ePSK: 00000: 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 00000: 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 ---------------------------Client--------------------------- ClientHello1 message: msg_type: 01 length: 00007B body: legacy_version: 0303 random: 01010101010101010101010101010101 01010101010101010101010101010101 legacy_session_id: length: 00 vector: -- cipher_suites: length: 0002 vector: CipherSuite: C104 compression_methods: length: 01 vector: CompressionMethod: 00 extensions: length: 0050 vector: Extension: /* supported_groups */ extension_type: 000A extension_data: length: 0006 vector: named_group_list: length: 0004 vector: /* GC256B */ 0023 /* GC512C */ 0028 Extension: /* supported_versions */ extension_type: 002B extension_data: length: 0003 vector: versions: length: 02 vector: 0304 Extension: /* psk_key_exchange_modes */ extension_type: 002D extension_data: length: 0002 vector: ke_modes: length: 01 vector: /* psk_dhe_ke */ 01 Extension: /* key_share */ extension_type: 0033 extension_data: length: 0002 client_shares: length: 0000 vector: -- Extension: /* pre_shared_key */ extension_type: 0029 extension_data: length: 002F vector: identities: length: 000A vector: identity: length: 0004 vector: 6550534B obfuscated_ticket_age: 00000000 binders: length: 0021 vector: binder: length: 20 vector: 6F3A0B91F2945EF7056DB74302BC34B6 DF77A88E09C587508AB6287C6C0514AD Truncate(ClientHello1): 0000: 01 00 00 7B 03 03 01 01 01 01 01 01 01 01 01 01 0010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 0020: 01 01 01 01 01 01 00 00 02 C1 04 01 00 00 50 00 0030: 0A 00 06 00 04 00 23 00 28 00 2B 00 03 02 03 04 0040: 00 2D 00 02 01 01 00 33 00 02 00 00 00 29 00 2F 0050: 00 0A 00 04 65 50 53 4B 00 00 00 00 Hash(Truncate(ClientHello1)): 0000: CC 9C A9 FC 18 DF 7A 2F 5F 63 27 D7 7B EA DC F1 0010: A7 3D 80 97 7F EB EA B4 F0 D3 83 39 30 00 2B 8D EarlySecret = HKDF-Extract(Salt: 0^Hlen, IKM: ePSK): 00000: 42 30 7A 99 68 18 34 0D D0 56 2F 7F EB E6 2A B5 00010: 70 F3 BC 88 9C A9 29 3A 89 0D F2 09 B9 1B BB F3 binder_key = Derive-Secret(EarlySecret, "ext binder", "") = HKDF-Expand-Label(EarlySecret, "ext binder", "", 32): 00000: A4 37 62 C3 5E 75 54 1A 15 58 A0 8D 15 50 D3 29 00010: 4C C3 F9 0C 73 99 EC C0 50 B9 15 37 A2 4C D5 E4 finished_binder_key = HKDF-Expand-Label(binder_key, "finished", "", 32): 00000: F5 6F 59 C2 E2 F8 E7 7C 69 80 1F B1 7D B4 C1 8B 00010: ED 96 EB 32 FC D7 AB 95 AD D6 B1 CF F1 73 E6 65 binder = HMAC(finished_binder_key, Hash(Truncate(ClientHello1))): 00000: 6F 3A 0B 91 F2 94 5E F7 05 6D B7 43 02 BC 34 B6 00010: DF 77 A8 8E 09 C5 87 50 8A B6 28 7C 6C 05 14 AD 0000: 01 00 00 7B 03 03 01 01 01 01 01 01 01 01 01 01 0010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 0020: 01 01 01 01 01 01 00 00 02 C1 04 01 00 00 50 00 0030: 0A 00 06 00 04 00 23 00 28 00 2B 00 03 02 03 04 0040: 0A 07 0B 07 0C 07 0D 07 0E 07 0F 00 2B 00 03 02 0050: 00 2D 00 02 01 01 00 33 00 02 00 00 00 29 00 2F 0060: 00 0A 00 04 65 50 53 4B 00 00 00 00 00 21 20 6F 0070: 3A 0B 91 F2 94 5E F7 05 6D B7 43 02 BC 34 B6 DF 0080: 77 A8 8E 09 C5 87 50 8A B6 28 7C 6C 05 14 AD Record layer message: type: 16 legacy_record_version: 0301 length: 007F fragment: 0100007B030301010101010101010101 01010101010101010101010101010101 010101010101000002C1040100005000 0A0006000400230028002B0003020304 0A070B070C070D070E070F002B000302 002D000201010033000200000029002F 000A00046550534B000000000021206F 3A0B91F2945EF7056DB74302BC34B6DF 77A88E09C587508AB6287C6C0514AD 00000: 16 03 01 00 7F 01 00 00 7B 03 03 01 01 01 01 01 00010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00020: 01 01 01 01 01 01 01 01 01 01 01 00 00 02 C1 04 00030: 01 00 00 50 00 0A 00 06 00 04 00 23 00 28 00 2B 00040: 00 03 02 03 04 0A 07 0B 07 0C 07 0D 07 0E 07 0F 00050: 00 2B 00 03 02 00 2D 00 02 01 01 00 33 00 02 00 00060: 00 00 29 00 2F 00 0A 00 04 65 50 53 4B 00 00 00 00070: 00 00 21 20 6F 3A 0B 91 F2 94 5E F7 05 6D B7 43 00080: 02 BC 34 B6 DF 77 A8 8E 09 C5 87 50 8A B6 28 7C 00090: 6C 05 14 AD ---------------------------Server--------------------------- HelloRetryRequest message: msg_type: 02 length: 000034 body: legacy_version: 0303 random: CF21AD74E59A6111BE1D8C021E65B891 C2A211167ABB8C5E079E09E2C8A8339C legacy_session_id: length: 00 vector: -- cipher_suite: CipherSuite: C104 compression_method: CompressionMethod: 00 extensions: length: 000C vector: Extension: /* supported_versions */ extension_type: 002B extension_data: length: 0002 vector: selected_version: 0304 Extension: /* key_share */ extension_type: 0033 extension_data: length: 0002 selected_group: 0023 00000: 02 00 00 34 03 03 CF 21 AD 74 E5 9A 61 11 BE 1D 00010: 8C 02 1E 65 B8 91 C2 A2 11 16 7A BB 8C 5E 07 9E 00020: 09 E2 C8 A8 33 9C 00 C1 04 00 00 0C 00 2B 00 02 00030: 03 04 00 33 00 02 00 23 Record layer message: type: 16 legacy_record_version: 0303 length: 0038 fragment: 020000340303CF21AD74E59A6111BE1D 8C021E65B891C2A211167ABB8C5E079E 09E2C8A8339C00C10400000C002B0002 0304003300020023 00000: 16 03 03 00 38 02 00 00 34 03 03 CF 21 AD 74 E5 00010: 9A 61 11 BE 1D 8C 02 1E 65 B8 91 C2 A2 11 16 7A 00020: BB 8C 5E 07 9E 09 E2 C8 A8 33 9C 00 C1 04 00 00 00030: 0C 00 2B 00 02 03 04 00 33 00 02 00 23 ---------------------------Client--------------------------- ClientHello2 message: msg_type: 01 length: 0000BF body: legacy_version: 0303 random: 01010101010101010101010101010101 01010101010101010101010101010101 legacy_session_id: length: 00 vector: -- cipher_suites: length: 0002 vector: CipherSuite: C104 compression_methods: length: 01 vector: CompressionMethod: 00 extensions: length: 0094 vector: Extension: /* supported_groups */ extension_type: 000A extension_data: length: 0006 vector: named_group_list: length: 0004 vector: /* GC256B */ 0023 /* GC512C */ 0028 Extension: /* supported_versions */ extension_type: 002B extension_data: length: 0003 vector: versions: length: 02 vector: 0304 Extension: /* psk_key_exchange_modes */ extension_type: 002D extension_data: length: 0002 vector: ke_modes: length: 01 vector: /* psk_dhe_ke */ 01 Extension: /* key_share */ extension_type: 0033 extension_data: length: 0046 client_shares: length: 0044 vector: group: 0023 key_exchange: length: 0040 vector: D35AA795C452450949591D60E7D5C076 056D6646F3B80708CDC2E7034DE85F68 D1122DC32A3B986D40FF910622A06C12 26D9EC3A7D3A52E0A37C282C47602A43 Extension: /* pre_shared_key */ extension_type: 0029 extension_data: length: 002F vector: identities: length: 000A vector: identity: length: 0004 vector: 6550534B obfuscated_ticket_age: 00000000 binders: length: 0021 vector: binder: length: 20 vector: 0BF74AA3933B7D1A66961B6E2CFB6A28 04D696BB607710E3F56DDA91F56B57CB Truncate(ClientHello2): 0000: 01 00 00 BF 03 03 01 01 01 01 01 01 01 01 01 01 0010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 0020: 01 01 01 01 01 01 00 00 02 C1 04 01 00 00 94 00 0030: 0A 00 06 00 04 00 23 00 28 00 2B 00 03 02 03 04 0040: 00 2D 00 02 01 01 00 33 00 46 00 44 00 23 00 40 0050: D3 5A A7 95 C4 52 45 09 49 59 1D 60 E7 D5 C0 76 0060: 05 6D 66 46 F3 B8 07 08 CD C2 E7 03 4D E8 5F 68 0070: D1 12 2D C3 2A 3B 98 6D 40 FF 91 06 22 A0 6C 12 0080: 26 D9 EC 3A 7D 3A 52 E0 A3 7C 28 2C 47 60 2A 43 0090: 00 29 00 2F 00 0A 00 04 65 50 53 4B 00 00 00 00 finished_binder_key: 00000: F5 6F 59 C2 E2 F8 E7 7C 69 80 1F B1 7D B4 C1 8B 00010: ED 96 EB 32 FC D7 AB 95 AD D6 B1 CF F1 73 E6 65 BinderMsg = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, Truncate(ClientHello2)) Hash(BinderMsg) = 73 7C 63 74 1B 3A EA DF C8 73 DF 6E EA 81 19 32 BF CE 93 4F AA 85 84 F1 44 F8 77 13 E0 D0 CA 32 binder = HMAC(finished_binder_key, Hash(BinderMsg)) = 0B F7 4A A3 93 3B 7D 1A 66 96 1B 6E 2C FB 6A 28 04 D6 96 BB 60 77 10 E3 F5 6D DA 91 F5 6B 57 CB 0000: 01 00 00 BF 03 03 01 01 01 01 01 01 01 01 01 01 0010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 0020: 01 01 01 01 01 01 00 00 02 C1 04 01 00 00 94 00 0030: 0A 00 06 00 04 00 23 00 28 00 2B 00 03 02 03 04 0040: 00 2D 00 02 01 01 00 33 00 46 00 44 00 23 00 40 0050: D3 5A A7 95 C4 52 45 09 49 59 1D 60 E7 D5 C0 76 0060: 05 6D 66 46 F3 B8 07 08 CD C2 E7 03 4D E8 5F 68 0070: D1 12 2D C3 2A 3B 98 6D 40 FF 91 06 22 A0 6C 12 0080: 26 D9 EC 3A 7D 3A 52 E0 A3 7C 28 2C 47 60 2A 43 0090: 00 29 00 2F 00 0A 00 04 65 50 53 4B 00 00 00 00 00A0: 00 21 20 0B F7 4A A3 93 3B 7D 1A 66 96 1B 6E 2C 00B0: FB 6A 28 04 D6 96 BB 60 77 10 E3 F5 6D DA 91 F5 00C0: 6B 57 CB Record layer message: type: 16 legacy_record_version: 0303 length: 00C3 fragment: 010000BF030301010101010101010101 01010101010101010101010101010101 010101010101000002C1040100009400 0A0006000400230028002B0003020304 002D0002010100330046004400230040 D35AA795C452450949591D60E7D5C076 056D6646F3B80708CDC2E7034DE85F68 D1122DC32A3B986D40FF910622A06C12 26D9EC3A7D3A52E0A37C282C47602A43 0029002F000A00046550534B00000000 0021200BF74AA3933B7D1A66961B6E2C FB6A2804D696BB607710E3F56DDA91F5 6B57CB 00000: 16 03 03 00 C3 01 00 00 BF 03 03 01 01 01 01 01 00010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00020: 01 01 01 01 01 01 01 01 01 01 01 00 00 02 C1 04 00030: 01 00 00 94 00 0A 00 06 00 04 00 23 00 28 00 2B 00040: 00 03 02 03 04 00 2D 00 02 01 01 00 33 00 46 00 00050: 44 00 23 00 40 D3 5A A7 95 C4 52 45 09 49 59 1D 00060: 60 E7 D5 C0 76 05 6D 66 46 F3 B8 07 08 CD C2 E7 00070: 03 4D E8 5F 68 D1 12 2D C3 2A 3B 98 6D 40 FF 91 00080: 06 22 A0 6C 12 26 D9 EC 3A 7D 3A 52 E0 A3 7C 28 00090: 2C 47 60 2A 43 00 29 00 2F 00 0A 00 04 65 50 53 000A0: 4B 00 00 00 00 00 21 20 0B F7 4A A3 93 3B 7D 1A 000B0: 66 96 1B 6E 2C FB 6A 28 04 D6 96 BB 60 77 10 E3 000C0: F5 6D DA 91 F5 6B 57 CB ---------------------------Server--------------------------- ServerHello message: msg_type: 02 length: 00007C body: legacy_version: 0303 random: 82828282828282828282828282828282 82828282828282828282828282828282 legacy_session_id: length: 00 vector: -- cipher_suite: CipherSuite: C104 compression_method: CompressionMethod: 00 extensions: length: 0054 vector: Extension: /* supported_versions */ extension_type: 002B extension_data: length: 0002 vector: selected_version: 0304 Extension: /* key_share */ extension_type: 0033 extension_data: length: 0044 vector: group: 0023 key_exchange: length: 0040 vector: 3D2FB067E106CC9980FB8842811164BA 708BBB5038D5EDFBEE1D5E5DFBE6F74F 1931217C67C2BDF46253DB9CE3487241 F2DBD84E2DABDF65455851B0B19AEFEC Extension: /* pre_shared_key */ extension_type: 0029 extension_data: length: 0002 selected_identity: 0000 00000: 02 00 00 7C 03 03 82 82 82 82 82 82 82 82 82 82 00010: 82 82 82 82 82 82 82 82 82 82 82 82 82 82 82 82 00020: 82 82 82 82 82 82 00 C1 04 00 00 54 00 2B 00 02 00030: 03 04 00 33 00 44 00 23 00 40 3D 2F B0 67 E1 06 00040: CC 99 80 FB 88 42 81 11 64 BA 70 8B BB 50 38 D5 00050: ED FB EE 1D 5E 5D FB E6 F7 4F 19 31 21 7C 67 C2 00060: BD F4 62 53 DB 9C E3 48 72 41 F2 DB D8 4E 2D AB 00070: DF 65 45 58 51 B0 B1 9A EF EC 00 29 00 02 00 00 Record layer message: type: 16 legacy_record_version: 0303 length: 0080 fragment: 020000410303933EA21E49C31BC3A345 6165889684CAA5576CE7924A24F58113 808DBD9EF85610C3802A561550EC78D6 ED51AC2439D7E7C101000009FF010001 0000170000 00000: 16 03 03 00 80 02 00 00 7C 03 03 82 82 82 82 82 00010: 82 82 82 82 82 82 82 82 82 82 82 82 82 82 82 82 00020: 82 82 82 82 82 82 82 82 82 82 82 00 C1 04 00 00 00030: 54 00 2B 00 02 03 04 00 33 00 44 00 23 00 40 3D 00040: 2F B0 67 E1 06 CC 99 80 FB 88 42 81 11 64 BA 70 00050: 8B BB 50 38 D5 ED FB EE 1D 5E 5D FB E6 F7 4F 19 00060: 31 21 7C 67 C2 BD F4 62 53 DB 9C E3 48 72 41 F2 00070: DB D8 4E 2D AB DF 65 45 58 51 B0 B1 9A EF EC 00 00080: 29 00 02 00 00 ---------------------------Client--------------------------- d_C^res: 00000: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 00010: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 Q_S^res: 00000: 3D 2F B0 67 E1 06 CC 99 80 FB 88 42 81 11 64 BA 00010: 70 8B BB 50 38 D5 ED FB EE 1D 5E 5D FB E6 F7 4F 00020: 19 31 21 7C 67 C2 BD F4 62 53 DB 9C E3 48 72 41 00030: F2 DB D8 4E 2D AB DF 65 45 58 51 B0 B1 9A EF EC ECDHE: 00000: 98 5A 86 59 D5 5A 8D 48 E0 E6 77 13 96 58 0B 2C 00010: DC DA 37 E9 2A EE 18 14 D1 0E 1B F2 A4 4F 0D 24 ---------------------------Server--------------------------- d_S^res: 00000: 83 83 83 83 83 83 83 83 83 83 83 83 83 83 83 83 00010: 83 83 83 83 83 83 83 83 83 83 83 83 83 83 83 83 Q_C^res: 00000: D3 5A A7 95 C4 52 45 09 49 59 1D 60 E7 D5 C0 76 00010: 05 6D 66 46 F3 B8 07 08 CD C2 E7 03 4D E8 5F 68 00020: D1 12 2D C3 2A 3B 98 6D 40 FF 91 06 22 A0 6C 12 00030: 26 D9 EC 3A 7D 3A 52 E0 A3 7C 28 2C 47 60 2A 43 ECDHE: 00000: 98 5A 86 59 D5 5A 8D 48 E0 E6 77 13 96 58 0B 2C 00010: DC DA 37 E9 2A EE 18 14 D1 0E 1B F2 A4 4F 0D 24 ---------------------------Server--------------------------- EncryptedExtensions message: msg_type: 08 length: 000002 body: extensions: length: 0000 vector: -- 00000: 08 00 00 02 00 00 Record payload protection: EarlySecret = HKDF-Extract(Salt: 0^256, IKM: ePSK): 00000: 42 30 7A 99 68 18 34 0D D0 56 2F 7F EB E6 2A B5 00010: 70 F3 BC 88 9C A9 29 3A 89 0D F2 09 B9 1B BB F3 Derived #0 = Derive-Secret(EarlySecret, "derived", "") = HKDF-Expand-Label(EarlySecret, "derived", "", 32): 00000: 6B 4E 9C 49 C5 C6 F1 7F 60 B2 B8 4B 55 0A 16 38 00010: 14 09 5B 80 88 8E C0 B0 CA 52 E4 09 0C B3 F8 BE HandshakeSecret = HKDF-Extract(Salt: Derived #0, IKM: ECDHE): 00000: A9 CB E6 58 50 2F 3F D1 18 66 51 5F D6 15 E9 88 00010: 0D 1E 61 B5 28 34 BB FD 5F 19 C2 4C 53 C8 79 7F HM1 = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, ClientHello2, ServerHello) TH1 = Transcript-Hash(HM1): 00000: 88 8D 5D 1E 15 98 65 05 97 3E F2 0F 9A FA F5 71 00010: 20 A3 66 C2 D2 19 91 D1 5E 25 07 0C 3D 07 D5 E9 server_handshake_traffic_secret (SHTS): SHTS = Derive-Secret(HandshakeSecret, "s hs traffic", HM1) = HKDF-Expand-Label(HandshakeSecret, "s hs traffic", TH1, 32): 00000: 4E F8 68 E5 5B 27 F8 88 8A 6F 82 DA A7 0B 01 1B 00010: DA B1 77 95 10 F0 88 78 A0 22 2B 3E 2C 76 E6 83 server_write_key_hs = HKDF-Expand-Label(SHTS, "key", "", 32): 00000: DB 61 9B 58 F4 41 1E 33 4F 07 EA C7 7C EF EF CA 00010: 78 41 F5 40 88 B8 D0 D5 CE 6A 62 C9 82 85 C6 81 server_write_iv_hs = HKDF-Expand-Label(SHTS, "iv", "", 16): 00000: FC 9E 2A C6 63 04 C2 5B server_record_write_key = TLSTREE(server_write_key_hs, 0): 00000: 3C 7D F3 5E AC F4 FE 71 EA 6A DC E0 DC 44 5D D3 00010: A9 29 EF CD 08 3F 18 2F BD 51 42 BA 68 6D 38 84 seqnum: 00000: 00 00 00 00 00 00 00 00 nonce: 00000: 7C 9E 2A C6 63 04 C2 5B additional_data: 00000: 17 03 03 00 0F TLSInnerPlaintext: 00000: 08 00 00 02 00 00 16 TLSCiphertext: 00000: 17 03 03 00 0F 49 67 A7 E1 AE 7B FB 37 5A 0F 4B 00010: 25 45 91 17 Record layer message: type: 17 legacy_record_version: 0303 length: 000F encrypted_record: 4967A7E1AE7BFB375A0F4B 25459117 00000: 17 03 03 00 0F 49 67 A7 E1 AE 7B FB 37 5A 0F 4B 00010: 25 45 91 17 ---------------------------Server--------------------------- server_finished_key = HKDF-Expand-Label(SHTS, "finished", "", 32): 00000: AF 41 F7 7A CB 18 B4 C5 9D E0 F7 8D 46 D5 AE 95 00010: 7A A4 92 A7 D8 D8 2A 36 F4 B2 09 B8 20 7C 79 03 HMFinished = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, ClientHello2, ServerHello, EncryptedExtensions) Transcript-Hash(HMFinished): 00000: E0 5D D6 C9 DE BA 09 3D 72 AD 6F 4A 7D 0E 11 95 00010: FC E7 AE 31 93 F2 FF 5B 2D 0B F6 14 8E CB E7 B9 FinishedHash = HMAC(server_finished_key,Transcript-Hash(HMFinished)): 00000: 96 14 5B 61 68 E0 1C 4C F2 99 50 96 EE 12 C8 6B 00010: 1F 53 1F 96 0A 48 9D E9 C3 44 2A 24 33 E9 AE EE Finished message: msg_type: 14 length: 000020 body: verify_data: 96145B6168E01C4CF2995096EE12C86B 1F531F960A489DE9C3442A2433E9AEEE 00000: 14 00 00 20 96 14 5B 61 68 E0 1C 4C F2 99 50 96 00010: EE 12 C8 6B 1F 53 1F 96 0A 48 9D E9 C3 44 2A 24 00020: 33 E9 AE EE Record payload protection: server_record_write_key = TLSTREE(server_write_key_hs, 1): 00000: 3C 7D F3 5E AC F4 FE 71 EA 6A DC E0 DC 44 5D D3 00010: A9 29 EF CD 08 3F 18 2F BD 51 42 BA 68 6D 38 84 seqnum: 00000: 00 00 00 00 00 00 00 01 nonce: 00000: 7C 9E 2A C6 63 04 C2 5A additional_data: 00000: 17 03 03 00 2D TLSInnerPlaintext: 00000: 14 00 00 20 96 14 5B 61 68 E0 1C 4C F2 99 50 96 00010: EE 12 C8 6B 1F 53 1F 96 0A 48 9D E9 C3 44 2A 24 00020: 33 E9 AE EE 16 Record layer message: type: 17 legacy_record_version: 0303 length: 002D encrypted_record: 3BFB2AEADBC349FD89AFB8E481F8426B CC6B7F5D975FE05E5B28755C00BF353F CA6A48E9F0145993C40CE06F37 TLSCiphertext: 00000: 17 03 03 00 2D 3B FB 2A EA DB C3 49 FD 89 AF B8 00010: E4 81 F8 42 6B CC 6B 7F 5D 97 5F E0 5E 5B 28 75 00020: 5C 00 BF 35 3F CA 6A 48 E9 F0 14 59 93 C4 0C E0 00030: 6F 37 ---------------------------Client--------------------------- EarlySecret = HKDF-Extract(Salt: 0^256, IKM: ePSK): 00000: 42 30 7A 99 68 18 34 0D D0 56 2F 7F EB E6 2A B5 00010: 70 F3 BC 88 9C A9 29 3A 89 0D F2 09 B9 1B BB F3 Derived #0 = Derive-Secret(EarlySecret, "derived", "") = HKDF-Expand-Label(EarlySecret, "derived", "", 32): 00000: 6B 4E 9C 49 C5 C6 F1 7F 60 B2 B8 4B 55 0A 16 38 00010: 14 09 5B 80 88 8E C0 B0 CA 52 E4 09 0C B3 F8 BE HandshakeSecret = HKDF-Extract(Salt: Derived #0, IKM: ECDHE): 00000: A9 CB E6 58 50 2F 3F D1 18 66 51 5F D6 15 E9 88 00010: 0D 1E 61 B5 28 34 BB FD 5F 19 C2 4C 53 C8 79 7F HM1 = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, ClientHello2, ServerHello) TH1 = Transcript-Hash(HM1): 00000: 88 8D 5D 1E 15 98 65 05 97 3E F2 0F 9A FA F5 71 00010: 20 A3 66 C2 D2 19 91 D1 5E 25 07 0C 3D 07 D5 E9 client_handshake_traffic_secret (CHTS): CHTS = Derive-Secret(HandshakeSecret, "c hs traffic", HM1) = HKDF-Expand-Label(HandshakeSecret, "c hs traffic", TH1, 32): 00000: DF 00 4B 79 A1 D3 51 55 97 1B 0E 84 C8 91 99 7F 00010: FE E6 D0 1B 27 04 23 CC 74 64 4B 25 47 3E 78 60 client_finished_key = HKDF-Expand-Label(CHTS, "finished", "", 32): 00000: 1F A6 7D 28 9F F2 A6 85 C7 BE 13 FD F5 60 A6 D5 00010: A9 F5 EA 85 63 AD 6C C7 B4 85 30 76 59 A5 55 81 HM2 = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, ClientHello2, ServerHello, EncryptedExtensions, Server Finished) TH2 =Transcript-Hash(HM2): 00000: 53 06 24 EE 07 6F FF E1 04 DC 15 EB B4 2D 78 8F 00010: 1E 4F EB 3E 8C 2D CF A5 CB 85 D7 2F 81 D0 6D 15 FinishedHash = HMAC(client_finished_key, TH2): 00000: BB 83 09 94 BE 38 A9 8F FC A3 BF D2 35 CD 80 7E 00010: 81 82 1E 67 37 AB 98 31 43 DC A9 7B 9E E0 23 25 Finished message: msg_type: 14 length: 000020 body: verify_data: BB830994BE38A98FFCA3BFD235CD807E 81821E6737AB983143DCA97B9EE02325 00000: 14 00 00 20 BB 83 09 94 BE 38 A9 8F FC A3 BF D2 00010: 35 CD 80 7E 81 82 1E 67 37 AB 98 31 43 DC A9 7B 00020: 9E E0 23 25 Record payload protection: client_write_key_hs = HKDF-Expand-Label(CHTS, "key", "", 32): 00000: DF 66 60 1E DD D6 4E 96 1D FC 7D D0 21 2E F2 25 00010: C0 05 33 E6 DA A4 AD 24 18 5E BE B2 24 B5 46 B8 client_write_iv_hs = HKDF-Expand-Label(CHTS, "iv", "", 16): 00000: E8 94 3C 9F A2 88 56 A1 client_record_write_key = TLSTREE(client_write_key_hs, 0): 00000: BD 00 9F FC 04 A0 52 9E 60 78 EB A5 A0 7A DE 74 00010: 93 7F F3 A1 AB 75 F7 AE 05 19 04 78 51 9B 6D F3 seqnum: 00000: 00 00 00 00 00 00 00 00 nonce: 00000: 68 94 3C 9F A2 88 56 A1 additional_data: 00000: 17 03 03 00 2D TLSInnerPlaintext: 00000: 14 00 00 20 BB 83 09 94 BE 38 A9 8F FC A3 BF D2 00010: 35 CD 80 7E 81 82 1E 67 37 AB 98 31 43 DC A9 7B 00020: 9E E0 23 25 16 Record layer message: type: 17 legacy_record_version: 0303 length: 002D encrypted_record: 14254CA6B9EBCC4A951A3D1F1040B0B1 45446DF131946CEECBDB6A8EC534F194 223281B56532A703C492160E2C TLSCiphertext: 00000: 17 03 03 00 2D 14 25 4C A6 B9 EB CC 4A 95 1A 3D 00010: 1F 10 40 B0 B1 45 44 6D F1 31 94 6C EE CB DB 6A 00020: 8E C5 34 F1 94 22 32 81 B5 65 32 A7 03 C4 92 16 00030: 0E 2C ---------------------------Server--------------------------- Application data: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Record payload protection: Derived #1 = Derive-Secret(HandshakeSecret, "derived", "") = HKDF-Expand-Label(HandshakeSecret, "derived", "", 32): 00000: BC 4D 6F E3 D9 43 78 21 1D 3D 64 1C 75 92 EB AA 00010: 7A A2 96 47 9C 57 BD D1 E1 4C 7B 04 9F 6D F1 CD MainSecret = HKDF-Extract(Salt: Derived #1, IKM: 0^256): 00000: DB FF 82 86 2E 54 A1 41 3E 6C 2E D8 2C 6D A5 AF 00010: FD BF DE 12 30 2E 49 75 5B 61 F2 06 32 E1 0A 42 HM2 = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, ClientHello2, ServerHello, EncryptedExtensions, Server Finished) TH2 = Transcript-Hash(HM2): 00000: 53 06 24 EE 07 6F FF E1 04 DC 15 EB B4 2D 78 8F 00010: 1E 4F EB 3E 8C 2D CF A5 CB 85 D7 2F 81 D0 6D 15 SATS = Derive-Secret(MainSecret, "s ap traffic", HM2) = HKDF-Expand-Label(MainSecret, "s ap traffic", TH2, 32): 00000: 52 91 26 2B EC B5 22 69 34 3A E8 27 9B 43 54 B1 00010: 89 22 D5 15 04 60 8B A7 21 C4 72 46 7E EE E8 78 server_write_key_ap = HKDF-Expand-Label(SATS, "key", "", 32): 00000: 15 D9 2C 51 47 B2 13 10 ED ED F5 5B 3D 7A B7 76 00000: 81 7D 6F E2 FC F2 30 D7 E3 F2 92 75 F6 E2 41 EC server_write_iv_ap = HKDF-Expand-Label(SATS, "iv", "", 8): 00000: 71 2E 2F 11 CD 50 6E B9 server_record_write_key = TLSTREE(server_write_key_ap, 0): 00000: 7B B8 81 55 35 98 DE F5 34 FC AF 9B 77 A3 35 5B 00010: C3 BC A3 87 4D 67 40 F6 CB F5 C1 B6 D3 5C 65 ED seqnum: 00000: 00 00 00 00 00 00 00 00 nonce: 00000: 71 2E 2F 11 CD 50 6E B9 additional_data: 00000: 17 03 03 04 09 TLSInnerPlaintext: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000400: 17 Record layer message: type: 17 legacy_record_version: 0303 length: 0409 encrypted_record: 7CAA82039F67326C2D735EE809B57750 945F5CE2B0C47B8EF1ECADA3D3F1AD9E 3FBA5926FDB2B61197D08B8B1399167B 6C249C90C0A3101452FD72078FBFB057 31E06215019395DDCF44AA763DCB1ACA 8B3F47D033FBA12E7C0FBB4DFBDABD8B 97E996E8E36231BE8015412B90CCCFBB E2BC967E597FC2E7B251A9BBEBAA245B 63139387203DB90BD1BF5300A5B577BF 46793DB1AA30FEDFD1E6A5 [...] E1D55816BFD6BFFBF6E6FB23D86117D2 47441BC211D078199C1F8340BE808BA6 E5BE092B9E081E95D4A57672A07970A6 1FEF2F4B12A0F401FA30B813FE7CD1BF 881485157381B8489EC36296C6EE7538 0FB1DAA1B1473358FD87AA41D5DBA089 F528BD5F3B41B34002D945D7E0C49EFA 54A4EFB0DA4049F5F248B3F7D46FEC05 A25BBE0A5120106BC21C1EA25EFF3125 E079CA0F7FFA56FD89C1A80DA0A3 TLSCiphertext: 00000000: 17 03 03 04 09 7C AA 82 03 9F 67 32 6C 2D 73 5E 00000010: E8 09 B5 77 50 94 5F 5C E2 B0 C4 7B 8E F1 EC AD 00000020: A3 D3 F1 AD 9E 3F BA 59 26 FD B2 B6 11 97 D0 8B 00000030: 8B 13 99 16 7B 6C 24 9C 90 C0 A3 10 14 52 FD 72 00000040: 07 8F BF B0 57 31 E0 62 15 01 93 95 DD CF 44 AA 00000050: 76 3D CB 1A CA 8B 3F 47 D0 33 FB A1 2E 7C 0F BB 00000060: 4D FB DA BD 8B 97 E9 96 E8 E3 62 31 BE 80 15 41 00000070: 2B 90 CC CF BB E2 BC 96 7E 59 7F C2 E7 B2 51 A9 00000080: BB EB AA 24 5B 63 13 93 87 20 3D B9 0B D1 BF 53 00000090: 00 A5 B5 77 BF 46 79 3D B1 AA 30 FE DF D1 E6 A5 [...] 00000370: E1 D5 58 16 BF D6 BF FB F6 E6 FB 23 D8 61 17 D2 00000380: 47 44 1B C2 11 D0 78 19 9C 1F 83 40 BE 80 8B A6 00000390: E5 BE 09 2B 9E 08 1E 95 D4 A5 76 72 A0 79 70 A6 000003A0: 1F EF 2F 4B 12 A0 F4 01 FA 30 B8 13 FE 7C D1 BF 000003B0: 88 14 85 15 73 81 B8 48 9E C3 62 96 C6 EE 75 38 000003C0: 0F B1 DA A1 B1 47 33 58 FD 87 AA 41 D5 DB A0 89 000003D0: F5 28 BD 5F 3B 41 B3 40 02 D9 45 D7 E0 C4 9E FA 000003E0: 54 A4 EF B0 DA 40 49 F5F2 48 B3 F7 D4 6F EC 05 000003F0: A2 5B BE 0A 51 20 10 6B C2 1C 1E A2 5E FF 31 25 00000400: E0 79 CA 0F 7F FA 56 FD 89 C1 A8 0D A0 A3 ---------------------------Server--------------------------- Application data: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Record payload protection: server_record_write_key = TLSTREE(server_write_key_ap, 1): 00000: 7B B8 81 55 35 98 DE F5 34 FC AF 9B 77 A3 35 5B 00010: C3 BC A3 87 4D 67 40 F6 CB F5 C1 B6 D3 5C 65 ED seqnum: 00000: 00 00 00 00 00 00 00 01 nonce: 00000: 71 2E 2F 11 CD 50 6E B8 additional_data: 00000: 17 03 03 04 09 TLSInnerPlaintext: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000400: 17 Record layer message: type: 17 legacy_record_version: 0303 length: 0409 encrypted_record: DC593FC6FAFC5191242B632E144504A2 61AEF332970FF8316FA4DE507BFB471E A83C713FF950791078FD9A3178D02682 66E12BC970FFB1EE4A56600DF32ABF9F A318FF45C91CDEF42E1C1D450059729B 1BB6925F773A1E8F304E7AB143F0FC16 EF16BC4E0DF60D76DE43390F9CD257DE D256209B1675378FE6822CBB19A53620 BD5B240282CF4977F1C572AB3B1DD6CF 497F2757286B7E49CF80C7 [...] EE2E29D3F79640D9CA3C35181B9CE939 CA16A862AC460424B6AEF6B89D533406 7724CCF2466A804F09FAB3EBE737F99C 6498EFF2379CAD6596C3C352F4426876 95ACBC4FB44B5D069FB66605E47945FE 2F11509FF7B5961BE8AB43EC2060D822 A994D97C59C8058C951708029AE0BEDA 8045ECA025FE02E6D2EFAF13202012E9 E34358DE79E561CCEC8F549E70073EE6 938F4A1AAE97465970D65260604C TLSCiphertext: 00000000: 17 03 03 04 09 DC 59 3F C6 FA FC 51 91 24 2B 63 00000010: 2E 14 45 04 A2 61 AE F3 32 97 0F F8 31 6F A4 DE 00000020: 50 7B FB 47 1E A8 3C 71 3F F9 50 79 10 78 FD 9A 00000030: 31 78 D0 26 82 66 E1 2B C9 70 FF B1 EE 4A 56 60 00000040: 0D F3 2A BF 9F A3 18 FF 45 C9 1C DE F4 2E 1C 1D 00000050: 45 00 59 72 9B 1B B6 92 5F 77 3A 1E 8F 30 4E 7A 00000060: B1 43 F0 FC 16 EF 16 BC 4E 0D F6 0D 76 DE 43 39 00000070: 0F 9C D2 57 DE D2 56 20 9B 16 75 37 8F E6 82 2C 00000080: BB 19 A5 36 20 BD 5B 24 02 82 CF 49 77 F1 C5 72 00000090: AB 3B 1D D6 CF 49 7F 27 57 28 6B 7E 49 CF 80 C7 [...] 00000370: EE 2E 29 D3 F7 96 40 D9 CA 3C 35 18 1B 9C E9 39 00000380: CA 16 A8 62 AC 46 04 24 B6 AE F6 B8 9D 53 34 06 00000390: 77 24 CC F2 46 6A 80 4F 09 FA B3 EB E7 37 F9 9C 000003A0: 64 98 EF F2 37 9C AD 65 96 C3 C3 52 F4 42 68 76 000003B0: 95 AC BC 4F B4 4B 5D 06 9F B6 66 05 E4 79 45 FE 000003C0: 2F 11 50 9F F7 B5 96 1B E8 AB 43 EC 20 60 D8 22 000003D0: A9 94 D9 7C 59 C8 05 8C 95 17 08 02 9A E0 BE DA 000003E0: 80 45 EC A0 25 FE 02 E6 D2 EF AF 13 20 20 12 E9 000003F0: E3 43 58 DE 79 E5 61 CC EC 8F 54 9E 70 07 3E E6 00000400: 93 8F 4A 1A AE 97 46 59 70 D6 52 60 60 4C ---------------------------Server--------------------------- Application data: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Record payload protection: server_record_write_key = TLSTREE(server_write_key_ap, 128): 00000: 93 D5 D6 E1 03 6F DF B3 EF BF 31 E6 DA 5E EC E6 00010: 85 17 1C 97 7F F9 CD 6C 3A 3F 67 C0 22 4A B6 EB seqnum: 00000: 00 00 00 00 00 00 00 80 nonce: 00000: 71 2E 2F 11 CD 50 6E 39 additional_data: 00000: 17 03 03 04 09 TLSInnerPlaintext: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000400: 17 Record layer message: type: 17 legacy_record_version: 0303 length: 0409 encrypted_record: 56A7E2F32541DB0EE1563F8CA79EB129 3192E2122BA8A89A6CF05B151D205AEC EB60321D0F637A98880814BEF639FC08 A1E8222D95A54E5593F8BB9CF520D3FA 7D38D960E00665BB736A7AFF49D7A7BA D092DDB1714655EDF1A9A24F4727DA7E 873135F2A0534FAF7825EA99401FE1F0 1E8C4246D2B55CEBE768FA205B3F7890 9827B912C6AA9FDDE3CFCA47F2D9E2E2 0FBEE9606D0E0105A7C97A [...] A72D5F8E43ABC13984593F16DCECBE7B 26AF73FDC82D7BE1F913B846D2612531 BA0F05FF0C52DEFC8674AF3A1AE27393 FC092D45DCD0F71E2B54B60EC618C2A4 5BE72EC19B5FB263C2DC780FF3093FD5 D2F75185E437BE8BB3E5C26F9E0E71B3 C5D6CCA2E0D2F44BB1ACDA17B189F21E C97C748502A2155E3ADC3CCC1BA14EEB 7CDAA018253FCB57D53A12F548C5456C DDA00385EE1C0826AB58E964007C TLSCiphertext: 00000000: 17 03 03 04 09 56 A7 E2 F3 25 41 DB 0E E1 56 3F 00000010: 8C A7 9E B1 29 31 92 E2 12 2B A8 A8 9A 6C F0 5B 00000020: 15 1D 20 5A EC EB 60 32 1D 0F 63 7A 98 88 08 14 00000030: BE F6 39 FC 08 A1 E8 22 2D 95 A5 4E 55 93 F8 BB 00000040: 9C F5 20 D3 FA 7D 38 D9 60 E0 06 65 BB 73 6A 7A 00000050: FF 49 D7 A7 BA D0 92 DD B1 71 46 55 ED F1 A9 A2 00000060: 4F 47 27 DA 7E 87 31 35 F2 A0 53 4F AF 78 25 EA 00000070: 99 40 1F E1 F0 1E 8C 42 46 D2 B5 5C EB E7 68 FA 00000080: 20 5B 3F 78 90 98 27 B9 12 C6 AA 9F DD E3 CF CA 00000090: 47 F2 D9 E2 E2 0F BE E9 60 6D 0E 01 05 A7 C9 7A [...] 00000370: A7 2D 5F 8E 43 AB C1 39 84 59 3F 16 DC EC BE 7B 00000380: 26 AF 73 FD C8 2D 7B E1 F9 13 B8 46 D2 61 25 31 00000390: BA 0F 05 FF 0C 52 DE FC 86 74 AF 3A 1A E2 73 93 000003A0: FC 09 2D 45 DC D0 F7 1E 2B 54 B6 0E C6 18 C2 A4 000003B0: 5B E7 2E C1 9B 5F B2 63 C2 DC 78 0F F3 09 3F D5 000003C0: D2 F7 51 85 E4 37 BE 8B B3 E5 C2 6F 9E 0E 71 B3 000003D0: C5 D6 CC A2 E0 D2 F4 4B B1 AC DA 17 B1 89 F2 1E 000003E0: C9 7C 74 85 02 A2 15 5E 3A DC 3C CC 1B A1 4E EB 000003F0: 7C DA A0 18 25 3F CB 57 D5 3A 12 F5 48 C5 45 6C 00000400: DD A0 03 85 EE 1C 08 26 AB 58 E9 64 00 7C ---------------------------Server--------------------------- Application data: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Record payload protection: server_record_write_key = TLSTREE(server_write_key_ap, 129): 00000: 93 D5 D6 E1 03 6F DF B3 EF BF 31 E6 DA 5E EC E6 00010: 85 17 1C 97 7F F9 CD 6C 3A 3F 67 C0 22 4A B6 EB seqnum: 00000: 00 00 00 00 00 00 00 81 nonce: 00000: 71 2E 2F 11 CD 50 6E 38 additional_data: 00000: 17 03 03 04 09 TLSInnerPlaintext: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...] 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000400: 17 Record layer message: type: 17 legacy_record_version: 0303 length: 0409 encrypted_record: EE73C4CAE69FD30BC4B3A66CA571CD9F 3C7AA2C2BA9F428A82249720F717738F 8C35AC7745B701F3B0CEE993EB2CFDAB 4468B22297A8286C2572DE366AC38B70 471B26A1EC4F19D68E7EDA0A231C3BD1 98013FA05BAC92E774A370EB10C0CBD9 15BACD0117A885804B9A475B44A6F3E8 7D7BCA40F3F52EF4AB624B6EDD3094F9 86269E409F8BB76CEB4BE26D4B1AF54C 0A14D41C291EB8E181F79A [...] 10C401A9423D02804B51DDBFE5925294 ADEE0067193FED8F66CBEED9475873B8 8A730496487E8E7F45FC05EEE9C628AF E9236696F41A1505AA7392BF71C7EED3 78035013ADE1EF07DE5A0230669E133E 0D18B6C977A7FE94F4D22AB29CBAA6B5 CDDBF4B35598C0007F3BA69D3FA2730D F51D867E1E47CFDE22CAEACD4C5AFD97 088AEB92D12CE3C685C4E517730B8339 4FC8514264E2F15E51CE439DED1D TLSCiphertext: 00000000: 17 03 03 04 09 EE 73 C4 CA E6 9F D3 0B C4 B3 A6 00000010: 6C A5 71 CD 9F 3C 7A A2 C2 BA 9F 42 8A 82 24 97 00000020: 20 F7 17 73 8F 8C 35 AC 77 45 B7 01 F3 B0 CE E9 00000030: 93 EB 2C FD AB 44 68 B2 22 97 A8 28 6C 25 72 DE 00000040: 36 6A C3 8B 70 47 1B 26 A1 EC 4F 19 D6 8E 7E DA 00000050: 0A 23 1C 3B D1 98 01 3F A0 5B AC 92 E7 74 A3 70 00000060: EB 10 C0 CB D9 15 BA CD 01 17 A8 85 80 4B 9A 47 00000070: 5B 44 A6 F3 E8 7D 7B CA 40 F3 F5 2E F4 AB 62 4B 00000080: 6E DD 30 94 F9 86 26 9E 40 9F 8B B7 6C EB 4B E2 00000090: 6D 4B 1A F5 4C 0A 14 D4 1C 29 1E B8 E1 81 F7 9A [...] 00000370: 10 C4 01 A9 42 3D 02 80 4B 51 DD BF E5 92 52 94 00000380: AD EE 00 67 19 3F ED 8F 66 CB EE D9 47 58 73 B8 00000390: 8A 73 04 96 48 7E 8E 7F 45 FC 05 EE E9 C6 28 AF 000003A0: E9 23 66 96 F4 1A 15 05 AA 73 92 BF 71 C7 EE D3 000003B0: 78 03 50 13 AD E1 EF 07 DE 5A 02 30 66 9E 13 3E 000003C0: 0D 18 B6 C9 77 A7 FE 94 F4 D2 2A B2 9C BA A6 B5 000003D0: CD DB F4 B3 55 98 C0 00 7F 3B A6 9D 3F A2 73 0D 000003E0: F5 1D 86 7E 1E 47 CF DE 22 CA EA CD 4C 5A FD 97 000003F0: 08 8A EB 92 D1 2C E3 C6 85 C4 E5 17 73 0B 83 39 00000400: 4F C8 51 42 64 E2 F1 5E 51 CE 43 9D ED 1D ---------------------------Server--------------------------- Alert message: level: 01 description: 00 00000: 01 00 Record payload protection: server_record_write_key = TLSTREE(server_write_key_ap, 130): 00000: 93 D5 D6 E1 03 6F DF B3 EF BF 31 E6 DA 5E EC E6 00010: 85 17 1C 97 7F F9 CD 6C 3A 3F 67 C0 22 4A B6 EB seqnum: 00000: 00 00 00 00 00 00 00 82 nonce: 00000: 71 2E 2F 11 CD 50 6E 3B additional_data: 00000: 17 03 03 00 0B TLSInnerPlaintext: 00000: 01 00 15 Record layer message: type: 17 legacy_record_version: 0303 length: 000B encrypted_record: 447A3FAE8F86C135189B10 TLSCiphertext: 00000: 17 03 03 00 0B 44 7A 3F AE 8F 86 C1 35 18 9B 10 ---------------------------Client--------------------------- Alert message: level: 01 description: 00 00000: 01 00 Record payload protection: Derived #1 = Derive-Secret(HandshakeSecret, "derived", "") = HKDF-Expand-Label(HandshakeSecret, "derived", "", 32): 00000: BC 4D 6F E3 D9 43 78 21 1D 3D 64 1C 75 92 EB AA 00010: 7A A2 96 47 9C 57 BD D1 E1 4C 7B 04 9F 6D F1 CD MainSecret = HKDF-Extract(Salt: Derived #1, IKM: 0^256): 00000: DB FF 82 86 2E 54 A1 41 3E 6C 2E D8 2C 6D A5 AF 00010: FD BF DE 12 30 2E 49 75 5B 61 F2 06 32 E1 0A 42 HM2 = (FE 00 00 20 | Hash(ClientHello1), HelloRetryRequest, ClientHello2, ServerHello, EncryptedExtensions, Server Finished) TH2 = Transcript-Hash(HM2): 00000: 53 06 24 EE 07 6F FF E1 04 DC 15 EB B4 2D 78 8F 00010: 1E 4F EB 3E 8C 2D CF A5 CB 85 D7 2F 81 D0 6D 15 client_application_traffic_secret (CATS): CATS = Derive-Secret(MainSecret, "c ap traffic", HM2) = HKDF-Expand-Label(MainSecret, "c ap traffic", TH2, 32): 20 D9 85 D5 B8 4D 9D 8D 4E 5E CF CD BC DD 67 41 55 F1 82 F7 28 7B 18 4D A5 53 42 5C 6C 64 57 83 client_write_key_ap = HKDF-Expand-Label(CATS, "key", "", 32): 00000: EB D2 71 DE 19 FE E1 8B B1 99 8F 69 AF 5B 6A E1 00010: 89 58 E8 D3 70 2F 12 FB B5 B0 3F 6F D6 91 FE FA client_write_iv_ap = HKDF-Expand-Label(CATS, "iv", "", 8): 00000: 18 FB 03 8D BF 72 41 E6 client_record_write_key = TLSTREE(client_write_key_ap, 0): 00000: 86 2A 74 18 0B 4A E4 C2 D1 5F 4A 62 ED 8A 4A 75 00010: B0 8D 72 B0 46 AF DE CB 3A 8E F0 C2 67 F4 56 BD seqnum: 00000: 00 00 00 00 00 00 00 00 nonce: 00000: 18 FB 03 8D BF 72 41 E6 additional_data: 00000: 17 03 03 00 0B TLSInnerPlaintext: 00000: 01 00 15 Record layer message: type: 17 legacy_record_version: 0303 length: 000B encrypted_record: 464AEEAD391D97987169F3 TLSCiphertext: 00000: 17 03 03 00 0B 46 4A EE AD 39 1D 97 98 71 69 F3