Domestic Client SSL Connection Details
This document contains traces of two SSL connections between a domestic (U.S. and Canada) client and an SSL server, as seen by the client.This document shows actual values of all the cryptographic computations, their inputs and outputs, in order in the example SSL connections. This is to aid others in developing SSL implementations. The public and private certificates and keys used (revealed) in this example are used only for SSL session samples.
The connections use certificate-based client-authentication. They use RC4 with a full 128-bit key.
This table shows the different messages in the first connection. Each link will take you directly to the relevant portion of the document.
The second connection uses the "session resume" (or "session restart") feature of SSL, to avoid repeating all the computation of the client_key_exchange message.
|
|
Client Hello (V3) | |
Server Hello | |
Change Cipher Spec | |
Finished | |
Change Cipher Spec | |
Finished | |
HTTP request | |
HTTP response | |
Close Notify Alert | |
Close Notify Alert |
Notes on presentation (format) of following data:
Data that is transmitted, received, or that is input to or output from functions that hash, compress, encrypt or decrypt, are shown in both hexadecimal and in ASCII, with unprintable charaacters shown as dots.
Other lines contain comments or analysis of the data. Comments generally preceed the data they describe.
Lines beginning with a plus ("+") symbol denote data that is actually transmitted or received over the underlying transport (TCP) connection. All other lines of data are used only internally.
The intermediate state of the MD5 and SHA-1 hashes is shown in two parts, the contents of the 4 (MD5) or 5 (SHA-1) 32-bit state variables are shown in hexadecimal, followed by the content of any buffered input to the hash function (partial hash input block) that has not yet been processed by the hash function.
The first Connection.
Client Hello Handshake
The first connection begins with an SSL version 2 client_hello message from the client. This differs from an ordinary SSL V2 client_hello message in one aspect, the version number field indicates version 3, not version 2. An SSl server that supports both versions 2 and 3 will reply to such a message with a version 3 server_hello, as seen below.connect completed, starting handshake sending client-hello dump-msg: Client-Hello version (Major)=3 version (minor)=0 cipher-specs [Len: 27] 01 00 80 03 00 80 06 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 03 00 00 06 session-id [Len: 0] challenge [Len: 16] d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 sending 52 bytes in the clear clear data: [Len: 52] 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... 1c 25 89 01 .%..All handshake messages, from either client or server, beginning with the client-hello, must be included in the ongoing "handshake hashes". There are two handshake hashes, one MD5, the other SHA1. The content of the handshake messages, excluding any record-layer headers, is hashed into each of the two hashes.
The client-hello shown above is the first input to the handshake hashes:
start handshake hashes MD5 & SHA handshake hash input: [Len: 52] 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... 1c 25 89 01 .%..After hashing the client_hello handshake, the hashshake hashes are:
MD5 state: 67452301 efcdab89 98badcfe 10325476 MD5_TraceState: buffered input [Len: 52] 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... 1c 25 89 01 .%.. SHA1 state: 67452301 efcdab89 98badcfe 10325476 c3d2e1f0 SHA1_TraceState: buffered input [Len: 52] 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... 1c 25 89 01 .%..The sent SSL V2 client hello record looks like this:
SSL2 record length: [Len: 2] + 80 34 .4 clear record: [Len: 52] + 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ + 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. + 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... + 1c 25 89 01 .%..
Server Hello Handshake
The Server's reply, a single handshake record containing several handshake messages, is received.raw gather data: [Len: 5] + 16 03 00 18 6f ....o plaintext: [Len: 6255] + 02 00 00 46 03 00 34 03 61 4b a8 3a ce e0 92 9c ...F..4.aK.:.... + ff 03 be d3 c5 25 a2 ec 61 85 b1 ea 93 bf a0 5e .....%..a......^ + a9 79 1c 8a ed 16 20 00 00 4f 47 95 8f 49 f8 7b .y.... ..OG..I.{ + d8 41 71 5f 36 f9 6f 7d a2 31 fa 25 07 8e 45 3c .Aq_6.o}.1.%..E< + 0e d9 e7 d4 d2 86 5c 00 04 00 0b 00 05 2f 00 05 ......\....../.. + 2c 00 02 7c 30 82 02 78 30 82 01 e1 a0 03 02 01 ,..|0..x0....... + 02 02 01 70 30 0d 06 09 2a 86 48 86 f7 0d 01 01 ...p0...*.H..... + 04 05 00 30 77 31 0b 30 09 06 03 55 04 06 13 02 ...0w1.0...U.... + 55 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e 65 74 US1,0*..U...#Net + 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 74 scape Communicat + 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 6f 6e ions Corporation + 31 11 30 0f 06 03 55 04 0b 13 08 48 61 72 64 63 1.0...U....Hardc + 6f 72 65 31 27 30 25 06 03 55 04 03 13 1e 48 61 ore1'0%..U....Ha + 72 64 63 6f 72 65 20 43 65 72 74 69 66 69 63 61 rdcore Certifica + 74 65 20 53 65 72 76 65 72 20 49 49 30 1e 17 0d te Server II0... + 39 37 30 38 31 39 30 34 33 32 32 38 5a 17 0d 39 970819043228Z..9 + 38 30 32 31 35 30 34 33 32 32 38 5a 30 81 98 31 80215043228Z0..1 + 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f .0...U....US1.0. + 06 03 55 04 0a 13 08 4e 65 74 73 63 61 70 65 31 ..U....Netscape1 + 1d 30 1b 06 03 55 04 0b 13 14 48 61 72 64 63 6f .0...U....Hardco + 72 65 20 53 53 4c 20 74 65 73 74 69 6e 67 31 19 re SSL testing1. + 30 17 06 0a 09 92 26 89 93 f2 2c 64 01 01 13 09 0.....&...,d.... + 53 53 4c 54 65 73 74 65 72 31 17 30 15 06 03 55 SSLTester1.0...U + 04 03 13 0e 62 69 6a 6f 75 2e 6d 63 6f 6d 2e 63 ....bijou.mcom.c + 6f 6d 31 23 30 21 06 09 2a 86 48 86 f7 0d 01 09 om1#0!..*.H..... + 01 16 14 6e 65 6c 73 6f 6e 62 40 6e 65 74 73 63 ...nelsonb@netsc + 61 70 65 2e 63 6f 6d 30 5c 30 0d 06 09 2a 86 48 ape.com0\0...*.H + 86 f7 0d 01 01 01 05 00 03 4b 00 30 48 02 41 00 .........K.0H.A. + e3 f3 ba 48 dd 2e bd a8 e9 87 8e 5f 8a 9e cb c9 ...H......._.... + 6d c1 8b 79 31 ad b0 26 39 ba dc 28 d1 f0 20 75 m..y1..&9..(.. u + a4 24 d2 e8 16 e7 b3 b6 aa 39 e5 e2 4c bf 8e 5f .$.......9..L.._ + 96 4b cd 09 75 71 b1 69 1f 67 df b7 ac 58 29 a1 .K..uq.i.g...X). + 02 03 01 00 01 a3 36 30 34 30 11 06 09 60 86 48 ......6040...`.H + 01 86 f8 42 01 01 04 04 03 02 00 40 30 1f 06 03 ...B.......@0... + 55 1d 23 04 18 30 16 80 14 97 b1 6d b2 b6 02 16 U.#..0.....m.... + 54 0c 97 d7 e3 32 6d cb 9c df ee de 80 30 0d 06 T....2m......0.. + 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 .*.H............ + a0 e6 3f 22 15 fb 54 8f ee a3 d8 81 ee 20 ad 67 ..?"..T...... .g + d6 a4 64 67 3a d1 74 4f 19 4a ba 9e 9d ce b9 4c ..dg:.tO.J.....L + d7 40 c1 f0 fd 32 5e 7b 73 c5 27 55 e4 e0 f0 7d .@...2^{s.'U...} + ee ec fe 10 16 0f 6f c5 a0 12 5e c6 74 c9 16 c4 ......o...^.t... + d7 43 cc 78 16 2b 4c 98 7f be 27 cf d9 bd 76 53 .C.x.+L...'...vS + e8 ed f9 1a 05 77 9e fd 80 a9 e6 05 14 bf d2 0d .....w.......... + 0f ff 17 38 5c 74 62 e9 f1 1b 41 3b 74 36 06 cc ...8\tb...A;t6.. + 67 da 03 ca 37 d2 1c 66 37 fc c0 be fd 20 32 e0 g...7..f7.... 2. + 00 02 aa 30 82 02 a6 30 82 02 0f a0 03 02 01 02 ...0...0........ + 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 ...0...*.H...... + 05 00 30 77 31 0b 30 09 06 03 55 04 06 13 02 55 ..0w1.0...U....U + 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e 65 74 73 S1,0*..U...#Nets + 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 cape Communicati + 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 ons Corporation1 + 11 30 0f 06 03 55 04 0b 13 08 48 61 72 64 63 6f .0...U....Hardco + 72 65 31 27 30 25 06 03 55 04 03 13 1e 48 61 72 re1'0%..U....Har + 64 63 6f 72 65 20 43 65 72 74 69 66 69 63 61 74 dcore Certificat + 65 20 53 65 72 76 65 72 20 49 49 30 1e 17 0d 39 e Server II0...9 + 37 30 35 32 37 31 38 30 39 34 37 5a 17 0d 39 38 70527180947Z..98 + 30 35 32 37 31 38 30 39 34 37 5a 30 77 31 0b 30 0527180947Z0w1.0 + 09 06 03 55 04 06 13 02 55 53 31 2c 30 2a 06 03 ...U....US1,0*.. + 55 04 0a 13 23 4e 65 74 73 63 61 70 65 20 43 6f U...#Netscape Co + 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 43 6f 72 mmunications Cor + 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 03 55 04 poration1.0...U. + 0b 13 08 48 61 72 64 63 6f 72 65 31 27 30 25 06 ...Hardcore1'0%. + 03 55 04 03 13 1e 48 61 72 64 63 6f 72 65 20 43 .U....Hardcore C + 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 65 ertificate Serve + 72 20 49 49 30 81 9f 30 0d 06 09 2a 86 48 86 f7 r II0..0...*.H.. + 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 ..........0..... + 00 bc 14 a0 c0 53 fa e1 4d b9 cd 0e b7 42 e3 cd .....S..M....B.. + 98 46 e0 b3 1e 13 76 c7 c5 e5 3d e5 24 18 dd 72 .F....v...=.$..r + 1a 37 7f c4 66 51 36 7f e1 ae e9 11 5e 29 6f ac .7..fQ6.....^)o. + ff 28 ce cd 53 ae 39 09 75 a1 eb d2 ec 79 d4 e9 .(..S.9.u....y.. + 6b 4c 99 e4 b6 42 d0 f7 52 8b ae 4a 33 6b 58 5b kL...B..R..J3kX[ + 47 57 13 a3 61 32 86 02 e8 63 e6 7a 27 c2 99 7a GW..a2...c.z'..z + 22 48 d9 c8 d1 5c 6d b1 37 84 66 4b 9e a2 ce 31 "H...\m.7.fK...1 + 6c 1c 06 7a 5f c5 7b b8 ff 58 89 f6 0b 40 6f 7c l..z_.{..X...@o| + 0d 02 03 01 00 01 a3 42 30 40 30 1d 06 03 55 1d .......B0@0...U. + 0e 04 16 04 14 97 b1 6d b2 b6 02 16 54 0c 97 d7 .......m....T... + e3 32 6d cb 9c df ee de 80 30 1f 06 03 55 1d 23 .2m......0...U.# + 04 18 30 16 80 14 97 b1 6d b2 b6 02 16 54 0c 97 ..0.....m....T.. + d7 e3 32 6d cb 9c df ee de 80 30 0d 06 09 2a 86 ..2m......0...*. + 48 86 f7 0d 01 01 05 05 00 03 81 81 00 9b 52 fe H.............R. + 93 fa 40 4d a9 8d 72 f9 f6 f6 c9 32 40 dc 20 fe ..@M..r....2@. . + be a5 a2 db e6 2c df d1 5f a0 66 45 d1 6e 5f 0a .....,.._.fE.n_. + 91 e9 0b c1 7c 8a c0 64 a0 d4 24 56 85 b5 a0 aa ....|..d..$V.... + 1e c8 8c 15 40 ac fc 5a 2f 94 18 44 b9 73 23 c1 ....@..Z/..D.s#. + 49 a0 24 ff b0 47 9c d8 28 1f b3 70 a7 62 b3 5b I.$..G..(..p.b.[ + 8e 4d 82 bd 4d 85 eb 0d 5a 87 c0 41 c9 a6 c2 69 .M..M...Z..A...i + 9c ee 81 49 2a fb 01 55 6f b1 df 21 a7 b0 70 e4 ...I*..Uo..!..p. + 5d 34 3b 90 29 f9 14 c3 2e 07 79 13 c7 0d 00 12 ]4;.).....y..... + ea 02 01 02 12 e5 00 64 30 62 31 11 30 0f 06 03 .......d0b1.0... + 55 04 07 13 08 49 6e 74 65 72 6e 65 74 31 17 30 U....Internet1.0 + 15 06 03 55 04 0a 13 0e 56 65 72 69 53 69 67 6e ...U....VeriSign + 2c 20 49 6e 63 2e 31 34 30 32 06 03 55 04 0b 13 , Inc.1402..U... + 2b 56 65 72 69 53 69 67 6e 20 43 6c 61 73 73 20 +VeriSign Class + 31 20 43 41 20 2d 20 49 6e 64 69 76 69 64 75 61 1 CA - Individua + 6c 20 53 75 62 73 63 72 69 62 65 72 00 61 30 5f l Subscriber.a0_ + 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 1b 30 1.0...U....US1.0 + 19 06 03 55 04 0a 13 12 49 42 4d 20 57 6f 72 6c ...U....IBM Worl + 64 20 52 65 67 69 73 74 72 79 31 33 30 31 06 03 d Registry1301.. + 55 04 03 13 2a 49 42 4d 20 57 6f 72 6c 64 20 52 U...*IBM World R + 65 67 69 73 74 72 79 20 43 65 72 74 69 66 69 63 egistry Certific + 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 00 ation Authority. + 5f 30 5d 31 0b 30 09 06 03 55 04 06 13 02 55 53 _0]1.0...U....US + 31 21 30 1f 06 03 55 04 0a 13 18 42 42 4e 20 43 1!0...U....BBN C + 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 ertificate Servi + 63 65 73 31 2b 30 29 06 03 55 04 03 13 22 42 42 ces1+0)..U..."BB + 4e 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 N Certificate Se + 72 76 69 63 65 73 20 43 41 20 52 6f 6f 74 20 31 rvices CA Root 1 + 00 61 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 .a0_1.0...U....U + 53 31 17 30 15 06 03 55 04 0a 13 0e 56 65 72 69 S1.0...U....Veri + 53 69 67 6e 2c 20 49 6e 63 2e 31 37 30 35 06 03 Sign, Inc.1705.. + 55 04 0b 13 2e 43 6c 61 73 73 20 31 20 50 75 62 U....Class 1 Pub + 6c 69 63 20 50 72 69 6d 61 72 79 20 43 65 72 74 lic Primary Cert + 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 ification Author + 69 74 79 00 99 30 81 96 31 0b 30 09 06 03 55 04 ity..0..1.0...U. + 06 13 02 55 4b 31 0f 30 0d 06 03 55 04 08 13 06 ...UK1.0...U.... + 4c 6f 6e 64 6f 6e 31 19 30 17 06 03 55 04 0a 13 London1.0...U... + 10 55 70 74 69 6d 65 20 47 72 6f 75 70 20 50 6c .Uptime Group Pl + 63 31 1c 30 1a 06 03 55 04 0b 13 13 55 70 74 69 c1.0...U....Upti + 6d 65 20 43 6f 6d 6d 65 72 63 65 20 4c 74 64 31 me Commerce Ltd1 + 17 30 15 06 03 55 04 03 13 0e 55 54 43 20 43 6c .0...U....UTC Cl + 61 73 73 20 31 20 43 41 31 24 30 22 06 09 2a 86 ass 1 CA1$0"..*. + 48 86 f7 0d 01 09 01 16 15 63 65 72 74 73 40 75 H........certs@u + 70 74 69 6d 65 67 72 6f 75 70 2e 63 6f 6d 00 c7 ptimegroup.com.. + 30 81 c4 31 0b 30 09 06 03 55 04 06 13 02 5a 41 0..1.0...U....ZA + 31 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 1.0...U....Weste + 72 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 rn Cape1.0...U.. + 13 09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 ..Cape Town1.0.. + 03 55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e .U....Thawte Con + 73 75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 sulting cc1(0&.. + 55 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 U....Certificati + 6f 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 on Services Divi + 73 69 6f 6e 31 19 30 17 06 03 55 04 03 13 10 54 sion1.0...U....T + 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 31 hawte Server CA1 + 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 &0$..*.H........ + 73 65 72 76 65 72 2d 63 65 72 74 73 40 74 68 61 server-certs@tha + 77 74 65 2e 63 6f 6d 00 5d 30 5b 31 0b 30 09 06 wte.com.]0[1.0.. + 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 .U....US1.0...U. + 0a 13 0f 47 54 45 20 43 6f 72 70 6f 72 61 74 69 ...GTE Corporati + 6f 6e 31 32 30 30 06 03 55 04 03 13 29 47 54 45 on1200..U...)GTE + 20 53 65 63 75 72 65 20 53 65 72 76 65 72 20 43 Secure Server C + 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 ertification Aut + 68 6f 72 69 74 79 00 3b 30 39 31 0b 30 09 06 03 hority.;091.0... + 55 04 06 13 02 55 53 31 0d 30 0b 06 03 55 04 0a U....US1.0...U.. + 14 04 41 54 26 54 31 1b 30 19 06 03 55 04 0b 14 ..AT&T1.0...U... + 12 44 69 72 65 63 74 6f 72 79 20 53 65 72 76 69 .Directory Servi + 63 65 73 00 79 30 77 31 0b 30 09 06 03 55 04 06 ces.y0w1.0...U.. + 13 02 55 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e ..US1,0*..U...#N + 65 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 etscape Communic + 61 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 ations Corporati + 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 48 61 72 on1.0...U....Har + 64 63 6f 72 65 31 27 30 25 06 03 55 04 03 13 1e dcore1'0%..U.... + 48 61 72 64 63 6f 72 65 20 43 65 72 74 69 66 69 Hardcore Certifi + 63 61 74 65 20 53 65 72 76 65 72 20 49 49 00 42 cate Server II.B + 30 40 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0@1.0...U....US1 + 0c 30 0a 06 03 55 04 0a 13 03 4d 43 49 31 14 30 .0...U....MCI1.0 + 12 06 03 55 04 0b 13 0b 69 6e 74 65 72 6e 65 74 ...U....internet + 4d 43 49 31 0d 30 0b 06 03 55 04 0b 13 04 4d 41 MCI1.0...U....MA + 4c 4c 00 79 30 77 31 0b 30 09 06 03 55 04 06 13 LL.y0w1.0...U... + 02 55 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e 65 .US1,0*..U...#Ne + 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 tscape Communica + 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 6f tions Corporatio + 6e 31 1c 30 1a 06 03 55 04 0b 13 13 49 6e 66 6f n1.0...U....Info + 72 6d 61 74 69 6f 6e 20 53 79 73 74 65 6d 73 31 rmation Systems1 + 1c 30 1a 06 03 55 04 03 13 13 72 6f 6f 74 63 61 .0...U....rootca + 2e 6e 65 74 73 63 61 70 65 2e 63 6f 6d 00 66 30 .netscape.com.f0 + 64 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 24 d1.0...U....US1$ + 30 22 06 03 55 04 0a 13 1b 49 6e 74 65 67 72 69 0"..U....Integri + 6f 6e 20 46 69 6e 61 6e 63 69 61 6c 20 4e 65 74 on Financial Net + 77 6f 72 6b 31 2f 30 2d 06 03 55 04 03 13 26 49 work1/0-..U...&I + 6e 74 65 67 72 69 6f 6e 20 43 65 72 74 69 66 69 ntegrion Certifi + 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 cation Authority + 20 52 6f 6f 74 00 40 30 3e 31 0b 30 09 06 03 55 Root.@0>1.0...U + 04 06 13 02 55 53 31 0d 30 0b 06 03 55 04 0a 14 ....US1.0...U... + 04 41 54 26 54 31 20 30 1e 06 03 55 04 0b 13 17 .AT&T1 0...U.... + 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 Certification Au + 74 68 6f 72 69 74 79 00 99 30 81 96 31 0b 30 09 thority..0..1.0. + 06 03 55 04 06 13 02 55 4b 31 0f 30 0d 06 03 55 ..U....UK1.0...U + 04 08 13 06 4c 6f 6e 64 6f 6e 31 19 30 17 06 03 ....London1.0... + 55 04 0a 13 10 55 70 74 69 6d 65 20 47 72 6f 75 U....Uptime Grou + 70 20 50 6c 63 31 1c 30 1a 06 03 55 04 0b 13 13 p Plc1.0...U.... + 55 70 74 69 6d 65 20 43 6f 6d 6d 65 72 63 65 20 Uptime Commerce + 4c 74 64 31 17 30 15 06 03 55 04 03 13 0e 55 54 Ltd1.0...U....UT + 43 20 43 6c 61 73 73 20 34 20 43 41 31 24 30 22 C Class 4 CA1$0" + 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 63 65 72 ..*.H........cer + 74 73 40 75 70 74 69 6d 65 67 72 6f 75 70 2e 63 ts@uptimegroup.c + 6f 6d 00 47 30 45 31 0b 30 09 06 03 55 04 06 13 om.G0E1.0...U... + 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 47 54 .US1.0...U....GT + 45 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 1c 30 E Corporation1.0 + 1a 06 03 55 04 03 13 13 47 54 45 20 43 79 62 65 ...U....GTE Cybe + 72 54 72 75 73 74 20 52 6f 6f 74 00 64 30 62 31 rTrust Root.d0b1 + 11 30 0f 06 03 55 04 07 13 08 49 6e 74 65 72 6e .0...U....Intern + 65 74 31 17 30 15 06 03 55 04 0a 13 0e 56 65 72 et1.0...U....Ver + 69 53 69 67 6e 2c 20 49 6e 63 2e 31 34 30 32 06 iSign, Inc.1402. + 03 55 04 0b 13 2b 56 65 72 69 53 69 67 6e 20 43 .U...+VeriSign C + 6c 61 73 73 20 31 20 43 41 20 2d 20 49 6e 64 69 lass 1 CA - Indi + 76 69 64 75 61 6c 20 53 75 62 73 63 72 69 62 65 vidual Subscribe + 72 00 d1 30 81 ce 31 0b 30 09 06 03 55 04 06 13 r..0..1.0...U... + 02 5a 41 31 15 30 13 06 03 55 04 08 13 0c 57 65 .ZA1.0...U....We + 73 74 65 72 6e 20 43 61 70 65 31 12 30 10 06 03 stern Cape1.0... + 55 04 07 13 09 43 61 70 65 20 54 6f 77 6e 31 1d U....Cape Town1. + 30 1b 06 03 55 04 0a 13 14 54 68 61 77 74 65 20 0...U....Thawte + 43 6f 6e 73 75 6c 74 69 6e 67 20 63 63 31 28 30 Consulting cc1(0 + 26 06 03 55 04 0b 13 1f 43 65 72 74 69 66 69 63 &..U....Certific + 61 74 69 6f 6e 20 53 65 72 76 69 63 65 73 20 44 ation Services D + 69 76 69 73 69 6f 6e 31 21 30 1f 06 03 55 04 03 ivision1!0...U.. + 13 18 54 68 61 77 74 65 20 50 72 65 6d 69 75 6d ..Thawte Premium + 20 53 65 72 76 65 72 20 43 41 31 28 30 26 06 09 Server CA1(0&.. + 2a 86 48 86 f7 0d 01 09 01 16 19 70 72 65 6d 69 *.H........premi + 75 6d 2d 73 65 72 76 65 72 40 74 68 61 77 74 65 um-server@thawte + 2e 63 6f 6d 00 61 30 5f 31 0b 30 09 06 03 55 04 .com.a0_1.0...U. + 06 13 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e ...US1.0...U.... + 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 37 VeriSign, Inc.17 + 30 35 06 03 55 04 0b 13 2e 43 6c 61 73 73 20 32 05..U....Class 2 + 20 50 75 62 6c 69 63 20 50 72 69 6d 61 72 79 20 Public Primary + 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 Certification Au + 74 68 6f 72 69 74 79 00 63 30 61 31 0b 30 09 06 thority.c0a1.0.. + 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 .U....US1.0...U. + 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 14 30 ...California1.0 + 12 06 03 55 04 0a 13 0b 43 6f 6d 6d 65 72 63 65 ...U....Commerce + 4e 65 74 31 27 30 25 06 03 55 04 0b 13 1e 53 65 Net1'0%..U....Se + 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 69 rver Certificati + 6f 6e 20 41 75 74 68 6f 72 69 74 79 00 62 30 60 on Authority.b0` + 31 0b 30 09 06 03 55 04 06 13 02 42 52 31 2d 30 1.0...U....BR1-0 + 2b 06 03 55 04 0a 13 24 43 65 72 74 69 53 69 67 +..U...$CertiSig + 6e 20 43 65 72 74 69 66 69 63 61 64 6f 72 61 20 n Certificadora + 44 69 67 69 74 61 6c 20 4c 74 64 61 31 22 30 20 Digital Ltda1"0 + 06 03 55 04 0b 13 19 42 52 20 43 65 72 74 69 66 ..U....BR Certif + 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63 65 73 ication Services + 00 64 30 62 31 11 30 0f 06 03 55 04 07 13 08 49 .d0b1.0...U....I + 6e 74 65 72 6e 65 74 31 17 30 15 06 03 55 04 0a nternet1.0...U.. + 13 0e 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e ..VeriSign, Inc. + 31 34 30 32 06 03 55 04 0b 13 2b 56 65 72 69 53 1402..U...+VeriS + 69 67 6e 20 43 6c 61 73 73 20 31 20 43 41 20 2d ign Class 1 CA - + 20 49 6e 64 69 76 69 64 75 61 6c 20 53 75 62 73 Individual Subs + 63 72 69 62 65 72 00 ce 30 81 cb 31 0b 30 09 06 criber..0..1.0.. + 03 55 04 06 13 02 5a 41 31 15 30 13 06 03 55 04 .U....ZA1.0...U. + 08 13 0c 57 65 73 74 65 72 6e 20 43 61 70 65 31 ...Western Cape1 + 12 30 10 06 03 55 04 07 13 09 43 61 70 65 20 54 .0...U....Cape T + 6f 77 6e 31 1a 30 18 06 03 55 04 0a 13 11 54 68 own1.0...U....Th + 61 77 74 65 20 43 6f 6e 73 75 6c 74 69 6e 67 31 awte Consulting1 + 28 30 26 06 03 55 04 0b 13 1f 43 65 72 74 69 66 (0&..U....Certif + 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63 65 73 ication Services + 20 44 69 76 69 73 69 6f 6e 31 21 30 1f 06 03 55 Division1!0...U + 04 03 13 18 54 68 61 77 74 65 20 50 65 72 73 6f ....Thawte Perso + 6e 61 6c 20 42 61 73 69 63 20 43 41 31 28 30 26 nal Basic CA1(0& + 06 09 2a 86 48 86 f7 0d 01 09 01 16 19 70 65 72 ..*.H........per + 73 6f 6e 61 6c 2d 62 61 73 69 63 40 74 68 61 77 sonal-basic@thaw + 74 65 2e 63 6f 6d 00 42 30 40 31 0b 30 09 06 03 te.com.B0@1.0... + 55 04 06 13 02 55 53 31 0c 30 0a 06 03 55 04 0a U....US1.0...U.. + 13 03 4d 43 49 31 14 30 12 06 03 55 04 0b 13 0b ..MCI1.0...U.... + 69 6e 74 65 72 6e 65 74 4d 43 49 31 0d 30 0b 06 internetMCI1.0.. + 03 55 04 0b 13 04 4d 41 4c 4c 00 64 30 62 31 11 .U....MALL.d0b1. + 30 0f 06 03 55 04 07 13 08 49 6e 74 65 72 6e 65 0...U....Interne + 74 31 17 30 15 06 03 55 04 0a 13 0e 56 65 72 69 t1.0...U....Veri + 53 69 67 6e 2c 20 49 6e 63 2e 31 34 30 32 06 03 Sign, Inc.1402.. + 55 04 0b 13 2b 56 65 72 69 53 69 67 6e 20 43 6c U...+VeriSign Cl + 61 73 73 20 32 20 43 41 20 2d 20 49 6e 64 69 76 ass 2 CA - Indiv + 69 64 75 61 6c 20 53 75 62 73 63 72 69 62 65 72 idual Subscriber + 00 5e 30 5c 31 0b 30 09 06 03 55 04 06 13 02 55 .^0\1.0...U....U + 53 31 20 30 1e 06 03 55 04 0a 13 17 52 53 41 20 S1 0...U....RSA + 44 61 74 61 20 53 65 63 75 72 69 74 79 2c 20 49 Data Security, I + 6e 63 2e 31 2b 30 29 06 03 55 04 0b 13 22 43 6f nc.1+0)..U..."Co + 6d 6d 65 72 63 69 61 6c 20 43 65 72 74 69 66 69 mmercial Certifi + 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 cation Authority + 00 3d 30 3b 31 0b 30 09 06 03 55 04 06 13 02 55 .=0;1.0...U....U + 53 31 0d 30 0b 06 03 55 04 0a 14 04 41 54 26 54 S1.0...U....AT&T + 31 1d 30 1b 06 03 55 04 0b 13 14 43 65 72 74 69 1.0...U....Certi + 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 00 ficate Services. + 99 30 81 96 31 0b 30 09 06 03 55 04 06 13 02 55 .0..1.0...U....U + 4b 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 K1.0...U....Lond + 6f 6e 31 19 30 17 06 03 55 04 0a 13 10 55 70 74 on1.0...U....Upt + 69 6d 65 20 47 72 6f 75 70 20 50 6c 63 31 1c 30 ime Group Plc1.0 + 1a 06 03 55 04 0b 13 13 55 70 74 69 6d 65 20 43 ...U....Uptime C + 6f 6d 6d 65 72 63 65 20 4c 74 64 31 17 30 15 06 ommerce Ltd1.0.. + 03 55 04 03 13 0e 55 54 43 20 43 6c 61 73 73 20 .U....UTC Class + 33 20 43 41 31 24 30 22 06 09 2a 86 48 86 f7 0d 3 CA1$0"..*.H... + 01 09 01 16 15 63 65 72 74 73 40 75 70 74 69 6d .....certs@uptim + 65 67 72 6f 75 70 2e 63 6f 6d 00 61 30 5f 31 0b egroup.com.a0_1. + 30 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 0...U....US1.0.. + 03 55 04 0a 13 0e 56 65 72 69 53 69 67 6e 2c 20 .U....VeriSign, + 49 6e 63 2e 31 37 30 35 06 03 55 04 0b 13 2e 43 Inc.1705..U....C + 6c 61 73 73 20 33 20 50 75 62 6c 69 63 20 50 72 lass 3 Public Pr + 69 6d 61 72 79 20 43 65 72 74 69 66 69 63 61 74 imary Certificat + 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 00 cc 30 ion Authority..0 + 81 c9 31 1f 30 1d 06 03 55 04 0a 13 16 56 65 72 ..1.0...U....Ver + 69 53 69 67 6e 20 54 72 75 73 74 20 4e 65 74 77 iSign Trust Netw + 6f 72 6b 31 2c 30 2a 06 03 55 04 0b 13 23 4e 65 ork1,0*..U...#Ne + 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 tscape Communica + 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 6f tions Corporatio + 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4e 65 74 73 n1-0+..U...$Nets + 63 61 70 65 20 45 78 70 6f 72 74 20 43 6f 6e 74 cape Export Cont + 72 6f 6c 20 43 41 20 2d 20 43 6c 61 73 73 20 33 rol CA - Class 3 + 31 49 30 47 06 03 55 04 0b 13 40 77 77 77 2e 76 1I0G..U...@www.v + 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 43 50 53 20 erisign.com/CPS + 49 6e 63 6f 72 70 2e 62 79 20 52 65 66 2e 20 4c Incorp.by Ref. L + 49 41 42 49 4c 49 54 59 20 4c 54 44 2e 28 63 29 IABILITY LTD.(c) + 39 37 20 56 65 72 69 53 69 67 6e 00 34 30 32 31 97 VeriSign.4021 + 0b 30 09 06 03 55 04 06 13 02 43 41 31 23 30 21 .0...U....CA1#0! + 06 03 55 04 0a 13 1a 43 61 6e 61 64 61 20 50 6f ..U....Canada Po + 73 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 20 43 st Corporation C + 41 00 2e 30 2c 31 0b 30 09 06 03 55 04 06 13 02 A..0,1.0...U.... + 43 41 31 0b 30 09 06 03 55 04 0a 13 02 67 63 31 CA1.0...U....gc1 + 10 30 0e 06 03 55 04 03 13 07 47 54 49 53 2e 43 .0...U....GTIS.C + 41 00 d4 30 81 d1 31 0b 30 09 06 03 55 04 06 13 A..0..1.0...U... + 02 5a 41 31 15 30 13 06 03 55 04 08 13 0c 57 65 .ZA1.0...U....We + 73 74 65 72 6e 20 43 61 70 65 31 12 30 10 06 03 stern Cape1.0... + 55 04 07 13 09 43 61 70 65 20 54 6f 77 6e 31 1a U....Cape Town1. + 30 18 06 03 55 04 0a 13 11 54 68 61 77 74 65 20 0...U....Thawte + 43 6f 6e 73 75 6c 74 69 6e 67 31 28 30 26 06 03 Consulting1(0&.. + 55 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 U....Certificati + 6f 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 on Services Divi + 73 69 6f 6e 31 24 30 22 06 03 55 04 03 13 1b 54 sion1$0"..U....T + 68 61 77 74 65 20 50 65 72 73 6f 6e 61 6c 20 46 hawte Personal F + 72 65 65 6d 61 69 6c 20 43 41 31 2b 30 29 06 09 reemail CA1+0).. + 2a 86 48 86 f7 0d 01 09 01 16 1c 70 65 72 73 6f *.H........perso + 6e 61 6c 2d 66 72 65 65 6d 61 69 6c 40 74 68 61 nal-freemail@tha + 77 74 65 2e 63 6f 6d 00 31 30 2f 31 0b 30 09 06 wte.com.10/1.0.. + 03 55 04 06 13 02 43 41 31 0b 30 09 06 03 55 04 .U....CA1.0...U. + 0a 13 02 67 63 31 13 30 11 06 03 55 04 0b 13 0a ...gc1.0...U.... + 47 54 49 53 2e 57 65 62 43 41 00 61 30 5f 31 0b GTIS.WebCA.a0_1. + 30 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 0...U....US1.0.. + 03 55 04 0a 13 0e 56 65 72 69 53 69 67 6e 2c 20 .U....VeriSign, + 49 6e 63 2e 31 37 30 35 06 03 55 04 0b 13 2e 43 Inc.1705..U....C + 6c 61 73 73 20 34 20 50 75 62 6c 69 63 20 50 72 lass 4 Public Pr + 69 6d 61 72 79 20 43 65 72 74 69 66 69 63 61 74 imary Certificat + 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 00 49 30 ion Authority.I0 + 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 10 G1.0...U....US1. + 30 0e 06 03 55 04 0b 13 07 54 65 73 74 20 43 41 0...U....Test CA + 31 26 30 24 06 03 55 04 0a 13 1d 4e 65 74 73 63 1&0$..U....Netsc + 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f ape Communicatio + 6e 73 20 43 6f 72 70 2e 00 61 30 5f 31 0b 30 09 ns Corp..a0_1.0. + 06 03 55 04 06 13 02 55 53 31 20 30 1e 06 03 55 ..U....US1 0...U + 04 0a 13 17 52 53 41 20 44 61 74 61 20 53 65 63 ....RSA Data Sec + 75 72 69 74 79 2c 20 49 6e 63 2e 31 2e 30 2c 06 urity, Inc.1.0,. + 03 55 04 0b 13 25 53 65 63 75 72 65 20 53 65 72 .U...%Secure Ser + 76 65 72 20 43 65 72 74 69 66 69 63 61 74 69 6f ver Certificatio + 6e 20 41 75 74 68 6f 72 69 74 79 00 99 30 81 96 n Authority..0.. + 31 0b 30 09 06 03 55 04 06 13 02 55 4b 31 0f 30 1.0...U....UK1.0 + 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 19 ...U....London1. + 30 17 06 03 55 04 0a 13 10 55 70 74 69 6d 65 20 0...U....Uptime + 47 72 6f 75 70 20 50 6c 63 31 1c 30 1a 06 03 55 Group Plc1.0...U + 04 0b 13 13 55 70 74 69 6d 65 20 43 6f 6d 6d 65 ....Uptime Comme + 72 63 65 20 4c 74 64 31 17 30 15 06 03 55 04 03 rce Ltd1.0...U.. + 13 0e 55 54 43 20 43 6c 61 73 73 20 32 20 43 41 ..UTC Class 2 CA + 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 1$0"..*.H....... + 15 63 65 72 74 73 40 75 70 74 69 6d 65 67 72 6f .certs@uptimegro + 75 70 2e 63 6f 6d 00 50 30 4e 31 0b 30 09 06 03 up.com.P0N1.0... + 55 04 06 13 02 55 53 31 1f 30 1d 06 03 55 04 0a U....US1.0...U.. + 14 16 41 54 26 54 20 42 65 6c 6c 20 4c 61 62 6f ..AT&T Bell Labo + 72 61 74 6f 72 69 65 73 31 1e 30 1c 06 03 55 04 ratories1.0...U. + 0b 14 15 50 72 6f 74 6f 74 79 70 65 20 52 65 73 ...Prototype Res + 65 61 72 63 68 20 43 41 00 63 30 61 31 0b 30 09 earch CA.c0a1.0. + 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 ..U....US1.0...U + 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 14 ....California1. + 30 12 06 03 55 04 0a 13 0b 43 6f 6d 6d 65 72 63 0...U....Commerc + 65 4e 65 74 31 27 30 25 06 03 55 04 0b 13 1e 53 eNet1'0%..U....S + 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 erver Certificat + 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 00 45 30 ion Authority.E0 + 43 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 25 C1.0...U....US1% + 30 23 06 03 55 04 0a 13 1c 55 6e 69 74 65 64 20 0#..U....United + 53 74 61 74 65 73 20 50 6f 73 74 61 6c 20 53 65 States Postal Se + 72 76 69 63 65 31 0d 30 0b 06 03 55 04 03 13 04 rvice1.0...U.... + 55 53 50 53 00 d2 30 81 cf 31 0b 30 09 06 03 55 USPS..0..1.0...U + 04 06 13 02 5a 41 31 15 30 13 06 03 55 04 08 13 ....ZA1.0...U... + 0c 57 65 73 74 65 72 6e 20 43 61 70 65 31 12 30 .Western Cape1.0 + 10 06 03 55 04 07 13 09 43 61 70 65 20 54 6f 77 ...U....Cape Tow + 6e 31 1a 30 18 06 03 55 04 0a 13 11 54 68 61 77 n1.0...U....Thaw + 74 65 20 43 6f 6e 73 75 6c 74 69 6e 67 31 28 30 te Consulting1(0 + 26 06 03 55 04 0b 13 1f 43 65 72 74 69 66 69 63 &..U....Certific + 61 74 69 6f 6e 20 53 65 72 76 69 63 65 73 20 44 ation Services D + 69 76 69 73 69 6f 6e 31 23 30 21 06 03 55 04 03 ivision1#0!..U.. + 13 1a 54 68 61 77 74 65 20 50 65 72 73 6f 6e 61 ..Thawte Persona + 6c 20 50 72 65 6d 69 75 6d 20 43 41 31 2a 30 28 l Premium CA1*0( + 06 09 2a 86 48 86 f7 0d 01 09 01 16 1b 70 65 72 ..*.H........per + 73 6f 6e 61 6c 2d 70 72 65 6d 69 75 6d 40 74 68 sonal-premium@th + 61 77 74 65 2e 63 6f 6d 00 5a 30 58 31 0b 30 09 awte.com.Z0X1.0. + 06 03 55 04 06 13 02 43 41 31 1f 30 1d 06 03 55 ..U....CA1.0...U + 04 03 13 16 4b 65 79 77 69 74 6e 65 73 73 20 43 ....Keywitness C + 61 6e 61 64 61 20 49 6e 63 2e 31 28 30 26 06 0a anada Inc.1(0&.. + 2b 06 01 04 01 2a 02 0b 02 01 13 18 6b 65 79 77 +....*......keyw + 69 74 6e 65 73 73 40 6b 65 79 77 69 74 6e 65 73 itness@keywitnes + 73 2e 63 61 00 95 30 81 92 31 0b 30 09 06 03 55 s.ca..0..1.0...U + 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 ....US1.0...U... + 0a 43 61 6c 69 66 6f 72 6e 69 61 31 11 30 0f 06 .California1.0.. + 03 55 04 07 13 08 42 65 72 6b 65 6c 65 79 31 1e .U....Berkeley1. + 30 1c 06 03 55 04 0a 14 15 43 6f 6e 73 65 6e 73 0...U....Consens + 75 73 20 44 65 76 65 6c 6f 70 6d 65 6e 74 31 1b us Development1. + 30 19 06 03 55 04 0b 14 12 47 65 74 20 53 6d 61 0...U....Get Sma + 72 74 63 61 72 64 20 44 65 6d 6f 31 1e 30 1c 06 rtcard Demo1.0.. + 03 55 04 03 14 15 47 65 74 20 53 6d 61 72 74 63 .U....Get Smartc + 61 72 64 20 44 65 6d 6f 20 43 41 0e 00 00 00 ard Demo CA....The handshake record is parsed into the separate handshake messages. The server_hello message is as described in the SSL 3 spec, section 7.6.1.2 .
handle handshake message: server_hello (2)Prior to hashing in the server's first handshake, the handshake hashes are:
MD5 state: 67452301 efcdab89 98badcfe 10325476 MD5_TraceState: buffered input [Len: 52] 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... 1c 25 89 01 .%.. SHA1 state: 67452301 efcdab89 98badcfe 10325476 c3d2e1f0 SHA1_TraceState: buffered input [Len: 52] 01 03 00 00 1b 00 00 00 10 01 00 80 03 00 80 06 ................ 00 40 07 00 c0 00 00 04 00 00 0a 00 00 09 00 00 .@.............. 03 00 00 06 d8 90 d7 86 4e 5c 92 9f 90 07 da 83 ........N\...... 1c 25 89 01 .%..The server_hello handshake is hashed.
MD5 & SHA handshake hash input: [Len: 4] 02 00 00 46 ...F MD5 & SHA handshake hash input: [Len: 70] 03 00 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 ..4.aK.:........ c5 25 a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a .%..a......^.y.. ed 16 20 00 00 4f 47 95 8f 49 f8 7b d8 41 71 5f .. ..OG..I.{.Aq_ 36 f9 6f 7d a2 31 fa 25 07 8e 45 3c 0e d9 e7 d4 6.o}.1.%..E<.... d2 86 5c 00 04 00 ..\...After hashing the server_hello handshake, the handshake hashes are now:
MD5 state: 88c9b8df c144c316 3d5f0a6f 5c8050c2 MD5_TraceState: buffered input [Len: 62] ce e0 92 9c ff 03 be d3 c5 25 a2 ec 61 85 b1 ea .........%..a... 93 bf a0 5e a9 79 1c 8a ed 16 20 00 00 4f 47 95 ...^.y.... ..OG. 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa 25 .I.{.Aq_6.o}.1.% 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 ..E<......\... SHA1 state: 626c5d48 a75e6328 14b572a7 a6342561 95d4b038 SHA1_TraceState: buffered input [Len: 62] ce e0 92 9c ff 03 be d3 c5 25 a2 ec 61 85 b1 ea .........%..a... 93 bf a0 5e a9 79 1c 8a ed 16 20 00 00 4f 47 95 ...^.y.... ..OG. 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa 25 .I.{.Aq_6.o}.1.% 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 ..E<......\... handle server_hello handshake 03 00 .. server random: [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... session ID len: [Len: 1] 20 session ID: [Len: 32] 00 00 4f 47 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f ..OG..I.{.Aq_6.o 7d a2 31 fa 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c }.1.%..E<......\ cipher suite: [Len: 2] 00 04 .. compression: [Len: 1] 00 . Set Pending Cipher Suite to 0x0004 -- SSL_RSA_WITH_RC4_128_MD5
Server's Certificate Handshake
The following certificate handshake message, as described in the SSL 3 spec, section 7.6.2, is taken from the same record as the previous handshake, and is included in the handshake hashes.handle handshake message: certificate (11) MD5 & SHA handshake hash input: [Len: 4] 0b 00 05 2f .../ MD5 & SHA handshake hash input: [Len: 1327] 00 05 2c 00 02 7c 30 82 02 78 30 82 01 e1 a0 03 ..,..|0..x0..... 02 01 02 02 01 70 30 0d 06 09 2a 86 48 86 f7 0d .....p0...*.H... 01 01 04 05 00 30 77 31 0b 30 09 06 03 55 04 06 .....0w1.0...U.. 13 02 55 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e ..US1,0*..U...#N 65 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 etscape Communic 61 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 ations Corporati 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 48 61 72 on1.0...U....Har 64 63 6f 72 65 31 27 30 25 06 03 55 04 03 13 1e dcore1'0%..U.... 48 61 72 64 63 6f 72 65 20 43 65 72 74 69 66 69 Hardcore Certifi 63 61 74 65 20 53 65 72 76 65 72 20 49 49 30 1e cate Server II0. 17 0d 39 37 30 38 31 39 30 34 33 32 32 38 5a 17 ..970819043228Z. 0d 39 38 30 32 31 35 30 34 33 32 32 38 5a 30 81 .980215043228Z0. 98 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 .1.0...U....US1. 30 0f 06 03 55 04 0a 13 08 4e 65 74 73 63 61 70 0...U....Netscap 65 31 1d 30 1b 06 03 55 04 0b 13 14 48 61 72 64 e1.0...U....Hard 63 6f 72 65 20 53 53 4c 20 74 65 73 74 69 6e 67 core SSL testing 31 19 30 17 06 0a 09 92 26 89 93 f2 2c 64 01 01 1.0.....&...,d.. 13 09 53 53 4c 54 65 73 74 65 72 31 17 30 15 06 ..SSLTester1.0.. 03 55 04 03 13 0e 62 69 6a 6f 75 2e 6d 63 6f 6d .U....bijou.mcom 2e 63 6f 6d 31 23 30 21 06 09 2a 86 48 86 f7 0d .com1#0!..*.H... 01 09 01 16 14 6e 65 6c 73 6f 6e 62 40 6e 65 74 .....nelsonb@net 73 63 61 70 65 2e 63 6f 6d 30 5c 30 0d 06 09 2a scape.com0\0...* 86 48 86 f7 0d 01 01 01 05 00 03 4b 00 30 48 02 .H.........K.0H. 41 00 e3 f3 ba 48 dd 2e bd a8 e9 87 8e 5f 8a 9e A....H......._.. cb c9 6d c1 8b 79 31 ad b0 26 39 ba dc 28 d1 f0 ..m..y1..&9..(.. 20 75 a4 24 d2 e8 16 e7 b3 b6 aa 39 e5 e2 4c bf u.$.......9..L. 8e 5f 96 4b cd 09 75 71 b1 69 1f 67 df b7 ac 58 ._.K..uq.i.g...X 29 a1 02 03 01 00 01 a3 36 30 34 30 11 06 09 60 ).......6040...` 86 48 01 86 f8 42 01 01 04 04 03 02 00 40 30 1f .H...B.......@0. 06 03 55 1d 23 04 18 30 16 80 14 97 b1 6d b2 b6 ..U.#..0.....m.. 02 16 54 0c 97 d7 e3 32 6d cb 9c df ee de 80 30 ..T....2m......0 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 ...*.H.......... 81 00 a0 e6 3f 22 15 fb 54 8f ee a3 d8 81 ee 20 ....?"..T...... ad 67 d6 a4 64 67 3a d1 74 4f 19 4a ba 9e 9d ce .g..dg:.tO.J.... b9 4c d7 40 c1 f0 fd 32 5e 7b 73 c5 27 55 e4 e0 .L.@...2^{s.'U.. f0 7d ee ec fe 10 16 0f 6f c5 a0 12 5e c6 74 c9 .}......o...^.t. 16 c4 d7 43 cc 78 16 2b 4c 98 7f be 27 cf d9 bd ...C.x.+L...'... 76 53 e8 ed f9 1a 05 77 9e fd 80 a9 e6 05 14 bf vS.....w........ d2 0d 0f ff 17 38 5c 74 62 e9 f1 1b 41 3b 74 36 .....8\tb...A;t6 06 cc 67 da 03 ca 37 d2 1c 66 37 fc c0 be fd 20 ..g...7..f7.... 32 e0 00 02 aa 30 82 02 a6 30 82 02 0f a0 03 02 2....0...0...... 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 .....0...*.H.... 01 05 05 00 30 77 31 0b 30 09 06 03 55 04 06 13 ....0w1.0...U... 02 55 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e 65 .US1,0*..U...#Ne 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 tscape Communica 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 6f tions Corporatio 6e 31 11 30 0f 06 03 55 04 0b 13 08 48 61 72 64 n1.0...U....Hard 63 6f 72 65 31 27 30 25 06 03 55 04 03 13 1e 48 core1'0%..U....H 61 72 64 63 6f 72 65 20 43 65 72 74 69 66 69 63 ardcore Certific 61 74 65 20 53 65 72 76 65 72 20 49 49 30 1e 17 ate Server II0.. 0d 39 37 30 35 32 37 31 38 30 39 34 37 5a 17 0d .970527180947Z.. 39 38 30 35 32 37 31 38 30 39 34 37 5a 30 77 31 980527180947Z0w1 0b 30 09 06 03 55 04 06 13 02 55 53 31 2c 30 2a .0...U....US1,0* 06 03 55 04 0a 13 23 4e 65 74 73 63 61 70 65 20 ..U...#Netscape 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 43 Communications C 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 03 orporation1.0... 55 04 0b 13 08 48 61 72 64 63 6f 72 65 31 27 30 U....Hardcore1'0 25 06 03 55 04 03 13 1e 48 61 72 64 63 6f 72 65 %..U....Hardcore 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 Certificate Ser 76 65 72 20 49 49 30 81 9f 30 0d 06 09 2a 86 48 ver II0..0...*.H 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 ............0... 81 81 00 bc 14 a0 c0 53 fa e1 4d b9 cd 0e b7 42 .......S..M....B e3 cd 98 46 e0 b3 1e 13 76 c7 c5 e5 3d e5 24 18 ...F....v...=.$. dd 72 1a 37 7f c4 66 51 36 7f e1 ae e9 11 5e 29 .r.7..fQ6.....^) 6f ac ff 28 ce cd 53 ae 39 09 75 a1 eb d2 ec 79 o..(..S.9.u....y d4 e9 6b 4c 99 e4 b6 42 d0 f7 52 8b ae 4a 33 6b ..kL...B..R..J3k 58 5b 47 57 13 a3 61 32 86 02 e8 63 e6 7a 27 c2 X[GW..a2...c.z'. 99 7a 22 48 d9 c8 d1 5c 6d b1 37 84 66 4b 9e a2 .z"H...\m.7.fK.. ce 31 6c 1c 06 7a 5f c5 7b b8 ff 58 89 f6 0b 40 .1l..z_.{..X...@ 6f 7c 0d 02 03 01 00 01 a3 42 30 40 30 1d 06 03 o|.......B0@0... 55 1d 0e 04 16 04 14 97 b1 6d b2 b6 02 16 54 0c U........m....T. 97 d7 e3 32 6d cb 9c df ee de 80 30 1f 06 03 55 ...2m......0...U 1d 23 04 18 30 16 80 14 97 b1 6d b2 b6 02 16 54 .#..0.....m....T 0c 97 d7 e3 32 6d cb 9c df ee de 80 30 0d 06 09 ....2m......0... 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 9b *.H............. 52 fe 93 fa 40 4d a9 8d 72 f9 f6 f6 c9 32 40 dc R...@M..r....2@. 20 fe be a5 a2 db e6 2c df d1 5f a0 66 45 d1 6e ......,.._.fE.n 5f 0a 91 e9 0b c1 7c 8a c0 64 a0 d4 24 56 85 b5 _.....|..d..$V.. a0 aa 1e c8 8c 15 40 ac fc 5a 2f 94 18 44 b9 73 ......@..Z/..D.s 23 c1 49 a0 24 ff b0 47 9c d8 28 1f b3 70 a7 62 #.I.$..G..(..p.b b3 5b 8e 4d 82 bd 4d 85 eb 0d 5a 87 c0 41 c9 a6 .[.M..M...Z..A.. c2 69 9c ee 81 49 2a fb 01 55 6f b1 df 21 a7 b0 .i...I*..Uo..!.. 70 e4 5d 34 3b 90 29 f9 14 c3 2e 07 79 13 c7 p.]4;.).....y..After hashing the certificate handshake message, the handshake hashes are:
MD5 state: 9cbff56d 42b7e94e f4ff1acf 323703fa MD5_TraceState: buffered input [Len: 49] a7 62 b3 5b 8e 4d 82 bd 4d 85 eb 0d 5a 87 c0 41 .b.[.M..M...Z..A c9 a6 c2 69 9c ee 81 49 2a fb 01 55 6f b1 df 21 ...i...I*..Uo..! a7 b0 70 e4 5d 34 3b 90 29 f9 14 c3 2e 07 79 13 ..p.]4;.).....y. c7 . SHA1 state: bb19323f 4e8e5ab8 b1cbe0a2 687c706b d8f29c00 SHA1_TraceState: buffered input [Len: 49] a7 62 b3 5b 8e 4d 82 bd 4d 85 eb 0d 5a 87 c0 41 .b.[.M..M...Z..A c9 a6 c2 69 9c ee 81 49 2a fb 01 55 6f b1 df 21 ...i...I*..Uo..! a7 b0 70 e4 5d 34 3b 90 29 f9 14 c3 2e 07 79 13 ..p.]4;.).....y. c7 .
Certificate Request Handshake
The following certificate_request handshake message is entirely included in the handshake hashes.handle handshake message: certificate_request (13) 0d 00 12 ea .... 02 . 01 02 .. 12 e5 .. 00 64 .d 30 62 31 11 30 0f 06 03 55 04 07 13 08 49 6e 74 0b1.0...U....Int 65 72 6e 65 74 31 17 30 15 06 03 55 04 0a 13 0e ernet1.0...U.... 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 34 VeriSign, Inc.14 30 32 06 03 55 04 0b 13 2b 56 65 72 69 53 69 67 02..U...+VeriSig 6e 20 43 6c 61 73 73 20 31 20 43 41 20 2d 20 49 n Class 1 CA - I 6e 64 69 76 69 64 75 61 6c 20 53 75 62 73 63 72 ndividual Subscr 69 62 65 72 iber 00 61 .a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0_1.0...U....US1 1b 30 19 06 03 55 04 0a 13 12 49 42 4d 20 57 6f .0...U....IBM Wo 72 6c 64 20 52 65 67 69 73 74 72 79 31 33 30 31 rld Registry1301 06 03 55 04 03 13 2a 49 42 4d 20 57 6f 72 6c 64 ..U...*IBM World 20 52 65 67 69 73 74 72 79 20 43 65 72 74 69 66 Registry Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 y 00 5f ._ 30 5d 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0]1.0...U....US1 21 30 1f 06 03 55 04 0a 13 18 42 42 4e 20 43 65 !0...U....BBN Ce 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 rtificate Servic 65 73 31 2b 30 29 06 03 55 04 03 13 22 42 42 4e es1+0)..U..."BBN 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 Certificate Ser 76 69 63 65 73 20 43 41 20 52 6f 6f 74 20 31 vices CA Root 1 00 61 .a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0_1.0...U....US1 17 30 15 06 03 55 04 0a 13 0e 56 65 72 69 53 69 .0...U....VeriSi 67 6e 2c 20 49 6e 63 2e 31 37 30 35 06 03 55 04 gn, Inc.1705..U. 0b 13 2e 43 6c 61 73 73 20 31 20 50 75 62 6c 69 ...Class 1 Publi 63 20 50 72 69 6d 61 72 79 20 43 65 72 74 69 66 c Primary Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 y 00 99 .. 30 81 96 31 0b 30 09 06 03 55 04 06 13 02 55 4b 0..1.0...U....UK 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 1.0...U....Londo 6e 31 19 30 17 06 03 55 04 0a 13 10 55 70 74 69 n1.0...U....Upti 6d 65 20 47 72 6f 75 70 20 50 6c 63 31 1c 30 1a me Group Plc1.0. 06 03 55 04 0b 13 13 55 70 74 69 6d 65 20 43 6f ..U....Uptime Co 6d 6d 65 72 63 65 20 4c 74 64 31 17 30 15 06 03 mmerce Ltd1.0... 55 04 03 13 0e 55 54 43 20 43 6c 61 73 73 20 31 U....UTC Class 1 20 43 41 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 CA1$0"..*.H.... 09 01 16 15 63 65 72 74 73 40 75 70 74 69 6d 65 ....certs@uptime 67 72 6f 75 70 2e 63 6f 6d group.com 00 c7 .. 30 81 c4 31 0b 30 09 06 03 55 04 06 13 02 5a 41 0..1.0...U....ZA 31 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 1.0...U....Weste 72 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 rn Cape1.0...U.. 13 09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 ..Cape Town1.0.. 03 55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e .U....Thawte Con 73 75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 sulting cc1(0&.. 55 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 U....Certificati 6f 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 on Services Divi 73 69 6f 6e 31 19 30 17 06 03 55 04 03 13 10 54 sion1.0...U....T 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 31 hawte Server CA1 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16 17 &0$..*.H........ 73 65 72 76 65 72 2d 63 65 72 74 73 40 74 68 61 server-certs@tha 77 74 65 2e 63 6f 6d wte.com 00 5d .] 30 5b 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0[1.0...U....US1 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f .0...U....GTE Co 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 rporation1200..U 04 03 13 29 47 54 45 20 53 65 63 75 72 65 20 53 ...)GTE Secure S 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 erver Certificat 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 ion Authority 00 3b .; 30 39 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 091.0...U....US1 0d 30 0b 06 03 55 04 0a 14 04 41 54 26 54 31 1b .0...U....AT&T1. 30 19 06 03 55 04 0b 14 12 44 69 72 65 63 74 6f 0...U....Directo 72 79 20 53 65 72 76 69 63 65 73 ry Services 00 79 .y 30 77 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0w1.0...U....US1 2c 30 2a 06 03 55 04 0a 13 23 4e 65 74 73 63 61 ,0*..U...#Netsca 70 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e pe Communication 73 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 s Corporation1.0 0f 06 03 55 04 0b 13 08 48 61 72 64 63 6f 72 65 ...U....Hardcore 31 27 30 25 06 03 55 04 03 13 1e 48 61 72 64 63 1'0%..U....Hardc 6f 72 65 20 43 65 72 74 69 66 69 63 61 74 65 20 ore Certificate 53 65 72 76 65 72 20 49 49 Server II 00 42 .B 30 40 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0@1.0...U....US1 0c 30 0a 06 03 55 04 0a 13 03 4d 43 49 31 14 30 .0...U....MCI1.0 12 06 03 55 04 0b 13 0b 69 6e 74 65 72 6e 65 74 ...U....internet 4d 43 49 31 0d 30 0b 06 03 55 04 0b 13 04 4d 41 MCI1.0...U....MA 4c 4c LL 00 79 .y 30 77 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0w1.0...U....US1 2c 30 2a 06 03 55 04 0a 13 23 4e 65 74 73 63 61 ,0*..U...#Netsca 70 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e pe Communication 73 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 1c 30 s Corporation1.0 1a 06 03 55 04 0b 13 13 49 6e 66 6f 72 6d 61 74 ...U....Informat 69 6f 6e 20 53 79 73 74 65 6d 73 31 1c 30 1a 06 ion Systems1.0.. 03 55 04 03 13 13 72 6f 6f 74 63 61 2e 6e 65 74 .U....rootca.net 73 63 61 70 65 2e 63 6f 6d scape.com 00 66 .f 30 64 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0d1.0...U....US1 24 30 22 06 03 55 04 0a 13 1b 49 6e 74 65 67 72 $0"..U....Integr 69 6f 6e 20 46 69 6e 61 6e 63 69 61 6c 20 4e 65 ion Financial Ne 74 77 6f 72 6b 31 2f 30 2d 06 03 55 04 03 13 26 twork1/0-..U...& 49 6e 74 65 67 72 69 6f 6e 20 43 65 72 74 69 66 Integrion Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 20 52 6f 6f 74 y Root 00 40 .@ 30 3e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0>1.0...U....US1 0d 30 0b 06 03 55 04 0a 14 04 41 54 26 54 31 20 .0...U....AT&T1 30 1e 06 03 55 04 0b 13 17 43 65 72 74 69 66 69 0...U....Certifi 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 cation Authority 00 99 .. 30 81 96 31 0b 30 09 06 03 55 04 06 13 02 55 4b 0..1.0...U....UK 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 1.0...U....Londo 6e 31 19 30 17 06 03 55 04 0a 13 10 55 70 74 69 n1.0...U....Upti 6d 65 20 47 72 6f 75 70 20 50 6c 63 31 1c 30 1a me Group Plc1.0. 06 03 55 04 0b 13 13 55 70 74 69 6d 65 20 43 6f ..U....Uptime Co 6d 6d 65 72 63 65 20 4c 74 64 31 17 30 15 06 03 mmerce Ltd1.0... 55 04 03 13 0e 55 54 43 20 43 6c 61 73 73 20 34 U....UTC Class 4 20 43 41 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 CA1$0"..*.H.... 09 01 16 15 63 65 72 74 73 40 75 70 74 69 6d 65 ....certs@uptime 67 72 6f 75 70 2e 63 6f 6d group.com 00 47 .G 30 45 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0E1.0...U....US1 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f .0...U....GTE Co 72 70 6f 72 61 74 69 6f 6e 31 1c 30 1a 06 03 55 rporation1.0...U 04 03 13 13 47 54 45 20 43 79 62 65 72 54 72 75 ....GTE CyberTru 73 74 20 52 6f 6f 74 st Root 00 64 .d 30 62 31 11 30 0f 06 03 55 04 07 13 08 49 6e 74 0b1.0...U....Int 65 72 6e 65 74 31 17 30 15 06 03 55 04 0a 13 0e ernet1.0...U.... 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 34 VeriSign, Inc.14 30 32 06 03 55 04 0b 13 2b 56 65 72 69 53 69 67 02..U...+VeriSig 6e 20 43 6c 61 73 73 20 31 20 43 41 20 2d 20 49 n Class 1 CA - I 6e 64 69 76 69 64 75 61 6c 20 53 75 62 73 63 72 ndividual Subscr 69 62 65 72 iber 00 d1 .. 30 81 ce 31 0b 30 09 06 03 55 04 06 13 02 5a 41 0..1.0...U....ZA 31 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 1.0...U....Weste 72 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 rn Cape1.0...U.. 13 09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 ..Cape Town1.0.. 03 55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e .U....Thawte Con 73 75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 sulting cc1(0&.. 55 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 U....Certificati 6f 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 on Services Divi 73 69 6f 6e 31 21 30 1f 06 03 55 04 03 13 18 54 sion1!0...U....T 68 61 77 74 65 20 50 72 65 6d 69 75 6d 20 53 65 hawte Premium Se 72 76 65 72 20 43 41 31 28 30 26 06 09 2a 86 48 rver CA1(0&..*.H 86 f7 0d 01 09 01 16 19 70 72 65 6d 69 75 6d 2d ........premium- 73 65 72 76 65 72 40 74 68 61 77 74 65 2e 63 6f server@thawte.co 6d m 00 61 .a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0_1.0...U....US1 17 30 15 06 03 55 04 0a 13 0e 56 65 72 69 53 69 .0...U....VeriSi 67 6e 2c 20 49 6e 63 2e 31 37 30 35 06 03 55 04 gn, Inc.1705..U. 0b 13 2e 43 6c 61 73 73 20 32 20 50 75 62 6c 69 ...Class 2 Publi 63 20 50 72 69 6d 61 72 79 20 43 65 72 74 69 66 c Primary Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 y 00 63 .c 30 61 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0a1.0...U....US1 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f .0...U....Califo 72 6e 69 61 31 14 30 12 06 03 55 04 0a 13 0b 43 rnia1.0...U....C 6f 6d 6d 65 72 63 65 4e 65 74 31 27 30 25 06 03 ommerceNet1'0%.. 55 04 0b 13 1e 53 65 72 76 65 72 20 43 65 72 74 U....Server Cert 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 ification Author 69 74 79 ity 00 62 .b 30 60 31 0b 30 09 06 03 55 04 06 13 02 42 52 31 0`1.0...U....BR1 2d 30 2b 06 03 55 04 0a 13 24 43 65 72 74 69 53 -0+..U...$CertiS 69 67 6e 20 43 65 72 74 69 66 69 63 61 64 6f 72 ign Certificador 61 20 44 69 67 69 74 61 6c 20 4c 74 64 61 31 22 a Digital Ltda1" 30 20 06 03 55 04 0b 13 19 42 52 20 43 65 72 74 0 ..U....BR Cert 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63 ification Servic 65 73 es 00 64 .d 30 62 31 11 30 0f 06 03 55 04 07 13 08 49 6e 74 0b1.0...U....Int 65 72 6e 65 74 31 17 30 15 06 03 55 04 0a 13 0e ernet1.0...U.... 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 34 VeriSign, Inc.14 30 32 06 03 55 04 0b 13 2b 56 65 72 69 53 69 67 02..U...+VeriSig 6e 20 43 6c 61 73 73 20 31 20 43 41 20 2d 20 49 n Class 1 CA - I 6e 64 69 76 69 64 75 61 6c 20 53 75 62 73 63 72 ndividual Subscr 69 62 65 72 iber 00 ce .. 30 81 cb 31 0b 30 09 06 03 55 04 06 13 02 5a 41 0..1.0...U....ZA 31 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 1.0...U....Weste 72 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 rn Cape1.0...U.. 13 09 43 61 70 65 20 54 6f 77 6e 31 1a 30 18 06 ..Cape Town1.0.. 03 55 04 0a 13 11 54 68 61 77 74 65 20 43 6f 6e .U....Thawte Con 73 75 6c 74 69 6e 67 31 28 30 26 06 03 55 04 0b sulting1(0&..U.. 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 ..Certification 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 6f Services Divisio 6e 31 21 30 1f 06 03 55 04 03 13 18 54 68 61 77 n1!0...U....Thaw 74 65 20 50 65 72 73 6f 6e 61 6c 20 42 61 73 69 te Personal Basi 63 20 43 41 31 28 30 26 06 09 2a 86 48 86 f7 0d c CA1(0&..*.H... 01 09 01 16 19 70 65 72 73 6f 6e 61 6c 2d 62 61 .....personal-ba 73 69 63 40 74 68 61 77 74 65 2e 63 6f 6d sic@thawte.com 00 42 .B 30 40 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0@1.0...U....US1 0c 30 0a 06 03 55 04 0a 13 03 4d 43 49 31 14 30 .0...U....MCI1.0 12 06 03 55 04 0b 13 0b 69 6e 74 65 72 6e 65 74 ...U....internet 4d 43 49 31 0d 30 0b 06 03 55 04 0b 13 04 4d 41 MCI1.0...U....MA 4c 4c LL 00 64 .d 30 62 31 11 30 0f 06 03 55 04 07 13 08 49 6e 74 0b1.0...U....Int 65 72 6e 65 74 31 17 30 15 06 03 55 04 0a 13 0e ernet1.0...U.... 56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 34 VeriSign, Inc.14 30 32 06 03 55 04 0b 13 2b 56 65 72 69 53 69 67 02..U...+VeriSig 6e 20 43 6c 61 73 73 20 32 20 43 41 20 2d 20 49 n Class 2 CA - I 6e 64 69 76 69 64 75 61 6c 20 53 75 62 73 63 72 ndividual Subscr 69 62 65 72 iber 00 5e .^ 30 5c 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0\1.0...U....US1 20 30 1e 06 03 55 04 0a 13 17 52 53 41 20 44 61 0...U....RSA Da 74 61 20 53 65 63 75 72 69 74 79 2c 20 49 6e 63 ta Security, Inc 2e 31 2b 30 29 06 03 55 04 0b 13 22 43 6f 6d 6d .1+0)..U..."Comm 65 72 63 69 61 6c 20 43 65 72 74 69 66 69 63 61 ercial Certifica 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 tion Authority 00 3d .= 30 3b 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0;1.0...U....US1 0d 30 0b 06 03 55 04 0a 14 04 41 54 26 54 31 1d .0...U....AT&T1. 30 1b 06 03 55 04 0b 13 14 43 65 72 74 69 66 69 0...U....Certifi 63 61 74 65 20 53 65 72 76 69 63 65 73 cate Services 00 99 .. 30 81 96 31 0b 30 09 06 03 55 04 06 13 02 55 4b 0..1.0...U....UK 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 1.0...U....Londo 6e 31 19 30 17 06 03 55 04 0a 13 10 55 70 74 69 n1.0...U....Upti 6d 65 20 47 72 6f 75 70 20 50 6c 63 31 1c 30 1a me Group Plc1.0. 06 03 55 04 0b 13 13 55 70 74 69 6d 65 20 43 6f ..U....Uptime Co 6d 6d 65 72 63 65 20 4c 74 64 31 17 30 15 06 03 mmerce Ltd1.0... 55 04 03 13 0e 55 54 43 20 43 6c 61 73 73 20 33 U....UTC Class 3 20 43 41 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 CA1$0"..*.H.... 09 01 16 15 63 65 72 74 73 40 75 70 74 69 6d 65 ....certs@uptime 67 72 6f 75 70 2e 63 6f 6d group.com 00 61 .a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0_1.0...U....US1 17 30 15 06 03 55 04 0a 13 0e 56 65 72 69 53 69 .0...U....VeriSi 67 6e 2c 20 49 6e 63 2e 31 37 30 35 06 03 55 04 gn, Inc.1705..U. 0b 13 2e 43 6c 61 73 73 20 33 20 50 75 62 6c 69 ...Class 3 Publi 63 20 50 72 69 6d 61 72 79 20 43 65 72 74 69 66 c Primary Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 y 00 cc .. 30 81 c9 31 1f 30 1d 06 03 55 04 0a 13 16 56 65 0..1.0...U....Ve 72 69 53 69 67 6e 20 54 72 75 73 74 20 4e 65 74 riSign Trust Net 77 6f 72 6b 31 2c 30 2a 06 03 55 04 0b 13 23 4e work1,0*..U...#N 65 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 etscape Communic 61 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 ations Corporati 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4e 65 74 on1-0+..U...$Net 73 63 61 70 65 20 45 78 70 6f 72 74 20 43 6f 6e scape Export Con 74 72 6f 6c 20 43 41 20 2d 20 43 6c 61 73 73 20 trol CA - Class 33 31 49 30 47 06 03 55 04 0b 13 40 77 77 77 2e 31I0G..U...@www. 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 43 50 53 verisign.com/CPS 20 49 6e 63 6f 72 70 2e 62 79 20 52 65 66 2e 20 Incorp.by Ref. 4c 49 41 42 49 4c 49 54 59 20 4c 54 44 2e 28 63 LIABILITY LTD.(c 29 39 37 20 56 65 72 69 53 69 67 6e )97 VeriSign 00 34 .4 30 32 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 021.0...U....CA1 23 30 21 06 03 55 04 0a 13 1a 43 61 6e 61 64 61 #0!..U....Canada 20 50 6f 73 74 20 43 6f 72 70 6f 72 61 74 69 6f Post Corporatio 6e 20 43 41 n CA 00 2e .. 30 2c 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 0,1.0...U....CA1 0b 30 09 06 03 55 04 0a 13 02 67 63 31 10 30 0e .0...U....gc1.0. 06 03 55 04 03 13 07 47 54 49 53 2e 43 41 ..U....GTIS.CA 00 d4 .. 30 81 d1 31 0b 30 09 06 03 55 04 06 13 02 5a 41 0..1.0...U....ZA 31 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 1.0...U....Weste 72 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 rn Cape1.0...U.. 13 09 43 61 70 65 20 54 6f 77 6e 31 1a 30 18 06 ..Cape Town1.0.. 03 55 04 0a 13 11 54 68 61 77 74 65 20 43 6f 6e .U....Thawte Con 73 75 6c 74 69 6e 67 31 28 30 26 06 03 55 04 0b sulting1(0&..U.. 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 ..Certification 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 6f Services Divisio 6e 31 24 30 22 06 03 55 04 03 13 1b 54 68 61 77 n1$0"..U....Thaw 74 65 20 50 65 72 73 6f 6e 61 6c 20 46 72 65 65 te Personal Free 6d 61 69 6c 20 43 41 31 2b 30 29 06 09 2a 86 48 mail CA1+0)..*.H 86 f7 0d 01 09 01 16 1c 70 65 72 73 6f 6e 61 6c ........personal 2d 66 72 65 65 6d 61 69 6c 40 74 68 61 77 74 65 -freemail@thawte 2e 63 6f 6d .com 00 31 .1 30 2f 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 0/1.0...U....CA1 0b 30 09 06 03 55 04 0a 13 02 67 63 31 13 30 11 .0...U....gc1.0. 06 03 55 04 0b 13 0a 47 54 49 53 2e 57 65 62 43 ..U....GTIS.WebC 41 A 00 61 .a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0_1.0...U....US1 17 30 15 06 03 55 04 0a 13 0e 56 65 72 69 53 69 .0...U....VeriSi 67 6e 2c 20 49 6e 63 2e 31 37 30 35 06 03 55 04 gn, Inc.1705..U. 0b 13 2e 43 6c 61 73 73 20 34 20 50 75 62 6c 69 ...Class 4 Publi 63 20 50 72 69 6d 61 72 79 20 43 65 72 74 69 66 c Primary Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 y 00 49 .I 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0G1.0...U....US1 10 30 0e 06 03 55 04 0b 13 07 54 65 73 74 20 43 .0...U....Test C 41 31 26 30 24 06 03 55 04 0a 13 1d 4e 65 74 73 A1&0$..U....Nets 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 cape Communicati 6f 6e 73 20 43 6f 72 70 2e ons Corp. 00 61 .a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0_1.0...U....US1 20 30 1e 06 03 55 04 0a 13 17 52 53 41 20 44 61 0...U....RSA Da 74 61 20 53 65 63 75 72 69 74 79 2c 20 49 6e 63 ta Security, Inc 2e 31 2e 30 2c 06 03 55 04 0b 13 25 53 65 63 75 .1.0,..U...%Secu 72 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 re Server Certif 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 ication Authorit 79 y 00 99 .. 30 81 96 31 0b 30 09 06 03 55 04 06 13 02 55 4b 0..1.0...U....UK 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 1.0...U....Londo 6e 31 19 30 17 06 03 55 04 0a 13 10 55 70 74 69 n1.0...U....Upti 6d 65 20 47 72 6f 75 70 20 50 6c 63 31 1c 30 1a me Group Plc1.0. 06 03 55 04 0b 13 13 55 70 74 69 6d 65 20 43 6f ..U....Uptime Co 6d 6d 65 72 63 65 20 4c 74 64 31 17 30 15 06 03 mmerce Ltd1.0... 55 04 03 13 0e 55 54 43 20 43 6c 61 73 73 20 32 U....UTC Class 2 20 43 41 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 CA1$0"..*.H.... 09 01 16 15 63 65 72 74 73 40 75 70 74 69 6d 65 ....certs@uptime 67 72 6f 75 70 2e 63 6f 6d group.com 00 50 .P 30 4e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0N1.0...U....US1 1f 30 1d 06 03 55 04 0a 14 16 41 54 26 54 20 42 .0...U....AT&T B 65 6c 6c 20 4c 61 62 6f 72 61 74 6f 72 69 65 73 ell Laboratories 31 1e 30 1c 06 03 55 04 0b 14 15 50 72 6f 74 6f 1.0...U....Proto 74 79 70 65 20 52 65 73 65 61 72 63 68 20 43 41 type Research CA 00 63 .c 30 61 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0a1.0...U....US1 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f .0...U....Califo 72 6e 69 61 31 14 30 12 06 03 55 04 0a 13 0b 43 rnia1.0...U....C 6f 6d 6d 65 72 63 65 4e 65 74 31 27 30 25 06 03 ommerceNet1'0%.. 55 04 0b 13 1e 53 65 72 76 65 72 20 43 65 72 74 U....Server Cert 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 ification Author 69 74 79 ity 00 45 .E 30 43 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0C1.0...U....US1 25 30 23 06 03 55 04 0a 13 1c 55 6e 69 74 65 64 %0#..U....United 20 53 74 61 74 65 73 20 50 6f 73 74 61 6c 20 53 States Postal S 65 72 76 69 63 65 31 0d 30 0b 06 03 55 04 03 13 ervice1.0...U... 04 55 53 50 53 .USPS 00 d2 .. 30 81 cf 31 0b 30 09 06 03 55 04 06 13 02 5a 41 0..1.0...U....ZA 31 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 1.0...U....Weste 72 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 rn Cape1.0...U.. 13 09 43 61 70 65 20 54 6f 77 6e 31 1a 30 18 06 ..Cape Town1.0.. 03 55 04 0a 13 11 54 68 61 77 74 65 20 43 6f 6e .U....Thawte Con 73 75 6c 74 69 6e 67 31 28 30 26 06 03 55 04 0b sulting1(0&..U.. 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 ..Certification 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 6f Services Divisio 6e 31 23 30 21 06 03 55 04 03 13 1a 54 68 61 77 n1#0!..U....Thaw 74 65 20 50 65 72 73 6f 6e 61 6c 20 50 72 65 6d te Personal Prem 69 75 6d 20 43 41 31 2a 30 28 06 09 2a 86 48 86 ium CA1*0(..*.H. f7 0d 01 09 01 16 1b 70 65 72 73 6f 6e 61 6c 2d .......personal- 70 72 65 6d 69 75 6d 40 74 68 61 77 74 65 2e 63 premium@thawte.c 6f 6d om 00 5a .Z 30 58 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 0X1.0...U....CA1 1f 30 1d 06 03 55 04 03 13 16 4b 65 79 77 69 74 .0...U....Keywit 6e 65 73 73 20 43 61 6e 61 64 61 20 49 6e 63 2e ness Canada Inc. 31 28 30 26 06 0a 2b 06 01 04 01 2a 02 0b 02 01 1(0&..+....*.... 13 18 6b 65 79 77 69 74 6e 65 73 73 40 6b 65 79 ..keywitness@key 77 69 74 6e 65 73 73 2e 63 61 witness.ca 00 95 .. 30 81 92 31 0b 30 09 06 03 55 04 06 13 02 55 53 0..1.0...U....US 31 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 1.0...U....Calif 6f 72 6e 69 61 31 11 30 0f 06 03 55 04 07 13 08 ornia1.0...U.... 42 65 72 6b 65 6c 65 79 31 1e 30 1c 06 03 55 04 Berkeley1.0...U. 0a 14 15 43 6f 6e 73 65 6e 73 75 73 20 44 65 76 ...Consensus Dev 65 6c 6f 70 6d 65 6e 74 31 1b 30 19 06 03 55 04 elopment1.0...U. 0b 14 12 47 65 74 20 53 6d 61 72 74 63 61 72 64 ...Get Smartcard 20 44 65 6d 6f 31 1e 30 1c 06 03 55 04 03 14 15 Demo1.0...U.... 47 65 74 20 53 6d 61 72 74 63 61 72 64 20 44 65 Get Smartcard De 6d 6f 20 43 41 mo CAAfter hashing the certificate handshake message, the handshake hashes are:
MD5 state: 8e428cd8 2e39d5b5 5907f503 aba04860 MD5_TraceState: buffered input [Len: 31] 1e 30 1c 06 03 55 04 03 14 15 47 65 74 20 53 6d .0...U....Get Sm 61 72 74 63 61 72 64 20 44 65 6d 6f 20 43 41 artcard Demo CA SHA1 state: c6a44cb5 395684f2 bd4f6340 a9e71646 f27f44a1 SHA1_TraceState: buffered input [Len: 31] 1e 30 1c 06 03 55 04 03 14 15 47 65 74 20 53 6d .0...U....Get Sm 61 72 74 63 61 72 64 20 44 65 6d 6f 20 43 41 artcard Demo CA handle certificate_request handshakeAt this point, the browser asks the user to select a certificate to use for authentication to the server.
Server Hello Done Handshake
The following server_hello_done handshake message, as described in the the SSL 3 spec, section 7.6.5, is taken from the same record as the previous two handshakes, and is entirely included in the handshake hashes.handle handshake message: server_hello_done (14) MD5 & SHA handshake hash input: [Len: 4] 0e 00 00 00 .... MD5 & SHA handshake hash input: [Len: 0]After hashing the server_hello_done handshake message, the handshake hashes are:
MD5 state: 8e428cd8 2e39d5b5 5907f503 aba04860 MD5_TraceState: buffered input [Len: 35] 1e 30 1c 06 03 55 04 03 14 15 47 65 74 20 53 6d .0...U....Get Sm 61 72 74 63 61 72 64 20 44 65 6d 6f 20 43 41 0e artcard Demo CA. 00 00 00 ... SHA1 state: c6a44cb5 395684f2 bd4f6340 a9e71646 f27f44a1 SHA1_TraceState: buffered input [Len: 35] 1e 30 1c 06 03 55 04 03 14 15 47 65 74 20 53 6d .0...U....Get Sm 61 72 74 63 61 72 64 20 44 65 6d 6f 20 43 41 0e artcard Demo CA. 00 00 00 ... handle server_hello_done handshake
Client's Certificate Handshake
The client composes its response to the above messages. In this example, the client sends the following three records:- a hanshake record containing these handshakes:
- a certificate handshake bearing the client's certificate
- a client_key_exchange handshake
- a certificate_verify handshake
- a change_cipher_spec record
- an encrypted record, containing a "finished" handshake.
send certificate handshake append handshake header: type certificate (11) MD5 & SHA handshake hash input: [Len: 1] 0b . MD5 & SHA handshake hash input: [Len: 3] 00 05 2e ... MD5 & SHA handshake hash input: [Len: 3] 00 05 2b ..+ MD5 & SHA handshake hash input: [Len: 3] 00 02 7b ..{ MD5 & SHA handshake hash input: [Len: 635] 30 82 02 77 30 82 01 e0 a0 03 02 01 02 02 01 74 0..w0..........t 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 0...*.H........0 77 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 2c w1.0...U....US1, 30 2a 06 03 55 04 0a 13 23 4e 65 74 73 63 61 70 0*..U...#Netscap 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 e Communications 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f Corporation1.0. 06 03 55 04 0b 13 08 48 61 72 64 63 6f 72 65 31 ..U....Hardcore1 27 30 25 06 03 55 04 03 13 1e 48 61 72 64 63 6f '0%..U....Hardco 72 65 20 43 65 72 74 69 66 69 63 61 74 65 20 53 re Certificate S 65 72 76 65 72 20 49 49 30 1e 17 0d 39 37 30 38 erver II0...9708 32 32 30 31 35 38 30 39 5a 17 0d 39 38 30 32 31 22015809Z..98021 38 30 31 35 38 30 39 5a 30 81 97 31 0b 30 09 06 8015809Z0..1.0.. 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 .U....US1.0...U. 0a 13 08 4e 65 74 73 63 61 70 65 31 1a 30 18 06 ...Netscape1.0.. 03 55 04 0b 13 11 48 61 72 64 63 6f 72 65 20 53 .U....Hardcore S 65 63 75 72 69 74 79 31 18 30 16 06 0a 09 92 26 ecurity1.0.....& 89 93 f2 2c 64 01 01 13 08 4a 51 54 65 73 74 65 ...,d....JQTeste 72 31 1a 30 18 06 03 55 04 03 13 11 4a 6f 68 6e r1.0...U....John 20 51 20 53 53 4c 20 54 65 73 74 65 72 31 23 30 Q SSL Tester1#0 21 06 09 2a 86 48 86 f7 0d 01 09 01 16 14 4a 51 !..*.H........JQ 54 65 73 74 65 72 40 6e 6f 77 68 65 72 65 2e 6f Tester@nowhere.o 72 67 30 5c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 rg0\0...*.H..... 01 05 00 03 4b 00 30 48 02 41 00 e6 7a 1c b7 47 ....K.0H.A..z..G 81 63 39 a9 0f 07 28 8a 7e e9 01 b1 bc c5 2a f0 .c9...(.~.....*. ef ee bf 79 3f 11 9c 40 07 0a 09 69 fa a9 a9 c2 ...y?..@...i.... 9f bc 05 aa 20 39 eb b5 23 38 07 e9 2a 67 0d 11 .... 9..#8..*g.. b8 9d 28 16 1d 62 b0 e2 4a 51 c1 02 03 01 00 01 ..(..b..JQ...... a3 36 30 34 30 11 06 09 60 86 48 01 86 f8 42 01 .6040...`.H...B. 01 04 04 03 02 00 80 30 1f 06 03 55 1d 23 04 18 .......0...U.#.. 30 16 80 14 97 b1 6d b2 b6 02 16 54 0c 97 d7 e3 0.....m....T.... 32 6d cb 9c df ee de 80 30 0d 06 09 2a 86 48 86 2m......0...*.H. f7 0d 01 01 04 05 00 03 81 81 00 22 44 a0 00 27 ..........."D..' c0 ec c7 65 77 ec 55 af cd 31 93 e0 fb 2a c1 94 ...ew.U..1...*.. 05 da 4a b3 f6 4c 15 5d 8d 52 c0 42 5e 8d f4 0d ..J..L.].R.B^... 6a 4e d0 8e ed f0 ff 78 2e ea 8f 0c ff 8e f6 9d jN.....x........ f9 ed b8 99 84 b5 4d 58 2b 81 ff c5 53 6a ed 5a ......MX+...Sj.Z 86 b6 67 13 62 e6 b4 07 77 4a ef 48 1a d3 3d ae ..g.b...wJ.H..=. 51 c5 7f 3e 02 f5 40 91 bd a8 d3 17 94 6b 49 86 Q..>..@......kI. 38 95 74 4b e8 b7 1d 68 5a 3a c9 d0 b1 10 9f 90 8.tK...hZ:...... e5 6b 0b c4 db 19 c7 b1 bb e2 8a .k......... MD5 & SHA handshake hash input: [Len: 3] 00 02 aa ... MD5 & SHA handshake hash input: [Len: 682] 30 82 02 a6 30 82 02 0f a0 03 02 01 02 02 01 01 0...0........... 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 0...*.H........0 77 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 2c w1.0...U....US1, 30 2a 06 03 55 04 0a 13 23 4e 65 74 73 63 61 70 0*..U...#Netscap 65 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 e Communications 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f Corporation1.0. 06 03 55 04 0b 13 08 48 61 72 64 63 6f 72 65 31 ..U....Hardcore1 27 30 25 06 03 55 04 03 13 1e 48 61 72 64 63 6f '0%..U....Hardco 72 65 20 43 65 72 74 69 66 69 63 61 74 65 20 53 re Certificate S 65 72 76 65 72 20 49 49 30 1e 17 0d 39 37 30 35 erver II0...9705 32 37 31 38 30 39 34 37 5a 17 0d 39 38 30 35 32 27180947Z..98052 37 31 38 30 39 34 37 5a 30 77 31 0b 30 09 06 03 7180947Z0w1.0... 55 04 06 13 02 55 53 31 2c 30 2a 06 03 55 04 0a U....US1,0*..U.. 13 23 4e 65 74 73 63 61 70 65 20 43 6f 6d 6d 75 .#Netscape Commu 6e 69 63 61 74 69 6f 6e 73 20 43 6f 72 70 6f 72 nications Corpor 61 74 69 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 ation1.0...U.... 48 61 72 64 63 6f 72 65 31 27 30 25 06 03 55 04 Hardcore1'0%..U. 03 13 1e 48 61 72 64 63 6f 72 65 20 43 65 72 74 ...Hardcore Cert 69 66 69 63 61 74 65 20 53 65 72 76 65 72 20 49 ificate Server I 49 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 I0..0...*.H..... 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 bc 14 .......0........ a0 c0 53 fa e1 4d b9 cd 0e b7 42 e3 cd 98 46 e0 ..S..M....B...F. b3 1e 13 76 c7 c5 e5 3d e5 24 18 dd 72 1a 37 7f ...v...=.$..r.7. c4 66 51 36 7f e1 ae e9 11 5e 29 6f ac ff 28 ce .fQ6.....^)o..(. cd 53 ae 39 09 75 a1 eb d2 ec 79 d4 e9 6b 4c 99 .S.9.u....y..kL. e4 b6 42 d0 f7 52 8b ae 4a 33 6b 58 5b 47 57 13 ..B..R..J3kX[GW. a3 61 32 86 02 e8 63 e6 7a 27 c2 99 7a 22 48 d9 .a2...c.z'..z"H. c8 d1 5c 6d b1 37 84 66 4b 9e a2 ce 31 6c 1c 06 ..\m.7.fK...1l.. 7a 5f c5 7b b8 ff 58 89 f6 0b 40 6f 7c 0d 02 03 z_.{..X...@o|... 01 00 01 a3 42 30 40 30 1d 06 03 55 1d 0e 04 16 ....B0@0...U.... 04 14 97 b1 6d b2 b6 02 16 54 0c 97 d7 e3 32 6d ....m....T....2m cb 9c df ee de 80 30 1f 06 03 55 1d 23 04 18 30 ......0...U.#..0 16 80 14 97 b1 6d b2 b6 02 16 54 0c 97 d7 e3 32 .....m....T....2 6d cb 9c df ee de 80 30 0d 06 09 2a 86 48 86 f7 m......0...*.H.. 0d 01 01 05 05 00 03 81 81 00 9b 52 fe 93 fa 40 ...........R...@ 4d a9 8d 72 f9 f6 f6 c9 32 40 dc 20 fe be a5 a2 M..r....2@. .... db e6 2c df d1 5f a0 66 45 d1 6e 5f 0a 91 e9 0b ..,.._.fE.n_.... c1 7c 8a c0 64 a0 d4 24 56 85 b5 a0 aa 1e c8 8c .|..d..$V....... 15 40 ac fc 5a 2f 94 18 44 b9 73 23 c1 49 a0 24 .@..Z/..D.s#.I.$ ff b0 47 9c d8 28 1f b3 70 a7 62 b3 5b 8e 4d 82 ..G..(..p.b.[.M. bd 4d 85 eb 0d 5a 87 c0 41 c9 a6 c2 69 9c ee 81 .M...Z..A...i... 49 2a fb 01 55 6f b1 df 21 a7 b0 70 e4 5d 34 3b I*..Uo..!..p.]4; 90 29 f9 14 c3 2e 07 79 13 c7 .).....y..After hashing the certificate handshake message, the handshake hashes are:
MD5 state: 87508b0c 13815c09 c8c3d6e1 c21acdea MD5_TraceState: buffered input [Len: 21] 6f b1 df 21 a7 b0 70 e4 5d 34 3b 90 29 f9 14 c3 o..!..p.]4;.)... 2e 07 79 13 c7 ..y.. SHA1 state: 5cfaa109 407fc96a c3ca1712 0fdb9889 9772153a SHA1_TraceState: buffered input [Len: 21] 6f b1 df 21 a7 b0 70 e4 5d 34 3b 90 29 f9 14 c3 o..!..p.]4;.)... 2e 07 79 13 c7 ..y..
Client Key Exchange Handshake
Compose the client key exchange, according to the SSL 3 spec, section 7.6.7. The client key exchange message contains the 48-byte pre-master secret, encrypted in the server's public key. The steps of this encryption are shown below, begining with the formatting of the plaintext, by prepending data to it, per PKCS#1, section 8.1. Note the use of "block type 02" for this public key operation.pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... RSA_EncryptBlock: formatted plaintext [Len: 64] 00 02 e9 e9 d9 22 16 c1 1c 4f 1d 69 e8 04 ae 00 ....."...O.i.... 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... RSA_EncryptBlock: modulus [Len: 65] 00 e3 f3 ba 48 dd 2e bd a8 e9 87 8e 5f 8a 9e cb ....H......._... c9 6d c1 8b 79 31 ad b0 26 39 ba dc 28 d1 f0 20 .m..y1..&9..(.. 75 a4 24 d2 e8 16 e7 b3 b6 aa 39 e5 e2 4c bf 8e u.$.......9..L.. 5f 96 4b cd 09 75 71 b1 69 1f 67 df b7 ac 58 29 _.K..uq.i.g...X) a1 . RSA_EncryptBlock: publicExponent [Len: 3] 01 00 01 ... RSA_EncryptBlock: ciphertext [Len: 64] 4c 3a 77 60 63 e3 0e 03 39 52 2b 13 25 77 8b 23 L:w`c...9R+.%w.# c1 89 0d e8 28 dc 02 5e d9 aa 33 a1 ee 67 a1 91 ....(..^..3..g.. fc d4 a8 c3 1a d6 32 88 a4 60 56 61 57 c9 4f 5e ......2..`VaW.O^ 3a 1f f2 86 12 16 38 36 1c 3d c6 b8 0a 3f bd 88 :.....86.=...?..Prior to sending the client_key_exchange, the client computes the master secret. The pre-master secret is hashed with the server-random and client-random numbers and the "mixers" to produce the master secret, as described in section 8.1 of the SSL 3.0 spec. Here are the steps involved. The intermediate SHA hash results are shown in these steps, as inputs to the successive MD5 hashes.
master SHA hash: mixers [Len: 1] 41 A master SHA hash: pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... master SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. master SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... master MD5 hash: pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... master MD5 hash: SHA hash output [Len: 20] 5c 41 e3 98 e7 18 de 79 c2 af 82 ef fd 05 99 4f \A.....y.......O 69 fe 41 de i.A. Result of first MD5 Hash: master MD5 hash: MD5 hash output [Len: 16] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 Begin second MD5 hash master SHA hash: mixers [Len: 2] 42 42 BB master SHA hash: pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... master SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. master SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... master MD5 hash: pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... master MD5 hash: SHA hash output [Len: 20] 70 dc 51 53 cb 1e de c3 36 f3 3d 20 03 06 ef 02 p.QS....6.= .... 12 67 ce e7 .g.. Result of second MD5 hash: master MD5 hash: MD5 hash output [Len: 16] 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F Begin third MD5 hash master SHA hash: mixers [Len: 3] 43 43 43 CCC master SHA hash: pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... master SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. master SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... master MD5 hash: pre-master secret [Len: 48] 03 00 fc 4e 76 86 6b 74 7f 24 d8 12 07 78 bd 29 ...Nv.kt.$...x.) f6 b4 fa 34 7e d4 6a 8a 26 d7 2e 94 6c aa 1f 80 ...4~.j.&...l... b9 75 b1 70 0f 7a 07 ce 8a db f7 98 56 f8 8b e6 .u.p.z......V... master MD5 hash: SHA hash output [Len: 20] a4 0c e4 1e 93 41 b2 08 60 05 69 f1 38 ed 2c 53 .....A..`.i.8.,S 97 be f2 05 .... Result of third MD5 hash. master MD5 hash: MD5 hash output [Len: 16] 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....oThe three MD5 hash results are concatenated to form the master secret.
master secret: [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....oThe client immediately begins to compute the "key block", from which the mac secrets, write-keys and write-IVs will be derived. This is as described in section 8.2.2 of the SSL 3.0 spec.
Begin first keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 1] 41 A keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] e1 d7 0b 1c 86 9c 35 85 f8 a3 c3 a0 3e c2 66 69 ......5.....>.fi 98 d0 1f ef .... First MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... Begin second keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 2] 42 42 BB keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] ce 44 a5 01 e0 78 61 c9 1a 9c f9 15 6e 42 84 6c .D...xa.....nB.l 00 e8 55 ca ..U. Second MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. Begin third keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 3] 43 43 43 CCC keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] ba a6 54 d7 0f f4 36 73 ab 0e 96 f1 f5 df 18 d9 ..T...6s........ 1f c5 ae 73 ...s Third MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] a2 1b 90 d1 ef 19 c5 1d b1 5d 4d 6c a7 9e b2 f7 .........]Ml.... Begin fourth keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 4] 44 44 44 44 DDDD keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] 4e 91 c4 00 14 0f 78 31 65 28 89 a1 21 d7 ab a1 N.....x1e(..!... e4 50 69 ba .Pi. Fourth MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 66 26 35 c6 39 23 d9 b6 ed 93 1a fa aa af 0b fd f&5.9#.......... Begin fifth keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 5] 45 45 45 45 45 EEEEE keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] ad 49 55 77 56 3b 64 09 41 31 af 08 1c fd 20 d5 .IUwV;d.A1.... . 3b 89 52 d1 ;.R. Fifth MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] e9 45 2a 2e 26 a4 47 ef 73 b2 21 fc 2c 8e 4a 6b .E*.&.G.s.!.,.Jk Begin sixth keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 6] 46 46 46 46 46 46 FFFFFF keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] 3c aa b9 5c 09 3e c8 66 2d ff ea dd 6c 59 55 14 <..\.>.f-...lYU. 5f ba 62 92 _.b. Sixth MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 51 cd 6a d3 60 b2 29 1d 52 99 d7 b3 98 95 ed 71 Q.j.`.).R......q Begin seventh keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 7] 47 47 47 47 47 47 47 GGGGGGG keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 4b a8 3a ce e0 92 9c ff 03 be d3 c5 25 4.aK.:.........% a2 ec 61 85 b1 ea 93 bf a0 5e a9 79 1c 8a ed 16 ..a......^.y.... keygen SHA hash: client random [Len: 32] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ d8 90 d7 86 4e 5c 92 9f 90 07 da 83 1c 25 89 01 ....N\.......%.. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] 0a 51 c2 2a fb 6a ab ca aa 16 c0 ed 94 df cb c1 .Q.*.j.......... 6d af 72 a5 m.r. Seventh MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] a7 2f de f5 3d c1 15 29 1e 4c 4b ac 57 07 2d 50 ./..=..).LK.W.-PConcatenate the above seven MD5 hash results to produce the "key block":
key block: [Len: 112] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. a2 1b 90 d1 ef 19 c5 1d b1 5d 4d 6c a7 9e b2 f7 .........]Ml.... 66 26 35 c6 39 23 d9 b6 ed 93 1a fa aa af 0b fd f&5.9#.......... e9 45 2a 2e 26 a4 47 ef 73 b2 21 fc 2c 8e 4a 6b .E*.&.G.s.!.,.Jk 51 cd 6a d3 60 b2 29 1d 52 99 d7 b3 98 95 ed 71 Q.j.`.).R......q a7 2f de f5 3d c1 15 29 1e 4c 4b ac 57 07 2d 50 ./..=..).LK.W.-PNow, divide up the key block, producing the mac secrets, write keys, and (for block-mode ciphers) the write IVs. Since this is NOT an "export" client, Write keys and IVs are taken directly from the "key block", without any additional hash computation. Since this example is using a stream cipher, which requires no IVs, the IV values in the key block are ignored.
client write mac secret: [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... server write mac secret: [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. client write key: [Len: 16] a2 1b 90 d1 ef 19 c5 1d b1 5d 4d 6c a7 9e b2 f7 .........]Ml.... server write key: [Len: 16] 66 26 35 c6 39 23 d9 b6 ed 93 1a fa aa af 0b fd f&5.9#.......... client write iv: [Len: 0] server write iv: [Len: 0]Recall that the values of the handshake hashes, after hashing the previous handshake message, are:
MD5 state: 87508b0c 13815c09 c8c3d6e1 c21acdea MD5_TraceState: buffered input [Len: 21] 6f b1 df 21 a7 b0 70 e4 5d 34 3b 90 29 f9 14 c3 o..!..p.]4;.)... 2e 07 79 13 c7 ..y.. SHA1 state: 5cfaa109 407fc96a c3ca1712 0fdb9889 9772153a SHA1_TraceState: buffered input [Len: 21] 6f b1 df 21 a7 b0 70 e4 5d 34 3b 90 29 f9 14 c3 o..!..p.]4;.)... 2e 07 79 13 c7 ..y..The entire client_key_exchange handshake message is included the handshake hashes. The hash input is:
append handshake header: type client_key_exchange (16) MD5 & SHA handshake hash input: [Len: 1] 10 . MD5 & SHA handshake hash input: [Len: 3] 00 00 40 ..@ MD5 & SHA handshake hash input: [Len: 64] 4c 3a 77 60 63 e3 0e 03 39 52 2b 13 25 77 8b 23 L:w`c...9R+.%w.# c1 89 0d e8 28 dc 02 5e d9 aa 33 a1 ee 67 a1 91 ....(..^..3..g.. fc d4 a8 c3 1a d6 32 88 a4 60 56 61 57 c9 4f 5e ......2..`VaW.O^ 3a 1f f2 86 12 16 38 36 1c 3d c6 b8 0a 3f bd 88 :.....86.=...?..After hashing the client_key_exchange handshake message, the handshake hashes are:
MD5 state: 250fb55d 512afd7f 48544680 80c702a9 MD5_TraceState: buffered input [Len: 25] 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 16 38 ..`VaW.O^:.....8 36 1c 3d c6 b8 0a 3f bd 88 6.=...?.. SHA1 state: cf323bf6 a3ca8feb 6b10e4f5 10110427 6472968d SHA1_TraceState: buffered input [Len: 25] 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 16 38 ..`VaW.O^:.....8 36 1c 3d c6 b8 0a 3f bd 88 6.=...?..
Certificate Verify
The client computes the "md5_hash" and "sha_hash" in preparation for sending the certificate_verify handshake message. This is as described in section 7.6.8 of the SSL 3.0 spec.Compute inner MD5_hash: MD5 state: 250fb55d 512afd7f 48544680 80c702a9 MD5_TraceState: buffered input [Len: 25] 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 16 38 ..`VaW.O^:.....8 36 1c 3d c6 b8 0a 3f bd 88 6.=...?.. MD5 inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 inner: MAC Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 Inner MD5_hash result: MD5 inner: result [Len: 16] 9d ce 45 47 f3 a5 3d 7f c0 bb 09 7d 3e a0 48 f3 ..EG..=....}>.H. Compute inner SHA_hash: SHA1 state: cf323bf6 a3ca8feb 6b10e4f5 10110427 6472968d SHA1_TraceState: buffered input [Len: 25] 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 16 38 ..`VaW.O^:.....8 36 1c 3d c6 b8 0a 3f bd 88 6.=...?.. SHA inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA inner: MAC Pad 1 [Len: 40] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 66666666 Inner SHA_hash result: SHA inner: result [Len: 20] b8 e3 7b 28 2d 2a 3d 3a 62 17 ef 28 c6 7a 35 28 ..{(-*=:b..(.z5( 46 ab 46 6f F.Fo Compute outer MD5_hash: MD5 outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 outer: MAC Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ MD5 outer: MD5 inner [Len: 16] 9d ce 45 47 f3 a5 3d 7f c0 bb 09 7d 3e a0 48 f3 ..EG..=....}>.H. Outer (final) MD5_hash result: MD5 outer: result [Len: 16] 40 e7 da 04 3e 64 d4 97 bf f5 4f e1 ea 7e 75 23 @...>d....O..~u# Compute outer SHA_hash: SHA outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA outer: MAC Pad 2 [Len: 40] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\ SHA outer: SHA inner [Len: 20] b8 e3 7b 28 2d 2a 3d 3a 62 17 ef 28 c6 7a 35 28 ..{(-*=:b..(.z5( 46 ab 46 6f F.Fo Outer (final) SHA_hash result: SHA outer: result [Len: 20] d1 b1 a3 6e b7 98 a6 94 79 61 cc 12 a1 75 f7 fb ...n....ya...u.. d2 2b 04 94 .+..The above two "outer" hashes are signed using the private key associated with the certificate that the client previously sent to the server, above. The data elements of this signature operation are shown below, begining with the formatting of the hashes to be signed, by prepending data to them, per PKCS#1, section 8.1. Note the use of "block type 01" for this private key operation.
hash(es) to be signed [Len: 36] 40 e7 da 04 3e 64 d4 97 bf f5 4f e1 ea 7e 75 23 @...>d....O..~u# d1 b1 a3 6e b7 98 a6 94 79 61 cc 12 a1 75 f7 fb ...n....ya...u.. d2 2b 04 94 .+.. RSA_Sign: formatted plaintext [Len: 64] 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ ff ff ff ff ff ff ff ff ff ff ff 00 40 e7 da 04 ............@... 3e 64 d4 97 bf f5 4f e1 ea 7e 75 23 d1 b1 a3 6e >d....O..~u#...n b7 98 a6 94 79 61 cc 12 a1 75 f7 fb d2 2b 04 94 ....ya...u...+.. RSA_Sign: modulus [Len: 65] 00 e6 7a 1c b7 47 81 63 39 a9 0f 07 28 8a 7e e9 ..z..G.c9...(.~. 01 b1 bc c5 2a f0 ef ee bf 79 3f 11 9c 40 07 0a ....*....y?..@.. 09 69 fa a9 a9 c2 9f bc 05 aa 20 39 eb b5 23 38 .i........ 9..#8 07 e9 2a 67 0d 11 b8 9d 28 16 1d 62 b0 e2 4a 51 ..*g....(..b..JQ c1 . RSA_Sign: privateExponent [Len: 65] 00 b6 fe 6f bc 69 ee e6 9c ca 89 5f 12 a6 5c 3b ...o.i....._..\; 9f 17 c3 1c fd 8a 4d c6 cf 8a 72 34 06 4e a4 08 ......M...r4.N.. 27 8d 2b ef 38 a5 73 f0 89 be b8 9a 4a 7d 7d 78 '.+.8.s.....J}}x c7 1a 30 3e af a8 f8 33 9e 07 2a 1e 7e f0 5f 86 ..0>...3..*.~._. 8d . RSA_Sign: signature [Len: 64] 40 86 2f b5 b7 d4 18 74 e8 89 07 a0 38 eb 2f ec @./....t....8./. 99 cc 10 5d 29 29 c2 08 61 21 aa 7d f7 64 c6 6a ...]))..a!.}.d.j 62 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 bw(...at...1.?OX 78 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b x..rN.p....7..2{ signed hashes [Len: 64] 40 86 2f b5 b7 d4 18 74 e8 89 07 a0 38 eb 2f ec @./....t....8./. 99 cc 10 5d 29 29 c2 08 61 21 aa 7d f7 64 c6 6a ...]))..a!.}.d.j 62 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 bw(...at...1.?OX 78 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b x..rN.p....7..2{ append handshake header: type certificate_verify (15)Recall that the values of the handshake hashes, after hashing the previous client_key_exchange message, are:
MD5 state: 250fb55d 512afd7f 48544680 80c702a9 MD5_TraceState: buffered input [Len: 25] 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 16 38 ..`VaW.O^:.....8 36 1c 3d c6 b8 0a 3f bd 88 6.=...?.. SHA1 state: cf323bf6 a3ca8feb 6b10e4f5 10110427 6472968d SHA1_TraceState: buffered input [Len: 25] 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 16 38 ..`VaW.O^:.....8 36 1c 3d c6 b8 0a 3f bd 88 6.=...?..Include the entire certificate_verify message in the handshake hashes. This must be done after the computation of the md5_hash and sha_hash values for the certificate_verify handshake. The client can do this now, since it has already computed the md5_hash and sha_hash values above.
0f . 00 00 42 ..B 00 40 .@ 40 86 2f b5 b7 d4 18 74 e8 89 07 a0 38 eb 2f ec @./....t....8./. 99 cc 10 5d 29 29 c2 08 61 21 aa 7d f7 64 c6 6a ...]))..a!.}.d.j 62 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 bw(...at...1.?OX 78 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b x..rN.p....7..2{After hashing in the client's finished handshake, the handshake hashes are:
MD5 state: 0cde7c7c 27e97711 42037f53 633d4736 MD5_TraceState: buffered input [Len: 31] 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 78 w(...at...1.?OXx 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b ..rN.p....7..2{ SHA1 state: f6b217ec 76f0d9dd da324813 462ca026 fe925ba3 SHA1_TraceState: buffered input [Len: 31] 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 78 w(...at...1.?OXx 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b ..rN.p....7..2{The above three handshake messages are now sent in one handshake record. The 5-byte record header is prepended. The record sent is this:
send change_cipher_spec record SendPlainText record type: handshake (22) bytes=1468 send (encrypted) record data: [Len: 1473] + 16 03 00 05 bc 0b 00 05 2e 00 05 2b 00 02 7b 30 ...........+..{0 + 82 02 77 30 82 01 e0 a0 03 02 01 02 02 01 74 30 ..w0..........t0 + 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 77 ...*.H........0w + 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 2c 30 1.0...U....US1,0 + 2a 06 03 55 04 0a 13 23 4e 65 74 73 63 61 70 65 *..U...#Netscape + 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 Communications + 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 Corporation1.0.. + 03 55 04 0b 13 08 48 61 72 64 63 6f 72 65 31 27 .U....Hardcore1' + 30 25 06 03 55 04 03 13 1e 48 61 72 64 63 6f 72 0%..U....Hardcor + 65 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 e Certificate Se + 72 76 65 72 20 49 49 30 1e 17 0d 39 37 30 38 32 rver II0...97082 + 32 30 31 35 38 30 39 5a 17 0d 39 38 30 32 31 38 2015809Z..980218 + 30 31 35 38 30 39 5a 30 81 97 31 0b 30 09 06 03 015809Z0..1.0... + 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 0a U....US1.0...U.. + 13 08 4e 65 74 73 63 61 70 65 31 1a 30 18 06 03 ..Netscape1.0... + 55 04 0b 13 11 48 61 72 64 63 6f 72 65 20 53 65 U....Hardcore Se + 63 75 72 69 74 79 31 18 30 16 06 0a 09 92 26 89 curity1.0.....&. + 93 f2 2c 64 01 01 13 08 4a 51 54 65 73 74 65 72 ..,d....JQTester + 31 1a 30 18 06 03 55 04 03 13 11 4a 6f 68 6e 20 1.0...U....John + 51 20 53 53 4c 20 54 65 73 74 65 72 31 23 30 21 Q SSL Tester1#0! + 06 09 2a 86 48 86 f7 0d 01 09 01 16 14 4a 51 54 ..*.H........JQT + 65 73 74 65 72 40 6e 6f 77 68 65 72 65 2e 6f 72 ester@nowhere.or + 67 30 5c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 g0\0...*.H...... + 05 00 03 4b 00 30 48 02 41 00 e6 7a 1c b7 47 81 ...K.0H.A..z..G. + 63 39 a9 0f 07 28 8a 7e e9 01 b1 bc c5 2a f0 ef c9...(.~.....*.. + ee bf 79 3f 11 9c 40 07 0a 09 69 fa a9 a9 c2 9f ..y?..@...i..... + bc 05 aa 20 39 eb b5 23 38 07 e9 2a 67 0d 11 b8 ... 9..#8..*g... + 9d 28 16 1d 62 b0 e2 4a 51 c1 02 03 01 00 01 a3 .(..b..JQ....... + 36 30 34 30 11 06 09 60 86 48 01 86 f8 42 01 01 6040...`.H...B.. + 04 04 03 02 00 80 30 1f 06 03 55 1d 23 04 18 30 ......0...U.#..0 + 16 80 14 97 b1 6d b2 b6 02 16 54 0c 97 d7 e3 32 .....m....T....2 + 6d cb 9c df ee de 80 30 0d 06 09 2a 86 48 86 f7 m......0...*.H.. + 0d 01 01 04 05 00 03 81 81 00 22 44 a0 00 27 c0 .........."D..'. + ec c7 65 77 ec 55 af cd 31 93 e0 fb 2a c1 94 05 ..ew.U..1...*... + da 4a b3 f6 4c 15 5d 8d 52 c0 42 5e 8d f4 0d 6a .J..L.].R.B^...j + 4e d0 8e ed f0 ff 78 2e ea 8f 0c ff 8e f6 9d f9 N.....x......... + ed b8 99 84 b5 4d 58 2b 81 ff c5 53 6a ed 5a 86 .....MX+...Sj.Z. + b6 67 13 62 e6 b4 07 77 4a ef 48 1a d3 3d ae 51 .g.b...wJ.H..=.Q + c5 7f 3e 02 f5 40 91 bd a8 d3 17 94 6b 49 86 38 ..>..@......kI.8 + 95 74 4b e8 b7 1d 68 5a 3a c9 d0 b1 10 9f 90 e5 .tK...hZ:....... + 6b 0b c4 db 19 c7 b1 bb e2 8a 00 02 aa 30 82 02 k............0.. + a6 30 82 02 0f a0 03 02 01 02 02 01 01 30 0d 06 .0...........0.. + 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 77 31 0b .*.H........0w1. + 30 09 06 03 55 04 06 13 02 55 53 31 2c 30 2a 06 0...U....US1,0*. + 03 55 04 0a 13 23 4e 65 74 73 63 61 70 65 20 43 .U...#Netscape C + 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 43 6f ommunications Co + 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 03 55 rporation1.0...U + 04 0b 13 08 48 61 72 64 63 6f 72 65 31 27 30 25 ....Hardcore1'0% + 06 03 55 04 03 13 1e 48 61 72 64 63 6f 72 65 20 ..U....Hardcore + 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 Certificate Serv + 65 72 20 49 49 30 1e 17 0d 39 37 30 35 32 37 31 er II0...9705271 + 38 30 39 34 37 5a 17 0d 39 38 30 35 32 37 31 38 80947Z..98052718 + 30 39 34 37 5a 30 77 31 0b 30 09 06 03 55 04 06 0947Z0w1.0...U.. + 13 02 55 53 31 2c 30 2a 06 03 55 04 0a 13 23 4e ..US1,0*..U...#N + 65 74 73 63 61 70 65 20 43 6f 6d 6d 75 6e 69 63 etscape Communic + 61 74 69 6f 6e 73 20 43 6f 72 70 6f 72 61 74 69 ations Corporati + 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 48 61 72 on1.0...U....Har + 64 63 6f 72 65 31 27 30 25 06 03 55 04 03 13 1e dcore1'0%..U.... + 48 61 72 64 63 6f 72 65 20 43 65 72 74 69 66 69 Hardcore Certifi + 63 61 74 65 20 53 65 72 76 65 72 20 49 49 30 81 cate Server II0. + 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 .0...*.H........ + 03 81 8d 00 30 81 89 02 81 81 00 bc 14 a0 c0 53 ....0..........S + fa e1 4d b9 cd 0e b7 42 e3 cd 98 46 e0 b3 1e 13 ..M....B...F.... + 76 c7 c5 e5 3d e5 24 18 dd 72 1a 37 7f c4 66 51 v...=.$..r.7..fQ + 36 7f e1 ae e9 11 5e 29 6f ac ff 28 ce cd 53 ae 6.....^)o..(..S. + 39 09 75 a1 eb d2 ec 79 d4 e9 6b 4c 99 e4 b6 42 9.u....y..kL...B + d0 f7 52 8b ae 4a 33 6b 58 5b 47 57 13 a3 61 32 ..R..J3kX[GW..a2 + 86 02 e8 63 e6 7a 27 c2 99 7a 22 48 d9 c8 d1 5c ...c.z'..z"H...\ + 6d b1 37 84 66 4b 9e a2 ce 31 6c 1c 06 7a 5f c5 m.7.fK...1l..z_. + 7b b8 ff 58 89 f6 0b 40 6f 7c 0d 02 03 01 00 01 {..X...@o|...... + a3 42 30 40 30 1d 06 03 55 1d 0e 04 16 04 14 97 .B0@0...U....... + b1 6d b2 b6 02 16 54 0c 97 d7 e3 32 6d cb 9c df .m....T....2m... + ee de 80 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ...0...U.#..0... + 97 b1 6d b2 b6 02 16 54 0c 97 d7 e3 32 6d cb 9c ..m....T....2m.. + df ee de 80 30 0d 06 09 2a 86 48 86 f7 0d 01 01 ....0...*.H..... + 05 05 00 03 81 81 00 9b 52 fe 93 fa 40 4d a9 8d ........R...@M.. + 72 f9 f6 f6 c9 32 40 dc 20 fe be a5 a2 db e6 2c r....2@. ......, + df d1 5f a0 66 45 d1 6e 5f 0a 91 e9 0b c1 7c 8a .._.fE.n_.....|. + c0 64 a0 d4 24 56 85 b5 a0 aa 1e c8 8c 15 40 ac .d..$V........@. + fc 5a 2f 94 18 44 b9 73 23 c1 49 a0 24 ff b0 47 .Z/..D.s#.I.$..G + 9c d8 28 1f b3 70 a7 62 b3 5b 8e 4d 82 bd 4d 85 ..(..p.b.[.M..M. + eb 0d 5a 87 c0 41 c9 a6 c2 69 9c ee 81 49 2a fb ..Z..A...i...I*. + 01 55 6f b1 df 21 a7 b0 70 e4 5d 34 3b 90 29 f9 .Uo..!..p.]4;.). + 14 c3 2e 07 79 13 c7 10 00 00 40 4c 3a 77 60 63 ....y.....@L:w`c + e3 0e 03 39 52 2b 13 25 77 8b 23 c1 89 0d e8 28 ...9R+.%w.#....( + dc 02 5e d9 aa 33 a1 ee 67 a1 91 fc d4 a8 c3 1a ..^..3..g....... + d6 32 88 a4 60 56 61 57 c9 4f 5e 3a 1f f2 86 12 .2..`VaW.O^:.... + 16 38 36 1c 3d c6 b8 0a 3f bd 88 0f 00 00 42 00 .86.=...?.....B. + 40 40 86 2f b5 b7 d4 18 74 e8 89 07 a0 38 eb 2f @@./....t....8./ + ec 99 cc 10 5d 29 29 c2 08 61 21 aa 7d f7 64 c6 ....]))..a!.}.d. + 6a 62 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f jbw(...at...1.?O + 58 78 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 Xx..rN.p....7..2 + 7b {
Client's Change_Cipher_Spec Record
The client sends the change_cipher_spec record, as described in the SSL 3 spec, section 7.3. This record is not a handshake record, and is not included in the handshake hashes.SendPlainText record type: change_cipher_spec (20) bytes=1 Send PlainText record [Len: 1] 01 . send (unencrypted) record data: [Len: 6] + 14 03 00 00 01 01 ...... Set Current Write Cipher Suite to Pending
Client's Finished Handshake
The next record will contain a message fully MAC'ed and encrypted according to the SSL_RSA_WITH_RC4_128_MD5 cipher spec we just began using. It is the client's "finished" handshake. Before composing the message, the client computes the "md5_hash" and "sha_hash" as defined for the "finished" message in section 7.6.9 of the SSL 3.0 spec. In this example, we first compute the "inner" portion of each hash, then compute the "outer" portions.Compute inner MD5 hash. First, review the current handshake hash state. MD5 state: 0cde7c7c 27e97711 42037f53 633d4736 MD5_TraceState: buffered input [Len: 31] 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 78 w(...at...1.?OXx 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b ..rN.p....7..2{ Now, hash inputs to MD5 inner hash: MD5 inner: sender [Len: 4] 43 4c 4e 54 CLNT MD5 inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 inner: MAC Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 Result of inner MD5 hash: MD5 inner: result [Len: 16] 6a d7 d1 56 82 e3 9a ca 80 1c ef 06 a7 38 e4 0f j..V.........8.. Compute inner SHA hash. First, review the current handshake hash state. SHA1 state: f6b217ec 76f0d9dd da324813 462ca026 fe925ba3 SHA1_TraceState: buffered input [Len: 31] 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 78 w(...at...1.?OXx 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b ..rN.p....7..2{ Now, hash inputs to inner SHA hash: SHA inner: sender [Len: 4] 43 4c 4e 54 CLNT SHA inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA inner: MAC Pad 1 [Len: 40] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 66666666 Result of inner SHA hash: SHA inner: result [Len: 20] a1 af e6 a4 6a fb 8a eb 59 b6 48 fe 75 9e e4 97 ....j...Y.H.u... 36 0d 2f db 6./. Compute outer MD5 hash: MD5 outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 outer: MAC Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ MD5 outer: MD5 inner [Len: 16] 6a d7 d1 56 82 e3 9a ca 80 1c ef 06 a7 38 e4 0f j..V.........8.. Result of outer MD5 hash: MD5 outer: result [Len: 16] 2e 9f 84 6b 29 af 67 9c b3 16 dd 19 2e 42 ac b9 ...k).g......B.. Compute outer SHA hash: SHA outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA outer: MAC Pad 2 [Len: 40] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\ SHA outer: SHA inner [Len: 20] a1 af e6 a4 6a fb 8a eb 59 b6 48 fe 75 9e e4 97 ....j...Y.H.u... 36 0d 2f db 6./. Result of outer SHA hash: SHA outer: result [Len: 20] 75 e4 48 7f e3 d2 9a 52 c5 40 59 b6 c3 ba c1 0f u.H....R.@Y..... d4 a3 0f 67 ...gNow that we've completed the hash computations for the "finished" message, compose the message, and include the body of the handshake message in the "handshake hashes". First, we review the previous values of the "handshake hashes".
MD5 state: 0cde7c7c 27e97711 42037f53 633d4736 MD5_TraceState: buffered input [Len: 31] 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 78 w(...at...1.?OXx 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b ..rN.p....7..2{ SHA1 state: f6b217ec 76f0d9dd da324813 462ca026 fe925ba3 SHA1_TraceState: buffered input [Len: 31] 77 28 96 8e b5 61 74 f2 84 1c 31 a2 3f 4f 58 78 w(...at...1.?OXx 11 88 72 4e ed 70 e8 ac e9 82 37 ec 8d 32 7b ..rN.p....7..2{Now include the "finished" handshake in the hashes.
append handshake header: type finished (20) MD5 & SHA handshake hash input: [Len: 1] 14 . MD5 & SHA handshake hash input: [Len: 3] 00 00 24 ..$ MD5 & SHA handshake hash input: [Len: 36] 2e 9f 84 6b 29 af 67 9c b3 16 dd 19 2e 42 ac b9 ...k).g......B.. 75 e4 48 7f e3 d2 9a 52 c5 40 59 b6 c3 ba c1 0f u.H....R.@Y..... d4 a3 0f 67 ...gAfter hashing in the client's finished handshake, the handshake hashes are:
MD5 state: f6b0a72e 2150598c aa3fb2fe 89f69207 MD5_TraceState: buffered input [Len: 7] ba c1 0f d4 a3 0f 67 ......g SHA1 state: 56341040 456e5414 53cd4624 6e6ddff8 789c7ee0 SHA1_TraceState: buffered input [Len: 7] ba c1 0f d4 a3 0f 67 ......gThe completed message to be encrypted and sent is:
SendPlainText record type: handshake (22) bytes=40 Send PlainText record [Len: 40] 14 00 00 24 2e 9f 84 6b 29 af 67 9c b3 16 dd 19 ...$...k).g..... 2e 42 ac b9 75 e4 48 7f e3 d2 9a 52 c5 40 59 b6 .B..u.H....R.@Y. c3 ba c1 0f d4 a3 0f 67 .......gSince the SSL_RSA_WITH_RC4_128_MD5 cipher suite is now in effect, the message must be MAC'ed. The MAC on the client's plaintext "finished" handshake message is computed according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 00 16 00 28 ..........( frag hash1: input [Len: 40] 14 00 00 24 2e 9f 84 6b 29 af 67 9c b3 16 dd 19 ...$...k).g..... 2e 42 ac b9 75 e4 48 7f e3 d2 9a 52 c5 40 59 b6 .B..u.H....R.@Y. c3 ba c1 0f d4 a3 0f 67 .......g frag hash2: MAC secret [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 1c f9 c1 30 1f 59 6c c3 f5 f2 a0 02 d7 72 14 56 ...0.Yl......r.V frag hash2: result [Len: 16] ef a6 e5 22 3d e4 b7 44 e0 ac 43 79 2f 1c a9 ed ..."=..D..Cy/...Append the result above to the plaintext handshake message (above), compress (null), and encrypt, and add the record header, producing the following record:
send (encrypted) record data: [Len: 61] + 16 03 00 00 38 04 62 86 2f 4b a7 67 57 9e dc 9f ....8.b./K.gW... + ea c2 69 67 c7 2f 52 ec 3b 3b 79 c5 ca c4 61 99 ..ig./R.;;y...a. + 7c 68 bf 0c f5 79 a1 21 7b f0 5f 54 f4 fa 55 60 |h...y.!{._T..U` + 47 68 e1 80 09 63 cc 93 63 98 0c 95 b7 Gh...c..c....
Server's Change_Cipher_Spec Record
The server sends its final two records before the application data can be sent. The final two records are:- a change_cipher_spec record
- a "Finished" handshake record
raw gather data: [Len: 5] + 14 03 00 00 01 ..... plaintext: [Len: 1] + 01 . handle change_cipher_spec record Set Current Read Cipher Suite to Pending
Server's Finished Handshake
The server sends the fully MAC'ed and encrypted finished handshake message.raw gather data: [Len: 5] + 16 03 00 00 38 ....8 ciphertext: [Len: 56] + cb 71 4d 6a dc 24 7a aa a4 23 21 b4 98 e6 60 62 .qMj.$z..#!...`b + eb a8 d9 f2 ee c2 c6 f8 53 22 6c 26 e0 65 10 8b ........S"l&.e.. + c4 a4 1b 70 66 c1 63 11 ac c4 2b 44 32 69 00 c6 ...pf.c...+D2i.. + ae 32 98 69 e3 95 75 3a .2.i..u:Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 56] 14 00 00 24 e3 e9 67 c0 fd 98 b0 11 60 e6 5d 41 ...$..g.....`.]A 97 90 97 e4 f6 eb 57 fc 7a 41 d7 c0 08 9b f5 b5 ......W.zA...... 93 56 11 8b 2d 02 72 68 75 7f 49 71 e6 7c 3a cb .V..-.rhu.Iq.|:. 7a 5d 83 e8 cf 6d dd 2c z]...m.,The last 16 bytes of plaintext above are (ostensibly) the sender's MAC. Compute the MAC on all but the last 16 bytes above, for verification. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 00 16 00 28 ..........( frag hash1: input [Len: 40] 14 00 00 24 e3 e9 67 c0 fd 98 b0 11 60 e6 5d 41 ...$..g.....`.]A 97 90 97 e4 f6 eb 57 fc 7a 41 d7 c0 08 9b f5 b5 ......W.zA...... 93 56 11 8b 2d 02 72 68 .V..-.rh frag hash2: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] d3 9d c4 8a 78 1b 40 3b 84 28 b4 14 78 a7 e8 70 ....x.@;.(..x..p frag hash2: result [Len: 16] 75 7f 49 71 e6 7c 3a cb 7a 5d 83 e8 cf 6d dd 2c u.Iq.|:.z]...m.,Note that the computed MAC matches the last 16 bytes of the plaintext above. The MAC is verified.
Compute the "md5_hash" and "sha_hash" as defined for the server's "finished" message in section 7.6.9 of the SSL 3.0 spec. In this example, we first compute the "inner" portion of each hash, then compute the "outer" portions.
Compute inner MD5 hash. First, review the current handshake hash state. MD5 state: f6b0a72e 2150598c aa3fb2fe 89f69207 MD5_TraceState: buffered input [Len: 7] ba c1 0f d4 a3 0f 67 ......g Now, hash inputs to MD5 inner hash: MD5 inner: sender [Len: 4] 53 52 56 52 SRVR MD5 inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 inner: MAC Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 Result of inner MD5 hash: MD5 inner: result [Len: 16] c8 db d5 d1 bb 8d 38 bb e2 64 85 3d b2 5b 84 9f ......8..d.=.[.. Compute inner SHA hash. First, review the current handshake hash state. SHA1 state: 56341040 456e5414 53cd4624 6e6ddff8 789c7ee0 SHA1_TraceState: buffered input [Len: 7] ba c1 0f d4 a3 0f 67 ......g Now, hash inputs to inner SHA hash: SHA inner: sender [Len: 4] 53 52 56 52 SRVR SHA inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA inner: MAC Pad 1 [Len: 40] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 66666666 Result of inner SHA hash: SHA inner: result [Len: 20] 20 95 47 2a 3f 7f 7a 77 9b b4 a4 d1 e5 57 72 e0 .G*?.zw.....Wr. cc 01 cf d8 .... Compute outer MD5 hash: MD5 outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 outer: MAC Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ MD5 outer: MD5 inner [Len: 16] c8 db d5 d1 bb 8d 38 bb e2 64 85 3d b2 5b 84 9f ......8..d.=.[.. Result of outer MD5 hash: MD5 outer: result [Len: 16] e3 e9 67 c0 fd 98 b0 11 60 e6 5d 41 97 90 97 e4 ..g.....`.]A.... Compute outer SHA hash: SHA outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA outer: MAC Pad 2 [Len: 40] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\ SHA outer: SHA inner [Len: 20] 20 95 47 2a 3f 7f 7a 77 9b b4 a4 d1 e5 57 72 e0 .G*?.zw.....Wr. cc 01 cf d8 .... Result of outer SHA hash: SHA outer: result [Len: 20] f6 eb 57 fc 7a 41 d7 c0 08 9b f5 b5 93 56 11 8b ..W.zA.......V.. 2d 02 72 68 -.rhNote that these computed outer hashes match the values found in the plaintext finished message (shown above). We have verified that the "md5_hash" and "sha_hash" in the "finished" message are correct.
Now that we've completed the hash computations for the "finished" message, include the body of the handshake message in the "handshake hashes". First, we review the previous values of the "handshake hashes".
MD5 state: f6b0a72e 2150598c aa3fb2fe 89f69207 MD5_TraceState: buffered input [Len: 7] ba c1 0f d4 a3 0f 67 ......g SHA1 state: 56341040 456e5414 53cd4624 6e6ddff8 789c7ee0 SHA1_TraceState: buffered input [Len: 7] ba c1 0f d4 a3 0f 67 ......gNow include the "finished" handshake in the hashes.
handle handshake message: finished (20) MD5 & SHA handshake hash input: [Len: 4] 14 00 00 24 ...$ MD5 & SHA handshake hash input: [Len: 36] e3 e9 67 c0 fd 98 b0 11 60 e6 5d 41 97 90 97 e4 ..g.....`.]A.... f6 eb 57 fc 7a 41 d7 c0 08 9b f5 b5 93 56 11 8b ..W.zA.......V.. 2d 02 72 68 -.rhThe handshake hash results of the second "finished" handshake are not used.
handle finished handshakeThe handshakes are completed.
Client Application Data Record
The client sends the first application data record, the HTTP request. It is not included in handshake hashes because it is not a handshake. It is MAC'ed and encrypted, per the cipher spec now in use.SendPlainText record type: application_data (23) bytes=249 Send PlainText record [Len: 249] 47 45 54 20 2f 62 61 72 20 48 54 54 50 2f 31 2e GET /bar HTTP/1. 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 0..Connection: K 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d eep-Alive..User- 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 Agent: Mozilla/4 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 3b .02 [en] (WinNT; 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f 75 U)..Host: bijou 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d 0a .mcom.com:1999.. 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 69 Accept: image/gi 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 6d f, image/x-xbitm 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c 20 ap, image/jpeg, 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f 2a image/pjpeg, */* 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 ..Accept-Languag 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c 65 e: en-US,en-GB,e 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 65 n..Accept-Charse 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a 2c t: iso-8859-1,*, 75 74 66 2d 38 0d 0a 0d 0a utf-8....Compute the MAC on the plaintext application data message. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 01 17 00 f9 ........... frag hash1: input [Len: 249] 47 45 54 20 2f 62 61 72 20 48 54 54 50 2f 31 2e GET /bar HTTP/1. 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 0..Connection: K 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d eep-Alive..User- 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 Agent: Mozilla/4 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 3b .02 [en] (WinNT; 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f 75 U)..Host: bijou 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d 0a .mcom.com:1999.. 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 69 Accept: image/gi 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 6d f, image/x-xbitm 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c 20 ap, image/jpeg, 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f 2a image/pjpeg, */* 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 ..Accept-Languag 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c 65 e: en-US,en-GB,e 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 65 n..Accept-Charse 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a 2c t: iso-8859-1,*, 75 74 66 2d 38 0d 0a 0d 0a utf-8.... frag hash2: MAC secret [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 73 02 e1 a1 dd a6 ec 61 b0 46 af 08 bf c1 51 a3 s......a.F....Q. frag hash2: result [Len: 16] 10 02 08 07 ab a7 1e b6 82 89 bd d1 c6 8b c9 99 ................Append the result above to the plaintext handshake message (above), compress (null), and encrypt, and add the record header, producing the following record:
send (encrypted) record data: [Len: 270] + 17 03 00 01 09 c4 76 04 8a 19 9e 74 af 29 c5 8c ......v....t.).. + 1d 98 fe 2a 58 43 51 a5 57 b8 f1 8e 98 1b 47 fb ...*XCQ.W.....G. + a4 b7 50 bb 0a 15 d2 04 ec 6c 3a f6 2e b0 de f6 ..P......l:..... + 46 dc a3 ec b9 56 99 35 be c0 20 eb 99 8f f1 a6 F....V.5.. ..... + dc a3 da 2b f1 cd 03 b7 48 20 7c 91 64 f1 93 7e ...+....H |.d..~ + 0f 78 f3 72 66 4e 7a ea 55 ff d7 48 6a 7e 26 8c .x.rfNz.U..Hj~&. + e3 26 b9 f1 56 0d a0 30 44 43 6c 21 90 4f 95 14 .&..V..0DCl!.O.. + 59 3d 0a 5d 14 4b cb a2 11 06 56 1e bd cd ad db Y=.].K....V..... + a3 c4 29 88 91 f5 46 2f ca cc 5d a4 27 a5 05 57 ..)...F/..].'..W + a4 bb cd 2c ae 38 45 bb 35 94 fa 23 ee 19 bc 78 ...,.8E.5..#...x + 49 1f 20 19 d1 2a c9 2c e5 dc 73 9c 87 a6 2a 76 I. ..*.,..s...*v + 4f 52 5a 7b 39 ef b0 a7 38 61 68 83 08 ee 6c 3a ORZ{9...8ah...l: + e7 f9 de a9 b5 7a cc a4 7d 3e f5 92 df f9 dd f4 .....z..}>...... + c4 2c 20 aa 5e 81 97 7e 9e c7 29 29 fc b2 24 e1 ., .^..~..))..$. + 17 95 da d9 28 1b 3f d4 fb cd 96 fa a9 74 54 eb ....(.?......tT. + 37 50 33 7b 2e 93 27 66 43 b2 f1 23 b7 78 27 87 7P3{..'fC..#.x'. + 0d 58 b4 19 22 33 89 d1 c8 e5 6a cd b6 72 .X.."3....j..r
Server Application Data Record
In this example, the server's response is sent in three successive application_data records. Each of them is received, decrypted, and MAC verified.raw gather data: [Len: 5] + 17 03 00 00 84 ..... ciphertext: [Len: 132] + dc 70 e3 78 28 86 fd a2 9c 74 d9 e9 98 26 ec e2 .p.x(....t...&.. + 5c 6f 03 60 56 37 8c d7 c0 e2 da 3b b9 9b 9f ef \o.`V7.....;.... + dc 8e 2e 53 36 9b 82 d9 0f 7e e7 ed b9 bb 2f a2 ...S6....~..../. + ba dc cf 22 99 a7 cd ec e9 51 ec 58 c7 98 2e 80 ...".....Q.X.... + d2 c2 c5 f5 5c dd b9 3c 18 76 23 7d 57 37 c7 41 ....\..<.v#}W7.A + b3 11 0b 50 d9 1c ff 0e 6a 3b 2b fb 95 43 df 83 ...P....j;+..C.. + 5d 73 c5 28 c3 18 1d 06 7b 03 69 f0 f8 79 19 dc ]s.(....{.i..y.. + 34 93 d5 6d a3 5f 32 da 55 ca d0 d8 0f 91 8d dc 4..m._2.U....... + 42 26 f5 f8 B&..Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
plaintext: [Len: 132] 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d HTTP/1.0 200 OK. 0a 53 65 72 76 65 72 3a 20 4e 65 74 73 63 61 70 .Server: Netscap 65 2d 45 6e 74 65 72 70 72 69 73 65 2f 32 2e 30 e-Enterprise/2.0 61 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 32 36 a..Date: Tue, 26 20 41 75 67 20 31 39 39 37 20 32 32 3a 31 30 3a Aug 1997 22:10: 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 05 GMT..Content- 74 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e type: text/plain 0d 0a 0d 0a 57 5a 74 6e 38 c0 20 2e 7e ff ca 3c ....WZtn8. .~..< 60 a5 2b 5e `.+^Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 01 17 00 74 ..........t frag hash1: input [Len: 116] 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d HTTP/1.0 200 OK. 0a 53 65 72 76 65 72 3a 20 4e 65 74 73 63 61 70 .Server: Netscap 65 2d 45 6e 74 65 72 70 72 69 73 65 2f 32 2e 30 e-Enterprise/2.0 61 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 32 36 a..Date: Tue, 26 20 41 75 67 20 31 39 39 37 20 32 32 3a 31 30 3a Aug 1997 22:10: 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 05 GMT..Content- 74 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e type: text/plain 0d 0a 0d 0a .... frag hash2: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 9a 90 1b f7 8d ee 0d 42 8d 85 38 78 e2 6b 58 4a .......B..8x.kXJ frag hash2: result [Len: 16] 57 5a 74 6e 38 c0 20 2e 7e ff ca 3c 60 a5 2b 5e WZtn8. .~..<`.+^Note that the computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
The server's response is passed up to SSL's client (the browser).
The second of the server's three application data records is received and processed. It merely echos the client's request.
raw gather data: [Len: 5] + 17 03 00 01 09 ..... ciphertext: [Len: 265] + 0b 3d ed 7a 32 51 45 37 96 c0 01 0c 2b 8d ad 55 .=.z2QE7....+..U + a3 f3 5c 46 17 36 de 2e 08 62 11 2f c3 4d 34 2e ..\F.6...b./.M4. + 04 9e 7a 06 06 d6 23 f9 dc 9c c8 b4 9c 61 f4 2a ..z...#......a.* + cd be ea f4 46 b1 95 bf 13 40 87 b0 89 f1 02 70 ....F....@.....p + ff 80 ea 70 8d cf 99 4f 00 21 28 9b cc b4 d5 11 ...p...O.!(..... + 4c 25 cc 57 a4 d3 7a 58 59 c3 11 26 ce 01 55 7b L%.W..zXY..&..U{ + d0 8a a0 f8 cc e1 a7 c5 c3 16 14 04 a7 b5 88 58 ...............X + d3 1d ad f6 ef a4 23 f8 38 af 9f 45 0c 38 14 0d ......#.8..E.8.. + dc 10 af b3 b2 f3 41 a4 e4 f0 f1 07 b1 61 92 20 ......A......a. + f5 b0 78 64 7e 42 74 62 5f 34 a4 cf 4c b8 54 69 ..xd~Btb_4..L.Ti + d3 55 84 bb 10 c4 47 90 d6 29 af aa f5 9c fb b8 .U....G..)...... + 40 78 7e 55 d7 b1 a2 19 32 eb 2a dd 46 9d 54 22 @x~U....2.*.F.T" + bc 40 ac 30 50 12 ee c3 97 ea 60 90 c6 d0 ac e5 .@.0P.....`..... + 0d 17 86 d0 ad dd 4a 71 07 e8 89 38 f2 1c c8 06 ......Jq...8.... + 78 3e e7 a4 d5 7f bb a1 e7 71 90 4e de 92 14 9d x>.......q.N.... + 69 6a bb 7e ce 69 39 05 28 3a aa 5d cf c2 99 d7 ij.~.i9.(:.].... + 3d a4 d6 88 46 e2 08 93 ef =...F....Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 265] 47 45 54 20 2f 62 61 72 20 48 54 54 50 2f 31 2e GET /bar HTTP/1. 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 0..Connection: K 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d eep-Alive..User- 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 Agent: Mozilla/4 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 3b .02 [en] (WinNT; 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f 75 U)..Host: bijou 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d 0a .mcom.com:1999.. 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 69 Accept: image/gi 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 6d f, image/x-xbitm 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c 20 ap, image/jpeg, 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f 2a image/pjpeg, */* 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 ..Accept-Languag 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c 65 e: en-US,en-GB,e 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 65 n..Accept-Charse 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a 2c t: iso-8859-1,*, 75 74 66 2d 38 0d 0a 0d 0a f9 be 24 8a ea 60 d4 utf-8......$..`. d7 f2 7c 08 48 7c e0 7b a2 ..|.H|.{.Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 02 17 00 f9 ........... frag hash1: input [Len: 249] 47 45 54 20 2f 62 61 72 20 48 54 54 50 2f 31 2e GET /bar HTTP/1. 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 0..Connection: K 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d eep-Alive..User- 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 Agent: Mozilla/4 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 3b .02 [en] (WinNT; 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f 75 U)..Host: bijou 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d 0a .mcom.com:1999.. 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 69 Accept: image/gi 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 6d f, image/x-xbitm 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c 20 ap, image/jpeg, 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f 2a image/pjpeg, */* 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 ..Accept-Languag 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c 65 e: en-US,en-GB,e 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 65 n..Accept-Charse 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a 2c t: iso-8859-1,*, 75 74 66 2d 38 0d 0a 0d 0a utf-8.... frag hash2: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 4b 0c cb c4 49 33 fa b9 f2 9d ba 76 fc 9e 3d c4 K...I3.....v..=. frag hash2: result [Len: 16] f9 be 24 8a ea 60 d4 d7 f2 7c 08 48 7c e0 7b a2 ..$..`...|.H|.{.Note that the computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
The server's response is passed up to SSL's client (the browser).
The last of the server's three application data records is received and processed.
raw gather data: [Len: 5] + 17 03 00 00 15 ..... ciphertext: [Len: 21] + 3d e9 62 0c d7 bc 81 77 a0 30 d0 45 cb fc 33 ee =.b....w.0.E..3. + 69 16 de 01 85 i....Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 21] 45 4f 46 0d 0a 8a a9 26 31 b0 33 e9 2f 61 26 d7 EOF....&1.3./a&. 83 37 73 d6 8c .7s..Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 03 17 00 05 ........... frag hash1: input [Len: 5] 45 4f 46 0d 0a EOF.. frag hash2: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 04 d8 27 33 a0 9d 46 cc c4 80 8d ef 03 37 0c 33 ..'3..F......7.3 frag hash2: result [Len: 16] 8a a9 26 31 b0 33 e9 2f 61 26 d7 83 37 73 d6 8c ..&1.3./a&..7s..Note that the computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
The server's response is passed up to SSL's client (the browser).
Server Close_Notify Alert Record
The server sends a "close notify" alert record to tell the client it is done. The alert records are described in the SSL 3 spec, section 7.4. This is not a handshake, and is not included in handshake hashes.raw gather data: [Len: 5] + 15 03 00 00 12 ..... ciphertext: [Len: 18] + 47 5a 85 6b 9d 95 81 31 4c b5 be a5 1a 37 4e 57 GZ.k...1L....7NW + 8a 6c .lDecrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 18] 01 00 ad 03 db ab a3 d2 22 08 ed cd e3 7f 5b 09 ........".....[. 45 23 E#Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 04 15 00 02 ........... frag hash1: input [Len: 2] 01 00 .. frag hash2: MAC secret [Len: 16] 6f 17 44 17 18 5a 6c c3 80 a1 fa b1 3f e6 49 ef o.D..Zl.....?.I. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 61 53 a2 5c 8d 3f e7 aa 2c cb 62 66 0d bb f9 a9 aS.\.?..,.bf.... frag hash2: result [Len: 16] ad 03 db ab a3 d2 22 08 ed cd e3 7f 5b 09 45 23 ......".....[.E#The computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
handle alert record received alert, level = 1, description = 0 ssl_recv EOF
Client Close_Notify Alert Record
The client replies to the server's close_notify alert by sending back a close_notify alert of its own. This is not a handshake, and is not included in handshake hashes. The server typically does not receive this, because it has already closed its SSL socket.send alert record, level=1 desc=0 SendPlainText record type: alert (21) bytes=2 Send PlainText record [Len: 2] 01 00 ..Compute the MAC on the alert. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 02 15 00 02 ........... frag hash1: input [Len: 2] 01 00 .. frag hash2: MAC secret [Len: 16] 7d d8 c8 49 57 e0 9c 20 27 de b7 e3 cb 17 cf 02 }..IW.. '....... frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] a0 d5 e3 20 2c dd 9b 2f c4 51 50 18 ef ab ac cc ... ,../.QP..... frag hash2: result [Len: 16] c8 3c 92 c4 fc 2d 7a 2c 52 ae ac 3d d8 7a 44 6d .<...-z,R..=.zDmAppend the result above to the plaintext alert message (above), compress (null), and encrypt, and add the record header, producing the following record:
send (encrypted) record data: [Len: 23] + 15 03 00 00 12 9e 2b b3 21 2b db aa 0b 44 10 60 ......+.!+...D.` + 4b 4f e9 d8 29 99 5b KO..).[ closing, rv=0 errno=10035The client closes the connection.
Second connection, "resuming" the first one.
SSL V3 client_hello Handshake
Unlike the first connection above, the second connection begins with a SSL V3 client_hello handshake message, as described in the SSL 3 spec, section 7.6.1.new socket connect completed, starting handshake sending client-hello start handshake hashesThe initialized handshake hashes contain:
MD5 state: 67452301 efcdab89 98badcfe 10325476 MD5_TraceState: buffered input [Len: 0] SHA1 state: 67452301 efcdab89 98badcfe 10325476 c3d2e1f0 SHA1_TraceState: buffered input [Len: 0]The client determines that it has previously had a connection with this same server, and so re-uses the session ID from that previous connection.
client, found session-id: [Len: 32] 00 00 4f 47 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f ..OG..I.{.Aq_6.o 7d a2 31 fa 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c }.1.%..E<......\The Client Hello message is now composed as follows. The entire message is included in the handshake hashes.
append handshake header: type client_hello (1) 01 . 00 00 51 ..Q 03 00 .. client random: [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. session ID len: [Len: 1] 20 session ID: [Len: 32] 00 00 4f 47 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f ..OG..I.{.Aq_6.o 7d a2 31 fa 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c }.1.%..E<......\ cipher suite list len: [Len: 2] 00 0a .. cipher suite list: [Len: 2] 00 04 .. 00 0a .. 00 09 .. 00 03 .. 00 06 .. compression method list len: [Len: 1] 01 . compression method list: [Len: 1] 00 .After hashing the client_hello, the handshake hashes are:
MD5 state: 2badc495 946672c9 16e88abe a4b94974 MD5_TraceState: buffered input [Len: 21] 0e d9 e7 d4 d2 86 5c 00 0a 00 04 00 0a 00 09 00 ......\......... 03 00 06 01 00 ..... SHA1 state: 5a4163b5 e6b905a0 e0396a8e f116b66c e144dda4 SHA1_TraceState: buffered input [Len: 21] 0e d9 e7 d4 d2 86 5c 00 0a 00 04 00 0a 00 09 00 ......\......... 03 00 06 01 00 ..... SendPlainText record type: handshake (22) bytes=85 Send PlainText record [Len: 85] 01 00 00 51 03 00 34 03 61 67 b0 2b 37 0b 11 06 ...Q..4.ag.+7... 49 07 f0 13 93 7d 57 ca e1 2d 10 99 67 a2 7c b9 I....}W..-..g.|. 61 e8 1d 4e 70 85 20 00 00 4f 47 95 8f 49 f8 7b a..Np. ..OG..I.{ d8 41 71 5f 36 f9 6f 7d a2 31 fa 25 07 8e 45 3c .Aq_6.o}.1.%..E< 0e d9 e7 d4 d2 86 5c 00 0a 00 04 00 0a 00 09 00 ......\......... 03 00 06 01 00 ..... send (unencrypted) record data: [Len: 90] + 16 03 00 00 55 01 00 00 51 03 00 34 03 61 67 b0 ....U...Q..4.ag. + 2b 37 0b 11 06 49 07 f0 13 93 7d 57 ca e1 2d 10 +7...I....}W..-. + 99 67 a2 7c b9 61 e8 1d 4e 70 85 20 00 00 4f 47 .g.|.a..Np. ..OG + 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. + 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 0a 00 04 %..E<......\.... + 00 0a 00 09 00 03 00 06 01 00 ..........
Server Hello Handshake
The Server replies with three records,- a record containing a server_hello handshake
- a change_cipher_spec record
- a record containing a server_hello_done handshake
Our trace begins with the processing of the server_hello handshake.
raw gather data: [Len: 5] + 16 03 00 00 4a ....J plaintext: [Len: 74] + 02 00 00 46 03 00 34 03 61 67 c6 79 d1 3e 7f 61 ...F..4.ag.y.>.a + 0d 7a 32 fb b2 67 3d a8 d7 32 7e 53 3f fc 29 4b .z2..g=..2~S?.)K + 2c e5 29 1f 31 e8 20 00 00 4f 47 95 8f 49 f8 7b ,.).1. ..OG..I.{ + d8 41 71 5f 36 f9 6f 7d a2 31 fa 25 07 8e 45 3c .Aq_6.o}.1.%..E< + 0e d9 e7 d4 d2 86 5c 00 04 00 ......\... handle handshake message: server_hello (2)Hash the received handhshake message into the handshake hashes.
MD5 & SHA handshake hash input: [Len: 4] 02 00 00 46 ...F MD5 & SHA handshake hash input: [Len: 70] 03 00 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb ..4.ag.y.>.a.z2. b2 67 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f .g=..2~S?.)K,.). 31 e8 20 00 00 4f 47 95 8f 49 f8 7b d8 41 71 5f 1. ..OG..I.{.Aq_ 36 f9 6f 7d a2 31 fa 25 07 8e 45 3c 0e d9 e7 d4 6.o}.1.%..E<.... d2 86 5c 00 04 00 ..\...After hashing the server_hello handshake, the hashshake hashes are:
MD5 state: bfc4f833 2d0e5fe7 daa0ae68 abbc91fe MD5_TraceState: buffered input [Len: 31] 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 %..E<......\... SHA1 state: f09eb308 10e1d22c dfe27d00 a526a933 a84f7444 SHA1_TraceState: buffered input [Len: 31] 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 %..E<......\...The server_hello message is parsed this way:
handle server_hello handshake consume bytes: [Len: 2] 03 00 .. server random: [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. session ID len: [Len: 1] 20 session ID: [Len: 32] 00 00 4f 47 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f ..OG..I.{.Aq_6.o 7d a2 31 fa 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c }.1.%..E<......\ cipher suite: [Len: 2] 00 04 .. compression: [Len: 1] 00 . Set Pending Cipher Suite to 0x0004 -- SSL_RSA_WITH_RC4_128_MD5Since the server has responded with the same sesion ID as the client sent, the client and server may now both proceed to compute the new "key block" from the Master secret (saved from the previous session) and the new client and server random values exchanged in the hello messages. The pre-master secret is hashed with the server-random and client-random numbers and the "mixers" to produce the master secret, as described in section 8.1 of the SSL 3.0 spec. Here are the steps involved. The intermediate SHA hash results are shown in these steps, as inputs to the successive MD5 hashes. After computing the new key block, the client and server will derive new MAC secrets, keys, and IVs from the new key block.
Begin first keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 1] 41 A keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] d7 55 b2 e4 18 a3 f6 80 2b c8 7f bc ab c3 a3 05 .U......+....... 23 a0 fb c7 #... First MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... Begin second keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 2] 42 42 BB keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] a7 e4 39 71 2e 12 93 11 29 17 92 e5 63 e1 66 07 ..9q....)...c.f. 7c ce a8 a7 |... Second MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. Begin third keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 3] 43 43 43 CCC keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] 1f 17 99 2d 0b e7 05 f7 87 c3 cd 49 41 d5 8d ae ...-.......IA... ce cd 18 c7 .... Third MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 45 92 f5 ce e7 03 d0 88 d7 c4 7e c0 88 33 18 4c E.........~..3.L Begin fourth keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 4] 44 44 44 44 DDDD keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] f5 f3 5d 6c f1 3b fd 13 2b 67 9b f1 bd f6 93 60 ..]l.;..+g.....` 62 fe 07 81 b... Fourth MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 86 04 66 f4 39 2a 49 64 22 08 77 92 bd 5c be f5 ..f.9*Id".w..\.. Begin fifth keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 5] 45 45 45 45 45 EEEEE keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] a9 95 98 65 0a 5e a6 57 12 55 00 e6 f5 0d bc a2 ...e.^.W.U...... 96 cc b4 6b ...k Fifth MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 9f 18 95 fd c9 17 d5 f0 fd 13 76 98 73 84 9e fc ..........v.s... Begin sixth keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 6] 46 46 46 46 46 46 FFFFFF keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] 0c 3b 93 15 d5 e4 c6 1e 7b d7 cc 41 59 3c 73 6d .;......{..AY<sm eb 4c f3 53 .L.S Sixth MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] 80 4c 1b b2 6e 95 e1 9f 56 b6 d4 93 62 2a ae a8 .L..n...V...b*.. Begin seventh keyblock SHA/MD5 hash: keygen SHA hash: mixers [Len: 7] 47 47 47 47 47 47 47 GGGGGGG keygen SHA hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen SHA hash: server random [Len: 32] 34 03 61 67 c6 79 d1 3e 7f 61 0d 7a 32 fb b2 67 4.ag.y.>.a.z2..g 3d a8 d7 32 7e 53 3f fc 29 4b 2c e5 29 1f 31 e8 =..2~S?.)K,.).1. keygen SHA hash: client random [Len: 32] 34 03 61 67 b0 2b 37 0b 11 06 49 07 f0 13 93 7d 4.ag.+7...I....} 57 ca e1 2d 10 99 67 a2 7c b9 61 e8 1d 4e 70 85 W..-..g.|.a..Np. keygen MD5 hash: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o keygen MD5 hash: SHA hash output [Len: 20] 04 b4 50 53 ab 10 9f ae 74 54 66 2f ad e2 26 46 ..PS....tTf/..&F ab c9 bc db .... Seventh MD5 result: keygen MD5 hash: MD5 hash output [Len: 16] af ce c6 e5 1f 2d 09 a2 0a 90 f9 c4 e3 a5 5d cc .....-........].Concatenate the above seven MD5 hash results to produce the "key block":
key block: [Len: 112] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. 45 92 f5 ce e7 03 d0 88 d7 c4 7e c0 88 33 18 4c E.........~..3.L 86 04 66 f4 39 2a 49 64 22 08 77 92 bd 5c be f5 ..f.9*Id".w..\.. 9f 18 95 fd c9 17 d5 f0 fd 13 76 98 73 84 9e fc ..........v.s... 80 4c 1b b2 6e 95 e1 9f 56 b6 d4 93 62 2a ae a8 .L..n...V...b*.. af ce c6 e5 1f 2d 09 a2 0a 90 f9 c4 e3 a5 5d cc .....-........].Now, divide up the key block, producing the mac secrets, write keys, and (for block-mode ciphers) the write IVs. Since this is NOT an "export" client, Write keys and IVs are taken directly from the "key block", without any additional hash computation. Since this example is using a stream cipher, which requires no IVs, the IV values in the key block are ignored.
client write mac secret: [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... server write mac secret: [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. client write key: [Len: 16] 45 92 f5 ce e7 03 d0 88 d7 c4 7e c0 88 33 18 4c E.........~..3.L server write key: [Len: 16] 86 04 66 f4 39 2a 49 64 22 08 77 92 bd 5c be f5 ..f.9*Id".w..\.. client write iv: [Len: 0] server write iv: [Len: 0]
Server's Change_Cipher_Spec record
Now the server sends its final two records before the application data can be sent. The final two records are:- a Change_cipher_spec record
- a "Finished" handshake record
raw gather data: [Len: 5] + 14 03 00 00 01 ..... plaintext: [Len: 1] + 01 . handle change_cipher_spec record Set Current Read Cipher Suite to Pending
Server's Finished Handshake
The server sends the fully MAC'ed and encrypted finished handshake message.raw gather data: [Len: 5] + 16 03 00 00 38 ....8 ciphertext: [Len: 56] + 53 97 71 48 96 d9 1b f9 e7 86 f7 66 f2 c4 b0 d3 S.qH.......f.... + 09 cb 59 0c 6b 39 a7 8e 2a 31 d1 23 b3 ec 60 85 ..Y.k9..*1.#..`. + 31 32 eb 0e bf 4e ba 63 db a7 55 02 47 a4 dd 12 12...N.c..U.G... + 59 ec c2 a4 65 a9 35 1a Y...e.5.Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 56] 14 00 00 24 b0 4e c6 b5 57 5d ea bb 42 e5 19 5f ...$.N..W]..B.._ 4e d7 0e cf 9d f9 f9 9a d5 86 79 ed 27 66 df da N.........y.'f.. bc 98 de 9b 92 bd 40 3c 78 55 3b 38 52 b8 7f bf ......@<xU;8R... d3 78 c3 2a 9a 40 c5 75 .x.*.@.uThe last 16 bytes of plaintext above are (ostensibly) the sender's MAC. Compute the MAC on all but the last 16 bytes above, for verification. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 00 16 00 28 ..........( frag hash1: input [Len: 40] 14 00 00 24 b0 4e c6 b5 57 5d ea bb 42 e5 19 5f ...$.N..W]..B.._ 4e d7 0e cf 9d f9 f9 9a d5 86 79 ed 27 66 df da N.........y.'f.. bc 98 de 9b 92 bd 40 3c ......@< frag hash2: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 18 e8 b1 74 7f 88 a2 9f be e8 51 1c 71 77 9f ac ...t......Q.qw.. frag hash2: result [Len: 16] 78 55 3b 38 52 b8 7f bf d3 78 c3 2a 9a 40 c5 75 xU;8R....x.*.@.uNote that the computed MAC matches the last 16 bytes of the plaintext above. The MAC is verified.
Compute the "md5_hash" and "sha_hash" as defined for the "finished" message in section 7.6.9 of the SSL 3.0 spec. In this example, we first compute the "inner" portion of each hash, then compute the "outer" portions.
Compute inner MD5 hash. First, review the current handshake hash state. MD5 state: bfc4f833 2d0e5fe7 daa0ae68 abbc91fe MD5_TraceState: buffered input [Len: 31] 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 %..E<......\... MD5 inner: sender [Len: 4] 53 52 56 52 SRVR MD5 inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 inner: MAC Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 MD5 inner: result [Len: 16] 7c b6 40 4f 42 c5 ea 97 2e e3 c7 8a ad 07 3b 14 |.@OB.........;. Compute inner SHA hash. First, review the current handshake hash state. SHA1 state: f09eb308 10e1d22c dfe27d00 a526a933 a84f7444 SHA1_TraceState: buffered input [Len: 31] 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 %..E<......\... SHA inner: sender [Len: 4] 53 52 56 52 SRVR SHA inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA inner: MAC Pad 1 [Len: 40] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 66666666 SHA inner: result [Len: 20] 25 86 dd d4 79 2c b2 82 33 bd 28 29 fc 3a ed 1b %...y,..3.().:.. 63 e2 e7 5f c.._ Compute the outer MD5 hash: MD5 outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 outer: MAC Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ MD5 outer: MD5 inner [Len: 16] 7c b6 40 4f 42 c5 ea 97 2e e3 c7 8a ad 07 3b 14 |.@OB.........;. MD5 outer: result [Len: 16] b0 4e c6 b5 57 5d ea bb 42 e5 19 5f 4e d7 0e cf .N..W]..B.._N... Compute the outer SHA hash: SHA outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA outer: MAC Pad 2 [Len: 40] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\ SHA outer: SHA inner [Len: 20] 25 86 dd d4 79 2c b2 82 33 bd 28 29 fc 3a ed 1b %...y,..3.().:.. 63 e2 e7 5f c.._ SHA outer: result [Len: 20] 9d f9 f9 9a d5 86 79 ed 27 66 df da bc 98 de 9b ......y.'f...... 92 bd 40 3c ..@<The two outer hashes just computed match those in the plaintext finished message, shown above. So the handshake hashes are verified. Now, include the received "finished" handshake in the handshake hashes. First, review the state of the handshake hashes.
MD5 state: bfc4f833 2d0e5fe7 daa0ae68 abbc91fe MD5_TraceState: buffered input [Len: 31] 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 %..E<......\... SHA1 state: f09eb308 10e1d22c dfe27d00 a526a933 a84f7444 SHA1_TraceState: buffered input [Len: 31] 95 8f 49 f8 7b d8 41 71 5f 36 f9 6f 7d a2 31 fa ..I.{.Aq_6.o}.1. 25 07 8e 45 3c 0e d9 e7 d4 d2 86 5c 00 04 00 %..E<......\... handle handshake message: finished (20) MD5 & SHA handshake hash input: [Len: 4] 14 00 00 24 ...$ MD5 & SHA handshake hash input: [Len: 36] b0 4e c6 b5 57 5d ea bb 42 e5 19 5f 4e d7 0e cf .N..W]..B.._N... 9d f9 f9 9a d5 86 79 ed 27 66 df da bc 98 de 9b ......y.'f...... 92 bd 40 3c ..@<After hashing the server's "finished" handshake, the hashshake hashes are:
MD5 state: 5bdcf868 49679674 1c96660b 2a3d78b5 MD5_TraceState: buffered input [Len: 7] 98 de 9b 92 bd 40 3c .....@< SHA1 state: f6f05f53 a3e28eb2 dfb614f7 57b30778 2b88dd55 SHA1_TraceState: buffered input [Len: 7] 98 de 9b 92 bd 40 3c .....@< handle finished handshake
Client's Change_Cipher_Spec Record
The client will now send the server two records,- a change_cipher_spec record
- a "finished" handshake record.
Here is the change_cipher_spec record, which is not encrypted. It is not included in the handshake hashes, because it is not a handshake record.
send change_cipher_spec record SendPlainText record type: change_cipher_spec (20) bytes=1 Send PlainText record [Len: 1] 01 . send (unencrypted) record data: [Len: 6] + 14 03 00 00 01 01 ...... Set Current Write Cipher Suite to Pending
Client's Finished Handshake
Compose and send the client's "finished" handshake record, fully MAC'ed and encrypted, according to the SSL_RSA_WITH_RC4_128_MD5 cipher spec we just began using. Application data may then follow immediately.Before composing the message, the client computes the "md5_hash" and "sha_hash" as defined for the "finished" message in section 7.6.9 of the SSL 3.0 spec. In this example, we first compute the "inner" portion of each hash, then compute the "outer" portions.
Compute inner MD5 hash. First, review the current handshake hash state. MD5 state: 5bdcf868 49679674 1c96660b 2a3d78b5 MD5_TraceState: buffered input [Len: 7] 98 de 9b 92 bd 40 3c .....@< Now, hash inputs to MD5 inner hash: MD5 inner: sender [Len: 4] 43 4c 4e 54 CLNT MD5 inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 inner: MAC Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 Result of inner MD5 hash: MD5 inner: result [Len: 16] 2d a3 27 1b e8 05 c8 f2 3d 47 00 04 ca ab e4 e8 -.'.....=G...... Compute inner SHA hash. First, review the current handshake hash state. SHA1 state: f6f05f53 a3e28eb2 dfb614f7 57b30778 2b88dd55 SHA1_TraceState: buffered input [Len: 7] 98 de 9b 92 bd 40 3c .....@< Now, hash inputs to inner SHA hash: SHA inner: sender [Len: 4] 43 4c 4e 54 CLNT SHA inner: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA inner: MAC Pad 1 [Len: 40] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 66666666 Result of inner SHA hash: SHA inner: result [Len: 20] bf 7b 86 d1 ac c4 c4 80 9a 57 1c 10 1f 87 77 92 .{.......W....w. d6 8f 9c a9 .... Compute outer MD5 hash: MD5 outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o MD5 outer: MAC Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ MD5 outer: MD5 inner [Len: 16] 2d a3 27 1b e8 05 c8 f2 3d 47 00 04 ca ab e4 e8 -.'.....=G...... Result of outer MD5 hash: MD5 outer: result [Len: 16] c1 f0 64 4e 4b 70 cc c0 7a 00 9c d4 28 38 24 70 ..dNKp..z...(8$p Compute outer SHA hash: SHA outer: master secret [Len: 48] 14 49 96 2b 10 69 b9 d0 66 83 fc 06 64 a2 3f 34 .I.+.i..f...d.?4 6d 1f 21 70 7f 29 f7 0b 0e e8 a9 63 11 d8 fc 46 m.!p.).....c...F 8d 38 38 11 c1 a4 82 18 9f 8b 4b 16 d6 eb fa 6f .88.......K....o SHA outer: MAC Pad 2 [Len: 40] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\ SHA outer: SHA inner [Len: 20] bf 7b 86 d1 ac c4 c4 80 9a 57 1c 10 1f 87 77 92 .{.......W....w. d6 8f 9c a9 .... Result of outer SHA hash: SHA outer: result [Len: 20] a2 f9 82 e5 b1 01 c3 47 5a 03 4c 06 84 f1 53 51 .......GZ.L...SQ 2b 20 b6 2f + ./Now that we've completed the hash computations for the "finished" message, compose the message, and include the body of the handshake message in the "handshake hashes". First, we review the previous values of the "handshake hashes".
MD5 state: 5bdcf868 49679674 1c96660b 2a3d78b5 MD5_TraceState: buffered input [Len: 7] 98 de 9b 92 bd 40 3c .....@< SHA1 state: f6f05f53 a3e28eb2 dfb614f7 57b30778 2b88dd55 SHA1_TraceState: buffered input [Len: 7] 98 de 9b 92 bd 40 3c .....@<Now include the "finished" handshake in the hashes.
append handshake header: type finished (20) MD5 & SHA handshake hash input: [Len: 1] 14 . MD5 & SHA handshake hash input: [Len: 3] 00 00 24 ..$ MD5 & SHA handshake hash input: [Len: 36] c1 f0 64 4e 4b 70 cc c0 7a 00 9c d4 28 38 24 70 ..dNKp..z...(8$p a2 f9 82 e5 b1 01 c3 47 5a 03 4c 06 84 f1 53 51 .......GZ.L...SQ 2b 20 b6 2f + ./The handshake hash results are not used after the second finished message is sent.
SendPlainText record type: handshake (22) bytes=40 Send PlainText record [Len: 40] 14 00 00 24 c1 f0 64 4e 4b 70 cc c0 7a 00 9c d4 ...$..dNKp..z... 28 38 24 70 a2 f9 82 e5 b1 01 c3 47 5a 03 4c 06 (8$p.......GZ.L. 84 f1 53 51 2b 20 b6 2f ..SQ+ ./Since the SSL_RSA_WITH_RC4_128_MD5 cipher suite is now in effect, the message must be MAC'ed. The MAC on the client's plaintext "finished" handshake message is computed according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 00 16 00 28 ..........( frag hash1: input [Len: 40] 14 00 00 24 c1 f0 64 4e 4b 70 cc c0 7a 00 9c d4 ...$..dNKp..z... 28 38 24 70 a2 f9 82 e5 b1 01 c3 47 5a 03 4c 06 (8$p.......GZ.L. 84 f1 53 51 2b 20 b6 2f ..SQ+ ./ frag hash2: MAC secret [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] d9 6e a9 bf 4c 7f 23 27 23 b8 70 19 87 3d eb 9c .n..L.#'#.p..=.. frag hash2: result [Len: 16] 8c f9 5e 99 cf 47 50 f7 be a8 33 50 d9 ae b3 6a ..^..GP...3P...jAppend the result above to the plaintext handshake message (above), compress (null), and encrypt, and add the record header, producing the following record:
send (encrypted) record data: [Len: 61] + 16 03 00 00 38 a7 f5 c3 b9 9a c3 d0 83 37 38 bb ....8........78. + 75 c4 0c 05 47 53 0b ed 31 f6 a1 b8 72 9e c4 43 u...GS..1...r..C + ed f4 9b 3a df 36 48 89 d1 2d 49 eb af ff f5 7f ...:.6H..-I..... + 35 4a 8d 3a 06 f5 7d 8a cf 74 cc 25 0f 5J.:..}..t.%.The handshakes are completed.
Client Application Data Record
The client sends the first application data record, the HTTP request. It is not included in handshake hashes because it is not a handshake. It is MAC'ed and encrypted, per the cipher spec now in use.sending 250 bytes of saved data SendPlainText record type: application_data (23) bytes=250 Send PlainText record [Len: 250] 47 45 54 20 2f 62 61 72 32 20 48 54 54 50 2f 31 GET /bar2 HTTP/1 2e 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 .0..Connection: 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 Keep-Alive..User 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f -Agent: Mozilla/ 34 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 4.02 [en] (WinNT 3b 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f ; U)..Host: bijo 75 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d u.mcom.com:1999. 0a 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 .Accept: image/g 69 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 if, image/x-xbit 6d 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c map, image/jpeg, 20 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f image/pjpeg, */ 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 *..Accept-Langua 67 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c ge: en-US,en-GB, 65 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 en..Accept-Chars 65 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a et: iso-8859-1,* 2c 75 74 66 2d 38 0d 0a 0d 0a ,utf-8....Compute the MAC on the plaintext application data message. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 01 17 00 fa ........... frag hash1: input [Len: 250] 47 45 54 20 2f 62 61 72 32 20 48 54 54 50 2f 31 GET /bar2 HTTP/1 2e 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 .0..Connection: 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 Keep-Alive..User 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f -Agent: Mozilla/ 34 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 4.02 [en] (WinNT 3b 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f ; U)..Host: bijo 75 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d u.mcom.com:1999. 0a 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 .Accept: image/g 69 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 if, image/x-xbit 6d 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c map, image/jpeg, 20 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f image/pjpeg, */ 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 *..Accept-Langua 67 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c ge: en-US,en-GB, 65 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 en..Accept-Chars 65 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a et: iso-8859-1,* 2c 75 74 66 2d 38 0d 0a 0d 0a ,utf-8.... frag hash2: MAC secret [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] a0 aa 59 b3 91 cb 74 05 df 28 44 9f 5b 50 eb 0a ..Y...t..(D.[P.. frag hash2: result [Len: 16] 48 c1 ce 0c 32 00 b2 a6 b3 f5 36 98 63 ba 55 04 H...2.....6.c.U.Append the result above to the plaintext handshake message (above), compress (null), and encrypt, and add the record header, producing the following record:
send (encrypted) record data: [Len: 271] + 17 03 00 01 0a 25 6c 43 a5 18 b1 6c 5b a5 06 59 .....%lC...l[..Y + 27 7a 0e 26 f6 32 aa f6 c4 f3 de bf 2c 35 66 9b 'z.&.2......,5f. + dd a2 77 71 75 37 08 38 08 75 3e 8c 00 86 46 1a ..wqu7.8.u>...F. + b4 bb fb 2e 85 d0 ce ae ac 23 9f 95 95 cd ba 98 .........#...... + 14 3f ba b3 16 80 ad 21 d2 1c 8e 18 b9 26 e3 01 .?.....!.....&.. + 15 e8 0a a6 f2 5d 16 ca 9d 64 8c f6 bf e1 86 6d .....]...d.....m + 90 d3 d1 a6 be 4a 4e 77 56 1c c7 46 eb 05 79 ff .....JNwV..F..y. + 81 87 4f 3f 36 09 82 f2 70 22 2b c8 08 4c 02 b0 ..O?6...p"+..L.. + d7 09 8e 66 43 a2 a2 d8 8a 56 90 f4 21 9d c7 8b ...fC....V..!... + 7d 7a 38 2b 93 dd dd 04 f7 f2 f8 36 51 ad 57 1e }z8+.......6Q.W. + c3 30 ba aa 9a fa af 1d de ae 56 4a 71 a1 74 94 .0........VJq.t. + 37 ea a6 27 e9 d8 62 c9 61 6b ab f6 1d 4d 6f 00 7..'..b.ak...Mo. + d4 54 77 3b 0f b8 d8 e2 40 5f 9c 10 8d 65 5c 25 .Tw;....@_...e\% + e5 ea 6f 84 12 cb b0 a3 c2 aa ce 1e 5e f2 d7 9f ..o.........^... + 95 da 3e d3 26 3c 24 5f 75 47 b3 65 29 ee ff 89 ..>.&<$_uG.e)... + e5 56 01 c0 ab 5a fe a4 d0 cc f6 e4 5a 91 e5 9d .V...Z......Z... + 78 93 54 72 5b 45 95 de 0b c8 34 c3 e2 8f 65 x.Tr[E....4...e
Server Application Data Record
Again in this example, the server's response is sent in three successive application_data records. Each of them is received, decrypted, and MAC verified.raw gather data: [Len: 5] + 17 03 00 00 84 ..... ciphertext: [Len: 132] + 92 d5 e9 e1 99 0b 91 94 f3 03 93 10 69 aa 6b 5f ............i.k_ + 6e a4 4d 77 b5 e4 ac 7e 3f f8 16 67 68 a7 f5 a8 n.Mw...~?..gh... + 86 7b 5d 4e ed c5 93 e1 ef 8f 2b 77 4d e9 99 9e .{]N......+wM... + 6b f6 ac a1 47 24 4c da 64 13 54 88 be 7d ef 00 k...G$L.d.T..}.. + 70 9a 87 f4 7d 7c fb 13 f3 41 de e6 46 05 c3 c8 p...}|...A..F... + b7 1b 44 20 c5 0f e2 40 7a 8b 4d c2 de 5a 87 55 ..D ...@z.M..Z.U + b5 66 e4 8c 74 6c 37 d0 10 97 e3 87 2e 27 ac 54 .f..tl7......'.T + ef 93 b5 32 bb c8 a9 7a 4e ab d6 3d e8 3e b7 06 ...2...zN..=.>.. + 74 66 0d 66 tf.fDecrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 132] 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d HTTP/1.0 200 OK. 0a 53 65 72 76 65 72 3a 20 4e 65 74 73 63 61 70 .Server: Netscap 65 2d 45 6e 74 65 72 70 72 69 73 65 2f 32 2e 30 e-Enterprise/2.0 61 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 32 36 a..Date: Tue, 26 20 41 75 67 20 31 39 39 37 20 32 32 3a 31 30 3a Aug 1997 22:10: 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 05 GMT..Content- 74 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e type: text/plain 0d 0a 0d 0a ae 54 8b 86 55 99 9d e2 44 b9 97 d6 .....T..U...D... 9a b3 ff 58 ...XCompute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 01 17 00 74 ..........t frag hash1: input [Len: 116] 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d HTTP/1.0 200 OK. 0a 53 65 72 76 65 72 3a 20 4e 65 74 73 63 61 70 .Server: Netscap 65 2d 45 6e 74 65 72 70 72 69 73 65 2f 32 2e 30 e-Enterprise/2.0 61 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 32 36 a..Date: Tue, 26 20 41 75 67 20 31 39 39 37 20 32 32 3a 31 30 3a Aug 1997 22:10: 30 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 05 GMT..Content- 74 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e type: text/plain 0d 0a 0d 0a .... frag hash2: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 33 14 e3 68 ff c6 fc 35 c4 bd cc 25 57 92 f3 19 3..h...5...%W... frag hash2: result [Len: 16] ae 54 8b 86 55 99 9d e2 44 b9 97 d6 9a b3 ff 58 .T..U...D......XNote that the computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
The server's response is passed up to SSL's client (the browser).
The second of the server's three application data records is received and processed. It merely echos the client's request.
raw gather data: [Len: 5] + 17 03 00 01 0a ..... ciphertext: [Len: 266] + 69 b3 9d 24 1d 52 98 31 2e 74 f1 53 ce 17 48 51 i..$.R.1.t.S..HQ + 21 b8 6a 33 57 d7 23 a1 03 d2 10 74 b7 de 82 fa !.j3W.#....t.... + fa 05 bf 2a 63 8e 24 cf 69 74 0b ab 91 c6 1b 53 ...*c.$.it.....S + bf cd e6 86 3a 2c 5b b0 10 b4 45 02 51 88 62 0d ....:,[...E.Q.b. + 90 e6 46 1e 0b 76 db 7f af 94 cb 91 b0 06 90 1a ..F..v.......... + ec a6 43 39 05 90 55 93 0f 57 69 91 c3 b6 ef 3d ..C9..U..Wi....= + 40 49 73 52 f5 a0 d2 15 87 a4 55 b1 a2 b1 33 00 @IsR......U...3. + b7 91 b6 3f 29 19 ed b7 b2 4f 9a 2a e1 f2 c4 9f ...?)....O.*.... + 9d c8 a3 1a 30 55 9a c4 59 08 d1 d6 8f 8e 2f 08 ....0U..Y...../. + 49 88 35 27 b0 06 d9 cb 5f 27 a9 1e ac ee 89 15 I.5'...._'...... + 19 22 0d 0d a2 f7 24 b8 30 2e 44 32 8f 8c a9 7e ."....$.0.D2...~ + c6 f0 a9 2d df 3d ee 5b b1 c6 80 40 3a b9 eb 37 ...-.=.[...@:..7 + 91 37 26 db 4c cb a0 84 6f 4e e4 42 a0 18 8f e0 .7&.L...oN.B.... + 7e 61 da 74 b6 8e 33 31 ff 38 61 07 53 0a 82 66 ~a.t..31.8a.S..f + d8 3b 13 26 87 21 ff c8 7d 41 49 3f fd 68 d5 c1 .;.&.!..}AI?.h.. + e8 72 ba 5a 90 5c 61 f7 48 b7 6e 34 74 7f dc 51 .r.Z.\a.H.n4t..Q + 0b 86 35 c7 12 e7 e7 60 e1 1b ..5....`..Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 266] 47 45 54 20 2f 62 61 72 32 20 48 54 54 50 2f 31 GET /bar2 HTTP/1 2e 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 .0..Connection: 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 Keep-Alive..User 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f -Agent: Mozilla/ 34 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 4.02 [en] (WinNT 3b 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f ; U)..Host: bijo 75 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d u.mcom.com:1999. 0a 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 .Accept: image/g 69 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 if, image/x-xbit 6d 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c map, image/jpeg, 20 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f image/pjpeg, */ 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 *..Accept-Langua 67 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c ge: en-US,en-GB, 65 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 en..Accept-Chars 65 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a et: iso-8859-1,* 2c 75 74 66 2d 38 0d 0a 0d 0a b0 28 a3 1d aa 0a ,utf-8.....(.... 9e 88 83 68 fb 9a 90 15 20 be ...h.... .Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 02 17 00 fa ........... frag hash1: input [Len: 250] 47 45 54 20 2f 62 61 72 32 20 48 54 54 50 2f 31 GET /bar2 HTTP/1 2e 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 .0..Connection: 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 Keep-Alive..User 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f -Agent: Mozilla/ 34 2e 30 32 20 5b 65 6e 5d 20 28 57 69 6e 4e 54 4.02 [en] (WinNT 3b 20 55 29 0d 0a 48 6f 73 74 3a 20 62 69 6a 6f ; U)..Host: bijo 75 2e 6d 63 6f 6d 2e 63 6f 6d 3a 31 39 39 39 0d u.mcom.com:1999. 0a 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 .Accept: image/g 69 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 if, image/x-xbit 6d 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c map, image/jpeg, 20 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 2a 2f image/pjpeg, */ 2a 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 *..Accept-Langua 67 65 3a 20 65 6e 2d 55 53 2c 65 6e 2d 47 42 2c ge: en-US,en-GB, 65 6e 0d 0a 41 63 63 65 70 74 2d 43 68 61 72 73 en..Accept-Chars 65 74 3a 20 69 73 6f 2d 38 38 35 39 2d 31 2c 2a et: iso-8859-1,* 2c 75 74 66 2d 38 0d 0a 0d 0a ,utf-8.... frag hash2: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] ab 97 67 a7 a4 74 eb c4 d4 27 e3 5c 7b 25 9d 10 ..g..t...'.\{%.. frag hash2: result [Len: 16] b0 28 a3 1d aa 0a 9e 88 83 68 fb 9a 90 15 20 be .(.......h.... .Note that the computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
The server's response is passed up to SSL's client (the browser).
The last of the server's three application data records is received and processed.
raw gather data: [Len: 5] + 17 03 00 00 15 ..... ciphertext: [Len: 21] + cf 1c fb aa ac af e0 a2 fc e1 f4 55 dd d9 47 0c ...........U..G. + 48 fd 2a 7a 1e H.*z.Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 21] 45 4f 46 0d 0a da a3 07 b4 fb 32 34 33 8b 30 2d EOF.......243.0- 1a 60 47 60 13 .`G`.Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 03 17 00 05 ........... frag hash1: input [Len: 5] 45 4f 46 0d 0a EOF.. frag hash2: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] ee 61 64 cc be d5 d8 c8 5b 55 c5 7b b6 40 ca 4d .ad.....[U.{.@.M frag hash2: result [Len: 16] da a3 07 b4 fb 32 34 33 8b 30 2d 1a 60 47 60 13 .....243.0-.`G`.Note that the computed MAC matches the last 16 bytes of the plaintext above. The Server's MAC is verified. Pass the response up to SSL's client.
Server Close_Notify Alert Record
The server sends a "close notify" alert record to tell the client it is done. This is not a handshake, and is not included in handshake hashes.raw gather data: [Len: 5] + 15 03 00 00 12 ..... ciphertext: [Len: 18] + e5 ab 5a 3b 36 78 f7 86 a2 1f 72 ff 94 41 32 e4 ..Z;6x....r..A2. + 73 e9 s.Decrypt(RC4) and uncompress(null) the ciphertext.
plaintext: [Len: 18] 01 00 7b 63 62 73 45 14 fc af 15 7c 90 03 01 58 ..{cbsE....|...X ea 97 ..Compute the MAC on all but the last 16 bytes of the plaintext above. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 04 15 00 02 ........... frag hash1: input [Len: 2] 01 00 .. frag hash2: MAC secret [Len: 16] 69 0c ac 62 85 31 61 10 b1 89 a9 63 81 75 f6 e8 i..b.1a....c.u.. frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 99 fc fe 9e e7 67 42 85 5a dc b8 93 20 86 6d de .....gB.Z... .m. frag hash2: result [Len: 16] 7b 63 62 73 45 14 fc af 15 7c 90 03 01 58 ea 97 {cbsE....|...X..The computed MAC matches the last 16 bytes of the plaintext above. The Client's MAC is verified.
handle alert record received alert, level = 1, description = 0 ssl_recv EOF
Client Close_Notify Alert Record
The client replies to the server's close_notify alert by sending back a close_notify alert of its own. This is not a handshake, and is not included in handshake hashes. The server typically does not receive this, because it has already closed its SSL socket.send alert record, level=1 desc=0 SendPlainText record type: alert (21) bytes=2 Send PlainText record [Len: 2] 01 00 ..Compute the MAC on the alert. This is done according to section 7.2.3.1 of the SSL 3.0 spec.
frag hash1: MAC secret [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... frag hash1: Pad 1 [Len: 48] 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 6666666666666666 frag hash1: temp [Len: 11] 00 00 00 00 00 00 00 02 15 00 02 ........... frag hash1: input [Len: 2] 01 00 .. frag hash2: MAC secret [Len: 16] 5d bf a3 70 d7 f0 8e 2a d2 78 bc 57 82 a6 06 ff ]..p...*.x.W.... frag hash2: Pad 2 [Len: 48] 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c \\\\\\\\\\\\\\\\ frag hash2: hash1 [Len: 16] 08 d2 00 d4 c8 83 9d 79 5a f8 d6 e4 ad 1b dc 3c .......yZ......< frag hash2: result [Len: 16] a1 1d 27 0d a2 0d 28 3a 65 74 93 a0 5e b8 d3 d0 ..'...(:et..^...Append the result above to the plaintext alert message (above), compress (null), and encrypt, and add the record header, producing the following record:
send (encrypted) record data: [Len: 23] + 15 03 00 00 12 ba 59 2b 56 68 29 99 a7 d2 1b e5 ......Y+Vh)..... + 2f 6b d8 db 68 ee ae /k..h.. closing, rv=0 errno=10035
Please direct all questions, suggestions, and comments concerning these traces to Nelson Bolyard.
All general questions about SSL
(that do not directly relate to these trace files)
should be discussed on to the newsgroup mozilla.dev.tech.crypto
$Id: trc-clnt-us.html,v 1.2 2008/02/25 20:14:02 nelson%bolyard.com Exp $