000000 16 03 03 00 51 02 00 00 4d 03 03 00 00 00 00 00 |....Q...M.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 20 7b 93 cb d3 |........... {...|
-00000030 c5 ce 5e d5 aa 48 91 a4 b2 c2 d7 72 09 0d 21 78 |..^..H.....r..!x|
-00000040 f0 ac 7a ed 9a a9 ad dd 51 8b b2 1c 00 2f 00 00 |..z.....Q..../..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 20 5e e4 28 dd |...DOWNGRD. ^.(.|
+00000030 e1 a6 89 f5 b2 5e 1a 7b d3 af 0a bb 19 dc e1 2f |.....^.{......./|
+00000040 58 d7 9e 59 a7 b7 de 07 bb 06 4d 0c 00 2f 00 00 |X..Y......M../..|
00000050 05 ff 01 00 01 00 14 03 03 00 01 01 16 03 03 00 |................|
00000060 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |@...............|
-00000070 00 ac d9 95 88 c6 37 e8 3c 24 d8 d9 15 46 25 c6 |......7.<$...F%.|
-00000080 32 0c 75 80 11 3d 89 53 1c 7a b1 78 6a c1 1a d7 |2.u..=.S.z.xj...|
-00000090 91 6e c2 55 99 84 11 43 cd 62 99 3b 28 1b 2e 08 |.n.U...C.b.;(...|
-000000a0 a8 |.|
+00000070 00 c6 4d ae 43 25 3e 7a 8b 1d bc 77 6f 6d 05 c8 |..M.C%>z...wom..|
+00000080 93 a1 d0 ee 81 0b e6 3e e6 0d 55 ff 3a 76 f3 e1 |.......>..U.:v..|
+00000090 49 0b e4 3b d2 1c cb 2d 9f 1e 03 cb f9 8c 60 96 |I..;...-......`.|
+000000a0 b1 |.|
>>> Flow 3 (client to server)
-00000000 14 03 03 00 01 01 16 03 03 00 40 67 fd 43 2a 0b |..........@g.C*.|
-00000010 14 6b 89 53 84 a8 04 62 d6 30 af 68 eb 8e 2a de |.k.S...b.0.h..*.|
-00000020 67 c9 40 af 8b ac dd 29 a4 20 e4 da b0 dd c3 05 |g.@....). ......|
-00000030 82 83 8f 75 77 db 6c fe e7 20 54 e3 eb 51 31 68 |...uw.l.. T..Q1h|
-00000040 da 11 a3 6d a1 34 d9 f5 d1 ef c9 |...m.4.....|
+00000000 14 03 03 00 01 01 16 03 03 00 40 c9 ab 6e 5b 04 |..........@..n[.|
+00000010 35 28 90 72 16 86 e8 ad a5 4d 2e f8 5a ee 42 8e |5(.r.....M..Z.B.|
+00000020 6c 3f a4 00 3a de a8 c5 8f e3 59 15 10 09 31 91 |l?..:.....Y...1.|
+00000030 5c ad a1 b1 15 bc fd a1 4a 91 4b 7a 50 a7 37 c4 |\.......J.KzP.7.|
+00000040 3b 9d 3b 30 8e cd 8c ec b3 bc 94 |;.;0.......|
>>> Flow 4 (server to client)
00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........|
-00000010 00 00 00 00 00 ee e2 75 6f 78 b0 88 1a 8b 9b 91 |.......uox......|
-00000020 c9 8c 3b ae a5 93 71 12 55 66 f8 09 a5 1f 4b 1b |..;...q.Uf....K.|
-00000030 c2 fe 65 8b 3d d9 dc fa af dc 29 1b 83 da e0 6a |..e.=.....)....j|
-00000040 4b cd d0 dc 27 |K...'|
+00000010 00 00 00 00 00 95 7d fd bf 36 bd 7d 5f 42 2f 0a |......}..6.}_B/.|
+00000020 84 27 ed 2d 76 07 cb 5a 96 93 74 68 9f 2a 66 fa |.'.-v..Z..th.*f.|
+00000030 85 b0 38 bc da 8d 11 7f 80 80 21 ed 34 db 58 91 |..8.......!.4.X.|
+00000040 b0 d7 8d 08 f1 15 03 03 00 30 00 00 00 00 00 00 |.........0......|
+00000050 00 00 00 00 00 00 00 00 00 00 6f ed 4a be 10 ea |..........o.J...|
+00000060 6a 75 ee 69 c2 2c f7 54 8a 18 aa 5f 7c 65 d0 d8 |ju.i.,.T..._|e..|
+00000070 0c 94 dc a8 47 45 83 e6 68 09 |....GE..h.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ResumeDisabled b/src/crypto/tls/testdata/Server-TLSv12-ResumeDisabled
index 3474837..102ca95 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ResumeDisabled
+++ b/src/crypto/tls/testdata/Server-TLSv12-ResumeDisabled
@@ -1,24 +1,28 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 f9 01 00 00 f5 03 03 e8 59 b4 a7 b2 |............Y...|
-00000010 77 86 57 47 0d d7 7b 2b c1 a2 04 fd 8d 4d e4 f5 |w.WG..{+.....M..|
-00000020 be e2 65 8e 28 9a fe c3 19 fc 43 20 40 38 fb 60 |..e.(.....C @8.`|
-00000030 f8 2f 36 f4 85 1d ee f1 53 f2 90 cf 3c 58 36 cd |./6.....S...<X6.|
-00000040 bd 22 b4 0c 92 a9 17 56 f9 b4 dd 9b 00 04 00 2f |.".....V......./|
-00000050 00 ff 01 00 00 a8 00 23 00 78 50 46 ad c1 db a8 |.......#.xPF....|
-00000060 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 00 |8.{+....B>......|
-00000070 00 00 00 00 00 00 00 00 00 00 94 6f 2c 9f 83 61 |...........o,..a|
-00000080 2e fe 48 fe f6 bb 98 a0 6f b0 be 9e 86 d7 b2 f2 |..H.....o.......|
-00000090 67 c7 44 c7 3d e4 2b de d0 f4 d2 17 51 84 8e 7a |g.D.=.+.....Q..z|
-000000a0 a7 80 c4 65 14 f7 49 09 68 15 56 68 32 41 d1 6f |...e..I.h.Vh2A.o|
-000000b0 33 94 a1 3a c9 37 20 5d e6 b0 6f 37 0a 10 e3 28 |3..:.7 ]..o7...(|
-000000c0 e1 34 b6 6d e6 7a 44 24 7f 2f cf 1b ae dd 4c d0 |.4.m.zD$./....L.|
-000000d0 11 75 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 |.u... ..........|
-000000e0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................|
-000000f0 02 01 02 02 02 03 00 16 00 00 00 17 00 00 |..............|
+00000000 16 03 01 01 33 01 00 01 2f 03 03 ec 14 e8 1f 51 |....3.../......Q|
+00000010 60 0d 36 02 55 a0 c0 26 d1 a3 c4 e9 3a aa 95 4d |`.6.U..&....:..M|
+00000020 6e 2b 72 fa 21 3d 26 0c 33 d6 87 20 12 fa 92 10 |n+r.!=&.3.. ....|
+00000030 d6 81 cb 7d 83 97 81 0a 7b 02 0d b7 88 48 fd 14 |...}....{....H..|
+00000040 82 23 7e c1 88 e7 2c 79 be 5c e1 30 00 04 00 2f |.#~...,y.\.0.../|
+00000050 00 ff 01 00 00 e2 00 00 00 0e 00 0c 00 00 09 31 |...............1|
+00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000080 00 23 00 78 50 46 ad c1 db a8 38 86 7b 2b bb fd |.#.xPF....8.{+..|
+00000090 d0 c3 42 3e 00 00 00 00 00 00 00 00 00 00 00 00 |..B>............|
+000000a0 00 00 00 00 94 6f 2c 9f 83 61 70 4f 8e 34 f4 65 |.....o,..apO.4.e|
+000000b0 e4 64 ba af 8d 55 d8 8a c4 90 a4 94 d1 84 44 51 |.d...U........DQ|
+000000c0 72 f0 79 b3 2b c3 49 48 58 e7 66 8c 3d 60 dd 65 |r.y.+.IHX.f.=`.e|
+000000d0 ba 93 0a f1 45 28 83 56 19 28 33 94 dd d4 29 db |....E(.V.(3...).|
+000000e0 f0 80 d1 b2 0a ef 69 03 b5 fa 19 82 a9 0e 42 b0 |......i.......B.|
+000000f0 bb c2 b5 c7 b5 92 1f e6 3b 38 e3 85 00 16 00 00 |........;8......|
+00000100 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 |.......0........|
+00000110 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+00000120 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 |................|
+00000130 02 02 04 02 05 02 06 02 |........|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -59,31 +63,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 5e 04 66 f2 27 |...........^.f.'|
-00000010 99 3b f8 15 9f b8 4a ab 8c 32 10 0d 5b c9 5b 0b |.;....J..2..[.[.|
-00000020 04 69 dc 2b 9e bb 28 38 b6 a0 0f 32 ae 8c 96 64 |.i.+..(8...2...d|
-00000030 63 97 6b b6 63 94 45 84 03 28 d1 d8 85 2f a7 bb |c.k.c.E..(.../..|
-00000040 be ca 3e f5 30 27 e1 fd e5 cc bc b5 61 3d 26 8d |..>.0'......a=&.|
-00000050 0e 93 dd 78 07 5c fe 1b a9 57 c7 ce e6 df eb 28 |...x.\...W.....(|
-00000060 74 ce 12 f3 df 3f c0 9e 54 b6 e0 b0 ea f7 08 c6 |t....?..T.......|
-00000070 e1 9b cb e7 e9 41 b0 b4 68 2f f2 9b 1a 0a e3 17 |.....A..h/......|
-00000080 df d7 18 ff 95 ca 36 07 32 ff f9 14 03 03 00 01 |......6.2.......|
-00000090 01 16 03 03 00 40 cb c3 74 05 82 ab 93 07 a2 8b |.....@..t.......|
-000000a0 24 27 c0 21 3e d1 15 12 9a 85 20 5b f5 7e 7e 0a |$'.!>..... [.~~.|
-000000b0 a0 8e b2 de aa 25 2a b3 3d 12 1b 01 45 ec 36 53 |.....%*.=...E.6S|
-000000c0 32 1d 81 c7 1d a6 96 c2 a9 2e af fa 90 6e 76 bb |2............nv.|
-000000d0 a2 bc 43 91 c9 ca |..C...|
+00000000 16 03 03 00 86 10 00 00 82 00 80 a1 9c 83 96 72 |...............r|
+00000010 04 cb dd 16 d6 02 0c fd ec 03 7f bb 23 9a a4 b5 |............#...|
+00000020 f0 50 3e 0f 32 bb 92 9d 09 b0 20 f2 08 4b f0 37 |.P>.2..... ..K.7|
+00000030 0d ef f6 22 0d 75 ad 2f 1b ce 1f 87 f0 fe 50 9a |...".u./......P.|
+00000040 c5 3b a3 fa c7 59 bf dd 4c b6 04 95 a2 c4 83 97 |.;...Y..L.......|
+00000050 04 e8 ab 3a ff 25 7b 2d aa c0 bd 0f 1f ef 55 34 |...:.%{-......U4|
+00000060 c5 bf 7c 48 b7 9c d0 9a 37 ab fa 32 53 fb 5c 66 |..|H....7..2S.\f|
+00000070 53 8a 81 cf bd 5a 8f d2 76 87 01 b9 29 72 b4 4e |S....Z..v...)r.N|
+00000080 7c 25 6d b1 4f 59 8b a4 fc cf 27 14 03 03 00 01 ||%m.OY....'.....|
+00000090 01 16 03 03 00 40 e2 b7 3e 75 4d 7a ee 8e 32 75 |.....@..>uMz..2u|
+000000a0 e1 04 11 55 63 87 d6 f2 8d f1 78 de 8a fa bb 1e |...Uc.....x.....|
+000000b0 74 1d 5c e3 c3 77 c4 10 6b 6d 63 ab 5c 08 b4 3e |t.\..w..kmc.\..>|
+000000c0 f0 f7 cb 72 cd 5e 83 e2 6f 67 06 83 cf 22 73 05 |...r.^..og..."s.|
+000000d0 2d 6f 12 58 2c 74 |-o.X,t|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 7f 39 4c 83 d4 |............9L..|
-00000020 ca a2 7a a8 eb 3e 45 18 6e 33 3d 6f eb 2d 4f 72 |..z..>E.n3=o.-Or|
-00000030 35 ee c3 f8 22 fd 39 28 47 23 55 16 6c 47 80 b7 |5...".9(G#U.lG..|
-00000040 65 31 15 f6 89 79 96 bd 6a df 1d 17 03 03 00 40 |e1...y..j......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 d3 51 28 12 19 |............Q(..|
+00000020 67 4f 60 7e 0e af f1 f9 31 4b 2c a3 87 a5 5c 61 |gO`~....1K,...\a|
+00000030 1a d3 58 57 8f b5 a1 75 87 86 ca 7b e2 a3 bf 53 |..XW...u...{...S|
+00000040 2a 92 09 04 43 29 9b 22 c5 19 a4 17 03 03 00 40 |*...C).".......@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 0c ea 0d 87 9a 24 d5 cc 26 9a a2 32 df 04 24 7d |.....$..&..2..$}|
-00000070 45 ed 35 4e 5b a0 57 c1 c7 f1 0f 8b b0 f9 49 85 |E.5N[.W.......I.|
-00000080 d6 e6 36 26 d5 f3 e4 00 76 d0 d6 20 be b3 31 e5 |..6&....v.. ..1.|
+00000060 58 bf 73 aa ed 8a a0 61 c5 81 ac 22 1d ab 7b 75 |X.s....a..."..{u|
+00000070 8b 31 97 fc df 6a e9 07 a7 3e c8 2d 3d 70 b1 b7 |.1...j...>.-=p..|
+00000080 c1 ca 15 d5 c6 ac 32 ed 64 1f 98 d5 7e 17 3b 95 |......2.d...~.;.|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 6c 51 e9 c2 e8 4f 43 e2 ce 01 9d |.....lQ...OC....|
-000000b0 d9 6f d7 c7 bf 16 d9 28 ca 8a ea 5e d5 84 ba 55 |.o.....(...^...U|
-000000c0 b7 23 9d 79 28 |.#.y(|
+000000a0 00 00 00 00 00 e1 a6 0c 04 db 23 62 bb 99 9f b7 |..........#b....|
+000000b0 1b 2b ae 6d 7d 9f 54 8e 39 60 6c d6 94 34 fa cd |.+.m}.T.9`l..4..|
+000000c0 a8 7c ed a8 52 |.|..R|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-SNI b/src/crypto/tls/testdata/Server-TLSv12-SNI
index 852cc63..f1c3552 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-SNI
+++ b/src/crypto/tls/testdata/Server-TLSv12-SNI
@@ -1,16 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 71 01 00 00 6d 03 03 35 8f 03 0b f4 |....q...m..5....|
-00000010 81 dd d7 ec 8b cc 85 bd 07 5b 83 16 cc 6e b2 67 |.........[...n.g|
-00000020 fd 33 69 81 14 9a 14 9d 37 43 5a 00 00 04 00 2f |.3i.....7CZ..../|
-00000030 00 ff 01 00 00 40 00 00 00 10 00 0e 00 00 0b 73 |.....@.........s|
-00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 1e |nitest.com... ..|
-00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................|
-00000070 00 00 00 17 00 00 |......|
+00000000 16 03 01 00 99 01 00 00 95 03 03 4d 04 34 4d c9 |...........M.4M.|
+00000010 52 17 f0 1c 49 b6 2b d1 a0 16 a2 04 f4 d3 7c ca |R...I.+.......|.|
+00000020 3d 4e 41 44 3d de 29 60 32 d6 a7 00 00 04 00 2f |=NAD=.)`2....../|
+00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s|
+00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......|
+00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................|
+00000060 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..|
+00000070 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................|
+00000080 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................|
+00000090 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -51,31 +53,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 4c 15 46 23 91 |...........L.F#.|
-00000010 a0 d8 6c 45 f0 49 7e 70 84 9f bf 53 3d 68 2c cc |..lE.I~p...S=h,.|
-00000020 20 3f 28 bd cf e6 6e fd e6 90 ff 87 14 82 65 00 | ?(...n.......e.|
-00000030 d6 b6 ef 5a 0c d6 30 76 88 d2 37 33 39 de 00 b4 |...Z..0v..739...|
-00000040 ec dd 30 3b f6 88 ff 4c b2 98 75 77 fd c3 61 38 |..0;...L..uw..a8|
-00000050 2d 00 f7 14 d8 a4 37 22 c0 db 8a bd 12 0b b8 cc |-.....7"........|
-00000060 37 82 78 d3 0e f2 0b 9b 51 c5 26 c5 e2 ce 3e 0e |7.x.....Q.&...>.|
-00000070 04 34 39 83 a8 f5 65 ff 40 d9 9b 4a 11 6b b3 d2 |.49...e.@..J.k..|
-00000080 f7 02 78 a9 7c f4 69 56 3a a4 98 14 03 03 00 01 |..x.|.iV:.......|
-00000090 01 16 03 03 00 40 d6 90 b3 07 d1 a1 c1 12 35 07 |.....@........5.|
-000000a0 4e c0 df 4b 17 cc fa 49 47 c9 22 c3 6f 70 fa ee |N..K...IG.".op..|
-000000b0 cf b3 61 d6 06 54 cd ce c2 15 17 8a a0 f6 5c 43 |..a..T........\C|
-000000c0 7c 92 ce 89 d4 96 53 d0 c7 e6 9a 24 bc 5a 83 e5 ||.....S....$.Z..|
-000000d0 9c 65 72 e7 80 a4 |.er...|
+00000000 16 03 03 00 86 10 00 00 82 00 80 ca 5a ef 73 b7 |............Z.s.|
+00000010 e2 11 b7 9a 45 22 8f 0d 44 ca 44 77 c0 ec 67 95 |....E"..D.Dw..g.|
+00000020 cc 63 2a 55 65 69 34 93 a2 64 fa f8 c0 db 56 91 |.c*Uei4..d....V.|
+00000030 d2 50 d4 a8 8c 89 13 e6 c0 ce 2b 26 46 cb ea 39 |.P........+&F..9|
+00000040 66 4c 89 58 8d 8a da 9c bd 16 b3 28 40 a1 6f f8 |fL.X.......(@.o.|
+00000050 f7 f5 d9 9f d1 cd 44 ca b5 ed 19 ea ec fa 97 2d |......D........-|
+00000060 87 a5 c2 a8 1e f0 0c 70 fd fc a7 e7 1b dc 0c 99 |.......p........|
+00000070 d0 1f 6d 68 df 64 8f cb ce 7b 3e 38 ab 9d b3 ba |..mh.d...{>8....|
+00000080 66 a4 17 60 d6 fd ab 1d d8 a2 b4 14 03 03 00 01 |f..`............|
+00000090 01 16 03 03 00 40 31 e3 94 eb 85 21 63 5e 29 b8 |.....@1....!c^).|
+000000a0 2b 9a 42 d1 4d f1 3c e8 df 66 ed 6f 61 42 aa 46 |+.B.M.<..f.oaB.F|
+000000b0 c0 4b 33 27 93 94 c5 6a 6c 94 f9 ba 6a 81 11 b1 |.K3'...jl...j...|
+000000c0 be 21 00 97 d9 84 9d ee fd fd 79 18 ad 07 7a a8 |.!........y...z.|
+000000d0 d3 89 e3 2a b0 f0 |...*..|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 a0 61 69 4c 9d |............aiL.|
-00000020 68 f3 f8 f6 a0 ef 1b f4 a2 f5 83 fa 03 87 ad 67 |h..............g|
-00000030 7e 9f df c6 ce 9f 69 ce 22 fc de 91 0d 18 00 fb |~.....i.".......|
-00000040 c1 5d a1 2d bb 89 29 4f f6 de 57 17 03 03 00 40 |.].-..)O..W....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 98 ae 81 aa e9 |................|
+00000020 4e 1f 93 59 89 05 a2 98 c3 17 dd e1 9d 9a 12 7d |N..Y...........}|
+00000030 30 c6 6c b4 a6 f3 b7 b2 c5 df dc 9d 81 99 ce 29 |0.l............)|
+00000040 4b 75 04 9e d3 82 06 fa 22 1f a2 17 03 03 00 40 |Ku......"......@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 bb 54 f4 80 69 1d 3b 9c e7 9c 1a fb 4e 3d c1 02 |.T..i.;.....N=..|
-00000070 d3 05 86 35 47 61 59 aa 45 54 ae a2 59 4c 75 8c |...5GaY.ET..YLu.|
-00000080 8d a9 7d 7f a0 4b d9 65 7a 53 ef 7e ed a3 fa 9e |..}..K.ezS.~....|
+00000060 dc 0e 49 1a ad 28 b6 c1 f2 27 ae bf 94 45 57 15 |..I..(...'...EW.|
+00000070 74 33 ae 3a f0 ee e5 76 7e 72 6c d9 56 64 88 58 |t3.:...v~rl.Vd.X|
+00000080 0b 96 35 a9 83 2e 4e 82 f8 a4 f8 f5 5b 08 6f 79 |..5...N.....[.oy|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 cc fd 0f cb 74 a5 36 ce c1 cd 54 |.........t.6...T|
-000000b0 6f 66 81 c0 ab ff 72 ea f3 1f a6 b7 ef 46 45 68 |of....r......FEh|
-000000c0 9b 0b 7f 4f 46 |...OF|
+000000a0 00 00 00 00 00 63 55 cb 53 f8 b1 48 85 33 aa c6 |.....cU.S..H.3..|
+000000b0 aa 60 c4 d0 b6 bb cc 85 3e a9 92 f9 be 53 8b 8b |.`......>....S..|
+000000c0 3e 9c ee 8f f4 |>....|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate
index b35cd8d..f407ffd 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate
+++ b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate
@@ -1,16 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 71 01 00 00 6d 03 03 31 c7 3f 2b 99 |....q...m..1.?+.|
-00000010 95 d8 d5 b7 91 ab 95 c6 09 35 0c 2b bd b6 94 1e |.........5.+....|
-00000020 64 4a 2d b6 43 23 a0 01 e7 93 22 00 00 04 00 2f |dJ-.C#...."..../|
-00000030 00 ff 01 00 00 40 00 00 00 10 00 0e 00 00 0b 73 |.....@.........s|
-00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 1e |nitest.com... ..|
-00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................|
-00000070 00 00 00 17 00 00 |......|
+00000000 16 03 01 00 99 01 00 00 95 03 03 9d e8 44 6f ac |.............Do.|
+00000010 b8 f3 4e 96 5e c0 2a 81 4d 71 2e 0e 8a a0 2f 88 |..N.^.*.Mq..../.|
+00000020 4a 87 39 d2 ed 94 0b 41 ad 2b bf 00 00 04 00 2f |J.9....A.+...../|
+00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s|
+00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......|
+00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................|
+00000060 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..|
+00000070 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................|
+00000080 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................|
+00000090 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -51,31 +53,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 c9 3a 9d ea e3 |............:...|
-00000010 19 f1 07 77 61 ef 5a aa ed 0f 26 b4 7a 45 db 05 |...wa.Z...&.zE..|
-00000020 bd 51 77 f5 ee 7b c1 83 9c 95 49 7b 70 5e 5b fe |.Qw..{....I{p^[.|
-00000030 25 d2 3d 64 74 b8 a4 97 fd cb b9 75 7b 8f b0 59 |%.=dt......u{..Y|
-00000040 30 bf b3 41 ce 54 83 0a ca 29 49 5a fe 29 4c 53 |0..A.T...)IZ.)LS|
-00000050 fb d6 6e 46 d9 f7 31 17 d6 ee f9 ac 41 82 22 11 |..nF..1.....A.".|
-00000060 a7 34 07 41 50 43 2f 83 f6 1f c6 c0 9d 4a 67 5a |.4.APC/......JgZ|
-00000070 af 44 59 c0 00 33 be 24 f7 0a a4 fe 76 6b 03 05 |.DY..3.$....vk..|
-00000080 2e ec 4d 49 db 6e e5 0a 5f af 09 14 03 03 00 01 |..MI.n.._.......|
-00000090 01 16 03 03 00 40 ad 89 4d 25 a2 ce 98 8c cf b6 |.....@..M%......|
-000000a0 f5 f4 76 6b e7 71 66 4a f9 a7 67 fb 1d 6c a7 83 |..vk.qfJ..g..l..|
-000000b0 3b 1d 6a af 65 f2 c1 1d 97 03 5b c2 34 ee 3b 8e |;.j.e.....[.4.;.|
-000000c0 cc bd 8f 3a b8 9b 4f 90 3f de 1e 97 1e 8e 61 37 |...:..O.?.....a7|
-000000d0 2d 30 35 84 3b 26 |-05.;&|
+00000000 16 03 03 00 86 10 00 00 82 00 80 a4 d5 09 e3 4c |...............L|
+00000010 78 eb 7d 76 4f 7f cf c7 2b 9d d1 fe 8f 5e a2 6b |x.}vO...+....^.k|
+00000020 83 82 cb 93 37 63 47 ec 38 48 42 2a 3e e1 bf 6b |....7cG.8HB*>..k|
+00000030 02 0a 8c b8 07 a7 11 5d fd cc 6d dc 3b ed 26 24 |.......]..m.;.&$|
+00000040 18 64 ed 2e 98 93 49 45 ea 49 be 3f 12 43 47 c0 |.d....IE.I.?.CG.|
+00000050 c3 ef 25 e0 be 06 f2 e5 fe 9f 3e c7 e6 23 90 d1 |..%.......>..#..|
+00000060 2e 6f fc e2 72 ba a2 c2 e9 94 ab 7e ca 59 fa 93 |.o..r......~.Y..|
+00000070 40 4a 48 39 f9 5e 5f ac 60 a0 94 61 1c 6e 10 1e |@JH9.^_.`..a.n..|
+00000080 30 44 1d 28 cb 2b b9 7f 00 dd 23 14 03 03 00 01 |0D.(.+....#.....|
+00000090 01 16 03 03 00 40 81 02 8e b2 b5 e2 b2 0a 95 9e |.....@..........|
+000000a0 1e 65 4a 63 98 5b f0 30 4b 63 0a 74 87 58 20 fb |.eJc.[.0Kc.t.X .|
+000000b0 2f 58 f8 10 a5 5f 4e b9 19 21 96 5f 13 8d d6 ed |/X..._N..!._....|
+000000c0 a3 39 92 e5 4c 0f 31 c3 df 51 2d bb 7c 29 54 34 |.9..L.1..Q-.|)T4|
+000000d0 f6 68 fb f2 49 2d |.h..I-|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 fe 23 de 33 4b |............#.3K|
-00000020 55 f2 8e 73 09 ba ae f1 12 bd f7 15 75 90 8f 19 |U..s........u...|
-00000030 1b 19 b6 3f 2c 19 47 87 a9 43 d5 1e 85 fb 0c 90 |...?,.G..C......|
-00000040 c8 18 72 8f 08 6f 48 43 3c 5c 5a 17 03 03 00 40 |..r..oHC<\Z....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 3a 54 5f df 8a |...........:T_..|
+00000020 c4 53 fb 18 31 f5 72 47 fd ef 38 84 72 80 81 88 |.S..1.rG..8.r...|
+00000030 45 69 81 aa c8 0d d7 4a 95 e9 cf ea b0 0e 07 3b |Ei.....J.......;|
+00000040 9c f5 b3 47 00 58 55 e3 06 e1 a3 17 03 03 00 40 |...G.XU........@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 4d 44 d7 eb a3 94 00 74 90 9d c0 bd 8e 11 eb b6 |MD.....t........|
-00000070 93 43 c6 14 0d ba c2 aa f0 f5 2d 85 9a 7c 27 44 |.C........-..|'D|
-00000080 fc d8 46 76 b2 21 4f 70 1a 9a df 9e 3a 8f a3 58 |..Fv.!Op....:..X|
+00000060 dd c3 b2 95 87 4d fb ae ee 0e cd 78 ac f3 2d 06 |.....M.....x..-.|
+00000070 f1 a1 86 91 a3 d3 8f f6 66 b6 1c 6d 3f 6b 5b ba |........f..m?k[.|
+00000080 4c c8 b2 5e bf 46 2b 05 bd 17 51 29 bd 1a 91 39 |L..^.F+...Q)...9|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 91 0f c3 2a 98 79 57 39 3c 68 98 |........*.yW9<h.|
-000000b0 df 36 12 de e5 15 ee cb 80 ce 33 d9 20 95 33 38 |.6........3. .38|
-000000c0 8b d8 ed 8f 9b |.....|
+000000a0 00 00 00 00 00 17 b0 ba 69 00 94 0c 79 3f f7 39 |........i...y?.9|
+000000b0 be a6 4b 52 b6 5e c7 c1 98 f5 04 b2 78 1f 92 4f |..KR.^......x..O|
+000000c0 4f 50 2d 59 2d |OP-Y-|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
index 8ba207b..4139c92 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
+++ b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
@@ -1,16 +1,18 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 71 01 00 00 6d 03 03 f8 16 6b 20 c3 |....q...m....k .|
-00000010 a4 cf fc ca 04 47 7a f9 cc d9 cf 4a 15 ff 6e 82 |.....Gz....J..n.|
-00000020 14 6a 91 91 7f f1 f4 42 e6 7c d4 00 00 04 00 2f |.j.....B.|...../|
-00000030 00 ff 01 00 00 40 00 00 00 10 00 0e 00 00 0b 73 |.....@.........s|
-00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 1e |nitest.com... ..|
-00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................|
-00000070 00 00 00 17 00 00 |......|
+00000000 16 03 01 00 99 01 00 00 95 03 03 cf 60 be 69 fc |............`.i.|
+00000010 d8 3d f8 5e 5a 67 1d 86 93 9a b1 58 4e ca 35 d8 |.=.^Zg.....XN.5.|
+00000020 2d 92 56 f8 74 b0 9a 96 20 75 46 00 00 04 00 2f |-.V.t... uF..../|
+00000030 00 ff 01 00 00 68 00 00 00 10 00 0e 00 00 0b 73 |.....h.........s|
+00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0b 00 04 03 00 |nitest.com......|
+00000050 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 |................|
+00000060 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e |.............0..|
+00000070 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................|
+00000080 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 |................|
+00000090 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |..............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@@ -51,31 +53,31 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 80 e8 00 cc 09 |................|
-00000010 fc 87 20 9f 2a 38 33 6f cb 61 71 86 6d 55 6a 87 |.. .*83o.aq.mUj.|
-00000020 e0 22 78 62 4e 3b 98 5c 87 fd 3b 1c 73 d3 77 7e |."xbN;.\..;.s.w~|
-00000030 a4 c3 6f d4 6d 82 65 40 0e 70 2f 24 e9 7d ff 49 |..o.m.e@.p/$.}.I|
-00000040 c7 bd 45 44 af ae a5 7a 06 06 5e 1e ce 31 73 4b |..ED...z..^..1sK|
-00000050 4a 38 f0 11 ba 32 58 ab a5 94 12 13 30 83 95 85 |J8...2X.....0...|
-00000060 f5 7e 8d a7 cc 6d 19 14 f9 b0 dc 64 e5 4d b1 7d |.~...m.....d.M.}|
-00000070 e6 95 d4 4a 7f 85 11 5b a7 c9 32 84 c2 ec 2e c3 |...J...[..2.....|
-00000080 40 fe 5c e2 cf 5b 96 8a 72 9f 9f 14 03 03 00 01 |@.\..[..r.......|
-00000090 01 16 03 03 00 40 a8 d2 5b 24 28 2b 86 1e c1 2e |.....@..[$(+....|
-000000a0 6f da 7a ac 6b bf 02 ea 10 5d 9c 71 fb 19 eb 17 |o.z.k....].q....|
-000000b0 19 b2 07 7c b9 df d0 6d 9f 80 cf 37 a0 2a 18 c9 |...|...m...7.*..|
-000000c0 e9 b5 9f 94 42 6a 6b 33 55 fb 6d 94 3b 79 ed 26 |....Bjk3U.m.;y.&|
-000000d0 5c 5a 7f 68 2c d8 |\Z.h,.|
+00000000 16 03 03 00 86 10 00 00 82 00 80 aa e3 c3 d5 76 |...............v|
+00000010 d7 f7 da d5 93 39 8f 6d c2 6a ed dc b1 69 c9 2e |.....9.m.j...i..|
+00000020 74 55 e3 2a c8 7d 03 f5 a6 6a 4e 04 b1 7f 14 86 |tU.*.}...jN.....|
+00000030 4c 5a 0d 55 00 dc 58 2b b6 34 bb 51 b0 d6 df ff |LZ.U..X+.4.Q....|
+00000040 ab 0e 1a a8 df b1 58 de 73 9d 94 e4 d1 26 28 df |......X.s....&(.|
+00000050 64 09 fd b0 bc d5 9e 85 0d e8 0c ff 1a 5c 87 47 |d............\.G|
+00000060 57 d0 3e a8 46 c6 5d c4 57 5c 95 c1 ca 91 69 c3 |W.>.F.].W\....i.|
+00000070 26 2f 93 0a f8 56 51 10 e9 ff f2 82 4f 21 54 30 |&/...VQ.....O!T0|
+00000080 d3 87 fd e9 e6 a1 05 53 d0 b4 10 14 03 03 00 01 |.......S........|
+00000090 01 16 03 03 00 40 1f 6b ca bc 42 19 fe c6 64 cf |.....@.k..B...d.|
+000000a0 6f de ff 54 28 56 de 1a 99 fb 19 d7 4a 5e 34 97 |o..T(V......J^4.|
+000000b0 f6 38 99 17 16 fb 06 ae 88 fb a6 07 2f 01 7b 54 |.8........../.{T|
+000000c0 63 8a 4a c1 6b ee 4e 61 4e c1 46 b5 d6 8f 51 a9 |c.J.k.NaN.F...Q.|
+000000d0 fb 07 9b 88 27 20 |....' |
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 18 e9 b5 96 14 |................|
-00000020 38 98 d4 23 cd e5 32 0e 09 ae b3 3b 90 a4 4d c2 |8..#..2....;..M.|
-00000030 e5 a8 df 72 e8 97 0b 67 cb 87 f4 d0 3e 52 ca d1 |...r...g....>R..|
-00000040 28 94 ed 88 6c cb 62 53 b2 a1 04 17 03 03 00 40 |(...l.bS.......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 62 37 c3 c7 5e |...........b7..^|
+00000020 7a 8c 16 99 2d a4 21 cd 44 ab ae ff 52 d4 a9 6f |z...-.!.D...R..o|
+00000030 fe 58 9a 61 2e ed 51 47 8b 9f f1 ca be b9 46 78 |.X.a..QG......Fx|
+00000040 9a fc d0 38 45 da a9 41 fd 51 8f 17 03 03 00 40 |...8E..A.Q.....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 0e e3 b0 da 4b 19 ca 29 7b 1d c8 e3 0d d7 f2 97 |....K..){.......|
-00000070 b0 0b 6e f0 d2 4b f0 c4 ca 87 75 3c ae 66 e1 b3 |..n..K....u<.f..|
-00000080 06 e3 e6 90 54 fd 31 f7 5d 3b 6f de 0f d5 e4 09 |....T.1.];o.....|
+00000060 7d aa 32 6f 59 1c d9 83 fe 11 2f ff b7 92 fb 22 |}.2oY...../...."|
+00000070 c0 9c 77 d6 73 66 da 10 f1 36 61 34 0f e6 e9 77 |..w.sf...6a4...w|
+00000080 8a 5c c1 8c ba 36 9d cc 8d 3f 48 03 2c c1 a5 1e |.\...6...?H.,...|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 ee a1 b0 94 b5 86 71 73 66 14 ac |...........qsf..|
-000000b0 5c 4e 1b 67 27 af db b6 e3 44 15 38 b1 f5 e0 13 |\N.g'....D.8....|
-000000c0 a5 e1 82 c0 6a |....j|
+000000a0 00 00 00 00 00 29 14 57 d1 dc f3 ab 63 40 92 00 |.....).W....c@..|
+000000b0 31 3b d5 36 a8 3c e3 cf b5 64 ee b7 e9 36 86 75 |1;.6.<...d...6.u|
+000000c0 6e d8 91 29 f0 |n..).|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-X25519 b/src/crypto/tls/testdata/Server-TLSv12-X25519
new file mode 100644
index 0000000..f8e6ab3
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-X25519
@@ -0,0 +1,81 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 8f 01 00 00 8b 03 03 77 a6 19 8a 94 |...........w....|
+00000010 4a 1a d4 51 10 98 c3 22 5d 5d 76 2d 4f 27 ea e8 |J..Q..."]]v-O'..|
+00000020 61 d0 10 7a 08 43 23 42 b0 e0 12 00 00 04 c0 2f |a..z.C#B......./|
+00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1|
+00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000050 00 0a 00 04 00 02 00 1d 00 16 00 00 00 17 00 00 |................|
+00000060 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 |...0............|
+00000070 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+00000080 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 |................|
+00000090 05 02 06 02 |....|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 |...DOWNGRD.../..|
+00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
+00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
+00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
+00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
+00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
+00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
+00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
+000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
+000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
+000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
+000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
+000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
+000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
+00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
+00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
+00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
+00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
+00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
+00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
+00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
+00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
+00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
+00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
+000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
+000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
+000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
+000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
+000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
+000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
+00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
+00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
+00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
+00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
+00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
+00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
+00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
+00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
+00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
+00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
+000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
+000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
+000002c0 74 08 04 00 80 0f e7 f4 b4 b9 f2 83 95 26 d7 70 |t............&.p|
+000002d0 5f b2 e3 5e 42 86 b6 67 0a df 4e 60 2d d2 91 be |_..^B..g..N`-...|
+000002e0 2c ba c1 24 9c 57 29 eb aa df 52 e5 8e 5f 9c ab |,..$.W)...R.._..|
+000002f0 9c 88 c5 8a 92 fd b6 d5 e2 6b 0d ea 1c de 73 22 |.........k....s"|
+00000300 a1 51 05 e0 b6 87 e1 e4 2b 8e 1d 06 26 53 37 4e |.Q......+...&S7N|
+00000310 c7 8f 05 4a 0c 48 69 d3 7b f8 44 33 7b 2b 54 f5 |...J.Hi.{.D3{+T.|
+00000320 d9 a8 70 f3 6d b5 1c e4 4d 53 5f 0d 29 76 92 d3 |..p.m...MS_.)v..|
+00000330 63 19 25 b0 8c c6 31 13 e4 b5 d5 d0 b9 47 ed 54 |c.%...1......G.T|
+00000340 28 82 6c 04 a9 16 03 03 00 04 0e 00 00 00 |(.l...........|
+>>> Flow 3 (client to server)
+00000000 16 03 03 00 25 10 00 00 21 20 a4 db 55 a3 5a 6f |....%...! ..U.Zo|
+00000010 af bf a2 53 ad 81 4d ea ef c0 d7 02 5d 42 9f ee |...S..M.....]B..|
+00000020 34 ff bf 08 c9 13 56 8c e3 26 14 03 03 00 01 01 |4.....V..&......|
+00000030 16 03 03 00 28 bd 32 89 70 2a eb 54 d1 ae 60 08 |....(.2.p*.T..`.|
+00000040 4e 05 c9 e8 bb a7 fc 96 56 1a ba c7 51 a5 4d 2a |N.......V...Q.M*|
+00000050 de da 6e a9 97 82 aa 37 44 00 4a 1f 0a |..n....7D.J..|
+>>> Flow 4 (server to client)
+00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
+00000010 00 00 00 7e 16 80 9b 85 03 3b 19 35 dc 22 75 4d |...~.....;.5."uM|
+00000020 08 36 ad ee 24 f2 75 de fe c2 c6 ba 91 62 1d 29 |.6..$.u......b.)|
+00000030 68 53 d3 17 03 03 00 25 00 00 00 00 00 00 00 01 |hS.....%........|
+00000040 65 36 ef c0 52 ae be bc 94 af 01 d6 c1 a8 2c 04 |e6..R.........,.|
+00000050 3c 83 a2 88 61 7f 41 c0 76 ec aa 52 8d 15 03 03 |<...a.A.v..R....|
+00000060 00 1a 00 00 00 00 00 00 00 02 4a dd b0 50 cf 59 |..........J..P.Y|
+00000070 01 67 74 45 f2 ae 47 f1 38 ef 51 04 |.gtE..G.8.Q.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM b/src/crypto/tls/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM
deleted file mode 100644
index 17136d4..0000000
--- a/src/crypto/tls/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM
+++ /dev/null
@@ -1,79 +0,0 @@
->>> Flow 1 (client to server)
-00000000 16 03 01 00 73 01 00 00 6f 03 03 c3 5c 1e ad 54 |....s...o...\..T|
-00000010 5b 03 af 49 42 dd cc 76 83 21 fe b4 4f 15 84 81 |[..IB..v.!..O...|
-00000020 e5 07 5c 7d 58 3d 37 5a 3a ae f8 00 00 04 c0 2f |..\}X=7Z:....../|
-00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........|
-00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... |
-00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................|
-00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................|
-00000070 00 16 00 00 00 17 00 00 |........|
->>> Flow 2 (server to client)
-00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 2f 00 00 |............./..|
-00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
-00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
-00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
-00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.|
-00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..|
-00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..|
-00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..|
-000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1|
-000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.|
-000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...|
-000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0|
-000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.|
-000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6|
-00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.|
-00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....|
-00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......|
-00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$|
-00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..|
-00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u|
-00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.|
-00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........|
-00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.|
-00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......|
-000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.|
-000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>|
-000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#|
-000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..|
-000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0|
-000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan|
-00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........|
-00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...|
-00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1|
-00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d|
-00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..|
-00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....|
-00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
-00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
-00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
-00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............|
-000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)|
-000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;|
-000002c0 74 06 01 00 80 d1 1b d9 90 1c 69 ef 70 d8 76 10 |t.........i.p.v.|
-000002d0 fe ea ce c5 42 ea e7 da 1a 45 83 11 75 51 e9 a4 |....B....E..uQ..|
-000002e0 fe 4c c6 b2 76 62 35 83 ae 45 08 80 07 76 0c d2 |.L..vb5..E...v..|
-000002f0 b6 a7 7d b4 ca 5d a0 70 88 2c ad 03 44 30 14 d7 |..}..].p.,..D0..|
-00000300 0b 9e 19 77 5f 2f 95 83 8a 5e 07 3e 7f 22 ca 86 |...w_/...^.>."..|
-00000310 b9 ae 0d eb b8 0e ce ec 5d 1f 72 95 cf a5 3f 2c |........].r...?,|
-00000320 82 2f 17 f7 63 07 cd 01 d1 50 31 49 e4 d1 2c 75 |./..c....P1I..,u|
-00000330 1a 18 b9 76 51 33 f4 ff 74 37 cc bd 18 f9 3a 09 |...vQ3..t7....:.|
-00000340 25 38 56 a4 7b 16 03 03 00 04 0e 00 00 00 |%8V.{.........|
->>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 71 94 86 30 e3 73 |....%...! q..0.s|
-00000010 65 46 cb e3 ea 30 0b 32 77 f5 52 28 6f 98 a2 ed |eF...0.2w.R(o...|
-00000020 52 6e 14 eb 5f 89 33 98 13 4a 14 03 03 00 01 01 |Rn.._.3..J......|
-00000030 16 03 03 00 28 31 f7 9a 7d 84 21 17 7f c4 6e 9e |....(1..}.!...n.|
-00000040 78 59 64 d1 d0 e7 74 fb 77 1b 7a b9 d5 e0 a6 c6 |xYd...t.w.z.....|
-00000050 ec a4 9f 64 38 dd 24 8c d8 13 71 69 4f |...d8.$...qiO|
->>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 65 fc d6 aa c0 c7 6d 5e 94 bb cb 7c 19 |...e.....m^...|.|
-00000020 f4 4f 4b 0e d5 b1 66 cc fb 7b d0 bb bc d3 de 55 |.OK...f..{.....U|
-00000030 79 d5 57 17 03 03 00 25 00 00 00 00 00 00 00 01 |y.W....%........|
-00000040 bf d0 4a cb ab f0 86 9a ec 92 19 5e 51 6e 63 4e |..J........^QncN|
-00000050 00 c6 1f e8 af 15 ec e7 29 45 f5 54 dd 15 03 03 |........)E.T....|
-00000060 00 1a 00 00 00 00 00 00 00 02 7e 20 a1 70 fa b9 |..........~ .p..|
-00000070 6f b3 3b b0 65 b5 96 15 b0 f6 db 8a |o.;.e.......|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-AES128-SHA256 b/src/crypto/tls/testdata/Server-TLSv13-AES128-SHA256
new file mode 100644
index 0000000..9e85403
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-AES128-SHA256
@@ -0,0 +1,100 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 dc 01 00 00 d8 03 03 8f 2d ec dc ac |............-...|
+00000010 28 76 2d d2 5e b8 34 2f 3f b9 96 46 31 8a 12 d5 |(v-.^.4/?..F1...|
+00000020 6a 9f a0 bf 11 00 3e d1 4c ba 17 20 72 a7 88 94 |j.....>.L.. r...|
+00000030 ad d2 b6 e8 86 d8 34 45 42 44 b7 36 50 9b 64 36 |......4EBD.6P.d6|
+00000040 de 03 b0 e5 99 8b f9 5a 67 5b f6 72 00 04 13 01 |.......Zg[.r....|
+00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1|
+00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................|
+00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....|
+000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...|
+000000c0 20 52 35 32 79 0e bf 01 91 5a b1 be 9b ff bf f4 | R52y....Z......|
+000000d0 72 13 1a 3d a6 a8 15 9f ad c3 a9 b6 32 79 84 32 |r..=........2y.2|
+000000e0 71 |q|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 72 a7 88 94 |........... r...|
+00000030 ad d2 b6 e8 86 d8 34 45 42 44 b7 36 50 9b 64 36 |......4EBD.6P.d6|
+00000040 de 03 b0 e5 99 8b f9 5a 67 5b f6 72 13 01 00 00 |.......Zg[.r....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 2a 27 a8 a8 aa f7 |..........*'....|
+00000090 7f c4 74 12 f2 f5 b3 46 e3 fc 9f c6 8e 4d 81 4c |..t....F.....M.L|
+000000a0 f2 17 03 03 02 6d 4c ad 3d 6f 2b c3 22 fc e0 3f |.....mL.=o+."..?|
+000000b0 74 c2 f7 20 1a 37 ff 42 3e 5c c7 7e 0a 27 48 88 |t.. .7.B>\.~.'H.|
+000000c0 23 77 d3 e9 96 d0 6c 44 67 e0 13 03 06 e3 f8 70 |#w....lDg......p|
+000000d0 c0 e1 56 8f a3 18 58 8a d0 a0 f1 96 0a 4b 47 f8 |..V...X......KG.|
+000000e0 a0 51 06 82 03 09 e8 82 e7 c1 91 5a fb 2e a4 a7 |.Q.........Z....|
+000000f0 34 19 d8 c1 86 0d 56 e9 74 f1 28 7a 7e bf 50 30 |4.....V.t.(z~.P0|
+00000100 e1 29 43 fa d9 67 6f d1 94 4c 7f 06 b9 b7 5d 6c |.)C..go..L....]l|
+00000110 f1 a4 dc 48 53 de 7e d6 c2 8a 32 a3 78 94 2d 55 |...HS.~...2.x.-U|
+00000120 76 0d 3c b8 93 76 98 70 36 c2 2e a2 b3 8c ec 32 |v.<..v.p6......2|
+00000130 43 50 06 f8 76 28 19 3b a3 51 64 26 24 fa 97 43 |CP..v(.;.Qd&$..C|
+00000140 65 12 aa 2f 55 c3 30 33 9a 88 dc 4c 86 e5 13 aa |e../U.03...L....|
+00000150 4b 4d 85 e6 67 0c 87 61 26 cd 1b 7b 80 67 87 60 |KM..g..a&..{.g.`|
+00000160 00 0d 7a eb 9a e4 d2 a6 72 b5 66 f4 5b 9c 2f 42 |..z.....r.f.[./B|
+00000170 c1 4b d3 cf 9f e7 be bf a4 12 57 d4 15 83 ce 61 |.K........W....a|
+00000180 c0 29 71 ed d5 c3 e3 68 a0 c7 02 ed 94 d7 1f b2 |.)q....h........|
+00000190 11 c1 38 67 a6 42 d2 23 ae b8 16 ed 69 92 91 57 |..8g.B.#....i..W|
+000001a0 ca b6 fd 93 8f 32 ab 2d 8b 74 f8 b0 bb 5a a0 16 |.....2.-.t...Z..|
+000001b0 72 92 6e 9e 10 46 3a 7d 2f 55 de 0c d4 9d b6 d0 |r.n..F:}/U......|
+000001c0 e1 f6 2d 10 de 97 c1 28 c8 d4 63 4a 5b f9 08 c7 |..-....(..cJ[...|
+000001d0 8b 28 65 0b 07 e2 62 82 09 3e d2 dd 82 a6 72 79 |.(e...b..>....ry|
+000001e0 1d 59 ef 58 87 5a b6 b1 38 20 3c 4c 55 c0 9d fb |.Y.X.Z..8 <LU...|
+000001f0 1c fe 71 83 8b 64 ae 24 7e 16 4d 96 04 30 d1 33 |..q..d.$~.M..0.3|
+00000200 6c f5 d4 f0 ab d6 0e f5 e4 2a 83 18 59 21 4c ec |l........*..Y!L.|
+00000210 a3 35 1e 3f 84 4b 09 04 28 4f 84 80 1a 5a ca 37 |.5.?.K..(O...Z.7|
+00000220 0a 24 f0 59 7d 89 68 6c a4 58 fb bc f9 19 c5 ee |.$.Y}.hl.X......|
+00000230 1b d7 db cb d7 70 93 a8 c4 4c 57 14 cc b3 a9 55 |.....p...LW....U|
+00000240 67 00 ba d8 0e e1 75 d5 8c c4 28 92 b7 c1 53 3c |g.....u...(...S<|
+00000250 d7 0f 50 5c e6 1f cf f5 fe 71 b8 71 45 f2 c2 fc |..P\.....q.qE...|
+00000260 9f 76 d1 5b 08 fe 94 d1 a1 48 cb fd 7e c5 68 f5 |.v.[.....H..~.h.|
+00000270 d7 71 6a fe f1 0e df 0d b6 51 9a 54 8f 9a 47 98 |.qj......Q.T..G.|
+00000280 90 bb ed 59 72 93 5f 67 96 66 5b b2 9e 0d a6 ac |...Yr._g.f[.....|
+00000290 4a 14 c9 77 05 33 49 38 b1 7f d1 3c c3 f1 05 a8 |J..w.3I8...<....|
+000002a0 d5 09 63 21 8b 5f a8 63 41 f0 d1 77 81 35 a8 e3 |..c!._.cA..w.5..|
+000002b0 e2 e4 dd 5f 56 f2 ed 14 91 e8 cd 92 c2 55 f7 c3 |..._V........U..|
+000002c0 47 cd 79 d3 6a 41 e7 a5 44 3f d1 12 72 de 58 08 |G.y.jA..D?..r.X.|
+000002d0 44 92 fb 71 35 e8 ec d7 4b 16 e1 1e 94 5a 90 fe |D..q5...K....Z..|
+000002e0 a4 b6 e6 4f b6 2b c6 14 bf ea 45 69 16 2c 7c 4f |...O.+....Ei.,|O|
+000002f0 fc fb 08 8f 51 33 de 81 4c cf 3f b2 f2 62 3d e5 |....Q3..L.?..b=.|
+00000300 a6 d3 af 40 0e 77 00 53 71 e3 2b d5 92 b2 b7 7c |...@.w.Sq.+....||
+00000310 42 51 8b 17 03 03 00 99 ab ac 39 ac 82 91 a9 01 |BQ........9.....|
+00000320 4a 8f 94 ed 4f 5d 5b 35 9f 88 b9 53 e8 35 1d d6 |J...O][5...S.5..|
+00000330 2f 75 74 48 e9 2b cc b7 0c 1f 3f 4f ee 67 30 3b |/utH.+....?O.g0;|
+00000340 4f 2a c2 a3 9c ff 59 44 1f 31 96 a8 d7 b0 72 63 |O*....YD.1....rc|
+00000350 e9 64 38 ff 63 be 43 3b 40 6d dd ec 5e d6 c1 b8 |.d8.c.C;@m..^...|
+00000360 e0 1b ab b3 1c 5e a9 b7 31 5d e3 e9 e9 33 d3 44 |.....^..1]...3.D|
+00000370 f0 97 1f 2f 71 90 bf 7a f5 f3 32 0a 97 26 93 44 |.../q..z..2..&.D|
+00000380 38 bd 5f 13 d8 4c 37 a7 12 a3 1c 1e 04 c3 21 b2 |8._..L7.......!.|
+00000390 b0 f6 bd ed a7 fa e4 1a fb 9f 76 54 df c5 16 c0 |..........vT....|
+000003a0 85 7a 75 90 95 c6 38 80 d6 1a 05 b7 01 63 63 29 |.zu...8......cc)|
+000003b0 9b 17 03 03 00 35 29 c0 cb 6c 42 d9 ed 17 3d aa |.....5)..lB...=.|
+000003c0 b5 05 ff 84 3c ed 0b 6f 03 a9 47 b6 7b cb a8 a5 |....<..o..G.{...|
+000003d0 a0 45 1c 60 3e 33 1e 24 6f 65 37 40 f7 98 41 5f |.E.`>3.$oe7@..A_|
+000003e0 43 3a dd 65 3d a7 b4 6c bf 21 f4 17 03 03 00 93 |C:.e=..l.!......|
+000003f0 1a a6 3b b4 be dd c0 64 5f ae 2d 05 70 3b 5e fc |..;....d_.-.p;^.|
+00000400 83 e0 ad 5b d0 b3 32 bc f9 98 b2 f5 9f 16 14 52 |...[..2........R|
+00000410 37 2c 72 90 c1 be 97 49 a3 4d 10 97 0e d0 ec ff |7,r....I.M......|
+00000420 98 50 87 90 ba f2 f0 81 08 14 ad f6 f9 3b d0 b8 |.P...........;..|
+00000430 f8 c2 62 96 d1 4b 4f 5a 96 43 9f b6 96 6b 59 b8 |..b..KOZ.C...kY.|
+00000440 f5 cc cf bc 79 1a a6 6e c6 7d 06 10 8f a0 21 39 |....y..n.}....!9|
+00000450 67 5f 36 37 19 fa 0f 56 00 36 16 10 a2 80 9f 01 |g_67...V.6......|
+00000460 0a 68 2d 50 a1 fc 67 c5 00 24 36 54 c2 5a 93 a4 |.h-P..g..$6T.Z..|
+00000470 0a 6c cd aa 3f 22 bf ef f4 80 32 6a 14 e1 1e 6b |.l..?"....2j...k|
+00000480 8a 38 40 |.8@|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 3c 0b 73 34 15 |..........5<.s4.|
+00000010 e0 fc da 7f 3a 12 a0 50 95 09 0c ec 6a d5 7b 55 |....:..P....j.{U|
+00000020 76 0f 7a 8e 25 e4 d2 b9 5f 5a 79 95 a5 a4 c6 9d |v.z.%..._Zy.....|
+00000030 eb 0a ad 13 d1 97 a5 bd c4 d0 1e ce 59 59 04 16 |............YY..|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 9a 92 bf 83 9f 0b 36 66 2f 8e d5 |...........6f/..|
+00000010 69 74 a7 a2 20 bb b2 d5 ac e8 99 b1 e6 df 4d 03 |it.. .........M.|
+00000020 3e 9e 9c 17 03 03 00 13 7e 0c 85 34 9e 48 48 4a |>.......~..4.HHJ|
+00000030 ce fa 96 dd 7b 7c 11 38 20 8d 33 |....{|.8 .3|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-AES256-SHA384 b/src/crypto/tls/testdata/Server-TLSv13-AES256-SHA384
new file mode 100644
index 0000000..60aa82d
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-AES256-SHA384
@@ -0,0 +1,103 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 dc 01 00 00 d8 03 03 70 b7 07 12 16 |...........p....|
+00000010 50 d7 b9 c9 5f 02 47 2d ff 93 a7 2f e8 51 dc a0 |P..._.G-.../.Q..|
+00000020 8f 0d c8 80 38 c7 af 7e da bb ed 20 67 73 58 d7 |....8..~... gsX.|
+00000030 11 8b c6 0d 72 86 e0 08 3e 2d d9 b9 16 9f 85 6e |....r...>-.....n|
+00000040 3c 87 fd 87 c3 95 f6 4c 76 21 50 af 00 04 13 02 |<......Lv!P.....|
+00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1|
+00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................|
+00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....|
+000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...|
+000000c0 20 f4 08 51 f6 69 b7 d6 a9 3e 18 a7 ee c0 30 f3 | ..Q.i...>....0.|
+000000d0 13 63 52 40 30 7c 79 6c 24 03 c9 89 25 bd a4 5f |.cR@0|yl$...%.._|
+000000e0 64 |d|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 67 73 58 d7 |........... gsX.|
+00000030 11 8b c6 0d 72 86 e0 08 3e 2d d9 b9 16 9f 85 6e |....r...>-.....n|
+00000040 3c 87 fd 87 c3 95 f6 4c 76 21 50 af 13 02 00 00 |<......Lv!P.....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 cc b9 e4 43 5e f6 |.............C^.|
+00000090 9a 5a 62 14 02 39 fb 13 76 e8 10 db 26 1c 07 ec |.Zb..9..v...&...|
+000000a0 06 17 03 03 02 6d 39 e9 a0 33 ee 39 36 54 62 f1 |.....m9..3.96Tb.|
+000000b0 e9 1d 32 45 0f 5a ca 72 f7 7e 43 d8 89 97 00 3d |..2E.Z.r.~C....=|
+000000c0 59 70 08 b4 d1 e1 84 24 7a b8 45 3c b8 32 93 b5 |Yp.....$z.E<.2..|
+000000d0 51 a5 58 60 3f 60 52 aa c1 ff 85 fb fd 50 87 38 |Q.X`?`R......P.8|
+000000e0 47 7a 88 c6 d1 e6 3c b3 16 14 5b cb 23 50 26 7a |Gz....<...[.#P&z|
+000000f0 1d 28 d1 d2 29 5d b0 40 97 2f 3b 58 7c 8a 76 1f |.(..)].@./;X|.v.|
+00000100 1c c1 d2 2b 63 9d 53 bc fb c2 42 cb 40 0d d0 7c |...+c.S...B.@..||
+00000110 73 6c dc 63 90 89 e3 66 67 2b a2 70 af e0 af fe |sl.c...fg+.p....|
+00000120 0c c0 db 41 76 d0 16 37 2a 09 7a 79 31 03 c6 4a |...Av..7*.zy1..J|
+00000130 f4 06 22 ac 96 b4 25 1f 54 11 24 c8 67 22 8f 2a |.."...%.T.$.g".*|
+00000140 56 0c 24 fa 20 ed a8 37 66 f7 38 44 43 e2 e6 e3 |V.$. ..7f.8DC...|
+00000150 96 b5 d5 dd a5 2c 23 e4 57 57 7d 7a 59 e2 4f 66 |.....,#.WW}zY.Of|
+00000160 c4 29 d6 d1 32 a3 9c 4c dd 63 b2 a6 dc ff 6f 61 |.)..2..L.c....oa|
+00000170 c2 db 88 80 23 c1 27 d4 be dd 4f b4 c9 b8 56 4c |....#.'...O...VL|
+00000180 65 b6 f8 32 b2 60 7b af 5f 54 71 61 20 db 25 85 |e..2.`{._Tqa .%.|
+00000190 34 b6 58 9b 71 01 dd 53 cd 13 65 2e 23 69 96 0e |4.X.q..S..e.#i..|
+000001a0 89 94 75 09 64 60 76 d2 65 85 38 3d f1 0e cb 47 |..u.d`v.e.8=...G|
+000001b0 c1 2c 52 f8 ce 7a a6 9f dd 7c 39 7e a7 f9 a6 1b |.,R..z...|9~....|
+000001c0 c1 23 81 a6 7a b1 6c d4 3c 1c f3 71 ce 72 24 01 |.#..z.l.<..q.r$.|
+000001d0 4a 8d e9 24 47 51 73 67 dc 7a 9f 0b 63 7d 29 e1 |J..$GQsg.z..c}).|
+000001e0 3e 5e ac 72 d7 c8 d9 c2 13 de 92 dd 04 cb 09 21 |>^.r...........!|
+000001f0 ad 41 69 27 77 48 eb 87 cb 3b 23 ba 06 a3 68 96 |.Ai'wH...;#...h.|
+00000200 ad 24 35 f6 a6 03 87 a7 4d 9f d4 bf e5 8b 9f 56 |.$5.....M......V|
+00000210 54 dd 0e 08 da 29 ff eb 9b e1 0a a5 25 b1 85 be |T....)......%...|
+00000220 f8 ae 63 f4 49 64 cc 0a 41 0e 26 8a 8e bc 6f c9 |..c.Id..A.&...o.|
+00000230 f5 41 55 80 0d bd 70 ad 85 b0 d4 8d 33 ac b6 40 |.AU...p.....3..@|
+00000240 3e 76 fc fb 8f d2 7d 06 14 d4 45 24 6e 36 46 1c |>v....}...E$n6F.|
+00000250 06 d3 f7 f3 4c 3a a5 83 4f 75 72 77 b4 5e 37 49 |....L:..Ourw.^7I|
+00000260 41 f1 9f e6 d1 46 87 56 c8 64 28 fd 38 f0 0f 9c |A....F.V.d(.8...|
+00000270 d0 39 ff 4b 46 56 73 0d 12 7d bf 63 b4 b8 0d 33 |.9.KFVs..}.c...3|
+00000280 6b 4a 2b f8 39 67 f1 ec 2d a6 0b 5c 91 2d d8 3e |kJ+.9g..-..\.-.>|
+00000290 91 81 1a 37 29 c7 14 d2 be db 31 61 dc 5d b1 e4 |...7).....1a.]..|
+000002a0 64 af 14 9c 93 85 e7 5b 0e 42 63 c7 5e b5 cc 51 |d......[.Bc.^..Q|
+000002b0 ca 83 ca fa 52 bd 44 a1 1c 76 20 bc 3d 9f 82 79 |....R.D..v .=..y|
+000002c0 20 5c 01 14 e3 07 02 4c f6 87 f7 46 b8 de 47 23 | \.....L...F..G#|
+000002d0 5d 5c b3 8f cd 96 49 51 32 3f d2 5d 92 32 19 b5 |]\....IQ2?.].2..|
+000002e0 10 33 46 37 f0 b5 82 23 a5 91 1f 60 fb 21 2c 08 |.3F7...#...`.!,.|
+000002f0 c3 6e 17 72 0b 5d c9 7b cc 77 97 6f 20 d9 a6 fa |.n.r.].{.w.o ...|
+00000300 cc 4a bb c6 3b 0e b1 66 ae 57 f5 1b 16 46 36 b7 |.J..;..f.W...F6.|
+00000310 a5 94 ae 17 03 03 00 99 d7 86 a0 5f c0 d2 33 3e |..........._..3>|
+00000320 ce ce ea db cb a1 a5 11 b7 cc a1 48 b6 86 f5 11 |...........H....|
+00000330 d6 32 8c f9 e8 bb e3 3e ea 6f 1a df 64 cd c8 7d |.2.....>.o..d..}|
+00000340 e9 cb e4 19 fe cd 75 74 03 4a fe 91 1d 87 28 65 |......ut.J....(e|
+00000350 25 79 3a 19 13 ba 67 16 aa 7e 8e c0 e6 53 4f bb |%y:...g..~...SO.|
+00000360 98 ed cc 59 db 5e 73 23 d4 a9 a7 2a 6d 01 73 4a |...Y.^s#...*m.sJ|
+00000370 e6 65 2e c0 34 49 c1 d8 70 2e 70 1b 10 97 74 23 |.e..4I..p.p...t#|
+00000380 fe 6b 5d cd fa 71 c8 43 c3 5b 42 5c 7b e0 9e 3f |.k]..q.C.[B\{..?|
+00000390 a8 3d a9 d1 97 17 87 80 af 7c 5d 8b 70 ba 87 06 |.=.......|].p...|
+000003a0 67 dd 29 df f3 ca 9a f4 c8 93 e8 f8 ac c0 df 8e |g.).............|
+000003b0 c5 17 03 03 00 45 40 a4 26 66 29 18 b8 d6 a7 87 |.....E@.&f).....|
+000003c0 91 5f 6d 79 13 f8 7a 47 cf ac 93 7c 11 cb 4a b2 |._my..zG...|..J.|
+000003d0 24 a6 40 fb d4 ed 71 ec 19 53 ba ae e0 bb e6 cf |$.@...q..S......|
+000003e0 d6 8a a6 3c 6a 4e a3 6f 6c d7 2d e1 8a a4 6c da |...<jN.ol.-...l.|
+000003f0 a1 ab fd c0 de 59 e9 18 fc 47 f2 17 03 03 00 a3 |.....Y...G......|
+00000400 5b 85 84 a4 0d ff be 3e ea 00 71 3d ea be c7 e2 |[......>..q=....|
+00000410 dc 2f 4a 62 c2 9f e2 e5 16 51 ff 35 a7 70 df 12 |./Jb.....Q.5.p..|
+00000420 23 d6 f7 6c 96 91 7f 0f 6d d4 45 5f c6 8c c5 93 |#..l....m.E_....|
+00000430 b1 b7 46 ef f0 f4 a3 68 35 ff 09 38 8d 6d c6 84 |..F....h5..8.m..|
+00000440 d3 1c 4d 48 4e fc 4a c0 46 06 b1 a5 1c 74 a0 44 |..MHN.J.F....t.D|
+00000450 69 68 20 33 df 70 60 69 57 c7 85 bd 3e ed 55 d0 |ih 3.p`iW...>.U.|
+00000460 56 84 8f 19 03 5a 54 9a d5 3e 5d 37 98 40 4c f0 |V....ZT..>]7.@L.|
+00000470 5e f1 26 e5 97 01 fc 0f 2a 09 e9 7a 51 69 c0 8e |^.&.....*..zQi..|
+00000480 d4 25 80 f4 ca 91 f3 a7 5c 0c 96 ba ec a8 b5 ee |.%......\.......|
+00000490 ab ec 05 cb 99 30 78 48 1b 78 bf 3d b9 f4 e8 33 |.....0xH.x.=...3|
+000004a0 4d 45 d1 |ME.|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 54 0e c1 aa 95 |..........ET....|
+00000010 fd c5 d2 8b a0 ae 40 a1 9a b8 87 39 17 53 f7 10 |......@....9.S..|
+00000020 62 6f 55 18 42 cf 75 cb 05 de 32 28 c4 a0 f1 17 |boU.B.u...2(....|
+00000030 f1 55 ae 2c 97 9e dd d2 d0 a7 6b c6 51 51 c6 0c |.U.,......k.QQ..|
+00000040 81 3f 04 db 94 e6 68 f0 a1 80 10 39 06 99 25 e2 |.?....h....9..%.|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e e4 4f d5 b0 e7 a0 e2 13 69 75 7c |......O......iu||
+00000010 b1 84 93 be 99 ea 27 20 dd 08 89 6c e2 5a c6 bc |......' ...l.Z..|
+00000020 b8 41 3d 17 03 03 00 13 cf 64 ad ad d9 84 87 36 |.A=......d.....6|
+00000030 b9 ea b8 76 97 93 c1 03 44 c5 de |...v....D..|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ALPN b/src/crypto/tls/testdata/Server-TLSv13-ALPN
new file mode 100644
index 0000000..4ac9f1d
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ALPN
@@ -0,0 +1,104 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 65 16 78 26 cc |...........e.x&.|
+00000010 27 bc 06 a0 4c f5 a3 e3 cd c2 f0 42 8c 61 0e e9 |'...L......B.a..|
+00000020 8b 2b 52 ca a3 07 d6 58 96 4f f1 20 c3 7f e3 22 |.+R....X.O. ..."|
+00000030 2c 27 94 91 ab cc e5 56 b1 31 fb eb ed b4 84 3e |,'.....V.1.....>|
+00000040 ae 93 6e 6e a9 5c d2 47 6e 5b 0c 43 00 08 13 02 |..nn.\.Gn[.C....|
+00000050 13 03 13 01 00 ff 01 00 00 a3 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 10 00 10 00 0e 06 70 |.....#.........p|
+00000090 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....|
+000000a0 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................|
+000000b0 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+000000c0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.|
+000000d0 02 01 01 00 33 00 26 00 24 00 1d 00 20 76 1d a9 |....3.&.$... v..|
+000000e0 43 43 a4 98 96 39 59 80 b0 7e 13 29 2a ea 53 e7 |CC...9Y..~.)*.S.|
+000000f0 34 73 7a 10 0c f5 b0 92 b1 ab e2 26 17 |4sz........&.|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 c3 7f e3 22 |........... ..."|
+00000030 2c 27 94 91 ab cc e5 56 b1 31 fb eb ed b4 84 3e |,'.....V.1.....>|
+00000040 ae 93 6e 6e a9 5c d2 47 6e 5b 0c 43 13 02 00 00 |..nn.\.Gn[.C....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 24 1a dd ed 59 79 84 |.........$...Yy.|
+00000090 d6 2e 17 81 75 e0 ee b3 98 8c 04 a3 ea 7c 46 f0 |....u........|F.|
+000000a0 76 58 78 5a 37 99 a6 32 ad c6 5a 5a 3a ce 17 03 |vXxZ7..2..ZZ:...|
+000000b0 03 02 6d 31 3b 00 34 ef 22 53 8a 31 f5 88 fb 3f |..m1;.4."S.1...?|
+000000c0 e4 72 a8 20 65 ef be c6 78 84 4e 93 6a 8a fa 01 |.r. e...x.N.j...|
+000000d0 10 b0 dd 0e 7d 8f 07 b8 da 29 4b 0a 5b 32 de cf |....}....)K.[2..|
+000000e0 31 66 04 9c c6 d8 ab f0 07 f0 aa c3 b6 3e bf d4 |1f...........>..|
+000000f0 0e 53 5d a4 4f aa 19 cf f4 3d 60 5b 19 ec e3 e2 |.S].O....=`[....|
+00000100 71 1b 54 20 48 41 68 32 f5 28 06 e2 b7 29 89 c3 |q.T HAh2.(...)..|
+00000110 d5 eb 07 f3 49 fb 0b f5 81 0a f2 65 70 24 a9 bc |....I......ep$..|
+00000120 6b e7 70 58 7c f2 0a 91 3e f4 26 ea 1a 22 15 24 |k.pX|...>.&..".$|
+00000130 5a 28 43 89 ac 1c 9b 39 1a 93 ec 32 5e ba cb f4 |Z(C....9...2^...|
+00000140 57 a1 ca 03 8e 2e 0b 96 e7 7f e5 c5 30 22 ec fd |W...........0"..|
+00000150 fe 6d 5f 01 e9 7a 5e b3 68 67 ee e9 23 d5 72 46 |.m_..z^.hg..#.rF|
+00000160 77 05 b7 27 26 78 fe f9 cc c8 c2 fe a8 4e 93 04 |w..'&x.......N..|
+00000170 56 bc 64 f1 55 ff 92 8d cb 81 46 cb 2d db 9b 41 |V.d.U.....F.-..A|
+00000180 59 76 0c b5 65 7a e1 09 2f b6 3b d4 92 87 7c a6 |Yv..ez../.;...|.|
+00000190 06 d7 37 aa db bc 07 12 a4 2e 38 be 97 83 80 80 |..7.......8.....|
+000001a0 86 05 3a 4b 89 25 7f ef 5e 54 42 4a 89 99 f2 95 |..:K.%..^TBJ....|
+000001b0 70 92 fb ac 2f ae b4 1f a0 5c 8c bf 45 2d 54 91 |p.../....\..E-T.|
+000001c0 01 88 d5 9b a3 da af 67 1c ce 2e 9c 05 4c 68 d8 |.......g.....Lh.|
+000001d0 b5 ee 98 06 a4 18 c8 c0 2d 7c bf 6e e2 eb 0d aa |........-|.n....|
+000001e0 5b c6 f8 27 ad 3a 1a cf ac 35 f4 55 41 3c e0 8c |[..'.:...5.UA<..|
+000001f0 3e 26 56 95 33 c4 f1 05 5a e7 9d 6e 33 90 d1 37 |>&V.3...Z..n3..7|
+00000200 03 77 1f 76 1a 35 43 c1 a4 8c 5a 68 f5 bc 6c 7a |.w.v.5C...Zh..lz|
+00000210 43 27 37 cd d9 55 76 69 bd 78 47 4e 2e 25 96 e6 |C'7..Uvi.xGN.%..|
+00000220 8f 46 a3 70 ff b8 55 f2 66 46 2c 59 ad b9 b7 9a |.F.p..U.fF,Y....|
+00000230 a1 dc a4 8b 2b fa 14 17 dd bf 46 c6 9a ef 50 54 |....+.....F...PT|
+00000240 6e b8 d3 d7 13 d4 74 dd a5 ef 16 5f 2a fa ea 9b |n.....t...._*...|
+00000250 59 7c 41 f8 6d 00 b5 01 9d c8 35 34 1e 1c 3f 64 |Y|A.m.....54..?d|
+00000260 6a da 1e c4 64 4d e5 2e c7 28 f8 14 70 e6 72 4b |j...dM...(..p.rK|
+00000270 ab 8a 22 5e 2b 5c aa b3 02 72 80 0c 80 11 cd 18 |.."^+\...r......|
+00000280 b8 e1 8c 54 54 72 fd 68 71 66 ef bc 3e 03 ca a4 |...TTr.hqf..>...|
+00000290 ae f4 ad 7b 29 08 ff 49 07 09 bc a1 cd e3 14 69 |...{)..I.......i|
+000002a0 47 0e b0 c0 a8 89 3a 7b 71 e5 ba 32 36 e8 b5 0a |G.....:{q..26...|
+000002b0 9e f6 9f 6f 12 89 f5 36 5c 96 28 e1 2d 6b b3 06 |...o...6\.(.-k..|
+000002c0 d6 68 d3 99 f4 3d 27 b2 61 df 75 29 a0 24 8a ba |.h...='.a.u).$..|
+000002d0 48 c4 5c 8c 36 21 3a 3e bf 92 4f 73 cc bd a1 b1 |H.\.6!:>..Os....|
+000002e0 e7 00 c6 05 94 1e 8e 73 d3 52 aa 4d 02 40 3b 50 |.......s.R.M.@;P|
+000002f0 5f f0 37 b6 61 43 9f 39 63 64 ad 37 12 97 2a 0c |_.7.aC.9cd.7..*.|
+00000300 5e d9 20 e0 78 da f3 80 d8 29 ea b3 c5 52 55 cc |^. .x....)...RU.|
+00000310 3d e0 91 b7 f8 f9 b0 29 5a b3 e9 65 04 31 5c 6c |=......)Z..e.1\l|
+00000320 17 03 03 00 99 7d d6 2e 45 d8 e2 5b f8 c1 21 86 |.....}..E..[..!.|
+00000330 8a 31 78 88 5d 61 ca 8c e5 23 07 d7 85 da cb 04 |.1x.]a...#......|
+00000340 be c3 24 2b 27 42 bb a1 1e 4f 8b bb a2 5d 3b 1e |..$+'B...O...];.|
+00000350 8a 64 f0 2a 2f 79 51 cc 1b 34 99 b6 33 75 31 c9 |.d.*/yQ..4..3u1.|
+00000360 2e ea 70 ef 97 c4 bb 4c ec aa cf 11 6c 88 96 c4 |..p....L....l...|
+00000370 9b b9 df b9 ef 10 bb 36 65 1f 8d 7e 22 e8 67 80 |.......6e..~".g.|
+00000380 80 6e 2b 34 94 a4 5f b1 5d 88 11 2e bf 22 f9 fe |.n+4.._.]...."..|
+00000390 be 76 e8 86 da 40 76 8c 9c 40 b6 b4 50 41 92 f5 |.v...@v..@..PA..|
+000003a0 ce 8c bd 13 ea f0 6f 56 c2 1c c6 ed 08 33 71 36 |......oV.....3q6|
+000003b0 a4 16 b6 ca bf ba 0e 65 b0 a2 2b 35 39 c7 17 03 |.......e..+59...|
+000003c0 03 00 45 3b 7a 67 26 15 b4 9b 0f ba 61 5d d0 4c |..E;zg&.....a].L|
+000003d0 60 27 29 03 fb da 90 ea 0c 64 22 24 ac 60 74 02 |`')......d"$.`t.|
+000003e0 0e 99 e0 e1 55 35 da c2 75 19 82 0c fa f8 f0 09 |....U5..u.......|
+000003f0 35 1e ca de d1 e1 17 8e d2 f7 fb f9 94 d1 03 fb |5...............|
+00000400 b5 8a 32 f6 8f 02 5f fa 17 03 03 00 a3 21 96 04 |..2..._......!..|
+00000410 46 58 eb 83 db 06 a7 ba f2 9e 5c 8a 35 0d 87 78 |FX........\.5..x|
+00000420 29 17 4f 7a 95 21 1f b4 f3 fa bb de 93 b7 e7 1c |).Oz.!..........|
+00000430 24 40 06 6b 9f b5 12 49 36 39 01 b9 17 cb 5c 99 |$@.k...I69....\.|
+00000440 93 71 dc 8f c5 54 c0 dd ff 36 92 24 cd b3 ac 40 |.q...T...6.$...@|
+00000450 c0 57 76 c3 2a a0 d3 07 af 00 4b df c5 f9 34 77 |.Wv.*.....K...4w|
+00000460 ed cc 14 e1 50 bf 41 1e b5 39 5d 92 a8 e4 f5 a6 |....P.A..9].....|
+00000470 b2 12 08 56 b6 43 cf dc eb a9 0e 9e 0e 8a 97 63 |...V.C.........c|
+00000480 f8 92 a8 1b 74 f3 65 60 6a f3 f0 e7 54 fd d3 08 |....t.e`j...T...|
+00000490 20 ce b4 16 ab c9 e1 7a 49 9c bf d6 3a a7 2b 5c | ......zI...:.+\|
+000004a0 1b 1c a7 89 f3 6a 6d 3d 0a 07 16 b4 c1 c2 4b 2e |.....jm=......K.|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 90 6e 35 6d 4e |..........E.n5mN|
+00000010 3b 8a 39 88 85 99 ac 05 fe 2c e3 a8 31 46 4e c2 |;.9......,..1FN.|
+00000020 ea fe a2 ff 41 5b 64 77 bc 0c 6d 72 f7 c8 f3 07 |....A[dw..mr....|
+00000030 ce 29 c2 6e 7c b5 88 13 35 f8 c0 90 98 ab 0f f9 |.).n|...5.......|
+00000040 e2 8e 57 7e 23 7b 57 17 b6 13 11 9e 52 67 44 26 |..W~#{W.....RgD&|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 98 55 d6 42 d5 d4 01 c9 be 70 27 |......U.B.....p'|
+00000010 9e 5a d5 7d fc 41 1e ec fe fd d5 0f 01 16 56 82 |.Z.}.A........V.|
+00000020 13 13 c7 17 03 03 00 13 bb 71 20 65 f8 af 42 ea |.........q e..B.|
+00000030 42 73 b8 24 d8 dc 79 7c 71 32 35 |Bs.$..y|q25|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ALPN-NoMatch b/src/crypto/tls/testdata/Server-TLSv13-ALPN-NoMatch
new file mode 100644
index 0000000..84c38ac
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ALPN-NoMatch
@@ -0,0 +1,104 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f8 01 00 00 f4 03 03 b6 62 6e 7c 66 |............bn|f|
+00000010 e0 73 6f bc ce d7 e3 5c 3a 39 c5 c9 5e f3 8f 76 |.so....\:9..^..v|
+00000020 f0 ed 0e 30 fd 80 a0 79 74 fd d4 20 6b 6e f8 9d |...0...yt.. kn..|
+00000030 30 1b ee fa 7c 5f 64 e0 da 81 26 7a 85 d2 f9 79 |0...|_d...&z...y|
+00000040 e7 09 71 f8 2a 4c 41 74 02 a9 0c d2 00 08 13 02 |..q.*LAt........|
+00000050 13 03 13 01 00 ff 01 00 00 a3 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 10 00 10 00 0e 06 70 |.....#.........p|
+00000090 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....|
+000000a0 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................|
+000000b0 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+000000c0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.|
+000000d0 02 01 01 00 33 00 26 00 24 00 1d 00 20 8d 7d e2 |....3.&.$... .}.|
+000000e0 55 da a7 1b 29 fc a4 d3 b0 62 51 43 d9 d6 cd 79 |U...)....bQC...y|
+000000f0 a4 f9 3c f2 4e 03 87 1f 38 29 35 c3 36 |..<.N...8)5.6|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 6b 6e f8 9d |........... kn..|
+00000030 30 1b ee fa 7c 5f 64 e0 da 81 26 7a 85 d2 f9 79 |0...|_d...&z...y|
+00000040 e7 09 71 f8 2a 4c 41 74 02 a9 0c d2 13 02 00 00 |..q.*LAt........|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 4c a1 99 6c 86 b8 |..........L..l..|
+00000090 1a 1a eb ec 89 37 bf 5a ae 87 3c 81 ce cf b2 49 |.....7.Z..<....I|
+000000a0 66 17 03 03 02 6d 40 06 a4 17 6a 48 78 76 a5 63 |f....m@...jHxv.c|
+000000b0 82 c4 5b e9 6e dc 54 de 95 12 15 a7 3d 83 94 4d |..[.n.T.....=..M|
+000000c0 57 26 82 ea f3 d5 e1 4a d7 6e dc 27 f6 02 1c 16 |W&.....J.n.'....|
+000000d0 21 68 c5 32 ff 02 e9 b5 44 2c f4 e9 4d b2 9d 3d |!h.2....D,..M..=|
+000000e0 34 e1 6a db 73 61 eb 5c 00 e9 e8 00 bc 82 2a 17 |4.j.sa.\......*.|
+000000f0 25 f7 c4 09 2f 6c 3e c6 09 5a 33 61 49 df 4d 47 |%.../l>..Z3aI.MG|
+00000100 95 16 c5 6e a4 b3 94 44 4c 8b 5d d6 2c c9 26 a1 |...n...DL.].,.&.|
+00000110 01 e8 cc 20 9c 19 d3 3e eb d5 7c 97 4e 1e af 7b |... ...>..|.N..{|
+00000120 68 0e 7b eb bb 91 81 60 a2 c8 37 96 84 f2 cd fe |h.{....`..7.....|
+00000130 7f 22 7f 7f 22 6a c7 23 68 79 48 ae 35 47 27 4b |.".."j.#hyH.5G'K|
+00000140 c0 ce e7 9c 7f 23 fd 44 e1 a5 da 9f 61 94 46 1f |.....#.D....a.F.|
+00000150 6c ea b9 50 53 c2 35 70 d4 77 d7 2d d5 54 fb d7 |l..PS.5p.w.-.T..|
+00000160 90 4b f9 bb 98 67 cc 5b 97 56 ef ff 5d c9 08 9c |.K...g.[.V..]...|
+00000170 26 cd cf ba 51 6f a5 f4 20 34 83 85 ef 71 98 1b |&...Qo.. 4...q..|
+00000180 dd 41 f9 51 f3 59 77 d7 b5 f5 98 40 fd 78 ef b6 |.A.Q.Yw....@.x..|
+00000190 47 8c 27 e3 c8 ae 9d c3 47 92 dc 97 23 82 2f 80 |G.'.....G...#./.|
+000001a0 2f 0f 17 17 17 f1 49 ec c3 1c 73 02 38 b3 a6 6d |/.....I...s.8..m|
+000001b0 89 5f 55 30 ea 10 5d fe a7 6e 88 fb cc fd 9a 01 |._U0..]..n......|
+000001c0 10 f8 4e 6a 7f ba 62 ab 15 85 7a 8d fc de 92 f7 |..Nj..b...z.....|
+000001d0 91 9a d8 dc f3 de 3e 36 19 45 44 8c d7 03 67 c8 |......>6.ED...g.|
+000001e0 14 24 09 33 1b f3 2f 2d a6 a5 9a 6c e2 04 da 4b |.$.3../-...l...K|
+000001f0 18 13 57 12 83 86 46 8f af 35 f4 0a 1b 09 1c 25 |..W...F..5.....%|
+00000200 bb 1e 22 fb 71 48 3f 34 47 d4 52 ec 3c 81 dd 5b |..".qH?4G.R.<..[|
+00000210 0d a0 b4 74 a7 60 5f 60 14 ee d3 08 54 92 45 42 |...t.`_`....T.EB|
+00000220 52 82 8d 54 84 ee c0 1d a7 a9 b4 a0 13 82 75 cd |R..T..........u.|
+00000230 f6 a7 bc aa 0a e9 0a c5 36 ea 6f c1 8b 56 22 81 |........6.o..V".|
+00000240 0a 8e 81 3d bf 34 f4 cc 80 02 d2 01 b5 2c b8 6b |...=.4.......,.k|
+00000250 4b e8 06 06 cf e1 69 50 59 ea b2 a5 b0 06 96 02 |K.....iPY.......|
+00000260 0e 45 8c 8c 46 ae 24 a0 80 92 75 46 7b cd 9e de |.E..F.$...uF{...|
+00000270 a2 a0 d5 f4 68 ef 34 82 37 08 64 62 e8 eb 41 a4 |....h.4.7.db..A.|
+00000280 32 a8 d4 c3 ee 16 67 2c 47 08 ef 23 c7 27 4a 21 |2.....g,G..#.'J!|
+00000290 5c 66 36 93 6c 8c 8c fd 04 9a d9 84 e0 be 45 50 |\f6.l.........EP|
+000002a0 0c 42 a2 d3 ba 5a 92 14 86 75 d2 33 6f 8b 69 a3 |.B...Z...u.3o.i.|
+000002b0 b2 da 7e 19 e0 a6 0d 8e cb 21 bf f6 fa 5c 41 de |..~......!...\A.|
+000002c0 d8 56 f7 d0 53 66 54 d2 5c e7 b5 20 af 0d 01 5a |.V..SfT.\.. ...Z|
+000002d0 09 d0 ed 7f f1 1d d7 32 55 a8 c2 5a ba d8 e1 46 |.......2U..Z...F|
+000002e0 fb 32 39 8b 8c 94 73 44 85 64 d6 c7 9f 6a d5 4e |.29...sD.d...j.N|
+000002f0 fc 16 a2 10 cb 06 43 10 da a5 b2 71 e7 04 a6 3f |......C....q...?|
+00000300 83 79 2c cb 2e 40 ab c8 53 18 11 95 3a f5 b9 b7 |.y,..@..S...:...|
+00000310 df 99 d7 17 03 03 00 99 c0 29 f3 15 df b1 dc 36 |.........).....6|
+00000320 a9 78 21 ed ba 5a 85 11 51 23 3f e9 b4 b3 bb b3 |.x!..Z..Q#?.....|
+00000330 27 92 8e 9c a0 f8 b3 38 35 ef 9f bf 2b 31 82 cd |'......85...+1..|
+00000340 de 3a 0c 0c b1 09 65 77 00 4c af 8c fe ff 2c 75 |.:....ew.L....,u|
+00000350 62 48 13 96 63 5c 73 00 13 1f ef 27 f5 b2 4c fe |bH..c\s....'..L.|
+00000360 8e 2a ff ab 94 68 5e 7c 02 19 d5 f3 68 07 b8 a1 |.*...h^|....h...|
+00000370 2a 48 fc 4e ad b9 1c 95 13 d9 19 9d 47 7f 07 4d |*H.N........G..M|
+00000380 b8 75 79 e7 da 6f 46 3e eb 27 c4 6f da ab bb fd |.uy..oF>.'.o....|
+00000390 0a 04 08 15 c4 45 c4 1a 09 db 48 ca 3d 8e 63 af |.....E....H.=.c.|
+000003a0 d8 0d 6b a2 04 22 eb 6d ed bf b6 45 d2 c8 b9 ee |..k..".m...E....|
+000003b0 02 17 03 03 00 45 5c ef 9a 1c 12 95 25 da 79 21 |.....E\.....%.y!|
+000003c0 6c 74 a2 64 cf bf aa cd 53 a4 43 48 d7 f3 b2 35 |lt.d....S.CH...5|
+000003d0 da f2 0e d4 1c 14 23 63 8f 7a e5 5a 98 46 71 ad |......#c.z.Z.Fq.|
+000003e0 19 a2 8f 22 b1 c5 93 89 0b 7f cd 38 09 9a ea f1 |...".......8....|
+000003f0 51 6b 46 0f 8b 00 8d c2 1a 97 de 17 03 03 00 a3 |QkF.............|
+00000400 32 88 68 5e f9 90 07 5d 4d 04 3d 1d 26 ac a2 1b |2.h^...]M.=.&...|
+00000410 54 d0 37 7c 9f e7 8f ee c5 a6 bc b6 a9 78 08 40 |T.7|.........x.@|
+00000420 f3 07 2f f5 b4 1f 08 c6 af 2d 4f 2e 87 4e 5f 95 |../......-O..N_.|
+00000430 c9 b7 42 3a b5 ef ff 43 41 05 7c 7d 64 3f 56 ec |..B:...CA.|}d?V.|
+00000440 ee b6 04 61 0a 56 79 77 5f 1c be e2 24 a2 cb 81 |...a.Vyw_...$...|
+00000450 96 6f 95 6e a7 5a 2c 9e a0 e6 30 e5 f7 02 ff 10 |.o.n.Z,...0.....|
+00000460 33 28 6e d7 ec 34 98 bf 26 2e 56 1d 99 e9 50 94 |3(n..4..&.V...P.|
+00000470 71 be 0e 05 d3 86 95 db b9 4f 42 80 8a 12 2e ff |q........OB.....|
+00000480 b6 be 81 f2 6f 4c 6a 00 a0 b8 53 c7 d7 fa 94 c6 |....oLj...S.....|
+00000490 b2 b5 80 4b 3e e9 88 42 36 52 23 ca e4 48 b6 03 |...K>..B6R#..H..|
+000004a0 13 7d 69 |.}i|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 1d 07 22 a7 34 |..........E..".4|
+00000010 0d a7 a0 e5 8c ed 58 d4 5c 39 d2 96 43 73 eb 8c |......X.\9..Cs..|
+00000020 5f c1 0c 90 67 6f ae b1 ae ee 6c dd cd 47 31 83 |_...go....l..G1.|
+00000030 be b1 f2 50 ec 31 54 ba 21 82 c4 bd aa 51 0a 7a |...P.1T.!....Q.z|
+00000040 0d 25 18 68 00 18 8b 51 c3 ca ae b1 fa 20 e0 0b |.%.h...Q..... ..|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 1a 08 af cf 27 80 23 d8 94 0a fe |.........'.#....|
+00000010 44 1c 78 f2 76 ac 9b 90 db 5c b6 8d c0 73 36 62 |D.x.v....\...s6b|
+00000020 82 5d 8a 17 03 03 00 13 1a 2b 70 c9 14 dc c8 df |.].......+p.....|
+00000030 e2 01 4e 69 e8 d7 13 0c 94 96 75 |..Ni......u|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-CHACHA20-SHA256 b/src/crypto/tls/testdata/Server-TLSv13-CHACHA20-SHA256
new file mode 100644
index 0000000..760c597
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-CHACHA20-SHA256
@@ -0,0 +1,100 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 dc 01 00 00 d8 03 03 7f d6 02 2f 2d |............../-|
+00000010 ed b1 3c f2 c2 48 5e d5 f4 57 c9 8c ba 81 36 52 |..<..H^..W....6R|
+00000020 85 3e 79 de 79 cc 36 6a f9 88 89 20 db e1 89 a5 |.>y.y.6j... ....|
+00000030 26 4c 2a 2d 0f 33 e2 3f 57 05 cc 74 cd 4c 96 be |&L*-.3.?W..t.L..|
+00000040 91 94 ef 54 1c 1f 01 ef d4 36 75 2f 00 04 13 03 |...T.....6u/....|
+00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1|
+00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................|
+00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....|
+000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...|
+000000c0 20 30 20 a8 d0 3d ea df 38 aa 65 6f dd c8 25 13 | 0 ..=..8.eo..%.|
+000000d0 03 c4 a2 24 d4 a8 0d 1a a6 65 32 75 83 ef 71 70 |...$.....e2u..qp|
+000000e0 30 |0|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 db e1 89 a5 |........... ....|
+00000030 26 4c 2a 2d 0f 33 e2 3f 57 05 cc 74 cd 4c 96 be |&L*-.3.?W..t.L..|
+00000040 91 94 ef 54 1c 1f 01 ef d4 36 75 2f 13 03 00 00 |...T.....6u/....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 f4 9a 6e ea 99 81 |............n...|
+00000090 59 33 26 a6 6a 40 1d a9 59 67 31 35 09 b0 ed 15 |Y3&.j@..Yg15....|
+000000a0 83 17 03 03 02 6d 56 59 69 c8 6d 45 c6 2f 58 3d |.....mVYi.mE./X=|
+000000b0 db 87 dd 56 0f 2d d9 21 1b 97 94 77 f2 72 28 0d |...V.-.!...w.r(.|
+000000c0 48 04 79 83 7e 2e a1 c9 30 56 d7 9c c8 0a 37 65 |H.y.~...0V....7e|
+000000d0 b6 6b 31 ae 9a 5f ff 13 15 94 99 7c 92 e1 32 80 |.k1.._.....|..2.|
+000000e0 28 3c ab b1 cc fe ba 92 3c 03 bb fd b8 55 f5 f2 |(<......<....U..|
+000000f0 ba be 28 90 c5 7e 07 48 d5 45 b6 84 80 02 2d cd |..(..~.H.E....-.|
+00000100 14 27 81 b6 4e b4 7f 5f 78 a3 26 c2 0c af 12 d6 |.'..N.._x.&.....|
+00000110 e9 14 22 c8 ee 2e 5e fc c3 ca 8f 01 9b 37 6a b0 |.."...^......7j.|
+00000120 f8 53 b2 8e 31 d7 1f 34 f6 35 ed 81 e0 f7 6f e1 |.S..1..4.5....o.|
+00000130 90 cf 1a 4f 44 50 d5 cd 96 c3 4a 22 7a 54 28 bd |...ODP....J"zT(.|
+00000140 88 56 5c 77 67 eb a6 78 5c 8b 82 39 03 13 55 c3 |.V\wg..x\..9..U.|
+00000150 20 68 45 26 7a 96 fe 1c f9 33 14 1e 1d 8a 5f 51 | hE&z....3...._Q|
+00000160 c3 2f 17 91 ba 37 63 49 e1 65 89 bf e8 a1 27 5f |./...7cI.e....'_|
+00000170 fd 59 46 80 f7 9b 45 89 50 ab cd 9b aa b4 45 04 |.YF...E.P.....E.|
+00000180 b5 1b 85 88 1c 59 ba b2 d6 50 0b fd 5c d9 59 83 |.....Y...P..\.Y.|
+00000190 7a 6c 9b ad 27 33 a0 49 74 eb a6 cd a8 e8 4b d7 |zl..'3.It.....K.|
+000001a0 71 ef 63 64 ff 24 a7 09 2e b7 f6 6f 9d 9f 75 84 |q.cd.$.....o..u.|
+000001b0 97 0a 76 bf 72 ed ff e8 1a 49 ca 0b 0d f5 2c fb |..v.r....I....,.|
+000001c0 69 c2 5c fe db 58 0a a1 9c d4 47 6a 8f a6 bd ec |i.\..X....Gj....|
+000001d0 32 fb 40 6a 71 9d 19 37 e6 fd d4 3d fa 5b f3 53 |2.@jq..7...=.[.S|
+000001e0 43 df d5 fa 53 29 40 70 77 a6 9e f7 03 7d 08 8b |C...S)@pw....}..|
+000001f0 5a 71 73 e5 af 45 58 56 9f 56 ad 73 aa d2 b3 7c |Zqs..EXV.V.s...||
+00000200 92 99 c8 04 16 bf ca f2 81 2e 29 c3 79 21 f1 11 |..........).y!..|
+00000210 92 f4 1d 34 24 73 e3 82 28 5a 31 70 45 da 8d 94 |...4$s..(Z1pE...|
+00000220 38 75 31 bc f9 e5 2b 11 7e fd bc 19 fe 65 ad 53 |8u1...+.~....e.S|
+00000230 e5 e6 17 b8 69 ea 54 fd 92 a9 41 7a 8c 7f da 4f |....i.T...Az...O|
+00000240 ba f1 9f a2 e2 5b e7 7a 23 17 9e 29 95 7e 72 79 |.....[.z#..).~ry|
+00000250 22 67 c5 68 0a 4d fb e9 64 61 3a 53 18 e7 dd 7d |"g.h.M..da:S...}|
+00000260 5b 16 b9 fa 69 95 82 eb ee 1a 30 97 93 97 fc ee |[...i.....0.....|
+00000270 9e 2b 22 64 08 7d 25 05 77 5e d7 bd 0e c3 9f a4 |.+"d.}%.w^......|
+00000280 f4 bf 77 3d 56 84 c8 a1 10 1c e0 5b da 39 3d 2d |..w=V......[.9=-|
+00000290 92 80 9a 07 b2 29 c5 ab e0 e1 1c ad ba 3e fa 4e |.....).......>.N|
+000002a0 65 4f 31 63 de 33 6a 5c af e0 88 70 fc 6e 6a a2 |eO1c.3j\...p.nj.|
+000002b0 ca da 2f 14 1d 4f 8c 7d 8d da 36 9b ea 7f 7e 79 |../..O.}..6...~y|
+000002c0 9c dc 4a 3b 69 d9 50 31 bb f2 f8 8a 7f 6e 73 bc |..J;i.P1.....ns.|
+000002d0 41 7c 3a 86 10 91 9b 3a 8e 3e c8 bc 6a c4 4d f2 |A|:....:.>..j.M.|
+000002e0 45 87 49 49 d2 2f aa 4d d0 6f e9 1e a4 d6 06 63 |E.II./.M.o.....c|
+000002f0 ac 90 ce 9a cb f7 97 55 2b e8 8c 8d 55 f6 32 26 |.......U+...U.2&|
+00000300 55 d4 60 0e c0 0b da 0e ac c9 4c c3 95 03 54 d7 |U.`.......L...T.|
+00000310 99 ec e1 17 03 03 00 99 c4 65 5e 67 e3 a1 98 d6 |.........e^g....|
+00000320 f8 34 15 ed a9 55 80 c7 c0 e7 ca 67 f1 cb 58 e2 |.4...U.....g..X.|
+00000330 6e 4d d4 9e 18 c3 37 c2 ff 72 bc cb 8e 6a 97 e2 |nM....7..r...j..|
+00000340 b5 83 75 34 2a 75 9f 7f 8e 1e 47 e6 cd 53 85 c5 |..u4*u....G..S..|
+00000350 69 b6 c0 46 9f 46 a8 09 6a 21 d5 af 36 d2 d0 ba |i..F.F..j!..6...|
+00000360 65 0f da a5 af eb 3a 0c 8b 85 00 2a dd 11 71 28 |e.....:....*..q(|
+00000370 5b 71 a9 df 69 20 8a d9 27 1e 4f 02 89 03 6f 27 |[q..i ..'.O...o'|
+00000380 20 e1 37 17 69 c2 62 3e 46 39 43 2d 64 43 f3 cc | .7.i.b>F9C-dC..|
+00000390 14 5f a0 73 06 bf 42 cb da 79 21 28 b1 a1 c4 de |._.s..B..y!(....|
+000003a0 39 98 83 ad 3a d6 05 fd 58 b0 2c 97 bf 48 74 0e |9...:...X.,..Ht.|
+000003b0 25 17 03 03 00 35 69 10 76 25 e3 9e 63 10 76 73 |%....5i.v%..c.vs|
+000003c0 f5 fc 90 2c 95 e5 dc 29 79 a0 ed 0a 3a 72 58 38 |...,...)y...:rX8|
+000003d0 bf b9 17 af 77 9f 05 92 af d4 a7 c7 d6 56 77 01 |....w........Vw.|
+000003e0 da 94 31 d2 be be 95 e1 b1 95 75 17 03 03 00 93 |..1.......u.....|
+000003f0 f9 fa a9 41 89 d3 e8 3b cb 11 63 76 56 fe 28 86 |...A...;..cvV.(.|
+00000400 87 b0 0f d0 4d a8 fb 22 e9 89 f6 40 8a db 51 be |....M.."...@..Q.|
+00000410 2c 9f 9c 39 f4 43 bc 1f b0 32 9b 9c 8e a6 6e e1 |,..9.C...2....n.|
+00000420 f3 f7 f0 91 ed 56 6f 2d be 37 6b 3b ed f7 5b a6 |.....Vo-.7k;..[.|
+00000430 d3 14 0a f9 58 b8 7b 37 fc 15 97 57 79 16 8c 0c |....X.{7...Wy...|
+00000440 d2 93 7a 58 b8 48 51 f7 58 82 7d a0 4b e1 41 f6 |..zX.HQ.X.}.K.A.|
+00000450 e1 44 12 1e ea 80 f3 b6 d0 72 ec 5c 84 01 6a b3 |.D.......r.\..j.|
+00000460 f7 83 b5 47 22 0b e7 03 60 09 a7 23 23 20 5e 6b |...G"...`..## ^k|
+00000470 f6 25 34 64 11 ad 46 90 db cb 13 f5 10 0a 75 e8 |.%4d..F.......u.|
+00000480 3e c8 03 |>..|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 27 f0 39 68 fc |..........5'.9h.|
+00000010 9f 6c a4 fd a7 cf 1f 25 67 54 3c e6 9e 7c 99 5a |.l.....%gT<..|.Z|
+00000020 e9 b7 3c 0c f2 dc b6 22 36 0d 43 a3 ee 76 4b a9 |..<...."6.C..vK.|
+00000030 6a cb b8 f6 8a c8 58 91 79 19 95 7c 83 a0 87 57 |j.....X.y..|...W|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e d5 8a ef 04 f9 6c 27 62 0a f1 a4 |..........l'b...|
+00000010 4b 7f e4 e4 ff 53 f3 61 20 b9 56 96 30 f9 06 c9 |K....S.a .V.0...|
+00000020 cc 9c ed 17 03 03 00 13 4a 83 cd 86 98 97 20 45 |........J..... E|
+00000030 ab 2f c5 72 15 f6 ed a8 8c 8c 0e |./.r.......|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven
new file mode 100644
index 0000000..c26e3c2
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven
@@ -0,0 +1,184 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e0 01 00 00 dc 03 03 93 c7 00 24 7c |..............$||
+00000010 18 0f ec 3a 26 e2 8c 6b 54 d4 34 c0 5d 1e 0d 37 |...:&..kT.4.]..7|
+00000020 d1 cd 67 7a 48 59 0a 11 c3 bf d6 20 f3 37 6c 43 |..gzHY..... .7lC|
+00000030 00 91 4d e9 b4 27 39 77 6e 75 4b bf 41 68 b8 0c |..M..'9wnuK.Ah..|
+00000040 31 53 bc 48 55 a6 27 71 09 30 01 36 00 08 13 02 |1S.HU.'q.0.6....|
+00000050 13 03 13 01 00 ff 01 00 00 8b 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 1e |................|
+00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+|
+000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.|
+000000c0 24 00 1d 00 20 95 28 2e 63 cf 81 4b cd 4b 64 73 |$... .(.c..K.Kds|
+000000d0 19 19 82 2d b7 f5 54 08 4d f4 72 70 21 3e a0 d6 |...-..T.M.rp!>..|
+000000e0 7d 96 92 ac 63 |}...c|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 f3 37 6c 43 |........... .7lC|
+00000030 00 91 4d e9 b4 27 39 77 6e 75 4b bf 41 68 b8 0c |..M..'9wnuK.Ah..|
+00000040 31 53 bc 48 55 a6 27 71 09 30 01 36 13 02 00 00 |1S.HU.'q.0.6....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 db 3b a3 78 48 c0 |...........;.xH.|
+00000090 4e d1 ad 99 4d 73 e3 84 27 ff 42 de f6 c9 c9 b5 |N...Ms..'.B.....|
+000000a0 49 17 03 03 00 3c 77 b8 16 13 1d cb 0a 6b 3e 41 |I....<w......k>A|
+000000b0 24 8a 03 b9 88 48 6f b3 d7 61 66 f4 33 67 86 8c |$....Ho..af.3g..|
+000000c0 2f ad 4f f1 40 ad 63 10 35 ee f7 15 d2 0e e9 31 |/.O.@.c.5......1|
+000000d0 b8 d9 b2 32 28 05 1e 73 3d bd a2 12 26 32 5a bc |...2(..s=...&2Z.|
+000000e0 0c ea 17 03 03 02 6d e0 8f 50 e0 54 85 74 f0 b8 |......m..P.T.t..|
+000000f0 31 25 df 87 fd 8b 5b 52 d4 fe b0 8e 61 44 b5 28 |1%....[R....aD.(|
+00000100 1d 0e 8a 07 56 bb 77 5d 60 d8 c1 a0 95 ff 5c e9 |....V.w]`.....\.|
+00000110 a2 ca 17 20 3d b1 b1 8e 76 31 2f 0d c9 e3 ee b5 |... =...v1/.....|
+00000120 e6 fe fd dc 2e b9 e5 44 77 d3 fe 7a d5 9f 0e ab |.......Dw..z....|
+00000130 75 b0 ff 2a 7b aa 64 75 62 ec 15 bd 2e 0c a4 54 |u..*{.dub......T|
+00000140 e6 12 cd 31 13 83 6c 98 e8 00 b3 b6 c6 7b cb 87 |...1..l......{..|
+00000150 82 3a f9 15 50 6b 4d c2 5b 6a 91 42 ce e8 25 14 |.:..PkM.[j.B..%.|
+00000160 0d 5d 17 04 c3 cf d6 23 ad 9e 0e 3b 1c aa 2e 88 |.].....#...;....|
+00000170 02 dc 63 12 3e 33 29 3d f8 b2 ec f2 15 d6 13 d3 |..c.>3)=........|
+00000180 c9 88 a1 ad a9 27 fd 7c c4 5e f9 73 eb 45 a7 5f |.....'.|.^.s.E._|
+00000190 a1 4f be d7 0f e9 d0 da 30 67 3b 9d 63 2d ef b4 |.O......0g;.c-..|
+000001a0 89 3e de 19 20 af 62 52 7c e7 80 96 93 6e ca bf |.>.. .bR|....n..|
+000001b0 c3 48 e2 c5 23 8d cf b0 a2 e5 dd a8 51 21 6f 99 |.H..#.......Q!o.|
+000001c0 24 03 c8 d8 e0 dd e6 d4 ef 7f 74 17 85 14 ca 81 |$.........t.....|
+000001d0 91 4e c6 5d 80 86 63 6f 97 55 ab 80 1c ab 63 c8 |.N.]..co.U....c.|
+000001e0 01 ca df 11 28 68 b8 75 06 22 33 ba 9c b8 14 a1 |....(h.u."3.....|
+000001f0 7a 1d cb 24 7c 90 44 b1 ed 33 e7 9d 80 6d ce b7 |z..$|.D..3...m..|
+00000200 0a 74 bd 29 53 a2 bb 06 67 4d 4d 53 cc 1c 66 76 |.t.)S...gMMS..fv|
+00000210 a9 4f 86 be 7a da ba 35 23 b6 6f c4 7d 02 2a 9f |.O..z..5#.o.}.*.|
+00000220 2d 81 3d e2 16 3d 4b 78 ba cb f3 91 c7 39 9c 3d |-.=..=Kx.....9.=|
+00000230 2e 4d a0 f6 6d 3d ba 15 bd cf 60 3b 8a 4a 18 9f |.M..m=....`;.J..|
+00000240 87 e4 ee 1a ac f2 b2 bc a6 9f af b2 9e ca be 60 |...............`|
+00000250 3f 36 54 84 d0 cd 31 d8 60 3b 4e 7e 6c 80 d5 25 |?6T...1.`;N~l..%|
+00000260 1c 1b 1e fb 0f e7 ad b0 30 0d 13 be 27 f8 c3 6a |........0...'..j|
+00000270 93 d3 f0 55 cb e9 73 6b e9 72 aa bb ea 24 05 f7 |...U..sk.r...$..|
+00000280 c7 51 d5 66 77 32 53 82 fb 6c 2e fc fb 83 2d f4 |.Q.fw2S..l....-.|
+00000290 5d a1 cc 75 fa d1 ee c2 5b 5d 48 e5 6d 69 87 54 |]..u....[]H.mi.T|
+000002a0 1c b1 03 bd 06 66 7b 6d b7 46 33 56 b9 1c 62 a1 |.....f{m.F3V..b.|
+000002b0 fd d3 61 50 42 ef 66 f8 97 26 5b 17 82 52 89 09 |..aPB.f..&[..R..|
+000002c0 48 b8 68 50 63 d6 d4 83 7e 1f 5d 9d ad 69 2a 3c |H.hPc...~.]..i*<|
+000002d0 d6 ab b7 33 1b 07 bc 44 92 d7 23 07 00 64 3f 64 |...3...D..#..d?d|
+000002e0 98 e9 52 11 69 fc 21 04 65 1d f8 0d 06 dd 54 14 |..R.i.!.e.....T.|
+000002f0 93 ae ca 30 06 db 4b 70 00 0b 3a cb 11 19 1a c6 |...0..Kp..:.....|
+00000300 a7 f0 1c 9f 31 f9 30 ec 5f 1c 4e 74 d0 1c 9b 49 |....1.0._.Nt...I|
+00000310 ab 42 c3 72 7d 11 e0 07 3d 3f 51 7a 99 07 32 0f |.B.r}...=?Qz..2.|
+00000320 d6 b7 b7 ac 83 2e 3b c4 ce 81 1d 1a e0 e8 ba d7 |......;.........|
+00000330 12 d1 14 a9 62 c3 58 30 0d ac 30 6c 7d 06 be 96 |....b.X0..0l}...|
+00000340 e1 e4 14 6b 56 16 17 84 52 32 4c aa ec 83 1d 6c |...kV...R2L....l|
+00000350 d1 b0 1f 63 17 03 03 00 99 c9 7d 79 9c 0f 73 20 |...c......}y..s |
+00000360 0b 93 09 a6 6e 46 fd 56 12 08 0a 8c 1b 9c b0 9f |....nF.V........|
+00000370 0a d4 d9 33 e9 22 0e 90 d4 7c b3 4d 5a 95 e9 90 |...3."...|.MZ...|
+00000380 14 69 e5 d2 ad 2e b4 f1 a0 98 7d 24 fa b2 a4 2a |.i........}$...*|
+00000390 f8 af 6a e3 9d a7 64 cc ea 51 73 d1 40 23 98 df |..j...d..Qs.@#..|
+000003a0 9f cc 70 bb c5 3b 8b fc 95 6f ca 04 6d 7d cd 77 |..p..;...o..m}.w|
+000003b0 ba b3 d3 e1 50 38 9c 16 60 d7 2b be 82 b3 a5 70 |....P8..`.+....p|
+000003c0 76 c4 fb ba 7e 78 5c 97 a3 47 fe 23 80 b7 d4 f1 |v...~x\..G.#....|
+000003d0 1f a6 dc 08 68 b4 d7 bb 09 6f 45 37 e5 1d 2b 2f |....h....oE7..+/|
+000003e0 e1 57 84 4e 95 c1 bc b4 14 a4 45 04 69 ae 79 01 |.W.N......E.i.y.|
+000003f0 07 42 17 03 03 00 45 00 a8 d1 03 76 56 7f b3 7e |.B....E....vV..~|
+00000400 ec 82 94 7f b7 66 8a 01 c3 ab 50 13 20 f3 ea 3e |.....f....P. ..>|
+00000410 27 56 e7 49 14 6a d0 2e f4 04 d1 54 c0 b1 4d 5e |'V.I.j.....T..M^|
+00000420 2a a5 f1 89 55 f6 b0 ee e2 15 26 13 ec a4 4c ca |*...U.....&...L.|
+00000430 ef 1a c7 ff 3e 5e f3 88 15 57 47 43 |....>^...WGC|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 1e cd 5f bd ff 6b |............_..k|
+00000010 f7 c8 70 4b cc c8 84 44 c2 d0 7d ea 39 78 5a 6f |..pK...D..}.9xZo|
+00000020 7a 72 0e 55 d0 76 7c 48 d8 cc 32 b4 08 bf f7 a8 |zr.U.v|H..2.....|
+00000030 32 99 4a c5 83 79 4d 39 ea 0d 63 33 da 89 57 30 |2.J..yM9..c3..W0|
+00000040 ab 31 95 90 f4 8d 4a 63 34 13 c6 4e d6 80 37 b8 |.1....Jc4..N..7.|
+00000050 9b 28 8b 8f e5 b5 2a 16 e1 82 63 6f 1b ca 3a b4 |.(....*...co..:.|
+00000060 b3 0b 36 56 09 d8 1e ab b4 fb aa 07 df 76 d3 b2 |..6V.........v..|
+00000070 07 8d 56 38 f9 15 c2 1b c9 97 50 6a c4 23 6f 39 |..V8......Pj.#o9|
+00000080 7b b3 69 b5 c2 6e 29 b4 14 17 9c 3d b7 c5 5f 12 |{.i..n)....=.._.|
+00000090 25 73 89 22 99 1f 77 9d 9c a4 f6 fc 0a 8b af 24 |%s."..w........$|
+000000a0 9b fc c1 b3 c3 cd 88 55 b5 81 8a 6e 73 83 cc da |.......U...ns...|
+000000b0 fa 64 fe 3b 20 31 75 9a ce 35 ad a6 4b 3f 6f 49 |.d.; 1u..5..K?oI|
+000000c0 e0 ae 21 23 ac c5 86 bb ec 91 13 37 76 d9 06 40 |..!#.......7v..@|
+000000d0 ce 32 84 41 3e c0 5c 6d 93 0c 2f af ac af 5e ef |.2.A>.\m../...^.|
+000000e0 ab 65 fc cc 00 a4 11 94 27 0e 11 ac 2a 00 dc c3 |.e......'...*...|
+000000f0 dc fc 68 ff b3 32 bf 75 ff d0 35 e1 a3 44 68 6e |..h..2.u..5..Dhn|
+00000100 21 39 ab 68 93 11 50 3b 30 1c 32 2a 03 9a 2a 9c |!9.h..P;0.2*..*.|
+00000110 ff 2a bf 10 b3 ae 28 33 43 3c b2 04 a3 5d 49 21 |.*....(3C<...]I!|
+00000120 db c4 4e 90 2f bd 20 03 d1 99 78 48 1a fd f2 a8 |..N./. ...xH....|
+00000130 1b 06 1b 4e d1 5f 7c ed ba 04 3c ad 9c 20 4f 5e |...N._|...<.. O^|
+00000140 37 5b 75 8e fc 40 2a 09 1c 78 f7 b2 15 ad a6 24 |7[u..@*..x.....$|
+00000150 29 98 74 42 e2 80 28 80 0b 78 22 72 75 e3 33 75 |).tB..(..x"ru.3u|
+00000160 a0 57 37 00 f1 69 bd ab 22 74 2d 6c 4a 1e 46 5b |.W7..i.."t-lJ.F[|
+00000170 64 e0 47 d7 77 85 18 6b 10 67 6f 83 eb 98 e4 31 |d.G.w..k.go....1|
+00000180 00 35 1d c3 1f d9 7a 86 27 27 3f 2d 0d cb 53 8f |.5....z.''?-..S.|
+00000190 f4 52 e7 5a ba 02 67 44 a8 19 71 1a 7b f2 b1 80 |.R.Z..gD..q.{...|
+000001a0 c9 82 d0 4b 63 0e d0 e0 bd a1 cc 5e 55 80 9a 51 |...Kc......^U..Q|
+000001b0 21 bf 32 ce 8f 74 ea ed a6 cd ee b4 8f 3b 8f 6c |!.2..t.......;.l|
+000001c0 41 5e 3d 1f 00 0b d4 a4 09 9a 8e c3 3f b1 b7 4c |A^=.........?..L|
+000001d0 7b 6b 57 3f 94 3d ed d7 60 5c d4 04 b0 7b 62 06 |{kW?.=..`\...{b.|
+000001e0 f7 06 f6 f0 f8 44 80 55 97 22 60 e6 dc f3 ec 7d |.....D.U."`....}|
+000001f0 d2 22 e0 07 5d 52 0c 63 4d 77 f8 c5 16 06 67 5b |."..]R.cMw....g[|
+00000200 9e 96 f4 1e fa 8e dd f8 42 85 7f 1e dc f9 dc b8 |........B.......|
+00000210 b1 91 b0 c3 04 0d e1 dd c9 c4 0d fb b7 74 cb e5 |.............t..|
+00000220 57 38 b7 82 8c d1 20 d1 0f 17 03 03 00 a4 79 ad |W8.... .......y.|
+00000230 66 39 e1 10 c9 96 2c d3 7f 11 c6 7e c4 36 56 4c |f9....,....~.6VL|
+00000240 70 c3 8f a4 da c2 a5 53 9b 28 25 82 69 d8 90 f0 |p......S.(%.i...|
+00000250 79 52 29 cb e1 d4 48 49 dd 00 82 37 b1 ac 3b 1c |yR)...HI...7..;.|
+00000260 2c b9 a7 c4 08 ac 08 fd 42 47 79 1f 64 82 57 2a |,.......BGy.d.W*|
+00000270 63 c0 78 54 55 69 f2 05 9e 8d 81 6e d9 b5 31 08 |c.xTUi.....n..1.|
+00000280 d3 0d 61 61 4f 70 a4 57 67 eb 9d 09 ca 51 01 ff |..aaOp.Wg....Q..|
+00000290 53 d2 6d 9e 49 ce 40 1f c9 ab a2 52 e6 56 0c d3 |S.m.I.@....R.V..|
+000002a0 63 b4 44 d7 fe 97 1d d2 55 8d 13 df 23 71 68 b6 |c.D.....U...#qh.|
+000002b0 79 26 a8 a6 cd ca a1 19 6b 21 e8 b6 30 34 b6 6f |y&......k!..04.o|
+000002c0 66 2d ab 1d 16 7f c6 b1 53 c9 2a 40 87 9d 7d 48 |f-......S.*@..}H|
+000002d0 c9 6a 17 03 03 00 45 43 bf 6e f3 e2 76 56 69 2f |.j....EC.n..vVi/|
+000002e0 9b c5 d2 46 4f 24 d2 e2 61 13 2b ad b6 3e d8 89 |...FO$..a.+..>..|
+000002f0 1b 31 7c ec 14 44 39 7c b4 08 44 9d 31 d9 a1 5f |.1|..D9|..D.1.._|
+00000300 2e 8f a9 8e 5b 5a 91 e2 f5 61 f5 63 be 5c 14 e3 |....[Z...a.c.\..|
+00000310 70 8e 2e 9e fd 6c 54 85 ba ef 85 b7 |p....lT.....|
+>>> Flow 4 (server to client)
+00000000 17 03 03 02 a8 02 f0 98 42 d8 ab 9d 92 8c 11 ac |........B.......|
+00000010 16 4d b1 c0 2e 3b 0f ac 53 f8 aa 15 01 36 03 fd |.M...;..S....6..|
+00000020 1b e1 0f 87 62 5f d4 4e fc 0d 88 13 30 4f 5e fc |....b_.N....0O^.|
+00000030 46 1b 3a 22 cc ff a9 5e 29 24 15 67 08 1b 28 18 |F.:"...^)$.g..(.|
+00000040 d3 70 46 fa 92 89 de 69 62 f1 c7 47 d1 24 a2 98 |.pF....ib..G.$..|
+00000050 8d 78 d0 f2 cc 3f fb 4c 3c 5e 03 0c 4e a8 a3 b7 |.x...?.L<^..N...|
+00000060 c5 69 49 19 43 da 07 b4 be 6e 7d cd 12 c3 bf d7 |.iI.C....n}.....|
+00000070 74 9a 3e 30 cd 9d 8e a4 27 bb 66 d1 95 50 ad f7 |t.>0....'.f..P..|
+00000080 91 52 e4 be d5 61 fc 28 fb 33 02 bc f4 fb fb 7f |.R...a.(.3......|
+00000090 0c 9a dc e4 63 86 c6 f8 f6 bc 67 60 c6 ac b2 52 |....c.....g`...R|
+000000a0 65 3e 0d f7 15 e0 d4 f2 7b 36 ed e2 2e c3 ab 44 |e>......{6.....D|
+000000b0 e4 06 d1 09 e6 c6 9e c3 dd df e9 3b 9c 22 cb 48 |...........;.".H|
+000000c0 1a 18 22 da 8c e7 11 e0 36 0b a9 73 be d8 22 db |..".....6..s..".|
+000000d0 8b 95 f5 3e cc c0 11 6f db 40 57 4c 07 14 2b fc |...>...o.@WL..+.|
+000000e0 9e 6b f8 07 96 9f 3d 8e cc d2 c3 b5 a8 e1 64 33 |.k....=.......d3|
+000000f0 b6 ab 17 4b aa b2 e0 b6 fe b6 49 69 7d 0b 8e cd |...K......Ii}...|
+00000100 19 a3 d8 5e 22 5a 02 64 c2 68 ec 69 55 2d fd aa |...^"Z.d.h.iU-..|
+00000110 1f f6 35 bf b2 14 a5 f9 a0 49 59 a4 84 ff 41 a5 |..5......IY...A.|
+00000120 fb a1 e4 97 72 88 00 98 dd 5a 6f 7b 00 a7 59 fa |....r....Zo{..Y.|
+00000130 83 73 e7 ca 8f dd 31 e8 ca 02 13 c9 fa 2b 8c 5e |.s....1......+.^|
+00000140 b5 7b 85 da 2b 1a 75 da e3 db b7 34 58 c4 da 15 |.{..+.u....4X...|
+00000150 b3 3a f9 a7 b3 7f 15 d2 01 b2 26 b4 c1 fe 83 af |.:........&.....|
+00000160 d6 f7 8b fb 92 3d 32 ae 4a 1b a2 50 60 70 a6 34 |.....=2.J..P`p.4|
+00000170 98 3f 2d bf 27 2e d3 a0 91 d9 c8 f9 a9 27 f2 23 |.?-.'........'.#|
+00000180 7c 3c 17 96 19 99 6f 09 a7 bd da 2d 94 9e f9 6b ||<....o....-...k|
+00000190 bb 93 fd bb b1 c0 89 6f b4 8f 90 86 e1 85 59 98 |.......o......Y.|
+000001a0 ba 98 7c 6c 26 be 98 30 5f cf 46 bf e9 c6 a4 bd |..|l&..0_.F.....|
+000001b0 08 14 2a 5c 05 d8 c2 0e ba 46 af 23 e8 f0 71 77 |..*\.....F.#..qw|
+000001c0 78 78 ec c2 af 4a 63 93 2e b1 ed 56 3d b7 7c a5 |xx...Jc....V=.|.|
+000001d0 63 99 2f df 15 d3 ce 79 0e 49 d0 16 ac 3e f3 fa |c./....y.I...>..|
+000001e0 cd e7 0e e5 ee 4a cd 49 20 f6 9f fa d1 df cb cc |.....J.I .......|
+000001f0 1b 73 83 12 47 52 69 3c 93 bb 1f 65 64 1e 79 15 |.s..GRi<...ed.y.|
+00000200 72 85 e8 fd fa d6 be d5 61 44 35 bb 75 a7 17 1f |r.......aD5.u...|
+00000210 dd 7b 60 17 78 1f 11 72 7f ac e7 52 1e 94 13 35 |.{`.x..r...R...5|
+00000220 ab 97 69 17 09 6c 4b 46 cd 34 2d 7e 55 8a 16 d3 |..i..lKF.4-~U...|
+00000230 c2 59 e8 d8 67 9b 29 af bc f1 31 39 d9 ff 06 d5 |.Y..g.)...19....|
+00000240 80 b8 8d 50 80 5f 2c 0a 30 84 28 32 3d 4c 45 f2 |...P._,.0.(2=LE.|
+00000250 2f 8b b5 d9 3a 7a 47 05 55 22 7a a4 61 c8 8c d1 |/...:zG.U"z.a...|
+00000260 1c 1b 78 e0 87 37 5e 36 88 5c 32 ca 7a d3 76 63 |..x..7^6.\2.z.vc|
+00000270 ee 94 83 9c 9e 5e 9b 01 42 03 e1 e5 0f a8 43 53 |.....^..B.....CS|
+00000280 cd 3d 76 01 88 ba bf 78 b8 d7 b2 e9 8f 69 d1 35 |.=v....x.....i.5|
+00000290 88 44 f1 ef 20 cd 42 c6 99 99 0c a5 25 ec dc 88 |.D.. .B.....%...|
+000002a0 1e b5 28 dd e4 a1 12 20 03 fa ce 38 8a 17 03 03 |..(.... ...8....|
+000002b0 00 1e bc 9a e0 0d 88 a2 71 15 c3 0d 54 d3 13 d8 |........q...T...|
+000002c0 d9 96 ad 95 ee 47 2c c6 ba e9 f9 50 b1 8e 1e 0b |.....G,....P....|
+000002d0 17 03 03 00 13 d2 56 e3 48 c0 fa 0f 9a 95 22 e9 |......V.H.....".|
+000002e0 51 c1 98 64 b4 03 09 5a |Q..d...Z|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven
new file mode 100644
index 0000000..cbd8c75
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven
@@ -0,0 +1,180 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 c6 01 00 00 c2 03 03 9f dd 5a e8 c2 |.............Z..|
+00000010 fa 2f 38 45 33 8d f2 ab 67 03 f6 cc ba 9d 8b 33 |./8E3...g......3|
+00000020 69 c8 c6 50 f4 2e 1b 2b dc 2b 2d 20 ab eb f9 db |i..P...+.+- ....|
+00000030 71 a7 b4 eb 9a e0 17 04 2e a8 d2 c7 65 51 71 a3 |q...........eQq.|
+00000040 9a a3 5a 64 38 45 49 dc e9 e9 e2 96 00 08 13 02 |..Zd8EI.........|
+00000050 13 03 13 01 00 ff 01 00 00 71 00 00 00 0e 00 0c |.........q......|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 04 |................|
+00000090 00 02 08 04 00 2b 00 03 02 03 04 00 2d 00 02 01 |.....+......-...|
+000000a0 01 00 33 00 26 00 24 00 1d 00 20 08 a9 6d 37 e7 |..3.&.$... ..m7.|
+000000b0 3b e8 ab 4c d3 81 41 6e ac 3d dc 45 94 72 9c 9d |;..L..An.=.E.r..|
+000000c0 43 32 f7 d0 de 5a e0 6b b3 11 23 |C2...Z.k..#|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 ab eb f9 db |........... ....|
+00000030 71 a7 b4 eb 9a e0 17 04 2e a8 d2 c7 65 51 71 a3 |q...........eQq.|
+00000040 9a a3 5a 64 38 45 49 dc e9 e9 e2 96 13 02 00 00 |..Zd8EI.........|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 0f f6 f3 45 0e 04 |.............E..|
+00000090 df 70 96 7c 7a a6 a7 31 7a 7f b8 43 53 ab 02 32 |.p.|z..1z..CS..2|
+000000a0 23 17 03 03 00 3c bc 1f 27 c5 81 3d d3 25 22 34 |#....<..'..=.%"4|
+000000b0 af e3 a4 6f 22 14 e0 e8 2b 9e 91 6b b5 a5 19 b7 |...o"...+..k....|
+000000c0 32 5d a9 2a 7a ff 30 71 7b a8 32 01 00 b8 52 cc |2].*z.0q{.2...R.|
+000000d0 5e 46 ab 4d c0 10 a6 8d 0d 04 8a 26 5c d1 3a 62 |^F.M.......&\.:b|
+000000e0 67 07 17 03 03 02 6d 54 af e4 20 90 dd 21 b4 04 |g.....mT.. ..!..|
+000000f0 46 0c 01 7f 5c c4 4b 08 87 4f f0 fd 9f 64 34 55 |F...\.K..O...d4U|
+00000100 3e 30 81 52 3a c7 a6 3c 7a 0d 3e e8 b0 9c 38 df |>0.R:..<z.>...8.|
+00000110 2a bf 29 e0 cb 13 04 0a d0 ab 65 fc d1 0c 6a ae |*.).......e...j.|
+00000120 36 03 81 56 7b dd 1d 15 a8 81 de e2 85 25 5c e5 |6..V{........%\.|
+00000130 a8 38 44 dd 04 d7 52 18 0e 27 8c a3 be c3 54 f7 |.8D...R..'....T.|
+00000140 54 a2 ec df 6d cb ae cf dd 77 78 01 e0 0c 02 76 |T...m....wx....v|
+00000150 65 e3 da da 5b 96 2c 57 fa c5 a2 6e 3f 9f 93 f5 |e...[.,W...n?...|
+00000160 af b3 fa 27 d5 46 94 c1 8c 4e 0b d5 c7 f8 21 07 |...'.F...N....!.|
+00000170 08 09 27 87 a6 19 5c b1 a8 d5 c1 66 3d 0a d9 bb |..'...\....f=...|
+00000180 80 77 2b 24 cf 2e 7a 51 84 37 e1 e7 05 cb e9 90 |.w+$..zQ.7......|
+00000190 47 0e 5f 32 25 60 81 2c 93 43 a5 1a f5 b0 84 13 |G._2%`.,.C......|
+000001a0 2f e8 37 d6 b6 4b bc 4a ad 23 41 77 b0 b7 7e a7 |/.7..K.J.#Aw..~.|
+000001b0 74 db d2 13 e5 12 ab 43 51 68 da 9a d6 68 f2 82 |t......CQh...h..|
+000001c0 aa 73 49 6e e4 2e 24 41 e3 5c 22 c4 88 8b 03 8b |.sIn..$A.\".....|
+000001d0 2d 14 b9 55 12 60 50 a2 d3 8a a9 8f 7c c5 d9 f6 |-..U.`P.....|...|
+000001e0 f2 23 93 a2 a6 55 eb 27 3a c5 f5 f8 82 0e 23 43 |.#...U.':.....#C|
+000001f0 bd 3a 2d b5 e3 e3 8f d3 a6 eb 30 56 a4 7f 1c 08 |.:-.......0V....|
+00000200 72 85 77 22 36 f5 7a b8 d4 b8 9c e2 1f 47 f6 81 |r.w"6.z......G..|
+00000210 d6 c7 76 4e 97 51 dd 1e 89 b5 b5 12 88 f9 2d ca |..vN.Q........-.|
+00000220 2e 85 c8 cc cc 95 0d 7e a8 7e c3 59 85 b2 ca 14 |.......~.~.Y....|
+00000230 d7 cc 50 3b 5e 03 52 77 d3 50 8d e4 50 76 e2 36 |..P;^.Rw.P..Pv.6|
+00000240 82 df b2 69 a2 cf ee 1b fb 1d 5c a1 83 8b c9 97 |...i......\.....|
+00000250 23 a6 7f 85 87 df d5 59 fc d5 ad 86 c7 2c 9a 92 |#......Y.....,..|
+00000260 b6 1d d1 ee 92 83 92 f9 d8 9e dd e7 d7 05 c5 c8 |................|
+00000270 a5 c2 10 b3 2f 99 4a 4b fb 8a 5b c7 26 06 18 7a |..../.JK..[.&..z|
+00000280 1b d4 c1 f4 d4 2c cf a1 5e d2 f0 90 3d a4 2c b7 |.....,..^...=.,.|
+00000290 d4 0a 7b e4 7f 16 29 1a ad d1 45 d5 b8 9b 07 4a |..{...)...E....J|
+000002a0 ab 61 32 bb 27 ac 61 c6 74 56 ec fd 93 01 a0 53 |.a2.'.a.tV.....S|
+000002b0 6b 0c 8b 3f 55 3d 53 fd cf f6 da d7 5a c6 8e 8f |k..?U=S.....Z...|
+000002c0 c9 e1 fd 79 6c 85 22 08 2a a4 bc 82 ea f6 53 d6 |...yl.".*.....S.|
+000002d0 80 02 a7 f5 49 0c 1f c3 4c 44 f2 7f 56 3a 5f 65 |....I...LD..V:_e|
+000002e0 d1 4e 62 17 61 6b f9 75 94 e7 f9 5b da 8f 65 dd |.Nb.ak.u...[..e.|
+000002f0 d0 98 99 72 35 b7 0e 79 3c b5 94 2b a2 19 94 e3 |...r5..y<..+....|
+00000300 7b 31 cb 74 e4 41 c6 c3 92 0b 7a 2e 48 b5 50 2b |{1.t.A....z.H.P+|
+00000310 23 b6 c1 de 6c 5e 57 c9 36 e8 a1 07 4d d1 73 a8 |#...l^W.6...M.s.|
+00000320 c0 7b 67 1f fb 70 01 da 86 fb e0 73 ad 79 8c 9f |.{g..p.....s.y..|
+00000330 7f 28 61 e9 2c d5 f0 d5 85 e4 e9 db 87 26 f9 dc |.(a.,........&..|
+00000340 af e1 ed 4d 79 f0 5d 14 10 08 70 70 66 6d 5b 32 |...My.]...ppfm[2|
+00000350 22 09 7f 78 17 03 03 00 99 16 32 bb fc 9a 38 88 |"..x......2...8.|
+00000360 17 0f d1 03 15 b2 70 f3 ee d7 86 ec 67 f0 f6 aa |......p.....g...|
+00000370 df 63 cf 4e 4c e3 f5 7f 67 3f ef 80 b0 68 b3 d2 |.c.NL...g?...h..|
+00000380 a6 91 59 1a dd 9c 9b 26 7a 4e f1 e4 cb df cf 9f |..Y....&zN......|
+00000390 51 26 76 88 02 73 e7 99 15 58 06 af cb 14 52 1e |Q&v..s...X....R.|
+000003a0 18 4f 81 f9 62 2b 4b bd dc e6 3b fc 5f ff e6 4b |.O..b+K...;._..K|
+000003b0 b7 4b 47 39 70 69 69 89 2b ca 9a 5e 32 91 7d e9 |.KG9pii.+..^2.}.|
+000003c0 2f ae d4 b2 f8 13 89 57 4c 59 55 1e e5 41 66 34 |/......WLYU..Af4|
+000003d0 b3 1e c3 e9 b0 79 7b 14 f8 c0 b5 16 c9 e3 7e ce |.....y{.......~.|
+000003e0 3a 2c 38 85 ea ca 91 3f cf c0 fb 61 4d 24 b4 c5 |:,8....?...aM$..|
+000003f0 b5 6a 17 03 03 00 45 3a 7a af a4 51 1c f9 07 39 |.j....E:z..Q...9|
+00000400 73 d5 ca e2 6f ab 7c f3 ef b0 16 ea 17 0d 03 cb |s...o.|.........|
+00000410 07 fb 40 1b ae 9a 5c e9 1f c1 aa c9 e5 f5 1b 4d |..@...\........M|
+00000420 1b 4b 2c 0b 8d 86 24 06 9a 64 ba a5 fd e3 69 dd |.K,...$..d....i.|
+00000430 53 e5 ac 9a 2f 37 fc fd e3 c1 b4 b7 |S.../7......|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 11 1c af 9f 29 61 |..............)a|
+00000010 e3 1f bf c8 44 89 cf 28 10 cb e5 63 05 0c fa cf |....D..(...c....|
+00000020 38 79 7c 63 5d 1d 6b 40 68 ea 54 41 3d 3a 39 83 |8y|c].k@h.TA=:9.|
+00000030 8b e2 29 e9 f6 4d 4e e4 14 33 36 78 b2 bb 01 e1 |..)..MN..36x....|
+00000040 84 c4 59 30 01 65 9b 6b b1 35 2d 3e 02 fa 9b db |..Y0.e.k.5->....|
+00000050 51 d1 25 bc 4d fa a1 e8 24 e9 7e cc 97 b0 f2 40 |Q.%.M...$.~....@|
+00000060 92 0f b0 1c 0a 0a 24 3e 77 d5 4f 0f c0 54 e7 f5 |......$>w.O..T..|
+00000070 56 87 ff 46 0a 12 7f 49 18 76 40 3d ce 64 53 a8 |V..F...I.v@=.dS.|
+00000080 f8 1a 95 70 dc 8f 1c b0 2d ba 55 42 89 1d fa 9a |...p....-.UB....|
+00000090 cf d5 ba f0 fb f8 fe ad c8 5f e0 47 28 ce 48 2f |........._.G(.H/|
+000000a0 a3 6c 7c 05 04 5f 3f 0a 95 ca 04 2f 6a b3 02 9c |.l|.._?..../j...|
+000000b0 f3 23 d9 fd 13 75 45 5d a6 22 3f 72 6d 7e 35 60 |.#...uE]."?rm~5`|
+000000c0 bd c1 b3 8d d4 42 4a b8 69 31 82 0c 83 94 84 76 |.....BJ.i1.....v|
+000000d0 77 5e ca 19 8c d2 4f b1 94 71 2d 3d e9 34 3b 39 |w^....O..q-=.4;9|
+000000e0 7f f0 b1 0b 8c e7 18 7e 37 89 c9 98 38 31 21 39 |.......~7...81!9|
+000000f0 a4 52 b8 d0 0e 09 fb eb c1 e2 ef f1 37 4f d2 29 |.R..........7O.)|
+00000100 13 4b 87 f9 88 19 71 bd d7 48 c9 8f 94 a3 51 4e |.K....q..H....QN|
+00000110 65 4b 66 8a 48 9b 33 bf 14 70 24 24 e3 1c b3 6c |eKf.H.3..p$$...l|
+00000120 0d f3 b1 74 5a bd a6 a4 f3 e9 1f 95 81 88 6d cb |...tZ.........m.|
+00000130 19 44 67 b6 ee f7 65 af bf ec 0a 55 13 a6 65 41 |.Dg...e....U..eA|
+00000140 49 4f be 8f c5 f2 a7 7c 27 ac ad fa 02 a5 75 54 |IO.....|'.....uT|
+00000150 53 a5 a9 b5 7f b9 7d 70 2e 2d 48 27 fe 63 e6 ab |S.....}p.-H'.c..|
+00000160 ea 13 47 0e 8f a5 8d 19 42 0f 8c 26 ba cd a2 98 |..G.....B..&....|
+00000170 f5 e3 28 a7 a1 6d 56 95 0b 7f a1 c2 5e 77 56 81 |..(..mV.....^wV.|
+00000180 5d c8 7f a8 00 4c a4 09 c1 ed 43 0e a2 65 8f 66 |]....L....C..e.f|
+00000190 47 02 0f 0d 46 d5 42 d8 f5 e8 a7 f2 50 1b 09 02 |G...F.B.....P...|
+000001a0 4d a9 39 78 6b fc 24 23 4b 2a 49 ef b7 60 70 78 |M.9xk.$#K*I..`px|
+000001b0 f3 6f a0 2e 8f e3 20 b6 b9 76 ce 4d e4 56 e0 f3 |.o.... ..v.M.V..|
+000001c0 b8 9f d2 02 f7 63 e9 80 ed 43 16 49 c9 3a c2 41 |.....c...C.I.:.A|
+000001d0 8c f9 98 b7 3a 31 cb e6 78 3b ad ee 5f 52 c3 0a |....:1..x;.._R..|
+000001e0 d7 dc 5f 67 89 6a 0a db 1f 7f 4b fc 08 0e a2 e1 |.._g.j....K.....|
+000001f0 23 4b d6 a0 36 10 c7 e5 95 71 86 cb 1a 70 89 55 |#K..6....q...p.U|
+00000200 2c 58 8a 55 f8 26 89 b1 40 1e 11 b0 b5 3e 0d eb |,X.U.&..@....>..|
+00000210 33 cb 37 1c 80 6c b7 0e 84 96 a0 67 17 03 03 00 |3.7..l.....g....|
+00000220 99 ae 4c b5 06 1e 69 cb 7d 28 42 7f 47 c8 1b bf |..L...i.}(B.G...|
+00000230 8c 0a af 18 fc 5a 4d db 2c c5 b3 7d cc e5 28 be |.....ZM.,..}..(.|
+00000240 ec 3a f7 e4 ec b1 11 01 67 f6 3b 0e a6 55 03 67 |.:......g.;..U.g|
+00000250 76 8c 3f d3 0a cc 97 90 f2 51 d4 ee 58 3e 9c 78 |v.?......Q..X>.x|
+00000260 e1 b4 57 4d 42 c1 fd e1 4c c5 6e 1f 5e 8e d9 fd |..WMB...L.n.^...|
+00000270 f9 71 86 c9 63 7c 42 df 53 b0 99 06 3d 21 3e 06 |.q..c|B.S...=!>.|
+00000280 d7 56 2f 90 b8 09 f5 77 8b 8a 4b 7e f5 78 05 73 |.V/....w..K~.x.s|
+00000290 85 10 e7 b4 71 02 77 a0 2c cb db 76 53 0b b4 34 |....q.w.,..vS..4|
+000002a0 56 37 7f 45 13 b4 72 f0 24 24 e4 47 1b ce b2 78 |V7.E..r.$$.G...x|
+000002b0 44 82 73 f6 3a 77 68 5c ce 02 17 03 03 00 45 17 |D.s.:wh\......E.|
+000002c0 d8 40 a5 44 fe 96 82 bc 27 1c 2f c6 c5 6e 0c 47 |.@.D....'./..n.G|
+000002d0 52 9d 90 cd f6 43 03 d5 f0 1b 4a 11 38 56 f3 0b |R....C....J.8V..|
+000002e0 73 cb 01 d3 69 33 1a 95 4b 5e 75 55 99 a9 a2 fe |s...i3..K^uU....|
+000002f0 28 58 4e 54 92 5e 08 71 4b 40 42 a1 e6 94 ec c0 |(XNT.^.qK@B.....|
+00000300 bc ac 82 8e |....|
+>>> Flow 4 (server to client)
+00000000 17 03 03 02 9b bf 6f 39 51 ff 9a ee ff 16 51 98 |......o9Q.....Q.|
+00000010 49 e5 88 3d b3 ea b4 14 1d a7 8c ae 11 da 7b 08 |I..=..........{.|
+00000020 99 ad 7d 23 e7 3a 78 8f b1 ca c1 2c b5 f7 84 bf |..}#.:x....,....|
+00000030 0d 48 0b 1e 3f 6d 56 d7 7c 84 df f0 39 ee 77 ff |.H..?mV.|...9.w.|
+00000040 af 7b f5 f2 6e 59 dc 4e 92 a8 b5 d0 64 03 5a 87 |.{..nY.N....d.Z.|
+00000050 9d 4b 0c d7 00 0c e7 7e 2d 4a e0 da 63 10 cc a6 |.K.....~-J..c...|
+00000060 a0 8e 8b ff 04 e2 49 75 01 4f b9 6a cd 5c 90 82 |......Iu.O.j.\..|
+00000070 3c e3 67 d0 a0 93 b7 9b 4d f3 f8 b6 67 d3 fd f6 |<.g.....M...g...|
+00000080 e3 d2 d0 dd 0f 6c 89 92 95 4f b6 74 56 5c f8 f5 |.....l...O.tV\..|
+00000090 a1 33 3d e6 31 05 93 d8 09 d8 3c 0b e3 a7 9f b9 |.3=.1.....<.....|
+000000a0 4b c7 0a de 1c 71 8a d6 63 44 b8 7d 11 6f 1e 8d |K....q..cD.}.o..|
+000000b0 d8 7f 3f 9f 39 77 8b 2d 7a fd 01 e1 9e 45 58 b6 |..?.9w.-z....EX.|
+000000c0 f8 eb f6 48 9b f2 fc 95 ba 75 56 42 5c 01 22 39 |...H.....uVB\."9|
+000000d0 ab df c2 2d 32 9c de f6 fa 51 00 d0 77 a8 47 34 |...-2....Q..w.G4|
+000000e0 b2 cf dd 9e d5 d6 c2 fd 0e db 98 71 6a 30 82 4e |...........qj0.N|
+000000f0 4a 36 ce 6c c8 27 a0 92 77 ec 04 e8 ed 20 0d f4 |J6.l.'..w.... ..|
+00000100 1e 9a 5c ae 71 db 06 6a ed ba 18 0e 65 94 dc f1 |..\.q..j....e...|
+00000110 60 67 34 d4 6a 9d 4b ed 4b 80 69 2e 52 8b e2 ba |`g4.j.K.K.i.R...|
+00000120 17 aa b7 75 0f 02 bf b9 95 f1 05 83 2c 2a e8 7d |...u........,*.}|
+00000130 62 17 0e 89 c5 40 fb bb 98 14 98 f4 68 09 af 73 |b....@......h..s|
+00000140 e2 f9 35 68 19 d7 56 66 dd 36 1f 8e 6e 1c 73 e4 |..5h..Vf.6..n.s.|
+00000150 98 ef b0 f3 31 ae 58 de 91 56 a6 eb ee 4c f6 57 |....1.X..V...L.W|
+00000160 5b 6c e7 f9 c3 51 c7 2c 78 40 c0 37 14 0d c4 12 |[l...Q.,x@.7....|
+00000170 18 4c 96 24 69 19 53 de 07 a3 50 b4 00 fa cd 47 |.L.$i.S...P....G|
+00000180 e4 a3 4f 3a 0c 44 82 b7 90 7d 55 6d 6f b1 68 04 |..O:.D...}Umo.h.|
+00000190 02 3d 60 14 80 8b 4b 7d 13 55 5c 1b d2 73 f2 03 |.=`...K}.U\..s..|
+000001a0 31 a1 12 f3 cc df 5f 2e 14 5d 15 7b 6c a8 66 10 |1....._..].{l.f.|
+000001b0 3d ee 11 e0 bd 0f ff b6 d9 9d 2b b8 59 0c b5 f5 |=.........+.Y...|
+000001c0 ec 78 80 bd 11 85 6b b7 67 01 25 5d 1f 14 26 4c |.x....k.g.%]..&L|
+000001d0 60 48 0e 40 7f 2e a5 d9 09 25 e9 45 87 6e b3 a9 |`H.@.....%.E.n..|
+000001e0 e2 19 5a 58 4c 3e 53 0e 1f d1 55 42 3f bc d0 26 |..ZXL>S...UB?..&|
+000001f0 4e 9a dc 00 ac 2e 8b ac 4d e2 76 d0 80 80 09 87 |N.......M.v.....|
+00000200 8b fe c6 9b c5 43 2d 56 b6 13 e2 eb 91 94 d9 0c |.....C-V........|
+00000210 40 4f e6 96 af b2 c5 fb 75 9d 51 24 09 b0 8d 4f |@O......u.Q$...O|
+00000220 68 c5 b1 7a 0e 22 03 84 21 14 b5 db f7 97 d4 60 |h..z."..!......`|
+00000230 c9 ee 49 a0 9a 14 d4 bb 3c 54 91 61 ac 78 40 0f |..I.....<T.a.x@.|
+00000240 39 43 bb 49 14 ef 64 0b 36 72 a9 2a 89 7b 0d 55 |9C.I..d.6r.*.{.U|
+00000250 7e 47 77 a1 2c 7f c8 55 68 63 56 d8 41 73 52 33 |~Gw.,..UhcV.AsR3|
+00000260 87 0e 7e 82 ca 42 52 42 37 42 5a d6 b8 45 44 8d |..~..BRB7BZ..ED.|
+00000270 58 d7 47 65 66 de 4b 2c 0d b9 d5 02 5e 63 a3 db |X.Gef.K,....^c..|
+00000280 5a de 2e fc a3 4a c4 cc b3 91 0e 7f 96 0e 80 c8 |Z....J..........|
+00000290 d9 fe 61 b2 f9 9f bf 50 ef 4e ee d2 9c ca 28 50 |..a....P.N....(P|
+000002a0 17 03 03 00 1e 61 3d d9 fb 2e 03 d9 6f 4a 8b 90 |.....a=.....oJ..|
+000002b0 8e d5 66 76 1d 88 47 ea 06 4b 3e d8 6a 0e 63 39 |..fv..G..K>.j.c9|
+000002c0 64 e8 05 17 03 03 00 13 3b b0 06 df 04 01 7a 90 |d.......;.....z.|
+000002d0 46 4a 2e 57 1c 66 26 f0 d8 4c ea |FJ.W.f&..L.|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled
new file mode 100644
index 0000000..89361f1
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled
@@ -0,0 +1,182 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e0 01 00 00 dc 03 03 32 03 2a b3 ed |...........2.*..|
+00000010 c2 1a 71 f2 ff ea 0b 1c fa f9 c6 88 03 7c 84 89 |..q..........|..|
+00000020 4e 45 60 81 d9 58 dc 9f 0a 60 d1 20 ce 4d 59 a5 |NE`..X...`. .MY.|
+00000030 10 b1 76 53 f5 77 26 fd 17 08 f9 e5 14 03 c4 0a |..vS.w&.........|
+00000040 65 fd 83 bb a9 3b 24 05 24 1b ef 00 00 08 13 02 |e....;$.$.......|
+00000050 13 03 13 01 00 ff 01 00 00 8b 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 1e |................|
+00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+|
+000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.|
+000000c0 24 00 1d 00 20 06 b0 03 80 81 d6 e7 f4 31 85 4c |$... ........1.L|
+000000d0 e3 50 35 c1 df 6e 28 9f 38 ce c0 7b fc 71 00 8c |.P5..n(.8..{.q..|
+000000e0 9a 25 07 95 57 |.%..W|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 ce 4d 59 a5 |........... .MY.|
+00000030 10 b1 76 53 f5 77 26 fd 17 08 f9 e5 14 03 c4 0a |..vS.w&.........|
+00000040 65 fd 83 bb a9 3b 24 05 24 1b ef 00 13 02 00 00 |e....;$.$.......|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 ad ce ff 21 b8 39 |.............!.9|
+00000090 16 f6 10 6e 8d 6c 0f 46 2f 58 55 b3 e4 4f 2d 5c |...n.l.F/XU..O-\|
+000000a0 26 17 03 03 00 3c fd 24 07 75 28 2b f2 ec d9 74 |&....<.$.u(+...t|
+000000b0 f0 76 e4 02 e6 02 bd 47 58 0f 68 60 ac 6c 59 a8 |.v.....GX.h`.lY.|
+000000c0 87 94 b9 cb c3 fa 41 15 4c 95 b8 58 da 8c d9 ea |......A.L..X....|
+000000d0 3a ab 0c 06 83 a5 2b d1 39 6f 32 92 bf e1 c0 f4 |:.....+.9o2.....|
+000000e0 49 51 17 03 03 02 6d 22 dc 8c fc ae 21 96 41 17 |IQ....m"....!.A.|
+000000f0 45 93 6e 08 61 6b 46 b9 9a cf 2e 79 a8 1a 46 30 |E.n.akF....y..F0|
+00000100 a4 de 3d 53 87 bf 57 3a 44 4f 5b 3f c9 b2 f0 0e |..=S..W:DO[?....|
+00000110 56 5f 5a ee 5a 1f df cc fe f3 54 ab 87 d7 bb 00 |V_Z.Z.....T.....|
+00000120 2c 61 de ad 31 9c d4 cf 43 bf e7 84 d1 1d 3c cb |,a..1...C.....<.|
+00000130 82 d1 81 9d 13 90 6b c8 fd 01 53 4f 13 a5 91 a4 |......k...SO....|
+00000140 fe 20 ce 2c 34 96 62 b7 6f f0 f0 65 f0 01 18 99 |. .,4.b.o..e....|
+00000150 31 3d cb c6 72 6f 54 d6 ec fa a3 dd 94 67 6b b9 |1=..roT......gk.|
+00000160 ff 2c 41 ba 00 d5 25 ba b1 7a e5 d2 1c 0b 37 ad |.,A...%..z....7.|
+00000170 df 0b 62 be b3 69 5b 84 39 2d 72 c2 b9 ec 68 87 |..b..i[.9-r...h.|
+00000180 32 23 92 4b a8 f0 17 25 0f d7 86 97 45 65 73 e1 |2#.K...%....Ees.|
+00000190 49 c4 3c 8d 26 43 34 06 4c be 50 76 ae 63 6f 1d |I.<.&C4.L.Pv.co.|
+000001a0 ed 57 93 5a 7f 98 e2 1e 5f 94 74 a2 54 59 63 12 |.W.Z...._.t.TYc.|
+000001b0 bb 8b df 77 20 3a 9c ea c7 40 b0 cf 8e 7f f8 98 |...w :...@......|
+000001c0 06 92 38 be 77 11 17 03 c2 ac af fc 8d 7d d5 6b |..8.w........}.k|
+000001d0 f7 2b 7a f3 b8 dc b0 cf 3e f7 c5 f4 b3 34 4b 06 |.+z.....>....4K.|
+000001e0 c6 ed b5 dc 0c 2d 4e bc 03 94 cc 03 f2 9f 5d c6 |.....-N.......].|
+000001f0 57 36 5a 01 81 65 27 75 1d 4f 22 9f b5 da 7f e2 |W6Z..e'u.O".....|
+00000200 7d 36 f3 4b 05 3f 40 47 c6 1b af e6 99 c0 ca 35 |}6.K.?@G.......5|
+00000210 98 c8 30 60 7b 42 4e e7 5c 90 28 d7 4e db f3 78 |..0`{BN.\.(.N..x|
+00000220 22 e2 a3 86 0c 9e 19 43 0e 89 d4 f6 78 38 21 16 |"......C....x8!.|
+00000230 84 38 36 6a 2d a5 94 2c 52 2b 00 de 67 16 e8 89 |.86j-..,R+..g...|
+00000240 32 21 0e fd b0 23 91 06 8b fa 82 70 21 bc 1f 29 |2!...#.....p!..)|
+00000250 32 af f4 b9 15 7f aa 22 c1 e8 e3 2c 92 b4 d8 2a |2......"...,...*|
+00000260 64 58 f4 f1 85 85 14 92 f3 16 8e 2d 5b a6 7e ef |dX.........-[.~.|
+00000270 22 5a 58 bb 4c f1 36 70 2f ca 03 df fb 0a d0 03 |"ZX.L.6p/.......|
+00000280 55 5d d9 6b 63 48 d2 75 82 d4 56 af 17 5a 60 4f |U].kcH.u..V..Z`O|
+00000290 af 8b 17 d6 fd 96 be 3d 82 25 0e 73 2e 58 0e 0a |.......=.%.s.X..|
+000002a0 5c 2d c8 f5 17 b0 ae 7d 39 90 cb 75 bb 4b 33 22 |\-.....}9..u.K3"|
+000002b0 bd a2 02 00 70 43 a8 54 ee 7c 25 d5 d7 88 08 f6 |....pC.T.|%.....|
+000002c0 3f 34 61 55 f5 d3 53 0c 8c b1 9b fd 4e d9 65 7a |?4aU..S.....N.ez|
+000002d0 2b 6e b4 d5 37 34 18 f3 14 00 9f 56 40 d9 15 ea |+n..74.....V@...|
+000002e0 59 5a 4b 4a bb f7 19 72 60 4a 08 8f 75 d6 7b a4 |YZKJ...r`J..u.{.|
+000002f0 de 79 c5 21 1a cb 82 97 b3 88 d8 ae 65 30 cc 56 |.y.!........e0.V|
+00000300 da a3 04 5c 63 f4 44 a5 eb 05 55 ad 78 46 44 ac |...\c.D...U.xFD.|
+00000310 56 2e f6 f7 eb 47 f6 f1 62 8d df 27 7d 86 5e 58 |V....G..b..'}.^X|
+00000320 5f 4c 34 6e f6 c0 fd 56 7d 46 82 5d 53 db 2a 84 |_L4n...V}F.]S.*.|
+00000330 45 db e7 9c b9 23 32 59 cf 85 f7 12 c5 e8 9e 3c |E....#2Y.......<|
+00000340 2d 3f 81 a5 24 cf 36 ad d6 65 02 35 84 de 43 f8 |-?..$.6..e.5..C.|
+00000350 04 e2 8b ae 17 03 03 00 99 ce e8 48 a3 34 5e fb |...........H.4^.|
+00000360 76 f1 e4 3b da 94 0a 25 ee 78 f6 31 24 10 05 25 |v..;...%.x.1$..%|
+00000370 9c e5 ca fc ef c5 66 86 08 15 d8 69 75 d8 49 e9 |......f....iu.I.|
+00000380 9b 86 71 3f 1f 41 ee f0 bc 8d 4e aa bc 30 f0 8f |..q?.A....N..0..|
+00000390 7b b1 94 7e aa 74 3f eb 23 c5 c9 aa 9a c3 f7 12 |{..~.t?.#.......|
+000003a0 23 30 95 2e e1 1b 9c fe 8b 50 b1 d9 17 cf af a1 |#0.......P......|
+000003b0 ff ce 8d fa 7e bd 23 59 d0 7a fb 30 12 f4 8d 86 |....~.#Y.z.0....|
+000003c0 0c 3c fd 03 50 d4 7f bb f6 fa ba 1d fc 32 cc 7e |.<..P........2.~|
+000003d0 12 3a 33 90 c6 82 5d 6a 90 23 6d b8 e6 60 7d d3 |.:3...]j.#m..`}.|
+000003e0 a8 f0 0c 75 bc b5 67 68 ed 58 ef 4d ac 91 47 c9 |...u..gh.X.M..G.|
+000003f0 c4 bc 17 03 03 00 45 ae 0d 8d 76 8d 28 34 1b 09 |......E...v.(4..|
+00000400 4d d5 df 2e aa f8 ff 71 b2 0e 60 a1 ce 8a 58 9c |M......q..`...X.|
+00000410 45 64 31 6c 9b 46 66 64 27 98 e6 f3 93 e8 92 81 |Ed1l.Ffd'.......|
+00000420 3d 4f db da 98 72 0d b7 71 27 ac 2b 61 81 97 0b |=O...r..q'.+a...|
+00000430 e7 ae 32 d7 e2 66 4d 5d f7 01 d0 77 |..2..fM]...w|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 02 11 f6 03 90 9e bc |................|
+00000010 dc 00 9b f9 dd 7b 65 dd b0 69 b4 b5 42 fc 25 f2 |.....{e..i..B.%.|
+00000020 2b 7e be 52 1a 4b f1 e4 21 94 0d 88 4a 58 07 37 |+~.R.K..!...JX.7|
+00000030 67 c7 e3 c4 62 eb 17 57 5d 52 d4 a9 03 39 0e 7d |g...b..W]R...9.}|
+00000040 d0 c3 1a 8d ef ec b7 a8 9b 93 50 0d 7f fd a1 10 |..........P.....|
+00000050 b6 82 99 21 3f e3 3d 3d 47 04 c3 cd a7 b3 ab e0 |...!?.==G.......|
+00000060 f6 33 47 0e 1c 30 36 45 21 32 34 c2 2c 72 20 72 |.3G..06E!24.,r r|
+00000070 b6 c7 5b 95 8a 97 84 54 2e d0 5f d5 80 e7 8f 7a |..[....T.._....z|
+00000080 6f 50 96 8a 33 13 c6 97 85 25 47 6b 8a b2 a0 29 |oP..3....%Gk...)|
+00000090 cd 7f 0e 38 94 53 08 8b c3 2f 89 a2 10 c2 22 5a |...8.S.../...."Z|
+000000a0 95 42 a3 45 73 a8 d0 ac 6d ba 95 a4 51 63 b9 b4 |.B.Es...m...Qc..|
+000000b0 79 61 be dd c6 ab 97 72 38 30 63 55 a7 7d 9a eb |ya.....r80cU.}..|
+000000c0 bb 5a f6 d0 3d 05 81 5d 0e e5 7a 8b ae fe d2 3b |.Z..=..]..z....;|
+000000d0 db 85 3a 13 81 ee 36 b3 ff 41 47 d1 67 bf 17 5e |..:...6..AG.g..^|
+000000e0 9d a3 4c 92 51 a9 1b 4b ca 13 f6 ee 8a e5 b3 01 |..L.Q..K........|
+000000f0 e7 87 ee 1e 2a 9e 56 3d 01 7e 0f cb e5 d6 ea 13 |....*.V=.~......|
+00000100 05 3e 8c 5a 24 d0 36 6b 54 9f 8e 3f 07 73 a0 bf |.>.Z$.6kT..?.s..|
+00000110 84 c2 90 72 ce 48 50 49 47 27 b3 14 56 5c c7 63 |...r.HPIG'..V\.c|
+00000120 7e 7e b5 8f 9d 6d 70 32 6f 3f 4d 53 80 ae f6 2b |~~...mp2o?MS...+|
+00000130 fb c9 7a de 76 aa 68 a3 9b a9 a7 47 55 d0 cb f8 |..z.v.h....GU...|
+00000140 e8 c4 1c f5 0f 54 82 5b c5 45 18 41 05 da 72 ce |.....T.[.E.A..r.|
+00000150 84 d1 8b 00 40 e9 f9 cf b5 d5 3e 71 ee 25 dc 7d |....@.....>q.%.}|
+00000160 3b 00 67 68 9d 78 d2 c0 7b cb 5d 9e 79 2c b5 f4 |;.gh.x..{.].y,..|
+00000170 1b ea b8 d8 de bd 36 71 2a 26 49 44 1b 5b 92 ad |......6q*&ID.[..|
+00000180 1c 2d 2f ab 8e 15 d7 b3 96 89 da 58 77 75 42 32 |.-/........XwuB2|
+00000190 c3 6b f1 5e 0b da 91 71 1e d5 f1 dd 32 d8 b6 a5 |.k.^...q....2...|
+000001a0 21 a1 1d 5e b1 df 01 37 33 ac 93 11 94 6d b8 e6 |!..^...73....m..|
+000001b0 3b be 86 31 da cf b6 ab cd f5 12 4f 85 45 24 06 |;..1.......O.E$.|
+000001c0 34 40 7b c5 f8 5f c3 f9 3b cf 9d 2a b3 2e 65 e4 |4@{.._..;..*..e.|
+000001d0 0e ed fc 7c b4 2b 32 bf 0e 8f b3 85 93 74 8b e8 |...|.+2......t..|
+000001e0 25 e0 47 c0 d8 52 8e c9 ed 7f 16 41 3f b3 79 d8 |%.G..R.....A?.y.|
+000001f0 d1 47 19 ae fb ab 97 a5 b2 42 7c a0 73 ad 4f 62 |.G.......B|.s.Ob|
+00000200 cf 35 52 7c d6 47 b8 1f e9 65 b0 99 f7 67 e7 64 |.5R|.G...e...g.d|
+00000210 14 83 46 c7 90 6e 4d 01 3a c2 e6 19 17 03 03 00 |..F..nM.:.......|
+00000220 99 a5 e0 38 3a 91 4a 1d 87 9a eb a6 95 87 35 fc |...8:.J.......5.|
+00000230 ae 42 8d 3a fe f6 39 f3 c2 c2 f0 9a f5 8f b5 75 |.B.:..9........u|
+00000240 18 6b 84 c0 5b 96 6a 9c 0c aa 81 fc 9a 2e 01 f7 |.k..[.j.........|
+00000250 d8 b1 5d 4a 54 cf 79 90 fb 79 57 ff d9 d1 46 59 |..]JT.y..yW...FY|
+00000260 02 84 3d ee cc 68 ea 05 1d a2 79 fb 1d 1e d6 ad |..=..h....y.....|
+00000270 5b 95 3b 6b 9a c9 07 e5 e4 20 07 6a a0 74 c8 1a |[.;k..... .j.t..|
+00000280 31 53 a4 e6 bb bb 28 61 47 41 d5 f3 45 38 71 86 |1S....(aGA..E8q.|
+00000290 35 12 f4 8a f2 e4 e9 ae 96 a9 14 ce 8a 1c 5d 59 |5.............]Y|
+000002a0 3c d7 3a e7 93 35 c2 53 9f d8 4d cb 98 bd e1 72 |<.:..5.S..M....r|
+000002b0 a8 80 55 a6 cd 9c 50 41 ec 50 17 03 03 00 45 2d |..U...PA.P....E-|
+000002c0 90 3b 73 cc 24 52 ad 22 90 0e 7d bf 2a a2 44 09 |.;s.$R."..}.*.D.|
+000002d0 e2 43 61 f2 48 9b 73 85 00 05 8b 0a 51 ad a0 c0 |.Ca.H.s.....Q...|
+000002e0 64 ef 5e 11 86 37 b0 32 af 11 f7 98 7b 74 39 90 |d.^..7.2....{t9.|
+000002f0 fa d0 32 f3 fe 4d 01 6b 78 75 31 7e 67 4f 61 0f |..2..M.kxu1~gOa.|
+00000300 bb c6 3e c0 |..>.|
+>>> Flow 4 (server to client)
+00000000 17 03 03 02 9b f5 b2 d6 62 fe e0 c8 8d cc 7a cd |........b.....z.|
+00000010 29 51 b2 77 0d 9a 54 fb 43 6d f6 9c e1 ff 28 be |)Q.w..T.Cm....(.|
+00000020 fc 50 68 80 2f 1c 4f 50 44 95 64 49 0a 66 fe 79 |.Ph./.OPD.dI.f.y|
+00000030 46 ba 88 e9 03 be 5c 91 60 84 78 03 a8 c6 21 90 |F.....\.`.x...!.|
+00000040 cd 79 de 2d 2f 81 dd 08 1f 52 1a 0e d8 69 16 22 |.y.-/....R...i."|
+00000050 a6 59 5b 2b 85 08 00 16 e7 85 bd 43 9a cc ce e6 |.Y[+.......C....|
+00000060 3a ee 70 25 0b 95 90 4b c0 42 4a 48 25 d3 50 92 |:.p%...K.BJH%.P.|
+00000070 19 e1 3e b8 72 c5 a1 e8 dd 9f a4 57 2d b0 a6 24 |..>.r......W-..$|
+00000080 8b 8c 55 41 f3 26 45 dd dd 2b d3 15 8d d9 ca e4 |..UA.&E..+......|
+00000090 15 6e b5 6d 99 79 ba 46 00 e6 5e 75 52 fd f9 26 |.n.m.y.F..^uR..&|
+000000a0 cf cd 69 cf be 29 a7 b9 7d 1b 1d 6b ab 17 ee 4e |..i..)..}..k...N|
+000000b0 f5 24 b0 89 0f b5 c7 41 4e ea cd 32 98 47 23 bc |.$.....AN..2.G#.|
+000000c0 91 03 b1 23 e0 5c 5e 37 40 95 da 90 ef eb 95 81 |...#.\^7@.......|
+000000d0 7b 2d c7 15 8f f8 2d ba 69 41 0e a9 eb 19 6c 6c |{-....-.iA....ll|
+000000e0 73 b0 05 fc b9 f4 76 91 2b 6a 72 fa d6 e5 87 a9 |s.....v.+jr.....|
+000000f0 90 49 81 8c d5 fa 78 a2 a1 8f 77 c7 35 78 1b ba |.I....x...w.5x..|
+00000100 ac 3c 41 51 ce 4e 99 c9 74 a0 bc 51 12 b5 15 2c |.<AQ.N..t..Q...,|
+00000110 8e 36 6e e1 c9 bb 0f d2 fd 00 97 56 de 66 a9 19 |.6n........V.f..|
+00000120 c7 2f 18 e5 67 b4 34 73 9e b2 6f 68 26 8d 2f da |./..g.4s..oh&./.|
+00000130 92 bd 52 13 32 3c 49 80 8c c7 3c 11 9d 9f 05 c0 |..R.2<I...<.....|
+00000140 aa 5d 63 33 8e 07 60 20 6a 01 1f 5a 16 45 4d ba |.]c3..` j..Z.EM.|
+00000150 b0 2a 5c 26 b1 ea 26 72 59 c5 b0 59 8a 1a cb 9a |.*\&..&rY..Y....|
+00000160 6a 54 55 06 75 37 a0 c9 04 4e 2f 61 de ef b5 df |jTU.u7...N/a....|
+00000170 68 ae 42 03 29 91 e3 1d a0 6b 18 4d 17 23 3d 61 |h.B.)....k.M.#=a|
+00000180 87 72 06 9f 45 98 0d 1e f7 f1 f5 f3 f7 04 a5 98 |.r..E...........|
+00000190 29 c2 2e 77 d9 2c 95 df 5d 3d 20 41 36 26 1b 46 |)..w.,..]= A6&.F|
+000001a0 ea 54 9e a3 96 05 ba f7 33 01 85 b0 d1 9f 78 3c |.T......3.....x<|
+000001b0 0f 73 0d 04 52 7f 02 f4 cb 79 f1 e2 d1 63 60 d6 |.s..R....y...c`.|
+000001c0 e1 34 05 23 79 c3 37 eb d0 5b ea bc f4 f9 bb 7a |.4.#y.7..[.....z|
+000001d0 85 9e 42 50 3c c8 f8 e6 f4 93 71 c2 6a 46 b9 26 |..BP<.....q.jF.&|
+000001e0 8c 17 b4 c9 65 00 fb 9a d6 54 ab e6 71 c1 1b 5a |....e....T..q..Z|
+000001f0 51 a2 6f df 0b 52 29 8c c3 ec 8e bf 31 36 93 7e |Q.o..R).....16.~|
+00000200 59 cc ca 49 71 dc ce 84 40 7d 43 81 5c 96 ed ca |Y..Iq...@}C.\...|
+00000210 d1 e6 15 40 cf 19 f4 ed 61 28 9a e3 6b e7 1c 9b |...@....a(..k...|
+00000220 c1 71 d0 46 ef 79 3b d8 35 e3 7b 47 3f a2 78 76 |.q.F.y;.5.{G?.xv|
+00000230 17 58 13 67 5f 4e f0 ed 2e e9 84 e1 92 0c a6 36 |.X.g_N.........6|
+00000240 5c 5b de 8e 5c 04 ed d4 a4 75 10 fd 85 9c e5 8e |\[..\....u......|
+00000250 ca 02 14 fb 91 8b 85 14 79 e5 97 1f 63 46 48 90 |........y...cFH.|
+00000260 26 c7 2f a2 c0 18 71 d9 2e e3 81 78 7b 74 67 e0 |&./...q....x{tg.|
+00000270 e1 ef 48 af 41 96 9f 1a 44 d8 6c 94 49 3e 9b 47 |..H.A...D.l.I>.G|
+00000280 71 63 2f 0c 94 c9 42 ac bc 4c 0a 16 fe 9a 90 eb |qc/...B..L......|
+00000290 02 75 16 1a 10 23 b2 75 67 c7 c5 17 55 9b cf 69 |.u...#.ug...U..i|
+000002a0 17 03 03 00 1e 45 8c ed 99 0f 8a 83 d8 89 70 49 |.....E........pI|
+000002b0 17 a8 fd 2b 6e ef ff 53 fa 99 52 89 ee 8b 19 f1 |...+n..S..R.....|
+000002c0 41 09 30 17 03 03 00 13 14 f0 f6 ef c5 f9 52 15 |A.0...........R.|
+000002d0 77 de 5e 46 63 8d 3b 2f 07 84 aa |w.^Fc.;/...|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedNotGiven b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedNotGiven
new file mode 100644
index 0000000..c9c8728
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedNotGiven
@@ -0,0 +1,109 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e0 01 00 00 dc 03 03 d7 9c 79 99 50 |.............y.P|
+00000010 c9 4b 3a e0 a1 36 a8 fc 40 bb 51 a9 71 a6 ba 2f |.K:..6..@.Q.q../|
+00000020 1b ba 13 f3 b6 8b 2b 77 f1 60 27 20 a6 a3 e8 5a |......+w.`' ...Z|
+00000030 4b cb 7c 64 05 b4 77 3b af 66 4b e3 5a b3 cb 57 |K.|d..w;.fK.Z..W|
+00000040 84 d3 fa 5d 7f 5a cd 94 62 79 31 4a 00 08 13 02 |...].Z..by1J....|
+00000050 13 03 13 01 00 ff 01 00 00 8b 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 1e |................|
+00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+|
+000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.|
+000000c0 24 00 1d 00 20 c6 c0 3a af 99 9f ef 6d 59 6b bd |$... ..:....mYk.|
+000000d0 c3 b0 8a 94 02 c8 fb 13 7d cb a8 3a f4 f1 e0 40 |........}..:...@|
+000000e0 03 15 7a 95 06 |..z..|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 a6 a3 e8 5a |........... ...Z|
+00000030 4b cb 7c 64 05 b4 77 3b af 66 4b e3 5a b3 cb 57 |K.|d..w;.fK.Z..W|
+00000040 84 d3 fa 5d 7f 5a cd 94 62 79 31 4a 13 02 00 00 |...].Z..by1J....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 d8 15 a1 e7 a9 00 |................|
+00000090 bf 9d 8d 63 5d ba b1 5a 08 c2 de 57 7e 73 61 5d |...c]..Z...W~sa]|
+000000a0 2f 17 03 03 00 3c 59 ed f4 2a 62 56 2a 02 73 4f |/....<Y..*bV*.sO|
+000000b0 d8 a3 79 28 0c 5c c6 d6 da ff f7 80 d1 37 4c 93 |..y(.\.......7L.|
+000000c0 7b 67 e0 6c 0f ce bc 64 3b aa 46 d7 65 b0 b0 27 |{g.l...d;.F.e..'|
+000000d0 62 27 74 68 18 70 70 e4 67 f8 40 0f 83 dd 74 a8 |b'th.pp.g.@...t.|
+000000e0 cf f7 17 03 03 02 6d 92 57 b1 0d 53 fa b4 f7 9e |......m.W..S....|
+000000f0 43 8f a4 42 00 48 47 ce ce 30 98 19 c3 af 29 81 |C..B.HG..0....).|
+00000100 3d f0 ae bd 47 89 cc 31 92 11 e1 fd b3 7f 30 68 |=...G..1......0h|
+00000110 71 96 16 4e 4f ea cb 05 47 67 57 f1 fe 02 82 13 |q..NO...GgW.....|
+00000120 81 df 79 7e 66 71 24 97 3d 53 89 2d 3f e4 61 c2 |..y~fq$.=S.-?.a.|
+00000130 2d 79 8f 5a 9d 00 b2 2d b0 c2 55 67 61 99 1a 4c |-y.Z...-..Uga..L|
+00000140 3a 1c 16 52 48 7a 94 3f 96 f8 58 4a e6 0c 6c b3 |:..RHz.?..XJ..l.|
+00000150 8d 83 57 bc 74 23 3b 5b c3 89 86 e4 ce df 5e 96 |..W.t#;[......^.|
+00000160 1b 29 17 4b 25 70 e5 f6 b6 e7 c1 e0 d9 37 f2 9d |.).K%p.......7..|
+00000170 80 8e 48 7a f2 ad 7c c1 65 56 56 20 ce 28 37 f3 |..Hz..|.eVV .(7.|
+00000180 39 5c 99 74 ba 68 d2 1f a1 51 1f 2d b5 a9 25 10 |9\.t.h...Q.-..%.|
+00000190 eb c2 3d a1 84 d5 f4 86 6f 20 ba fd c6 6f 42 64 |..=.....o ...oBd|
+000001a0 f5 28 2a 9f 19 58 11 40 e1 a3 c6 ae e6 92 1b 33 |.(*..X.@.......3|
+000001b0 3d 69 be 86 74 f7 bf 7c 98 f6 2d 71 2d 01 b9 47 |=i..t..|..-q-..G|
+000001c0 3a 7a 55 52 95 0f e8 7d 0a fe d3 32 ca 02 85 d6 |:zUR...}...2....|
+000001d0 e5 7b 18 2c 9d ff a3 2c 54 b1 f3 7a 8a 6d ca 07 |.{.,...,T..z.m..|
+000001e0 98 28 d0 a9 18 c3 2d 87 d2 59 80 2e f8 6a fe b1 |.(....-..Y...j..|
+000001f0 0a b1 fe 9e b4 44 bb bc 9d ed 73 69 8d ea 63 cc |.....D....si..c.|
+00000200 37 10 6d af bb 3f 61 ad e1 4f 26 8e 01 36 77 1c |7.m..?a..O&..6w.|
+00000210 95 cd 24 d9 e2 da 01 86 16 44 ab b3 8f 98 5d cc |..$......D....].|
+00000220 d8 2c b9 a4 12 26 60 5b 89 02 4a ef a9 98 7f 7c |.,...&`[..J....||
+00000230 b7 f3 e2 45 b5 6d 9b f7 80 d7 ca a8 e3 15 10 d3 |...E.m..........|
+00000240 b6 cd ae 27 e5 29 df 77 5d a4 34 45 af 61 7b 64 |...'.).w].4E.a{d|
+00000250 03 b6 a6 59 16 c7 dc 98 6c f9 83 eb 70 e1 73 90 |...Y....l...p.s.|
+00000260 2c 08 39 cb 61 86 0a 52 2d 45 96 f1 41 0e 31 d4 |,.9.a..R-E..A.1.|
+00000270 de 61 54 b9 8c 8f 9b 70 60 d9 db 19 03 0a f2 14 |.aT....p`.......|
+00000280 c7 ee 47 f0 2c 27 c7 a7 4f 32 b0 9d 98 b9 09 1f |..G.,'..O2......|
+00000290 0e 8f 7a 55 15 9a 63 c7 7b fb 68 82 36 6c 58 55 |..zU..c.{.h.6lXU|
+000002a0 b2 db 46 2b 1e 7b 87 20 be aa 7a 43 c8 71 8f e8 |..F+.{. ..zC.q..|
+000002b0 f2 05 a9 8b 64 7d 5c 44 81 e9 41 14 2d cf d6 ea |....d}\D..A.-...|
+000002c0 d4 0d 53 68 60 4f f5 e3 bd 24 47 7b 62 c3 f6 89 |..Sh`O...$G{b...|
+000002d0 7d 3b 65 97 fc ac 60 0a de 0d 7e 31 8a 04 8e 6f |};e...`...~1...o|
+000002e0 f6 c2 47 05 d2 64 f1 19 2b 89 c1 8f f8 e8 bb e1 |..G..d..+.......|
+000002f0 19 d5 09 c2 b1 41 3c 0d 4f 9f 13 06 f3 02 27 1d |.....A<.O.....'.|
+00000300 5d ea 22 1d 1e e0 22 34 2d f0 40 ae c0 a2 b4 1e |]."..."4-.@.....|
+00000310 93 16 28 43 e1 d0 e6 ee 3b b4 51 43 bd 6f 8e b7 |..(C....;.QC.o..|
+00000320 30 79 7b 29 78 17 52 a6 93 3f c7 9a de 3f fe fb |0y{)x.R..?...?..|
+00000330 56 8d 2c bc 21 9e 0c a4 a2 6f 51 39 04 65 5b 81 |V.,.!....oQ9.e[.|
+00000340 6e b5 4d 82 ca da 3e 13 a5 16 72 e8 c8 aa ff 34 |n.M...>...r....4|
+00000350 2f 45 81 fe 17 03 03 00 99 ef 4a 43 25 8d dd 0d |/E........JC%...|
+00000360 e5 af 9e e3 46 e1 84 de f1 68 5f 9b f6 70 17 6f |....F....h_..p.o|
+00000370 7e 86 33 45 b6 13 f0 a8 a2 fd 08 1b 4a 4f 92 3f |~.3E........JO.?|
+00000380 45 ef db 03 ff 1f 54 55 28 cc de 0e f5 6c af 5c |E.....TU(....l.\|
+00000390 86 cc b1 e2 c7 0e ea 24 47 fb e0 37 e8 a2 e7 47 |.......$G..7...G|
+000003a0 cd 9e da 02 e5 37 1f a9 b2 ea 57 f8 6f 63 be 5e |.....7....W.oc.^|
+000003b0 38 be 1a 09 38 23 46 52 df cf 79 bc ce c1 da 23 |8...8#FR..y....#|
+000003c0 34 97 c8 ce 81 74 d5 03 f4 71 ff 4b 17 e0 99 7c |4....t...q.K...||
+000003d0 31 bd c9 1e d5 2b d3 d4 ff dc 56 82 07 f5 a6 57 |1....+....V....W|
+000003e0 0e ab 18 cf db 38 26 ff d9 51 c2 8f 70 b8 5b 84 |.....8&..Q..p.[.|
+000003f0 80 27 17 03 03 00 45 95 7b 2b 46 29 0a 03 4f c6 |.'....E.{+F)..O.|
+00000400 37 0c 31 e8 72 8a aa 00 db 90 e8 d3 1f c1 e1 eb |7.1.r...........|
+00000410 03 02 bc ae dd 03 a7 28 55 7e 19 0d 5f 76 e6 fa |.......(U~.._v..|
+00000420 03 91 c2 5a 10 1d c0 a0 85 3d d2 32 ec 65 af 83 |...Z.....=.2.e..|
+00000430 25 d1 77 0f 41 d9 e7 43 56 04 4e fe |%.w.A..CV.N.|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 19 6c b2 53 5f 6e |...........l.S_n|
+00000010 a9 6a b2 48 da d7 d5 b2 56 81 47 a9 7d a8 5c 6d |.j.H....V.G.}.\m|
+00000020 7a a8 23 db 17 03 03 00 45 88 80 32 38 19 22 fd |z.#.....E..28.".|
+00000030 09 5c a2 40 50 ba 9c 34 ad 4e 4c 70 7c 4d f0 0e |.\.@P..4.NLp|M..|
+00000040 68 3f da d6 c0 6e 6e 29 fa ec d8 11 2e 20 94 38 |h?...nn)..... .8|
+00000050 12 b9 08 27 3c e3 0a 8f 9a da cb 1f ab c9 f5 0e |...'<...........|
+00000060 da a9 8c 66 24 de 2f b2 92 22 68 53 2f 68 |...f$./.."hS/h|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 a3 38 95 dc 12 b1 b8 df 96 ef 91 88 |.....8..........|
+00000010 d4 d5 dc 35 ec 19 32 a3 2d 90 0b d5 03 f4 b2 b9 |...5..2.-.......|
+00000020 4e 5f 4d b2 18 ae 44 d6 21 f1 7f ef a2 ab 3a 60 |N_M...D.!.....:`|
+00000030 df a3 f3 6c 90 68 66 12 8c 3c c2 25 13 36 6c 1d |...l.hf..<.%.6l.|
+00000040 51 e7 7e 75 f1 ac 54 fd ae 1b e0 b3 03 6f 0e 96 |Q.~u..T......o..|
+00000050 91 5e 88 f5 a7 b6 f0 c5 3c ec a4 e1 3a 46 cd 41 |.^......<...:F.A|
+00000060 60 dc 6f 13 d0 eb 76 7e b4 46 31 0f 23 22 0f b1 |`.o...v~.F1.#"..|
+00000070 c8 91 14 42 ac 67 6f 83 92 a7 5b 2c 88 16 fc cf |...B.go...[,....|
+00000080 ef 97 56 2f 2b 64 92 7d 1a ae a7 94 66 5d 35 f3 |..V/+d.}....f]5.|
+00000090 77 63 c2 ef 82 d7 33 6d 0e 60 b2 a3 6b 01 aa 84 |wc....3m.`..k...|
+000000a0 32 d0 df 47 e1 01 52 15 17 03 03 00 1e 05 90 37 |2..G..R........7|
+000000b0 26 ed e0 a9 8d b1 07 26 42 6d 77 7c 19 aa c2 56 |&......&Bmw|...V|
+000000c0 f1 92 eb de 96 46 f2 25 d9 93 df 17 03 03 00 13 |.....F.%........|
+000000d0 ed b0 6c 70 1e 85 32 0d 8b ef 55 32 8c d6 fe 1d |..lp..2...U2....|
+000000e0 c5 b0 4f |..O|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES b/src/crypto/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES
new file mode 100644
index 0000000..d2b0250
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ECDHE-ECDSA-AES
@@ -0,0 +1,96 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 dc 01 00 00 d8 03 03 90 bc cf 62 d0 |..............b.|
+00000010 bc 89 6b 84 ad 18 87 f5 9c 96 0e 02 3f ae a5 4b |..k.........?..K|
+00000020 80 70 f8 54 47 b1 78 03 48 4d 06 20 ae 9e 3c 17 |.p.TG.x.HM. ..<.|
+00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN|
+00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 00 04 13 01 |.ea@.|....s.....|
+00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1|
+00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
+00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
+00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................|
+00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
+000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....|
+000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...|
+000000c0 20 ad 11 a7 07 20 9c cb 33 96 f4 0d 78 a1 89 55 | .... ..3...x..U|
+000000d0 6c af 70 f4 ac d6 cb d9 0d 1b 13 fa 50 de 68 17 |l.p.........P.h.|
+000000e0 1d |.|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 ae 9e 3c 17 |........... ..<.|
+00000030 1a c6 fa 52 84 da ea a9 9c 08 e7 10 65 3a 65 4e |...R........e:eN|
+00000040 d1 65 61 40 bf 7c ee db d4 f2 73 ff 13 01 00 00 |.ea@.|....s.....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 f1 16 14 8f 0a b5 |................|
+00000090 92 fa 55 d7 fb 6c 33 04 ae c6 ed 3b 90 27 e9 ae |..U..l3....;.'..|
+000000a0 e8 17 03 03 02 22 ca b1 97 19 9d da 2e 1d 12 f4 |....."..........|
+000000b0 05 af 35 28 1e 85 9d 28 81 f0 5a 83 46 9c df f7 |..5(...(..Z.F...|
+000000c0 58 2e 30 fa b9 07 00 cf fe 69 37 5e f2 75 a0 ef |X.0......i7^.u..|
+000000d0 f3 ab 60 0b c5 09 72 bd b4 42 2f 45 24 3e 82 d0 |..`...r..B/E$>..|
+000000e0 f1 a1 dd 3a de 6a b9 9d 85 2b 83 75 47 c9 d2 c3 |...:.j...+.uG...|
+000000f0 25 91 85 c2 a1 97 6a 62 dd aa 19 11 94 e2 6b f9 |%.....jb......k.|
+00000100 7d 5a bc 5e d4 64 bc 74 44 85 d1 7a eb 3a ef d5 |}Z.^.d.tD..z.:..|
+00000110 96 f4 22 64 61 2b 79 77 ac 8b 61 69 cc eb ad fd |.."da+yw..ai....|
+00000120 38 5e 61 74 d9 4f 70 82 06 3b 3e f8 a8 53 7c e8 |8^at.Op..;>..S|.|
+00000130 9d 98 43 a1 af 86 ba d9 64 64 f0 e0 b0 8f 39 6b |..C.....dd....9k|
+00000140 16 d6 92 09 8d 5b d0 34 f4 14 60 69 a0 28 73 3a |.....[.4..`i.(s:|
+00000150 24 7f 81 4e 8b d1 50 49 1a c0 60 92 fd 02 47 6d |$..N..PI..`...Gm|
+00000160 d8 97 62 b2 b4 57 8b d7 d1 b6 bf 19 40 cb 13 09 |..b..W......@...|
+00000170 ef d6 55 66 39 88 29 e0 14 2d 06 98 d6 b6 bf a6 |..Uf9.)..-......|
+00000180 04 10 47 d5 64 fe 38 69 db 33 a4 fc 12 de 83 5b |..G.d.8i.3.....[|
+00000190 c9 8e 76 56 bc f7 dd ac 96 c6 a0 ed e5 43 0b 13 |..vV.........C..|
+000001a0 1e 78 94 18 fd 57 50 79 08 91 18 aa 84 63 4e 46 |.x...WPy.....cNF|
+000001b0 53 db e0 f3 9a 0b d6 13 20 36 aa 56 dd 7a 62 d9 |S....... 6.V.zb.|
+000001c0 3f f6 bd 87 74 3c 86 d1 94 a1 04 79 a8 54 e4 8e |?...t<.....y.T..|
+000001d0 11 d6 52 42 5c 4b 77 18 b9 d7 db f7 48 9a 69 e1 |..RB\Kw.....H.i.|
+000001e0 2d b9 38 38 e4 e8 94 5e b1 7e 2c 81 96 6a a0 ed |-.88...^.~,..j..|
+000001f0 bb 35 6a 8c 93 f2 6d 38 70 df 79 54 d9 45 c8 b8 |.5j...m8p.yT.E..|
+00000200 b2 9c 0f 9f 70 34 8f ac b3 08 f5 3e b1 d2 5a d7 |....p4.....>..Z.|
+00000210 7b ee f3 dc 9a d1 12 c3 77 24 76 9b bf 09 50 a7 |{.......w$v...P.|
+00000220 3c ab 7f 1f 99 b5 02 8c ac 5e 85 cc 53 fd ca e0 |<........^..S...|
+00000230 c7 e2 41 08 fd cb b0 79 0c 8b 02 4f 80 92 c2 cd |..A....y...O....|
+00000240 6c a1 aa 75 d2 4c d1 25 40 7c 14 41 a7 15 20 a3 |l..u.L.%@|.A.. .|
+00000250 a6 81 64 7c c0 c7 2d dd 82 84 ad 2a f4 06 f9 61 |..d|..-....*...a|
+00000260 23 1c dd c6 ef 72 da 6b eb be 41 f0 b4 5f 9a 02 |#....r.k..A.._..|
+00000270 ee a8 f3 bb 05 48 ec 50 a3 ff f3 94 bb d8 a9 6d |.....H.P.......m|
+00000280 92 49 7c bf a1 eb 55 26 08 26 d3 80 d6 cb 05 ea |.I|...U&.&......|
+00000290 d1 db bf 97 3d 10 ff 4e f6 05 33 23 68 95 31 42 |....=..N..3#h.1B|
+000002a0 5a d5 30 61 79 c4 88 7f e1 be 28 ad 72 bb 78 36 |Z.0ay.....(.r.x6|
+000002b0 ba bb 38 75 fb 97 33 b6 28 8c a2 f4 46 fe 37 d8 |..8u..3.(...F.7.|
+000002c0 b0 67 63 97 c1 51 0c 61 17 03 03 00 a4 20 15 70 |.gc..Q.a..... .p|
+000002d0 7a 69 b1 33 c2 e1 f5 9c 2b b2 06 1e 01 a6 7f 03 |zi.3....+.......|
+000002e0 cd 00 13 02 3b 0c 2b 3f 85 d8 ed 6d 81 7e e9 b2 |....;.+?...m.~..|
+000002f0 b6 be 7b 77 51 30 dd b5 fc 93 08 91 9e 46 e2 85 |..{wQ0.......F..|
+00000300 74 3c 9a 04 26 86 b8 6c 98 99 57 7e 36 54 0d 90 |t<..&..l..W~6T..|
+00000310 4c 55 65 77 69 59 b2 e5 5b a3 19 4a b0 72 3d 91 |LUewiY..[..J.r=.|
+00000320 2e 5d 9b 8c 52 a1 e6 f5 22 c6 3c 0d 9b d8 9c b9 |.]..R...".<.....|
+00000330 cb 90 51 bc 16 69 06 30 22 16 62 08 3b 3f 05 99 |..Q..i.0".b.;?..|
+00000340 60 2a cc cf 29 f5 e1 b0 84 81 c8 63 00 d4 d4 13 |`*..)......c....|
+00000350 b5 5d 4c 63 8a 60 3e 44 24 03 30 85 91 4c 3d f2 |.]Lc.`>D$.0..L=.|
+00000360 2c c2 78 f2 c3 4c bb 90 60 0b 66 18 02 e7 5c 85 |,.x..L..`.f...\.|
+00000370 19 17 03 03 00 35 49 76 5f ff 32 3a 09 7a 4b f2 |.....5Iv_.2:.zK.|
+00000380 fe f3 38 b6 76 f4 12 f2 aa a3 ed b6 02 ab 0b b9 |..8.v...........|
+00000390 3b 9d 00 51 f1 5c 96 23 6b 49 f8 32 9f 74 30 32 |;..Q.\.#kI.2.t02|
+000003a0 4d af af ef d5 55 2c ff 2b a0 45 17 03 03 00 93 |M....U,.+.E.....|
+000003b0 6e e0 6a f9 44 af c0 af 95 ab 1e ff fd 97 38 f5 |n.j.D.........8.|
+000003c0 7b 24 70 da e2 4e 8b dc 9b 49 84 fe 73 0a b0 7e |{$p..N...I..s..~|
+000003d0 cf 14 f7 8a 67 e7 74 bd ee 82 93 c6 27 a2 bd 1e |....g.t.....'...|
+000003e0 cb 71 06 af 65 dd f0 d9 91 81 b0 f8 21 34 48 d1 |.q..e.......!4H.|
+000003f0 c4 e0 e3 19 a8 b4 48 b7 3a be 52 e5 7c a8 a3 c2 |......H.:.R.|...|
+00000400 08 6c ac 66 4d 36 cf a1 9d 1f 72 c5 09 20 db 05 |.l.fM6....r.. ..|
+00000410 e5 0a 44 af 4a d8 32 38 19 7d 28 e3 05 23 99 66 |..D.J.28.}(..#.f|
+00000420 f6 ad 77 02 7e 00 67 c1 71 58 b9 89 3c 93 15 95 |..w.~.g.qX..<...|
+00000430 ee 38 e2 ea c0 73 fe da e4 75 6d 38 ca 54 0b bf |.8...s...um8.T..|
+00000440 f0 af 86 |...|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 35 23 02 12 13 f1 |..........5#....|
+00000010 db fa 70 c0 92 85 8a d3 fa 80 1b 5c a6 22 ff 20 |..p........\.". |
+00000020 5d bf 1d 61 58 34 c0 48 6f e1 26 a6 bf bc 76 c7 |]..aX4.Ho.&...v.|
+00000030 8b da ee 54 64 30 c4 5c b1 61 67 82 29 bb 3f 4b |...Td0.\.ag.).?K|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 95 c0 53 e2 37 94 09 83 1e 7e 23 |.......S.7....~#|
+00000010 dc 9f 02 5e 91 19 b6 f9 72 0d 38 3f 25 ae b2 5f |...^....r.8?%.._|
+00000020 4b f2 78 17 03 03 00 13 d2 ad 73 d6 f3 21 ab 7c |K.x.......s..!.||
+00000030 02 dd 63 ff cf d7 34 ca 71 3d 70 |..c...4.q=p|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ExportKeyingMaterial b/src/crypto/tls/testdata/Server-TLSv13-ExportKeyingMaterial
new file mode 100644
index 0000000..078739c
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ExportKeyingMaterial
@@ -0,0 +1,103 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e4 01 00 00 e0 03 03 40 53 50 a3 f5 |...........@SP..|
+00000010 3a 20 4f 16 ef 9c a4 1c a3 10 1d 93 cb ea 1f 69 |: O............i|
+00000020 6b aa 50 ae a8 01 7e 65 d9 7b 5c 20 8c 9b cc d4 |k.P...~e.{\ ....|
+00000030 6b 07 4d 1e d9 69 d2 d8 a0 a0 d5 b7 75 d8 e3 d8 |k.M..i......u...|
+00000040 c4 ac f7 d2 6f e5 f5 8f 46 9a bf 85 00 08 13 02 |....o...F.......|
+00000050 13 03 13 01 00 ff 01 00 00 8f 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................|
+000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....|
+000000c0 33 00 26 00 24 00 1d 00 20 81 67 45 ec b4 08 4d |3.&.$... .gE...M|
+000000d0 a6 50 79 b4 d4 a9 d1 35 51 2b db 8d b7 e7 7c 3c |.Py....5Q+....|<|
+000000e0 fd 0f 4b 47 87 e1 bb fb 2d |..KG....-|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 8c 9b cc d4 |........... ....|
+00000030 6b 07 4d 1e d9 69 d2 d8 a0 a0 d5 b7 75 d8 e3 d8 |k.M..i......u...|
+00000040 c4 ac f7 d2 6f e5 f5 8f 46 9a bf 85 13 02 00 00 |....o...F.......|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 d2 bf e0 2f ba e9 |............./..|
+00000090 84 f5 8b 96 93 ac de 94 3b 92 03 ca db 43 f4 55 |........;....C.U|
+000000a0 12 17 03 03 02 6d 54 36 b6 78 fb bf 9f 36 02 78 |.....mT6.x...6.x|
+000000b0 b3 92 50 c9 ab 85 b6 57 69 18 10 c1 fe da d4 05 |..P....Wi.......|
+000000c0 89 db 62 bd 83 b0 82 38 29 5f ce 53 88 2d f2 cd |..b....8)_.S.-..|
+000000d0 6a d7 1d c0 c5 03 e7 e4 4b ec eb bf 95 8e d5 9b |j.......K.......|
+000000e0 65 45 09 52 ef 29 60 7b 22 61 6f ca 1b 3d 30 a4 |eE.R.)`{"ao..=0.|
+000000f0 c4 c4 06 55 39 5e 3a ef a2 62 61 35 6c c4 fc 8b |...U9^:..ba5l...|
+00000100 19 dc c1 b0 8d dd ba d0 9e 87 65 1c 8d 73 6c 82 |..........e..sl.|
+00000110 e4 45 e9 a9 53 94 20 ba 19 7e 4e 7e fb 14 dc 5d |.E..S. ..~N~...]|
+00000120 86 19 0b fe f8 9c 7e 61 8e 17 e6 59 12 c2 e0 6a |......~a...Y...j|
+00000130 52 c0 25 05 30 c8 f7 d6 54 69 15 ca c9 8e 96 1d |R.%.0...Ti......|
+00000140 42 55 1f 9a 9b 03 95 af 74 05 be 5e 51 35 8b 1f |BU......t..^Q5..|
+00000150 24 0a 13 03 90 fc c0 c4 22 c3 f0 8a f2 60 a8 ff |$......."....`..|
+00000160 7b 04 48 10 3e 42 da e5 c2 7b 72 9c e1 d6 b5 56 |{.H.>B...{r....V|
+00000170 f7 69 ce 46 67 33 e4 d3 e5 61 43 b2 57 e8 b2 43 |.i.Fg3...aC.W..C|
+00000180 84 ac 75 15 d1 cb 70 53 99 1c 29 9a 21 bb c0 d3 |..u...pS..).!...|
+00000190 66 8a be 16 b1 67 1b 60 d3 2f c6 a3 7e f3 3b 4f |f....g.`./..~.;O|
+000001a0 78 4d ec 1f 9f 6d 46 1c 43 2f 50 ad 44 75 93 49 |xM...mF.C/P.Du.I|
+000001b0 e2 29 c4 be aa 22 51 f1 17 1a 20 97 8a 23 06 2c |.)..."Q... ..#.,|
+000001c0 93 b6 9d 11 5a 55 34 d9 f1 a4 c6 5b 84 f6 bb 0c |....ZU4....[....|
+000001d0 a0 7c a2 25 47 df a6 22 c8 df e5 ae 74 1c f3 db |.|.%G.."....t...|
+000001e0 3c 04 6f fa 86 76 c9 be ae 2a e0 64 65 d2 8f 9a |<.o..v...*.de...|
+000001f0 7b a2 38 4d 74 8d 44 ad ef c1 12 0b ca 64 6c b5 |{.8Mt.D......dl.|
+00000200 13 03 2c b4 6a e8 78 ba 57 d5 ef 9a d1 1d 7e 92 |..,.j.x.W.....~.|
+00000210 58 52 78 c2 c5 e2 f8 e9 2d 06 28 88 19 d4 19 7b |XRx.....-.(....{|
+00000220 7f 41 ea ed f9 9e 14 f1 9b 3f dc f7 bc 35 20 ca |.A.......?...5 .|
+00000230 fc 8f b8 df ee ef 83 50 c4 41 91 ae 83 4b bd d1 |.......P.A...K..|
+00000240 00 e1 3f 70 5d cb 40 a6 77 70 cd 9a 09 5b 05 14 |..?p].@.wp...[..|
+00000250 83 b9 7c 8d 1c e1 7f 6e 41 1a b9 8c 70 2a 95 01 |..|....nA...p*..|
+00000260 ef 19 0c 59 7d 47 b4 64 7b 91 5e 9b 02 c5 ed ee |...Y}G.d{.^.....|
+00000270 d4 9b ad 12 70 d1 d9 6b 02 26 b5 48 4e 23 bb 61 |....p..k.&.HN#.a|
+00000280 ae c7 82 74 a9 68 59 b1 66 07 b8 e3 93 0f 2c 9f |...t.hY.f.....,.|
+00000290 8d 8d f1 e8 3f b7 2c 64 90 4f 88 7f 41 78 66 ba |....?.,d.O..Axf.|
+000002a0 26 eb 1c 8b 70 47 f5 78 cb fe 66 34 6f 74 b1 98 |&...pG.x..f4ot..|
+000002b0 ca 12 f5 91 8c cb 15 85 eb 77 ad af 76 f8 3f 3f |.........w..v.??|
+000002c0 cb 86 82 fe 1e 78 1e d3 16 c2 b7 e6 a6 2b a0 6c |.....x.......+.l|
+000002d0 da 99 3f dd 3b 0b 10 3b 16 bd d9 4f 45 c3 12 b5 |..?.;..;...OE...|
+000002e0 14 1b 53 33 56 c1 f4 7c 4a 47 b9 c2 b0 bd 4e 78 |..S3V..|JG....Nx|
+000002f0 e1 6f 76 05 d1 e3 af 01 f8 b4 e6 23 12 11 cf 43 |.ov........#...C|
+00000300 91 9d eb be d8 6b 9c d2 fd 3b b5 3b 8c 52 4e 12 |.....k...;.;.RN.|
+00000310 df 26 42 17 03 03 00 99 fc fb 50 ba e0 83 07 bb |.&B.......P.....|
+00000320 13 4f 7c 1e 5f 35 e5 2f b9 c0 40 cb 51 9a 38 a6 |.O|._5./..@.Q.8.|
+00000330 bf 1a 22 e3 ea 8b 5e 30 e0 b2 2b 40 aa 76 62 bc |.."...^0..+@.vb.|
+00000340 c5 e3 3c f3 2a 10 2e 35 58 2b 5e c1 56 da 78 a9 |..<.*..5X+^.V.x.|
+00000350 57 b5 46 1f d8 ad 59 3c 5a b8 37 be 66 86 d0 ad |W.F...Y<Z.7.f...|
+00000360 37 8b 92 aa 8f 11 f2 51 9b 47 56 9d 14 8f 22 71 |7......Q.GV..."q|
+00000370 7c 81 41 86 35 19 47 57 0a 6d 19 99 76 40 76 71 ||.A.5.GW.m..v@vq|
+00000380 7a e5 63 9f 3f 48 6d 8c ed 13 98 5a 4e ee d9 97 |z.c.?Hm....ZN...|
+00000390 cb 7d c5 d2 7b 05 50 d4 e5 65 fd 94 f6 c2 94 8d |.}..{.P..e......|
+000003a0 12 85 4b 16 28 a4 9c a7 b6 7c 3e ce cb 5d 5f 56 |..K.(....|>..]_V|
+000003b0 05 17 03 03 00 45 81 1e e7 bb e8 81 f4 41 12 af |.....E.......A..|
+000003c0 fb f0 8f bd d0 d6 b3 10 a5 1e d6 0c f7 aa 01 15 |................|
+000003d0 9d 30 5b 65 e1 fd 3e 72 3d 43 62 21 02 0e ec da |.0[e..>r=Cb!....|
+000003e0 ec 74 2c e2 22 84 c9 90 18 71 f8 ef db 3f 05 d6 |.t,."....q...?..|
+000003f0 91 09 46 c2 5c 2b f7 03 39 2b 3e 17 03 03 00 a3 |..F.\+..9+>.....|
+00000400 53 cc 75 04 8c c5 25 70 1f 4b 9c 04 92 af 1a 3f |S.u...%p.K.....?|
+00000410 26 1e 00 98 fa e3 c2 25 63 ca d4 03 fd 6c 94 a0 |&......%c....l..|
+00000420 0a 87 5f 68 63 52 72 25 69 3f 21 66 f6 a6 00 2a |.._hcRr%i?!f...*|
+00000430 25 e3 1e 95 f3 bd a8 22 bc 9a 74 f0 41 5d b1 30 |%......"..t.A].0|
+00000440 36 ff 13 09 d9 69 7f 16 35 11 34 0e 65 2e e7 52 |6....i..5.4.e..R|
+00000450 b4 6e a1 dc 06 fe a3 3e 3b eb 79 fe d0 e1 e8 76 |.n.....>;.y....v|
+00000460 e2 0e 49 78 c3 cf c5 31 ce 7f 9b d6 c5 6d 3f 7b |..Ix...1.....m?{|
+00000470 79 9a 5d a7 c3 3b 58 eb a2 43 55 c6 42 7a a8 34 |y.]..;X..CU.Bz.4|
+00000480 6e c9 47 aa 5e 44 4a bd 4b 89 28 ab ac 5a 95 dc |n.G.^DJ.K.(..Z..|
+00000490 96 99 28 dc 29 04 10 f3 8c 49 45 b7 29 69 3d 9e |..(.)....IE.)i=.|
+000004a0 dd fe 4a |..J|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 3f e6 f9 73 13 |..........E?..s.|
+00000010 98 fa c1 e1 84 7a 0c 10 eb 9a bf 2b df c1 44 26 |.....z.....+..D&|
+00000020 36 1a 95 02 b4 12 67 7c e2 7d f3 1e 54 79 7b 51 |6.....g|.}..Ty{Q|
+00000030 e6 13 94 cb 00 cc 25 fb 6e 8a 35 4e f0 f0 95 34 |......%.n.5N...4|
+00000040 53 fd 7e 37 d2 a8 0a 71 a7 2d 8d 58 2e ae 27 34 |S.~7...q.-.X..'4|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 07 34 2c 55 6a c5 14 e7 0a 51 94 |......4,Uj....Q.|
+00000010 74 ad e1 c0 4d e8 1c 3e ad 3e 8e 71 e5 60 9c d8 |t...M..>.>.q.`..|
+00000020 6a 44 ac 17 03 03 00 13 09 9e 97 ff 3d b8 f1 a6 |jD..........=...|
+00000030 5d f9 8f b0 65 93 31 6b 9d 81 76 |]...e.1k..v|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-HelloRetryRequest b/src/crypto/tls/testdata/Server-TLSv13-HelloRetryRequest
new file mode 100644
index 0000000..96a5488
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-HelloRetryRequest
@@ -0,0 +1,129 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 da 01 00 00 d6 03 03 ab e7 6d 22 09 |.............m".|
+00000010 bf 08 ef a1 7e 7c 8d ea fd a5 39 43 62 84 67 a8 |....~|....9Cb.g.|
+00000020 df b1 a1 3a d7 37 dc 0d ef 27 54 20 20 f3 5b 41 |...:.7...'T .[A|
+00000030 67 3e 30 d8 8e 2d 0f a1 c2 df 86 48 8c 05 bb d7 |g>0..-.....H....|
+00000040 73 30 80 86 cf 2c 85 d1 2a fe 21 36 00 08 13 02 |s0...,..*.!6....|
+00000050 13 03 13 01 00 ff 01 00 00 85 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 06 00 04 00 1d 00 17 00 16 |................|
+00000080 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................|
+00000090 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+000000a0 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......|
+000000b0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 1a |-.....3.&.$... .|
+000000c0 ae 88 dd 6c 7c 4c fb e5 65 ca 8e 63 a1 97 4c d3 |...l|L..e..c..L.|
+000000d0 33 ff 00 95 db 0b ce 67 62 26 78 27 52 f0 5c |3......gb&x'R.\|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.|
+00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z|
+00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 20 f3 5b 41 |..^......3. .[A|
+00000030 67 3e 30 d8 8e 2d 0f a1 c2 df 86 48 8c 05 bb d7 |g>0..-.....H....|
+00000040 73 30 80 86 cf 2c 85 d1 2a fe 21 36 13 02 00 00 |s0...,..*.!6....|
+00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 14 03 03 |..+.....3.......|
+00000060 00 01 01 |...|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 16 03 03 00 fb 01 00 00 f7 03 |................|
+00000010 03 ab e7 6d 22 09 bf 08 ef a1 7e 7c 8d ea fd a5 |...m".....~|....|
+00000020 39 43 62 84 67 a8 df b1 a1 3a d7 37 dc 0d ef 27 |9Cb.g....:.7...'|
+00000030 54 20 20 f3 5b 41 67 3e 30 d8 8e 2d 0f a1 c2 df |T .[Ag>0..-....|
+00000040 86 48 8c 05 bb d7 73 30 80 86 cf 2c 85 d1 2a fe |.H....s0...,..*.|
+00000050 21 36 00 08 13 02 13 03 13 01 00 ff 01 00 00 a6 |!6..............|
+00000060 00 00 00 0e 00 0c 00 00 09 31 32 37 2e 30 2e 30 |.........127.0.0|
+00000070 2e 31 00 0b 00 04 03 00 01 02 00 0a 00 06 00 04 |.1..............|
+00000080 00 1d 00 17 00 16 00 00 00 17 00 00 00 0d 00 1e |................|
+00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+|
+000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 47 00 |......-.....3.G.|
+000000c0 45 00 17 00 41 04 22 3e 1f 4b 0f 2e f4 af bf 6c |E...A.">.K.....l|
+000000d0 d7 35 69 72 23 00 3f 16 6a 8e 00 3e 2b 8f f8 60 |.5ir#.?.j..>+..`|
+000000e0 17 e8 e8 80 f3 28 5d cd 1f f7 99 88 59 01 a5 d7 |.....(].....Y...|
+000000f0 34 d0 d9 38 5b 73 3e d6 3c c8 9e 39 8f 45 d0 37 |4..8[s>.<..9.E.7|
+00000100 aa 5b 8e 59 2f 0c |.[.Y/.|
+>>> Flow 4 (server to client)
+00000000 16 03 03 00 9b 02 00 00 97 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 20 f3 5b 41 |........... .[A|
+00000030 67 3e 30 d8 8e 2d 0f a1 c2 df 86 48 8c 05 bb d7 |g>0..-.....H....|
+00000040 73 30 80 86 cf 2c 85 d1 2a fe 21 36 13 02 00 00 |s0...,..*.!6....|
+00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.|
+00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.|
+00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^|
+00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B|
+00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.|
+000000a0 17 03 03 00 17 4c 08 ad d8 7f 86 a1 1f b2 dc 89 |.....L..........|
+000000b0 38 bf d4 75 ff 9e db 74 59 3c 86 5c 17 03 03 02 |8..u...tY<.\....|
+000000c0 6d f3 65 9c 3b 80 4f c0 c4 a6 e5 e1 32 49 06 13 |m.e.;.O.....2I..|
+000000d0 b8 60 18 50 c4 1c 38 f7 1a 42 89 49 14 40 4c fc |.`.P..8..B.I.@L.|
+000000e0 7c 3c 2b 70 2d 8b e7 99 f8 2e 1d 50 c8 b3 8b cd ||<+p-......P....|
+000000f0 59 a8 f7 89 4d 93 c6 1e f9 94 e3 69 25 92 48 61 |Y...M......i%.Ha|
+00000100 06 4a 89 f5 4b 57 93 a7 20 23 0b bb e5 00 8a 43 |.J..KW.. #.....C|
+00000110 fb 98 29 08 df 32 89 1a d6 87 f0 97 dc 8b f5 3f |..)..2.........?|
+00000120 e2 54 32 2e 23 04 c4 87 0a 0f 99 ef c5 28 64 13 |.T2.#........(d.|
+00000130 6c 62 29 e1 3a 21 84 bb 56 f9 92 24 58 75 48 8b |lb).:!..V..$XuH.|
+00000140 25 59 9f e1 a5 aa ee 44 3e 64 e5 af ac 0e 6e 18 |%Y.....D>d....n.|
+00000150 6e dc 43 87 4d bd 26 1e c1 0a 5f 8b a7 2d 8c cc |n.C.M.&..._..-..|
+00000160 94 25 60 59 33 ef 38 93 a3 d1 63 5b 9b ae 10 2f |.%`Y3.8...c[.../|
+00000170 63 af 27 32 35 b8 db 75 e8 e6 19 09 8e f3 b1 4d |c.'25..u.......M|
+00000180 b6 8a 83 6c 88 41 3a d9 1e da ad b3 06 3b ba 41 |...l.A:......;.A|
+00000190 f9 fd 23 46 a5 9e 8a 11 31 d9 f6 8c 56 32 eb a8 |..#F....1...V2..|
+000001a0 7f c1 0a d1 78 c7 46 cb b5 f7 3f 7e 56 39 75 45 |....x.F...?~V9uE|
+000001b0 5b fb 84 b4 16 28 14 4c 45 9d f4 8d 65 38 5d 93 |[....(.LE...e8].|
+000001c0 53 ab 5e ae bc 9c 73 4b cb d2 85 cd d8 a7 00 67 |S.^...sK.......g|
+000001d0 f8 0c c3 81 0b fc 5b f8 74 4f 6a 2f 3c 57 68 22 |......[.tOj/<Wh"|
+000001e0 ba 41 10 f7 2d 15 02 40 6d d8 16 19 93 2b e6 c1 |.A..-..@m....+..|
+000001f0 ea e0 19 34 65 f9 2f f4 ef 90 6a af 33 66 a6 6e |...4e./...j.3f.n|
+00000200 09 47 f0 42 b1 b0 e7 46 d2 e3 2e ce 1f 40 8b 84 |.G.B...F.....@..|
+00000210 a6 b6 4e 6c 05 15 46 c3 e5 ba 1b 6e bd 51 63 c0 |..Nl..F....n.Qc.|
+00000220 9d 81 60 c5 65 61 8b 74 71 cb 42 cc 01 a1 9d e8 |..`.ea.tq.B.....|
+00000230 0f 98 3c 07 4f ce 05 5a a3 83 71 27 11 01 8c 9f |..<.O..Z..q'....|
+00000240 39 e9 74 ff 46 a5 20 88 b3 fd 8b 7b 4e 4b 45 04 |9.t.F. ....{NKE.|
+00000250 3c ad 36 c4 31 3d d7 28 35 2d 4a 7a 09 37 15 4a |<.6.1=.(5-Jz.7.J|
+00000260 1b 7c 49 1e 6e 12 b7 5d da 2e f5 4a 69 a6 44 ab |.|I.n..]...Ji.D.|
+00000270 72 0f 98 34 e8 70 89 93 c0 6b 3b 27 58 ac 54 de |r..4.p...k;'X.T.|
+00000280 92 94 66 e5 8e 22 fc fb 57 a8 ae ce 22 ef 68 bd |..f.."..W...".h.|
+00000290 94 19 b4 48 35 c6 5f 8d 0f a4 c6 3c 96 07 42 74 |...H5._....<..Bt|
+000002a0 c2 95 5a 9f f8 23 34 a0 8d 77 a7 44 c1 7c 03 3a |..Z..#4..w.D.|.:|
+000002b0 1c f8 81 5f fc 0c ad 08 1f 7f 0a 52 2a 42 bd ec |..._.......R*B..|
+000002c0 a2 ce 69 72 ee af 2f f3 bf b3 9a 9f 78 4d 85 bb |..ir../.....xM..|
+000002d0 e1 34 8d 0a 26 95 88 00 ec d3 b6 62 21 4a 41 61 |.4..&......b!JAa|
+000002e0 a3 75 93 a6 69 ac f6 04 91 f8 de be 55 e6 d6 54 |.u..i.......U..T|
+000002f0 1c 88 f7 7a 09 30 51 4f 7a 98 3c 87 9d d4 61 e8 |...z.0QOz.<...a.|
+00000300 33 49 9d 56 a4 f7 b7 6e 54 d3 13 af 4e 59 b3 4b |3I.V...nT...NY.K|
+00000310 98 35 88 cf 83 a6 18 e2 7c 35 9b 16 ed 61 50 24 |.5......|5...aP$|
+00000320 5b 19 10 b9 23 76 1e 47 19 10 ec 1a 15 d7 17 03 |[...#v.G........|
+00000330 03 00 99 28 10 54 a3 1f 8c 2d 15 bf f3 af f5 1b |...(.T...-......|
+00000340 78 83 9c 77 ca 6f 9e 16 d6 2e 29 92 90 9b 86 1f |x..w.o....).....|
+00000350 c8 25 b3 dc c2 c1 2e 66 cc ac 66 03 dd f7 76 69 |.%.....f..f...vi|
+00000360 a7 8f 8d af eb 44 ca 1b ea 5a bb 16 02 cc 1b 60 |.....D...Z.....`|
+00000370 2d 59 5c 7d 85 49 e9 6e 68 58 96 fb 3d 49 00 e4 |-Y\}.I.nhX..=I..|
+00000380 59 ee 85 21 8a 56 0b 97 87 da 85 21 f7 f1 2f 39 |Y..!.V.....!../9|
+00000390 4f 62 01 b8 5f c7 4d 5b 95 0e bb ca 12 8e e6 b6 |Ob.._.M[........|
+000003a0 47 c4 04 be ab ad ab c1 92 47 5b 45 a6 48 84 c8 |G........G[E.H..|
+000003b0 78 ba f6 56 a9 dd 2b 6a a3 74 74 7c 5d 71 e6 19 |x..V..+j.tt|]q..|
+000003c0 30 03 f4 31 0f da 6f 30 51 6f 3a d7 17 03 03 00 |0..1..o0Qo:.....|
+000003d0 45 4b bc 8f e0 29 9a c9 6d cd 98 f8 5d 3a a0 45 |EK...)..m...]:.E|
+000003e0 5b 87 f2 bc d9 17 68 e9 ce bf fe a3 98 df 90 4b |[.....h........K|
+000003f0 f0 ef 93 ea 12 f7 4c 01 e0 95 49 1b b9 6e 77 2f |......L...I..nw/|
+00000400 fb 9e e9 26 89 c4 4f 12 6d 55 75 86 16 c5 c2 d3 |...&..O.mUu.....|
+00000410 e8 79 5a 8c ae 70 17 03 03 00 a3 73 01 2b 9d c6 |.yZ..p.....s.+..|
+00000420 bd ed d8 43 5e 93 80 8a a3 b3 86 97 51 00 aa bc |...C^.......Q...|
+00000430 0d 15 5f 2d 65 0a 86 f8 13 39 93 51 5a 07 e0 97 |.._-e....9.QZ...|
+00000440 5f c1 3e 0f 97 c6 92 a2 bb 2c 62 c8 d9 78 c7 4c |_.>......,b..x.L|
+00000450 99 cb 38 ad ef a4 00 42 51 04 3b b8 4b 06 89 ee |..8....BQ.;.K...|
+00000460 33 48 3e c7 72 9c de f2 e4 23 5f 76 33 db cb 92 |3H>.r....#_v3...|
+00000470 92 b0 90 ea 25 4f 05 68 b3 8e 59 9c 36 8b 1b b0 |....%O.h..Y.6...|
+00000480 02 73 96 bf e6 fe 80 2c 32 26 ac 91 33 af cd 86 |.s.....,2&..3...|
+00000490 57 cc de d3 a2 eb 9e 43 ea 5b d4 56 f0 1b 95 3b |W......C.[.V...;|
+000004a0 a1 da 33 21 cb 0b 48 92 35 73 0c 33 01 c4 6d 79 |..3!..H.5s.3..my|
+000004b0 7a bb 39 a1 32 3a 85 18 9f 91 a7 e1 42 0a |z.9.2:......B.|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 45 b7 e2 1a d9 6a aa c1 54 e3 9a 42 |....E....j..T..B|
+00000010 11 cd 13 c2 dc 5a b0 fa e3 62 09 a1 4b 9a a1 b3 |.....Z...b..K...|
+00000020 84 7b 63 29 69 47 5c bf ca c6 36 2f ae e0 2f 6e |.{c)iG\...6/../n|
+00000030 1b 42 c4 c9 65 17 e8 bd c4 97 5b e4 5f 27 86 d2 |.B..e.....[._'..|
+00000040 1f 97 1f 68 9a 1f ee 09 04 82 |...h......|
+>>> Flow 6 (server to client)
+00000000 17 03 03 00 1e ed fb 39 62 34 b9 5d a3 db 30 fe |.......9b4.]..0.|
+00000010 ed 5e 92 77 44 7e fb 77 84 5e 54 6b 11 7c 27 99 |.^.wD~.w.^Tk.|'.|
+00000020 80 66 a5 17 03 03 00 13 9b 78 92 3b 84 3d cb 69 |.f.......x.;.=.i|
+00000030 86 2b d1 db cc 91 d3 00 55 43 2f |.+......UC/|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-IssueTicket b/src/crypto/tls/testdata/Server-TLSv13-IssueTicket
new file mode 100644
index 0000000..1a8b384
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-IssueTicket
@@ -0,0 +1,103 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e4 01 00 00 e0 03 03 26 46 4d 2d 7d |...........&FM-}|
+00000010 5c dc ef fb 2b 8b f7 15 4b ba 8b 1a 26 da f6 9b |\...+...K...&...|
+00000020 e6 3c c6 8c a0 f9 6c 60 f6 11 81 20 53 f8 00 fb |.<....l`... S...|
+00000030 8b be ff 98 74 c9 d9 3d aa 40 4d 0e 05 96 f9 30 |....t..=.@M....0|
+00000040 d6 f5 7b f1 bc 31 18 30 5f 24 03 a8 00 08 13 02 |..{..1.0_$......|
+00000050 13 03 13 01 00 ff 01 00 00 8f 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................|
+000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....|
+000000c0 33 00 26 00 24 00 1d 00 20 b6 ad 52 4d 37 b1 eb |3.&.$... ..RM7..|
+000000d0 1e 57 2b a8 5d e7 43 b9 a0 98 47 8b ff 40 a9 14 |.W+.].C...G..@..|
+000000e0 9e 23 26 c7 47 a7 cb f6 47 |.#&.G...G|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 53 f8 00 fb |........... S...|
+00000030 8b be ff 98 74 c9 d9 3d aa 40 4d 0e 05 96 f9 30 |....t..=.@M....0|
+00000040 d6 f5 7b f1 bc 31 18 30 5f 24 03 a8 13 02 00 00 |..{..1.0_$......|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 b9 4a b7 2a b5 48 |...........J.*.H|
+00000090 bc ba 18 3e 1a 99 bd fa 0d fc 2a 5d 52 93 b5 97 |...>......*]R...|
+000000a0 5c 17 03 03 02 6d 30 8f 19 00 1c fa 90 a7 6c 08 |\....m0.......l.|
+000000b0 6f 5a e8 d8 e0 3e 81 30 f1 11 85 7e 35 47 b3 d0 |oZ...>.0...~5G..|
+000000c0 48 95 ce af e6 2f fc 22 0a 5f 56 bd 1c 7d 8c 48 |H..../."._V..}.H|
+000000d0 f3 ad b7 5b 2e 4b d8 d1 16 46 7a ba c3 71 02 3c |...[.K...Fz..q.<|
+000000e0 54 75 b8 92 02 b1 b9 cc 15 c4 fa d1 2d ba 0d 9f |Tu..........-...|
+000000f0 65 a1 78 0d 8f d6 1c be fa 42 1f d7 48 1a 8e 11 |e.x......B..H...|
+00000100 64 4c 12 ef bd 65 9d b4 31 18 4f 2a 77 c4 1f 1b |dL...e..1.O*w...|
+00000110 90 90 37 ea 59 aa 05 bf 45 04 fb e8 a9 3f f9 11 |..7.Y...E....?..|
+00000120 f9 25 95 fc d4 8e 5c 84 19 f3 4c e4 05 c3 db 8c |.%....\...L.....|
+00000130 07 f9 b3 b0 6d ce d3 14 aa 78 17 f9 2f 14 1b bc |....m....x../...|
+00000140 4b 23 29 f1 2e 7c 3b 71 9b cf 0b d5 02 48 5e ce |K#)..|;q.....H^.|
+00000150 9c 43 dd 29 17 42 0b 9d 0e a7 a7 93 e1 37 cc 97 |.C.).B.......7..|
+00000160 df 0f 2d d3 f7 01 08 34 5f bd ad 12 12 6f 87 56 |..-....4_....o.V|
+00000170 4e 99 16 f6 6e 61 5c f0 0e 30 0b d5 38 37 70 97 |N...na\..0..87p.|
+00000180 ed e1 79 74 00 cc 55 be a9 32 7d 72 50 27 42 c9 |..yt..U..2}rP'B.|
+00000190 99 64 ea bd 3e c8 4f b0 cc 31 ef 10 57 9f c1 02 |.d..>.O..1..W...|
+000001a0 ca db f6 d6 53 94 d2 83 57 71 e9 06 7a dd 46 3b |....S...Wq..z.F;|
+000001b0 b1 2c f8 87 1c 8b 8a 04 05 2f d0 32 54 9a 80 33 |.,......./.2T..3|
+000001c0 b2 95 e5 62 71 e9 1a 3b ea 64 ee 81 29 c4 ea 53 |...bq..;.d..)..S|
+000001d0 de 6b 27 b1 04 48 27 ba 7f 28 aa 9e 15 82 49 a9 |.k'..H'..(....I.|
+000001e0 43 3d d3 33 82 50 a9 4e 38 ed 8d f8 e8 0e 11 ab |C=.3.P.N8.......|
+000001f0 8b 6e 63 e9 c1 cf ee 45 4f a0 62 e7 2e 00 b8 61 |.nc....EO.b....a|
+00000200 2a 29 5e 04 e2 81 11 b3 64 f3 b5 b0 ec ae 63 6c |*)^.....d.....cl|
+00000210 27 56 ac f2 09 d3 a4 c8 18 4a 55 c8 ff fd 8b 42 |'V.......JU....B|
+00000220 63 00 3a c9 25 40 b7 8d 17 f3 95 76 7b 01 cf bc |c.:.%@.....v{...|
+00000230 9b a7 4c 03 4a 7d 3c 54 16 8f 84 ca 2f 1a f5 12 |..L.J}<T..../...|
+00000240 cd 89 93 62 1f ff 8f 03 5d 06 e8 d7 9f 39 65 4e |...b....]....9eN|
+00000250 09 b9 a8 e5 16 e8 6f 0d 0f ad d3 e2 95 cc fe 4b |......o........K|
+00000260 fb e6 61 9a 25 00 3d b3 81 11 ea 4f e8 a9 f0 ee |..a.%.=....O....|
+00000270 81 6c 79 d9 f8 76 d3 e8 76 a9 e2 85 bc 74 0c 7a |.ly..v..v....t.z|
+00000280 c3 e2 eb cc f5 78 6e b6 2d 50 d3 65 ae f5 41 8e |.....xn.-P.e..A.|
+00000290 86 9a 26 ba 36 44 15 16 a6 4b d7 b0 63 91 90 f8 |..&.6D...K..c...|
+000002a0 ee 0a 83 83 cc d2 8b d3 a7 2c 8e 03 10 ac 76 cf |.........,....v.|
+000002b0 16 27 1e 43 d3 fc d8 50 e7 73 63 36 ef 78 f7 a6 |.'.C...P.sc6.x..|
+000002c0 27 14 39 1f 98 e3 f6 0b d6 93 79 8e 31 a9 6e 41 |'.9.......y.1.nA|
+000002d0 2f 03 ab 11 9e 96 1e 16 be bf 0b 73 5c c9 32 57 |/..........s\.2W|
+000002e0 e7 e3 24 66 07 9d 3d 29 e4 aa 22 e1 ce c6 fa c0 |..$f..=)..".....|
+000002f0 84 cc 0d a7 f7 c2 d1 d2 19 5c 5b 37 31 a3 fe fd |.........\[71...|
+00000300 95 81 c2 8f 2f c6 11 f8 7e 94 d6 41 60 ba e8 6b |..../...~..A`..k|
+00000310 ea 2c 2a 17 03 03 00 99 f7 51 bf 4c da 85 85 a6 |.,*......Q.L....|
+00000320 8f d7 35 25 32 87 01 22 44 7c 61 22 06 72 3e 18 |..5%2.."D|a".r>.|
+00000330 f1 1e 11 c7 72 f5 65 b4 03 38 f2 48 16 a9 20 31 |....r.e..8.H.. 1|
+00000340 c2 52 4c 33 92 70 45 91 19 f4 5c 08 77 49 af 25 |.RL3.pE...\.wI.%|
+00000350 8e b5 bd 3f e3 93 dc e6 26 b0 8a 30 69 f1 86 17 |...?....&..0i...|
+00000360 72 31 66 87 2f d4 42 70 4c e0 58 61 6e b2 38 0b |r1f./.BpL.Xan.8.|
+00000370 13 ad 32 83 14 81 d4 af dd 9f 17 09 af 3b 64 78 |..2..........;dx|
+00000380 c8 63 da 05 70 47 54 f9 c6 f5 f8 e6 97 e1 d0 87 |.c..pGT.........|
+00000390 aa 5a e7 5b d3 a3 b3 ce be 56 30 e7 4d ad 43 bd |.Z.[.....V0.M.C.|
+000003a0 5e 88 9a ef 34 78 06 eb 6f 8f 04 39 47 6a c2 3d |^...4x..o..9Gj.=|
+000003b0 ba 17 03 03 00 45 89 37 db 55 b2 9e 6e 31 a0 9b |.....E.7.U..n1..|
+000003c0 97 51 27 13 b0 7e 2e 85 4a 9b 72 b0 fe c5 e4 12 |.Q'..~..J.r.....|
+000003d0 fd ea 29 d5 bb ae a2 24 e2 0d b4 cd 28 92 5c 88 |..)....$....(.\.|
+000003e0 98 b4 e4 8e a8 46 c6 a0 0e c0 73 ba f7 62 3a 43 |.....F....s..b:C|
+000003f0 1a c7 d3 4b 5b 47 7b 44 8b bb 7b 17 03 03 00 a3 |...K[G{D..{.....|
+00000400 f1 5f 26 2b 1c 99 6d 1d 55 bc a7 2f ae c8 3a ed |._&+..m.U../..:.|
+00000410 5a 16 3c 83 e8 d4 18 7e 84 fa ba 21 0f 30 b0 05 |Z.<....~...!.0..|
+00000420 ec 45 92 53 80 7a 78 d4 9e e0 02 e9 11 74 a6 e2 |.E.S.zx......t..|
+00000430 87 7e 43 26 c0 18 46 6b 28 e5 f4 92 89 5c 0d b5 |.~C&..Fk(....\..|
+00000440 8d 90 55 4f 3b 0a f4 ba 1b fb 60 54 46 23 03 28 |..UO;.....`TF#.(|
+00000450 6e c3 3b 4d 69 62 65 d5 4e 95 46 c9 f2 8d ae f9 |n.;Mibe.N.F.....|
+00000460 53 a6 65 da ca 1e b7 f7 80 a8 97 97 ca 38 14 a5 |S.e..........8..|
+00000470 34 81 e2 68 12 fb 45 90 c2 f9 c9 70 fe 28 b8 b5 |4..h..E....p.(..|
+00000480 6c 1d 2c d4 07 69 1d eb 1f 4b df ba ca 5e e0 65 |l.,..i...K...^.e|
+00000490 ad ee be 41 02 78 23 19 b9 ea 1d 65 20 43 0e 3d |...A.x#....e C.=|
+000004a0 11 03 b3 |...|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 88 0d 45 f0 61 |..........E..E.a|
+00000010 a3 d0 7b 33 9e 17 c5 c3 6f 8f f6 67 b8 03 65 5f |..{3....o..g..e_|
+00000020 bf 94 e9 1d 58 eb 4d 12 68 8a 96 42 6f 08 08 b8 |....X.M.h..Bo...|
+00000030 be ce 2c f0 c4 00 d4 22 e6 94 09 05 f2 a7 77 0f |..,...."......w.|
+00000040 48 e9 5c 6c e9 b2 9a d6 ff 48 2b 08 9a ea 23 1a |H.\l.....H+...#.|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 2a f5 09 7f 7b 5f 8a ff d3 cc 16 |.....*...{_.....|
+00000010 d1 d3 38 76 5c f7 e3 ee f3 72 b5 92 8e f9 bf 37 |..8v\....r.....7|
+00000020 7e dc 61 17 03 03 00 13 66 ba 9e ff 3a 9f 25 74 |~.a.....f...:.%t|
+00000030 44 35 70 f4 cf ae dc b0 3c 28 44 |D5p.....<(D|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-IssueTicketPreDisable b/src/crypto/tls/testdata/Server-TLSv13-IssueTicketPreDisable
new file mode 100644
index 0000000..ed3f55a
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-IssueTicketPreDisable
@@ -0,0 +1,103 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e4 01 00 00 e0 03 03 4a ec fd a5 c5 |...........J....|
+00000010 ef 77 88 18 25 40 50 c8 24 60 45 85 e6 3e 55 86 |.w..%@P.$`E..>U.|
+00000020 d1 ea 0e 5f 0b d1 66 7a 1c 90 ad 20 a3 63 23 52 |..._..fz... .c#R|
+00000030 d8 c8 f6 79 20 04 8d 07 eb 2f 78 a3 1a 0d 58 af |...y ..../x...X.|
+00000040 70 3c ef 4b 90 43 42 67 57 39 bf fa 00 08 13 02 |p<.K.CBgW9......|
+00000050 13 03 13 01 00 ff 01 00 00 8f 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................|
+000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....|
+000000c0 33 00 26 00 24 00 1d 00 20 23 61 a3 8f f6 41 bc |3.&.$... #a...A.|
+000000d0 08 52 ef 97 01 0e ba 95 f4 33 b6 8d 15 d0 ff ed |.R.......3......|
+000000e0 a4 d1 84 23 3b f3 ef 3a 2d |...#;..:-|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 a3 63 23 52 |........... .c#R|
+00000030 d8 c8 f6 79 20 04 8d 07 eb 2f 78 a3 1a 0d 58 af |...y ..../x...X.|
+00000040 70 3c ef 4b 90 43 42 67 57 39 bf fa 13 02 00 00 |p<.K.CBgW9......|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 80 72 6f c7 2d 22 |...........ro.-"|
+00000090 40 51 35 22 9b 97 51 33 60 fa c1 2c d3 0f 25 6a |@Q5"..Q3`..,..%j|
+000000a0 4d 17 03 03 02 6d f3 3a 89 a6 9a 1f 2b f4 1a 48 |M....m.:....+..H|
+000000b0 e9 bd ef da 9d 7b f0 6c 61 ca 21 82 1b 30 6f 60 |.....{.la.!..0o`|
+000000c0 01 72 24 4f ea 66 ef 3b 35 b7 ae d9 45 c9 2a 00 |.r$O.f.;5...E.*.|
+000000d0 99 da 50 ae ac 8f 77 a4 e7 b4 de f6 c8 dd b8 f3 |..P...w.........|
+000000e0 bc cb 7c c8 cf 2f 63 61 66 16 7f 7f 61 2c 52 c9 |..|../caf...a,R.|
+000000f0 8f af 0d e2 55 d7 a4 ed 7e 12 b0 0d ec e9 a4 47 |....U...~......G|
+00000100 03 e6 fa d1 6b 2f e3 22 a8 f5 c5 e6 e6 78 63 a1 |....k/.".....xc.|
+00000110 b7 00 98 04 e8 fd ff 67 62 dc 89 f4 0d 97 93 4e |.......gb......N|
+00000120 85 ec e0 68 f0 04 94 02 49 95 f9 08 99 30 37 d8 |...h....I....07.|
+00000130 ad 31 52 1d 1d 23 09 9e 7a 97 45 d3 95 2f 03 2d |.1R..#..z.E../.-|
+00000140 64 f7 5b cb 53 f5 89 ef 45 90 72 38 33 aa 62 1e |d.[.S...E.r83.b.|
+00000150 b8 3e 00 b2 7f 89 0b 3a e6 17 93 ac 19 7d 09 bd |.>.....:.....}..|
+00000160 ca ca 83 87 33 f9 f0 63 f3 4e 7b 47 56 0d cb b5 |....3..c.N{GV...|
+00000170 90 81 88 cd 02 78 bf 96 64 c0 ba 58 b5 06 18 04 |.....x..d..X....|
+00000180 d9 14 8b 92 74 81 76 b3 23 d9 ad 4c 8b 73 61 36 |....t.v.#..L.sa6|
+00000190 64 d9 b6 2e 98 7e 7f d4 14 6e 4c a4 b4 71 35 5b |d....~...nL..q5[|
+000001a0 4d e7 10 a8 b3 bb 40 5d 9f de 67 bb ae 0c 97 8b |M.....@]..g.....|
+000001b0 25 cf cb aa 13 44 9f cb ff 2e 1c 54 ca de cb 13 |%....D.....T....|
+000001c0 f9 c7 0e 49 9d d0 b3 d5 0e 29 3c 50 b9 2b 56 1f |...I.....)<P.+V.|
+000001d0 5a 40 c9 73 84 34 34 28 25 8d aa cb 65 42 26 0c |Z@.s.44(%...eB&.|
+000001e0 26 09 58 9c ae 9f b8 f9 10 b1 01 aa 36 c1 57 16 |&.X.........6.W.|
+000001f0 0f c6 d2 8b bc 71 0e 38 f5 60 d3 24 a5 f1 2e 8c |.....q.8.`.$....|
+00000200 2f 59 e7 5a 24 1b 8a 13 89 0c da dc cf bd 8a 6b |/Y.Z$..........k|
+00000210 b6 75 a8 18 35 bb 2d ee c4 b8 92 09 28 a9 3d cf |.u..5.-.....(.=.|
+00000220 ab 98 c1 d2 f2 94 4d 16 e6 39 73 8d 33 50 77 f6 |......M..9s.3Pw.|
+00000230 10 4c 6d 94 f3 7d 0f bf c5 8b b9 d4 20 2c de 95 |.Lm..}...... ,..|
+00000240 b2 2a 22 38 f2 d2 57 72 72 6d 30 7d 9b e3 dc c5 |.*"8..Wrrm0}....|
+00000250 51 e9 b1 e7 7a b5 ab df fc b2 18 02 e1 57 b9 36 |Q...z........W.6|
+00000260 d1 27 c0 eb 5f 64 dd fb f7 66 1d 51 72 f3 ef 12 |.'.._d...f.Qr...|
+00000270 ef 36 bf e3 1b d1 e0 b5 53 65 5b 7d fd bd f4 67 |.6......Se[}...g|
+00000280 53 b1 7f 72 66 84 6c 73 b7 05 60 b1 21 5b 4b fb |S..rf.ls..`.![K.|
+00000290 54 cc e0 63 d4 c5 9b 7f 2a d8 09 26 3f 53 3c 97 |T..c....*..&?S<.|
+000002a0 f6 9d 5f 6e a3 41 39 cf 16 52 31 b1 37 ec 9f 4e |.._n.A9..R1.7..N|
+000002b0 67 55 d8 3b 0d 14 ab db 07 7d 3f e8 69 19 6b 7c |gU.;.....}?.i.k||
+000002c0 4e f5 14 af 54 82 8a 4c 7a b6 d2 51 0b 73 3d 88 |N...T..Lz..Q.s=.|
+000002d0 0d aa 06 ea bc ca ca c6 b8 59 ea 93 71 26 8a d8 |.........Y..q&..|
+000002e0 7e 7b f6 b0 8f fc 2f e8 98 e7 b9 31 78 52 94 cf |~{..../....1xR..|
+000002f0 75 02 b1 bb b5 59 e8 8b 8a e7 9b c9 4a cb 76 b7 |u....Y......J.v.|
+00000300 0e e6 d0 f1 d5 8a 0e 4e f9 19 7a d4 64 a5 f7 ae |.......N..z.d...|
+00000310 57 e9 e1 17 03 03 00 99 c8 6c 18 24 6c 22 19 e7 |W........l.$l"..|
+00000320 89 fc 32 fa cb 52 34 43 d8 d3 ff a1 6d f8 69 63 |..2..R4C....m.ic|
+00000330 fa 06 17 6c 9b 35 d9 6b 3a be 87 7e e4 da 6c e5 |...l.5.k:..~..l.|
+00000340 2a c5 0c 9e e8 c6 06 d4 3f c2 7a bc 38 56 8c 31 |*.......?.z.8V.1|
+00000350 17 63 e0 71 3b 1b 0c bb a1 4d 45 fe df ca 15 45 |.c.q;....ME....E|
+00000360 cd 21 0d 1d f1 f7 82 e0 94 54 be 5e e4 ee 59 13 |.!.......T.^..Y.|
+00000370 21 de 65 7e 47 84 26 b7 35 59 20 da 44 a9 67 e7 |!.e~G.&.5Y .D.g.|
+00000380 a7 88 d2 60 e7 ba f0 eb 49 1f 52 a7 28 40 65 51 |...`....I.R.(@eQ|
+00000390 7e eb 07 8c 2d a6 b2 e9 b5 2a d3 9b 7b dd bd 62 |~...-....*..{..b|
+000003a0 28 a2 17 d1 cf 00 cc 32 c1 88 d7 b1 49 73 1c 32 |(......2....Is.2|
+000003b0 ef 17 03 03 00 45 86 f5 39 0f af bd 4c 1e c8 43 |.....E..9...L..C|
+000003c0 6e a0 55 92 a8 de 0a 5f 69 9c 9e 23 13 14 34 fb |n.U...._i..#..4.|
+000003d0 93 d9 4e 8b 84 c6 a3 94 78 59 98 b7 fb 11 f4 1f |..N.....xY......|
+000003e0 96 aa 2e c4 e4 94 66 4a 75 50 88 17 b7 3f cb 5c |......fJuP...?.\|
+000003f0 cd c4 e1 2f 09 37 c5 d8 e0 ea c5 17 03 03 00 a3 |.../.7..........|
+00000400 54 5f 79 a8 6a 07 d6 b8 35 ac cc 31 7c d8 33 5e |T_y.j...5..1|.3^|
+00000410 00 11 14 b2 1f 0e 04 31 6e 89 a8 95 d8 9a f4 43 |.......1n......C|
+00000420 6c 64 60 b9 3e e2 31 7b 95 cd a4 89 f6 eb a9 10 |ld`.>.1{........|
+00000430 06 d6 19 09 44 c2 8f 7c ef bd ea 06 a6 8f 38 42 |....D..|......8B|
+00000440 1b a1 be 12 1f 72 38 49 96 e4 74 2f 42 19 2c 55 |.....r8I..t/B.,U|
+00000450 16 45 a9 e0 a8 76 6d 36 68 84 fd 0e 40 44 df 93 |.E...vm6h...@D..|
+00000460 ae 12 79 78 4c ec 72 16 fe 54 c0 14 ac 47 ed 88 |..yxL.r..T...G..|
+00000470 78 98 c8 cb ca 49 de fd 12 e1 96 d0 c7 89 ee 89 |x....I..........|
+00000480 df d5 71 98 8a 42 7e 3e 24 5a 64 44 19 96 cc e4 |..q..B~>$ZdD....|
+00000490 9c f2 8e 52 8b 1d 39 15 af c7 cd 54 d9 84 01 ef |...R..9....T....|
+000004a0 fc ac 54 |..T|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 a6 fe 34 ee 91 |..........E..4..|
+00000010 b0 c5 35 55 cf 70 3f d4 5d 06 76 28 c3 b5 a9 26 |..5U.p?.].v(...&|
+00000020 38 18 ed bb bb bb be e7 4b 6d 61 3e 8f 65 e9 e3 |8.......Kma>.e..|
+00000030 b6 4f 5d 50 46 2c 81 a8 fd 47 aa c8 c4 e8 f9 a4 |.O]PF,...G......|
+00000040 e7 c7 f0 c5 fa e3 9c b7 be 09 c9 37 c1 7f 1c ff |...........7....|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 1b 5e f2 20 7a 1c 27 36 12 e7 9a |......^. z.'6...|
+00000010 05 9f fb 12 38 df 1d a0 3e 90 9a 42 4d ca 3a 54 |....8...>..BM.:T|
+00000020 db 2c f0 17 03 03 00 13 b1 e4 a6 eb ad 47 ba 4c |.,...........G.L|
+00000030 38 2c ee ee f9 a5 8a 41 2f ce 3d |8,.....A/.=|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-P256 b/src/crypto/tls/testdata/Server-TLSv13-P256
new file mode 100644
index 0000000..86085b0
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-P256
@@ -0,0 +1,106 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 f9 01 00 00 f5 03 03 3f 2f 76 da 5e |...........?/v.^|
+00000010 bc ca 96 5b e3 c5 ff 45 18 e9 dc 7e b3 e8 97 f5 |...[...E...~....|
+00000020 d1 d5 19 c0 4d a4 5d ce 34 1b e4 20 5f fe 5f 0c |....M.].4.. _._.|
+00000030 88 92 65 b9 c6 ac 7f 3e dc a3 f7 ad e2 21 08 41 |..e....>.....!.A|
+00000040 f8 36 e4 61 67 71 69 56 7f 6b d1 fc 00 08 13 02 |.6.agqiV.k......|
+00000050 13 03 13 01 00 ff 01 00 00 a4 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 04 00 02 00 17 00 16 00 00 |................|
+00000080 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................|
+00000090 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+000000a0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.|
+000000b0 02 01 01 00 33 00 47 00 45 00 17 00 41 04 d3 57 |....3.G.E...A..W|
+000000c0 de 53 6a 81 d5 e8 c2 68 cd 05 90 9b 0e b2 7e 5d |.Sj....h......~]|
+000000d0 43 4c 66 f1 28 53 53 00 1a a5 9b b3 ae e0 3e b7 |CLf.(SS.......>.|
+000000e0 72 4b 29 c6 2d 96 39 3a 1c a2 ef 04 96 22 df ea |rK).-.9:....."..|
+000000f0 15 f5 ff bb 36 ed 3a 3f 67 55 ba 48 10 45 |....6.:?gU.H.E|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 9b 02 00 00 97 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 5f fe 5f 0c |........... _._.|
+00000030 88 92 65 b9 c6 ac 7f 3e dc a3 f7 ad e2 21 08 41 |..e....>.....!.A|
+00000040 f8 36 e4 61 67 71 69 56 7f 6b d1 fc 13 02 00 00 |.6.agqiV.k......|
+00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.|
+00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.|
+00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^|
+00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B|
+00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.|
+000000a0 14 03 03 00 01 01 17 03 03 00 17 e2 0e 2c fc 9b |.............,..|
+000000b0 61 70 e2 5f b9 e5 a5 ad ce fb df fa be ae 9a 5b |ap._...........[|
+000000c0 cc 99 17 03 03 02 6d 87 74 85 83 f2 51 98 a5 75 |......m.t...Q..u|
+000000d0 09 f0 6d 0f dd 16 a7 12 12 fb ec 98 6e 56 a4 ed |..m.........nV..|
+000000e0 94 18 6b 28 6b ef 80 bd 28 3b f4 ee 05 80 d2 ff |..k(k...(;......|
+000000f0 2f d4 6b b5 d3 b6 91 61 b7 8e 1b db 60 cf f5 4b |/.k....a....`..K|
+00000100 3b 68 78 4a 09 2d a3 49 c0 8a 06 e5 2c 62 08 5d |;hxJ.-.I....,b.]|
+00000110 c4 5d 03 04 5e 3e 25 9d 30 24 af b0 a3 2e 8c 65 |.]..^>%.0$.....e|
+00000120 fb 6f 34 94 e9 d9 d6 34 0e a9 44 8a 9e b7 1a 13 |.o4....4..D.....|
+00000130 26 b7 b2 16 c2 79 05 e8 0e 99 bd 7a cc c8 83 a4 |&....y.....z....|
+00000140 60 1d cb 5c 02 8a 1f b7 4f c4 2d cd 96 e4 7b 39 |`..\....O.-...{9|
+00000150 5a 45 60 30 82 9f 8f 30 56 11 7b 0d 6e 7e 95 54 |ZE`0...0V.{.n~.T|
+00000160 d0 ac 09 8e 3b 49 14 de d3 8b a1 e4 4d f7 65 8d |....;I......M.e.|
+00000170 88 46 71 7a 29 ea 05 b4 66 e6 76 db b7 7d 56 ce |.Fqz)...f.v..}V.|
+00000180 e0 ba 47 b5 75 c1 14 42 7e af 87 f3 94 bf 75 e3 |..G.u..B~.....u.|
+00000190 ee 54 ea 4c 8c 69 fd 63 01 1c 0e 38 84 e6 04 c3 |.T.L.i.c...8....|
+000001a0 a8 3d 42 18 87 a2 f0 b4 4d ef 29 8d 48 01 b9 f4 |.=B.....M.).H...|
+000001b0 8b 1e b1 72 bf e4 9a 6d 80 d7 c2 e0 a7 a7 0a 3f |...r...m.......?|
+000001c0 45 f4 72 94 56 19 6b f3 4c 3e a6 1e 87 cd d3 a2 |E.r.V.k.L>......|
+000001d0 49 b6 e7 56 b9 dd 2b f6 66 0a 6a 55 75 63 f9 c3 |I..V..+.f.jUuc..|
+000001e0 d2 a6 ea a0 04 09 6b 75 eb 77 6b 9e 4b a4 6d f5 |......ku.wk.K.m.|
+000001f0 44 01 37 ee 21 15 f7 3e 6e 6f fc dc be 44 43 26 |D.7.!..>no...DC&|
+00000200 dd 7a ab 13 67 58 8d cb 02 78 b9 71 07 22 12 d2 |.z..gX...x.q."..|
+00000210 cf 87 50 ff 04 d9 7a f2 73 8c 77 9e 5b 17 b2 aa |..P...z.s.w.[...|
+00000220 2a db b2 a2 f4 5b c4 0d e2 84 a3 fe 4d b1 02 26 |*....[......M..&|
+00000230 7d ba 76 2a 0e d1 87 52 c7 5f 97 07 fd b7 25 1b |}.v*...R._....%.|
+00000240 2a 52 0d 30 59 84 73 a0 d7 db 75 6d 74 05 a2 3b |*R.0Y.s...umt..;|
+00000250 91 69 f3 a3 43 bc 44 f9 ce f4 85 a1 38 5a e2 55 |.i..C.D.....8Z.U|
+00000260 f6 e8 e2 ca 3b c2 fd 39 0f f4 ae 86 08 24 d4 c7 |....;..9.....$..|
+00000270 10 44 c0 bf 9b 47 d9 da 07 52 4d 88 71 d4 14 69 |.D...G...RM.q..i|
+00000280 66 8b cc 44 09 1b 90 b0 a5 7c 96 3c 94 99 cd c2 |f..D.....|.<....|
+00000290 ca 0b af 53 c0 31 a2 5a df 54 76 e4 af 66 5d ff |...S.1.Z.Tv..f].|
+000002a0 7c 21 c9 06 b8 d9 7e 1f 46 97 c8 ea e0 90 f2 db ||!....~.F.......|
+000002b0 9b 52 04 a8 91 20 15 c8 fc 24 09 d7 f9 48 20 dc |.R... ...$...H .|
+000002c0 18 22 d1 e2 19 3d 53 dd e4 21 db 8c 87 7d d7 bf |."...=S..!...}..|
+000002d0 f7 93 a6 a5 81 b5 53 59 15 a8 80 2e 3b 4f b0 d4 |......SY....;O..|
+000002e0 f3 66 56 14 6e a1 6b 3e 75 b1 8e fa 0d 52 96 b1 |.fV.n.k>u....R..|
+000002f0 08 b1 b0 ce 0c c6 0a 5e 54 0f a3 5a cd 6c db 6a |.......^T..Z.l.j|
+00000300 0a 6a 52 11 b5 97 7b 67 e3 3e 84 22 76 3a f1 96 |.jR...{g.>."v:..|
+00000310 70 bf 9c a6 62 03 30 a7 69 46 ec 9a 61 1e 37 6f |p...b.0.iF..a.7o|
+00000320 7d 24 d6 6c 8a e5 72 3a 0a ef e8 d3 d6 fe 28 c8 |}$.l..r:......(.|
+00000330 60 ff d7 2e 17 03 03 00 99 ca f3 5e cb 8c b2 0b |`..........^....|
+00000340 87 4e 59 89 38 f5 f1 3c c4 e1 6a 11 2d f3 ef 7d |.NY.8..<..j.-..}|
+00000350 b6 85 ff bb 84 8f cb db 7f 02 50 23 93 db b3 0a |..........P#....|
+00000360 2c 32 cb ed 08 ae 6a 3e 30 b8 a5 c2 9c 85 0c 87 |,2....j>0.......|
+00000370 44 68 8b 47 31 75 a0 c3 2c 32 2e 61 40 da 4b 0a |Dh.G1u..,2.a@.K.|
+00000380 07 ef 2b 6b fa 2f 66 87 ff f1 0e 5e b0 db 44 3d |..+k./f....^..D=|
+00000390 3c fc a7 94 17 f3 0b a5 50 68 7b 65 48 8e 78 ce |<.......Ph{eH.x.|
+000003a0 d7 71 fa ae 58 50 62 33 98 b2 a2 27 b1 e0 66 fb |.q..XPb3...'..f.|
+000003b0 65 6a 94 21 38 e8 40 aa 4f d7 02 31 45 e8 d3 e0 |ej.!8.@.O..1E...|
+000003c0 5f 66 d4 2f 26 9f b2 72 b7 bc 43 ce f1 2a 0e 61 |_f./&..r..C..*.a|
+000003d0 f1 91 17 03 03 00 45 c0 25 ac 1e 0b 4e 2c 61 9c |......E.%...N,a.|
+000003e0 c7 80 f1 f7 bf d4 c6 a9 29 3f 0c 08 8d f0 70 7c |........)?....p||
+000003f0 6f 96 2c 3e 32 7f a6 10 17 19 81 49 2d a7 f7 3f |o.,>2......I-..?|
+00000400 04 20 7d 52 c2 e8 cc 61 b2 16 5b 8b 3e 1a a9 2f |. }R...a..[.>../|
+00000410 9c 5e a7 74 88 3d 8a c8 90 df 9a 17 17 03 03 00 |.^.t.=..........|
+00000420 a3 cf b5 d2 52 49 27 95 5f dd 9b 37 ed 74 7b 17 |....RI'._..7.t{.|
+00000430 8b 7f f3 67 3c 91 2f 1e b6 17 4f ba a7 b1 92 99 |...g<./...O.....|
+00000440 32 32 7e 72 95 90 a0 92 08 c3 da 30 31 85 ee bb |22~r.......01...|
+00000450 8f 8d d4 d8 c5 28 19 10 71 f0 b3 15 45 86 e0 09 |.....(..q...E...|
+00000460 ee e4 96 a0 90 c5 df 81 8f d1 38 b2 e0 33 95 3b |..........8..3.;|
+00000470 33 9d e0 3e 93 3d 6a 12 60 44 43 9e b0 5c 16 82 |3..>.=j.`DC..\..|
+00000480 92 b8 84 0e 56 19 b9 b6 eb 3c 37 3e 9b ee 2a 6a |....V....<7>..*j|
+00000490 13 4a bb 3d 78 21 79 0e 6f cc 34 89 91 95 03 a6 |.J.=x!y.o.4.....|
+000004a0 19 e2 81 37 a6 9d 30 28 42 da f4 69 4e 42 4b e4 |...7..0(B..iNBK.|
+000004b0 ca 23 c5 1e 56 24 cc ba b0 85 21 ef 44 04 cb d8 |.#..V$....!.D...|
+000004c0 aa cd 5d 55 |..]U|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 43 65 76 31 fa |..........ECev1.|
+00000010 2c a7 2e 96 92 82 cf eb 91 3d 8b eb 01 d3 af da |,........=......|
+00000020 67 ea 4d 75 47 8f 42 34 7a 2d 0a b0 d1 4c 08 c0 |g.MuG.B4z-...L..|
+00000030 c7 76 7e 99 93 4a 06 b2 d9 95 df f9 c1 29 25 e6 |.v~..J.......)%.|
+00000040 24 6d ea 73 00 24 36 a9 62 30 9d a4 aa 6c 2f c8 |$m.s.$6.b0...l/.|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 6e bb 52 84 cf a6 71 d5 b9 ac c2 |.....n.R...q....|
+00000010 29 1a 0b db be a4 bb bd 6c f4 2e c8 eb f0 bb eb |).......l.......|
+00000020 d3 f8 69 17 03 03 00 13 19 ad 85 21 63 f6 38 df |..i........!c.8.|
+00000030 35 41 af 12 75 63 e8 fa 38 5e 50 |5A..uc..8^P|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled b/src/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled
new file mode 100644
index 0000000..c13db8d
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled
@@ -0,0 +1,103 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 e0 01 00 00 dc 03 03 1e 9f 50 05 56 |.............P.V|
+00000010 a7 21 c8 df 56 a8 f3 bb e4 15 3b b0 04 e5 f5 10 |.!..V.....;.....|
+00000020 d8 5b 0e 68 d3 b4 39 64 b5 89 9c 20 5a 6b 29 6d |.[.h..9d... Zk)m|
+00000030 22 a0 e0 fb 7f 2d 87 48 e7 b4 c9 b3 5a d0 2b c7 |"....-.H....Z.+.|
+00000040 ad d8 e4 ad d5 eb 81 b3 1f 61 0e 65 00 08 13 02 |.........a.e....|
+00000050 13 03 13 01 00 ff 01 00 00 8b 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 1e |................|
+00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................|
+000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+|
+000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.|
+000000c0 24 00 1d 00 20 ba 67 99 b3 60 71 ed 6c bb 8d 7e |$... .g..`q.l..~|
+000000d0 4c c3 ea 37 6d 90 b6 f8 91 67 71 2c 84 a7 32 3a |L..7m....gq,..2:|
+000000e0 23 2a 90 13 35 |#*..5|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 5a 6b 29 6d |........... Zk)m|
+00000030 22 a0 e0 fb 7f 2d 87 48 e7 b4 c9 b3 5a d0 2b c7 |"....-.H....Z.+.|
+00000040 ad d8 e4 ad d5 eb 81 b3 1f 61 0e 65 13 02 00 00 |.........a.e....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 d9 74 68 ee e6 54 |...........th..T|
+00000090 e3 7a 0e ee 86 c7 a8 bb c7 65 fc e4 c4 6c 58 7a |.z.......e...lXz|
+000000a0 1e 17 03 03 02 6d 98 c3 0c cc 80 fe ea 70 13 4e |.....m.......p.N|
+000000b0 2f f6 49 99 5f 27 0a f9 4d cf e5 1a 9a 37 fb e7 |/.I._'..M....7..|
+000000c0 3b a4 60 82 43 df fb fa 47 15 6f d8 db d2 3e c3 |;.`.C...G.o...>.|
+000000d0 dd a0 37 ca b2 b4 c9 1b 5c 86 4a e0 7e 06 1e 27 |..7.....\.J.~..'|
+000000e0 73 c6 cd 54 37 df 95 b1 c6 d5 44 85 2c 67 7d a7 |s..T7.....D.,g}.|
+000000f0 2a 7d 87 86 5e f3 e5 60 f8 7c de bf 78 89 35 9b |*}..^..`.|..x.5.|
+00000100 d1 0b 8a dd 6f 40 d8 5a 55 10 e2 71 b0 7a 5e 4b |....o@.ZU..q.z^K|
+00000110 86 18 be 18 a7 f8 8e c6 ae 8c 1e df bf 84 77 c5 |..............w.|
+00000120 dc b1 17 26 72 ea bb 9b 28 6c bf 19 8d 1a 22 90 |...&r...(l....".|
+00000130 0f 19 92 5b ff db 07 84 48 61 68 f0 50 20 76 a3 |...[....Hah.P v.|
+00000140 d3 f2 4a 3b 60 f5 73 cb 61 f7 11 63 f2 a7 0e 18 |..J;`.s.a..c....|
+00000150 30 96 d0 17 f1 2f 58 09 49 33 15 3e 31 e4 17 e8 |0..../X.I3.>1...|
+00000160 07 48 b5 43 06 40 60 4f a0 78 0d 51 0c 3f 0f 1a |.H.C.@`O.x.Q.?..|
+00000170 8c 95 7a 3e 36 66 36 22 dc 58 4e b7 3e 19 ad de |..z>6f6".XN.>...|
+00000180 c9 f9 b0 76 e4 e2 8c 04 27 6f 67 8f fe 86 b9 41 |...v....'og....A|
+00000190 53 7d 9f d1 e0 a6 0b ec fc c0 82 bf 00 36 28 4d |S}...........6(M|
+000001a0 20 3a e3 42 67 87 16 64 6c 4f e2 54 23 d1 0f 32 | :.Bg..dlO.T#..2|
+000001b0 e9 16 9a da 46 a6 39 18 d5 6e a6 93 25 de a1 77 |....F.9..n..%..w|
+000001c0 d9 26 b5 7c b4 85 8a 69 48 90 11 a9 8c 42 ca b8 |.&.|...iH....B..|
+000001d0 88 63 df ec 6c e3 9f 2c 29 75 9b 57 79 8b 69 66 |.c..l..,)u.Wy.if|
+000001e0 16 9e 93 48 04 8a 41 e0 8b 0e fb a5 9c fd 68 f6 |...H..A.......h.|
+000001f0 5f ab 89 11 e4 aa 4c 6c 92 df b3 a3 39 f0 38 d9 |_.....Ll....9.8.|
+00000200 7d 1b 42 13 ee d1 83 e2 20 3f 60 81 96 d9 63 2c |}.B..... ?`...c,|
+00000210 e8 54 a5 08 41 9b 1d 02 41 37 a2 ce 0c 9b 34 bf |.T..A...A7....4.|
+00000220 43 c5 ac 90 67 cd 6b b6 55 31 36 b1 2b 0e ed 8c |C...g.k.U16.+...|
+00000230 23 ae 71 b2 ab f3 94 68 f2 f6 87 d3 87 61 ca aa |#.q....h.....a..|
+00000240 0b 65 63 a1 11 dc 6d 74 33 c8 24 a6 ae 40 27 c7 |.ec...mt3.$..@'.|
+00000250 d4 06 51 89 15 35 66 21 b0 82 15 87 70 c5 b8 8d |..Q..5f!....p...|
+00000260 34 48 ff 41 e0 1a b0 46 f7 38 47 53 64 f7 a3 a2 |4H.A...F.8GSd...|
+00000270 61 96 72 ea 90 de 86 18 64 49 91 ed 97 05 e3 27 |a.r.....dI.....'|
+00000280 47 df ea 06 c6 28 f9 79 51 5e 64 b6 de 52 75 8a |G....(.yQ^d..Ru.|
+00000290 79 8d 8e a6 d5 b0 f1 a6 ab 76 44 25 4b 80 5e e4 |y........vD%K.^.|
+000002a0 d4 aa c6 2d 77 1a 49 52 16 d6 73 6b 18 2d d1 a6 |...-w.IR..sk.-..|
+000002b0 4c e1 be 4d f8 79 34 a1 4c 81 88 9c 4b 85 f3 28 |L..M.y4.L...K..(|
+000002c0 97 fc 3a 7e cf d4 81 2c d3 57 df 09 f5 49 f5 cf |..:~...,.W...I..|
+000002d0 c7 7c 22 b3 8e 95 0f 97 6d d1 56 e3 43 7e 52 0f |.|".....m.V.C~R.|
+000002e0 d4 da 3f e0 4e 06 b9 84 18 7d 7c 56 49 e0 d7 4a |..?.N....}|VI..J|
+000002f0 d6 df c4 70 0c 74 5b 1f 4d 76 28 cd 3b b0 9e 27 |...p.t[.Mv(.;..'|
+00000300 cc 6b 1a 13 41 1a 6b bf 0d 2d 93 b2 d5 7e 7e 25 |.k..A.k..-...~~%|
+00000310 0e 8a 9c 17 03 03 00 99 df 4b 8e 3e d0 14 be 76 |.........K.>...v|
+00000320 f1 d3 ca b1 39 c0 7e 6c 4f 8c d9 0d b8 83 07 39 |....9.~lO......9|
+00000330 08 55 13 1e 3d 68 0f 99 9f 9a 68 1f 57 6a aa 41 |.U..=h....h.Wj.A|
+00000340 a4 40 2b 12 f2 4b 6c db 3c 59 fa 99 5c e2 c7 2d |.@+..Kl.<Y..\..-|
+00000350 4b 55 4c 27 b1 6c bf 99 c3 36 1d 73 7a 8b fd bc |KUL'.l...6.sz...|
+00000360 93 77 27 f5 9e cd 10 61 bc 8d b5 bf 7b bb 69 00 |.w'....a....{.i.|
+00000370 f9 f0 d3 22 dd 4e 7d 12 5a 61 49 1d d4 29 14 43 |...".N}.ZaI..).C|
+00000380 e5 62 ab d8 c6 78 75 80 4b 7a 6b 3f af 4b 92 2a |.b...xu.Kzk?.K.*|
+00000390 23 29 da 85 c0 d7 35 03 9d ed 9c f7 83 39 cf cb |#)....5......9..|
+000003a0 0f 85 5e 9f 29 61 d8 a2 d0 cb 14 2d 71 50 6f d5 |..^.)a.....-qPo.|
+000003b0 c2 17 03 03 00 45 be 9b ee 5d e1 08 8a c2 d6 67 |.....E...].....g|
+000003c0 df 3b 84 50 28 30 69 bd 11 89 6a ab 02 ad d7 79 |.;.P(0i...j....y|
+000003d0 8b 2c 0a a9 9c ce e5 30 49 2d 59 82 e8 ee d3 03 |.,.....0I-Y.....|
+000003e0 77 d3 fc 22 dd 81 be e6 f4 22 36 8d 8e b1 7c 4a |w.."....."6...|J|
+000003f0 b9 9c 6a ea 3f f0 aa ac ec b6 c7 17 03 03 00 a3 |..j.?...........|
+00000400 69 e0 19 38 57 54 62 6c 28 d9 54 94 79 6e 7b 48 |i..8WTbl(.T.yn{H|
+00000410 25 55 7f 5f bb cc 91 07 30 47 55 9b f3 6e b9 ba |%U._....0GU..n..|
+00000420 50 65 9b e9 81 5d 53 20 cd 27 5d ee 92 93 01 8f |Pe...]S .'].....|
+00000430 5a d6 02 b9 26 1b 45 c3 40 26 6b 81 c3 ba 1e 3c |Z...&.E.@&k....<|
+00000440 e6 03 93 b0 18 fe 2d be 07 97 b1 a1 a7 55 8f d8 |......-......U..|
+00000450 96 7a 58 ad 7d c1 72 71 d9 25 07 56 22 9a 7a f9 |.zX.}.rq.%.V".z.|
+00000460 4a 1b 82 30 e9 fb b0 26 81 45 d2 45 5b 1c 7d 97 |J..0...&.E.E[.}.|
+00000470 89 6d 17 69 81 27 a6 4c be d0 78 1d b5 6c 3f 94 |.m.i.'.L..x..l?.|
+00000480 ef e4 6b ec 02 63 8b bf f9 00 8a 8a 46 43 5d e0 |..k..c......FC].|
+00000490 52 38 8c d5 76 d7 79 42 a3 6b 35 e2 45 f3 0f b5 |R8..v.yB.k5.E...|
+000004a0 9f 22 f9 |.".|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 4b 7c c5 9e c6 |..........EK|...|
+00000010 47 4a 90 d8 c2 c0 49 f7 3b c4 26 eb 15 18 9c bc |GJ....I.;.&.....|
+00000020 c8 44 f0 53 94 2f 0f c8 d7 c1 86 42 ed b7 8f 63 |.D.S./.....B...c|
+00000030 a0 97 5d 5b 15 01 3a 3d ca a6 d0 1a a4 77 cc 7e |..][..:=.....w.~|
+00000040 88 fd 0b c9 a0 46 b7 40 25 8a 03 6e 99 66 bb 84 |.....F.@%..n.f..|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 6a 41 80 ca 72 5f c3 ee e1 88 49 |.....jA..r_....I|
+00000010 6d be a4 d9 26 07 5c 2b 2c a7 83 b5 c4 eb 4e 4b |m...&.\+,.....NK|
+00000020 a1 29 98 17 03 03 00 13 2a f9 33 6c 46 f7 9a 51 |.)......*.3lF..Q|
+00000030 1b 36 cd bc d8 5d 94 0d 9e 4b 72 |.6...]...Kr|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS b/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS
new file mode 100644
index 0000000..21f57b7
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS
@@ -0,0 +1,101 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 c6 01 00 00 c2 03 03 39 95 ab cc 1c |...........9....|
+00000010 64 13 9d 19 2e 3e 73 33 48 b1 a9 f7 88 14 5a 83 |d....>s3H.....Z.|
+00000020 19 f7 b5 08 8d e4 80 09 72 21 99 20 23 ad 4c 2c |........r!. #.L,|
+00000030 66 84 1e e8 c3 0c 9f 66 19 76 df a3 e0 62 cd 7d |f......f.v...b.}|
+00000040 95 85 70 4f 37 fb 39 58 50 b1 d5 7b 00 08 13 02 |..pO7.9XP..{....|
+00000050 13 03 13 01 00 ff 01 00 00 71 00 00 00 0e 00 0c |.........q......|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 04 |................|
+00000090 00 02 08 04 00 2b 00 03 02 03 04 00 2d 00 02 01 |.....+......-...|
+000000a0 01 00 33 00 26 00 24 00 1d 00 20 be 29 89 8d 44 |..3.&.$... .)..D|
+000000b0 4d e5 51 88 7a 1a 56 52 a8 86 74 13 0e e9 a5 a7 |M.Q.z.VR..t.....|
+000000c0 b6 7f 38 b3 ef 62 e6 b0 c5 2a 0a |..8..b...*.|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 23 ad 4c 2c |........... #.L,|
+00000030 66 84 1e e8 c3 0c 9f 66 19 76 df a3 e0 62 cd 7d |f......f.v...b.}|
+00000040 95 85 70 4f 37 fb 39 58 50 b1 d5 7b 13 02 00 00 |..pO7.9XP..{....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 49 c6 88 9c 3b 2f |..........I...;/|
+00000090 3a 0a e6 8e 75 d0 39 11 ad 08 87 17 2c 14 96 28 |:...u.9.....,..(|
+000000a0 85 17 03 03 02 6d 2a d6 89 4d 5d f3 6c 28 97 dd |.....m*..M].l(..|
+000000b0 4e 45 88 e8 90 a4 f3 45 86 cf 59 d6 61 6e 1a a7 |NE.....E..Y.an..|
+000000c0 b7 35 7e 9c 6e 11 19 c4 1b 89 b9 5a 7c aa 1f 96 |.5~.n......Z|...|
+000000d0 e2 36 6d 54 09 12 2f 28 12 20 a3 41 06 bd 44 3c |.6mT../(. .A..D<|
+000000e0 73 be d3 8c 78 18 a1 63 ad f9 9d 41 20 5e 32 55 |s...x..c...A ^2U|
+000000f0 8e 18 c1 d8 b0 93 13 7e 88 a0 af 8a 59 e2 af 43 |.......~....Y..C|
+00000100 d2 82 66 ba c5 a1 97 94 e8 63 40 1b 8f c4 eb 49 |..f......c@....I|
+00000110 19 91 65 e9 54 d3 90 76 d6 f8 ff 15 20 31 3c 86 |..e.T..v.... 1<.|
+00000120 88 8a 43 be 77 a0 28 de fa 9f d5 30 14 a8 35 2f |..C.w.(....0..5/|
+00000130 5e ee 9d cf b5 69 d1 f5 f6 55 d1 1a 61 3f 4c a1 |^....i...U..a?L.|
+00000140 97 38 5b 87 7e ce 88 23 8a d0 bd fc 4b c5 da f7 |.8[.~..#....K...|
+00000150 25 6c 6c 0b ec 61 50 72 97 6b f7 fe 9b 5b 5a f9 |%ll..aPr.k...[Z.|
+00000160 59 19 71 10 74 2d 14 8c 1b 52 8b 39 1c 56 ea 7e |Y.q.t-...R.9.V.~|
+00000170 7a c9 8f 7c bd db 1e c5 02 9f 42 8b 63 ee 13 52 |z..|......B.c..R|
+00000180 fe 46 40 de 7b 97 27 b0 16 87 75 96 c7 1c 88 5d |.F@.{.'...u....]|
+00000190 2e 64 7f a8 df e0 16 b9 ee 27 7e b3 98 99 f7 4a |.d.......'~....J|
+000001a0 83 05 78 bb 59 07 8e 1a 46 1d 0f 45 87 ae d9 ae |..x.Y...F..E....|
+000001b0 6f 42 ed b1 72 14 8c 9d 33 72 95 ac 12 bb a0 20 |oB..r...3r..... |
+000001c0 56 a8 8a 23 e4 51 6a 89 f5 8e bc 55 5a e2 8d 78 |V..#.Qj....UZ..x|
+000001d0 84 24 55 99 cf 37 61 8c 7e 46 17 f3 26 ca 27 ec |.$U..7a.~F..&.'.|
+000001e0 f4 04 f6 76 1d cf 82 0c bd 85 82 81 06 f1 96 ce |...v............|
+000001f0 78 54 6c eb a0 f8 cf 30 6a 10 17 08 e6 94 83 4f |xTl....0j......O|
+00000200 56 34 80 ef ac fa ab e7 59 9e 6b f9 f8 38 76 cc |V4......Y.k..8v.|
+00000210 3b 09 b0 16 3f 3f 5c d3 6a ad d9 2c 65 d8 ce b4 |;...??\.j..,e...|
+00000220 19 53 c4 c9 d1 82 e8 19 72 ec bc 85 ef 3a 6e e5 |.S......r....:n.|
+00000230 ba 3c f8 37 98 98 80 47 5f 47 4f cd ed f5 0e bc |.<.7...G_GO.....|
+00000240 4e 14 a2 7d 8d 43 0b 18 ba 3b 10 50 e4 18 fc ac |N..}.C...;.P....|
+00000250 0e 01 21 73 68 da 50 51 8a 64 b6 18 28 ca e3 a4 |..!sh.PQ.d..(...|
+00000260 aa d2 5c 28 ff 64 fd cb 28 00 db b1 5c bf 75 81 |..\(.d..(...\.u.|
+00000270 bb d2 8c df 5c 26 70 1d d6 fe 7a 94 65 27 93 72 |....\&p...z.e'.r|
+00000280 bc ba 17 92 8f be 61 ec f5 88 04 ed fb cc f3 5c |......a........\|
+00000290 71 d0 a4 5d 13 a6 a3 82 89 e8 9e 1a 8e 31 fd 2f |q..].........1./|
+000002a0 57 53 98 d5 1f c4 3f 8e 92 7f 1b 90 a3 ad 6c 96 |WS....?.......l.|
+000002b0 42 cc f2 f0 1c 8d 3f 31 fd b2 53 29 79 16 9a 96 |B.....?1..S)y...|
+000002c0 fd d6 fe d4 3f 13 aa 39 73 d4 73 6d 9a ff f6 db |....?..9s.sm....|
+000002d0 52 0a 1e 76 71 0f d3 ee de a8 b3 05 3b 24 c4 72 |R..vq.......;$.r|
+000002e0 67 78 f1 be df c5 c0 87 32 60 28 96 8e b2 2e 3f |gx......2`(....?|
+000002f0 7d e9 aa b7 66 57 ee 67 e6 ac 70 da 60 ce c2 00 |}...fW.g..p.`...|
+00000300 55 2f 20 25 39 a5 5e b9 65 c3 00 63 c7 5a a9 31 |U/ %9.^.e..c.Z.1|
+00000310 de fe 65 17 03 03 00 99 95 83 6d be 56 ef 4f a3 |..e.......m.V.O.|
+00000320 96 5f a8 3d d5 a1 f3 8e 9a 8c 40 35 f4 12 2c 0a |._.=......@5..,.|
+00000330 b3 02 3b d2 14 d8 a4 f1 12 01 be e1 8a 6b 5f 01 |..;..........k_.|
+00000340 71 de ac 70 e9 7a 90 78 2e 2a a8 29 64 20 85 dd |q..p.z.x.*.)d ..|
+00000350 57 09 cf 48 29 d0 63 42 bc 9b ec 0c e2 2d 41 d0 |W..H).cB.....-A.|
+00000360 cb d8 68 46 b7 17 fc 1d 95 12 5a 4c c3 10 67 32 |..hF......ZL..g2|
+00000370 f7 7a 14 55 63 fb 57 6e 59 ee b6 66 b8 65 e1 37 |.z.Uc.WnY..f.e.7|
+00000380 e6 7c 6c 07 8b d1 84 80 01 11 ce 7f 20 f0 4d 42 |.|l......... .MB|
+00000390 a7 67 01 12 e6 b5 9b d4 6a fe 38 37 71 ca 60 d6 |.g......j.87q.`.|
+000003a0 12 d7 00 b5 26 c3 97 1d 9f 37 6a 82 31 ef c3 12 |....&....7j.1...|
+000003b0 bc 17 03 03 00 45 65 1e cf 1f 1e 73 93 8d 66 54 |.....Ee....s..fT|
+000003c0 47 b0 73 9f d1 a4 9d 3b b0 72 b4 f2 5f 06 e1 d2 |G.s....;.r.._...|
+000003d0 1f bb 3d 13 48 7c 7a e0 19 15 9f aa a5 ed 09 18 |..=.H|z.........|
+000003e0 2e 4e 8a cd 66 2b 9c b3 fe 99 b0 57 06 2e b3 a0 |.N..f+.....W....|
+000003f0 79 92 c1 bb 0e 29 44 02 f1 b0 43 17 03 03 00 a3 |y....)D...C.....|
+00000400 52 cd d9 d7 60 1c f5 06 83 aa 2f e0 0c 0f 5e 6d |R...`...../...^m|
+00000410 0f 29 93 b9 ae 50 04 c6 f7 d3 ff c7 d1 ac 9d 43 |.)...P.........C|
+00000420 d7 b5 76 7a 16 b7 2c b7 79 48 a4 c3 28 2a 86 10 |..vz..,.yH..(*..|
+00000430 d1 24 7c 04 ed af 1f 8a 0b 18 29 97 7a 7a 47 3f |.$|.......).zzG?|
+00000440 1f fe ba 9c 72 d9 9b ae 9b 83 5f f4 5a 4f 10 b8 |....r....._.ZO..|
+00000450 e5 45 35 76 77 a2 ac 99 1c bc 78 cf 6f 62 ef ef |.E5vw.....x.ob..|
+00000460 9b 1b 90 eb 95 6b a1 25 82 b7 c1 1b 6f da 10 4c |.....k.%....o..L|
+00000470 aa 3e a8 ba dd 77 b1 39 a0 b2 6a 11 18 44 2a 8d |.>...w.9..j..D*.|
+00000480 58 9a 53 31 e1 d1 ec 8b 47 95 63 67 44 67 8d 09 |X.S1....G.cgDg..|
+00000490 2f 16 f5 19 cd 65 1d 52 d7 bd 19 f0 bb ec 7b 55 |/....e.R......{U|
+000004a0 33 4f 84 |3O.|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 07 3f db d9 c7 |..........E.?...|
+00000010 05 fd c4 0c 2d ae ee d8 d7 e7 ac 46 19 a2 17 e5 |....-......F....|
+00000020 5e 10 30 65 05 be e0 c7 1e b3 e2 16 a4 d6 69 e1 |^.0e..........i.|
+00000030 2c ff 18 ba e4 8f d0 3d 12 45 df c3 d4 08 0d e6 |,......=.E......|
+00000040 94 6e 83 6d 99 9d f3 f1 02 48 6b 6f d1 2d f0 c6 |.n.m.....Hko.-..|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 2a 3d 96 b4 6a 9e 7f 7f ca e0 8e |.....*=..j......|
+00000010 41 4e bd 82 86 61 b8 59 19 e4 97 02 c2 00 7e 69 |AN...a.Y......~i|
+00000020 81 b0 64 17 03 03 00 13 63 91 94 1a a3 51 bf 95 |..d.....c....Q..|
+00000030 9e 09 a2 a1 f0 01 57 93 00 71 49 |......W..qI|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-Resume b/src/crypto/tls/testdata/Server-TLSv13-Resume
new file mode 100644
index 0000000..fa10f3e
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-Resume
@@ -0,0 +1,66 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 01 a4 01 00 01 a0 03 03 92 e8 fa 14 82 |................|
+00000010 03 7c cd fe 01 82 55 99 8b fd 04 ff 88 82 98 c9 |.|....U.........|
+00000020 72 18 3b 2e 0a de fc a4 44 9f 1d 20 c0 df df c9 |r.;.....D.. ....|
+00000030 1d ed 19 9e 2d ce 57 f6 95 54 67 76 77 64 c7 f4 |....-.W..Tgvwd..|
+00000040 ad 18 7d d8 58 6f 08 30 a5 a4 50 cd 00 08 13 02 |..}.Xo.0..P.....|
+00000050 13 03 13 01 00 ff 01 00 01 4f 00 00 00 0e 00 0c |.........O......|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................|
+000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....|
+000000c0 33 00 26 00 24 00 1d 00 20 94 44 cd ce 27 a8 43 |3.&.$... .D..'.C|
+000000d0 8a ef cd ef d4 74 d4 e4 62 82 00 e6 46 96 e5 aa |.....t..b...F...|
+000000e0 d1 44 8a 55 6b d7 25 06 6f 00 29 00 bc 00 87 00 |.D.Uk.%.o.).....|
+000000f0 81 50 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 |.PF....8.{+....B|
+00000100 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |>...............|
+00000110 00 94 68 2c a3 81 51 ed 14 ef 68 ca 42 c5 4c 1f |..h,..Q...h.B.L.|
+00000120 90 bf 3c 07 2b e5 52 22 a0 c0 46 db cb f6 b9 a0 |..<.+.R"..F.....|
+00000130 b5 56 b0 d6 7f 03 b7 2d 9f a5 2a 25 8e 65 d2 b9 |.V.....-..*%.e..|
+00000140 6a f3 e4 7e 79 d7 3d cc b2 3d b6 24 a9 31 82 49 |j..~y.=..=.$.1.I|
+00000150 38 16 92 f0 49 97 e2 07 e2 cd 1c 77 d3 e0 00 de |8...I......w....|
+00000160 56 11 17 40 00 63 13 00 48 39 8e fd 09 96 08 f3 |V..@.c..H9......|
+00000170 81 7c 00 00 00 00 00 31 30 a4 22 35 6e 4a 09 af |.|.....10."5nJ..|
+00000180 08 22 97 92 e0 8a eb c0 e0 28 32 f4 8f ed 1e 02 |.".......(2.....|
+00000190 a9 b3 43 de f3 04 cb 7b db 01 51 88 46 02 c1 4b |..C....{..Q.F..K|
+000001a0 ec fa a8 05 42 a4 00 ae ed |....B....|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 80 02 00 00 7c 03 03 00 00 00 00 00 |........|.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 c0 df df c9 |........... ....|
+00000030 1d ed 19 9e 2d ce 57 f6 95 54 67 76 77 64 c7 f4 |....-.W..Tgvwd..|
+00000040 ad 18 7d d8 58 6f 08 30 a5 a4 50 cd 13 02 00 00 |..}.Xo.0..P.....|
+00000050 34 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |4.+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 |.........._X.;t.|
+00000080 29 00 02 00 00 14 03 03 00 01 01 17 03 03 00 17 |)...............|
+00000090 cc 35 3b 89 bc fe dc df 02 d3 00 f8 ef 56 74 6a |.5;..........Vtj|
+000000a0 ee af 35 9e d6 91 e1 17 03 03 00 45 07 24 33 da |..5........E.$3.|
+000000b0 63 9a eb 15 28 dc e8 60 dc 36 97 12 5e 54 a5 48 |c...(..`.6..^T.H|
+000000c0 aa e3 07 35 e7 f0 7c 60 93 d4 4c 24 d7 0d 01 66 |...5..|`..L$...f|
+000000d0 d9 b6 e3 c5 ab 9d cf 47 49 f6 4f 87 7a c4 ab 34 |.......GI.O.z..4|
+000000e0 df 37 19 a6 f9 36 c8 ea 04 af 9a d7 21 dd 89 e2 |.7...6......!...|
+000000f0 79 17 03 03 00 a3 60 8e 39 7e 5d 21 e2 e4 8a 0e |y.....`.9~]!....|
+00000100 73 4a 96 09 49 fb 55 b4 68 60 88 0d 01 73 5b d0 |sJ..I.U.h`...s[.|
+00000110 42 4d 9a af 22 ae 33 83 16 60 3e 25 e2 fd 76 10 |BM..".3..`>%..v.|
+00000120 6e 92 0d 6b 88 c7 54 46 51 bf 86 a4 f4 11 d3 e8 |n..k..TFQ.......|
+00000130 29 54 16 31 b2 44 4b 45 5d 3f 97 d9 33 10 ef 92 |)T.1.DKE]?..3...|
+00000140 e5 aa 3b 2d 3d 36 ef 85 04 2d 17 66 2a 00 ea 87 |..;-=6...-.f*...|
+00000150 9a 95 5e 54 1b 01 f8 5d 34 96 83 cf 28 d4 24 ed |..^T...]4...(.$.|
+00000160 c6 9b da 7a 1c d4 a3 5a 53 bb 2f cf 56 f3 ef 99 |...z...ZS./.V...|
+00000170 40 e2 34 31 ca 55 c9 7a 02 47 14 8b 7e 04 5a ff |@.41.U.z.G..~.Z.|
+00000180 17 f7 95 f0 46 e0 ce cf 8f b0 9f 6b 51 96 d5 f7 |....F......kQ...|
+00000190 0b 33 e2 0a 62 4e 05 28 66 |.3..bN.(f|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 66 00 e2 3f 07 |..........Ef..?.|
+00000010 02 a4 1d 71 27 2a fe c7 00 1e 2d bc 50 b6 bc 35 |...q'*....-.P..5|
+00000020 22 c4 a4 d8 a1 5f fa 10 d7 48 c8 20 94 50 b1 ae |"...._...H. .P..|
+00000030 47 8c 62 26 15 79 33 6b 06 0d 19 67 7e 22 7c a5 |G.b&.y3k...g~"|.|
+00000040 ca 05 c9 ae c8 66 6b ca 8e f7 7c 35 de 5e c3 25 |.....fk...|5.^.%|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 6a 89 ce e3 1d 13 60 f3 8b 26 97 |.....j.....`..&.|
+00000010 3e 5d 9f a8 47 c9 74 f5 66 ad 75 87 57 ec ef b1 |>]..G.t.f.u.W...|
+00000020 66 da f0 17 03 03 00 13 95 bd 2d ef d5 30 c1 1b |f.........-..0..|
+00000030 bd 54 3d f6 16 02 28 78 a4 4a 24 |.T=...(x.J$|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest b/src/crypto/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest
new file mode 100644
index 0000000..2e1cbaf
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-Resume-HelloRetryRequest
@@ -0,0 +1,106 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 01 9e 01 00 01 9a 03 03 75 28 78 ec 6f |...........u(x.o|
+00000010 3d d0 60 09 8e 23 dd 91 67 4b e4 2f b0 b7 93 60 |=.`..#..gK./...`|
+00000020 3a 4f 92 38 6b 5e 67 ab 49 f4 b8 20 46 e8 0a c4 |:O.8k^g.I.. F...|
+00000030 bd 13 ce 09 13 27 a4 5d a4 3b e2 9b 9d ff 17 30 |.....'.].;.....0|
+00000040 96 e3 06 1a d6 c6 04 9c f3 9a 15 76 00 08 13 02 |...........v....|
+00000050 13 03 13 01 00 ff 01 00 01 49 00 00 00 0e 00 0c |.........I......|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 06 00 04 00 1d 00 17 00 23 |...............#|
+00000080 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................|
+00000090 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................|
+000000a0 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..|
+000000b0 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 |....-.....3.&.$.|
+000000c0 1d 00 20 a0 26 2f f2 a2 ca d0 ff 0d 5d 9e cc 84 |.. .&/......]...|
+000000d0 52 51 07 86 4c 28 44 4e 65 7e 0c a1 9d 50 9c 77 |RQ..L(DNe~...P.w|
+000000e0 8a 54 48 00 29 00 bc 00 87 00 81 50 46 ad c1 db |.TH.)......PF...|
+000000f0 a8 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 |.8.{+....B>.....|
+00000100 00 00 00 00 00 00 00 00 00 00 00 94 68 2c a3 81 |............h,..|
+00000110 51 ed 14 ef 68 ca 42 c5 4c 1f 90 bf 3c 07 2b e5 |Q...h.B.L...<.+.|
+00000120 52 22 a0 c0 46 db cb f6 b9 a0 b5 56 b0 d6 7f 03 |R"..F......V....|
+00000130 b7 2d 9f a5 2a 25 8e 65 d2 b9 6a f3 e4 7e 79 d7 |.-..*%.e..j..~y.|
+00000140 3d cc b2 3d b6 24 a9 31 82 49 38 16 92 f0 49 97 |=..=.$.1.I8...I.|
+00000150 e2 07 e2 cd 1c 77 d3 e0 00 de 56 11 17 40 00 63 |.....w....V..@.c|
+00000160 13 00 48 39 8e fd 09 96 08 f3 81 7c 00 00 00 00 |..H9.......|....|
+00000170 00 31 30 da 3c 92 3d 0f 55 c9 9e bb 99 c6 e0 ac |.10.<.=.U.......|
+00000180 fe 5a 3a 94 7e d6 2a 0a 81 c0 be 8a 4e 1d da 5e |.Z:.~.*.....N..^|
+00000190 31 80 97 2d 2a 6a fc 96 03 d2 aa 07 45 f1 78 33 |1..-*j......E.x3|
+000001a0 c4 1d 1c |...|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.|
+00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z|
+00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 46 e8 0a c4 |..^......3. F...|
+00000030 bd 13 ce 09 13 27 a4 5d a4 3b e2 9b 9d ff 17 30 |.....'.].;.....0|
+00000040 96 e3 06 1a d6 c6 04 9c f3 9a 15 76 13 02 00 00 |...........v....|
+00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 14 03 03 |..+.....3.......|
+00000060 00 01 01 |...|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 16 03 03 01 bf 01 00 01 bb 03 |................|
+00000010 03 75 28 78 ec 6f 3d d0 60 09 8e 23 dd 91 67 4b |.u(x.o=.`..#..gK|
+00000020 e4 2f b0 b7 93 60 3a 4f 92 38 6b 5e 67 ab 49 f4 |./...`:O.8k^g.I.|
+00000030 b8 20 46 e8 0a c4 bd 13 ce 09 13 27 a4 5d a4 3b |. F........'.].;|
+00000040 e2 9b 9d ff 17 30 96 e3 06 1a d6 c6 04 9c f3 9a |.....0..........|
+00000050 15 76 00 08 13 02 13 03 13 01 00 ff 01 00 01 6a |.v.............j|
+00000060 00 00 00 0e 00 0c 00 00 09 31 32 37 2e 30 2e 30 |.........127.0.0|
+00000070 2e 31 00 0b 00 04 03 00 01 02 00 0a 00 06 00 04 |.1..............|
+00000080 00 1d 00 17 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................|
+000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....|
+000000c0 33 00 47 00 45 00 17 00 41 04 79 db 79 c8 0b 77 |3.G.E...A.y.y..w|
+000000d0 8b 37 30 65 85 ce 72 49 ab a1 cb 6a 06 00 a6 65 |.70e..rI...j...e|
+000000e0 22 51 63 63 16 45 7b 85 ee c3 2e 09 25 d9 a3 49 |"Qcc.E{.....%..I|
+000000f0 91 07 35 c4 b6 61 23 9c 91 c1 03 07 ad a2 77 02 |..5..a#.......w.|
+00000100 61 93 05 cf 74 36 7a 66 ad 24 00 29 00 bc 00 87 |a...t6zf.$.)....|
+00000110 00 81 50 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 |..PF....8.{+....|
+00000120 42 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |B>..............|
+00000130 00 00 94 68 2c a3 81 51 ed 14 ef 68 ca 42 c5 4c |...h,..Q...h.B.L|
+00000140 1f 90 bf 3c 07 2b e5 52 22 a0 c0 46 db cb f6 b9 |...<.+.R"..F....|
+00000150 a0 b5 56 b0 d6 7f 03 b7 2d 9f a5 2a 25 8e 65 d2 |..V.....-..*%.e.|
+00000160 b9 6a f3 e4 7e 79 d7 3d cc b2 3d b6 24 a9 31 82 |.j..~y.=..=.$.1.|
+00000170 49 38 16 92 f0 49 97 e2 07 e2 cd 1c 77 d3 e0 00 |I8...I......w...|
+00000180 de 56 11 17 40 00 63 13 00 48 39 8e fd 09 96 08 |.V..@.c..H9.....|
+00000190 f3 81 7c 00 00 00 00 00 31 30 e0 ac 7a 74 d9 50 |..|.....10..zt.P|
+000001a0 c1 3b 1b 67 7b 5a 74 b0 39 db dd 92 6f 75 38 31 |.;.g{Zt.9...ou81|
+000001b0 10 f4 98 dc ad af eb ac ef 11 0d 96 48 01 f8 10 |............H...|
+000001c0 d6 e1 68 bf 88 a3 33 b9 9a b9 |..h...3...|
+>>> Flow 4 (server to client)
+00000000 16 03 03 00 a1 02 00 00 9d 03 03 00 00 00 00 00 |................|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 46 e8 0a c4 |........... F...|
+00000030 bd 13 ce 09 13 27 a4 5d a4 3b e2 9b 9d ff 17 30 |.....'.].;.....0|
+00000040 96 e3 06 1a d6 c6 04 9c f3 9a 15 76 13 02 00 00 |...........v....|
+00000050 55 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |U.+.....3.E...A.|
+00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.|
+00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^|
+00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B|
+00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.|
+000000a0 00 29 00 02 00 00 17 03 03 00 17 48 f2 b1 a7 11 |.).........H....|
+000000b0 68 36 e4 67 b8 e8 d0 6d b8 76 fa 4b 7e bc d0 63 |h6.g...m.v.K~..c|
+000000c0 6a 8c 17 03 03 00 45 49 37 80 89 e3 4d b5 60 4a |j.....EI7...M.`J|
+000000d0 7c 52 a0 f5 e9 32 85 ad 8a 59 0b 27 66 c7 2f ec ||R...2...Y.'f./.|
+000000e0 55 7f 2c 9b 1e ef 0a 11 e1 72 1f 72 b2 10 9f 3f |U.,......r.r...?|
+000000f0 bb 51 8f d0 fe e8 62 fd 93 e4 0d e1 57 7f 3a 3c |.Q....b.....W.:<|
+00000100 22 b4 ca 20 04 cd 65 94 44 df 1a 1c 17 03 03 00 |".. ..e.D.......|
+00000110 a3 38 02 96 5e c2 6d ad 2d 17 79 63 15 bd 06 af |.8..^.m.-.yc....|
+00000120 e3 ae 5a 94 66 b5 2d 12 d1 bc 9c 16 56 ac 71 fe |..Z.f.-.....V.q.|
+00000130 d7 af 1f 27 9a 22 1a d2 de da 90 ca d5 7f 79 d1 |...'."........y.|
+00000140 8a 6e c6 76 e7 76 b4 cc 9b d5 b5 ed b5 b2 9d 4e |.n.v.v.........N|
+00000150 f8 88 a0 b1 14 91 8b 6b d9 b8 5d 34 61 8a a3 b3 |.......k..]4a...|
+00000160 c8 db e9 c9 8d a7 53 d8 46 f0 bd 4b 30 bf 49 3d |......S.F..K0.I=|
+00000170 cc 42 d3 fb b7 f3 ad 78 5b 01 38 5d c3 22 d0 51 |.B.....x[.8].".Q|
+00000180 cb a3 d9 fe 61 f9 4a ee 7d 89 8b 88 22 2b 9b fe |....a.J.}..."+..|
+00000190 19 cd 17 b7 9e 81 57 f6 cb 14 29 cb 3b 87 0e 83 |......W...).;...|
+000001a0 5a 84 7c 13 2d c8 d4 a7 6a db 1d 10 c6 04 ed 0d |Z.|.-...j.......|
+000001b0 1d d7 06 bb |....|
+>>> Flow 5 (client to server)
+00000000 17 03 03 00 45 44 0b 11 40 bf 4b b4 2b 12 76 b3 |....ED..@.K.+.v.|
+00000010 e4 59 b3 91 bb 45 21 b3 78 aa dc 76 66 dd d6 3c |.Y...E!.x..vf..<|
+00000020 21 cf 32 5c 37 85 ef fb c7 53 cb 55 9c a5 40 0a |!.2\7....S.U..@.|
+00000030 9d f8 aa b4 e3 e4 51 bf d8 cb 15 44 f0 02 19 52 |......Q....D...R|
+00000040 62 73 82 f2 c2 ae d2 03 0e dc |bs........|
+>>> Flow 6 (server to client)
+00000000 17 03 03 00 1e fe e8 25 be 32 b9 ce db 3d 36 54 |.......%.2...=6T|
+00000010 78 7c 70 50 0e 8e f4 04 ec a9 2e 88 7b e5 23 23 |x|pP........{.##|
+00000020 72 f4 04 17 03 03 00 13 cc 7c 8e 1b 85 30 16 57 |r........|...0.W|
+00000030 b0 39 6a 3a b3 ee 57 82 17 03 c9 |.9j:..W....|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-ResumeDisabled b/src/crypto/tls/testdata/Server-TLSv13-ResumeDisabled
new file mode 100644
index 0000000..1ba7ca1
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-ResumeDisabled
@@ -0,0 +1,104 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 01 a4 01 00 01 a0 03 03 96 06 be 39 9a |..............9.|
+00000010 6b 71 35 ab f4 2a d2 66 4d 8f 2c 86 c9 b6 7b e1 |kq5..*.fM.,...{.|
+00000020 85 55 81 f5 90 49 20 c9 d7 5d ea 20 a2 da 4f 31 |.U...I ..]. ..O1|
+00000030 a6 7a bd 07 5d 24 2e 88 1c 88 0e 19 1e 33 51 51 |.z..]$.......3QQ|
+00000040 a1 14 df d7 70 b5 62 6d 28 a8 5f 0e 00 08 13 02 |....p.bm(._.....|
+00000050 13 03 13 01 00 ff 01 00 01 4f 00 00 00 0e 00 0c |.........O......|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........|
+00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................|
+000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................|
+000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....|
+000000c0 33 00 26 00 24 00 1d 00 20 6d b7 14 7e 1b 7e c5 |3.&.$... m..~.~.|
+000000d0 2b 54 1e 88 bd 64 23 49 84 31 73 f0 b8 55 6c 23 |+T...d#I.1s..Ul#|
+000000e0 9e 77 b9 c5 53 a5 7f 1d 15 00 29 00 bc 00 87 00 |.w..S.....).....|
+000000f0 81 50 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 |.PF....8.{+....B|
+00000100 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |>...............|
+00000110 00 94 68 2c a3 81 51 ed 14 ef 68 ca 42 c5 4c e2 |..h,..Q...h.B.L.|
+00000120 e9 ab 5a 10 63 08 88 5d 47 1a 77 c1 7c 72 14 12 |..Z.c..]G.w.|r..|
+00000130 24 5f 79 c4 ce 1a 7c 08 bf 81 6d 0e 55 e6 2d 0d |$_y...|...m.U.-.|
+00000140 00 68 79 bc 2d ea f4 19 fd 43 ef 51 3f b5 5f 49 |.hy.-....C.Q?._I|
+00000150 38 16 e0 74 43 a4 e9 95 f6 6d eb bf 6d e2 57 79 |8..tC....m..m.Wy|
+00000160 7a 6e 53 12 bd a2 e0 32 98 1d 4e cb ae 72 1f 4c |znS....2..N..r.L|
+00000170 38 4c 00 00 00 00 00 31 30 b6 c5 6e 26 02 64 56 |8L.....10..n&.dV|
+00000180 65 ab 95 9c 16 62 d0 c5 57 41 c7 4c 78 72 44 c7 |e....b..WA.LxrD.|
+00000190 4f a4 dc e1 d3 ef 49 af 7d a1 e5 ce 6f 22 f9 ec |O.....I.}...o"..|
+000001a0 f4 b3 e4 32 e3 99 b0 85 39 |...2....9|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 a2 da 4f 31 |........... ..O1|
+00000030 a6 7a bd 07 5d 24 2e 88 1c 88 0e 19 1e 33 51 51 |.z..]$.......3QQ|
+00000040 a1 14 df d7 70 b5 62 6d 28 a8 5f 0e 13 02 00 00 |....p.bm(._.....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 5a 35 3d 19 9b a7 |..........Z5=...|
+00000090 a4 45 2c c3 09 ae 85 be 08 fe 1d e2 9a 5d 7a 4b |.E,..........]zK|
+000000a0 8e 17 03 03 02 6d 87 db fb 18 21 96 c7 2b fb ff |.....m....!..+..|
+000000b0 89 b9 25 f6 0d 89 0f b4 17 bb 17 e1 ba 95 b7 cd |..%.............|
+000000c0 c2 75 b5 8b d8 64 ff 7c dc e2 97 32 0c 2f e0 9f |.u...d.|...2./..|
+000000d0 db b9 ef 14 9d cc e4 68 44 f7 0a 55 d2 b1 a0 f7 |.......hD..U....|
+000000e0 fc de a5 99 f0 5d 0c 60 7b c3 25 85 f6 79 8f e6 |.....].`{.%..y..|
+000000f0 cd 43 1c 43 d9 cd 28 ea ce 10 1c 16 68 b8 d7 3d |.C.C..(.....h..=|
+00000100 b4 d4 db b4 bf 76 f8 45 23 d8 9f d1 be d1 bd db |.....v.E#.......|
+00000110 9c 45 dd 28 3b 68 22 57 6c b7 65 fc 5e 66 f6 cb |.E.(;h"Wl.e.^f..|
+00000120 a2 88 bd 96 e4 00 b5 85 ae 00 95 b9 da 42 16 c9 |.............B..|
+00000130 c9 63 c2 67 ec 22 65 6e 66 0e cf de 68 ad e7 87 |.c.g."enf...h...|
+00000140 ae 63 b4 e9 1c c0 2f 1e 79 7e a3 3f 6d 2b 68 c1 |.c..../.y~.?m+h.|
+00000150 e8 60 cd 26 e0 05 de fa 7b 77 45 71 d8 f9 03 d7 |.`.&....{wEq....|
+00000160 d3 50 51 15 cf fc 39 fa 07 19 28 5e e8 2d 31 00 |.PQ...9...(^.-1.|
+00000170 2a e1 a4 21 31 83 4e 7d 51 e7 53 eb 33 22 51 fe |*..!1.N}Q.S.3"Q.|
+00000180 15 04 e9 3d 73 89 3b 56 3f c6 ec 6e 0a 71 68 a6 |...=s.;V?..n.qh.|
+00000190 76 f3 f1 aa 4e d0 9f 85 45 3f 7b aa ae ad 42 b9 |v...N...E?{...B.|
+000001a0 07 64 ab ad 03 b1 33 78 93 f0 49 95 65 fb 81 8c |.d....3x..I.e...|
+000001b0 04 ee e7 f3 2c 0a 99 51 e5 ef 05 14 d3 93 37 2b |....,..Q......7+|
+000001c0 73 96 81 6f f5 9b a3 9a 20 95 5c 13 fc 97 3e c0 |s..o.... .\...>.|
+000001d0 87 e4 ec 00 84 0b f2 09 29 63 dd 54 03 ce e0 43 |........)c.T...C|
+000001e0 e9 16 a0 98 32 3e fa 58 1d 81 1e 56 ef 64 ff f7 |....2>.X...V.d..|
+000001f0 b0 aa fc 5f 8c 89 48 76 ef d2 f1 d0 9c 16 f9 57 |..._..Hv.......W|
+00000200 ac a6 4a a4 a8 75 ae fc 4b 9f ef 3c 28 a5 0c c1 |..J..u..K..<(...|
+00000210 c8 72 82 bf e9 93 f2 42 00 0a 49 5d be c7 09 91 |.r.....B..I]....|
+00000220 29 40 5e a6 ad ae 9c 69 6f d8 33 53 0a 50 5b 48 |)@^....io.3S.P[H|
+00000230 7d d7 7e 1e 3b d3 ec e6 cf fe 1e 6a 27 a2 83 35 |}.~.;......j'..5|
+00000240 28 13 2f 00 e5 29 c3 10 46 53 a1 17 15 59 5d 74 |(./..)..FS...Y]t|
+00000250 f5 7c fa a5 71 34 32 75 48 e6 2c 1d 90 e8 c1 87 |.|..q42uH.,.....|
+00000260 50 ac 17 27 b8 f7 a9 8e 59 58 d6 b8 d9 ef b6 57 |P..'....YX.....W|
+00000270 b8 13 41 d0 eb 80 1c 48 66 1d 41 a5 b5 0d 12 17 |..A....Hf.A.....|
+00000280 52 96 62 29 0e 4a 09 b4 50 b8 37 c3 8f 85 67 27 |R.b).J..P.7...g'|
+00000290 d9 6f 33 11 95 ca 0a 36 75 ef 15 45 81 d3 ad 7d |.o3....6u..E...}|
+000002a0 1a ff a7 0c 47 21 37 24 27 ce 42 68 5f 5d 7c fe |....G!7$'.Bh_]|.|
+000002b0 0c f2 0b 81 ea f9 25 c9 99 c2 56 72 54 bd 2f 4c |......%...VrT./L|
+000002c0 40 17 f0 54 a0 6e 1d 14 80 9c 3c d3 f9 81 0d 9d |@..T.n....<.....|
+000002d0 e1 47 55 24 e4 62 0e 14 0d 46 3f 52 1b ef ab 45 |.GU$.b...F?R...E|
+000002e0 d8 86 c7 ef aa e2 ea e6 5e 2e d8 89 33 46 a0 d0 |........^...3F..|
+000002f0 39 e2 cc 13 1d 62 11 ae c0 73 71 b8 ef 4b 43 71 |9....b...sq..KCq|
+00000300 dd 14 42 09 c9 10 4e bc b9 93 78 d6 83 02 40 c0 |..B...N...x...@.|
+00000310 62 56 40 17 03 03 00 99 6e 03 4b 38 20 98 d7 3e |bV@.....n.K8 ..>|
+00000320 52 33 e0 be 26 9b 38 4c 7f 2b c1 cc 84 22 7e 86 |R3..&.8L.+..."~.|
+00000330 1d 39 f6 0a c0 ff e9 d9 4d 81 24 26 8d e1 c5 c0 |.9......M.$&....|
+00000340 78 18 59 e0 6a ac 35 ad a0 6d 32 09 63 75 88 10 |x.Y.j.5..m2.cu..|
+00000350 2b 6b d1 36 ea f9 03 41 a9 a7 26 82 38 37 aa 81 |+k.6...A..&.87..|
+00000360 a1 7a 81 5c 0b db 63 32 06 e7 cb a8 1c 0a ff be |.z.\..c2........|
+00000370 a2 e5 00 42 59 61 78 40 2e e2 85 0a ad 6b ea ae |...BYax@.....k..|
+00000380 17 5a 92 f6 d3 8e 97 a2 18 a5 28 8a 41 1d 70 26 |.Z........(.A.p&|
+00000390 bc d8 e7 38 ba c5 68 b9 ae f9 c6 27 bc 5b 3b 9f |...8..h....'.[;.|
+000003a0 db ae 38 84 6f 18 3c e6 1d 30 cb 57 b1 95 63 1d |..8.o.<..0.W..c.|
+000003b0 ef 17 03 03 00 45 40 43 00 0c 81 0a ed cf 35 9d |.....E@C......5.|
+000003c0 45 0f 2b 66 ad b6 bd f9 72 9f 77 aa 87 9a 4f 9a |E.+f....r.w...O.|
+000003d0 f4 1b 08 bd 33 aa f7 dc f1 78 58 d7 53 aa 82 12 |....3....xX.S...|
+000003e0 b1 f7 c2 dd 8b 0d 90 81 e9 a9 7b 7c 17 52 fe ab |..........{|.R..|
+000003f0 e4 94 06 d4 44 b4 7d 81 61 97 6b |....D.}.a.k|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 0e e9 bb 83 d4 |..........E.....|
+00000010 41 da c6 75 69 c2 5c 74 0c 86 c7 b9 08 2f 35 da |A..ui.\t...../5.|
+00000020 19 6f cf 43 a4 23 2f fe 59 5d 0f 1f 1e 0f ca e4 |.o.C.#/.Y]......|
+00000030 7f 4e 7d bc ce 77 76 f2 ce 1c c4 e8 4e a9 80 a8 |.N}..wv.....N...|
+00000040 72 16 5b 3c 97 8f 55 cb 76 cf fa 02 29 41 af 6d |r.[<..U.v...)A.m|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e f2 5e b6 bd bc c3 c2 58 fe 90 e9 |......^.....X...|
+00000010 07 07 a2 ab 66 41 f7 c4 1f 48 48 01 c9 38 d2 c7 |....fA...HH..8..|
+00000020 c0 ab b5 17 03 03 00 13 db 6e 0e f9 4a 94 12 a3 |.........n..J...|
+00000030 2a 86 3f d1 a7 ac c3 58 20 0d 09 |*.?....X ..|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-X25519 b/src/crypto/tls/testdata/Server-TLSv13-X25519
new file mode 100644
index 0000000..2446512
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-X25519
@@ -0,0 +1,102 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 d8 01 00 00 d4 03 03 3d 42 5b bc 55 |...........=B[.U|
+00000010 6c e3 e9 9a db 07 85 ca 18 fb f3 e0 56 18 b5 39 |l...........V..9|
+00000020 9d 43 91 41 38 a0 ea c1 eb db ec 20 ca b8 c3 6e |.C.A8...... ...n|
+00000030 c8 78 18 88 ab cf c3 cb 7e ff 7d e5 7e d5 55 94 |.x......~.}.~.U.|
+00000040 f8 b2 01 ad 8c 95 82 f0 8e d8 61 8e 00 08 13 02 |..........a.....|
+00000050 13 03 13 01 00 ff 01 00 00 83 00 00 00 0e 00 0c |................|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 04 00 02 00 1d 00 16 00 00 |................|
+00000080 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................|
+00000090 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................|
+000000a0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.|
+000000b0 02 01 01 00 33 00 26 00 24 00 1d 00 20 e8 82 c0 |....3.&.$... ...|
+000000c0 e9 dc b5 e1 3f 74 c9 42 e9 98 d1 1b fb 68 52 5d |....?t.B.....hR]|
+000000d0 3e c1 65 56 6c 12 2b 3b ad 02 7c 80 42 |>.eVl.+;..|.B|
+>>> Flow 2 (server to client)
+00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
+00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 ca b8 c3 6e |........... ...n|
+00000030 c8 78 18 88 ab cf c3 cb 7e ff 7d e5 7e d5 55 94 |.x......~.}.~.U.|
+00000040 f8 b2 01 ad 8c 95 82 f0 8e d8 61 8e 13 02 00 00 |..........a.....|
+00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
+00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
+00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
+00000080 03 03 00 01 01 17 03 03 00 17 09 03 3f 82 c1 8c |............?...|
+00000090 42 42 8d be 40 51 f5 ba 5d b8 60 d9 87 0f d5 ca |BB..@Q..].`.....|
+000000a0 3d 17 03 03 02 6d 95 e6 a7 87 7a 4a fb 68 16 3b |=....m....zJ.h.;|
+000000b0 38 cb b0 7c 97 39 1e 00 46 7b 2c 32 00 02 6c 34 |8..|.9..F{,2..l4|
+000000c0 de df 5a 3d 11 1b bc 28 d4 c1 05 fc 0c ca 28 e3 |..Z=...(......(.|
+000000d0 90 c7 ad 88 43 45 12 fd 43 f5 be 7d 46 f8 d2 ec |....CE..C..}F...|
+000000e0 00 8e 06 6f 09 0d ce 84 15 5a e7 59 1c f7 10 d4 |...o.....Z.Y....|
+000000f0 2d 37 f2 71 a7 11 7e cb 3b 75 ec 8f d1 7a 8c d0 |-7.q..~.;u...z..|
+00000100 f0 b1 18 aa 2f 3b e8 18 ff ae 0f 63 6b 41 3e 4a |..../;.....ckA>J|
+00000110 04 56 72 1b e0 60 74 a2 ef 1d 81 61 eb 94 56 25 |.Vr..`t....a..V%|
+00000120 e6 46 03 9a 2f 57 85 ca 3a f4 17 81 e3 cf 6c 2e |.F../W..:.....l.|
+00000130 63 66 48 0f 5f f7 7b 5a 55 25 4b cc 24 c9 71 dd |cfH._.{ZU%K.$.q.|
+00000140 42 32 d8 77 6f c5 69 bb 6b c5 c9 51 cb 37 97 ae |B2.wo.i.k..Q.7..|
+00000150 c3 a3 87 5c 50 e1 f3 19 84 d6 9a 7c 56 0d 63 cc |...\P......|V.c.|
+00000160 57 66 17 c8 a6 e2 f0 31 bb 20 3b 7e 9e 4e 30 fe |Wf.....1. ;~.N0.|
+00000170 1e 22 07 71 29 76 c0 a2 7e da 3c 1d 04 31 f8 54 |.".q)v..~.<..1.T|
+00000180 95 3a 84 71 d8 6b ed 43 e9 ad e9 45 c9 72 ad 0e |.:.q.k.C...E.r..|
+00000190 8d 02 21 a6 89 6f 4b 83 5f fd 7f ff 3e cb d0 f7 |..!..oK._...>...|
+000001a0 d3 94 54 7a 82 47 d3 8f 21 2f 1b f8 bf 95 e9 34 |..Tz.G..!/.....4|
+000001b0 cd 06 d6 77 04 c8 57 49 df 0a c0 84 c7 ec 86 ed |...w..WI........|
+000001c0 75 ca 33 56 b4 e8 d3 7c 45 e7 b4 c8 92 9a 73 c8 |u.3V...|E.....s.|
+000001d0 eb 30 df 76 d2 61 70 9a 31 c5 a1 d8 4f 3a 1f dc |.0.v.ap.1...O:..|
+000001e0 df 3d 85 9f b8 48 ed 78 aa 9e c1 ba 07 84 30 ec |.=...H.x......0.|
+000001f0 e5 83 1c 63 47 53 2c 06 85 40 a9 78 ea 4e a0 e3 |...cGS,..@.x.N..|
+00000200 2f 7d 67 39 38 c2 80 66 ff 62 8e 68 1f 67 17 b8 |/}g98..f.b.h.g..|
+00000210 6b af 3c cc 81 46 5a 83 bf 1e ed 65 0e 81 05 fa |k.<..FZ....e....|
+00000220 ac 06 df 63 4e af 9e 02 7f 16 2b 5f b4 0a 5e d9 |...cN.....+_..^.|
+00000230 e5 d1 39 4a 42 d5 34 43 9b 32 ba d8 b7 ad c8 b0 |..9JB.4C.2......|
+00000240 38 81 6f 93 8e 5e ee b7 86 75 d8 f4 bb 15 33 5e |8.o..^...u....3^|
+00000250 a8 39 e4 ee 7f ef 15 7b ec e1 d7 95 31 e1 83 db |.9.....{....1...|
+00000260 00 34 2e 22 02 59 33 2a a6 b5 73 f7 04 4d f5 40 |.4.".Y3*..s..M.@|
+00000270 b7 97 97 33 a0 e2 c3 cf 4b 0a bd 27 84 a1 bb 0b |...3....K..'....|
+00000280 2c 59 bd 3e 2c 82 48 b6 a5 b8 a9 20 00 37 8a 8e |,Y.>,.H.... .7..|
+00000290 f8 f2 4e e2 16 5c fb bf 92 94 37 6a 82 b8 b1 35 |..N..\....7j...5|
+000002a0 4f 77 9e dd 78 1a 07 85 42 3d de fc dc 7f 8c f4 |Ow..x...B=......|
+000002b0 fa 30 de 15 a4 dd c2 08 d5 3d 08 f4 a8 0f f0 df |.0.......=......|
+000002c0 6c 18 40 65 49 ce ce 78 99 5c bc 96 f2 02 2a 1b |l.@eI..x.\....*.|
+000002d0 5f e7 3d 50 ea 9c b4 39 84 33 05 df 3d 1c 3c f7 |_.=P...9.3..=.<.|
+000002e0 3e 55 b6 08 1b 51 b2 87 2b bb 0e 78 1d 7c 19 16 |>U...Q..+..x.|..|
+000002f0 1f 8c ab 6c 56 2b 08 8b 57 2e f9 90 d9 50 a1 30 |...lV+..W....P.0|
+00000300 14 05 54 26 3b 03 0c 46 ec b3 bd c7 eb ce b7 d7 |..T&;..F........|
+00000310 31 64 40 17 03 03 00 99 d5 7d 3d d2 c0 c4 23 6b |1d@......}=...#k|
+00000320 2c 1b 87 70 62 8c c5 63 6b 34 5b 69 e6 2d 61 7a |,..pb..ck4[i.-az|
+00000330 7f 8d 36 96 68 30 71 4b 5c 60 3a dc 28 58 80 ef |..6.h0qK\`:.(X..|
+00000340 09 60 e0 fd 64 d4 fb e5 d3 2f 0a 03 52 78 e4 0b |.`..d..../..Rx..|
+00000350 c8 03 d2 0d 13 36 19 46 50 41 ee 07 44 f8 cc 0b |.....6.FPA..D...|
+00000360 53 f9 42 0d 75 88 6f d0 52 02 67 22 bf df 4b a3 |S.B.u.o.R.g"..K.|
+00000370 0a 43 10 54 27 53 49 5d b3 41 37 df 5b 22 7b b4 |.C.T'SI].A7.["{.|
+00000380 52 21 c7 55 bd 99 a9 0a 0e 46 07 99 b0 38 dc 53 |R!.U.....F...8.S|
+00000390 0e f2 76 82 d9 15 35 62 bb 6d 87 10 a9 91 74 ad |..v...5b.m....t.|
+000003a0 b6 8e 4f 22 b8 72 05 5e de 06 e4 de 70 b3 7b 72 |..O".r.^....p.{r|
+000003b0 3e 17 03 03 00 45 ae 7c de bb a6 79 ca fd 6c fa |>....E.|...y..l.|
+000003c0 26 8b b2 6a eb 40 c0 b0 a7 98 e8 7a 0c e9 ea b3 |&..j.@.....z....|
+000003d0 30 5f b7 fd 52 85 c8 56 93 dc 3a b0 e8 bd 5a d1 |0_..R..V..:...Z.|
+000003e0 2d 94 87 27 c9 4c 57 66 35 bb e7 a5 d2 bf fd 27 |-..'.LWf5......'|
+000003f0 f7 bd e1 8c a7 50 35 64 cc d5 26 17 03 03 00 a3 |.....P5d..&.....|
+00000400 0d a3 74 9e 7e 5c bf d9 cb 27 e0 d2 c6 25 bd 29 |..t.~\...'...%.)|
+00000410 49 23 76 24 91 a8 d0 58 28 60 1d 68 75 ec f8 05 |I#v$...X(`.hu...|
+00000420 18 dd 0d b3 a8 27 98 82 78 81 e1 ee 03 69 8f 26 |.....'..x....i.&|
+00000430 00 94 59 63 ef 9b c9 24 0f c8 99 97 64 4c a3 41 |..Yc...$....dL.A|
+00000440 71 71 88 55 cd a2 61 e9 47 ed 9b e0 5b a8 f9 dc |qq.U..a.G...[...|
+00000450 e6 25 8a 1d e8 18 12 1a 3c b7 d6 86 cc 4b 9f 70 |.%......<....K.p|
+00000460 93 53 cf 8e d2 98 99 74 2a 37 96 07 a9 d5 bd 8e |.S.....t*7......|
+00000470 eb 09 01 a4 4d 46 c8 7b ab 2c 2d 25 7c fc 89 e6 |....MF.{.,-%|...|
+00000480 ac 23 92 98 de 38 1b e4 70 b3 ee 95 9b 83 03 ce |.#...8..p.......|
+00000490 bb 17 df 13 1d 5a 9f be 55 3f dc 28 4b 43 4e fd |.....Z..U?.(KCN.|
+000004a0 74 00 19 |t..|
+>>> Flow 3 (client to server)
+00000000 14 03 03 00 01 01 17 03 03 00 45 b0 11 eb 24 17 |..........E...$.|
+00000010 1c a4 d5 68 80 b2 21 4b 6d 12 fd 67 c9 8a a8 87 |...h..!Km..g....|
+00000020 27 e9 39 fd 9f 5f e4 ce 82 4f 9f 8d 2f d3 b9 04 |'.9.._...O../...|
+00000030 d0 a8 00 33 5c 58 3f 75 be d5 8b ff 9a e4 30 cb |...3\X?u......0.|
+00000040 4b e2 4d d3 0a e8 3f bb 89 98 1e 87 25 0f 4e 67 |K.M...?.....%.Ng|
+>>> Flow 4 (server to client)
+00000000 17 03 03 00 1e 1e 07 ae 09 4a 05 7b ee f6 ce a5 |.........J.{....|
+00000010 18 11 76 89 e8 67 ed 22 41 d2 a3 b6 cc bc c8 e9 |..v..g."A.......|
+00000020 73 02 7c 17 03 03 00 13 c2 87 1e 19 ea 01 63 5a |s.|...........cZ|
+00000030 aa 72 b2 95 f0 05 08 71 95 0c 75 |.r.....q..u|
diff --git a/src/crypto/tls/ticket.go b/src/crypto/tls/ticket.go
index 3e7aa93..9560176 100644
--- a/src/crypto/tls/ticket.go
+++ b/src/crypto/tls/ticket.go
@@ -12,6 +12,7 @@
"crypto/sha256"
"crypto/subtle"
"errors"
+ "internal/x/crypto/cryptobyte"
"io"
)
@@ -27,31 +28,6 @@
usedOldKey bool
}
-func (s *sessionState) equal(i interface{}) bool {
- s1, ok := i.(*sessionState)
- if !ok {
- return false
- }
-
- if s.vers != s1.vers ||
- s.cipherSuite != s1.cipherSuite ||
- !bytes.Equal(s.masterSecret, s1.masterSecret) {
- return false
- }
-
- if len(s.certificates) != len(s1.certificates) {
- return false
- }
-
- for i := range s.certificates {
- if !bytes.Equal(s.certificates[i], s1.certificates[i]) {
- return false
- }
- }
-
- return true
-}
-
func (s *sessionState) marshal() []byte {
length := 2 + 2 + 2 + len(s.masterSecret) + 2
for _, cert := range s.certificates {
@@ -129,9 +105,50 @@
return len(data) == 0
}
-func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {
- serialized := state.marshal()
- encrypted := make([]byte, ticketKeyNameLen+aes.BlockSize+len(serialized)+sha256.Size)
+// sessionStateTLS13 is the content of a TLS 1.3 session ticket. Its first
+// version (revision = 0) doesn't carry any of the information needed for 0-RTT
+// validation and the nonce is always empty.
+type sessionStateTLS13 struct {
+ // uint8 version = 0x0304;
+ // uint8 revision = 0;
+ cipherSuite uint16
+ createdAt uint64
+ resumptionSecret []byte // opaque resumption_master_secret<1..2^8-1>;
+ certificate Certificate // CertificateEntry certificate_list<0..2^24-1>;
+}
+
+func (m *sessionStateTLS13) marshal() []byte {
+ var b cryptobyte.Builder
+ b.AddUint16(VersionTLS13)
+ b.AddUint8(0) // revision
+ b.AddUint16(m.cipherSuite)
+ addUint64(&b, m.createdAt)
+ b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+ b.AddBytes(m.resumptionSecret)
+ })
+ marshalCertificate(&b, m.certificate)
+ return b.BytesOrPanic()
+}
+
+func (m *sessionStateTLS13) unmarshal(data []byte) bool {
+ *m = sessionStateTLS13{}
+ s := cryptobyte.String(data)
+ var version uint16
+ var revision uint8
+ return s.ReadUint16(&version) &&
+ version == VersionTLS13 &&
+ s.ReadUint8(&revision) &&
+ revision == 0 &&
+ s.ReadUint16(&m.cipherSuite) &&
+ readUint64(&s, &m.createdAt) &&
+ readUint8LengthPrefixed(&s, &m.resumptionSecret) &&
+ len(m.resumptionSecret) != 0 &&
+ unmarshalCertificate(&s, &m.certificate) &&
+ s.Empty()
+}
+
+func (c *Conn) encryptTicket(state []byte) ([]byte, error) {
+ encrypted := make([]byte, ticketKeyNameLen+aes.BlockSize+len(state)+sha256.Size)
keyName := encrypted[:ticketKeyNameLen]
iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize]
macBytes := encrypted[len(encrypted)-sha256.Size:]
@@ -145,7 +162,7 @@
if err != nil {
return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error())
}
- cipher.NewCTR(block, iv).XORKeyStream(encrypted[ticketKeyNameLen+aes.BlockSize:], serialized)
+ cipher.NewCTR(block, iv).XORKeyStream(encrypted[ticketKeyNameLen+aes.BlockSize:], state)
mac := hmac.New(sha256.New, key.hmacKey[:])
mac.Write(encrypted[:len(encrypted)-sha256.Size])
@@ -154,15 +171,15 @@
return encrypted, nil
}
-func (c *Conn) decryptTicket(encrypted []byte) (*sessionState, bool) {
- if c.config.SessionTicketsDisabled ||
- len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
+func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey bool) {
+ if len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
return nil, false
}
keyName := encrypted[:ticketKeyNameLen]
iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize]
macBytes := encrypted[len(encrypted)-sha256.Size:]
+ ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size]
keys := c.config.ticketKeys()
keyIndex := -1
@@ -190,11 +207,8 @@
if err != nil {
return nil, false
}
- ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size]
- plaintext := ciphertext
+ plaintext = make([]byte, len(ciphertext))
cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext)
- state := &sessionState{usedOldKey: keyIndex > 0}
- ok := state.unmarshal(plaintext)
- return state, ok
+ return plaintext, keyIndex > 0
}
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index 8fd4294..578035c 100644
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -2,7 +2,17 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package tls partially implements TLS 1.2, as specified in RFC 5246.
+// Package tls partially implements TLS 1.2, as specified in RFC 5246,
+// and TLS 1.3, as specified in RFC 8446.
+//
+// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable
+// it, set the GODEBUG environment variable (comma-separated key=value
+// options) such that it includes "tls13=1". To enable it from within
+// the process, set the environment variable before any use of TLS:
+//
+// func init() {
+// os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+// }
package tls
// BUG(agl): The crypto/tls package only implements some countermeasures
diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go
index 7542699..208c13c 100644
--- a/src/crypto/tls/tls_test.go
+++ b/src/crypto/tls/tls_test.go
@@ -18,10 +18,22 @@
"os"
"reflect"
"strings"
+ "sync"
"testing"
"time"
)
+var savedSupportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithmsTLS12
+
+func init() {
+ // TLS 1.3 is opt-in for Go 1.12, and RSA-PSS is disabled in TLS 1.2, but we
+ // want to run most tests with both enabled. TestTLS13Switch below and the
+ // "PSS-Disabled" recordings test the disabled behavior. See Issue 30055.
+ tls13Support.Do(func() {}) // defuse the sync.Once
+ tls13Support.cached = true
+ supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms
+}
+
var rsaCertPEM = `-----BEGIN CERTIFICATE-----
MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
@@ -253,6 +265,9 @@
}()
clientConfig := testConfig.Clone()
+ // In TLS 1.3, alerts are encrypted and disguised as application data, so
+ // the opportunistic peek won't work.
+ clientConfig.MaxVersion = VersionTLS12
conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
if err != nil {
t.Fatal(err)
@@ -298,6 +313,7 @@
return
}
serverConfig := testConfig.Clone()
+ serverConfig.MaxVersion = VersionTLS12 // TLSUnique is not defined in TLS 1.3
srv := Server(sconn, serverConfig)
if err := srv.Handshake(); err != nil {
t.Error(err)
@@ -352,19 +368,22 @@
if err := c.VerifyHostname("www.google.com"); err == nil {
t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true")
}
- if err := c.VerifyHostname("www.yahoo.com"); err == nil {
- t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true")
- }
}
func TestVerifyHostnameResumed(t *testing.T) {
+ t.Run("TLSv12", func(t *testing.T) { testVerifyHostnameResumed(t, VersionTLS12) })
+ t.Run("TLSv13", func(t *testing.T) { testVerifyHostnameResumed(t, VersionTLS13) })
+}
+
+func testVerifyHostnameResumed(t *testing.T, version uint16) {
testenv.MustHaveExternalNetwork(t)
config := &Config{
+ MaxVersion: version,
ClientSessionCache: NewLRUClientSessionCache(32),
}
for i := 0; i < 2; i++ {
- c, err := Dial("tcp", "www.google.com:https", config)
+ c, err := Dial("tcp", "mail.google.com:https", config)
if err != nil {
t.Fatalf("Dial #%d: %v", i, err)
}
@@ -372,11 +391,21 @@
if i > 0 && !cs.DidResume {
t.Fatalf("Subsequent connection unexpectedly didn't resume")
}
+ if cs.Version != version {
+ t.Fatalf("Unexpectedly negotiated version %x", cs.Version)
+ }
if cs.VerifiedChains == nil {
t.Fatalf("Dial #%d: cs.VerifiedChains == nil", i)
}
- if err := c.VerifyHostname("www.google.com"); err != nil {
- t.Fatalf("verify www.google.com #%d: %v", i, err)
+ if err := c.VerifyHostname("mail.google.com"); err != nil {
+ t.Fatalf("verify mail.google.com #%d: %v", i, err)
+ }
+ // Give the client a chance to read the server session tickets.
+ c.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
+ if _, err := c.Read(make([]byte, 1)); err != nil {
+ if err, ok := err.(net.Error); !ok || !err.Timeout() {
+ t.Fatal(err)
+ }
}
c.Close()
}
@@ -589,7 +618,7 @@
if err == nil {
return errors.New("unexpected lack of error from server")
}
- const expected = "too many warn"
+ const expected = "too many ignored"
if str := err.Error(); !strings.Contains(str, expected) {
return fmt.Errorf("expected error containing %q, but saw: %s", expected, str)
}
@@ -601,6 +630,7 @@
go func() { errChan <- server() }()
clientConfig := testConfig.Clone()
+ clientConfig.MaxVersion = VersionTLS12 // there are no warning alerts in TLS 1.3
conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
if err != nil {
t.Fatal(err)
@@ -610,7 +640,7 @@
t.Fatal(err)
}
- for i := 0; i < maxWarnAlertCount+1; i++ {
+ for i := 0; i < maxUselessRecords+1; i++ {
conn.sendAlert(alertNoRenegotiation)
}
@@ -749,7 +779,7 @@
return w.Conn.Close()
}
-func throughput(b *testing.B, totalBytes int64, dynamicRecordSizingDisabled bool) {
+func throughput(b *testing.B, version uint16, totalBytes int64, dynamicRecordSizingDisabled bool) {
ln := newLocalListener(b)
defer ln.Close()
@@ -785,6 +815,7 @@
clientConfig := testConfig.Clone()
clientConfig.CipherSuites = nil // the defaults may prefer faster ciphers
clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled
+ clientConfig.MaxVersion = version
buf := make([]byte, bufsize)
chunks := int(math.Ceil(float64(totalBytes) / float64(len(buf))))
@@ -812,7 +843,12 @@
for size := 1; size <= 64; size <<= 1 {
name := fmt.Sprintf("%sPacket/%dMB", mode, size)
b.Run(name, func(b *testing.B) {
- throughput(b, int64(size<<20), mode == "Max")
+ b.Run("TLSv12", func(b *testing.B) {
+ throughput(b, VersionTLS12, int64(size<<20), mode == "Max")
+ })
+ b.Run("TLSv13", func(b *testing.B) {
+ throughput(b, VersionTLS13, int64(size<<20), mode == "Max")
+ })
})
}
}
@@ -846,7 +882,7 @@
return len(p), nil
}
-func latency(b *testing.B, bps int, dynamicRecordSizingDisabled bool) {
+func latency(b *testing.B, version uint16, bps int, dynamicRecordSizingDisabled bool) {
ln := newLocalListener(b)
defer ln.Close()
@@ -872,6 +908,7 @@
clientConfig := testConfig.Clone()
clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled
+ clientConfig.MaxVersion = version
buf := make([]byte, 16384)
peek := make([]byte, 1)
@@ -903,7 +940,12 @@
for _, kbps := range []int{200, 500, 1000, 2000, 5000} {
name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps)
b.Run(name, func(b *testing.B) {
- latency(b, kbps*1000, mode == "Max")
+ b.Run("TLSv12", func(b *testing.B) {
+ latency(b, VersionTLS12, kbps*1000, mode == "Max")
+ })
+ b.Run("TLSv13", func(b *testing.B) {
+ latency(b, VersionTLS13, kbps*1000, mode == "Max")
+ })
})
}
}
@@ -916,3 +958,195 @@
t.Errorf("json.Marshal failed on ConnectionState: %v", err)
}
}
+
+func TestConnectionState(t *testing.T) {
+ issuer, err := x509.ParseCertificate(testRSACertificateIssuer)
+ if err != nil {
+ panic(err)
+ }
+ rootCAs := x509.NewCertPool()
+ rootCAs.AddCert(issuer)
+
+ now := func() time.Time { return time.Unix(1476984729, 0) }
+
+ const alpnProtocol = "golang"
+ const serverName = "example.golang"
+ var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")}
+ var ocsp = []byte("dummy ocsp")
+
+ for _, v := range []uint16{VersionTLS12, VersionTLS13} {
+ var name string
+ switch v {
+ case VersionTLS12:
+ name = "TLSv12"
+ case VersionTLS13:
+ name = "TLSv13"
+ }
+ t.Run(name, func(t *testing.T) {
+ config := &Config{
+ Time: now,
+ Rand: zeroSource{},
+ Certificates: make([]Certificate, 1),
+ MaxVersion: v,
+ RootCAs: rootCAs,
+ ClientCAs: rootCAs,
+ ClientAuth: RequireAndVerifyClientCert,
+ NextProtos: []string{alpnProtocol},
+ ServerName: serverName,
+ }
+ config.Certificates[0].Certificate = [][]byte{testRSACertificate}
+ config.Certificates[0].PrivateKey = testRSAPrivateKey
+ config.Certificates[0].SignedCertificateTimestamps = scts
+ config.Certificates[0].OCSPStaple = ocsp
+
+ ss, cs, err := testHandshake(t, config, config)
+ if err != nil {
+ t.Fatalf("Handshake failed: %v", err)
+ }
+
+ if ss.Version != v || cs.Version != v {
+ t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v)
+ }
+
+ if !ss.HandshakeComplete || !cs.HandshakeComplete {
+ t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete)
+ }
+
+ if ss.DidResume || cs.DidResume {
+ t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume)
+ }
+
+ if ss.CipherSuite == 0 || cs.CipherSuite == 0 {
+ t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite)
+ }
+
+ if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol {
+ t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol)
+ }
+
+ if !cs.NegotiatedProtocolIsMutual {
+ t.Errorf("Got false NegotiatedProtocolIsMutual on the client side")
+ }
+ // NegotiatedProtocolIsMutual on the server side is unspecified.
+
+ if ss.ServerName != serverName {
+ t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName)
+ }
+ if cs.ServerName != "" {
+ t.Errorf("Got unexpected server name on the client side")
+ }
+
+ if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 {
+ t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1)
+ }
+
+ if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 {
+ t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1)
+ } else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 {
+ t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2)
+ }
+
+ if len(cs.SignedCertificateTimestamps) != 2 {
+ t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2)
+ }
+ if !bytes.Equal(cs.OCSPResponse, ocsp) {
+ t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp)
+ }
+ // Only TLS 1.3 supports OCSP and SCTs on client certs.
+ if v == VersionTLS13 {
+ if len(ss.SignedCertificateTimestamps) != 2 {
+ t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2)
+ }
+ if !bytes.Equal(ss.OCSPResponse, ocsp) {
+ t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp)
+ }
+ }
+
+ if v == VersionTLS13 {
+ if ss.TLSUnique != nil || cs.TLSUnique != nil {
+ t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique)
+ }
+ } else {
+ if ss.TLSUnique == nil || cs.TLSUnique == nil {
+ t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique)
+ }
+ }
+ })
+ }
+}
+
+// TestEscapeRoute tests that the library will still work if support for TLS 1.3
+// is dropped later in the Go 1.12 cycle.
+func TestEscapeRoute(t *testing.T) {
+ defer func(savedSupportedVersions []uint16) {
+ supportedVersions = savedSupportedVersions
+ }(supportedVersions)
+ supportedVersions = []uint16{
+ VersionTLS12,
+ VersionTLS11,
+ VersionTLS10,
+ VersionSSL30,
+ }
+
+ expectVersion(t, testConfig, testConfig, VersionTLS12)
+}
+
+func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) {
+ ss, cs, err := testHandshake(t, clientConfig, serverConfig)
+ if err != nil {
+ t.Fatalf("Handshake failed: %v", err)
+ }
+ if ss.Version != v {
+ t.Errorf("Server negotiated version %x, expected %x", cs.Version, v)
+ }
+ if cs.Version != v {
+ t.Errorf("Client negotiated version %x, expected %x", cs.Version, v)
+ }
+}
+
+// TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055.
+func TestTLS13Switch(t *testing.T) {
+ defer func(savedGODEBUG string) {
+ os.Setenv("GODEBUG", savedGODEBUG)
+ }(os.Getenv("GODEBUG"))
+
+ os.Setenv("GODEBUG", "tls13=0")
+ tls13Support.Once = sync.Once{} // reset the cache
+
+ tls12Config := testConfig.Clone()
+ tls12Config.MaxVersion = VersionTLS12
+ expectVersion(t, testConfig, testConfig, VersionTLS12)
+ expectVersion(t, tls12Config, testConfig, VersionTLS12)
+ expectVersion(t, testConfig, tls12Config, VersionTLS12)
+ expectVersion(t, tls12Config, tls12Config, VersionTLS12)
+
+ os.Setenv("GODEBUG", "tls13=1")
+ tls13Support.Once = sync.Once{} // reset the cache
+
+ expectVersion(t, testConfig, testConfig, VersionTLS13)
+ expectVersion(t, tls12Config, testConfig, VersionTLS12)
+ expectVersion(t, testConfig, tls12Config, VersionTLS12)
+ expectVersion(t, tls12Config, tls12Config, VersionTLS12)
+}
+
+// Issue 28744: Ensure that we don't modify memory
+// that Config doesn't own such as Certificates.
+func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) {
+ c0 := Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ }
+ c1 := Certificate{
+ Certificate: [][]byte{testSNICertificate},
+ PrivateKey: testRSAPrivateKey,
+ }
+ config := testConfig.Clone()
+ config.Certificates = []Certificate{c0, c1}
+
+ config.BuildNameToCertificate()
+ got := config.Certificates
+ want := []Certificate{c0, c1}
+ if !reflect.DeepEqual(got, want) {
+ t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want)
+ }
+}