"container/list"
"crypto"
"crypto/rand"
+ "crypto/sha512"
"crypto/x509"
"fmt"
"io"
CurvePreferences []CurveID
serverInitOnce sync.Once // guards calling (*Config).serverInit
+
+ // mutex protects sessionTicketKeys
+ mutex sync.RWMutex
+ // sessionTicketKeys contains zero or more ticket keys. If the length
+ // is zero, SessionTicketsDisabled must be true. The first key is used
+ // for new tickets and any subsequent keys can be used to decrypt old
+ // tickets.
+ sessionTicketKeys []ticketKey
+}
+
+// ticketKeyNameLen is the number of bytes of identifier that is prepended to
+// an encrypted session ticket in order to identify the key used to encrypt it.
+const ticketKeyNameLen = 16
+
+// ticketKey is the internal representation of a session ticket key.
+type ticketKey struct {
+ // keyName is an opaque byte string that serves to identify the session
+ // ticket key. It's exposed as plaintext in every session ticket.
+ keyName [ticketKeyNameLen]byte
+ aesKey [16]byte
+ hmacKey [16]byte
+}
+
+// ticketKeyFromBytes converts from the external representation of a session
+// ticket key to a ticketKey. Externally, session ticket keys are 32 random
+// bytes and this function expands that into sufficient name and key material.
+func ticketKeyFromBytes(b [32]byte) (key ticketKey) {
+ hashed := sha512.Sum512(b[:])
+ copy(key.keyName[:], hashed[:ticketKeyNameLen])
+ copy(key.aesKey[:], hashed[ticketKeyNameLen:ticketKeyNameLen+16])
+ copy(key.hmacKey[:], hashed[ticketKeyNameLen+16:ticketKeyNameLen+32])
+ return key
}
func (c *Config) serverInit() {
return
}
- // If the key has already been set then we have nothing to do.
+ alreadySet := false
for _, b := range c.SessionTicketKey {
if b != 0 {
+ alreadySet = true
+ break
+ }
+ }
+
+ if !alreadySet {
+ if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil {
+ c.SessionTicketsDisabled = true
return
}
}
- if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil {
- c.SessionTicketsDisabled = true
+ c.sessionTicketKeys = []ticketKey{ticketKeyFromBytes(c.SessionTicketKey)}
+}
+
+func (c *Config) ticketKeys() []ticketKey {
+ c.mutex.RLock()
+ // c.sessionTicketKeys is constant once created. SetSessionTicketKeys
+ // will only update it by replacing it with a new value.
+ ret := c.sessionTicketKeys
+ c.mutex.RUnlock()
+ return ret
+}
+
+// SetSessionTicketKeys updates the session ticket keys for a server. The first
+// key will be used when creating new tickets, while all keys can be used for
+// decrypting tickets. It is safe to call this function while the server is
+// running in order to rotate the session ticket keys. The function will panic
+// if keys is empty.
+func (c *Config) SetSessionTicketKeys(keys [][32]byte) {
+ if len(keys) == 0 {
+ panic("tls: keys must have at least one key")
}
+
+ newKeys := make([]ticketKey, len(keys))
+ for i, bytes := range keys {
+ newKeys[i] = ticketKeyFromBytes(bytes)
+ }
+
+ c.mutex.Lock()
+ c.sessionTicketKeys = newKeys
+ c.mutex.Unlock()
}
func (c *Config) rand() io.Reader {
}
}
+ getTicket := func() []byte {
+ return clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.sessionTicket
+ }
+ randomKey := func() [32]byte {
+ var k [32]byte
+ if _, err := io.ReadFull(serverConfig.rand(), k[:]); err != nil {
+ t.Fatalf("Failed to read new SessionTicketKey: %s", err)
+ }
+ return k
+ }
+
testResumeState("Handshake", false)
+ ticket := getTicket()
testResumeState("Resume", true)
-
- if _, err := io.ReadFull(serverConfig.rand(), serverConfig.SessionTicketKey[:]); err != nil {
- t.Fatalf("Failed to invalidate SessionTicketKey")
+ if !bytes.Equal(ticket, getTicket()) {
+ t.Fatal("first ticket doesn't match ticket after resumption")
}
+
+ key2 := randomKey()
+ serverConfig.SetSessionTicketKeys([][32]byte{key2})
+
testResumeState("InvalidSessionTicketKey", false)
testResumeState("ResumeAfterInvalidSessionTicketKey", true)
+ serverConfig.SetSessionTicketKeys([][32]byte{randomKey(), key2})
+ ticket = getTicket()
+ testResumeState("KeyChange", true)
+ if bytes.Equal(ticket, getTicket()) {
+ t.Fatal("new ticket wasn't included while resuming")
+ }
+ testResumeState("KeyChangeFinish", true)
+
clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}
testResumeState("DifferentCipherSuite", false)
testResumeState("DifferentCipherSuiteRecovers", true)
if err := hs.establishKeys(); err != nil {
return err
}
+ // ticketSupported is set in a resumption handshake if the
+ // ticket from the client was encrypted with an old session
+ // ticket key and thus a refreshed ticket should be sent.
+ if hs.hello.ticketSupported {
+ if err := hs.sendSessionTicket(); err != nil {
+ return err
+ }
+ }
if err := hs.sendFinished(c.firstFinished[:]); err != nil {
return err
}
// We echo the client's session ID in the ServerHello to let it know
// that we're doing a resumption.
hs.hello.sessionId = hs.clientHello.sessionId
+ hs.hello.ticketSupported = hs.sessionState.usedOldKey
hs.finishedHash.Write(hs.hello.marshal())
c.writeRecord(recordTypeHandshake, hs.hello.marshal())
>>> Flow 1 (client to server)
-00000000 16 03 01 01 78 01 00 01 74 03 03 73 99 93 cd 3d |....x...t..s...=|
-00000010 e8 60 23 0d 6a e8 f5 e3 46 ca 38 44 85 ca 79 c8 |.`#.j...F.8D..y.|
-00000020 96 be 94 bd 43 d5 14 2b 20 da 5c 00 00 c4 c0 30 |....C..+ .\....0|
+00000000 16 03 01 01 6b 01 00 01 67 03 03 e4 b0 a0 f0 85 |....k...g.......|
+00000010 a5 8c 96 5d 78 c5 a5 f4 f2 d5 01 68 5c f3 c5 7d |...]x......h\..}|
+00000020 00 d9 7c 0d b6 ca b4 6c c0 0e 79 00 00 b6 c0 30 |..|....l..y....0|
00000030 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 |.,.(.$..........|
00000040 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 |...k.j.i.h.9.8.7|
00000050 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a |.6.........2...*|
000000b0 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c |.<./...A........|
000000c0 c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 |................|
000000d0 00 0d c0 0d c0 03 00 0a 00 15 00 12 00 0f 00 0c |................|
-000000e0 00 09 00 14 00 11 00 0e 00 0b 00 08 00 06 00 03 |................|
-000000f0 00 ff 01 00 00 87 00 0b 00 04 03 00 01 02 00 0a |................|
-00000100 00 3a 00 38 00 0e 00 0d 00 19 00 1c 00 0b 00 0c |.:.8............|
-00000110 00 1b 00 18 00 09 00 0a 00 1a 00 16 00 17 00 08 |................|
-00000120 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 |................|
-00000130 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 |.............#..|
-00000140 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 |... ............|
-00000150 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 |................|
-00000160 02 02 02 03 00 0f 00 01 01 00 10 00 10 00 0e 06 |................|
-00000170 70 72 6f 74 6f 32 06 70 72 6f 74 6f 31 |proto2.proto1|
+000000e0 00 09 00 ff 02 01 00 00 87 00 0b 00 04 03 00 01 |................|
+000000f0 02 00 0a 00 3a 00 38 00 0e 00 0d 00 19 00 1c 00 |....:.8.........|
+00000100 0b 00 0c 00 1b 00 18 00 09 00 0a 00 1a 00 16 00 |................|
+00000110 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 |................|
+00000120 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 |................|
+00000130 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 |#..... .........|
+00000140 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 |................|
+00000150 03 02 01 02 02 02 03 00 0f 00 01 01 00 10 00 10 |................|
+00000160 00 0e 06 70 72 6f 74 6f 32 06 70 72 6f 74 6f 31 |...proto2.proto1|
>>> Flow 2 (server to client)
00000000 16 03 03 00 42 02 00 00 3e 03 03 00 00 00 00 00 |....B...>.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000320 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 |5uq..T[....g..$ |
00000330 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f |>.V...(^.+-O....|
00000340 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 |lK[.V.2B.X..I..h|
-00000350 1a 41 03 56 6b dc 5a 89 04 01 00 80 52 f3 4c 3f |.A.Vk.Z.....R.L?|
-00000360 c4 82 3c 4f 8f dc f5 33 c5 12 41 80 dc ea f2 84 |..<O...3..A.....|
-00000370 cf e4 50 f6 27 90 bb d0 09 ef 9c 9a 34 58 5c 38 |..P.'.......4X\8|
-00000380 53 27 72 e5 07 86 bb 4d 6c 17 6f 79 60 bd ca cb |S'r....Ml.oy`...|
-00000390 be 05 f1 0c 46 4b 1f 19 74 67 cd d9 64 2a fa 5f |....FK..tg..d*._|
-000003a0 b8 47 fb 98 47 a9 1f d5 20 95 19 48 70 1a 1c 57 |.G..G... ..Hp..W|
-000003b0 81 46 2a 8c 56 35 69 48 c9 23 a0 4e 7f f0 c0 fc |.F*.V5iH.#.N....|
-000003c0 eb 28 8a d3 99 45 39 cc 2b 2a 93 1f c3 0b 68 60 |.(...E9.+*....h`|
-000003d0 91 14 5e 6d be e6 40 19 38 76 d1 4c 16 03 03 00 |..^m..@.8v.L....|
+00000350 1a 41 03 56 6b dc 5a 89 04 01 00 80 b6 f9 b6 2b |.A.Vk.Z........+|
+00000360 15 b8 ef 70 37 61 64 f3 f3 a5 d9 da ce 13 b5 e1 |...p7ad.........|
+00000370 0b 24 eb 11 a7 df 86 a9 ef 88 ef af 17 7d 02 56 |.$...........}.V|
+00000380 ec 59 32 c9 5c 06 a4 ce 10 c7 6f 6a f3 e0 43 6a |.Y2.\.....oj..Cj|
+00000390 02 99 f4 7b 14 65 dc a5 a0 af 10 3e a8 40 35 2b |...{.e.....>.@5+|
+000003a0 c6 a1 31 b6 26 e9 89 0f 06 61 6f 2e 6c f4 70 69 |..1.&....ao.l.pi|
+000003b0 e5 01 80 3d fe 4d 59 ad cb 2f b8 c1 df 5f 36 f7 |...=.MY../..._6.|
+000003c0 cc a6 31 84 61 c0 e8 c5 95 37 9c e6 0d 2b 78 0c |..1.a....7...+x.|
+000003d0 45 cf 69 5d fa 3a 8b 31 ea 22 60 31 16 03 03 00 |E.i].:.1."`1....|
000003e0 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 46 10 00 00 42 41 04 e2 86 c1 a0 c0 |....F...BA......|
-00000010 45 9a da 1a 70 a1 3e b6 9c b7 2e ec dd 2b 0a c6 |E...p.>......+..|
-00000020 50 59 95 fe 8e 54 83 06 b6 68 42 60 56 de b2 b3 |PY...T...hB`V...|
-00000030 b9 14 f0 e0 e2 2e a3 7f ec 01 4d 10 8a 43 ab 33 |..........M..C.3|
-00000040 18 f4 b9 5d 6c ae cd 90 3e f4 64 14 03 03 00 01 |...]l...>.d.....|
-00000050 01 16 03 03 00 28 47 e5 15 81 5b f4 a0 6a 61 d6 |.....(G...[..ja.|
-00000060 df 5e 60 f1 d4 dc 55 45 84 0b ef 56 42 0b 42 1d |.^`...UE...VB.B.|
-00000070 28 b4 90 a6 2a 47 41 97 3b 91 5c 74 ab 02 |(...*GA.;.\t..|
+00000000 16 03 03 00 46 10 00 00 42 41 04 8d 5a 5d 91 04 |....F...BA..Z]..|
+00000010 79 46 1b f1 12 3f d5 ca 57 18 5f 4d 71 d9 eb f8 |yF...?..W._Mq...|
+00000020 90 f6 ed 75 b9 0c 2b 6e 67 cb 3a ae cc 6d 61 af |...u..+ng.:..ma.|
+00000030 30 87 1b a6 21 d6 90 16 84 b0 65 3d 7f cc 96 ed |0...!.....e=....|
+00000040 9e 68 38 e5 10 27 c3 23 48 40 f9 14 03 03 00 01 |.h8..'.#H@......|
+00000050 01 16 03 03 00 28 7b a4 d0 fd 15 36 9b 1f 6e 4f |.....({....6..nO|
+00000060 a9 d7 61 3f 58 93 5e 1b 10 be a1 8c c9 2f 39 74 |..a?X.^....../9t|
+00000070 23 9a 1e ba 5b 3b e7 f0 32 b7 14 2e ae 0b |#...[;..2.....|
>>> Flow 4 (server to client)
-00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e|
-00000020 ea 8b e4 ef ba 19 39 3a 95 90 2b 6d 0d 59 ac 36 |......9:..+m.Y.6|
-00000030 be 71 eb b4 25 51 86 cc 80 43 ea 60 e0 53 30 ba |.q..%Q...C.`.S0.|
-00000040 3e b9 c3 29 9b 26 94 5a 43 36 d0 65 be a7 f1 06 |>..).&.ZC6.e....|
-00000050 99 e3 c5 d7 f2 59 23 11 c5 99 27 5c 7f 43 94 0e |.....Y#...'\.C..|
-00000060 b3 35 7a 66 d9 c4 49 53 2a 28 b6 3d e7 0f c5 d5 |.5zf..IS*(.=....|
-00000070 a2 d8 15 a8 3a 88 f7 14 03 03 00 01 01 16 03 03 |....:...........|
-00000080 00 28 00 00 00 00 00 00 00 00 07 2e 75 1d 9a 12 |.(..........u...|
-00000090 9f e9 7e 0b 42 dd 7b 8e ae 58 ac 49 78 8d fb 3f |..~.B.{..X.Ix..?|
-000000a0 21 e8 ef 91 3c 02 a6 23 d5 cc 17 03 03 00 25 00 |!...<..#......%.|
-000000b0 00 00 00 00 00 00 01 bb 04 db f2 86 63 96 01 60 |............c..`|
-000000c0 bb f4 68 f9 50 2a f0 15 82 f8 a1 73 bf cd 5f 4d |..h.P*.....s.._M|
-000000d0 1a 73 67 91 15 03 03 00 1a 00 00 00 00 00 00 00 |.sg.............|
-000000e0 02 02 79 34 67 e2 67 d5 52 59 91 76 90 10 c8 41 |..y4g.g.RY.v...A|
-000000f0 c5 56 c9 |.V.|
+00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
+00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
+00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
+00000030 6f ec 80 83 61 dc ee 0e 43 06 28 f4 47 1a d7 25 |o...a...C.(.G..%|
+00000040 f2 fa 66 d5 81 21 51 81 a8 47 2d a5 db e1 f2 84 |..f..!Q..G-.....|
+00000050 ea 55 da 3e cf 97 fd 7e 63 68 50 e3 2d 48 5a 58 |.U.>...~chP.-HZX|
+00000060 77 36 a2 9f 3f 33 94 65 de 9e e6 65 22 6f 1d c8 |w6..?3.e...e"o..|
+00000070 46 80 2d 0b 83 41 5e c6 20 f6 c3 22 5f bb 7a 9b |F.-..A^. .."_.z.|
+00000080 28 07 9c 5e b7 30 35 14 03 03 00 01 01 16 03 03 |(..^.05.........|
+00000090 00 28 00 00 00 00 00 00 00 00 4a 1c a6 1e 78 e1 |.(........J...x.|
+000000a0 4c 58 56 f5 6e 78 ae 11 7a dc 93 65 4b 46 6e b8 |LXV.nx..z..eKFn.|
+000000b0 b6 2e 42 bc 71 81 61 3c 14 95 17 03 03 00 25 00 |..B.q.a<......%.|
+000000c0 00 00 00 00 00 00 01 6e af 22 60 44 9b 18 e7 21 |.......n."`D...!|
+000000d0 d9 c3 8d 48 8c 94 f1 aa cc 9d a4 11 ba b7 f2 0f |...H............|
+000000e0 a2 91 e6 50 15 03 03 00 1a 00 00 00 00 00 00 00 |...P............|
+000000f0 02 65 58 88 05 97 4a 2a 72 f5 03 da 53 24 4c b0 |.eX...J*r...S$L.|
+00000100 01 4e 02 |.N.|
>>> Flow 1 (client to server)
-00000000 16 03 01 01 78 01 00 01 74 03 03 ba 93 c5 44 7d |....x...t.....D}|
-00000010 cf bf e3 d4 ad 9a ff 3a 48 ec 46 11 1a e5 68 87 |.......:H.F...h.|
-00000020 d1 f0 3b 7c da 86 b9 8f 5d a7 59 00 00 c4 c0 30 |..;|....].Y....0|
+00000000 16 03 01 01 6b 01 00 01 67 03 03 5e 66 c4 02 7c |....k...g..^f..||
+00000010 69 7f ec ce e5 14 b3 60 04 60 2b d3 72 84 c7 a0 |i......`.`+.r...|
+00000020 fe 3e 8e fa 91 cc e8 e3 43 17 c6 00 00 b6 c0 30 |.>......C......0|
00000030 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 |.,.(.$..........|
00000040 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 |...k.j.i.h.9.8.7|
00000050 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a |.6.........2...*|
000000b0 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c |.<./...A........|
000000c0 c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 |................|
000000d0 00 0d c0 0d c0 03 00 0a 00 15 00 12 00 0f 00 0c |................|
-000000e0 00 09 00 14 00 11 00 0e 00 0b 00 08 00 06 00 03 |................|
-000000f0 00 ff 01 00 00 87 00 0b 00 04 03 00 01 02 00 0a |................|
-00000100 00 3a 00 38 00 0e 00 0d 00 19 00 1c 00 0b 00 0c |.:.8............|
-00000110 00 1b 00 18 00 09 00 0a 00 1a 00 16 00 17 00 08 |................|
-00000120 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 |................|
-00000130 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 |.............#..|
-00000140 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 |... ............|
-00000150 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 |................|
-00000160 02 02 02 03 00 0f 00 01 01 00 10 00 10 00 0e 06 |................|
-00000170 70 72 6f 74 6f 32 06 70 72 6f 74 6f 31 |proto2.proto1|
+000000e0 00 09 00 ff 02 01 00 00 87 00 0b 00 04 03 00 01 |................|
+000000f0 02 00 0a 00 3a 00 38 00 0e 00 0d 00 19 00 1c 00 |....:.8.........|
+00000100 0b 00 0c 00 1b 00 18 00 09 00 0a 00 1a 00 16 00 |................|
+00000110 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 |................|
+00000120 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 |................|
+00000130 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 |#..... .........|
+00000140 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 |................|
+00000150 03 02 01 02 02 02 03 00 0f 00 01 01 00 10 00 10 |................|
+00000160 00 0e 06 70 72 6f 74 6f 32 06 70 72 6f 74 6f 31 |...proto2.proto1|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000310 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.|
00000320 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.|
00000330 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I|
-00000340 a6 b5 68 1a 41 03 56 6b dc 5a 89 04 01 00 80 52 |..h.A.Vk.Z.....R|
-00000350 78 35 42 fa 35 a6 19 22 d1 03 f4 ed 65 31 ff fe |x5B.5.."....e1..|
-00000360 d6 83 d5 db a1 6b 7d 88 2f 53 7a e8 2a cf a7 e4 |.....k}./Sz.*...|
-00000370 83 0f e7 b6 60 60 91 65 ee ce b0 e9 5c bb 8c fd |....``.e....\...|
-00000380 10 5e c7 17 cb 1b bc db 19 59 23 5d 76 3a f8 87 |.^.......Y#]v:..|
-00000390 d8 2d a7 a2 d8 7b cc e5 f8 82 7c ed bf 08 c4 67 |.-...{....|....g|
-000003a0 c5 f6 a6 5a 2f 9f 59 cb 62 f6 b4 f3 3c d6 f5 dc |...Z/.Y.b...<...|
-000003b0 20 27 d9 14 36 5c a9 8d f6 7b c2 db 9f 84 fc 0d | '..6\...{......|
-000003c0 d3 3a d2 bf 4a 3b 3c 3e 13 eb f9 03 d2 cf 6f 16 |.:..J;<>......o.|
+00000340 a6 b5 68 1a 41 03 56 6b dc 5a 89 04 01 00 80 b6 |..h.A.Vk.Z......|
+00000350 8d 11 b1 57 9b 22 02 26 1c 03 f3 35 a7 4b 5b 31 |...W.".&...5.K[1|
+00000360 c9 db b4 80 83 10 d2 00 e8 d8 65 95 4a 0d 76 69 |..........e.J.vi|
+00000370 c5 1c fb 01 78 08 c0 08 fc b0 cd 9f 81 e9 e1 8e |....x...........|
+00000380 a3 55 2d 40 1a 73 e9 7c 90 13 a7 13 0f 90 a1 45 |.U-@.s.|.......E|
+00000390 af 89 e6 7a 6b 88 3a a0 57 13 63 d7 d5 86 5f bd |...zk.:.W.c..._.|
+000003a0 5a 1a 11 4e 9d 57 27 fe c9 fc d2 73 bc 28 b1 d5 |Z..N.W'....s.(..|
+000003b0 74 6f 87 34 f1 f4 5b 48 be 4d 0b 4d 3a 51 c5 5d |to.4..[H.M.M:Q.]|
+000003c0 c4 3c cd ad a8 72 0a 2d f8 0f 8b 0d 12 2e cf 16 |.<...r.-........|
000003d0 03 03 00 04 0e 00 00 00 |........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 46 10 00 00 42 41 04 f2 52 42 97 0a |....F...BA..RB..|
-00000010 df a1 e0 cb 4e 5e 3c e5 45 0e de b3 eb 3d cd c2 |....N^<.E....=..|
-00000020 78 77 ff ec 6e 74 c2 e5 9e 89 58 6f 2b bc 41 5b |xw..nt....Xo+.A[|
-00000030 d5 8f d0 ea ce c6 c9 11 74 0a c1 33 2a 52 c2 30 |........t..3*R.0|
-00000040 73 08 5f 20 f2 0a 45 95 81 a8 eb 14 03 03 00 01 |s._ ..E.........|
-00000050 01 16 03 03 00 28 52 9e 4c 11 49 07 9f b5 4b 2f |.....(R.L.I...K/|
-00000060 45 79 0c d9 cb ae 45 7d 17 1e c2 5a d3 ea bd 8b |Ey....E}...Z....|
-00000070 0d 94 b1 40 a2 56 6e a5 f8 a2 5b f8 63 73 |...@.Vn...[.cs|
+00000000 16 03 03 00 46 10 00 00 42 41 04 73 0a f7 32 32 |....F...BA.s..22|
+00000010 5b 54 d6 e6 16 a0 92 bb 80 ec 8d db 02 8f a9 9d |[T..............|
+00000020 92 3d 20 88 a8 f5 3c 29 a9 81 89 92 aa 62 2a b9 |.= ...<).....b*.|
+00000030 65 ba f1 ec b6 17 45 7b ff bd 91 f6 55 d5 ce 42 |e.....E{....U..B|
+00000040 dd ea bd d3 72 26 3f 42 9b e5 8a 14 03 03 00 01 |....r&?B........|
+00000050 01 16 03 03 00 28 a1 e8 8e 47 c3 4f d7 f4 e0 9e |.....(...G.O....|
+00000060 8e ed 74 5c 68 fc 9c 79 59 80 ad ff 75 7d 1f 3e |..t\h..yY...u}.>|
+00000070 c6 71 13 6d 7b 74 93 e0 2a ed 72 50 82 28 |.q.m{t..*.rP.(|
>>> Flow 4 (server to client)
-00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e|
-00000020 ea 8b e4 ef ba f6 cb 68 be 7f f0 66 1a c6 3c c6 |.......h...f..<.|
-00000030 ee 5f 60 3a 62 20 c5 e8 ea 99 92 84 c1 45 a1 76 |._`:b .......E.v|
-00000040 7c a7 f2 cd 40 72 9b 38 51 77 f2 ae 54 dd 67 37 ||...@r.8Qw..T.g7|
-00000050 f8 98 43 2e 55 59 23 3b 50 26 87 ca 6b 2d 45 d6 |..C.UY#;P&..k-E.|
-00000060 3c 85 29 f4 52 58 83 98 ae ad a9 64 8b d1 cc 9c |<.).RX.....d....|
-00000070 88 3f a8 f9 d2 d3 33 14 03 03 00 01 01 16 03 03 |.?....3.........|
-00000080 00 28 00 00 00 00 00 00 00 00 84 6d 6d 57 fb dc |.(.........mmW..|
-00000090 09 54 c4 9a fc d7 dd 45 f5 c3 57 fd e9 16 76 ab |.T.....E..W...v.|
-000000a0 a8 85 eb 34 e7 21 30 85 56 ed 17 03 03 00 25 00 |...4.!0.V.....%.|
-000000b0 00 00 00 00 00 00 01 05 62 69 79 cb c0 74 ad 64 |........biy..t.d|
-000000c0 0a 0c 2a 10 2a b7 8e e2 92 6e 12 3b d7 64 df d7 |..*.*....n.;.d..|
-000000d0 4f da 52 c6 15 03 03 00 1a 00 00 00 00 00 00 00 |O.R.............|
-000000e0 02 b9 dc 49 b9 2a 12 58 3a 4b 4c e0 c8 b2 e9 d9 |...I.*.X:KL.....|
-000000f0 dc 48 17 |.H.|
+00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
+00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
+00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
+00000030 6f ec 80 83 61 8c 66 55 28 dd e7 39 69 93 65 58 |o...a.fU(..9i.eX|
+00000040 2d f8 ea 03 85 3f 6c 41 70 94 7b 9c ae 2f 64 59 |-....?lAp.{../dY|
+00000050 f3 3f 24 b6 73 ca c8 b7 37 cb a1 99 74 0b aa a9 |.?$.s...7...t...|
+00000060 36 dd 48 40 1c 33 94 27 94 ad 50 97 70 0d 62 a5 |6.H@.3.'..P.p.b.|
+00000070 59 25 41 73 8d da 23 b0 14 05 e9 28 e4 54 93 35 |Y%As..#....(.T.5|
+00000080 09 82 47 3e bf ec 82 14 03 03 00 01 01 16 03 03 |..G>............|
+00000090 00 28 00 00 00 00 00 00 00 00 d0 5f 0a c1 1c 03 |.(........._....|
+000000a0 fc 10 1b 5c 60 9f 04 8b 53 47 8d 28 e2 85 3c de |...\`...SG.(..<.|
+000000b0 63 39 22 e6 4b 50 52 23 f4 4a 17 03 03 00 25 00 |c9".KPR#.J....%.|
+000000c0 00 00 00 00 00 00 01 98 89 b4 fc 10 11 b7 54 e7 |..............T.|
+000000d0 8d a5 61 38 f6 9b b7 35 e6 bb b2 d3 48 93 76 3f |..a8...5....H.v?|
+000000e0 ea ba 9b 65 15 03 03 00 1a 00 00 00 00 00 00 00 |...e............|
+000000f0 02 64 0e 5b 3f 19 64 1e 22 ca 4c 81 43 d6 54 34 |.d.[?.d.".L.C.T4|
+00000100 d9 80 09 |...|
>>> Flow 1 (client to server)
-00000000 16 03 01 00 60 01 00 00 5c 03 03 52 cc 57 59 7e |....`...\..R.WY~|
-00000010 43 5c 3b fd 50 ab 61 3f 64 a4 f9 bd ba 8c 28 e1 |C\;.P.a?d.....(.|
-00000020 f9 a1 45 7e 48 9e 62 af 25 de 0e 00 00 04 00 05 |..E~H.b.%.......|
-00000030 00 ff 01 00 00 2f 00 23 00 00 00 0d 00 22 00 20 |...../.#.....". |
-00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 |................|
-00000060 00 0f 00 01 01 |.....|
+00000000 16 03 01 00 5f 01 00 00 5b 03 03 01 02 22 4f 51 |...._...[...."OQ|
+00000010 53 d9 c0 f2 4b 61 53 2d 04 cd ab 95 ed 6a 74 8c |S...KaS-.....jt.|
+00000020 96 00 70 e3 bf d0 5a 03 7a 1e 75 00 00 04 00 05 |..p...Z.z.u.....|
+00000030 00 ff 02 01 00 00 2d 00 23 00 00 00 0d 00 20 00 |......-.#..... .|
+00000040 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................|
+00000050 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................|
+00000060 0f 00 01 01 |....|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002f0 71 99 9b 26 6e 38 50 29 6c 90 a7 bd d9 16 03 03 |q..&n8P)l.......|
00000300 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 6e 2e 79 82 3a |...........n.y.:|
-00000010 c4 68 72 f5 a2 42 3d 71 f9 ec 22 8c 0b fa f0 82 |.hr..B=q..".....|
-00000020 82 c0 cb fc 52 0a 51 03 04 8c eb 4a 4e 4f b6 49 |....R.Q....JNO.I|
-00000030 ef 94 65 21 3c f7 9d 46 85 6e 35 d5 17 6b ff a3 |..e!<..F.n5..k..|
-00000040 5e 4d c1 36 1a 2f 68 f5 06 d4 2d 73 4f 1c 3b 7b |^M.6./h...-sO.;{|
-00000050 c1 fa 4e 7e 7c f9 6c 13 a6 f4 3a 43 e9 aa be 22 |..N~|.l...:C..."|
-00000060 85 6f 2f 7c 5b b0 08 e2 86 b2 ae cb a9 12 d8 32 |.o/|[..........2|
-00000070 80 1d e4 2e 5d c3 66 d1 19 e5 89 33 2a 88 24 40 |....].f....3*.$@|
-00000080 2a 6d 6b b5 f1 92 4b 66 06 b8 49 14 03 03 00 01 |*mk...Kf..I.....|
-00000090 01 16 03 03 00 24 16 49 e2 a0 67 31 cf 0d 72 cb |.....$.I..g1..r.|
-000000a0 ac 16 2c 80 37 71 69 f7 5f c4 d3 00 19 b7 4b fb |..,.7qi._.....K.|
-000000b0 e5 e9 74 8e 30 b3 1c c5 ae e6 |..t.0.....|
+00000000 16 03 03 00 86 10 00 00 82 00 80 80 38 a6 b0 01 |............8...|
+00000010 2a 9e cf 11 34 45 e8 6d f5 1c 44 ef 74 74 61 32 |*...4E.m..D.tta2|
+00000020 71 5f f8 c1 a9 65 2d af 7e 7e 38 84 d3 f2 b9 3d |q_...e-.~~8....=|
+00000030 76 12 b8 e0 41 7e 25 2a 53 b0 1a c7 8d bd d6 3d |v...A~%*S......=|
+00000040 a5 8a dd 94 76 80 fc 3e fd 41 ac 71 c3 ad 0e 1f |....v..>.A.q....|
+00000050 30 a7 7a 64 e2 f3 f7 c1 1f bc 53 99 35 4e 24 34 |0.zd......S.5N$4|
+00000060 e9 25 20 d0 da 00 30 d4 16 40 5e 78 8e 72 ea 03 |.% ...0..@^x.r..|
+00000070 9e eb ca 89 4e 2f 60 d0 0c 9d 98 44 e0 7c 19 a4 |....N/`....D.|..|
+00000080 ec 0f 6b 67 35 06 08 9c d9 2d bb 14 03 03 00 01 |..kg5....-......|
+00000090 01 16 03 03 00 24 ca d6 25 be 3b a7 b0 e1 42 3b |.....$..%.;...B;|
+000000a0 ce ef a5 7e b6 4a d5 74 e1 ca bf 34 6c 67 3b 02 |...~.J.t...4lg;.|
+000000b0 0a f5 e8 e7 d1 a8 a6 2d cb 02 |.......-..|
>>> Flow 4 (server to client)
-00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e|
-00000020 ea 4b d1 ef ba 06 38 1e e1 88 82 3a cd 03 ac 3b |.K....8....:...;|
-00000030 39 0a e0 19 fd af 6c 57 30 df 31 6e f7 92 38 4b |9.....lW0.1n..8K|
-00000040 5d 77 90 39 ff 32 51 f5 ed 12 d7 b0 7c 4d 6c c5 |]w.9.2Q.....|Ml.|
-00000050 76 e4 72 48 3e 59 23 fe 0d 15 df f4 ba ea b9 67 |v.rH>Y#........g|
-00000060 16 23 8f 7d 15 b6 11 f1 ab d7 d4 cd a3 21 82 92 |.#.}.........!..|
-00000070 2a 12 cf 95 f3 60 b2 14 03 03 00 01 01 16 03 03 |*....`..........|
-00000080 00 24 89 ad 87 04 4f 08 dc 2a 71 37 fb f1 95 d1 |.$....O..*q7....|
-00000090 2e 3c c2 6e 0f 38 5d e4 0e c3 f7 27 d0 46 a3 c1 |.<.n.8]....'.F..|
-000000a0 a8 3b 06 ed 96 ec 17 03 03 00 21 30 d4 9f 0b 49 |.;........!0...I|
-000000b0 9f a2 a8 a1 2c 0a 79 93 56 2d 8a ee 85 ed 62 42 |....,.y.V-....bB|
-000000c0 8c 18 fe 7a 09 3a 24 c4 5e ed 7d 2a 15 03 03 00 |...z.:$.^.}*....|
-000000d0 16 a0 24 0a 8b 90 4c fc 99 ba 67 bb 04 1e 59 69 |..$...L...g...Yi|
-000000e0 c2 98 49 b5 00 0b e0 |..I....|
+00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
+00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
+00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
+00000030 6f 2c b5 83 61 e8 c1 5d af d6 da c9 8f df 1e c4 |o,..a..]........|
+00000040 16 47 a0 dd cf 3c 9d 95 11 fe 01 fb 52 5b d0 aa |.G...<......R[..|
+00000050 56 fb 04 d5 7f 89 31 7d 75 e3 df f4 28 6a fb 1f |V.....1}u...(j..|
+00000060 76 ee 77 55 0b 33 94 82 e2 ee 73 2f 7f a7 f6 7c |v.wU.3....s/...||
+00000070 68 25 eb fd 56 5b 89 29 b4 32 b6 92 57 3f c3 f9 |h%..V[.).2..W?..|
+00000080 01 fb 01 25 7f 0f 10 14 03 03 00 01 01 16 03 03 |...%............|
+00000090 00 24 9a 9b 1b 57 2c 86 71 0c 6d 4f 6c 40 a2 98 |.$...W,.q.mOl@..|
+000000a0 7d e3 f5 75 0e 4a b7 82 1c d8 f7 8c 22 a5 5b 34 |}..u.J......".[4|
+000000b0 19 79 12 e2 a4 e6 17 03 03 00 21 53 7a cc 02 0f |.y........!Sz...|
+000000c0 6d b5 9d 8c ff 4a 2d 29 31 59 38 96 bb 6b a8 93 |m....J-)1Y8..k..|
+000000d0 09 af 38 c7 4d 6e 31 ef 18 d4 59 35 15 03 03 00 |..8.Mn1...Y5....|
+000000e0 16 1e 04 62 d6 6b 6c fc 0b 70 f8 32 d0 11 59 64 |...b.kl..p.2..Yd|
+000000f0 11 71 b0 ab ac 2d 6d |.q...-m|
>>> Flow 1 (client to server)
-00000000 16 03 01 00 60 01 00 00 5c 03 03 54 23 54 02 17 |....`...\..T#T..|
-00000010 f3 53 13 3d 48 88 c3 19 b9 d1 3d 33 7f f5 99 56 |.S.=H.....=3...V|
-00000020 04 71 1b d9 d5 64 8a 0d 4a 54 00 00 00 04 00 05 |.q...d..JT......|
-00000030 00 ff 01 00 00 2f 00 23 00 00 00 0d 00 22 00 20 |...../.#.....". |
-00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
-00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 |................|
-00000060 00 0f 00 01 01 |.....|
+00000000 16 03 01 00 5f 01 00 00 5b 03 03 be c5 99 df f1 |...._...[.......|
+00000010 cc c8 fd d9 4c c5 09 18 5f 59 9a 78 47 ef 00 d5 |....L..._Y.xG...|
+00000020 81 45 3e ac a0 a5 ee d6 d0 8c d8 00 00 04 00 05 |.E>.............|
+00000030 00 ff 02 01 00 00 2d 00 23 00 00 00 0d 00 20 00 |......-.#..... .|
+00000040 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................|
+00000050 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................|
+00000060 0f 00 01 01 |....|
>>> Flow 2 (server to client)
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002f0 71 99 9b 26 6e 38 50 29 6c 90 a7 bd d9 16 03 03 |q..&n8P)l.......|
00000300 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 27 e9 a4 f7 e7 |...........'....|
-00000010 df 25 de 84 8c 1f d6 e6 c3 11 28 55 9a c1 91 37 |.%........(U...7|
-00000020 84 f5 ba f8 80 0d ca 50 cb 1e 72 f7 97 6f c2 b2 |.......P..r..o..|
-00000030 04 4d 13 7c e0 6e a0 1f 91 e1 38 1b a2 c0 55 16 |.M.|.n....8...U.|
-00000040 7f 29 fc ed 1c 1a cf 72 14 c3 00 c1 dd 36 36 af |.).....r.....66.|
-00000050 a6 e4 a8 be ba ec 13 d0 1e d0 1d fd e1 5b 27 fd |.............['.|
-00000060 9a da 2e 12 c8 b0 b9 c2 b9 76 ec 7f 3c 98 b6 63 |.........v..<..c|
-00000070 bc da f0 07 7a 3d e7 61 f4 2f 12 80 3b f9 3b cc |....z=.a./..;.;.|
-00000080 05 c8 2f 7e 28 b2 73 bf 97 61 29 14 03 03 00 01 |../~(.s..a).....|
-00000090 01 16 03 03 00 24 17 59 a9 45 53 46 33 96 50 dd |.....$.Y.ESF3.P.|
-000000a0 3e 23 aa 91 38 f8 56 4a 2f 1a f2 b1 44 9b ce 17 |>#..8.VJ/...D...|
-000000b0 6b 8a 89 76 bc 67 b8 8b ba 90 |k..v.g....|
+00000000 16 03 03 00 86 10 00 00 82 00 80 59 1f 86 2f cd |...........Y../.|
+00000010 b9 8f 0d e8 f9 3a 5b a8 73 2f 33 8b c6 ef 5e e2 |.....:[.s/3...^.|
+00000020 78 93 fa 40 b7 b4 cb e7 3e 35 15 33 24 1d 63 5d |x..@....>5.3$.c]|
+00000030 dc 8d 45 94 3f 19 ed e0 3a f3 4e 44 62 1d ff ea |..E.?...:.NDb...|
+00000040 d6 e4 01 b0 26 c5 36 34 78 d1 e6 62 27 62 f0 29 |....&.64x..b'b.)|
+00000050 fd 7d 13 af 59 0a 41 fa 78 42 7d 0d d8 07 79 23 |.}..Y.A.xB}...y#|
+00000060 5e 4e cd 03 b1 3c bb 6d fb 19 54 49 f1 c7 d7 54 |^N...<.m..TI...T|
+00000070 3e af 11 40 8b 7e 3d 2c 8b e3 02 ad fd 29 88 48 |>..@.~=,.....).H|
+00000080 b1 ed 52 74 50 a7 ef 99 9f af bd 14 03 03 00 01 |..RtP...........|
+00000090 01 16 03 03 00 24 f3 c1 8c ee e7 4d 07 80 c4 c3 |.....$.....M....|
+000000a0 09 87 85 cd 64 46 73 c7 17 4e 9e 90 4c 63 30 35 |....dFs..N..Lc05|
+000000b0 52 f5 10 f6 60 75 fc 93 41 57 |R...`u..AW|
>>> Flow 4 (server to client)
-00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e|
-00000020 ea 4b d1 ef ba 2d db 0c ba 9a d4 20 76 57 c8 ec |.K...-..... vW..|
-00000030 dc 2d 77 fb fb 3b 93 5f 53 e0 14 4f 90 fb d6 55 |.-w..;._S..O...U|
-00000040 57 8c 8d 0d 25 ea 5d 0d f2 91 e5 12 22 12 ec 7b |W...%.]....."..{|
-00000050 5f b6 6e fd 07 59 23 24 fc b1 97 ca ea 56 a5 c2 |_.n..Y#$.....V..|
-00000060 a0 e4 9e 99 64 f2 64 d0 75 7a 46 63 e3 dc 21 ed |....d.d.uzFc..!.|
-00000070 78 56 e9 e1 ab 66 80 14 03 03 00 01 01 16 03 03 |xV...f..........|
-00000080 00 24 fc 14 68 07 17 1f df b7 84 cb fd c1 e0 e4 |.$..h...........|
-00000090 f2 1a ea 34 b5 00 7f 70 be c8 1c 0a d6 55 e3 57 |...4...p.....U.W|
-000000a0 50 4e 6d 7d 8a 5d 17 03 03 00 21 24 27 50 40 c1 |PNm}.]....!$'P@.|
-000000b0 c5 bd c7 9f 95 d9 ba 2e 7b 0e db ea a7 31 81 05 |........{....1..|
-000000c0 75 43 b1 63 cf b8 55 92 ef 76 98 a9 15 03 03 00 |uC.c..U..v......|
-000000d0 16 d7 ea 3c 79 e7 a6 2f 61 39 ec 4e 95 86 48 5e |...<y../a9.N..H^|
-000000e0 75 a0 9e 41 42 89 67 |u..AB.g|
+00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
+00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
+00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
+00000030 6f 2c b5 83 61 98 30 ec c6 53 ac a0 2a a9 72 53 |o,..a.0..S..*.rS|
+00000040 64 7c c5 d5 db 0a 80 d0 1e ea 59 c8 b8 60 ff b9 |d|........Y..`..|
+00000050 3d 06 68 16 cd 60 3b 15 e9 59 c1 a2 18 76 c2 1f |=.h..`;..Y...v..|
+00000060 fd 77 00 e6 38 33 94 98 69 cb 23 4a 61 d7 fe 1a |.w..83..i.#Ja...|
+00000070 e7 3a 57 b1 78 c7 c0 d1 03 bb 83 69 72 b9 25 c3 |.:W.x......ir.%.|
+00000080 2f f7 56 2e 95 6f 88 14 03 03 00 01 01 16 03 03 |/.V..o..........|
+00000090 00 24 a6 8c 15 5c ae a0 8c 03 cc d2 2c 45 aa 7a |.$...\......,E.z|
+000000a0 1d 1a ed 58 f4 92 a2 0d b0 a4 81 90 e3 a6 0b 09 |...X............|
+000000b0 8f f2 1b 61 c7 f7 17 03 03 00 21 cf 8f 7a 50 bc |...a......!..zP.|
+000000c0 a9 b6 d2 88 24 21 0b ef 5c e5 1c 34 4a d9 b6 b5 |....$!..\..4J...|
+000000d0 88 c6 14 8c 79 96 c5 0c 31 22 f8 7d 15 03 03 00 |....y...1".}....|
+000000e0 16 e7 69 82 9d e6 54 2d f9 6d 04 a9 5b 3e bc f9 |..i...T-.m..[>..|
+000000f0 4e 1a 07 04 7a 56 50 |N...zVP|
>>> Flow 1 (client to server)
-00000000 16 03 01 00 e8 01 00 00 e4 03 03 52 cc 57 59 c3 |...........R.WY.|
-00000010 8b df 97 05 d8 5f 16 22 b4 b1 e7 cb 7d 2f 9b 58 |....._."....}/.X|
-00000020 a3 f4 d7 2c a4 c1 9d 49 ed 4b ba 20 90 da 90 3e |...,...I.K. ...>|
-00000030 36 19 7a db 56 43 26 f7 dc 42 57 33 22 ed 9d a4 |6.z.VC&..BW3"...|
-00000040 9d 53 da f8 9d 4e 60 66 71 a0 2e 2e 00 04 00 05 |.S...N`fq.......|
-00000050 00 ff 01 00 00 97 00 23 00 68 00 00 00 00 00 00 |.......#.h......|
-00000060 00 00 00 00 00 00 00 00 00 00 65 ea 4b d1 ef ba |..........e.K...|
-00000070 06 38 1e e1 88 82 3a cd 03 ac 3b 39 0a e0 19 fd |.8....:...;9....|
-00000080 af 6c 57 30 df 31 6e f7 92 38 4b 5d 77 90 39 ff |.lW0.1n..8K]w.9.|
-00000090 32 51 f5 ed 12 d7 b0 7c 4d 6c c5 76 e4 72 48 3e |2Q.....|Ml.v.rH>|
-000000a0 59 23 fe 0d 15 df f4 ba ea b9 67 16 23 8f 7d 15 |Y#........g.#.}.|
-000000b0 b6 11 f1 ab d7 d4 cd a3 21 82 92 2a 12 cf 95 f3 |........!..*....|
-000000c0 60 b2 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 |`....". ........|
-000000d0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................|
-000000e0 02 01 02 02 02 03 01 01 00 0f 00 01 01 |.............|
+00000000 16 03 01 00 f7 01 00 00 f3 03 03 6a 1a d3 0a d3 |...........j....|
+00000010 e0 34 f9 c4 1b cc 42 bc 0b eb 97 fd 51 b7 77 fd |.4....B.....Q.w.|
+00000020 50 0a 13 8c b6 ac 8e a1 ba 1f 74 20 fb 19 d1 6a |P.........t ...j|
+00000030 cf 1c 8b fb 77 97 7b 11 a5 fe 66 dc b8 b6 21 ad |....w.{...f...!.|
+00000040 8b b4 5f 38 ca 51 ca a3 af 40 84 8b 00 04 00 05 |.._8.Q...@......|
+00000050 00 ff 02 01 00 00 a5 00 23 00 78 50 46 ad c1 db |........#.xPF...|
+00000060 a8 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 |.8.{+....B>.....|
+00000070 00 00 00 00 00 00 00 00 00 00 00 94 6f 2c b5 83 |............o,..|
+00000080 61 e8 c1 5d af d6 da c9 8f df 1e c4 16 47 a0 dd |a..].........G..|
+00000090 cf 3c 9d 95 11 fe 01 fb 52 5b d0 aa 56 fb 04 d5 |.<......R[..V...|
+000000a0 7f 89 31 7d 75 e3 df f4 28 6a fb 1f 76 ee 77 55 |..1}u...(j..v.wU|
+000000b0 0b 33 94 82 e2 ee 73 2f 7f a7 f6 7c 68 25 eb fd |.3....s/...|h%..|
+000000c0 56 5b 89 29 b4 32 b6 92 57 3f c3 f9 01 fb 01 25 |V[.).2..W?.....%|
+000000d0 7f 0f 10 00 0d 00 20 00 1e 06 01 06 02 06 03 05 |...... .........|
+000000e0 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 |................|
+000000f0 03 02 01 02 02 02 03 00 0f 00 01 01 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 51 02 00 00 4d 03 03 00 00 00 00 00 |....Q...M.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 20 90 da 90 3e |........... ...>|
-00000030 36 19 7a db 56 43 26 f7 dc 42 57 33 22 ed 9d a4 |6.z.VC&..BW3"...|
-00000040 9d 53 da f8 9d 4e 60 66 71 a0 2e 2e 00 05 00 00 |.S...N`fq.......|
+00000020 00 00 00 00 00 00 00 00 00 00 00 20 fb 19 d1 6a |........... ...j|
+00000030 cf 1c 8b fb 77 97 7b 11 a5 fe 66 dc b8 b6 21 ad |....w.{...f...!.|
+00000040 8b b4 5f 38 ca 51 ca a3 af 40 84 8b 00 05 00 00 |.._8.Q...@......|
00000050 05 ff 01 00 01 00 14 03 03 00 01 01 16 03 03 00 |................|
-00000060 24 11 12 ff 28 10 14 4c e5 0e ad a7 fa f3 92 fb |$...(..L........|
-00000070 13 7d ae f2 b2 4a 6b a1 9e 67 cf a8 f7 8c 6f a0 |.}...Jk..g....o.|
-00000080 6c 30 0e 18 55 |l0..U|
+00000060 24 0e 65 19 5e 79 90 4b 40 13 f1 5b 2f ed 0b f5 |$.e.^y.K@..[/...|
+00000070 cc 39 23 24 91 b3 b2 49 f6 9b d5 60 f3 ed bd 2a |.9#$...I...`...*|
+00000080 31 00 14 5a 8e |1..Z.|
>>> Flow 3 (client to server)
-00000000 14 03 03 00 01 01 16 03 03 00 24 0d 46 41 8b 24 |..........$.FA.$|
-00000010 36 01 a9 fd 8b ec fc e6 b1 83 96 df 0d 3e 53 54 |6............>ST|
-00000020 58 b8 43 f2 a6 25 5e 1a ae 19 9e d2 28 44 92 |X.C..%^.....(D.|
+00000000 14 03 03 00 01 01 16 03 03 00 24 72 4d 5d 05 d6 |..........$rM]..|
+00000010 79 93 41 21 a7 86 75 49 50 fe b2 6c a9 38 d7 5e |y.A!..uIP..l.8.^|
+00000020 b7 f7 33 18 b0 53 ab ab b7 5b ee 09 e7 83 51 |..3..S...[....Q|
>>> Flow 4 (server to client)
-00000000 17 03 03 00 21 c4 fb f6 53 bb 3e 04 cc 0b a0 03 |....!...S.>.....|
-00000010 fa 49 96 da b5 8d b2 f2 e5 d8 f3 5c 27 57 4f 9c |.I.........\'WO.|
-00000020 30 00 34 fc 52 92 15 03 03 00 16 a3 02 7a 50 d2 |0.4.R........zP.|
-00000030 c6 b3 fc 69 8f e4 94 ae ab 22 ad 05 1d 15 69 b9 |...i....."....i.|
-00000040 a5 |.|
+00000000 17 03 03 00 21 1a 35 ab 27 ac db 7f e4 11 f2 b4 |....!.5.'.......|
+00000010 38 f5 3f 5d be 7a 58 74 92 05 a5 9c 8e a8 f2 ca |8.?].zXt........|
+00000020 cd f0 2e 18 62 57 15 03 03 00 16 33 18 76 93 bb |....bW.....3.v..|
+00000030 48 86 cc 13 79 ad e2 51 c6 ac 3e 89 2a 4f 05 e1 |H...y..Q..>.*O..|
+00000040 ee |.|
>>> Flow 1 (client to server)
-00000000 16 03 01 00 e8 01 00 00 e4 03 03 54 23 54 02 a5 |...........T#T..|
-00000010 10 11 0f 6d e5 2d 2f e8 bb 52 b1 38 3f 65 01 43 |...m.-/..R.8?e.C|
-00000020 36 cc 48 f6 09 22 a1 85 20 28 3c 20 35 8b fe 7a |6.H..".. (< 5..z|
-00000030 41 3b 59 3a 5d b9 b3 21 f0 62 e9 0d 7b af f5 5d |A;Y:]..!.b..{..]|
-00000040 fa 65 1a 40 c8 ca cd 74 8c ef d2 fb 00 04 00 05 |.e.@...t........|
-00000050 00 ff 01 00 00 97 00 23 00 68 00 00 00 00 00 00 |.......#.h......|
-00000060 00 00 00 00 00 00 00 00 00 00 65 ea 4b d1 ef ba |..........e.K...|
-00000070 2d db 0c ba 9a d4 20 76 57 c8 ec dc 2d 77 fb fb |-..... vW...-w..|
-00000080 3b 93 5f 53 e0 14 4f 90 fb d6 55 57 8c 8d 0d 25 |;._S..O...UW...%|
-00000090 ea 5d 0d f2 91 e5 12 22 12 ec 7b 5f b6 6e fd 07 |.]....."..{_.n..|
-000000a0 59 23 24 fc b1 97 ca ea 56 a5 c2 a0 e4 9e 99 64 |Y#$.....V......d|
-000000b0 f2 64 d0 75 7a 46 63 e3 dc 21 ed 78 56 e9 e1 ab |.d.uzFc..!.xV...|
-000000c0 66 80 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 |f....". ........|
-000000d0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................|
-000000e0 02 01 02 02 02 03 01 01 00 0f 00 01 01 |.............|
+00000000 16 03 01 00 f7 01 00 00 f3 03 03 c0 99 dc 56 0b |..............V.|
+00000010 50 7d 49 f8 f3 f7 60 a1 c7 38 e0 90 1f de 78 c3 |P}I...`..8....x.|
+00000020 43 04 0d b4 4c c0 6e 01 40 ec 3a 20 93 7c bd 44 |C...L.n.@.: .|.D|
+00000030 57 52 7d dd 4d db b6 6d cc d5 44 34 a6 64 87 cb |WR}.M..m..D4.d..|
+00000040 cb dc 38 d4 33 3a 1a 6f fc f0 6f 73 00 04 00 05 |..8.3:.o..os....|
+00000050 00 ff 02 01 00 00 a5 00 23 00 78 50 46 ad c1 db |........#.xPF...|
+00000060 a8 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 |.8.{+....B>.....|
+00000070 00 00 00 00 00 00 00 00 00 00 00 94 6f 2c b5 83 |............o,..|
+00000080 61 98 30 ec c6 53 ac a0 2a a9 72 53 64 7c c5 d5 |a.0..S..*.rSd|..|
+00000090 db 0a 80 d0 1e ea 59 c8 b8 60 ff b9 3d 06 68 16 |......Y..`..=.h.|
+000000a0 cd 60 3b 15 e9 59 c1 a2 18 76 c2 1f fd 77 00 e6 |.`;..Y...v...w..|
+000000b0 38 33 94 98 69 cb 23 4a 61 d7 fe 1a e7 3a 57 b1 |83..i.#Ja....:W.|
+000000c0 78 c7 c0 d1 03 bb 83 69 72 b9 25 c3 2f f7 56 2e |x......ir.%./.V.|
+000000d0 95 6f 88 00 0d 00 20 00 1e 06 01 06 02 06 03 05 |.o.... .........|
+000000e0 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 |................|
+000000f0 03 02 01 02 02 02 03 00 0f 00 01 01 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002f0 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 04 0e 00 |n8P)l...........|
00000300 00 00 |..|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 86 10 00 00 82 00 80 ae 02 dd 1f 1a |................|
-00000010 86 83 f5 2f 82 46 4b 29 58 aa a1 b3 56 8b 4e 40 |.../.FK)X...V.N@|
-00000020 ef 23 65 67 ad 48 e5 e1 fd ae dd bf 68 fd bd a6 |.#eg.H......h...|
-00000030 13 a0 7e 05 ab f7 20 e1 6a 4e d1 37 93 08 1d c9 |..~... .jN.7....|
-00000040 37 e0 b5 34 28 bf 20 45 45 da 0f 7e 51 a7 c6 ae |7..4(. EE..~Q...|
-00000050 61 6c 07 1b 73 ef da 6e 25 c4 ed be e3 3f da ae |al..s..n%....?..|
-00000060 cd 3c 17 9c 2e ee fb 47 9d b3 a1 b2 c3 5d e0 83 |.<.....G.....]..|
-00000070 74 20 37 2d 72 d6 d0 4d 58 0e 26 1c 50 22 95 08 |t 7-r..MX.&.P"..|
-00000080 7d e0 5f 86 99 9e 2c 2e a7 a0 7f 14 03 03 00 01 |}._...,.........|
-00000090 01 16 03 03 00 24 a2 ab 41 25 a5 cf 04 18 1d 98 |.....$..A%......|
-000000a0 88 6c 59 21 86 33 54 f4 35 b4 21 6e a5 29 d5 6e |.lY!.3T.5.!n.).n|
-000000b0 3d 08 72 b0 af 46 b5 8f 6b 86 |=.r..F..k.|
+00000000 16 03 03 00 86 10 00 00 82 00 80 5d 49 92 9d 5b |...........]I..[|
+00000010 41 7a 83 f0 6d 32 de b8 49 00 2d e0 2f f9 f1 12 |Az..m2..I.-./...|
+00000020 0f 49 45 2b 58 fd 1d 72 49 e7 74 74 bc 97 73 f7 |.IE+X..rI.tt..s.|
+00000030 01 a9 10 53 ea 4a b5 5d 09 92 01 62 b7 50 cd 46 |...S.J.]...b.P.F|
+00000040 79 ec 35 08 0d 41 5f 09 41 fa 77 30 48 14 6b fe |y.5..A_.A.w0H.k.|
+00000050 ca 12 d7 97 61 7a da 52 89 07 52 b0 81 c0 54 35 |....az.R..R...T5|
+00000060 7d 36 6c be 85 45 6b 67 e3 06 55 f7 af 40 d5 7d |}6l..Ekg..U..@.}|
+00000070 34 bb ee 0c 49 6b fb 0a c0 ec 04 85 28 4f 15 d7 |4...Ik......(O..|
+00000080 f3 e5 92 86 30 27 e9 15 b7 1d ae 14 03 03 00 01 |....0'..........|
+00000090 01 16 03 03 00 24 64 7a 6c c1 71 df b3 a2 a7 a8 |.....$dzl.q.....|
+000000a0 ea fd 04 d6 7c fc eb a1 18 21 42 f4 ba 09 75 1c |....|....!B...u.|
+000000b0 f7 00 01 37 cc bb e1 11 c9 ef |...7......|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 24 59 20 4d c2 17 |..........$Y M..|
-00000010 8b 3c 9b 33 d9 f9 ef fb 80 18 1f 67 a7 58 12 89 |.<.3.......g.X..|
-00000020 4e 73 0f 2d 7b e6 c4 a6 79 73 01 da 22 e8 54 17 |Ns.-{...ys..".T.|
-00000030 03 03 00 21 36 ca 64 0f 4a 12 a5 50 3d 97 bb 39 |...!6.d.J..P=..9|
-00000040 02 fc ed d1 82 6a 9a 2e 21 79 f6 e1 b3 cc 32 db |.....j..!y....2.|
-00000050 0f 5d b3 fb a5 15 03 03 00 16 51 f4 be 57 7a df |.]........Q..Wz.|
-00000060 f1 f2 bd b5 51 5e 45 80 be 0b 9a 0c d1 19 3c 79 |....Q^E.......<y|
+00000000 14 03 03 00 01 01 16 03 03 00 24 c9 e4 67 51 5a |..........$..gQZ|
+00000010 0a b3 8d 30 c6 e8 f3 df 52 a7 85 b3 e0 5a 64 0a |...0....R....Zd.|
+00000020 19 96 96 0f 6d a7 1a 74 0d 47 29 a0 d1 db 8f 17 |....m..t.G).....|
+00000030 03 03 00 21 10 7b 5f 4a b0 d8 25 2d d4 66 76 65 |...!.{_J..%-.fve|
+00000040 3c 03 c8 bd 15 19 d2 fc 19 f0 e6 ac c5 9d 8b 17 |<...............|
+00000050 26 d9 1e 71 4d 15 03 03 00 16 36 16 72 83 f8 79 |&..qM.....6.r..y|
+00000060 4c ca 20 39 4a 0c a4 55 06 79 b6 8a ab cb 9a f2 |L. 9J..U.y......|
cipherSuite uint16
masterSecret []byte
certificates [][]byte
+ // usedOldKey is true if the ticket from which this session came from
+ // was encrypted with an older key and thus should be refreshed.
+ usedOldKey bool
}
func (s *sessionState) equal(i interface{}) bool {
func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {
serialized := state.marshal()
- encrypted := make([]byte, aes.BlockSize+len(serialized)+sha256.Size)
- iv := encrypted[:aes.BlockSize]
+ encrypted := make([]byte, ticketKeyNameLen+aes.BlockSize+len(serialized)+sha256.Size)
+ keyName := encrypted[:ticketKeyNameLen]
+ iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize]
macBytes := encrypted[len(encrypted)-sha256.Size:]
if _, err := io.ReadFull(c.config.rand(), iv); err != nil {
return nil, err
}
- block, err := aes.NewCipher(c.config.SessionTicketKey[:16])
+ key := c.config.ticketKeys()[0]
+ copy(keyName, key.keyName[:])
+ block, err := aes.NewCipher(key.aesKey[:])
if err != nil {
return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error())
}
- cipher.NewCTR(block, iv).XORKeyStream(encrypted[aes.BlockSize:], serialized)
+ cipher.NewCTR(block, iv).XORKeyStream(encrypted[ticketKeyNameLen+aes.BlockSize:], serialized)
- mac := hmac.New(sha256.New, c.config.SessionTicketKey[16:32])
+ mac := hmac.New(sha256.New, key.hmacKey[:])
mac.Write(encrypted[:len(encrypted)-sha256.Size])
mac.Sum(macBytes[:0])
func (c *Conn) decryptTicket(encrypted []byte) (*sessionState, bool) {
if c.config.SessionTicketsDisabled ||
- len(encrypted) < aes.BlockSize+sha256.Size {
+ len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
return nil, false
}
- iv := encrypted[:aes.BlockSize]
+ keyName := encrypted[:ticketKeyNameLen]
+ iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize]
macBytes := encrypted[len(encrypted)-sha256.Size:]
- mac := hmac.New(sha256.New, c.config.SessionTicketKey[16:32])
+ keys := c.config.ticketKeys()
+ keyIndex := -1
+ for i, candidateKey := range keys {
+ if bytes.Equal(keyName, candidateKey.keyName[:]) {
+ keyIndex = i
+ break
+ }
+ }
+
+ if keyIndex == -1 {
+ return nil, false
+ }
+ key := &keys[keyIndex]
+
+ mac := hmac.New(sha256.New, key.hmacKey[:])
mac.Write(encrypted[:len(encrypted)-sha256.Size])
expected := mac.Sum(nil)
return nil, false
}
- block, err := aes.NewCipher(c.config.SessionTicketKey[:16])
+ block, err := aes.NewCipher(key.aesKey[:])
if err != nil {
return nil, false
}
- ciphertext := encrypted[aes.BlockSize : len(encrypted)-sha256.Size]
+ ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size]
plaintext := ciphertext
cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext)
- state := new(sessionState)
+ state := &sessionState{usedOldKey: keyIndex > 0}
ok := state.unmarshal(plaintext)
return state, ok
}