crypto/tls: support renegotiation extension.

The renegotiation extension was introduced[1] due to an attack by Ray in
which a client's handshake was spliced into a connection that was
renegotiating, thus giving an attacker the ability to inject an
arbitary prefix into the connection.

Go has never supported renegotiation as a server and so this attack
doesn't apply. As a client, it's possible that at some point in the
future the population of servers will be sufficiently updated that
it'll be possible to reject connections where the server hasn't
demonstrated that it has been updated to address this problem.

We're not at that point yet, but it's good for Go servers to support
the extension so that it might be possible to do in the future.

[1] https://tools.ietf.org/search/rfc5746

R=golang-codereviews, mikioh.mikioh
CC=golang-codereviews
https://golang.org/cl/48580043

src/pkg/crypto/tls/common.go

@@ -64,7 +64,7 @@ const (
 )
 
 // TLS extension numbers
-var (
+const (
 	extensionServerName          uint16 = 0
 	extensionStatusRequest       uint16 = 5
 	extensionSupportedCurves     uint16 = 10
@@ -72,11 +72,17 @@ var (
 	extensionSignatureAlgorithms uint16 = 13
 	extensionSessionTicket       uint16 = 35
 	extensionNextProtoNeg        uint16 = 13172 // not IANA assigned
+	extensionRenegotiationInfo   uint16 = 0xff01
+)
+
+// TLS signaling cipher suite values
+const (
+	scsvRenegotiation uint16 = 0x00ff
 )
 
 // TLS Elliptic Curves
 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
-var (
+const (
 	curveP256 uint16 = 23
 	curveP384 uint16 = 24
 	curveP521 uint16 = 25
@@ -84,7 +90,7 @@ var (
 
 // TLS Elliptic Curve Point Formats
 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
-var (
+const (
 	pointFormatUncompressed uint8 = 0
 )
 

src/pkg/crypto/tls/handshake_client.go

@@ -22,14 +22,15 @@ func (c *Conn) clientHandshake() error {
 	}
 
 	hello := &clientHelloMsg{
-		vers:               c.config.maxVersion(),
-		compressionMethods: []uint8{compressionNone},
-		random:             make([]byte, 32),
-		ocspStapling:       true,
-		serverName:         c.config.ServerName,
-		supportedCurves:    []uint16{curveP256, curveP384, curveP521},
-		supportedPoints:    []uint8{pointFormatUncompressed},
-		nextProtoNeg:       len(c.config.NextProtos) > 0,
+		vers:                c.config.maxVersion(),
+		compressionMethods:  []uint8{compressionNone},
+		random:              make([]byte, 32),
+		ocspStapling:        true,
+		serverName:          c.config.ServerName,
+		supportedCurves:     []uint16{curveP256, curveP384, curveP521},
+		supportedPoints:     []uint8{pointFormatUncompressed},
+		nextProtoNeg:        len(c.config.NextProtos) > 0,
+		secureRenegotiation: true,
 	}
 
 	possibleCipherSuites := c.config.cipherSuites()

src/pkg/crypto/tls/handshake_messages.go

@@ -7,20 +7,21 @@ package tls
 import "bytes"
 
 type clientHelloMsg struct {
-	raw                []byte
-	vers               uint16
-	random             []byte
-	sessionId          []byte
-	cipherSuites       []uint16
-	compressionMethods []uint8
-	nextProtoNeg       bool
-	serverName         string
-	ocspStapling       bool
-	supportedCurves    []uint16
-	supportedPoints    []uint8
-	ticketSupported    bool
-	sessionTicket      []uint8
-	signatureAndHashes []signatureAndHash
+	raw                 []byte
+	vers                uint16
+	random              []byte
+	sessionId           []byte
+	cipherSuites        []uint16
+	compressionMethods  []uint8
+	nextProtoNeg        bool
+	serverName          string
+	ocspStapling        bool
+	supportedCurves     []uint16
+	supportedPoints     []uint8
+	ticketSupported     bool
+	sessionTicket       []uint8
+	signatureAndHashes  []signatureAndHash
+	secureRenegotiation bool
 }
 
 func (m *clientHelloMsg) equal(i interface{}) bool {
@@ -42,7 +43,8 @@ func (m *clientHelloMsg) equal(i interface{}) bool {
 		bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
 		m.ticketSupported == m1.ticketSupported &&
 		bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
-		eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
+		eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
+		m.secureRenegotiation == m1.secureRenegotiation
 }
 
 func (m *clientHelloMsg) marshal() []byte {
@@ -80,6 +82,10 @@ func (m *clientHelloMsg) marshal() []byte {
 		extensionsLength += 2 + 2*len(m.signatureAndHashes)
 		numExtensions++
 	}
+	if m.secureRenegotiation {
+		extensionsLength += 1
+		numExtensions++
+	}
 	if numExtensions > 0 {
 		extensionsLength += 4 * numExtensions
 		length += 2 + extensionsLength
@@ -114,13 +120,13 @@ func (m *clientHelloMsg) marshal() []byte {
 	}
 	if m.nextProtoNeg {
 		z[0] = byte(extensionNextProtoNeg >> 8)
-		z[1] = byte(extensionNextProtoNeg)
+		z[1] = byte(extensionNextProtoNeg & 0xff)
 		// The length is always 0
 		z = z[4:]
 	}
 	if len(m.serverName) > 0 {
 		z[0] = byte(extensionServerName >> 8)
-		z[1] = byte(extensionServerName)
+		z[1] = byte(extensionServerName & 0xff)
 		l := len(m.serverName) + 5
 		z[2] = byte(l >> 8)
 		z[3] = byte(l)
@@ -224,6 +230,13 @@ func (m *clientHelloMsg) marshal() []byte {
 			z = z[2:]
 		}
 	}
+	if m.secureRenegotiation {
+		z[0] = byte(extensionRenegotiationInfo >> 8)
+		z[1] = byte(extensionRenegotiationInfo & 0xff)
+		z[2] = 0
+		z[3] = 1
+		z = z[5:]
+	}
 
 	m.raw = x
 
@@ -256,6 +269,9 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 	m.cipherSuites = make([]uint16, numCipherSuites)
 	for i := 0; i < numCipherSuites; i++ {
 		m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
+		if m.cipherSuites[i] == scsvRenegotiation {
+			m.secureRenegotiation = true
+		}
 	}
 	data = data[2+cipherSuiteLen:]
 	if len(data) < 1 {
@@ -379,6 +395,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 				m.signatureAndHashes[i].signature = d[1]
 				d = d[2:]
 			}
+		case extensionRenegotiationInfo + 1:
+			if length != 1 || data[0] != 0 {
+				return false
+			}
+			m.secureRenegotiation = true
 		}
 		data = data[length:]
 	}
@@ -387,16 +408,17 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 }
 
 type serverHelloMsg struct {
-	raw               []byte
-	vers              uint16
-	random            []byte
-	sessionId         []byte
-	cipherSuite       uint16
-	compressionMethod uint8
-	nextProtoNeg      bool
-	nextProtos        []string
-	ocspStapling      bool
-	ticketSupported   bool
+	raw                 []byte
+	vers                uint16
+	random              []byte
+	sessionId           []byte
+	cipherSuite         uint16
+	compressionMethod   uint8
+	nextProtoNeg        bool
+	nextProtos          []string
+	ocspStapling        bool
+	ticketSupported     bool
+	secureRenegotiation bool
 }
 
 func (m *serverHelloMsg) equal(i interface{}) bool {
@@ -414,7 +436,8 @@ func (m *serverHelloMsg) equal(i interface{}) bool {
 		m.nextProtoNeg == m1.nextProtoNeg &&
 		eqStrings(m.nextProtos, m1.nextProtos) &&
 		m.ocspStapling == m1.ocspStapling &&
-		m.ticketSupported == m1.ticketSupported
+		m.ticketSupported == m1.ticketSupported &&
+		m.secureRenegotiation == m1.secureRenegotiation
 }
 
 func (m *serverHelloMsg) marshal() []byte {
@@ -441,6 +464,10 @@ func (m *serverHelloMsg) marshal() []byte {
 	if m.ticketSupported {
 		numExtensions++
 	}
+	if m.secureRenegotiation {
+		extensionsLength += 1
+		numExtensions++
+	}
 	if numExtensions > 0 {
 		extensionsLength += 4 * numExtensions
 		length += 2 + extensionsLength
@@ -469,7 +496,7 @@ func (m *serverHelloMsg) marshal() []byte {
 	}
 	if m.nextProtoNeg {
 		z[0] = byte(extensionNextProtoNeg >> 8)
-		z[1] = byte(extensionNextProtoNeg)
+		z[1] = byte(extensionNextProtoNeg & 0xff)
 		z[2] = byte(nextProtoLen >> 8)
 		z[3] = byte(nextProtoLen)
 		z = z[4:]
@@ -494,6 +521,13 @@ func (m *serverHelloMsg) marshal() []byte {
 		z[1] = byte(extensionSessionTicket)
 		z = z[4:]
 	}
+	if m.secureRenegotiation {
+		z[0] = byte(extensionRenegotiationInfo >> 8)
+		z[1] = byte(extensionRenegotiationInfo & 0xff)
+		z[2] = 0
+		z[3] = 1
+		z = z[5:]
+	}
 
 	m.raw = x
 
@@ -573,6 +607,11 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
 				return false
 			}
 			m.ticketSupported = true
+		case extensionRenegotiationInfo:
+			if length != 1 || data[0] != 0 {
+				return false
+			}
+			m.secureRenegotiation = true
 		}
 		data = data[length:]
 	}

src/pkg/crypto/tls/handshake_server.go

@@ -152,6 +152,7 @@ Curves:
 	hs.hello.random[1] = byte(t >> 16)
 	hs.hello.random[2] = byte(t >> 8)
 	hs.hello.random[3] = byte(t)
+	hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
 	_, err = io.ReadFull(config.rand(), hs.hello.random[4:])
 	if err != nil {
 		return false, c.sendAlert(alertInternalError)

src/pkg/crypto/tls/handshake_server_test.go

@@ -490,9 +490,9 @@ func TestHandshakeServerSNI(t *testing.T) {
 
 // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with
 // an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate.
-func TestCipherSuiteCertPreferance(t *testing.T) {
+func TestCipherSuiteCertPreferenceECDSA(t *testing.T) {
 	config := *testConfig
-	config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}
+	config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}
 	config.PreferServerCipherSuites = true
 
 	test := &serverTest{

src/pkg/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA

 >>> Flow 1 (client to server)
-00000000  16 03 01 01 39 01 00 01  35 03 03 52 ac 77 f8 cf  |....9...5..R.w..|
-00000010  8e 29 75 5c 1e a8 0c ef  df a1 2b c5 c0 ca fe bc  |.)u\......+.....|
-00000020  63 b1 df 9a 17 e3 5f a4  e1 1c c4 00 00 a0 c0 30  |c....._........0|
+00000000  16 03 01 00 ca 01 00 00  c6 03 03 52 cc 5e 7f 49  |...........R.^.I|
+00000010  8a 7a 88 c0 85 24 6b 3d  95 ff 0f 9e 91 32 c2 a4  |.z...$k=.....2..|
+00000020  6b 4c 53 e4 b4 4c 40 72  e4 54 27 00 00 32 c0 30  |kLS..L@r.T'..2.0|
 00000030  c0 2c c0 28 c0 24 c0 14  c0 0a c0 22 c0 21 00 a3  |.,.(.$.....".!..|
 00000040  00 9f 00 6b 00 6a 00 39  00 38 00 88 00 87 c0 32  |...k.j.9.8.....2|
 00000050  c0 2e c0 2a c0 26 c0 0f  c0 05 00 9d 00 3d 00 35  |...*.&.......=.5|
-00000060  00 84 c0 12 c0 08 c0 1c  c0 1b 00 16 00 13 c0 0d  |................|
-00000070  c0 03 00 0a c0 2f c0 2b  c0 27 c0 23 c0 13 c0 09  |...../.+.'.#....|
-00000080  c0 1f c0 1e 00 a2 00 9e  00 67 00 40 00 33 00 32  |.........g.@.3.2|
-00000090  00 9a 00 99 00 45 00 44  c0 31 c0 2d c0 29 c0 25  |.....E.D.1.-.).%|
-000000a0  c0 0e c0 04 00 9c 00 3c  00 2f 00 96 00 41 00 07  |.......<./...A..|
-000000b0  c0 11 c0 07 c0 0c c0 02  00 05 00 04 00 15 00 12  |................|
-000000c0  00 09 00 14 00 11 00 08  00 06 00 03 00 ff 02 01  |................|
-000000d0  00 00 6b 00 0b 00 04 03  00 01 02 00 0a 00 34 00  |..k...........4.|
-000000e0  32 00 0e 00 0d 00 19 00  0b 00 0c 00 18 00 09 00  |2...............|
-000000f0  0a 00 16 00 17 00 08 00  06 00 07 00 14 00 15 00  |................|
-00000100  04 00 05 00 12 00 13 00  01 00 02 00 03 00 0f 00  |................|
-00000110  10 00 11 00 0d 00 22 00  20 06 01 06 02 06 03 05  |......". .......|
-00000120  01 05 02 05 03 04 01 04  02 04 03 03 01 03 02 03  |................|
-00000130  03 02 01 02 02 02 03 01  01 00 0f 00 01 01        |..............|
+00000060  01 00 00 6b 00 0b 00 04  03 00 01 02 00 0a 00 34  |...k...........4|
+00000070  00 32 00 0e 00 0d 00 19  00 0b 00 0c 00 18 00 09  |.2..............|
+00000080  00 0a 00 16 00 17 00 08  00 06 00 07 00 14 00 15  |................|
+00000090  00 04 00 05 00 12 00 13  00 01 00 02 00 03 00 0f  |................|
+000000a0  00 10 00 11 00 0d 00 22  00 20 06 01 06 02 06 03  |.......". ......|
+000000b0  05 01 05 02 05 03 04 01  04 02 04 03 03 01 03 02  |................|
+000000c0  03 03 02 01 02 02 02 03  01 01 00 0f 00 01 01     |...............|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 2a 02 00 00  26 03 03 00 00 00 00 00  |....*...&.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -72,35 +65,35 @@
 00000310  48 b3 c1 85 6a 42 9b f9  7e 7e 31 c2 e5 bd 66 02  |H...jB..~~1...f.|
 00000320  42 00 ad 7d 06 35 ab ec  8d ac d4 ba 1b 49 5e 05  |B..}.5.......I^.|
 00000330  5f f0 97 93 82 b8 2b 8d  91 98 63 8e b4 14 62 db  |_.....+...c...b.|
-00000340  1e c9 2b b9 8d 7b bf 37  1c f3 94 74 60 d6 7d a5  |..+..{.7...t`.}.|
-00000350  28 0a 74 d1 59 87 c3 42  31 9a 0e f7 85 ce ec eb  |(.t.Y..B1.......|
-00000360  fa 4a 14 16 03 03 00 04  0e 00 00 00              |.J..........|
+00000340  1e c9 2b ca fe c9 88 b7  3d 46 d2 5b 55 de bc 9a  |..+.....=F.[U...|
+00000350  66 c9 cf b7 3d e8 c8 62  24 93 d8 db 12 77 2a 6c  |f...=..b$....w*l|
+00000360  08 66 48 16 03 03 00 04  0e 00 00 00              |.fH.........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 8a 10 00 00  86 85 04 01 31 b5 19 44  |............1..D|
-00000010  f5 d4 29 20 77 2e cc a9  bb ab 5d 3b f6 0e 5c dd  |..) w.....];..\.|
-00000020  c2 cd 42 a4 b1 ce 1f 69  0f 09 c7 ef 5a 99 96 03  |..B....i....Z...|
-00000030  5b 57 86 02 c0 d0 9a a6  5f 59 b0 5b 45 c2 ae ec  |[W......_Y.[E...|
-00000040  cf 3d 3d 60 b5 5f 7d c9  82 5a 54 0b 74 00 c2 8b  |.==`._}..ZT.t...|
-00000050  67 2f f9 dd c9 bd 2c 63  12 5b 55 61 09 8b fe 75  |g/....,c.[Ua...u|
-00000060  23 2c a2 c1 bd 6e 71 23  07 e3 c2 64 5e 13 f1 d1  |#,...nq#...d^...|
-00000070  cc db 17 dc 8b e6 4f d4  72 46 0a 1e 26 63 cb e0  |......O.rF..&c..|
-00000080  da f3 f7 f6 d3 64 f5 44  ce 01 7b 21 4e cb 23 14  |.....d.D..{!N.#.|
-00000090  03 03 00 01 01 16 03 03  00 40 5d 5b 3c 90 6b e1  |.........@][<.k.|
-000000a0  33 90 6a a3 6a 9e f8 a6  9b 2d ca 8b ea 26 10 92  |3.j.j....-...&..|
-000000b0  ca 60 7b 4b fb 8a df 5d  1d 4b 23 41 7e 4f f7 c2  |.`{K...].K#A~O..|
-000000c0  98 64 11 84 56 bc 9c ba  11 1c 19 7f a9 04 43 d3  |.d..V.........C.|
-000000d0  a0 80 47 11 09 a5 dc 08  fc a0                    |..G.......|
+00000000  16 03 03 00 8a 10 00 00  86 85 04 01 fd 02 a1 b1  |................|
+00000010  56 3c 37 37 da 78 37 d9  07 ee 09 35 4f ff 3e db  |V<77.x7....5O.>.|
+00000020  da da 23 12 2c 40 12 dd  73 e7 2c c5 2e fb 37 24  |..#.,@..s.,...7$|
+00000030  2f 97 95 b4 6c 1e 56 6c  4e 49 d5 89 21 8b ca 74  |/...l.VlNI..!..t|
+00000040  85 1b 24 96 fb 28 cc 64  70 59 fc be 18 00 00 98  |..$..(.dpY......|
+00000050  9a f6 c9 26 26 6d ce 48  7b 3b 62 ea dd da 73 8b  |...&&m.H{;b...s.|
+00000060  71 48 18 71 52 2d 22 1d  7c 67 55 1b 6b fa 44 40  |qH.qR-".|gU.k.D@|
+00000070  be 87 0f 52 21 4b 86 b4  f0 6d 1b dd e7 0f f8 ef  |...R!K...m......|
+00000080  1a 09 8b 66 b9 60 38 da  6f 9d 9d 74 58 d9 35 14  |...f.`8.o..tX.5.|
+00000090  03 03 00 01 01 16 03 03  00 40 5b 98 11 9d d4 83  |.........@[.....|
+000000a0  13 b6 28 4b 85 61 0b e1  bf 36 3f 43 c0 95 3d 7e  |..(K.a...6?C..=~|
+000000b0  95 ea 84 14 e6 6d 1a e0  20 50 b4 02 d0 b2 e9 5f  |.....m.. P....._|
+000000c0  07 82 a8 6a 1e 7c 1e f7  6c b5 be 1b 20 2e 98 4e  |...j.|..l... ..N|
+000000d0  ab 8d 1e f2 56 88 ed ef  aa 39                    |....V....9|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 2e 6a 39 7e ab  |............j9~.|
-00000020  da af a7 27 4f 60 4e e4  d6 6e 75 3a 03 20 af 45  |...'O`N..nu:. .E|
-00000030  a2 ad 58 2e 8b 4b e6 5f  22 41 87 79 21 eb 5c 71  |..X..K._"A.y!.\q|
-00000040  d8 63 ba 42 8b 32 8a 61  e2 6f 43 17 03 03 00 40  |.c.B.2.a.oC....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 7e f1 fc 1d 0c  |...........~....|
+00000020  f5 a2 c6 35 de 78 97 62  72 3f 05 6c a3 a8 0e cb  |...5.x.br?.l....|
+00000030  10 7e c0 3d 28 c7 d9 4e  71 f4 18 d7 14 42 09 5c  |.~.=(..Nq....B.\|
+00000040  22 26 04 1f 04 12 9f 88  3d 4a 4a 17 03 03 00 40  |"&......=JJ....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  2e e2 39 2b 6c 28 9e 3a  59 f6 31 04 8b 95 be bd  |..9+l(.:Y.1.....|
-00000070  73 e6 12 77 ab 3a 30 30  1b f2 5f 7e 42 f9 53 1c  |s..w.:00.._~B.S.|
-00000080  bf 3c 58 8f e0 b6 c7 f2  c5 5d 0f d0 37 3f 37 96  |.<X......]..7?7.|
+00000060  0f 35 50 38 be 3a c7 4e  c4 de 36 63 85 c1 7a 78  |.5P8.:.N..6c..zx|
+00000070  c6 7f 65 8c d1 44 c5 7e  45 32 60 88 93 bf 10 82  |..e..D.~E2`.....|
+00000080  4b 1a 46 9a 60 54 c5 ee  2a c1 86 02 a7 b6 d5 ea  |K.F.`T..*.......|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 a5 fa 6a  4d 33 1a 0d 83 5e 26 39  |.......jM3...^&9|
-000000b0  a1 07 3c 00 02 7e 2b 1b  c0 95 4a 16 85 83 c4 af  |..<..~+...J.....|
-000000c0  79 0e 43 c6 c8                                    |y.C..|
+000000a0  00 00 00 00 00 78 6c 41  05 2f 6f c2 d7 70 54 24  |.....xlA./o..pT$|
+000000b0  66 01 2c 1e 71 43 05 3a  1b 9e 86 ff b4 c5 65 b2  |f.,.qC.:......e.|
+000000c0  f0 f8 ef 6b 25                                    |...k%|

src/pkg/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA

 >>> Flow 1 (client to server)
-00000000  16 03 01 01 39 01 00 01  35 03 03 52 ac 77 f8 37  |....9...5..R.w.7|
-00000010  29 0d 02 21 92 09 b5 f1  91 cd bc a7 7d 84 2b 9b  |)..!........}.+.|
-00000020  f5 4f bf b6 c6 f3 a0 60  62 df cf 00 00 a0 c0 30  |.O.....`b......0|
+00000000  16 03 01 00 ca 01 00 00  c6 03 03 52 cc 5e 7f ec  |...........R.^..|
+00000010  d7 b4 0c ac 92 e8 d1 6e  df c1 e6 ee f5 84 5e 1a  |.......n......^.|
+00000020  1d 05 bf 2d 3f 71 91 d1  cc b7 f8 00 00 32 c0 30  |...-?q.......2.0|
 00000030  c0 2c c0 28 c0 24 c0 14  c0 0a c0 22 c0 21 00 a3  |.,.(.$.....".!..|
 00000040  00 9f 00 6b 00 6a 00 39  00 38 00 88 00 87 c0 32  |...k.j.9.8.....2|
 00000050  c0 2e c0 2a c0 26 c0 0f  c0 05 00 9d 00 3d 00 35  |...*.&.......=.5|
-00000060  00 84 c0 12 c0 08 c0 1c  c0 1b 00 16 00 13 c0 0d  |................|
-00000070  c0 03 00 0a c0 2f c0 2b  c0 27 c0 23 c0 13 c0 09  |...../.+.'.#....|
-00000080  c0 1f c0 1e 00 a2 00 9e  00 67 00 40 00 33 00 32  |.........g.@.3.2|
-00000090  00 9a 00 99 00 45 00 44  c0 31 c0 2d c0 29 c0 25  |.....E.D.1.-.).%|
-000000a0  c0 0e c0 04 00 9c 00 3c  00 2f 00 96 00 41 00 07  |.......<./...A..|
-000000b0  c0 11 c0 07 c0 0c c0 02  00 05 00 04 00 15 00 12  |................|
-000000c0  00 09 00 14 00 11 00 08  00 06 00 03 00 ff 02 01  |................|
-000000d0  00 00 6b 00 0b 00 04 03  00 01 02 00 0a 00 34 00  |..k...........4.|
-000000e0  32 00 0e 00 0d 00 19 00  0b 00 0c 00 18 00 09 00  |2...............|
-000000f0  0a 00 16 00 17 00 08 00  06 00 07 00 14 00 15 00  |................|
-00000100  04 00 05 00 12 00 13 00  01 00 02 00 03 00 0f 00  |................|
-00000110  10 00 11 00 0d 00 22 00  20 06 01 06 02 06 03 05  |......". .......|
-00000120  01 05 02 05 03 04 01 04  02 04 03 03 01 03 02 03  |................|
-00000130  03 02 01 02 02 02 03 01  01 00 0f 00 01 01        |..............|
+00000060  01 00 00 6b 00 0b 00 04  03 00 01 02 00 0a 00 34  |...k...........4|
+00000070  00 32 00 0e 00 0d 00 19  00 0b 00 0c 00 18 00 09  |.2..............|
+00000080  00 0a 00 16 00 17 00 08  00 06 00 07 00 14 00 15  |................|
+00000090  00 04 00 05 00 12 00 13  00 01 00 02 00 03 00 0f  |................|
+000000a0  00 10 00 11 00 0d 00 22  00 20 06 01 06 02 06 03  |.......". ......|
+000000b0  05 01 05 02 05 03 04 01  04 02 04 03 03 01 03 02  |................|
+000000c0  03 03 02 01 02 02 02 03  01 01 00 0f 00 01 01     |...............|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 2a 02 00 00  26 03 03 00 00 00 00 00  |....*...&.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 13 00 16  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 14 00 16  |................|
 00000030  03 03 02 be 0b 00 02 ba  00 02 b7 00 02 b4 30 82  |..............0.|
 00000040  02 b0 30 82 02 19 a0 03  02 01 02 02 09 00 85 b0  |..0.............|
 00000050  bb a4 8a 7f b8 ca 30 0d  06 09 2a 86 48 86 f7 0d  |......0...*.H...|
@@ -76,42 +69,42 @@
 00000350  61 28 63 33 78 f6 31 39  fd 8a f4 15 18 11 fe db  |a(c3x.19........|
 00000360  d5 07 da 2c ed 49 a0 23  bf d0 3a 38 1d 54 ae 1c  |...,.I.#..:8.T..|
 00000370  7b ea 29 ee d0 38 c1 76  a7 7f 2a f4 ce 1e ac cc  |{.)..8.v..*.....|
-00000380  94 79 90 33 04 01 00 80  8f 6a 76 5c 33 9a 1e 46  |.y.3.....jv\3..F|
-00000390  e6 c4 91 f6 69 23 05 38  bf c0 fd 9e dc 32 49 a6  |....i#.8.....2I.|
-000003a0  9a 80 43 a0 47 d4 37 f5  98 06 2f 77 cb 30 8a 95  |..C.G.7.../w.0..|
-000003b0  04 02 76 f1 2a ee 7c a6  79 df 7f 63 1e 1a 64 75  |..v.*.|.y..c..du|
-000003c0  f5 a9 1e a9 32 49 65 8b  5b 1b 02 68 7b 6c 39 e8  |....2Ie.[..h{l9.|
-000003d0  06 99 10 08 77 f7 a2 b3  22 14 14 d6 83 b8 a2 3e  |....w..."......>|
-000003e0  e3 a6 4d dd da 99 c4 d7  5c 4c d1 2f 0e 0e 21 2e  |..M.....\L./..!.|
-000003f0  e0 9d dc bf 51 f3 da 1d  7a df 8e dc 41 77 b3 18  |....Q...z...Aw..|
-00000400  38 75 ba b6 a3 75 0f fd  16 03 03 00 04 0e 00 00  |8u...u..........|
+00000380  94 79 90 33 04 01 00 80  ad 89 a5 bf 16 74 a1 14  |.y.3.........t..|
+00000390  c4 a1 09 31 95 69 e4 b4  e3 8d df 99 73 cd e6 94  |...1.i......s...|
+000003a0  eb ca 07 7f f4 36 ca 31  1c 29 f0 f0 d8 40 6b 19  |.....6.1.)...@k.|
+000003b0  f2 15 be f1 76 22 b3 82  f7 bf 2b 09 0f cd 31 c8  |....v"....+...1.|
+000003c0  69 7b 7b 1a ed a1 f7 85  6e 04 5c fa a5 20 c0 ef  |i{{.....n.\.. ..|
+000003d0  c6 45 6d 05 25 37 ec f6  94 91 32 f3 c8 d1 f0 13  |.Em.%7....2.....|
+000003e0  81 1e 26 bb 4c 47 91 79  ad cf 7e 61 85 54 eb 13  |..&.LG.y..~a.T..|
+000003f0  6b b1 15 36 72 bf d1 ad  07 3e 6d bd 44 1a 30 ac  |k..6r....>m.D.0.|
+00000400  41 39 ad 75 14 bb 11 dc  16 03 03 00 04 0e 00 00  |A9.u............|
 00000410  00                                                |.|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 8a 10 00 00  86 85 04 01 e0 a2 f2 1d  |................|
-00000010  d1 f5 e7 49 09 07 df 43  5f 45 f7 fc 42 9a 81 7d  |...I...C_E..B..}|
-00000020  39 fa bf 1c 74 df 68 de  93 49 62 3e 72 e7 78 47  |9...t.h..Ib>r.xG|
-00000030  71 71 fd d0 3d 89 d3 38  aa f0 54 4a ad 1e 87 e9  |qq..=..8..TJ....|
-00000040  f7 89 90 b0 25 5b a0 81  a0 20 1a 99 5e 01 7f 05  |....%[... ..^...|
-00000050  95 78 f7 f4 4a ec 85 a9  aa cc 56 bc f7 15 37 ab  |.x..J.....V...7.|
-00000060  31 41 62 d3 ea 46 ce 94  bf 6c 00 83 a6 f0 ee dc  |1Ab..F...l......|
-00000070  0b 2a e0 5a fb f0 db 70  cd 9f 48 92 49 c9 9d 20  |.*.Z...p..H.I.. |
-00000080  7b 8c de af 9d cd 5e 20  94 4e 95 c7 32 50 94 14  |{.....^ .N..2P..|
-00000090  03 03 00 01 01 16 03 03  00 40 6a 6c 92 ef b5 d0  |.........@jl....|
-000000a0  8f 4d c7 23 5b 31 65 71  24 50 be 5a e7 95 fc 14  |.M.#[1eq$P.Z....|
-000000b0  e7 4f 33 c8 ae e0 e7 5f  63 76 3a 7b 51 cd 18 7a  |.O3...._cv:{Q..z|
-000000c0  15 15 0c aa cc 76 be fc  1e 55 a1 3a df 05 4c 84  |.....v...U.:..L.|
-000000d0  75 6e c2 2b 3d 93 76 53  41 13                    |un.+=.vSA.|
+00000000  16 03 03 00 8a 10 00 00  86 85 04 01 fb 77 96 9a  |.............w..|
+00000010  82 26 4f 44 b5 2f 32 28  0a dd 51 f5 a4 84 46 a1  |.&OD./2(..Q...F.|
+00000020  ba 58 e6 9a 96 1b 85 9f  ae 3a 8b db a8 93 81 00  |.X.......:......|
+00000030  17 be 24 26 17 fd b8 7c  fe 93 7f af 5f 4d c6 47  |..$&...|...._M.G|
+00000040  8b 72 5b 23 89 03 d5 a6  fb 6f de 59 15 00 bb 36  |.r[#.....o.Y...6|
+00000050  6d 72 03 47 61 b7 7e d4  46 43 b3 e9 9d 2f 61 6a  |mr.Ga.~.FC.../aj|
+00000060  08 1b 04 70 ac 95 ad bf  18 e5 09 b6 b3 0d 6a bb  |...p..........j.|
+00000070  e8 77 09 fa 81 2e 8a e1  61 7e 9f 38 d0 67 f5 11  |.w......a~.8.g..|
+00000080  f1 62 7f a4 69 4a 42 7a  f8 9e 05 26 66 34 6e 14  |.b..iJBz...&f4n.|
+00000090  03 03 00 01 01 16 03 03  00 40 2c a1 a8 3a 34 18  |.........@,..:4.|
+000000a0  ea a1 d4 28 0b 1a ac ab  51 b1 c5 48 f2 56 8d c7  |...(....Q..H.V..|
+000000b0  83 7b 70 44 40 7d 15 1c  00 19 ed 53 21 fe 9d c1  |.{pD@}.....S!...|
+000000c0  a2 13 8f a0 0c 51 f5 13  67 1f bf 07 da bc 2d ca  |.....Q..g.....-.|
+000000d0  7c 0f 53 4b 4a 02 bb 0f  72 c6                    ||.SKJ...r.|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 e8 4b a0 ea c7  |............K...|
-00000020  e8 9e 4a c7 c5 65 84 eb  3f 4e a5 bd 97 11 b4 0b  |..J..e..?N......|
-00000030  26 b8 6d 28 16 38 c4 92  d9 45 48 7f 7f e0 74 dd  |&.m(.8...EH...t.|
-00000040  85 b7 13 5b f8 4e 5b 3f  00 95 0a 17 03 03 00 40  |...[.N[?.......@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 82 f6 03 51 7f  |..............Q.|
+00000020  37 19 ec 26 20 db e2 5b  8e 5e 22 29 1a 88 ca f1  |7..& ..[.^")....|
+00000030  ad 55 1c 3c 07 1d 05 b6  c4 88 58 84 a0 5d 33 41  |.U.<......X..]3A|
+00000040  7a 65 bc ba a1 71 a4 71  df 6c 9d 17 03 03 00 40  |ze...q.q.l.....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  c6 52 ac 75 32 b3 86 f4  cb cf 18 66 02 40 a3 b1  |.R.u2......f.@..|
-00000070  cb 1b 25 2e ac 91 a7 91  2b 73 37 72 c1 1f 2c 2f  |..%.....+s7r..,/|
-00000080  55 59 12 bd f0 df b4 07  fa b1 13 cc 58 f3 66 54  |UY..........X.fT|
+00000060  8d ca 51 a1 4a b1 23 dc  e3 ef 63 5f b0 e8 7a c6  |..Q.J.#...c_..z.|
+00000070  97 d7 18 6a 4b 80 3e 5c  7b 79 86 93 60 2c 8b f1  |...jK.>\{y..`,..|
+00000080  4e 46 c5 5e 64 0c 98 81  10 6d c5 08 22 f1 02 1d  |NF.^d....m.."...|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 14 49 94  f4 07 cb 98 d2 6f a5 b3  |......I......o..|
-000000b0  37 bb 55 71 04 43 f9 3c  53 1c 00 31 c9 3b 8a 5c  |7.Uq.C.<S..1.;.\|
-000000c0  53 75 90 5d 59                                    |Su.]Y|
+000000a0  00 00 00 00 00 51 19 c4  67 b7 14 6b 5c 49 ac 1d  |.....Q..g..k\I..|
+000000b0  b3 97 88 42 29 cb f5 06  54 f4 c6 38 9a 47 41 78  |...B)...T..8.GAx|
+000000c0  0f 33 21 ac c5                                    |.3!..|