From 8b159d9f4b3c2cfa556cdfa6e3f1f4aeb1a29e2a Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Fri, 24 Jan 2025 10:38:45 -0800
Subject: [PATCH 01/95] crypto/tls: disable additional SSLv2 bogo tests

We don't support SSLv2, at all.

Change-Id: Icd0579b81393fbd82bf5b4d961470928faa7d09d
Reviewed-on: https://go-review.googlesource.com/c/go/+/644017
Reviewed-by: Neal Patel <nealpatel@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_config.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bogo_config.json b/bogo_config.json
index 32969a3f..64725121 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -42,6 +42,7 @@
 
         "*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
 
+        "V2ClientHello-*": "We don't support SSLv2",
         "SendV2ClientHello*": "We don't support SSLv2",
         "*QUIC*": "No QUIC support",
         "Compliance-fips*": "No FIPS",

From e432235d9074692699247c09f4e1cfdf4fcf21cc Mon Sep 17 00:00:00 2001
From: cuishuang <imcusg@gmail.com>
Date: Wed, 1 Jan 2025 00:17:54 +0800
Subject: [PATCH 02/95] all: use slices.Contains to simplify code

Change-Id: I9ef075bbb0e3c65f3c2a9d49e599ef50b18aa9be
Reviewed-on: https://go-review.googlesource.com/c/go/+/639535
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
---
 handshake_server_tls13.go | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 76fff697..b6d455cd 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -949,12 +949,7 @@ func (hs *serverHandshakeStateTLS13) shouldSendSessionTickets() bool {
 	}
 
 	// Don't send tickets the client wouldn't use. See RFC 8446, Section 4.2.9.
-	for _, pskMode := range hs.clientHello.pskModes {
-		if pskMode == pskModeDHE {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(hs.clientHello.pskModes, pskModeDHE)
 }
 
 func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {

From 70def383ebf9fac7914cd7377e1033ede9d29e7c Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Thu, 6 Feb 2025 11:34:20 +0100
Subject: [PATCH 03/95] crypto/tls: document FIPS 140-3 mode behavior

Change-Id: I6a6a465612cf76d148b9758ee3fcdc8606497830
Reviewed-on: https://go-review.googlesource.com/c/go/+/648835
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
---
 tls.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tls.go b/tls.go
index f3089f0e..c64201ab 100644
--- a/tls.go
+++ b/tls.go
@@ -4,6 +4,15 @@
 
 // Package tls partially implements TLS 1.2, as specified in RFC 5246,
 // and TLS 1.3, as specified in RFC 8446.
+//
+// # FIPS 140-3 mode
+//
+// When the program is in [FIPS 140-3 mode], this package behaves as if
+// only protocol versions, cipher suites, signature algorithms, and
+// key exchange algorithms approved by NIST SP 800-52r2 are implemented.
+// Others are silently ignored and not negotiated.
+//
+// [FIPS 140-3 mode]: https://go.dev/doc/security/fips140
 package tls
 
 // BUG(agl): The crypto/tls package only implements some countermeasures

From acdb80116e4cc4cf5f8a4fb26479b6e2b56abfb2 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Wed, 19 Feb 2025 14:14:54 -0800
Subject: [PATCH 04/95] crypto/tls: fix incorrect EncryptedClientHelloKey
 comment

Updates #71706

Change-Id: Id689ec476eb3f76500dbf59d716a4376749de700
Reviewed-on: https://go-review.googlesource.com/c/go/+/650719
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 common.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.go b/common.go
index d6942d2e..f2dde975 100644
--- a/common.go
+++ b/common.go
@@ -870,7 +870,7 @@ type EncryptedClientHelloKey struct {
 	// must match the config provided to clients byte-for-byte. The config
 	// should only specify the DHKEM(X25519, HKDF-SHA256) KEM ID (0x0020), the
 	// HKDF-SHA256 KDF ID (0x0001), and a subset of the following AEAD IDs:
-	// AES-128-GCM (0x0000), AES-256-GCM (0x0001), ChaCha20Poly1305 (0x0002).
+	// AES-128-GCM (0x0001), AES-256-GCM (0x0002), ChaCha20Poly1305 (0x0003).
 	Config []byte
 	// PrivateKey should be a marshalled private key. Currently, we expect
 	// this to be the output of [ecdh.PrivateKey.Bytes].

From 3ac071d15e8948c69fdc211df72ae2eb070998ae Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Wed, 19 Feb 2025 14:27:33 -0800
Subject: [PATCH 05/95] crypto/tls: improve ech parsing errors

Make the errors we return when parsing an ECHConfig slightly more
verbose.

Fixes #71706

Change-Id: Id138fd9defec71ce492a490a71af4981cb9ede51
Reviewed-on: https://go-review.googlesource.com/c/go/+/650720
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
---
 ech.go | 45 ++++++++++++++++++++++++++++-----------------
 1 file changed, 28 insertions(+), 17 deletions(-)

diff --git a/ech.go b/ech.go
index d9795b4e..8bfd47ce 100644
--- a/ech.go
+++ b/ech.go
@@ -53,19 +53,30 @@ type echConfig struct {
 	Extensions    []echExtension
 }
 
-var errMalformedECHConfig = errors.New("tls: malformed ECHConfigList")
+var errMalformedECHConfigList = errors.New("tls: malformed ECHConfigList")
+
+type echConfigErr struct {
+	field string
+}
+
+func (e *echConfigErr) Error() string {
+	if e.field == "" {
+		return "tls: malformed ECHConfig"
+	}
+	return fmt.Sprintf("tls: malformed ECHConfig, invalid %s field", e.field)
+}
 
 func parseECHConfig(enc []byte) (skip bool, ec echConfig, err error) {
 	s := cryptobyte.String(enc)
 	ec.raw = []byte(enc)
 	if !s.ReadUint16(&ec.Version) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"version"}
 	}
 	if !s.ReadUint16(&ec.Length) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"length"}
 	}
 	if len(ec.raw) < int(ec.Length)+4 {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"length"}
 	}
 	ec.raw = ec.raw[:ec.Length+4]
 	if ec.Version != extensionEncryptedClientHello {
@@ -73,47 +84,47 @@ func parseECHConfig(enc []byte) (skip bool, ec echConfig, err error) {
 		return true, echConfig{}, nil
 	}
 	if !s.ReadUint8(&ec.ConfigID) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"config_id"}
 	}
 	if !s.ReadUint16(&ec.KemID) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"kem_id"}
 	}
 	if !readUint16LengthPrefixed(&s, &ec.PublicKey) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"public_key"}
 	}
 	var cipherSuites cryptobyte.String
 	if !s.ReadUint16LengthPrefixed(&cipherSuites) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"cipher_suites"}
 	}
 	for !cipherSuites.Empty() {
 		var c echCipher
 		if !cipherSuites.ReadUint16(&c.KDFID) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"cipher_suites kdf_id"}
 		}
 		if !cipherSuites.ReadUint16(&c.AEADID) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"cipher_suites aead_id"}
 		}
 		ec.SymmetricCipherSuite = append(ec.SymmetricCipherSuite, c)
 	}
 	if !s.ReadUint8(&ec.MaxNameLength) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"maximum_name_length"}
 	}
 	var publicName cryptobyte.String
 	if !s.ReadUint8LengthPrefixed(&publicName) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"public_name"}
 	}
 	ec.PublicName = publicName
 	var extensions cryptobyte.String
 	if !s.ReadUint16LengthPrefixed(&extensions) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"extensions"}
 	}
 	for !extensions.Empty() {
 		var e echExtension
 		if !extensions.ReadUint16(&e.Type) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"extensions type"}
 		}
 		if !extensions.ReadUint16LengthPrefixed((*cryptobyte.String)(&e.Data)) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"extensions data"}
 		}
 		ec.Extensions = append(ec.Extensions, e)
 	}
@@ -128,10 +139,10 @@ func parseECHConfigList(data []byte) ([]echConfig, error) {
 	s := cryptobyte.String(data)
 	var length uint16
 	if !s.ReadUint16(&length) {
-		return nil, errMalformedECHConfig
+		return nil, errMalformedECHConfigList
 	}
 	if length != uint16(len(data)-2) {
-		return nil, errMalformedECHConfig
+		return nil, errMalformedECHConfigList
 	}
 	var configs []echConfig
 	for len(s) > 0 {

From 47de581bfe879146e24f7779e3acdad82ee8c24a Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 19 Feb 2025 12:28:02 +0100
Subject: [PATCH 06/95] crypto/tls: require EMS in FIPS 140-3 mode

See Implementation Guidance D.Q.

Change-Id: I6a6a465607da94f2bb249934f0561ae04a55e7b7
Reviewed-on: https://go-review.googlesource.com/c/go/+/650575
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 handshake_client.go | 9 +++++++++
 handshake_server.go | 8 ++++++++
 2 files changed, 17 insertions(+)

diff --git a/handshake_client.go b/handshake_client.go
index 38bd417a..1be0c82c 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -462,6 +462,11 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
 			return nil, nil, nil, nil
 		}
 
+		// FIPS 140-3 requires the use of Extended Master Secret.
+		if !session.extMasterSecret && fips140tls.Required() {
+			return nil, nil, nil, nil
+		}
+
 		hello.sessionTicket = session.ticket
 		return
 	}
@@ -781,6 +786,10 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 		hs.masterSecret = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
 			hs.finishedHash.Sum())
 	} else {
+		if fips140tls.Required() {
+			c.sendAlert(alertHandshakeFailure)
+			return errors.New("tls: FIPS 140-3 requires the use of Extended Master Secret")
+		}
 		hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
 			hs.hello.random, hs.serverHello.random)
 	}
diff --git a/handshake_server.go b/handshake_server.go
index 7c75977a..641bbec0 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -527,6 +527,10 @@ func (hs *serverHandshakeState) checkForResumption() error {
 		// weird downgrade in client capabilities.
 		return errors.New("tls: session supported extended_master_secret but client does not")
 	}
+	if !sessionState.extMasterSecret && fips140tls.Required() {
+		// FIPS 140-3 requires the use of Extended Master Secret.
+		return nil
+	}
 
 	c.peerCertificates = sessionState.peerCertificates
 	c.ocspResponse = sessionState.ocspResponse
@@ -713,6 +717,10 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		hs.masterSecret = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
 			hs.finishedHash.Sum())
 	} else {
+		if fips140tls.Required() {
+			c.sendAlert(alertHandshakeFailure)
+			return errors.New("tls: FIPS 140-3 requires the use of Extended Master Secret")
+		}
 		hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
 			hs.clientHello.random, hs.hello.random)
 	}

From fe2ede9ee391d98d6afd0d39d48ddbd531b81e85 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 15 Feb 2025 10:07:19 -0500
Subject: [PATCH 07/95] crypto/tls: small bogo shim test tidying

1. onResumeShimWritesFirst is unused, replace the binding with an
   underscore.
2. in the bogoShim() function when looping through resumeCount+1 the
   tlsConn read for loop only breaks for non-nil err, so there's no need
   to check that again after the loop body.

Updates #72006

Change-Id: Ieff45d26df33d71003a2509ea5b2b06c5fa0e1d6
Reviewed-on: https://go-review.googlesource.com/c/go/+/650715
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 bogo_shim_test.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index fdacbee2..569e6273 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -82,10 +82,10 @@ var (
 
 	expectSessionMiss = flag.Bool("expect-session-miss", false, "")
 
-	_                       = flag.Bool("enable-early-data", false, "")
-	_                       = flag.Bool("on-resume-expect-accept-early-data", false, "")
-	_                       = flag.Bool("expect-ticket-supports-early-data", false, "")
-	onResumeShimWritesFirst = flag.Bool("on-resume-shim-writes-first", false, "")
+	_ = flag.Bool("enable-early-data", false, "")
+	_ = flag.Bool("on-resume-expect-accept-early-data", false, "")
+	_ = flag.Bool("expect-ticket-supports-early-data", false, "")
+	_ = flag.Bool("on-resume-shim-writes-first", false, "")
 
 	advertiseALPN        = flag.String("advertise-alpn", "", "")
 	expectALPN           = flag.String("expect-alpn", "", "")
@@ -324,7 +324,7 @@ func bogoShim() {
 				break
 			}
 		}
-		if err != nil && err != io.EOF {
+		if err != io.EOF {
 			retryErr, ok := err.(*ECHRejectionError)
 			if !ok {
 				log.Fatalf("unexpected error type returned: %v", err)

From e9e3ed7ba7500ab1b9938ff54d673c57b8165716 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 17 Feb 2025 11:45:23 -0500
Subject: [PATCH 08/95] crypto/tls: reject empty TLS 1.3 session ticket

While not clearly motivated by normative language in RFC 8446 it seems
clear that an empty opaque ticket value is non-operable, and so we
should reject it with an appropriate alert/error.

This allows removing the SendEmptySessionTicket-TLS13 BoGo test from the
bogo excluded tests configuration.

Fixes #70513
Updates #72006

Change-Id: I589b34e86fb1eb27a349a230e920c22284597cde
Reviewed-on: https://go-review.googlesource.com/c/go/+/650735
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
---
 bogo_config.json          | 2 --
 handshake_client_tls13.go | 5 +++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 64725121..f4772a00 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -38,8 +38,6 @@
         "PostQuantumNotEnabledByDefaultInClients": "We do enable it by default!",
         "*-Kyber-TLS13": "We don't support Kyber, only ML-KEM (BoGo bug ignoring AllCurves?)",
 
-        "SendEmptySessionTicket-TLS13": "https://github.com/golang/go/issues/70513",
-
         "*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
 
         "V2ClientHello-*": "We don't support SSLv2",
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index c0396e75..fadca22e 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -870,6 +870,11 @@ func (c *Conn) handleNewSessionTicket(msg *newSessionTicketMsgTLS13) error {
 		return errors.New("tls: received a session ticket with invalid lifetime")
 	}
 
+	if len(msg.label) == 0 {
+		c.sendAlert(alertDecodeError)
+		return errors.New("tls: received a session ticket with empty opaque ticket label")
+	}
+
 	// RFC 9001, Section 4.6.1
 	if c.quic != nil && msg.maxEarlyData != 0 && msg.maxEarlyData != 0xffffffff {
 		c.sendAlert(alertIllegalParameter)

From 9cf27ead7c0840e78c0ed87c048b481b27e19f21 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 18 Feb 2025 12:41:34 -0500
Subject: [PATCH 09/95] crypto/tls: run SkipNewSessionTicket bogo test

This commit removes SkipNewSessionTicket from the bogo_config.json
excluded tests list.

Previously this test was being skipped with a TODO that there might be
a bug here. In practice it seems like there's no bug and the test is
handled correctly by crypto/tls.

When activated, a TLS 1.2 client connecting to the bogo dispatcher goes
through the normal handshake process with the exception that the server
skips sending the NewSessionTicket msg expected by the client in
response to the client's final flight of handshake msgs.

The crypto/tls TLS 1.2 client_handshake.go logic correctly rejects the
unexpected message that follows (ChangeCipherSpec) when trying to read
the bytes necessary to unmarshal the expected NewSessionTicket message
that was omitted.

Updates #72006

Change-Id: I9faea4d18589d10b163211aa17b2d0da8af1187e
Reviewed-on: https://go-review.googlesource.com/c/go/+/650736
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index f4772a00..e1ace239 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -52,7 +52,6 @@
         "JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
         "KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
         "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
-        "SkipNewSessionTicket": "TODO confusing? maybe bug",
         "SendUserCanceledAlerts*": "TODO may be a real bug?",
         "GREASE-Server-TLS13": "TODO ???",
         "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",

From 9c64bb5d7c03738c3d5a074c806c95485fb7e5d4 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Wed, 19 Feb 2025 10:30:50 -0500
Subject: [PATCH 10/95] crypto/tls: ignore TLS 1.3 user canceled alerts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When encountering alertUserCanceled in a TLS 1.3 handshake, ignore the
alert and retry reading a record. This matches existing logic for how
TLS 1.2 alertLevelWarning alerts are handled.

For broader context, TLS 1.3 removed warning-level alerts except for
alertUserCanceled (RFC 8446, § 6.1). Since at least one major
implementation (https://bugs.openjdk.org/browse/JDK-8323517)
misuses this alert, many TLS stacks now ignore it outright when seen in
a TLS 1.3 handshake (e.g. BoringSSL, NSS, Rustls).

With the crypto/tls behaviour changed to match peer implementations we
can now enable the "SendUserCanceledAlerts-TLS13" BoGo test.

"SendUserCanceledAlerts-TooMany-TLS13" remains ignored, because like
"SendWarningAlerts*" fixing the test requires some general spam
protocol message enhancements be done first.

Updates #72006

Change-Id: I570c1fa674b5a4760836c514d35ee17f746fe28d
Reviewed-on: https://go-review.googlesource.com/c/go/+/650716
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json | 2 +-
 conn.go          | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index e1ace239..0ca65a6c 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -47,12 +47,12 @@
         "*DTLS*": "No DTLS",
         "SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
         "SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
+        "SendUserCanceledAlerts-TooMany-TLS13": "crypto/tls doesn't implement spam protections",
         "TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
         "KyberNotEnabledByDefaultInClients": "crypto/tls intentionally enables it",
         "JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
         "KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
         "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
-        "SendUserCanceledAlerts*": "TODO may be a real bug?",
         "GREASE-Server-TLS13": "TODO ???",
         "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
         "SendBogusAlertType": "sending wrong alert type",
diff --git a/conn.go b/conn.go
index bdbc2bde..8163328d 100644
--- a/conn.go
+++ b/conn.go
@@ -724,6 +724,15 @@ func (c *Conn) readRecordOrCCS(expectChangeCipherSpec bool) error {
 			return c.in.setErrorLocked(io.EOF)
 		}
 		if c.vers == VersionTLS13 {
+			// TLS 1.3 removed warning-level alerts except for alertUserCanceled
+			// (RFC 8446, § 6.1). Since at least one major implementation
+			// (https://bugs.openjdk.org/browse/JDK-8323517) misuses this alert,
+			// many TLS stacks now ignore it outright when seen in a TLS 1.3
+			// handshake (e.g. BoringSSL, NSS, Rustls).
+			if alert(data[1]) == alertUserCanceled {
+				// Like TLS 1.2 alertLevelWarning alerts, we drop the record and retry.
+				return c.retryReadRecord(expectChangeCipherSpec)
+			}
 			return c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])})
 		}
 		switch data[0] {

From 8240c4caff901de11a83c6828d441a9a16c9ff21 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Wed, 19 Feb 2025 12:39:32 -0500
Subject: [PATCH 11/95] crypto/tls: support bogo -wait-for-debugger

When this command line flag is provided to the BoGo runner it will:

* Disable some timeouts
* Limit concurrency to 1 worker at a time
* Pass the -wait-for-debugger flag to the shim process
* Print the PID of the shim process to status output

On the shim-side, we need to react to -wait-for-debugger by sending
ourselves a SIGSTOP signal. When a debugger attaches to the shim the
process will be resumed.

This makes it possible to debug both the runner side and the shim side
of a BoGo interaction without resorting to print style debugging.

Since SIGSTOP is not a signal we can use on Windows this functionality
is limited to unix builds.

Updates #72006

Change-Id: Iafa08cf71830cdfde3e6ee4826914236e3cd7e57
Reviewed-on: https://go-review.googlesource.com/c/go/+/650737
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_shim_notunix_test.go | 11 +++++++++++
 bogo_shim_test.go         |  8 ++++++++
 bogo_shim_unix_test.go    | 18 ++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 bogo_shim_notunix_test.go
 create mode 100644 bogo_shim_unix_test.go

diff --git a/bogo_shim_notunix_test.go b/bogo_shim_notunix_test.go
new file mode 100644
index 00000000..2dcb5c09
--- /dev/null
+++ b/bogo_shim_notunix_test.go
@@ -0,0 +1,11 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !unix || wasm
+
+package tls
+
+func pauseProcess() {
+	panic("-wait-for-debugger not supported on this OS")
+}
diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 569e6273..25367eef 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -98,6 +98,8 @@ var (
 
 	verifyPeer = flag.Bool("verify-peer", false, "")
 	_          = flag.Bool("use-custom-verify-callback", false, "")
+
+	waitForDebugger = flag.Bool("wait-for-debugger", false, "")
 )
 
 type stringSlice []string
@@ -309,6 +311,12 @@ func bogoShim() {
 			}
 		}
 
+		// If we were instructed to wait for a debugger, then send SIGSTOP to ourselves.
+		// When the debugger attaches it will continue the process.
+		if *waitForDebugger {
+			pauseProcess()
+		}
+
 		for {
 			buf := make([]byte, 500)
 			var n int
diff --git a/bogo_shim_unix_test.go b/bogo_shim_unix_test.go
new file mode 100644
index 00000000..3b5f5f92
--- /dev/null
+++ b/bogo_shim_unix_test.go
@@ -0,0 +1,18 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build unix && !wasm
+
+package tls
+
+import (
+	"os"
+	"syscall"
+)
+
+func pauseProcess() {
+	pid := os.Getpid()
+	process, _ := os.FindProcess(pid)
+	process.Signal(syscall.SIGSTOP)
+}

From a056a55fabc9f5f7351011302083bb3d98fb3efe Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Wed, 19 Feb 2025 13:10:36 -0500
Subject: [PATCH 12/95] crypto/tls: update GREASE-Server-TLS13 BoGo skip

Previously this test was skipped without a comment clarifying why. In
practice it's because crypto/tls doesn't generate GREASE extensions at
this time, and the test expects to find one in the NewSessionTicket
message extensions produced by a server.

We're already skipping some other GREASE related test as
not-yet-implemented without explicit bogo_config.json exclusion by way
of the -enable-grease flag not being implemented, however for TLS
1.3 servers the BoGo expectation is that they _always_ send GREASE, and
so the -enable-grease flag isn't provided and an explicit skip must be
used.

We should revisit this alongside implementing GREASE ext production in
general for both clients and servers.

Updates #72006

Change-Id: I8af4b555ac8c32cad42215fbf26aa0feae90fa21
Reviewed-on: https://go-review.googlesource.com/c/go/+/650717
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
---
 bogo_config.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index 0ca65a6c..15215940 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -53,7 +53,7 @@
         "JustConfiguringKyberWorks": "we always send a X25519 key share with Kyber",
         "KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
         "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
-        "GREASE-Server-TLS13": "TODO ???",
+        "GREASE-Server-TLS13": "We don't send GREASE extensions",
         "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
         "SendBogusAlertType": "sending wrong alert type",
         "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",

From 72c2909cb250e0624aa3b5a43e52fdb74f36d044 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Wed, 26 Feb 2025 14:13:15 -0500
Subject: [PATCH 13/95] crypto/tls: align cert decode alert w/ BSSL

For malformed client/server certificates in a TLS handshake send
a decode_error alert, matching BoringSSL behaviour.

Previously crypto/tls used a bad_certificate alert for this purpose.
The TLS specification is imprecise enough to allow this to be considered
a spec. justified choice, but since all other places in the protocol
encourage using decode_error for structurally malformed messages we may
as well do the same here and get some extra cross-impl consistency for
free.

This also allows un-ignoring the BoGo
GarbageCertificate-[Client|Server]-[TLS12|TLS13] tests.

Updates #72006

Change-Id: Ide45ba1602816e71c3289a60e77587266c3b9036
Reviewed-on: https://go-review.googlesource.com/c/go/+/652995
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json    | 1 -
 handshake_client.go | 2 +-
 handshake_server.go | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 15215940..6a9a6dfc 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -54,7 +54,6 @@
         "KyberKeyShareIncludedSecond": "we always send the Kyber key share first",
         "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
         "GREASE-Server-TLS13": "We don't send GREASE extensions",
-        "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
         "SendBogusAlertType": "sending wrong alert type",
         "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
         "*Client-P-224*": "no P-224 support",
diff --git a/handshake_client.go b/handshake_client.go
index 1be0c82c..f6930c5d 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -1096,7 +1096,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 	for i, asn1Data := range certificates {
 		cert, err := globalCertCache.newCert(asn1Data)
 		if err != nil {
-			c.sendAlert(alertBadCertificate)
+			c.sendAlert(alertDecodeError)
 			return errors.New("tls: failed to parse certificate from server: " + err.Error())
 		}
 		if cert.cert.PublicKeyAlgorithm == x509.RSA {
diff --git a/handshake_server.go b/handshake_server.go
index 641bbec0..bb3d3065 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -909,7 +909,7 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 	var err error
 	for i, asn1Data := range certificates {
 		if certs[i], err = x509.ParseCertificate(asn1Data); err != nil {
-			c.sendAlert(alertBadCertificate)
+			c.sendAlert(alertDecodeError)
 			return errors.New("tls: failed to parse client certificate: " + err.Error())
 		}
 		if certs[i].PublicKeyAlgorithm == x509.RSA {

From 0d36914a975a95d9559b96e6f496c31ff7aa5674 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Wed, 26 Feb 2025 15:59:25 -0500
Subject: [PATCH 14/95] crypto/tls: reject TLS 1.3 compat session ID in TLS 1.2

If we weren't resuming an existing session, and we constructed a TLS 1.3
compatible client hello, ensure the server doesn't echo back the
made up compatibility session ID if we end up handshaking for TLS 1.2.

As part of an effort to make the initial stages of a TLS 1.3 handshake
compatible with TLS 1.2 middleboxes, TLS 1.3 requires that the client
hello contain a non-empty legacy_session_id value. For anti-ossification
purposes it's recommended this ID be randomly generated. This is the
strategy the crypto/tls package takes.

When we follow this approach, but then end up negotiating TLS 1.2, the
server should not have echoed back that random ID to us. It's impossible
for the server to have had a session with a matching ID and so it is
misbehaving and it's prudent for our side to abort the handshake.

See RFC 8446 Section 4.1.2 for more detail:
  https://www.rfc-editor.org/rfc/rfc8446#section-4.1.2

Adopting this behaviour allows un-ignoring the BoGo
EchoTLS13CompatibilitySessionID testcase.

Updates #72006

Change-Id: I1e52075177a13a7aa103b45498eae38d8a4c34b9
Reviewed-on: https://go-review.googlesource.com/c/go/+/652997
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 bogo_config.json    |  1 -
 handshake_client.go | 13 +++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index 6a9a6dfc..5261a35c 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -55,7 +55,6 @@
         "KyberKeyShareIncludedThird": "we always send the Kyber key share first",
         "GREASE-Server-TLS13": "We don't send GREASE extensions",
         "SendBogusAlertType": "sending wrong alert type",
-        "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
         "*Client-P-224*": "no P-224 support",
         "*Server-P-224*": "no P-224 support",
         "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
diff --git a/handshake_client.go b/handshake_client.go
index f6930c5d..1b6d6728 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -557,6 +557,19 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
 func (hs *clientHandshakeState) handshake() error {
 	c := hs.c
 
+	// If we did not load a session (hs.session == nil), but we did set a
+	// session ID in the transmitted client hello (hs.hello.sessionId != nil),
+	// it means we tried to negotiate TLS 1.3 and sent a random session ID as a
+	// compatibility measure (see RFC 8446, Section 4.1.2).
+	//
+	// Since we're now handshaking for TLS 1.2, if the server echoed the
+	// transmitted ID back to us, we know mischief is afoot: the session ID
+	// was random and can't possibly be recognized by the server.
+	if hs.session == nil && hs.hello.sessionId != nil && bytes.Equal(hs.hello.sessionId, hs.serverHello.sessionId) {
+		c.sendAlert(alertIllegalParameter)
+		return errors.New("tls: server echoed TLS 1.3 compatibility session ID in TLS 1.2")
+	}
+
 	isResume, err := hs.processServerHello()
 	if err != nil {
 		return err

From 50942051371b49f6d09363cec8f8b1a19108d787 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 12 Mar 2025 16:36:08 +0100
Subject: [PATCH 15/95] crypto/tls: allow P-521 in FIPS 140-3 mode and
 Go+BoringCrypto

Partially reverts CL 587296, restoring the Go+BoringCrypto 1.23 behavior
in terms of supported curves.

Updates #71757

Change-Id: I6a6a465651a8407056fd0fae091d10a945b37997
Reviewed-on: https://go-review.googlesource.com/c/go/+/657095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
---
 defaults.go  | 6 ++++--
 fips_test.go | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/defaults.go b/defaults.go
index f25d0d3c..ab346e18 100644
--- a/defaults.go
+++ b/defaults.go
@@ -92,7 +92,8 @@ var defaultCipherSuitesTLS13NoAES = []uint16{
 }
 
 // The FIPS-only policies below match BoringSSL's
-// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2.
+// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2, with
+// minor changes per https://go.dev/issue/71757.
 // https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88fa
 
 var defaultSupportedVersionsFIPS = []uint16{
@@ -102,7 +103,7 @@ var defaultSupportedVersionsFIPS = []uint16{
 
 // defaultCurvePreferencesFIPS are the FIPS-allowed curves,
 // in preference order (most preferable first).
-var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384}
+var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521}
 
 // defaultSupportedSignatureAlgorithmsFIPS currently are a subset of
 // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
@@ -115,6 +116,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
 	PKCS1WithSHA384,
 	ECDSAWithP384AndSHA384,
 	PKCS1WithSHA512,
+	ECDSAWithP521AndSHA512,
 }
 
 // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.
diff --git a/fips_test.go b/fips_test.go
index e891fcc8..d5ac9b68 100644
--- a/fips_test.go
+++ b/fips_test.go
@@ -106,7 +106,7 @@ func isFIPSCipherSuite(id uint16) bool {
 
 func isFIPSCurve(id CurveID) bool {
 	switch id {
-	case CurveP256, CurveP384:
+	case CurveP256, CurveP384, CurveP521:
 		return true
 	}
 	return false
@@ -130,6 +130,7 @@ func isFIPSSignatureScheme(alg SignatureScheme) bool {
 		PKCS1WithSHA384,
 		ECDSAWithP384AndSHA384,
 		PKCS1WithSHA512,
+		ECDSAWithP521AndSHA512,
 		PSSWithSHA256,
 		PSSWithSHA384,
 		PSSWithSHA512:

From fdf7df4b2de741736f6533858e9a27ab0beb07ba Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Thu, 27 Feb 2025 14:01:13 +0100
Subject: [PATCH 16/95] crypto/tls: add ConnectionState.CurveID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This required adding a new field to SessionState for TLS 1.0–1.2, since
the key exchange is not repeated on resumption. The additional field is
unfortunately not backwards compatible because current Go versions check
that the encoding has no extra data at the end, but will cause
cross-version tickets to be ignored. Relaxed that so we can add fields
in a backwards compatible way the next time.

For the cipher suite, we check that the session's is still acceptable
per the Config. That would arguably make sense here, too: if a Config
for example requires PQ, we should reject resumptions of connections
that didn't use PQ. However, that only applies to pre-TLS 1.3
connections, since in TLS 1.3 we always do a fresh key exchange on
resumption. Since PQ is the only main differentiator between key
exchanges (aside from off-by-default non-PFS RSA, which are controlled
by the cipher suite in TLS 1.0–1.2) and it's PQ-only, we can skip that
check.

Fixes #67516

Change-Id: I6a6a465681a6292edf66c7b8df8f4aba4171a76b
Reviewed-on: https://go-review.googlesource.com/c/go/+/653315
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 common.go                                    |   9 +-
 conn.go                                      |   3 +-
 handshake_client.go                          |   4 +-
 handshake_messages_test.go                   |   6 +-
 handshake_server.go                          |   1 +
 handshake_server_test.go                     |   2 +-
 testdata/Server-TLSv10-ExportKeyingMaterial  |  78 +++---
 testdata/Server-TLSv12-ALPN                  |  62 ++---
 testdata/Server-TLSv12-ALPN-Fallback         |  64 ++---
 testdata/Server-TLSv12-ALPN-NotConfigured    |  64 ++---
 testdata/Server-TLSv12-ExportKeyingMaterial  |  80 +++---
 testdata/Server-TLSv12-IssueTicket           |  74 +++---
 testdata/Server-TLSv12-IssueTicketPreDisable |  74 +++---
 testdata/Server-TLSv12-Resume                |  89 +++----
 ticket.go                                    |  63 +++--
 tls_test.go                                  | 249 ++++++++++++-------
 16 files changed, 506 insertions(+), 416 deletions(-)

diff --git a/common.go b/common.go
index f2dde975..dd6f1dac 100644
--- a/common.go
+++ b/common.go
@@ -247,6 +247,11 @@ type ConnectionState struct {
 	// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_AES_128_GCM_SHA256).
 	CipherSuite uint16
 
+	// CurveID is the key exchange mechanism used for the connection. The name
+	// refers to elliptic curves for legacy reasons, see [CurveID]. If a legacy
+	// RSA key exchange is used, this value is zero.
+	CurveID CurveID
+
 	// NegotiatedProtocol is the application protocol negotiated with ALPN.
 	NegotiatedProtocol string
 
@@ -304,10 +309,6 @@ type ConnectionState struct {
 
 	// testingOnlyDidHRR is true if a HelloRetryRequest was sent/received.
 	testingOnlyDidHRR bool
-
-	// testingOnlyCurveID is the selected CurveID, or zero if an RSA exchanges
-	// is performed.
-	testingOnlyCurveID CurveID
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
diff --git a/conn.go b/conn.go
index 8163328d..1276665a 100644
--- a/conn.go
+++ b/conn.go
@@ -1633,8 +1633,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	state.NegotiatedProtocol = c.clientProtocol
 	state.DidResume = c.didResume
 	state.testingOnlyDidHRR = c.didHRR
-	// c.curveID is not set on TLS 1.0–1.2 resumptions. Fix that before exposing it.
-	state.testingOnlyCurveID = c.curveID
+	state.CurveID = c.curveID
 	state.NegotiatedProtocolIsMutual = true
 	state.ServerName = c.serverName
 	state.CipherSuite = c.cipherSuite
diff --git a/handshake_client.go b/handshake_client.go
index 1b6d6728..ce48ec4f 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -271,6 +271,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 	// This may be a renegotiation handshake, in which case some fields
 	// need to be reset.
 	c.didResume = false
+	c.curveID = 0
 
 	hello, keyShareKeys, ech, err := c.makeClientHello()
 	if err != nil {
@@ -958,10 +959,11 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
 	c.verifiedChains = hs.session.verifiedChains
 	c.ocspResponse = hs.session.ocspResponse
 	// Let the ServerHello SCTs override the session SCTs from the original
-	// connection, if any are provided
+	// connection, if any are provided.
 	if len(c.scts) == 0 && len(hs.session.scts) != 0 {
 		c.scts = hs.session.scts
 	}
+	c.curveID = hs.session.curveID
 
 	return true, nil
 }
diff --git a/handshake_messages_test.go b/handshake_messages_test.go
index e4112bfc..aafb889b 100644
--- a/handshake_messages_test.go
+++ b/handshake_messages_test.go
@@ -424,11 +424,13 @@ func (*SessionState) Generate(rand *rand.Rand, size int) reflect.Value {
 	if rand.Intn(10) > 5 && s.EarlyData {
 		s.alpnProtocol = string(randomBytes(rand.Intn(10), rand))
 	}
-	if s.isClient {
-		if isTLS13 {
+	if isTLS13 {
+		if s.isClient {
 			s.useBy = uint64(rand.Int63())
 			s.ageAdd = uint32(rand.Int63() & math.MaxUint32)
 		}
+	} else {
+		s.curveID = CurveID(rand.Intn(30000) + 1)
 	}
 	return reflect.ValueOf(s)
 }
diff --git a/handshake_server.go b/handshake_server.go
index bb3d3065..6321606e 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -539,6 +539,7 @@ func (hs *serverHandshakeState) checkForResumption() error {
 	c.extMasterSecret = sessionState.extMasterSecret
 	hs.sessionState = sessionState
 	hs.suite = suite
+	c.curveID = sessionState.curveID
 	c.didResume = true
 	return nil
 }
diff --git a/handshake_server_test.go b/handshake_server_test.go
index f533023a..2c75b78e 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -736,7 +736,7 @@ func (test *serverTest) run(t *testing.T, write bool) {
 		t.Fatalf("%s: mismatch on peer list length: %d (wanted) != %d (got)", test.name, len(test.expectedPeerCerts), len(peerCerts))
 	}
 
-	if test.validate != nil {
+	if test.validate != nil && !t.Failed() {
 		if err := test.validate(connState); err != nil {
 			t.Fatalf("validate callback returned error: %s", err)
 		}
diff --git a/testdata/Server-TLSv10-ExportKeyingMaterial b/testdata/Server-TLSv10-ExportKeyingMaterial
index b3d0f7d0..114ec370 100644
--- a/testdata/Server-TLSv10-ExportKeyingMaterial
+++ b/testdata/Server-TLSv10-ExportKeyingMaterial
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 55 01 00 00  51 03 01 e0 8d 7b f2 8d  |....U...Q....{..|
-00000010  45 9f c5 40 1b be 81 05  a1 83 82 c1 54 4a c7 1c  |E..@........TJ..|
-00000020  f1 f8 d5 6c 7a ff 93 81  e2 a2 ba 00 00 04 c0 14  |...lz...........|
+00000000  16 03 01 00 55 01 00 00  51 03 01 fb 2f 2f 8e 61  |....U...Q...//.a|
+00000010  23 39 d1 13 76 62 4e f8  d5 40 82 a3 89 78 bf fe  |#9..vbN..@...x..|
+00000020  31 e9 60 d5 e1 e2 1c 54  7a bc 0b 00 00 04 c0 14  |1.`....Tz.......|
 00000030  00 ff 01 00 00 24 00 0b  00 04 03 00 01 02 00 0a  |.....$..........|
 00000040  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 23  |...............#|
 00000050  00 00 00 16 00 00 00 17  00 00                    |..........|
@@ -51,42 +51,42 @@
 000002a0  fa e7 16 03 01 00 aa 0c  00 00 a6 03 00 1d 20 2f  |.............. /|
 000002b0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000002c0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 00  |.........._X.;t.|
-000002d0  80 3d ff b7 ad d5 15 4f  10 6e 8a d2 ad 8a 6b 1b  |.=.....O.n....k.|
-000002e0  9d 6c f2 92 99 c7 d7 d8  07 d5 c7 77 09 22 41 4f  |.l.........w."AO|
-000002f0  7f ca 3e 8c 22 ba 2b f2  75 5f 47 c9 7e 0c 03 5d  |..>.".+.u_G.~..]|
-00000300  1a 66 c3 c8 f3 76 f0 f6  fa 03 40 3a 9b e7 2b 35  |.f...v....@:..+5|
-00000310  bc c7 5e 62 a6 97 8a 1a  17 e3 13 4c 1f 88 39 2a  |..^b.......L..9*|
-00000320  5b cc 9c 65 df 27 1e b3  26 d7 46 3e 76 a9 ae 71  |[..e.'..&.F>v..q|
-00000330  11 4d d6 10 b4 2e 30 37  a1 b4 ff 46 91 77 c7 4c  |.M....07...F.w.L|
-00000340  f9 8e e3 96 88 d2 1e c5  9d fb a1 be c6 ef 5d f0  |..............].|
-00000350  52 16 03 01 00 04 0e 00  00 00                    |R.........|
+000002d0  80 ca 44 f4 0f ef d9 cb  a9 88 61 a3 b4 f2 1b 9c  |..D.......a.....|
+000002e0  e9 a1 c2 c7 84 58 0e 3e  ee 95 21 52 61 be 80 64  |.....X.>..!Ra..d|
+000002f0  46 17 d5 c7 71 7c 43 41  70 2d 84 9a 49 1c bf 34  |F...q|CAp-..I..4|
+00000300  f4 05 1a 0f 9c 00 c5 2d  64 37 84 34 5e d7 5c 06  |.......-d7.4^.\.|
+00000310  50 99 f9 d5 a0 19 4b 2d  aa 67 e4 17 c7 b4 23 26  |P.....K-.g....#&|
+00000320  94 a1 cd e0 cb b1 33 9b  e6 c6 a3 a7 25 93 87 7e  |......3.....%..~|
+00000330  37 ee 9c a0 42 b6 fd 60  59 02 4b 17 4a 4d f3 f2  |7...B..`Y.K.JM..|
+00000340  2d 2a e7 8d 96 41 86 43  0a 7b 4e fc c0 7d 38 f6  |-*...A.C.{N..}8.|
+00000350  f6 16 03 01 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
-00000000  16 03 01 00 25 10 00 00  21 20 01 39 8b 2b 21 99  |....%...! .9.+!.|
-00000010  fd fc b8 20 f1 51 97 c7  85 13 05 64 55 41 6b c4  |... .Q.....dUAk.|
-00000020  1a 5e d5 b2 7c 8b 31 08  0f 78 14 03 01 00 01 01  |.^..|.1..x......|
-00000030  16 03 01 00 30 d8 3b e6  9f f8 a8 b2 6b 8b fb 89  |....0.;.....k...|
-00000040  71 3b 55 cd c3 c9 78 3c  45 1b 8d 5f 70 4f bd 64  |q;U...x<E.._pO.d|
-00000050  a9 d1 c0 4d ce 34 e1 f9  d2 90 c9 49 b0 1f a3 76  |...M.4.....I...v|
-00000060  bd f4 78 d0 43                                    |..x.C|
+00000000  16 03 01 00 25 10 00 00  21 20 31 ff 4d ee 06 0b  |....%...! 1.M...|
+00000010  de ce ed 73 65 16 9e d5  f5 d6 dd 79 bf 08 28 77  |...se......y..(w|
+00000020  39 7b 3a 49 f0 3d 94 48  24 03 14 03 01 00 01 01  |9{:I.=.H$.......|
+00000030  16 03 01 00 30 26 b8 c3  f1 3a 49 50 d6 cf c3 83  |....0&...:IP....|
+00000040  66 57 f0 8b 63 61 14 75  d4 34 fc ba 22 7f 41 15  |fW..ca.u.4..".A.|
+00000050  30 40 56 35 7c f8 ad 5a  81 c2 11 a9 67 91 f7 2a  |0@V5|..Z....g..*|
+00000060  4c 07 13 60 dc                                    |L..`.|
 >>> Flow 4 (server to client)
-00000000  16 03 01 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 01 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6d 2d 70 97 51 ed 14 ef  68 ca 42 c5 4c 71 8e 74  |m-p.Q...h.B.Lq.t|
-00000030  d4 83 d6 4a 5b 69 f8 af  61 3a 98 83 19 d5 7c 60  |...J[i..a:....|`|
-00000040  4a 1e f4 b7 26 b8 99 b5  45 6f a3 8d 97 63 5f 1b  |J...&...Eo...c_.|
-00000050  ab f4 84 59 db ce 99 ce  b8 6a 23 d5 15 49 38 16  |...Y.....j#..I8.|
-00000060  7e 51 5c e5 15 c0 58 7d  c0 ee 59 1b e4 6e 1f c8  |~Q\...X}..Y..n..|
-00000070  fc d4 2c 33 ed 0a 2b e0  78 04 64 4b 56 e4 af 61  |..,3..+.x.dKV..a|
-00000080  c6 b5 7d f5 a0 86 9f e3  14 03 01 00 01 01 16 03  |..}.............|
-00000090  01 00 30 73 2b f0 16 d3  a8 02 b3 73 98 5e 4e a0  |..0s+......s.^N.|
-000000a0  ca 5b c4 50 fb 5a 92 11  43 97 e9 e3 16 9f 08 0a  |.[.P.Z..C.......|
-000000b0  56 73 e6 44 67 70 aa 3d  bb c1 36 c8 63 1c 2b 51  |Vs.Dgp.=..6.c.+Q|
-000000c0  1f 3b 81 17 03 01 00 20  4c 93 10 5c 01 e2 63 12  |.;..... L..\..c.|
-000000d0  97 6b e1 89 fb e7 14 cf  ec 70 d1 fe 6f ea 8b 09  |.k.......p..o...|
-000000e0  63 5f 8c 8a 9e b5 ac b8  17 03 01 00 30 a1 ad dd  |c_..........0...|
-000000f0  92 ac a8 6e 77 ed c2 ed  59 b6 a8 41 ad 45 59 8c  |...nw...Y..A.EY.|
-00000100  4e 1d 16 36 57 e6 2f 47  3d 10 0f 36 04 00 b0 c1  |N..6W./G=..6....|
-00000110  a7 94 25 8e 77 1e 69 20  41 6c c0 9d 26 15 03 01  |..%.w.i Al..&...|
-00000120  00 20 c5 83 26 5d 20 cb  16 7e 27 63 d7 96 aa 96  |. ..&] ..~'c....|
-00000130  37 19 2a 7a 18 d4 85 08  25 32 85 d5 b5 e3 4e 9b  |7.*z....%2....N.|
-00000140  98 f5                                             |..|
+00000020  6d 2d 70 97 51 ed 14 ef  68 ca 42 c5 4c ed db 91  |m-p.Q...h.B.L...|
+00000030  26 40 46 a4 da 9a 13 33  d7 75 7c e0 2f 98 9f 5a  |&@F....3.u|./..Z|
+00000040  9c a9 12 db 59 ba 75 b2  a1 cb cf f9 75 05 c3 55  |....Y.u.....u..U|
+00000050  04 ee 2a 61 94 99 df 73  b3 0b 81 68 f3 49 38 16  |..*a...s...h.I8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 07 a3 db 42 00 b3 4c  |~Q\...X}R...B..L|
+00000070  77 09 cd 17 5f c1 da 85  f3 09 46 d6 e9 ae 7c e8  |w..._.....F...|.|
+00000080  3f 6a 74 38 f9 e7 de 23  0d 90 14 03 01 00 01 01  |?jt8...#........|
+00000090  16 03 01 00 30 fa 7e 6e  18 87 06 c8 26 ae a0 34  |....0.~n....&..4|
+000000a0  1a 58 05 9e 0c 47 60 93  8c 83 15 98 ad ee de 62  |.X...G`........b|
+000000b0  53 6f 1b 44 90 45 d9 22  0b e3 d8 25 32 75 68 ae  |So.D.E."...%2uh.|
+000000c0  c4 39 b9 05 93 17 03 01  00 20 ac 7a ac 04 59 6a  |.9....... .z..Yj|
+000000d0  75 a3 26 96 49 c8 f3 ef  39 a6 1f 07 20 d2 e6 bf  |u.&.I...9... ...|
+000000e0  b8 06 69 55 97 6c c4 68  01 b9 17 03 01 00 30 8b  |..iU.l.h......0.|
+000000f0  67 6e 9a ea 62 2c dc eb  aa 9b 57 e4 5f 82 14 c6  |gn..b,....W._...|
+00000100  11 d2 44 e7 5a 9d 13 c0  3e 38 de a7 82 33 44 8e  |..D.Z...>8...3D.|
+00000110  10 c2 20 c8 6b d2 af 12  b5 44 84 17 a9 2a ec 15  |.. .k....D...*..|
+00000120  03 01 00 20 56 39 68 ce  01 c1 52 dd 21 cb 65 a0  |... V9h...R.!.e.|
+00000130  5d 28 00 d6 7f f0 c1 38  51 51 98 4f cb 13 5a 41  |](.....8QQ.O..ZA|
+00000140  7b 34 be f8                                       |{4..|
diff --git a/testdata/Server-TLSv12-ALPN b/testdata/Server-TLSv12-ALPN
index ccd4a086..6ee4bc80 100644
--- a/testdata/Server-TLSv12-ALPN
+++ b/testdata/Server-TLSv12-ALPN
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 9d 01 00 00  99 03 03 f7 12 13 92 75  |...............u|
-00000010  34 ab f3 e8 a2 19 2d 3c  0c 8b 9e c3 e8 22 7e d8  |4.....-<....."~.|
-00000020  66 f9 08 88 70 9b cc 37  95 43 a7 00 00 04 cc a8  |f...p..7.C......|
+00000000  16 03 01 00 9d 01 00 00  99 03 03 4c 3c dd 9a 33  |...........L<..3|
+00000010  a3 3d c3 9d 54 4c a8 e7  d4 2d 20 59 11 bc 48 71  |.=..TL...- Y..Hq|
+00000020  bc 5d 6b 24 fd 97 a2 30  4a 2f c8 00 00 04 cc a8  |.]k$...0J/......|
 00000030  00 ff 01 00 00 6c 00 0b  00 04 03 00 01 02 00 0a  |.....l..........|
 00000040  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 23  |...............#|
 00000050  00 00 00 10 00 10 00 0e  06 70 72 6f 74 6f 32 06  |.........proto2.|
@@ -57,35 +57,35 @@
 000002b0  03 03 00 ac 0c 00 00 a8  03 00 1d 20 2f e5 7d a3  |........... /.}.|
 000002c0  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 000002d0  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 08 04 00 80  |......._X.;t....|
-000002e0  2a 3d 85 27 96 fe 41 e2  5a cc 39 dd 8a 8e 64 73  |*=.'..A.Z.9...ds|
-000002f0  ef 98 04 5c ac d2 8f 5e  55 b8 37 da 10 68 33 b8  |...\...^U.7..h3.|
-00000300  63 83 e1 c9 9a e6 3a e9  c9 20 cc 57 58 e2 ba bc  |c.....:.. .WX...|
-00000310  e3 ac ab aa 08 e2 1e 6f  66 90 d7 66 c5 73 60 0d  |.......of..f.s`.|
-00000320  19 4f eb 99 9d d1 b1 91  36 80 b9 20 aa f5 d9 c8  |.O......6.. ....|
-00000330  44 a7 99 c9 a6 4d 2c ff  ca 4d 84 f2 a5 bf 02 c5  |D....M,..M......|
-00000340  61 77 7e 4a e6 7c dd bf  48 fc a6 53 fb c4 d3 dd  |aw~J.|..H..S....|
-00000350  e6 20 b9 74 90 82 4a 3a  73 0a 81 74 07 a3 23 fe  |. .t..J:s..t..#.|
+000002e0  82 9a 38 98 24 59 07 8b  a9 7e d3 9f c3 70 8d 87  |..8.$Y...~...p..|
+000002f0  2d 1b 53 f3 36 96 4a 07  83 80 1e 62 23 b4 79 c9  |-.S.6.J....b#.y.|
+00000300  93 48 0a 54 ad 03 5e 71  c3 69 d9 b7 be 93 c0 e8  |.H.T..^q.i......|
+00000310  13 bd 10 67 b1 ea 8f f0  72 ed e1 54 b1 e5 a8 ca  |...g....r..T....|
+00000320  c7 b2 ac 2e 14 ab 6a 84  2b 97 e6 8f 68 1c e9 83  |......j.+...h...|
+00000330  73 70 24 40 99 f7 86 2a  c7 08 1f bc bd df a2 24  |sp$@...*.......$|
+00000340  75 33 81 29 18 69 d5 5e  93 91 63 62 ee e9 8f b6  |u3.).i.^..cb....|
+00000350  fc d1 00 5d b2 b5 cc 5f  c9 83 8d fd f8 dd 7a cd  |...]..._......z.|
 00000360  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 d1 bb f1 17 6c 41  |....%...! ....lA|
-00000010  8f 14 84 d2 98 99 30 0c  8a 00 4c 39 37 15 f5 be  |......0...L97...|
-00000020  81 8d 08 e0 11 c1 f7 65  43 0b 14 03 03 00 01 01  |.......eC.......|
-00000030  16 03 03 00 20 ab 15 bb  47 30 42 c9 7d 45 f8 5d  |.... ...G0B.}E.]|
-00000040  21 79 3b 4d 5e a9 99 f5  7d f3 4e 7e ba b9 9b 30  |!y;M^...}.N~...0|
-00000050  b6 14 4d ba f9                                    |..M..|
+00000000  16 03 03 00 25 10 00 00  21 20 61 d8 61 58 30 ba  |....%...! a.aX0.|
+00000010  44 5b 31 35 e3 4e 92 87  d0 10 0c 83 96 98 b5 73  |D[15.N.........s|
+00000020  31 40 7a fd 78 8a cf b4  af 53 14 03 03 00 01 01  |1@z.x....S......|
+00000030  16 03 03 00 20 14 80 2b  46 28 9e a8 1b d5 9a bd  |.... ..+F(......|
+00000040  6c da 22 62 a9 7d d8 c1  e5 d7 63 6f 26 3f ca 1c  |l."b.}....co&?..|
+00000050  5e 53 8b 3c f3                                    |^S.<.|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 03 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6f 2d 7c 2b 51 ed 14 ef  68 ca 42 c5 4c f3 5c b9  |o-|+Q...h.B.L.\.|
-00000030  84 7d 30 9e 2f 9d 4d 0e  59 b4 28 fd 17 10 cd 1e  |.}0./.M.Y.(.....|
-00000040  1c d3 2c 5e d9 dc db 26  d0 b9 00 4b 0a 13 54 90  |..,^...&...K..T.|
-00000050  f2 7b 68 75 6b 00 34 66  9e 43 29 06 16 49 38 16  |.{huk.4f.C)..I8.|
-00000060  7e 51 5c e5 15 c0 58 7d  52 0b 16 21 d8 2c e8 c8  |~Q\...X}R..!.,..|
-00000070  8e 3a f6 aa fa 21 45 4a  17 02 67 7d 93 1c 95 88  |.:...!EJ..g}....|
-00000080  36 a5 19 53 74 74 81 e1  14 03 03 00 01 01 16 03  |6..Stt..........|
-00000090  03 00 20 3d 66 04 37 0c  40 cc 20 2c 1c 16 ba 05  |.. =f.7.@. ,....|
-000000a0  d6 7b 40 04 27 40 6f cc  d7 af 68 fb 32 49 6c 4f  |.{@.'@o...h.2IlO|
-000000b0  f3 01 bf 17 03 03 00 1d  99 10 78 bc fa 7e 8a 86  |..........x..~..|
-000000c0  4c b8 e4 7c e2 79 70 eb  ad 33 44 e1 ab 7a c9 ae  |L..|.yp..3D..z..|
-000000d0  47 fe 39 50 d1 15 03 03  00 12 9e 9a be b0 55 c3  |G.9P..........U.|
-000000e0  3a 5f 5c e0 4b 8f 4f 81  52 d3 89 09              |:_\.K.O.R...|
+00000020  6f 2d 7c 2b 51 ed 14 ef  68 ca 42 c5 4c a3 4e 47  |o-|+Q...h.B.L.NG|
+00000030  75 8d 90 24 a8 60 43 a8  3b 00 81 b1 1d 41 ce bf  |u..$.`C.;....A..|
+00000040  ec 75 e9 32 6b 9b 21 9f  0f 56 27 b2 e5 9e 9a 01  |.u.2k.!..V'.....|
+00000050  aa c7 63 81 8b 90 45 fa  64 75 96 e3 c8 49 38 16  |..c...E.du...I8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 07 32 1b 54 23 7f 75  |~Q\...X}R.2.T#.u|
+00000070  8a 30 1c 6a 94 57 27 7d  06 25 05 b7 ae ce 5c a4  |.0.j.W'}.%....\.|
+00000080  58 21 47 f2 04 bc 3a f1  6d 20 14 03 03 00 01 01  |X!G...:.m ......|
+00000090  16 03 03 00 20 94 0c cf  54 2b fb 49 26 19 d4 06  |.... ...T+.I&...|
+000000a0  0e b6 71 b5 d9 24 f6 d1  99 36 78 1c 96 b4 12 e0  |..q..$...6x.....|
+000000b0  20 5a 2a a7 ad 17 03 03  00 1d 19 36 ef 7d 53 24  | Z*........6.}S$|
+000000c0  0c 5e 48 24 c6 ad 91 ca  44 0d 2e fb 10 fd 58 2f  |.^H$....D.....X/|
+000000d0  86 5c be c6 64 01 c6 15  03 03 00 12 26 94 16 38  |.\..d.......&..8|
+000000e0  6c 23 4e 29 03 96 c6 6a  a8 af 32 0b 2e 9e        |l#N)...j..2...|
diff --git a/testdata/Server-TLSv12-ALPN-Fallback b/testdata/Server-TLSv12-ALPN-Fallback
index 07020125..a453fcc5 100644
--- a/testdata/Server-TLSv12-ALPN-Fallback
+++ b/testdata/Server-TLSv12-ALPN-Fallback
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 a6 01 00 00  a2 03 03 ea e2 1b 90 0e  |................|
-00000010  91 d5 9f b2 c6 ee 72 37  19 f5 14 cd ca a9 ca 03  |......r7........|
-00000020  98 c4 2e d4 85 05 4a a5  02 e1 4b 00 00 04 cc a8  |......J...K.....|
+00000000  16 03 01 00 a6 01 00 00  a2 03 03 74 b9 ce 14 2f  |...........t.../|
+00000010  85 a9 93 bf 60 4e 5c 5c  6e 47 34 cf b8 27 f8 dc  |....`N\\nG4..'..|
+00000020  b1 5b a8 eb e0 fa da a0  1b b6 9c 00 00 04 cc a8  |.[..............|
 00000030  00 ff 01 00 00 75 00 0b  00 04 03 00 01 02 00 0a  |.....u..........|
 00000040  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 23  |...............#|
 00000050  00 00 00 10 00 19 00 17  06 70 72 6f 74 6f 33 08  |.........proto3.|
@@ -56,35 +56,35 @@
 000002a0  fa e7 16 03 03 00 ac 0c  00 00 a8 03 00 1d 20 2f  |.............. /|
 000002b0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000002c0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 08  |.........._X.;t.|
-000002d0  04 00 80 85 e9 a6 5c 79  bc db ed 97 fb 30 ca fd  |......\y.....0..|
-000002e0  32 13 19 3f da 6f fd c1  11 74 fe e9 6f 60 ec 7e  |2..?.o...t..o`.~|
-000002f0  48 7e 17 33 9b 8d 2a c2  82 e0 18 38 f3 0f 20 27  |H~.3..*....8.. '|
-00000300  81 0f c9 47 bf 5f 2b 2f  65 1c 6b e3 b7 72 85 46  |...G._+/e.k..r.F|
-00000310  5c 15 dc fd e6 be cf 50  51 62 f5 d9 17 e2 e8 bf  |\......PQb......|
-00000320  08 7f 37 71 91 88 83 7f  e3 90 66 66 c4 d8 60 25  |..7q......ff..`%|
-00000330  53 f7 9f 44 20 89 48 ff  c2 3b 6d 21 e5 8c dc e5  |S..D .H..;m!....|
-00000340  42 ea d8 14 93 96 2f 53  24 66 e7 bb e7 2c 1f 92  |B...../S$f...,..|
-00000350  90 80 23 16 03 03 00 04  0e 00 00 00              |..#.........|
+000002d0  04 00 80 22 97 55 0d 4c  fe 5e 4e 45 b7 9b b2 f8  |...".U.L.^NE....|
+000002e0  29 c7 7a 33 b5 e0 06 92  4f b3 6e 67 ad 4e 69 20  |).z3....O.ng.Ni |
+000002f0  e5 82 b6 93 84 52 05 fd  99 d1 94 67 e4 7d bc 1d  |.....R.....g.}..|
+00000300  f7 16 d7 24 95 61 db ed  92 16 11 ee c1 c5 6f 82  |...$.a........o.|
+00000310  8e 6b 10 69 31 d2 17 1a  6f 25 a0 d5 4b 7e c9 ba  |.k.i1...o%..K~..|
+00000320  13 3e c4 94 46 63 e2 6e  c6 ca d0 e4 09 5a 2a 39  |.>..Fc.n.....Z*9|
+00000330  12 c0 fc 37 14 4e a8 1f  74 4e 44 86 1a 29 d4 a0  |...7.N..tND..)..|
+00000340  5f e5 0a 22 6c 09 78 29  be 33 a5 2c d9 b3 5f ec  |_.."l.x).3.,.._.|
+00000350  f1 5e 87 16 03 03 00 04  0e 00 00 00              |.^..........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 e8 d1 46 5e 70 b5  |....%...! ..F^p.|
-00000010  34 1c 6f cd be f0 86 24  2a d6 55 ae 97 de 52 0c  |4.o....$*.U...R.|
-00000020  67 10 a0 02 ed ae f8 47  aa 52 14 03 03 00 01 01  |g......G.R......|
-00000030  16 03 03 00 20 52 cf 5d  07 bb bc e8 86 d4 f4 3e  |.... R.].......>|
-00000040  49 51 a7 1d f5 df 10 c4  5a 77 37 ba 68 3d 4e c5  |IQ......Zw7.h=N.|
-00000050  11 ac 67 b7 e2                                    |..g..|
+00000000  16 03 03 00 25 10 00 00  21 20 a4 f2 f3 f8 81 68  |....%...! .....h|
+00000010  6f 8d d5 2c 93 fe ee cf  f6 28 ae 06 9f 81 fa 0d  |o..,.....(......|
+00000020  ac 31 2b cf 05 4e cb a0  b3 14 14 03 03 00 01 01  |.1+..N..........|
+00000030  16 03 03 00 20 ca 3e f2  cd 68 42 34 26 61 40 29  |.... .>..hB4&a@)|
+00000040  dd 71 e1 52 b7 0e ec 1f  77 8e 1d 1b 95 dd 07 4f  |.q.R....w......O|
+00000050  c4 4d d8 02 83                                    |.M...|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 03 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6f 2d 7c 2b 51 ed 14 ef  68 ca 42 c5 4c 26 1d 23  |o-|+Q...h.B.L&.#|
-00000030  c4 90 54 85 8b 21 f5 0d  e8 48 f2 5f 4e 6b f1 25  |..T..!...H._Nk.%|
-00000040  e8 46 8a e5 3c 09 57 df  dd 37 a7 57 c5 a5 28 5a  |.F..<.W..7.W..(Z|
-00000050  21 83 2a 98 4b a5 44 aa  5b cc 30 e9 62 49 38 16  |!.*.K.D.[.0.bI8.|
-00000060  7e 51 5c e5 15 c0 58 7d  a4 aa c5 93 39 bb e2 b6  |~Q\...X}....9...|
-00000070  4f c4 3e 1e 03 dc 46 b1  f3 0d d2 61 6c 1e c5 e1  |O.>...F....al...|
-00000080  8f 18 2a 3c 85 83 c4 33  14 03 03 00 01 01 16 03  |..*<...3........|
-00000090  03 00 20 63 76 4f b3 77  4d 63 6c eb 73 f3 b2 ec  |.. cvO.wMcl.s...|
-000000a0  b8 49 3e c5 81 d5 53 0c  96 77 2f 3f 52 d0 e1 5b  |.I>...S..w/?R..[|
-000000b0  62 fa 0b 17 03 03 00 1d  2f 60 09 31 db e9 c5 23  |b......./`.1...#|
-000000c0  98 5c 46 23 a6 58 80 66  7d 50 84 f1 42 b8 65 65  |.\F#.X.f}P..B.ee|
-000000d0  77 2d d2 e4 be 15 03 03  00 12 b7 e8 e1 13 04 68  |w-.............h|
-000000e0  d5 21 c8 98 db 1b 1c 6e  4f b5 0b 9c              |.!.....nO...|
+00000020  6f 2d 7c 2b 51 ed 14 ef  68 ca 42 c5 4c 23 bb 4f  |o-|+Q...h.B.L#.O|
+00000030  57 15 7b bb 5c 23 ff bd  b0 3b c9 ce d7 8e b9 d8  |W.{.\#...;......|
+00000040  b6 35 dd 0b 5b fd 3f bf  c6 c9 74 86 d4 4e 1c 22  |.5..[.?...t..N."|
+00000050  fb 4e ea 39 16 d3 9d 08  c8 08 c8 94 c7 49 38 16  |.N.9.........I8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 07 e6 23 d9 47 91 c4  |~Q\...X}R..#.G..|
+00000070  55 a3 14 46 22 5a 68 ec  70 f1 cd 8b e0 36 5d 20  |U..F"Zh.p....6] |
+00000080  bb 33 6b d2 cc e0 bc 81  f6 ba 14 03 03 00 01 01  |.3k.............|
+00000090  16 03 03 00 20 06 6c 46  46 01 02 e9 42 de 4a dc  |.... .lFF...B.J.|
+000000a0  4b 55 15 6d e4 2c da 02  67 af 08 f1 15 f6 5a 72  |KU.m.,..g.....Zr|
+000000b0  0b 70 d3 28 ba 17 03 03  00 1d 5b 4f 16 d3 78 dd  |.p.(......[O..x.|
+000000c0  fb cb 38 70 cc dc 26 36  99 ad 67 e3 dc 2b c8 62  |..8p..&6..g..+.b|
+000000d0  1f a1 ad 3b e2 fd d7 15  03 03 00 12 e4 ca da 87  |...;............|
+000000e0  78 97 b2 b3 27 0f 3e 1a  97 8d ab fc 7c b9        |x...'.>.....|.|
diff --git a/testdata/Server-TLSv12-ALPN-NotConfigured b/testdata/Server-TLSv12-ALPN-NotConfigured
index 79f0748a..97d300d7 100644
--- a/testdata/Server-TLSv12-ALPN-NotConfigured
+++ b/testdata/Server-TLSv12-ALPN-NotConfigured
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 9d 01 00 00  99 03 03 19 26 ad 3f c0  |............&.?.|
-00000010  d6 a0 cc ac 9b 2a 91 d3  1a d5 96 78 5f 7c 3f e0  |.....*.....x_|?.|
-00000020  23 08 75 a1 ca cb aa da  d7 c8 0b 00 00 04 cc a8  |#.u.............|
+00000000  16 03 01 00 9d 01 00 00  99 03 03 23 13 3f 28 85  |...........#.?(.|
+00000010  56 f7 0f d1 b4 ee 5f 18  a0 58 8c c5 83 a4 13 24  |V....._..X.....$|
+00000020  9b 53 29 6e 28 35 a8 8c  0e 07 2a 00 00 04 cc a8  |.S)n(5....*.....|
 00000030  00 ff 01 00 00 6c 00 0b  00 04 03 00 01 02 00 0a  |.....l..........|
 00000040  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 23  |...............#|
 00000050  00 00 00 10 00 10 00 0e  06 70 72 6f 74 6f 32 06  |.........proto2.|
@@ -56,35 +56,35 @@
 000002a0  fa e7 16 03 03 00 ac 0c  00 00 a8 03 00 1d 20 2f  |.............. /|
 000002b0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000002c0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 08  |.........._X.;t.|
-000002d0  04 00 80 4f 9e 64 41 a6  8a 41 ab 9c c8 09 3e 94  |...O.dA..A....>.|
-000002e0  ee d2 9b ad 1b 3e a9 3c  7b 43 96 95 eb 4d b5 04  |.....>.<{C...M..|
-000002f0  1a 5f 0c b2 b3 a6 2c a4  e6 78 a8 b8 d5 6c 7f d0  |._....,..x...l..|
-00000300  16 e8 56 31 e0 4a 69 d3  6b 27 18 a3 4e f5 d1 6a  |..V1.Ji.k'..N..j|
-00000310  36 15 b5 fc 4d 15 50 90  a0 30 b9 49 3d ac 8c 84  |6...M.P..0.I=...|
-00000320  d2 15 31 70 df e5 a6 97  d0 64 f7 1d 8a a1 87 4d  |..1p.....d.....M|
-00000330  3c ee da 69 20 e4 31 67  ca f2 c0 09 ee 13 7c 78  |<..i .1g......|x|
-00000340  d6 c2 c0 39 e0 b8 00 52  a9 bf d0 99 e0 b0 66 70  |...9...R......fp|
-00000350  46 ae 62 16 03 03 00 04  0e 00 00 00              |F.b.........|
+000002d0  04 00 80 66 f8 99 59 3a  3a 64 36 75 11 53 eb 34  |...f..Y::d6u.S.4|
+000002e0  1d d7 56 1b fb 73 58 63  69 2d 3d b5 d0 05 ce 4d  |..V..sXci-=....M|
+000002f0  6d 6e 49 46 c2 ad 91 43  de b3 63 12 4b e6 e2 c8  |mnIF...C..c.K...|
+00000300  59 09 09 45 f2 b8 1e 95  71 b2 38 60 78 36 c5 46  |Y..E....q.8`x6.F|
+00000310  15 85 66 4b 83 e2 6f 07  df 3e 87 60 eb 85 2d 01  |..fK..o..>.`..-.|
+00000320  c4 ae 50 b8 0e e5 19 b4  1d a4 90 af 97 b7 87 9e  |..P.............|
+00000330  cb 3a 13 1f ec 78 6c d9  5d 14 03 b7 4b 8b 8d 92  |.:...xl.]...K...|
+00000340  06 cf a3 dc 59 30 36 0f  7f 24 11 ca b8 ff 46 4b  |....Y06..$....FK|
+00000350  0c 4e c2 16 03 03 00 04  0e 00 00 00              |.N..........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 b0 1a 5b c3 55 5f  |....%...! ..[.U_|
-00000010  0b b8 f3 69 ba 4f 49 93  05 0f b1 f1 d7 6b 6c 0c  |...i.OI......kl.|
-00000020  98 d0 22 78 0c ad 15 6b  24 5b 14 03 03 00 01 01  |.."x...k$[......|
-00000030  16 03 03 00 20 9d aa 3f  17 b3 16 88 d5 44 3d 03  |.... ..?.....D=.|
-00000040  3c 3c 8d 92 f1 2f e4 38  cc 42 20 2f ef 6a 29 c6  |<<.../.8.B /.j).|
-00000050  5c ca 44 81 f6                                    |\.D..|
+00000000  16 03 03 00 25 10 00 00  21 20 16 8d 5b 4a f7 e1  |....%...! ..[J..|
+00000010  c0 dd 5d e2 82 7d 4e c6  ef 66 ef 87 50 85 bf 0d  |..]..}N..f..P...|
+00000020  b5 3f 03 cc 64 f4 48 93  79 27 14 03 03 00 01 01  |.?..d.H.y'......|
+00000030  16 03 03 00 20 2c 69 26  7b 1b 84 2b 1d 33 43 cf  |.... ,i&{..+.3C.|
+00000040  95 c5 72 d6 7a 88 8f f9  aa 82 72 f4 02 c5 6e aa  |..r.z.....r...n.|
+00000050  a9 f7 f0 b9 44                                    |....D|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 03 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6f 2d 7c 2b 51 ed 14 ef  68 ca 42 c5 4c 9a f3 2b  |o-|+Q...h.B.L..+|
-00000030  7a 66 76 26 4f 73 12 14  ef a1 f4 8c c2 08 03 42  |zfv&Os.........B|
-00000040  4d d5 f9 d7 ab 31 78 51  f3 f4 94 49 5f 9d bf 23  |M....1xQ...I_..#|
-00000050  b2 11 7b ac 42 df 71 1a  37 db 64 99 a0 49 38 16  |..{.B.q.7.d..I8.|
-00000060  7e 51 5c e5 15 c0 58 7d  2d 89 ac 0d 05 31 27 ae  |~Q\...X}-....1'.|
-00000070  85 ff 27 56 24 4c 26 b3  bc 6c f6 20 80 dd bd ba  |..'V$L&..l. ....|
-00000080  a3 34 c2 32 a8 58 1b b9  14 03 03 00 01 01 16 03  |.4.2.X..........|
-00000090  03 00 20 74 e1 8a e6 a6  02 0d f7 e1 28 3a f4 c4  |.. t........(:..|
-000000a0  a6 8c 32 81 84 85 ec 58  6a 10 8a 6d c4 cc 10 3a  |..2....Xj..m...:|
-000000b0  32 3e df 17 03 03 00 1d  fd a8 94 23 3e 5d 96 b1  |2>.........#>]..|
-000000c0  68 a6 24 55 bf 29 08 93  c7 7b 9b 05 fc 0b 97 ff  |h.$U.)...{......|
-000000d0  7c 93 b0 34 82 15 03 03  00 12 43 9f 44 e4 63 e7  ||..4......C.D.c.|
-000000e0  3c 30 a5 da 9f 58 ac 01  e4 e2 a7 30              |<0...X.....0|
+00000020  6f 2d 7c 2b 51 ed 14 ef  68 ca 42 c5 4c 2e ba 80  |o-|+Q...h.B.L...|
+00000030  92 a2 2f 66 80 b9 56 b8  7b be 8f 7f 3e f1 92 8d  |../f..V.{...>...|
+00000040  bf a9 6d 23 58 04 c5 70  85 af a7 db e4 0f e5 87  |..m#X..p........|
+00000050  6e aa a1 58 2a 7c 3f 9b  15 36 ac a3 00 49 38 16  |n..X*|?..6...I8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 07 ff f3 10 e5 6f 3a  |~Q\...X}R.....o:|
+00000070  6f e9 dd 79 00 6d 46 a8  9d a3 6c 3b 1b 39 da 98  |o..y.mF...l;.9..|
+00000080  5a 36 f1 64 1f a6 4b f8  2b ff 14 03 03 00 01 01  |Z6.d..K.+.......|
+00000090  16 03 03 00 20 d1 e3 4a  cc 06 f0 a9 b6 f7 66 2d  |.... ..J......f-|
+000000a0  3d 07 70 e2 93 39 a1 2a  c2 72 f3 e7 b3 ca a0 77  |=.p..9.*.r.....w|
+000000b0  ff cf 9b 0f 2f 17 03 03  00 1d 4b e5 61 b4 4c 6b  |..../.....K.a.Lk|
+000000c0  b0 ca 5e e4 96 7b f2 18  9a c2 19 b2 be c2 39 8b  |..^..{........9.|
+000000d0  ee 88 e7 53 27 3a 8d 15  03 03 00 12 2a 21 52 fc  |...S':......*!R.|
+000000e0  3b ae 6e fb ac 9c 42 bc  1a 7d 6b 8d 84 5d        |;.n...B..}k..]|
diff --git a/testdata/Server-TLSv12-ExportKeyingMaterial b/testdata/Server-TLSv12-ExportKeyingMaterial
index ff8d6356..a670f05d 100644
--- a/testdata/Server-TLSv12-ExportKeyingMaterial
+++ b/testdata/Server-TLSv12-ExportKeyingMaterial
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 89 01 00 00  85 03 03 ad 13 87 9e b3  |................|
-00000010  c7 71 bb bf be e3 b9 80  3f 17 bf 41 37 95 22 e6  |.q......?..A7.".|
-00000020  f2 98 a9 15 62 1d 65 06  69 ea 53 00 00 04 c0 14  |....b.e.i.S.....|
+00000000  16 03 01 00 89 01 00 00  85 03 03 ba bc af a2 f7  |................|
+00000010  a2 a0 19 81 f0 3b c0 76  56 10 e6 95 ce ab 89 82  |.....;.vV.......|
+00000020  d5 27 b3 78 69 f2 d3 5b  2d 97 77 00 00 04 c0 14  |.'.xi..[-.w.....|
 00000030  00 ff 01 00 00 58 00 0b  00 04 03 00 01 02 00 0a  |.....X..........|
 00000040  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 23  |...............#|
 00000050  00 00 00 16 00 00 00 17  00 00 00 0d 00 30 00 2e  |.............0..|
@@ -54,43 +54,43 @@
 000002a0  fa e7 16 03 03 00 ac 0c  00 00 a8 03 00 1d 20 2f  |.............. /|
 000002b0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000002c0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 08  |.........._X.;t.|
-000002d0  04 00 80 41 24 c2 f9 e8  40 21 47 3c ab 8e 99 5e  |...A$...@!G<...^|
-000002e0  0e 08 27 86 6c 29 ae 36  ed 21 18 23 67 cc f7 d5  |..'.l).6.!.#g...|
-000002f0  3f e2 2c 48 2f 3d 47 e5  af d5 61 86 0f 91 69 30  |?.,H/=G...a...i0|
-00000300  cf 84 56 f2 d3 c1 9a a3  a1 a2 c8 ef 4d 33 de 12  |..V.........M3..|
-00000310  d6 46 55 5b c6 6a 65 a5  36 b5 51 5b db 04 25 aa  |.FU[.je.6.Q[..%.|
-00000320  1c af a0 b0 2d ee db 00  c5 ad 1b 94 d3 90 11 86  |....-...........|
-00000330  10 83 35 41 65 9e a4 2c  a9 ee 37 ac d4 cc 05 76  |..5Ae..,..7....v|
-00000340  92 59 f9 51 68 79 6d 9e  5f eb 80 47 3a 7c e0 74  |.Y.Qhym._..G:|.t|
-00000350  ac f5 36 16 03 03 00 04  0e 00 00 00              |..6.........|
+000002d0  04 00 80 59 86 4b 13 6a  34 c5 bd 82 a9 ae d8 bf  |...Y.K.j4.......|
+000002e0  7b 9b f2 c2 0a aa 81 99  25 d8 14 68 32 49 00 ab  |{.......%..h2I..|
+000002f0  b0 18 4e 05 50 31 0e 25  f3 db 5f 93 45 13 a4 3e  |..N.P1.%.._.E..>|
+00000300  38 76 a1 0d d8 87 0f 85  81 0c af cb cd e8 43 cd  |8v............C.|
+00000310  67 01 f2 15 e0 7e 11 44  2a 8d ba 12 33 94 01 c9  |g....~.D*...3...|
+00000320  81 bd 99 0d 9f 84 04 a0  7c 0f 24 dd 79 34 53 ba  |........|.$.y4S.|
+00000330  fa ae 32 16 0c 30 6c f0  76 5d 75 c1 ba d9 35 86  |..2..0l.v]u...5.|
+00000340  b0 94 2f 1f 35 7f 1c 1f  92 10 c5 88 55 cc 2c 5b  |../.5.......U.,[|
+00000350  89 b3 58 16 03 03 00 04  0e 00 00 00              |..X.........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 d2 ed 26 ce 1f 5d  |....%...! ..&..]|
-00000010  50 b8 f4 19 fc 63 e2 b6  3d 7d 39 54 c2 c1 61 a9  |P....c..=}9T..a.|
-00000020  2a 82 d8 e3 a9 2f 22 8c  b2 18 14 03 03 00 01 01  |*..../".........|
-00000030  16 03 03 00 40 82 78 f0  1e e6 03 20 67 66 4e d6  |....@.x.... gfN.|
-00000040  93 25 69 9e 38 c6 dd 17  92 02 18 7f 5f 9c 9c f0  |.%i.8......._...|
-00000050  a3 f7 45 d3 ba 82 e3 01  38 e5 4f cf 8b 0e 77 6e  |..E.....8.O...wn|
-00000060  91 99 83 e0 f1 3d e8 a1  39 d4 ea b3 2e 1c 67 59  |.....=..9.....gY|
-00000070  c5 5d 83 30 dc                                    |.].0.|
+00000000  16 03 03 00 25 10 00 00  21 20 7b e4 41 19 92 fc  |....%...! {.A...|
+00000010  73 0d 4b 88 2d bd e2 a1  f3 6a ad 5b 8c 10 9b 9e  |s.K.-....j.[....|
+00000020  46 7a c0 81 96 03 0b 4c  03 7d 14 03 03 00 01 01  |Fz.....L.}......|
+00000030  16 03 03 00 40 e5 e4 11  bd 7c 54 b8 be 80 44 82  |....@....|T...D.|
+00000040  03 22 51 7f f5 de 92 20  7d 34 b0 9a 7b 17 ce 12  |."Q.... }4..{...|
+00000050  b4 75 44 9b 37 b1 cd 1f  0c f8 86 4c 75 d9 1e 75  |.uD.7......Lu..u|
+00000060  d3 7e bf 6e 3e 9d be 3b  c1 47 11 6d f1 09 10 2e  |.~.n>..;.G.m....|
+00000070  d0 0d cd 1f 26                                    |....&|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 03 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6f 2d 70 97 51 ed 14 ef  68 ca 42 c5 4c ff 6b a2  |o-p.Q...h.B.L.k.|
-00000030  3e f9 07 a9 91 ad 0d c7  23 bd 7f 04 cf 4d a0 eb  |>.......#....M..|
-00000040  58 e0 e1 37 73 d3 cc 4b  e2 7f 6d 3a 2e 47 b5 b4  |X..7s..K..m:.G..|
-00000050  60 dd e6 9a ea 30 1e 6e  7a e7 8e 84 ca 49 38 16  |`....0.nz....I8.|
-00000060  7e 51 5c e5 15 c0 58 7d  a2 ba e2 ca 90 24 11 ea  |~Q\...X}.....$..|
-00000070  53 9c 7d cb 47 13 91 cf  f6 05 f0 2f db 57 1a 40  |S.}.G....../.W.@|
-00000080  57 b0 d4 97 8e 23 7e f5  14 03 03 00 01 01 16 03  |W....#~.........|
-00000090  03 00 40 00 00 00 00 00  00 00 00 00 00 00 00 00  |..@.............|
-000000a0  00 00 00 72 43 0e f2 f3  bb e8 6d 3b f2 ff 96 53  |...rC.....m;...S|
-000000b0  12 36 07 e0 f0 17 35 e7  52 87 a3 12 7b 53 d4 83  |.6....5.R...{S..|
-000000c0  cc d2 d3 06 4b e2 3a fc  38 4f a7 75 d8 3c 6a a4  |....K.:.8O.u.<j.|
-000000d0  b7 5f e8 17 03 03 00 40  00 00 00 00 00 00 00 00  |._.....@........|
-000000e0  00 00 00 00 00 00 00 00  7d b5 ce 35 23 2a ba 64  |........}..5#*.d|
-000000f0  0d 4e cc 9d 53 37 84 1d  6d c5 b0 ae a6 64 76 82  |.N..S7..m....dv.|
-00000100  4d 80 97 1e 16 5f 0a 85  72 be 27 41 a3 e0 45 35  |M...._..r.'A..E5|
-00000110  6e d4 c0 41 e5 99 8c 19  15 03 03 00 30 00 00 00  |n..A........0...|
-00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 c9 f3 4e  |...............N|
-00000130  91 b6 c2 c0 a5 cf 21 6b  ed 58 d9 cf 9c 9b ff 0a  |......!k.X......|
-00000140  6c 62 73 de f8 c3 39 22  2e d3 c6 45 9d           |lbs...9"...E.|
+00000020  6f 2d 70 97 51 ed 14 ef  68 ca 42 c5 4c e2 2f 01  |o-p.Q...h.B.L./.|
+00000030  02 b4 98 0b ab 81 e1 03  a3 a3 58 3e ea 75 9a 4c  |..........X>.u.L|
+00000040  72 93 e7 50 f9 17 7b 90  0d 70 e7 b8 5c 7b 93 81  |r..P..{..p..\{..|
+00000050  66 e1 64 b0 a9 25 34 84  bc 49 42 f5 13 49 38 16  |f.d..%4..IB..I8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 07 da 2f 56 e0 05 62  |~Q\...X}R../V..b|
+00000070  16 1e 0c 62 76 cc b5 ff  25 a1 c3 2e 1f 28 71 29  |...bv...%....(q)|
+00000080  9c d0 c1 0a 05 dd 22 57  7a 19 14 03 03 00 01 01  |......"Wz.......|
+00000090  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
+000000a0  00 00 00 00 00 9a 9d 01  bc db e5 21 c2 d2 f8 d8  |...........!....|
+000000b0  b8 c1 86 87 fc b6 79 df  69 be d2 97 cd 69 76 9d  |......y.i....iv.|
+000000c0  04 95 7f d4 e8 c7 78 52  c0 d1 ac bc 55 08 57 a7  |......xR....U.W.|
+000000d0  9c 28 d4 7b df 17 03 03  00 40 00 00 00 00 00 00  |.(.{.....@......|
+000000e0  00 00 00 00 00 00 00 00  00 00 81 f0 80 62 50 04  |.............bP.|
+000000f0  7f 86 ee f1 73 46 b0 c3  c1 0d 92 ab dd 4f b9 2a  |....sF.......O.*|
+00000100  58 4f 17 9f be 60 ff 8b  1a d6 e3 94 aa dc 8b 60  |XO...`.........`|
+00000110  d8 2b 4c c8 5a 69 18 74  65 49 15 03 03 00 30 00  |.+L.Zi.teI....0.|
+00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 18  |................|
+00000130  36 4f 05 fe ab 47 92 6e  48 42 4f 06 c4 f3 e1 70  |6O...G.nHBO....p|
+00000140  c6 66 00 1d aa 84 6b 2b  d4 23 37 c9 42 fb 6d     |.f....k+.#7.B.m|
diff --git a/testdata/Server-TLSv12-IssueTicket b/testdata/Server-TLSv12-IssueTicket
index ee293586..b05669d0 100644
--- a/testdata/Server-TLSv12-IssueTicket
+++ b/testdata/Server-TLSv12-IssueTicket
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 71 01 00 00  6d 03 03 bf f8 80 5d 1b  |....q...m.....].|
-00000010  ea 95 cb 32 3b 8f ff 5e  f9 4d 58 7d dc a4 50 cc  |...2;..^.MX}..P.|
-00000020  68 4d 40 98 11 af f3 e4  d7 31 43 00 00 04 00 2f  |hM@......1C..../|
+00000000  16 03 01 00 71 01 00 00  6d 03 03 ae 71 d4 07 74  |....q...m...q..t|
+00000010  03 93 b0 1f 88 72 ef d2  54 61 44 34 5f 3f ea 16  |.....r..TaD4_?..|
+00000020  32 41 11 a9 00 9b 59 ba  50 a8 ab 00 00 04 00 2f  |2A....Y.P....../|
 00000030  00 ff 01 00 00 40 00 23  00 00 00 16 00 00 00 17  |.....@.#........|
 00000040  00 00 00 0d 00 30 00 2e  04 03 05 03 06 03 08 07  |.....0..........|
 00000050  08 08 08 09 08 0a 08 0b  08 04 08 05 08 06 04 01  |................|
@@ -52,39 +52,39 @@
 00000290  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
 000002a0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 35 d7 dd 48 68  |...........5..Hh|
-00000010  17 8c 9b 02 75 0c 6b 76  17 0a e1 f8 06 c0 d7 1d  |....u.kv........|
-00000020  bf a5 97 d2 59 0f c9 90  4a f0 6f 40 dc e7 30 c4  |....Y...J.o@..0.|
-00000030  75 ab 74 9c 32 48 a4 84  3c 40 a0 bd 03 aa 09 2b  |u.t.2H..<@.....+|
-00000040  b2 4c 80 82 17 b8 3d 27  16 9a b7 90 66 f2 10 4e  |.L....='....f..N|
-00000050  41 7e 78 24 de 27 91 f9  e9 bc bf 15 3a 35 1b ae  |A~x$.'......:5..|
-00000060  28 9e e1 09 f0 7a 4d 66  7e de d1 43 bf f5 e4 09  |(....zMf~..C....|
-00000070  a7 21 cb 0e 1d 59 6d a0  a6 41 44 58 f4 ab ac 6a  |.!...Ym..ADX...j|
-00000080  98 db 25 e3 57 ee 94 87  85 51 ea 14 03 03 00 01  |..%.W....Q......|
-00000090  01 16 03 03 00 40 c9 64  79 e7 15 1d 30 15 95 89  |.....@.dy...0...|
-000000a0  b1 9b 12 42 69 4b 22 20  54 5a aa b6 71 02 1c 3f  |...BiK" TZ..q..?|
-000000b0  7c b5 66 07 b5 1f 55 96  3f ce 47 1f 66 52 d8 6b  ||.f...U.?.G.fR.k|
-000000c0  65 71 c0 4e 0b 7e 55 e0  f5 af 42 29 af 2b 1d 0e  |eq.N.~U...B).+..|
-000000d0  e6 96 cd 7b fc d3                                 |...{..|
+00000000  16 03 03 00 86 10 00 00  82 00 80 1a 4a c4 37 68  |............J.7h|
+00000010  6a c0 28 f1 ea ea 14 20  fe c3 b6 61 28 67 75 7b  |j.(.... ...a(gu{|
+00000020  74 e0 6b ab 2c dd c8 13  0a be d6 71 a1 13 96 5a  |t.k.,......q...Z|
+00000030  bf 89 2e 6e 6a 61 24 ca  d4 88 3f f8 20 ed 20 1f  |...nja$...?. . .|
+00000040  0a 9c 11 9b 96 e1 cd d8  38 42 05 be b8 6e e5 fe  |........8B...n..|
+00000050  54 c8 93 b8 56 67 01 97  a0 bc 37 33 7c 40 f7 77  |T...Vg....73|@.w|
+00000060  5d 8b 63 bc 3f 7b e3 e9  0a b0 13 06 12 6e 8e 1c  |].c.?{.......n..|
+00000070  7c e7 ed 99 6d c3 5a 93  92 d2 4a fe fa d9 10 1c  ||...m.Z...J.....|
+00000080  76 e2 9e d7 d4 cd c7 b9  7a 40 54 14 03 03 00 01  |v.......z@T.....|
+00000090  01 16 03 03 00 40 ac 11  71 60 db b6 db b9 db fb  |.....@..q`......|
+000000a0  09 20 8d 00 e9 69 25 15  f9 14 8f 08 7a 6c 8c 29  |. ...i%.....zl.)|
+000000b0  0d f4 9b d3 ca c8 c8 f3  11 0a 85 d6 c2 cc 60 a7  |..............`.|
+000000c0  8c a3 32 06 08 15 bd 84  a0 4f 17 b9 6b 9b 6a 7c  |..2......O..k.j||
+000000d0  23 9d 74 22 7f fd                                 |#.t"..|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 03 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6f 2d b0 ac 51 ed 14 ef  68 ca 42 c5 4c 85 f6 26  |o-..Q...h.B.L..&|
-00000030  0d a4 ad a8 f5 14 64 4f  b9 c3 fb 1e 55 c1 1f c7  |......dO....U...|
-00000040  31 57 72 68 db 03 37 a8  c9 07 f4 ca 62 6c 5c f3  |1Wrh..7.....bl\.|
-00000050  8b 5a 3d 76 dd 63 ea 68  61 6b a1 2d 95 49 38 16  |.Z=v.c.hak.-.I8.|
-00000060  7e 51 5c e5 15 c0 58 7d  c5 67 4a 6f 64 b6 79 1a  |~Q\...X}.gJod.y.|
-00000070  41 9b b1 33 15 38 74 92  5c a5 48 c3 f2 94 bb 33  |A..3.8t.\.H....3|
-00000080  ec af cf d7 e7 c9 3e 35  14 03 03 00 01 01 16 03  |......>5........|
-00000090  03 00 40 00 00 00 00 00  00 00 00 00 00 00 00 00  |..@.............|
-000000a0  00 00 00 19 51 7c 1c a3  80 34 e1 81 30 3f f9 a4  |....Q|...4..0?..|
-000000b0  a0 97 97 fd 94 fb ab e8  80 48 25 7b 83 ca 38 61  |.........H%{..8a|
-000000c0  34 95 d0 52 6f 09 ad 4f  74 35 c5 3d e8 bb aa 5d  |4..Ro..Ot5.=...]|
-000000d0  d0 fc 85 17 03 03 00 40  00 00 00 00 00 00 00 00  |.......@........|
-000000e0  00 00 00 00 00 00 00 00  e7 19 f9 fd 10 7c 17 04  |.............|..|
-000000f0  2d ce 5f a6 41 33 3d 05  b0 29 91 ff a0 a5 76 52  |-._.A3=..)....vR|
-00000100  e1 b9 ba 6a ca d3 79 60  11 ac 43 b5 30 f7 15 dc  |...j..y`..C.0...|
-00000110  6f b1 d2 b2 00 85 43 40  15 03 03 00 30 00 00 00  |o.....C@....0...|
-00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 19 99 8a  |................|
-00000130  4c 18 e0 03 cc 27 7a be  2c e5 d2 16 95 f6 a4 6e  |L....'z.,......n|
-00000140  11 d3 1d f4 01 52 2b fc  98 04 b1 0b 31           |.....R+.....1|
+00000020  6f 2d b0 ac 51 ed 14 ef  68 ca 42 c5 4c 52 2e 96  |o-..Q...h.B.LR..|
+00000030  6b e5 cc b4 0c ee 82 5b  c1 57 52 8e dd 26 c8 58  |k......[.WR..&.X|
+00000040  27 01 5f ec 58 a0 5c ad  74 e8 82 b7 ab 86 71 25  |'._.X.\.t.....q%|
+00000050  aa ed ec ef 69 5f 7e 1d  f2 58 30 13 75 49 38 16  |....i_~..X0.uI8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 1a 43 47 27 99 9d 0f  |~Q\...X}R.CG'...|
+00000070  e0 4c f4 3b e0 b0 76 ae  e6 5d a4 a0 34 38 8b b0  |.L.;..v..]..48..|
+00000080  3a ba 26 90 a3 dd c2 dc  26 98 14 03 03 00 01 01  |:.&.....&.......|
+00000090  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
+000000a0  00 00 00 00 00 55 e7 9a  32 83 32 d1 01 6e 0e 5a  |.....U..2.2..n.Z|
+000000b0  dd 72 c5 f9 90 24 6b da  73 d9 ed 39 b8 d5 f6 93  |.r...$k.s..9....|
+000000c0  e0 f0 3e 20 db d0 0c 8a  b0 10 78 1e 08 fb 47 44  |..> ......x...GD|
+000000d0  27 74 30 c4 73 17 03 03  00 40 00 00 00 00 00 00  |'t0.s....@......|
+000000e0  00 00 00 00 00 00 00 00  00 00 0a ae 7e 4e c4 37  |............~N.7|
+000000f0  65 b9 bf 66 a5 c5 5d a2  bc 76 7a db c9 cd 0b 85  |e..f..]..vz.....|
+00000100  de 86 e4 94 2c f2 87 1f  7a 4b 31 b7 4d 77 18 8a  |....,...zK1.Mw..|
+00000110  6d 5e af d0 eb 87 bf d9  c5 e3 15 03 03 00 30 00  |m^............0.|
+00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 9f  |................|
+00000130  8a 39 93 10 94 78 d1 dc  81 07 b6 1a 1a c3 96 c1  |.9...x..........|
+00000140  28 d3 30 eb 3d 1a d3 d6  d8 3a d2 33 ec ed 6c     |(.0.=....:.3..l|
diff --git a/testdata/Server-TLSv12-IssueTicketPreDisable b/testdata/Server-TLSv12-IssueTicketPreDisable
index 20ce3c3c..a86d19c3 100644
--- a/testdata/Server-TLSv12-IssueTicketPreDisable
+++ b/testdata/Server-TLSv12-IssueTicketPreDisable
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 71 01 00 00  6d 03 03 a1 ba 69 29 39  |....q...m....i)9|
-00000010  b5 fc c7 90 90 54 35 be  5a ad 4a e2 b2 3d b9 01  |.....T5.Z.J..=..|
-00000020  f0 48 fd 77 b5 9e bc 89  f5 d4 df 00 00 04 00 2f  |.H.w.........../|
+00000000  16 03 01 00 71 01 00 00  6d 03 03 9d 49 68 d2 e5  |....q...m...Ih..|
+00000010  4a 77 05 39 fb b6 c2 e8  79 b8 cd e7 42 dd f5 29  |Jw.9....y...B..)|
+00000020  4f 24 92 27 bf 94 95 89  8a 0c 5f 00 00 04 00 2f  |O$.'......_..../|
 00000030  00 ff 01 00 00 40 00 23  00 00 00 16 00 00 00 17  |.....@.#........|
 00000040  00 00 00 0d 00 30 00 2e  04 03 05 03 06 03 08 07  |.....0..........|
 00000050  08 08 08 09 08 0a 08 0b  08 04 08 05 08 06 04 01  |................|
@@ -52,39 +52,39 @@
 00000290  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
 000002a0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 cc 4e 62 e0 bf  |............Nb..|
-00000010  21 65 dc f2 57 fb fe 6e  e4 cc de b4 1f aa af 52  |!e..W..n.......R|
-00000020  a4 e0 0e 1b fa 8b 23 4b  d9 e2 4b 62 6a 26 80 f7  |......#K..Kbj&..|
-00000030  15 82 ba 44 4a 18 b8 97  ca a1 79 4b 11 59 90 7d  |...DJ.....yK.Y.}|
-00000040  ea 89 7c f9 6b 5f 29 c7  ca 32 bf 3b 53 b2 bb bb  |..|.k_)..2.;S...|
-00000050  77 0a 5c 1f c2 d8 20 cf  59 19 4e a0 ff ef ca ca  |w.\... .Y.N.....|
-00000060  25 39 ac c7 64 b9 e8 68  09 f2 49 96 8e 49 c7 4c  |%9..d..h..I..I.L|
-00000070  cd ff 28 6f d8 0d d3 7a  ae 7a 51 9e 04 70 8a 59  |..(o...z.zQ..p.Y|
-00000080  8c 05 61 c9 2b bd e1 05  5a 12 63 14 03 03 00 01  |..a.+...Z.c.....|
-00000090  01 16 03 03 00 40 ac 30  bb 83 2f e2 a1 98 a3 c5  |.....@.0../.....|
-000000a0  9c e3 55 36 70 a0 10 fc  53 7e 2d ae f1 02 d7 04  |..U6p...S~-.....|
-000000b0  1f 4e 5d ed 33 29 99 04  54 8e 51 74 d5 2a 73 21  |.N].3)..T.Qt.*s!|
-000000c0  4f bf 8b 0c 04 b2 f2 d4  3e a7 f6 ee 8b fb 3a 0b  |O.......>.....:.|
-000000d0  86 27 7c a7 bb 32                                 |.'|..2|
+00000000  16 03 03 00 86 10 00 00  82 00 80 2b 09 f3 6c 39  |...........+..l9|
+00000010  25 51 ab 73 c9 5d e4 de  bb b3 7d 8e 40 96 df f9  |%Q.s.]....}.@...|
+00000020  28 24 82 47 21 40 2d cb  bd 7d a5 2a 89 91 7d e0  |($.G!@-..}.*..}.|
+00000030  4c 92 ca 8f 2c 2d be 93  d1 a2 00 ef 3a 4b 6b de  |L...,-......:Kk.|
+00000040  e9 ab 38 0b 19 21 35 5d  fb 06 b1 1f dd 75 db d6  |..8..!5].....u..|
+00000050  6b 16 7e 1e 32 ef 58 11  78 ef 6e 7f cc 1f cd 8e  |k.~.2.X.x.n.....|
+00000060  57 01 96 eb 06 bf 09 10  99 ed 3c 35 94 9f 03 66  |W.........<5...f|
+00000070  a4 e1 96 22 eb f5 cd 28  1f 4e 2c b9 2c 48 29 bf  |..."...(.N,.,H).|
+00000080  b3 43 c1 b9 f0 aa 2b 29  47 a4 38 14 03 03 00 01  |.C....+)G.8.....|
+00000090  01 16 03 03 00 40 75 ac  e5 40 a2 19 82 90 ef 25  |.....@u..@.....%|
+000000a0  9c 3b c2 95 fb 58 b9 c8  72 2c b3 94 d5 23 e9 f6  |.;...X..r,...#..|
+000000b0  0d 03 2e 24 54 73 c3 5b  0d 84 2d 5b 12 f6 f9 5a  |...$Ts.[..-[...Z|
+000000c0  59 6d ea 80 5e b6 ab 34  5f 57 98 fb 2c c8 e2 d0  |Ym..^..4_W..,...|
+000000d0  3e fb 32 4c b1 93                                 |>.2L..|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 83 04 00 00  7f 00 00 00 00 00 79 00  |..............y.|
+00000000  16 03 03 00 85 04 00 00  81 00 00 00 00 00 7b 00  |..............{.|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000020  6f 2d b0 ac 51 ed 14 ef  68 ca 42 c5 4c fa 53 68  |o-..Q...h.B.L.Sh|
-00000030  d9 20 e9 d9 c1 9c 90 3b  f2 e6 57 af 04 e5 db 6b  |. .....;..W....k|
-00000040  36 0b b5 b8 e2 a5 a4 bf  52 31 80 32 b9 da d9 32  |6.......R1.2...2|
-00000050  36 e7 31 d3 22 78 12 ae  7a 80 ac fa 6d 49 38 16  |6.1."x..z...mI8.|
-00000060  7e 51 5c e5 15 c0 58 7d  d6 77 d5 17 1b d9 a8 74  |~Q\...X}.w.....t|
-00000070  be 93 25 54 84 a7 1a 93  1f 20 a4 49 eb 26 e7 8e  |..%T..... .I.&..|
-00000080  d3 0f cf 9c 75 cc 6f 36  14 03 03 00 01 01 16 03  |....u.o6........|
-00000090  03 00 40 00 00 00 00 00  00 00 00 00 00 00 00 00  |..@.............|
-000000a0  00 00 00 eb f1 52 79 ff  b8 6c 9c 23 f3 22 bc 96  |.....Ry..l.#."..|
-000000b0  2a bc e7 73 05 32 4b 2e  e4 5e 31 97 62 86 cc 12  |*..s.2K..^1.b...|
-000000c0  ae 22 77 92 37 5d 82 41  57 48 aa f4 0a f3 94 30  |."w.7].AWH.....0|
-000000d0  5d 06 7b 17 03 03 00 40  00 00 00 00 00 00 00 00  |].{....@........|
-000000e0  00 00 00 00 00 00 00 00  8f 8d a7 06 a7 d6 52 5a  |..............RZ|
-000000f0  b9 66 5e ef e3 8d 1d 91  d0 6d 30 29 92 4e 6a 81  |.f^......m0).Nj.|
-00000100  f4 77 97 06 de a8 c8 d1  4c 6b 15 07 1f 9b 59 6d  |.w......Lk....Ym|
-00000110  cb 4f 23 20 58 aa 22 21  15 03 03 00 30 00 00 00  |.O# X."!....0...|
-00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 06 55 3d  |..............U=|
-00000130  42 f5 12 b2 66 aa af 00  91 5e b8 31 ae 19 0e 35  |B...f....^.1...5|
-00000140  a2 d7 a6 e7 0c 3c 2b 95  62 69 d7 a0 81           |.....<+.bi...|
+00000020  6f 2d b0 ac 51 ed 14 ef  68 ca 42 c5 4c ba fa 12  |o-..Q...h.B.L...|
+00000030  47 15 bc 82 f4 35 e2 0f  0f 2b d3 02 30 a7 c3 bb  |G....5...+..0...|
+00000040  48 06 b7 80 c5 21 70 95  bf fd e5 fa d8 aa ee 9c  |H....!p.........|
+00000050  d6 10 79 3b f9 e6 9e 21  21 bd e9 50 ba 49 38 16  |..y;...!!..P.I8.|
+00000060  7e 51 5c e5 15 c0 58 7d  52 1a 2e ee ae e1 df 6c  |~Q\...X}R......l|
+00000070  d2 82 e8 11 4b d9 3a b4  ed 46 56 6a 8e cd 4b 70  |....K.:..FVj..Kp|
+00000080  37 5c 82 fc ef d7 ff 38  65 e6 14 03 03 00 01 01  |7\.....8e.......|
+00000090  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
+000000a0  00 00 00 00 00 8a 27 b1  df e3 23 8d 5e a8 06 e0  |......'...#.^...|
+000000b0  3b 70 3a 8a f2 36 09 e5  0b 91 03 0c ab c7 6b 2c  |;p:..6........k,|
+000000c0  ee 8d fd b3 d1 3b 0b d6  08 45 af 26 40 ad c7 fd  |.....;...E.&@...|
+000000d0  8f fa fa f6 c0 17 03 03  00 40 00 00 00 00 00 00  |.........@......|
+000000e0  00 00 00 00 00 00 00 00  00 00 c0 62 b3 b3 3d 17  |...........b..=.|
+000000f0  5d 7f a6 7d 7b eb ea 35  f5 46 3c 69 94 a0 37 ca  |]..}{..5.F<i..7.|
+00000100  e1 68 4b e9 aa ba f9 dd  bc 2d b7 a4 8f 3f 9f 34  |.hK......-...?.4|
+00000110  8b c9 0f a9 02 6f c3 23  18 1e 15 03 03 00 30 00  |.....o.#......0.|
+00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 9b  |................|
+00000130  4c 82 81 0a 30 16 5b d6  cb cb 76 9d c4 5d 2e ad  |L...0.[...v..]..|
+00000140  48 67 b0 0f f1 27 24 47  eb 61 65 61 fc f1 aa     |Hg...'$G.aea...|
diff --git a/testdata/Server-TLSv12-Resume b/testdata/Server-TLSv12-Resume
index cd0a1240..2aac24b1 100644
--- a/testdata/Server-TLSv12-Resume
+++ b/testdata/Server-TLSv12-Resume
@@ -1,54 +1,55 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 0a 01 00 01  06 03 03 2d b6 ca ea 39  |...........-...9|
-00000010  59 17 86 df 90 2f 73 e0  a0 5c 6e 28 09 78 69 d6  |Y..../s..\n(.xi.|
-00000020  30 06 b7 7b 17 a9 79 30  2a d8 57 20 c5 5c ed 86  |0..{..y0*.W .\..|
-00000030  15 f4 3b c8 d2 5f 7a 80  2a 6a cd 40 c2 da 6f a8  |..;.._z.*j.@..o.|
-00000040  cd d7 e7 bf 48 bd fb a1  e9 4b 9b a9 00 04 00 2f  |....H....K...../|
-00000050  00 ff 01 00 00 b9 00 23  00 79 00 00 00 00 00 00  |.......#.y......|
+00000000  16 03 01 01 0c 01 00 01  08 03 03 a6 8e 75 2d a5  |.............u-.|
+00000010  52 ef 15 c3 e3 42 53 88  55 21 76 a9 8c 44 e8 df  |R....BS.U!v..D..|
+00000020  f4 1c 40 08 1a 35 46 4b  6d 4f ff 20 e3 91 5e 82  |..@..5FKmO. ..^.|
+00000030  58 5e 5a 37 a7 16 d8 fe  96 0e 2c 45 13 ac 4f 30  |X^Z7......,E..O0|
+00000040  96 a3 17 a2 16 49 00 d6  8e b6 6a 4d 00 04 00 2f  |.....I....jM.../|
+00000050  00 ff 01 00 00 bb 00 23  00 7b 00 00 00 00 00 00  |.......#.{......|
 00000060  00 00 00 00 00 00 00 00  00 00 94 6f 2d b0 ac 51  |...........o-..Q|
-00000070  ed 14 ef 68 ca 42 c5 4c  85 f6 26 0d a4 ad a8 f5  |...h.B.L..&.....|
-00000080  14 64 4f b9 c3 fb 1e 55  c1 1f c7 31 57 72 68 db  |.dO....U...1Wrh.|
-00000090  03 37 a8 c9 07 f4 ca 62  6c 5c f3 8b 5a 3d 76 dd  |.7.....bl\..Z=v.|
-000000a0  63 ea 68 61 6b a1 2d 95  49 38 16 7e 51 5c e5 15  |c.hak.-.I8.~Q\..|
-000000b0  c0 58 7d c5 67 4a 6f 64  b6 79 1a 41 9b b1 33 15  |.X}.gJod.y.A..3.|
-000000c0  38 74 92 5c a5 48 c3 f2  94 bb 33 ec af cf d7 e7  |8t.\.H....3.....|
-000000d0  c9 3e 35 00 16 00 00 00  17 00 00 00 0d 00 30 00  |.>5...........0.|
-000000e0  2e 04 03 05 03 06 03 08  07 08 08 08 09 08 0a 08  |................|
-000000f0  0b 08 04 08 05 08 06 04  01 05 01 06 01 03 03 02  |................|
-00000100  03 03 01 02 01 03 02 02  02 04 02 05 02 06 02     |...............|
+00000070  ed 14 ef 68 ca 42 c5 4c  52 2e 96 6b e5 cc b4 0c  |...h.B.LR..k....|
+00000080  ee 82 5b c1 57 52 8e dd  26 c8 58 27 01 5f ec 58  |..[.WR..&.X'._.X|
+00000090  a0 5c ad 74 e8 82 b7 ab  86 71 25 aa ed ec ef 69  |.\.t.....q%....i|
+000000a0  5f 7e 1d f2 58 30 13 75  49 38 16 7e 51 5c e5 15  |_~..X0.uI8.~Q\..|
+000000b0  c0 58 7d 52 1a 43 47 27  99 9d 0f e0 4c f4 3b e0  |.X}R.CG'....L.;.|
+000000c0  b0 76 ae e6 5d a4 a0 34  38 8b b0 3a ba 26 90 a3  |.v..]..48..:.&..|
+000000d0  dd c2 dc 26 98 00 16 00  00 00 17 00 00 00 0d 00  |...&............|
+000000e0  30 00 2e 04 03 05 03 06  03 08 07 08 08 08 09 08  |0...............|
+000000f0  0a 08 0b 08 04 08 05 08  06 04 01 05 01 06 01 03  |................|
+00000100  03 02 03 03 01 02 01 03  02 02 02 04 02 05 02 06  |................|
+00000110  02                                                |.|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 59 02 00 00  55 03 03 00 00 00 00 00  |....Y...U.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 44 4f 57 4e 47  52 44 01 20 c5 5c ed 86  |...DOWNGRD. .\..|
-00000030  15 f4 3b c8 d2 5f 7a 80  2a 6a cd 40 c2 da 6f a8  |..;.._z.*j.@..o.|
-00000040  cd d7 e7 bf 48 bd fb a1  e9 4b 9b a9 00 2f 00 00  |....H....K.../..|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 20 e3 91 5e 82  |...DOWNGRD. ..^.|
+00000030  58 5e 5a 37 a7 16 d8 fe  96 0e 2c 45 13 ac 4f 30  |X^Z7......,E..O0|
+00000040  96 a3 17 a2 16 49 00 d6  8e b6 6a 4d 00 2f 00 00  |.....I....jM./..|
 00000050  0d 00 23 00 00 ff 01 00  01 00 00 17 00 00 16 03  |..#.............|
-00000060  03 00 83 04 00 00 7f 00  00 00 00 00 79 00 00 00  |............y...|
+00000060  03 00 85 04 00 00 81 00  00 00 00 00 7b 00 00 00  |............{...|
 00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 94 6f 2d  |..............o-|
-00000080  b0 ac 51 ed 14 ef 68 ca  42 c5 4c 85 f6 26 0d a4  |..Q...h.B.L..&..|
-00000090  ad a8 f5 14 64 4f b9 c3  fb 1e 55 c1 1f c7 31 57  |....dO....U...1W|
-000000a0  72 68 db 03 37 a8 c9 07  f4 ca 62 6c 5c f3 8b 5a  |rh..7.....bl\..Z|
-000000b0  3d 76 dd 63 ea 68 61 6b  a1 2d 95 49 38 16 7e 51  |=v.c.hak.-.I8.~Q|
-000000c0  5c e5 15 c0 58 7d c5 67  4a 6f 64 b6 79 1a 41 9b  |\...X}.gJod.y.A.|
-000000d0  b1 33 15 38 74 92 5c a5  48 c3 f2 94 bb 33 ec af  |.3.8t.\.H....3..|
-000000e0  cf d7 e7 c9 3e 35 14 03  03 00 01 01 16 03 03 00  |....>5..........|
-000000f0  40 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
-00000100  00 47 68 3a 66 5b d6 ed  b7 60 a9 fb e8 37 d6 9d  |.Gh:f[...`...7..|
-00000110  a6 b9 4d d5 f3 9f 0f c6  3c 21 6e d5 80 08 a8 34  |..M.....<!n....4|
-00000120  34 da a3 1f b0 20 28 e4  2f 2b 6b c6 3e dc ac 6b  |4.... (./+k.>..k|
-00000130  40                                                |@|
+00000080  b0 ac 51 ed 14 ef 68 ca  42 c5 4c 52 2e 96 6b e5  |..Q...h.B.LR..k.|
+00000090  cc b4 0c ee 82 5b c1 57  52 8e dd 26 c8 58 27 01  |.....[.WR..&.X'.|
+000000a0  5f ec 58 a0 5c ad 74 e8  82 b7 ab 86 71 25 aa ed  |_.X.\.t.....q%..|
+000000b0  ec ef 69 5f 7e 1d f2 58  30 13 75 49 38 16 7e 51  |..i_~..X0.uI8.~Q|
+000000c0  5c e5 15 c0 58 7d 52 1a  43 47 27 99 9d 0f e0 4c  |\...X}R.CG'....L|
+000000d0  f4 3b e0 b0 76 ae e6 5d  a4 a0 34 38 8b b0 3a ba  |.;..v..]..48..:.|
+000000e0  26 90 a3 dd c2 dc 26 98  14 03 03 00 01 01 16 03  |&.....&.........|
+000000f0  03 00 40 00 00 00 00 00  00 00 00 00 00 00 00 00  |..@.............|
+00000100  00 00 00 fb 6c 2b 7d a1  a6 a1 aa 6f 38 3f e2 8a  |....l+}....o8?..|
+00000110  09 da 48 94 ce 2a 70 70  8c d3 5d bd 8c e5 74 fc  |..H..*pp..]...t.|
+00000120  91 05 dc 9e f1 2d a6 db  3c d6 06 50 b7 9d 4d 8b  |.....-..<..P..M.|
+00000130  b7 d4 06                                          |...|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 16 03  03 00 40 46 34 b3 97 54  |..........@F4..T|
-00000010  20 5b 95 f3 22 f8 a1 89  c8 95 93 ba 7b a4 a8 8f  | [..".......{...|
-00000020  46 a8 d6 c1 b3 ac f0 e0  49 3d 8d e4 1c ac b8 a4  |F.......I=......|
-00000030  01 21 5e d8 f0 f5 10 10  f7 de 8b 33 9d 94 cf f6  |.!^........3....|
-00000040  f2 9b 39 22 5c e6 c0 5e  b4 1d cd                 |..9"\..^...|
+00000000  14 03 03 00 01 01 16 03  03 00 40 b0 47 45 3b 24  |..........@.GE;$|
+00000010  ae 4b 98 d6 cc 37 28 ab  3b ea 7e 6b bc 1f ed a5  |.K...7(.;.~k....|
+00000020  bb 67 e2 5e 72 bf d5 28  90 dc 1b 98 87 2c 49 c6  |.g.^r..(.....,I.|
+00000030  90 73 45 3f 1b 8c a2 c5  50 84 48 09 41 e1 ea 52  |.sE?....P.H.A..R|
+00000040  9e 17 ad 8f d6 cd cd 16  7a 90 64                 |........z.d|
 >>> Flow 4 (server to client)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 5c bc 45  06 2e d3 7b 30 99 a6 af  |.....\.E...{0...|
-00000020  64 0e 63 93 73 6f 0a e7  a4 1d ac 94 25 11 a5 63  |d.c.so......%..c|
-00000030  8d b2 44 aa 98 44 f8 b5  51 ea 2c fb 26 99 f6 a4  |..D..D..Q.,.&...|
-00000040  2c f8 15 c3 90 15 03 03  00 30 00 00 00 00 00 00  |,........0......|
-00000050  00 00 00 00 00 00 00 00  00 00 c6 58 8e 7c 97 de  |...........X.|..|
-00000060  3b b8 39 cd 7b 1d 67 77  27 da 93 39 52 a7 81 9b  |;.9.{.gw'..9R...|
-00000070  ab 5a bc e9 00 1a 64 3a  ca f5                    |.Z....d:..|
+00000010  00 00 00 00 00 a6 e7 61  5a 2b 01 ce 94 48 d2 09  |.......aZ+...H..|
+00000020  13 a5 90 a8 58 47 8d fd  ab 69 85 fa 42 00 3d 99  |....XG...i..B.=.|
+00000030  d1 fd 16 88 0b 2a 43 92  54 e7 55 2e dd 70 86 e1  |.....*C.T.U..p..|
+00000040  f1 c5 5c c8 1e 15 03 03  00 30 00 00 00 00 00 00  |..\......0......|
+00000050  00 00 00 00 00 00 00 00  00 00 ba 42 cf 74 9f 00  |...........B.t..|
+00000060  4a 76 d5 cf 48 23 ed 4a  42 62 be 1a 35 d2 8c d2  |Jv..H#.JBb..5...|
+00000070  ee 86 2f 3a f5 4d 96 64  f7 b8                    |../:.M.d..|
diff --git a/ticket.go b/ticket.go
index 06aec5aa..dbbcef76 100644
--- a/ticket.go
+++ b/ticket.go
@@ -44,20 +44,21 @@ type SessionState struct {
 	//           case 0: Empty;
 	//           case 1: opaque alpn<1..2^8-1>;
 	//       };
-	//       select (SessionState.type) {
-	//           case server: Empty;
-	//           case client: struct {
-	//               select (SessionState.version) {
-	//                   case VersionTLS10..VersionTLS12: Empty;
-	//                   case VersionTLS13: struct {
-	//                       uint64 use_by;
-	//                       uint32 age_add;
-	//                   };
+	//       select (SessionState.version) {
+	//           case VersionTLS10..VersionTLS12: uint16 curve_id;
+	//           case VersionTLS13: select (SessionState.type) {
+	//               case server: Empty;
+	//               case client: struct {
+	//                   uint64 use_by;
+	//                   uint32 age_add;
 	//               };
 	//           };
 	//       };
 	//   } SessionState;
 	//
+	// The format can be extended backwards-compatibly by adding new fields at
+	// the end. Otherwise, a new SessionStateType must be used, as different Go
+	// versions may share the same session ticket encryption key.
 
 	// Extra is ignored by crypto/tls, but is encoded by [SessionState.Bytes]
 	// and parsed by [ParseSessionState].
@@ -97,6 +98,9 @@ type SessionState struct {
 	useBy  uint64 // seconds since UNIX epoch
 	ageAdd uint32
 	ticket []byte
+
+	// TLS 1.0–1.2 only fields.
+	curveID CurveID
 }
 
 // Bytes encodes the session, including any private fields, so that it can be
@@ -161,11 +165,13 @@ func (s *SessionState) Bytes() ([]byte, error) {
 			b.AddBytes([]byte(s.alpnProtocol))
 		})
 	}
-	if s.isClient {
-		if s.version >= VersionTLS13 {
+	if s.version >= VersionTLS13 {
+		if s.isClient {
 			addUint64(&b, s.useBy)
 			b.AddUint32(s.ageAdd)
 		}
+	} else {
+		b.AddUint16(uint16(s.curveID))
 	}
 	return b.Bytes()
 }
@@ -187,7 +193,6 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 	var extra cryptobyte.String
 	if !s.ReadUint16(&ss.version) ||
 		!s.ReadUint8(&typ) ||
-		(typ != 1 && typ != 2) ||
 		!s.ReadUint16(&ss.cipherSuite) ||
 		!readUint64(&s, &ss.createdAt) ||
 		!readUint8LengthPrefixed(&s, &ss.secret) ||
@@ -205,6 +210,14 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 		}
 		ss.Extra = append(ss.Extra, e)
 	}
+	switch typ {
+	case 1:
+		ss.isClient = false
+	case 2:
+		ss.isClient = true
+	default:
+		return nil, errors.New("tls: unknown session encoding")
+	}
 	switch extMasterSecret {
 	case 0:
 		ss.extMasterSecret = false
@@ -229,6 +242,9 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 		ss.activeCertHandles = append(ss.activeCertHandles, c)
 		ss.peerCertificates = append(ss.peerCertificates, c.cert)
 	}
+	if ss.isClient && len(ss.peerCertificates) == 0 {
+		return nil, errors.New("tls: no server certificates in client session")
+	}
 	ss.ocspResponse = cert.OCSPStaple
 	ss.scts = cert.SignedCertificateTimestamps
 	var chainList cryptobyte.String
@@ -266,24 +282,16 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 		}
 		ss.alpnProtocol = string(alpn)
 	}
-	if isClient := typ == 2; !isClient {
-		if !s.Empty() {
-			return nil, errors.New("tls: invalid session encoding")
+	if ss.version >= VersionTLS13 {
+		if ss.isClient {
+			if !s.ReadUint64(&ss.useBy) || !s.ReadUint32(&ss.ageAdd) {
+				return nil, errors.New("tls: invalid session encoding")
+			}
 		}
-		return ss, nil
-	}
-	ss.isClient = true
-	if len(ss.peerCertificates) == 0 {
-		return nil, errors.New("tls: no server certificates in client session")
-	}
-	if ss.version < VersionTLS13 {
-		if !s.Empty() {
+	} else {
+		if !s.ReadUint16((*uint16)(&ss.curveID)) {
 			return nil, errors.New("tls: invalid session encoding")
 		}
-		return ss, nil
-	}
-	if !s.ReadUint64(&ss.useBy) || !s.ReadUint32(&ss.ageAdd) || !s.Empty() {
-		return nil, errors.New("tls: invalid session encoding")
 	}
 	return ss, nil
 }
@@ -303,6 +311,7 @@ func (c *Conn) sessionState() *SessionState {
 		isClient:          c.isClient,
 		extMasterSecret:   c.extMasterSecret,
 		verifiedChains:    c.verifiedChains,
+		curveID:           c.curveID,
 	}
 }
 
diff --git a/tls_test.go b/tls_test.go
index 76a9a222..37bc358c 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -1149,9 +1149,7 @@ func TestConnectionStateMarshal(t *testing.T) {
 }
 
 func TestConnectionState(t *testing.T) {
-	skipFIPS(t) // Test certificates not FIPS compatible.
-
-	issuer, err := x509.ParseCertificate(testRSACertificateIssuer)
+	issuer, err := x509.ParseCertificate(testRSA2048CertificateIssuer)
 	if err != nil {
 		panic(err)
 	}
@@ -1163,9 +1161,133 @@ func TestConnectionState(t *testing.T) {
 	var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")}
 	var ocsp = []byte("dummy ocsp")
 
-	for _, v := range []uint16{VersionTLS12, VersionTLS13} {
+	checkConnectionState := func(t *testing.T, cs ConnectionState, version uint16, isClient bool) {
+		if cs.Version != version {
+			t.Errorf("got Version %x, expected %x", cs.Version, version)
+		}
+
+		if !cs.HandshakeComplete {
+			t.Errorf("got HandshakeComplete %v, expected true", cs.HandshakeComplete)
+		}
+
+		if cs.DidResume {
+			t.Errorf("got DidResume %v, expected false", cs.DidResume)
+		}
+
+		if cs.CipherSuite == 0 {
+			t.Errorf("got zero CipherSuite")
+		}
+
+		if cs.CurveID == 0 {
+			t.Errorf("got zero CurveID")
+		}
+
+		if cs.NegotiatedProtocol != alpnProtocol {
+			t.Errorf("got ALPN protocol %q, expected %q", cs.NegotiatedProtocol, alpnProtocol)
+		}
+
+		if !cs.NegotiatedProtocolIsMutual {
+			t.Errorf("got NegotiatedProtocolIsMutual %v, expected true", cs.NegotiatedProtocolIsMutual)
+		}
+
+		if cs.ServerName != serverName {
+			t.Errorf("got ServerName %q, expected %q", cs.ServerName, serverName)
+		}
+
+		if len(cs.PeerCertificates) != 1 {
+			t.Errorf("got %d PeerCertificates, expected %d", len(cs.PeerCertificates), 1)
+		} else if !bytes.Equal(cs.PeerCertificates[0].Raw, testRSA2048Certificate) {
+			t.Errorf("got PeerCertificates %x, expected %x", cs.PeerCertificates[0].Raw, testRSA2048Certificate)
+		}
+
+		if len(cs.VerifiedChains) != 1 {
+			t.Errorf("got %d long verified chain, expected %d", len(cs.VerifiedChains), 1)
+		} else if len(cs.VerifiedChains[0]) != 2 {
+			t.Errorf("got %d verified chain, expected %d", len(cs.VerifiedChains[0]), 2)
+		} else if !bytes.Equal(cs.VerifiedChains[0][0].Raw, testRSA2048Certificate) {
+			t.Errorf("got verified chain[0][0] %x, expected %x", cs.VerifiedChains[0][0].Raw, testRSA2048Certificate)
+		} else if !bytes.Equal(cs.VerifiedChains[0][1].Raw, testRSA2048CertificateIssuer) {
+			t.Errorf("got verified chain[0][1] %x, expected %x", cs.VerifiedChains[0][1].Raw, testRSA2048CertificateIssuer)
+		}
+
+		// Only TLS 1.3 supports OCSP and SCTs on client certs.
+		if isClient || version == VersionTLS13 {
+			if len(cs.SignedCertificateTimestamps) != 2 {
+				t.Errorf("got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2)
+			} else if !bytes.Equal(cs.SignedCertificateTimestamps[0], scts[0]) {
+				t.Errorf("got SCTs %x, expected %x", cs.SignedCertificateTimestamps[0], scts[0])
+			} else if !bytes.Equal(cs.SignedCertificateTimestamps[1], scts[1]) {
+				t.Errorf("got SCTs %x, expected %x", cs.SignedCertificateTimestamps[1], scts[1])
+			}
+			if !bytes.Equal(cs.OCSPResponse, ocsp) {
+				t.Errorf("got OCSP %x, expected %x", cs.OCSPResponse, ocsp)
+			}
+		} else {
+			if cs.SignedCertificateTimestamps != nil {
+				t.Errorf("got %d SCTs, expected nil", len(cs.SignedCertificateTimestamps))
+			}
+			if cs.OCSPResponse != nil {
+				t.Errorf("got OCSP %x, expected nil", cs.OCSPResponse)
+			}
+		}
+
+		if version == VersionTLS13 {
+			if cs.TLSUnique != nil {
+				t.Errorf("got TLSUnique %x, expected nil", cs.TLSUnique)
+			}
+		} else {
+			if cs.TLSUnique == nil {
+				t.Errorf("got nil TLSUnique")
+			}
+		}
+	}
+
+	compareConnectionStates := func(t *testing.T, cs1, cs2 ConnectionState) {
+		if cs1.Version != cs2.Version {
+			t.Errorf("Version mismatch: %x != %x", cs1.Version, cs2.Version)
+		}
+		if cs1.HandshakeComplete != cs2.HandshakeComplete {
+			t.Errorf("HandshakeComplete mismatch: %v != %v", cs1.HandshakeComplete, cs2.HandshakeComplete)
+		}
+		// DidResume is expected to be different.
+		if cs1.CipherSuite != cs2.CipherSuite {
+			t.Errorf("CipherSuite mismatch: %x != %x", cs1.CipherSuite, cs2.CipherSuite)
+		}
+		if cs1.CurveID != cs2.CurveID {
+			t.Errorf("CurveID mismatch: %s != %s", cs1.CurveID, cs2.CurveID)
+		}
+		if cs1.NegotiatedProtocol != cs2.NegotiatedProtocol {
+			t.Errorf("NegotiatedProtocol mismatch: %q != %q", cs1.NegotiatedProtocol, cs2.NegotiatedProtocol)
+		}
+		if cs1.NegotiatedProtocolIsMutual != cs2.NegotiatedProtocolIsMutual {
+			t.Errorf("NegotiatedProtocolIsMutual mismatch: %v != %v", cs1.NegotiatedProtocolIsMutual, cs2.NegotiatedProtocolIsMutual)
+		}
+		if cs1.ServerName != cs2.ServerName {
+			t.Errorf("ServerName mismatch: %q != %q", cs1.ServerName, cs2.ServerName)
+		}
+		if !reflect.DeepEqual(cs1.PeerCertificates, cs2.PeerCertificates) {
+			t.Errorf("PeerCertificates mismatch")
+		}
+		if !reflect.DeepEqual(cs1.VerifiedChains, cs2.VerifiedChains) {
+			t.Errorf("VerifiedChains mismatch")
+		}
+		if !reflect.DeepEqual(cs1.SignedCertificateTimestamps, cs2.SignedCertificateTimestamps) {
+			t.Errorf("SignedCertificateTimestamps mismatch: %x != %x", cs1.SignedCertificateTimestamps, cs2.SignedCertificateTimestamps)
+		}
+		if !bytes.Equal(cs1.OCSPResponse, cs2.OCSPResponse) {
+			t.Errorf("OCSPResponse mismatch: %x != %x", cs1.OCSPResponse, cs2.OCSPResponse)
+		}
+		// TLSUnique is expected to be different.
+	}
+
+	for _, v := range []uint16{VersionTLS10, VersionTLS12, VersionTLS13} {
+		if !isFIPSVersion(v) && fips140tls.Required() {
+			t.Skipf("skipping test in FIPS 140-3 mode for non-FIPS version %x", v)
+		}
 		var name string
 		switch v {
+		case VersionTLS10:
+			name = "TLSv10"
 		case VersionTLS12:
 			name = "TLSv12"
 		case VersionTLS13:
@@ -1173,93 +1295,46 @@ func TestConnectionState(t *testing.T) {
 		}
 		t.Run(name, func(t *testing.T) {
 			config := &Config{
-				Time:         testTime,
-				Rand:         zeroSource{},
-				Certificates: make([]Certificate, 1),
-				MaxVersion:   v,
-				RootCAs:      rootCAs,
-				ClientCAs:    rootCAs,
-				ClientAuth:   RequireAndVerifyClientCert,
-				NextProtos:   []string{alpnProtocol},
-				ServerName:   serverName,
-			}
-			config.Certificates[0].Certificate = [][]byte{testRSACertificate}
-			config.Certificates[0].PrivateKey = testRSAPrivateKey
+				Time:               testTime,
+				Certificates:       make([]Certificate, 1),
+				MinVersion:         v,
+				MaxVersion:         v,
+				RootCAs:            rootCAs,
+				ClientCAs:          rootCAs,
+				ClientAuth:         RequireAndVerifyClientCert,
+				NextProtos:         []string{alpnProtocol},
+				ServerName:         serverName,
+				ClientSessionCache: NewLRUClientSessionCache(1),
+			}
+			config.Certificates[0].Certificate = [][]byte{testRSA2048Certificate}
+			config.Certificates[0].PrivateKey = testRSA2048PrivateKey
 			config.Certificates[0].SignedCertificateTimestamps = scts
 			config.Certificates[0].OCSPStaple = ocsp
 
 			ss, cs, err := testHandshake(t, config, config)
 			if err != nil {
-				t.Fatalf("Handshake failed: %v", err)
-			}
-
-			if ss.Version != v || cs.Version != v {
-				t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v)
-			}
-
-			if !ss.HandshakeComplete || !cs.HandshakeComplete {
-				t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete)
+				t.Fatalf("handshake failed: %v", err)
 			}
 
-			if ss.DidResume || cs.DidResume {
-				t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume)
-			}
+			t.Run("Client", func(t *testing.T) { checkConnectionState(t, cs, v, true) })
+			t.Run("Server", func(t *testing.T) { checkConnectionState(t, ss, v, false) })
 
-			if ss.CipherSuite == 0 || cs.CipherSuite == 0 {
-				t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite)
-			}
+			t.Run("Resume", func(t *testing.T) {
+				// TODO: test changing parameters between original and resumed
+				// connection when the protocol allows it.
 
-			if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol {
-				t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol)
-			}
-
-			if !cs.NegotiatedProtocolIsMutual {
-				t.Errorf("Got false NegotiatedProtocolIsMutual on the client side")
-			}
-			// NegotiatedProtocolIsMutual on the server side is unspecified.
-
-			if ss.ServerName != serverName {
-				t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName)
-			}
-			if cs.ServerName != serverName {
-				t.Errorf("Got server name on client connection %q, expected %q", cs.ServerName, serverName)
-			}
-
-			if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 {
-				t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1)
-			}
-
-			if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 {
-				t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1)
-			} else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 {
-				t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2)
-			}
-
-			if len(cs.SignedCertificateTimestamps) != 2 {
-				t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2)
-			}
-			if !bytes.Equal(cs.OCSPResponse, ocsp) {
-				t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp)
-			}
-			// Only TLS 1.3 supports OCSP and SCTs on client certs.
-			if v == VersionTLS13 {
-				if len(ss.SignedCertificateTimestamps) != 2 {
-					t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2)
-				}
-				if !bytes.Equal(ss.OCSPResponse, ocsp) {
-					t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp)
+				ss1, cs1, err := testHandshake(t, config, config)
+				if err != nil {
+					t.Fatalf("handshake failed: %v", err)
 				}
-			}
 
-			if v == VersionTLS13 {
-				if ss.TLSUnique != nil || cs.TLSUnique != nil {
-					t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique)
+				if !cs1.DidResume || !ss1.DidResume {
+					t.Errorf("DidResume is false")
 				}
-			} else {
-				if ss.TLSUnique == nil || cs.TLSUnique == nil {
-					t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique)
-				}
-			}
+
+				t.Run("Client", func(t *testing.T) { compareConnectionStates(t, cs, cs1) })
+				t.Run("Server", func(t *testing.T) { compareConnectionStates(t, ss, ss1) })
+			})
 		})
 	}
 }
@@ -1997,18 +2072,18 @@ func TestHandshakeMLKEM(t *testing.T) {
 				t.Fatal(err)
 			}
 			if test.expectMLKEM {
-				if ss.testingOnlyCurveID != X25519MLKEM768 {
-					t.Errorf("got CurveID %v (server), expected %v", ss.testingOnlyCurveID, X25519MLKEM768)
+				if ss.CurveID != X25519MLKEM768 {
+					t.Errorf("got CurveID %v (server), expected %v", ss.CurveID, X25519MLKEM768)
 				}
-				if cs.testingOnlyCurveID != X25519MLKEM768 {
-					t.Errorf("got CurveID %v (client), expected %v", cs.testingOnlyCurveID, X25519MLKEM768)
+				if cs.CurveID != X25519MLKEM768 {
+					t.Errorf("got CurveID %v (client), expected %v", cs.CurveID, X25519MLKEM768)
 				}
 			} else {
-				if ss.testingOnlyCurveID == X25519MLKEM768 {
-					t.Errorf("got CurveID %v (server), expected not X25519MLKEM768", ss.testingOnlyCurveID)
+				if ss.CurveID == X25519MLKEM768 {
+					t.Errorf("got CurveID %v (server), expected not X25519MLKEM768", ss.CurveID)
 				}
-				if cs.testingOnlyCurveID == X25519MLKEM768 {
-					t.Errorf("got CurveID %v (client), expected not X25519MLKEM768", cs.testingOnlyCurveID)
+				if cs.CurveID == X25519MLKEM768 {
+					t.Errorf("got CurveID %v (client), expected not X25519MLKEM768", cs.CurveID)
 				}
 			}
 			if test.expectHRR {

From 7e88eb90beb0b761ed90cea17ea183aaec6ef365 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 19 Feb 2025 12:29:31 +0100
Subject: [PATCH 17/95] crypto/tls: clean up supported/default/allowed
 parameters

Cleaned up a lot of the plumbing to make it consistently follow this
logic: clone the preference order; filter by user preference; filter by
FIPS policy. There should be no behavior changes.

Updates #71757

Change-Id: I6a6a4656eb02e56d079f0a22f98212275a400000
Reviewed-on: https://go-review.googlesource.com/c/go/+/657096
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
---
 auth.go                         | 26 +++++-----
 cipher_suites.go                | 14 ++++--
 common.go                       | 84 +++++++++++++--------------------
 defaults.go                     | 56 +++++-----------------
 defaults_boring.go              | 67 ++++++++++++++++++++++++++
 fips_test.go => fips140_test.go | 48 ++++++++++++-------
 handshake_client.go             | 26 +++-------
 handshake_client_test.go        |  2 +-
 handshake_server.go             | 18 +------
 handshake_server_tls13.go       |  4 +-
 tls_test.go                     |  4 +-
 11 files changed, 177 insertions(+), 172 deletions(-)
 create mode 100644 defaults_boring.go
 rename fips_test.go => fips140_test.go (94%)

diff --git a/auth.go b/auth.go
index 9e3ce22f..81a85851 100644
--- a/auth.go
+++ b/auth.go
@@ -11,11 +11,11 @@ import (
 	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rsa"
-	"crypto/tls/internal/fips140tls"
 	"errors"
 	"fmt"
 	"hash"
 	"io"
+	"slices"
 )
 
 // verifyHandshakeSignature verifies a signature against pre-hashed
@@ -168,9 +168,6 @@ var rsaSignatureSchemes = []struct {
 // signatureSchemesForCertificate returns the list of supported SignatureSchemes
 // for a given certificate, based on the public key and the protocol version,
 // and optionally filtered by its explicit SupportedSignatureAlgorithms.
-//
-// This function must be kept in sync with supportedSignatureAlgorithms.
-// FIPS filtering is applied in the caller, selectSignatureScheme.
 func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme {
 	priv, ok := cert.PrivateKey.(crypto.Signer)
 	if !ok {
@@ -216,14 +213,18 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 	}
 
 	if cert.SupportedSignatureAlgorithms != nil {
-		var filteredSigAlgs []SignatureScheme
-		for _, sigAlg := range sigAlgs {
-			if isSupportedSignatureAlgorithm(sigAlg, cert.SupportedSignatureAlgorithms) {
-				filteredSigAlgs = append(filteredSigAlgs, sigAlg)
-			}
-		}
-		return filteredSigAlgs
+		sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
+			return !isSupportedSignatureAlgorithm(sigAlg, cert.SupportedSignatureAlgorithms)
+		})
 	}
+
+	// Filter out any unsupported signature algorithms, for example due to
+	// FIPS 140-3 policy, or any downstream changes to defaults.go.
+	supportedAlgs := supportedSignatureAlgorithms()
+	sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
+		return !isSupportedSignatureAlgorithm(sigAlg, supportedAlgs)
+	})
+
 	return sigAlgs
 }
 
@@ -243,9 +244,6 @@ func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureSche
 	// Pick signature scheme in the peer's preference order, as our
 	// preference order is not configurable.
 	for _, preferredAlg := range peerAlgs {
-		if fips140tls.Required() && !isSupportedSignatureAlgorithm(preferredAlg, defaultSupportedSignatureAlgorithmsFIPS) {
-			continue
-		}
 		if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
 			return preferredAlg, nil
 		}
diff --git a/cipher_suites.go b/cipher_suites.go
index 01d65688..2a96fa69 100644
--- a/cipher_suites.go
+++ b/cipher_suites.go
@@ -78,8 +78,8 @@ func CipherSuites() []*CipherSuite {
 // Most applications should not use the cipher suites in this list, and should
 // only use those returned by [CipherSuites].
 func InsecureCipherSuites() []*CipherSuite {
-	// This list includes RC4, CBC_SHA256, and 3DES cipher suites. See
-	// cipherSuitesPreferenceOrder for details.
+	// This list includes legacy RSA kex, RC4, CBC_SHA256, and 3DES cipher
+	// suites. See cipherSuitesPreferenceOrder for details.
 	return []*CipherSuite{
 		{TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
 		{TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, true},
@@ -387,9 +387,13 @@ var aesgcmCiphers = map[uint16]bool{
 	TLS_AES_256_GCM_SHA384: true,
 }
 
-// aesgcmPreferred returns whether the first known cipher in the preference list
-// is an AES-GCM cipher, implying the peer has hardware support for it.
-func aesgcmPreferred(ciphers []uint16) bool {
+// isAESGCMPreferred returns whether we have hardware support for AES-GCM, and the
+// first known cipher in the peer's preference list is an AES-GCM cipher,
+// implying the peer also has hardware support for it.
+func isAESGCMPreferred(ciphers []uint16) bool {
+	if !hasAESGCMHardwareSupport {
+		return false
+	}
 	for _, cID := range ciphers {
 		if c := cipherSuiteByID(cID); c != nil {
 			return aesgcmCiphers[cID]
diff --git a/common.go b/common.go
index dd6f1dac..faa14319 100644
--- a/common.go
+++ b/common.go
@@ -1106,20 +1106,28 @@ func (c *Config) time() time.Time {
 	return t()
 }
 
-func (c *Config) cipherSuites() []uint16 {
+func (c *Config) cipherSuites(aesGCMPreferred bool) []uint16 {
+	var cipherSuites []uint16
 	if c.CipherSuites == nil {
-		if fips140tls.Required() {
-			return defaultCipherSuitesFIPS
-		}
-		return defaultCipherSuites()
+		cipherSuites = defaultCipherSuites(aesGCMPreferred)
+	} else {
+		cipherSuites = supportedCipherSuites(aesGCMPreferred)
+		cipherSuites = slices.DeleteFunc(cipherSuites, func(id uint16) bool {
+			return !slices.Contains(c.CipherSuites, id)
+		})
 	}
 	if fips140tls.Required() {
-		cipherSuites := slices.Clone(c.CipherSuites)
-		return slices.DeleteFunc(cipherSuites, func(id uint16) bool {
-			return !slices.Contains(defaultCipherSuitesFIPS, id)
+		cipherSuites = slices.DeleteFunc(cipherSuites, func(id uint16) bool {
+			return !slices.Contains(allowedCipherSuitesFIPS, id)
 		})
 	}
-	return c.CipherSuites
+	return cipherSuites
+}
+
+// supportedCipherSuites returns the supported TLS 1.0–1.2 cipher suites in an
+// undefined order. For preference ordering, use [Config.cipherSuites].
+func (c *Config) supportedCipherSuites() []uint16 {
+	return c.cipherSuites(false)
 }
 
 var supportedVersions = []uint16{
@@ -1139,7 +1147,7 @@ var tls10server = godebug.New("tls10server")
 func (c *Config) supportedVersions(isClient bool) []uint16 {
 	versions := make([]uint16, 0, len(supportedVersions))
 	for _, v := range supportedVersions {
-		if fips140tls.Required() && !slices.Contains(defaultSupportedVersionsFIPS, v) {
+		if fips140tls.Required() && !slices.Contains(allowedSupportedVersionsFIPS, v) {
 			continue
 		}
 		if (c == nil || c.MinVersion == 0) && v < VersionTLS12 {
@@ -1184,11 +1192,11 @@ func supportedVersionsFromMax(maxVersion uint16) []uint16 {
 }
 
 func (c *Config) curvePreferences(version uint16) []CurveID {
-	var curvePreferences []CurveID
+	curvePreferences := defaultCurvePreferences()
 	if fips140tls.Required() {
-		curvePreferences = slices.Clone(defaultCurvePreferencesFIPS)
-	} else {
-		curvePreferences = defaultCurvePreferences()
+		curvePreferences = slices.DeleteFunc(curvePreferences, func(x CurveID) bool {
+			return !slices.Contains(allowedCurvePreferencesFIPS, x)
+		})
 	}
 	if c != nil && len(c.CurvePreferences) != 0 {
 		curvePreferences = slices.DeleteFunc(curvePreferences, func(x CurveID) bool {
@@ -1202,23 +1210,16 @@ func (c *Config) curvePreferences(version uint16) []CurveID {
 }
 
 func (c *Config) supportsCurve(version uint16, curve CurveID) bool {
-	for _, cc := range c.curvePreferences(version) {
-		if cc == curve {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(c.curvePreferences(version), curve)
 }
 
 // mutualVersion returns the protocol version to use given the advertised
 // versions of the peer. Priority is given to the peer preference order.
 func (c *Config) mutualVersion(isClient bool, peerVersions []uint16) (uint16, bool) {
 	supportedVersions := c.supportedVersions(isClient)
-	for _, peerVersion := range peerVersions {
-		for _, v := range supportedVersions {
-			if v == peerVersion {
-				return v, true
-			}
+	for _, v := range peerVersions {
+		if slices.Contains(supportedVersions, v) {
+			return v, true
 		}
 	}
 	return 0, false
@@ -1339,7 +1340,7 @@ func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error {
 		}
 		// Finally, there needs to be a mutual cipher suite that uses the static
 		// RSA key exchange instead of ECDHE.
-		rsaCipherSuite := selectCipherSuite(chi.CipherSuites, config.cipherSuites(), func(c *cipherSuite) bool {
+		rsaCipherSuite := selectCipherSuite(chi.CipherSuites, config.supportedCipherSuites(), func(c *cipherSuite) bool {
 			if c.flags&suiteECDHE != 0 {
 				return false
 			}
@@ -1416,7 +1417,7 @@ func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error {
 	// Make sure that there is a mutually supported cipher suite that works with
 	// this certificate. Cipher suite selection will then apply the logic in
 	// reverse to pick it. See also serverHandshakeState.cipherSuiteOk.
-	cipherSuite := selectCipherSuite(chi.CipherSuites, config.cipherSuites(), func(c *cipherSuite) bool {
+	cipherSuite := selectCipherSuite(chi.CipherSuites, config.supportedCipherSuites(), func(c *cipherSuite) bool {
 		if c.flags&suiteECDHE == 0 {
 			return false
 		}
@@ -1660,19 +1661,14 @@ func unexpectedMessageError(wanted, got any) error {
 
 // supportedSignatureAlgorithms returns the supported signature algorithms.
 func supportedSignatureAlgorithms() []SignatureScheme {
-	if !fips140tls.Required() {
-		return defaultSupportedSignatureAlgorithms
+	if fips140tls.Required() {
+		return allowedSupportedSignatureAlgorithmsFIPS
 	}
-	return defaultSupportedSignatureAlgorithmsFIPS
+	return defaultSupportedSignatureAlgorithms
 }
 
 func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlgorithms []SignatureScheme) bool {
-	for _, s := range supportedSignatureAlgorithms {
-		if s == sigAlg {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(supportedSignatureAlgorithms, sigAlg)
 }
 
 // CertificateVerificationError is returned when certificate verification fails during the handshake.
@@ -1721,24 +1717,10 @@ func fipsAllowChain(chain []*x509.Certificate) bool {
 	}
 
 	for _, cert := range chain {
-		if !fipsAllowCert(cert) {
+		if !isCertificateAllowedFIPS(cert) {
 			return false
 		}
 	}
 
 	return true
 }
-
-func fipsAllowCert(c *x509.Certificate) bool {
-	// The key must be RSA 2048, RSA 3072, RSA 4096,
-	// or ECDSA P-256, P-384, P-521.
-	switch k := c.PublicKey.(type) {
-	case *rsa.PublicKey:
-		size := k.N.BitLen()
-		return size == 2048 || size == 3072 || size == 4096
-	case *ecdsa.PublicKey:
-		return k.Curve == elliptic.P256() || k.Curve == elliptic.P384() || k.Curve == elliptic.P521()
-	}
-
-	return false
-}
diff --git a/defaults.go b/defaults.go
index ab346e18..a3f43eb8 100644
--- a/defaults.go
+++ b/defaults.go
@@ -46,9 +46,17 @@ var defaultSupportedSignatureAlgorithms = []SignatureScheme{
 var tlsrsakex = godebug.New("tlsrsakex")
 var tls3des = godebug.New("tls3des")
 
-func defaultCipherSuites() []uint16 {
-	suites := slices.Clone(cipherSuitesPreferenceOrder)
-	return slices.DeleteFunc(suites, func(c uint16) bool {
+func supportedCipherSuites(aesGCMPreferred bool) []uint16 {
+	if aesGCMPreferred {
+		return slices.Clone(cipherSuitesPreferenceOrder)
+	} else {
+		return slices.Clone(cipherSuitesPreferenceOrderNoAES)
+	}
+}
+
+func defaultCipherSuites(aesGCMPreferred bool) []uint16 {
+	cipherSuites := supportedCipherSuites(aesGCMPreferred)
+	return slices.DeleteFunc(cipherSuites, func(c uint16) bool {
 		return disabledCipherSuites[c] ||
 			tlsrsakex.Value() != "1" && rsaKexCiphers[c] ||
 			tls3des.Value() != "1" && tdesCiphers[c]
@@ -90,45 +98,3 @@ var defaultCipherSuitesTLS13NoAES = []uint16{
 	TLS_AES_128_GCM_SHA256,
 	TLS_AES_256_GCM_SHA384,
 }
-
-// The FIPS-only policies below match BoringSSL's
-// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2, with
-// minor changes per https://go.dev/issue/71757.
-// https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88fa
-
-var defaultSupportedVersionsFIPS = []uint16{
-	VersionTLS12,
-	VersionTLS13,
-}
-
-// defaultCurvePreferencesFIPS are the FIPS-allowed curves,
-// in preference order (most preferable first).
-var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521}
-
-// defaultSupportedSignatureAlgorithmsFIPS currently are a subset of
-// defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
-var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
-	PSSWithSHA256,
-	PSSWithSHA384,
-	PSSWithSHA512,
-	PKCS1WithSHA256,
-	ECDSAWithP256AndSHA256,
-	PKCS1WithSHA384,
-	ECDSAWithP384AndSHA384,
-	PKCS1WithSHA512,
-	ECDSAWithP521AndSHA512,
-}
-
-// defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.
-var defaultCipherSuitesFIPS = []uint16{
-	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-}
-
-// defaultCipherSuitesTLS13FIPS are the FIPS-allowed cipher suites for TLS 1.3.
-var defaultCipherSuitesTLS13FIPS = []uint16{
-	TLS_AES_128_GCM_SHA256,
-	TLS_AES_256_GCM_SHA384,
-}
diff --git a/defaults_boring.go b/defaults_boring.go
new file mode 100644
index 00000000..8356ee69
--- /dev/null
+++ b/defaults_boring.go
@@ -0,0 +1,67 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package tls
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/x509"
+)
+
+// These Go+BoringCrypto policies mostly match BoringSSL's
+// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2.
+// https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88fa
+//
+// P-521 is allowed per https://go.dev/issue/71757.
+//
+// They are applied when crypto/tls/fipsonly is imported with GOEXPERIMENT=boringcrypto.
+
+var (
+	allowedSupportedVersionsFIPS = []uint16{
+		VersionTLS12,
+		VersionTLS13,
+	}
+	allowedCurvePreferencesFIPS = []CurveID{
+		CurveP256,
+		CurveP384,
+		CurveP521,
+	}
+	allowedSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
+		PSSWithSHA256,
+		PSSWithSHA384,
+		PSSWithSHA512,
+		PKCS1WithSHA256,
+		ECDSAWithP256AndSHA256,
+		PKCS1WithSHA384,
+		ECDSAWithP384AndSHA384,
+		PKCS1WithSHA512,
+		ECDSAWithP521AndSHA512,
+	}
+	allowedCipherSuitesFIPS = []uint16{
+		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	}
+	allowedCipherSuitesTLS13FIPS = []uint16{
+		TLS_AES_128_GCM_SHA256,
+		TLS_AES_256_GCM_SHA384,
+	}
+)
+
+func isCertificateAllowedFIPS(c *x509.Certificate) bool {
+	// The key must be RSA 2048, RSA 3072, RSA 4096,
+	// or ECDSA P-256, P-384, P-521.
+	switch k := c.PublicKey.(type) {
+	case *rsa.PublicKey:
+		size := k.N.BitLen()
+		return size == 2048 || size == 3072 || size == 4096
+	case *ecdsa.PublicKey:
+		return k.Curve == elliptic.P256() || k.Curve == elliptic.P384() || k.Curve == elliptic.P521()
+	}
+
+	return false
+}
diff --git a/fips_test.go b/fips140_test.go
similarity index 94%
rename from fips_test.go
rename to fips140_test.go
index d5ac9b68..9ea32a6d 100644
--- a/fips_test.go
+++ b/fips140_test.go
@@ -92,24 +92,37 @@ func isFIPSVersion(v uint16) bool {
 }
 
 func isFIPSCipherSuite(id uint16) bool {
+	name := CipherSuiteName(id)
+	if isTLS13CipherSuite(id) {
+		switch id {
+		case TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384:
+			return true
+		case TLS_CHACHA20_POLY1305_SHA256:
+			return false
+		default:
+			panic("unknown TLS 1.3 cipher suite: " + name)
+		}
+	}
 	switch id {
-	case TLS_AES_128_GCM_SHA256,
-		TLS_AES_256_GCM_SHA384,
-		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
 		return true
+	default:
+		return false
 	}
-	return false
 }
 
 func isFIPSCurve(id CurveID) bool {
 	switch id {
 	case CurveP256, CurveP384, CurveP521:
 		return true
+	case X25519, X25519MLKEM768:
+		return false
+	default:
+		panic("unknown curve: " + id.String())
 	}
-	return false
 }
 
 func isECDSA(id uint16) bool {
@@ -123,8 +136,6 @@ func isECDSA(id uint16) bool {
 
 func isFIPSSignatureScheme(alg SignatureScheme) bool {
 	switch alg {
-	default:
-		return false
 	case PKCS1WithSHA256,
 		ECDSAWithP256AndSHA256,
 		PKCS1WithSHA384,
@@ -134,9 +145,12 @@ func isFIPSSignatureScheme(alg SignatureScheme) bool {
 		PSSWithSHA256,
 		PSSWithSHA384,
 		PSSWithSHA512:
-		// ok
+		return true
+	case Ed25519, PKCS1WithSHA1, ECDSAWithSHA1:
+		return false
+	default:
+		panic("unknown signature scheme: " + alg.String())
 	}
-	return true
 }
 
 func TestFIPSServerCipherSuites(t *testing.T) {
@@ -162,7 +176,7 @@ func TestFIPSServerCipherSuites(t *testing.T) {
 				keyShares:                    []keyShare{generateKeyShare(CurveP256)},
 				supportedPoints:              []uint8{pointFormatUncompressed},
 				supportedVersions:            []uint16{VersionTLS12},
-				supportedSignatureAlgorithms: defaultSupportedSignatureAlgorithmsFIPS,
+				supportedSignatureAlgorithms: allowedSupportedSignatureAlgorithmsFIPS,
 			}
 			if isTLS13CipherSuite(id) {
 				clientHello.supportedVersions = []uint16{VersionTLS13}
@@ -189,7 +203,7 @@ func TestFIPSServerCurves(t *testing.T) {
 	serverConfig.BuildNameToCertificate()
 
 	for _, curveid := range defaultCurvePreferences() {
-		t.Run(fmt.Sprintf("curve=%d", curveid), func(t *testing.T) {
+		t.Run(fmt.Sprintf("curve=%v", curveid), func(t *testing.T) {
 			clientConfig := testConfig.Clone()
 			clientConfig.CurvePreferences = []CurveID{curveid}
 
@@ -262,7 +276,7 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 			runWithFIPSDisabled(t, func(t *testing.T) {
 				clientErr, serverErr := fipsHandshake(t, testConfig, serverConfig)
 				if clientErr != nil {
-					t.Fatalf("expected handshake with %#x to succeed; client error: %v; server error: %v", sigHash, clientErr, serverErr)
+					t.Fatalf("expected handshake with %v to succeed; client error: %v; server error: %v", sigHash, clientErr, serverErr)
 				}
 			})
 
@@ -271,11 +285,11 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 				clientErr, _ := fipsHandshake(t, testConfig, serverConfig)
 				if isFIPSSignatureScheme(sigHash) {
 					if clientErr != nil {
-						t.Fatalf("expected handshake with %#x to succeed; err=%v", sigHash, clientErr)
+						t.Fatalf("expected handshake with %v to succeed; err=%v", sigHash, clientErr)
 					}
 				} else {
 					if clientErr == nil {
-						t.Fatalf("expected handshake with %#x to fail, but it succeeded", sigHash)
+						t.Fatalf("expected handshake with %v to fail, but it succeeded", sigHash)
 					}
 				}
 			})
@@ -323,12 +337,12 @@ func testFIPSClientHello(t *testing.T) {
 	}
 	for _, id := range hello.cipherSuites {
 		if !isFIPSCipherSuite(id) {
-			t.Errorf("client offered disallowed suite %#x", id)
+			t.Errorf("client offered disallowed suite %v", CipherSuiteName(id))
 		}
 	}
 	for _, id := range hello.supportedCurves {
 		if !isFIPSCurve(id) {
-			t.Errorf("client offered disallowed curve %d", id)
+			t.Errorf("client offered disallowed curve %v", id)
 		}
 	}
 	for _, sigHash := range hello.supportedSignatureAlgorithms {
@@ -600,7 +614,7 @@ func fipsCert(t *testing.T, name string, key interface{}, parent *fipsCertificat
 
 	fipsOK := mode&fipsCertFIPSOK != 0
 	runWithFIPSEnabled(t, func(t *testing.T) {
-		if fipsAllowCert(cert) != fipsOK {
+		if isCertificateAllowedFIPS(cert) != fipsOK {
 			t.Errorf("fipsAllowCert(cert with %s key) = %v, want %v", desc, !fipsOK, fipsOK)
 		}
 	})
diff --git a/handshake_client.go b/handshake_client.go
index ce48ec4f..30f2e2a2 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -94,24 +94,12 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 		hello.secureRenegotiation = c.clientFinished[:]
 	}
 
-	preferenceOrder := cipherSuitesPreferenceOrder
-	if !hasAESGCMHardwareSupport {
-		preferenceOrder = cipherSuitesPreferenceOrderNoAES
-	}
-	configCipherSuites := config.cipherSuites()
-	hello.cipherSuites = make([]uint16, 0, len(configCipherSuites))
-
-	for _, suiteId := range preferenceOrder {
-		suite := mutualCipherSuite(configCipherSuites, suiteId)
-		if suite == nil {
-			continue
-		}
-		// Don't advertise TLS 1.2-only cipher suites unless
-		// we're attempting TLS 1.2.
-		if maxVersion < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
-			continue
-		}
-		hello.cipherSuites = append(hello.cipherSuites, suiteId)
+	hello.cipherSuites = config.cipherSuites(hasAESGCMHardwareSupport)
+	// Don't advertise TLS 1.2-only cipher suites unless we're attempting TLS 1.2.
+	if maxVersion < VersionTLS12 {
+		hello.cipherSuites = slices.DeleteFunc(hello.cipherSuites, func(id uint16) bool {
+			return cipherSuiteByID(id).flags&suiteTLS12 != 0
+		})
 	}
 
 	_, err := io.ReadFull(config.rand(), hello.random)
@@ -145,7 +133,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 			hello.cipherSuites = nil
 		}
 		if fips140tls.Required() {
-			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13FIPS...)
+			hello.cipherSuites = append(hello.cipherSuites, allowedCipherSuitesTLS13FIPS...)
 		} else if hasAESGCMHardwareSupport {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
 		} else {
diff --git a/handshake_client_test.go b/handshake_client_test.go
index bc54475f..5e636e91 100644
--- a/handshake_client_test.go
+++ b/handshake_client_test.go
@@ -2707,7 +2707,7 @@ func testTLS13OnlyClientHelloCipherSuite(t *testing.T, ciphers []uint16) {
 		GetConfigForClient: func(chi *ClientHelloInfo) (*Config, error) {
 			expectedCiphersuites := defaultCipherSuitesTLS13NoAES
 			if fips140tls.Required() {
-				expectedCiphersuites = defaultCipherSuitesTLS13FIPS
+				expectedCiphersuites = allowedCipherSuitesTLS13FIPS
 			}
 			if len(chi.CipherSuites) != len(expectedCiphersuites) {
 				t.Errorf("only TLS 1.3 suites should be advertised, got=%x", chi.CipherSuites)
diff --git a/handshake_server.go b/handshake_server.go
index 6321606e..68c14b8a 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -373,21 +373,7 @@ func supportsECDHE(c *Config, version uint16, supportedCurves []CurveID, support
 func (hs *serverHandshakeState) pickCipherSuite() error {
 	c := hs.c
 
-	preferenceOrder := cipherSuitesPreferenceOrder
-	if !hasAESGCMHardwareSupport || !aesgcmPreferred(hs.clientHello.cipherSuites) {
-		preferenceOrder = cipherSuitesPreferenceOrderNoAES
-	}
-
-	configCipherSuites := c.config.cipherSuites()
-	preferenceList := make([]uint16, 0, len(configCipherSuites))
-	for _, suiteID := range preferenceOrder {
-		for _, id := range configCipherSuites {
-			if id == suiteID {
-				preferenceList = append(preferenceList, id)
-				break
-			}
-		}
-	}
+	preferenceList := c.config.cipherSuites(isAESGCMPreferred(hs.clientHello.cipherSuites))
 
 	hs.suite = selectCipherSuite(preferenceList, hs.clientHello.cipherSuites, hs.cipherSuiteOk)
 	if hs.suite == nil {
@@ -497,7 +483,7 @@ func (hs *serverHandshakeState) checkForResumption() error {
 
 	// Check that we also support the ciphersuite from the session.
 	suite := selectCipherSuite([]uint16{sessionState.cipherSuite},
-		c.config.cipherSuites(), hs.cipherSuiteOk)
+		c.config.supportedCipherSuites(), hs.cipherSuiteOk)
 	if suite == nil {
 		return nil
 	}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index b6d455cd..1796052a 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -176,11 +176,11 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
 	hs.hello.compressionMethod = compressionNone
 
 	preferenceList := defaultCipherSuitesTLS13
-	if !hasAESGCMHardwareSupport || !aesgcmPreferred(hs.clientHello.cipherSuites) {
+	if !hasAESGCMHardwareSupport || !isAESGCMPreferred(hs.clientHello.cipherSuites) {
 		preferenceList = defaultCipherSuitesTLS13NoAES
 	}
 	if fips140tls.Required() {
-		preferenceList = defaultCipherSuitesTLS13FIPS
+		preferenceList = allowedCipherSuitesTLS13FIPS
 	}
 	for _, suiteID := range preferenceList {
 		hs.suite = mutualCipherSuiteTLS13(hs.clientHello.cipherSuites, suiteID)
diff --git a/tls_test.go b/tls_test.go
index 37bc358c..9c08600f 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -1593,11 +1593,11 @@ func TestCipherSuites(t *testing.T) {
 		}
 
 		if cc.Insecure {
-			if slices.Contains(defaultCipherSuites(), c.id) {
+			if slices.Contains(defaultCipherSuites(false), c.id) {
 				t.Errorf("%#04x: insecure suite in default list", c.id)
 			}
 		} else {
-			if !slices.Contains(defaultCipherSuites(), c.id) {
+			if !slices.Contains(defaultCipherSuites(false), c.id) {
 				t.Errorf("%#04x: secure suite not in default list", c.id)
 			}
 		}

From 2e090b90e30394fdec2e7e6eefae1794e2a87fd6 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 19 Feb 2025 12:29:31 +0100
Subject: [PATCH 18/95] crypto/tls: relax native FIPS 140-3 mode

We are going to stick to BoringSSL's policy for Go+BoringCrypto, but
when using the native FIPS 140-3 module we can allow Ed25519, ML-KEM,
and P-521.

NIST SP 800-52r2 is stricter, but it only applies to some entities, so
they can restrict the profile with Config.

Fixes #71757

Change-Id: I6a6a4656eb02e56d079f0a22f98212275a40a679
Reviewed-on: https://go-review.googlesource.com/c/go/+/650576
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
---
 defaults_boring.go  |  2 ++
 defaults_fips140.go | 76 +++++++++++++++++++++++++++++++++++++++++++++
 fips140_test.go     | 25 +++++++++++++--
 tls.go              | 11 ++++---
 4 files changed, 107 insertions(+), 7 deletions(-)
 create mode 100644 defaults_fips140.go

diff --git a/defaults_boring.go b/defaults_boring.go
index 8356ee69..96406acf 100644
--- a/defaults_boring.go
+++ b/defaults_boring.go
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build boringcrypto
+
 package tls
 
 import (
diff --git a/defaults_fips140.go b/defaults_fips140.go
new file mode 100644
index 00000000..472bb807
--- /dev/null
+++ b/defaults_fips140.go
@@ -0,0 +1,76 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !boringcrypto
+
+package tls
+
+import (
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/x509"
+)
+
+// These FIPS 140-3 policies allow anything approved by SP 800-140C
+// and SP 800-140D, and tested as part of the Go Cryptographic Module.
+//
+// Notably, not SHA-1, 3DES, RC4, ChaCha20Poly1305, RSA PKCS #1 v1.5 key
+// transport, or TLS 1.0—1.1 (because we don't test its KDF).
+//
+// These are not default lists, but filters to apply to the default or
+// configured lists. Missing items are treated as if they were not implemented.
+//
+// They are applied when the fips140 GODEBUG is "on" or "only".
+
+var (
+	allowedSupportedVersionsFIPS = []uint16{
+		VersionTLS12,
+		VersionTLS13,
+	}
+	allowedCurvePreferencesFIPS = []CurveID{
+		X25519MLKEM768,
+		CurveP256,
+		CurveP384,
+		CurveP521,
+	}
+	allowedSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
+		PSSWithSHA256,
+		ECDSAWithP256AndSHA256,
+		Ed25519,
+		PSSWithSHA384,
+		PSSWithSHA512,
+		PKCS1WithSHA256,
+		PKCS1WithSHA384,
+		PKCS1WithSHA512,
+		ECDSAWithP384AndSHA384,
+		ECDSAWithP521AndSHA512,
+	}
+	allowedCipherSuitesFIPS = []uint16{
+		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+	}
+	allowedCipherSuitesTLS13FIPS = []uint16{
+		TLS_AES_128_GCM_SHA256,
+		TLS_AES_256_GCM_SHA384,
+	}
+)
+
+func isCertificateAllowedFIPS(c *x509.Certificate) bool {
+	switch k := c.PublicKey.(type) {
+	case *rsa.PublicKey:
+		return k.N.BitLen() >= 2048
+	case *ecdsa.PublicKey:
+		return k.Curve == elliptic.P256() || k.Curve == elliptic.P384() || k.Curve == elliptic.P521()
+	case ed25519.PublicKey:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/fips140_test.go b/fips140_test.go
index 9ea32a6d..c22ad485 100644
--- a/fips140_test.go
+++ b/fips140_test.go
@@ -7,6 +7,7 @@ package tls
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/internal/boring"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@@ -109,8 +110,20 @@ func isFIPSCipherSuite(id uint16) bool {
 		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
 		return true
-	default:
+	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+		// Only for the native module.
+		return !boring.Enabled
+	}
+	switch {
+	case strings.Contains(name, "CHACHA20"):
+		return false
+	case strings.HasSuffix(name, "_SHA"): // SHA-1
 		return false
+	case strings.HasPrefix(name, "TLS_RSA"): // RSA kex
+		return false
+	default:
+		panic("unknown cipher suite: " + name)
 	}
 }
 
@@ -118,7 +131,10 @@ func isFIPSCurve(id CurveID) bool {
 	switch id {
 	case CurveP256, CurveP384, CurveP521:
 		return true
-	case X25519, X25519MLKEM768:
+	case X25519MLKEM768:
+		// Only for the native module.
+		return !boring.Enabled
+	case X25519:
 		return false
 	default:
 		panic("unknown curve: " + id.String())
@@ -146,7 +162,10 @@ func isFIPSSignatureScheme(alg SignatureScheme) bool {
 		PSSWithSHA384,
 		PSSWithSHA512:
 		return true
-	case Ed25519, PKCS1WithSHA1, ECDSAWithSHA1:
+	case Ed25519:
+		// Only for the native module.
+		return !boring.Enabled
+	case PKCS1WithSHA1, ECDSAWithSHA1:
 		return false
 	default:
 		panic("unknown signature scheme: " + alg.String())
diff --git a/tls.go b/tls.go
index c64201ab..a0fd8e83 100644
--- a/tls.go
+++ b/tls.go
@@ -7,10 +7,13 @@
 //
 // # FIPS 140-3 mode
 //
-// When the program is in [FIPS 140-3 mode], this package behaves as if
-// only protocol versions, cipher suites, signature algorithms, and
-// key exchange algorithms approved by NIST SP 800-52r2 are implemented.
-// Others are silently ignored and not negotiated.
+// When the program is in [FIPS 140-3 mode], this package behaves as if only
+// SP 800-140C and SP 800-140D approved protocol versions, cipher suites,
+// signature algorithms, certificate public key types and sizes, and key
+// exchange and derivation algorithms were implemented. Others are silently
+// ignored and not negotiated, or rejected. This set may depend on the
+// algorithms supported by the FIPS 140-3 Go Cryptographic Module selected with
+// GOFIPS140, and may change across Go versions.
 //
 // [FIPS 140-3 mode]: https://go.dev/doc/security/fips140
 package tls

From b4667318947503fd56c6e411f9915cc5722f9c50 Mon Sep 17 00:00:00 2001
From: qmuntal <quimmuntal@gmail.com>
Date: Fri, 10 Jan 2025 13:38:35 +0100
Subject: [PATCH 19/95] crypto/tls/internal/fips140tls: use crypto/fips140

There is no need for fips140tls to depend on an internal package, it
can use crypto/fips140 directly.

Both approaches are equivalent, but using crypto/fips140 makes us
exercise a public API and sets precedence.

Change-Id: I668e80ee62b711bc60821cee3a54232a33295ee1
Reviewed-on: https://go-review.googlesource.com/c/go/+/642035
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
---
 internal/fips140tls/fipstls.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/fips140tls/fipstls.go b/internal/fips140tls/fipstls.go
index 24d78d60..0b871856 100644
--- a/internal/fips140tls/fipstls.go
+++ b/internal/fips140tls/fipstls.go
@@ -6,14 +6,14 @@
 package fips140tls
 
 import (
-	"crypto/internal/fips140"
+	"crypto/fips140"
 	"sync/atomic"
 )
 
 var required atomic.Bool
 
 func init() {
-	if fips140.Enabled {
+	if fips140.Enabled() {
 		Force()
 	}
 }

From be65dde132c5198f31cf6529b618e9bea42eac1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8F=A4=E5=A4=A7=E7=BE=8A?= <lj1788@gmail.com>
Date: Mon, 10 Feb 2025 12:49:15 +0800
Subject: [PATCH 20/95] crypto/tls: fix ECH compatibility

Previously, the code only checked supportedVersions[0] for TLS 1.3
However, Chromium-based
browsers may list TLS 1.3 at different positions, causing ECH failures.
This fix:
    Iterates through supportedVersions to accept connections as long as TLS 1.3 is present.
    Improves ECH compatibility, ensuring Chrome, Edge, and other browsers work properly.

Fixes #71642

Change-Id: I32f4219fb6654d5cc22c7f33497c6142c0acb4f2
Reviewed-on: https://go-review.googlesource.com/c/go/+/648015
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 ech.go | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/ech.go b/ech.go
index 8bfd47ce..3ca9fd00 100644
--- a/ech.go
+++ b/ech.go
@@ -392,8 +392,28 @@ func decodeInnerClientHello(outer *clientHelloMsg, encoded []byte) (*clientHello
 		return nil, errInvalidECHExt
 	}
 
-	if len(inner.supportedVersions) != 1 || (len(inner.supportedVersions) >= 1 && inner.supportedVersions[0] != VersionTLS13) {
-		return nil, errors.New("tls: client sent encrypted_client_hello extension and offered incompatible versions")
+	hasTLS13 := false
+	for _, v := range inner.supportedVersions {
+		// Skip GREASE values (values of the form 0x?A0A).
+		// GREASE (Generate Random Extensions And Sustain Extensibility) is a mechanism used by
+		// browsers like Chrome to ensure TLS implementations correctly ignore unknown values.
+		// GREASE values follow a specific pattern: 0x?A0A, where ? can be any hex digit.
+		// These values should be ignored when processing supported TLS versions.
+		if v&0x0F0F == 0x0A0A && v&0xff == v>>8 {
+			continue
+		}
+
+		// Ensure at least TLS 1.3 is offered.
+		if v == VersionTLS13 {
+			hasTLS13 = true
+		} else if v < VersionTLS13 {
+			// Reject if any non-GREASE value is below TLS 1.3, as ECH requires TLS 1.3+.
+			return nil, errors.New("tls: client sent encrypted_client_hello extension with unsupported versions")
+		}
+	}
+
+	if !hasTLS13 {
+		return nil, errors.New("tls: client sent encrypted_client_hello extension but did not offer TLS 1.3")
 	}
 
 	return inner, nil

From 77240601e6d157a8cfbd88f34765fd8615b455ff Mon Sep 17 00:00:00 2001
From: Edoardo Spadolini <edoardo.spadolini@gmail.com>
Date: Fri, 26 Jul 2024 14:06:55 +0000
Subject: [PATCH 21/95] crypto/tls: add missing RUnlock in ticketKeys

If GetConfigForClient returns a tls.Config that has
SessionTicketsDisabled set, the TLS server handshake currently leaves
the Config's internal RWMutex read locked after calculating the
ticketKeys to use for the handshake.

Change-Id: I07e450a0d2edda9e80f51fc2c20af633aa271684
GitHub-Last-Rev: 693d7acf952e9478708fe4cd69788f3115e6fe23
GitHub-Pull-Request: golang/go#68607
Reviewed-on: https://go-review.googlesource.com/c/go/+/601335
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 common.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common.go b/common.go
index faa14319..26f795f1 100644
--- a/common.go
+++ b/common.go
@@ -1013,6 +1013,7 @@ func (c *Config) ticketKeys(configForClient *Config) []ticketKey {
 	if configForClient != nil {
 		configForClient.mutex.RLock()
 		if configForClient.SessionTicketsDisabled {
+			configForClient.mutex.RUnlock()
 			return nil
 		}
 		configForClient.initLegacySessionTicketKeyRLocked()

From 50036e19b9399c0a06ba7bf7479ce0f089fd591e Mon Sep 17 00:00:00 2001
From: qmuntal <quimmuntal@gmail.com>
Date: Mon, 17 Mar 2025 15:50:26 +0100
Subject: [PATCH 22/95] crypto/tls: use crypto/hkdf

For consistency, prefer crypto/hkdf over crypto/internal/fips140/hkdf.
Both should have the same behavior given the constrained use of HKDF
in TLS.

Change-Id: Ia982b9f7a6ea66537d748eb5ecae1ac1eade68a5
Reviewed-on: https://go-review.googlesource.com/c/go/+/658217
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 handshake_client_tls13.go | 28 +++++++++++++++-------------
 handshake_server_tls13.go | 28 +++++++++++++++-------------
 2 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index fadca22e..66dc76f7 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -8,8 +8,8 @@ import (
 	"bytes"
 	"context"
 	"crypto"
+	"crypto/hkdf"
 	"crypto/hmac"
-	"crypto/internal/fips140/hkdf"
 	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
 	"crypto/rsa"
@@ -90,12 +90,13 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 		confTranscript.Write(hs.serverHello.original[:30])
 		confTranscript.Write(make([]byte, 8))
 		confTranscript.Write(hs.serverHello.original[38:])
-		acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New,
-			hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil),
-			"ech accept confirmation",
-			confTranscript.Sum(nil),
-			8,
-		)
+		h := hs.suite.hash.New
+		prk, err := hkdf.Extract(h, hs.echContext.innerHello.random, nil)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return err
+		}
+		acceptConfirmation := tls13.ExpandLabel(h, prk, "ech accept confirmation", confTranscript.Sum(nil), 8)
 		if subtle.ConstantTimeCompare(acceptConfirmation, hs.serverHello.random[len(hs.serverHello.random)-8:]) == 1 {
 			hs.hello = hs.echContext.innerHello
 			c.serverName = c.config.ServerName
@@ -264,12 +265,13 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
 			copy(hrrHello, hs.serverHello.original)
 			hrrHello = bytes.Replace(hrrHello, hs.serverHello.encryptedClientHello, make([]byte, 8), 1)
 			confTranscript.Write(hrrHello)
-			acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New,
-				hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil),
-				"hrr ech accept confirmation",
-				confTranscript.Sum(nil),
-				8,
-			)
+			h := hs.suite.hash.New
+			prk, err := hkdf.Extract(h, hs.echContext.innerHello.random, nil)
+			if err != nil {
+				c.sendAlert(alertInternalError)
+				return err
+			}
+			acceptConfirmation := tls13.ExpandLabel(h, prk, "hrr ech accept confirmation", confTranscript.Sum(nil), 8)
 			if subtle.ConstantTimeCompare(acceptConfirmation, hs.serverHello.encryptedClientHello) == 1 {
 				hello = hs.echContext.innerHello
 				c.serverName = c.config.ServerName
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 1796052a..929d865d 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -8,8 +8,8 @@ import (
 	"bytes"
 	"context"
 	"crypto"
+	"crypto/hkdf"
 	"crypto/hmac"
-	"crypto/internal/fips140/hkdf"
 	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
 	"crypto/internal/hpke"
@@ -572,12 +572,13 @@ func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID)
 		if err := transcriptMsg(helloRetryRequest, confTranscript); err != nil {
 			return nil, err
 		}
-		acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New,
-			hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil),
-			"hrr ech accept confirmation",
-			confTranscript.Sum(nil),
-			8,
-		)
+		h := hs.suite.hash.New
+		prf, err := hkdf.Extract(h, hs.clientHello.random, nil)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return nil, err
+		}
+		acceptConfirmation := tls13.ExpandLabel(h, prf, "hrr ech accept confirmation", confTranscript.Sum(nil), 8)
 		helloRetryRequest.encryptedClientHello = acceptConfirmation
 	}
 
@@ -735,12 +736,13 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
 			return err
 		}
 		// compute the acceptance message
-		acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New,
-			hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil),
-			"ech accept confirmation",
-			echTranscript.Sum(nil),
-			8,
-		)
+		h := hs.suite.hash.New
+		prk, err := hkdf.Extract(h, hs.clientHello.random, nil)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return err
+		}
+		acceptConfirmation := tls13.ExpandLabel(h, prk, "ech accept confirmation", echTranscript.Sum(nil), 8)
 		copy(hs.hello.random[32-8:], acceptConfirmation)
 	}
 

From c07bd167c6e07ea51610351f2c991e5649bec606 Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Sun, 24 Nov 2024 15:28:34 +0100
Subject: [PATCH 23/95] crypto/tls: add offered cipher suites to the handshake
 error

This change makes debugging easier if the server handshake fails because
the client only offers unsupported algorithms.

Change-Id: I7daac173a16af2e073aec3d9b59709560f540c6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/631555
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
---
 handshake_server.go       | 3 ++-
 handshake_server_tls13.go | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/handshake_server.go b/handshake_server.go
index 68c14b8a..507b69a0 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -378,7 +378,8 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
 	hs.suite = selectCipherSuite(preferenceList, hs.clientHello.cipherSuites, hs.cipherSuiteOk)
 	if hs.suite == nil {
 		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: no cipher suite supported by both client and server")
+		return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x",
+			hs.clientHello.cipherSuites)
 	}
 	c.cipherSuite = hs.suite.id
 
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 929d865d..ab0cff9e 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -16,6 +16,7 @@ import (
 	"crypto/rsa"
 	"crypto/tls/internal/fips140tls"
 	"errors"
+	"fmt"
 	"hash"
 	"internal/byteorder"
 	"io"
@@ -190,7 +191,8 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
 	}
 	if hs.suite == nil {
 		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: no cipher suite supported by both client and server")
+		return fmt.Errorf("tls: no cipher suite supported by both client and server; client offered: %x",
+			hs.clientHello.cipherSuites)
 	}
 	c.cipherSuite = hs.suite.id
 	hs.hello.cipherSuite = hs.suite.id

From 9039e1b32a4709665729b309f03ffd0273f9d2b6 Mon Sep 17 00:00:00 2001
From: Eric Young <eay@pobox.com>
Date: Fri, 3 Jun 2022 02:22:50 +0000
Subject: [PATCH 24/95] crypto/tls: fix a testing deadlock that occurs on a TLS
 protocol error

A Go routine was, on an error, returning without sending a message on its
signaling channel, so the main program was blocking forever waiting for
a message that was never sent. Found while breaking crypto/tls.

Change-Id: Id0b3c070a27cabd852f74e86bb9eff5c66b86d28
GitHub-Last-Rev: 4d84fb8b556589ec98eba6142a553fbd45683b96
GitHub-Pull-Request: golang/go#53216
Reviewed-on: https://go-review.googlesource.com/c/go/+/410274
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_server_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/handshake_server_test.go b/handshake_server_test.go
index 2c75b78e..9a2a378d 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -236,7 +236,6 @@ func TestRenegotiationExtension(t *testing.T) {
 		n, err := c.Read(buf)
 		if err != nil {
 			t.Errorf("Server read returned error: %s", err)
-			return
 		}
 		c.Close()
 		bufChan <- buf[:n]

From 177adaac79ddd8358f0dbde27295275e17541e3f Mon Sep 17 00:00:00 2001
From: Nevkontakte <aleks@nevkontakte.com>
Date: Mon, 21 Apr 2025 13:13:04 +0000
Subject: [PATCH 25/95] crypto/tls: skip part of the test based on GOOS instead
 of GOARCH

This allows to skip the last part of the test under GopherJS as well as
WebAssembly, since GopherJS shares GOOS=js with wasm.

Change-Id: I41adad788043c1863b23eb2a6da9bc9aa2833092
GitHub-Last-Rev: d8d42a3b7ccb2bee6479306b6ac1a319443702ec
GitHub-Pull-Request: golang/go#51827
Reviewed-on: https://go-review.googlesource.com/c/go/+/394114
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_client_test.go | 4 ++--
 handshake_server_test.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/handshake_client_test.go b/handshake_client_test.go
index 5e636e91..6118711a 100644
--- a/handshake_client_test.go
+++ b/handshake_client_test.go
@@ -2655,8 +2655,8 @@ func TestClientHandshakeContextCancellation(t *testing.T) {
 	if err != context.Canceled {
 		t.Errorf("Unexpected client handshake error: %v", err)
 	}
-	if runtime.GOARCH == "wasm" {
-		t.Skip("conn.Close does not error as expected when called multiple times on WASM")
+	if runtime.GOOS == "js" || runtime.GOOS == "wasip1" {
+		t.Skip("conn.Close does not error as expected when called multiple times on GOOS=js or GOOS=wasip1")
 	}
 	err = cli.Close()
 	if err == nil {
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 9a2a378d..c72974ef 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -2044,8 +2044,8 @@ func TestServerHandshakeContextCancellation(t *testing.T) {
 	if err != context.Canceled {
 		t.Errorf("Unexpected server handshake error: %v", err)
 	}
-	if runtime.GOARCH == "wasm" {
-		t.Skip("conn.Close does not error as expected when called multiple times on WASM")
+	if runtime.GOOS == "js" || runtime.GOOS == "wasip1" {
+		t.Skip("conn.Close does not error as expected when called multiple times on GOOS=js or GOOS=wasip1")
 	}
 	err = conn.Close()
 	if err == nil {

From 15327161b317718f8ccdb4cf229024bea8f84414 Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@gmail.com>
Date: Wed, 9 Apr 2025 21:08:06 +0000
Subject: [PATCH 26/95] crypto/internal/hpke: rename Receipient to Recipient

receipient -> recipient

Change-Id: I9ed5937acf0f3808283e35221f8b4f41408eee7c
GitHub-Last-Rev: 0ed5ff7a46808d5311af3620b6577734a1e557f4
GitHub-Pull-Request: golang/go#73131
Reviewed-on: https://go-review.googlesource.com/c/go/+/662175
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Jorropo <jorropo.pgm@gmail.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Jorropo <jorropo.pgm@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 ech.go                    | 4 ++--
 handshake_server_tls13.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ech.go b/ech.go
index 3ca9fd00..6d64191b 100644
--- a/ech.go
+++ b/ech.go
@@ -419,7 +419,7 @@ func decodeInnerClientHello(outer *clientHelloMsg, encoded []byte) (*clientHello
 	return inner, nil
 }
 
-func decryptECHPayload(context *hpke.Receipient, hello, payload []byte) ([]byte, error) {
+func decryptECHPayload(context *hpke.Recipient, hello, payload []byte) ([]byte, error) {
 	outerAAD := bytes.Replace(hello[4:], payload, make([]byte, len(payload)), 1)
 	return context.Open(outerAAD, payload)
 }
@@ -613,7 +613,7 @@ func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *e
 			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKeys PrivateKey: %s", err)
 		}
 		info := append([]byte("tls ech\x00"), echKey.Config...)
-		hpkeContext, err := hpke.SetupReceipient(hpke.DHKEM_X25519_HKDF_SHA256, echCiphersuite.KDFID, echCiphersuite.AEADID, echPriv, info, encap)
+		hpkeContext, err := hpke.SetupRecipient(hpke.DHKEM_X25519_HKDF_SHA256, echCiphersuite.KDFID, echCiphersuite.AEADID, echPriv, info, encap)
 		if err != nil {
 			// attempt next trial decryption
 			continue
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index ab0cff9e..fbdf55d4 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -31,7 +31,7 @@ import (
 const maxClientPSKIdentities = 5
 
 type echServerContext struct {
-	hpkeContext *hpke.Receipient
+	hpkeContext *hpke.Recipient
 	configID    uint8
 	ciphersuite echCipher
 	transcript  hash.Hash

From 91202800cfc620d92e0439b27ca1b32d6c5372cf Mon Sep 17 00:00:00 2001
From: Carlos Amedee <carlos@golang.org>
Date: Wed, 9 Apr 2025 16:21:42 -0400
Subject: [PATCH 27/95] crypto/tls: use runtime.AddCleanup instead of
 runtime.SetFinalizer

Replace the usage of runtime.SetFinalizer with runtime.AddCleanup in
the certificate cache.

Updates #70907

Change-Id: Ieab6ff88dbc4083f11c1b475f11bd61521dbc638
Reviewed-on: https://go-review.googlesource.com/c/go/+/664275
Auto-Submit: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
---
 cache.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cache.go b/cache.go
index a7677611..807f5229 100644
--- a/cache.go
+++ b/cache.go
@@ -43,15 +43,15 @@ var globalCertCache = new(certCache)
 
 // activeCert is a handle to a certificate held in the cache. Once there are
 // no alive activeCerts for a given certificate, the certificate is removed
-// from the cache by a finalizer.
+// from the cache by a cleanup.
 type activeCert struct {
 	cert *x509.Certificate
 }
 
 // active increments the number of references to the entry, wraps the
-// certificate in the entry in an activeCert, and sets the finalizer.
+// certificate in the entry in an activeCert, and sets the cleanup.
 //
-// Note that there is a race between active and the finalizer set on the
+// Note that there is a race between active and the cleanup set on the
 // returned activeCert, triggered if active is called after the ref count is
 // decremented such that refs may be > 0 when evict is called. We consider this
 // safe, since the caller holding an activeCert for an entry that is no longer
@@ -60,11 +60,11 @@ type activeCert struct {
 func (cc *certCache) active(e *cacheEntry) *activeCert {
 	e.refs.Add(1)
 	a := &activeCert{e.cert}
-	runtime.SetFinalizer(a, func(_ *activeCert) {
-		if e.refs.Add(-1) == 0 {
-			cc.evict(e)
+	runtime.AddCleanup(a, func(ce *cacheEntry) {
+		if ce.refs.Add(-1) == 0 {
+			cc.evict(ce)
 		}
-	})
+	}, e)
 	return a
 }
 

From 1b23367f172191e6d589be1e2479c652a0d7d202 Mon Sep 17 00:00:00 2001
From: Michael Anthony Knyszek <mknyszek@google.com>
Date: Wed, 7 May 2025 23:17:48 +0000
Subject: [PATCH 28/95] crypto/tls: add scheduler call to TestCertCache
 refcount timeout loop

Currently TestCertCache will busy loop waiting for a cleanup (in the
runtime.AddCleanup sense) to execute. If we ever get into this busy
loop, then on single-threaded platforms like js/wasm, we'll end up
_always_ timing out.

This doesn't happen right now because we're getting lucky. The finalizer
goroutine is scheduled into the runnext slot with 'ready' and is thus
scheduled immediately after the GC call. In a follow-up CL, scheduling
cleanup goroutines becomes less aggressive, and thus this test fails.

Although perhaps that CL should schedule cleanup goroutines more
aggressively, the test is still technically buggy, because it expects
busy loops like this to call into the scheduler, but that won't happen
on certain platforms.

Change-Id: I8efe5975be97f4314aec1c8c6e9e22f396be9c94
Reviewed-on: https://go-review.googlesource.com/c/go/+/670755
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 cache_test.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/cache_test.go b/cache_test.go
index 28467341..66854299 100644
--- a/cache_test.go
+++ b/cache_test.go
@@ -41,12 +41,22 @@ func TestCertCache(t *testing.T) {
 
 	timeoutRefCheck := func(t *testing.T, key string, count int64) {
 		t.Helper()
-		c := time.After(4 * time.Second)
+
+		// Explicitly check every 1 ms up to the timeout instead of busy-looping.
+		//
+		// On single-threaded platforms like js/wasm a busy-loop might
+		// never call into the scheduler for the full timeout, meaning
+		// that if we arrive here and the cleanup hasn't already run,
+		// we'll simply loop until the timeout. Busy-loops put us at the
+		// mercy of the Go scheduler, making this test fragile on some
+		// platforms.
+		timeout := time.After(4 * time.Second)
+		check := time.After(1 * time.Millisecond)
 		for {
 			select {
-			case <-c:
+			case <-timeout:
 				t.Fatal("timed out waiting for expected ref count")
-			default:
+			case <-check:
 				e, ok := cc.Load(key)
 				if !ok && count != 0 {
 					t.Fatal("cache does not contain expected key")

From b902acb608cf47a680728cbc699ae7a4363864b2 Mon Sep 17 00:00:00 2001
From: Michael Anthony Knyszek <mknyszek@google.com>
Date: Thu, 8 May 2025 19:03:37 +0000
Subject: [PATCH 29/95] crypto/tls: use runtime.Gosched instead of time.After
 in TestCertCache

I noticed a failure of this test on a linux/amd64 builder and reproduced
it locally. I can only really reproduce it in a stress test when I
overload my system (`stress2 ./tls.test -test.run=TestCertCache`) but
this points to the root of the problem: it's possible for a timer to get
delayed and the timeout fires before we ever get the chance to check.

After copious debugging printlns, this is essentially what I'd observed.
There would only be one failed check of the reference count from before
it was updated.

Change the test to be a busy-loop again, but call runtime.Gosched. This
is also what we do for the os.Root tests, and in hindsight should've
been my go-to. This has a much higher likelihood of executing promptly.

We may want to go back and understand why the 1 ms timer would fire so
hilariously late the second time. This might be a real bug. For now,
this change makes the test more stable. It no longer fails when it's
hammered under `stress2`.

Fixes #73637.

Change-Id: I316bd9e30946f4c055e61d179c4efc5fe029c608
Reviewed-on: https://go-review.googlesource.com/c/go/+/671175
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 cache_test.go | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/cache_test.go b/cache_test.go
index 66854299..ea6b726d 100644
--- a/cache_test.go
+++ b/cache_test.go
@@ -41,22 +41,12 @@ func TestCertCache(t *testing.T) {
 
 	timeoutRefCheck := func(t *testing.T, key string, count int64) {
 		t.Helper()
-
-		// Explicitly check every 1 ms up to the timeout instead of busy-looping.
-		//
-		// On single-threaded platforms like js/wasm a busy-loop might
-		// never call into the scheduler for the full timeout, meaning
-		// that if we arrive here and the cleanup hasn't already run,
-		// we'll simply loop until the timeout. Busy-loops put us at the
-		// mercy of the Go scheduler, making this test fragile on some
-		// platforms.
 		timeout := time.After(4 * time.Second)
-		check := time.After(1 * time.Millisecond)
 		for {
 			select {
 			case <-timeout:
 				t.Fatal("timed out waiting for expected ref count")
-			case <-check:
+			default:
 				e, ok := cc.Load(key)
 				if !ok && count != 0 {
 					t.Fatal("cache does not contain expected key")
@@ -68,6 +58,15 @@ func TestCertCache(t *testing.T) {
 					return
 				}
 			}
+			// Explicitly yield to the scheduler.
+			//
+			// On single-threaded platforms like js/wasm a busy-loop might
+			// never call into the scheduler for the full timeout, meaning
+			// that if we arrive here and the cleanup hasn't already run,
+			// we'll simply loop until the timeout. Busy-loops put us at the
+			// mercy of the Go scheduler, making this test fragile on some
+			// platforms.
+			runtime.Gosched()
 		}
 	}
 

From 66ddf5a7617e52cca5f35a4f1a07965d8ccf92e3 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 29 Apr 2025 14:33:15 -0400
Subject: [PATCH 30/95] crypto/tls: use illegal param alert for bad compression

Previously if the clientHandshakeState for the TLS 1.2 client code
encountered a server helo message that contained a compression method
other than compressionNone, we would emit an unexpected message alert.

Instead, it seems more appropriate to return an illegal parameter alert.
The server hello message _was_ expected, it just contained a bad
parameter option.

Making this change also allows enabling the InvalidCompressionMethod
bogo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c3
Reviewed-on: https://go-review.googlesource.com/c/go/+/669155
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 bogo_config.json    | 1 -
 handshake_client.go | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 5261a35c..7184f56b 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -65,7 +65,6 @@
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
-        "InvalidCompressionMethod": "TODO: first pass, this should be fixed",
         "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
diff --git a/handshake_client.go b/handshake_client.go
index 30f2e2a2..0971afab 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -889,7 +889,7 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
 	}
 
 	if hs.serverHello.compressionMethod != compressionNone {
-		c.sendAlert(alertUnexpectedMessage)
+		c.sendAlert(alertIllegalParameter)
 		return false, errors.New("tls: server selected unsupported compression format")
 	}
 

From aaf27ba4ac9a39d7711b94843c900c4ec7e0815b Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 29 Apr 2025 15:10:10 -0400
Subject: [PATCH 31/95] crypto/tls: update TLS 1.3 client compression
 validation

Unlike in earlier TLS versions, in TLS 1.3 when processing a server
hello the legacy_compression_method MUST have the value 0. It is no
longer a parameter that offers a choice of compression method.

With this in mind, it seems more appropriate to return a decode error
when we encounter a non-zero compression method in a server hello
message. We haven't found a parameter value we reject, we've found
a message that doesn't decode according to its specification.

Making this change also aligns with BoringSSL and allows enabling the
TLS13-HRR-InvalidCompressionMethod bogo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c4
Reviewed-on: https://go-review.googlesource.com/c/go/+/669156
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 bogo_config.json          | 1 -
 handshake_client_tls13.go | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 7184f56b..81601d22 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -64,7 +64,6 @@
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
         "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
         "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 66dc76f7..444c6f31 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -197,8 +197,8 @@ func (hs *clientHandshakeStateTLS13) checkServerHelloOrHRR() error {
 	}
 
 	if hs.serverHello.compressionMethod != compressionNone {
-		c.sendAlert(alertIllegalParameter)
-		return errors.New("tls: server selected unsupported compression format")
+		c.sendAlert(alertDecodeError)
+		return errors.New("tls: server sent non-zero legacy TLS compression method")
 	}
 
 	selectedSuite := mutualCipherSuiteTLS13(hs.hello.cipherSuites, hs.serverHello.cipherSuite)

From 38816c4c5902cc8c9d7bb6de5129404838936e2c Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 29 Apr 2025 17:39:08 -0400
Subject: [PATCH 32/95] crypto/tls: err for unsupported point format configs

If a client or server explicitly offers point formats, and the point
formats don't include the uncompressed format, then error. This matches
BoringSSL and Rustls behaviour and allows enabling the
PointFormat-Client-MissingUncompressed bogo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c5
Reviewed-on: https://go-review.googlesource.com/c/go/+/669157
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_config.json    |  1 -
 common.go           |  6 +++++-
 handshake_client.go | 13 +++++++++++++
 handshake_server.go | 16 ++++++++++++----
 tls_test.go         |  2 +-
 5 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 81601d22..66f29998 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -131,7 +131,6 @@
         "SendClientVersion-RSA": "TODO: first pass, this should be fixed",
         "NoCommonCurves": "TODO: first pass, this should be fixed",
         "PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
-        "PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
         "TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
         "TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
         "Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
diff --git a/common.go b/common.go
index 26f795f1..cc00efdc 100644
--- a/common.go
+++ b/common.go
@@ -1372,7 +1372,11 @@ func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error {
 	}
 
 	// The only signed key exchange we support is ECDHE.
-	if !supportsECDHE(config, vers, chi.SupportedCurves, chi.SupportedPoints) {
+	ecdheSupported, err := supportsECDHE(config, vers, chi.SupportedCurves, chi.SupportedPoints)
+	if err != nil {
+		return err
+	}
+	if !ecdheSupported {
 		return supportsRSAFallback(errors.New("client doesn't support ECDHE, can only use legacy RSA key exchange"))
 	}
 
diff --git a/handshake_client.go b/handshake_client.go
index 0971afab..bb5b7a04 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -893,6 +893,19 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
 		return false, errors.New("tls: server selected unsupported compression format")
 	}
 
+	supportsPointFormat := false
+	offeredNonCompressedFormat := false
+	for _, format := range hs.serverHello.supportedPoints {
+		if format == pointFormatUncompressed {
+			supportsPointFormat = true
+		} else {
+			offeredNonCompressedFormat = true
+		}
+	}
+	if !supportsPointFormat && offeredNonCompressedFormat {
+		return false, errors.New("tls: server offered only incompatible point formats")
+	}
+
 	if c.handshakes == 0 && hs.serverHello.secureRenegotiationSupported {
 		c.secureRenegotiation = true
 		if len(hs.serverHello.secureRenegotiation) != 0 {
diff --git a/handshake_server.go b/handshake_server.go
index 507b69a0..677bb2e0 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -272,7 +272,11 @@ func (hs *serverHandshakeState) processClientHello() error {
 		hs.hello.scts = hs.cert.SignedCertificateTimestamps
 	}
 
-	hs.ecdheOk = supportsECDHE(c.config, c.vers, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints)
+	hs.ecdheOk, err = supportsECDHE(c.config, c.vers, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints)
+	if err != nil {
+		c.sendAlert(alertMissingExtension)
+		return err
+	}
 
 	if hs.ecdheOk && len(hs.clientHello.supportedPoints) > 0 {
 		// Although omitting the ec_point_formats extension is permitted, some
@@ -343,7 +347,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro
 
 // supportsECDHE returns whether ECDHE key exchanges can be used with this
 // pre-TLS 1.3 client.
-func supportsECDHE(c *Config, version uint16, supportedCurves []CurveID, supportedPoints []uint8) bool {
+func supportsECDHE(c *Config, version uint16, supportedCurves []CurveID, supportedPoints []uint8) (bool, error) {
 	supportsCurve := false
 	for _, curve := range supportedCurves {
 		if c.supportsCurve(version, curve) {
@@ -353,10 +357,12 @@ func supportsECDHE(c *Config, version uint16, supportedCurves []CurveID, support
 	}
 
 	supportsPointFormat := false
+	offeredNonCompressedFormat := false
 	for _, pointFormat := range supportedPoints {
 		if pointFormat == pointFormatUncompressed {
 			supportsPointFormat = true
-			break
+		} else {
+			offeredNonCompressedFormat = true
 		}
 	}
 	// Per RFC 8422, Section 5.1.2, if the Supported Point Formats extension is
@@ -365,9 +371,11 @@ func supportsECDHE(c *Config, version uint16, supportedCurves []CurveID, support
 	// the parser. See https://go.dev/issue/49126.
 	if len(supportedPoints) == 0 {
 		supportsPointFormat = true
+	} else if offeredNonCompressedFormat && !supportsPointFormat {
+		return false, errors.New("tls: client offered only incompatible point formats")
 	}
 
-	return supportsCurve && supportsPointFormat
+	return supportsCurve && supportsPointFormat, nil
 }
 
 func (hs *serverHandshakeState) pickCipherSuite() error {
diff --git a/tls_test.go b/tls_test.go
index 9c08600f..4913a3ae 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -1479,7 +1479,7 @@ func TestClientHelloInfo_SupportsCertificate(t *testing.T) {
 			SupportedPoints:   []uint8{1},
 			SignatureSchemes:  []SignatureScheme{ECDSAWithP256AndSHA256},
 			SupportedVersions: []uint16{VersionTLS12},
-		}, "doesn't support ECDHE"},
+		}, "only incompatible point formats"},
 		{ecdsaCert, &ClientHelloInfo{
 			CipherSuites:      []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
 			SupportedCurves:   []CurveID{CurveP256},

From 8d4205812509ea32d51101e0ce6fbe43564e212c Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Wed, 30 Apr 2025 10:07:10 -0400
Subject: [PATCH 33/95] crypto/tls: skip BadRSAClientKeyExchange-[4,5]

These two bogo tests mutate the version number used for the premaster
secret calculation for a client RSA key exchange, with the expectation
the server rejects the handshake.

Per the comment in the end of rsaKeyAgreement.processClientKeyExchange
we explicitly choose *not* to verify the version number.

This commit adds the two version number tests to the ignore list. They
coincidentally happen to produced the expected failure because they use
a non-default ciphersuite. When we add this ciphersuite to the client
config for the bogo test they will start to fail unless ignored.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/669175
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bogo_config.json b/bogo_config.json
index 66f29998..6e82ba80 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -58,6 +58,9 @@
         "*Client-P-224*": "no P-224 support",
         "*Server-P-224*": "no P-224 support",
         "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
+        "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
+        "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
+
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
         "UnsupportedCurve": "TODO: first pass, this should be fixed",

From 33654733dcb34ade81bf79ac0c4e111c6da4b112 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 29 Apr 2025 17:41:53 -0400
Subject: [PATCH 34/95] crypto/tls: enable more large record bogo tests

Previously a handful of large record tests were in the bogo config
ignore list. The ignored tests were failing because they used
insecure ciphersuites that aren't enabled by default.

This commit adds the non-default insecure ciphersuites to the bogo
TLS configuration and re-enables the tests. Doing this uncovered
a handful of unrelated tests that needed to be fixed, each handled
before this commit.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c7
Reviewed-on: https://go-review.googlesource.com/c/go/+/669158
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_config.json  | 9 ---------
 bogo_shim_test.go | 8 ++++++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 6e82ba80..5c1fd5a4 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -67,15 +67,6 @@
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
-        "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
         "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
         "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
         "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 25367eef..fff27697 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -125,6 +125,12 @@ func bogoShim() {
 		return
 	}
 
+	// Test with both the default and insecure cipher suites.
+	var ciphersuites []uint16
+	for _, s := range append(CipherSuites(), InsecureCipherSuites()...) {
+		ciphersuites = append(ciphersuites, s.ID)
+	}
+
 	cfg := &Config{
 		ServerName: "test",
 
@@ -133,6 +139,8 @@ func bogoShim() {
 
 		ClientSessionCache: NewLRUClientSessionCache(0),
 
+		CipherSuites: ciphersuites,
+
 		GetConfigForClient: func(chi *ClientHelloInfo) (*Config, error) {
 
 			if *expectAdvertisedALPN != "" {

From 9718ee6bc8f53f6277774a1f7d6fae92b75bd353 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Thu, 8 May 2025 15:22:41 -0400
Subject: [PATCH 35/95] crypto/tls: fix TLS <1.3 client cert required alert
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously for protocol versions older than TLS 1.3 our server handshake
implementation sent an alertBadCertificate alert in the case where the
server TLS config indicates a client cert is required and none was
received.

This commit updates the relevant logic to instead send
alertHandshakeFailure in these circumstances.

For TLS 1.2, RFC 5246 §7.4.6 unambiguously describes this as the correct
alert:
  If the client does not send any certificates, the
  server MAY at its discretion either continue the handshake without
  client authentication, or respond with a fatal handshake_failure
  alert.

The TLS 1.1 and 1.0 specs also describe using this alert (RFC 4346 §7.4.6
and RFC 2246 §7.4.6) both say:
  If client authentication is required by the server for the handshake
  to continue, it may respond with a fatal handshake failure alert.

Making this correction also allows enabling the
RequireAnyClientCertificate-TLS1* bogo tests.

Updates #72006
Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c8
Reviewed-on: https://go-review.googlesource.com/c/go/+/671195
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json    | 4 ----
 handshake_server.go | 4 ++--
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 5c1fd5a4..f61f2347 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -60,16 +60,12 @@
         "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
         "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
-
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
         "UnsupportedCurve": "TODO: first pass, this should be fixed",
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
-        "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
-        "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
         "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
         "MinorVersionTolerance": "TODO: first pass, this should be fixed",
         "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
diff --git a/handshake_server.go b/handshake_server.go
index 677bb2e0..77da9bb2 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -898,7 +898,7 @@ func (hs *serverHandshakeState) sendFinished(out []byte) error {
 }
 
 // processCertsFromClient takes a chain of client certificates either from a
-// Certificates message and verifies them.
+// certificateMsg message or a certificateMsgTLS13 message and verifies them.
 func (c *Conn) processCertsFromClient(certificate Certificate) error {
 	certificates := certificate.Certificate
 	certs := make([]*x509.Certificate, len(certificates))
@@ -921,7 +921,7 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 		if c.vers == VersionTLS13 {
 			c.sendAlert(alertCertificateRequired)
 		} else {
-			c.sendAlert(alertBadCertificate)
+			c.sendAlert(alertHandshakeFailure)
 		}
 		return errors.New("tls: client didn't provide a certificate")
 	}

From 3eb74a5a7441b798e4beef7bd7a67dab530e5a05 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Thu, 8 May 2025 17:33:15 -0400
Subject: [PATCH 36/95] crypto/tls: handle client hello version too high

If the client hello legacy version is >= TLS 1.3, and no
supported_versions extension is sent, negotiate TLS 1.2 or lower when
supported.

On the topic of supported version negotiation RFC 8446 4.2.1 indicates
TLS 1.3 implementations MUST send a supported_versions extension with
a list of their supported protocol versions. The crypto/tls package
enforces this when the client hello legacy version indicates TLS 1.3
(0x0304), aborting the handshake with an alertMissingExtension alert if
no supported_versions were received.

However, section 4.2.1 indicates different behaviour should be used when
the extension is not present and TLS 1.2 or prior are supported:

  If this extension is not present, servers which are compliant with
  this specification and which also support TLS 1.2 MUST negotiate
  TLS 1.2 or prior as specified in [RFC5246], even if
  ClientHello.legacy_version is 0x0304 or later.

This commit updates the client hello processing logic to allow this
behaviour. If no supported_versions extension was received we ignore the
legacy version being >= TLS 1.3 and instead negotiate a lower supported
version if the server configuration allows.

This fix in turn allows enabling the BoGo ClientHelloVersionTooHigh,
MinorVersionTolerance, and MajorVersionTolerance tests.

Updates #72006
Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c9
Reviewed-on: https://go-review.googlesource.com/c/go/+/671235
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_config.json    |  3 ---
 handshake_server.go | 10 +++++++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index f61f2347..51482fed 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -66,11 +66,8 @@
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
-        "MinorVersionTolerance": "TODO: first pass, this should be fixed",
         "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
-        "MajorVersionTolerance": "TODO: first pass, this should be fixed",
         "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
         "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
diff --git a/handshake_server.go b/handshake_server.go
index 77da9bb2..5be74e29 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -169,7 +169,15 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, *echServer
 	c.ticketKeys = originalConfig.ticketKeys(configForClient)
 
 	clientVersions := clientHello.supportedVersions
-	if len(clientHello.supportedVersions) == 0 {
+	if clientHello.vers >= VersionTLS13 && len(clientVersions) == 0 {
+		// RFC 8446 4.2.1 indicates when the supported_versions extension is not sent,
+		// compatible servers MUST negotiate TLS 1.2 or earlier if supported, even
+		// if the client legacy version is TLS 1.3 or later.
+		//
+		// Since we reject empty extensionSupportedVersions in the client hello unmarshal
+		// finding the supportedVersions empty indicates the extension was not present.
+		clientVersions = supportedVersionsFromMax(VersionTLS12)
+	} else if len(clientVersions) == 0 {
 		clientVersions = supportedVersionsFromMax(clientHello.vers)
 	}
 	c.vers, ok = c.config.mutualVersion(roleServer, clientVersions)

From b8a9055cd280f11a483695130ec4e2cfc4bd2d21 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 9 May 2025 10:29:47 -0400
Subject: [PATCH 37/95] crypto/tls: fix bogo IgnoreClientVersionOrder skip
 reason
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The BoGo IgnoreClientVersionOrder test checks that a client that sends
a supported_versions extension with the list [TLS 1.2, TLS 1.3] ends up
negotiating TLS 1.3.

However, the crypto/tls module treats this list as being in client
preference order, and so negotiates TLS 1.2, failing the test.

Our behaviour appears to be the correct handling based on RFC 8446
§4.2.1 where it says:
  The extension contains a list of supported versions in preference
  order, with the most preferred version first.

This commit updates the reason we skip this test to cite the RFC instead
of saying it's something to be fixed.

Updates #72006
Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5ca
Reviewed-on: https://go-review.googlesource.com/c/go/+/671415
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
---
 bogo_config.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index 51482fed..61585938 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -66,7 +66,7 @@
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
+        "IgnoreClientVersionOrder": "RFC 8446 4.2.1 says supported_versions is in client pref order",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
         "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
         "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",

From 3a8b9c269ab59bcb2a38cbcdaa1e1edbc2692238 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Sat, 25 Jan 2025 10:28:02 -0800
Subject: [PATCH 38/95] crypto/tls: replace custom intern cache with weak cache

Uses the new weak package to replace the existing custom intern cache
with a map of weak.Pointers instead. This simplifies the cache, and
means we don't need to store a slice of handles on the Conn anymore.

Change-Id: I5c2bf6ef35fac4255e140e184f4e48574b34174c
Reviewed-on: https://go-review.googlesource.com/c/go/+/644176
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
---
 cache.go                   | 93 +++++++++-----------------------------
 cache_test.go              | 72 +++++------------------------
 conn.go                    |  3 --
 handshake_client.go        | 10 ++--
 handshake_client_tls13.go  |  1 -
 handshake_messages_test.go |  4 --
 ticket.go                  | 46 +++++++++----------
 7 files changed, 57 insertions(+), 172 deletions(-)

diff --git a/cache.go b/cache.go
index 807f5229..a2c255af 100644
--- a/cache.go
+++ b/cache.go
@@ -8,78 +8,19 @@ import (
 	"crypto/x509"
 	"runtime"
 	"sync"
-	"sync/atomic"
+	"weak"
 )
 
-type cacheEntry struct {
-	refs atomic.Int64
-	cert *x509.Certificate
-}
-
-// certCache implements an intern table for reference counted x509.Certificates,
-// implemented in a similar fashion to BoringSSL's CRYPTO_BUFFER_POOL. This
-// allows for a single x509.Certificate to be kept in memory and referenced from
-// multiple Conns. Returned references should not be mutated by callers. Certificates
-// are still safe to use after they are removed from the cache.
-//
-// Certificates are returned wrapped in an activeCert struct that should be held by
-// the caller. When references to the activeCert are freed, the number of references
-// to the certificate in the cache is decremented. Once the number of references
-// reaches zero, the entry is evicted from the cache.
-//
-// The main difference between this implementation and CRYPTO_BUFFER_POOL is that
-// CRYPTO_BUFFER_POOL is a more  generic structure which supports blobs of data,
-// rather than specific structures. Since we only care about x509.Certificates,
-// certCache is implemented as a specific cache, rather than a generic one.
-//
-// See https://boringssl.googlesource.com/boringssl/+/master/include/openssl/pool.h
-// and https://boringssl.googlesource.com/boringssl/+/master/crypto/pool/pool.c
-// for the BoringSSL reference.
-type certCache struct {
-	sync.Map
-}
-
-var globalCertCache = new(certCache)
-
-// activeCert is a handle to a certificate held in the cache. Once there are
-// no alive activeCerts for a given certificate, the certificate is removed
-// from the cache by a cleanup.
-type activeCert struct {
-	cert *x509.Certificate
-}
+// weakCertCache provides a cache of *x509.Certificates, allowing multiple
+// connections to reuse parsed certificates, instead of re-parsing the
+// certificate for every connection, which is an expensive operation.
+type weakCertCache struct{ sync.Map }
 
-// active increments the number of references to the entry, wraps the
-// certificate in the entry in an activeCert, and sets the cleanup.
-//
-// Note that there is a race between active and the cleanup set on the
-// returned activeCert, triggered if active is called after the ref count is
-// decremented such that refs may be > 0 when evict is called. We consider this
-// safe, since the caller holding an activeCert for an entry that is no longer
-// in the cache is fine, with the only side effect being the memory overhead of
-// there being more than one distinct reference to a certificate alive at once.
-func (cc *certCache) active(e *cacheEntry) *activeCert {
-	e.refs.Add(1)
-	a := &activeCert{e.cert}
-	runtime.AddCleanup(a, func(ce *cacheEntry) {
-		if ce.refs.Add(-1) == 0 {
-			cc.evict(ce)
+func (wcc *weakCertCache) newCert(der []byte) (*x509.Certificate, error) {
+	if entry, ok := wcc.Load(string(der)); ok {
+		if v := entry.(weak.Pointer[x509.Certificate]).Value(); v != nil {
+			return v, nil
 		}
-	}, e)
-	return a
-}
-
-// evict removes a cacheEntry from the cache.
-func (cc *certCache) evict(e *cacheEntry) {
-	cc.Delete(string(e.cert.Raw))
-}
-
-// newCert returns a x509.Certificate parsed from der. If there is already a copy
-// of the certificate in the cache, a reference to the existing certificate will
-// be returned. Otherwise, a fresh certificate will be added to the cache, and
-// the reference returned. The returned reference should not be mutated.
-func (cc *certCache) newCert(der []byte) (*activeCert, error) {
-	if entry, ok := cc.Load(string(der)); ok {
-		return cc.active(entry.(*cacheEntry)), nil
 	}
 
 	cert, err := x509.ParseCertificate(der)
@@ -87,9 +28,17 @@ func (cc *certCache) newCert(der []byte) (*activeCert, error) {
 		return nil, err
 	}
 
-	entry := &cacheEntry{cert: cert}
-	if entry, loaded := cc.LoadOrStore(string(der), entry); loaded {
-		return cc.active(entry.(*cacheEntry)), nil
+	wp := weak.Make(cert)
+	if entry, loaded := wcc.LoadOrStore(string(der), wp); !loaded {
+		runtime.AddCleanup(cert, func(_ any) { wcc.CompareAndDelete(string(der), entry) }, any(string(der)))
+	} else if v := entry.(weak.Pointer[x509.Certificate]).Value(); v != nil {
+		return v, nil
+	} else {
+		if wcc.CompareAndSwap(string(der), entry, wp) {
+			runtime.AddCleanup(cert, func(_ any) { wcc.CompareAndDelete(string(der), wp) }, any(string(der)))
+		}
 	}
-	return cc.active(entry), nil
+	return cert, nil
 }
+
+var globalCertCache = new(weakCertCache)
diff --git a/cache_test.go b/cache_test.go
index ea6b726d..75a0508e 100644
--- a/cache_test.go
+++ b/cache_test.go
@@ -1,45 +1,39 @@
-// Copyright 2022 The Go Authors. All rights reserved.
+// Copyright 2025 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-
 package tls
 
 import (
 	"encoding/pem"
-	"fmt"
 	"runtime"
 	"testing"
 	"time"
 )
 
-func TestCertCache(t *testing.T) {
-	cc := certCache{}
+func TestWeakCertCache(t *testing.T) {
+	wcc := weakCertCache{}
 	p, _ := pem.Decode([]byte(rsaCertPEM))
 	if p == nil {
 		t.Fatal("Failed to decode certificate")
 	}
 
-	certA, err := cc.newCert(p.Bytes)
+	certA, err := wcc.newCert(p.Bytes)
 	if err != nil {
 		t.Fatalf("newCert failed: %s", err)
 	}
-	certB, err := cc.newCert(p.Bytes)
+	certB, err := wcc.newCert(p.Bytes)
 	if err != nil {
 		t.Fatalf("newCert failed: %s", err)
 	}
-	if certA.cert != certB.cert {
+	if certA != certB {
 		t.Fatal("newCert returned a unique reference for a duplicate certificate")
 	}
 
-	if entry, ok := cc.Load(string(p.Bytes)); !ok {
+	if _, ok := wcc.Load(string(p.Bytes)); !ok {
 		t.Fatal("cache does not contain expected entry")
-	} else {
-		if refs := entry.(*cacheEntry).refs.Load(); refs != 2 {
-			t.Fatalf("unexpected number of references: got %d, want 2", refs)
-		}
 	}
 
-	timeoutRefCheck := func(t *testing.T, key string, count int64) {
+	timeoutRefCheck := func(t *testing.T, key string, present bool) {
 		t.Helper()
 		timeout := time.After(4 * time.Second)
 		for {
@@ -47,14 +41,8 @@ func TestCertCache(t *testing.T) {
 			case <-timeout:
 				t.Fatal("timed out waiting for expected ref count")
 			default:
-				e, ok := cc.Load(key)
-				if !ok && count != 0 {
-					t.Fatal("cache does not contain expected key")
-				} else if count == 0 && !ok {
-					return
-				}
-
-				if e.(*cacheEntry).refs.Load() == count {
+				_, ok := wcc.Load(key)
+				if ok == present {
 					return
 				}
 			}
@@ -77,7 +65,7 @@ func TestCertCache(t *testing.T) {
 	certA = nil
 	runtime.GC()
 
-	timeoutRefCheck(t, string(p.Bytes), 1)
+	timeoutRefCheck(t, string(p.Bytes), true)
 
 	// Keep certB alive until at least now, so that we can
 	// purposefully nil it and force the finalizer to be
@@ -86,41 +74,5 @@ func TestCertCache(t *testing.T) {
 	certB = nil
 	runtime.GC()
 
-	timeoutRefCheck(t, string(p.Bytes), 0)
-}
-
-func BenchmarkCertCache(b *testing.B) {
-	p, _ := pem.Decode([]byte(rsaCertPEM))
-	if p == nil {
-		b.Fatal("Failed to decode certificate")
-	}
-
-	cc := certCache{}
-	b.ReportAllocs()
-	b.ResetTimer()
-	// We expect that calling newCert additional times after
-	// the initial call should not cause additional allocations.
-	for extra := 0; extra < 4; extra++ {
-		b.Run(fmt.Sprint(extra), func(b *testing.B) {
-			actives := make([]*activeCert, extra+1)
-			b.ResetTimer()
-			for i := 0; i < b.N; i++ {
-				var err error
-				actives[0], err = cc.newCert(p.Bytes)
-				if err != nil {
-					b.Fatal(err)
-				}
-				for j := 0; j < extra; j++ {
-					actives[j+1], err = cc.newCert(p.Bytes)
-					if err != nil {
-						b.Fatal(err)
-					}
-				}
-				for j := 0; j < extra+1; j++ {
-					actives[j] = nil
-				}
-				runtime.GC()
-			}
-		})
-	}
+	timeoutRefCheck(t, string(p.Bytes), false)
 }
diff --git a/conn.go b/conn.go
index 1276665a..141175c8 100644
--- a/conn.go
+++ b/conn.go
@@ -54,9 +54,6 @@ type Conn struct {
 	ocspResponse     []byte   // stapled OCSP response
 	scts             [][]byte // signed certificate timestamps from server
 	peerCertificates []*x509.Certificate
-	// activeCertHandles contains the cache handles to certificates in
-	// peerCertificates that are used to track active references.
-	activeCertHandles []*activeCert
 	// verifiedChains contains the certificate chains that we built, as
 	// opposed to the ones presented by the server.
 	verifiedChains [][]*x509.Certificate
diff --git a/handshake_client.go b/handshake_client.go
index bb5b7a04..55790a11 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -956,7 +956,6 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
 	hs.masterSecret = hs.session.secret
 	c.extMasterSecret = hs.session.extMasterSecret
 	c.peerCertificates = hs.session.peerCertificates
-	c.activeCertHandles = hs.c.activeCertHandles
 	c.verifiedChains = hs.session.verifiedChains
 	c.ocspResponse = hs.session.ocspResponse
 	// Let the ServerHello SCTs override the session SCTs from the original
@@ -1107,7 +1106,6 @@ func checkKeySize(n int) (max int, ok bool) {
 // verifyServerCertificate parses and verifies the provided chain, setting
 // c.verifiedChains and c.peerCertificates or sending the appropriate alert.
 func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
-	activeHandles := make([]*activeCert, len(certificates))
 	certs := make([]*x509.Certificate, len(certificates))
 	for i, asn1Data := range certificates {
 		cert, err := globalCertCache.newCert(asn1Data)
@@ -1115,15 +1113,14 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 			c.sendAlert(alertDecodeError)
 			return errors.New("tls: failed to parse certificate from server: " + err.Error())
 		}
-		if cert.cert.PublicKeyAlgorithm == x509.RSA {
-			n := cert.cert.PublicKey.(*rsa.PublicKey).N.BitLen()
+		if cert.PublicKeyAlgorithm == x509.RSA {
+			n := cert.PublicKey.(*rsa.PublicKey).N.BitLen()
 			if max, ok := checkKeySize(n); !ok {
 				c.sendAlert(alertBadCertificate)
 				return fmt.Errorf("tls: server sent certificate containing RSA key larger than %d bits", max)
 			}
 		}
-		activeHandles[i] = cert
-		certs[i] = cert.cert
+		certs[i] = cert
 	}
 
 	echRejected := c.config.EncryptedClientHelloConfigList != nil && !c.echAccepted
@@ -1188,7 +1185,6 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 		return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", certs[0].PublicKey)
 	}
 
-	c.activeCertHandles = activeHandles
 	c.peerCertificates = certs
 
 	if c.config.VerifyPeerCertificate != nil && !echRejected {
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 444c6f31..461a0e69 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -466,7 +466,6 @@ func (hs *clientHandshakeStateTLS13) processServerHello() error {
 	hs.usingPSK = true
 	c.didResume = true
 	c.peerCertificates = hs.session.peerCertificates
-	c.activeCertHandles = hs.session.activeCertHandles
 	c.verifiedChains = hs.session.verifiedChains
 	c.ocspResponse = hs.session.ocspResponse
 	c.scts = hs.session.scts
diff --git a/handshake_messages_test.go b/handshake_messages_test.go
index aafb889b..448bc31d 100644
--- a/handshake_messages_test.go
+++ b/handshake_messages_test.go
@@ -72,10 +72,6 @@ func TestMarshalUnmarshal(t *testing.T) {
 					break
 				}
 
-				if m, ok := m.(*SessionState); ok {
-					m.activeCertHandles = nil
-				}
-
 				if ch, ok := m.(*clientHelloMsg); ok {
 					// extensions is special cased, as it is only populated by the
 					// server-side of a handshake and is not expected to roundtrip
diff --git a/ticket.go b/ticket.go
index dbbcef76..c56898c6 100644
--- a/ticket.go
+++ b/ticket.go
@@ -84,15 +84,14 @@ type SessionState struct {
 	// createdAt is the generation time of the secret on the sever (which for
 	// TLS 1.0–1.2 might be earlier than the current session) and the time at
 	// which the ticket was received on the client.
-	createdAt         uint64 // seconds since UNIX epoch
-	secret            []byte // master secret for TLS 1.2, or the PSK for TLS 1.3
-	extMasterSecret   bool
-	peerCertificates  []*x509.Certificate
-	activeCertHandles []*activeCert
-	ocspResponse      []byte
-	scts              [][]byte
-	verifiedChains    [][]*x509.Certificate
-	alpnProtocol      string // only set if EarlyData is true
+	createdAt        uint64 // seconds since UNIX epoch
+	secret           []byte // master secret for TLS 1.2, or the PSK for TLS 1.3
+	extMasterSecret  bool
+	peerCertificates []*x509.Certificate
+	ocspResponse     []byte
+	scts             [][]byte
+	verifiedChains   [][]*x509.Certificate
+	alpnProtocol     string // only set if EarlyData is true
 
 	// Client-side TLS 1.3-only fields.
 	useBy  uint64 // seconds since UNIX epoch
@@ -239,8 +238,7 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 		if err != nil {
 			return nil, err
 		}
-		ss.activeCertHandles = append(ss.activeCertHandles, c)
-		ss.peerCertificates = append(ss.peerCertificates, c.cert)
+		ss.peerCertificates = append(ss.peerCertificates, c)
 	}
 	if ss.isClient && len(ss.peerCertificates) == 0 {
 		return nil, errors.New("tls: no server certificates in client session")
@@ -270,8 +268,7 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 			if err != nil {
 				return nil, err
 			}
-			ss.activeCertHandles = append(ss.activeCertHandles, c)
-			chain = append(chain, c.cert)
+			chain = append(chain, c)
 		}
 		ss.verifiedChains = append(ss.verifiedChains, chain)
 	}
@@ -300,18 +297,17 @@ func ParseSessionState(data []byte) (*SessionState, error) {
 // from the current connection.
 func (c *Conn) sessionState() *SessionState {
 	return &SessionState{
-		version:           c.vers,
-		cipherSuite:       c.cipherSuite,
-		createdAt:         uint64(c.config.time().Unix()),
-		alpnProtocol:      c.clientProtocol,
-		peerCertificates:  c.peerCertificates,
-		activeCertHandles: c.activeCertHandles,
-		ocspResponse:      c.ocspResponse,
-		scts:              c.scts,
-		isClient:          c.isClient,
-		extMasterSecret:   c.extMasterSecret,
-		verifiedChains:    c.verifiedChains,
-		curveID:           c.curveID,
+		version:          c.vers,
+		cipherSuite:      c.cipherSuite,
+		createdAt:        uint64(c.config.time().Unix()),
+		alpnProtocol:     c.clientProtocol,
+		peerCertificates: c.peerCertificates,
+		ocspResponse:     c.ocspResponse,
+		scts:             c.scts,
+		isClient:         c.isClient,
+		extMasterSecret:  c.extMasterSecret,
+		verifiedChains:   c.verifiedChains,
+		curveID:          c.curveID,
 	}
 }
 

From 0e880fe577f30a2bc5d732198a7ce4b46572c238 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Wed, 7 May 2025 11:37:52 -0700
Subject: [PATCH 39/95] crypto/tls: add GetEncryptedClientHelloKeys

This allows servers to rotate their ECH keys without needing to restart
the server.

Fixes #71920

Change-Id: I55591ab3303d5fde639038541c50edcf1fafc9aa
Reviewed-on: https://go-review.googlesource.com/c/go/+/670655
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 common.go                 | 18 +++++++++++
 ech.go                    |  6 ++--
 handshake_server.go       | 10 ++++++-
 handshake_server_tls13.go | 12 ++++++--
 tls_test.go               | 63 ++++++++++++++++++++++++++-------------
 5 files changed, 83 insertions(+), 26 deletions(-)

diff --git a/common.go b/common.go
index cc00efdc..71b9ddb0 100644
--- a/common.go
+++ b/common.go
@@ -837,6 +837,20 @@ type Config struct {
 	// when ECH is rejected, even if set, and InsecureSkipVerify is ignored.
 	EncryptedClientHelloRejectionVerify func(ConnectionState) error
 
+	// GetEncryptedClientHelloKeys, if not nil, is called when by a server when
+	// a client attempts ECH.
+	//
+	// If GetEncryptedClientHelloKeys is not nil, [EncryptedClientHelloKeys] is
+	// ignored.
+	//
+	// If GetEncryptedClientHelloKeys returns an error, the handshake will be
+	// aborted and the error will be returned. Otherwise,
+	// GetEncryptedClientHelloKeys must return a non-nil slice of
+	// [EncryptedClientHelloKey] that represents the acceptable ECH keys.
+	//
+	// For further details, see [EncryptedClientHelloKeys].
+	GetEncryptedClientHelloKeys func(*ClientHelloInfo) ([]EncryptedClientHelloKey, error)
+
 	// EncryptedClientHelloKeys are the ECH keys to use when a client
 	// attempts ECH.
 	//
@@ -847,6 +861,9 @@ type Config struct {
 	// will send a list of configs to retry based on the set of
 	// EncryptedClientHelloKeys which have the SendAsRetry field set.
 	//
+	// If GetEncryptedClientHelloKeys is non-nil, EncryptedClientHelloKeys is
+	// ignored.
+	//
 	// On the client side, this field is ignored. In order to configure ECH for
 	// clients, see the EncryptedClientHelloConfigList field.
 	EncryptedClientHelloKeys []EncryptedClientHelloKey
@@ -935,6 +952,7 @@ func (c *Config) Clone() *Config {
 		GetCertificate:                      c.GetCertificate,
 		GetClientCertificate:                c.GetClientCertificate,
 		GetConfigForClient:                  c.GetConfigForClient,
+		GetEncryptedClientHelloKeys:         c.GetEncryptedClientHelloKeys,
 		VerifyPeerCertificate:               c.VerifyPeerCertificate,
 		VerifyConnection:                    c.VerifyConnection,
 		RootCAs:                             c.RootCAs,
diff --git a/ech.go b/ech.go
index 6d64191b..76727a89 100644
--- a/ech.go
+++ b/ech.go
@@ -578,7 +578,7 @@ func marshalEncryptedClientHelloConfigList(configs []EncryptedClientHelloKey) ([
 	return builder.Bytes()
 }
 
-func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *echServerContext, error) {
+func (c *Conn) processECHClientHello(outer *clientHelloMsg, echKeys []EncryptedClientHelloKey) (*clientHelloMsg, *echServerContext, error) {
 	echType, echCiphersuite, configID, encap, payload, err := parseECHExt(outer.encryptedClientHello)
 	if err != nil {
 		if errors.Is(err, errInvalidECHExt) {
@@ -594,11 +594,11 @@ func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *e
 		return outer, &echServerContext{inner: true}, nil
 	}
 
-	if len(c.config.EncryptedClientHelloKeys) == 0 {
+	if len(echKeys) == 0 {
 		return outer, nil, nil
 	}
 
-	for _, echKey := range c.config.EncryptedClientHelloKeys {
+	for _, echKey := range echKeys {
 		skip, config, err := parseECHConfig(echKey.Config)
 		if err != nil || skip {
 			c.sendAlert(alertInternalError)
diff --git a/handshake_server.go b/handshake_server.go
index 5be74e29..c2c924c0 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -149,7 +149,15 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, *echServer
 	// the contents of the client hello, since we may swap it out completely.
 	var ech *echServerContext
 	if len(clientHello.encryptedClientHello) != 0 {
-		clientHello, ech, err = c.processECHClientHello(clientHello)
+		echKeys := c.config.EncryptedClientHelloKeys
+		if c.config.GetEncryptedClientHelloKeys != nil {
+			echKeys, err = c.config.GetEncryptedClientHelloKeys(clientHelloInfo(ctx, c, clientHello))
+			if err != nil {
+				c.sendAlert(alertInternalError)
+				return nil, nil, err
+			}
+		}
+		clientHello, ech, err = c.processECHClientHello(clientHello, echKeys)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index fbdf55d4..54b3cac8 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -804,8 +804,16 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
 
 	// If client sent ECH extension, but we didn't accept it,
 	// send retry configs, if available.
-	if len(hs.c.config.EncryptedClientHelloKeys) > 0 && len(hs.clientHello.encryptedClientHello) > 0 && hs.echContext == nil {
-		encryptedExtensions.echRetryConfigs, err = buildRetryConfigList(hs.c.config.EncryptedClientHelloKeys)
+	echKeys := hs.c.config.EncryptedClientHelloKeys
+	if hs.c.config.GetEncryptedClientHelloKeys != nil {
+		echKeys, err = hs.c.config.GetEncryptedClientHelloKeys(clientHelloInfo(hs.ctx, c, hs.clientHello))
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return err
+		}
+	}
+	if len(echKeys) > 0 && len(hs.clientHello.encryptedClientHello) > 0 && hs.echContext == nil {
+		encryptedExtensions.echRetryConfigs, err = buildRetryConfigList(echKeys)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err
diff --git a/tls_test.go b/tls_test.go
index 4913a3ae..bfcc62cc 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -811,7 +811,7 @@ func TestWarningAlertFlood(t *testing.T) {
 }
 
 func TestCloneFuncFields(t *testing.T) {
-	const expectedCount = 9
+	const expectedCount = 10
 	called := 0
 
 	c1 := Config{
@@ -851,6 +851,10 @@ func TestCloneFuncFields(t *testing.T) {
 			called |= 1 << 8
 			return nil
 		},
+		GetEncryptedClientHelloKeys: func(*ClientHelloInfo) ([]EncryptedClientHelloKey, error) {
+			called |= 1 << 9
+			return nil, nil
+		},
 	}
 
 	c2 := c1.Clone()
@@ -864,6 +868,7 @@ func TestCloneFuncFields(t *testing.T) {
 	c2.UnwrapSession(nil, ConnectionState{})
 	c2.WrapSession(ConnectionState{}, nil)
 	c2.EncryptedClientHelloRejectionVerify(ConnectionState{})
+	c2.GetEncryptedClientHelloKeys(nil)
 
 	if called != (1<<expectedCount)-1 {
 		t.Fatalf("expected %d calls but saw calls %b", expectedCount, called)
@@ -882,7 +887,7 @@ func TestCloneNonFuncFields(t *testing.T) {
 		switch fn := typ.Field(i).Name; fn {
 		case "Rand":
 			f.Set(reflect.ValueOf(io.Reader(os.Stdin)))
-		case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "VerifyConnection", "GetClientCertificate", "WrapSession", "UnwrapSession", "EncryptedClientHelloRejectionVerify":
+		case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "VerifyConnection", "GetClientCertificate", "WrapSession", "UnwrapSession", "EncryptedClientHelloRejectionVerify", "GetEncryptedClientHelloKeys":
 			// DeepEqual can't compare functions. If you add a
 			// function field to this list, you must also change
 			// TestCloneFuncFields to ensure that the func field is
@@ -2301,26 +2306,44 @@ func TestECH(t *testing.T) {
 		{Config: echConfig, PrivateKey: echKey.Bytes(), SendAsRetry: true},
 	}
 
-	ss, cs, err := testHandshake(t, clientConfig, serverConfig)
-	if err != nil {
-		t.Fatalf("unexpected failure: %s", err)
-	}
-	if !ss.ECHAccepted {
-		t.Fatal("server ConnectionState shows ECH not accepted")
-	}
-	if !cs.ECHAccepted {
-		t.Fatal("client ConnectionState shows ECH not accepted")
-	}
-	if cs.ServerName != "secret.example" || ss.ServerName != "secret.example" {
-		t.Fatalf("unexpected ConnectionState.ServerName, want %q, got server:%q, client: %q", "secret.example", ss.ServerName, cs.ServerName)
+	check := func() {
+		ss, cs, err := testHandshake(t, clientConfig, serverConfig)
+		if err != nil {
+			t.Fatalf("unexpected failure: %s", err)
+		}
+		if !ss.ECHAccepted {
+			t.Fatal("server ConnectionState shows ECH not accepted")
+		}
+		if !cs.ECHAccepted {
+			t.Fatal("client ConnectionState shows ECH not accepted")
+		}
+		if cs.ServerName != "secret.example" || ss.ServerName != "secret.example" {
+			t.Fatalf("unexpected ConnectionState.ServerName, want %q, got server:%q, client: %q", "secret.example", ss.ServerName, cs.ServerName)
+		}
+		if len(cs.VerifiedChains) != 1 {
+			t.Fatal("unexpect number of certificate chains")
+		}
+		if len(cs.VerifiedChains[0]) != 1 {
+			t.Fatal("unexpect number of certificates")
+		}
+		if !cs.VerifiedChains[0][0].Equal(secretCert) {
+			t.Fatal("unexpected certificate")
+		}
 	}
-	if len(cs.VerifiedChains) != 1 {
-		t.Fatal("unexpect number of certificate chains")
+
+	check()
+
+	serverConfig.GetEncryptedClientHelloKeys = func(_ *ClientHelloInfo) ([]EncryptedClientHelloKey, error) {
+		return []EncryptedClientHelloKey{{Config: echConfig, PrivateKey: echKey.Bytes(), SendAsRetry: true}}, nil
 	}
-	if len(cs.VerifiedChains[0]) != 1 {
-		t.Fatal("unexpect number of certificates")
+	randKey, err := ecdh.X25519().GenerateKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
 	}
-	if !cs.VerifiedChains[0][0].Equal(secretCert) {
-		t.Fatal("unexpected certificate")
+	randConfig := marshalECHConfig(32, randKey.PublicKey().Bytes(), "random.example", 32)
+	serverConfig.EncryptedClientHelloKeys = []EncryptedClientHelloKey{
+		{Config: randConfig, PrivateKey: randKey.Bytes(), SendAsRetry: true},
 	}
+
+	check()
 }

From f82ab19bb8f11b2abc7fe2fcf386b42f7f754d52 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Thu, 15 May 2025 13:41:14 -0400
Subject: [PATCH 40/95] crypto/tls: have servers prefer TLS 1.3 when supported

Previously the common Config.mutualVersion() code prioritized the
selected version based on the provided peerVersions being sent in peer
preference order.

Instead we would prefer to see TLS 1.3 used whenever it is
supported, even if the peer would prefer an older protocol version.
This commit updates mutualVersions() to implement this policy change.

Our new behaviour matches the behaviour of other TLS stacks, notably
BoringSSL, and so also allows enabling the IgnoreClientVersionOrder BoGo
test that we otherwise must skip.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5cb
Reviewed-on: https://go-review.googlesource.com/c/go/+/673236
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json | 1 -
 common.go        | 6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 61585938..191f48fc 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -66,7 +66,6 @@
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
-        "IgnoreClientVersionOrder": "RFC 8446 4.2.1 says supported_versions is in client pref order",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
         "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
         "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
diff --git a/common.go b/common.go
index 71b9ddb0..1aaad7ab 100644
--- a/common.go
+++ b/common.go
@@ -1233,11 +1233,11 @@ func (c *Config) supportsCurve(version uint16, curve CurveID) bool {
 }
 
 // mutualVersion returns the protocol version to use given the advertised
-// versions of the peer. Priority is given to the peer preference order.
+// versions of the peer. The highest supported version is preferred.
 func (c *Config) mutualVersion(isClient bool, peerVersions []uint16) (uint16, bool) {
 	supportedVersions := c.supportedVersions(isClient)
-	for _, v := range peerVersions {
-		if slices.Contains(supportedVersions, v) {
+	for _, v := range supportedVersions {
+		if slices.Contains(peerVersions, v) {
 			return v, true
 		}
 	}

From 1666573be5a94188f1278fa49bf8392f57070ac9 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 16 May 2025 13:08:16 -0400
Subject: [PATCH 41/95] crypto/tls: verify server chooses advertised curve

When a crypto/tls client using TLS < 1.3 sends supported elliptic_curves
in a client hello message the server must limit itself to choosing one
of the supported options from our message. If we process a server key
exchange message that chooses an unadvertised curve, abort the
handshake w/ an error.

Previously we would not note that the server chose a curve we didn't
include in the client hello message, and would proceed with the
handshake as long as the chosen curve was one that we've implemented.
However, RFC 8422 5.1 makes it clear this is a server acting
out-of-spec, as it says:

  If a server does not understand the Supported Elliptic Curves
  Extension, does not understand the Supported Point Formats Extension,
  or is unable to complete the ECC handshake while restricting itself
  to the enumerated curves and point formats, it MUST NOT negotiate the
  use of an ECC cipher suite.

Changing our behaviour to enforce this also allows enabling the
UnsupportedCurve BoGo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5cc
Reviewed-on: https://go-review.googlesource.com/c/go/+/673735
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json | 1 -
 key_agreement.go | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index 191f48fc..ba1dce87 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -62,7 +62,6 @@
         "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
-        "UnsupportedCurve": "TODO: first pass, this should be fixed",
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
diff --git a/key_agreement.go b/key_agreement.go
index 3e96242b..d41bf435 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -14,6 +14,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"slices"
 )
 
 // A keyAgreement implements the client and server side of a TLS 1.0–1.2 key
@@ -293,6 +294,10 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 		return errServerKeyExchange
 	}
 
+	if !slices.Contains(clientHello.supportedCurves, curveID) {
+		return errors.New("tls: server selected unoffered curve")
+	}
+
 	if _, ok := curveForCurveID(curveID); !ok {
 		return errors.New("tls: server selected unsupported curve")
 	}

From 4c06048e2e5831086dc941b990db3531397c580f Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 16 May 2025 13:34:14 -0400
Subject: [PATCH 42/95] crypto/tls: delete dead code curveIDForCurve

This unexported function has no call-sites.

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5cd
Reviewed-on: https://go-review.googlesource.com/c/go/+/673755
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
---
 key_schedule.go | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/key_schedule.go b/key_schedule.go
index 38d6d3f7..1426a276 100644
--- a/key_schedule.go
+++ b/key_schedule.go
@@ -82,18 +82,3 @@ func curveForCurveID(id CurveID) (ecdh.Curve, bool) {
 		return nil, false
 	}
 }
-
-func curveIDForCurve(curve ecdh.Curve) (CurveID, bool) {
-	switch curve {
-	case ecdh.X25519():
-		return X25519, true
-	case ecdh.P256():
-		return CurveP256, true
-	case ecdh.P384():
-		return CurveP384, true
-	case ecdh.P521():
-		return CurveP521, true
-	default:
-		return 0, false
-	}
-}

From 7f8864d406ec225312ed9228c6c1005f24c1accc Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 16 May 2025 13:44:53 -0400
Subject: [PATCH 43/95] crypto/tls: match compression method alert across
 versions

When a pre-TLS 1.3 server processes a client hello message that
indicates compression methods that don't include the null compression
method, send an illegal parameter alert.

Previously we did this for TLS 1.3 server handshakes only, and the
legacy TLS versions used alertHandshakeFailure for this circumstance. By
switching this to alertIllegalParameter we use a consistent alert across
all TLS versions, and can also enable the NoNullCompression-TLS12 BoGo
test we were skipping.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5ce
Reviewed-on: https://go-review.googlesource.com/c/go/+/673736
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
---
 bogo_config.json    | 1 -
 handshake_server.go | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index ba1dce87..64781b3f 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -63,7 +63,6 @@
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
-        "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
         "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
diff --git a/handshake_server.go b/handshake_server.go
index c2c924c0..d7fadcbd 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -233,7 +233,7 @@ func (hs *serverHandshakeState) processClientHello() error {
 	}
 
 	if !foundCompression {
-		c.sendAlert(alertHandshakeFailure)
+		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: client does not support uncompressed connections")
 	}
 

From be7464f23ba4820bf8b38c997f7d1b6a3e8c8a7b Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 16 May 2025 14:40:27 -0400
Subject: [PATCH 44/95] crypto/tls: enable BoGo
 DisabledCurve-HelloRetryRequest-TLS13

The crypto/tls package produces the expected error for this test case,
and so it can be enabled.

Looking at the history of the relevant code it appears the TLS 1.3
implementation has always had the correct behaviour for HRR changing to
an unsupported group after the initial hello.

I think this test was skipped initially because at the time of
initial BoGo config commit we hadn't implemented the -curves argument
for the test shim yet, and this test relies on it. We later added
support for that flag alongside X25519Kyber768Draft00 KX and I think we
missed the chance to enable the test then.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5cf
Reviewed-on: https://go-review.googlesource.com/c/go/+/673756
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
---
 bogo_config.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index 64781b3f..d46b0730 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -61,7 +61,6 @@
         "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
-        "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
         "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",

From e24b728e056fab573816f39683fe53357a689952 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 16 May 2025 15:05:43 -0400
Subject: [PATCH 45/95] crypto/tls: update BoGo SessionID test skip reasons

Updates the skip reason for the following BoGo tests:

  * TLS-ECH-Client-TLS12SessionID
  * SupportTicketsWithSessionID
  * ResumeTLS12SessionID-TLS13

The crypto/tls package does not support session ID based resumption at
this time, and so any tests that rely on this support need to be
skipped.

Updates #72006
Updates #25228

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5d0
Reviewed-on: https://go-review.googlesource.com/c/go/+/673737
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index d46b0730..6d764daa 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -8,7 +8,7 @@
         "TLS-ECH-Client-Rejected-OverrideName-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled",
         "TLS-ECH-Client-Reject-TLS12-NoFalseStart": "We won't attempt to negotiate 1.2 if ECH is enabled",
         "TLS-ECH-Client-TLS12SessionTicket": "We won't attempt to negotiate 1.2 if ECH is enabled",
-        "TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled",
+        "TLS-ECH-Client-TLS12SessionID": "We won't attempt to negotiate 1.2 if ECH is enabled, and we don't support session ID resumption",
 
         "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "We won't attempt to negotiate 1.2 if ECH is enabled (we could possibly test this if we had the ability to indicate not to send ECH on resumption?)",
 
@@ -61,7 +61,7 @@
         "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
-        "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
+        "SupportTicketsWithSessionID": "We don't support session ID resumption",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
         "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
@@ -159,7 +159,7 @@
         "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
         "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
         "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
-        "ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
+        "ResumeTLS12SessionID-TLS13": "We don't support session ID resumption",
         "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
         "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
         "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",

From 7c3dc4efc3300fe23586e1e2548c672d4e9d88bb Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 15 Mar 2025 12:12:22 +0100
Subject: [PATCH 46/95] crypto/tls: don't advertise TLS 1.2-only sigAlgs in TLS
 1.3

If a ClientHello only supports TLS 1.3, or if a CertificateRequest is
sent after selecting TLS 1.3, we should not advertise TLS 1.2-only
signature_algorithms like PKCS#1 v1.5 or SHA-1.

However, since crypto/x509 still supports PKCS#1 v1.5, and a direct
CertPool match might not care about the signature in the certificate at
all, start sending a separate signature_algorithms_cert extension to
indicate support for PKCS#1 v1.5 and SHA-1 in certificates.

We were already correctly rejecting these algorithms if the peer
selected them in a TLS 1.3 connection.

Updates #72883

Change-Id: I6a6a4656ab60e1b7fb20fdedc32604dc156953ae
Reviewed-on: https://go-review.googlesource.com/c/go/+/658215
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 auth.go                                       |   2 +-
 auth_test.go                                  |   2 +-
 common.go                                     |  33 +-
 defaults.go                                   |  58 +-
 defaults_boring.go                            |   2 +-
 defaults_fips140.go                           |   2 +-
 fips140_test.go                               |   4 +-
 handshake_client.go                           |  13 +-
 handshake_client_tls13.go                     |   7 +-
 handshake_messages_test.go                    |   8 +-
 handshake_server.go                           |   2 +-
 handshake_server_tls13.go                     |  10 +-
 quic_test.go                                  |   2 +-
 testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA | 104 ++--
 testdata/Client-TLSv10-ClientCert-ECDSA-RSA   |  96 +--
 testdata/Client-TLSv10-ClientCert-RSA-ECDSA   |  96 +--
 testdata/Client-TLSv10-ClientCert-RSA-RSA     |  96 +--
 testdata/Client-TLSv10-ECDHE-ECDSA-AES        |  82 +--
 testdata/Client-TLSv10-ECDHE-RSA-AES          |  78 +--
 testdata/Client-TLSv10-ExportKeyingMaterial   |  78 +--
 testdata/Client-TLSv10-RSA-RC4                |  46 +-
 testdata/Client-TLSv11-ECDHE-ECDSA-AES        |  82 +--
 testdata/Client-TLSv11-ECDHE-RSA-AES          |  78 +--
 testdata/Client-TLSv11-RSA-RC4                |  46 +-
 testdata/Client-TLSv12-AES128-GCM-SHA256      |  50 +-
 testdata/Client-TLSv12-AES128-SHA256          |  64 +-
 testdata/Client-TLSv12-AES256-GCM-SHA384      |  50 +-
 testdata/Client-TLSv12-ALPN                   |  70 +--
 testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA |  96 +--
 testdata/Client-TLSv12-ClientCert-ECDSA-RSA   |  96 +--
 testdata/Client-TLSv12-ClientCert-Ed25519     |  80 +--
 ...nt-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 |  92 +--
 testdata/Client-TLSv12-ClientCert-RSA-ECDSA   | 108 ++--
 testdata/Client-TLSv12-ClientCert-RSA-RSA     |  92 +--
 .../Client-TLSv12-ClientCert-RSA-RSAPKCS1v15  |  92 +--
 testdata/Client-TLSv12-ClientCert-RSA-RSAPSS  |  90 +--
 testdata/Client-TLSv12-ECDHE-ECDSA-AES        |  78 +--
 testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM    |  72 +--
 .../Client-TLSv12-ECDHE-ECDSA-AES128-SHA256   |  90 +--
 ...lient-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 |  76 +--
 ...lient-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 |  68 ++-
 testdata/Client-TLSv12-ECDHE-RSA-AES          |  80 +--
 .../Client-TLSv12-ECDHE-RSA-AES128-SHA256     |  88 +--
 .../Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 |  68 ++-
 testdata/Client-TLSv12-Ed25519                |  60 +-
 testdata/Client-TLSv12-ExportKeyingMaterial   |  70 +--
 testdata/Client-TLSv12-P256-ECDHE             |  80 +--
 testdata/Client-TLSv12-RSA-RC4                |  46 +-
 testdata/Client-TLSv12-RenegotiateOnce        | 370 ++++++------
 testdata/Client-TLSv12-RenegotiateTwice       | 564 +++++++++---------
 .../Client-TLSv12-RenegotiateTwiceRejected    | 376 ++++++------
 testdata/Client-TLSv12-RenegotiationRejected  |  76 +--
 testdata/Client-TLSv12-SCT                    |  68 ++-
 testdata/Client-TLSv12-X25519-ECDHE           |  72 +--
 testdata/Client-TLSv13-AES128-SHA256          | 154 ++---
 testdata/Client-TLSv13-AES256-SHA384          | 158 ++---
 testdata/Client-TLSv13-ALPN                   | 158 ++---
 testdata/Client-TLSv13-CHACHA20-SHA256        | 154 ++---
 testdata/Client-TLSv13-ClientCert-ECDSA-RSA   | 252 ++++----
 testdata/Client-TLSv13-ClientCert-Ed25519     | 218 +++----
 testdata/Client-TLSv13-ClientCert-RSA-ECDSA   | 242 ++++----
 testdata/Client-TLSv13-ClientCert-RSA-RSAPSS  | 260 ++++----
 testdata/Client-TLSv13-ECDSA                  | 146 ++---
 testdata/Client-TLSv13-Ed25519                | 110 ++--
 testdata/Client-TLSv13-ExportKeyingMaterial   | 154 ++---
 testdata/Client-TLSv13-HelloRetryRequest      | 172 +++---
 testdata/Client-TLSv13-KeyUpdate              | 170 +++---
 testdata/Client-TLSv13-P256-ECDHE             | 158 ++---
 testdata/Client-TLSv13-X25519-ECDHE           | 152 ++---
 ...er-TLSv13-ClientAuthRequestedAndECDSAGiven | 334 +++++------
 ...-TLSv13-ClientAuthRequestedAndEd25519Given | 272 ++++-----
 .../Server-TLSv13-ClientAuthRequestedAndGiven | 329 +++++-----
 .../Server-TLSv13-ClientAuthRequestedNotGiven | 180 +++---
 73 files changed, 4187 insertions(+), 3995 deletions(-)

diff --git a/auth.go b/auth.go
index 81a85851..7f072204 100644
--- a/auth.go
+++ b/auth.go
@@ -220,7 +220,7 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 
 	// Filter out any unsupported signature algorithms, for example due to
 	// FIPS 140-3 policy, or any downstream changes to defaults.go.
-	supportedAlgs := supportedSignatureAlgorithms()
+	supportedAlgs := supportedSignatureAlgorithms(version)
 	sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
 		return !isSupportedSignatureAlgorithm(sigAlg, supportedAlgs)
 	})
diff --git a/auth_test.go b/auth_test.go
index 9036f4c8..616d9bab 100644
--- a/auth_test.go
+++ b/auth_test.go
@@ -159,7 +159,7 @@ func TestLegacyTypeAndHash(t *testing.T) {
 // TestSupportedSignatureAlgorithms checks that all supportedSignatureAlgorithms
 // have valid type and hash information.
 func TestSupportedSignatureAlgorithms(t *testing.T) {
-	for _, sigAlg := range supportedSignatureAlgorithms() {
+	for _, sigAlg := range supportedSignatureAlgorithms(VersionTLS12) {
 		sigType, hash, err := typeAndHashFromSignatureScheme(sigAlg)
 		if err != nil {
 			t.Errorf("%v: unexpected error: %v", sigAlg, err)
diff --git a/common.go b/common.go
index 1aaad7ab..6a1c53fe 100644
--- a/common.go
+++ b/common.go
@@ -1163,6 +1163,8 @@ const roleServer = false
 
 var tls10server = godebug.New("tls10server")
 
+// supportedVersions returns the list of supported TLS versions, sorted from
+// highest to lowest (and hence also in preference order).
 func (c *Config) supportedVersions(isClient bool) []uint16 {
 	versions := make([]uint16, 0, len(supportedVersions))
 	for _, v := range supportedVersions {
@@ -1682,12 +1684,35 @@ func unexpectedMessageError(wanted, got any) error {
 	return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted)
 }
 
-// supportedSignatureAlgorithms returns the supported signature algorithms.
-func supportedSignatureAlgorithms() []SignatureScheme {
+// supportedSignatureAlgorithms returns the supported signature algorithms for
+// the given minimum TLS version, to advertise in ClientHello and
+// CertificateRequest messages.
+func supportedSignatureAlgorithms(minVers uint16) []SignatureScheme {
+	sigAlgs := defaultSupportedSignatureAlgorithms()
 	if fips140tls.Required() {
-		return allowedSupportedSignatureAlgorithmsFIPS
+		sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
+			return !slices.Contains(allowedSignatureAlgorithmsFIPS, s)
+		})
+	}
+	if minVers > VersionTLS12 {
+		sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
+			sigType, sigHash, _ := typeAndHashFromSignatureScheme(s)
+			return sigType == signaturePKCS1v15 || sigHash == crypto.SHA1
+		})
+	}
+	return sigAlgs
+}
+
+// supportedSignatureAlgorithmsCert returns the supported algorithms for
+// signatures in certificates.
+func supportedSignatureAlgorithmsCert() []SignatureScheme {
+	sigAlgs := defaultSupportedSignatureAlgorithmsCert()
+	if fips140tls.Required() {
+		sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
+			return !slices.Contains(allowedSignatureAlgorithmsFIPS, s)
+		})
 	}
-	return defaultSupportedSignatureAlgorithms
+	return sigAlgs
 }
 
 func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlgorithms []SignatureScheme) bool {
diff --git a/defaults.go b/defaults.go
index a3f43eb8..07986294 100644
--- a/defaults.go
+++ b/defaults.go
@@ -24,23 +24,51 @@ func defaultCurvePreferences() []CurveID {
 	return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}
 }
 
-// defaultSupportedSignatureAlgorithms contains the signature and hash algorithms that
-// the code advertises as supported in a TLS 1.2+ ClientHello and in a TLS 1.2+
+// defaultSupportedSignatureAlgorithms returns the signature and hash algorithms that
+// the code advertises and supports in a TLS 1.2+ ClientHello and in a TLS 1.2+
 // CertificateRequest. The two fields are merged to match with TLS 1.3.
 // Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
-var defaultSupportedSignatureAlgorithms = []SignatureScheme{
-	PSSWithSHA256,
-	ECDSAWithP256AndSHA256,
-	Ed25519,
-	PSSWithSHA384,
-	PSSWithSHA512,
-	PKCS1WithSHA256,
-	PKCS1WithSHA384,
-	PKCS1WithSHA512,
-	ECDSAWithP384AndSHA384,
-	ECDSAWithP521AndSHA512,
-	PKCS1WithSHA1,
-	ECDSAWithSHA1,
+func defaultSupportedSignatureAlgorithms() []SignatureScheme {
+	return []SignatureScheme{
+		PSSWithSHA256,
+		ECDSAWithP256AndSHA256,
+		Ed25519,
+		PSSWithSHA384,
+		PSSWithSHA512,
+		PKCS1WithSHA256,
+		PKCS1WithSHA384,
+		PKCS1WithSHA512,
+		ECDSAWithP384AndSHA384,
+		ECDSAWithP521AndSHA512,
+		PKCS1WithSHA1,
+		ECDSAWithSHA1,
+	}
+}
+
+// defaultSupportedSignatureAlgorithmsCert returns the signature algorithms that
+// the code advertises as supported for signatures in certificates.
+//
+// We include all algorithms, including SHA-1 and PKCS#1 v1.5, because it's more
+// likely that something on our side will be willing to accept a *-with-SHA1
+// certificate (e.g. with a custom VerifyConnection or by a direct match with
+// the CertPool), than that the peer would have a better certificate but is just
+// choosing not to send it. crypto/x509 will refuse to verify important SHA-1
+// signatures anyway.
+func defaultSupportedSignatureAlgorithmsCert() []SignatureScheme {
+	return []SignatureScheme{
+		PSSWithSHA256,
+		ECDSAWithP256AndSHA256,
+		Ed25519,
+		PSSWithSHA384,
+		PSSWithSHA512,
+		PKCS1WithSHA256,
+		PKCS1WithSHA384,
+		PKCS1WithSHA512,
+		ECDSAWithP384AndSHA384,
+		ECDSAWithP521AndSHA512,
+		PKCS1WithSHA1,
+		ECDSAWithSHA1,
+	}
 }
 
 var tlsrsakex = godebug.New("tlsrsakex")
diff --git a/defaults_boring.go b/defaults_boring.go
index 96406acf..e88f05cc 100644
--- a/defaults_boring.go
+++ b/defaults_boring.go
@@ -31,7 +31,7 @@ var (
 		CurveP384,
 		CurveP521,
 	}
-	allowedSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
+	allowedSignatureAlgorithmsFIPS = []SignatureScheme{
 		PSSWithSHA256,
 		PSSWithSHA384,
 		PSSWithSHA512,
diff --git a/defaults_fips140.go b/defaults_fips140.go
index 472bb807..00176795 100644
--- a/defaults_fips140.go
+++ b/defaults_fips140.go
@@ -36,7 +36,7 @@ var (
 		CurveP384,
 		CurveP521,
 	}
-	allowedSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
+	allowedSignatureAlgorithmsFIPS = []SignatureScheme{
 		PSSWithSHA256,
 		ECDSAWithP256AndSHA256,
 		Ed25519,
diff --git a/fips140_test.go b/fips140_test.go
index c22ad485..46d30768 100644
--- a/fips140_test.go
+++ b/fips140_test.go
@@ -195,7 +195,7 @@ func TestFIPSServerCipherSuites(t *testing.T) {
 				keyShares:                    []keyShare{generateKeyShare(CurveP256)},
 				supportedPoints:              []uint8{pointFormatUncompressed},
 				supportedVersions:            []uint16{VersionTLS12},
-				supportedSignatureAlgorithms: allowedSupportedSignatureAlgorithmsFIPS,
+				supportedSignatureAlgorithms: allowedSignatureAlgorithmsFIPS,
 			}
 			if isTLS13CipherSuite(id) {
 				clientHello.supportedVersions = []uint16{VersionTLS13}
@@ -265,7 +265,7 @@ func TestFIPSServerSignatureAndHash(t *testing.T) {
 		testingOnlyForceClientHelloSignatureAlgorithms = nil
 	}()
 
-	for _, sigHash := range defaultSupportedSignatureAlgorithms {
+	for _, sigHash := range defaultSupportedSignatureAlgorithms() {
 		t.Run(fmt.Sprintf("%v", sigHash), func(t *testing.T) {
 			serverConfig := testConfig.Clone()
 			serverConfig.Certificates = make([]Certificate, 1)
diff --git a/handshake_client.go b/handshake_client.go
index 55790a11..619b47af 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -66,7 +66,10 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 	if len(supportedVersions) == 0 {
 		return nil, nil, nil, errors.New("tls: no supported versions satisfy MinVersion and MaxVersion")
 	}
-	maxVersion := config.maxSupportedVersion(roleClient)
+	// Since supportedVersions is sorted in descending order, the first element
+	// is the maximum version and the last element is the minimum version.
+	maxVersion := supportedVersions[0]
+	minVersion := supportedVersions[len(supportedVersions)-1]
 
 	hello := &clientHelloMsg{
 		vers:                         maxVersion,
@@ -120,18 +123,20 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 	}
 
 	if maxVersion >= VersionTLS12 {
-		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms(minVersion)
+		hello.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithmsCert()
 	}
 	if testingOnlyForceClientHelloSignatureAlgorithms != nil {
 		hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
 	}
 
 	var keyShareKeys *keySharePrivateKeys
-	if hello.supportedVersions[0] == VersionTLS13 {
+	if maxVersion >= VersionTLS13 {
 		// Reset the list of ciphers when the client only supports TLS 1.3.
-		if len(hello.supportedVersions) == 1 {
+		if minVersion >= VersionTLS13 {
 			hello.cipherSuites = nil
 		}
+
 		if fips140tls.Required() {
 			hello.cipherSuites = append(hello.cipherSuites, allowedCipherSuitesTLS13FIPS...)
 		} else if hasAESGCMHardwareSupport {
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 461a0e69..bf3cab97 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -675,7 +675,9 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 	}
 
 	// See RFC 8446, Section 4.4.3.
-	if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
+	// We don't use hs.hello.supportedSignatureAlgorithms because it might
+	// include PKCS#1 v1.5 and SHA-1 if the ClientHello also supported TLS 1.2.
+	if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms(c.vers)) {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: certificate used with invalid signature algorithm")
 	}
@@ -684,8 +686,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 		return c.sendAlert(alertInternalError)
 	}
 	if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
-		c.sendAlert(alertIllegalParameter)
-		return errors.New("tls: certificate used with invalid signature algorithm")
+		return c.sendAlert(alertInternalError)
 	}
 	signed := signedMessage(sigHash, serverSignatureContext, hs.transcript)
 	if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
diff --git a/handshake_messages_test.go b/handshake_messages_test.go
index 448bc31d..fa81a72b 100644
--- a/handshake_messages_test.go
+++ b/handshake_messages_test.go
@@ -179,10 +179,10 @@ func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
 		}
 	}
 	if rand.Intn(10) > 5 {
-		m.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+		m.supportedSignatureAlgorithms = supportedSignatureAlgorithms(VersionTLS12)
 	}
 	if rand.Intn(10) > 5 {
-		m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms()
+		m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms(VersionTLS12)
 	}
 	for i := 0; i < rand.Intn(5); i++ {
 		m.alpnProtocols = append(m.alpnProtocols, randomString(rand.Intn(20)+1, rand))
@@ -473,10 +473,10 @@ func (*certificateRequestMsgTLS13) Generate(rand *rand.Rand, size int) reflect.V
 		m.scts = true
 	}
 	if rand.Intn(10) > 5 {
-		m.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+		m.supportedSignatureAlgorithms = supportedSignatureAlgorithms(VersionTLS12)
 	}
 	if rand.Intn(10) > 5 {
-		m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms()
+		m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms(VersionTLS12)
 	}
 	if rand.Intn(10) > 5 {
 		m.certificateAuthorities = make([][]byte, 3)
diff --git a/handshake_server.go b/handshake_server.go
index d7fadcbd..522d3b62 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -650,7 +650,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		}
 		if c.vers >= VersionTLS12 {
 			certReq.hasSignatureAlgorithm = true
-			certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+			certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms(c.vers)
 		}
 
 		// An empty list of certificateAuthorities signals to
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 54b3cac8..090ff67f 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -844,7 +844,8 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
 		certReq := new(certificateRequestMsgTLS13)
 		certReq.ocspStapling = true
 		certReq.scts = true
-		certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+		certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms(c.vers)
+		certReq.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithmsCert()
 		if c.config.ClientCAs != nil {
 			certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
 		}
@@ -1095,7 +1096,9 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
 		}
 
 		// See RFC 8446, Section 4.4.3.
-		if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
+		// We don't use certReq.supportedSignatureAlgorithms because it would
+		// require keeping the certificateRequestMsgTLS13 around in the hs.
+		if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms(c.vers)) {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: client certificate used with invalid signature algorithm")
 		}
@@ -1104,8 +1107,7 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
 			return c.sendAlert(alertInternalError)
 		}
 		if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
-			c.sendAlert(alertIllegalParameter)
-			return errors.New("tls: client certificate used with invalid signature algorithm")
+			return c.sendAlert(alertInternalError)
 		}
 		signed := signedMessage(sigHash, clientSignatureContext, hs.transcript)
 		if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
diff --git a/quic_test.go b/quic_test.go
index 1bb2e55b..ba75101d 100644
--- a/quic_test.go
+++ b/quic_test.go
@@ -278,7 +278,7 @@ func TestQUICPostHandshakeClientAuthentication(t *testing.T) {
 	certReq := new(certificateRequestMsgTLS13)
 	certReq.ocspStapling = true
 	certReq.scts = true
-	certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+	certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms(VersionTLS13)
 	certReqBytes, err := certReq.marshal()
 	if err != nil {
 		t.Fatal(err)
diff --git a/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
index b79aec63..1a973237 100644
--- a/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
+++ b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 58 ee cb 2c 2e  |....]...Y..X..,.|
-00000010  24 e7 e4 50 2b 4b 9c 0f  ab f5 79 c1 12 b6 89 e5  |$..P+K....y.....|
-00000020  83 41 06 cb 45 f6 66 e9  e1 d2 fe 20 95 fd 7f 15  |.A..E.f.... ....|
-00000030  44 4e 44 18 9b fc 16 a7  8a a4 d9 f7 ca 49 85 e8  |DND..........I..|
-00000040  00 ce 02 26 38 38 1b 8d  6d 16 f2 b8 c0 09 00 00  |...&88..m.......|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 5f db 69 f3 84  |....]...Y.._.i..|
+00000010  2a 34 27 ec 75 af b4 38  e7 d4 ec 19 70 1a 17 0e  |*4'.u..8....p...|
+00000020  4d 94 8f 93 b7 88 ba cf  60 be e3 20 10 53 38 8a  |M.......`.. .S8.|
+00000030  85 c2 1b 7d e3 21 e2 a8  6b 9f 34 dc c1 a0 38 3e  |...}.!..k.4...8>|
+00000040  66 81 bb c4 1c b8 c5 70  ce 28 81 bf c0 09 00 00  |f......p.(......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -56,20 +58,20 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 01  00 b5 0c 00 00 b1 03 00  |....*...........|
-00000280  1d 20 b2 d4 b5 f1 3f 61  7d 07 30 8b fd 17 76 41  |. ....?a}.0...vA|
-00000290  12 c5 e1 25 f1 e9 ad 68  26 55 4b f5 60 16 b0 44  |...%...h&UK.`..D|
-000002a0  90 7a 00 8b 30 81 88 02  42 01 26 8b c1 0d 38 f2  |.z..0...B.&...8.|
-000002b0  0f 22 de fd 81 53 5b 5a  87 b6 57 23 33 22 06 8f  |."...S[Z..W#3"..|
-000002c0  8b 59 f1 70 85 46 41 f2  b7 0c 80 77 df 40 08 77  |.Y.p.FA....w.@.w|
-000002d0  e1 b8 21 7f 55 77 c7 b7  ef ef b5 31 ae a0 22 a8  |..!.Uw.....1..".|
-000002e0  d3 e0 67 e8 67 bc a9 cb  03 47 76 02 42 00 f4 7a  |..g.g....Gv.B..z|
-000002f0  eb 2f d0 82 d7 06 75 35  e4 61 fb cf 27 93 95 29  |./....u5.a..'..)|
-00000300  6e 2c b5 d4 01 45 5b b6  d9 72 e9 f9 13 a6 5f bd  |n,...E[..r...._.|
-00000310  24 76 3b 8e 48 7a ce 4f  f5 c2 77 75 66 2d 18 6d  |$v;.Hz.O..wuf-.m|
-00000320  7d 9e c7 95 0c fe 0b 80  15 67 b2 f2 f6 5a dd 16  |}........g...Z..|
-00000330  03 01 00 0a 0d 00 00 06  03 01 02 40 00 00 16 03  |...........@....|
-00000340  01 00 04 0e 00 00 00                              |.......|
+00000270  95 12 07 8f 2a 16 03 01  00 b4 0c 00 00 b0 03 00  |....*...........|
+00000280  1d 20 07 a5 80 41 74 22  47 af 5d 75 5e ae bd eb  |. ...At"G.]u^...|
+00000290  20 93 4c d3 d1 c6 d0 4b  f8 68 f4 58 fc 88 ca 2a  | .L....K.h.X...*|
+000002a0  8b 08 00 8a 30 81 87 02  41 68 37 4f 22 15 13 23  |....0...Ah7O"..#|
+000002b0  1b 03 6b f2 e1 8b bf 2a  88 4b 14 b3 85 58 ae 5a  |..k....*.K...X.Z|
+000002c0  11 14 9a a3 24 77 c6 a3  a2 8c 12 ae 5c 78 ec 26  |....$w......\x.&|
+000002d0  24 49 b0 57 30 4e 46 71  5b a8 c4 3f 26 09 85 14  |$I.W0NFq[..?&...|
+000002e0  48 3a 8c 4b bf c9 c0 24  1b c1 02 42 01 e1 92 35  |H:.K...$...B...5|
+000002f0  a7 1f 8e ae 3d 3d 0d 89  cc 94 a9 e5 1a 27 6b c1  |....==.......'k.|
+00000300  89 f8 8a 4c ad 8e 84 6f  65 e9 19 ce 99 73 10 4e  |...L...oe....s.N|
+00000310  61 2a 31 19 60 bd ac 37  20 9f 54 90 a5 e2 3a 79  |a*1.`..7 .T...:y|
+00000320  98 a4 1a b4 30 2b 9f 08  86 41 ac f1 4e d7 16 03  |....0+...A..N...|
+00000330  01 00 0a 0d 00 00 06 03  01 02 40 00 00 16 03 01  |..........@.....|
+00000340  00 04 0e 00 00 00                                 |......|
 >>> Flow 3 (client to server)
 00000000  16 03 01 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
 00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
@@ -106,30 +108,30 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 91 0f 00  |...._X.;t.......|
-00000240  00 8d 00 8b 30 81 88 02  42 01 87 b2 c8 53 94 c3  |....0...B....S..|
-00000250  9f ea 8a 04 35 1e 53 fb  c0 db c5 43 e8 99 b7 81  |....5.S....C....|
-00000260  43 fd 47 fd a6 cd 89 b5  0a b9 d0 5d 79 b0 c2 1a  |C.G........]y...|
-00000270  94 1f d8 2e 2b 8d 23 2a  c8 08 63 98 f6 01 1f 8f  |....+.#*..c.....|
-00000280  67 60 3a 88 44 63 7e 8b  91 3e 48 02 42 00 e1 1f  |g`:.Dc~..>H.B...|
-00000290  69 9a 97 bb b6 e9 97 4d  f5 f5 d7 23 56 be 1d ff  |i......M...#V...|
-000002a0  f0 22 67 8d a3 a1 13 33  5b f7 0b c2 a3 c8 5a 8c  |."g....3[.....Z.|
-000002b0  e8 65 b8 a8 7e 6c 99 11  db ab bd 80 0a ca dd 5a  |.e..~l.........Z|
-000002c0  d4 e0 28 12 38 7a b4 86  e7 3e 13 05 a1 3f 5f 14  |..(.8z...>...?_.|
-000002d0  03 01 00 01 01 16 03 01  00 30 9a fa ce 11 0b 50  |.........0.....P|
-000002e0  fa a1 59 9b 89 41 a9 0b  1b 74 dd 8f 7b a9 e0 39  |..Y..A...t..{..9|
-000002f0  5d e3 cc ee 11 f4 27 15  bc 4c 8f e1 2c 51 ec 8e  |].....'..L..,Q..|
-00000300  ed 6c 97 75 4c e9 da fb  68 9d                    |.l.uL...h.|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 8f 0f 00  |...._X.;t.......|
+00000240  00 8b 00 89 30 81 86 02  41 7c e1 65 0a 33 fc 66  |....0...A|.e.3.f|
+00000250  85 e8 a7 9d a8 e0 12 1e  8c fa 53 00 2a 1b 70 dc  |..........S.*.p.|
+00000260  00 ba 15 e9 b2 fa 95 b1  c2 36 b6 a4 dd 4c 6c c2  |.........6...Ll.|
+00000270  d9 11 cb 12 90 c2 1e ea  7f 4c e4 94 3a a4 c6 ba  |.........L..:...|
+00000280  66 3d b9 fa 3a af 0b 74  e5 1e 02 41 30 b2 11 4f  |f=..:..t...A0..O|
+00000290  f5 06 97 76 2d c9 7c 95  df 44 ba fe 81 2d f4 3f  |...v-.|..D...-.?|
+000002a0  e0 25 81 16 90 80 60 7b  bd 88 14 b3 a4 ef 63 21  |.%....`{......c!|
+000002b0  46 0c 15 a3 bd 1a 4d 3d  fd a2 d7 3a ff bd 15 94  |F.....M=...:....|
+000002c0  40 60 d8 42 14 41 18 7e  55 ab 71 a7 9c 14 03 01  |@`.B.A.~U.q.....|
+000002d0  00 01 01 16 03 01 00 30  3d 4f 1e dd 66 64 5a c2  |.......0=O..fdZ.|
+000002e0  bc 12 e9 63 d8 95 34 7c  6c 93 66 c6 12 54 5c d0  |...c..4|l.f..T\.|
+000002f0  2b 2a 7e 20 4f fc 62 19  5d be 55 1f 82 8a 6c 9b  |+*~ O.b.].U...l.|
+00000300  85 7c b8 db 29 65 d7 7b                           |.|..)e.{|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 12 06 0c 4d 1c  |..........0...M.|
-00000010  81 47 06 5f b9 85 68 60  9c 26 4a 14 f2 40 60 7f  |.G._..h`.&J..@`.|
-00000020  d1 1e 51 9e f2 70 2f be  54 cb 42 b3 b3 8d 90 9c  |..Q..p/.T.B.....|
-00000030  9d d2 0d e2 f7 b6 56 31  11 af 5f                 |......V1.._|
+00000000  14 03 01 00 01 01 16 03  01 00 30 1c 42 dd c3 b4  |..........0.B...|
+00000010  9e e8 53 fa 2f 12 1c 80  89 97 ec 99 aa 75 04 e4  |..S./........u..|
+00000020  19 b9 7f 7f e5 61 53 8e  3f a5 1d 1a cb 02 8a 7a  |.....aS.?......z|
+00000030  f3 26 77 2d a0 23 c5 41  e1 fe 5c                 |.&w-.#.A..\|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 0f d0 65  cd d4 59 d0 9e 07 06 6d  |.... ..e..Y....m|
-00000010  8a 11 34 d9 3a 31 59 70  02 39 08 ef 28 98 36 2f  |..4.:1Yp.9..(.6/|
-00000020  0d 5b d0 23 3f 17 03 01  00 20 5b 16 82 9c 29 c6  |.[.#?.... [...).|
-00000030  78 34 76 09 5e bb 01 5e  fc 01 b2 55 9b ef 67 a8  |x4v.^..^...U..g.|
-00000040  ca 9f b9 6d b5 ea 87 48  8e 76 15 03 01 00 20 43  |...m...H.v.... C|
-00000050  12 3b f6 99 31 67 d8 8a  94 d1 37 ef 01 ca a1 62  |.;..1g....7....b|
-00000060  9f d7 2a eb 7e 37 79 d9  a4 07 15 5f fb 84 32     |..*.~7y...._..2|
+00000000  17 03 01 00 20 6f 19 91  24 21 15 50 56 db 29 4f  |.... o..$!.PV.)O|
+00000010  0c e5 d7 85 02 7b dc 76  4f ac ac a1 7d d3 02 07  |.....{.vO...}...|
+00000020  ca c2 1d e0 f5 17 03 01  00 20 f2 f4 da dc e9 c7  |......... ......|
+00000030  c3 60 af d9 7e a4 5f be  80 1d fe a1 ef 98 22 dd  |.`..~._.......".|
+00000040  8f 93 06 22 c3 a2 b1 ed  48 5e 15 03 01 00 20 6b  |..."....H^.... k|
+00000050  2b 7e 37 08 37 21 4e 80  6f 10 e8 d9 30 56 22 aa  |+~7.7!N.o...0V".|
+00000060  f6 c7 fe 33 69 b6 12 f1  11 83 14 12 b5 73 35     |...3i........s5|
diff --git a/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
index b02fe3d2..a63734b6 100644
--- a/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
+++ b/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 0b 4b bc a9 e8  |....]...Y...K...|
-00000010  4a 08 69 de 73 f8 fc 53  c6 e9 cd cf 25 7a 5f b6  |J.i.s..S....%z_.|
-00000020  60 48 65 3e f5 5f 9f 14  e7 38 a0 20 ec fe 94 b2  |`He>._...8. ....|
-00000030  6d a9 d7 91 c4 92 6b 3e  a4 2e 88 72 07 c3 47 12  |m.....k>...r..G.|
-00000040  78 cc 45 86 f9 56 16 f9  d7 d9 38 c2 c0 13 00 00  |x.E..V....8.....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 f6 fc 17 31 02  |....]...Y.....1.|
+00000010  7c 2a e4 6d 3a e7 ae a0  d9 a5 4e 59 88 a6 9c 09  ||*.m:.....NY....|
+00000020  ed 6b a1 6d fb 80 03 72  14 63 93 20 47 4b 39 ed  |.k.m...r.c. GK9.|
+00000030  48 93 f6 9e 80 e0 2a d7  75 30 81 47 b6 94 7a 75  |H.....*.u0.G..zu|
+00000040  1d 29 1f 4a fc 69 5f 92  7f d4 5f dc c0 13 00 00  |.).J.i_..._.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,17 +63,17 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 fc 77 2f  |............ .w/|
-000002d0  88 9a a9 71 3a 14 bf 27  27 40 e0 28 ce e8 e8 3b  |...q:..''@.(...;|
-000002e0  cd 0a 43 21 75 c9 93 70  9a 22 f1 ec 3a 00 80 d2  |..C!u..p."..:...|
-000002f0  cd 71 ae f6 d8 54 5c f3  a4 da c7 64 51 b8 36 b8  |.q...T\....dQ.6.|
-00000300  46 d5 8c b1 a0 43 9b f2  b5 2c 12 89 08 39 2b c3  |F....C...,...9+.|
-00000310  79 4e 5d 3d 7e 7f d5 51  c3 c5 1e 9e 3b 7c 39 c4  |yN]=~..Q....;|9.|
-00000320  c3 64 52 91 94 2f 2c ee  aa 7c 0e ed fd 7a 65 bb  |.dR../,..|...ze.|
-00000330  5a 62 f4 45 24 3d e7 e3  f2 8a 72 74 a7 9d f2 d5  |Zb.E$=....rt....|
-00000340  69 be dc 6e 23 fb 68 bb  6e 64 9e 43 a8 f4 08 2b  |i..n#.h.nd.C...+|
-00000350  86 be ea 88 40 13 5f 3f  0b 18 74 e3 43 76 be 98  |....@._?..t.Cv..|
-00000360  b8 15 ea 4d cb 6e 23 3c  8b a9 ce d4 6a e3 13 16  |...M.n#<....j...|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 2b b0 b2  |............ +..|
+000002d0  f5 17 4b 53 12 c2 b0 12  dc 16 c3 ff 62 b4 18 d9  |..KS........b...|
+000002e0  7f 1a ef e5 a8 b2 98 ea  aa a7 4f 61 01 00 80 2a  |..........Oa...*|
+000002f0  20 54 cc 3b a3 8e f5 db  04 fa 09 7b b1 bf 8a 79  | T.;.......{...y|
+00000300  25 e9 7b 5f 13 0a 3a 23  32 c9 60 90 7c 02 0e 7d  |%.{_..:#2.`.|..}|
+00000310  7f 88 8f 79 73 f7 c8 7c  fe c6 88 d1 d2 c8 88 53  |...ys..|.......S|
+00000320  0f c4 f9 e3 61 28 9d 56  f3 84 eb 88 99 b6 8e a9  |....a(.V........|
+00000330  e4 72 ec 01 a3 81 61 97  45 ab 90 cd 2a 50 a4 68  |.r....a.E...*P.h|
+00000340  35 09 9f d8 99 54 bd 9f  af 6e 63 77 2b 00 a1 e3  |5....T...ncw+...|
+00000350  d6 f8 ab 08 39 3f df 42  55 4c f7 58 69 e8 db 76  |....9?.BUL.Xi..v|
+00000360  43 24 37 5b 65 2c 17 80  c9 c1 50 ba 76 06 71 16  |C$7[e,....P.v.q.|
 00000370  03 01 00 0a 0d 00 00 06  03 01 02 40 00 00 16 03  |...........@....|
 00000380  01 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
@@ -111,29 +113,29 @@
 00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
 00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 90 0f 00  |...._X.;t.......|
-00000240  00 8c 00 8a 30 81 87 02  41 2c f8 d2 c2 28 75 28  |....0...A,...(u(|
-00000250  67 de 75 fb 7a 09 20 8a  ec 06 a6 42 03 ad 3c 95  |g.u.z. ....B..<.|
-00000260  bb 00 f6 10 71 c7 90 fe  08 16 fa ed 7d 71 24 a2  |....q.......}q$.|
-00000270  b6 76 ce f9 1b ff a9 ff  05 b6 dd d8 63 2b 74 86  |.v..........c+t.|
-00000280  65 f5 ef f7 36 41 47 77  b5 88 02 42 00 8a 80 f8  |e...6AGw...B....|
-00000290  9b cf de a6 b7 c3 d8 48  a1 a0 47 7e cf 33 fc f7  |.......H..G~.3..|
-000002a0  fc 87 40 cf 8d c3 81 85  c7 19 9e 37 9e 54 f7 3e  |..@........7.T.>|
-000002b0  d1 1c 42 83 21 d7 2e ae  02 7b 3c ce 97 f3 9b a0  |..B.!....{<.....|
-000002c0  a3 4e b9 a0 9c 78 f0 7e  9c 96 fc 78 e6 08 14 03  |.N...x.~...x....|
-000002d0  01 00 01 01 16 03 01 00  30 84 a0 4f 8d 01 40 ca  |........0..O..@.|
-000002e0  c0 fd ea 1a 9c df 27 cc  25 00 56 e2 30 05 c0 d9  |......'.%.V.0...|
-000002f0  c7 21 48 37 6b 35 c3 a4  4e bf 67 98 87 78 0f 3c  |.!H7k5..N.g..x.<|
-00000300  74 72 4f 6a c5 0d fd 0c  84                       |trOj.....|
+00000240  00 8c 00 8a 30 81 87 02  41 0d b5 15 00 c4 b1 af  |....0...A.......|
+00000250  33 ea 88 c2 cc 9a 1c 16  3d a0 15 bf 20 ef b2 28  |3.......=... ..(|
+00000260  de 8b 36 b4 3a 2f df 8b  b4 7e 3b a4 ad c1 04 32  |..6.:/...~;....2|
+00000270  56 6c 8f 07 ab 3c dc d7  6f 66 41 96 bc 74 e9 4a  |Vl...<..ofA..t.J|
+00000280  55 00 c4 32 df 22 26 6b  98 0d 02 42 01 67 6e 97  |U..2."&k...B.gn.|
+00000290  8b 55 e8 57 74 d8 2e c5  a4 25 1a b6 08 a5 b1 f0  |.U.Wt....%......|
+000002a0  99 26 9c 24 b3 02 82 55  0d d9 3a 13 55 f1 cb cc  |.&.$...U..:.U...|
+000002b0  84 fd b7 5d 82 dd 26 d4  c6 4c 4a 27 ae 08 e7 57  |...]..&..LJ'...W|
+000002c0  74 a3 91 b9 6c f6 50 bb  d9 34 e5 4b c2 66 14 03  |t...l.P..4.K.f..|
+000002d0  01 00 01 01 16 03 01 00  30 be 86 48 b8 3d f0 1e  |........0..H.=..|
+000002e0  b7 58 d4 b6 54 88 b4 57  1d 7d 5c 3f 17 ff 41 6f  |.X..T..W.}\?..Ao|
+000002f0  a4 60 57 21 86 bb 77 d9  dd af 96 fb eb c8 b0 86  |.`W!..w.........|
+00000300  18 e2 00 4a 1b 92 67 75  5a                       |...J..guZ|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 01 da 6e 2a 83  |..........0..n*.|
-00000010  20 ad 52 16 f2 c6 c1 55  b8 77 0d 5f c6 48 dc e7  | .R....U.w._.H..|
-00000020  72 29 88 0a 2b 1a d1 1e  fd fb c0 c3 18 c8 43 47  |r)..+.........CG|
-00000030  a9 8f d3 fe f3 d8 d2 a8  ce 79 44                 |.........yD|
+00000000  14 03 01 00 01 01 16 03  01 00 30 81 55 c5 00 ab  |..........0.U...|
+00000010  7e 16 3e 35 25 2a 86 0d  bf 69 17 1f e7 13 fd 6c  |~.>5%*...i.....l|
+00000020  a7 3e 63 e6 23 57 1e 63  ca 1f 1a ea 76 df c1 9e  |.>c.#W.c....v...|
+00000030  c9 ee fc 23 8a ec e0 e9  78 38 cb                 |...#....x8.|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 e5 74 9a  b9 0b 6c 43 0f 4e db e4  |.... .t...lC.N..|
-00000010  ba 10 5d 9a f0 96 16 17  ad a5 42 d8 0d a3 39 86  |..].......B...9.|
-00000020  6c f0 8a 64 70 17 03 01  00 20 d2 11 27 ea f2 80  |l..dp.... ..'...|
-00000030  a5 5d ba 7b 99 4b 94 25  13 24 29 05 7b 64 00 51  |.].{.K.%.$).{d.Q|
-00000040  14 8e d5 e9 e2 c0 5d 98  96 30 15 03 01 00 20 7e  |......]..0.... ~|
-00000050  87 d2 6c 5c b5 1c 11 72  e1 c4 e5 e0 f3 16 6b db  |..l\...r......k.|
-00000060  55 c3 c7 ae a9 38 d3 07  04 41 be c5 42 43 a4     |U....8...A..BC.|
+00000000  17 03 01 00 20 6f 5c 74  f2 48 38 66 86 fe 54 d9  |.... o\t.H8f..T.|
+00000010  69 ec a9 91 d4 4d 07 98  7d df 19 1f fd ec c2 d5  |i....M..}.......|
+00000020  b5 49 a7 0a 05 17 03 01  00 20 62 0d 0e 63 82 cf  |.I....... b..c..|
+00000030  74 e1 eb dd 2f 4f 05 92  7a 08 34 ff 84 6e 13 7f  |t.../O..z.4..n..|
+00000040  21 cb f6 92 c4 d1 4d 49  31 9f 15 03 01 00 20 f1  |!.....MI1..... .|
+00000050  53 aa 8e 29 2c 58 3a 9b  c3 a1 dc 85 ce d1 70 c3  |S..),X:.......p.|
+00000060  06 53 1d 66 4d 51 a5 33  4c 53 41 e8 ac 1b 10     |.S.fMQ.3LSA....|
diff --git a/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
index ac8a0eba..8f1ff3f1 100644
--- a/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 6f 48 26 41 da  |....]...Y..oH&A.|
-00000010  73 82 d1 cf 84 ad 06 e9  76 39 dc e4 c8 34 af 53  |s.......v9...4.S|
-00000020  06 ed ed 68 56 5f 76 11  4e f6 ff 20 55 fd 29 c5  |...hV_v.N.. U.).|
-00000030  aa 56 af bd 5d 67 74 4f  08 8a 52 a1 7e cd b9 ac  |.V..]gtO..R.~...|
-00000040  31 a0 2f 45 25 1f b2 24  71 26 80 17 c0 09 00 00  |1./E%..$q&......|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 79 7e 8c 72 46  |....]...Y..y~.rF|
+00000010  e6 1a d5 db 83 07 37 34  cf f5 84 39 87 af 5f 23  |......74...9.._#|
+00000020  47 f9 e2 9d c0 76 e8 6a  7e 88 9c 20 a3 c7 5b 94  |G....v.j~.. ..[.|
+00000030  8f 63 f2 ac 89 b5 ed ee  e0 8f 87 be 2a 3e f1 6c  |.c..........*>.l|
+00000040  2f ca cc d0 ee 22 4c a9  ed 03 5e 18 c0 09 00 00  |/...."L...^.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -57,17 +59,17 @@
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
 00000270  95 12 07 8f 2a 16 03 01  00 b3 0c 00 00 af 03 00  |....*...........|
-00000280  1d 20 51 4c 6f eb 08 70  52 20 15 78 d3 f8 65 5e  |. QLo..pR .x..e^|
-00000290  0f 59 03 b7 d1 0e e9 7e  be 42 d2 cd f3 57 c6 24  |.Y.....~.B...W.$|
-000002a0  6b 2c 00 89 30 81 86 02  41 7b 1b ec 11 08 f4 8f  |k,..0...A{......|
-000002b0  db 2c c5 1b 33 b2 b0 b4  da 76 b9 a7 78 ed ee 0e  |.,..3....v..x...|
-000002c0  23 5c 4b b0 10 6e 41 12  b9 d4 68 c1 15 ea 70 0a  |#\K..nA...h...p.|
-000002d0  0c 91 c1 8d 4a 4d 41 c1  c3 25 f1 90 ef 95 f3 e1  |....JMA..%......|
-000002e0  a8 30 4d ce 4d d1 eb 8c  cf 9a 02 41 09 e0 8c 8e  |.0M.M......A....|
-000002f0  70 01 f1 5d b2 8a d1 61  bc 86 f4 85 2f 6c ac 2c  |p..]...a..../l.,|
-00000300  e8 bf 20 c7 81 46 21 6e  9b bd c1 83 71 34 8d 65  |.. ..F!n....q4.e|
-00000310  fc 35 07 be c8 ad d4 3a  c6 7b 40 1c f7 17 e3 d9  |.5.....:.{@.....|
-00000320  96 19 d4 cd 0d d0 8c 4f  b2 09 6a 4b 05 16 03 01  |.......O..jK....|
+00000280  1d 20 37 50 ab 46 a8 24  be 20 fd 71 c2 8d 91 a0  |. 7P.F.$. .q....|
+00000290  88 88 0b 18 f5 ec 43 99  cb 63 45 9c ad b4 27 20  |......C..cE...' |
+000002a0  0d 11 00 89 30 81 86 02  41 35 1d fa 6c 1b a1 b4  |....0...A5..l...|
+000002b0  bc 5f 4d a6 77 64 8d e1  92 94 97 53 c5 01 c2 bb  |._M.wd.....S....|
+000002c0  5c 83 f0 c2 6d 6d d1 1f  ff 7a 00 06 4a a0 de c0  |\...mm...z..J...|
+000002d0  aa a1 9f 6d f6 62 20 d0  08 1e 5b bc 1d af 03 45  |...m.b ...[....E|
+000002e0  d5 70 8b ee d8 a8 ff 3e  2b 7d 02 41 28 ff 3e 45  |.p.....>+}.A(.>E|
+000002f0  7f ec c1 87 df dd 14 8b  64 08 84 02 2b de ff 14  |........d...+...|
+00000300  b9 6f 54 72 b1 a2 99 47  55 2d 76 91 77 ba 4f db  |.oTr...GU-v.w.O.|
+00000310  a3 4c ab 21 62 48 3a 8d  f7 32 57 12 dc 6c a9 51  |.L.!bH:..2W..l.Q|
+00000320  77 cc b3 30 1f e9 41 bf  0b b3 4b a5 e4 16 03 01  |w..0..A...K.....|
 00000330  00 0a 0d 00 00 06 03 01  02 40 00 00 16 03 01 00  |.........@......|
 00000340  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
@@ -106,29 +108,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 59  18 58 aa 18 70 84 a3 26  |.......Y.X..p..&|
-00000240  8c 1d 77 52 a7 2d 00 e5  00 dc 24 1c f6 9b 9f 63  |..wR.-....$....c|
-00000250  c8 84 8b dc e7 61 78 9c  28 0d 4c 3a 1e 5f a7 ce  |.....ax.(.L:._..|
-00000260  35 17 1c b1 de e0 01 32  35 6f 85 59 22 73 50 2a  |5......25o.Y"sP*|
-00000270  36 df 39 0c c8 c1 45 70  a2 e4 53 bb de e6 0e 6a  |6.9...Ep..S....j|
-00000280  fd 45 8e 4d eb 1f de 86  d3 fb 94 e4 8d 22 cd 30  |.E.M.........".0|
-00000290  e7 29 de 65 f0 2a cd b8  3d b5 be 91 a3 7d 3b 30  |.).e.*..=....};0|
-000002a0  1a a5 63 bd 84 1f 95 19  d1 fe 25 40 b8 8f ab 96  |..c.......%@....|
-000002b0  59 42 e6 31 93 c0 39 14  03 01 00 01 01 16 03 01  |YB.1..9.........|
-000002c0  00 30 a9 f7 c0 97 f4 b8  06 65 a6 7c fb 80 a1 79  |.0.......e.|...y|
-000002d0  5f 44 72 55 13 d1 ca e3  9a 91 5d 1e 08 93 6d b5  |_DrU......]...m.|
-000002e0  1c 5e 52 24 b1 ec db aa  3b bc fe db 18 0b 18 fe  |.^R$....;.......|
-000002f0  51 6a                                             |Qj|
+00000230  86 0f 00 00 82 00 80 22  5d 5b 59 98 4a a8 53 6b  |......."][Y.J.Sk|
+00000240  78 1d 8f 51 a1 23 6a 87  fb 9d 79 5c 63 9d dc 61  |x..Q.#j...y\c..a|
+00000250  13 9f a1 36 f9 fa ec a0  6f 47 11 d6 7c 8f a4 81  |...6....oG..|...|
+00000260  fb f1 31 59 11 6c 8e 83  1c 56 3b 03 b4 a9 e0 09  |..1Y.l...V;.....|
+00000270  aa 04 c4 d1 7a c5 28 03  ae ce fe a0 95 1b 8c 5c  |....z.(........\|
+00000280  65 32 ca f0 d5 43 fc 9b  e0 8e ca 80 f3 e0 5f 8d  |e2...C........_.|
+00000290  6d 91 ff f2 4b 7b a7 38  64 dd e8 a8 d8 1f 95 31  |m...K{.8d......1|
+000002a0  04 a9 6c 72 45 9c 0d a3  80 60 8e 20 8a af f7 ae  |..lrE....`. ....|
+000002b0  87 10 26 51 0e a5 e8 14  03 01 00 01 01 16 03 01  |..&Q............|
+000002c0  00 30 46 9b a2 75 16 a9  c2 ac d7 47 ca 41 48 bd  |.0F..u.....G.AH.|
+000002d0  2c 3d 56 e3 a4 21 a6 c0  d8 71 6d fb 4a c6 9a a1  |,=V..!...qm.J...|
+000002e0  88 db a5 70 58 e0 e3 5a  c7 62 d1 d4 0f 4b c6 55  |...pX..Z.b...K.U|
+000002f0  0c aa                                             |..|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 e6 36 50 e7 a3  |..........0.6P..|
-00000010  72 0a 6a 9f 18 17 91 51  ad 48 19 54 c8 6b c0 45  |r.j....Q.H.T.k.E|
-00000020  d5 9b cb 08 34 d3 3a 73  74 04 3a 3d 24 b0 95 48  |....4.:st.:=$..H|
-00000030  97 9e c5 83 4f 20 29 c8  dd 93 6c                 |....O )...l|
+00000000  14 03 01 00 01 01 16 03  01 00 30 6b ab 63 56 79  |..........0k.cVy|
+00000010  32 ef f9 df c5 36 29 50  f5 1d 55 c2 4b 84 f5 68  |2....6)P..U.K..h|
+00000020  b0 d8 7d 7d 80 24 e2 5d  b9 0f 66 25 4e 50 21 08  |..}}.$.]..f%NP!.|
+00000030  a3 15 de 0e 04 ef 86 d6  04 2e 9b                 |...........|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 58 a1 0a  68 2c 04 68 7d e9 13 ce  |.... X..h,.h}...|
-00000010  69 4b 53 4a f6 fc e0 c8  0e 05 ad 19 d8 b3 37 67  |iKSJ..........7g|
-00000020  f2 1f 3b 33 62 17 03 01  00 20 c2 e7 d3 d2 38 ba  |..;3b.... ....8.|
-00000030  27 13 ed d1 73 fc 9b f5  4f 61 f0 35 27 8e 54 52  |'...s...Oa.5'.TR|
-00000040  b7 ce bd 6a 05 c6 61 95  1e 8a 15 03 01 00 20 6e  |...j..a....... n|
-00000050  07 21 86 31 f8 74 6b 45  4d 10 2f 5d e7 2b 64 77  |.!.1.tkEM./].+dw|
-00000060  a9 7f 1e 49 ed d5 d4 1e  2e f2 b1 c5 4d 02 46     |...I........M.F|
+00000000  17 03 01 00 20 86 3b 02  a4 5c 33 eb 57 cc 42 71  |.... .;..\3.W.Bq|
+00000010  32 81 56 00 4a b0 3b 7e  ed cd ab d9 76 2b 12 97  |2.V.J.;~....v+..|
+00000020  d6 be 22 cc 02 17 03 01  00 20 e7 53 2a b7 18 a7  |.."...... .S*...|
+00000030  6f 65 ef 20 9d 38 be 3c  f0 6c 4e 5d e9 cc ac 8c  |oe. .8.<.lN]....|
+00000040  57 7d 61 c6 23 d8 bb d4  97 15 15 03 01 00 20 c9  |W}a.#......... .|
+00000050  c1 b2 03 2b b0 a4 cb 4b  65 31 46 c4 6c e4 12 70  |...+...Ke1F.l..p|
+00000060  0e eb e8 a0 d2 1c ca 2d  4f 87 f0 16 e9 23 b0     |.......-O....#.|
diff --git a/testdata/Client-TLSv10-ClientCert-RSA-RSA b/testdata/Client-TLSv10-ClientCert-RSA-RSA
index 48eb1ce6..2ad78c70 100644
--- a/testdata/Client-TLSv10-ClientCert-RSA-RSA
+++ b/testdata/Client-TLSv10-ClientCert-RSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 24 71 03 c6 1d  |....]...Y..$q...|
-00000010  d4 f5 09 b2 3c d8 88 51  57 4c 90 07 4b 74 fe 1d  |....<..QWL..Kt..|
-00000020  c9 7f 00 78 9b a3 b2 1b  ef 43 66 20 07 97 7c a6  |...x.....Cf ..|.|
-00000030  9b c6 a9 47 42 ae 99 bf  59 fe 52 f6 da d9 1c 68  |...GB...Y.R....h|
-00000040  c2 7a 53 3f 27 0d 11 87  9a 47 81 5c c0 13 00 00  |.zS?'....G.\....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 26 fc 57 68 fc  |....]...Y..&.Wh.|
+00000010  0d a6 0d 31 5f 98 77 d2  5d 19 e1 35 55 0e 2b d1  |...1_.w.]..5U.+.|
+00000020  08 a0 f2 23 b8 8a 4a 71  58 f5 26 20 23 a6 28 5f  |...#..JqX.& #.(_|
+00000030  5b 57 e9 7d c9 14 a1 ec  75 33 8d 42 ce 0e 3e fc  |[W.}....u3.B..>.|
+00000040  0a d6 12 ef 3e f7 7b 15  8e aa 04 4a c0 13 00 00  |....>.{....J....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,17 +63,17 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 ad a7 d5  |............ ...|
-000002d0  fc 63 e1 22 f8 1f 8d ad  50 09 1a 92 a4 57 ea 88  |.c."....P....W..|
-000002e0  6d 9c 20 70 f1 8b 85 15  ec 8e b2 b3 07 00 80 b1  |m. p............|
-000002f0  03 03 a7 cf 8f 73 e2 a3  29 0d 55 4a 06 72 db e5  |.....s..).UJ.r..|
-00000300  65 41 44 49 05 1c 37 17  1c 02 6e b1 f4 e8 a9 bb  |eADI..7...n.....|
-00000310  00 24 3e 3a 3c d6 1c f6  dd 21 a4 e3 61 b0 1d 2e  |.$>:<....!..a...|
-00000320  77 11 53 51 4d 49 1e 07  bf 07 61 d1 54 f4 c7 24  |w.SQMI....a.T..$|
-00000330  4f 7d 5c 5a fb 84 c0 9d  0e 52 12 b6 40 72 37 fd  |O}\Z.....R..@r7.|
-00000340  8c bd d0 8a b1 9e 2c 18  bc 04 a3 c2 90 a3 33 4c  |......,.......3L|
-00000350  06 7c 14 a8 73 7d d2 23  30 f9 31 12 56 31 60 19  |.|..s}.#0.1.V1`.|
-00000360  d1 0d 31 c1 3c 25 66 62  5c 9b 13 5e 34 c6 69 16  |..1.<%fb\..^4.i.|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 eb d9 23  |............ ..#|
+000002d0  5f 21 7f ab f2 ae b4 9a  c8 06 2c 2a b4 01 50 5b  |_!........,*..P[|
+000002e0  7e 57 e6 7f 03 ac 36 9f  b7 f7 2f fa 5a 00 80 7e  |~W....6.../.Z..~|
+000002f0  74 f4 01 6e cd eb f6 d9  13 72 57 57 f5 2f 8d a7  |t..n.....rWW./..|
+00000300  5a 39 7b 93 ff b1 56 98  b9 72 02 44 e9 de 4f c1  |Z9{...V..r.D..O.|
+00000310  6a 7d 6f 43 73 a8 53 91  0a 82 de 66 21 22 65 f0  |j}oCs.S....f!"e.|
+00000320  31 ff e4 e8 bc 80 7a 79  23 d1 3d b8 a5 be ff 3b  |1.....zy#.=....;|
+00000330  fc 6c f1 45 4e 59 50 29  cd 35 d3 d4 93 eb 1f 65  |.l.ENYP).5.....e|
+00000340  56 b1 e8 5f 35 a8 a6 8a  2b 02 4a 84 33 5b ff 01  |V.._5...+.J.3[..|
+00000350  d0 d1 d5 17 6c 30 e9 ce  03 cc 7c 28 25 50 0c cd  |....l0....|(%P..|
+00000360  74 55 3e cf 3f dc 9c 80  19 35 f5 36 e5 ca 9a 16  |tU>.?....5.6....|
 00000370  03 01 00 0a 0d 00 00 06  03 01 02 40 00 00 16 03  |...........@....|
 00000380  01 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
@@ -110,29 +112,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 59  e2 7d 00 66 f0 59 a0 19  |.......Y.}.f.Y..|
-00000240  b6 4f 26 80 ad 31 b4 b3  c2 56 af 84 bf 88 15 7f  |.O&..1...V......|
-00000250  dc 29 fc 51 f2 cf 0d ec  52 46 c5 c5 cd 24 c1 93  |.).Q....RF...$..|
-00000260  5b f6 06 09 ad bb 9a 4a  ae 5d ec 57 f8 96 a8 b1  |[......J.].W....|
-00000270  4b 81 45 7d 34 38 59 ea  76 47 76 1c 7f 7b 68 e9  |K.E}48Y.vGv..{h.|
-00000280  89 7b 5d 4c b9 bc 5a 26  e1 f7 6c 42 f7 c6 6d bb  |.{]L..Z&..lB..m.|
-00000290  c0 c7 bd f6 5e 9e 51 d8  30 ec 9f da 56 0a b7 2a  |....^.Q.0...V..*|
-000002a0  6c 5e 50 d1 74 48 70 4a  88 62 16 a1 ba f2 01 e5  |l^P.tHpJ.b......|
-000002b0  00 b6 eb cb e3 18 cf 14  03 01 00 01 01 16 03 01  |................|
-000002c0  00 30 61 51 84 02 46 3c  10 62 b5 2a a2 8b 4e 2d  |.0aQ..F<.b.*..N-|
-000002d0  57 55 26 c5 46 f2 5d a1  f5 20 46 0d 63 fd 48 5a  |WU&.F.].. F.c.HZ|
-000002e0  f3 65 90 8c 1a bd 59 6e  5f d1 5c b6 ee 33 49 12  |.e....Yn_.\..3I.|
-000002f0  46 ec                                             |F.|
+00000230  86 0f 00 00 82 00 80 8b  21 19 8e 69 f9 f2 da 9b  |........!..i....|
+00000240  58 ce 21 ce 77 f1 c4 50  be 04 63 bc 30 ac 9e 32  |X.!.w..P..c.0..2|
+00000250  f0 43 31 36 8a 87 f9 8a  3a f8 00 48 04 07 ad e0  |.C16....:..H....|
+00000260  0d 57 d6 74 86 70 6e 30  74 97 a0 26 e1 6f dd c1  |.W.t.pn0t..&.o..|
+00000270  5b b6 c5 b0 05 35 43 aa  b3 14 fb ca 59 80 fa 4a  |[....5C.....Y..J|
+00000280  d4 be 61 b2 a7 5d f0 b4  dc 9b ee 83 b6 93 09 ca  |..a..]..........|
+00000290  82 76 a8 99 1d 85 b6 77  f4 eb 7d 4b bb 7c 5b d5  |.v.....w..}K.|[.|
+000002a0  7b 40 a9 b0 77 ad a0 8b  08 81 5c 8e 20 e2 2a 62  |{@..w.....\. .*b|
+000002b0  9f 53 28 e4 e1 a3 1d 14  03 01 00 01 01 16 03 01  |.S(.............|
+000002c0  00 30 84 88 01 5f 1e 79  9b f8 60 b3 7b 50 e0 97  |.0..._.y..`.{P..|
+000002d0  e7 94 1c 75 58 89 1e ab  20 c9 2a 35 43 af 5b e1  |...uX... .*5C.[.|
+000002e0  05 25 60 49 ec 7b fc 9f  d2 ea 77 9a fe a7 86 b8  |.%`I.{....w.....|
+000002f0  89 7d                                             |.}|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 b1 3c 7f c3 15  |..........0.<...|
-00000010  e4 fe bc 1a ee 0d ec 28  ce b0 f7 fd a4 0a e4 79  |.......(.......y|
-00000020  37 09 68 de 58 f8 e8 76  7d 9c 09 35 42 7e 00 8e  |7.h.X..v}..5B~..|
-00000030  4c 8d d1 60 26 d4 09 c5  8b d0 96                 |L..`&......|
+00000000  14 03 01 00 01 01 16 03  01 00 30 ae 8c 9b 1b 85  |..........0.....|
+00000010  41 7b 53 64 51 07 12 6b  37 c0 75 81 b0 6d 4b bd  |A{SdQ..k7.u..mK.|
+00000020  30 a3 a1 5b a3 9e 3d c3  ed 4f ac e3 67 88 ec a8  |0..[..=..O..g...|
+00000030  fb 6f 09 d5 11 8c 7b ae  39 60 0c                 |.o....{.9`.|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 6c bb 09  ee 1d 96 6c 63 5b b6 69  |.... l.....lc[.i|
-00000010  bf ea ad 7a 85 36 a2 4b  d2 f0 73 18 91 b1 42 e5  |...z.6.K..s...B.|
-00000020  77 d0 6c ff ab 17 03 01  00 20 ed 85 78 3b bd 49  |w.l...... ..x;.I|
-00000030  2c f3 02 24 f2 18 72 96  a0 49 6b 06 bd bb 54 25  |,..$..r..Ik...T%|
-00000040  0a 3e ff 07 45 6b 6c cc  a6 d2 15 03 01 00 20 07  |.>..Ekl....... .|
-00000050  9a fb b7 cc 01 cd f7 b6  90 d3 b6 a7 31 15 99 e2  |............1...|
-00000060  e7 e8 2b a5 c0 e8 a9 9d  fe 4e 11 0d 4a d4 b7     |..+......N..J..|
+00000000  17 03 01 00 20 ca 25 b7  cb b1 74 e5 00 c2 65 b4  |.... .%...t...e.|
+00000010  49 9d 2c c5 a4 0b be 1d  2b 49 30 96 19 f2 10 0c  |I.,.....+I0.....|
+00000020  7a c2 23 57 5b 17 03 01  00 20 39 20 09 37 f3 b0  |z.#W[.... 9 .7..|
+00000030  8f 3a 93 2f 14 6d cd d6  ec 2c 1f 2b 3f ee 13 d3  |.:./.m...,.+?...|
+00000040  72 f4 c4 36 49 a9 80 28  f1 08 15 03 01 00 20 82  |r..6I..(...... .|
+00000050  c8 e7 e5 a1 c0 78 da 98  8a ad 93 da cb cc 9e a8  |.....x..........|
+00000060  c6 60 ec 50 fa d2 25 38  6b e3 5d 0d 1c c7 15     |.`.P..%8k.]....|
diff --git a/testdata/Client-TLSv10-ECDHE-ECDSA-AES b/testdata/Client-TLSv10-ECDHE-ECDSA-AES
index ac354c50..b8f32392 100644
--- a/testdata/Client-TLSv10-ECDHE-ECDSA-AES
+++ b/testdata/Client-TLSv10-ECDHE-ECDSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 70 d2 b8 0b 74  |....]...Y..p...t|
-00000010  93 b4 60 d7 ab 1d 0f f3  7c d0 b5 f8 a2 78 45 30  |..`.....|....xE0|
-00000020  b1 41 9b b6 73 bd 05 d8  85 16 66 20 e8 26 8d 7a  |.A..s.....f .&.z|
-00000030  e2 da e0 a0 7a c9 19 d1  dd db 2b bc b4 b2 56 39  |....z.....+...V9|
-00000040  9f e6 62 75 29 96 40 b3  0d c0 db 65 c0 09 00 00  |..bu).@....e....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 65 75 f4 83 d3  |....]...Y..eu...|
+00000010  95 a2 e3 96 5d 70 09 f1  ab 22 18 3d f6 9c 27 b2  |....]p...".=..'.|
+00000020  f0 4f 17 eb f4 6a 32 4d  1f 02 59 20 75 b7 a4 c8  |.O...j2M..Y u...|
+00000030  66 a9 4b 54 d3 0b 8b 82  38 24 31 8a 01 71 95 06  |f.KT....8$1..q..|
+00000040  a9 4f dd b2 d4 42 25 77  8c 91 87 48 c0 09 00 00  |.O...B%w...H....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -56,37 +58,37 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 01  00 b4 0c 00 00 b0 03 00  |....*...........|
-00000280  1d 20 5f 81 8f 18 31 4e  64 fe 87 f2 da c6 45 45  |. _...1Nd.....EE|
-00000290  54 e3 54 c6 a0 bb bf bd  d1 01 c5 7b 08 d8 32 6b  |T.T........{..2k|
-000002a0  a8 31 00 8a 30 81 87 02  42 01 21 7e c2 26 cb 5e  |.1..0...B.!~.&.^|
-000002b0  f1 2a d2 9b 7f 3f b4 d4  28 5e 63 5a 20 aa 28 87  |.*...?..(^cZ .(.|
-000002c0  bb dd 5c 6a 91 a2 2d 03  7a 69 67 8b ca 84 a6 1f  |..\j..-.zig.....|
-000002d0  d3 58 40 eb 5c 54 95 96  05 d0 37 63 e4 a6 1b 51  |.X@.\T....7c...Q|
-000002e0  9a d0 93 31 82 e6 8e a0  af 29 64 02 41 4c ff ac  |...1.....)d.AL..|
-000002f0  44 74 e0 04 2c ab 1c 23  91 dc 06 36 ff 19 a1 60  |Dt..,..#...6...`|
-00000300  19 d4 e5 d3 78 f5 ed d8  09 7b de 61 6f 65 2c 69  |....x....{.aoe,i|
-00000310  a1 d2 5d 07 bf 99 26 2b  70 fa 34 26 30 41 59 3b  |..]...&+p.4&0AY;|
-00000320  bc a3 10 9c 92 fa 60 a7  df ea e4 8a 3a 76 16 03  |......`.....:v..|
-00000330  01 00 04 0e 00 00 00                              |.......|
+00000270  95 12 07 8f 2a 16 03 01  00 b3 0c 00 00 af 03 00  |....*...........|
+00000280  1d 20 37 88 b4 b9 cb 5f  71 5e 4c 36 59 f1 37 97  |. 7...._q^L6Y.7.|
+00000290  ec 3e 16 c8 ac 23 61 8d  fe 75 14 ff 33 eb db 04  |.>...#a..u..3...|
+000002a0  7a 17 00 89 30 81 86 02  41 50 a1 8b 98 a0 b9 21  |z...0...AP.....!|
+000002b0  22 23 a1 ce 76 85 6e 7a  40 ce 2c 65 bc 3c 89 e6  |"#..v.nz@.,e.<..|
+000002c0  1c 74 1e a9 1d 6c c7 60  99 b5 68 62 74 84 0d 7c  |.t...l.`..hbt..||
+000002d0  a3 06 61 b1 d2 9a 5c 3e  92 39 d7 ac be 1d ac ff  |..a...\>.9......|
+000002e0  18 e7 76 29 f1 d2 8f 97  6e 44 02 41 07 e1 ee a8  |..v)....nD.A....|
+000002f0  cc 89 7d a5 6e e5 32 52  51 72 ff dc 9e 77 e2 c8  |..}.n.2RQr...w..|
+00000300  18 07 1e 6e fa 4a b2 05  f8 a5 e6 21 76 90 ba e4  |...n.J.....!v...|
+00000310  9f b4 2a 03 c5 86 07 58  aa 4a c2 d8 24 c9 a5 e0  |..*....X.J..$...|
+00000320  d7 04 0e 41 33 3c b7 e2  82 f1 05 0d 6a 16 03 01  |...A3<......j...|
+00000330  00 04 0e 00 00 00                                 |......|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 6d 2a 91  d7 c3 8f 1c d8 d4 cc 67  |....0m*........g|
-00000040  ed 07 41 c2 9c 48 0d bd  7f 11 61 00 58 23 55 88  |..A..H....a.X#U.|
-00000050  f9 bd da 92 bc e4 8d 47  c0 ac 72 43 7f 2d 0f b5  |.......G..rC.-..|
-00000060  de bb 67 6e 9f                                    |..gn.|
+00000030  16 03 01 00 30 8b de e9  e0 3d 21 29 46 07 eb da  |....0....=!)F...|
+00000040  60 6a 55 37 05 9c 94 e1  46 1f 12 a0 76 b6 0f 45  |`jU7....F...v..E|
+00000050  9d ad ee 69 ae 01 74 9f  de d4 d1 67 a5 0b 57 48  |...i..t....g..WH|
+00000060  69 c3 e6 2d ad                                    |i..-.|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 be 25 a7 fa 04  |..........0.%...|
-00000010  a5 dd 58 c1 5f a6 31 f8  fc fc db 27 a1 c7 0b 7c  |..X._.1....'...||
-00000020  a5 9a 0f bd 07 09 d9 9b  95 bf f4 a5 80 c7 7d bd  |..............}.|
-00000030  a0 37 25 68 46 63 37 37  5f 3d b2                 |.7%hFc77_=.|
+00000000  14 03 01 00 01 01 16 03  01 00 30 f7 8f 4a 28 80  |..........0..J(.|
+00000010  4c 9b cb 02 39 81 a4 19  84 d9 b3 64 48 4d a6 2b  |L...9......dHM.+|
+00000020  20 6a 1e 9d 6f d2 39 53  1a f4 27 0e dc 92 ec 71  | j..o.9S..'....q|
+00000030  7d 48 66 67 6a 51 68 e4  7c 68 63                 |}HfgjQh.|hc|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 98 6e bd  0c 0e 46 88 05 6d 67 b3  |.... .n...F..mg.|
-00000010  a7 92 7a 3c f2 98 8b ab  07 9e 80 bc 7a 5e 70 1a  |..z<........z^p.|
-00000020  2b 3d 2f 28 c9 17 03 01  00 20 f1 a8 ac 45 f6 60  |+=/(..... ...E.`|
-00000030  ac 76 4e 66 1b a1 23 65  9c 55 6b 0b d4 cb 0a 43  |.vNf..#e.Uk....C|
-00000040  42 d1 1e 1b 61 45 16 8e  a8 c2 15 03 01 00 20 3d  |B...aE........ =|
-00000050  c0 ac 27 49 be 69 0e 23  cd 1b ea 01 0f 97 66 34  |..'I.i.#......f4|
-00000060  f8 bd a6 40 35 af 5b 1f  cf 42 25 54 aa 2f 2e     |...@5.[..B%T./.|
+00000000  17 03 01 00 20 ca ea fd  d5 01 d1 47 40 a5 57 4f  |.... ......G@.WO|
+00000010  b0 80 29 e5 a0 4a f2 09  34 02 46 10 45 3a 05 42  |..)..J..4.F.E:.B|
+00000020  0f 19 eb a2 33 17 03 01  00 20 34 92 d3 ed e4 50  |....3.... 4....P|
+00000030  13 e9 5c 65 01 fc c1 a3  28 77 c8 d6 2c 11 7f 68  |..\e....(w..,..h|
+00000040  b9 08 51 53 c9 f3 d3 4e  9a 24 15 03 01 00 20 07  |..QS...N.$.... .|
+00000050  4d 53 0a 85 d4 49 c4 7b  a2 4c 38 8d cc 8e 2a dd  |MS...I.{.L8...*.|
+00000060  24 da 28 07 f8 4b c5 2c  d2 15 e2 b5 b9 56 b1     |$.(..K.,.....V.|
diff --git a/testdata/Client-TLSv10-ECDHE-RSA-AES b/testdata/Client-TLSv10-ECDHE-RSA-AES
index 694cd4ce..9790da47 100644
--- a/testdata/Client-TLSv10-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv10-ECDHE-RSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 5a a9 a1 6f fa  |....]...Y..Z..o.|
-00000010  19 95 38 9e 68 42 d7 0f  73 23 09 3f 01 5f e8 ae  |..8.hB..s#.?._..|
-00000020  d7 06 a2 9b d3 01 0f 0d  23 53 7d 20 55 2b 67 4e  |........#S} U+gN|
-00000030  8b 44 94 a5 25 ef b7 fb  e1 c7 85 e8 15 60 f9 d7  |.D..%........`..|
-00000040  6d a4 3f 3d 42 d7 78 a6  41 49 b7 12 c0 13 00 00  |m.?=B.x.AI......|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 2d 3f 4f 1e 90  |....]...Y..-?O..|
+00000010  6e 65 37 1c 8e a3 17 98  72 de 49 69 4d b9 61 c9  |ne7.....r.IiM.a.|
+00000020  20 c2 92 6f 4f d1 a8 dc  61 71 4d 20 67 dc 24 8f  | ..oO...aqM g.$.|
+00000030  59 12 a0 19 ab ca e1 3a  44 e7 b3 32 bd 7d 04 96  |Y......:D..2.}..|
+00000040  41 1a 44 f6 fb 60 14 8f  6f f8 0e 69 c0 13 00 00  |A.D..`..o..i....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,36 +63,36 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 a7 ec f4  |............ ...|
-000002d0  c7 51 5e a0 fb 55 5a 01  34 cc d1 a6 22 df d6 00  |.Q^..UZ.4..."...|
-000002e0  f5 73 e0 9e b8 9d 2a a9  49 3a 99 ba 17 00 80 14  |.s....*.I:......|
-000002f0  95 47 77 a1 48 b4 e7 ba  6a e8 0e 4e ee 55 25 f5  |.Gw.H...j..N.U%.|
-00000300  ea 82 65 b4 3f db a2 94  03 cc d3 6c 4a e6 cf 57  |..e.?......lJ..W|
-00000310  25 4c 79 b8 fb ab dd 1f  68 e4 55 87 b1 46 12 30  |%Ly.....h.U..F.0|
-00000320  5e 9f 3d 4a 52 24 76 50  c8 54 83 a2 b9 f5 a6 e0  |^.=JR$vP.T......|
-00000330  ec e1 fb ae dd ca d2 c9  b2 31 d5 d4 73 f4 c0 0a  |.........1..s...|
-00000340  29 1c d3 8e 87 4c b4 0a  37 e8 77 e4 e2 a7 e9 9c  |)....L..7.w.....|
-00000350  04 ba af 31 dc 2e 5a b3  2e f3 58 e6 21 0a e2 1c  |...1..Z...X.!...|
-00000360  d4 c6 be b1 70 83 22 05  f8 78 12 6e bd 53 22 16  |....p."..x.n.S".|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 91 5b 49  |............ .[I|
+000002d0  6b 53 81 6a 82 c4 1b db  31 cd d9 3a aa e4 a3 a8  |kS.j....1..:....|
+000002e0  76 8d 29 ba a4 27 eb fe  19 98 de 4c 20 00 80 71  |v.)..'.....L ..q|
+000002f0  a2 66 8e 70 55 ec 04 3c  dd 5a 5e 79 fb 25 2b af  |.f.pU..<.Z^y.%+.|
+00000300  dc aa 47 03 9b c3 99 d2  20 83 81 cb 82 68 8e 62  |..G..... ....h.b|
+00000310  26 90 78 d0 8c 9c 49 87  34 22 c1 0c 73 a8 de 79  |&.x...I.4"..s..y|
+00000320  3c 73 e9 49 15 f0 63 17  19 bb cb 5f 97 c6 20 80  |<s.I..c...._.. .|
+00000330  22 82 1e d0 be 40 da 53  84 53 43 cb ff 24 56 28  |"....@.S.SC..$V(|
+00000340  58 ec 85 47 3e ce eb f3  cb d6 26 9a 83 3b 4b 88  |X..G>.....&..;K.|
+00000350  15 96 f8 84 30 6d b9 e3  44 c4 45 57 aa d1 53 9e  |....0m..D.EW..S.|
+00000360  cc c9 09 c2 1b 17 0d 8f  f7 d7 0e 9d 86 33 60 16  |.............3`.|
 00000370  03 01 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 0f 56 a4  2c c6 11 a2 0a a8 f7 ff  |....0.V.,.......|
-00000040  6e 71 19 e9 e5 c0 e2 6b  86 9b b1 5d 46 8d 62 93  |nq.....k...]F.b.|
-00000050  69 7c 28 6f 25 3d dc ce  fa 6f 91 9e b8 8c 15 cd  |i|(o%=...o......|
-00000060  6a b1 72 ce a8                                    |j.r..|
+00000030  16 03 01 00 30 16 75 14  eb 02 a0 e1 02 79 5f fe  |....0.u......y_.|
+00000040  fe e6 89 69 f1 5b 57 01  58 0f 4c 7d 4e 27 ed ae  |...i.[W.X.L}N'..|
+00000050  b8 b2 b9 53 24 f1 f1 d0  0b f2 d2 a0 21 ca 68 37  |...S$.......!.h7|
+00000060  26 56 78 68 5c                                    |&Vxh\|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 d0 aa 00 27 9e  |..........0...'.|
-00000010  fb 56 22 9f 65 ab 3c cf  34 d9 a0 92 08 62 f2 fe  |.V".e.<.4....b..|
-00000020  29 4b 0c 14 b0 72 f5 c0  f8 2b 7e 1f 38 ad 68 7e  |)K...r...+~.8.h~|
-00000030  37 c3 fb 26 5a 5b 42 39  83 33 c0                 |7..&Z[B9.3.|
+00000000  14 03 01 00 01 01 16 03  01 00 30 0b c7 b6 d7 69  |..........0....i|
+00000010  7a f5 d7 06 f7 e3 78 7b  35 44 c0 88 4d c2 c7 6f  |z.....x{5D..M..o|
+00000020  93 0c 61 32 10 47 08 0d  e3 44 4f 1a 71 80 e3 96  |..a2.G...DO.q...|
+00000030  15 b4 f0 29 b5 d3 7a 78  94 9e a2                 |...)..zx...|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 0e 54 7f  5d b9 f2 73 9d a5 49 25  |.... .T.]..s..I%|
-00000010  c6 b9 03 1e fb 84 76 a9  69 ca 25 79 c3 a4 60 18  |......v.i.%y..`.|
-00000020  94 ff 92 47 4f 17 03 01  00 20 cd 19 d2 cd 7d 7d  |...GO.... ....}}|
-00000030  3b a1 65 ee 4e a2 f2 02  55 02 28 54 28 92 c9 ec  |;.e.N...U.(T(...|
-00000040  db 59 f6 7d 2f 9e 7b 66  0e be 15 03 01 00 20 4f  |.Y.}/.{f...... O|
-00000050  ab cd 12 5b c4 f4 03 0e  57 03 3d f5 4e 09 8b 83  |...[....W.=.N...|
-00000060  8b c6 9c c7 eb 30 8c f2  43 f6 10 30 14 80 c5     |.....0..C..0...|
+00000000  17 03 01 00 20 aa 76 ee  c2 22 9f 8a 31 45 7e 10  |.... .v.."..1E~.|
+00000010  97 00 68 2f 54 fa d9 a9  ad 6a 22 0b 85 c9 f7 f6  |..h/T....j".....|
+00000020  18 02 59 10 51 17 03 01  00 20 23 9e 9f 87 02 fd  |..Y.Q.... #.....|
+00000030  6f d9 22 8d d3 db 4a 42  ac 9b 9a 69 7e 54 20 ab  |o."...JB...i~T .|
+00000040  72 29 4f 06 c6 d2 54 a9  9f 46 15 03 01 00 20 06  |r)O...T..F.... .|
+00000050  51 cd cd 83 a9 ce c5 18  4f 5c 0f a6 68 5b c2 07  |Q.......O\..h[..|
+00000060  31 59 c1 2a bd 4e 21 be  63 5f 29 49 a7 30 4e     |1Y.*.N!.c_)I.0N|
diff --git a/testdata/Client-TLSv10-ExportKeyingMaterial b/testdata/Client-TLSv10-ExportKeyingMaterial
index 92ae0927..6c83cc33 100644
--- a/testdata/Client-TLSv10-ExportKeyingMaterial
+++ b/testdata/Client-TLSv10-ExportKeyingMaterial
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 6f 36 7b f5 f4  |....]...Y..o6{..|
-00000010  3b 49 31 64 aa 42 a7 8c  a2 4d 00 a7 9c b9 b6 9c  |;I1d.B...M......|
-00000020  0d 2f 09 81 e8 ab 74 77  11 fe 0b 20 e0 b9 92 4d  |./....tw... ...M|
-00000030  e2 70 fd 58 ec 58 02 f2  b3 44 d2 3d 7f c9 ad ca  |.p.X.X...D.=....|
-00000040  5c 78 fe f9 36 67 a8 b7  a8 0f 7a 1a c0 13 00 00  |\x..6g....z.....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 6f 7c ae 3c cc  |....]...Y..o|.<.|
+00000010  76 04 54 ef 3c b8 48 b2  c3 fb 68 9d a3 91 e1 43  |v.T.<.H...h....C|
+00000020  a1 d5 a0 fa 87 1c ed 6b  9c 14 da 20 c6 25 eb 72  |.......k... .%.r|
+00000030  1c 0f c4 96 6a 75 ed 73  f9 20 75 8a 58 ca 5d 72  |....ju.s. u.X.]r|
+00000040  3d 97 a2 3e e5 36 c5 04  f2 01 c7 1f c0 13 00 00  |=..>.6..........|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,36 +63,36 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 10 69 5f  |............ .i_|
-000002d0  db e5 a8 1f 14 81 0c c7  35 d4 3c 22 ee 17 a3 21  |........5.<"...!|
-000002e0  47 9b e2 3c 5a f6 f5 46  b9 73 2a 7f 62 00 80 49  |G..<Z..F.s*.b..I|
-000002f0  b9 6b f4 80 03 46 b9 64  be e0 35 93 b0 df ad 5f  |.k...F.d..5...._|
-00000300  ff 51 85 aa 65 e2 ee ea  64 4a 20 f8 14 5e b7 ea  |.Q..e...dJ ..^..|
-00000310  8c d9 70 42 4c f8 f5 34  f9 0e 7f f4 b5 76 12 0e  |..pBL..4.....v..|
-00000320  59 f2 fd 52 85 0f 31 ec  70 c5 21 22 d9 67 ba cf  |Y..R..1.p.!".g..|
-00000330  ae 3e 75 6b 76 a4 b8 c4  94 d5 a5 af 1f fc 4d 66  |.>ukv.........Mf|
-00000340  57 70 1a 4c 21 27 7f c8  69 f4 f4 83 5c 44 32 b4  |Wp.L!'..i...\D2.|
-00000350  73 18 a3 c4 4a c1 71 92  04 7a 49 49 15 25 05 a0  |s...J.q..zII.%..|
-00000360  61 69 f8 38 4b 9f 92 96  f4 6b 6b 4b 96 60 45 16  |ai.8K....kkK.`E.|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 71 f2 c9  |............ q..|
+000002d0  aa 88 45 b7 8a 34 c8 0b  f4 09 5d fb c2 a2 27 ad  |..E..4....]...'.|
+000002e0  48 86 ba 5f c7 a6 55 10  a4 ef 9c 45 4e 00 80 b8  |H.._..U....EN...|
+000002f0  82 3a a3 50 23 f2 a5 b2  69 fd 5b 36 b0 7a 16 6d  |.:.P#...i.[6.z.m|
+00000300  b7 7a df 77 bd 11 48 27  6c f5 7c 41 9c 66 50 13  |.z.w..H'l.|A.fP.|
+00000310  1e 57 c5 28 79 2f 55 41  63 18 12 b6 d1 d9 6a 7b  |.W.(y/UAc.....j{|
+00000320  77 fe 95 44 16 f3 e5 6f  f3 6c 39 15 da f5 bd 13  |w..D...o.l9.....|
+00000330  35 fc dc ce 4e 7c 89 ae  46 d0 d5 5a b2 d2 d8 28  |5...N|..F..Z...(|
+00000340  b2 e0 d8 6b 09 ed 4a 17  78 27 8d c4 14 26 86 6d  |...k..J.x'...&.m|
+00000350  2d 15 9e ec a9 09 11 71  1f b8 5b a8 24 33 55 09  |-......q..[.$3U.|
+00000360  b1 b6 4d 55 b4 06 63 c5  89 a6 9d e1 19 41 b2 16  |..MU..c......A..|
 00000370  03 01 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 e2 8b e2  aa 5a 35 c5 e5 68 ce f4  |....0....Z5..h..|
-00000040  fa 51 3f 7b 3e 99 2f 21  b2 c6 b2 70 74 af ae ca  |.Q?{>./!...pt...|
-00000050  36 86 78 08 ea 8f 02 29  e6 a6 71 fa ad 7f c6 97  |6.x....)..q.....|
-00000060  54 6f 88 a3 4b                                    |To..K|
+00000030  16 03 01 00 30 9e df 6e  5c c6 25 f6 20 e1 0d 34  |....0..n\.%. ..4|
+00000040  c8 a7 38 07 20 b7 fc e2  4d da 40 7f 29 38 7b 42  |..8. ...M.@.)8{B|
+00000050  af 9b 6f 14 a7 68 15 2e  a0 53 67 73 19 ef 08 c3  |..o..h...Sgs....|
+00000060  d0 c5 af cf b6                                    |.....|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 af 26 01 47 8a  |..........0.&.G.|
-00000010  a3 08 b2 79 1c fe fa 91  e8 4b a6 e1 ad 8e 59 b7  |...y.....K....Y.|
-00000020  ea 41 ee 3e 3a aa 2f f2  07 9e 0d 90 3d 6f 92 d5  |.A.>:./.....=o..|
-00000030  72 92 ad ae ee c8 5d 48  a0 25 46                 |r.....]H.%F|
+00000000  14 03 01 00 01 01 16 03  01 00 30 5c e5 b5 c2 ef  |..........0\....|
+00000010  6e 64 45 f9 c8 0f 9f 6a  41 b8 47 ad f5 25 af e5  |ndE....jA.G..%..|
+00000020  4c 78 86 dc b9 25 c3 0c  69 f7 41 ec 94 a8 06 4c  |Lx...%..i.A....L|
+00000030  b5 37 f8 17 b8 34 37 c2  7c ff d3                 |.7...47.|..|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 29 2b 6a  75 2b 1b 94 f4 cb 80 14  |.... )+ju+......|
-00000010  16 91 ec 08 77 5a 08 45  e7 51 2e a2 ec 03 f0 ca  |....wZ.E.Q......|
-00000020  35 88 20 3a 2e 17 03 01  00 20 59 0c 48 6f 66 8e  |5. :..... Y.Hof.|
-00000030  88 62 90 cc 33 39 62 ce  96 28 d0 2f 40 6e ed 14  |.b..39b..(./@n..|
-00000040  94 72 88 d8 4a cb 73 24  a9 01 15 03 01 00 20 5c  |.r..J.s$...... \|
-00000050  8a 91 45 ed c9 38 e7 1d  71 02 b8 30 bf 24 0e 30  |..E..8..q..0.$.0|
-00000060  6d fa 0a 4a 39 9f 56 b2  04 99 3e 67 bd bc d9     |m..J9.V...>g...|
+00000000  17 03 01 00 20 98 c1 0e  51 02 22 68 39 62 1d 2f  |.... ...Q."h9b./|
+00000010  79 46 0d 97 2c c1 1f 9b  aa cd 21 d8 7f c9 d6 bf  |yF..,.....!.....|
+00000020  f3 ef 94 ad 18 17 03 01  00 20 59 0c 3e 4e c7 ac  |......... Y.>N..|
+00000030  d2 2e 01 b9 39 69 09 ac  76 ce d8 6e e9 ea 6f 09  |....9i..v..n..o.|
+00000040  23 f4 75 4f 20 c0 a9 a8  8f 21 15 03 01 00 20 e5  |#.uO ....!.... .|
+00000050  e1 6c 39 c4 51 0a 13 b1  ec ef 75 ce e0 b8 d5 08  |.l9.Q.....u.....|
+00000060  22 22 b1 d0 61 78 c8 7d  3c 9c f2 bf 08 12 89     |""..ax.}<......|
diff --git a/testdata/Client-TLSv10-RSA-RC4 b/testdata/Client-TLSv10-RSA-RC4
index 8fce559c..cf9ec918 100644
--- a/testdata/Client-TLSv10-RSA-RC4
+++ b/testdata/Client-TLSv10-RSA-RC4
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 55 02 00 00  51 03 01 9b 6a cd e3 08  |....U...Q...j...|
-00000010  29 e7 32 d1 53 14 f5 4a  cf b7 61 1a 90 d6 9a 73  |).2.S..J..a....s|
-00000020  ad 48 2a 08 ce d7 d7 cb  f8 25 b1 20 c1 24 61 85  |.H*......%. .$a.|
-00000030  31 d2 81 5e 8e c8 31 40  56 36 79 af bb f7 90 d3  |1..^..1@V6y.....|
-00000040  06 5e 4b 5a 62 50 c0 d5  89 7f 35 70 00 05 00 00  |.^KZbP....5p....|
+00000000  16 03 01 00 55 02 00 00  51 03 01 2a bd da 4f 4d  |....U...Q..*..OM|
+00000010  29 da 36 8a ab 13 02 82  da 2e 53 56 77 18 69 8a  |).6.......SVw.i.|
+00000020  52 ab b2 36 83 38 80 ca  5b 10 38 20 66 2c a6 cf  |R..6.8..[.8 f,..|
+00000030  90 d0 b5 23 0a 4f ac d8  04 09 b3 3a 87 56 f5 8e  |...#.O.....:.V..|
+00000040  68 11 9c 41 2c 3e 14 ea  b8 ad e3 c4 00 05 00 00  |h..A,>..........|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 01 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -72,15 +74,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 01 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 01 00 24 b3 7b  e6 d1 8f 79 04 e2 42 0f  |.....$.{...y..B.|
-000000a0  61 de d2 be 1e 4d 8f d4  6f 7e 2d 59 cf 23 ff 1e  |a....M..o~-Y.#..|
-000000b0  74 ea 2a 9c 7e e2 5b 23  05 2e                    |t.*.~.[#..|
+00000090  01 16 03 01 00 24 e7 0e  d1 a9 78 47 47 d3 9e c7  |.....$....xGG...|
+000000a0  76 6d f7 e7 5e b6 df ff  e0 e8 2f a6 9d b4 70 eb  |vm..^...../...p.|
+000000b0  06 00 c9 0e 42 f6 3f 2f  23 83                    |....B.?/#.|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 24 3c 4e 68 82 8f  |..........$<Nh..|
-00000010  af 84 ca 45 a4 3b 05 b2  73 ac 53 8c 3a f3 21 60  |...E.;..s.S.:.!`|
-00000020  4d 6c e1 1d 09 af 06 0e  f7 fa ab dc f0 22 00     |Ml...........".|
+00000000  14 03 01 00 01 01 16 03  01 00 24 3f 6d ab 1f 62  |..........$?m..b|
+00000010  0c 70 c8 df ea 23 f2 36  cf a3 01 89 f2 c4 d6 56  |.p...#.6.......V|
+00000020  59 ac 59 13 24 40 31 19  2b 66 ad d3 5d b7 a4     |Y.Y.$@1.+f..]..|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 1a e0 a4 39  3c 9c 5c 8e 60 db 8e 5c  |.......9<.\.`..\|
-00000010  13 aa 60 4a 1c f0 71 1b  f2 4d a9 f8 52 07 bd 15  |..`J..q..M..R...|
-00000020  03 01 00 16 9e f3 0a 66  42 77 5a 75 74 18 85 f1  |.......fBwZut...|
-00000030  3c fb ea d4 b8 76 6d eb  48 3d                    |<....vm.H=|
+00000000  17 03 01 00 1a a0 8c 45  7f 0d 75 48 6f 15 7b af  |.......E..uHo.{.|
+00000010  6c e5 d2 10 c6 f2 ba 1e  09 50 83 40 f2 96 7c 15  |l........P.@..|.|
+00000020  03 01 00 16 53 b3 bd 98  38 ed 20 35 0a 5a 03 f3  |....S...8. 5.Z..|
+00000030  49 5c 69 85 4d ae 7e f9  fc 9d                    |I\i.M.~...|
diff --git a/testdata/Client-TLSv11-ECDHE-ECDSA-AES b/testdata/Client-TLSv11-ECDHE-ECDSA-AES
index 0ad2db05..3a5fa10a 100644
--- a/testdata/Client-TLSv11-ECDHE-ECDSA-AES
+++ b/testdata/Client-TLSv11-ECDHE-ECDSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 5d 02 00 00  59 03 02 51 70 ac 24 75  |....]...Y..Qp.$u|
-00000010  53 94 02 c6 20 8e 22 0d  b2 79 30 3b ee a1 00 44  |S... ."..y0;...D|
-00000020  f3 1c b8 a3 4c 51 c4 d9  30 95 d4 20 ca 82 67 4f  |....LQ..0.. ..gO|
-00000030  8c 13 5f c2 7e fc e0 0c  04 5c e2 9a c2 a3 02 a1  |.._.~....\......|
-00000040  bc fa ca 16 38 83 2e 5a  c1 75 19 67 c0 09 00 00  |....8..Z.u.g....|
+00000000  16 03 02 00 5d 02 00 00  59 03 02 2b 28 48 86 02  |....]...Y..+(H..|
+00000010  ae 35 61 75 02 0b ea 8c  a1 3b ea c3 6c 26 e6 8d  |.5au.....;..l&..|
+00000020  a0 49 0c 96 f2 a4 75 b6  5d f5 29 20 ff 34 87 5d  |.I....u.].) .4.]|
+00000030  f9 ca 98 f2 49 10 3b 98  ff 30 5f a4 28 0d 9b d1  |....I.;..0_.(...|
+00000040  60 02 7b fe a0 b8 7e 40  4e fb 45 54 c0 09 00 00  |`.{...~@N.ET....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 02 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -56,39 +58,39 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 02  00 b5 0c 00 00 b1 03 00  |....*...........|
-00000280  1d 20 4a 31 cd 48 ea 05  09 8a 6d 78 c5 46 5d ea  |. J1.H....mx.F].|
-00000290  fb aa 62 79 17 70 31 5e  5a 95 c1 ce a9 52 3e 8e  |..by.p1^Z....R>.|
-000002a0  a1 7b 00 8b 30 81 88 02  42 01 e1 c6 99 40 d7 9f  |.{..0...B....@..|
-000002b0  15 41 f4 4f 54 5f 5d 14  bd a6 cc 18 6e 67 98 ab  |.A.OT_].....ng..|
-000002c0  6a 33 9d 54 68 94 2a 89  22 66 2d 20 97 e7 53 c9  |j3.Th.*."f- ..S.|
-000002d0  f8 ee ad 64 46 6e 53 1d  d6 57 55 6a 4c bc 37 1f  |...dFnS..WUjL.7.|
-000002e0  e7 9c c4 bb 23 cb af 27  2a 19 94 02 42 01 35 b4  |....#..'*...B.5.|
-000002f0  a1 f0 c2 6d 34 f0 05 a7  25 9a 22 6c 3e 41 e7 a0  |...m4...%."l>A..|
-00000300  1e 8f 5a 28 b1 5a 88 46  48 7e 40 93 f2 38 9d 33  |..Z(.Z.FH~@..8.3|
-00000310  6b b5 92 ed 6d 44 07 03  c8 77 ee 3a 80 37 1e f9  |k...mD...w.:.7..|
-00000320  4d 5c 2b 6d c5 15 07 b2  7c eb c5 f5 c5 14 dd 16  |M\+m....|.......|
-00000330  03 02 00 04 0e 00 00 00                           |........|
+00000270  95 12 07 8f 2a 16 03 02  00 b4 0c 00 00 b0 03 00  |....*...........|
+00000280  1d 20 33 24 10 dd 39 bf  dd 42 80 f9 51 75 5d d5  |. 3$..9..B..Qu].|
+00000290  e3 97 b0 70 c8 9a e5 3c  90 5a f6 84 e7 17 2e d4  |...p...<.Z......|
+000002a0  71 6e 00 8a 30 81 87 02  42 01 f3 ed 17 7f 96 9d  |qn..0...B.......|
+000002b0  52 49 6b fd fb 94 28 67  8d 2f 75 7c 59 31 d1 b7  |RIk...(g./u|Y1..|
+000002c0  61 ed 94 c6 1a df 49 e6  9f 19 f1 54 0f 28 2f 3b  |a.....I....T.(/;|
+000002d0  18 fc 73 61 6d 7c 7e dd  61 80 d7 98 2e 20 6a 54  |..sam|~.a.... jT|
+000002e0  37 23 2b d7 11 e0 fa a4  98 49 78 02 41 39 49 af  |7#+......Ix.A9I.|
+000002f0  f9 28 5c 2b 50 0d 6e be  13 17 df 9a fb d0 71 9c  |.(\+P.n.......q.|
+00000300  6c 43 eb 09 90 ce 09 bd  f3 54 9f 73 da c7 ef f3  |lC.......T.s....|
+00000310  df 36 0e 75 d5 cc 4d 42  a5 d8 4c f9 e9 32 b9 90  |.6.u..MB..L..2..|
+00000320  9f fd 6c 70 bc d6 cf 73  b6 0b f0 db 55 d6 16 03  |..lp...s....U...|
+00000330  02 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
 00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 40 aa 15  c7 e0 2e f6 9e e8 aa 92  |.....@..........|
-00000050  81 6d 83 8f 13 7e 7c d5  9f b9 bf ca 5d da fd 3c  |.m...~|.....]..<|
-00000060  ba c7 8e 8e 9a 93 86 21  49 15 04 9d b8 75 c1 fe  |.......!I....u..|
-00000070  5b a6 41 d5 46                                    |[.A.F|
+00000040  00 00 00 00 00 2b 2a 78  3f 77 6c 2d e6 26 0f ac  |.....+*x?wl-.&..|
+00000050  c3 d8 c9 0f c0 3d c7 7c  e4 08 da 9c af 0f 88 4c  |.....=.|.......L|
+00000060  2f 8e c0 96 78 a4 1f 2c  73 8c 7d 93 28 d1 ce e2  |/...x..,s.}.(...|
+00000070  06 74 35 9d ba                                    |.t5..|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 ba a7 6d aa 40  |..........@..m.@|
-00000010  b5 94 f8 d6 84 38 7c 19  7f b9 e9 8b 0f a8 db 4c  |.....8|........L|
-00000020  68 cf 1e d4 e0 b2 7c 78  80 76 18 c7 a5 cf 57 2d  |h.....|x.v....W-|
-00000030  1e 3d 17 b2 ce 44 93 76  38 91 4b d0 7f 09 00 2f  |.=...D.v8.K..../|
-00000040  c2 da c7 32 70 de fd cb  a4 99 90                 |...2p......|
+00000000  14 03 02 00 01 01 16 03  02 00 40 a7 8b 1b c5 b8  |..........@.....|
+00000010  b6 44 7d 9b 34 e7 c7 f1  d2 c6 19 e8 13 d4 0a b1  |.D}.4...........|
+00000020  07 ae 88 d1 7b 34 ca 0e  84 ab b3 e5 d6 13 22 22  |....{4........""|
+00000030  2b 1c e6 c9 2e b6 15 46  55 7d 2c 34 69 2b 06 62  |+......FU},4i+.b|
+00000040  d9 ef ce da d7 c8 98 3a  e5 23 87                 |.......:.#.|
 >>> Flow 5 (client to server)
 00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 86 40 c2  e7 d4 56 43 6b e0 e4 96  |......@...VCk...|
-00000020  41 74 2e b1 65 cd c6 93  06 71 f0 25 20 21 c5 1b  |At..e....q.% !..|
-00000030  d2 ea eb e4 06 15 03 02  00 30 00 00 00 00 00 00  |.........0......|
-00000040  00 00 00 00 00 00 00 00  00 00 1e a9 c0 dc d8 23  |...............#|
-00000050  f2 08 b0 c5 b2 2e 53 9b  23 50 8a 02 c6 41 9a 36  |......S.#P...A.6|
-00000060  59 b1 23 d9 5e 91 45 cf  1b a1                    |Y.#.^.E...|
+00000010  00 00 00 00 00 8f de 5e  92 28 7d 7d 8a 7e 48 40  |.......^.(}}.~H@|
+00000020  9b a6 8c 13 d3 fe 71 c9  d7 f9 a8 3a 06 64 da f2  |......q....:.d..|
+00000030  dc cf 69 f2 4b 15 03 02  00 30 00 00 00 00 00 00  |..i.K....0......|
+00000040  00 00 00 00 00 00 00 00  00 00 78 0f 3e c5 3c e9  |..........x.>.<.|
+00000050  39 5d 5c 7a 2c 16 f0 7f  b7 ca 3b 85 f3 ab f4 3d  |9]\z,.....;....=|
+00000060  ce df fd 6d 4d ad f4 89  38 ba                    |...mM...8.|
diff --git a/testdata/Client-TLSv11-ECDHE-RSA-AES b/testdata/Client-TLSv11-ECDHE-RSA-AES
index 83c7d771..f15445e5 100644
--- a/testdata/Client-TLSv11-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv11-ECDHE-RSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 5d 02 00 00  59 03 02 79 2f de f0 f3  |....]...Y..y/...|
-00000010  97 6a 5e e3 07 66 d9 f2  8b e9 be 1a 97 9f 6d c8  |.j^..f........m.|
-00000020  9d b5 88 57 fc 8c 5d 7f  d7 3e 34 20 e5 4c 51 33  |...W..]..>4 .LQ3|
-00000030  52 23 a0 52 77 ca 41 4a  1b e4 22 fb 1c 82 f8 e4  |R#.Rw.AJ..".....|
-00000040  aa 13 c2 1a ce cd d5 42  de b0 e9 10 c0 13 00 00  |.......B........|
+00000000  16 03 02 00 5d 02 00 00  59 03 02 87 2b b1 e5 7b  |....]...Y...+..{|
+00000010  0e 0d 78 af b9 41 3c 0b  5a 38 2f 40 6d 13 69 da  |..x..A<.Z8/@m.i.|
+00000020  3a d6 e5 62 ef 72 70 66  9d f0 f4 20 a4 e2 a1 a7  |:..b.rpf... ....|
+00000030  51 f7 7e 23 38 df 2e dd  0b 2f 87 a5 86 93 aa 9d  |Q.~#8..../......|
+00000040  0e aa 02 2b 42 31 cb 36  f3 6b 8e db c0 13 00 00  |...+B1.6.k......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 02 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,38 +63,38 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 02 00 aa 0c 00 00  a6 03 00 1d 20 ef 2a b0  |............ .*.|
-000002d0  da 99 1f 17 dc 29 38 43  c2 72 18 b6 ea ad 8f e6  |.....)8C.r......|
-000002e0  f2 d2 81 e5 f6 2e 6c 5a  95 89 10 14 34 00 80 11  |......lZ....4...|
-000002f0  ff 56 fa 9e 9f 0c b9 a9  57 c4 2c cb a1 ce 70 ca  |.V......W.,...p.|
-00000300  94 bd 5e 54 0e eb da ce  1b 19 ee bc aa bb 9c 10  |..^T............|
-00000310  f8 6e 59 48 82 5e fe 3c  2e 28 6d 8a 2f 08 ce df  |.nYH.^.<.(m./...|
-00000320  52 e2 07 a6 68 68 69 fc  2b d7 fd 28 ef 48 85 c9  |R...hhi.+..(.H..|
-00000330  70 75 b4 f4 04 2f 39 69  ee 1a aa 14 c9 7b e0 f7  |pu.../9i.....{..|
-00000340  bc 50 76 df 24 57 8b a4  ca 87 8a b5 ff c9 13 9e  |.Pv.$W..........|
-00000350  d3 9e 2b e1 d4 6f 0c ce  61 83 e9 38 51 04 2e 23  |..+..o..a..8Q..#|
-00000360  b4 f8 90 f4 0f 45 93 34  14 f4 ca 4f 13 02 89 16  |.....E.4...O....|
+000002c0  16 03 02 00 aa 0c 00 00  a6 03 00 1d 20 94 fa 9b  |............ ...|
+000002d0  b7 34 fd 4c f3 a7 12 a3  0f 6a a2 d2 c3 35 71 3a  |.4.L.....j...5q:|
+000002e0  fa 5c 7e aa ab 17 c9 bf  ae 29 a0 89 4e 00 80 26  |.\~......)..N..&|
+000002f0  6a cd b9 50 a0 61 19 60  c6 fd 58 69 11 7a 11 ac  |j..P.a.`..Xi.z..|
+00000300  16 1d 20 4a 28 4d 7a 9c  7a cb b7 a0 ac 90 3d 25  |.. J(Mz.z.....=%|
+00000310  dc a7 3d d0 5c d7 34 c4  a6 4c 47 73 8e 5a 1b 06  |..=.\.4..LGs.Z..|
+00000320  a5 2d e1 5e 04 d4 c6 31  2e 24 79 6c 0b df 67 3a  |.-.^...1.$yl..g:|
+00000330  f1 7c 5f c0 37 4a ec 1e  d2 32 7c 4f fa 9a d4 51  |.|_.7J...2|O...Q|
+00000340  be 2a 76 f2 74 78 b6 cf  22 d6 3d 16 1b ca 6b 9b  |.*v.tx..".=...k.|
+00000350  d9 9a 3f 65 e4 83 63 91  15 f1 c4 69 45 a3 d9 ab  |..?e..c....iE...|
+00000360  f5 d3 a9 0e 15 00 20 bb  43 20 a7 90 db c6 1d 16  |...... .C ......|
 00000370  03 02 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
 00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 34 fa 43  0a 6f 38 d0 80 5d a1 d6  |.....4.C.o8..]..|
-00000050  61 c9 62 a9 b2 14 88 b4  7d b9 dc 20 93 11 27 37  |a.b.....}.. ..'7|
-00000060  5a 2a 5b d4 10 54 75 23  8d 39 4a 5b 51 80 48 f2  |Z*[..Tu#.9J[Q.H.|
-00000070  16 64 e5 90 38                                    |.d..8|
+00000040  00 00 00 00 00 5e 93 f4  06 23 2b f4 7e d1 4f 6c  |.....^...#+.~.Ol|
+00000050  3e ad 67 fe 6c 33 42 e7  c0 ce 2b b9 38 0e ec 6e  |>.g.l3B...+.8..n|
+00000060  dc 78 d0 51 d9 57 ef 67  69 4e cd 51 52 9b 09 df  |.x.Q.W.giN.QR...|
+00000070  7e 8d ee cc f1                                    |~....|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 f8 77 bf c0 dd  |..........@.w...|
-00000010  11 e1 3f 90 e0 1a c0 dc  a6 6a b2 81 9b 1b 63 bc  |..?......j....c.|
-00000020  42 b6 23 b2 1f 95 36 38  56 f8 a4 e4 c1 c9 6f d2  |B.#...68V.....o.|
-00000030  64 16 13 16 b7 25 53 ec  a1 c2 94 de 8d ae 38 b9  |d....%S.......8.|
-00000040  07 29 42 1d 16 3d fb 29  8b 76 15                 |.)B..=.).v.|
+00000000  14 03 02 00 01 01 16 03  02 00 40 22 ca 73 9e 54  |..........@".s.T|
+00000010  72 60 64 fd f2 29 fa a1  47 04 ca e7 27 db 82 a8  |r`d..)..G...'...|
+00000020  66 ed 3c 2b 8f 67 8e 09  1a 2d 24 3b 9e dc 8e 1e  |f.<+.g...-$;....|
+00000030  64 ba db a7 64 11 5a 6f  e6 29 cc ed 73 6c 13 b8  |d...d.Zo.)..sl..|
+00000040  40 44 5f d8 72 df 59 b8  a4 4f 7e                 |@D_.r.Y..O~|
 >>> Flow 5 (client to server)
 00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 59 ac 45  2f 3f 3b d3 5d 73 08 85  |.....Y.E/?;.]s..|
-00000020  9a 0e 99 a2 ad 8d 4e de  52 e9 5b 8b 76 71 5d 5e  |......N.R.[.vq]^|
-00000030  6b ec 05 24 a5 15 03 02  00 30 00 00 00 00 00 00  |k..$.....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 92 ce 2d b7 15 d2  |............-...|
-00000050  3b c5 42 ad aa 73 a8 e0  ac 26 d2 e7 ef c7 a9 72  |;.B..s...&.....r|
-00000060  75 96 5c 8c 2d 60 6e 57  bd ef                    |u.\.-`nW..|
+00000010  00 00 00 00 00 51 2f d5  ee 59 bc cc c2 73 15 e1  |.....Q/..Y...s..|
+00000020  15 cb 89 24 d8 7a 2c 2e  d9 9c 9f fc 2b 90 f6 28  |...$.z,.....+..(|
+00000030  fd e5 db 9b 0f 15 03 02  00 30 00 00 00 00 00 00  |.........0......|
+00000040  00 00 00 00 00 00 00 00  00 00 a1 7a 29 17 c3 33  |...........z)..3|
+00000050  87 e8 3a 81 97 ae df 40  97 fc 0b f4 6a 00 84 37  |..:....@....j..7|
+00000060  8c 68 d1 8e db a8 d3 04  93 60                    |.h.......`|
diff --git a/testdata/Client-TLSv11-RSA-RC4 b/testdata/Client-TLSv11-RSA-RC4
index dd58620c..bb770e61 100644
--- a/testdata/Client-TLSv11-RSA-RC4
+++ b/testdata/Client-TLSv11-RSA-RC4
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 55 02 00 00  51 03 02 42 bb c8 01 43  |....U...Q..B...C|
-00000010  e4 f7 10 09 bf 35 a3 c2  d7 ca 60 a9 60 be 1d 00  |.....5....`.`...|
-00000020  92 33 b6 3e 56 2b c2 f7  29 e3 f9 20 8c d7 b6 90  |.3.>V+..).. ....|
-00000030  03 f5 8b 55 e9 81 47 5b  84 ec 19 bc 32 58 c6 30  |...U..G[....2X.0|
-00000040  f1 79 ea 51 a2 18 cc c0  4e 8a 8e cb 00 05 00 00  |.y.Q....N.......|
+00000000  16 03 02 00 55 02 00 00  51 03 02 fa ec 74 4b af  |....U...Q....tK.|
+00000010  f7 bb 7c 03 0a 35 f9 91  1e 62 c8 d7 9d b0 cc 29  |..|..5...b.....)|
+00000020  0c 67 f1 a9 c6 be ff aa  ee 45 2c 20 7e 02 45 29  |.g.......E, ~.E)|
+00000030  e8 01 2c 76 c9 49 9c bf  ca b7 0c b0 86 69 2a d0  |..,v.I.......i*.|
+00000040  34 59 2c 16 b1 bd 67 1a  e8 f9 97 3d 00 05 00 00  |4Y,...g....=....|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 02 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -72,15 +74,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 02 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 02 00 24 a8 40  50 90 31 50 fc 5e d8 f5  |.....$.@P.1P.^..|
-000000a0  64 7a a5 62 8d ad ce 03  34 c9 ab 16 31 45 bc 8b  |dz.b....4...1E..|
-000000b0  26 8b fa 38 7a 2e 60 42  86 46                    |&..8z.`B.F|
+00000090  01 16 03 02 00 24 8b f8  3f ae 9d 41 27 8e 52 ca  |.....$..?..A'.R.|
+000000a0  75 8c 1b 76 fa 20 4f 7f  97 62 ac a6 85 33 71 32  |u..v. O..b...3q2|
+000000b0  34 8d 4b e3 d4 a1 a0 bc  9c 29                    |4.K......)|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 24 83 1d 5a 04 90  |..........$..Z..|
-00000010  1f 8d 07 46 39 1e 3c cf  cb 06 45 f5 88 9e 68 5c  |...F9.<...E...h\|
-00000020  96 a0 06 47 43 21 20 ce  90 1f 24 49 52 30 59     |...GC! ...$IR0Y|
+00000000  14 03 02 00 01 01 16 03  02 00 24 1d d6 e8 70 53  |..........$...pS|
+00000010  f2 9e 4f ce 5f 35 4e 8d  41 1f 78 9a 72 79 2b cc  |..O._5N.A.x.ry+.|
+00000020  17 cd 48 16 b0 69 8b 41  b7 5a c6 df ec f6 5d     |..H..i.A.Z....]|
 >>> Flow 5 (client to server)
-00000000  17 03 02 00 1a f9 9f c2  32 02 96 87 95 4b ba 17  |........2....K..|
-00000010  1f b9 af fe 6a 87 38 d4  d8 b4 f8 1d ad 05 00 15  |....j.8.........|
-00000020  03 02 00 16 54 07 15 34  f4 c3 a2 3e 01 9e 00 cb  |....T..4...>....|
-00000030  83 f7 58 79 e2 dc a4 b8  15 e9                    |..Xy......|
+00000000  17 03 02 00 1a 69 a6 2b  fe 20 e2 2e e6 b2 ed 03  |.....i.+. ......|
+00000010  92 ae e0 ff 84 56 12 f3  60 01 92 c0 f3 0e 8f 15  |.....V..`.......|
+00000020  03 02 00 16 d1 05 c5 6f  f3 3c 18 63 2b 9c 68 39  |.......o.<.c+.h9|
+00000030  c4 45 90 f1 ef 3f e1 00  2f 78                    |.E...?../x|
diff --git a/testdata/Client-TLSv12-AES128-GCM-SHA256 b/testdata/Client-TLSv12-AES128-GCM-SHA256
index d88acc95..1db74434 100644
--- a/testdata/Client-TLSv12-AES128-GCM-SHA256
+++ b/testdata/Client-TLSv12-AES128-GCM-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 d1 5c 30 66 38  |....U...Q...\0f8|
-00000010  84 89 85 fe b6 87 de 62  8e b5 86 18 16 f7 8f b0  |.......b........|
-00000020  f2 00 09 e5 55 d7 10 a0  76 d8 58 20 23 7d ff 5f  |....U...v.X #}._|
-00000030  b4 b5 5b de b9 7a f9 d1  bc 90 ff 2c 1d d7 fe ed  |..[..z.....,....|
-00000040  2f 6e 29 d8 08 61 0b 9d  cc 7d 64 6a 00 9c 00 00  |/n)..a...}dj....|
+00000000  16 03 03 00 55 02 00 00  51 03 03 00 13 58 0b 7f  |....U...Q....X..|
+00000010  3c 39 9d df c9 4e 95 64  d5 9f 86 b0 8b 19 35 a2  |<9...N.d......5.|
+00000020  71 da 39 5b 14 a5 a4 fd  79 8b 02 20 bf a6 01 51  |q.9[....y.. ...Q|
+00000030  3e 8d 7a 68 ef 24 9a a1  92 d8 72 6a 71 0e c9 fa  |>.zh.$....rjq...|
+00000040  f9 03 36 ca 4b 8a fd 17  95 f5 53 e7 00 9c 00 00  |..6.K.....S.....|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -72,17 +74,17 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 df b8  |.....(..........|
-000000a0  35 7a 3e 44 d1 f5 6c c5  43 82 3a ac 11 c8 53 0b  |5z>D..l.C.:...S.|
-000000b0  a6 d3 5c f0 5b ca e8 6a  c7 13 88 65 50 71        |..\.[..j...ePq|
+00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 07 7c  |.....(.........||
+000000a0  26 b4 f3 ba 9c 22 69 af  a3 77 5f a3 59 9c b7 58  |&...."i..w_.Y..X|
+000000b0  90 e2 de e3 4f ab b6 2a  08 f4 63 14 9e 5f        |....O..*..c.._|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 3f 30 36 77 c6  |..........(?06w.|
-00000010  6d 4f 37 2c ac f1 c2 24  9d e1 3f 0c 51 64 12 67  |mO7,...$..?.Qd.g|
-00000020  83 47 ec f1 b8 02 6d 11  11 b7 ec ab 09 26 41 ff  |.G....m......&A.|
-00000030  e8 32 05                                          |.2.|
+00000000  14 03 03 00 01 01 16 03  03 00 28 d1 2c 6c a6 ff  |..........(.,l..|
+00000010  35 08 ad e8 3d cd f4 71  1c f7 62 97 44 c5 41 26  |5...=..q..b.D.A&|
+00000020  a4 ff a6 eb 63 e7 45 b1  31 3e ea 0e 33 b4 1d 4a  |....c.E.1>..3..J|
+00000030  9b 1f 87                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 af 3a 1e  |..............:.|
-00000010  98 3e 74 5f 66 64 eb 6c  88 36 33 f0 98 e8 46 e9  |.>t_fd.l.63...F.|
-00000020  f1 2f 32 15 03 03 00 1a  00 00 00 00 00 00 00 02  |./2.............|
-00000030  76 2b 83 08 46 7d 34 58  db e8 e8 e1 e2 cb ad 1e  |v+..F}4X........|
-00000040  e4 a5                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 6f ba 97  |.............o..|
+00000010  a1 bb 88 f8 58 ce b3 81  94 20 97 f0 cd 79 5f 9e  |....X.... ...y_.|
+00000020  3d 3f b5 15 03 03 00 1a  00 00 00 00 00 00 00 02  |=?..............|
+00000030  8e 92 d4 4f a2 0e e5 69  e5 9a 7f 7d da 93 54 5c  |...O...i...}..T\|
+00000040  6e 4d                                             |nM|
diff --git a/testdata/Client-TLSv12-AES128-SHA256 b/testdata/Client-TLSv12-AES128-SHA256
index 030cbc6f..57fbc75c 100644
--- a/testdata/Client-TLSv12-AES128-SHA256
+++ b/testdata/Client-TLSv12-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 bd e7 e2 ea 28  |....U...Q......(|
-00000010  09 0b 7f 30 b5 91 fd b4  91 d1 c3 b8 8f 25 38 88  |...0.........%8.|
-00000020  62 28 5c 1d 14 1a 6a 50  7d 30 e8 20 c3 91 2d ea  |b(\...jP}0. ..-.|
-00000030  59 8d 1d 56 98 c9 02 c0  f1 98 94 a6 8c 2b f2 63  |Y..V.........+.c|
-00000040  ed b9 97 36 c6 c6 32 97  9e 61 6c 3b 00 3c 00 00  |...6..2..al;.<..|
+00000000  16 03 03 00 55 02 00 00  51 03 03 84 b7 a9 d5 83  |....U...Q.......|
+00000010  f6 80 cf 15 58 39 5a 3b  4b f1 6d 2a 86 8b 92 ed  |....X9Z;K.m*....|
+00000020  f8 fb e0 16 c1 2c 94 3a  eb 69 c4 20 e1 b7 43 24  |.....,.:.i. ..C$|
+00000030  e7 9c 69 47 60 48 b0 8b  2b 0b 52 2a 8b 8b 5b 1f  |..iG`H..+.R*..[.|
+00000040  67 12 f6 94 46 c5 b1 53  73 29 f9 d6 00 3c 00 00  |g...F..Ss)...<..|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -73,25 +75,25 @@
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
 00000090  01 16 03 03 00 50 00 00  00 00 00 00 00 00 00 00  |.....P..........|
-000000a0  00 00 00 00 00 00 f3 6e  c5 65 29 75 22 fe 23 6f  |.......n.e)u".#o|
-000000b0  96 fa b3 8d 98 ac df bf  3a 23 ca 4f d9 52 95 3f  |........:#.O.R.?|
-000000c0  89 8b 61 cf d2 2d f3 14  31 9d 3a 6f a9 b5 7b 69  |..a..-..1.:o..{i|
-000000d0  27 a6 2b 2d 43 6e 77 f1  cd 73 fa 80 7b bf 8a 1d  |'.+-Cnw..s..{...|
-000000e0  83 c5 9b 8c 0a 03                                 |......|
+000000a0  00 00 00 00 00 00 46 00  2f ca 25 2b 92 37 79 de  |......F./.%+.7y.|
+000000b0  88 56 36 da ea 43 78 d7  51 72 53 c1 8b ae 33 3a  |.V6..Cx.QrS...3:|
+000000c0  d2 93 57 08 a1 14 22 5b  5b 33 fe 7c 13 33 17 d6  |..W..."[[3.|.3..|
+000000d0  ef 3b be e6 1c ee 09 c0  5e 86 89 9d 50 e2 e9 b3  |.;......^...P...|
+000000e0  3b 09 4c 70 f8 eb                                 |;.Lp..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 f6 93 f3 85 25  |..........P....%|
-00000010  06 5c 47 ea d5 6e 90 05  21 91 9a 86 06 42 f6 54  |.\G..n..!....B.T|
-00000020  25 4a 61 65 7e 19 c8 1a  58 52 06 81 df dd 19 fc  |%Jae~...XR......|
-00000030  bd 5a 82 ff ae 80 92 b3  3b 7d 89 c0 64 b1 36 e3  |.Z......;}..d.6.|
-00000040  5c bb 2a 5b e8 6d 18 02  43 27 b5 57 bc 3f ab b1  |\.*[.m..C'.W.?..|
-00000050  27 59 0e 6a d5 07 6a 66  ad 51 82                 |'Y.j..jf.Q.|
+00000000  14 03 03 00 01 01 16 03  03 00 50 3a 02 c0 c9 cd  |..........P:....|
+00000010  98 d0 dc ec 0a 58 cf a2  c2 f2 0b b2 5a 2c 9b 6e  |.....X......Z,.n|
+00000020  30 d2 98 0e 8f 9b b5 9f  1e e2 5f 0c bd 2b ce f8  |0........._..+..|
+00000030  08 c9 c1 fe 98 a5 5b ca  be 07 81 85 56 bc f4 a3  |......[.....V...|
+00000040  05 40 48 5b 76 ac 75 14  46 1a 8a 7f e4 ff 4e 76  |.@H[v.u.F.....Nv|
+00000050  8f db 76 19 a5 e3 75 e6  ca 1c 14                 |..v...u....|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 2a 8b 84  55 57 20 b8 4f 11 d2 cc  |.....*..UW .O...|
-00000020  5e a0 ef 1a f1 62 fc 59  38 14 30 0f e0 76 04 ca  |^....b.Y8.0..v..|
-00000030  eb c2 45 a4 75 12 e6 1a  16 fc d8 bd d4 f7 fd 6f  |..E.u..........o|
-00000040  f3 99 ca d6 41 15 03 03  00 40 00 00 00 00 00 00  |....A....@......|
-00000050  00 00 00 00 00 00 00 00  00 00 8c 80 a8 e9 95 4c  |...............L|
-00000060  c9 fa 4d 9d 06 e5 d8 70  5f fa a9 44 24 15 f4 47  |..M....p_..D$..G|
-00000070  5a 0a 24 55 a7 6a 04 1c  2a 39 80 fd 08 47 d7 08  |Z.$U.j..*9...G..|
-00000080  41 8b 9d 46 74 cb 61 c6  84 84                    |A..Ft.a...|
+00000010  00 00 00 00 00 02 7a 3c  00 71 20 c9 5a 3a 94 ff  |......z<.q .Z:..|
+00000020  ed a9 a1 c9 cd 7a ec 10  96 5d b9 78 2b ff 9a d4  |.....z...].x+...|
+00000030  2d 5c a2 b5 b1 4d f8 22  b8 70 2b 7e 8d 07 13 62  |-\...M.".p+~...b|
+00000040  b2 23 e8 ff a6 15 03 03  00 40 00 00 00 00 00 00  |.#.......@......|
+00000050  00 00 00 00 00 00 00 00  00 00 f6 61 2f e6 18 fb  |...........a/...|
+00000060  dc ed 53 14 e3 a1 6e 22  2d e4 22 c9 a5 d2 cb e8  |..S...n"-.".....|
+00000070  89 35 4b e5 89 b8 20 44  1b 79 cc 83 41 42 a5 4f  |.5K... D.y..AB.O|
+00000080  38 be f4 20 c5 e6 2b 11  ad 3a                    |8.. ..+..:|
diff --git a/testdata/Client-TLSv12-AES256-GCM-SHA384 b/testdata/Client-TLSv12-AES256-GCM-SHA384
index 42454d52..bedeedbb 100644
--- a/testdata/Client-TLSv12-AES256-GCM-SHA384
+++ b/testdata/Client-TLSv12-AES256-GCM-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 a3 a8 ef 9d b3  |....U...Q.......|
-00000010  36 14 00 fe 5b e4 07 77  e7 78 c8 b4 d8 96 8d 72  |6...[..w.x.....r|
-00000020  c5 79 99 10 8f 6e ac e3  fd 99 ee 20 53 99 57 36  |.y...n..... S.W6|
-00000030  7e 9b 89 a3 79 c7 57 c6  f6 c7 2c 66 0a 6b 48 a2  |~...y.W...,f.kH.|
-00000040  06 87 54 2c 20 3d 65 b9  1c 93 fd a3 00 9d 00 00  |..T, =e.........|
+00000000  16 03 03 00 55 02 00 00  51 03 03 ac 7e 0f a7 bc  |....U...Q...~...|
+00000010  e5 97 51 ac d1 a3 f4 e1  a4 a9 b3 52 08 ab cf cd  |..Q........R....|
+00000020  0a 2a 22 89 6e 7d c4 d4  4f 44 99 20 0f 86 62 46  |.*".n}..OD. ..bF|
+00000030  47 98 ce fc 9f ba ba 92  bf 17 dc 94 6f b4 05 ac  |G...........o...|
+00000040  81 87 89 14 c5 e1 c5 30  49 45 cf 7b 00 9d 00 00  |.......0IE.{....|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -72,17 +74,17 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 76 c9  |.....(........v.|
-000000a0  1e 50 43 51 5e 4a b6 c8  98 33 8f 18 ac f3 fe 20  |.PCQ^J...3..... |
-000000b0  09 76 7c 48 f7 e8 00 2c  3b e1 7e 2f 71 d5        |.v|H...,;.~/q.|
+00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 2a f2  |.....(........*.|
+000000a0  d8 f8 66 9b 53 99 66 59  83 4b 37 25 44 61 d8 c3  |..f.S.fY.K7%Da..|
+000000b0  ef 7f 3e be 62 9c a0 3a  61 43 0c 87 04 4c        |..>.b..:aC...L|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 55 b2 34 a3 b7  |..........(U.4..|
-00000010  18 a8 36 55 c4 ef 81 82  e4 41 9f 1a 42 2c 42 7e  |..6U.....A..B,B~|
-00000020  9b 59 c8 9d 3a 0b 59 a6  78 d0 ab 2f c4 e1 f7 2b  |.Y..:.Y.x../...+|
-00000030  9b ee 9f                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 7a 45 6a 5b 2a  |..........(zEj[*|
+00000010  06 e8 c8 f5 57 07 ee 91  dd f7 33 60 be f1 65 fb  |....W.....3`..e.|
+00000020  8f 3d 48 3c b2 a0 7c 30  30 b1 98 01 de 35 d2 5f  |.=H<..|00....5._|
+00000030  cb 0c de                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 ec ad 42  |...............B|
-00000010  8a cf 39 ed 82 b7 70 9b  1a 29 4c 3e b7 f6 92 35  |..9...p..)L>...5|
-00000020  12 e2 df 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  81 d4 de 3c 03 a9 01 0e  e7 64 ae 18 84 dd d3 6c  |...<.....d.....l|
-00000040  57 6a                                             |Wj|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 13 f4 b8  |................|
+00000010  b3 95 de d6 9b b3 8e 27  6f 36 dc a4 0d ab 7d 63  |.......'o6....}c|
+00000020  35 73 a4 15 03 03 00 1a  00 00 00 00 00 00 00 02  |5s..............|
+00000030  9d 64 e3 e6 8f a7 22 ab  82 2f 60 0a 2a 5f fc 39  |.d...."../`.*_.9|
+00000040  90 93                                             |..|
diff --git a/testdata/Client-TLSv12-ALPN b/testdata/Client-TLSv12-ALPN
index 9f3f4dc9..0cba50bd 100644
--- a/testdata/Client-TLSv12-ALPN
+++ b/testdata/Client-TLSv12-ALPN
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 12 01 00 01  0e 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 30 01 00 01  2c 03 03 00 00 00 00 00  |....0...,.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,22 +7,24 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 93 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 b1 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 10 00 10  |................|
-000000d0  00 0e 06 70 72 6f 74 6f  32 06 70 72 6f 74 6f 31  |...proto2.proto1|
-000000e0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
-000000f0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
-00000100  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
-00000110  90 99 5f 58 cb 3b 74                              |.._X.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 10 00 10 00 0e  |................|
+000000f0  06 70 72 6f 74 6f 32 06  70 72 6f 74 6f 31 00 2b  |.proto2.proto1.+|
+00000100  00 09 08 03 04 03 03 03  02 03 01 00 33 00 26 00  |............3.&.|
+00000110  24 00 1d 00 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |$... /.}.G.bC.(.|
+00000120  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
+00000130  5f 58 cb 3b 74                                    |_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 6a 02 00 00  66 03 03 71 ba 32 f4 08  |....j...f..q.2..|
-00000010  31 23 ea 71 46 b6 f0 24  f9 80 c2 94 b8 13 f5 cc  |1#.qF..$........|
-00000020  6b 77 e5 46 f1 76 df a5  0c 56 6a 20 98 53 12 a3  |kw.F.v...Vj .S..|
-00000030  d2 a6 97 45 36 11 e6 b6  b6 6e 0b b9 30 2d 65 c8  |...E6....n..0-e.|
-00000040  47 c7 af 4c c5 a6 51 90  2f 77 db 8c cc a8 00 00  |G..L..Q./w......|
+00000000  16 03 03 00 6a 02 00 00  66 03 03 d7 20 92 e0 ec  |....j...f... ...|
+00000010  a0 c3 77 d9 a8 c8 fe 8f  df 7d ab 20 c4 e9 50 bd  |..w......}. ..P.|
+00000020  9c dc 33 4f ca 0b b1 b1  f4 93 cc 20 d7 5d 8b 7e  |..3O....... .].~|
+00000030  7e 45 21 86 05 21 77 d0  ed 6a 1c 5a f3 60 06 38  |~E!..!w..j.Z.`.8|
+00000040  43 de 49 df 9a 43 60 52  47 57 98 29 cc a8 00 00  |C.I..C`RGW.)....|
 00000050  1e ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 10  |................|
 00000060  00 09 00 07 06 70 72 6f  74 6f 31 00 17 00 00 16  |.....proto1.....|
 00000070  03 03 02 59 0b 00 02 55  00 02 52 00 02 4f 30 82  |...Y...U..R..O0.|
@@ -63,31 +65,31 @@
 000002a0  43 77 8d 0c 1c f1 0f a1  d8 40 83 61 c9 4c 72 2b  |Cw.......@.a.Lr+|
 000002b0  9d ae db 46 06 06 4d f4  c1 b3 3e c0 d1 bd 42 d4  |...F..M...>...B.|
 000002c0  db fe 3d 13 60 84 5c 21  d3 3b e9 fa e7 16 03 03  |..=.`.\!.;......|
-000002d0  00 ac 0c 00 00 a8 03 00  1d 20 76 16 ff 2a 83 9a  |......... v..*..|
-000002e0  07 b0 01 f6 1e 3e 4b c1  69 62 9b 00 38 35 c5 4f  |.....>K.ib..85.O|
-000002f0  d3 2c db 50 16 9d 26 b1  cc 28 08 04 00 80 56 73  |.,.P..&..(....Vs|
-00000300  39 4d ab f4 68 92 14 6d  d5 75 db 10 4b 0c a4 19  |9M..h..m.u..K...|
-00000310  9e 67 42 d3 f8 3f 91 26  06 4d f9 34 9b ad 7c 85  |.gB..?.&.M.4..|.|
-00000320  ec 11 34 43 dd 7d a8 5b  0f 59 54 ff a3 92 dc 7c  |..4C.}.[.YT....||
-00000330  26 ee 07 0e cf bc e4 6a  1a da b9 d2 9a 62 bf de  |&......j.....b..|
-00000340  37 a6 68 e2 cd 21 8e 4e  a3 66 ee e1 74 45 7d 64  |7.h..!.N.f..tE}d|
-00000350  b2 d8 1d dc 6a cd 2a 86  9e 0d 76 a3 7b f2 49 11  |....j.*...v.{.I.|
-00000360  ae ad a1 d4 f2 a9 e5 56  0e 2a 96 a5 f7 8b 74 d4  |.......V.*....t.|
-00000370  78 e0 bc cc 95 a1 f1 76  0b 4b 37 ed 77 1b 16 03  |x......v.K7.w...|
+000002d0  00 ac 0c 00 00 a8 03 00  1d 20 6c a6 83 3b fe d9  |......... l..;..|
+000002e0  f9 da 88 13 dc 34 f4 01  d4 49 a7 43 80 d7 e2 cf  |.....4...I.C....|
+000002f0  1d c9 eb 94 5a 6d 85 b5  1d 7c 08 04 00 80 d2 21  |....Zm...|.....!|
+00000300  1b 9a f4 26 ac 76 28 68  63 68 fe b5 9b e2 16 bb  |...&.v(hch......|
+00000310  fd a5 b7 85 3c f8 f9 da  49 d7 4f 62 c0 af 75 08  |....<...I.Ob..u.|
+00000320  47 3b 3a 48 26 c3 8e 13  25 08 1d 77 ce eb 30 e9  |G;:H&...%..w..0.|
+00000330  b4 2e cc 94 ca 8d b4 60  c6 92 ce 57 ba 1e 46 59  |.......`...W..FY|
+00000340  f6 76 61 da f2 59 79 da  87 08 22 1d 5a e9 1a b8  |.va..Yy...".Z...|
+00000350  9d 31 0f d9 db ab 49 80  d9 5c 20 ab ef 9e e1 4d  |.1....I..\ ....M|
+00000360  0c 69 9b 41 f2 dd 4d e9  ee ff d3 40 47 88 64 76  |.i.A..M....@G.dv|
+00000370  69 8e 3a a1 e0 68 00 6d  2f 95 b6 f9 64 12 16 03  |i.:..h.m/...d...|
 00000380  03 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 aa 8c 9c  ab fb ab ed 5b 2e 3e 4b  |.... .......[.>K|
-00000040  92 cd 18 dd ac ce af 1a  b9 f2 df aa 7f a1 d2 ad  |................|
-00000050  0e 8a 67 03 3f                                    |..g.?|
+00000030  16 03 03 00 20 d5 b6 10  b8 32 7d da 84 25 2b 18  |.... ....2}..%+.|
+00000040  78 a4 e3 6b 34 de b2 83  b6 94 12 f9 d2 9a 27 e5  |x..k4.........'.|
+00000050  ff ef a2 00 50                                    |....P|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 db cb 3a 73 0c  |.......... ..:s.|
-00000010  ab 16 44 41 5a 25 df f7  45 bf f0 70 c6 a8 4f bd  |..DAZ%..E..p..O.|
-00000020  50 99 fb 18 26 e7 cf 71  16 1a 96                 |P...&..q...|
+00000000  14 03 03 00 01 01 16 03  03 00 20 91 63 26 79 f6  |.......... .c&y.|
+00000010  6f fc 51 93 c5 9b e9 10  2e 80 f0 5f 6f 49 b8 a5  |o.Q........_oI..|
+00000020  53 d9 a6 2a 4a ec 4c 50  9f 1b 98                 |S..*J.LP...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 34 82 27  01 99 27 08 58 c4 aa 76  |.....4.'..'.X..v|
-00000010  fe 34 9c 1f 99 ea 4c f8  a0 ef 96 15 03 03 00 12  |.4....L.........|
-00000020  68 b8 da ac 77 d5 f7 95  9f 68 e0 d6 26 88 cd ef  |h...w....h..&...|
-00000030  31 d4                                             |1.|
+00000000  17 03 03 00 16 96 3e 1b  61 d9 00 1a e4 dc 49 cc  |......>.a.....I.|
+00000010  09 f8 b3 3e 21 c6 df 74  e2 6b a0 15 03 03 00 12  |...>!..t.k......|
+00000020  35 41 fc 32 06 30 3b ad  17 a4 19 3c 06 f9 59 e0  |5A.2.0;....<..Y.|
+00000030  d2 02                                             |..|
diff --git a/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
index 55cff1d4..b3496ced 100644
--- a/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
+++ b/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 58 a7 ae 6c fc  |....]...Y..X..l.|
-00000010  0d 53 51 d5 37 8d 1f 88  75 27 bf 34 8f 3d d3 ee  |.SQ.7...u'.4.=..|
-00000020  95 db 77 d9 c0 3b f1 57  4f 84 e2 20 7f 0d d1 84  |..w..;.WO.. ....|
-00000030  0c 7a 4e 41 7f 74 58 6c  f5 38 e6 8d 5b 04 15 e1  |.zNA.tXl.8..[...|
-00000040  3d 4a ba 7e 58 f4 e8 bf  f4 42 8a f5 c0 09 00 00  |=J.~X....B......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 c9 60 0f c9 c7  |....]...Y...`...|
+00000010  84 d4 8c 7b e8 33 a1 e2  cc 15 9b 13 21 e6 ff 3a  |...{.3......!..:|
+00000020  72 2a d2 6b 18 bd 7b aa  4c 95 7f 20 f2 dd 03 c8  |r*.k..{.L.. ....|
+00000030  a9 e6 f0 20 b4 72 81 71  ea 10 ca b1 9f 4b 86 96  |... .r.q.....K..|
+00000040  27 b5 d4 6a 6a 35 2f d5  5a f6 75 96 c0 09 00 00  |'..jj5/.Z.u.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -57,17 +59,17 @@
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
 00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 b2 5c fe 84 12 a5  2f 8f da 91 3f 44 52 4e  |. .\..../...?DRN|
-00000290  03 ad e4 f9 8a 14 71 0d  0b 46 86 81 d2 1b 4a 5b  |......q..F....J[|
-000002a0  d9 4e 04 03 00 8a 30 81  87 02 42 01 78 d2 c2 a9  |.N....0...B.x...|
-000002b0  b7 77 f8 eb 8d 9d 36 1f  79 e7 d1 74 a9 9d a4 53  |.w....6.y..t...S|
-000002c0  5e 08 4a 92 dc ac b3 32  bf ce e7 f0 80 af 56 48  |^.J....2......VH|
-000002d0  42 e2 fd 22 c7 35 11 13  db 2a 6d 74 4a e5 02 ce  |B..".5...*mtJ...|
-000002e0  ea 43 e6 b0 69 18 3e d3  86 85 76 ff 56 02 41 44  |.C..i.>...v.V.AD|
-000002f0  2a e1 6b ae 5d f9 39 5c  ec 76 ee 01 d7 04 42 ca  |*.k.].9\.v....B.|
-00000300  45 07 e0 59 38 75 d4 47  61 a4 5b 0f a9 7a ba 79  |E..Y8u.Ga.[..z.y|
-00000310  fa 79 92 41 88 8a d3 be  c2 38 3e f7 95 6c 99 3f  |.y.A.....8>..l.?|
-00000320  4c ff af 10 33 14 25 e0  d7 8a fd 70 17 2b 73 ee  |L...3.%....p.+s.|
+00000280  1d 20 fc dd 1d af 2f 7d  77 03 42 8b e4 01 fd 0c  |. ..../}w.B.....|
+00000290  82 3b f8 16 d7 15 cc ce  97 b4 6b ab 78 b6 c4 d5  |.;........k.x...|
+000002a0  78 0a 04 03 00 8a 30 81  87 02 42 01 b1 31 15 d3  |x.....0...B..1..|
+000002b0  f9 0d 44 57 cc d7 d3 a8  08 91 19 ac fd 6d cf f3  |..DW.........m..|
+000002c0  59 87 59 d5 a3 9b 9f 41  0c a6 9d 2f 30 df 97 2c  |Y.Y....A.../0..,|
+000002d0  e5 04 58 a4 06 b6 67 ba  19 84 5e c5 28 cd a6 29  |..X...g...^.(..)|
+000002e0  c7 56 78 ba b5 4f d6 95  34 4c 5f e9 b7 02 41 30  |.Vx..O..4L_...A0|
+000002f0  cb d1 6b 75 7a 78 62 06  13 76 49 a7 cb 05 d1 1d  |..kuzxb..vI.....|
+00000300  14 79 39 e8 80 57 0c ba  52 41 ba 4d c1 82 3b 94  |.y9..W..RA.M..;.|
+00000310  d2 0f 0c 90 9b fa 32 03  7a 53 b5 c9 6b bc 3d 0e  |......2.zS..k.=.|
+00000320  01 2d b2 ca d3 0e b4 45  1a b3 ec 07 b8 ad 28 03  |.-.....E......(.|
 00000330  16 03 03 00 3a 0d 00 00  36 03 01 02 40 00 2e 04  |....:...6...@...|
 00000340  03 05 03 06 03 08 07 08  08 08 09 08 0a 08 0b 08  |................|
 00000350  04 08 05 08 06 04 01 05  01 06 01 03 03 02 03 03  |................|
@@ -110,31 +112,31 @@
 00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
 00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 92 0f 00  |...._X.;t.......|
-00000240  00 8e 04 03 00 8a 30 81  87 02 41 0c 11 31 08 e0  |......0...A..1..|
-00000250  7d 4e 11 1e 80 7c 50 70  ea 1b 68 16 d9 e6 93 b7  |}N...|Pp..h.....|
-00000260  fb 6f 0d 6e ce 8b d2 7c  86 70 c3 e9 ed 35 3c 29  |.o.n...|.p...5<)|
-00000270  c7 d8 6c 8f 43 c9 a1 7a  4a ae 19 22 6e e3 85 7e  |..l.C..zJ.."n..~|
-00000280  a0 5d 7f 19 a5 b7 25 ad  d7 1a 5f 42 02 42 00 d8  |.]....%..._B.B..|
-00000290  6a 25 47 2a 0e 1a 38 51  1c 73 aa 2d 10 9e 4b 65  |j%G*..8Q.s.-..Ke|
-000002a0  56 34 72 e5 02 09 f6 30  ce a8 a0 59 75 7b 13 42  |V4r....0...Yu{.B|
-000002b0  1e 31 f3 dd 08 a9 65 df  2d e6 aa 29 5d 9a 5c eb  |.1....e.-..)].\.|
-000002c0  d3 67 af 29 4e d2 76 e5  17 1d 7e e7 0a 50 c4 d0  |.g.)N.v...~..P..|
+00000240  00 8e 04 03 00 8a 30 81  87 02 41 5f 38 d1 e6 8e  |......0...A_8...|
+00000250  cd f7 6b 2e 50 d9 e5 40  3a ba e7 67 5d a9 5a 83  |..k.P..@:..g].Z.|
+00000260  c1 9e 45 e7 c2 bc f6 a2  c0 d8 3e ca f6 48 44 72  |..E.......>..HDr|
+00000270  8b c6 e6 24 e4 aa 90 ff  81 10 c5 86 08 64 d4 30  |...$.........d.0|
+00000280  e7 27 e2 9b 66 b9 c8 30  3b 3d 61 51 02 42 01 3b  |.'..f..0;=aQ.B.;|
+00000290  a1 0b 55 d0 2b 23 90 0c  5a 14 9b f4 2b 04 f4 b3  |..U.+#..Z...+...|
+000002a0  b1 9d 6f 86 17 67 3d c1  9d 64 e6 d7 c6 54 eb 99  |..o..g=..d...T..|
+000002b0  51 83 df c9 df 41 48 b8  bc 8f 6c c9 bc 0a 36 0f  |Q....AH...l...6.|
+000002c0  c9 34 70 3a d5 82 5e 42  4f 22 64 23 33 fc e2 d3  |.4p:..^BO"d#3...|
 000002d0  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-000002e0  00 00 00 00 00 00 00 00  00 00 00 8b ef 24 70 ef  |.............$p.|
-000002f0  b9 b3 fd 59 49 62 b7 18  9c bc 7f 74 06 21 21 ab  |...YIb.....t.!!.|
-00000300  9c 4d cf 70 0c 6b 3b d3  d4 12 51 a7 f9 09 65 d1  |.M.p.k;...Q...e.|
-00000310  ce b7 28 01 c1 e9 0b e4  41 55 b6                 |..(.....AU.|
+000002e0  00 00 00 00 00 00 00 00  00 00 00 13 d5 c1 91 72  |...............r|
+000002f0  5e 32 35 1d c1 a2 d2 62  80 16 71 ea f9 67 d5 8d  |^25....b..q..g..|
+00000300  1d 98 a5 87 15 1b 7e 2a  80 a7 08 a2 c1 82 79 d2  |......~*......y.|
+00000310  60 e3 d5 8f 0b 9b 43 4f  88 09 7d                 |`.....CO..}|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 af 82 f6 ba d1  |..........@.....|
-00000010  e8 f9 c5 58 0e ba 94 ec  98 68 b3 20 5b db 4e 8c  |...X.....h. [.N.|
-00000020  f5 00 29 e8 9a c1 34 35  ac 77 af e2 a0 6a 6f 45  |..)...45.w...joE|
-00000030  05 56 d4 a0 5b 75 19 c6  1b 8a c8 65 04 ed 3d f3  |.V..[u.....e..=.|
-00000040  84 e5 1b c0 26 31 5d 03  d5 b4 31                 |....&1]...1|
+00000000  14 03 03 00 01 01 16 03  03 00 40 8a f4 68 76 16  |..........@..hv.|
+00000010  0d 13 09 2a e5 3f 25 87  0f ce 03 96 2a 86 58 41  |...*.?%.....*.XA|
+00000020  7a 40 ec 65 ff c5 64 c1  62 6e ae 1d bf b6 4e dd  |z@.e..d.bn....N.|
+00000030  f6 be 55 56 ba 43 b3 c5  3a 6f 35 e6 73 59 63 87  |..UV.C..:o5.sYc.|
+00000040  fd 10 64 b1 94 e3 a9 b7  2d e0 94                 |..d.....-..|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 2e a5 7c  6f cc f7 44 1a 38 99 4a  |.......|o..D.8.J|
-00000020  2e a4 4b 79 bf ee b6 c9  12 57 f5 2e 98 dd 1d 2a  |..Ky.....W.....*|
-00000030  5b 79 d5 ef 44 15 03 03  00 30 00 00 00 00 00 00  |[y..D....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 3d fe 37 cb 65 03  |..........=.7.e.|
-00000050  13 ce 3d 3b c2 18 c2 27  f9 a4 b7 fc e6 37 eb 2a  |..=;...'.....7.*|
-00000060  27 6c 52 38 2f 3a 61 d4  a9 e6                    |'lR8/:a...|
+00000010  00 00 00 00 00 15 82 4f  fa 8d ce 67 fd 63 bb 74  |.......O...g.c.t|
+00000020  98 2f 77 fc 5b 43 70 4d  15 cf 5b 2b 45 ae e7 b3  |./w.[CpM..[+E...|
+00000030  d0 dd ae 4b 27 15 03 03  00 30 00 00 00 00 00 00  |...K'....0......|
+00000040  00 00 00 00 00 00 00 00  00 00 d2 ce b2 c5 1a 62  |...............b|
+00000050  06 9c c1 1e 6f 1e b7 6e  18 5e 74 45 be 10 b7 69  |....o..n.^tE...i|
+00000060  6d da 09 65 3c 38 a5 3d  f1 0a                    |m..e<8.=..|
diff --git a/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
index de57515d..7356bfeb 100644
--- a/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
+++ b/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 f8 3d 7c a4 a8  |....]...Y...=|..|
-00000010  11 e3 56 0f 1c 7e 2e 7c  50 7e 75 5c de 1c 51 8e  |..V..~.|P~u\..Q.|
-00000020  de d3 8a 84 d2 90 84 f9  e9 07 d5 20 98 6a a8 c1  |........... .j..|
-00000030  f4 28 bd 0f 6a 25 a5 26  3d 8d 35 b6 3e bb 77 c6  |.(..j%.&=.5.>.w.|
-00000040  8e ab 36 bd 7d c8 a9 b1  5b 30 0f b2 c0 2f 00 00  |..6.}...[0.../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 26 62 0d 9d 45  |....]...Y..&b..E|
+00000010  3d 25 b7 ed ec ce b8 d6  8f fd a6 68 0b 07 05 28  |=%.........h...(|
+00000020  d4 2a 9c d9 cf bf e9 a0  92 71 6f 20 18 af a0 13  |.*.......qo ....|
+00000030  72 10 57 69 cf 63 db 73  c4 44 b8 a9 27 cd 9a a0  |r.Wi.c.s.D..'...|
+00000040  3b be f1 57 ef 10 19 80  0b c0 51 94 c0 2f 00 00  |;..W......Q../..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,18 +63,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 5f c1 31  |............ _.1|
-000002d0  d7 64 f0 0b 72 6a 66 2c  49 d7 d1 9c dd 6f e3 3a  |.d..rjf,I....o.:|
-000002e0  ab 2c 78 6d ca b0 ed 16  26 65 9f ff 66 08 04 00  |.,xm....&e..f...|
-000002f0  80 a6 91 d0 03 b8 d2 67  48 69 16 8e 30 dc 5b 3f  |.......gHi..0.[?|
-00000300  ac 4d e4 33 5f 46 e7 0c  49 a0 71 9d 8c 60 63 f2  |.M.3_F..I.q..`c.|
-00000310  2d ff 9e 89 21 7d af 71  ce 41 6b d2 22 fc 1f bd  |-...!}.q.Ak."...|
-00000320  a9 9e 15 2c d7 c3 cb 69  6d df 23 07 7c 13 e9 2b  |...,...im.#.|..+|
-00000330  7d 05 f0 18 1e 86 c8 37  ad cd 9e 39 26 0c 8a 9b  |}......7...9&...|
-00000340  12 90 60 12 95 06 e9 bb  f2 46 41 20 10 f5 64 ea  |..`......FA ..d.|
-00000350  66 13 cb 8e 51 7e 41 78  2a 40 fa 15 e2 0d 5b 37  |f...Q~Ax*@....[7|
-00000360  a7 a8 4a f6 8e 93 82 2a  a2 91 06 66 4e 49 72 68  |..J....*...fNIrh|
-00000370  f9 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 22 fe 67  |............ ".g|
+000002d0  48 d3 90 04 ee 7d c2 2a  6d 9f 3a 36 3c b2 f8 14  |H....}.*m.:6<...|
+000002e0  24 76 54 5a ae ed 2f 62  fc 76 e0 00 07 08 04 00  |$vTZ../b.v......|
+000002f0  80 6d 8b e6 52 be ed 40  b8 b1 51 53 94 08 93 76  |.m..R..@..QS...v|
+00000300  9b 84 06 66 60 b9 be a8  f1 bb 5d fa 81 42 28 8e  |...f`.....]..B(.|
+00000310  aa ce 72 9f df a3 53 2d  c9 6d 34 10 78 36 da 33  |..r...S-.m4.x6.3|
+00000320  09 0c a0 5e ea 56 2e 6f  62 fc 3c 5e 5b 6d 97 c9  |...^.V.ob.<^[m..|
+00000330  39 1b 3c eb 6d 1f 0a b5  02 06 6d 9e 99 24 14 ee  |9.<.m.....m..$..|
+00000340  f9 55 cc 4d 7f 77 0c 58  2c 59 0f a4 66 4b 81 b4  |.U.M.w.X,Y..fK..|
+00000350  d9 e4 f6 24 4f ba 05 83  6c c3 6c 2f 5e 74 42 09  |...$O...l.l/^tB.|
+00000360  b3 be d1 c9 6a c8 a6 34  5c bc 36 65 58 cd 02 ae  |....j..4\.6eX...|
+00000370  16 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -113,28 +115,28 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 93 0f 00  |...._X.;t.......|
-00000240  00 8f 04 03 00 8b 30 81  88 02 42 01 0f 51 5e 59  |......0...B..Q^Y|
-00000250  78 34 8f 99 03 da 07 66  3b 0d 48 b2 79 57 e2 d5  |x4.....f;.H.yW..|
-00000260  d2 c2 f3 81 8e 25 98 81  e2 9a f7 1f 02 99 b0 7d  |.....%.........}|
-00000270  1c d1 1f e4 ef d7 bc a1  ad 67 c7 a9 cc 4f 67 58  |.........g...OgX|
-00000280  8b 1e 8c 3f 04 73 31 53  60 aa 67 33 27 02 42 01  |...?.s1S`.g3'.B.|
-00000290  f1 66 ba 8f ec 9e 3f 76  76 ac 7a e7 56 cb fb 46  |.f....?vv.z.V..F|
-000002a0  f4 9b 64 03 3a 72 5a d7  cf 49 39 69 26 19 68 52  |..d.:rZ..I9i&.hR|
-000002b0  8b 98 8e ea d3 8e d9 6d  93 f5 e8 23 cd 20 a8 5a  |.......m...#. .Z|
-000002c0  4c 24 10 70 bd a2 ae a3  b1 4f 38 17 dd b9 f5 93  |L$.p.....O8.....|
-000002d0  4b 14 03 03 00 01 01 16  03 03 00 28 00 00 00 00  |K..........(....|
-000002e0  00 00 00 00 e1 2b da c6  4a 5c d2 03 c0 7e f0 eb  |.....+..J\...~..|
-000002f0  a0 4b ed a1 7d e4 45 93  ec f9 37 a0 5b 7e bb 64  |.K..}.E...7.[~.d|
-00000300  af d4 fc ac                                       |....|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 92 0f 00  |...._X.;t.......|
+00000240  00 8e 04 03 00 8a 30 81  87 02 42 00 8e 41 5f 48  |......0...B..A_H|
+00000250  64 4e 6e 7e 7d ed 5b da  88 7a 38 1f bd 04 ee 93  |dNn~}.[..z8.....|
+00000260  88 f8 3d e5 b7 51 4a 43  6b c5 c1 02 06 c5 2c c1  |..=..QJCk.....,.|
+00000270  48 18 2e 11 63 8a 9d 94  35 98 bc d1 d7 19 1f c0  |H...c...5.......|
+00000280  f6 dc 10 15 89 bf 99 0c  87 7d 3e bf e2 02 41 4f  |.........}>...AO|
+00000290  e3 d4 a0 b2 4d 80 ec 21  2f b3 fc df 6c b7 bd 6d  |....M..!/...l..m|
+000002a0  c7 6d 0a 7a 24 56 a4 c8  36 ec 7d 2d 65 ff 8c 4b  |.m.z$V..6.}-e..K|
+000002b0  c7 cd 52 99 f1 2d e5 19  57 89 fe 52 44 ca e0 c3  |..R..-..W..RD...|
+000002c0  34 fc c5 4a da 59 f5 62  eb c4 c5 cb 1d d7 4b 63  |4..J.Y.b......Kc|
+000002d0  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
+000002e0  00 00 00 5d 34 16 3d d0  04 3f b7 3d a2 be 20 8b  |...]4.=..?.=.. .|
+000002f0  19 20 09 7b f0 7e 52 95  e6 b8 f1 06 08 93 6b 91  |. .{.~R.......k.|
+00000300  ee fa c8                                          |...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 d3 4a 1e 2b ea  |..........(.J.+.|
-00000010  26 12 c9 fd b0 7b e6 bf  e4 bb b6 d2 6b b4 3c 05  |&....{......k.<.|
-00000020  1f 6c 46 44 5e 25 e6 f9  80 c8 b9 16 19 59 68 90  |.lFD^%.......Yh.|
-00000030  5a 90 16                                          |Z..|
+00000000  14 03 03 00 01 01 16 03  03 00 28 c1 1c 19 bc 14  |..........(.....|
+00000010  d3 44 ec 5d 6e 84 c4 06  ba c2 83 00 80 ea dd 7d  |.D.]n..........}|
+00000020  9b 2e 75 c7 9d 75 40 e8  89 d1 9b 69 16 20 0b 23  |..u..u@....i. .#|
+00000030  94 48 42                                          |.HB|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 35 25 df  |.............5%.|
-00000010  1f 16 81 00 e3 c4 9e 45  e2 a1 ef 54 72 66 99 3d  |.......E...Trf.=|
-00000020  30 13 25 15 03 03 00 1a  00 00 00 00 00 00 00 02  |0.%.............|
-00000030  16 a5 e9 36 c1 fb 02 d7  c8 7a aa bc aa 77 7b 5c  |...6.....z...w{\|
-00000040  4f a1                                             |O.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 20 ce 1a  |............. ..|
+00000010  b6 65 88 6d 17 9e 9c 9d  ec 36 af d3 7e fa e5 63  |.e.m.....6..~..c|
+00000020  bc 90 f0 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  e5 a6 0e 68 bc 75 29 7e  c1 ee 6b 3b d3 03 c8 0a  |...h.u)~..k;....|
+00000040  4d 75                                             |Mu|
diff --git a/testdata/Client-TLSv12-ClientCert-Ed25519 b/testdata/Client-TLSv12-ClientCert-Ed25519
index edb433fe..e4e47030 100644
--- a/testdata/Client-TLSv12-ClientCert-Ed25519
+++ b/testdata/Client-TLSv12-ClientCert-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 68 ad d5 4c 88  |....]...Y..h..L.|
-00000010  60 b8 3b b4 ea e4 f2 55  7d 0f 90 d8 bd 55 b5 53  |`.;....U}....U.S|
-00000020  49 6e f7 50 e4 05 70 a2  6d 9e a5 20 d1 0a e5 58  |In.P..p.m.. ...X|
-00000030  38 f1 82 94 a7 c3 bf 77  60 d8 51 c2 c7 e9 8e d6  |8......w`.Q.....|
-00000040  94 ee 4f 23 51 d3 2c 52  06 12 4b 4a cc a8 00 00  |..O#Q.,R..KJ....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 73 ca 08 75 98  |....]...Y..s..u.|
+00000010  14 2e b6 c4 c0 74 e2 cf  05 24 dd 70 f4 aa 22 08  |.....t...$.p..".|
+00000020  39 6d 3a 61 11 90 c6 61  50 41 96 20 d1 c7 24 aa  |9m:a...aPA. ..$.|
+00000030  3a 5e 0c 2c 37 72 8c 80  76 ab c9 2f fb a5 39 7d  |:^.,7r..v../..9}|
+00000040  f5 f3 ce 97 d8 ea e5 4c  db 1b f8 f6 cc a8 00 00  |.......L........|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,18 +63,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 4e 55 f3  |............ NU.|
-000002d0  5f 83 c8 88 d4 f2 5c 75  6a ab 0e 25 df 12 ef f0  |_.....\uj..%....|
-000002e0  ea e9 3e b4 4f 2c cd bb  43 5b 64 21 12 08 04 00  |..>.O,..C[d!....|
-000002f0  80 84 5e ca 36 b2 fa d0  29 47 1c c2 de 4e 1d 81  |..^.6...)G...N..|
-00000300  14 66 0a 26 6f 21 5f d5  b5 54 2e 37 f1 7e b1 90  |.f.&o!_..T.7.~..|
-00000310  a0 57 ab 40 81 cf e5 77  29 23 54 fa 12 76 1a 4a  |.W.@...w)#T..v.J|
-00000320  66 c0 52 08 07 3c 3c 56  06 08 02 df 9f 75 75 5e  |f.R..<<V.....uu^|
-00000330  0c d7 23 d5 b5 76 83 64  1f c2 9c dd 7d b0 c8 91  |..#..v.d....}...|
-00000340  b6 7b 25 38 e0 27 31 be  7d 62 52 b6 91 3c 21 5c  |.{%8.'1.}bR..<!\|
-00000350  25 84 85 0a 8d 9a e3 59  67 ba d7 5f 54 df 06 10  |%......Yg.._T...|
-00000360  56 1e 04 f1 b1 45 32 e6  0d 0a 26 ce 24 ae 85 ae  |V....E2...&.$...|
-00000370  2b 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |+....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 35 1f 14  |............ 5..|
+000002d0  77 42 a0 9c 04 14 f7 8b  df e5 b5 e7 71 40 34 4f  |wB..........q@4O|
+000002e0  f5 0d ab c2 2f 38 97 46  3e c2 57 26 7d 08 04 00  |..../8.F>.W&}...|
+000002f0  80 9d d7 8c 28 d8 a8 6c  a8 14 5d 92 f8 59 ab e5  |....(..l..]..Y..|
+00000300  bd e3 32 1e 49 f6 e6 11  11 ce eb 0c e1 27 3c 34  |..2.I........'<4|
+00000310  8c 94 a9 e9 8f 41 51 64  c2 6c 1c d0 e7 d4 ee cf  |.....AQd.l......|
+00000320  4f 9c f4 92 0f e5 48 c5  2b b5 82 79 c3 91 ee f9  |O.....H.+..y....|
+00000330  1c a6 b2 ee ec 9d 73 7c  df 2d 2b 49 c8 27 c7 cf  |......s|.-+I.'..|
+00000340  79 b4 6a 39 f6 ac fe 6f  fd f4 6c 7d 2c f2 7f 58  |y.j9...o..l},..X|
+00000350  2f a3 d4 f5 92 83 5b 83  19 55 39 e5 f8 d2 2c fd  |/.....[..U9...,.|
+00000360  ad 89 32 90 ba 89 cd 0d  ed 16 02 96 92 bd 77 d2  |..2...........w.|
+00000370  f3 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -101,20 +103,20 @@
 00000140  08 16 03 03 00 25 10 00  00 21 20 2f e5 7d a3 47  |.....%...! /.}.G|
 00000150  cd 62 43 15 28 da ac 5f  bb 29 07 30 ff f6 84 af  |.bC.(.._.).0....|
 00000160  c4 cf c2 ed 90 99 5f 58  cb 3b 74 16 03 03 00 48  |......_X.;t....H|
-00000170  0f 00 00 44 08 07 00 40  70 0a 4f 7d dc c7 4a 7a  |...D...@p.O}..Jz|
-00000180  aa 47 45 8e be a6 df 02  14 c0 a0 f9 b9 a5 47 eb  |.GE...........G.|
-00000190  3b d3 6f 38 17 aa 5c 48  d5 33 10 41 af 08 2c 2c  |;.o8..\H.3.A..,,|
-000001a0  86 60 85 d4 22 c0 86 b2  48 1a 9c 31 78 86 7f bf  |.`.."...H..1x...|
-000001b0  3f 42 cb 04 3d 1b f7 0b  14 03 03 00 01 01 16 03  |?B..=...........|
-000001c0  03 00 20 32 0c bb 8e f7  d5 fa a3 f3 9a 2a d1 1f  |.. 2.........*..|
-000001d0  ed 4b e3 56 ab b3 bc f9  72 ad 7c 3a 8e d2 d7 2f  |.K.V....r.|:.../|
-000001e0  a2 99 46                                          |..F|
+00000170  0f 00 00 44 08 07 00 40  a1 8a 00 6d 57 47 ab a4  |...D...@...mWG..|
+00000180  ae 93 3e dd 04 fb 04 3b  dd b7 de 93 bc 2e 40 ff  |..>....;......@.|
+00000190  29 fa d0 f7 63 4e b9 5f  1f d9 5d 8c 87 eb bb 43  |)...cN._..]....C|
+000001a0  25 e5 a7 04 8d 16 88 f8  8b 0d 17 d1 ef 75 7c f1  |%............u|.|
+000001b0  1a b4 8f 2f cd f1 18 00  14 03 03 00 01 01 16 03  |.../............|
+000001c0  03 00 20 b2 95 81 2d 8c  06 f0 54 da ef 31 9a 33  |.. ...-...T..1.3|
+000001d0  89 c3 b5 e8 6a 77 3c fe  e8 e3 d0 24 94 2d 7e f9  |....jw<....$.-~.|
+000001e0  08 d4 ce                                          |...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 10 cb 1b e5 55  |.......... ....U|
-00000010  64 49 55 0a bf 25 e4 b0  d0 45 e1 47 b0 05 d0 f2  |dIU..%...E.G....|
-00000020  41 b7 f4 6a 84 4e 6a 66  8d 0e 43                 |A..j.Njf..C|
+00000000  14 03 03 00 01 01 16 03  03 00 20 b3 9b 27 5a 1e  |.......... ..'Z.|
+00000010  ce 80 3c 04 f7 aa 69 b6  6b 37 9a 86 e9 95 ce 73  |..<...i.k7.....s|
+00000020  8a ef 38 62 6f cb a0 0e  45 78 ad                 |..8bo...Ex.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 4a f3 ed  07 22 0d 7d 9b a6 a8 3c  |.....J...".}...<|
-00000010  88 58 f3 48 c2 f1 aa ea  c7 cd 14 15 03 03 00 12  |.X.H............|
-00000020  0b 1d 53 98 b3 69 99 e1  cd 4f 37 3c dc 63 17 9f  |..S..i...O7<.c..|
-00000030  00 7f                                             |..|
+00000000  17 03 03 00 16 bf 78 66  da 5b a7 fd cf 95 32 20  |......xf.[....2 |
+00000010  b6 ce 1e 5d 4f 21 05 6a  f7 3a 27 15 03 03 00 12  |...]O!.j.:'.....|
+00000020  42 e1 e3 e3 d3 5a 98 8c  d1 e3 ce a5 02 f9 58 ba  |B....Z........X.|
+00000030  ce 33                                             |.3|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
index c6673f6d..0fb7a12f 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
+++ b/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 60 13 bb 4b ce  |....]...Y..`..K.|
-00000010  d6 49 3b b2 3a 0c d4 5a  e8 25 26 67 41 fd dd 0f  |.I;.:..Z.%&gA...|
-00000020  62 ec c1 ab bc 58 92 67  9d 71 fd 20 20 4c ab 4d  |b....X.g.q.  L.M|
-00000030  85 ce 87 49 68 8c cf 9c  2f 7b f9 2b 96 62 8a 75  |...Ih.../{.+.b.u|
-00000040  c3 21 05 c6 ab b6 98 5e  e7 e5 d8 4a c0 30 00 00  |.!.....^...J.0..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 e8 4b b6 f9 1c  |....]...Y...K...|
+00000010  d9 59 e0 86 7b 9b cf 37  9f 0c f2 14 51 de 10 66  |.Y..{..7....Q..f|
+00000020  39 05 15 ab 17 25 df 89  d7 5b 41 20 e5 28 ba da  |9....%...[A .(..|
+00000030  29 8c 72 40 14 7e 06 2d  f8 04 6d 4d 37 09 62 9a  |).r@.~.-..mM7.b.|
+00000040  87 f7 52 fc 77 61 05 04  2f 65 c0 df c0 30 00 00  |..R.wa../e...0..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,18 +63,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 85 c8 0e  |............ ...|
-000002d0  fb 1e b3 4a ec c1 b2 3a  b8 4e bb a1 ca 80 8e 13  |...J...:.N......|
-000002e0  f5 08 b5 9a b8 3e c4 6c  23 cf 17 a0 31 08 04 00  |.....>.l#...1...|
-000002f0  80 28 db ec 9d f9 f4 9a  06 12 8a 32 89 11 4a e5  |.(.........2..J.|
-00000300  b6 68 98 21 ec f1 75 9c  f9 28 bc b1 99 5b ec 77  |.h.!..u..(...[.w|
-00000310  37 8b 6b 05 ad b3 10 de  24 05 84 a4 16 fe 1d 84  |7.k.....$.......|
-00000320  af 5d 28 7d d7 bc de 2f  81 da a3 79 fb c0 a5 43  |.](}.../...y...C|
-00000330  b6 3b 8d 90 30 00 80 98  16 83 ac 50 43 c7 3e 76  |.;..0......PC.>v|
-00000340  c5 dc 85 c2 19 75 a6 90  f8 2f 71 40 d9 a0 73 7e  |.....u.../q@..s~|
-00000350  fe 3b 1c d7 66 73 0f f0  42 c5 00 b1 2b be 41 2b  |.;..fs..B...+.A+|
-00000360  40 da 8f b0 f1 9e b0 0a  83 23 04 80 fb 4c fe 7e  |@........#...L.~|
-00000370  b4 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 57 e9 2a  |............ W.*|
+000002d0  eb ac 52 cf 39 70 0a c3  21 38 2d 46 66 c1 df 26  |..R.9p..!8-Ff..&|
+000002e0  38 ad b2 19 d5 a9 f5 37  15 f7 f6 dc 54 08 04 00  |8......7....T...|
+000002f0  80 35 c5 7a 73 5f 36 ed  72 f9 2d 21 a9 9f 94 3f  |.5.zs_6.r.-!...?|
+00000300  98 de 22 b1 35 c1 9d e2  d2 42 bb 32 7a f3 11 0e  |..".5....B.2z...|
+00000310  f7 3c a0 ca 44 87 95 e6  f3 1a 19 45 51 a8 f5 f2  |.<..D......EQ...|
+00000320  fe ac 00 d0 fc 79 a8 a9  83 fe 81 48 e9 f7 48 ce  |.....y.....H..H.|
+00000330  08 8c 45 3c 24 b5 d4 e0  07 17 d1 f0 fa 3d 13 3c  |..E<$........=.<|
+00000340  ef f5 7b f2 5a c2 9a 60  af de 8e 74 50 c7 df b0  |..{.Z..`...tP...|
+00000350  27 ef 0e dd db 6a 8f a4  94 69 f0 08 7e 3c 3c 93  |'....j...i..~<<.|
+00000360  03 f9 67 ad 30 0b e6 d7  f0 c0 77 bd c4 1a 6e b4  |..g.0.....w...n.|
+00000370  52 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |R....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -113,26 +115,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 41 83 55 9b 3c 8d 29  |.........A.U.<.)|
-00000240  ed 6c 58 91 85 cb 9b 19  df 61 09 d0 d3 73 fb 2b  |.lX......a...s.+|
-00000250  3b 4b 4b bd 64 7e e6 53  87 cb 6d 2f 78 1c 67 cf  |;KK.d~.S..m/x.g.|
-00000260  13 21 e0 ec 1b d7 d8 aa  06 a0 0e d5 86 6f ba 1e  |.!...........o..|
-00000270  97 e2 8c 9b 86 e2 8a 4d  62 1a bd 35 0e 2d 63 18  |.......Mb..5.-c.|
-00000280  a1 1f 7c ed fc 3b 89 c2  00 6d da 01 42 0a 47 95  |..|..;...m..B.G.|
-00000290  12 8e 01 82 62 58 f9 96  eb a9 aa c3 f8 96 ec 20  |....bX......... |
-000002a0  e1 65 a9 46 a8 af 4b 7c  aa 29 ee 9c 48 18 b3 4a  |.e.F..K|.)..H..J|
-000002b0  00 7f 79 97 87 27 92 ca  45 14 03 03 00 01 01 16  |..y..'..E.......|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 da f3 01 f2  |...(............|
-000002d0  76 e2 df 95 82 0d cc 0c  7e b0 cc 15 69 ba 8c 64  |v.......~...i..d|
-000002e0  ac dc f3 45 58 a3 8f ed  f0 2a 43 ce              |...EX....*C.|
+00000230  88 0f 00 00 84 08 04 00  80 ac ba b5 9f a6 2e 81  |................|
+00000240  fa c5 95 f7 27 e6 1c 54  80 51 1f 98 c6 bd 54 79  |....'..T.Q....Ty|
+00000250  ca 24 1a 0d df a0 e4 c8  5a e2 2d 83 35 ed 88 8f  |.$......Z.-.5...|
+00000260  08 23 db c9 fa 56 c9 5d  14 91 43 53 57 40 a1 a6  |.#...V.]..CSW@..|
+00000270  c9 61 b4 99 d5 4b bc 32  b5 2a a0 13 68 d3 06 1b  |.a...K.2.*..h...|
+00000280  07 7f 3a a3 05 32 19 c2  d7 ed 9a 68 f7 da e9 80  |..:..2.....h....|
+00000290  54 1f 1d c3 6b fc 1f 85  b0 8d 91 76 39 a1 56 e2  |T...k......v9.V.|
+000002a0  1b 73 1e c3 1f 57 59 25  17 b2 53 6c fd 47 5f de  |.s...WY%..Sl.G_.|
+000002b0  57 2c c0 e7 76 1b 71 05  6c 14 03 03 00 01 01 16  |W,..v.q.l.......|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 42 57 90 45  |...(........BW.E|
+000002d0  6a b9 64 64 92 ac c5 63  14 66 d1 f0 f9 65 f3 25  |j.dd...c.f...e.%|
+000002e0  de 81 74 da 68 1c cb 90  a5 46 6d 69              |..t.h....Fmi|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 e4 27 5e 80 00  |..........(.'^..|
-00000010  ee db 03 4c 17 d1 9c bf  f5 68 5f eb a6 fb 0c 3f  |...L.....h_....?|
-00000020  4f c4 38 84 3e c2 e9 f4  9b 06 39 5f 89 06 3a bd  |O.8.>.....9_..:.|
-00000030  77 db 25                                          |w.%|
+00000000  14 03 03 00 01 01 16 03  03 00 28 6b 52 88 32 f1  |..........(kR.2.|
+00000010  6e 1f dd ce 38 ba d4 7d  c7 4a 55 89 4c 91 57 34  |n...8..}.JU.L.W4|
+00000020  1e 54 12 8e 37 e2 dc a9  7d 37 b6 31 57 2f 11 27  |.T..7...}7.1W/.'|
+00000030  42 96 c2                                          |B..|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 2b 98 2b  |.............+.+|
-00000010  d6 dc d2 69 03 c9 0e 44  46 d1 5e d2 5a 14 89 7b  |...i...DF.^.Z..{|
-00000020  60 ab 62 15 03 03 00 1a  00 00 00 00 00 00 00 02  |`.b.............|
-00000030  b9 7a 17 4b 10 5f 25 90  14 75 bb aa 42 de 7b 63  |.z.K._%..u..B.{c|
-00000040  69 e8                                             |i.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 be ea d3  |................|
+00000010  87 8c 16 62 86 4a 53 49  9d d7 f8 01 11 8b 9b 58  |...b.JSI.......X|
+00000020  39 89 cf 15 03 03 00 1a  00 00 00 00 00 00 00 02  |9...............|
+00000030  93 9d 61 38 db c4 be 69  5e fb 63 1e ae f3 57 e4  |..a8...i^.c...W.|
+00000040  fe 85                                             |..|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
index 7b2a3631..689be109 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 6d b7 f7 cf 1d  |....]...Y..m....|
-00000010  f9 c0 02 cb ee 90 23 93  41 8e 26 24 3e 74 31 ce  |......#.A.&$>t1.|
-00000020  4f 53 f8 9d 0f 94 02 b2  66 c9 87 20 d6 5c 35 52  |OS......f.. .\5R|
-00000030  4b b1 f2 bb 2e 1d 95 ff  7d 83 f0 58 a8 0a ed b1  |K.......}..X....|
-00000040  54 25 03 ca ea 7b 8d 1a  8f 9f 43 51 c0 09 00 00  |T%...{....CQ....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 dc 6d a4 87 a5  |....]...Y...m...|
+00000010  a1 8e 67 3d c3 ed c0 e4  ed 38 7a 00 df b1 50 f4  |..g=.....8z...P.|
+00000020  4a cc 0f ab e2 e8 d9 77  b8 1a 18 20 cb e9 02 2a  |J......w... ...*|
+00000030  4f 17 c0 9d 3d 55 60 3e  d8 46 ee 52 dd bf 3e e6  |O...=U`>.F.R..>.|
+00000040  c9 4a b5 24 f5 19 73 56  ab 78 ce ec c0 09 00 00  |.J.$..sV.x......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -56,23 +58,23 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 04 b4 79 b4 2c 1d  0f b3 4b ff 67 e7 24 88  |. ..y.,...K.g.$.|
-00000290  d6 db 4f 1e 66 da 0e f2  89 5a 53 ed 4e ba ad 4c  |..O.f....ZS.N..L|
-000002a0  81 0a 04 03 00 8a 30 81  87 02 42 01 fb 16 53 43  |......0...B...SC|
-000002b0  2b 86 61 0a 58 a0 68 c1  cd 2c ff ec 79 7f 83 fa  |+.a.X.h..,..y...|
-000002c0  cc 0b 24 9d 98 54 d0 dc  90 55 e1 b3 e6 48 69 1a  |..$..T...U...Hi.|
-000002d0  55 62 f4 da 8f 60 db f7  76 80 d5 4d 37 f6 43 49  |Ub...`..v..M7.CI|
-000002e0  95 3d 96 f6 e2 fd a4 07  ae 24 8c fa bd 02 41 20  |.=.......$....A |
-000002f0  a1 50 78 a3 dd 99 c0 cf  74 f1 c0 79 b1 13 9d bc  |.Px.....t..y....|
-00000300  0b 37 cf 7c 09 11 b8 a4  71 65 e8 be ff 3a b9 85  |.7.|....qe...:..|
-00000310  cd b4 30 f8 1f d6 2e 83  96 6c 01 3e d2 00 a7 5b  |..0......l.>...[|
-00000320  23 c6 d0 69 eb 90 49 e3  46 ed 45 96 3b 07 d4 a8  |#..i..I.F.E.;...|
-00000330  16 03 03 00 3a 0d 00 00  36 03 01 02 40 00 2e 04  |....:...6...@...|
-00000340  03 05 03 06 03 08 07 08  08 08 09 08 0a 08 0b 08  |................|
-00000350  04 08 05 08 06 04 01 05  01 06 01 03 03 02 03 03  |................|
-00000360  01 02 01 03 02 02 02 04  02 05 02 06 02 00 00 16  |................|
-00000370  03 03 00 04 0e 00 00 00                           |........|
+00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
+00000280  1d 20 d8 81 5d 07 0c 63  f2 9a bf 82 37 08 f6 6d  |. ..]..c....7..m|
+00000290  e2 20 4b 98 85 cc 62 ad  a2 ac b1 8b 15 de 1d 5e  |. K...b........^|
+000002a0  3b 74 04 03 00 8b 30 81  88 02 42 01 81 b9 d9 e7  |;t....0...B.....|
+000002b0  3b 89 ed 5f cb 0a 10 16  85 69 c3 5e 7f 82 95 f6  |;.._.....i.^....|
+000002c0  49 48 3a 6d 84 c2 f5 04  9a 00 ef 86 f9 10 fc 03  |IH:m............|
+000002d0  a8 ba eb e7 0c 0c 0c 27  7b ba aa 73 a4 23 03 cb  |.......'{..s.#..|
+000002e0  d8 be c8 39 34 1f c4 33  e4 cf 12 98 35 02 42 01  |...94..3....5.B.|
+000002f0  dc 0b c7 df 9c b2 c4 f5  dc 4a a6 b0 ef 40 3c 8c  |.........J...@<.|
+00000300  98 f3 93 ac 14 9b 4d fe  6e 7a 09 fd 23 c3 14 4f  |......M.nz..#..O|
+00000310  cf 1a e6 61 72 58 8c 75  10 6c 75 42 cc 7b 9c 4a  |...arX.u.luB.{.J|
+00000320  11 62 25 12 63 44 9d fe  3d 67 44 7e 74 bd b0 3d  |.b%.cD..=gD~t..=|
+00000330  04 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+00000340  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
+00000350  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
+00000360  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
+00000370  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -109,31 +111,31 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 3f 4a c2 4f 36 85 f0  |.........?J.O6..|
-00000240  d0 c6 b6 8f f1 cc 45 c1  2f f2 c7 24 1e 0f 04 dc  |......E./..$....|
-00000250  f5 af 6e 38 eb aa a6 6f  36 f4 80 dd 78 78 a7 d4  |..n8...o6...xx..|
-00000260  50 3a df e1 23 c4 3f 58  df 1a c0 1d 57 a5 46 3b  |P:..#.?X....W.F;|
-00000270  5d 09 ac 62 63 28 8a a2  b5 d4 9b 88 7c b9 4d b4  |]..bc(......|.M.|
-00000280  66 b2 9d 53 6e 15 9c f2  9b c7 14 ca 19 7f 00 38  |f..Sn..........8|
-00000290  81 a3 7b 44 e8 3d 6d 54  0f b3 81 fd 82 07 4d a1  |..{D.=mT......M.|
-000002a0  3e 8c 30 34 cd 6e 55 96  58 bf 86 8b 9c f6 be 94  |>.04.nU.X.......|
-000002b0  f4 a8 7e 4d 7f 03 07 7e  98 14 03 03 00 01 01 16  |..~M...~........|
+00000230  88 0f 00 00 84 08 04 00  80 3c 66 74 5d c3 4b d6  |.........<ft].K.|
+00000240  98 89 fe 1d 47 36 26 62  e8 19 0a 2c a9 8d 9a cf  |....G6&b...,....|
+00000250  f2 a1 15 3a bb c5 90 be  8d 09 d5 e8 3e 1f f3 87  |...:........>...|
+00000260  19 a7 d9 5d 7c f6 65 32  bd 47 e9 2f 90 a8 90 1b  |...]|.e2.G./....|
+00000270  41 05 08 35 32 f6 c2 22  70 61 37 a3 48 96 72 e0  |A..52.."pa7.H.r.|
+00000280  41 26 07 a9 6c c2 34 72  35 d5 43 ce 23 fd 34 9b  |A&..l.4r5.C.#.4.|
+00000290  56 b7 4e c0 be b9 b3 bd  81 df 32 58 3f b2 af 34  |V.N.......2X?..4|
+000002a0  c0 08 69 27 19 43 0f 34  1b 56 ed 08 cd 1b 2b f3  |..i'.C.4.V....+.|
+000002b0  41 75 8c 0a b2 43 4c f6  fe 14 03 03 00 01 01 16  |Au...CL.........|
 000002c0  03 03 00 40 00 00 00 00  00 00 00 00 00 00 00 00  |...@............|
-000002d0  00 00 00 00 c7 88 1e 15  dd 36 31 22 0f 30 d1 4d  |.........61".0.M|
-000002e0  40 2e 3a dd 05 cc fd a8  d2 ea f8 d9 79 1d 07 46  |@.:.........y..F|
-000002f0  2c 80 ab ab 54 3c 10 5a  a7 79 d2 1c 16 18 94 eb  |,...T<.Z.y......|
-00000300  46 69 cc 03                                       |Fi..|
+000002d0  00 00 00 00 ce ef 0a 09  6d 11 17 89 31 b3 ac 31  |........m...1..1|
+000002e0  76 fe 02 d1 2b f8 dc df  fc 59 e3 2f aa 14 4e 9d  |v...+....Y./..N.|
+000002f0  c1 d9 5d f6 4f 57 6f 15  db 93 f1 27 12 02 7c 08  |..].OWo....'..|.|
+00000300  75 f6 48 26                                       |u.H&|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 9e 65 27 5b 92  |..........@.e'[.|
-00000010  1e 2b 1a bc 81 ab 85 29  51 c1 38 04 b6 97 e5 4b  |.+.....)Q.8....K|
-00000020  b1 7d a5 e2 6d e7 b1 1a  33 6c f1 3d a4 9c de 2d  |.}..m...3l.=...-|
-00000030  b3 8a 01 da cc f1 d7 83  b1 1e 84 cb b7 e7 fe e6  |................|
-00000040  26 83 b0 2d 6f a9 77 46  55 44 7a                 |&..-o.wFUDz|
+00000000  14 03 03 00 01 01 16 03  03 00 40 c0 0b de 9c 60  |..........@....`|
+00000010  35 52 38 09 01 7f e5 52  b3 cf b4 e6 27 02 36 52  |5R8....R....'.6R|
+00000020  ce 84 dd f5 ee f8 65 7c  89 ad 5e 1c 86 09 36 d0  |......e|..^...6.|
+00000030  23 c7 52 63 6b 67 97 4e  bf c0 28 83 3a c8 3e a2  |#.Rckg.N..(.:.>.|
+00000040  2f f3 d7 08 8c c0 86 64  8e 9c 3e                 |/......d..>|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 e2 55 06  b8 6f 63 c4 63 78 76 4b  |......U..oc.cxvK|
-00000020  c8 63 8b 4b c6 11 2c ff  dc fc 20 f7 52 fe fa 5f  |.c.K..,... .R.._|
-00000030  e3 45 3a f2 a1 15 03 03  00 30 00 00 00 00 00 00  |.E:......0......|
-00000040  00 00 00 00 00 00 00 00  00 00 0e cb 88 2f 1f be  |............./..|
-00000050  9c 76 4d db 75 7f eb 01  ae bd 76 28 07 41 49 6c  |.vM.u.....v(.AIl|
-00000060  4c 82 84 d5 fc d3 75 f4  4b 81                    |L.....u.K.|
+00000010  00 00 00 00 00 98 7e 6b  30 28 7d e1 6f 09 17 40  |......~k0(}.o..@|
+00000020  cf 5f 98 90 46 91 b5 9b  f8 29 22 a0 85 75 f7 f6  |._..F....)"..u..|
+00000030  f4 33 c8 60 75 15 03 03  00 30 00 00 00 00 00 00  |.3.`u....0......|
+00000040  00 00 00 00 00 00 00 00  00 00 02 c0 9e 3b 21 50  |.............;!P|
+00000050  a1 7a 16 67 32 3d 66 6d  c4 7f 9c 9b 44 30 31 f4  |.z.g2=fm....D01.|
+00000060  ea 03 7a e3 54 5d 35 7f  d3 eb                    |..z.T]5...|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSA b/testdata/Client-TLSv12-ClientCert-RSA-RSA
index 25fc245b..2dd00ba6 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 5f da ab 10 86  |....]...Y.._....|
-00000010  4c 91 60 4c ec 28 20 d4  37 84 c4 d0 87 bb 9d a9  |L.`L.( .7.......|
-00000020  5a c0 86 81 d9 91 38 5a  ef 3f ae 20 ec 14 b6 de  |Z.....8Z.?. ....|
-00000030  b7 cf 59 09 43 dc 59 3f  74 89 10 f2 82 ea 60 46  |..Y.C.Y?t.....`F|
-00000040  8f a3 6a 0f 61 0f 2d 66  24 c3 fb 7f c0 2f 00 00  |..j.a.-f$..../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 df 59 a1 48 61  |....]...Y...Y.Ha|
+00000010  ef db cd 29 5f 9b 90 e4  d9 6d db 10 98 ae 69 b8  |...)_....m....i.|
+00000020  97 ed 8f 57 24 42 16 32  0a b0 b1 20 79 b3 fc 90  |...W$B.2... y...|
+00000030  63 58 4b ab 45 d8 e9 39  7c 11 20 09 33 db b5 4c  |cXK.E..9|. .3..L|
+00000040  2c e2 d6 39 63 fe 74 d5  59 18 5c 7d c0 2f 00 00  |,..9c.t.Y.\}./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,18 +63,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 2c c4 b9  |............ ,..|
-000002d0  13 19 85 99 cb 09 f3 5c  3a a1 b2 16 ee 77 6a cd  |.......\:....wj.|
-000002e0  23 6c 08 00 7e 6b c0 67  a8 cd 8b 62 64 08 04 00  |#l..~k.g...bd...|
-000002f0  80 90 74 bf ce f7 94 f1  94 b1 95 04 4a ab d6 08  |..t.........J...|
-00000300  23 11 8d ce 4e 7b 36 ee  67 d2 26 af 11 0e 33 58  |#...N{6.g.&...3X|
-00000310  12 cb e5 3b 5b 5c f3 d1  82 19 2e 55 6b 98 05 6e  |...;[\.....Uk..n|
-00000320  3c 5e 04 f5 3e df 76 c3  e5 46 e7 a6 bb f7 d4 d5  |<^..>.v..F......|
-00000330  e8 fd 20 d3 ce 3e 9d a0  90 9a 10 52 a7 04 c9 e9  |.. ..>.....R....|
-00000340  28 6f 3f ff e1 0a 10 d0  25 04 ea e4 84 4c b7 80  |(o?.....%....L..|
-00000350  e4 fe a7 a6 da db cc b0  e0 62 80 10 fc 03 16 94  |.........b......|
-00000360  f2 dd 0d 3f aa 11 45 af  e3 e4 7b e6 bc d6 75 91  |...?..E...{...u.|
-00000370  99 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 12 4b 94  |............ .K.|
+000002d0  2b 4a d0 b5 0f ca 87 05  7f 56 c3 11 b0 83 01 27  |+J.......V.....'|
+000002e0  68 a2 dd 63 b6 9b ff e5  48 7e af dd 0f 08 04 00  |h..c....H~......|
+000002f0  80 38 6f 01 25 4e 51 f1  8d 6c 89 4b 85 85 1d cd  |.8o.%NQ..l.K....|
+00000300  63 21 5e 89 d5 04 ac 81  cf 42 3c 6f df f1 53 ac  |c!^......B<o..S.|
+00000310  e3 54 28 a3 9f 06 76 96  9c 64 c7 22 55 14 2e 48  |.T(...v..d."U..H|
+00000320  7e d3 97 9a 35 b8 cf 1c  b8 a0 f2 b1 da 2f 0f a4  |~...5......../..|
+00000330  07 44 43 a8 01 67 a8 94  8d 8e 7a 60 91 48 d0 c7  |.DC..g....z`.H..|
+00000340  b5 c9 c8 ad df b0 33 cd  4a 37 75 ef 65 56 4b fd  |......3.J7u.eVK.|
+00000350  23 e7 b7 d3 3b fc 14 4e  b0 32 9b d3 cb e1 cd 4e  |#...;..N.2.....N|
+00000360  93 0e 01 cf 54 95 af e5  29 1f 8d 07 42 0f 29 67  |....T...)...B.)g|
+00000370  6d 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |m....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -113,26 +115,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 4d c1 8a 3d 2b 1f a0  |.........M..=+..|
-00000240  ad 6f 1c b6 44 7c cc 0d  21 6f e8 31 51 58 51 fe  |.o..D|..!o.1QXQ.|
-00000250  84 f3 41 40 12 48 29 0d  20 16 d1 6a 4b 38 0b c8  |..A@.H). ..jK8..|
-00000260  b3 70 3f 4a ca 17 da 05  30 ec 6c 4f 55 e2 ee e5  |.p?J....0.lOU...|
-00000270  9a 8c a7 9f c1 96 79 cf  53 b6 67 c8 cb 67 d3 23  |......y.S.g..g.#|
-00000280  07 8a 3f ef df e5 e6 84  f6 5f 5e 23 57 89 cc 77  |..?......_^#W..w|
-00000290  99 ed 3d 58 8a ec eb bb  64 62 d1 44 7f b6 45 85  |..=X....db.D..E.|
-000002a0  89 06 90 56 48 98 8a 43  93 64 53 df 3a 8c b3 93  |...VH..C.dS.:...|
-000002b0  91 81 7b 60 95 8f 99 99  eb 14 03 03 00 01 01 16  |..{`............|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 dd 93 96 02  |...(............|
-000002d0  47 0e 1d 2f 6a 76 12 e5  56 53 8f 7f c1 cd f3 5e  |G../jv..VS.....^|
-000002e0  3c 94 35 1b fe d5 33 97  b2 5b a3 29              |<.5...3..[.)|
+00000230  88 0f 00 00 84 08 04 00  80 a5 81 a8 8a ed 68 25  |..............h%|
+00000240  5d 82 da 0f dc 93 20 56  34 c1 a0 62 0a a7 fb a5  |]..... V4..b....|
+00000250  58 07 79 b0 45 17 2d 13  99 9f 6c dc 53 9e 1c e2  |X.y.E.-...l.S...|
+00000260  1d 9b a3 bb 69 af 58 33  e1 31 d7 72 f4 86 1d 66  |....i.X3.1.r...f|
+00000270  55 a8 c9 77 5b 57 c5 86  74 a0 c9 25 a9 cc 2e da  |U..w[W..t..%....|
+00000280  26 17 6e bb 34 5b 49 94  0e 05 db b4 05 a4 65 22  |&.n.4[I.......e"|
+00000290  98 8c 91 ae d6 1c 89 f4  df 63 8b 45 17 05 0c 50  |.........c.E...P|
+000002a0  c0 1d 5e 75 67 c5 be 32  9d f0 4c a5 85 91 f6 f0  |..^ug..2..L.....|
+000002b0  8d 58 11 61 85 7b 5c e4  7e 14 03 03 00 01 01 16  |.X.a.{\.~.......|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 30 27 fd 36  |...(........0'.6|
+000002d0  e0 91 2d 1d d7 4a 38 d2  73 5c 5d 4c b2 27 42 cf  |..-..J8.s\]L.'B.|
+000002e0  df 0d 33 ee 49 18 36 f3  bd c6 ee a8              |..3.I.6.....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 de 60 8a ea b5  |..........(.`...|
-00000010  74 66 35 35 39 bb 62 ab  17 7d 91 c3 1a 5a e5 6c  |tf559.b..}...Z.l|
-00000020  49 14 c8 bc bd d6 b6 7e  2f 8e d4 40 5a ae ee 89  |I......~/..@Z...|
-00000030  89 ae af                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 30 5f 74 39 bb  |..........(0_t9.|
+00000010  c8 00 8c d7 bd 74 ce 43  62 ea 08 0f ba b4 88 74  |.....t.Cb......t|
+00000020  d3 31 c9 3c a6 3a 92 14  75 44 95 ee c0 a9 ef 75  |.1.<.:..uD.....u|
+00000030  40 25 5f                                          |@%_|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 3c 92 2d  |.............<.-|
-00000010  44 23 5b eb 34 dc 9a 4d  c2 fe a7 88 cb 6f 8d 62  |D#[.4..M.....o.b|
-00000020  4b 2a bf 15 03 03 00 1a  00 00 00 00 00 00 00 02  |K*..............|
-00000030  90 82 82 54 5d 63 6e 8b  50 71 6e e8 fd 75 96 9e  |...T]cn.Pqn..u..|
-00000040  d0 0d                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 f9 d9 d3  |................|
+00000010  ee ec ec 6e 8d 0d dd 62  f3 e1 19 0f f4 24 06 46  |...n...b.....$.F|
+00000020  76 7d 78 15 03 03 00 1a  00 00 00 00 00 00 00 02  |v}x.............|
+00000030  ce 6a 05 27 af 9a 3d 09  27 70 dc c2 4c 8a a5 ab  |.j.'..=.'p..L...|
+00000040  47 d4                                             |G.|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15 b/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
index 6500aec8..5fab0f8c 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 7b 21 bd ee 4b  |....]...Y..{!..K|
-00000010  af e3 88 cb 18 15 e5 f3  ef a5 a7 b3 a1 66 06 b2  |.............f..|
-00000020  f1 cc d7 36 7e 18 d1 f6  2e 3e cd 20 34 09 01 9f  |...6~....>. 4...|
-00000030  c6 80 10 43 c1 ed e6 c1  29 1c ed ac 61 36 37 4f  |...C....)...a67O|
-00000040  8e 00 44 9d b9 cb 51 0b  a2 9c 64 be c0 2f 00 00  |..D...Q...d../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 7b 1f 2c 33 ab  |....]...Y..{.,3.|
+00000010  6e f8 23 ca 20 a9 66 61  ac 29 00 3e ef a6 cd ee  |n.#. .fa.).>....|
+00000020  fe e7 18 b7 66 57 0d af  24 37 7a 20 e7 c8 bd 22  |....fW..$7z ..."|
+00000030  f7 ff 01 c5 ef c0 fb bd  b2 93 d9 81 df 30 96 91  |.............0..|
+00000040  0b af b5 a2 61 87 76 27  d4 bf ce 88 c0 2f 00 00  |....a.v'...../..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,18 +63,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 d3 22 bb  |............ .".|
-000002d0  c4 42 90 54 0a 43 f6 26  06 c1 ad 71 c8 82 ba 03  |.B.T.C.&...q....|
-000002e0  9b cd be a4 a8 04 5a 30  69 ec b5 c9 79 04 01 00  |......Z0i...y...|
-000002f0  80 ab c7 ca 24 9b db 7d  8c 81 c4 c4 46 49 2a 45  |....$..}....FI*E|
-00000300  69 31 1b dc ef 01 ce 9f  e4 da cf 6c 04 4c e3 4e  |i1.........l.L.N|
-00000310  16 84 05 fe 48 f4 21 60  fc d4 e1 6c 48 8c 87 2d  |....H.!`...lH..-|
-00000320  1f 56 2c ad 88 2b 5c 8d  4f 36 93 d6 a3 b1 32 4a  |.V,..+\.O6....2J|
-00000330  ef 0f e6 db 82 1c f2 ea  38 08 2a 62 8b a3 bd 4e  |........8.*b...N|
-00000340  8b 2a ae eb 0e e5 f1 88  ff 3c de f8 ed d7 c3 07  |.*.......<......|
-00000350  05 92 bb e5 6d 15 23 c8  54 19 a6 cf d1 4f e2 b1  |....m.#.T....O..|
-00000360  a3 4d ff 6f 22 32 5b 58  f7 58 c1 9f 58 59 b5 e2  |.M.o"2[X.X..XY..|
-00000370  7b 16 03 03 00 0c 0d 00  00 08 01 01 00 02 04 01  |{...............|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 2d 21 55  |............ -!U|
+000002d0  c7 73 14 c1 c8 84 91 4d  16 70 ca 47 46 4a 59 fe  |.s.....M.p.GFJY.|
+000002e0  20 d8 34 0a 78 8e a3 29  f5 40 38 d9 59 04 01 00  | .4.x..).@8.Y...|
+000002f0  80 03 9f da 00 e0 50 28  6b 29 84 9b 96 05 f1 86  |......P(k)......|
+00000300  ef f5 6d 9f 17 5f 07 f7  2d 32 af 5e 0d 72 f4 86  |..m.._..-2.^.r..|
+00000310  af 7c b9 e8 2d 80 b3 10  80 dd 61 5b e5 a7 53 5a  |.|..-.....a[..SZ|
+00000320  5e 19 47 5f f1 96 a4 ab  d8 e7 65 eb be eb bc 51  |^.G_......e....Q|
+00000330  95 6f 29 48 ac cb a7 08  3a b9 45 77 37 30 a3 83  |.o)H....:.Ew70..|
+00000340  e4 ef 58 06 0e ec a1 cf  2c 06 62 a8 1c 97 64 ac  |..X.....,.b...d.|
+00000350  c7 86 13 4c 9b 80 69 d4  89 9c 96 2c f9 20 c6 2c  |...L..i....,. .,|
+00000360  d2 11 64 ab 8d df c0 ea  1c 73 da ed 10 28 dc 90  |..d......s...(..|
+00000370  8a 16 03 03 00 0c 0d 00  00 08 01 01 00 02 04 01  |................|
 00000380  00 00 16 03 03 00 04 0e  00 00 00                 |...........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
@@ -110,26 +112,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 04 01 00  80 8f 22 b5 46 ab 82 02  |..........".F...|
-00000240  f8 a8 f8 63 d9 0f eb d4  2b 8d 02 de ce 79 d5 a1  |...c....+....y..|
-00000250  20 bb 70 7a b2 36 6a b5  52 81 f5 ea f7 23 b5 41  | .pz.6j.R....#.A|
-00000260  86 35 90 cc 64 4a 68 7e  e3 ae c1 97 32 3b c2 a9  |.5..dJh~....2;..|
-00000270  e0 f0 07 14 63 d5 08 15  59 46 f5 ea a6 39 5c 98  |....c...YF...9\.|
-00000280  39 7e 17 d8 74 ae 05 a3  f5 3a 71 74 e8 b4 c9 a4  |9~..t....:qt....|
-00000290  1c 82 04 ca fe 5f 97 23  8a c1 f9 ce d1 5d 0e 81  |....._.#.....]..|
-000002a0  da 5f e1 b6 76 80 3c cf  9f 19 79 cf 33 d0 0a fe  |._..v.<...y.3...|
-000002b0  19 fc 2d 9a bb 24 cd d4  79 14 03 03 00 01 01 16  |..-..$..y.......|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 28 78 b8 0b  |...(........(x..|
-000002d0  59 d8 a8 11 21 ed 45 74  02 00 50 33 42 b9 0a d2  |Y...!.Et..P3B...|
-000002e0  8c 9c a3 45 6e b5 9d 3e  5b 30 a9 2e              |...En..>[0..|
+00000230  88 0f 00 00 84 04 01 00  80 5e cb 28 a9 f4 b7 f1  |.........^.(....|
+00000240  a7 31 a5 51 4c 2d b0 c9  fb 84 0a 77 30 bc 00 72  |.1.QL-.....w0..r|
+00000250  66 65 aa 20 78 34 f1 3f  31 93 42 f7 7c 28 23 70  |fe. x4.?1.B.|(#p|
+00000260  b6 ad 2a 8f ed 70 2f a8  db ce 69 20 3e 9f 2a 6d  |..*..p/...i >.*m|
+00000270  1f 32 f8 32 7c 74 c9 2a  cd b5 c0 0d 0e 1a 32 d5  |.2.2|t.*......2.|
+00000280  ed a3 09 fb 8b ce 1d 30  52 5e ba c2 17 85 f0 c2  |.......0R^......|
+00000290  59 e6 db 0c 17 b3 2c 81  cd 1b f1 4c 92 e7 1b 6a  |Y.....,....L...j|
+000002a0  49 86 50 25 00 59 40 df  b2 fd c8 3b 9d c7 2f 57  |I.P%.Y@....;../W|
+000002b0  e1 e5 31 91 57 60 f2 b8  e5 14 03 03 00 01 01 16  |..1.W`..........|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 07 cd 54 b1  |...(..........T.|
+000002d0  e3 78 20 90 ca 71 5e 06  f4 32 e9 02 41 60 c1 9d  |.x ..q^..2..A`..|
+000002e0  d3 c6 42 45 d8 2e fc 3d  07 9a 9d 04              |..BE...=....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 f8 f5 85 19 36  |..........(....6|
-00000010  be 6e 58 45 66 04 c4 f9  e7 fd 50 55 3b 07 6c 50  |.nXEf.....PU;.lP|
-00000020  16 8c 2e 72 cf be 78 0a  8a 82 91 ed c1 72 10 d3  |...r..x......r..|
-00000030  cf 42 b5                                          |.B.|
+00000000  14 03 03 00 01 01 16 03  03 00 28 75 60 b0 0a 19  |..........(u`...|
+00000010  12 ee 0f 5c c2 6a 31 f8  27 e3 53 b1 76 2b 6a 93  |...\.j1.'.S.v+j.|
+00000020  a2 37 72 74 e8 e9 c8 e7  94 56 6b d5 a3 49 09 79  |.7rt.....Vk..I.y|
+00000030  59 66 34                                          |Yf4|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 53 4b a2  |.............SK.|
-00000010  e4 5f 51 70 46 3d e3 41  28 8b 82 02 e2 27 8d eb  |._QpF=.A(....'..|
-00000020  42 65 7f 15 03 03 00 1a  00 00 00 00 00 00 00 02  |Be..............|
-00000030  f3 31 ed 2c ca e5 13 e8  93 cd d7 51 4b c5 16 88  |.1.,.......QK...|
-00000040  c0 a4                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 70 7a 77  |.............pzw|
+00000010  14 b3 3d 3e 51 19 5e ae  97 56 bc e8 3c 1c 46 dd  |..=>Q.^..V..<.F.|
+00000020  67 e6 f5 15 03 03 00 1a  00 00 00 00 00 00 00 02  |g...............|
+00000030  50 4b b6 03 84 33 58 6a  a1 95 dc 8e ad d1 1f 8b  |PK...3Xj........|
+00000040  93 ca                                             |..|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS b/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
index b4c51025..867ec87a 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 0d 73 c5 43 a1  |....]...Y...s.C.|
-00000010  71 b6 21 da 7a f6 76 44  60 8a 84 ec 6b 1d 70 01  |q.!.z.vD`...k.p.|
-00000020  d8 b2 29 48 db 5d ea da  ea 79 bb 20 3f b9 66 fe  |..)H.]...y. ?.f.|
-00000030  73 db fc 90 18 3f ac e5  1f 5d 86 24 80 75 ec a3  |s....?...].$.u..|
-00000040  c6 aa e9 05 c1 47 21 bd  30 f6 41 43 c0 2f 00 00  |.....G!.0.AC./..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 97 c2 4c 45 c0  |....]...Y....LE.|
+00000010  22 6a 7d 71 93 1a 71 a7  e1 40 a5 44 5e 39 8a 3e  |"j}q..q..@.D^9.>|
+00000020  99 04 1f e1 74 ad 3a 64  89 ad 93 20 61 76 9a e1  |....t.:d... av..|
+00000030  39 26 af 37 ad ea f2 9c  4c 2e 1b a2 18 0c 73 8e  |9&.7....L.....s.|
+00000040  5b 8b f0 0f 44 04 80 31  5a 49 39 f0 c0 2f 00 00  |[...D..1ZI9../..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 66 0b  00 02 62 00 02 5f 00 02  |......f...b.._..|
 00000070  5c 30 82 02 58 30 82 01  8d a0 03 02 01 02 02 11  |\0..X0..........|
@@ -62,17 +64,17 @@
 000002a0  fa b1 3f 14 11 89 66 79  d1 8e 88 0e 0b a0 9e 30  |..?...fy.......0|
 000002b0  2a c0 67 ef ca 46 02 88  e9 53 81 22 69 22 97 ad  |*.g..F...S."i"..|
 000002c0  80 93 d4 f7 dd 70 14 24  d7 70 0a 46 a1 16 03 03  |.....p.$.p.F....|
-000002d0  00 ac 0c 00 00 a8 03 00  1d 20 03 05 56 dd 40 c0  |......... ..V.@.|
-000002e0  b6 4d 5a df 26 e7 4a f1  a8 47 ef af 12 6e 5f 01  |.MZ.&.J..G...n_.|
-000002f0  2a 7a 19 1a 45 52 8c 47  d2 53 08 04 00 80 8a 6a  |*z..ER.G.S.....j|
-00000300  9d 8b 38 73 da 92 bc f6  05 79 90 af 7a 43 59 62  |..8s.....y..zCYb|
-00000310  bc 97 b6 af ef ce 5f 59  07 81 93 bc c5 3c 5f f9  |......_Y.....<_.|
-00000320  4e 04 45 74 5e cc 7a 6f  82 7a cf 86 0d 68 c9 35  |N.Et^.zo.z...h.5|
-00000330  1d 62 f0 3c ee 77 b5 4c  3a 40 ec 89 fc 97 ff a6  |.b.<.w.L:@......|
-00000340  34 13 8b bc 6b 83 92 e8  52 c5 c6 42 c9 25 ad 37  |4...k...R..B.%.7|
-00000350  41 e7 5a 52 d8 0f 7d fd  a8 9e 86 c6 1b b2 8b 50  |A.ZR..}........P|
-00000360  2a 1c 15 56 00 d8 a8 85  86 05 28 7f a1 3e ba f2  |*..V......(..>..|
-00000370  fe 92 07 c8 a4 4a 2a 5f  d1 53 82 09 9c 65 16 03  |.....J*_.S...e..|
+000002d0  00 ac 0c 00 00 a8 03 00  1d 20 ae c6 bf 84 a5 c3  |......... ......|
+000002e0  05 6b fa 30 b0 ec b7 c2  ff ec 7d e4 b8 e0 f2 0f  |.k.0......}.....|
+000002f0  3d 0e ef de 32 ad f2 6e  52 55 08 04 00 80 07 86  |=...2..nRU......|
+00000300  e1 b2 04 6e b2 43 09 df  c9 20 35 11 3b 0f 10 61  |...n.C... 5.;..a|
+00000310  7e 67 cc 65 c6 60 80 c3  43 7d b8 1c 52 e3 09 af  |~g.e.`..C}..R...|
+00000320  df 38 79 e1 ea 6d b4 6b  bc 50 fe a8 6f 46 6f 9c  |.8y..m.k.P..oFo.|
+00000330  40 1c 6f f2 e5 c6 d9 a4  db 72 24 4a 9c 57 e7 d6  |@.o......r$J.W..|
+00000340  91 91 5b 1b f1 40 f2 d9  58 a2 81 4c d7 be 20 d4  |..[..@..X..L.. .|
+00000350  12 4f 64 05 e5 ec ba 35  22 a7 fe df c9 ea b3 43  |.Od....5"......C|
+00000360  dc 47 29 98 eb c9 92 11  42 a0 80 a4 2a 2e 4d 47  |.G).....B...*.MG|
+00000370  73 9e 0f 13 37 79 92 ca  db c4 84 db 05 4a 16 03  |s...7y.......J..|
 00000380  03 00 0c 0d 00 00 08 01  01 00 02 08 04 00 00 16  |................|
 00000390  03 03 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
@@ -118,26 +120,26 @@
 00000270  10 00 00 21 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |...! /.}.G.bC.(.|
 00000280  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
 00000290  5f 58 cb 3b 74 16 03 03  00 88 0f 00 00 84 08 04  |_X.;t...........|
-000002a0  00 80 2e 4c af b1 f2 9c  de 14 92 81 c4 7d d1 2f  |...L.........}./|
-000002b0  a3 ba ba df 6f 26 da 2d  86 b4 1f 60 cd fe e7 c1  |....o&.-...`....|
-000002c0  77 02 a5 58 3f 6a fc 1d  ef 93 23 0a 9c c9 70 93  |w..X?j....#...p.|
-000002d0  f8 0c 67 fd 58 83 96 85  62 da 31 e7 a6 78 9f 1c  |..g.X...b.1..x..|
-000002e0  dc 02 b3 b8 bc 05 26 92  e8 6a e7 3c db 5f 80 ee  |......&..j.<._..|
-000002f0  12 75 ff e6 36 36 e6 75  c2 77 d9 63 ef 60 89 db  |.u..66.u.w.c.`..|
-00000300  21 aa 27 85 11 9b 8c eb  be a3 e3 34 0e 01 93 ca  |!.'........4....|
-00000310  a6 65 e3 cd 0f b8 b5 c6  f0 d7 15 69 db 4b 57 d2  |.e.........i.KW.|
-00000320  05 0d 14 03 03 00 01 01  16 03 03 00 28 00 00 00  |............(...|
-00000330  00 00 00 00 00 b5 09 a0  c4 55 89 df 8a 60 83 f3  |.........U...`..|
-00000340  82 12 55 1d d5 50 11 81  74 0f cd b5 ed 9a 00 e7  |..U..P..t.......|
-00000350  58 f7 65 0e 8d                                    |X.e..|
+000002a0  00 80 cb ab 63 1d e6 7e  16 22 27 8b e7 91 f4 5c  |....c..~."'....\|
+000002b0  66 fc 70 eb f7 e6 9c 86  7c 62 30 1c 78 35 bf 09  |f.p.....|b0.x5..|
+000002c0  af d1 5b e3 55 45 98 8d  4c 16 8e 69 cb 8f 45 97  |..[.UE..L..i..E.|
+000002d0  6d c4 6a 25 2a 47 43 64  ac 52 12 bd f5 b9 c0 b0  |m.j%*GCd.R......|
+000002e0  51 38 e7 d4 c8 a2 9c 35  4b 5b ab 21 76 73 68 fe  |Q8.....5K[.!vsh.|
+000002f0  d0 7a f2 95 3c 44 3b 55  b0 89 76 3e 42 e1 23 51  |.z..<D;U..v>B.#Q|
+00000300  29 92 3d 6a df 29 61 ee  52 f5 78 71 97 13 d6 09  |).=j.)a.R.xq....|
+00000310  ff 08 7a 5f 9d 20 49 83  2e 84 82 ba 08 69 db ae  |..z_. I......i..|
+00000320  e2 1b 14 03 03 00 01 01  16 03 03 00 28 00 00 00  |............(...|
+00000330  00 00 00 00 00 6a ff 4b  3d c1 06 20 69 ed f0 a8  |.....j.K=.. i...|
+00000340  7c ec a7 f8 cc 8e a6 de  2d 5e 50 f7 b2 28 9e 97  ||.......-^P..(..|
+00000350  27 35 c3 67 72                                    |'5.gr|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 3f eb 87 50 b0  |..........(?..P.|
-00000010  ae c2 fd 68 30 95 94 61  1c 78 1e 60 3e 38 17 ef  |...h0..a.x.`>8..|
-00000020  ed 9b f1 10 26 5e 53 a3  8c 46 2e 6c 24 b2 ab a7  |....&^S..F.l$...|
-00000030  6c f0 ea                                          |l..|
+00000000  14 03 03 00 01 01 16 03  03 00 28 e3 2f c4 66 7e  |..........(./.f~|
+00000010  8f bf 41 2e 56 f3 d1 76  63 f8 c0 b1 86 50 98 a0  |..A.V..vc....P..|
+00000020  63 c0 c9 23 68 c5 7c f7  08 17 0a 62 78 a8 3d 86  |c..#h.|....bx.=.|
+00000030  5c 1a c6                                          |\..|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 fe de 40  |...............@|
-00000010  52 50 79 da 5f 31 52 52  d8 96 04 35 86 92 03 0b  |RPy._1RR...5....|
-00000020  6f 5f 04 15 03 03 00 1a  00 00 00 00 00 00 00 02  |o_..............|
-00000030  9c 85 24 b0 a9 17 24 cf  18 f6 ef f5 0d c6 77 6d  |..$...$.......wm|
-00000040  e0 b2                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 e9 51 91  |..............Q.|
+00000010  f5 cb 2d b9 5e cb b3 52  14 7c e8 18 8f fe b6 ee  |..-.^..R.|......|
+00000020  7a 41 90 15 03 03 00 1a  00 00 00 00 00 00 00 02  |zA..............|
+00000030  d3 5f c1 e2 f5 12 40 c0  4c 1d ab ef 16 3a af 19  |._....@.L....:..|
+00000040  30 59                                             |0Y|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES b/testdata/Client-TLSv12-ECDHE-ECDSA-AES
index 774cb40e..a17b1860 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 15 ed ca 52 59  |....]...Y.....RY|
-00000010  e2 56 80 e2 f3 20 5b 7d  52 f3 67 1f 01 0d ad 30  |.V... [}R.g....0|
-00000020  36 a6 43 c2 ed 5e 34 c5  24 89 e1 20 c7 4c 5d 06  |6.C..^4.$.. .L].|
-00000030  01 7a 80 aa 84 0c 46 48  63 36 49 4a 9b 3f 8d ba  |.z....FHc6IJ.?..|
-00000040  78 1b cd f9 ef 03 df cd  ee 2c b1 79 c0 09 00 00  |x........,.y....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 be 37 6c 0c 68  |....]...Y...7l.h|
+00000010  bd 81 e4 4e 28 fa 5d 2c  03 8d 17 7a 47 b8 de 89  |...N(.],...zG...|
+00000020  3d 06 71 dd 40 c0 70 c1  a8 3d 00 20 22 7e 4c f8  |=.q.@.p..=. "~L.|
+00000030  1c 6b 13 c4 12 46 d3 de  c4 88 2e 41 c3 d7 df 10  |.k...F.....A....|
+00000040  23 aa 30 b1 34 a5 7b c9  03 fb d8 3e c0 09 00 00  |#.0.4.{....>....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -57,38 +59,38 @@
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
 00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 b7 f5 92 bc 9b 4a  f9 62 3f 46 b8 b0 33 56  |. .....J.b?F..3V|
-00000290  1e 8d fc e9 68 af bf 67  9b a5 d0 9e a9 cc d9 65  |....h..g.......e|
-000002a0  7e 41 04 03 00 8a 30 81  87 02 41 08 b2 fe 6e 40  |~A....0...A...n@|
-000002b0  b7 5f 04 db eb 39 18 d5  e0 46 81 07 33 3a 29 fb  |._...9...F..3:).|
-000002c0  0b 19 76 ac 95 0d cd 4d  a4 f0 99 df 6d d6 73 79  |..v....M....m.sy|
-000002d0  ed 48 52 78 ea 7a 1d 4b  b1 67 d6 fd 21 3b c9 9d  |.HRx.z.K.g..!;..|
-000002e0  89 67 b7 b9 8e cf 35 28  62 28 3f 0b 02 42 01 7e  |.g....5(b(?..B.~|
-000002f0  4c a5 af 5b ba 3b d6 38  3b 34 b7 0c 69 27 92 ce  |L..[.;.8;4..i'..|
-00000300  34 ba bb 0d f6 32 65 fe  3c c0 9c 9d 92 88 b4 11  |4....2e.<.......|
-00000310  04 88 f5 b3 21 79 6c ed  6e f6 51 f5 e7 b1 3d 0d  |....!yl.n.Q...=.|
-00000320  bd d6 92 67 c8 90 71 7a  db cc cc 21 64 44 22 d4  |...g..qz...!dD".|
+00000280  1d 20 47 dc 78 14 d8 57  a7 37 29 1a 49 f6 07 09  |. G.x..W.7).I...|
+00000290  37 49 df 36 32 a1 e2 c9  67 e3 9c 40 ed f5 ac ea  |7I.62...g..@....|
+000002a0  c2 34 04 03 00 8a 30 81  87 02 41 14 f9 1f 8e 3d  |.4....0...A....=|
+000002b0  b6 d9 91 86 b0 b2 94 dd  14 89 47 b7 a5 2b d3 3a  |..........G..+.:|
+000002c0  b9 f8 ef 4c ae 5c 26 74  e8 c1 c5 18 f1 e5 cd 3f  |...L.\&t.......?|
+000002d0  4e 70 45 64 3b 53 14 b7  f7 86 bf d1 ee 3b cd ab  |NpEd;S.......;..|
+000002e0  cf 3a bd 12 c7 1e 89 fb  60 bf 34 be 02 42 01 7c  |.:......`.4..B.||
+000002f0  7b 7b 03 94 f9 1b 70 4c  25 3c c5 11 2c 1b e0 39  |{{....pL%<..,..9|
+00000300  6c ee d1 11 0e 73 82 97  06 c9 eb 92 44 cb 78 66  |l....s......D.xf|
+00000310  7c 9e 93 70 79 08 3e 20  90 ef 4b 9b 73 75 80 d4  ||..py.> ..K.su..|
+00000320  68 68 f0 06 b1 e8 d8 92  22 e0 07 a7 78 e7 e2 19  |hh......"...x...|
 00000330  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 07 03 9e  fa a4 84 27 17 b8 dd 53  |...........'...S|
-00000050  12 4b 89 a1 47 98 22 e3  7b c8 d4 5c 18 bb 89 09  |.K..G.".{..\....|
-00000060  29 3a b9 af d3 38 4a 40  76 d6 15 37 80 19 9c ce  |):...8J@v..7....|
-00000070  32 5b 94 89 2e                                    |2[...|
+00000040  00 00 00 00 00 27 23 d3  72 40 80 76 5c b6 7a fd  |.....'#.r@.v\.z.|
+00000050  bf 45 9e 33 76 d1 3d 1b  77 23 90 ed 75 7b aa 91  |.E.3v.=.w#..u{..|
+00000060  f2 8e e7 b1 bb 69 86 84  b2 b5 40 2c 4a 1d f9 cf  |.....i....@,J...|
+00000070  3e de fe 39 36                                    |>..96|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 2d 53 b0 b0 c1  |..........@-S...|
-00000010  05 78 e3 3c 5d 57 a5 04  9a 4b b9 f7 56 ce 5a 76  |.x.<]W...K..V.Zv|
-00000020  84 4d f2 46 2e fc c2 9c  ec 37 2b 4d 99 88 ab 30  |.M.F.....7+M...0|
-00000030  1b 83 7d d8 72 bf e7 c7  f7 cf b8 13 54 d5 a2 a2  |..}.r.......T...|
-00000040  dc 76 b3 01 a4 d0 a5 cc  eb 66 29                 |.v.......f)|
+00000000  14 03 03 00 01 01 16 03  03 00 40 54 e0 6f 57 aa  |..........@T.oW.|
+00000010  e7 14 b0 06 69 45 42 ee  6c ce a7 0b a7 27 94 83  |....iEB.l....'..|
+00000020  cd 63 81 19 ac 06 1b 9f  78 86 5b 04 82 40 e7 41  |.c......x.[..@.A|
+00000030  f1 df 17 26 8a b4 1c f1  59 ca 43 6b 13 f8 d7 8b  |...&....Y.Ck....|
+00000040  4e ce 28 cd d2 9b ca c6  42 04 e6                 |N.(.....B..|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 11 31 80  89 b8 32 e7 66 a6 eb c5  |......1...2.f...|
-00000020  ca 4b f7 2b 47 73 e9 cd  9f 4e 9a 5e 3f 99 5a 29  |.K.+Gs...N.^?.Z)|
-00000030  00 0d 4f 4e 93 15 03 03  00 30 00 00 00 00 00 00  |..ON.....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 d9 18 f4 dd 64 64  |..............dd|
-00000050  38 27 a7 96 d5 14 d1 b2  26 9c 14 96 54 2a cf d7  |8'......&...T*..|
-00000060  4c d0 b6 c3 20 fe 33 73  78 e5                    |L... .3sx.|
+00000010  00 00 00 00 00 d7 38 5f  c6 c8 c8 c0 2e fc 08 d7  |......8_........|
+00000020  40 aa 3d 6a 90 75 2f 90  c4 33 d9 a8 50 db 57 f6  |@.=j.u/..3..P.W.|
+00000030  3e 4d 03 c8 b0 15 03 03  00 30 00 00 00 00 00 00  |>M.......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 bf 0d 85 fb 60 57  |..............`W|
+00000050  02 4a 5f 95 9e 6b 00 6e  6e e6 a9 3e 6d fd 62 b9  |.J_..k.nn..>m.b.|
+00000060  79 d3 5e e2 63 cd 3b f1  a8 0d                    |y.^.c.;...|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
index 86095340..93bdcc53 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 e1 ed 2c 5d 15  |....]...Y....,].|
-00000010  15 24 d2 e3 a0 58 fb 2f  89 a3 26 b1 c8 06 0f dc  |.$...X./..&.....|
-00000020  ef e1 a7 a4 81 4a 71 2c  1d a2 35 20 be ff 22 db  |.....Jq,..5 ..".|
-00000030  2d 33 1b 11 24 55 96 96  54 5f 62 c7 7f b5 ba 32  |-3..$U..T_b....2|
-00000040  e7 e6 7c 11 68 f8 97 d1  17 f7 8f 4f c0 2b 00 00  |..|.h......O.+..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 a7 4e f4 80 a2  |....]...Y...N...|
+00000010  78 28 eb 69 72 3a 45 21  e6 dd 67 7c a4 64 70 97  |x(.ir:E!..g|.dp.|
+00000020  51 60 f1 e3 27 16 b2 08  54 2d 78 20 07 7c ed b5  |Q`..'...T-x .|..|
+00000030  dd aa 68 7a a6 8b 85 3d  49 be e4 78 ac 47 b1 02  |..hz...=I..x.G..|
+00000040  15 35 ea f2 db 4b 03 f3  29 f3 d1 87 c0 2b 00 00  |.5...K..)....+..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -57,33 +59,33 @@
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
 00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 74 55 23 1a ff ed  d3 e7 95 30 ee ed 6d 77  |. tU#......0..mw|
-00000290  57 83 fb 09 fc 81 70 69  d8 ae 38 1b e7 da 7f c6  |W.....pi..8.....|
-000002a0  e4 01 04 03 00 8a 30 81  87 02 41 36 52 ca 91 b7  |......0...A6R...|
-000002b0  a2 b2 31 91 98 96 65 92  67 a6 9c f2 75 8a 00 91  |..1...e.g...u...|
-000002c0  8e 17 bd 22 d2 6c cb 16  0a fb 6b 27 08 3b f9 e4  |...".l....k'.;..|
-000002d0  7c b5 21 45 60 4c c0 71  0b 28 46 d2 a8 a2 ad ad  ||.!E`L.q.(F.....|
-000002e0  51 fd bc 2e 40 7d 06 89  e7 b8 07 df 02 42 00 86  |Q...@}.......B..|
-000002f0  83 4f 1d c1 c0 6d 3c f3  ed 24 47 70 65 e9 7c 5e  |.O...m<..$Gpe.|^|
-00000300  27 43 f0 05 b8 cd a4 34  ba 69 bc 81 7c fb b1 c3  |'C.....4.i..|...|
-00000310  f8 bc 99 d6 90 15 8f db  21 fe 9f 18 10 23 75 6d  |........!....#um|
-00000320  22 b2 c6 f4 a5 60 80 31  06 a3 ad 33 88 c4 52 5d  |"....`.1...3..R]|
+00000280  1d 20 26 c9 de 9d 39 5a  31 f1 7c 95 e8 c4 13 8f  |. &...9Z1.|.....|
+00000290  a7 ac 82 75 12 ac 50 ad  15 41 c9 e8 92 24 1a d1  |...u..P..A...$..|
+000002a0  c8 2b 04 03 00 8a 30 81  87 02 41 15 01 bf f7 9b  |.+....0...A.....|
+000002b0  94 32 92 67 13 9a c6 f5  31 f8 42 67 a3 74 79 24  |.2.g....1.Bg.ty$|
+000002c0  55 e5 d3 f4 14 e1 3e 5e  ac 65 8c 28 48 d5 ee 05  |U.....>^.e.(H...|
+000002d0  d0 12 96 5b 8f 14 30 fa  ce e7 19 ee f0 38 86 c2  |...[..0......8..|
+000002e0  f4 32 0a 0c d9 7d 9e 40  9b 11 a4 0e 02 42 00 fb  |.2...}.@.....B..|
+000002f0  c7 0f 07 f9 87 f7 ea af  30 3a 04 e7 6a 89 3f bd  |........0:..j.?.|
+00000300  39 3f 20 0e b5 b0 aa 5f  29 ea c4 69 22 fb 38 9f  |9? ...._)..i".8.|
+00000310  35 e1 35 a6 80 86 2d eb  bc bf 01 e9 56 78 ca 21  |5.5...-.....Vx.!|
+00000320  68 a3 01 07 3c 9e 7f c2  9a 11 3d ef b7 ce 6e 02  |h...<.....=...n.|
 00000330  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 6b 3d 83  |....(........k=.|
-00000040  88 db aa b0 62 30 8d 4a  6c b2 f1 14 d3 99 43 65  |....b0.Jl.....Ce|
-00000050  4c ef 26 a4 ba 46 2f 75  9a 05 0c f2 91           |L.&..F/u.....|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 32 28 d6  |....(........2(.|
+00000040  94 ba 29 2f 2b 40 56 07  0b fd a7 ce a7 79 94 b6  |..)/+@V......y..|
+00000050  f6 e4 dd eb a6 23 f3 97  8c 1f c6 a5 52           |.....#......R|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 d5 c2 de 26 c1  |..........(...&.|
-00000010  ed 28 f1 d8 81 b3 9a 4f  3d 82 ad 22 d0 2c 41 61  |.(.....O=..".,Aa|
-00000020  8b 15 a3 72 01 94 44 ff  8f 01 c1 05 e6 84 56 0a  |...r..D.......V.|
-00000030  8b 1d c4                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 73 67 36 43 96  |..........(sg6C.|
+00000010  59 15 59 7a dd 3c 3f d5  88 bf 55 e1 cb d0 41 10  |Y.Yz.<?...U...A.|
+00000020  df f1 85 72 9e 87 7f fd  e8 b0 62 61 41 10 42 1e  |...r......baA.B.|
+00000030  2d 34 e1                                          |-4.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 c7 7d a7  |..............}.|
-00000010  c4 a5 a1 21 94 7a 23 bc  05 44 7d 4a 2f 16 dc 95  |...!.z#..D}J/...|
-00000020  25 6e 17 15 03 03 00 1a  00 00 00 00 00 00 00 02  |%n..............|
-00000030  77 fa b6 34 7e 60 77 f9  a5 09 d1 39 b0 1e 66 86  |w..4~`w....9..f.|
-00000040  50 41                                             |PA|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 31 23 80  |.............1#.|
+00000010  a4 01 5a f9 7c 3b fc 2f  4d 70 4e 4f 8f 69 fc 99  |..Z.|;./MpNO.i..|
+00000020  d4 7a a7 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.z..............|
+00000030  37 75 3a 5a 6c d8 5a fd  0d cf 1f 88 67 2c 48 89  |7u:Zl.Z.....g,H.|
+00000040  6c 9e                                             |l.|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 b/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
index ac5d07e6..eed1e965 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 36 c3 50 72 b9  |....]...Y..6.Pr.|
-00000010  0d e9 d9 76 1d 31 72 e6  61 ec 3e 13 93 d7 f1 52  |...v.1r.a.>....R|
-00000020  a7 36 5c 16 9a cc c5 c0  da 7e f3 20 31 79 7a ec  |.6\......~. 1yz.|
-00000030  1d db f7 cd 0a fe b3 86  6f 43 12 f4 9d 19 16 51  |........oC.....Q|
-00000040  e2 42 1b 94 43 13 71 67  2d 52 7a 86 c0 23 00 00  |.B..C.qg-Rz..#..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 83 27 64 12 65  |....]...Y...'d.e|
+00000010  ed df dd 5e 6c 79 e4 7b  fe fd 05 26 e0 c8 5a ca  |...^ly.{...&..Z.|
+00000020  fa 08 c2 2a 78 e1 65 33  b3 b9 82 20 01 95 06 02  |...*x.e3... ....|
+00000030  41 f4 d7 e9 64 9a a8 91  df dc 15 d0 87 02 28 7c  |A...d.........(||
+00000040  e2 75 8c 94 a3 0f 20 19  e6 e8 c4 b7 c0 23 00 00  |.u.... ......#..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -56,43 +58,43 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
-00000280  1d 20 d2 2d 0f 11 29 eb  b4 23 67 1c 40 84 7f 7e  |. .-..)..#g.@..~|
-00000290  cd 8c 3d c2 62 ed 9b 0f  08 01 5b a5 fd 86 31 c5  |..=.b.....[...1.|
-000002a0  d2 76 04 03 00 8b 30 81  88 02 42 01 a4 ea c8 67  |.v....0...B....g|
-000002b0  c0 0a 93 23 7c d9 41 17  ba 91 02 78 c7 16 28 85  |...#|.A....x..(.|
-000002c0  b8 d6 5c ed ed 20 1e 8b  90 e0 19 db 67 72 7e d3  |..\.. ......gr~.|
-000002d0  2c 2e 84 6a d7 bc b7 53  74 8b 1b ef a8 bc 39 d8  |,..j...St.....9.|
-000002e0  e0 75 29 6b 1d 89 c3 12  c2 3c 51 25 84 02 42 01  |.u)k.....<Q%..B.|
-000002f0  4e 37 c9 2d 59 48 df 15  33 45 dc 4d e9 46 78 8e  |N7.-YH..3E.M.Fx.|
-00000300  cc 1e ef c4 2b ea c8 bc  a1 2e 58 18 60 a2 98 5a  |....+.....X.`..Z|
-00000310  cf 95 0d 18 6a f7 67 cb  6d a4 4a 5b 0d f1 ee 5e  |....j.g.m.J[...^|
-00000320  08 80 e5 90 cc 9a 5e 7f  ea 69 5f a9 0f f3 a2 9b  |......^..i_.....|
-00000330  15 16 03 03 00 04 0e 00  00 00                    |..........|
+00000270  95 12 07 8f 2a 16 03 03  00 b5 0c 00 00 b1 03 00  |....*...........|
+00000280  1d 20 69 77 9a 39 8f bb  af a5 cd 5e 60 af f9 6a  |. iw.9.....^`..j|
+00000290  dc e7 2a 36 a9 bc 47 e1  fa 2d 3f a6 91 1e 6f ae  |..*6..G..-?...o.|
+000002a0  43 01 04 03 00 89 30 81  86 02 41 01 b7 fa da 05  |C.....0...A.....|
+000002b0  7c 23 3c b6 32 ea 79 ea  7c 48 62 62 c1 af 4c ff  ||#<.2.y.|Hbb..L.|
+000002c0  3f 1f e6 11 a5 8e 78 76  f6 40 d3 27 a1 24 87 90  |?.....xv.@.'.$..|
+000002d0  14 5b 66 75 31 00 0a 97  f8 98 25 af 3c 59 39 a9  |.[fu1.....%.<Y9.|
+000002e0  3a df 7b 01 ac 0b 2d 69  96 f9 89 43 02 41 6f fd  |:.{...-i...C.Ao.|
+000002f0  1f 23 6d 10 61 1e 13 27  cf 44 9e 98 46 4b d3 6c  |.#m.a..'.D..FK.l|
+00000300  d4 54 57 18 85 3d 3b 19  5e 32 9c 5f 33 96 58 0e  |.TW..=;.^2._3.X.|
+00000310  b0 b6 40 89 2b 73 bb 4c  34 74 57 01 f3 8a cb 7e  |..@.+s.L4tW....~|
+00000320  6f b2 df b4 d1 d7 1b 64  df 46 0f 96 02 fd f9 16  |o......d.F......|
+00000330  03 03 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 50 00 00 00  00 00 00 00 00 00 00 00  |....P...........|
-00000040  00 00 00 00 00 98 8d 15  68 8c 12 3e 4a 88 64 7c  |........h..>J.d||
-00000050  69 46 25 16 66 20 d7 f5  7e 08 d8 9d c4 89 c1 cf  |iF%.f ..~.......|
-00000060  ac 86 b7 ce 3a 9c 95 0c  5d d1 a2 c2 bf fd 7c e1  |....:...].....|.|
-00000070  b5 f4 04 7e 71 ae 3c fc  d2 c1 2a ec 81 e4 62 a6  |...~q.<...*...b.|
-00000080  e6 05 72 d8 9e                                    |..r..|
+00000040  00 00 00 00 00 1b 00 be  75 a8 f7 e4 b6 76 b2 7c  |........u....v.||
+00000050  30 bb 35 a2 e0 d1 ea 35  83 6d 05 6b 29 0f 4e 80  |0.5....5.m.k).N.|
+00000060  26 16 53 96 67 8e 71 ed  4a 32 1a 9f f3 8d de 34  |&.S.g.q.J2.....4|
+00000070  cb d4 b4 11 c8 7d 05 36  21 87 2b ae 33 92 d3 16  |.....}.6!.+.3...|
+00000080  1c b6 3b a3 6d                                    |..;.m|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 27 94 9b d3 f1  |..........P'....|
-00000010  6c 59 bb fa b7 73 8b d6  fa b2 ca c1 0c d3 60 cf  |lY...s........`.|
-00000020  50 18 a6 6f 3d b3 46 a1  06 a2 b1 62 4c ea 88 2f  |P..o=.F....bL../|
-00000030  95 bc 35 6f 55 a6 8a 52  69 6c 5b a5 fc 94 2a b6  |..5oU..Ril[...*.|
-00000040  27 7c d7 95 27 72 d4 c1  f2 f9 9c a5 b3 2a 85 52  |'|..'r.......*.R|
-00000050  ae bf 14 52 54 51 6a fe  a1 99 05                 |...RTQj....|
+00000000  14 03 03 00 01 01 16 03  03 00 50 c0 c8 04 54 26  |..........P...T&|
+00000010  72 7d 0d a5 86 d5 92 7b  09 73 02 62 37 7a 86 6f  |r}.....{.s.b7z.o|
+00000020  5b 31 1f 28 42 3c 98 2b  08 20 03 55 c0 d6 bd 62  |[1.(B<.+. .U...b|
+00000030  8b c4 18 57 f1 d8 51 ef  f1 93 6b 70 af 72 95 06  |...W..Q...kp.r..|
+00000040  77 91 b5 37 b3 31 73 a4  a3 fb bb 63 9d 41 45 30  |w..7.1s....c.AE0|
+00000050  b4 07 43 8a 74 44 83 16  50 22 a0                 |..C.tD..P".|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 9b b4 f6  7e 49 48 09 cd 4f ed 22  |........~IH..O."|
-00000020  68 db 19 94 ad af de d1  9b b6 bc f5 d6 7f c6 b2  |h...............|
-00000030  ff b1 0e b4 0e dd 77 19  e8 9e ff 68 1a 04 fc e5  |......w....h....|
-00000040  f2 3b 5b 34 aa 15 03 03  00 40 00 00 00 00 00 00  |.;[4.....@......|
-00000050  00 00 00 00 00 00 00 00  00 00 f7 95 04 54 94 ff  |.............T..|
-00000060  f7 86 df 0a 2e 5b e9 54  fe 13 30 2a 97 f9 21 8e  |.....[.T..0*..!.|
-00000070  83 8b ba 86 77 67 92 33  5e a8 ea b7 64 65 63 59  |....wg.3^...decY|
-00000080  44 2e 65 60 9a 0a 7c 78  97 a4                    |D.e`..|x..|
+00000010  00 00 00 00 00 ba c5 0e  9d f6 a1 64 f9 13 fa aa  |...........d....|
+00000020  07 1f cb d1 b6 f3 42 11  ac 2e aa 08 a4 f6 67 9e  |......B.......g.|
+00000030  1d d9 35 6a 70 85 24 25  aa b0 f3 13 87 fd 9e d5  |..5jp.$%........|
+00000040  69 60 88 bc 5c 15 03 03  00 40 00 00 00 00 00 00  |i`..\....@......|
+00000050  00 00 00 00 00 00 00 00  00 00 41 86 ed 8a 40 26  |..........A...@&|
+00000060  39 b4 bf 47 01 bf a9 9c  df 12 07 f0 dc 64 2f 5b  |9..G.........d/[|
+00000070  1e 44 94 78 85 b7 d8 92  f1 d4 d6 a7 d2 39 b5 3f  |.D.x.........9.?|
+00000080  f9 e0 78 d6 40 61 c9 4e  b0 32                    |..x.@a.N.2|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 b/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
index ad5fa501..2a1b2918 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 54 28 b4 3e d3  |....]...Y..T(.>.|
-00000010  f8 21 2a 34 c9 6b 54 76  aa d2 cf 5e 07 7a aa e2  |.!*4.kTv...^.z..|
-00000020  10 cb 3e ed 87 f4 3e 70  44 d0 35 20 6e b4 f0 71  |..>...>pD.5 n..q|
-00000030  76 96 1e 2a 57 74 4b db  9a 11 0a af 06 ea 3b 20  |v..*WtK.......; |
-00000040  a8 81 51 9d 41 ef f1 f9  23 87 18 cb c0 2c 00 00  |..Q.A...#....,..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 77 69 ed c9 15  |....]...Y..wi...|
+00000010  48 74 3a b5 29 8b 17 d7  88 88 33 ac 7d 5e b2 c1  |Ht:.).....3.}^..|
+00000020  73 a8 e2 4c 5e 66 a6 07  54 57 0e 20 9f b9 f0 03  |s..L^f..TW. ....|
+00000030  74 51 4a bc 23 0b 4c 6d  e3 09 8a d9 1f 09 68 33  |tQJ.#.Lm......h3|
+00000040  d7 13 a7 7a 8e 34 73 73  97 32 a6 02 c0 2c 00 00  |...z.4ss.2...,..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -56,34 +58,34 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
-00000280  1d 20 de df 32 23 35 b3  79 a9 49 c2 b3 ad 0c d6  |. ..2#5.y.I.....|
-00000290  23 a6 6a 9b 0f e3 52 51  7b bc f2 79 00 c9 a4 a0  |#.j...RQ{..y....|
-000002a0  94 02 04 03 00 8b 30 81  88 02 42 01 8c 12 91 28  |......0...B....(|
-000002b0  d4 6d cd 39 62 75 9a e0  e5 dd ea 31 45 f5 cd 8b  |.m.9bu.....1E...|
-000002c0  28 82 14 f5 e9 61 0e 9d  af 42 06 17 42 e9 24 1c  |(....a...B..B.$.|
-000002d0  2b 1a c8 77 e4 7a 82 2b  b0 dd 28 3f 76 5d dd fd  |+..w.z.+..(?v]..|
-000002e0  20 53 87 e6 77 26 be 45  e4 6d 31 e3 bf 02 42 01  | S..w&.E.m1...B.|
-000002f0  70 c5 97 3a e4 7b 80 2b  1b eb c9 b2 0a 79 92 2e  |p..:.{.+.....y..|
-00000300  3d b1 4d 13 69 d2 60 a9  fd e9 66 56 83 e4 f5 6a  |=.M.i.`...fV...j|
-00000310  ae cd 8b 94 9f 0b 70 81  b1 ed c6 0d 5f 33 42 04  |......p....._3B.|
-00000320  3d f7 b6 d3 e9 09 b8 bf  43 8c 19 d5 7d 60 d6 a9  |=.......C...}`..|
-00000330  f7 16 03 03 00 04 0e 00  00 00                    |..........|
+00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
+00000280  1d 20 a4 6e f2 07 14 a1  e4 02 87 6c 49 4e bf 77  |. .n.......lIN.w|
+00000290  c0 d9 85 13 9a 65 b7 a7  27 d7 1c 34 c4 91 bc fb  |.....e..'..4....|
+000002a0  ef 31 04 03 00 8a 30 81  87 02 42 00 8f a1 f7 fa  |.1....0...B.....|
+000002b0  18 35 a7 14 ed 02 80 4d  12 bd 07 91 5c b1 e0 8f  |.5.....M....\...|
+000002c0  c8 74 e9 37 04 56 96 8a  f3 57 42 a0 53 18 45 ad  |.t.7.V...WB.S.E.|
+000002d0  1d 90 27 fb 75 f8 d2 df  e2 e7 ad b5 98 f1 b2 88  |..'.u...........|
+000002e0  d9 e0 9d 46 fb 53 6d 5a  95 31 75 a4 1e 02 41 3f  |...F.SmZ.1u...A?|
+000002f0  63 12 d6 e0 8a 92 81 7d  93 fe f6 98 5a a7 75 13  |c......}....Z.u.|
+00000300  be 4e 31 8c b0 ee a7 41  82 fe b4 05 01 69 7f 61  |.N1....A.....i.a|
+00000310  65 41 d3 9e 59 37 03 e9  e0 4b 18 88 a5 67 d2 c1  |eA..Y7...K...g..|
+00000320  83 22 3a 09 88 c0 6e b7  e5 a4 c3 e8 ce d9 3c cc  |.":...n.......<.|
+00000330  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 a7 5d c9  |....(.........].|
-00000040  e7 6b 78 13 ae 11 64 d0  e7 77 48 03 d4 cf b9 65  |.kx...d..wH....e|
-00000050  7f 07 75 78 7f 3d ae a1  9a 0f fb cb 74           |..ux.=......t|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 dd 37 75  |....(.........7u|
+00000040  d9 75 19 9e aa 4b dd 1e  c7 af 7f 26 e2 72 30 92  |.u...K.....&.r0.|
+00000050  70 68 97 ce 03 e3 a2 99  9a 85 1a c8 09           |ph...........|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 07 4e 69 71 66  |..........(.Niqf|
-00000010  75 a0 bb b4 fd 86 8d 74  40 7e 0d e9 a5 95 d0 2d  |u......t@~.....-|
-00000020  ca eb 12 2f 7b 09 22 7c  8e bf da 97 18 d9 bd 74  |.../{."|.......t|
-00000030  cd 08 6b                                          |..k|
+00000000  14 03 03 00 01 01 16 03  03 00 28 f2 ba 40 ec e3  |..........(..@..|
+00000010  77 30 c8 b1 b3 3f 97 f1  28 3b 59 26 2c a0 d3 19  |w0...?..(;Y&,...|
+00000020  4a bd d3 f1 5d e3 6c 62  56 ee 75 75 05 05 3c 1c  |J...].lbV.uu..<.|
+00000030  17 98 0a                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 44 26 54  |.............D&T|
-00000010  a3 37 94 7a 3d 93 6a 06  35 fe 9a d4 7b 54 ab d4  |.7.z=.j.5...{T..|
-00000020  33 fd 93 15 03 03 00 1a  00 00 00 00 00 00 00 02  |3...............|
-00000030  bf ff c7 9e 4b db ee a4  a2 b9 a5 91 cd 09 97 a2  |....K...........|
-00000040  55 a5                                             |U.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 0b bc a8  |................|
+00000010  12 42 1b c7 8e a4 e9 26  65 4d 89 d6 e1 f0 33 67  |.B.....&eM....3g|
+00000020  5a 29 8c 15 03 03 00 1a  00 00 00 00 00 00 00 02  |Z)..............|
+00000030  42 d5 85 47 7f 6e b0 ad  23 13 74 44 84 75 4b 85  |B..G.n..#.tD.uK.|
+00000040  22 3a                                             |":|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 b/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
index 9982121e..3cea3743 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
@@ -1,24 +1,26 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 d4 01 00 00  d0 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 f2 01 00 00  ee 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 08 cc a9  |................|
-00000050  13 03 13 01 13 02 01 00  00 7f 00 0b 00 02 01 00  |................|
+00000050  13 03 13 01 13 02 01 00  00 9d 00 0b 00 02 01 00  |................|
 00000060  ff 01 00 01 00 00 17 00  00 00 12 00 00 00 05 00  |................|
 00000070  05 01 00 00 00 00 00 0a  00 0a 00 08 00 1d 00 17  |................|
 00000080  00 18 00 19 00 0d 00 1a  00 18 08 04 04 03 08 07  |................|
 00000090  08 05 08 06 04 01 05 01  06 01 05 03 06 03 02 01  |................|
-000000a0  02 03 00 2b 00 09 08 03  04 03 03 03 02 03 01 00  |...+............|
-000000b0  33 00 26 00 24 00 1d 00  20 2f e5 7d a3 47 cd 62  |3.&.$... /.}.G.b|
-000000c0  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-000000d0  c2 ed 90 99 5f 58 cb 3b  74                       |...._X.;t|
+000000a0  02 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
+000000b0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
+000000c0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
+000000d0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
+000000e0  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
+000000f0  90 99 5f 58 cb 3b 74                              |.._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 4f ed 35 28 41  |....]...Y..O.5(A|
-00000010  4a 0f a2 da 57 ef 60 69  32 00 a5 82 22 3d d9 ea  |J...W.`i2..."=..|
-00000020  36 28 20 31 e3 4a b6 d1  b6 b4 49 20 97 f3 45 59  |6( 1.J....I ..EY|
-00000030  e7 9c f5 40 57 51 b8 f8  5a 8d f2 eb ce 83 18 2d  |...@WQ..Z......-|
-00000040  e3 28 55 6f 17 08 23 88  57 b1 a0 e4 cc a9 00 00  |.(Uo..#.W.......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 32 3b b0 38 26  |....]...Y..2;.8&|
+00000010  a2 4b 38 02 83 42 af 10  77 e7 6b a9 d6 e7 ac c8  |.K8..B..w.k.....|
+00000020  69 ba 70 cb f8 de 6d 28  a9 b5 40 20 9f f0 a4 35  |i.p...m(..@ ...5|
+00000030  3e eb cf 99 5a 69 6c 0c  9d 45 21 ca fe e7 03 52  |>...Zil..E!....R|
+00000040  39 66 c5 90 1f 75 57 9d  03 51 3b 21 cc a9 00 00  |9f...uW..Q;!....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -54,31 +56,31 @@
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
 00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
-00000280  1d 20 64 49 59 eb a9 80  c3 0a 9e 13 f4 09 04 6b  |. dIY..........k|
-00000290  1f e5 3b 0b 77 84 fe 2e  1f ea 7e d4 64 2a 7f 3f  |..;.w.....~.d*.?|
-000002a0  dc 0f 04 03 00 8b 30 81  88 02 42 00 a4 62 9b d1  |......0...B..b..|
-000002b0  ed 60 b7 2d 05 48 64 b6  94 3b a1 75 cb 41 78 e5  |.`.-.Hd..;.u.Ax.|
-000002c0  e0 12 70 d9 90 4d c0 34  39 f3 52 13 75 4b fa 10  |..p..M.49.R.uK..|
-000002d0  19 6f a6 2d b4 c3 8f 45  0c 7f 34 fb 82 01 e6 a1  |.o.-...E..4.....|
-000002e0  be 73 72 3b e5 04 80 70  7d bd 4a f9 e5 02 42 01  |.sr;...p}.J...B.|
-000002f0  69 3d 53 e9 8d 70 6d 07  84 7e 56 3f ce 53 b9 6c  |i=S..pm..~V?.S.l|
-00000300  43 0f 70 74 f1 52 ce d4  95 55 13 8c 07 e7 20 d7  |C.pt.R...U.... .|
-00000310  61 2e b7 f4 5b 34 6e 5d  9c d8 73 66 89 a1 f6 7e  |a...[4n]..sf...~|
-00000320  01 bb 9a 5e 52 59 3f fc  3e 24 fc e7 49 10 83 9d  |...^RY?.>$..I...|
-00000330  fb 16 03 03 00 04 0e 00  00 00                    |..........|
+00000280  1d 20 b4 e4 ee 96 88 73  de d8 bc 4f 90 ca fa df  |. .....s...O....|
+00000290  26 b4 88 19 04 0e d1 be  0f 3c bb 23 68 0e a6 20  |&........<.#h.. |
+000002a0  39 17 04 03 00 8b 30 81  88 02 42 00 c7 4a 60 ba  |9.....0...B..J`.|
+000002b0  7d 8f 8a 69 93 dc 5b 9d  ce a1 33 82 ed 95 00 fb  |}..i..[...3.....|
+000002c0  96 6b 31 d9 3a 10 80 fd  03 5f d2 63 40 e1 26 75  |.k1.:...._.c@.&u|
+000002d0  d3 bd d7 4e 79 c7 1a 82  c2 3b ef e0 72 c2 a6 d3  |...Ny....;..r...|
+000002e0  28 bb d4 49 46 39 8d bd  03 9d a8 98 8b 02 42 01  |(..IF9........B.|
+000002f0  d2 51 90 9c 41 a2 51 24  8f 2e 4a 24 31 69 91 d0  |.Q..A.Q$..J$1i..|
+00000300  c3 39 0b f6 55 3e e7 b0  43 36 99 50 dd c6 45 9a  |.9..U>..C6.P..E.|
+00000310  a7 e3 c0 65 c9 b5 02 85  f6 f1 55 b2 f6 f9 8e 30  |...e......U....0|
+00000320  3b 2a 3d 8a 5c 51 31 5d  9a 3f 9d e5 63 a9 4e ba  |;*=.\Q1].?..c.N.|
+00000330  fe 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 cf f9 90  26 e8 2c 00 99 ae 0e e6  |.... ...&.,.....|
-00000040  a8 d9 66 6b 23 e7 c9 73  1c f7 e9 af e1 71 1d f3  |..fk#..s.....q..|
-00000050  34 60 ee 16 9d                                    |4`...|
+00000030  16 03 03 00 20 ae 4e 75  d9 a7 be a2 6c 68 b0 19  |.... .Nu....lh..|
+00000040  b6 ef dd 90 f6 6b 27 ce  52 23 66 56 54 4a e0 b7  |.....k'.R#fVTJ..|
+00000050  d8 77 fc be 32                                    |.w..2|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 39 9f 39 3a 22  |.......... 9.9:"|
-00000010  0b 27 cb 75 0d 43 98 11  06 dd 7e 73 17 e0 8a 19  |.'.u.C....~s....|
-00000020  6d eb a8 33 c6 42 b4 e9  cb dd b1                 |m..3.B.....|
+00000000  14 03 03 00 01 01 16 03  03 00 20 b5 41 67 54 66  |.......... .AgTf|
+00000010  94 8b 39 45 fb aa 66 f7  01 4b 4d d3 55 03 56 b3  |..9E..f..KM.U.V.|
+00000020  2b 08 ca bb 29 f5 0c 6b  12 8d 76                 |+...)..k..v|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 24 1f 08  49 ef 32 16 8d 76 c7 34  |.....$..I.2..v.4|
-00000010  e0 08 cb d9 e7 72 aa 0f  fb c4 94 15 03 03 00 12  |.....r..........|
-00000020  38 0b 8c e0 0b 61 20 e8  a6 7c 77 69 fb 00 96 39  |8....a ..|wi...9|
-00000030  b9 a7                                             |..|
+00000000  17 03 03 00 16 7b 7f a6  ce de 59 a8 56 2f 1b a0  |.....{....Y.V/..|
+00000010  30 39 9d 87 41 3e bf 7c  af 5d f8 15 03 03 00 12  |09..A>.|.]......|
+00000020  47 4e 8a e8 c7 b7 5e d2  0d 57 f5 7d 85 91 08 f6  |GN....^..W.}....|
+00000030  57 b9                                             |W.|
diff --git a/testdata/Client-TLSv12-ECDHE-RSA-AES b/testdata/Client-TLSv12-ECDHE-RSA-AES
index e2e935cc..2e8cf680 100644
--- a/testdata/Client-TLSv12-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv12-ECDHE-RSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 8d 69 e3 6e 69  |....]...Y...i.ni|
-00000010  45 96 8b 0d c8 7d 9c dc  b6 75 24 ee 61 44 95 99  |E....}...u$.aD..|
-00000020  cb a8 da df 35 ac c3 36  02 3f b9 20 2d c2 47 c9  |....5..6.?. -.G.|
-00000030  f0 47 80 9a c6 bd e4 1b  ca d6 62 17 59 ec c9 83  |.G........b.Y...|
-00000040  d5 ed 3f 2c 13 b0 30 0a  5e 1f 0e db c0 13 00 00  |..?,..0.^.......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 aa fb 37 3d 67  |....]...Y....7=g|
+00000010  95 94 f7 8e 74 8b 21 20  8b 63 e3 61 7f 00 53 e7  |....t.! .c.a..S.|
+00000020  cc 9e b4 72 3e ae e5 36  93 b8 17 20 be 6d 69 ec  |...r>..6... .mi.|
+00000030  ba 51 86 16 80 1e e5 dc  59 d2 6f d5 c0 28 0c bd  |.Q......Y.o..(..|
+00000040  98 3b 5f 7b 70 36 ce 40  cd 37 23 98 c0 13 00 00  |.;_{p6.@.7#.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,38 +63,38 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 0f 4e 12  |............ .N.|
-000002d0  ab ce 7e 62 68 64 e0 1d  7e 33 a2 ee 5d e7 2d d5  |..~bhd..~3..].-.|
-000002e0  d2 dc d0 ce b2 7e 9b be  33 8d 9c 56 7a 08 04 00  |.....~..3..Vz...|
-000002f0  80 44 b8 9b 87 5f 84 f6  8a 99 af e9 f7 f8 88 fd  |.D..._..........|
-00000300  f7 12 02 48 a1 fa 66 9c  89 a2 dc bf fd 41 08 fa  |...H..f......A..|
-00000310  6f e4 44 09 8e c1 45 bb  2a e9 e3 45 19 a3 81 50  |o.D...E.*..E...P|
-00000320  99 46 5f 86 5b 6b c0 29  d1 e5 21 4b 56 af f4 d0  |.F_.[k.)..!KV...|
-00000330  63 c4 75 ac f6 75 61 ca  fe 1a b9 70 4d 14 50 b1  |c.u..ua....pM.P.|
-00000340  12 7f 29 2d c5 d7 78 da  06 3e 4c 47 75 8a a6 01  |..)-..x..>LGu...|
-00000350  37 17 1c e8 ef 94 85 d0  e2 ee d5 25 ae 8d f8 e6  |7..........%....|
-00000360  90 10 12 37 b4 0f f5 c7  a2 85 1a 83 8a 38 e6 32  |...7.........8.2|
-00000370  98 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 67 97 c9  |............ g..|
+000002d0  92 1a a5 f1 e1 9b 81 36  74 0a 00 b1 f9 78 a3 0e  |.......6t....x..|
+000002e0  a1 44 98 69 92 ac cd 03  3e 94 a1 ee 1c 08 04 00  |.D.i....>.......|
+000002f0  80 93 2b a2 28 51 d1 7d  2e 07 e2 07 07 5b 3f 56  |..+.(Q.}.....[?V|
+00000300  1a 17 4a 70 6b 74 ac a2  12 02 f9 3d ec 85 b1 df  |..Jpkt.....=....|
+00000310  5a 17 a2 79 9b bb 40 4a  2f 27 a5 c1 71 7f 70 25  |Z..y..@J/'..q.p%|
+00000320  a1 72 c5 20 86 3a a2 1e  0c 53 a0 2e 76 7f 5f 5a  |.r. .:...S..v._Z|
+00000330  00 55 6b 9d 0b 5e 3a c7  8e 25 97 fb d5 a4 ea 68  |.Uk..^:..%.....h|
+00000340  79 9c 29 34 e5 6f 44 07  8b a7 7a 9c 31 c5 34 08  |y.)4.oD...z.1.4.|
+00000350  31 8d 5e 9f 0f cb 42 ae  e7 66 59 41 62 37 25 f6  |1.^...B..fYAb7%.|
+00000360  09 42 10 11 9e 19 08 6b  56 43 ae 05 ac 1c a4 24  |.B.....kVC.....$|
+00000370  f5 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 6c 72 1c  47 f9 89 fa 2b 0e cf 69  |.....lr.G...+..i|
-00000050  bf 95 e4 ea b8 74 e7 99  d4 c4 53 f5 97 f5 08 f9  |.....t....S.....|
-00000060  ef 03 e7 76 b8 2c 31 f6  9b 2c cd 27 c8 42 6a a8  |...v.,1..,.'.Bj.|
-00000070  c0 e0 b9 5e cd                                    |...^.|
+00000040  00 00 00 00 00 fc 6b 1b  7e 07 14 39 83 00 01 20  |......k.~..9... |
+00000050  ca 14 c9 c8 03 6e cb 3c  05 b8 63 c3 37 a1 63 c9  |.....n.<..c.7.c.|
+00000060  9b a1 94 01 de 61 0c 7f  ae 92 95 4d 31 6b e8 5e  |.....a.....M1k.^|
+00000070  bb 73 3f 3b a5                                    |.s?;.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 89 35 48 2e 99  |..........@.5H..|
-00000010  7c 13 76 5e 7f 07 a6 44  d9 95 1c 9f 25 59 3d f5  ||.v^...D....%Y=.|
-00000020  df d6 5e cb 85 3e 0c f7  48 69 95 77 29 95 88 1c  |..^..>..Hi.w)...|
-00000030  1e 76 8a c3 ea 69 07 75  46 68 09 50 fa 30 0a 57  |.v...i.uFh.P.0.W|
-00000040  84 e3 c7 d9 34 c4 40 32  7b f4 95                 |....4.@2{..|
+00000000  14 03 03 00 01 01 16 03  03 00 40 e4 fe 65 a6 8e  |..........@..e..|
+00000010  05 32 44 9d 56 27 03 e2  da 79 c9 fd 52 76 2e bb  |.2D.V'...y..Rv..|
+00000020  37 9f 40 59 ba de ba 56  82 a1 b4 39 29 b0 29 af  |7.@Y...V...9).).|
+00000030  96 42 9e f8 c4 e7 cf 72  1c 2c c8 c7 cb ba cd 82  |.B.....r.,......|
+00000040  bf 21 17 07 6b 39 2c 0a  17 0b 74                 |.!..k9,...t|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 24 6d d9  23 68 ad 8d 64 2e 3a d5  |.....$m.#h..d.:.|
-00000020  ed eb 4c e9 cb 9d 13 49  4c 44 b9 00 af af 2c e7  |..L....ILD....,.|
-00000030  22 c0 bb 31 4e 15 03 03  00 30 00 00 00 00 00 00  |"..1N....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 c8 60 b8 c1 66 9b  |...........`..f.|
-00000050  52 44 3c 26 7f ff 96 a6  21 c7 eb 33 71 f8 40 23  |RD<&....!..3q.@#|
-00000060  7c 5b ef b2 e1 b4 3f 84  82 48                    ||[....?..H|
+00000010  00 00 00 00 00 e4 be e7  a6 e6 3c 1e ca 47 07 07  |..........<..G..|
+00000020  98 a3 4d 13 6d ac 75 57  45 de 8e fc ca 02 c8 b6  |..M.m.uWE.......|
+00000030  00 fc 7f e0 50 15 03 03  00 30 00 00 00 00 00 00  |....P....0......|
+00000040  00 00 00 00 00 00 00 00  00 00 84 c2 3c b7 11 8c  |............<...|
+00000050  d2 65 43 4d aa 28 0c 7f  5f 73 9c cf 43 fe 72 d1  |.eCM.(.._s..C.r.|
+00000060  87 86 9b c8 1b 04 13 a7  44 5c                    |........D\|
diff --git a/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 b/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
index f8f04ac1..ccfa718f 100644
--- a/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
+++ b/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 8f cc 68 50 60  |....]...Y....hP`|
-00000010  11 c8 c3 ce e7 e9 e1 3c  fb 29 d7 4f df 44 16 65  |.......<.).O.D.e|
-00000020  1d 3b 25 5b 32 59 f1 8e  be d8 49 20 c2 89 a7 d5  |.;%[2Y....I ....|
-00000030  cb 2c a2 05 19 6b 65 64  9b 71 2b d3 d2 19 cb 66  |.,...ked.q+....f|
-00000040  61 c1 6f 19 b4 7a 15 41  76 14 85 fc c0 27 00 00  |a.o..z.Av....'..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 81 ab 9b 85 bf  |....]...Y.......|
+00000010  f2 7f b2 d1 38 37 f5 dd  42 34 b6 69 e9 25 48 1c  |....87..B4.i.%H.|
+00000020  65 59 3b 6a 04 17 05 49  87 42 87 20 6a da fc 8d  |eY;j...I.B. j...|
+00000030  38 a9 cd 09 65 ac f1 9c  d6 ee ab 74 ad 96 df a0  |8...e......t....|
+00000040  87 98 23 29 79 78 0b c3  8f af ea 3c c0 27 00 00  |..#)yx.....<.'..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,42 +63,42 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 88 db 33  |............ ..3|
-000002d0  96 fb ae 63 de f8 2b 4b  94 fa da c2 8e 75 fa 63  |...c..+K.....u.c|
-000002e0  0a 54 2b 68 01 76 2a 76  4f e7 91 e9 2a 08 04 00  |.T+h.v*vO...*...|
-000002f0  80 d9 47 dd dd b9 94 b8  1c 1b dc 1f 79 bd f1 26  |..G.........y..&|
-00000300  66 19 52 0b 0a 2e ea 0d  69 bf 93 a0 29 0f 6a 30  |f.R.....i...).j0|
-00000310  2c 1b 44 25 13 e3 b7 03  db b3 fc 37 9c 3f bb e7  |,.D%.......7.?..|
-00000320  c7 4d 65 8f af bb 39 fa  6e 77 09 bb 08 09 7e d1  |.Me...9.nw....~.|
-00000330  0f ad 57 78 a6 cb a8 3f  2e 70 fc 38 75 2f a0 23  |..Wx...?.p.8u/.#|
-00000340  0b 0c 6c 28 0a 71 51 dc  10 8f 85 fd 97 0f c4 84  |..l(.qQ.........|
-00000350  80 cf 70 0a a9 56 9a af  2f ab 12 c7 8b d1 82 1c  |..p..V../.......|
-00000360  f0 6c 08 00 73 18 dd 6e  5a 66 ed a5 f7 7a 3d 73  |.l..s..nZf...z=s|
-00000370  88 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 88 0b 7c  |............ ..||
+000002d0  04 c5 e3 0b 1c aa 4b 4c  0a 3a 5c 67 a5 ac 01 be  |......KL.:\g....|
+000002e0  32 77 9e 69 dc ae 64 0e  c7 4c 34 7d 74 08 04 00  |2w.i..d..L4}t...|
+000002f0  80 b7 0e 09 2f 58 46 d2  7e 19 ca d3 34 31 ac 86  |..../XF.~...41..|
+00000300  94 b3 18 56 e0 b0 75 88  ed d2 5c d2 d6 80 18 30  |...V..u...\....0|
+00000310  28 75 16 eb fb ee b6 ce  13 ed f2 75 7c b5 0d a8  |(u.........u|...|
+00000320  04 33 95 aa 2b c0 21 db  8a a8 cc 9b fe eb 55 32  |.3..+.!.......U2|
+00000330  04 22 e6 02 83 ca b1 c0  1d 14 7f 8c 44 de ce c7  |."..........D...|
+00000340  6a 60 73 1f 96 c3 62 7d  9d 36 cc f9 c1 a8 12 cb  |j`s...b}.6......|
+00000350  ea 93 36 db 8c 15 29 a1  03 3a 4f 82 13 52 f8 de  |..6...)..:O..R..|
+00000360  6f 80 b6 9d ad e8 ea 04  03 0d a5 63 74 e9 bf 2f  |o..........ct../|
+00000370  5f 16 03 03 00 04 0e 00  00 00                    |_.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 50 00 00 00  00 00 00 00 00 00 00 00  |....P...........|
-00000040  00 00 00 00 00 93 01 19  de 19 e6 58 a9 b2 bb e6  |...........X....|
-00000050  83 08 03 78 72 d8 25 fc  31 70 55 fa cd ec e4 0a  |...xr.%.1pU.....|
-00000060  a2 7b 00 5c fe 7f 08 26  a5 ca 9f d6 28 95 69 f5  |.{.\...&....(.i.|
-00000070  b9 17 23 34 83 fe 36 24  60 17 4c 90 18 30 f9 44  |..#4..6$`.L..0.D|
-00000080  af 74 ea 65 4b                                    |.t.eK|
+00000040  00 00 00 00 00 f3 03 08  16 9c 4f c9 0e 8c 2a 74  |..........O...*t|
+00000050  4f d4 8a 84 50 fa 16 da  5e 76 d5 80 26 40 6a 55  |O...P...^v..&@jU|
+00000060  75 16 4c 28 58 09 c9 88  fd af 93 f2 94 46 3d 1b  |u.L(X........F=.|
+00000070  6c 04 af af b4 c1 14 c7  76 5e 10 64 4e 61 19 a9  |l.......v^.dNa..|
+00000080  c8 94 aa 7b fc                                    |...{.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 b6 cf 83 c7 0d  |..........P.....|
-00000010  dc 8f 9a 96 0d 0b 4f 58  ed c9 46 fa 95 0b f1 ab  |......OX..F.....|
-00000020  9a 50 2a cc af 26 73 03  0b 93 e7 4e 96 a0 e2 44  |.P*..&s....N...D|
-00000030  01 99 9e 06 a3 81 3f 0b  e4 7c 03 53 e4 65 36 69  |......?..|.S.e6i|
-00000040  65 96 79 a2 4e 79 e8 fc  b1 6a 50 3e dd 22 1f e3  |e.y.Ny...jP>."..|
-00000050  fe e3 77 9f 8c 05 f8 cc  08 4b 6b                 |..w......Kk|
+00000000  14 03 03 00 01 01 16 03  03 00 50 9f 93 29 9e ce  |..........P..)..|
+00000010  ec cb 1f 2e 0a 4b a9 cf  2a 18 2c 6a 4e b6 4f e5  |.....K..*.,jN.O.|
+00000020  e1 15 c5 fc 8b 07 31 c1  88 ea 34 dd 14 c8 e0 e3  |......1...4.....|
+00000030  da 9e cf 42 5e 6b d9 3f  a7 00 e7 37 b0 2f cb fb  |...B^k.?...7./..|
+00000040  bb 80 4b c8 e0 00 47 af  04 26 7d e4 c0 71 0a c9  |..K...G..&}..q..|
+00000050  73 d4 35 99 e9 d8 06 c3  6f 09 69                 |s.5.....o.i|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 f8 39 8e  57 60 18 1c ef 19 c8 da  |......9.W`......|
-00000020  f4 3b dc 42 85 44 e3 59  28 ea 29 11 60 ba 2b 2b  |.;.B.D.Y(.).`.++|
-00000030  dc 6a 5d 3a ed ce f2 10  34 17 6e 10 67 00 f0 43  |.j]:....4.n.g..C|
-00000040  3e 0f e1 a1 c8 15 03 03  00 40 00 00 00 00 00 00  |>........@......|
-00000050  00 00 00 00 00 00 00 00  00 00 13 0d fa 71 e4 df  |.............q..|
-00000060  76 f3 c9 01 d5 60 b4 34  d4 6f 68 f5 cd af d6 0b  |v....`.4.oh.....|
-00000070  e6 af ab ec 64 75 38 d6  17 d4 27 81 96 e5 71 74  |....du8...'...qt|
-00000080  d5 cd 39 30 35 4a ef 92  56 6e                    |..905J..Vn|
+00000010  00 00 00 00 00 65 8e 6b  75 f5 ea 6f 63 c0 12 d8  |.....e.ku..oc...|
+00000020  c5 42 81 1a ef 04 64 0b  38 99 35 9b 4e 84 9c 40  |.B....d.8.5.N..@|
+00000030  bc d6 f9 6f 52 16 4b c3  cb 26 42 30 af a1 d0 f9  |...oR.K..&B0....|
+00000040  07 56 27 c2 12 15 03 03  00 40 00 00 00 00 00 00  |.V'......@......|
+00000050  00 00 00 00 00 00 00 00  00 00 b1 d0 14 32 93 af  |.............2..|
+00000060  02 66 bd 5d 39 26 20 3f  c5 f1 24 54 52 a6 38 18  |.f.]9& ?..$TR.8.|
+00000070  91 6e b8 07 d9 37 58 6d  cc a9 b0 86 11 c6 b1 10  |.n...7Xm........|
+00000080  06 0c dc a5 5b ad c7 a6  fe b1                    |....[.....|
diff --git a/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
index 2ea5debf..c1670a67 100644
--- a/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
+++ b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
@@ -1,24 +1,26 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 d4 01 00 00  d0 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 f2 01 00 00  ee 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 08 cc a8  |................|
-00000050  13 03 13 01 13 02 01 00  00 7f 00 0b 00 02 01 00  |................|
+00000050  13 03 13 01 13 02 01 00  00 9d 00 0b 00 02 01 00  |................|
 00000060  ff 01 00 01 00 00 17 00  00 00 12 00 00 00 05 00  |................|
 00000070  05 01 00 00 00 00 00 0a  00 0a 00 08 00 1d 00 17  |................|
 00000080  00 18 00 19 00 0d 00 1a  00 18 08 04 04 03 08 07  |................|
 00000090  08 05 08 06 04 01 05 01  06 01 05 03 06 03 02 01  |................|
-000000a0  02 03 00 2b 00 09 08 03  04 03 03 03 02 03 01 00  |...+............|
-000000b0  33 00 26 00 24 00 1d 00  20 2f e5 7d a3 47 cd 62  |3.&.$... /.}.G.b|
-000000c0  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-000000d0  c2 ed 90 99 5f 58 cb 3b  74                       |...._X.;t|
+000000a0  02 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
+000000b0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
+000000c0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
+000000d0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
+000000e0  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
+000000f0  90 99 5f 58 cb 3b 74                              |.._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 01 ce 8f f1 84  |....]...Y.......|
-00000010  65 dc 47 4e 43 f2 cd 85  6c 98 40 a7 5c 7f ed 53  |e.GNC...l.@.\..S|
-00000020  78 63 03 dd 50 3e a4 27  20 21 bf 20 d9 93 9d f6  |xc..P>.' !. ....|
-00000030  1f e8 0e 72 fc 64 e0 dd  8e ef b3 ea ff 5b ad 60  |...r.d.......[.`|
-00000040  a5 f0 68 ff 7e 35 46 a4  28 71 31 fd cc a8 00 00  |..h.~5F.(q1.....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 34 c1 8b 5f 3a  |....]...Y..4.._:|
+00000010  34 19 b4 a5 7a b6 d4 d8  83 54 60 22 6c 56 52 d0  |4...z....T`"lVR.|
+00000020  c6 ae 08 d2 17 49 97 ec  fe f2 8a 20 d5 fc 67 75  |.....I..... ..gu|
+00000030  b1 26 04 0e ce 3a 0e c3  4a e3 9a 20 0b 36 12 43  |.&...:..J.. .6.C|
+00000040  13 0e db 9e 50 ca d6 54  89 01 33 56 cc a8 00 00  |....P..T..3V....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -58,31 +60,31 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 ea 03 c7  |............ ...|
-000002d0  b0 eb 76 ba 86 25 18 e5  0d b3 70 2a 41 72 4d 88  |..v..%....p*ArM.|
-000002e0  55 6d 91 2b 65 fe e0 64  12 69 42 eb 27 08 04 00  |Um.+e..d.iB.'...|
-000002f0  80 0f 00 0a b0 35 db 39  fa ba a1 27 44 e0 9b d4  |.....5.9...'D...|
-00000300  b8 aa b3 4f 93 46 ed 09  f8 3e 1b c8 47 6e 52 8a  |...O.F...>..GnR.|
-00000310  8f fd b1 67 f6 05 87 68  de 7b 25 1b 40 df 1e f2  |...g...h.{%.@...|
-00000320  04 2b 4f 39 3d 6f a8 f7  25 37 26 34 87 84 06 c4  |.+O9=o..%7&4....|
-00000330  0e 31 bc 46 8a d2 99 14  6d 5d 14 32 a2 32 fc 10  |.1.F....m].2.2..|
-00000340  5e fb d9 f8 06 d4 05 17  5d 59 f4 38 c5 13 1c 91  |^.......]Y.8....|
-00000350  5a 5f cb dd 3e 27 78 10  2c 0c 9b 7f 1a ec 4c da  |Z_..>'x.,.....L.|
-00000360  fb d7 52 eb 76 83 75 87  d2 a3 7f e9 25 a5 8a 22  |..R.v.u.....%.."|
-00000370  dd 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 63 b1 95  |............ c..|
+000002d0  d7 d2 63 99 59 8e 56 00  0a 08 29 c9 a5 30 bd 1b  |..c.Y.V...)..0..|
+000002e0  f1 e4 ad 7d 99 c0 ea 9d  44 1c c6 22 56 08 04 00  |...}....D.."V...|
+000002f0  80 d8 02 bd 3f 32 2e 05  8b 2f 2b 98 ef fe 6b 96  |....?2.../+...k.|
+00000300  80 ab d3 e1 d0 56 45 f6  66 2a 44 52 f3 47 85 f6  |.....VE.f*DR.G..|
+00000310  3a 0a 08 11 31 be 39 68  e8 8a cd ac 83 c2 32 10  |:...1.9h......2.|
+00000320  d5 9a d6 d4 9c 93 3a 49  1e d2 43 d6 f3 b8 96 6a  |......:I..C....j|
+00000330  0b 50 53 58 77 2f 7a d5  a3 d8 f7 33 6a 29 16 05  |.PSXw/z....3j)..|
+00000340  4a 71 d3 23 dc f1 91 ec  4d be 10 53 f5 57 0d 01  |Jq.#....M..S.W..|
+00000350  36 ea 6f b7 42 68 76 6c  15 57 24 bb 92 c6 48 91  |6.o.Bhvl.W$...H.|
+00000360  b2 02 83 75 9a 52 63 2d  3c 6a b5 91 8a cf ad 52  |...u.Rc-<j.....R|
+00000370  a2 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 28 48 18  85 9d 35 c7 5a 46 2c a7  |.... (H...5.ZF,.|
-00000040  5b 8b c0 71 73 66 d0 a7  53 a0 e3 ed c8 57 f3 70  |[..qsf..S....W.p|
-00000050  9a 01 58 61 84                                    |..Xa.|
+00000030  16 03 03 00 20 ab c0 00  15 90 de 61 3e 0b 60 16  |.... ......a>.`.|
+00000040  88 fe 6e a8 31 b8 cf bf  18 f5 21 c0 51 4f 96 fe  |..n.1.....!.QO..|
+00000050  47 eb c3 75 9b                                    |G..u.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 b9 72 f6 07 40  |.......... .r..@|
-00000010  0b 2f 67 8a 97 fa 17 24  81 e5 6f 5b 09 90 72 8d  |./g....$..o[..r.|
-00000020  48 59 14 00 34 e8 3c 82  b8 2f 87                 |HY..4.<../.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 38 2e e1 49 d7  |.......... 8..I.|
+00000010  20 aa 42 6c 73 05 b7 37  e3 0c 14 b0 fb bd 0f 04  | .Bls..7........|
+00000020  79 a8 6c 01 63 4a 92 c8  13 a0 d9                 |y.l.cJ.....|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 f6 cf b1  93 64 54 56 f3 35 3d 8f  |.........dTV.5=.|
-00000010  31 5e 66 62 56 aa e9 81  47 4c 8b 15 03 03 00 12  |1^fbV...GL......|
-00000020  de 0b 32 2b 58 2c b5 4e  80 2a 66 e7 a0 a9 28 d9  |..2+X,.N.*f...(.|
-00000030  db 11                                             |..|
+00000000  17 03 03 00 16 d4 37 f1  77 d5 49 df 50 58 c9 41  |......7.w.I.PX.A|
+00000010  ad 99 2b bc 85 a7 33 d4  ff 96 c0 15 03 03 00 12  |..+...3.........|
+00000020  a9 7f 06 84 dd 17 63 18  26 14 5e 3e 04 87 af 37  |......c.&.^>...7|
+00000030  7f 0c                                             |..|
diff --git a/testdata/Client-TLSv12-Ed25519 b/testdata/Client-TLSv12-Ed25519
index d43ee07e..a3d23b62 100644
--- a/testdata/Client-TLSv12-Ed25519
+++ b/testdata/Client-TLSv12-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 93 8a a3 77 84  |....]...Y.....w.|
-00000010  fd 41 3d a5 ad b5 eb 91  63 a6 b5 3a 5f 21 08 df  |.A=.....c..:_!..|
-00000020  72 07 be 1f df d7 4e 6f  f3 f8 cb 20 ae d3 e5 fe  |r.....No... ....|
-00000030  53 a3 c7 84 6c 3e c6 1d  d5 65 5d a6 a5 7d f7 5c  |S...l>...e]..}.\|
-00000040  34 65 a7 df 1e 28 3f 7d  20 08 81 2c cc a9 00 00  |4e...(?} ..,....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 19 33 a6 0c 80  |....]...Y...3...|
+00000010  5d 56 d6 7b 85 ae 50 82  3a 61 7b b0 dd 01 f8 98  |]V.{..P.:a{.....|
+00000020  b9 51 22 e7 12 4c 98 f2  4c 50 49 20 37 6f ad 03  |.Q"..L..LPI 7o..|
+00000030  52 51 44 3e 26 19 df e3  59 cd 6a 41 37 3c 46 95  |RQD>&...Y.jA7<F.|
+00000040  1f e1 07 20 f2 6b b4 15  a2 41 0e b2 cc a9 00 00  |... .k...A......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 01 3c 0b  00 01 38 00 01 35 00 01  |......<...8..5..|
 00000070  32 30 82 01 2e 30 81 e1  a0 03 02 01 02 02 10 0f  |20...0..........|
@@ -44,26 +46,26 @@
 00000180  fc ab 7d 4d d4 e0 93 13  d0 a9 42 e0 b6 6b fe 5d  |..}M......B..k.]|
 00000190  67 48 d7 9f 50 bc 6c cd  4b 03 83 7c f2 08 58 cd  |gH..P.l.K..|..X.|
 000001a0  ac cf 0c 16 03 03 00 6c  0c 00 00 68 03 00 1d 20  |.......l...h... |
-000001b0  e9 e7 75 b4 4c 42 14 7a  e0 50 0a 95 f1 d7 35 aa  |..u.LB.z.P....5.|
-000001c0  39 05 9e 59 73 5e cd d2  ec 56 18 f0 ee 1f 81 3c  |9..Ys^...V.....<|
-000001d0  08 07 00 40 44 e9 19 b6  00 49 f7 c8 06 62 cb c1  |...@D....I...b..|
-000001e0  b5 7c b6 cd 32 47 c9 05  82 3b f0 af d1 cd 75 8b  |.|..2G...;....u.|
-000001f0  82 8b 47 dd 85 13 78 69  5d 40 7e 9b 91 24 2e ce  |..G...xi]@~..$..|
-00000200  3e be e0 12 1e ec 56 0b  ff 25 21 92 6f 24 12 10  |>.....V..%!.o$..|
-00000210  30 33 cf 04 16 03 03 00  04 0e 00 00 00           |03...........|
+000001b0  54 12 8c 8b b0 53 e4 e0  43 90 3d 15 fb 26 ee a9  |T....S..C.=..&..|
+000001c0  12 24 60 7f d5 57 e5 1c  bc ca 4f 31 dd a2 a8 3e  |.$`..W....O1...>|
+000001d0  08 07 00 40 ad 8c 20 13  7d f5 5e 5e b2 41 9f 60  |...@.. .}.^^.A.`|
+000001e0  f7 d2 cc 2f fe 47 6d 8c  24 ca 0d 72 63 eb 0d f8  |.../.Gm.$..rc...|
+000001f0  93 0b 13 de 8f bc 92 0e  f8 77 8a de 2f 9c 32 30  |.........w../.20|
+00000200  96 cb 5b bc b8 94 68 fb  06 62 ce 01 ed b8 f8 f2  |..[...h..b......|
+00000210  c1 c4 16 01 16 03 03 00  04 0e 00 00 00           |.............|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 69 ac be  cf f1 3d 8a 4e f3 3a 54  |.... i....=.N.:T|
-00000040  05 d8 20 3a f0 67 40 3f  5b 94 cf a4 3e ec 8e 4e  |.. :.g@?[...>..N|
-00000050  75 c9 92 2c af                                    |u..,.|
+00000030  16 03 03 00 20 25 48 e8  48 d4 0e e2 2e 91 65 98  |.... %H.H.....e.|
+00000040  60 1e ae 8f e6 7e 5b 0a  bb 7b 90 8a 2b a7 b2 81  |`....~[..{..+...|
+00000050  f6 4b 17 c5 cc                                    |.K...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 70 c5 f8 c7 7c  |.......... p...||
-00000010  4a 34 6f b0 eb 1b 13 c7  e0 21 32 cf ce 89 aa 53  |J4o......!2....S|
-00000020  5f 67 b8 a7 3e 10 bb a3  5f fa 2f                 |_g..>..._./|
+00000000  14 03 03 00 01 01 16 03  03 00 20 f5 ed d5 32 97  |.......... ...2.|
+00000010  a7 91 bc 42 03 3b f1 76  21 68 19 41 8f 70 a1 74  |...B.;.v!h.A.p.t|
+00000020  28 fb f4 7a 61 1e cf 79  b6 f7 a8                 |(..za..y...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 54 ae 8d  1c 04 40 47 8a 7e ac c3  |.....T....@G.~..|
-00000010  21 a2 8a f0 5d 3d 12 9d  b0 b5 8d 15 03 03 00 12  |!...]=..........|
-00000020  71 3b 30 89 d4 c3 ef 34  66 92 29 1b e1 af d4 d2  |q;0....4f.).....|
-00000030  7e cd                                             |~.|
+00000000  17 03 03 00 16 9b bf f5  4d cb b0 e2 bb 5c df e4  |........M....\..|
+00000010  c8 85 31 11 d1 59 9d 72  03 2a 74 15 03 03 00 12  |..1..Y.r.*t.....|
+00000020  13 fd 92 1a 96 bf 23 2e  06 8b e4 42 f6 05 7d 7e  |......#....B..}~|
+00000030  6c cd                                             |l.|
diff --git a/testdata/Client-TLSv12-ExportKeyingMaterial b/testdata/Client-TLSv12-ExportKeyingMaterial
index 3d06b4c0..55644403 100644
--- a/testdata/Client-TLSv12-ExportKeyingMaterial
+++ b/testdata/Client-TLSv12-ExportKeyingMaterial
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 18 47 80 ab 8d  |....]...Y...G...|
-00000010  42 c7 73 06 75 ef 28 ff  87 46 49 af 3a 3b cb bb  |B.s.u.(..FI.:;..|
-00000020  ff 6e e3 60 11 40 2c b8  40 87 5c 20 86 3d de c2  |.n.`.@,.@.\ .=..|
-00000030  18 41 ff 1a dc 00 77 4e  17 0b 36 f3 69 92 d7 04  |.A....wN..6.i...|
-00000040  c4 c6 39 ad ed f7 06 23  8c 52 50 da cc a8 00 00  |..9....#.RP.....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 37 1f dc 30 b6  |....]...Y..7..0.|
+00000010  6b 54 22 cd 46 38 00 7b  c2 d4 97 80 f5 b6 cb fc  |kT".F8.{........|
+00000020  01 b7 91 6a ce 1d 20 9f  fb 4a b3 20 d2 72 bb 97  |...j.. ..J. .r..|
+00000030  2a 46 3c da d1 8a 8e 1b  cd ed e7 5a 5a c7 0c ca  |*F<........ZZ...|
+00000040  1f 6e 40 b3 6a d6 7a ae  55 bd 82 42 cc a8 00 00  |.n@.j.z.U..B....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,31 +63,31 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 c5 28 44  |............ .(D|
-000002d0  4a 31 d9 b6 53 90 8e 41  3c 67 2c 6f 9d b0 a6 d3  |J1..S..A<g,o....|
-000002e0  ed 70 64 94 ba 80 56 ca  f8 d7 10 28 49 08 04 00  |.pd...V....(I...|
-000002f0  80 81 28 f4 bc 99 0f 3f  c4 f6 4b 1a 08 c8 ed 3b  |..(....?..K....;|
-00000300  d1 b9 03 69 8d d4 b3 50  b0 de 88 8d 94 60 16 b8  |...i...P.....`..|
-00000310  48 0d af b5 56 98 44 ad  04 6c 8b 42 ce 35 a1 28  |H...V.D..l.B.5.(|
-00000320  67 ff 5c 07 ae 49 f5 f6  00 46 6a 5b e9 54 10 15  |g.\..I...Fj[.T..|
-00000330  e5 82 0a 7c 4b d9 bb e3  e2 43 ba 41 38 7e 9d 4d  |...|K....C.A8~.M|
-00000340  68 9c 2f d8 38 c8 01 61  59 54 cb 10 48 d3 82 88  |h./.8..aYT..H...|
-00000350  22 4f 85 fc 50 59 31 61  e6 25 d7 9a b5 f0 4e e4  |"O..PY1a.%....N.|
-00000360  c1 06 c5 3a 02 dc 07 c1  cf 50 91 2b 12 17 02 25  |...:.....P.+...%|
-00000370  d1 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 da a1 33  |............ ..3|
+000002d0  ec 12 5f c7 25 b5 de 66  38 64 74 a9 e2 69 09 e3  |.._.%..f8dt..i..|
+000002e0  12 49 fe 0a 0a 74 c5 c8  04 b0 4c 01 6d 08 04 00  |.I...t....L.m...|
+000002f0  80 5d c4 70 28 74 65 b3  74 bb 2d 71 87 84 48 25  |.].p(te.t.-q..H%|
+00000300  41 14 38 17 cd e3 8c a8  24 a5 6b bd 81 62 ef bc  |A.8.....$.k..b..|
+00000310  9d 15 31 a7 6f a7 55 90  c8 fb 71 8a 45 a6 4a fb  |..1.o.U...q.E.J.|
+00000320  14 5d 92 5b fc 41 79 ca  d4 ac 5b 43 ea 18 f2 e4  |.].[.Ay...[C....|
+00000330  69 91 45 27 8e 32 ef ae  59 70 3e 43 b0 43 3f f0  |i.E'.2..Yp>C.C?.|
+00000340  1b e6 e4 aa 8f 0f 4d 7f  b7 d8 bf fb 40 59 92 2e  |......M.....@Y..|
+00000350  08 51 2a a4 ce c8 da f9  ec b3 d6 f6 63 32 e9 ef  |.Q*.........c2..|
+00000360  b8 42 25 2a 5e ec 4b 39  e5 52 d1 e7 f1 5d 18 9f  |.B%*^.K9.R...]..|
+00000370  97 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 9f 16 49  2a d8 cc 0a 45 92 8d c2  |.... ..I*...E...|
-00000040  25 3c b1 5c a8 f2 c4 9b  c4 2a 66 fe 7f 87 df 35  |%<.\.....*f....5|
-00000050  77 a4 b0 05 f5                                    |w....|
+00000030  16 03 03 00 20 a6 dc 32  3e 35 76 e8 25 41 ad f7  |.... ..2>5v.%A..|
+00000040  64 02 b0 a3 19 0b ea 1c  7f d7 47 4c 73 2d 7e 6f  |d.........GLs-~o|
+00000050  7a 0c 09 41 1f                                    |z..A.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 37 55 d5 05 71  |.......... 7U..q|
-00000010  a0 00 44 56 32 c3 c8 e6  68 5e de d4 e7 65 56 d3  |..DV2...h^...eV.|
-00000020  2d 93 07 e6 72 17 e9 49  74 4d c0                 |-...r..ItM.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 77 e0 48 07 28  |.......... w.H.(|
+00000010  72 79 07 2e 8a b8 1c a0  70 78 f1 a8 e9 24 6d 46  |ry......px...$mF|
+00000020  78 27 71 a0 a4 7b da 5b  77 3d 78                 |x'q..{.[w=x|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 27 a6 31  16 5c 7e bd 05 0a 2c 05  |.....'.1.\~...,.|
-00000010  ba 37 06 00 d7 8d 66 a7  8e 16 7b 15 03 03 00 12  |.7....f...{.....|
-00000020  70 38 bc 7e 6b 83 83 e1  61 3b bb a5 d9 dc f7 e7  |p8.~k...a;......|
-00000030  5e 12                                             |^.|
+00000000  17 03 03 00 16 d9 2e 8d  11 ee 6a df 43 dc 3b f4  |..........j.C.;.|
+00000010  dd 9e c3 be 2e 78 8a 39  3b 7a a1 15 03 03 00 12  |.....x.9;z......|
+00000020  d5 ef f8 2e 49 c9 f8 27  3e 29 e5 39 fc 25 3d b2  |....I..'>).9.%=.|
+00000030  ff a8                                             |..|
diff --git a/testdata/Client-TLSv12-P256-ECDHE b/testdata/Client-TLSv12-P256-ECDHE
index 7a0a53c0..d991b001 100644
--- a/testdata/Client-TLSv12-P256-ECDHE
+++ b/testdata/Client-TLSv12-P256-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 19 01 00 01  15 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 37 01 00 01  33 03 03 00 00 00 00 00  |....7...3.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,22 +7,24 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9a 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 b8 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 04 00 02 00 17  00 0d 00 1a 00 18 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000d0  02 03 01 00 33 00 47 00  45 00 17 00 41 04 1e 18  |....3.G.E...A...|
-000000e0  37 ef 0d 19 51 88 35 75  71 b5 e5 54 5b 12 2e 8f  |7...Q.5uq..T[...|
-000000f0  09 67 fd a7 24 20 3e b2  56 1c ce 97 28 5e f8 2b  |.g..$ >.V...(^.+|
-00000100  2d 4f 9e f1 07 9f 6c 4b  5b 83 56 e2 32 42 e9 58  |-O....lK[.V.2B.X|
-00000110  b6 d7 49 a6 b5 68 1a 41  03 56 6b dc 5a 89        |..I..h.A.Vk.Z.|
+000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
+000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
+000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
+000000f0  01 00 33 00 47 00 45 00  17 00 41 04 1e 18 37 ef  |..3.G.E...A...7.|
+00000100  0d 19 51 88 35 75 71 b5  e5 54 5b 12 2e 8f 09 67  |..Q.5uq..T[....g|
+00000110  fd a7 24 20 3e b2 56 1c  ce 97 28 5e f8 2b 2d 4f  |..$ >.V...(^.+-O|
+00000120  9e f1 07 9f 6c 4b 5b 83  56 e2 32 42 e9 58 b6 d7  |....lK[.V.2B.X..|
+00000130  49 a6 b5 68 1a 41 03 56  6b dc 5a 89              |I..h.A.Vk.Z.|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 1c ad ae e9 64  |....]...Y......d|
-00000010  35 80 c6 04 f5 69 05 bb  5c 38 78 d3 99 2f ad e6  |5....i..\8x../..|
-00000020  56 20 d4 79 89 1a 51 54  14 ac 6d 20 06 6d 1a bd  |V .y..QT..m .m..|
-00000030  04 cf 4f 42 3d aa 31 3b  fb dc c1 85 42 c3 6d 12  |..OB=.1;....B.m.|
-00000040  27 98 be 4b 88 93 45 0e  78 ba d8 13 c0 2f 00 00  |'..K..E.x..../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 f2 96 d3 16 ce  |....]...Y.......|
+00000010  7c b8 43 6a 66 b2 9f 58  d2 66 74 f6 92 61 3a 48  ||.Cjf..X.ft..a:H|
+00000020  b1 84 87 be bf 7e 5a 9c  75 e3 e1 20 a6 b6 cc cf  |.....~Z.u.. ....|
+00000030  3a 1e b5 62 01 bd ee 58  eb ea 84 58 08 dc e6 d2  |:..b...X...X....|
+00000040  86 a0 5e f2 63 f2 1f 81  29 0d f7 5c c0 2f 00 00  |..^.c...)..\./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -62,37 +64,37 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 cd 0c 00 00  c9 03 00 17 41 04 3a 1c  |............A.:.|
-000002d0  84 6b e6 cb 7d 3f bd ea  d7 7a c3 63 43 77 f7 14  |.k..}?...z.cCw..|
-000002e0  a7 98 52 86 49 4d 05 b2  70 e2 d3 44 c9 05 eb 83  |..R.IM..p..D....|
-000002f0  b4 11 c5 3e 9d 3b 3b cd  de d0 df 78 83 0f 0c d8  |...>.;;....x....|
-00000300  76 e7 19 9d 1f 5a 3d 2a  54 19 16 a0 c2 55 08 04  |v....Z=*T....U..|
-00000310  00 80 09 ee 97 8a d1 82  fc 4a fc f2 89 d2 a3 c7  |.........J......|
-00000320  8c 25 74 98 cf b5 67 c6  fd f6 0d 3b 62 ba 31 ca  |.%t...g....;b.1.|
-00000330  d1 67 aa c3 32 89 ee 83  22 d2 b7 3c f8 98 af 16  |.g..2..."..<....|
-00000340  dd 05 06 2c c4 57 dd fc  22 3a 2e 80 f9 84 6a ee  |...,.W..":....j.|
-00000350  f2 a1 21 d1 0f db 17 50  a1 35 94 b3 0a b7 62 ca  |..!....P.5....b.|
-00000360  2c b3 0b 68 0c 58 d7 24  83 82 d8 34 64 3f a4 61  |,..h.X.$...4d?.a|
-00000370  0e b1 ca 93 67 b3 51 11  dc 49 f2 df 26 89 8b ea  |....g.Q..I..&...|
-00000380  22 09 1a be 62 27 61 c8  93 4b dd 95 31 6a ba e2  |"...b'a..K..1j..|
-00000390  c3 2b 16 03 03 00 04 0e  00 00 00                 |.+.........|
+000002c0  16 03 03 00 cd 0c 00 00  c9 03 00 17 41 04 9f ab  |............A...|
+000002d0  e5 e2 8c b7 47 ce a4 e6  c8 ca 51 d7 28 b3 8b be  |....G.....Q.(...|
+000002e0  83 f4 d5 34 27 f5 89 2b  d0 bb 7e 2f 87 8c 64 3d  |...4'..+..~/..d=|
+000002f0  fc ee 5e c1 35 f6 ff be  49 75 58 65 22 92 5b 6f  |..^.5...IuXe".[o|
+00000300  07 08 61 d0 16 9c 6b 2f  b0 47 a0 ed 45 d8 08 04  |..a...k/.G..E...|
+00000310  00 80 58 85 e9 5f 3b b6  03 25 a8 49 da 56 87 2e  |..X.._;..%.I.V..|
+00000320  d5 89 ce 53 de f2 8e b7  4b 7a 24 be 0b c1 86 4b  |...S....Kz$....K|
+00000330  3a a3 58 ea e2 68 bd 33  91 93 8b f5 cc 6e ea 7d  |:.X..h.3.....n.}|
+00000340  e4 14 fc 6c d2 d3 25 97  73 bf 0d d4 26 65 71 c0  |...l..%.s...&eq.|
+00000350  6f 85 52 e6 e5 34 e7 05  7b 8b d0 96 db f4 cc 49  |o.R..4..{......I|
+00000360  f7 7f da c6 56 54 b0 e0  5e 60 b1 ea 8a 9b 45 06  |....VT..^`....E.|
+00000370  54 ed b4 34 ab a0 0b 72  4f 0e 0a 9c 57 f8 c2 1c  |T..4...rO...W...|
+00000380  87 8b 9c 48 97 ae 08 2b  51 07 cd 5d 5c 0a 1e 47  |...H...+Q..]\..G|
+00000390  b7 bd 16 03 03 00 04 0e  00 00 00                 |...........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 46 10 00 00  42 41 04 1e 18 37 ef 0d  |....F...BA...7..|
 00000010  19 51 88 35 75 71 b5 e5  54 5b 12 2e 8f 09 67 fd  |.Q.5uq..T[....g.|
 00000020  a7 24 20 3e b2 56 1c ce  97 28 5e f8 2b 2d 4f 9e  |.$ >.V...(^.+-O.|
 00000030  f1 07 9f 6c 4b 5b 83 56  e2 32 42 e9 58 b6 d7 49  |...lK[.V.2B.X..I|
 00000040  a6 b5 68 1a 41 03 56 6b  dc 5a 89 14 03 03 00 01  |..h.A.Vk.Z......|
-00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 fa c4  |.....(..........|
-00000060  4e 47 d1 de 6d 60 fc af  59 43 7f 2f 4c b3 6e aa  |NG..m`..YC./L.n.|
-00000070  6f c3 bc 8a 40 5e e9 9c  d9 b0 87 c5 92 41        |o...@^.......A|
+00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 c5 59  |.....(.........Y|
+00000060  bb bb c9 dc 4d 95 d9 70  d0 bc 76 ca e7 0f 50 f8  |....M..p..v...P.|
+00000070  d5 55 e0 3c fb 12 63 ff  8d b4 a9 85 96 0e        |.U.<..c.......|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 eb 92 83 02 be  |..........(.....|
-00000010  89 55 4e 77 b2 45 1d 15  fd e0 6a 36 ab 0c 7b 4a  |.UNw.E....j6..{J|
-00000020  5d 50 e2 5a f3 c6 10 e2  ac ac a4 d3 4c 2e d8 31  |]P.Z........L..1|
-00000030  84 31 17                                          |.1.|
+00000000  14 03 03 00 01 01 16 03  03 00 28 98 cb 91 21 85  |..........(...!.|
+00000010  4a fd 3f e5 f7 31 8d 35  c9 11 31 fc 1f 0e e3 0d  |J.?..1.5..1.....|
+00000020  86 c7 93 10 1d 52 21 2c  6f 7a c7 0e 6a d8 67 9c  |.....R!,oz..j.g.|
+00000030  c8 e7 cd                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 90 44 33  |..............D3|
-00000010  cf be 4e 29 fc 6f 2f 30  c1 ef aa 8e cb 10 0e f9  |..N).o/0........|
-00000020  8f 60 fc 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.`..............|
-00000030  80 cb 52 6b e7 c9 45 af  69 6b e8 ee 88 23 61 20  |..Rk..E.ik...#a |
-00000040  74 33                                             |t3|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 b7 f9 69  |...............i|
+00000010  f9 81 f1 da b7 b7 4b fe  3a a4 d7 d2 af b5 2a e9  |......K.:.....*.|
+00000020  8f 97 c1 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  b2 0d 99 04 5c 56 a2 6e  50 e1 52 80 c5 3c 4b 69  |....\V.nP.R..<Ki|
+00000040  21 df                                             |!.|
diff --git a/testdata/Client-TLSv12-RSA-RC4 b/testdata/Client-TLSv12-RSA-RC4
index 24a9b8e4..1bc33d74 100644
--- a/testdata/Client-TLSv12-RSA-RC4
+++ b/testdata/Client-TLSv12-RSA-RC4
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 7c f1 44 f1 2a  |....U...Q..|.D.*|
-00000010  6f 7f 62 66 08 15 dd c8  bd 4a 30 b5 a3 73 53 82  |o.bf.....J0..sS.|
-00000020  93 78 6b f2 c6 70 70 1e  4d 8f 48 20 24 b3 17 46  |.xk..pp.M.H $..F|
-00000030  37 c0 0f 79 af f4 48 43  17 6b ea df 6b 73 07 cf  |7..y..HC.k..ks..|
-00000040  5f 95 c5 5c 8d b2 99 5c  fd 30 e5 1b 00 05 00 00  |_..\...\.0......|
+00000000  16 03 03 00 55 02 00 00  51 03 03 e6 2c 7a 70 96  |....U...Q...,zp.|
+00000010  c0 bf e7 e6 2e 51 35 c7  3e 0a 4c 1e 2a 0b 54 08  |.....Q5.>.L.*.T.|
+00000020  57 e1 66 22 94 26 fe df  ce 7e bf 20 26 07 f0 81  |W.f".&...~. &...|
+00000030  7d 73 2c 70 6f d1 1b 85  f5 af 97 7e 5b 3f 5e a0  |}s,po......~[?^.|
+00000040  fc 9b 7d 5a c3 e2 05 30  b5 f5 47 05 00 05 00 00  |..}Z...0..G.....|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -72,15 +74,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 24 fd 67  40 11 7e 4d 8f bb 87 e8  |.....$.g@.~M....|
-000000a0  c3 1f e8 b0 15 17 3a f4  6f 5f 87 b2 50 c5 92 e4  |......:.o_..P...|
-000000b0  ac c0 c0 98 aa 6f be bc  fc 77                    |.....o...w|
+00000090  01 16 03 03 00 24 ad c5  35 7b 7c 74 c7 24 58 ef  |.....$..5{|t.$X.|
+000000a0  55 3f 8d c1 52 97 f8 91  93 46 02 ff cf 06 00 ba  |U?..R....F......|
+000000b0  26 91 ec c4 91 23 60 b2  c8 77                    |&....#`..w|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 24 e8 ea 6f 8a 0c  |..........$..o..|
-00000010  79 70 73 a9 7b 2c a8 0a  e5 f8 26 f3 eb 05 20 65  |yps.{,....&... e|
-00000020  58 9b 0c 8e 28 3d c7 ee  cf 57 85 06 a5 d7 46     |X...(=...W....F|
+00000000  14 03 03 00 01 01 16 03  03 00 24 e6 06 60 54 3e  |..........$..`T>|
+00000010  39 d8 22 df 83 a7 7a 4d  b4 63 03 77 3d 5d e8 06  |9."...zM.c.w=]..|
+00000020  6f fe 0a 70 4b b3 82 cc  a8 aa 48 2e f2 72 7b     |o..pK.....H..r{|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1a 2d 7a c5  d0 12 79 e8 a2 05 d3 a4  |.....-z...y.....|
-00000010  51 80 8f 28 37 b9 75 64  f3 11 4c 78 de 0c f3 15  |Q..(7.ud..Lx....|
-00000020  03 03 00 16 43 89 2c 8b  9e dc c5 5d 4c ca 7b 4e  |....C.,....]L.{N|
-00000030  15 e4 e5 62 01 02 b4 d4  6f 1c                    |...b....o.|
+00000000  17 03 03 00 1a e5 e3 38  a3 34 e4 02 f1 c4 96 14  |.......8.4......|
+00000010  13 fb 50 7d 6a 26 cf 49  f8 d6 e5 f0 d8 7c b5 15  |..P}j&.I.....|..|
+00000020  03 03 00 16 a4 cd 6c b6  b2 45 d7 35 df 56 ba ae  |......l..E.5.V..|
+00000030  a9 41 09 85 67 bb 16 c0  3e d0                    |.A..g...>.|
diff --git a/testdata/Client-TLSv12-RenegotiateOnce b/testdata/Client-TLSv12-RenegotiateOnce
index 0510d5e2..8456e3ab 100644
--- a/testdata/Client-TLSv12-RenegotiateOnce
+++ b/testdata/Client-TLSv12-RenegotiateOnce
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 55 71 df 37 76  |....]...Y..Uq.7v|
-00000010  48 bb 86 62 66 f1 58 0d  92 f4 c8 bd 17 6c 00 43  |H..bf.X......l.C|
-00000020  a9 da f1 6f 19 2c 76 81  6d aa eb 20 4f c7 eb 3f  |...o.,v.m.. O..?|
-00000030  b8 48 89 7f d8 61 bc e8  3c e6 a0 3d 6c 29 fd 60  |.H...a..<..=l).`|
-00000040  7c 0a 09 1c 71 41 07 04  24 dc e7 27 cc a8 00 00  ||...qA..$..'....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 eb da 48 1d 79  |....]...Y....H.y|
+00000010  90 f6 67 5b 69 7b 40 07  20 12 0b 12 bd 94 75 e0  |..g[i{@. .....u.|
+00000020  84 3f 0d a5 77 c6 36 18  25 79 3c 20 07 6c 6d c7  |.?..w.6.%y< .lm.|
+00000030  b4 7e 2a 2b a5 7e 55 36  83 4d d9 94 9f 73 60 d8  |.~*+.~U6.M...s`.|
+00000040  e9 55 05 b9 bf b0 64 84  09 fe c0 2a cc a8 00 00  |.U....d....*....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,186 +63,188 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 7a 15 23  |............ z.#|
-000002d0  f5 78 c2 16 21 72 bb e5  d3 2e c9 67 55 a8 2c 1f  |.x..!r.....gU.,.|
-000002e0  00 50 a2 04 4f 71 9a 94  4a 90 55 69 33 08 04 00  |.P..Oq..J.Ui3...|
-000002f0  80 53 b3 16 f5 08 3a 5a  84 3c 02 5d c3 b6 0e c2  |.S....:Z.<.]....|
-00000300  93 f6 27 74 24 b4 e2 3d  22 04 30 a0 d6 5b c8 da  |..'t$..=".0..[..|
-00000310  6e 56 30 d4 fb 86 fd 76  8f 1b 47 c0 55 95 cd 15  |nV0....v..G.U...|
-00000320  bf a7 27 ce 2d c3 43 6b  ed 2d 09 bb eb 55 73 c9  |..'.-.Ck.-...Us.|
-00000330  2c ee cd 23 af d9 1c 51  1d 0c 00 14 01 61 8a fd  |,..#...Q.....a..|
-00000340  8f 95 d1 ce 32 57 ae 2b  09 15 b4 86 41 1e 74 f5  |....2W.+....A.t.|
-00000350  d5 96 d7 e1 03 03 09 f4  3c 53 fe 6b 9a c1 52 ab  |........<S.k..R.|
-00000360  91 81 9f f8 f9 6b 23 60  49 22 6b 28 10 e2 6b e8  |.....k#`I"k(..k.|
-00000370  e4 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 be 2a c0  |............ .*.|
+000002d0  ce 61 d8 36 d0 41 4c 32  83 bb be 81 66 c8 cf cb  |.a.6.AL2....f...|
+000002e0  a2 d9 ff 9d 05 51 d9 52  bc 06 be 09 10 08 04 00  |.....Q.R........|
+000002f0  80 00 d1 fc 8c 60 a1 8f  36 3d a5 53 62 06 dd 93  |.....`..6=.Sb...|
+00000300  58 30 71 f6 a1 b8 bd c4  4e 44 2d 37 b8 38 d1 6f  |X0q.....ND-7.8.o|
+00000310  16 8d f6 6d 4a 7c af e2  a2 4a 55 b5 17 d2 61 a0  |...mJ|...JU...a.|
+00000320  93 80 d4 a9 11 49 55 cf  e3 d0 87 95 c9 c2 f6 d0  |.....IU.........|
+00000330  44 6f 33 2b ae 4a 1d e4  1e 04 f5 32 ca d6 19 61  |Do3+.J.....2...a|
+00000340  9c 8e 0d d1 1a f3 38 4b  b3 c3 eb dd fb 04 40 b7  |......8K......@.|
+00000350  f7 ef 1f f1 0a 23 08 21  2a b3 d9 f8 cf 2b 65 4c  |.....#.!*....+eL|
+00000360  47 92 52 18 61 5e f3 ad  58 36 26 09 bf 12 b6 ab  |G.R.a^..X6&.....|
+00000370  21 16 03 03 00 04 0e 00  00 00                    |!.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 bf 35 ae  8c b4 63 82 40 e8 5d d4  |.... .5...c.@.].|
-00000040  bb 3d 0a 0f 07 28 3a 74  2c 5b a8 d0 a6 ab 88 ba  |.=...(:t,[......|
-00000050  7d 5c 1c 42 c7                                    |}\.B.|
+00000030  16 03 03 00 20 68 e5 aa  89 6f 05 45 05 68 e9 53  |.... h...o.E.h.S|
+00000040  35 a0 9b 96 d9 6b ab 2c  7f e1 4c de 3e 06 c6 04  |5....k.,..L.>...|
+00000050  bd 7c 28 fb db                                    |.|(..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 e7 86 48 6c 00  |.......... ..Hl.|
-00000010  0a 1e f5 5f b8 ff ad 1c  9d 74 24 c5 6e d4 c6 6e  |..._.....t$.n..n|
-00000020  25 27 7d 6e 18 44 96 29  eb db b0                 |%'}n.D.)...|
+00000000  14 03 03 00 01 01 16 03  03 00 20 fd 74 c3 42 59  |.......... .t.BY|
+00000010  0d 86 2a 1c c7 51 d9 98  2c 1e 5b bd 44 3e 97 3e  |..*..Q..,.[.D>.>|
+00000020  55 90 5e 74 45 b7 47 0f  f7 3e d7                 |U.^tE.G..>.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 64 9d 31  09 a1 ce 5a 6d ec 6f c4  |.....d.1...Zm.o.|
-00000010  e5 09 df 92 5f d2 1c 7d  62 c4 e7                 |...._..}b..|
+00000000  17 03 03 00 16 b5 ca 44  da 63 57 7f 6c e9 95 a5  |.......D.cW.l...|
+00000010  56 88 f1 98 dc 73 85 3f  36 66 6f                 |V....s.?6fo|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 9b cb 75  61 99 76 30 9c 14 a5 12  |.......ua.v0....|
-00000010  92 de b7 95 cc 8f fe ad  f1                       |.........|
+00000000  16 03 03 00 14 76 6b 6b  8c c1 38 cf 00 bf 20 c2  |.....vkk..8... .|
+00000010  62 ae df 09 0e 61 61 bf  24                       |b....aa.$|
 >>> Flow 7 (client to server)
-00000000  16 03 03 01 1a c7 9a be  e1 2a 62 9f 01 59 e9 6a  |.........*b..Y.j|
-00000010  5f d6 32 88 bd 39 76 1b  34 fd 39 8d c7 31 cb 97  |_.2..9v.4.9..1..|
-00000020  c6 09 8b 00 c9 f3 f9 00  c5 b6 48 e1 28 ae b8 8b  |..........H.(...|
-00000030  b2 f0 eb 8b cb e8 68 30  50 b5 23 ba cf f3 8d f3  |......h0P.#.....|
-00000040  47 5f 94 ac fb 5e 56 9e  5a f8 e7 12 60 13 83 9c  |G_...^V.Z...`...|
-00000050  34 ca 45 a7 63 5f 2c 6e  46 c8 5a a0 d3 5b 9a a6  |4.E.c_,nF.Z..[..|
-00000060  70 be da df 9e 79 21 98  bd fb 94 01 6d 14 f4 5c  |p....y!.....m..\|
-00000070  2a 13 56 26 47 33 7d 4f  ab 5a fc 9c 9e 8d f4 75  |*.V&G3}O.Z.....u|
-00000080  d0 64 16 ba f2 0d 04 ca  5d 94 6b da a8 09 b1 29  |.d......].k....)|
-00000090  70 a9 37 1e ac 94 e3 81  60 c3 19 f3 a9 99 6a 11  |p.7.....`.....j.|
-000000a0  b1 e7 23 45 8a f5 42 f5  50 76 9f 1e 9e a8 e7 75  |..#E..B.Pv.....u|
-000000b0  4a 18 84 80 da 10 ed 83  9a 14 a9 a1 90 54 8e 8b  |J............T..|
-000000c0  d1 32 83 6d e7 7e be 59  f4 66 59 53 75 37 c6 82  |.2.m.~.Y.fYSu7..|
-000000d0  15 aa 56 0a 01 e1 11 ba  64 0c 8e 44 93 60 29 a4  |..V.....d..D.`).|
-000000e0  cc 9f b0 b9 d5 df 9c aa  64 2c ef 0c 9a 18 2a 97  |........d,....*.|
-000000f0  e1 20 07 37 35 28 97 9d  00 53 61 11 81 22 45 9e  |. .75(...Sa.."E.|
-00000100  c3 d7 b2 b3 4c f2 05 5b  e6 a4 de 11 7f a7 a2 82  |....L..[........|
-00000110  88 1c cb d9 24 80 3d 34  0c fc 22 58 32 28 1b     |....$.=4.."X2(.|
+00000000  16 03 03 01 38 0f c1 53  8f f5 61 aa 61 0a f4 de  |....8..S..a.a...|
+00000010  80 a6 92 99 a0 33 e6 90  5f b0 13 b7 be 93 0f 60  |.....3.._......`|
+00000020  40 97 0a 3c dd 9f 22 fa  c1 8f 1d 3d 11 c1 16 97  |@..<.."....=....|
+00000030  c5 54 e4 08 fb 77 ff fb  51 fb 1a d1 a6 41 b8 4f  |.T...w..Q....A.O|
+00000040  a2 22 d7 11 8c 31 49 d7  d5 b2 16 02 2b 4d b6 ba  |."...1I.....+M..|
+00000050  7d 53 6c 5a 59 59 ec 54  00 c4 6b c3 bd 22 d1 b3  |}SlZYY.T..k.."..|
+00000060  78 f8 e7 25 6e 67 b5 32  51 a6 60 5b 55 9a a0 f4  |x..%ng.2Q.`[U...|
+00000070  ed e8 8c 8d 77 4b c3 04  9d b0 2a ed a0 bf 9f 03  |....wK....*.....|
+00000080  fa e5 2e 17 9e 04 d6 6c  38 70 33 bc 90 eb 6f db  |.......l8p3...o.|
+00000090  33 9e 69 5f 44 8c 63 af  9f 6e 74 e0 a8 d2 1b 7d  |3.i_D.c..nt....}|
+000000a0  d1 11 ea f4 c5 49 2c 7a  98 ae f6 28 58 76 ac da  |.....I,z...(Xv..|
+000000b0  31 0d 7a c7 2d e6 8a 34  9d 37 26 c8 3e 44 ac df  |1.z.-..4.7&.>D..|
+000000c0  0b 4b 2c 4e 7c 63 ec 23  82 13 a3 87 ac f7 9a 08  |.K,N|c.#........|
+000000d0  03 1c e9 ca 89 4a a8 93  37 a3 d6 1f fa dd c8 48  |.....J..7......H|
+000000e0  4a 4a ba 4d 54 80 20 18  a6 e4 98 3d dd 81 58 ec  |JJ.MT. ....=..X.|
+000000f0  9f c0 5f 06 d6 29 04 76  38 1f d0 f4 3f fe 82 ab  |.._..).v8...?...|
+00000100  de cb 12 44 a2 96 eb ac  d2 8d a1 76 37 85 71 80  |...D.......v7.q.|
+00000110  de 8b 66 50 8e 41 17 cf  9b 2b 3a 7e 1d a3 e2 26  |..fP.A...+:~...&|
+00000120  9f 60 1c 1e 89 06 d8 41  21 8d 3d ab 91 15 be 61  |.`.....A!.=....a|
+00000130  6c 07 2a e7 55 8f 6c a5  13 51 9d cc 6f           |l.*.U.l..Q..o|
 >>> Flow 8 (server to client)
-00000000  16 03 03 00 85 ba 55 5d  15 b8 6d 8a b6 82 a8 e1  |......U]..m.....|
-00000010  88 ea fe c0 a6 a8 fe 78  ed 8b ae 44 eb 7b 6c cc  |.......x...D.{l.|
-00000020  0f ad a1 da da 86 fb 60  07 4a 0e 5c ba 36 09 8b  |.......`.J.\.6..|
-00000030  95 3f f0 87 26 0f 7a e7  7c 1f af c7 67 42 c9 39  |.?..&.z.|...gB.9|
-00000040  39 6a 4d 8d 87 00 3b 14  76 4a 86 87 46 1e d4 04  |9jM...;.vJ..F...|
-00000050  2d ea c1 44 1f e8 87 71  da 1e 26 72 a2 e9 40 0c  |-..D...q..&r..@.|
-00000060  33 6e 6f 06 43 ed 7f fc  8f 4c d4 f4 0f 83 19 cb  |3no.C....L......|
-00000070  52 a9 94 f3 6a 64 db dd  20 d1 a7 d4 c7 6e 86 ed  |R...jd.. ....n..|
-00000080  6e ea 5c 66 d1 34 a6 92  7e b1 16 03 03 02 69 48  |n.\f.4..~.....iH|
-00000090  13 97 82 60 46 e1 c9 02  d2 e1 f3 62 da d6 3a c1  |...`F......b..:.|
-000000a0  2a a7 47 bd c2 ee 09 d5  2d 7e 5e 35 09 79 88 35  |*.G.....-~^5.y.5|
-000000b0  96 50 09 68 79 e9 de e1  71 97 11 60 c5 4e 84 54  |.P.hy...q..`.N.T|
-000000c0  03 78 69 84 e3 7f 02 1a  58 04 ed 53 47 01 b6 9e  |.xi.....X..SG...|
-000000d0  bd 5f 77 34 e7 52 3b 73  45 e1 10 3f c8 6e 4c 09  |._w4.R;sE..?.nL.|
-000000e0  d0 4b 79 f8 de 0f 15 e7  2d 42 5d 7a 89 80 1f fb  |.Ky.....-B]z....|
-000000f0  f9 02 6f a1 72 d4 8d 65  8e d0 a8 43 41 4c 48 57  |..o.r..e...CALHW|
-00000100  71 21 b3 14 45 e5 b1 f5  55 7a dd 89 c3 0f af 27  |q!..E...Uz.....'|
-00000110  03 d6 5c 2d bc 24 5b 51  fa ae 34 7b f9 56 e8 41  |..\-.$[Q..4{.V.A|
-00000120  cd 77 1c 3d c8 45 f5 a5  4a 97 92 ff bb cd 5b ff  |.w.=.E..J.....[.|
-00000130  d5 33 d6 02 9b 2a 5a 3a  e4 1b fb 48 34 b3 0b ce  |.3...*Z:...H4...|
-00000140  d7 34 5c 4a b4 4b bd 87  b6 72 40 ab 29 b0 65 25  |.4\J.K...r@.).e%|
-00000150  c7 1d 71 b6 e2 d7 b1 23  b1 96 a6 bd 74 eb ad 69  |..q....#....t..i|
-00000160  59 0c 0f af 8a 64 be e4  a7 27 c2 95 11 05 55 a1  |Y....d...'....U.|
-00000170  d6 44 df ad 1d 9c 3a 88  24 52 52 9d 42 f2 74 98  |.D....:.$RR.B.t.|
-00000180  08 9f 55 1b 2f 79 ca b4  63 38 e4 f2 fa 99 ce 66  |..U./y..c8.....f|
-00000190  77 ac 8d 31 91 05 1c bc  51 0a 31 df 5d 3e f8 69  |w..1....Q.1.]>.i|
-000001a0  b7 fa f2 35 af 57 6d 7b  c3 bf 1d 98 21 40 dd 02  |...5.Wm{....!@..|
-000001b0  1c de ac 02 40 c8 d6 04  23 30 71 16 d0 0a 26 29  |....@...#0q...&)|
-000001c0  66 e9 f1 a8 76 f8 52 18  3e 3f c5 66 c9 11 04 6c  |f...v.R.>?.f...l|
-000001d0  32 1b 35 cc 9a 34 70 07  da db 12 51 78 77 dc bc  |2.5..4p....Qxw..|
-000001e0  7a bb b8 b9 06 79 bb 04  dd d4 46 8e b5 69 d5 39  |z....y....F..i.9|
-000001f0  5e 34 8e 37 dd a2 3e 31  be 28 19 45 21 76 5b dc  |^4.7..>1.(.E!v[.|
-00000200  7d 25 a2 41 98 16 1b 5b  69 f0 90 f9 28 a8 e9 b5  |}%.A...[i...(...|
-00000210  6f 00 e3 3e eb f6 f3 e4  c9 0f bb 74 ce 40 23 df  |o..>.......t.@#.|
-00000220  12 c6 78 b0 2e bb 68 96  04 a3 e3 43 6b 4b c3 37  |..x...h....CkK.7|
-00000230  6d 97 c6 79 1a ff 4f 00  c7 76 64 5c b8 b3 17 20  |m..y..O..vd\... |
-00000240  3c 3e 6b d5 2b 72 88 11  73 1e 63 a7 6f 1e ae 83  |<>k.+r..s.c.o...|
-00000250  10 77 6f d1 96 86 84 63  fd 27 8e b9 54 da 4b b5  |.wo....c.'..T.K.|
-00000260  56 f0 50 8a aa c7 e1 b3  cb 9c 36 9e ec 38 31 39  |V.P.......6..819|
-00000270  78 ec ea 34 8a 87 cf 6b  34 fd 5e 81 92 81 61 f1  |x..4...k4.^...a.|
-00000280  88 e7 50 62 2e 58 0b d9  b9 ca f3 ed 79 a9 9a 01  |..Pb.X......y...|
-00000290  80 9d 7f 84 ae de fb 51  ac 0f 6b b9 76 fd 68 d4  |.......Q..k.v.h.|
-000002a0  f4 8d c3 92 6b 5e 9e 99  ff 7a f4 b7 0e ec 0d e7  |....k^...z......|
-000002b0  6b 24 75 fb 21 49 6f 5b  31 12 f2 88 8e 3b b4 34  |k$u.!Io[1....;.4|
-000002c0  f2 f7 c6 e7 48 0e d6 1d  81 11 32 16 01 cb b7 7f  |....H.....2.....|
-000002d0  a6 bd 9c 87 8c 0f 12 b2  dc 73 5d a0 46 fd f3 e8  |.........s].F...|
-000002e0  b8 6f e4 38 ab 94 96 a8  bd ed 90 0e 31 1f fc 2f  |.o.8........1../|
-000002f0  8f 50 e2 97 6a f5 5c b4  16 03 03 00 bc 65 bb 7c  |.P..j.\......e.||
-00000300  42 03 0d 42 46 e3 ac 9f  8a 96 b6 a3 f4 cf a5 30  |B..BF..........0|
-00000310  5b 02 17 dc 20 7d 18 19  21 a4 70 f4 4b 99 bf b5  |[... }..!.p.K...|
-00000320  cd d7 07 59 a5 82 ed 85  03 06 5c 34 3f c8 c3 4d  |...Y......\4?..M|
-00000330  c3 fb 96 05 bf b5 bd bf  e2 28 07 7e 51 a6 84 90  |.........(.~Q...|
-00000340  bf 9e 2e f6 b5 04 8e 06  7a 63 c8 00 84 a1 a3 2c  |........zc.....,|
-00000350  f3 6f 52 52 c4 ce 4a 59  31 1f d4 ab 2e f4 75 90  |.oRR..JY1.....u.|
-00000360  a5 3b ff ab 20 be 51 92  c5 f4 4d 8b f2 2a a7 ff  |.;.. .Q...M..*..|
-00000370  90 07 40 3e d6 9c cf 23  54 d1 65 d3 74 79 af 51  |..@>...#T.e.ty.Q|
-00000380  31 35 40 aa 29 42 32 7e  42 2d af 79 e8 59 6a 10  |15@.)B2~B-.y.Yj.|
-00000390  c5 55 6b 70 53 53 ab 02  48 ba 1f df 07 59 f8 34  |.UkpSS..H....Y.4|
-000003a0  ee 1d d3 e9 12 86 8b 37  2b cc 27 78 fe e1 65 2b  |.......7+.'x..e+|
-000003b0  c3 1e f2 25 a4 6d 3c b1  d4 16 03 03 00 4a 50 98  |...%.m<......JP.|
-000003c0  cd ee ab 2c 94 95 d6 46  06 ef 63 65 5c aa 6d 6e  |...,...F..ce\.mn|
-000003d0  fb a0 99 62 23 af 7a 7d  17 dc a3 c6 2b 9a 56 2e  |...b#.z}....+.V.|
-000003e0  b8 60 87 1e 88 5d 58 27  3f 02 b4 f5 2f 3b 17 8c  |.`...]X'?.../;..|
-000003f0  f9 93 0c a9 58 af 11 ed  27 9d af a5 0a 2b d6 55  |....X...'....+.U|
-00000400  7e c4 54 4a 36 51 b7 7b  16 03 03 00 14 c1 c4 d7  |~.TJ6Q.{........|
-00000410  ea 2d f0 8c 54 0e 19 33  e1 7e a8 ae 49 7c 5e 05  |.-..T..3.~..I|^.|
-00000420  23                                                |#|
+00000000  16 03 03 00 85 2f 7c ac  ad 05 49 3c 82 9c 82 20  |...../|...I<... |
+00000010  0d 77 42 bd 9d 90 c3 2f  ab c3 c2 60 a4 18 77 23  |.wB..../...`..w#|
+00000020  02 5b e8 e0 3a f3 b7 ee  b8 eb d8 7e c5 f6 52 9e  |.[..:......~..R.|
+00000030  d7 29 b8 1b 51 62 c0 b9  02 79 df 8a 3a 15 ec 74  |.)..Qb...y..:..t|
+00000040  9e 2d cf c9 b1 1f 0b d3  7a b5 95 4d 74 80 5a 31  |.-......z..Mt.Z1|
+00000050  57 f9 dc 03 be e5 d3 0b  2d 6e 55 1a 58 b4 43 a8  |W.......-nU.X.C.|
+00000060  c6 e2 d1 c1 26 30 f5 3e  25 13 b6 4d df de 16 fd  |....&0.>%..M....|
+00000070  fd 29 85 e8 7f bf 54 74  4d 40 9a 58 c9 d2 e6 af  |.)....TtM@.X....|
+00000080  e4 fe 8d fc 0f 2e bc 1a  70 25 16 03 03 02 69 23  |........p%....i#|
+00000090  0f f9 ff b3 8a ba 05 c3  be fb 3b 29 c5 4c 3f 2e  |..........;).L?.|
+000000a0  87 c5 2e ec 88 48 24 b7  25 a8 d2 b9 00 7b aa 4c  |.....H$.%....{.L|
+000000b0  bc 04 96 79 ed a3 e9 3d  cf 64 2b 7f 9c 6b b8 3a  |...y...=.d+..k.:|
+000000c0  53 c3 70 96 39 64 5d 65  c4 aa e3 88 18 7e f6 8c  |S.p.9d]e.....~..|
+000000d0  36 2b 9b 19 4e 91 40 a3  6c 49 f5 37 96 cb ec f1  |6+..N.@.lI.7....|
+000000e0  77 ea 92 dc 17 26 cd 7a  3a 94 30 6a 25 ec 98 6d  |w....&.z:.0j%..m|
+000000f0  87 ed 9b 30 1e c3 5a 40  84 93 34 a4 d3 5a d3 1b  |...0..Z@..4..Z..|
+00000100  10 94 9a 92 73 d3 6f 4d  81 72 08 5a dd 6f f0 cd  |....s.oM.r.Z.o..|
+00000110  ee 45 cf 16 40 a1 60 e8  f9 35 9a 8a 03 79 2f 7c  |.E..@.`..5...y/||
+00000120  4a 08 8d 3b a9 0f 9c f8  1e 86 b7 f5 e8 da 09 06  |J..;............|
+00000130  9b 1e f7 2d 58 22 2b d0  7d 3d 25 63 52 c4 20 e6  |...-X"+.}=%cR. .|
+00000140  a1 c5 37 52 af a2 32 a5  78 fb fb f6 d4 6c 58 cd  |..7R..2.x....lX.|
+00000150  3b 4d 0e b3 6c 7c 00 0a  dc 0e b6 7b f9 b7 42 7e  |;M..l|.....{..B~|
+00000160  0e a3 84 78 69 d5 9e 05  c1 17 4c d5 b0 5b 0a 5b  |...xi.....L..[.[|
+00000170  d1 27 dc 7c b6 44 a1 16  0c 97 80 18 2e 7b 5a fe  |.'.|.D.......{Z.|
+00000180  ca a4 05 36 76 6a a1 89  3e ad 1c 4a 60 7a 35 64  |...6vj..>..J`z5d|
+00000190  fb fc db 28 a9 96 68 86  8d 77 e9 c0 60 1d ed 18  |...(..h..w..`...|
+000001a0  9d 6f c4 4c e9 70 60 66  03 ef 28 99 f3 4b 93 03  |.o.L.p`f..(..K..|
+000001b0  06 ef be de 5a 85 de c0  9a 2f 45 f2 77 bd 2a e3  |....Z..../E.w.*.|
+000001c0  3d f3 6d 3b e8 20 f0 fd  a6 9a cf 43 cf 83 7e 77  |=.m;. .....C..~w|
+000001d0  4b 71 dc 8a d8 4d 85 a5  2d 84 3a ff 75 40 d8 7c  |Kq...M..-.:.u@.||
+000001e0  f4 2f ff 12 86 1a a6 9c  dc 28 28 0f 33 40 63 f8  |./.......((.3@c.|
+000001f0  de 3f 9d 7c ae 9f b9 3a  21 be e9 e7 ae 52 9b 85  |.?.|...:!....R..|
+00000200  2b a6 44 78 e1 23 7d 03  eb a4 c0 59 2d 0c d6 e4  |+.Dx.#}....Y-...|
+00000210  8f 6c 37 bc d5 0c 7f e5  28 e1 5a 0c 65 0b 57 c7  |.l7.....(.Z.e.W.|
+00000220  d2 61 13 b0 dc 19 4b a0  22 cc d9 1f 42 e9 3a 92  |.a....K."...B.:.|
+00000230  ce 4e 37 c9 1b 82 7c 0c  af b5 3f 5a a8 f4 c4 fb  |.N7...|...?Z....|
+00000240  fe dc 4a 19 32 da af aa  7c bf f7 2a b0 dc af ce  |..J.2...|..*....|
+00000250  c9 96 a1 30 b5 f8 4f 07  ca e6 db cd 71 c7 09 75  |...0..O.....q..u|
+00000260  0b 7d 30 d9 5d 02 b0 b7  ff fc 92 11 e0 1e 37 40  |.}0.].........7@|
+00000270  2f eb 50 8d 65 53 db 52  1c e8 42 2f 89 0d 61 cf  |/.P.eS.R..B/..a.|
+00000280  a0 a6 10 0f c7 05 c3 6a  32 eb b1 ca 26 f5 1d fc  |.......j2...&...|
+00000290  96 ec 55 f9 8a e6 05 13  d3 0a fb 74 6a 9a 3f 4f  |..U........tj.?O|
+000002a0  ca ce 4e 29 2f 46 4c ef  47 13 72 72 aa 46 c4 12  |..N)/FL.G.rr.F..|
+000002b0  9a a7 f1 90 b2 ea b2 09  d4 db 77 c7 31 7d 6c d6  |..........w.1}l.|
+000002c0  51 9f 97 91 f6 ba 0a fb  a7 63 3e 68 e3 f2 50 5d  |Q........c>h..P]|
+000002d0  b1 33 b8 8b f1 91 68 df  3f b3 9f 5d a7 b5 c1 93  |.3....h.?..]....|
+000002e0  bf 5d 8d 3e 90 05 88 bc  d9 43 d0 9d 25 17 c1 4a  |.].>.....C..%..J|
+000002f0  4a 7f e5 73 d5 0b d6 a5  16 03 03 00 bc 1d 81 1d  |J..s............|
+00000300  dd 11 fe e7 08 d4 0a 50  1a 15 75 a4 0b 49 03 96  |.......P..u..I..|
+00000310  8a 1f ba 30 e9 e3 55 c2  a7 27 cf 3a f6 4c 0a 3d  |...0..U..'.:.L.=|
+00000320  01 5a 08 9a 88 4d ac 0b  7c 84 5c 15 81 84 2d a7  |.Z...M..|.\...-.|
+00000330  8e 4b 92 0b 7c de e9 91  20 07 ca 16 cd 43 8f ec  |.K..|... ....C..|
+00000340  db 7a 16 c9 2c 19 25 23  07 01 4f 68 cc 09 af e0  |.z..,.%#..Oh....|
+00000350  cf d7 7c 2f e0 e7 65 3c  1a 24 c4 d8 b2 ae b9 25  |..|/..e<.$.....%|
+00000360  20 7b 26 e5 50 a6 e1 b0  a6 18 e1 67 79 f3 a9 f0  | {&.P......gy...|
+00000370  bf b1 16 34 47 75 f2 6c  2d 9c ce c4 c8 7b 7d c5  |...4Gu.l-....{}.|
+00000380  6f 19 3a 2f 3a 5b 3c ce  9f 8d a2 1d 77 ba 9d 15  |o.:/:[<.....w...|
+00000390  7a ee b4 88 62 f1 9e 04  4c be 48 ea 0f 2f e5 cf  |z...b...L.H../..|
+000003a0  c0 0b 11 0b 67 9e c7 1c  3d 6b da 86 31 b0 fb 9c  |....g...=k..1...|
+000003b0  55 94 18 26 7a 0e 9b e7  99 16 03 03 00 4a c4 b6  |U..&z........J..|
+000003c0  b8 bf cc 7e 5e 8f c4 a0  84 53 bd 28 e4 1d 47 48  |...~^....S.(..GH|
+000003d0  88 52 dc 46 46 e3 43 60  d2 90 62 c0 0f f5 37 5a  |.R.FF.C`..b...7Z|
+000003e0  31 4a b1 c8 45 80 b8 91  71 45 f7 64 08 ae c7 c7  |1J..E...qE.d....|
+000003f0  9c ab 03 57 fb d6 04 ff  11 3f be 41 a8 1e a6 d1  |...W.....?.A....|
+00000400  18 d7 ce 5d df 0a 12 d2  16 03 03 00 14 ea 34 3b  |...]..........4;|
+00000410  30 86 2c da 14 f5 a8 c4  0b 08 b9 1a c5 5c 7d ba  |0.,..........\}.|
+00000420  82                                                |.|
 >>> Flow 9 (client to server)
-00000000  16 03 03 02 69 83 ef 87  6b aa f1 2a cc c1 b8 5d  |....i...k..*...]|
-00000010  47 e4 2d da c5 91 62 e4  7d 49 da 54 a3 79 fb 1d  |G.-...b.}I.T.y..|
-00000020  59 49 e8 a6 ab 79 c0 9f  51 f9 d2 63 0d 8c 6b 7f  |YI...y..Q..c..k.|
-00000030  b6 77 2d f3 b3 3e 78 86  3a 14 1a ab 3b 5e 23 b2  |.w-..>x.:...;^#.|
-00000040  d3 5c b1 2b 5c f4 f0 9d  e2 87 08 d0 2f 24 30 d3  |.\.+\......./$0.|
-00000050  05 eb f8 a6 b2 d1 52 00  c3 9e 0b 82 34 3e fd 5a  |......R.....4>.Z|
-00000060  46 d5 b6 b2 f0 a0 96 11  e1 35 c2 32 57 d6 dd b2  |F........5.2W...|
-00000070  a8 ad b2 71 a2 6f 83 05  d6 f1 83 38 a0 3c 13 ff  |...q.o.....8.<..|
-00000080  c1 c1 b0 1e b5 40 5b b5  05 31 65 0b 81 a6 b0 37  |.....@[..1e....7|
-00000090  7d 16 3b 7b cb e7 58 7f  81 25 e3 39 37 98 87 b0  |}.;{..X..%.97...|
-000000a0  e1 8f c0 d5 de 33 fe de  15 37 41 25 d8 97 5d 84  |.....3...7A%..].|
-000000b0  28 12 b4 a5 b0 15 f1 f4  cf 41 28 e9 26 5d ba 36  |(........A(.&].6|
-000000c0  da b6 a6 cb 21 92 21 30  4b 21 4d 44 28 4d 76 d1  |....!.!0K!MD(Mv.|
-000000d0  61 65 fa 02 05 67 50 ec  7d 98 78 21 46 5d fe 75  |ae...gP.}.x!F].u|
-000000e0  78 8e 9d 41 6a 0a d7 0e  27 22 d0 a1 21 57 3d 23  |x..Aj...'"..!W=#|
-000000f0  d1 7d 08 f4 0b 1b 90 ec  63 74 4c e7 df c8 8f 8b  |.}......ctL.....|
-00000100  b8 cd 2b 06 a5 35 f5 c1  62 d5 46 f3 d5 19 5b ce  |..+..5..b.F...[.|
-00000110  c8 d2 f4 c1 51 5f cd b2  51 23 61 bf 93 7f 5d bd  |....Q_..Q#a...].|
-00000120  61 f2 b2 e0 ad be ab d7  c9 77 26 c2 61 fb 25 8d  |a........w&.a.%.|
-00000130  46 38 7a 30 48 9f b5 5c  47 6b ce 10 1d 03 d0 68  |F8z0H..\Gk.....h|
-00000140  7f 00 c0 94 f4 35 eb 41  e8 91 f6 d9 5c 44 d6 79  |.....5.A....\D.y|
-00000150  72 9f 22 a4 08 fd 74 1b  42 dc 49 06 34 8f b6 f5  |r."...t.B.I.4...|
-00000160  12 1c 09 f0 d4 eb e4 6e  d5 9a 31 f9 1a 88 c1 bf  |.......n..1.....|
-00000170  37 42 90 5f c8 e1 38 2b  8b 4b c1 cd 66 72 e6 49  |7B._..8+.K..fr.I|
-00000180  d3 19 0e 01 19 60 f7 7d  d3 66 b2 bf bd 94 30 c9  |.....`.}.f....0.|
-00000190  3a 01 aa b6 dc 2a d6 1a  68 cf a6 31 5e 9a 1d 5b  |:....*..h..1^..[|
-000001a0  90 bb 77 33 31 f2 28 5a  70 a5 c5 ef 91 91 27 22  |..w31.(Zp.....'"|
-000001b0  59 33 d5 22 78 8e 8f 07  91 3c 69 ec b9 81 be e8  |Y3."x....<i.....|
-000001c0  be bd 63 20 54 6c 2c 27  46 38 9a 45 06 4e aa b3  |..c Tl,'F8.E.N..|
-000001d0  37 93 72 6a 90 a6 18 14  88 6e 5b fc 54 44 48 a8  |7.rj.....n[.TDH.|
-000001e0  bc c6 86 52 a6 b8 a7 a4  02 04 91 e0 4b 28 4b dc  |...R........K(K.|
-000001f0  c8 cc db e3 f7 89 69 a3  3b 22 d0 75 16 c8 16 cc  |......i.;".u....|
-00000200  a2 3c 56 c5 00 d1 1d 11  7f 74 1f bb 3d ec 1b c0  |.<V......t..=...|
-00000210  30 67 81 36 11 11 60 d2  e1 be ce e4 0c f6 d0 df  |0g.6..`.........|
-00000220  fd 7c dc 7f 3d 40 8d 65  ec 69 c7 55 30 db 9c d3  |.|..=@.e.i.U0...|
-00000230  bc 92 ae 14 85 18 ce 10  7e 0f 52 52 a4 c7 b7 1f  |........~.RR....|
-00000240  2d 3e 87 fc fb 93 eb 47  a3 e0 cc 4e 57 51 d0 59  |->.....G...NWQ.Y|
-00000250  05 84 dc 4d fd fb d1 11  33 b6 e5 5e df 65 d4 ed  |...M....3..^.e..|
-00000260  04 af 89 b3 f0 90 9b 7c  5e 83 b1 66 71 b1 16 03  |.......|^..fq...|
-00000270  03 00 35 5b 37 fa e1 97  11 25 7c fd da 7e e8 2a  |..5[7....%|..~.*|
-00000280  9b 28 fa 20 a6 9b 9b ca  99 ed a2 eb 5b 84 df a0  |.(. ........[...|
-00000290  b9 14 c2 fe 38 a8 54 06  e4 54 38 87 2a 24 8b 1e  |....8.T..T8.*$..|
-000002a0  3e ba 0a bb c2 1d a4 74  16 03 03 00 98 8b 39 c7  |>......t......9.|
-000002b0  ac e5 80 bf 49 95 ad f4  c0 cf c9 7c 86 bf 11 65  |....I......|...e|
-000002c0  53 40 f3 64 3e 04 ad c9  8d 33 8a 10 4a f5 2e c5  |S@.d>....3..J...|
-000002d0  22 18 59 1c 81 65 8a 51  47 b4 8d b1 94 57 3c f8  |".Y..e.QG....W<.|
-000002e0  d0 06 60 ce 04 f9 50 8f  6c 43 d8 6e b0 9e d9 da  |..`...P.lC.n....|
-000002f0  4b e5 b5 05 b7 1b 4b 46  59 d6 ad 20 bb 4c fc aa  |K.....KFY.. .L..|
-00000300  9a 9b ef fd 59 4b 2a 63  01 b0 1b 2d ed b1 f4 5b  |....YK*c...-...[|
-00000310  bb ca cd fa 13 06 06 7e  1d a5 cd c3 ca 4e bf 7b  |.......~.....N.{|
-00000320  7e 92 92 09 61 35 68 a2  38 f9 13 41 f4 a9 a5 0f  |~...a5h.8..A....|
-00000330  42 63 e4 15 e8 86 00 48  90 2b 43 30 da 05 b6 fc  |Bc.....H.+C0....|
-00000340  8e 7f 52 d3 b8 14 03 03  00 11 82 73 be a9 08 9d  |..R........s....|
-00000350  5b 2f fe bd 1f 2c fb e2  f3 94 f3 16 03 03 00 20  |[/...,......... |
-00000360  d0 47 0f 2d 7e ce 8f 01  e2 7d 01 3c 32 79 a0 26  |.G.-~....}.<2y.&|
-00000370  fe 00 ce d3 37 46 20 b4  f8 af 21 81 0f 1e ba 2d  |....7F ...!....-|
+00000000  16 03 03 02 69 ee f1 51  ac 2b 75 2a 6b 31 f9 25  |....i..Q.+u*k1.%|
+00000010  5a 00 97 42 02 d8 b8 e0  2a a6 0f c2 eb 89 75 42  |Z..B....*.....uB|
+00000020  4c 94 81 59 d0 26 4b e4  51 0a 77 ac bd bc 84 8e  |L..Y.&K.Q.w.....|
+00000030  fa 68 9c 1c 38 90 08 35  96 d2 7e e9 ef 8d 00 78  |.h..8..5..~....x|
+00000040  1e 30 cd 92 df 44 d8 89  fc e5 ce 65 43 65 be db  |.0...D.....eCe..|
+00000050  92 5e 56 0c 8e 86 cf 8f  62 4c 9a a2 ab 8b 0c f6  |.^V.....bL......|
+00000060  13 b4 57 76 fb c4 de b1  68 1c ca c1 23 3d 0d 6a  |..Wv....h...#=.j|
+00000070  be ab 0f 03 19 3a 8c 36  0a ed 1c 2b 59 7a b5 f2  |.....:.6...+Yz..|
+00000080  9c 29 0b e1 ab 74 ad b4  fc f9 ab 18 bf b0 3d 5e  |.)...t........=^|
+00000090  57 70 be 2f 57 7c cc cd  4b 0d e3 c7 d6 74 d8 ae  |Wp./W|..K....t..|
+000000a0  79 b1 f8 aa 28 b7 a4 c7  27 77 a0 20 69 81 f6 a2  |y...(...'w. i...|
+000000b0  76 bc 96 fd 2d 03 9c 97  21 5d ea 50 82 5a 6d 00  |v...-...!].P.Zm.|
+000000c0  7a 80 19 09 4b 4a 8c cc  f4 b4 74 62 60 b6 71 44  |z...KJ....tb`.qD|
+000000d0  d5 06 e0 79 45 cc 78 4a  ee 4c d6 bb 96 70 ac cb  |...yE.xJ.L...p..|
+000000e0  3e 94 d6 46 a3 96 15 4f  70 f0 1a 61 13 ec 6d 0d  |>..F...Op..a..m.|
+000000f0  be ce cd c7 ee 5e c8 ae  cf 1f f1 43 dd 29 21 8b  |.....^.....C.)!.|
+00000100  f1 f0 32 5a 4d 02 09 7f  c0 15 be 33 aa eb 55 97  |..2ZM......3..U.|
+00000110  ea 74 02 dd 74 22 40 b5  33 7d cf ca be 07 0d cb  |.t..t"@.3}......|
+00000120  82 a4 62 56 b1 68 f8 25  d7 1d 57 31 83 cc 7b e9  |..bV.h.%..W1..{.|
+00000130  8a 9f d5 b5 d1 99 da 4b  55 87 c2 d3 99 ea 34 3c  |.......KU.....4<|
+00000140  01 61 5e d4 f2 4a 40 b4  ff 4b eb 68 c7 5e a7 7b  |.a^..J@..K.h.^.{|
+00000150  cf d6 2d 99 ea 6d df a8  b3 74 d1 ad 22 22 81 ae  |..-..m...t..""..|
+00000160  58 a6 1b 87 cb 75 d7 2c  5b a6 4e 04 28 fb f7 6e  |X....u.,[.N.(..n|
+00000170  2a 52 c9 19 21 d8 3c ee  0c 8d 0c 55 d9 7a 1f 75  |*R..!.<....U.z.u|
+00000180  1e 14 4f c2 7c e3 a1 b7  bd 23 32 40 68 d7 9f d7  |..O.|....#2@h...|
+00000190  bc e4 57 62 d2 ba 95 3f  1a c0 2f cf 31 6b 41 e6  |..Wb...?../.1kA.|
+000001a0  92 91 91 6f 49 4b 42 fb  ae e2 82 c2 ac 5b 5d 0f  |...oIKB......[].|
+000001b0  f1 9f e7 18 9d 1d 35 f6  6f 51 d2 05 ed a2 ab 55  |......5.oQ.....U|
+000001c0  38 19 ec 37 ac f2 25 1d  6c 9e f7 30 87 98 03 96  |8..7..%.l..0....|
+000001d0  d6 ae dd 39 74 8f 39 c9  b8 5c aa b2 88 60 5d 96  |...9t.9..\...`].|
+000001e0  7e 3f fe 21 91 41 e1 e9  88 8c 63 20 dc 8d 60 7f  |~?.!.A....c ..`.|
+000001f0  29 36 bd 81 7f 90 48 47  e4 d1 c1 f6 07 06 4f 5d  |)6....HG......O]|
+00000200  2e fa ba e7 8c 57 0d f7  82 80 31 68 a3 78 f9 73  |.....W....1h.x.s|
+00000210  2d 31 0a 76 b1 08 5e 28  af 97 e9 4f 00 b3 eb 99  |-1.v..^(...O....|
+00000220  81 0a 2f 64 53 24 63 eb  16 10 67 97 77 e4 52 98  |../dS$c...g.w.R.|
+00000230  13 d2 bb a5 26 6a 4a c9  6d 9a f7 4c 99 af 05 3b  |....&jJ.m..L...;|
+00000240  da 91 d0 1e bf bc e7 49  90 1e 9f 56 03 38 77 28  |.......I...V.8w(|
+00000250  a2 78 ca 38 51 ec a4 96  70 f2 23 24 ef d2 5e 70  |.x.8Q...p.#$..^p|
+00000260  d0 12 d8 f7 75 64 66 be  f9 30 40 13 30 ca 16 03  |....udf..0@.0...|
+00000270  03 00 35 2e 74 d1 77 b1  56 b9 b6 33 07 39 6d 6b  |..5.t.w.V..3.9mk|
+00000280  c9 c0 9e b1 35 5b 1c 5e  8b c7 15 b8 12 90 3f 62  |....5[.^......?b|
+00000290  01 4a bd 93 2e 5d 0b 6f  9a 33 f3 0f f3 ce 8b 6e  |.J...].o.3.....n|
+000002a0  a2 fb 81 8b 69 9a 3b db  16 03 03 00 98 70 68 40  |....i.;......ph@|
+000002b0  c3 43 46 fc 9b 8a 1d 3f  e2 00 0e e3 a5 a1 d3 b3  |.CF....?........|
+000002c0  4e 99 01 15 d1 91 6c be  4d 05 17 f9 67 14 f5 03  |N.....l.M...g...|
+000002d0  86 f0 f3 c1 b4 74 8d dc  d5 74 d7 b1 f3 f7 5c b1  |.....t...t....\.|
+000002e0  12 20 5e 64 aa e5 fa b4  d5 dd 34 29 42 a4 4e 46  |. ^d......4)B.NF|
+000002f0  9a e0 98 a7 9a 6c c1 b0  bc d7 4d b9 a8 1c 8d 51  |.....l....M....Q|
+00000300  5b 11 bd a3 a9 1c d7 c7  d2 c7 e1 04 a0 6c be a0  |[............l..|
+00000310  74 81 e1 9f f3 a6 ac dc  e6 ac 76 46 03 28 d3 b1  |t.........vF.(..|
+00000320  ab a9 77 b0 84 f2 61 ff  39 a0 e5 09 a0 ad fa 41  |..w...a.9......A|
+00000330  a9 09 4d fb 3f 46 11 73  71 cd 80 1b 1f 5a 43 c9  |..M.?F.sq....ZC.|
+00000340  b0 b0 df 4a 03 14 03 03  00 11 d1 98 c3 73 d0 be  |...J.........s..|
+00000350  45 ea 73 e7 71 1c 78 97  4a b9 05 16 03 03 00 20  |E.s.q.x.J...... |
+00000360  5e e3 1f 19 aa 89 11 71  09 fb 4c f4 36 d4 3a 4b  |^......q..L.6.:K|
+00000370  3e 89 3c 78 99 1a 63 7b  45 22 55 39 74 7f d6 5f  |>.<x..c{E"U9t.._|
 >>> Flow 10 (server to client)
-00000000  14 03 03 00 11 53 7f 72  ce 10 f4 0e a3 ed ed 8d  |.....S.r........|
-00000010  3a ad 2d 57 c8 e1 16 03  03 00 20 11 e9 69 5e ff  |:.-W...... ..i^.|
-00000020  22 0d f6 a3 e1 e5 3f 14  34 a0 33 d7 d5 0a 7f bc  |".....?.4.3.....|
-00000030  7c 69 9b 9a d2 aa 41 87  fe da de 17 03 03 00 19  ||i....A.........|
-00000040  bd a1 83 5d 27 9f cc 0b  40 02 23 6e 6f 18 4c bc  |...]'...@.#no.L.|
-00000050  48 c4 02 7d 45 08 71 ac  d7                       |H..}E.q..|
+00000000  14 03 03 00 11 f4 04 c6  5c 08 6d 53 9b 6e 59 7f  |........\.mS.nY.|
+00000010  75 c7 d9 a9 95 24 16 03  03 00 20 f3 82 ea ea a8  |u....$.... .....|
+00000020  ee 3f 83 7f f4 1e 31 d8  66 32 b7 d9 46 13 ac b5  |.?....1.f2..F...|
+00000030  cc b0 e6 ac 06 4f 65 3b  2e 57 f6 17 03 03 00 19  |.....Oe;.W......|
+00000040  c7 c9 1c 1c 64 a0 c0 90  03 96 5e 94 60 79 f0 85  |....d.....^.`y..|
+00000050  e7 41 db ca 6e 21 5a dd  2a                       |.A..n!Z.*|
 >>> Flow 11 (client to server)
-00000000  15 03 03 00 12 80 ae fb  45 cb a1 2d 1f c8 b6 02  |........E..-....|
-00000010  3a 28 62 d6 13 48 2c                              |:(b..H,|
+00000000  15 03 03 00 12 7a a9 2e  4b 21 84 78 cb 46 52 f3  |.....z..K!.x.FR.|
+00000010  f9 8e 75 3b 7e 77 a1                              |..u;~w.|
diff --git a/testdata/Client-TLSv12-RenegotiateTwice b/testdata/Client-TLSv12-RenegotiateTwice
index 7ff58763..1c7fadb2 100644
--- a/testdata/Client-TLSv12-RenegotiateTwice
+++ b/testdata/Client-TLSv12-RenegotiateTwice
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 25 9f b0 d0 c5  |....]...Y..%....|
-00000010  56 c8 79 6a 1a ff 0e e9  8b 41 b6 be c7 36 0b 58  |V.yj.....A...6.X|
-00000020  c0 9e 9d 6c 4c b4 39 1f  95 ff 8f 20 32 27 d2 39  |...lL.9.... 2'.9|
-00000030  ac f6 33 f9 48 a4 0b 0f  e1 f9 5f 0a 83 7b 75 95  |..3.H....._..{u.|
-00000040  23 55 14 ba 55 2f 47 42  e8 df 09 39 cc a8 00 00  |#U..U/GB...9....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 c5 11 e0 7f 6f  |....]...Y......o|
+00000010  86 2d f5 8f c2 ba 8b a7  1e 15 94 51 e1 d0 ab 40  |.-.........Q...@|
+00000020  37 5b 68 a7 ee 6f de ae  d2 4b b2 20 a8 02 85 68  |7[h..o...K. ...h|
+00000030  2c 18 6b 1a 6c ba 64 81  8a 0f 72 a6 a3 3a 1a ee  |,.k.l.d...r..:..|
+00000040  6a 9a d6 9a ce 03 78 11  11 b6 fa 7a cc a8 00 00  |j.....x....z....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,286 +63,290 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 2b 66 1d  |............ +f.|
-000002d0  80 f2 60 32 0f af 6f d3  03 db 28 c1 33 18 1c 5d  |..`2..o...(.3..]|
-000002e0  71 fd 2a 24 f9 3c 4d 76  ca e3 93 8d 25 08 04 00  |q.*$.<Mv....%...|
-000002f0  80 23 e3 34 5f 28 df b8  c9 fd 39 35 a9 bb 14 f9  |.#.4_(....95....|
-00000300  05 77 09 6f 2f e5 91 07  c3 6f cd 57 2a de 7e 93  |.w.o/....o.W*.~.|
-00000310  b8 9c 49 09 eb 81 45 d8  6a ff df da 06 e3 26 55  |..I...E.j.....&U|
-00000320  36 7e c9 4c 7b 6e 23 13  81 24 b2 a7 6c f6 f3 fc  |6~.L{n#..$..l...|
-00000330  ca 76 96 aa 4b d2 b9 d4  d7 c2 b0 be 2d 36 1b 0e  |.v..K.......-6..|
-00000340  bd ea 84 7e c8 ec 0c 0d  8f 88 91 f2 26 56 38 42  |...~........&V8B|
-00000350  67 ae f4 89 c0 63 9e ef  ef 59 71 86 20 0a 22 67  |g....c...Yq. ."g|
-00000360  a5 c5 44 d6 51 d1 14 fc  62 73 df ed e1 f0 7e 10  |..D.Q...bs....~.|
-00000370  81 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 42 e7 5a  |............ B.Z|
+000002d0  6b 3f 36 51 1f 06 45 c8  de 17 f8 19 9c a2 cb bb  |k?6Q..E.........|
+000002e0  89 52 59 e0 1a d5 c4 1e  42 0c 9b 93 14 08 04 00  |.RY.....B.......|
+000002f0  80 cb 39 db 19 17 fd 12  ec 25 87 ce d2 76 8c c7  |..9......%...v..|
+00000300  aa 30 e3 50 0c 22 a6 73  d0 e5 b0 b6 b6 3c 5a ab  |.0.P.".s.....<Z.|
+00000310  11 97 35 e6 ff de d4 19  46 20 5f 78 33 1c c4 24  |..5.....F _x3..$|
+00000320  48 2d 6a c0 f4 07 d4 5c  8b b6 a3 8c eb 99 e9 70  |H-j....\.......p|
+00000330  d8 46 43 00 3b 1c 4e 37  52 c8 92 57 21 ee c7 af  |.FC.;.N7R..W!...|
+00000340  f0 19 8b 2b f8 c0 e3 1a  79 13 17 fb 14 ed 5c 82  |...+....y.....\.|
+00000350  a9 77 05 b3 3d 25 92 07  3f f5 38 6d dc 86 ce 44  |.w..=%..?.8m...D|
+00000360  3c b7 72 da aa 0c 78 b8  22 bf ef af cf d4 81 bc  |<.r...x.".......|
+00000370  11 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 7b de 6f  c8 b7 f1 69 89 0b 29 af  |.... {.o...i..).|
-00000040  62 1b 92 47 e9 44 f7 26  91 93 9c 3b e2 77 0e d0  |b..G.D.&...;.w..|
-00000050  c5 af fd e5 59                                    |....Y|
+00000030  16 03 03 00 20 c0 2e 41  33 99 c3 00 90 54 c8 ea  |.... ..A3....T..|
+00000040  64 b2 f5 74 5d 3c b8 eb  0c 6e 12 bb 96 01 13 46  |d..t]<...n.....F|
+00000050  1f 7d e9 3a 15                                    |.}.:.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 94 da e2 2e f3  |.......... .....|
-00000010  65 59 31 4f 58 42 57 b5  1f e6 c1 5a c6 07 97 12  |eY1OXBW....Z....|
-00000020  f6 6c 20 cc 91 50 76 42  70 dd 2c                 |.l ..PvBp.,|
+00000000  14 03 03 00 01 01 16 03  03 00 20 50 98 09 8a ad  |.......... P....|
+00000010  b9 ba cb d8 d2 5c a8 69  86 da 30 da 39 ed 3b db  |.....\.i..0.9.;.|
+00000020  5c eb 34 08 4c ca 51 b2  63 0e 08                 |\.4.L.Q.c..|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 fe 0d 78  61 f9 fe 65 3c 42 c0 98  |.......xa..e<B..|
-00000010  82 8b 4c b0 48 9b 1d 48  66 c0 13                 |..L.H..Hf..|
+00000000  17 03 03 00 16 62 a6 a2  7c 1a 5e 4b 4e 58 86 12  |.....b..|.^KNX..|
+00000010  35 8b 6e d9 00 b0 f2 31  46 e6 2a                 |5.n....1F.*|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 e0 bb 6e  cc 69 fc a7 02 46 c4 5e  |.......n.i...F.^|
-00000010  a5 b1 1e ce e9 c7 7a d9  76                       |......z.v|
+00000000  16 03 03 00 14 b0 3a a3  b6 16 b7 9f 65 f8 7f 64  |......:.....e..d|
+00000010  8d 4c 73 1f 41 1b b0 5c  65                       |.Ls.A..\e|
 >>> Flow 7 (client to server)
-00000000  16 03 03 01 1a a7 03 1c  ef 27 0a 04 9b 31 b0 c6  |.........'...1..|
-00000010  17 00 1f 6c d5 91 ae 7c  77 87 98 05 67 9a ea ea  |...l...|w...g...|
-00000020  6c 79 28 da 2c 91 6d a0  c6 9a e9 f3 85 a0 7f 7d  |ly(.,.m........}|
-00000030  ae 89 ac 0d 01 7f d8 34  dd fb ba c3 d8 ba ff 9b  |.......4........|
-00000040  75 dc d6 5e 8a fa ad 9c  ea fa 15 63 55 85 98 26  |u..^.......cU..&|
-00000050  65 7a 19 17 c4 99 98 85  83 c4 06 39 30 d5 63 51  |ez.........90.cQ|
-00000060  ff 22 e8 cd 55 6e fc 88  5e d5 54 24 79 52 7e b0  |."..Un..^.T$yR~.|
-00000070  71 e4 e6 cb a6 06 24 14  1a c2 a8 52 85 e9 fc e4  |q.....$....R....|
-00000080  66 47 9c 9c d1 f3 56 11  47 16 4b 7c a5 f1 81 1e  |fG....V.G.K|....|
-00000090  00 78 98 8f 70 ae 47 6d  45 3b c4 af fc 88 bd 88  |.x..p.GmE;......|
-000000a0  7b cc 8a 78 86 ff 86 25  2d 21 28 f2 c5 d7 4b 61  |{..x...%-!(...Ka|
-000000b0  c0 ea 67 38 4c d0 d6 6f  fc a0 69 62 98 6f ac 29  |..g8L..o..ib.o.)|
-000000c0  29 13 34 7a f0 2d 1b 7e  52 42 6f f1 64 ed 7f 47  |).4z.-.~RBo.d..G|
-000000d0  69 82 9b 9d 19 7b 3a c5  54 51 c8 8f 4c 9e 42 a7  |i....{:.TQ..L.B.|
-000000e0  0f 9e 05 1d 4f 85 11 05  97 42 fa 24 37 1c 4e ec  |....O....B.$7.N.|
-000000f0  55 dc e1 4e f6 e2 dd c6  63 b0 dd 60 11 93 23 8a  |U..N....c..`..#.|
-00000100  eb 68 76 21 ec 19 cf 59  c8 78 80 f0 fa 39 6a 09  |.hv!...Y.x...9j.|
-00000110  f8 7f 9d c0 e7 51 3d 75  17 e3 cf a5 bf 1c 10     |.....Q=u.......|
+00000000  16 03 03 01 38 a3 ce 00  8f a3 63 85 d9 cd 78 93  |....8.....c...x.|
+00000010  55 94 fc 68 84 5c fc c5  a3 c3 d1 cc 09 83 e0 a0  |U..h.\..........|
+00000020  b2 b7 d4 10 6f aa 32 99  a5 53 e0 c0 ae 8c 6a e2  |....o.2..S....j.|
+00000030  90 8f 46 ac 71 ce 4e 4f  0a 29 cd 70 ed 8a cc 1e  |..F.q.NO.).p....|
+00000040  53 de d1 75 72 a2 06 36  28 6e fd d0 60 00 ff c6  |S..ur..6(n..`...|
+00000050  a8 18 1e f8 1c 1a 7d e9  d8 16 36 a4 42 d5 59 ad  |......}...6.B.Y.|
+00000060  d9 01 45 e4 03 8b c8 f3  b7 2f 0f 77 62 69 ad 35  |..E....../.wbi.5|
+00000070  16 ef 99 94 7f af 7c f5  44 19 99 65 97 d3 15 af  |......|.D..e....|
+00000080  82 06 1d 80 ab 55 51 70  c7 23 15 5b 00 fb 93 e6  |.....UQp.#.[....|
+00000090  5e 06 c9 db 87 98 af 0b  38 68 5f 0a 06 35 2b bd  |^.......8h_..5+.|
+000000a0  15 04 57 e6 1c 70 35 b3  2a 16 c7 f6 7e 3b bf d7  |..W..p5.*...~;..|
+000000b0  3f f6 35 bd a9 cc 6d aa  75 b4 16 6d 81 0e 34 ab  |?.5...m.u..m..4.|
+000000c0  2e de e7 4a 2e 13 69 c5  c2 e2 2d 38 e6 3f 8a f4  |...J..i...-8.?..|
+000000d0  d5 6a a2 9d 28 a7 98 30  e3 9a 8a 86 15 e6 00 45  |.j..(..0.......E|
+000000e0  63 43 1d 28 b0 24 39 06  5e cb cb eb a1 cc 75 f3  |cC.(.$9.^.....u.|
+000000f0  18 e4 d0 e6 49 0b 00 5d  67 18 35 52 b4 fa ec 9a  |....I..]g.5R....|
+00000100  6a 26 1b f8 38 ef f4 be  30 ef af bb bb 3f 28 a2  |j&..8...0....?(.|
+00000110  0e 17 48 a6 3c d1 73 a7  45 12 4e 7e b2 87 e2 4a  |..H.<.s.E.N~...J|
+00000120  92 6e 26 3a f5 17 08 87  7b 34 bc 11 36 51 5f 0b  |.n&:....{4..6Q_.|
+00000130  e4 05 a9 b7 a5 bd 51 fa  77 e3 72 31 84           |......Q.w.r1.|
 >>> Flow 8 (server to client)
-00000000  16 03 03 00 85 14 4e 8e  de d0 5b 59 2d f6 a3 b0  |......N...[Y-...|
-00000010  c0 ff 4a ff 8b cf af 2f  09 f1 ee 03 0f b9 70 5e  |..J..../......p^|
-00000020  1b e4 ef b4 3e e7 c1 43  fb ea a8 68 4c 66 0a 55  |....>..C...hLf.U|
-00000030  e8 51 a6 30 bb e3 f5 0e  df 11 f2 e0 51 94 14 f6  |.Q.0........Q...|
-00000040  1e c6 e8 9d 10 a2 20 9f  f2 f6 1e f0 3c f3 ba ff  |...... .....<...|
-00000050  65 d1 f4 df 9e e6 18 9f  a1 a5 9c 5f 4b 4f 20 98  |e.........._KO .|
-00000060  4a f6 0b 95 da 01 1f ea  c0 c4 39 39 8b fd 19 40  |J.........99...@|
-00000070  8d 14 da 45 fd 51 3d a7  36 23 a0 b2 bb cb 81 6b  |...E.Q=.6#.....k|
-00000080  79 0a 02 71 50 84 ac d6  7b ad 16 03 03 02 69 b8  |y..qP...{.....i.|
-00000090  a9 6c 87 d7 23 6b c6 1a  4c 08 dd fa 58 e8 e8 d5  |.l..#k..L...X...|
-000000a0  44 16 3b de 77 60 33 2a  47 a5 3c e0 cb c3 1a 38  |D.;.w`3*G.<....8|
-000000b0  1d 1f 69 8e 33 a3 ba ac  55 b5 77 9b e1 fc a4 21  |..i.3...U.w....!|
-000000c0  99 90 01 5e 99 36 a3 cf  74 b4 1f 96 b7 96 1e 4b  |...^.6..t......K|
-000000d0  cf 0b 92 5f 6b 1f 1c b0  70 80 2e 87 57 ef 52 b0  |..._k...p...W.R.|
-000000e0  2b 7d 66 06 cb a1 78 a7  5a e2 af 4c fc a4 8b 99  |+}f...x.Z..L....|
-000000f0  af 6c 6d 0e 07 7e da 11  5a b7 89 af 3c ce 1e 22  |.lm..~..Z...<.."|
-00000100  1f 7d 97 d5 d4 78 09 c4  e7 fb 33 bf 36 ee 6e 5a  |.}...x....3.6.nZ|
-00000110  af f0 5b 0f 00 eb cc 3d  76 35 41 98 4c 65 81 34  |..[....=v5A.Le.4|
-00000120  74 d9 d7 ba 04 fc c8 c6  c9 ca 4b b0 8e b1 7e 87  |t.........K...~.|
-00000130  9d 69 2e d5 68 54 96 48  37 42 ae ff 18 d0 08 b2  |.i..hT.H7B......|
-00000140  dc 26 1c c1 99 f1 c3 02  3f 48 51 a8 92 10 18 01  |.&......?HQ.....|
-00000150  f3 3b 96 4b de 80 29 27  87 da f4 89 23 1b 49 b8  |.;.K..)'....#.I.|
-00000160  5b f5 50 ec 99 b0 c3 48  e2 d3 fe fb a0 95 c3 c6  |[.P....H........|
-00000170  83 fe d9 87 ef 0c cf 67  8f e7 52 3d 17 7d c0 ab  |.......g..R=.}..|
-00000180  02 1a 33 78 c8 d6 13 8b  8e 82 be 0d 5e d4 22 e8  |..3x........^.".|
-00000190  63 c3 84 a9 05 12 d3 b7  e2 36 96 a2 22 0a 77 df  |c........6..".w.|
-000001a0  20 06 5c 0d 8b c1 d6 ac  73 b0 b2 a0 be db 59 17  | .\.....s.....Y.|
-000001b0  05 60 68 b9 18 85 d5 73  9b c9 41 b9 c1 f2 02 47  |.`h....s..A....G|
-000001c0  ca 95 c8 47 e2 de 04 75  08 d4 b7 a2 41 d7 e2 6b  |...G...u....A..k|
-000001d0  ad 8c ba c5 fc f8 b1 fe  d3 23 c0 22 ec d0 2f a7  |.........#."../.|
-000001e0  d9 ed 0e da 71 18 c0 d0  1f 40 8d eb 79 ea 5f aa  |....q....@..y._.|
-000001f0  07 4f 65 81 c1 9e ea 36  7f 0d 8b 07 8b 71 81 5a  |.Oe....6.....q.Z|
-00000200  0e cb d4 0f 98 c8 5c 69  d0 61 6e b5 ef 2a dd 5f  |......\i.an..*._|
-00000210  63 92 b4 3e 6e f4 b8 fc  45 bf 58 79 08 a4 95 6f  |c..>n...E.Xy...o|
-00000220  34 01 9b 8a 19 a5 e4 11  3f d4 97 47 66 e8 42 ef  |4.......?..Gf.B.|
-00000230  92 72 01 f4 6f 07 a4 35  81 83 ee 26 d0 96 cc de  |.r..o..5...&....|
-00000240  42 2a 65 64 cc a9 0c 39  31 d5 7c 2f 42 e5 ce 36  |B*ed...91.|/B..6|
-00000250  0b bf b5 22 2a 4f 3c 56  27 29 cd fb 8e 9f 8f ab  |..."*O<V')......|
-00000260  f0 14 46 17 26 93 11 16  72 cf ab a1 66 1c 63 2e  |..F.&...r...f.c.|
-00000270  ea f8 f3 ac 84 eb 00 f0  b0 81 e7 ec f6 26 7d c0  |.............&}.|
-00000280  59 a9 cf 7b a5 2e ca 73  b1 df 48 b4 92 31 ad 15  |Y..{...s..H..1..|
-00000290  d3 7b d0 65 26 d8 2c 8c  06 62 a2 f3 fb a3 2e b6  |.{.e&.,..b......|
-000002a0  e6 0d 44 a5 7a 51 02 c5  04 16 fe 6e e0 14 96 6e  |..D.zQ.....n...n|
-000002b0  88 c4 ac 00 ac 23 bb 00  c9 a3 26 88 52 18 60 80  |.....#....&.R.`.|
-000002c0  9a 49 38 67 5a 64 cc d0  bd 28 da f1 ee bb 6a c0  |.I8gZd...(....j.|
-000002d0  91 10 5e 40 c1 e8 77 88  7c b0 46 22 b2 64 8f c5  |..^@..w.|.F".d..|
-000002e0  c6 bd 14 4d 1f 9e 2d a6  18 72 51 38 fb 7b 06 11  |...M..-..rQ8.{..|
-000002f0  9d 9b 65 f0 eb 87 ff f9  16 03 03 00 bc cf 68 7a  |..e...........hz|
-00000300  7d df a0 b7 38 40 7a 7d  68 cc 94 5d 34 9e 4c ca  |}...8@z}h..]4.L.|
-00000310  c3 7d 66 81 16 77 a7 e3  4e ef 66 fd f6 8c 67 f9  |.}f..w..N.f...g.|
-00000320  ae f2 92 61 3a 75 74 9f  60 b7 9a 2c 98 98 58 83  |...a:ut.`..,..X.|
-00000330  28 16 23 de ad ff 2b cd  e6 4e 5a 98 87 f1 8a 1c  |(.#...+..NZ.....|
-00000340  66 79 18 bc 70 a6 84 a1  90 e0 8a c3 1d e8 63 9f  |fy..p.........c.|
-00000350  71 7f 4a 5f 4e c2 e5 70  68 21 e4 31 54 c3 81 2a  |q.J_N..ph!.1T..*|
-00000360  6f c0 84 7a 98 1d f1 61  e5 71 35 ce 7d fd ad fa  |o..z...a.q5.}...|
-00000370  57 1a 1e 4b 46 7b 56 82  52 5e e1 73 1b 8a f1 fd  |W..KF{V.R^.s....|
-00000380  c9 65 a5 b6 73 1f 07 48  58 f8 d6 cb 8a ab 18 b9  |.e..s..HX.......|
-00000390  94 f5 53 7a dc a5 13 9b  ef 9a b9 31 42 60 74 02  |..Sz.......1B`t.|
-000003a0  ae 73 52 af 18 f3 52 c0  63 b3 1e 50 1c f2 1c 50  |.sR...R.c..P...P|
-000003b0  73 ea fe 13 e2 61 c1 38  05 16 03 03 00 4a 82 ab  |s....a.8.....J..|
-000003c0  72 1f 06 41 41 a7 4e 41  ab ae 2b b4 af 45 a9 11  |r..AA.NA..+..E..|
-000003d0  a4 aa d4 2e 19 82 dc 08  dc 9a 4e ae d0 7f 35 8b  |..........N...5.|
-000003e0  bc 75 59 eb 95 eb 13 10  d1 f7 25 cc b9 28 d0 fe  |.uY.......%..(..|
-000003f0  4c 63 fd 8e 7c fc 1e 2f  db 92 57 d6 18 44 2c ab  |Lc..|../..W..D,.|
-00000400  ec a5 a7 ae 1a 13 90 45  16 03 03 00 14 76 66 ce  |.......E.....vf.|
-00000410  a0 ba 5b 1b b2 2e c6 06  66 dd 89 95 7d 85 8d 81  |..[.....f...}...|
-00000420  0c                                                |.|
+00000000  16 03 03 00 85 5d 34 8c  78 d1 0e 67 b7 5c ee 45  |.....]4.x..g.\.E|
+00000010  ec f6 47 3c 67 11 2e 53  a5 a4 54 d2 25 80 88 bf  |..G<g..S..T.%...|
+00000020  41 89 8f 8f 2d a2 42 48  d7 3c 27 0f f8 45 6b 17  |A...-.BH.<'..Ek.|
+00000030  1a f7 dd 9d 1a aa 92 46  79 1c 24 01 ff 8e c3 17  |.......Fy.$.....|
+00000040  84 07 49 8c 62 8d ca 26  57 40 55 b4 1d 88 98 99  |..I.b..&W@U.....|
+00000050  57 dd e5 23 ab 8e 51 37  4b 57 4e 6e 99 0b a3 18  |W..#..Q7KWNn....|
+00000060  74 ed c5 2d 06 e6 4c e8  65 c0 96 44 44 ce ec 3c  |t..-..L.e..DD..<|
+00000070  7c ef ad c2 08 6b 9f 0f  13 03 1e 66 db 99 07 74  ||....k.....f...t|
+00000080  8b ae cd 6d 78 bd 93 25  76 8a 16 03 03 02 69 8d  |...mx..%v.....i.|
+00000090  e5 8b e8 c8 93 2e f7 70  46 e2 1f cc d5 02 65 7c  |.......pF.....e||
+000000a0  e5 b3 09 7c ea ef 81 b5  a9 f6 52 ab e5 6c f1 ee  |...|......R..l..|
+000000b0  e4 b6 f9 d0 be 7e 47 fe  f7 65 d0 e8 39 4e 99 d9  |.....~G..e..9N..|
+000000c0  4a 00 80 4d ca cb 8b 32  58 d4 63 64 e5 fe f4 1b  |J..M...2X.cd....|
+000000d0  24 c0 00 ea 10 d3 19 04  a7 7a a3 37 79 04 17 6d  |$........z.7y..m|
+000000e0  d3 35 df 6a 0e dc 26 4e  59 48 7e 56 b8 ca e4 57  |.5.j..&NYH~V...W|
+000000f0  ae 66 c9 37 54 e4 a8 0e  2a b5 e5 be 7f ed 35 80  |.f.7T...*.....5.|
+00000100  12 eb 2d 3c d1 04 0c c1  9e ef 0d 60 2e 1c 94 94  |..-<.......`....|
+00000110  b2 39 46 dd 83 22 5a 09  b5 ef 66 6d 8f 2b 32 ca  |.9F.."Z...fm.+2.|
+00000120  b9 28 08 d4 a6 36 6b 62  5c 64 c6 e5 2b 61 13 81  |.(...6kb\d..+a..|
+00000130  50 e5 56 9d d2 ab 3f 7d  ea 1b 4c d3 ff b0 ed 95  |P.V...?}..L.....|
+00000140  20 62 58 ba af 27 51 b4  91 24 37 d7 ac a8 c7 21  | bX..'Q..$7....!|
+00000150  20 54 71 d2 00 d3 39 8a  c1 c4 c7 17 87 21 9d 45  | Tq...9......!.E|
+00000160  36 22 da 4b 89 9e 8b ae  bd 8f c5 94 ee 80 4f 55  |6".K..........OU|
+00000170  6b 43 06 c7 ad 89 50 a9  64 2e de 68 df bc 21 d9  |kC....P.d..h..!.|
+00000180  28 d6 cf 3d e5 94 77 9f  8b 96 f0 fc b6 31 1f 7c  |(..=..w......1.||
+00000190  f8 85 9f 8a 2f 92 7a 52  5b 1c 42 77 87 2e 1b 0a  |..../.zR[.Bw....|
+000001a0  1d 6b a6 09 15 96 77 b0  c1 47 ee b4 54 60 df 2a  |.k....w..G..T`.*|
+000001b0  c7 86 85 c5 3a ee c9 e2  cd b8 99 fc 9d 30 9f a6  |....:........0..|
+000001c0  eb 6c ef 25 18 4c 58 11  45 1f 14 be 4f 2c a7 ed  |.l.%.LX.E...O,..|
+000001d0  71 e8 c2 70 3d e8 b6 55  3f a6 52 44 fd d1 6c 13  |q..p=..U?.RD..l.|
+000001e0  32 df e9 c2 ea 42 1b 69  ce 9d 79 77 b1 a3 f8 a2  |2....B.i..yw....|
+000001f0  ee 28 c2 bc 0e 99 86 fd  d2 e7 f7 2a 14 1c ea a7  |.(.........*....|
+00000200  3a 26 dd 23 4b 48 44 55  ac ea 5e 0e 12 18 49 7a  |:&.#KHDU..^...Iz|
+00000210  56 bc c0 2e 8a 5c 96 83  8d e7 ad c3 25 b2 dd d1  |V....\......%...|
+00000220  2c d3 f7 16 61 78 26 50  f5 69 34 e4 07 3a 0f c6  |,...ax&P.i4..:..|
+00000230  26 fb be e2 a9 b0 76 a2  67 ed 65 75 89 c8 c6 a9  |&.....v.g.eu....|
+00000240  80 8e c6 96 b6 18 61 9e  e9 2e 51 cb 8b 3d 7c db  |......a...Q..=|.|
+00000250  2a a0 5b d6 21 e8 ef a8  83 dc 1a 79 98 18 6d b5  |*.[.!......y..m.|
+00000260  8a b1 7c 6b 4e 8a ad 13  11 94 74 e8 b5 be 1d 74  |..|kN.....t....t|
+00000270  ce 13 b6 1a c4 83 cc fa  ed ec 1e a2 e8 78 2f ac  |.............x/.|
+00000280  b9 51 c7 8e d7 f4 16 e7  31 63 95 cd 79 fc a3 42  |.Q......1c..y..B|
+00000290  99 c4 a7 26 14 6a 0d c3  26 e0 08 bd 21 c8 b8 56  |...&.j..&...!..V|
+000002a0  3e 0e 98 42 76 3d e6 82  51 6c 6a a1 78 c0 c5 9a  |>..Bv=..Qlj.x...|
+000002b0  70 1b 9e 70 63 e3 e6 c4  9a ed c9 1e 9f 95 dd e2  |p..pc...........|
+000002c0  8e b9 12 7d 7a d1 3b 49  df 4c cc ba b4 2d 91 34  |...}z.;I.L...-.4|
+000002d0  f8 05 1e d1 66 39 49 99  49 18 45 da 24 65 bb f8  |....f9I.I.E.$e..|
+000002e0  d0 40 87 6d 5b 5a 2a 41  40 f0 98 07 3c 1a 9e 81  |.@.m[Z*A@...<...|
+000002f0  8f 5d 44 80 10 0b bb f4  16 03 03 00 bc 8a 5e 4c  |.]D...........^L|
+00000300  7b 86 c6 d6 f1 fa ba 03  2d 16 75 46 6a 72 b9 98  |{.......-.uFjr..|
+00000310  11 75 b5 34 96 6a f9 61  7a b4 47 2d 67 b8 ab 1f  |.u.4.j.az.G-g...|
+00000320  69 60 1f 28 ff 3d 03 61  62 22 7a 35 73 e7 0e 15  |i`.(.=.ab"z5s...|
+00000330  f5 e9 64 a6 8b dc e3 f4  fe 7b 53 82 48 6f df fb  |..d......{S.Ho..|
+00000340  69 b8 c3 4c a9 dc 87 8b  46 99 1f ef ae 6a 40 56  |i..L....F....j@V|
+00000350  81 fd e9 1d 8c 8d 12 c0  07 77 fa e3 e2 cd 48 33  |.........w....H3|
+00000360  de b9 db 09 0d d4 eb cc  a5 9e 43 75 b6 45 09 c2  |..........Cu.E..|
+00000370  08 ff cc fa c6 3b 97 da  85 9a c4 9f 56 03 ed b8  |.....;......V...|
+00000380  a5 98 ec b3 b8 d4 39 b5  07 32 b4 f6 70 1f 9f 1d  |......9..2..p...|
+00000390  6e 0e fc 22 6d 1d 29 b7  d7 83 f3 2e 1a 8e d0 77  |n.."m.)........w|
+000003a0  e9 82 4f 21 94 0d e6 39  f4 4f 57 74 0e a6 0d a3  |..O!...9.OWt....|
+000003b0  bf ee 24 ac 3e be f6 46  bb 16 03 03 00 4a 0a eb  |..$.>..F.....J..|
+000003c0  93 1a d4 ab 57 53 2c 5c  40 f1 f8 2f 6c 93 f3 2a  |....WS,\@../l..*|
+000003d0  6d a0 19 d4 d3 92 1a b0  ae 2d 15 9c 63 21 0f 06  |m........-..c!..|
+000003e0  8b ef 7c a4 a6 dc d8 6c  63 ec 24 ce ce ce 55 fa  |..|....lc.$...U.|
+000003f0  de 31 53 2b df 27 4c 20  60 97 f2 62 86 33 97 b2  |.1S+.'L `..b.3..|
+00000400  69 d0 aa 44 3f 1f 02 d5  16 03 03 00 14 0b e0 0c  |i..D?...........|
+00000410  7b 88 84 70 49 7a e4 80  7a 85 90 76 cc aa 0b 42  |{..pIz..z..v...B|
+00000420  6b                                                |k|
 >>> Flow 9 (client to server)
-00000000  16 03 03 02 69 8a dc ce  d1 c0 85 30 95 6c da 57  |....i......0.l.W|
-00000010  23 05 39 c1 4c 20 08 25  a2 96 f1 55 a1 77 3b 42  |#.9.L .%...U.w;B|
-00000020  9f 3d 69 9b 56 49 b4 94  8a 3c d5 85 43 f1 b4 4b  |.=i.VI...<..C..K|
-00000030  cd e0 67 95 83 34 90 89  81 f0 18 87 28 c0 42 88  |..g..4......(.B.|
-00000040  b0 1c d1 cc 0a f0 bb 67  91 55 0b e4 ed 22 52 09  |.......g.U..."R.|
-00000050  92 0b 56 ac d0 3f c9 41  05 8a 19 7d e7 9a d7 ff  |..V..?.A...}....|
-00000060  fa 85 f5 23 b0 98 a0 79  b1 8e 0f 90 0e c8 32 92  |...#...y......2.|
-00000070  4b 6a 37 47 45 31 70 be  8b cd 7a 26 3a 3c 0b 63  |Kj7GE1p...z&:<.c|
-00000080  a7 8c 00 2c 1d be eb 5c  1f 16 90 76 2b d7 82 5e  |...,...\...v+..^|
-00000090  31 93 40 7a e0 9a e0 4c  7d 2e e3 84 0f cb 06 7d  |1.@z...L}......}|
-000000a0  8d 76 41 ea 27 52 4a 77  e5 91 02 ab 11 cc 8c f0  |.vA.'RJw........|
-000000b0  fe 8e ee b2 f1 ba 1e ab  0d 5c e2 2d da d5 8d f9  |.........\.-....|
-000000c0  7c 22 32 e9 50 1d 88 db  af c0 82 51 e0 31 14 71  ||"2.P......Q.1.q|
-000000d0  ad c9 05 5d 8e 2b 75 4b  9e 74 b0 3a a9 e4 7c 82  |...].+uK.t.:..|.|
-000000e0  ac 75 39 31 0a dc dc 0a  5c f4 ee 55 f2 09 c2 d2  |.u91....\..U....|
-000000f0  81 c8 70 2e 8f 37 6b 90  79 5c 18 6e 38 21 c6 00  |..p..7k.y\.n8!..|
-00000100  08 be ad 21 e9 40 b6 54  06 f0 61 f9 2c 71 25 0e  |...!.@.T..a.,q%.|
-00000110  13 6c 66 ef b6 a9 61 d0  d0 42 56 58 32 3c 9c 5a  |.lf...a..BVX2<.Z|
-00000120  ee 13 1d 42 8b 94 41 9c  d1 2e c9 ac d4 ed 0f 04  |...B..A.........|
-00000130  1c 6f 5c 30 80 12 37 c6  43 07 7e 03 50 86 24 84  |.o\0..7.C.~.P.$.|
-00000140  34 2a 70 82 65 67 35 cd  5e 7c 0e 49 30 35 d4 ee  |4*p.eg5.^|.I05..|
-00000150  43 b7 7a c3 88 30 e5 ba  98 7f 8d 9e 08 a2 8c bb  |C.z..0..........|
-00000160  48 44 c2 1a 8d 7b 41 de  b6 68 ae d2 8a 64 9b 6b  |HD...{A..h...d.k|
-00000170  8a 47 88 04 49 05 8a 94  66 da d3 90 78 6d 81 64  |.G..I...f...xm.d|
-00000180  4e 6b a5 6f d2 9d 1d 36  6f a2 a3 83 0c f5 69 10  |Nk.o...6o.....i.|
-00000190  37 c8 b8 59 c7 b1 5b 91  fc e3 26 37 da 14 80 8f  |7..Y..[...&7....|
-000001a0  d4 1e 63 51 1d 77 85 67  af 7a 7d e4 5a 27 f9 3f  |..cQ.w.g.z}.Z'.?|
-000001b0  75 b0 9e 2a 1d 42 29 ac  d4 29 c6 0d 2f ee 35 38  |u..*.B)..)../.58|
-000001c0  38 91 a4 f1 60 1b d6 49  b2 eb c4 df b6 01 99 69  |8...`..I.......i|
-000001d0  06 7c ca 2d aa 15 e8 c5  4f 48 5f 77 87 4b fd 41  |.|.-....OH_w.K.A|
-000001e0  cf aa 7d 96 b9 12 ee b7  b3 a2 86 5e 4f 79 08 a1  |..}........^Oy..|
-000001f0  00 43 12 93 92 99 07 44  23 48 78 46 c8 fc 4a 96  |.C.....D#HxF..J.|
-00000200  88 72 45 2a f4 ff 92 41  7b e5 a0 74 93 ff b8 f6  |.rE*...A{..t....|
-00000210  3e e0 6a 3b 3b 12 68 50  89 d1 d3 22 e0 a1 3f ef  |>.j;;.hP..."..?.|
-00000220  da 18 15 5b c2 48 0e 78  d0 af ae d7 81 af 23 16  |...[.H.x......#.|
-00000230  ab 71 07 9d 26 b2 8b 34  7e b2 1a 1e f4 fb 02 9a  |.q..&..4~.......|
-00000240  f4 15 78 a9 d2 19 94 bb  9f b0 ba 2a 21 20 dd 87  |..x........*! ..|
-00000250  57 73 e7 01 08 bc 38 ce  2d 9e dc 3f f7 c4 75 aa  |Ws....8.-..?..u.|
-00000260  00 9d 28 43 e5 de aa 82  fb e5 ca 87 4e 6c 16 03  |..(C........Nl..|
-00000270  03 00 35 e0 37 f9 95 cd  96 f9 ba 36 12 6b 35 c5  |..5.7......6.k5.|
-00000280  02 9d 71 8a e5 07 d6 1c  77 6a 86 17 d0 01 9b 79  |..q.....wj.....y|
-00000290  74 6b 14 27 33 2f 6d c2  af cb dd 47 71 b3 73 4d  |tk.'3/m....Gq.sM|
-000002a0  7f 42 3e 7f 86 6e 63 ed  16 03 03 00 98 7f ba 78  |.B>..nc........x|
-000002b0  bf a3 d4 02 cb 19 0d 1f  48 bf 4d 9f d0 37 3a c9  |........H.M..7:.|
-000002c0  c1 76 6e fb 9a 69 63 0a  a1 76 13 2d ea 52 38 18  |.vn..ic..v.-.R8.|
-000002d0  71 89 9a f5 02 2e 44 94  72 6d 08 e1 89 9a e1 4c  |q.....D.rm.....L|
-000002e0  ee 2f 15 9c 0d b6 67 1e  0c 17 b0 e9 03 7d 66 1c  |./....g......}f.|
-000002f0  28 6b 57 6d c8 49 5d ef  ca 4c 51 59 ae 17 55 97  |(kWm.I]..LQY..U.|
-00000300  54 f1 f5 64 19 ec 36 27  96 33 0e fd 65 42 ac 50  |T..d..6'.3..eB.P|
-00000310  bb cf f9 da fe 98 3d 83  79 a0 24 0d 9f 91 5c b0  |......=.y.$...\.|
-00000320  5c c5 04 b4 90 53 c3 8b  b5 29 c5 73 7f 04 c6 55  |\....S...).s...U|
-00000330  93 4a 08 67 8f f7 a8 ba  a8 e2 62 09 85 d3 47 b9  |.J.g......b...G.|
-00000340  27 bd 6c 81 95 14 03 03  00 11 88 9b 21 1e 06 0a  |'.l.........!...|
-00000350  fa 8a 9e 4e d9 7a b3 a5  45 7a 96 16 03 03 00 20  |...N.z..Ez..... |
-00000360  6f a0 f0 cf 0b 2b c2 d1  36 d8 64 2b 72 86 7b ab  |o....+..6.d+r.{.|
-00000370  c7 86 5d c3 67 ec d6 c0  32 4d b8 1f fa d9 3a af  |..].g...2M....:.|
+00000000  16 03 03 02 69 97 93 8b  02 bb 85 f7 ec fd ae 99  |....i...........|
+00000010  d2 31 6c 04 64 02 ee dd  86 ea c2 9c 40 22 5a fc  |.1l.d.......@"Z.|
+00000020  6e 6e 66 30 1d bb 71 40  90 b1 c2 1c 38 53 37 21  |nnf0..q@....8S7!|
+00000030  87 a2 df c3 68 b9 c1 90  46 df 73 f8 ba 20 7e 83  |....h...F.s.. ~.|
+00000040  49 2d d8 3c a4 4a 4b 41  70 5d ee 65 68 31 3d f4  |I-.<.JKAp].eh1=.|
+00000050  44 ce 10 be d8 d1 bc 21  25 f0 66 36 f0 b9 8b b9  |D......!%.f6....|
+00000060  89 cc 0c b8 b2 67 ef 86  24 ed 54 2e e8 b7 b3 87  |.....g..$.T.....|
+00000070  c9 58 fa db 3d 0a 78 bb  68 fa 86 26 bd 8b aa 4c  |.X..=.x.h..&...L|
+00000080  f5 8a f8 6a 82 b1 12 79  39 20 71 c4 3f 6a fc 9c  |...j...y9 q.?j..|
+00000090  4a 44 e0 ea 7e 06 35 23  77 dd 07 0e c1 89 85 19  |JD..~.5#w.......|
+000000a0  98 7b e0 31 2d d0 a2 de  be a9 fe 1a 8d ef 45 52  |.{.1-.........ER|
+000000b0  5c ee 4e 7f 0d 69 41 9b  84 a6 84 6c 41 42 31 8c  |\.N..iA....lAB1.|
+000000c0  b8 24 0d cc 54 a6 81 dd  8b 3a 8a 6c ef 75 8c 6b  |.$..T....:.l.u.k|
+000000d0  01 ce 6a ea ae 67 c3 96  8b b6 42 20 c9 e6 7b 2c  |..j..g....B ..{,|
+000000e0  79 fe 1c 25 42 55 95 65  a4 af 16 ec aa 49 e4 fa  |y..%BU.e.....I..|
+000000f0  e5 38 5b c2 82 02 ca 34  8a 20 27 c3 46 55 79 ad  |.8[....4. '.FUy.|
+00000100  31 18 27 ed 14 dc dc ab  75 ba 1f 4c f7 1c 74 f3  |1.'.....u..L..t.|
+00000110  d4 a3 52 f8 39 fe 21 d9  fc 08 7f c6 2c 86 54 90  |..R.9.!.....,.T.|
+00000120  c1 2e b0 de 84 25 eb 36  16 4e 96 c5 fc 6f 83 2b  |.....%.6.N...o.+|
+00000130  3e ad 30 6b ae 33 b2 03  87 2f b7 33 14 50 37 a0  |>.0k.3.../.3.P7.|
+00000140  19 cf 41 1c 68 c9 b8 5c  29 f6 34 db 13 40 10 16  |..A.h..\).4..@..|
+00000150  7c 22 42 38 d5 43 4f 46  4d ae bd e2 7d 78 5f b6  ||"B8.COFM...}x_.|
+00000160  12 ba 19 5a 18 ae b7 76  d6 ae 71 c3 5b c4 b5 3a  |...Z...v..q.[..:|
+00000170  b5 b6 52 9b 0b 92 30 41  4d a0 f4 62 2c c7 4f 27  |..R...0AM..b,.O'|
+00000180  04 f5 7e 77 04 89 11 2a  e0 0c 5e 21 3b 75 13 bf  |..~w...*..^!;u..|
+00000190  1f 48 ed 4d 05 b3 67 f3  d8 71 99 fb 23 c5 0f fd  |.H.M..g..q..#...|
+000001a0  47 7c 36 f8 e0 25 53 f4  15 bd 77 db f5 71 a1 6e  |G|6..%S...w..q.n|
+000001b0  6a 1a 06 a1 8a 5d 2b 28  89 82 7b 29 aa b1 68 a6  |j....]+(..{)..h.|
+000001c0  fb 29 a8 cb ee e0 71 de  52 b8 8a 57 63 ff 74 a5  |.)....q.R..Wc.t.|
+000001d0  ca 8c b5 44 23 74 ab 86  74 cf 82 0b fc 23 90 95  |...D#t..t....#..|
+000001e0  3d 83 87 5a aa af 5d d1  c6 4b dc b0 f3 0f 44 57  |=..Z..]..K....DW|
+000001f0  ca 47 a1 28 64 64 4d 81  15 11 92 5a 8c b9 8d ef  |.G.(ddM....Z....|
+00000200  a9 18 58 67 c7 c3 3b a7  9d 41 be 74 67 cb a8 3e  |..Xg..;..A.tg..>|
+00000210  3d a4 b0 4e 92 15 c1 4a  38 6d 48 ba 57 4b 42 a9  |=..N...J8mH.WKB.|
+00000220  2c de de 6a 5b 60 3e 9d  09 5e 8e d4 97 4a 31 52  |,..j[`>..^...J1R|
+00000230  47 5c ce bc f8 14 49 78  6b 5a 36 aa 3b c7 bc e7  |G\....IxkZ6.;...|
+00000240  59 17 a1 18 d3 b1 54 e8  54 8a 1c 07 a5 3b 9f bd  |Y.....T.T....;..|
+00000250  d1 60 7d e8 78 8c be b2  ea 20 26 59 65 ef 70 71  |.`}.x.... &Ye.pq|
+00000260  98 73 0c 43 cb 3a bc 61  8a f8 19 a4 89 0b 16 03  |.s.C.:.a........|
+00000270  03 00 35 28 53 40 d2 93  99 84 8e d8 fc f1 4a 3e  |..5(S@........J>|
+00000280  22 26 d3 2b c0 e9 32 d4  49 7b 7d 19 61 29 ab 28  |"&.+..2.I{}.a).(|
+00000290  e7 e4 a2 13 2e 5a a8 7f  ef e7 19 7b 9c de fc 21  |.....Z.....{...!|
+000002a0  2a 3d f0 3a d3 dc 17 d2  16 03 03 00 98 30 c7 f4  |*=.:.........0..|
+000002b0  b6 60 3b 87 88 e1 0e 26  d2 34 49 de 8c b8 99 35  |.`;....&.4I....5|
+000002c0  fe 6f 11 4b 8b ab d9 ce  11 b1 f5 05 8d 6b c1 91  |.o.K.........k..|
+000002d0  c8 69 cb 2b 04 99 12 ed  8b 7a 63 e2 9c 5d 80 63  |.i.+.....zc..].c|
+000002e0  57 74 8f 1f 9c f4 6b cb  51 57 6b 33 3e 1b 81 54  |Wt....k.QWk3>..T|
+000002f0  73 54 5c 28 f1 fe 2f 88  41 ea 2b 52 30 93 0e 98  |sT\(../.A.+R0...|
+00000300  fe b1 59 0e 01 26 06 f0  fd 77 cb 59 ec b7 4c 4f  |..Y..&...w.Y..LO|
+00000310  cd 40 c0 36 11 d2 dd c8  1a 40 e2 ba 9c d9 39 99  |.@.6.....@....9.|
+00000320  9a d3 9b 37 ee 76 8b 22  fb 42 a8 90 c6 8d 92 4b  |...7.v.".B.....K|
+00000330  57 83 33 04 75 6a 79 69  8f f9 4d fd d6 bd 01 76  |W.3.ujyi..M....v|
+00000340  98 36 7d b2 b5 14 03 03  00 11 85 15 d7 33 6d 47  |.6}..........3mG|
+00000350  80 84 38 df a3 c2 91 0b  1c e0 82 16 03 03 00 20  |..8............ |
+00000360  0d cc f8 79 c6 13 4e 81  b7 a7 2d 03 18 7e 9d 24  |...y..N...-..~.$|
+00000370  2e 89 d7 7d bf ab a7 1d  2f 15 c1 80 3d f2 89 68  |...}..../...=..h|
 >>> Flow 10 (server to client)
-00000000  14 03 03 00 11 b4 79 7e  62 ea ea f7 37 1d a4 65  |......y~b...7..e|
-00000010  9d 02 95 b8 4a 6c 16 03  03 00 20 6a 45 d1 d0 ff  |....Jl.... jE...|
-00000020  fa 9f 6a ea d5 0d 27 b6  e7 15 8b e8 5b f9 3c d0  |..j...'.....[.<.|
-00000030  32 ff 81 24 9a de 1c 31  6a 48 f8 17 03 03 00 19  |2..$...1jH......|
-00000040  a9 07 ab fb 37 2f 88 0c  93 4a 0c 34 08 26 39 8c  |....7/...J.4.&9.|
-00000050  22 00 1b 36 3c 6d 0c 49  61 16 03 03 00 14 bb 63  |"..6<m.Ia......c|
-00000060  63 7b 28 60 22 a8 bd 17  51 2e 62 91 9e a6 88 1a  |c{(`"...Q.b.....|
-00000070  e4 61                                             |.a|
+00000000  14 03 03 00 11 81 c4 6d  51 fc a3 05 28 42 9a 59  |.......mQ...(B.Y|
+00000010  3f 84 d4 ac 19 a4 16 03  03 00 20 44 a9 25 3f 24  |?......... D.%?$|
+00000020  0a ab 91 47 24 f9 81 fc  1e ab d2 6b ee 81 04 b1  |...G$......k....|
+00000030  3e 16 1f 70 16 e2 74 f5  71 b8 74 17 03 03 00 19  |>..p..t.q.t.....|
+00000040  77 fa 0d b1 b4 fc b6 5b  d0 73 1a 94 d0 6c 05 7d  |w......[.s...l.}|
+00000050  1a fa 6e d4 00 4e 2e 91  e0 16 03 03 00 14 f0 79  |..n..N.........y|
+00000060  e5 37 1f 13 e6 a0 d3 4a  66 a9 e8 03 71 5f 67 37  |.7.....Jf...q_g7|
+00000070  aa b6                                             |..|
 >>> Flow 11 (client to server)
-00000000  16 03 03 01 1a a4 4c dc  47 09 04 ab bb ca 49 f2  |......L.G.....I.|
-00000010  63 36 35 fb e3 3f ad ae  82 2a 9b 87 cc 0c 2e ea  |c65..?...*......|
-00000020  18 af ad e9 ea 7a c8 45  de c6 9b 0e e0 32 26 95  |.....z.E.....2&.|
-00000030  ba e3 57 9e 27 ce ff 36  43 a3 bd 79 47 6c 02 86  |..W.'..6C..yGl..|
-00000040  81 44 ac b3 c6 21 d8 fa  8c 69 43 b7 66 70 ea 24  |.D...!...iC.fp.$|
-00000050  12 1b ac 44 d2 49 e3 5a  d1 0e 50 76 46 4f 58 51  |...D.I.Z..PvFOXQ|
-00000060  21 4c f8 20 63 60 c0 20  3a 12 e5 0b 86 e3 03 2c  |!L. c`. :......,|
-00000070  e1 fc 63 e4 44 d4 67 95  aa af 22 3d 40 7b 4e 12  |..c.D.g..."=@{N.|
-00000080  98 7d 05 00 57 50 d5 3a  d7 af dd 96 0f ac 77 63  |.}..WP.:......wc|
-00000090  f8 1c b0 9c d0 96 9f 20  a1 48 55 aa dc 69 fb b7  |....... .HU..i..|
-000000a0  67 58 ff 27 de 22 ea 66  48 32 56 1f ef 12 3f 44  |gX.'.".fH2V...?D|
-000000b0  38 af ae 4b c2 16 bb c8  f1 fe 13 d7 05 66 de 08  |8..K.........f..|
-000000c0  f3 4d 5c a6 e1 2d 0d c3  ce 50 7b 01 40 49 0f 83  |.M\..-...P{.@I..|
-000000d0  97 c0 37 a2 6c 2b 64 a9  40 0e e1 7b f4 6e e1 cc  |..7.l+d.@..{.n..|
-000000e0  1a 5f 0b c5 69 dc dc db  0e a2 22 7b cf ca 73 81  |._..i....."{..s.|
-000000f0  fc 47 47 c7 76 18 8e ae  55 6c fe 5e 5e 33 84 9c  |.GG.v...Ul.^^3..|
-00000100  4c 1b f8 21 29 3c 47 1b  c8 01 38 7d c2 50 45 1c  |L..!)<G...8}.PE.|
-00000110  9a be 58 62 81 f5 5d c4  03 c9 5a da 9b 47 99     |..Xb..]...Z..G.|
+00000000  16 03 03 01 38 e1 e6 8b  40 d6 ae f9 34 1a 27 20  |....8...@...4.' |
+00000010  67 ad c3 86 18 ee c0 e2  82 10 c1 33 df f6 4d 13  |g..........3..M.|
+00000020  46 a1 0b 23 25 12 2e 71  e9 50 2d 08 1c 53 47 a9  |F..#%..q.P-..SG.|
+00000030  69 bd e2 d3 f9 cf 44 91  ec 9a c7 2c ee 2a f8 4e  |i.....D....,.*.N|
+00000040  bf 07 22 9b 6d 00 48 63  78 63 ab 39 b2 be d3 64  |..".m.Hcxc.9...d|
+00000050  7b 46 7a 34 91 e0 1e fc  f4 89 49 e3 75 dc 6b 83  |{Fz4......I.u.k.|
+00000060  95 77 f0 cc 09 b0 3a 19  18 93 6e 9b 5d da b4 93  |.w....:...n.]...|
+00000070  d2 f6 ef de b0 e8 11 04  02 d2 a4 3d cd 95 fd cd  |...........=....|
+00000080  58 93 91 ed 45 1e b9 35  0b 46 5e fc f7 7a e4 18  |X...E..5.F^..z..|
+00000090  96 97 95 f9 8c 84 aa 7c  a9 67 f3 ac b6 e9 9f 12  |.......|.g......|
+000000a0  9f 0f fc 3a 3f 35 ae 13  49 42 04 21 0c b8 06 d3  |...:?5..IB.!....|
+000000b0  e2 13 7a 1e 57 cb 15 91  09 d2 9a 42 84 81 4f b7  |..z.W......B..O.|
+000000c0  6e 6f 8f c0 71 af 7b ca  37 9c 01 2a bc 37 04 8c  |no..q.{.7..*.7..|
+000000d0  ce 3e 82 7f 8b 4e 13 00  15 3c b6 8a 06 63 b6 68  |.>...N...<...c.h|
+000000e0  55 01 97 e6 d1 e1 b8 ae  2a c6 e7 4c fd e5 40 76  |U.......*..L..@v|
+000000f0  11 fa 18 12 db 98 d5 d9  61 8f 33 66 38 95 ba ae  |........a.3f8...|
+00000100  b6 1d 8e 03 27 6c 78 7a  89 82 0f ca 56 d4 19 ae  |....'lxz....V...|
+00000110  e2 79 6b 6d 80 b8 ce fc  3e 42 5a c7 e7 05 3b eb  |.ykm....>BZ...;.|
+00000120  a1 33 a0 56 92 e3 10 e6  ff 17 9b 2d 8e 40 56 fc  |.3.V.......-.@V.|
+00000130  76 9c a6 32 9f 7a a2 d8  e9 77 2f 9f e9           |v..2.z...w/..|
 >>> Flow 12 (server to client)
-00000000  16 03 03 00 85 bb 34 66  c0 a3 8c 2b 2c fe fe 82  |......4f...+,...|
-00000010  53 a1 07 1f 06 db 41 94  ac 21 f2 c4 23 0e b6 48  |S.....A..!..#..H|
-00000020  4d 16 97 2a 79 dd 95 4c  93 7f e4 8c 94 90 d4 02  |M..*y..L........|
-00000030  3c 44 b4 80 80 7b 45 84  53 3f 6b 9f f6 b6 d3 0c  |<D...{E.S?k.....|
-00000040  90 18 6e 52 1b 7d 15 85  ef da 2d fd fa b4 0e f2  |..nR.}....-.....|
-00000050  3a ab 78 1a 67 9e 3a 62  c3 f6 0d 33 e3 7a 0a 15  |:.x.g.:b...3.z..|
-00000060  de f6 ec 66 89 9d 4c 83  26 83 98 67 63 5c 74 e6  |...f..L.&..gc\t.|
-00000070  7a 38 f0 90 48 59 3d 24  8d 46 e6 ff 3c 27 d5 2e  |z8..HY=$.F..<'..|
-00000080  6c c0 c6 45 f1 95 53 96  ff 92 16 03 03 02 69 f8  |l..E..S.......i.|
-00000090  16 95 d2 48 ef 35 3d 14  4e 49 f2 2a 4a bb b7 e7  |...H.5=.NI.*J...|
-000000a0  66 4b 99 4b 9c b9 d2 22  8e 07 1e e6 b9 18 86 04  |fK.K..."........|
-000000b0  76 1c 52 77 88 60 63 99  91 88 10 1e d6 d2 8a 2b  |v.Rw.`c........+|
-000000c0  0b c1 5b b3 a6 ca f5 96  4d a1 3b 27 c5 e6 37 e5  |..[.....M.;'..7.|
-000000d0  9e 5a 15 42 7e 48 5a 46  52 aa 16 c1 af 31 e0 5e  |.Z.B~HZFR....1.^|
-000000e0  1f 0b 2e 6c b0 77 2b 18  96 df 2c b1 14 98 ab 19  |...l.w+...,.....|
-000000f0  f9 58 dc 2f 29 09 be 2f  6e 69 00 e0 de 49 5b ca  |.X./)../ni...I[.|
-00000100  2f 3d c6 41 9d 18 ca ef  4b e4 06 12 1b 08 5f 62  |/=.A....K....._b|
-00000110  53 85 a7 fc d1 26 b1 6b  20 56 56 16 87 54 bb e6  |S....&.k VV..T..|
-00000120  ed bc d5 7c 7f ce 24 c4  84 ee 01 dd 88 da bd c8  |...|..$.........|
-00000130  b7 70 a6 b4 63 cc 70 f7  1a d5 5b 9b 02 45 ec 3b  |.p..c.p...[..E.;|
-00000140  b1 64 ee 7d 74 bd 52 10  bc ee fe 36 4b cc 54 e4  |.d.}t.R....6K.T.|
-00000150  e7 7f ce a9 af 5b db 86  bb 1f 09 50 f2 a3 95 98  |.....[.....P....|
-00000160  94 c4 4f 36 2a b0 7e c7  54 8c 1e 5d 0b 3f b4 7a  |..O6*.~.T..].?.z|
-00000170  b9 43 bc 6b 74 45 12 44  1b 28 27 ff 55 fe 4e b2  |.C.ktE.D.('.U.N.|
-00000180  0b e3 d5 59 d2 55 2f d4  a7 d5 0a 38 62 c2 a6 78  |...Y.U/....8b..x|
-00000190  19 23 46 84 41 41 3d 7a  84 22 94 f1 b0 85 83 62  |.#F.AA=z.".....b|
-000001a0  17 1a 46 70 80 f7 be 0d  98 d0 07 52 52 7f ab 7f  |..Fp.......RR...|
-000001b0  d3 b9 5c eb 39 10 d4 ff  6f ba 07 0c e6 77 30 0f  |..\.9...o....w0.|
-000001c0  e2 b0 b4 40 97 f6 6b cb  53 3b 49 6f 80 7c 34 95  |...@..k.S;Io.|4.|
-000001d0  c2 5a 37 fb bd e6 10 b0  64 fe ca 6a 06 a5 db 98  |.Z7.....d..j....|
-000001e0  83 2c e7 0e 4c df b9 be  96 6e 83 ac 5c 1f f2 0a  |.,..L....n..\...|
-000001f0  3e 8b 63 fe 91 9a e2 3e  54 50 0c 14 61 6c 58 20  |>.c....>TP..alX |
-00000200  da a8 5a f7 46 9d a3 57  a1 60 72 59 82 dd f7 08  |..Z.F..W.`rY....|
-00000210  9e 48 16 8d b1 c0 f4 d2  e0 4e 5d 3c bf 23 88 0f  |.H.......N]<.#..|
-00000220  99 90 b0 a9 7e df 0b f5  1a 31 9e 59 e1 05 43 4e  |....~....1.Y..CN|
-00000230  4f d9 a5 b1 00 2e f2 c8  10 2c 73 ec c4 62 b8 c3  |O........,s..b..|
-00000240  59 53 ce 38 37 9d c3 f6  77 36 34 f2 07 a6 21 1f  |YS.87...w64...!.|
-00000250  62 56 08 d3 ed ae 51 05  4d ed ef 7e 77 c5 7d ae  |bV....Q.M..~w.}.|
-00000260  b6 aa 74 e9 9a df 5d 89  c2 9f 07 75 a0 c2 35 2d  |..t...]....u..5-|
-00000270  cc 13 c5 a9 17 85 79 b6  45 0c 82 56 0d 19 9e bc  |......y.E..V....|
-00000280  e7 1a a6 cc 20 6f f9 7c  29 54 2f 5a 92 1f c0 8b  |.... o.|)T/Z....|
-00000290  9c a7 a3 85 43 f2 4c e7  c5 e3 af 6e 40 f4 14 d4  |....C.L....n@...|
-000002a0  b8 26 5f ac d7 44 16 6d  40 d5 80 c5 49 df 8d fe  |.&_..D.m@...I...|
-000002b0  06 1c 7c 19 49 94 50 6f  e8 8c e0 59 80 9a a0 0e  |..|.I.Po...Y....|
-000002c0  50 3f 03 de c9 30 88 15  91 83 4e a8 df c3 65 75  |P?...0....N...eu|
-000002d0  cd 30 3e 7d 32 4a d9 ff  72 1e 1d 90 50 f3 67 8a  |.0>}2J..r...P.g.|
-000002e0  6a 94 c3 92 9a d4 0b 20  7e 61 98 6e db d0 71 4a  |j...... ~a.n..qJ|
-000002f0  8b 43 82 7e 76 e6 93 f7  16 03 03 00 bc e6 e6 85  |.C.~v...........|
-00000300  a8 2c 74 47 10 a3 27 26  f7 46 fb da fa 6a 93 2c  |.,tG..'&.F...j.,|
-00000310  b1 14 b2 90 d3 4e 94 42  c4 37 6d 4d 43 73 b4 a7  |.....N.B.7mMCs..|
-00000320  17 c1 3c 62 5d e4 c4 04  7c f7 13 39 9f a8 3f 05  |..<b]...|..9..?.|
-00000330  92 90 be 10 cf 2a b4 26  01 fc 6f 59 f9 8d b5 79  |.....*.&..oY...y|
-00000340  66 41 16 af 39 2d 4c 18  d4 e9 e2 aa bc d3 b9 8e  |fA..9-L.........|
-00000350  e8 59 27 01 b7 f3 05 ff  2a ef 53 41 95 f7 be 2e  |.Y'.....*.SA....|
-00000360  36 38 56 01 e6 e8 62 4d  8f 62 43 b9 cd 8a d2 6d  |68V...bM.bC....m|
-00000370  17 fb 12 65 8f ea 22 57  f1 f3 e6 00 ae c0 9f 5b  |...e.."W.......[|
-00000380  7f b1 fe e4 f5 0f 53 60  3e a3 df 64 b2 d5 cb f4  |......S`>..d....|
-00000390  e5 f8 f3 75 54 65 f4 6f  e9 c8 eb a2 6c 06 98 fd  |...uTe.o....l...|
-000003a0  e9 bb a2 93 ab ee 0b fa  c7 b4 fa e1 91 34 a9 a7  |.............4..|
-000003b0  b9 14 16 25 32 88 09 3e  b1 16 03 03 00 14 d0 c0  |...%2..>........|
-000003c0  54 b2 37 35 9b cf 51 71  28 b2 d6 86 05 16 ad a0  |T.75..Qq(.......|
-000003d0  18 e7                                             |..|
+00000000  16 03 03 00 85 12 4a cc  dd af 7e 9f 8f c0 5e dc  |......J...~...^.|
+00000010  db 49 95 90 d0 d4 78 49  8b 34 5c 22 7f f8 9b 42  |.I....xI.4\"...B|
+00000020  99 79 d3 d8 f2 ad 9e e1  67 80 84 8d b5 48 8c 9a  |.y......g....H..|
+00000030  ab 68 65 81 28 16 75 77  e6 57 8a 52 ba ab 2e 3d  |.he.(.uw.W.R...=|
+00000040  27 1c 90 fb 75 99 8f 2b  6b 4e 2c 78 3a f8 5b 25  |'...u..+kN,x:.[%|
+00000050  55 df c6 83 c6 0f 01 f0  00 b0 8e 02 51 62 aa 91  |U...........Qb..|
+00000060  1b 21 b7 2e b3 11 b6 5d  c4 38 04 3c af ad 3e a3  |.!.....].8.<..>.|
+00000070  f5 ec 8f 7f 6f 9d 7a eb  22 51 2c 9e 08 af 9d ab  |....o.z."Q,.....|
+00000080  a7 84 cb f8 68 78 9b 58  50 fa 16 03 03 02 69 07  |....hx.XP.....i.|
+00000090  17 f9 21 47 17 ee f7 d3  06 98 d4 32 e5 a1 c8 f0  |..!G.......2....|
+000000a0  ec eb 61 80 7f 2c 85 66  27 19 cd 8e 6f ca da 0f  |..a..,.f'...o...|
+000000b0  c5 34 76 9f b0 96 5d 6d  67 bd 17 7d 96 62 4e ce  |.4v...]mg..}.bN.|
+000000c0  a1 0e 40 79 6d 25 8c 81  41 a3 2d 0a ba cb d9 35  |..@ym%..A.-....5|
+000000d0  4e a7 fc 74 14 a2 c6 bd  57 46 6a d0 11 37 72 24  |N..t....WFj..7r$|
+000000e0  19 78 e5 86 51 04 f4 10  47 2f a5 d9 e6 44 47 e0  |.x..Q...G/...DG.|
+000000f0  1f 1b ce ea 6f c7 df 17  6a 68 69 01 30 73 e2 48  |....o...jhi.0s.H|
+00000100  61 50 3d 7d 85 aa 5f 74  4c 18 33 d0 e1 95 1b 9a  |aP=}.._tL.3.....|
+00000110  13 30 a2 f4 8e 8b 58 07  15 9b c8 74 ce 58 5b c1  |.0....X....t.X[.|
+00000120  03 75 97 39 5b 00 ee 5a  d6 ba 21 62 6a 19 41 0d  |.u.9[..Z..!bj.A.|
+00000130  4f 77 46 a0 2e 2d c3 77  50 2c dc 3f 04 32 6c be  |OwF..-.wP,.?.2l.|
+00000140  7f 73 c2 58 50 ac 78 eb  b9 b0 a0 2e b7 44 27 0f  |.s.XP.x......D'.|
+00000150  e8 0d 76 d5 a7 4e 9f df  36 bb 63 48 ce f6 2f 9c  |..v..N..6.cH../.|
+00000160  41 a6 76 38 63 72 a0 33  0f 88 94 0d a2 6e 46 d6  |A.v8cr.3.....nF.|
+00000170  57 25 33 e1 36 a0 bf 56  b8 d5 d0 04 2d 23 e8 ac  |W%3.6..V....-#..|
+00000180  93 2c 46 ac 1f e5 2a 48  88 0e 0d 11 67 fe de 21  |.,F...*H....g..!|
+00000190  31 e8 68 9b 7c 4c 49 b8  27 5a c4 89 a4 4c 09 f0  |1.h.|LI.'Z...L..|
+000001a0  de 5f 9c 60 bd 54 e5 96  2c bf a1 86 3a cb 5b 3f  |._.`.T..,...:.[?|
+000001b0  15 3f 4a b2 43 c9 88 0b  49 05 2d d7 61 43 dd 1c  |.?J.C...I.-.aC..|
+000001c0  a9 4d 52 17 98 4d 5b a7  cd 27 52 60 21 57 ed 09  |.MR..M[..'R`!W..|
+000001d0  29 0d c9 a1 b3 6f 11 3a  da 17 00 73 22 4e 7f 40  |)....o.:...s"N.@|
+000001e0  6f 0f 7a a7 7e 73 b8 be  08 b6 10 b3 bb 70 f5 4a  |o.z.~s.......p.J|
+000001f0  96 aa 07 9f e2 68 04 7c  01 e3 92 f9 15 cd 97 b5  |.....h.|........|
+00000200  4e 87 eb 5d 74 db 8b 5a  72 c1 7c b2 b8 73 83 2d  |N..]t..Zr.|..s.-|
+00000210  5f d9 d2 62 b2 db 20 9a  f2 54 ad d4 66 6c 52 9c  |_..b.. ..T..flR.|
+00000220  85 ef a4 90 ca e0 c4 4f  1f 82 0e 80 f5 02 56 e2  |.......O......V.|
+00000230  d0 78 fd 7e c6 73 89 12  5a 11 2e c9 6d a0 6f 8f  |.x.~.s..Z...m.o.|
+00000240  ea a1 4c 88 28 ee 66 79  9c 99 ff 6b e6 e7 f7 bf  |..L.(.fy...k....|
+00000250  1f ef 1f b9 65 46 1e 41  d8 33 13 a1 29 d1 1b 5f  |....eF.A.3..).._|
+00000260  b6 56 3c bf 28 02 d1 5b  b7 77 58 9e cd 4c 5f ac  |.V<.(..[.wX..L_.|
+00000270  2e 60 9e 0c 20 6a 0a 31  60 0b fb a4 75 20 5d c4  |.`.. j.1`...u ].|
+00000280  68 a6 94 bd 99 9c bb 00  57 9c 2e 55 e1 ca d1 0c  |h.......W..U....|
+00000290  40 1f 69 4f 88 79 da 4f  d1 b2 6f 1a 92 77 90 71  |@.iO.y.O..o..w.q|
+000002a0  34 d1 90 f7 c9 fc c9 ac  23 76 d3 2d 6c 54 fa 28  |4.......#v.-lT.(|
+000002b0  a5 2b df 1d f5 39 21 c1  4c 9c 53 08 f5 fc 19 e6  |.+...9!.L.S.....|
+000002c0  29 d4 c2 8b b1 f9 db ae  1f 29 ee 34 8f b0 fe 02  |)........).4....|
+000002d0  06 6a 3e a9 e0 2e e1 71  f8 63 15 f0 ac e5 6b f3  |.j>....q.c....k.|
+000002e0  db 3d b1 de c5 26 a5 18  22 d8 3a 74 1f 57 43 b5  |.=...&..".:t.WC.|
+000002f0  9e f6 40 cc fd ba 68 82  16 03 03 00 bc 0a 05 54  |..@...h........T|
+00000300  61 ad be a6 2a 6e ee f3  b7 fb 50 9f c5 f8 7d b3  |a...*n....P...}.|
+00000310  9a 85 ed 6f 36 5d f3 e5  05 1a c5 b9 6f 9f 2a 99  |...o6]......o.*.|
+00000320  75 d0 49 37 eb 82 fb e0  da bf 8f 6d 0e ab 11 c9  |u.I7.......m....|
+00000330  0d e1 d0 1a cd b1 e7 c9  c2 6e f4 90 ae 56 ba d2  |.........n...V..|
+00000340  65 af f4 7f c2 3c e8 d7  f6 49 57 61 c8 02 0e 72  |e....<...IWa...r|
+00000350  e5 d8 2f 3e f2 d9 4c 64  32 1a 95 f9 f4 f8 47 9f  |../>..Ld2.....G.|
+00000360  c5 63 6b f2 44 48 7f 69  ae 12 f7 ca ff 60 f0 51  |.ck.DH.i.....`.Q|
+00000370  9f 70 7b d9 86 03 fd 9d  d5 29 35 c1 bd 4d fe 45  |.p{......)5..M.E|
+00000380  e1 e0 15 dd 2d f4 20 54  50 61 ba d9 8c bf e6 f1  |....-. TPa......|
+00000390  4a 08 e1 c8 f7 24 f0 5f  41 4c 8e f3 fd 60 31 89  |J....$._AL...`1.|
+000003a0  d6 72 a9 e5 14 65 83 c1  ae be e7 b3 89 99 25 87  |.r...e........%.|
+000003b0  20 13 1b 0a a8 3d d3 dc  5c 16 03 03 00 14 71 4c  | ....=..\.....qL|
+000003c0  20 9c de 36 cc ed 88 6f  c8 84 5a 03 ee 1d cd 3c  | ..6...o..Z....<|
+000003d0  c7 88                                             |..|
 >>> Flow 13 (client to server)
-00000000  16 03 03 00 35 e8 18 a5  be 6e 3b 37 5b d3 81 d3  |....5....n;7[...|
-00000010  ad 0b 90 2e e0 df 2b 7f  c4 ec 54 58 ef 85 e3 13  |......+...TX....|
-00000020  41 07 50 d1 06 9b 3e a3  71 30 bf 7d 0c 7a bd 1e  |A.P...>.q0.}.z..|
-00000030  b6 e9 1e 10 0d 18 e3 b3  1c 38 14 03 03 00 11 bf  |.........8......|
-00000040  b3 65 ae 3b e6 c2 ad 30  83 75 65 c0 2b 0d 4b 11  |.e.;...0.ue.+.K.|
-00000050  16 03 03 00 20 c6 cb f8  69 c3 bc 36 74 ff 8a 1f  |.... ...i..6t...|
-00000060  02 ef 32 37 fe 4f 14 51  d2 11 6a 98 05 4c 8c f6  |..27.O.Q..j..L..|
-00000070  75 05 f9 39 2c                                    |u..9,|
+00000000  16 03 03 00 35 12 be 58  29 49 7c 4d 6c 24 a0 76  |....5..X)I|Ml$.v|
+00000010  72 a5 f8 e2 2b 61 fc a6  e3 97 00 cc 3f 52 26 9b  |r...+a......?R&.|
+00000020  0e 1c 0b 05 2a f3 86 79  13 2b 33 5f 99 f0 91 5f  |....*..y.+3_..._|
+00000030  95 88 fe d1 0d 84 a7 5b  f0 7b 14 03 03 00 11 82  |.......[.{......|
+00000040  33 3a 3a d4 72 53 72 1a  90 d1 d1 14 18 c6 2d 03  |3::.rSr.......-.|
+00000050  16 03 03 00 20 47 44 78  28 c6 68 5e 4e 7f ae 14  |.... GDx(.h^N...|
+00000060  3c 37 64 45 6c 91 29 ff  19 b6 dd 09 6e 2e f8 b8  |<7dEl.).....n...|
+00000070  91 ed 60 9f ec                                    |..`..|
 >>> Flow 14 (server to client)
-00000000  14 03 03 00 11 a0 fa 14  67 3f 54 1b 61 89 ed db  |........g?T.a...|
-00000010  9c 66 9f 49 77 2d 16 03  03 00 20 ca 47 f0 57 8c  |.f.Iw-.... .G.W.|
-00000020  3e 52 e6 e2 6c 01 cb 16  05 68 5e 19 12 ca 80 48  |>R..l....h^....H|
-00000030  dc e9 ed 41 33 08 01 ef  6e b0 a3 17 03 03 00 19  |...A3...n.......|
-00000040  d9 c8 68 e8 27 3d cf c0  33 71 55 a9 6a b4 6d a5  |..h.'=..3qU.j.m.|
-00000050  da 8d bb 34 94 4f b1 c6  22                       |...4.O.."|
+00000000  14 03 03 00 11 9b 5d c3  de 7d 32 e1 a2 2c d3 d7  |......]..}2..,..|
+00000010  1b c9 cb bd d3 5b 16 03  03 00 20 21 50 5c ba c2  |.....[.... !P\..|
+00000020  c3 d5 53 42 9c cf 93 86  e3 29 18 f0 4b 6c d9 a7  |..SB.....)..Kl..|
+00000030  17 d6 dc b9 7c 82 9e 61  c1 dd ea 17 03 03 00 19  |....|..a........|
+00000040  59 bd 70 5b d8 4e fd 09  1c 17 c1 82 6a 85 8b fc  |Y.p[.N......j...|
+00000050  2e 59 87 80 13 dc 3e 7a  01                       |.Y....>z.|
 >>> Flow 15 (client to server)
-00000000  15 03 03 00 12 15 66 43  1e 60 21 d1 f6 94 34 3e  |......fC.`!...4>|
-00000010  ee 90 fc 87 45 2a f5                              |....E*.|
+00000000  15 03 03 00 12 d9 80 6a  95 a6 37 81 5b d0 78 d3  |.......j..7.[.x.|
+00000010  4a 02 cc a6 ba b8 96                              |J......|
diff --git a/testdata/Client-TLSv12-RenegotiateTwiceRejected b/testdata/Client-TLSv12-RenegotiateTwiceRejected
index 7698b679..3d57311b 100644
--- a/testdata/Client-TLSv12-RenegotiateTwiceRejected
+++ b/testdata/Client-TLSv12-RenegotiateTwiceRejected
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 e3 fe 9a 75 3b  |....]...Y.....u;|
-00000010  82 ac ff 66 ee c2 e9 75  d9 29 cc 89 6d e0 27 19  |...f...u.)..m.'.|
-00000020  62 07 0b 0b c0 49 df 17  26 af 63 20 2a 95 69 54  |b....I..&.c *.iT|
-00000030  3c 5d d9 67 05 4c 45 77  d0 d9 46 29 ed 25 fd 7d  |<].g.LEw..F).%.}|
-00000040  b4 ef 39 d2 ee 3b a3 88  85 c5 78 9a cc a8 00 00  |..9..;....x.....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 0c 17 84 76 1d  |....]...Y.....v.|
+00000010  f7 2f 64 9b 6a be 05 1b  7c 96 bf f1 d3 33 37 d2  |./d.j...|....37.|
+00000020  4b 33 2d f9 16 12 0a 87  18 60 71 20 36 34 57 1e  |K3-......`q 64W.|
+00000030  53 7d 7c 52 c6 be a5 35  41 f6 72 65 3c 78 42 a5  |S}|R...5A.re<xB.|
+00000040  2b da 18 77 25 2f 0f d6  1b 3a 10 df cc a8 00 00  |+..w%/...:......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,189 +63,191 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 ca 74 42  |............ .tB|
-000002d0  03 67 f2 31 ac 68 dd 2c  db 23 7d 2c 84 df e9 50  |.g.1.h.,.#},...P|
-000002e0  ff ef d4 a1 fa a4 5b 0b  0b 73 20 b7 0e 08 04 00  |......[..s .....|
-000002f0  80 41 60 3d b1 1c 1d 14  8a 0a 3e 5c ea ca ce 07  |.A`=......>\....|
-00000300  d4 45 18 6c 16 52 40 6f  b0 f4 33 38 d7 cf 11 75  |.E.l.R@o..38...u|
-00000310  08 4e 7d 8b cc 64 8c 79  dd 42 fa 43 2c 9e 84 91  |.N}..d.y.B.C,...|
-00000320  e9 d5 bc 9f 84 2d 10 4b  db 4e a6 be 37 e9 2e 34  |.....-.K.N..7..4|
-00000330  d7 3e a7 17 80 b5 cd 37  04 2a 6c 2a cc 5f 0c a1  |.>.....7.*l*._..|
-00000340  ff c2 31 86 17 50 3a 47  4d 99 49 94 9c 11 12 e2  |..1..P:GM.I.....|
-00000350  70 fa d1 f4 7e 3a f2 3a  df 16 34 45 0a b2 7b 73  |p...~:.:..4E..{s|
-00000360  fa 59 23 85 88 74 2b e6  1e cb c7 00 f5 96 c8 8a  |.Y#..t+.........|
-00000370  02 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 02 b5 bb  |............ ...|
+000002d0  3d 94 26 c2 04 4c 2d e6  e3 d0 e5 78 c1 00 eb de  |=.&..L-....x....|
+000002e0  df 23 8a f3 d7 67 0c d1  0b 5e 43 84 4f 08 04 00  |.#...g...^C.O...|
+000002f0  80 3d b9 6b 00 6e e7 cf  4a 27 67 de a2 d4 a4 ad  |.=.k.n..J'g.....|
+00000300  37 19 a3 66 ab 1e 92 7f  99 74 6b 4a 5e 3d e6 3b  |7..f.....tkJ^=.;|
+00000310  1a 0a d1 fe 2a 3a c9 08  d9 0a 1a 7f c1 83 fa 9e  |....*:..........|
+00000320  9d 8a 5e 2b 52 3a ef 09  91 63 db 4e 19 9c 59 ef  |..^+R:...c.N..Y.|
+00000330  a9 1c 23 12 8b d5 67 74  05 b7 c4 12 bd 1d 63 9a  |..#...gt......c.|
+00000340  97 a7 9c fe 94 ed 81 96  a6 e6 30 02 11 c2 97 eb  |..........0.....|
+00000350  0a f6 14 e7 d4 d3 11 5d  8f ff 77 f1 19 03 a3 16  |.......]..w.....|
+00000360  1e 0d 0e e1 9b f6 bd de  7e 40 d5 36 56 dd 85 44  |........~@.6V..D|
+00000370  5a 16 03 03 00 04 0e 00  00 00                    |Z.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 0a a7 0c  5f 47 d1 7c 5e ea 63 82  |.... ..._G.|^.c.|
-00000040  83 27 6c bc 29 20 25 ec  3d 15 2d 59 94 e7 9d 2c  |.'l.) %.=.-Y...,|
-00000050  8b 4e 95 85 fc                                    |.N...|
+00000030  16 03 03 00 20 c3 8e 95  b8 d7 c3 39 43 fd 47 5f  |.... ......9C.G_|
+00000040  b5 3f 9e a3 7a a2 82 d5  82 cf d7 b7 9e 95 9f ed  |.?..z...........|
+00000050  fc f5 76 25 96                                    |..v%.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 03 84 99 6b f7  |.......... ...k.|
-00000010  3e 44 b1 96 6a 09 75 bf  26 4b 67 30 c4 e9 86 74  |>D..j.u.&Kg0...t|
-00000020  4d e1 e3 9b fa 15 8e 1e  72 f9 5a                 |M.......r.Z|
+00000000  14 03 03 00 01 01 16 03  03 00 20 1e d5 ca 57 c6  |.......... ...W.|
+00000010  43 4f d3 11 44 d1 f8 69  d3 9e 22 17 d6 c1 7f aa  |CO..D..i..".....|
+00000020  ad d6 1f 08 67 9c cd 4f  9f 53 c0                 |....g..O.S.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 68 29 2f  1b 1c 9d 28 6e b6 e5 09  |.....h)/...(n...|
-00000010  4a 77 96 23 20 da 67 9e  14 ec 6b                 |Jw.# .g...k|
+00000000  17 03 03 00 16 8d fa 48  d3 57 aa d7 8e 75 8b ff  |.......H.W...u..|
+00000010  bd 03 ea df 3e da d3 15  ec 12 67                 |....>.....g|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 66 e8 13  d1 b5 13 cf 5c 71 7b d9  |.....f......\q{.|
-00000010  63 29 3d be 68 9f f4 ad  7b                       |c)=.h...{|
+00000000  16 03 03 00 14 e9 4d ee  89 18 5f bd d8 15 dd 1f  |......M..._.....|
+00000010  a4 94 98 3b 96 75 3c 2b  bc                       |...;.u<+.|
 >>> Flow 7 (client to server)
-00000000  16 03 03 01 1a cb 21 91  08 de 08 87 fc 63 10 93  |......!......c..|
-00000010  24 a3 83 e8 99 07 d5 03  19 61 4e 8e df dd d0 f6  |$........aN.....|
-00000020  50 3c fd 14 23 67 cd 74  ad 87 9b b7 8f ee a2 23  |P<..#g.t.......#|
-00000030  6c 2f 90 18 f4 01 6b 31  fe ca f7 65 f9 64 5a bc  |l/....k1...e.dZ.|
-00000040  49 3b 25 4c 35 59 50 f2  bc 70 cb 24 2f ec 47 12  |I;%L5YP..p.$/.G.|
-00000050  b6 16 22 9e ce 3b fb 17  f9 59 4e 2f 5c 03 90 47  |.."..;...YN/\..G|
-00000060  d5 e8 e9 eb d9 55 bf 8f  28 e8 72 e5 15 21 42 ba  |.....U..(.r..!B.|
-00000070  86 65 ac b4 f5 53 7e 98  38 39 b5 7d 2a 14 d6 7b  |.e...S~.89.}*..{|
-00000080  3e 69 9d dc 43 33 ed 0b  8a 77 14 54 9d b0 da 88  |>i..C3...w.T....|
-00000090  3b 75 50 01 07 02 99 36  39 4f 01 ee 02 cf 05 a5  |;uP....69O......|
-000000a0  71 75 03 3a a5 5c c4 ce  0e 1d ba dd 9d 79 c1 84  |qu.:.\.......y..|
-000000b0  81 69 7c cd 63 a4 20 a3  a2 13 8e 6e d7 01 29 8d  |.i|.c. ....n..).|
-000000c0  35 e2 fa 3d 74 ea 40 06  7e 0b 2d ab 3c 54 73 ef  |5..=t.@.~.-.<Ts.|
-000000d0  70 ad fd fa ff b3 61 da  61 c5 9f 86 8c 96 73 a6  |p.....a.a.....s.|
-000000e0  f7 53 95 0e 40 33 8b 8c  25 cd 20 e1 2e e9 f4 87  |.S..@3..%. .....|
-000000f0  ec 5c 1c 9c d7 98 d8 0a  96 32 12 51 dd c0 62 a4  |.\.......2.Q..b.|
-00000100  3e 95 09 c8 26 a5 46 55  bd ee 13 97 7f 9c cb e9  |>...&.FU........|
-00000110  43 bd e5 9f 5c 35 02 25  54 17 89 c0 be ab bc     |C...\5.%T......|
+00000000  16 03 03 01 38 1c b1 26  7d 48 7e 75 46 3c 85 68  |....8..&}H~uF<.h|
+00000010  1c ef 2b 61 c1 f1 c5 dc  38 61 a1 2f a1 f1 3d b8  |..+a....8a./..=.|
+00000020  ab 39 ee c6 c1 2b ec fe  ea a8 0d d3 81 de 73 87  |.9...+........s.|
+00000030  d1 0b e7 cf d0 88 38 11  26 20 aa f4 39 4d 64 ea  |......8.& ..9Md.|
+00000040  97 b8 7c aa 4b b0 81 3d  2b 32 db 8c be 98 73 e2  |..|.K..=+2....s.|
+00000050  e6 81 8b 23 f9 c2 a9 d7  dd 31 17 0f c2 37 b5 95  |...#.....1...7..|
+00000060  31 3f 6b 62 0f 57 73 56  bd 94 d9 87 40 e4 43 46  |1?kb.WsV....@.CF|
+00000070  fc ae cb b6 f9 7c 0a 8b  04 a6 d7 0f ca 66 42 93  |.....|.......fB.|
+00000080  f6 0e 89 b1 b3 1c 6e 4a  a2 d3 b3 1b 33 6c cd 83  |......nJ....3l..|
+00000090  15 99 4f 3c 2c 27 b0 82  18 1a 0f ba e3 b1 55 aa  |..O<,'........U.|
+000000a0  5d 2b 92 24 c4 be 22 3e  07 c6 18 d6 5a 19 f7 5a  |]+.$..">....Z..Z|
+000000b0  f0 6e fe 2a 2c 61 6b cb  9b d3 ad ea 78 c1 9e a2  |.n.*,ak.....x...|
+000000c0  fb 5a 9c e0 d7 0e fb 33  ca 9a ed 2b f9 b2 e8 bf  |.Z.....3...+....|
+000000d0  82 2c 28 09 fd 44 cd 30  b0 e4 a8 5c 8f 28 d1 f5  |.,(..D.0...\.(..|
+000000e0  93 46 33 bd ba 18 ff e5  45 19 da 52 34 48 15 7f  |.F3.....E..R4H..|
+000000f0  39 bd 78 66 9d e4 fd af  58 59 44 8a 46 cc 2c 37  |9.xf....XYD.F.,7|
+00000100  95 26 20 dd 14 65 73 d2  3c 25 e2 54 21 be c5 f6  |.& ..es.<%.T!...|
+00000110  a1 9a 94 e8 41 aa 4b 75  b7 f8 03 78 a4 8a b8 28  |....A.Ku...x...(|
+00000120  7f 72 17 60 37 07 a5 2a  dd 65 34 97 9c ee 72 27  |.r.`7..*.e4...r'|
+00000130  29 14 d8 b9 ed fc 4d fa  df 8b a9 7f 7f           |).....M......|
 >>> Flow 8 (server to client)
-00000000  16 03 03 00 85 10 dc 85  7d 1e 66 b2 a4 86 68 a7  |........}.f...h.|
-00000010  31 f3 b1 d8 c7 c9 26 6d  74 0a c0 c0 c0 39 ad b5  |1.....&mt....9..|
-00000020  1b b1 dc d3 15 9f a4 96  27 dd 65 85 ad 83 2f 97  |........'.e.../.|
-00000030  42 6f 8a 9b 58 fc f8 1b  54 89 cd 9c 11 10 b9 1d  |Bo..X...T.......|
-00000040  c3 e1 8e 89 20 a5 2d 0b  31 b5 e0 16 54 ce 93 9b  |.... .-.1...T...|
-00000050  de cc b1 af 48 48 33 96  4d a6 00 78 7b 60 3f 7c  |....HH3.M..x{`?||
-00000060  cd 86 64 5e 38 e8 fd 60  d4 b1 89 cd e4 fb 42 b5  |..d^8..`......B.|
-00000070  82 8f e5 23 91 87 6d 54  9e 85 37 34 df ae 70 a5  |...#..mT..74..p.|
-00000080  cd 4c de 95 f7 9f a9 b4  87 0b 16 03 03 02 69 d1  |.L............i.|
-00000090  c2 87 4e c8 26 b3 89 88  da c0 b9 24 84 88 c0 76  |..N.&......$...v|
-000000a0  94 08 eb 56 5d fc 96 81  18 f3 5b 90 f1 38 e5 ae  |...V].....[..8..|
-000000b0  b5 4e 9a c1 19 19 1a b3  40 55 08 cb 0e 3b 93 b3  |.N......@U...;..|
-000000c0  d7 74 80 3a 7c 0d eb be  70 0e a9 50 88 d2 52 11  |.t.:|...p..P..R.|
-000000d0  2d 55 cf d9 9d aa 92 bd  15 ab 1a 62 b3 26 09 3f  |-U.........b.&.?|
-000000e0  50 2b b8 f2 00 a2 5a 2b  98 e3 bb e2 c7 0b 07 0e  |P+....Z+........|
-000000f0  5a e5 2e 08 27 87 f3 0b  1b f7 f7 82 49 cf 08 d6  |Z...'.......I...|
-00000100  7c 78 39 0e 92 e7 28 f4  8f 12 ac 6a c2 72 46 e8  ||x9...(....j.rF.|
-00000110  92 bf 36 c7 52 46 7a 01  92 6d a9 08 19 2a 07 70  |..6.RFz..m...*.p|
-00000120  8c b2 40 7d 7f 00 27 ea  fb e6 24 5c d2 d8 ae 99  |..@}..'...$\....|
-00000130  0b cc 2a 4b 35 12 de 85  e9 b5 e2 2d 80 39 6d 17  |..*K5......-.9m.|
-00000140  7a ca ef ca bb 58 1e 13  86 10 bc 4d 8a df 32 ba  |z....X.....M..2.|
-00000150  3b 7e f5 40 ec af 2e 63  be f3 38 02 a9 9d 30 1f  |;~.@...c..8...0.|
-00000160  c4 d2 04 93 df e1 8a bb  5d f0 6a a8 d9 b9 ad bf  |........].j.....|
-00000170  da d6 5e bd a1 a8 b8 20  91 26 ab 50 fd 2b bf e1  |..^.... .&.P.+..|
-00000180  56 33 e3 e4 4f 3f 21 ea  86 10 e9 35 84 03 70 0b  |V3..O?!....5..p.|
-00000190  bd dc 44 fc 58 1d bc 9e  3a 0d 3b 61 13 d6 33 1b  |..D.X...:.;a..3.|
-000001a0  97 a8 67 bf e6 d9 1d 34  69 70 93 4a 6c 28 88 01  |..g....4ip.Jl(..|
-000001b0  01 9d 78 59 c0 58 66 c3  70 e4 ba 74 e6 0f f7 27  |..xY.Xf.p..t...'|
-000001c0  8b dd 05 ac 0d 99 dc e9  c8 2f 16 ee 59 53 91 d7  |........./..YS..|
-000001d0  28 27 db ad 85 e6 d0 72  28 81 31 e1 e7 bf dd 95  |('.....r(.1.....|
-000001e0  75 ff d6 a9 dc 4f 30 37  52 07 87 cb 8d a7 4a 00  |u....O07R.....J.|
-000001f0  22 53 3c 6d 91 94 11 5d  0a a8 21 ea 1f 18 4e 42  |"S<m...]..!...NB|
-00000200  1f 11 ea 17 55 c5 0c e2  41 e2 1f 2b 7b 4c d7 72  |....U...A..+{L.r|
-00000210  04 d6 64 45 e4 48 03 d7  ca ea 2b 78 0c 9b 03 b0  |..dE.H....+x....|
-00000220  c6 14 cc d8 89 d4 4d 4a  82 b2 e4 69 e9 2e 7f cf  |......MJ...i....|
-00000230  fa 4c b8 22 85 34 ed 97  a3 71 4d ba d7 25 b1 f6  |.L.".4...qM..%..|
-00000240  1c 47 99 75 7c 34 63 10  11 be 93 bb 0b 67 be 6f  |.G.u|4c......g.o|
-00000250  7b 41 c8 41 95 ca 4f ea  02 3d 37 5e fc 0e 12 67  |{A.A..O..=7^...g|
-00000260  84 4d be 41 6f 72 b3 e8  8b 3d 8f 71 a1 f4 f7 02  |.M.Aor...=.q....|
-00000270  23 66 88 29 5f d0 51 a2  c2 50 d7 cd bd bf f6 54  |#f.)_.Q..P.....T|
-00000280  96 7f 26 44 16 ec f5 b7  52 11 ef a1 7e 8c 4e 22  |..&D....R...~.N"|
-00000290  ed ac 1b 46 58 1a 52 ed  2c 79 64 a9 ae 8b 6c e0  |...FX.R.,yd...l.|
-000002a0  2c 51 c3 cc 49 7a 90 cf  68 74 ea 59 29 f6 bb 29  |,Q..Iz..ht.Y)..)|
-000002b0  b7 a9 bf 02 a3 94 d4 50  00 c0 98 30 1f 4a 72 46  |.......P...0.JrF|
-000002c0  de c6 aa c9 f8 b4 2b 16  38 cd 9f 39 af e4 22 37  |......+.8..9.."7|
-000002d0  4c 5a ec e0 14 bc 11 ef  db db 71 6f 8e a9 6d 17  |LZ........qo..m.|
-000002e0  cf 9b ae c3 e0 2f d4 80  f8 be 4f 9d 87 53 fd 53  |...../....O..S.S|
-000002f0  b6 a2 cf b9 8e 56 85 39  16 03 03 00 bc 63 23 39  |.....V.9.....c#9|
-00000300  de e9 93 fb f0 9b 64 b6  5e 7c a0 47 f6 b3 99 16  |......d.^|.G....|
-00000310  1c 68 f3 f6 3f bd a0 fc  80 09 6d 95 9a 17 65 e0  |.h..?.....m...e.|
-00000320  c2 ee fa cf fd af d8 05  5c 17 f1 1f a3 1c f2 47  |........\......G|
-00000330  87 a4 07 0a aa b6 6a 21  41 96 14 85 ea d0 d5 67  |......j!A......g|
-00000340  4e c2 53 fc 2a b5 5d 48  f8 f7 02 66 89 cc 7e df  |N.S.*.]H...f..~.|
-00000350  6f 8c d8 2d ac 64 3f 48  5b dc 25 38 8b 95 37 58  |o..-.d?H[.%8..7X|
-00000360  ae a9 c8 ac 91 a1 1f fb  d1 24 6b c2 13 c8 00 fd  |.........$k.....|
-00000370  14 73 d1 13 a6 17 28 93  f0 67 05 9c 90 5d 13 e0  |.s....(..g...]..|
-00000380  b4 26 16 80 23 5c a8 b6  3e f0 80 b5 41 db f0 ef  |.&..#\..>...A...|
-00000390  37 c3 62 b5 30 89 4d b6  6c 5c f2 8c ff 3c 2e 48  |7.b.0.M.l\...<.H|
-000003a0  bf 0f 5f 3e e0 b2 d7 64  2b dc 42 ad 2f 83 b5 6b  |.._>...d+.B./..k|
-000003b0  5a 04 51 f8 c4 07 c2 61  e4 16 03 03 00 4a a9 18  |Z.Q....a.....J..|
-000003c0  58 79 d8 ad 86 d7 b6 77  39 76 99 b4 0a 29 72 b1  |Xy.....w9v...)r.|
-000003d0  eb c3 ec 95 4d 30 4c 21  1a 7f 52 da 56 21 78 b7  |....M0L!..R.V!x.|
-000003e0  fe dd d3 0e fc a9 89 40  99 97 12 68 7e 28 6e 32  |.......@...h~(n2|
-000003f0  5b c0 e8 b4 42 eb ee 83  c2 ae 0d 28 99 48 46 a9  |[...B......(.HF.|
-00000400  64 38 60 59 c2 dc 5c 7b  16 03 03 00 14 78 72 cf  |d8`Y..\{.....xr.|
-00000410  ac 5d 53 7e 73 b1 6e e2  0a 8e 12 33 be 03 86 6a  |.]S~s.n....3...j|
-00000420  ce                                                |.|
+00000000  16 03 03 00 85 f4 88 c2  bb 0e c4 2f bc 16 6e 10  |.........../..n.|
+00000010  80 16 34 b2 20 c8 8f 01  64 1a 78 f9 0b d4 b9 4d  |..4. ...d.x....M|
+00000020  97 52 5e 79 86 37 c1 db  ae 6f 7a 41 d4 6f 44 0a  |.R^y.7...ozA.oD.|
+00000030  79 e6 56 02 03 e4 ff 65  cc 7f 95 08 c8 e7 bc 77  |y.V....e.......w|
+00000040  7c 7a 3f 85 04 37 50 55  6c 5f 43 b2 28 9e b5 55  ||z?..7PUl_C.(..U|
+00000050  f6 a7 3c 9a e3 ef 40 76  14 6e 22 1d 09 3f d1 7c  |..<...@v.n"..?.||
+00000060  ba 89 7c 5f e7 91 c3 e8  22 c3 a4 77 e4 da e7 63  |..|_...."..w...c|
+00000070  de ea 1b 1f a8 f2 27 a9  ec 95 03 ef b7 96 64 cf  |......'.......d.|
+00000080  56 56 58 a4 8f c0 f7 58  60 55 16 03 03 02 69 64  |VVX....X`U....id|
+00000090  1f e8 68 47 de 6d 1f 7b  ed 24 0d 7b b4 7e 45 fd  |..hG.m.{.$.{.~E.|
+000000a0  0e 76 9e b8 58 0e fb 00  b1 29 74 93 ce 54 29 e4  |.v..X....)t..T).|
+000000b0  bb 72 1d ea b7 a0 5e d2  b6 31 de 0d c5 72 8c 75  |.r....^..1...r.u|
+000000c0  13 17 41 b6 96 2b e7 f4  4f c4 3f 18 d9 3b 74 65  |..A..+..O.?..;te|
+000000d0  dd 7a df 4f b6 5b 95 ff  24 13 a4 84 15 89 d7 cc  |.z.O.[..$.......|
+000000e0  fc 26 2f e9 8c e6 89 9d  9f d8 65 46 63 5e a0 1d  |.&/.......eFc^..|
+000000f0  2e 50 65 f6 6d df 65 3c  a6 87 c5 65 e5 76 5d 31  |.Pe.m.e<...e.v]1|
+00000100  0d f5 54 4a 05 ec 19 0a  25 54 54 7b ab 34 fb df  |..TJ....%TT{.4..|
+00000110  d2 91 f5 06 36 77 39 1a  67 ab d7 c9 41 a2 eb f4  |....6w9.g...A...|
+00000120  ce c5 3e 0a 02 d8 c7 e0  48 99 2a 2b 2d 97 74 03  |..>.....H.*+-.t.|
+00000130  64 9b 8c d3 fc 65 17 ce  5a 20 2d 66 e9 9a a6 bc  |d....e..Z -f....|
+00000140  48 3c 08 65 d3 6f 47 c7  76 b1 59 6a b0 1c 45 b4  |H<.e.oG.v.Yj..E.|
+00000150  24 9d 71 83 fb 49 96 cb  c4 b9 8a 52 9a 28 92 66  |$.q..I.....R.(.f|
+00000160  6e ef 7c a9 a8 88 d5 16  de 96 8e 67 89 cf 62 12  |n.|........g..b.|
+00000170  93 63 7f e1 b0 76 0b 49  1a 61 af 02 e7 a0 51 9f  |.c...v.I.a....Q.|
+00000180  70 41 45 6f b1 d3 f8 cd  ce d5 d0 a7 e1 f3 1e 7c  |pAEo...........||
+00000190  50 20 ab 03 13 de 4c 1e  b4 f3 6b 21 3f 41 99 4d  |P ....L...k!?A.M|
+000001a0  d0 ca cd de 88 a1 bc 56  72 63 e8 55 c1 31 72 b2  |.......Vrc.U.1r.|
+000001b0  b2 a3 ea cf 39 8b 7f 82  55 1a 05 fb 6b c3 b7 6d  |....9...U...k..m|
+000001c0  08 0f 2a 34 ad 74 10 e0  4a 53 80 f7 98 a4 d6 f1  |..*4.t..JS......|
+000001d0  9c e5 9a 61 a0 f0 ca 30  54 f3 d9 a7 c4 54 08 3c  |...a...0T....T.<|
+000001e0  23 30 f5 3e c6 96 2c 97  84 7c 3d 13 0c 4a e6 0f  |#0.>..,..|=..J..|
+000001f0  ea 99 9c ba e5 34 a2 e6  74 e5 c0 86 d1 4e d4 ed  |.....4..t....N..|
+00000200  a1 e2 81 0a cc ec f8 d2  0a 0d 53 87 d7 d7 cc 75  |..........S....u|
+00000210  6d a8 c0 25 de 31 f3 cb  08 71 f0 e3 5e 7f d0 5c  |m..%.1...q..^..\|
+00000220  fb 48 1a a4 f9 70 08 14  a3 3b 90 87 94 0c 70 df  |.H...p...;....p.|
+00000230  9d b6 db 94 55 99 ac 18  df d1 d5 8c 16 8c c9 25  |....U..........%|
+00000240  2d 78 60 69 66 fb 0d 09  39 18 aa 77 b2 fb ed d1  |-x`if...9..w....|
+00000250  58 d5 53 6a 32 05 6f cc  35 16 6f 19 98 31 f4 36  |X.Sj2.o.5.o..1.6|
+00000260  af 1b 88 39 ad 3b a9 46  b5 49 b3 8e 26 76 ab 02  |...9.;.F.I..&v..|
+00000270  a4 ba f3 29 e5 08 f9 47  a6 b4 f0 ad 4d 70 c6 80  |...)...G....Mp..|
+00000280  ab 33 c7 5a 57 a7 40 37  6b 53 96 e9 35 88 78 bf  |.3.ZW.@7kS..5.x.|
+00000290  dd 81 f8 2f 9c 4d c1 d1  ce 45 16 a4 fb 57 bd ff  |.../.M...E...W..|
+000002a0  67 1c 3f 3f d2 49 89 a2  f3 b3 b9 4b 74 04 c4 e5  |g.??.I.....Kt...|
+000002b0  83 7c ff 9f a0 6b d2 c3  6a 07 ab 91 65 40 ba 20  |.|...k..j...e@. |
+000002c0  7a 59 f1 66 ba f8 47 b1  ab 03 96 c3 e2 57 8d f5  |zY.f..G......W..|
+000002d0  a6 43 a3 6b 6b 9d 42 18  9b 6a 41 09 75 db 8b b7  |.C.kk.B..jA.u...|
+000002e0  7a a6 0e 7e d4 ee da a8  eb 8b 0d 39 8a 1d 6e b5  |z..~.......9..n.|
+000002f0  9b 6a b1 57 f9 9d ec 01  16 03 03 00 bc 5a c0 bc  |.j.W.........Z..|
+00000300  54 9d 60 e3 68 3c 67 38  46 de cb 1f f0 fb 11 90  |T.`.h<g8F.......|
+00000310  10 b6 1b 7a dc f5 91 9c  74 c2 42 91 06 a2 98 17  |...z....t.B.....|
+00000320  27 d0 16 06 3f 02 f6 8e  fb 4c 64 d0 5d 42 06 cd  |'...?....Ld.]B..|
+00000330  aa 11 ec 78 e0 6b d9 97  c0 0f fc 27 9d 8d 8d 8d  |...x.k.....'....|
+00000340  89 cd c3 43 57 86 83 48  d5 00 3b 2b e2 7f 57 48  |...CW..H..;+..WH|
+00000350  4d 11 5e 7a 08 1b f9 01  9a 8e dc 0f c0 a9 9d b7  |M.^z............|
+00000360  86 09 5d 40 3c 12 60 b0  9f 08 26 f2 86 9b 4f 99  |..]@<.`...&...O.|
+00000370  50 f7 9c d6 ff f0 a8 ce  ca 17 57 7a 55 12 fb 5a  |P.........WzU..Z|
+00000380  82 9a fb 3d 05 16 7d 72  9f e5 a1 38 e3 ac fd 72  |...=..}r...8...r|
+00000390  af b0 60 5a ce 67 d9 8e  dc 16 19 17 c7 d6 19 a2  |..`Z.g..........|
+000003a0  a4 97 fe b3 a2 4f 1d 8a  99 72 8f c0 b7 a1 e1 9d  |.....O...r......|
+000003b0  9f 71 fb 90 f5 33 5f c6  e3 16 03 03 00 4a 21 2b  |.q...3_......J!+|
+000003c0  fd 5e f3 e5 f3 86 94 aa  e9 b1 29 a8 dd 96 02 28  |.^........)....(|
+000003d0  e9 8a 82 64 cb 22 06 72  5f 33 f7 70 1b 2a c4 8a  |...d.".r_3.p.*..|
+000003e0  06 fc ee 04 e8 34 d9 88  87 7c 15 7c ce 0d 04 88  |.....4...|.|....|
+000003f0  3c 56 aa 22 57 2f b8 52  eb d8 4c af 34 94 c1 9a  |<V."W/.R..L.4...|
+00000400  a0 ad f2 8d cd 3a a2 5d  16 03 03 00 14 34 4d ae  |.....:.].....4M.|
+00000410  1e 00 57 a0 80 d9 7a e6  04 1e 03 43 1f d5 49 87  |..W...z....C..I.|
+00000420  b7                                                |.|
 >>> Flow 9 (client to server)
-00000000  16 03 03 02 69 33 a1 bb  7d ff 23 ba ad dc a0 1e  |....i3..}.#.....|
-00000010  3c 7c 1f 53 59 81 13 04  49 f7 6e bf 8f ef 11 92  |<|.SY...I.n.....|
-00000020  51 bf 8a e7 fe ef 76 e4  f8 88 27 95 f4 12 f2 ed  |Q.....v...'.....|
-00000030  cc ec a6 2d 10 87 19 5e  c9 fe cd 12 ae 1a 38 f9  |...-...^......8.|
-00000040  78 f1 42 f8 47 26 1b c2  5f 82 a5 aa 65 17 eb 06  |x.B.G&.._...e...|
-00000050  03 c8 22 9c 9f 8b 87 26  4a 64 18 93 9c f4 16 82  |.."....&Jd......|
-00000060  28 eb 8d 2d f8 51 60 3a  f4 bb a3 77 f5 97 2b 6a  |(..-.Q`:...w..+j|
-00000070  19 db 2e 46 8b d8 08 d8  28 88 bb bd d8 3b c2 bb  |...F....(....;..|
-00000080  8c 87 1b 17 a0 34 a8 c6  e8 a5 a0 e5 cb d6 9c 9d  |.....4..........|
-00000090  a6 a4 6c 06 6a 85 0c 5e  ef 0c 97 6f b6 11 e7 4d  |..l.j..^...o...M|
-000000a0  60 91 95 74 48 af 1b 0b  47 03 ed 47 e9 b9 28 36  |`..tH...G..G..(6|
-000000b0  74 0d 8a b8 1e 5d 1c cb  ea 7b b7 8f 18 e3 b9 b9  |t....]...{......|
-000000c0  43 ed 53 f2 bf 7e 8c 8f  e6 c0 2a f4 31 25 f5 e8  |C.S..~....*.1%..|
-000000d0  44 48 2d 36 4f a7 11 f6  ea 7c 3f d6 2d 5d 3e 39  |DH-6O....|?.-]>9|
-000000e0  fb 50 f1 c9 eb 25 be 7a  c5 af 54 f5 12 07 04 22  |.P...%.z..T...."|
-000000f0  ec 68 45 f1 fd d1 91 0a  cf 64 0f f3 58 4e e8 ce  |.hE......d..XN..|
-00000100  f6 9e c0 57 ea 3a bd a0  5d 26 d4 ab ed 1a 34 12  |...W.:..]&....4.|
-00000110  9f fa ec 73 d6 38 06 78  85 3c f9 cd aa fb fd 32  |...s.8.x.<.....2|
-00000120  cb e0 a7 d0 bb 71 b0 a3  d2 b9 89 5e a9 57 18 7e  |.....q.....^.W.~|
-00000130  c0 c9 2e e3 e5 07 65 6f  4c ad 22 78 50 f2 87 0f  |......eoL."xP...|
-00000140  cd 93 b3 19 a9 73 e2 1d  bf 38 a0 20 8d 3a 3a 4e  |.....s...8. .::N|
-00000150  b3 02 b7 11 1f df 12 60  dd 10 1c f8 75 4a 52 86  |.......`....uJR.|
-00000160  71 61 88 37 b3 bf f7 2d  45 6d 10 4a 9f 80 b3 fc  |qa.7...-Em.J....|
-00000170  36 d4 d3 9f 08 f2 bb ce  9c 3a 9a 59 f6 0a 0a aa  |6........:.Y....|
-00000180  7f 61 29 0b df 29 92 09  55 ec 1c 84 d6 1f 7c 68  |.a)..)..U.....|h|
-00000190  72 00 88 5e e3 6a ee 35  45 7a 0b 49 35 0e 2d 7c  |r..^.j.5Ez.I5.-||
-000001a0  ac 8b 9f 9c 94 48 2d 1e  74 24 68 14 8e 16 b4 06  |.....H-.t$h.....|
-000001b0  24 66 a3 18 f4 ff 21 31  4b 9b bb 09 8a 9d 57 e4  |$f....!1K.....W.|
-000001c0  a1 5c ae f1 e1 4b 5c 2a  be 64 3c 7a 61 10 3d 73  |.\...K\*.d<za.=s|
-000001d0  76 94 27 e9 8c 9a 8f 14  9e 9f cb 75 7e 73 14 e0  |v.'........u~s..|
-000001e0  7d 78 90 3d a7 2d cb df  db 2b eb b6 b1 01 aa e4  |}x.=.-...+......|
-000001f0  5f 7f 39 7e eb e9 79 14  07 fa 9d d9 b6 4b 0d 7a  |_.9~..y......K.z|
-00000200  e7 ea 17 d5 c8 0b bd 12  c3 2d fa b1 cc 36 97 a3  |.........-...6..|
-00000210  c3 ac 03 70 f7 47 6d 79  af 96 8f c0 8b b1 84 b7  |...p.Gmy........|
-00000220  51 e5 f8 80 e5 de 8a 78  5c 9e 0a cd 0c c9 e0 27  |Q......x\......'|
-00000230  bc 9a 9b 88 f2 94 9d 3f  a2 a7 72 81 43 3f ca fd  |.......?..r.C?..|
-00000240  19 ba d1 aa 73 0f 5c 70  67 b7 38 68 18 99 e8 e8  |....s.\pg.8h....|
-00000250  51 8a 30 68 81 cc 1b ed  41 46 5d d4 cc 37 9f 8a  |Q.0h....AF]..7..|
-00000260  af 70 96 15 22 2e 5c 0d  d0 9b e9 c3 f6 76 16 03  |.p..".\......v..|
-00000270  03 00 35 e7 e7 b7 b8 af  17 8f 2f 52 a9 1c 9a 33  |..5......./R...3|
-00000280  c5 e9 3d b3 b7 25 5b 80  c1 6e 71 c8 44 bd 27 32  |..=..%[..nq.D.'2|
-00000290  16 44 ee 64 a9 1c 6e 4c  84 55 33 a0 d4 5b fc 94  |.D.d..nL.U3..[..|
-000002a0  77 15 ff 82 11 af a4 f7  16 03 03 00 98 c0 03 0e  |w...............|
-000002b0  00 a5 45 5a 08 4b fd a8  d0 1b d1 f0 12 e3 62 dd  |..EZ.K........b.|
-000002c0  91 dc 81 b2 6a 51 e3 d9  16 4c 48 c4 9a 66 bb 46  |....jQ...LH..f.F|
-000002d0  f9 e1 58 04 f7 47 18 ed  6d 4a 78 78 6e 84 b2 38  |..X..G..mJxxn..8|
-000002e0  e2 51 a6 3a 4c fe 76 d9  ef 3e b2 d9 b2 c0 5e 4f  |.Q.:L.v..>....^O|
-000002f0  f7 4b 38 70 d0 82 42 f2  5a c9 34 d2 76 7b 8d e4  |.K8p..B.Z.4.v{..|
-00000300  0b c7 3d be 86 7d 21 8c  f8 9f 1a 4a dc 48 07 12  |..=..}!....J.H..|
-00000310  ab 4c 98 f7 8b 3e 02 49  c2 d1 b5 e9 9a e0 5a 74  |.L...>.I......Zt|
-00000320  58 ce a3 33 be 0f ca 12  54 a2 0e a9 e5 22 8f 82  |X..3....T...."..|
-00000330  df 1a 3e 21 bf 66 c6 13  39 77 83 95 b1 4b 1d d3  |..>!.f..9w...K..|
-00000340  32 69 24 c2 89 14 03 03  00 11 1c eb 63 31 c9 c9  |2i$.........c1..|
-00000350  8a e3 8b 25 7e e9 b7 7d  19 03 3c 16 03 03 00 20  |...%~..}..<.... |
-00000360  c6 41 57 04 ab e8 6c 55  0b dc cd 06 f5 b3 4b 95  |.AW...lU......K.|
-00000370  40 b5 04 47 da 71 d7 70  ce d6 2e 0b c7 66 16 3c  |@..G.q.p.....f.<|
+00000000  16 03 03 02 69 3d ff d3  96 89 9f 41 3d 64 0c 71  |....i=.....A=d.q|
+00000010  e5 80 34 1f 5d 8a cb b4  47 08 c8 c0 7d 17 3b db  |..4.]...G...}.;.|
+00000020  d4 d1 9d 98 16 b9 84 73  c9 8a ff 76 bf 1e f0 bd  |.......s...v....|
+00000030  da 35 a8 2a d5 6a 28 cf  66 bf e0 dc 45 a9 8f 61  |.5.*.j(.f...E..a|
+00000040  65 75 99 29 fe 5a c8 46  2e 14 10 79 a2 b9 c9 04  |eu.).Z.F...y....|
+00000050  37 f8 01 8e 72 2b b7 c9  23 75 51 59 b9 8d 4a 87  |7...r+..#uQY..J.|
+00000060  9d 54 5d 70 25 66 5b 70  a7 04 e4 c0 6a e9 25 8f  |.T]p%f[p....j.%.|
+00000070  1b e0 39 59 b4 f3 0a 3b  42 bd 25 f3 e3 38 45 d6  |..9Y...;B.%..8E.|
+00000080  d9 22 b6 1f 40 72 19 2d  c6 1d 22 66 c5 cb 10 2c  |."..@r.-.."f...,|
+00000090  1c 6a f8 fc ca f3 b4 f1  d2 e5 cf 7b ef 89 e6 9b  |.j.........{....|
+000000a0  c5 5e 4e 83 6b 55 2f 01  da ad d4 3c 91 d4 17 f2  |.^N.kU/....<....|
+000000b0  8c ee ae e1 6c b4 c9 9d  33 b1 7c d3 e4 61 72 8f  |....l...3.|..ar.|
+000000c0  81 26 8f b9 c5 3f ca 42  00 16 57 1c 9a d2 37 80  |.&...?.B..W...7.|
+000000d0  76 47 b7 59 3c 39 b6 d2  0b 83 45 d1 3e 4d c4 8d  |vG.Y<9....E.>M..|
+000000e0  24 8f 95 f6 44 2f 45 70  69 6f 82 13 f7 42 a2 de  |$...D/Epio...B..|
+000000f0  bb 86 af c3 b1 eb aa 34  ae 5d fb c2 e1 5c 87 d1  |.......4.]...\..|
+00000100  2b f4 36 1f da cf 94 b7  fd 78 de 96 0a cd f5 80  |+.6......x......|
+00000110  6d a5 7c fa a0 1a dd aa  ef 0f 4c 7a cc 10 33 e0  |m.|.......Lz..3.|
+00000120  be c1 1c 9e 3f e0 4c a8  93 95 da 5d 01 bd a8 84  |....?.L....]....|
+00000130  8b e8 53 c2 69 04 92 fa  54 16 38 d7 82 17 07 da  |..S.i...T.8.....|
+00000140  71 af 5d 82 72 3d 6b 10  fd 46 b5 a2 8d 6e fe f8  |q.].r=k..F...n..|
+00000150  65 4a 48 6f 2e e3 8d b9  97 23 7f 51 ec 32 07 3b  |eJHo.....#.Q.2.;|
+00000160  1c df 26 be 29 e7 95 77  ed 1e d0 b2 d9 68 e4 65  |..&.)..w.....h.e|
+00000170  5b e7 97 58 ec 50 0c d1  e1 6e 76 73 d5 7b 37 41  |[..X.P...nvs.{7A|
+00000180  03 03 dd 07 53 48 d6 8c  d5 69 83 05 06 1e 59 54  |....SH...i....YT|
+00000190  9a cb 50 c5 55 12 23 47  57 83 50 83 58 ec 97 95  |..P.U.#GW.P.X...|
+000001a0  09 de e9 01 d7 62 43 eb  1d 80 82 08 c0 1e 7d d4  |.....bC.......}.|
+000001b0  6b d5 dd b7 0c 8d 7f 7c  2d ed f9 b1 16 38 ec b7  |k......|-....8..|
+000001c0  a0 1b 5a da a6 6f b2 59  ce ff d9 fc 9b 0c fc 16  |..Z..o.Y........|
+000001d0  27 5e 79 68 f8 3d 0b dc  bb 6d 9f 0d 4d 3b 19 d4  |'^yh.=...m..M;..|
+000001e0  0f 36 59 5f 41 c4 f6 9c  c1 47 f5 65 e0 d8 b1 06  |.6Y_A....G.e....|
+000001f0  3b 05 6c 90 fd f2 e8 b1  33 a9 1c a7 84 f4 e6 02  |;.l.....3.......|
+00000200  f3 80 2e 9f 81 13 01 ea  9f 09 f0 55 22 34 93 bf  |...........U"4..|
+00000210  b2 13 07 62 f0 fc 3e 08  b2 8d cb 62 64 33 a4 e6  |...b..>....bd3..|
+00000220  1c 26 ff 4e fe 28 3e 82  58 ce 82 a1 ef a4 14 f3  |.&.N.(>.X.......|
+00000230  81 59 e2 29 da 30 ef 1d  20 75 1a 7f 27 b5 90 be  |.Y.).0.. u..'...|
+00000240  40 fc 52 08 0a 62 c4 53  4f 6d e9 fb 96 81 8c 1e  |@.R..b.SOm......|
+00000250  3d 3f bc 87 fb fb 6c 8b  17 7a 14 38 53 df 0c ef  |=?....l..z.8S...|
+00000260  f4 12 24 fa 77 ce 0b 2a  ea 1d 1e 0c 8e 50 16 03  |..$.w..*.....P..|
+00000270  03 00 35 28 fe 49 cd b2  80 e8 65 78 83 02 1f 03  |..5(.I....ex....|
+00000280  75 ab 8c f6 cb c0 fa 86  8f 5e b2 63 f8 a4 37 b9  |u........^.c..7.|
+00000290  2b 82 9e 27 cb 82 97 c6  7c 90 cc de 19 d2 cc 7e  |+..'....|......~|
+000002a0  19 c1 5e da 99 87 05 31  16 03 03 00 98 09 f8 56  |..^....1.......V|
+000002b0  7f 7d 66 c3 a3 e0 e2 68  48 b6 38 cb 6c ca b9 28  |.}f....hH.8.l..(|
+000002c0  ff 5b 52 f9 7b 69 ba 92  a9 ba 25 7a 0a fe 97 3b  |.[R.{i....%z...;|
+000002d0  73 f2 b6 8b a7 cb d6 cf  9e da f1 ce d7 41 98 d3  |s............A..|
+000002e0  3d 59 ef 9c 14 78 e2 d7  46 0b 63 b2 aa 4e 02 1e  |=Y...x..F.c..N..|
+000002f0  40 78 a2 e6 55 c2 20 88  ab 0e bd a8 78 76 4d fe  |@x..U. .....xvM.|
+00000300  68 c4 ad c0 7e 9d 2b 0c  08 e9 0f 65 1c 9e 38 df  |h...~.+....e..8.|
+00000310  f9 07 1f 8a 6b 2c af 94  89 35 75 61 e9 5f 2b 90  |....k,...5ua._+.|
+00000320  b4 38 15 26 a1 ea 15 dc  76 09 0a 2b ff 2d 42 ab  |.8.&....v..+.-B.|
+00000330  b5 f7 37 ce ec 34 8e 9a  55 b5 01 56 98 46 b7 1e  |..7..4..U..V.F..|
+00000340  07 30 0d 25 8a 14 03 03  00 11 c7 b7 3a b1 86 25  |.0.%........:..%|
+00000350  cf 3e a6 ce 37 36 65 11  b2 85 13 16 03 03 00 20  |.>..76e........ |
+00000360  c8 69 c3 d3 63 3d 94 1c  78 e2 b7 dd 84 b5 f9 2d  |.i..c=..x......-|
+00000370  d6 ed 39 fe 23 48 ee 7a  75 17 21 70 eb b8 96 56  |..9.#H.zu.!p...V|
 >>> Flow 10 (server to client)
-00000000  14 03 03 00 11 c0 4e fd  fa 3a 1c 4a 19 ce 08 f6  |......N..:.J....|
-00000010  da 70 56 fa 39 42 16 03  03 00 20 0c bc c4 5e 24  |.pV.9B.... ...^$|
-00000020  e3 0e c9 23 8c cd f6 a2  45 07 e6 93 40 7c c8 02  |...#....E...@|..|
-00000030  6e 24 f7 4e 06 9a ad ba  de cd 10 17 03 03 00 19  |n$.N............|
-00000040  52 e0 85 b3 46 25 7d fd  8f d0 4c ca df fe 2f a6  |R...F%}...L.../.|
-00000050  14 d6 08 82 70 0f 93 78  bf 16 03 03 00 14 ff 68  |....p..x.......h|
-00000060  f1 6d 8d b4 5f 74 19 6b  e3 1e 6e ee 9d ee c2 34  |.m.._t.k..n....4|
-00000070  0f 44                                             |.D|
+00000000  14 03 03 00 11 ce 30 2f  ce ec 08 18 13 0f 64 04  |......0/......d.|
+00000010  6d a0 fb 38 04 17 16 03  03 00 20 03 cd 4e 30 0f  |m..8...... ..N0.|
+00000020  e3 c2 1c 52 7d 30 5f 57  e1 2f 50 7b 00 0b 8a 05  |...R}0_W./P{....|
+00000030  2e 4b 15 23 fd e6 82 35  ac 96 5f 17 03 03 00 19  |.K.#...5.._.....|
+00000040  d9 71 23 60 2a 72 ac 2e  43 66 a9 7a a9 71 5f f3  |.q#`*r..Cf.z.q_.|
+00000050  c3 43 72 41 55 49 81 95  43 16 03 03 00 14 c0 af  |.CrAUI..C.......|
+00000060  63 ad 86 4c 8b 44 8d f1  e1 2c 4e b7 a5 54 b4 1d  |c..L.D...,N..T..|
+00000070  68 de                                             |h.|
 >>> Flow 11 (client to server)
-00000000  15 03 03 00 12 81 0d 63  a5 11 7a 03 ab 66 f6 c8  |.......c..z..f..|
-00000010  15 f3 d9 23 fa 67 6b 15  03 03 00 12 71 0e 3b 52  |...#.gk.....q.;R|
-00000020  1a 05 39 4c 8c 76 c3 a9  00 35 bd 66 80 a1        |..9L.v...5.f..|
+00000000  15 03 03 00 12 6d 7f 8e  31 17 7d 45 96 a9 b0 6e  |.....m..1.}E...n|
+00000010  e1 73 b3 f3 f6 51 9a 15  03 03 00 12 ad 22 dc 06  |.s...Q......."..|
+00000020  98 ee b2 2f 09 4b 40 25  84 65 60 88 2e db        |.../.K@%.e`...|
diff --git a/testdata/Client-TLSv12-RenegotiationRejected b/testdata/Client-TLSv12-RenegotiationRejected
index 0be2e72b..f7097847 100644
--- a/testdata/Client-TLSv12-RenegotiationRejected
+++ b/testdata/Client-TLSv12-RenegotiationRejected
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 21 15 e1 02 00  |....]...Y..!....|
-00000010  c6 0c e5 3f c9 6f a5 59  38 7e 13 81 1b 26 50 46  |...?.o.Y8~...&PF|
-00000020  bf 2b 95 0c eb a8 bc 72  97 bc 26 20 ad 6b 84 ac  |.+.....r..& .k..|
-00000030  8f 62 26 0b 4b d8 bf 1b  7d a5 27 3b 3e 45 a5 8f  |.b&.K...}.';>E..|
-00000040  37 fb b2 25 2c d3 82 69  ed d7 c9 f0 cc a8 00 00  |7..%,..i........|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 50 07 ee 50 d2  |....]...Y..P..P.|
+00000010  77 fa a1 bb 19 fa ea 54  12 26 62 e7 0c 84 b9 2e  |w......T.&b.....|
+00000020  b2 b8 c8 19 59 34 b4 3c  60 21 d9 20 4f 36 b8 c7  |....Y4.<`!. O6..|
+00000030  5c ae b8 11 14 0d 67 88  65 37 f1 a5 16 3a af 92  |\.....g.e7...:..|
+00000040  4d 39 ed 9c 20 1c e7 c1  40 e6 ba b8 cc a8 00 00  |M9.. ...@.......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -61,36 +63,36 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 b2 3a 28  |............ .:(|
-000002d0  2e 2c 66 f1 9b 44 58 9a  92 03 42 81 f6 1c f4 67  |.,f..DX...B....g|
-000002e0  50 b5 92 f3 06 1b 1b 23  93 99 12 c5 6b 08 04 00  |P......#....k...|
-000002f0  80 44 05 ae 8d ed c6 82  3a 2a 19 05 9d 70 f9 ba  |.D......:*...p..|
-00000300  45 66 cb 45 75 9c da 92  cc bb 4a a5 ae 41 8c f8  |Ef.Eu.....J..A..|
-00000310  9b e7 06 73 88 9f f9 7d  95 ce 74 a6 05 e9 38 a5  |...s...}..t...8.|
-00000320  26 4b b2 26 31 5c e9 f9  a8 f8 6e 6b 05 e4 39 b5  |&K.&1\....nk..9.|
-00000330  fe b1 b1 cd 40 23 e9 68  f3 9c ed 91 71 d3 0b c5  |....@#.h....q...|
-00000340  91 c5 b2 91 69 a9 4b 2c  a7 0c 24 d6 a9 e7 74 89  |....i.K,..$...t.|
-00000350  9e ce 8b 00 72 9a c9 86  8b ca 8d 39 01 a0 71 3e  |....r......9..q>|
-00000360  46 ff a6 7d c6 da 0a af  f2 84 c4 01 1c 94 47 22  |F..}..........G"|
-00000370  71 16 03 03 00 04 0e 00  00 00                    |q.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 5d 84 3d  |............ ].=|
+000002d0  57 67 a5 0a 3d 25 81 c0  82 e0 b9 03 29 4e e1 87  |Wg..=%......)N..|
+000002e0  37 88 c8 9a 6d 7c 4b c9  22 5a ab 5e 68 08 04 00  |7...m|K."Z.^h...|
+000002f0  80 5d 80 99 26 5c 59 a0  7f f1 96 68 9e 02 11 1c  |.]..&\Y....h....|
+00000300  80 89 f1 50 d1 5c 7c 61  29 77 5e c1 4f 42 4b 03  |...P.\|a)w^.OBK.|
+00000310  0d 92 0d 20 c4 f9 e3 60  a7 de 90 b7 5a b8 3b 06  |... ...`....Z.;.|
+00000320  0a 21 4b 9b 5b e9 2f 85  dc 23 af 5a d0 76 0a 74  |.!K.[./..#.Z.v.t|
+00000330  02 64 32 b6 9a 93 d3 b8  65 04 94 f5 c5 be c2 7f  |.d2.....e.......|
+00000340  9b 76 af cf 1f 77 e0 31  3f 63 0e 0e 78 cd f7 9c  |.v...w.1?c..x...|
+00000350  e3 d4 52 e2 80 53 7f 53  35 10 21 b9 9e 48 92 e3  |..R..S.S5.!..H..|
+00000360  ba 7e 3c 13 0c 36 bc 56  3a 00 d3 13 c1 16 f8 33  |.~<..6.V:......3|
+00000370  68 16 03 03 00 04 0e 00  00 00                    |h.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 80 26 44  1c a7 83 b7 12 29 9a 44  |.... .&D.....).D|
-00000040  7b c1 0b 96 53 c8 0e 9b  dd 8d 29 4b 4b b8 75 d7  |{...S.....)KK.u.|
-00000050  0a c7 86 c7 d9                                    |.....|
+00000030  16 03 03 00 20 72 e5 4c  81 fd 78 39 f0 bb 37 cd  |.... r.L..x9..7.|
+00000040  b4 47 cb 1b 52 25 08 9a  ab ab 9b 28 d2 b4 72 eb  |.G..R%.....(..r.|
+00000050  b0 db 8f fe 29                                    |....)|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 2e d7 9e b0 66  |.......... ....f|
-00000010  f1 39 84 a9 d9 93 17 bd  94 5a 31 49 bb eb f0 a0  |.9.......Z1I....|
-00000020  7b af d0 3b ae 1a 5d f6  46 31 36                 |{..;..].F16|
+00000000  14 03 03 00 01 01 16 03  03 00 20 68 26 ca 41 0e  |.......... h&.A.|
+00000010  ab 2f 28 5d 9e 94 17 4f  9f 25 cb 82 aa 3a e5 40  |./(]...O.%...:.@|
+00000020  8a 35 6d a8 72 bf 25 2a  8a 6d 04                 |.5m.r.%*.m.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 cd 39 a7  64 3b 6a de 14 e0 26 ea  |......9.d;j...&.|
-00000010  66 b2 73 b1 8e b0 e3 a9  94 62 4f                 |f.s......bO|
+00000000  17 03 03 00 16 73 e1 3b  86 fb 05 16 9e a9 af 73  |.....s.;.......s|
+00000010  64 72 8b 02 a0 82 7d 70  16 5c d9                 |dr....}p.\.|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 c5 d7 88  58 81 44 1f 8d e4 c2 19  |........X.D.....|
-00000010  15 3b 5c 43 76 82 fe 03  e1                       |.;\Cv....|
+00000000  16 03 03 00 14 9b 44 8d  b3 1c 77 2c 12 e7 fe 76  |......D...w,...v|
+00000010  31 c9 ab e7 f0 be 32 0a  e3                       |1.....2..|
 >>> Flow 7 (client to server)
-00000000  15 03 03 00 12 d4 b1 0d  fa 41 25 ab d4 e1 b7 74  |.........A%....t|
-00000010  27 5c 8b c6 0d 49 8e 15  03 03 00 12 65 3d 4e 30  |'\...I......e=N0|
-00000020  48 43 8f f6 8b 89 45 af  f4 7a e4 eb ad a1        |HC....E..z....|
+00000000  15 03 03 00 12 00 54 e7  c6 54 b7 ec 24 d4 07 ad  |......T..T..$...|
+00000010  ff a7 39 d2 7b 62 ba 15  03 03 00 12 de ad f4 f7  |..9.{b..........|
+00000020  0b 8b a3 a3 e5 19 b6 45  63 6f dc 7d f3 c4        |.......Eco.}..|
diff --git a/testdata/Client-TLSv12-SCT b/testdata/Client-TLSv12-SCT
index 8ea2cd46..399c5e9e 100644
--- a/testdata/Client-TLSv12-SCT
+++ b/testdata/Client-TLSv12-SCT
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,21 +7,23 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 01 ca 02 00 01  c6 03 03 da b0 57 a0 ee  |.............W..|
-00000010  bf 74 92 06 39 a6 9a 9b  80 71 7e 57 63 ab 31 74  |.t..9....q~Wc.1t|
-00000020  d3 22 c1 e3 a6 c6 cf 6f  47 57 49 20 86 52 fb 0a  |.".....oGWI .R..|
-00000030  fd aa 10 47 00 9a 5d ad  4c d8 90 f1 cf 13 10 73  |...G..].L......s|
-00000040  31 f1 df 22 f3 42 58 b0  10 25 43 eb cc a8 00 01  |1..".BX..%C.....|
+00000000  16 03 03 01 ca 02 00 01  c6 03 03 9a 84 91 7d 3b  |..............};|
+00000010  31 f1 28 b9 57 a3 5c ea  ac 1c 43 91 1a e3 1a 88  |1.(.W.\...C.....|
+00000020  29 b8 46 87 18 0a 9d 9e  f6 6a 94 20 45 98 c2 a1  |).F......j. E...|
+00000030  3f 98 33 0f b7 d0 e8 53  70 a5 01 4e 0b a1 3b 3a  |?.3....Sp..N..;:|
+00000040  e1 cd 07 a3 b0 96 eb 05  54 26 de d8 cc a8 00 01  |........T&......|
 00000050  7e 00 12 01 69 01 67 00  75 00 a4 b9 09 90 b4 18  |~...i.g.u.......|
 00000060  58 14 87 bb 13 a2 cc 67  70 0a 3c 35 98 04 f9 1b  |X......gp.<5....|
 00000070  df b8 e3 77 cd 0e c8 0d  dc 10 00 00 01 47 97 99  |...w.........G..|
@@ -84,31 +86,31 @@
 00000400  43 77 8d 0c 1c f1 0f a1  d8 40 83 61 c9 4c 72 2b  |Cw.......@.a.Lr+|
 00000410  9d ae db 46 06 06 4d f4  c1 b3 3e c0 d1 bd 42 d4  |...F..M...>...B.|
 00000420  db fe 3d 13 60 84 5c 21  d3 3b e9 fa e7 16 03 03  |..=.`.\!.;......|
-00000430  00 ac 0c 00 00 a8 03 00  1d 20 0e e6 72 88 cf d1  |......... ..r...|
-00000440  05 c7 8d 03 64 b9 db d8  c3 5e 36 80 67 67 36 94  |....d....^6.gg6.|
-00000450  5b b7 92 f9 77 1f 6f b2  44 7f 08 04 00 80 1d 3b  |[...w.o.D......;|
-00000460  70 d5 72 87 2f 58 20 da  29 e0 f8 e8 7c 8d e5 c7  |p.r./X .)...|...|
-00000470  bf da 3c 10 f8 b0 3e 38  7b 06 0b 8e 8f d7 40 b6  |..<...>8{.....@.|
-00000480  47 9f 1c 64 6e 80 ab 9d  51 92 8c 60 a2 88 c4 43  |G..dn...Q..`...C|
-00000490  7d dc 29 64 45 83 a7 9c  2a 39 e9 bb 2a d9 f5 96  |}.)dE...*9..*...|
-000004a0  4c fb fd 0d cc 0f 9b 48  f5 ee af 8f 7a 1c 39 3e  |L......H....z.9>|
-000004b0  cf 23 15 c6 ab c3 f2 29  fd 6c 4f 17 6b d4 be 1a  |.#.....).lO.k...|
-000004c0  23 6e 74 81 e5 e5 e8 c0  de 9b b0 ed d2 32 bc 2a  |#nt..........2.*|
-000004d0  b1 30 b2 eb ac 9e 23 f8  be ea 31 9a b4 55 16 03  |.0....#...1..U..|
+00000430  00 ac 0c 00 00 a8 03 00  1d 20 4e e0 4b c5 9b e7  |......... N.K...|
+00000440  1c 85 3a 3f 64 df cb 87  18 94 c2 e2 cd e9 db 5e  |..:?d..........^|
+00000450  44 11 ee e0 89 4d 11 62  57 1a 08 04 00 80 7d 99  |D....M.bW.....}.|
+00000460  22 49 98 12 7b 7c e7 73  99 dc c1 43 7d 6c ed 8d  |"I..{|.s...C}l..|
+00000470  7e f3 d5 66 76 0b cd 5e  5f cc 60 68 8e 8c 30 6f  |~..fv..^_.`h..0o|
+00000480  54 0d 46 ca da a0 82 44  30 fc f1 bc a4 54 a1 49  |T.F....D0....T.I|
+00000490  d1 17 e6 c5 dc fd 08 41  19 5a e1 5b 9a 93 3c 3b  |.......A.Z.[..<;|
+000004a0  3b 0f be 35 51 55 0e 54  1e dc 03 28 0b fa 49 9f  |;..5QU.T...(..I.|
+000004b0  cf c8 d6 18 79 f7 84 92  0a 37 9f b3 88 3a 46 d9  |....y....7...:F.|
+000004c0  dd 7b e5 2b 52 6c a8 06  ac b5 ba 29 32 82 fb eb  |.{.+Rl.....)2...|
+000004d0  62 78 c9 97 c7 5c 03 e9  26 2e 8d 23 db 35 16 03  |bx...\..&..#.5..|
 000004e0  03 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 a1 58 d5  1a a3 9f 85 4e b6 c8 b7  |.... .X.....N...|
-00000040  cb c1 b0 cc 0a 80 59 1d  81 41 cc 4d 0b d3 bd 38  |......Y..A.M...8|
-00000050  48 69 01 23 96                                    |Hi.#.|
+00000030  16 03 03 00 20 e4 20 73  0f 70 18 f9 ef a2 7a e3  |.... . s.p....z.|
+00000040  73 d2 8d 38 45 61 89 b5  b0 77 1c 39 ba f8 56 ec  |s..8Ea...w.9..V.|
+00000050  04 0b c6 fb 02                                    |.....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 83 ae fc 0d dd  |.......... .....|
-00000010  a1 3a 55 b0 2e 5e 21 9c  57 f3 1b 94 80 6c 0e bb  |.:U..^!.W....l..|
-00000020  78 ae f4 6c 20 d5 7e 23  11 1e 7d                 |x..l .~#..}|
+00000000  14 03 03 00 01 01 16 03  03 00 20 a8 e6 38 02 7a  |.......... ..8.z|
+00000010  d2 1c ca b1 79 ae ba 10  b6 ab e2 5e 79 28 06 7f  |....y......^y(..|
+00000020  0c d4 17 fc e3 72 e2 bf  44 4b 5f                 |.....r..DK_|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 d3 16 a3  f0 93 49 44 d4 82 60 35  |..........ID..`5|
-00000010  e3 63 08 c0 4e 66 99 37  31 90 6c 15 03 03 00 12  |.c..Nf.71.l.....|
-00000020  3c ea 2c 19 34 7b cc 6c  7a a9 15 31 6f 9c 3b b0  |<.,.4{.lz..1o.;.|
-00000030  b2 1f                                             |..|
+00000000  17 03 03 00 16 00 04 dd  86 fc e7 8c c5 67 e6 0f  |.............g..|
+00000010  32 0a 60 1b f8 b6 1c e7  e1 96 8c 15 03 03 00 12  |2.`.............|
+00000020  35 71 48 37 fb f7 d1 3a  94 aa 3f ec c1 99 8a 7c  |5qH7...:..?....||
+00000030  20 4a                                             | J|
diff --git a/testdata/Client-TLSv12-X25519-ECDHE b/testdata/Client-TLSv12-X25519-ECDHE
index c851eb1a..a0d9a5eb 100644
--- a/testdata/Client-TLSv12-X25519-ECDHE
+++ b/testdata/Client-TLSv12-X25519-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f8 01 00 00  f4 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 16 01 00 01  12 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,20 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 79 00 0b 00 02  01 00 ff 01 00 01 00 00  |...y............|
+00000080  01 00 00 97 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 04 00 02 00 1d  00 0d 00 1a 00 18 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000d0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
-000000e0  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
-000000f0  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
+000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
+000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
+000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
+000000f0  01 00 33 00 26 00 24 00  1d 00 20 2f e5 7d a3 47  |..3.&.$... /.}.G|
+00000100  cd 62 43 15 28 da ac 5f  bb 29 07 30 ff f6 84 af  |.bC.(.._.).0....|
+00000110  c4 cf c2 ed 90 99 5f 58  cb 3b 74                 |......_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 e0 da ea 5e 09  |....]...Y.....^.|
-00000010  bb 30 4c 10 db 85 36 44  38 9e a4 83 74 5f 2f 94  |.0L...6D8...t_/.|
-00000020  a1 b4 45 61 73 2f 88 b3  ac ad e4 20 45 55 20 90  |..Eas/..... EU .|
-00000030  b0 b0 d4 70 e6 10 13 5c  f4 49 0e 9c 2a 52 5c 84  |...p...\.I..*R\.|
-00000040  b2 55 1a ea e3 4b 5a 9f  ac e9 7b 37 c0 2f 00 00  |.U...KZ...{7./..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 c1 cb c6 9e f2  |....]...Y.......|
+00000010  92 cb ca eb 42 5a 30 c2  1a 3f d6 ca fc 69 b9 55  |....BZ0..?...i.U|
+00000020  86 21 dd 3f 1d 33 5c 97  a1 1f b9 20 46 58 d4 b8  |.!.?.3\.... FX..|
+00000030  c4 71 e6 30 97 a1 f3 fe  1c 7f ca cd bf c2 95 96  |.q.0............|
+00000040  ef 5c df 54 60 51 f6 e2  47 7c c5 bd c0 2f 00 00  |.\.T`Q..G|.../..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -60,33 +62,33 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 ca 07 6e  |............ ..n|
-000002d0  67 12 8e f7 b4 55 c0 d4  88 73 35 f0 f1 ae c4 34  |g....U...s5....4|
-000002e0  59 dc 05 df 75 96 54 f1  4f 7f 79 93 25 08 04 00  |Y...u.T.O.y.%...|
-000002f0  80 d2 1d 65 15 23 74 e4  57 80 58 62 b5 6d ab 06  |...e.#t.W.Xb.m..|
-00000300  11 4c e0 a0 7b 7e b5 78  87 47 71 30 c3 d8 86 b2  |.L..{~.x.Gq0....|
-00000310  af 34 24 95 9c 2f 74 bb  6e c8 2a 8e 81 f8 fb d7  |.4$../t.n.*.....|
-00000320  06 06 dc e8 95 01 65 fe  5d cb 9e 7f 36 9b 29 40  |......e.]...6.)@|
-00000330  09 81 1b df 24 66 13 94  51 2a 48 31 e3 cb 3a 06  |....$f..Q*H1..:.|
-00000340  c9 9c f4 36 b8 c0 de c1  3e 5e 79 95 f8 11 4b d8  |...6....>^y...K.|
-00000350  0a b1 6c ef f4 ce 89 ba  df ad 24 3d 7c 48 aa 70  |..l.......$=|H.p|
-00000360  d8 0e 52 a8 12 1c 6b eb  5b c9 c3 a3 fa f0 60 d4  |..R...k.[.....`.|
-00000370  54 16 03 03 00 04 0e 00  00 00                    |T.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 d5 3e d5  |............ .>.|
+000002d0  c0 de 8f f1 12 8d 50 f2  97 d1 d6 1d b9 9f 7f 86  |......P.........|
+000002e0  00 38 c7 77 7b 65 44 7d  97 e4 61 a3 77 08 04 00  |.8.w{eD}..a.w...|
+000002f0  80 07 71 57 61 39 64 7c  d0 1e 5d 57 23 5c 18 0c  |..qWa9d|..]W#\..|
+00000300  46 c8 62 e0 41 5a f9 4f  1b 17 d9 25 64 53 9c 41  |F.b.AZ.O...%dS.A|
+00000310  ea 6a fc 01 69 92 4c d1  4e 98 4d c8 d2 7d 5a 8b  |.j..i.L.N.M..}Z.|
+00000320  19 46 9a 54 57 27 12 ba  f2 91 cb 0b 24 08 06 91  |.F.TW'......$...|
+00000330  c0 4d 5a 9e 45 e0 34 87  93 87 59 08 ae cb 5c 08  |.MZ.E.4...Y...\.|
+00000340  05 bf 71 f7 0c 04 57 b9  d4 9c 00 ec bb 55 ee c3  |..q...W......U..|
+00000350  56 ab f9 08 ab 14 f1 f9  27 85 f3 ea 85 26 db bc  |V.......'....&..|
+00000360  25 54 e8 ad 91 0e 07 f1  bc 48 ca c3 54 c2 da 3c  |%T.......H..T..<|
+00000370  26 16 03 03 00 04 0e 00  00 00                    |&.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 21 27 7f  |....(........!'.|
-00000040  32 c6 19 c4 a9 13 bf 5e  4b 53 5f c3 47 64 bb f8  |2......^KS_.Gd..|
-00000050  21 d5 10 12 12 60 5e d8  e8 cf 1e fe 18           |!....`^......|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 1c bd 15  |....(...........|
+00000040  e4 c0 92 d5 1d 85 17 46  b8 46 6b 71 ef b4 36 9f  |.......F.Fkq..6.|
+00000050  f4 0c ca a6 81 f8 da 28  63 29 29 d6 2c           |.......(c)).,|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 af e6 ee d0 75  |..........(....u|
-00000010  df 97 22 b0 ff 46 8e 51  bb 23 70 8d 4a 22 01 b6  |.."..F.Q.#p.J"..|
-00000020  13 34 68 fd 69 fe 0a 0f  df 0e e6 41 48 49 8c e7  |.4h.i......AHI..|
-00000030  d3 21 13                                          |.!.|
+00000000  14 03 03 00 01 01 16 03  03 00 28 b7 b5 af 79 b7  |..........(...y.|
+00000010  68 6f d7 fa d6 0f 73 8a  51 ea 97 a4 2f b1 29 58  |ho....s.Q.../.)X|
+00000020  73 fd f2 15 17 c6 cd 1b  2d 1a 39 32 17 78 37 fe  |s.......-.92.x7.|
+00000030  87 71 da                                          |.q.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 10 16 77  |...............w|
-00000010  99 da 71 ef 78 16 d7 cd  2c 7b 71 ba 8a 74 c1 65  |..q.x...,{q..t.e|
-00000020  f2 f6 be 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  72 d4 4a f6 6d 63 4c ad  02 46 36 18 61 47 61 7d  |r.J.mcL..F6.aGa}|
-00000040  50 08                                             |P.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 a5 8f 5d  |...............]|
+00000010  59 44 d3 65 6c bd b1 68  3c d2 ee 1c 5d 8c 92 4c  |YD.el..h<...]..L|
+00000020  c2 89 f3 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  33 c1 b3 d7 37 52 f7 57  3d 00 af 02 e0 e8 9b 6f  |3...7R.W=......o|
+00000040  ad 0f                                             |..|
diff --git a/testdata/Client-TLSv13-AES128-SHA256 b/testdata/Client-TLSv13-AES128-SHA256
index 6c7c3d47..c6e3f37d 100644
--- a/testdata/Client-TLSv13-AES128-SHA256
+++ b/testdata/Client-TLSv13-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,85 +7,87 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 63 fa e1 78 d5  |....z...v..c..x.|
-00000010  53 77 64 44 97 45 79 94  e7 79 dd da 70 81 46 66  |SwdD.Ey..y..p.Ff|
-00000020  ac 7c 77 a2 f9 29 ca 48  e6 53 56 20 00 00 00 00  |.|w..).H.SV ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 75 19 d0 fb e3  |....z...v..u....|
+00000010  11 c7 2a 09 40 fb 18 4b  17 f8 94 3f 54 2b 33 c9  |..*.@..K...?T+3.|
+00000020  96 c6 46 72 a5 92 31 7d  d3 40 d3 20 00 00 00 00  |..Fr..1}.@. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 01 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 36  |..+.....3.$... 6|
-00000060  e2 c3 a0 14 f4 9c 50 9c  08 03 5e c2 b8 4b 66 85  |......P...^..Kf.|
-00000070  71 fb bb 20 6e 97 3a f6  74 be 02 31 29 8e 18 14  |q.. n.:.t..1)...|
-00000080  03 03 00 01 01 17 03 03  00 17 00 79 2a 2d 44 f4  |...........y*-D.|
-00000090  12 2d 7c d6 8c 7a 27 76  a5 3a 6b c1 2d 40 8f 20  |.-|..z'v.:k.-@. |
-000000a0  8b 17 03 03 02 6d 6e 16  f8 0f d2 67 3b e8 1a 95  |.....mn....g;...|
-000000b0  2a ce 16 7b 95 21 7e 03  65 bf 01 ce e9 43 83 f6  |*..{.!~.e....C..|
-000000c0  0e a9 d2 f2 d1 a3 2f d4  55 d2 27 83 44 3d f9 72  |....../.U.'.D=.r|
-000000d0  00 8d 41 44 eb 93 ca 68  09 d1 bd f3 1a cc a0 53  |..AD...h.......S|
-000000e0  a7 18 6e b7 27 d0 f5 e1  08 d8 9f 7b 37 bc 8f b9  |..n.'......{7...|
-000000f0  84 6d e0 20 cf 99 bf c1  67 c8 00 74 4c 76 3e 2d  |.m. ....g..tLv>-|
-00000100  63 48 11 f1 75 30 ab a5  5b a2 cb 13 e9 e0 65 36  |cH..u0..[.....e6|
-00000110  86 ce 8b 64 f6 dc e1 b7  0d 16 96 d1 ec 4b 93 d5  |...d.........K..|
-00000120  6c 10 0d b7 d8 a2 45 b2  f0 e0 aa ab ab 11 8d d0  |l.....E.........|
-00000130  2c fc 20 35 99 1b d6 3b  72 6d 88 03 80 5c 59 d4  |,. 5...;rm...\Y.|
-00000140  04 18 ee 7a ed fe fb 52  c1 3c 93 95 e2 00 23 0d  |...z...R.<....#.|
-00000150  cc c1 4e 0a fb 55 33 93  9f c8 31 33 29 f5 12 3e  |..N..U3...13)..>|
-00000160  39 62 62 27 05 cf d2 be  bd 7d 42 51 97 4f 71 95  |9bb'.....}BQ.Oq.|
-00000170  10 f8 eb 0f d8 d1 69 aa  22 13 a8 fe 24 f6 87 a1  |......i."...$...|
-00000180  9d ca cb 8f 99 39 2b fb  99 d9 18 8a fa fa 25 20  |.....9+.......% |
-00000190  df 6a b3 d1 ac ce 56 8b  76 5d a9 46 1c 0b c7 57  |.j....V.v].F...W|
-000001a0  90 02 10 55 85 49 48 89  d8 d6 4b 68 29 cb 28 66  |...U.IH...Kh).(f|
-000001b0  1c d1 97 e6 a0 10 90 63  83 96 33 ee 5a 5a 5b 66  |.......c..3.ZZ[f|
-000001c0  ca b3 0d be 6d 70 c5 de  fd 78 c8 f8 e1 c5 78 ef  |....mp...x....x.|
-000001d0  07 2e 60 06 28 86 ed e6  bd 7b 37 33 0e 06 5e 06  |..`.(....{73..^.|
-000001e0  fb 44 2b 96 16 fe 09 30  dc 03 53 bc c9 f9 6f 1e  |.D+....0..S...o.|
-000001f0  4b 79 a9 ac fe 20 3f 12  58 48 0c 40 a5 2f f2 6a  |Ky... ?.XH.@./.j|
-00000200  ea 44 69 93 54 4f 4d 6c  98 85 b1 c5 6f 50 83 b8  |.Di.TOMl....oP..|
-00000210  8a 20 e3 b9 da b7 7d e4  ec 33 28 96 29 d7 dc a3  |. ....}..3(.)...|
-00000220  d0 54 76 cd a6 99 17 e8  0f 14 d2 7c 4b 68 0a 80  |.Tv........|Kh..|
-00000230  4f 0b 2b b5 16 68 dc 25  42 b5 0b f7 13 6a c5 81  |O.+..h.%B....j..|
-00000240  c0 18 bc fb 40 86 cc 99  2e 70 2b 9a 72 eb be 57  |....@....p+.r..W|
-00000250  a0 43 92 83 3b 7e c8 02  43 ab 17 7a 73 87 1a a2  |.C..;~..C..zs...|
-00000260  1c 01 db b4 31 b1 d9 44  f1 c0 d9 de 27 bd 4c 8b  |....1..D....'.L.|
-00000270  1c f5 3d db d6 aa 98 7d  43 fe dd 64 85 8b c1 88  |..=....}C..d....|
-00000280  a9 1e f1 04 0b 5d 3b c2  fd 3f b2 27 a7 28 d1 82  |.....];..?.'.(..|
-00000290  13 fb 85 46 77 78 50 45  1b 4b c0 75 f2 32 8a 6d  |...FwxPE.K.u.2.m|
-000002a0  52 37 2e b1 80 e9 81 3b  60 c8 88 78 11 3f 0f 96  |R7.....;`..x.?..|
-000002b0  d1 4b 19 49 91 b5 70 44  2d 62 a1 04 8f 98 89 ab  |.K.I..pD-b......|
-000002c0  75 1f 8a 97 d5 28 dc 88  20 92 7f f2 90 16 1b de  |u....(.. .......|
-000002d0  54 7c 5f 05 8f c9 70 a1  f5 8c 99 09 43 ab 09 73  |T|_...p.....C..s|
-000002e0  dd 5e 62 c3 9f c8 e1 fa  9e 98 65 18 b5 5e 4e f9  |.^b.......e..^N.|
-000002f0  85 a4 cc dc b8 12 1b eb  0a bc bc bd 1c 2f 51 0e  |............./Q.|
-00000300  8f 55 f1 10 22 06 ca cb  f2 97 54 63 1c 98 36 9f  |.U..".....Tc..6.|
-00000310  1d 66 b0 17 03 03 00 99  f0 14 4d 69 84 b3 ca d4  |.f........Mi....|
-00000320  96 9c e2 3c a4 55 f4 b6  01 1f 1e 1f 77 98 c4 84  |...<.U......w...|
-00000330  5e ce 4c 0b bf ba 39 6b  36 a6 15 9c d1 90 87 d1  |^.L...9k6.......|
-00000340  13 39 1c dd 86 0f a0 06  f7 fc f7 c9 10 4e 46 0a  |.9...........NF.|
-00000350  03 12 a0 bf 3e f3 7d e6  1b b7 ce ec 16 84 52 8e  |....>.}.......R.|
-00000360  bc 9c 9a 4f 2f a7 d9 aa  f3 d6 be 0a f8 39 2d 18  |...O/........9-.|
-00000370  28 9e 35 6e 25 25 46 9b  49 61 a6 ee 6a 87 d2 5f  |(.5n%%F.Ia..j.._|
-00000380  54 e6 fb 96 a3 e9 8a 05  c2 fb 71 0b d7 13 2e 19  |T.........q.....|
-00000390  e5 5c a2 d0 f4 b3 34 95  e1 1d 24 ef 33 a2 0a d5  |.\....4...$.3...|
-000003a0  65 b2 5f 46 73 45 33 69  d6 c3 f6 49 20 e2 00 bd  |e._FsE3i...I ...|
-000003b0  16 17 03 03 00 35 89 2f  34 08 44 35 6a 52 1a fd  |.....5./4.D5jR..|
-000003c0  e4 be 2b 0e 0a dd 2d c1  e7 e3 20 7a 0a 3e 87 1d  |..+...-... z.>..|
-000003d0  2b 64 87 c5 11 54 46 1a  5c 89 e2 97 3f 83 b2 b4  |+d...TF.\...?...|
-000003e0  04 ed d2 c4 1d 3d 37 1f  e1 62 f2                 |.....=7..b.|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 df  |..+.....3.$... .|
+00000060  bb 62 90 62 b0 0d ee a9  4f 2a 45 58 9b d4 1d 0b  |.b.b....O*EX....|
+00000070  b8 49 ee 69 3a e4 48 65  a8 5a 94 60 99 00 2e 14  |.I.i:.He.Z.`....|
+00000080  03 03 00 01 01 17 03 03  00 17 5a fa 5d b7 3e 06  |..........Z.].>.|
+00000090  4f 87 9d 8e f7 c6 9d 6c  9a f9 c8 c1 48 69 a0 1f  |O......l....Hi..|
+000000a0  67 17 03 03 02 6d 0f 4d  e4 f2 24 16 18 d7 0f 1f  |g....m.M..$.....|
+000000b0  eb e4 ff f9 71 99 63 21  41 ff e2 65 96 90 07 88  |....q.c!A..e....|
+000000c0  b4 3b 23 8e 28 01 df c7  f3 71 71 36 25 6c d5 fe  |.;#.(....qq6%l..|
+000000d0  e7 7b 94 f3 2f ba e0 b5  02 1a 24 15 66 2f 4b 2c  |.{../.....$.f/K,|
+000000e0  8e ae da 30 67 9b 33 fa  95 bc ea 80 2d 85 b4 93  |...0g.3.....-...|
+000000f0  28 42 f3 af ab 06 b6 a2  20 4e 9a 9a 07 c4 ad 5a  |(B...... N.....Z|
+00000100  ab 91 b6 f4 b3 ae ba 08  19 4d 0b 5a c7 f8 c6 1c  |.........M.Z....|
+00000110  db b8 61 d1 55 5f 02 34  44 cf c4 f1 7b 25 b2 12  |..a.U_.4D...{%..|
+00000120  a0 37 80 3a 3d 47 b0 cc  92 31 8c 41 d9 85 fa ac  |.7.:=G...1.A....|
+00000130  ea 81 49 4e 60 b9 1a dc  2a 61 fa 89 e3 b5 93 b5  |..IN`...*a......|
+00000140  cf 22 65 46 54 56 bc 3c  f9 62 75 bd 04 8f 39 fb  |."eFTV.<.bu...9.|
+00000150  a3 94 92 20 44 5b 74 51  b1 38 fe 48 a4 26 74 82  |... D[tQ.8.H.&t.|
+00000160  ac 11 04 25 a4 76 06 ce  51 47 2f 56 e8 1d 4f 74  |...%.v..QG/V..Ot|
+00000170  d5 5c 00 b7 22 a5 47 3c  17 d5 f3 13 37 8e b0 82  |.\..".G<....7...|
+00000180  da 5f d9 85 05 e7 12 79  0a 22 97 b5 9b 03 2d 61  |._.....y."....-a|
+00000190  ab 19 4c 40 8a 9d d2 08  77 1d cc f0 b7 c7 48 ba  |..L@....w.....H.|
+000001a0  70 c4 e9 7f 1a ba 5b 0a  d2 1e 0c 95 58 e9 f0 56  |p.....[.....X..V|
+000001b0  c2 a6 a3 58 b6 b2 ea 85  55 77 c8 09 be 1a 7e 2c  |...X....Uw....~,|
+000001c0  ac d3 a0 ce 4c 6d 5a 02  c8 d9 7e b8 3b 46 e9 48  |....LmZ...~.;F.H|
+000001d0  73 9b 97 1c 32 fe e1 99  c4 2e ee 81 38 27 12 d0  |s...2.......8'..|
+000001e0  99 4f dd 18 a3 df 93 24  f3 0d 53 11 fe bb ff b7  |.O.....$..S.....|
+000001f0  cf 5e 18 41 01 d4 d3 06  6a f4 5b e3 26 1f 7c fa  |.^.A....j.[.&.|.|
+00000200  ad 9f 61 a3 b3 05 5e b4  bf 94 9c 94 4b c9 3c 63  |..a...^.....K.<c|
+00000210  88 1d b9 df a9 0d 4f 57  78 73 6a 64 cf 29 49 e4  |......OWxsjd.)I.|
+00000220  a3 f8 cb a3 f0 0d 93 c2  56 65 f8 f9 be ad b2 e6  |........Ve......|
+00000230  c6 c7 f5 73 3c 7a 85 e5  e1 73 d4 76 f6 6b 87 da  |...s<z...s.v.k..|
+00000240  99 79 e4 94 d7 77 88 a2  44 cd 60 58 3f 22 67 88  |.y...w..D.`X?"g.|
+00000250  f1 aa 99 3e 1c 04 be 98  b8 87 f7 c8 e3 0f c7 55  |...>...........U|
+00000260  75 01 95 fa 21 f2 5f df  d2 38 88 87 99 b0 10 4d  |u...!._..8.....M|
+00000270  e3 c9 74 28 59 14 90 89  6c 54 83 0b 71 c2 7e 4b  |..t(Y...lT..q.~K|
+00000280  39 21 92 0f ec 0e 98 53  39 75 54 0b 8d 12 6d 57  |9!.....S9uT...mW|
+00000290  4f bd 2a 02 9a 44 ac 45  47 c3 05 71 cc 7e 60 0e  |O.*..D.EG..q.~`.|
+000002a0  93 1b 70 5b 42 4b d6 7f  01 2d 2a 73 ed 52 b2 8d  |..p[BK...-*s.R..|
+000002b0  2f fb 6e 85 5e c6 70 2d  3b e8 3d f1 57 6e c5 f8  |/.n.^.p-;.=.Wn..|
+000002c0  7b f5 85 af 3e c8 64 28  00 24 1e 8a c9 6c f8 e3  |{...>.d(.$...l..|
+000002d0  24 83 50 39 d0 4d b4 23  62 80 7d 6b f8 ee 5a f0  |$.P9.M.#b.}k..Z.|
+000002e0  c8 63 df 43 6e ce 58 b9  39 18 91 82 3c 84 d9 12  |.c.Cn.X.9...<...|
+000002f0  4a 4b 76 67 2c 07 91 97  ac c9 16 9c b5 7a 84 54  |JKvg,........z.T|
+00000300  fb 99 2a 16 0a 00 a3 d6  04 ac 28 f5 d0 34 a6 3c  |..*.......(..4.<|
+00000310  ac 54 50 17 03 03 00 99  5f ec 9a 27 57 7e 33 28  |.TP....._..'W~3(|
+00000320  b3 06 a4 36 6d 4e 59 3e  9a 75 95 3a d2 72 c0 7c  |...6mNY>.u.:.r.||
+00000330  61 54 a5 46 01 91 2d 11  ac 6e 25 15 62 c4 8f 8f  |aT.F..-..n%.b...|
+00000340  f9 a8 a0 2a d1 51 71 12  9b df 4f 6a 1b e9 b1 c2  |...*.Qq...Oj....|
+00000350  eb 83 00 fd 32 53 b3 5d  3b 6c 34 59 e9 42 21 ff  |....2S.];l4Y.B!.|
+00000360  7a 10 c0 81 81 13 01 db  bb ef 8f 29 a3 ca 07 67  |z..........)...g|
+00000370  b8 8f 5d 27 07 9c ed 67  51 f9 35 a7 11 bf 10 f7  |..]'...gQ.5.....|
+00000380  f4 36 d8 dc fd 14 a8 56  18 c8 4e fb be 27 91 5f  |.6.....V..N..'._|
+00000390  6a a4 da 13 32 3d 6c d9  fa 18 5b 13 26 68 e2 a9  |j...2=l...[.&h..|
+000003a0  d2 b6 72 2e dd 7d 69 30  32 fd 24 35 35 a1 1d bd  |..r..}i02.$55...|
+000003b0  03 17 03 03 00 35 05 56  0b a7 86 2f 45 c1 18 c2  |.....5.V.../E...|
+000003c0  ad c5 2f 54 f6 5b b3 eb  45 fc 76 ff c9 60 89 e1  |../T.[..E.v..`..|
+000003d0  f1 e2 3a 28 60 8d e9 54  62 4d 7a 30 4f 8c 73 b7  |..:(`..TbMz0O.s.|
+000003e0  45 10 27 0f e8 56 91 1f  7c 07 3a                 |E.'..V..|.:|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 07 8e f6 0b 41  |..........5....A|
-00000010  be 74 45 99 5e 35 59 4f  2e 59 d4 37 77 ca 53 d4  |.tE.^5YO.Y.7w.S.|
-00000020  fd 33 bf dc 65 85 ee ad  c5 d6 94 7e 6e e8 02 cf  |.3..e......~n...|
-00000030  15 d2 04 cb e1 9f 5e 94  dd 5f 37 17 95 17 0c b7  |......^.._7.....|
-00000040  17 03 03 00 17 1f aa e9  7d 34 dc 12 da 3b cb dd  |........}4...;..|
-00000050  1c d3 b0 f1 79 ad cc 66  06 64 69 21 17 03 03 00  |....y..f.di!....|
-00000060  13 b7 c7 a2 01 48 27 3a  44 e6 c6 47 a9 19 5f d2  |.....H':D..G.._.|
-00000070  f8 96 98 70                                       |...p|
+00000000  14 03 03 00 01 01 17 03  03 00 35 f9 89 62 39 dc  |..........5..b9.|
+00000010  cb f6 be b1 6f db 4c 8e  44 3c 1e 13 ba 25 db dc  |....o.L.D<...%..|
+00000020  f1 64 00 ea f3 56 ba 69  00 5b bd 64 05 8d c7 27  |.d...V.i.[.d...'|
+00000030  39 b6 9c 2f ce e4 74 f1  ab 32 59 f1 6d 27 88 58  |9../..t..2Y.m'.X|
+00000040  17 03 03 00 17 90 42 5e  b1 ae d2 d7 71 4e 8f 51  |......B^....qN.Q|
+00000050  91 3b e4 b0 97 ef 35 27  4f 56 79 81 17 03 03 00  |.;....5'OVy.....|
+00000060  13 7b 6b c7 ab bf f2 de  55 52 b0 ee 67 40 ad bd  |.{k.....UR..g@..|
+00000070  6e 4d 22 f8                                       |nM".|
diff --git a/testdata/Client-TLSv13-AES256-SHA384 b/testdata/Client-TLSv13-AES256-SHA384
index c5bac350..02eb5092 100644
--- a/testdata/Client-TLSv13-AES256-SHA384
+++ b/testdata/Client-TLSv13-AES256-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,87 +7,89 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 3d 39 60 81 a4  |....z...v..=9`..|
-00000010  cc 92 5d fd 8b 21 58 da  2e 4c e2 70 2b 12 d2 8c  |..]..!X..L.p+...|
-00000020  35 55 bc ba 79 c1 9e 6f  78 8c cf 20 00 00 00 00  |5U..y..ox.. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 3e 8f 50 19 e5  |....z...v..>.P..|
+00000010  1b d8 bf 48 bf c6 b3 38  d0 a4 9d 33 39 1f 36 72  |...H...8...39.6r|
+00000020  9a a4 7d 9a e5 61 f1 9b  da 0c a3 20 00 00 00 00  |..}..a..... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 02 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 10  |..+.....3.$... .|
-00000060  0e 84 6c ef b3 7e f7 93  33 67 0e d0 5e e4 c6 a8  |..l..~..3g..^...|
-00000070  5f c5 ac e7 85 06 86 a4  21 10 aa 56 18 3a 39 14  |_.......!..V.:9.|
-00000080  03 03 00 01 01 17 03 03  00 17 a8 c3 84 a3 a2 42  |...............B|
-00000090  ba c8 40 ef f8 53 02 58  d7 39 3f b2 34 2f 4e 71  |..@..S.X.9?.4/Nq|
-000000a0  54 17 03 03 02 6d e5 41  6d ac 46 4e 7c 71 5c b9  |T....m.Am.FN|q\.|
-000000b0  c5 aa 8d 7d f2 ef f3 40  22 9d db d3 83 49 45 94  |...}...@"....IE.|
-000000c0  96 c6 85 74 ac f1 64 e2  80 7a 47 1e c1 f7 45 bb  |...t..d..zG...E.|
-000000d0  6e 56 b5 5b 90 1f 11 6e  47 d5 52 b7 5d d3 02 80  |nV.[...nG.R.]...|
-000000e0  55 59 94 53 05 ab 5c aa  18 f8 7d d0 24 1d 6f 7a  |UY.S..\...}.$.oz|
-000000f0  c7 8e e9 80 61 dc b3 2b  c0 74 09 d3 58 be e9 cb  |....a..+.t..X...|
-00000100  8b 53 ec 68 d7 b4 4b 70  83 42 bb 24 78 05 3c 8c  |.S.h..Kp.B.$x.<.|
-00000110  a9 54 af 0b 55 e2 d3 35  73 56 9b 9a 19 fd 93 9a  |.T..U..5sV......|
-00000120  21 c3 5f f8 cf fe e0 a1  63 62 b8 58 bf 35 29 1d  |!._.....cb.X.5).|
-00000130  69 58 f6 d3 e8 60 66 1b  db 53 4b 26 0b 78 d9 5e  |iX...`f..SK&.x.^|
-00000140  73 d5 34 5a 11 57 98 8d  0c 9f 85 28 80 a4 ee 47  |s.4Z.W.....(...G|
-00000150  f8 23 ca 31 7a 24 d5 dd  9b 49 7b 62 ab e5 69 fa  |.#.1z$...I{b..i.|
-00000160  e7 cc 83 0c 6e e5 0f 98  4c 07 86 2b a9 97 eb c0  |....n...L..+....|
-00000170  78 1e 2b 83 7b 9a 6f 51  60 c0 b8 e1 99 f7 b0 e3  |x.+.{.oQ`.......|
-00000180  bf d8 ec 4e 9f 69 27 c8  89 fc 18 21 58 8a ba 87  |...N.i'....!X...|
-00000190  23 4c cd 95 b7 f1 a5 9a  79 5c d7 35 74 a5 4a 2c  |#L......y\.5t.J,|
-000001a0  fc c8 f4 b4 c4 de 3b 0e  08 12 e0 24 af 10 b3 e7  |......;....$....|
-000001b0  04 74 a9 b4 de ee 98 b5  f1 ed 50 9f eb 5f eb 14  |.t........P.._..|
-000001c0  56 6f d2 f2 b3 5e 40 34  0a f9 2d 44 de 0a 29 8f  |Vo...^@4..-D..).|
-000001d0  e5 86 dc 97 4f dd 26 b6  6a 8f 69 e9 5c 87 87 92  |....O.&.j.i.\...|
-000001e0  65 04 d6 aa d0 79 bf ab  85 20 ca e9 bf 50 5d a9  |e....y... ...P].|
-000001f0  80 2c 92 26 8e 19 ef 78  a7 68 64 ba 48 3c 24 2e  |.,.&...x.hd.H<$.|
-00000200  45 69 ce 94 17 e5 8a d7  81 02 de f1 d0 d8 c0 b8  |Ei..............|
-00000210  86 c1 fb 2c 6d fe 42 1a  ce e0 1c f0 29 15 ba fc  |...,m.B.....)...|
-00000220  8d 65 5e 6d ea 9e c3 95  f4 1b 15 bb 91 ac 9c 0b  |.e^m............|
-00000230  13 f0 fa ab 46 ed f1 c5  29 6e 45 db 4c cc 1e 45  |....F...)nE.L..E|
-00000240  4d fc f2 6c 2b 0a d0 f3  70 69 32 cd 2f 23 6d f2  |M..l+...pi2./#m.|
-00000250  5f f3 f4 f0 5c 1c d7 d3  a7 0c 8f 23 29 30 7a 8e  |_...\......#)0z.|
-00000260  c3 aa a8 71 21 5c ad b6  fb c6 bd 78 ac ab b1 a0  |...q!\.....x....|
-00000270  11 84 23 61 7b ec 90 e1  2c 23 ec 9b 21 c8 ab 01  |..#a{...,#..!...|
-00000280  e0 b9 5b 0b 4c ee a5 3c  5b c0 52 bd 60 7a b1 88  |..[.L..<[.R.`z..|
-00000290  67 e3 c9 60 b9 04 a8 31  3e 34 d7 33 49 38 d9 a7  |g..`...1>4.3I8..|
-000002a0  d1 04 b4 13 a8 5f 0b f2  41 77 d4 c8 b2 d3 0e d6  |....._..Aw......|
-000002b0  8c dc 34 ad 2a d9 4b 5f  4a e2 17 0a be 2a 55 4a  |..4.*.K_J....*UJ|
-000002c0  44 a7 b0 0f d1 39 b0 e5  9d 77 6b d7 44 15 99 bf  |D....9...wk.D...|
-000002d0  c8 02 57 90 5b 73 29 fe  ab 85 93 c3 dc 1c b0 b2  |..W.[s).........|
-000002e0  14 78 01 99 f5 d2 db ef  ae 0e 2a d9 17 1e 70 fa  |.x........*...p.|
-000002f0  bb 74 fe 93 a0 aa ff 79  cd 8b 6d 3d 79 66 d2 c8  |.t.....y..m=yf..|
-00000300  90 c7 2c e6 54 26 de f7  4d b8 a7 73 cd 92 fc 42  |..,.T&..M..s...B|
-00000310  ad 4e ff 17 03 03 00 99  c6 07 36 ce 58 9c fe 38  |.N........6.X..8|
-00000320  aa b4 5c c8 8e f5 11 19  82 4c 4b 2b 0a 08 be 3f  |..\......LK+...?|
-00000330  11 76 06 4b d3 1b b7 fc  66 d9 db de fb 6a ee 29  |.v.K....f....j.)|
-00000340  f6 a5 4b 96 f3 3c a0 67  44 73 d4 46 c5 d4 a1 f8  |..K..<.gDs.F....|
-00000350  71 36 7c a5 62 79 fc be  f9 34 55 85 31 8f fc e3  |q6|.by...4U.1...|
-00000360  46 be 64 1e 2d 1b 21 c3  89 8e 1c cc df 30 05 57  |F.d.-.!......0.W|
-00000370  2e d5 d5 67 11 10 46 1a  af 99 01 0e fd 40 53 1f  |...g..F......@S.|
-00000380  b0 f0 76 3e 8e c1 7a 6a  fe fe ef c1 08 6e ea 9b  |..v>..zj.....n..|
-00000390  75 6c 62 86 07 50 ee 1f  ef 3b 55 fd 68 44 47 27  |ulb..P...;U.hDG'|
-000003a0  07 c1 53 b5 13 c5 e0 a4  d6 9e 8a 3c 78 a0 04 b7  |..S........<x...|
-000003b0  08 17 03 03 00 45 6b fc  53 20 43 7a f3 26 2f fc  |.....Ek.S Cz.&/.|
-000003c0  97 0e d3 09 f0 d9 c5 46  af be e4 c5 06 31 6f 6c  |.......F.....1ol|
-000003d0  5f 11 ec 4a c5 d5 02 50  aa d5 28 98 60 f1 79 82  |_..J...P..(.`.y.|
-000003e0  fb e9 87 c0 e0 c0 e0 60  c2 11 cf be 8f 12 d5 0c  |.......`........|
-000003f0  91 40 ed a1 93 40 60 04  98 a3 d7                 |.@...@`....|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 80  |..+.....3.$... .|
+00000060  d3 4e d4 ec ef 3e 0b c0  9b 8e 6a 91 2b af f2 cf  |.N...>....j.+...|
+00000070  78 13 e0 9b e1 41 60 7d  bd 83 69 d5 dc 1b 6d 14  |x....A`}..i...m.|
+00000080  03 03 00 01 01 17 03 03  00 17 cd 1f b4 38 20 00  |.............8 .|
+00000090  f5 52 89 92 be 23 95 90  92 b4 2a 06 f9 af f7 6c  |.R...#....*....l|
+000000a0  82 17 03 03 02 6d 4d 51  05 22 11 94 f0 2e 66 9b  |.....mMQ."....f.|
+000000b0  d0 bd b8 01 3c 23 03 3a  28 a7 74 80 81 e6 5c 5e  |....<#.:(.t...\^|
+000000c0  48 fb 4d 29 ab b3 17 c6  25 d8 15 ed 63 ef 07 61  |H.M)....%...c..a|
+000000d0  0e 14 44 da 9f 6c c1 57  37 18 34 16 e0 3a 8d ab  |..D..l.W7.4..:..|
+000000e0  98 45 84 79 e0 19 56 26  61 e1 70 c9 7d 7b 55 b0  |.E.y..V&a.p.}{U.|
+000000f0  5c d5 90 60 87 3c 55 f7  5e 4f df fc 05 6e 90 bc  |\..`.<U.^O...n..|
+00000100  7d a0 2a db 56 17 5a e6  b4 85 99 68 2a fa 83 0d  |}.*.V.Z....h*...|
+00000110  40 84 a6 20 1d 5b 30 25  b3 b2 c6 ba 73 88 f4 c1  |@.. .[0%....s...|
+00000120  30 d0 f5 48 a6 52 c9 3e  bd 8d dc 31 1c 84 25 4d  |0..H.R.>...1..%M|
+00000130  ae c0 0f de 5b 44 97 d1  bf f6 7a 84 88 fb 82 7b  |....[D....z....{|
+00000140  79 5d f0 d8 39 a3 21 5a  67 16 b9 68 55 06 bd 50  |y]..9.!Zg..hU..P|
+00000150  f2 83 77 8e e6 60 f3 46  57 d3 96 e1 f7 02 9e 1d  |..w..`.FW.......|
+00000160  d3 f2 29 0b 8e 34 0d 40  0b 1a 06 c5 33 52 bd 78  |..)..4.@....3R.x|
+00000170  4e ff a2 ec 31 a1 c3 57  0d 82 59 ab a7 46 81 94  |N...1..W..Y..F..|
+00000180  4f 31 63 25 75 3f b1 c9  99 ae 8a 60 6f 4a 96 d2  |O1c%u?.....`oJ..|
+00000190  ce 37 4c 7b f4 f9 83 56  7e 4c 0a 6d a1 0c 80 00  |.7L{...V~L.m....|
+000001a0  46 5a a9 fa d6 7c 9a 18  c2 36 b6 19 fa 76 37 65  |FZ...|...6...v7e|
+000001b0  d4 c0 33 37 c3 90 26 df  4e c7 89 65 26 f3 cb 9d  |..37..&.N..e&...|
+000001c0  a2 a0 ae 50 72 89 45 db  fb a1 44 3a 12 9e e7 4e  |...Pr.E...D:...N|
+000001d0  7a b8 aa f8 87 d2 8d 6b  43 ff 66 b7 ad 06 d5 09  |z......kC.f.....|
+000001e0  ac 4e 75 db b2 d1 4c 43  81 26 43 bf a3 af 0f 97  |.Nu...LC.&C.....|
+000001f0  83 a4 37 e1 aa 50 da e7  6b 3f a1 6c 80 ea b2 06  |..7..P..k?.l....|
+00000200  6b 51 b9 b9 b0 83 71 b1  56 fe c7 f6 9e e7 69 1c  |kQ....q.V.....i.|
+00000210  e7 6b ba 0e 46 b9 9d cb  dd 7f 9f bf a3 06 1d ba  |.k..F...........|
+00000220  5f eb 5e 1f dd 76 5f 8c  d7 4e d9 a0 c1 75 28 61  |_.^..v_..N...u(a|
+00000230  ea ef 4a 79 fc a6 8f 87  98 b2 26 ce 4e ae b7 9c  |..Jy......&.N...|
+00000240  ed 73 f3 98 a4 83 56 55  af d7 6d c3 90 fc ec 8d  |.s....VU..m.....|
+00000250  09 b4 a0 80 ac ff bc 1b  0b f9 70 4d 70 2b 19 ab  |..........pMp+..|
+00000260  d0 14 de 7c d2 ca b7 56  7f 19 d6 1a 11 04 50 3d  |...|...V......P=|
+00000270  12 dc 35 c1 ce b9 b0 e4  70 b3 27 4b 26 98 e3 af  |..5.....p.'K&...|
+00000280  7f 42 62 4b 75 33 61 54  2c 0f 03 bd b6 51 e9 5a  |.BbKu3aT,....Q.Z|
+00000290  bd 90 f9 af 8e 5f c2 ed  aa 63 a4 3b c7 e1 cb cc  |....._...c.;....|
+000002a0  8b 0f 48 39 9b 6c 49 08  9b f4 27 d8 d8 92 56 a3  |..H9.lI...'...V.|
+000002b0  ae a9 60 a9 ab 25 3d 3d  ba 36 60 00 39 bd 60 ab  |..`..%==.6`.9.`.|
+000002c0  58 bd 4d c2 ab 13 2d 70  2d ef 0c a3 65 17 45 ad  |X.M...-p-...e.E.|
+000002d0  b2 fc 92 ce cb 74 e9 b1  59 cb b2 f1 c7 06 6b 9d  |.....t..Y.....k.|
+000002e0  12 7a c1 51 3d c8 81 91  88 02 fa be 18 f2 9d 4d  |.z.Q=..........M|
+000002f0  04 53 3f 39 e9 49 1f fb  99 1b 71 94 44 dd 09 c5  |.S?9.I....q.D...|
+00000300  4a c4 71 45 2a d7 8f b9  a3 7d 2f df 23 d0 2c 83  |J.qE*....}/.#.,.|
+00000310  1a 90 0e 17 03 03 00 99  60 fb bc b6 8b 4a 50 fb  |........`....JP.|
+00000320  88 0e 23 81 34 07 98 f8  07 35 5f 12 98 4d a3 63  |..#.4....5_..M.c|
+00000330  c3 05 e7 99 eb 22 fe a9  da 60 25 70 e6 53 40 18  |....."...`%p.S@.|
+00000340  f9 66 c4 3c 0f 3c 9b 7b  3e 86 5f e9 0f 91 4e ea  |.f.<.<.{>._...N.|
+00000350  4f 38 dd ef 1c a8 80 16  ae 59 50 70 23 92 40 22  |O8.......YPp#.@"|
+00000360  01 d6 72 d4 e5 ee e7 b2  aa 07 d0 ac ee 63 8f dc  |..r..........c..|
+00000370  55 29 5e e5 6f be 28 1e  b5 ad ca 9a 30 94 57 16  |U)^.o.(.....0.W.|
+00000380  de 2b ba 7b 4a 50 a8 7a  fa 9d 45 89 d1 3c 97 d3  |.+.{JP.z..E..<..|
+00000390  9d c5 1d de cd d6 80 9b  bd 68 1c e2 8b e3 bb dc  |.........h......|
+000003a0  c5 2a 4d 38 ae d6 b3 1d  2e 35 52 d0 c0 b4 ae fd  |.*M8.....5R.....|
+000003b0  68 17 03 03 00 45 ac f9  bb 95 b5 c3 fb dc e9 21  |h....E.........!|
+000003c0  65 ef a9 2d 9c 6a 6b 51  35 9b 2b a9 6b f4 2f 66  |e..-.jkQ5.+.k./f|
+000003d0  14 9d e0 30 fc eb 43 bb  4f 1b 50 13 65 72 35 74  |...0..C.O.P.er5t|
+000003e0  dd 20 dc 88 54 e4 05 18  d7 02 ca 5b 27 dd 32 e9  |. ..T......['.2.|
+000003f0  a2 68 68 cc 55 ff 25 21  87 13 9b                 |.hh.U.%!...|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 45 ee 00 18 db 1e  |..........E.....|
-00000010  67 aa 0f 9e 5c 20 7d 25  27 49 e8 d5 60 02 78 7b  |g...\ }%'I..`.x{|
-00000020  23 58 70 67 67 93 ca 4d  50 69 b1 cf d9 dc 31 d3  |#Xpgg..MPi....1.|
-00000030  03 36 b0 07 39 59 52 e1  c7 36 6d 16 0b 56 03 c6  |.6..9YR..6m..V..|
-00000040  a0 ec 0e 6b ed de 7b ba  51 96 83 b6 b8 77 8f 6a  |...k..{.Q....w.j|
-00000050  17 03 03 00 17 77 f6 6f  83 00 ad eb be 16 26 3d  |.....w.o......&=|
-00000060  27 e8 58 73 a2 bc 11 ff  14 54 4a 15 17 03 03 00  |'.Xs.....TJ.....|
-00000070  13 bc 94 3f 6e ee 1b 40  b0 2e 03 13 47 28 38 4d  |...?n..@....G(8M|
-00000080  2d 26 5d 15                                       |-&].|
+00000000  14 03 03 00 01 01 17 03  03 00 45 87 09 9a a9 a0  |..........E.....|
+00000010  6a 25 7e 7f ef f2 95 97  45 9f 25 b3 fc 70 1d a5  |j%~.....E.%..p..|
+00000020  c5 e3 bc 95 95 c2 2e 9b  46 d9 cd 5e 04 29 33 9f  |........F..^.)3.|
+00000030  8c 35 d5 b0 4c 35 e7 f4  02 1a 1a 9f 07 e5 e4 9d  |.5..L5..........|
+00000040  6f 63 35 d5 c9 21 9f 90  95 a5 14 14 fc 8a bb 41  |oc5..!.........A|
+00000050  17 03 03 00 17 3d e1 e9  33 73 b4 29 68 d2 50 d2  |.....=..3s.)h.P.|
+00000060  58 9b 85 21 07 3a a8 87  92 37 53 90 17 03 03 00  |X..!.:...7S.....|
+00000070  13 24 0a cf 8a 3e 88 9d  9f 57 81 26 10 06 fc 70  |.$...>...W.&...p|
+00000080  1d fa da 81                                       |....|
diff --git a/testdata/Client-TLSv13-ALPN b/testdata/Client-TLSv13-ALPN
index f40340ac..d83b2700 100644
--- a/testdata/Client-TLSv13-ALPN
+++ b/testdata/Client-TLSv13-ALPN
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 12 01 00 01  0e 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 30 01 00 01  2c 03 03 00 00 00 00 00  |....0...,.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,87 +7,89 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 93 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 b1 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 10 00 10  |................|
-000000d0  00 0e 06 70 72 6f 74 6f  32 06 70 72 6f 74 6f 31  |...proto2.proto1|
-000000e0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
-000000f0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
-00000100  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
-00000110  90 99 5f 58 cb 3b 74                              |.._X.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 10 00 10 00 0e  |................|
+000000f0  06 70 72 6f 74 6f 32 06  70 72 6f 74 6f 31 00 2b  |.proto2.proto1.+|
+00000100  00 09 08 03 04 03 03 03  02 03 01 00 33 00 26 00  |............3.&.|
+00000110  24 00 1d 00 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |$... /.}.G.bC.(.|
+00000120  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
+00000130  5f 58 cb 3b 74                                    |_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 c2 2e 95 0c cf  |....z...v.......|
-00000010  63 40 d8 a0 bd 51 27 e2  62 79 72 26 b1 d4 38 5b  |c@...Q'.byr&..8[|
-00000020  50 03 66 d2 2e 8e 46 b7  cf 40 0a 20 00 00 00 00  |P.f...F..@. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 cb f0 b7 02 94  |....z...v.......|
+00000010  1a 0a b2 1d 4b 7c 43 99  cb 50 bd aa 72 80 91 98  |....K|C..P..r...|
+00000020  bc 29 68 eb bd 81 b5 32  7c fe 9b 20 00 00 00 00  |.)h....2|.. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 21  |..+.....3.$... !|
-00000060  18 6f 64 73 17 22 b0 11  60 92 ab 01 b3 fb 8a 2d  |.ods."..`......-|
-00000070  27 15 5a 46 ec 6c c3 0c  a7 73 00 b2 7e 9f 4f 14  |'.ZF.l...s..~.O.|
-00000080  03 03 00 01 01 17 03 03  00 24 68 7f 90 b2 66 74  |.........$h...ft|
-00000090  36 f5 fc 65 55 19 c1 78  65 d8 dc 46 fb ad b6 2c  |6..eU..xe..F...,|
-000000a0  89 f3 d1 fd 3e 46 c2 50  01 24 72 2a 64 98 17 03  |....>F.P.$r*d...|
-000000b0  03 02 6d 40 bc da 1a 9c  8b d7 15 24 4f d4 c1 9c  |..m@.......$O...|
-000000c0  8b 3c 8b 51 37 41 46 a8  cb b4 9c 50 c0 be 72 ef  |.<.Q7AF....P..r.|
-000000d0  81 d3 7f ed ec 96 e2 c2  08 0e 7e 23 95 c3 4f 79  |..........~#..Oy|
-000000e0  01 2d 26 81 c1 ba d0 58  61 d8 c5 b7 e7 79 4f 3e  |.-&....Xa....yO>|
-000000f0  d8 c1 07 ae de 6a 1e 78  eb 9d 8c a1 2a 57 9c 56  |.....j.x....*W.V|
-00000100  1f 6c 6e bb 2d 70 6d 55  92 10 3f 39 7e 8a d2 30  |.ln.-pmU..?9~..0|
-00000110  e5 1c 4b df c0 96 d0 de  16 09 c6 34 23 16 54 a8  |..K........4#.T.|
-00000120  f5 0a 1a af 9a 27 60 89  19 6a 3e 69 12 de 76 4c  |.....'`..j>i..vL|
-00000130  88 f2 ca 6c 0b 94 b8 d2  bc 09 f0 d3 86 74 3c 3f  |...l.........t<?|
-00000140  aa fd 05 cb c7 63 9f e0  5c 7f 41 18 4f df 5e ca  |.....c..\.A.O.^.|
-00000150  66 cd 15 40 df 78 e7 55  33 5f dc 3f 29 b5 7b 97  |f..@.x.U3_.?).{.|
-00000160  f7 c9 19 78 a5 a9 4e 4d  3d 10 e6 00 26 08 a6 97  |...x..NM=...&...|
-00000170  b0 f0 38 b4 48 fb c1 81  01 38 18 e2 7b 47 97 d1  |..8.H....8..{G..|
-00000180  d2 53 67 25 50 8a ab eb  4c 38 6e 3b 99 95 66 50  |.Sg%P...L8n;..fP|
-00000190  dd 31 12 88 a2 d8 74 e0  04 ae ce 54 dc 5d d6 9c  |.1....t....T.]..|
-000001a0  fb 25 26 ac 0f c1 ed cf  aa 47 9e 5e e8 a3 0e 3b  |.%&......G.^...;|
-000001b0  05 04 2e 4b b3 44 29 e9  a5 7c 71 79 83 bf e2 06  |...K.D)..|qy....|
-000001c0  87 45 18 6d de 88 12 ad  00 6c dc d6 e3 df 8c c9  |.E.m.....l......|
-000001d0  ef ae 54 5a 93 fc 7e 82  64 15 52 03 ef 14 d1 7a  |..TZ..~.d.R....z|
-000001e0  95 b9 15 04 ab 1f 49 35  f8 2e 20 48 87 b1 88 82  |......I5.. H....|
-000001f0  18 ec 2d 58 c2 1b f8 41  47 f3 cf be 1e e8 60 7b  |..-X...AG.....`{|
-00000200  40 f8 ee cc 63 cc 8e 60  b7 3a 86 9f ce 70 76 2b  |@...c..`.:...pv+|
-00000210  4f 03 d1 2d 90 8e 3f 4b  19 32 2a d6 ba b3 9f b2  |O..-..?K.2*.....|
-00000220  ce 77 47 35 0c 5e e5 ea  64 bb 52 79 01 84 4b ee  |.wG5.^..d.Ry..K.|
-00000230  b6 4f 0a bc 2f aa af f9  c4 d7 1b 8e c7 58 f1 dc  |.O../........X..|
-00000240  84 57 f4 9c 3f 40 e5 27  49 9c 4c a9 98 1b 9a b3  |.W..?@.'I.L.....|
-00000250  95 83 7e 32 b7 d8 25 85  4d bf fd 14 88 c0 f7 1c  |..~2..%.M.......|
-00000260  e2 cb 46 b3 4a 39 80 fa  08 b3 c2 18 05 dd 82 e4  |..F.J9..........|
-00000270  68 5f 72 b5 53 a8 1b e7  7c 79 64 9a 3f 63 d3 50  |h_r.S...|yd.?c.P|
-00000280  df af cd 15 e7 30 2d 28  a1 24 80 ab 3e 71 83 e3  |.....0-(.$..>q..|
-00000290  5c 9a b7 6b f2 d0 1e 55  2c 1c ac 5d 21 64 a2 d2  |\..k...U,..]!d..|
-000002a0  a9 dd a8 49 7c 22 26 8e  ca 75 a3 ef 52 42 d0 38  |...I|"&..u..RB.8|
-000002b0  f4 02 60 af ee 33 30 46  90 a5 b3 7a 66 c8 ab 10  |..`..30F...zf...|
-000002c0  3f 76 d1 76 aa 5d da c4  29 ca d7 22 c4 44 b4 e8  |?v.v.]..)..".D..|
-000002d0  64 b6 6d 0f 16 cd d9 e9  62 17 91 64 03 0f 99 8f  |d.m.....b..d....|
-000002e0  c6 97 c8 4b c9 45 c4 31  e4 1f a8 b0 aa 67 02 e7  |...K.E.1.....g..|
-000002f0  20 68 2a 89 f9 b8 e8 ce  93 d0 a3 1b 0d d1 4c 45  | h*...........LE|
-00000300  c2 19 ac aa 87 43 95 ae  c4 56 56 fe 4b 0e af db  |.....C...VV.K...|
-00000310  08 6a 14 8e 8b 7e 64 9d  6d 6e 0f 78 7c e4 f8 51  |.j...~d.mn.x|..Q|
-00000320  17 03 03 00 99 2d 7b fa  e6 dc da 89 93 da 93 91  |.....-{.........|
-00000330  9c 25 08 50 66 eb a7 e4  f1 20 da 33 e5 cd a5 89  |.%.Pf.... .3....|
-00000340  00 a7 47 9c 84 e6 cf 6d  e1 86 02 af fb 54 ff b3  |..G....m.....T..|
-00000350  b5 a4 e1 46 1a 3a 89 ad  f0 c4 63 fe d2 eb bb 6c  |...F.:....c....l|
-00000360  6e cc a9 95 b0 e4 df f8  44 46 16 43 07 d7 8e 6e  |n.......DF.C...n|
-00000370  9b ee 0b 22 7a 23 f4 b8  3e fd fe 99 13 9d 18 bc  |..."z#..>.......|
-00000380  77 99 2f 90 21 a1 5f cc  9f 08 e2 75 44 2f bf 58  |w./.!._....uD/.X|
-00000390  70 f2 95 b2 13 20 f3 ed  51 de e8 02 c6 ca 44 57  |p.... ..Q.....DW|
-000003a0  eb 0b 9f 3e 61 f1 1a 6e  6b 13 f5 14 f3 43 19 f6  |...>a..nk....C..|
-000003b0  7d 46 3a 73 49 2f fd 83  c3 68 c7 ba b4 e8 17 03  |}F:sI/...h......|
-000003c0  03 00 35 67 2b 2b 9b f0  f3 d9 09 c4 01 20 ea 22  |..5g++....... ."|
-000003d0  c9 7c e6 7a ce 3f 7f 84  c2 1f 6e eb d6 ce 85 b8  |.|.z.?....n.....|
-000003e0  2c 3c 9f 77 8b 37 11 dd  64 d1 ae ba 85 50 7e ba  |,<.w.7..d....P~.|
-000003f0  14 a9 05 ff 82 3b e5 7d                           |.....;.}|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 78  |..+.....3.$... x|
+00000060  05 c7 69 04 93 8d 93 d7  d3 eb 0b 00 70 98 99 c1  |..i.........p...|
+00000070  2a a9 84 7f e5 6c 4c d0  b1 f3 10 71 11 c6 78 14  |*....lL....q..x.|
+00000080  03 03 00 01 01 17 03 03  00 24 6d 09 77 65 0f 29  |.........$m.we.)|
+00000090  b9 e5 1d df a9 e7 98 f6  f3 37 70 4b 8f cf 49 db  |.........7pK..I.|
+000000a0  fb 8f 73 fc 7f 9e ea e0  a0 35 ee 93 a0 34 17 03  |..s......5...4..|
+000000b0  03 02 6d 90 a9 c1 79 ef  b1 e3 7a 7d 3d f6 8e bd  |..m...y...z}=...|
+000000c0  18 04 6a 1c d4 72 52 ad  36 fc 21 c6 0b 94 8b 98  |..j..rR.6.!.....|
+000000d0  0e 98 54 c5 ff 3c 6d d2  15 c4 63 51 a6 00 4b 28  |..T..<m...cQ..K(|
+000000e0  c7 63 61 5c 09 0d 15 fc  53 0d fa b6 59 ff c9 82  |.ca\....S...Y...|
+000000f0  e1 93 6d 3d b0 24 b2 5d  23 d1 da 61 7f c9 79 32  |..m=.$.]#..a..y2|
+00000100  65 5f 41 6e 49 28 8e 1f  cd 7e 12 98 48 c9 79 ea  |e_AnI(...~..H.y.|
+00000110  db 5a 7f d5 4b dc 41 3c  64 5d 50 83 a2 2b 8c d2  |.Z..K.A<d]P..+..|
+00000120  d7 9e 96 99 25 05 b6 5c  48 62 1c 65 f7 2a a2 77  |....%..\Hb.e.*.w|
+00000130  df 46 30 8f 8a 39 9f 79  49 2d 47 97 75 b7 26 a3  |.F0..9.yI-G.u.&.|
+00000140  5b ee 67 f0 67 ae 1a 9d  f2 77 2f b6 3a 70 52 f8  |[.g.g....w/.:pR.|
+00000150  5d 26 58 21 9e 73 6a 00  99 75 bb 8e 8d b0 2c b9  |]&X!.sj..u....,.|
+00000160  05 cf 69 fe ec 45 06 d5  1d ca f9 c3 08 97 c0 e9  |..i..E..........|
+00000170  38 d8 76 27 d4 4b 40 42  f8 73 bf 7b 4b 42 5e 13  |8.v'.K@B.s.{KB^.|
+00000180  11 7e 75 af 92 7f 47 92  9e d8 15 b4 07 10 bf 74  |.~u...G........t|
+00000190  4f 55 4e 0d 4c 53 b6 5c  f8 07 87 40 0f 79 4e 76  |OUN.LS.\...@.yNv|
+000001a0  0a 19 48 48 37 a6 3c a1  69 56 5f 85 19 61 84 28  |..HH7.<.iV_..a.(|
+000001b0  8c 01 cf 0b 79 94 0f 31  e9 ca ad 5e fb a4 4e 21  |....y..1...^..N!|
+000001c0  13 de b7 d3 fd 38 6f c6  37 42 23 89 e1 23 e0 92  |.....8o.7B#..#..|
+000001d0  f4 ca 3b 92 b4 6d 87 32  11 c6 b5 80 27 d9 de b3  |..;..m.2....'...|
+000001e0  80 fa c4 0d a7 de 0a b3  39 79 3a bc 38 e0 fa 5c  |........9y:.8..\|
+000001f0  ec 3f ab cb a7 d9 02 c4  56 6b f8 90 73 50 98 be  |.?......Vk..sP..|
+00000200  0f ad 95 22 3e 20 97 7c  50 f9 8d 8a 43 4a 20 d1  |..."> .|P...CJ .|
+00000210  68 1c 2f bf 4e 72 a0 51  9f 22 d1 51 bf b4 b0 b1  |h./.Nr.Q.".Q....|
+00000220  fe 78 2b 0e a9 6d f1 27  82 46 a9 2d 43 73 29 0c  |.x+..m.'.F.-Cs).|
+00000230  c2 6d f8 0c c9 78 d3 ba  5d 5f 96 13 fd 2f 1f e9  |.m...x..]_.../..|
+00000240  8f 93 e6 61 7e 0e 07 49  cb 5c af 51 72 85 67 b8  |...a~..I.\.Qr.g.|
+00000250  63 e8 f9 4f 7c d7 e4 d1  25 c0 ed 26 de 1f 65 d4  |c..O|...%..&..e.|
+00000260  2a 3b 23 30 38 12 56 97  01 f1 bd 3f 96 23 72 89  |*;#08.V....?.#r.|
+00000270  2e 88 d6 6a 9f 52 a7 3e  42 72 dc c4 e0 05 81 42  |...j.R.>Br.....B|
+00000280  45 e1 c5 6f 32 82 bf 4e  38 a0 06 eb 99 2c 8b 79  |E..o2..N8....,.y|
+00000290  f9 2e a7 26 3a 78 fd 90  66 7c 0f 53 4c 4a 00 c2  |...&:x..f|.SLJ..|
+000002a0  9d 48 2c a5 37 02 e0 cd  5d 16 1c d4 ee 03 79 71  |.H,.7...].....yq|
+000002b0  c6 c2 e4 15 98 6b 40 bb  e9 b6 21 a1 e7 fc 68 b2  |.....k@...!...h.|
+000002c0  70 cb d5 e1 5b 2d f7 b7  6b d5 2c 50 19 8a 6a 50  |p...[-..k.,P..jP|
+000002d0  54 97 bc 90 2b b2 20 6a  9c 96 5d cf d0 5f 9a 6d  |T...+. j..].._.m|
+000002e0  b4 70 33 ba 83 2d f7 86  41 8b 88 20 51 ae a8 02  |.p3..-..A.. Q...|
+000002f0  af 63 ea 1c 0c b0 99 19  73 56 02 68 a9 50 b2 43  |.c......sV.h.P.C|
+00000300  6b 9c 5d c2 f3 48 dd fe  a3 7c 2b 28 a5 e5 25 ed  |k.]..H...|+(..%.|
+00000310  05 14 a3 d6 63 25 2e 44  4e f9 fd 6d 9e 16 ae e6  |....c%.DN..m....|
+00000320  17 03 03 00 99 b8 3d db  c6 ee 13 dd 97 29 32 71  |......=......)2q|
+00000330  67 28 89 90 cf c5 23 4a  9e 94 31 7c 5d 6c b3 7c  |g(....#J..1|]l.||
+00000340  46 a6 b2 98 c2 e2 b9 a6  c1 7d fd 22 5c 7b 88 67  |F........}."\{.g|
+00000350  cc c6 4a 82 83 f9 8a 09  8b 2c d5 9f 0f c3 1d 23  |..J......,.....#|
+00000360  b5 27 89 ba 5e 0f 74 96  58 da 5e 3f 63 b2 f3 44  |.'..^.t.X.^?c..D|
+00000370  31 86 d0 da 18 54 eb 34  89 fc 11 ee 8e af c1 42  |1....T.4.......B|
+00000380  bd 6b 31 c3 f1 54 96 fd  86 37 0d 20 b9 70 3b 88  |.k1..T...7. .p;.|
+00000390  20 87 c3 9f 1a 6b 90 7d  84 1d 69 42 01 bc 3d 81  | ....k.}..iB..=.|
+000003a0  c9 ea 82 a3 d1 18 bf 4c  3a dc d4 db 92 cc 5d b2  |.......L:.....].|
+000003b0  f2 dd b4 17 39 13 ef 45  cc 66 4d d1 f2 a4 17 03  |....9..E.fM.....|
+000003c0  03 00 35 3f 02 3e 15 06  ad 50 e9 14 30 be 33 d9  |..5?.>...P..0.3.|
+000003d0  18 1c 44 df 42 fa 3f aa  84 31 a7 b3 d8 3c 8e 04  |..D.B.?..1...<..|
+000003e0  b3 fc 41 66 4a f0 71 03  0d 0b b5 46 f1 34 f5 37  |..AfJ.q....F.4.7|
+000003f0  4c 1c 1a 05 75 98 58 f3                           |L...u.X.|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 39 60 84 ac d0  |..........59`...|
-00000010  b9 47 4b 47 49 af 52 88  3c 12 50 0d 65 46 f7 a1  |.GKGI.R.<.P.eF..|
-00000020  50 39 c5 39 22 b3 45 e6  d3 25 44 a6 bc 3d bc 69  |P9.9".E..%D..=.i|
-00000030  35 1d 61 cf a0 3c 53 77  94 67 66 ae 37 7f 3f 84  |5.a..<Sw.gf.7.?.|
-00000040  17 03 03 00 17 5e 1d af  5b 7c b6 2d 19 ea 18 e0  |.....^..[|.-....|
-00000050  55 47 43 e1 f2 0e 28 49  ae ef ba 86 17 03 03 00  |UGC...(I........|
-00000060  13 2c 10 48 8c cf d6 1a  a1 80 62 34 90 e4 42 50  |.,.H......b4..BP|
-00000070  44 b3 58 bb                                       |D.X.|
+00000000  14 03 03 00 01 01 17 03  03 00 35 61 48 9d d3 32  |..........5aH..2|
+00000010  7b ac 9d 5a c5 29 b2 4f  74 ef b8 8e f0 1e b9 33  |{..Z.).Ot......3|
+00000020  4f cb db 0b 3e 49 47 44  64 ce 16 6b e4 a2 7c 8a  |O...>IGDd..k..|.|
+00000030  cc e4 01 9e bd 3d a7 30  cd a1 ff 23 d2 fc 7f fc  |.....=.0...#....|
+00000040  17 03 03 00 17 6b a9 a0  55 b2 53 19 0f 58 7c 79  |.....k..U.S..X|y|
+00000050  5a 19 9a 4a 9b 1b 77 8d  78 9c 9c b6 17 03 03 00  |Z..J..w.x.......|
+00000060  13 f0 e9 91 46 e4 0a a1  0f e9 43 8e 10 d7 61 80  |....F.....C...a.|
+00000070  95 4b db 96                                       |.K..|
diff --git a/testdata/Client-TLSv13-CHACHA20-SHA256 b/testdata/Client-TLSv13-CHACHA20-SHA256
index c4c29e1b..6becede6 100644
--- a/testdata/Client-TLSv13-CHACHA20-SHA256
+++ b/testdata/Client-TLSv13-CHACHA20-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,85 +7,87 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 3d 50 78 7e 02  |....z...v..=Px~.|
-00000010  dc 79 3a 32 6b 6a 50 24  90 65 72 5e cd fc 96 18  |.y:2kjP$.er^....|
-00000020  e1 47 21 43 50 5a 32 0f  cf e7 ae 20 00 00 00 00  |.G!CPZ2.... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 37 bf a4 0d 23  |....z...v..7...#|
+00000010  be 83 2a 9d 84 f6 de 1c  53 be 13 92 f3 de 35 a9  |..*.....S.....5.|
+00000020  cc 95 6d e1 c6 05 2f 53  a6 ce 9f 20 00 00 00 00  |..m.../S... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 cd  |..+.....3.$... .|
-00000060  e6 a0 65 6b 1c 9e 5c f0  b7 f9 82 8e 37 d1 c4 35  |..ek..\.....7..5|
-00000070  31 c1 3f df 4a 70 33 ba  38 d9 3f 74 0c c2 61 14  |1.?.Jp3.8.?t..a.|
-00000080  03 03 00 01 01 17 03 03  00 17 63 c3 02 95 17 f4  |..........c.....|
-00000090  a8 76 8d 54 ad 3c 10 c7  cc e8 08 13 d6 9b 0b 0f  |.v.T.<..........|
-000000a0  db 17 03 03 02 6d 0f ec  8d 0d e5 1a 85 02 3f 92  |.....m........?.|
-000000b0  44 09 ac e6 da 2d c8 d7  14 68 00 9d 22 bf 05 1d  |D....-...h.."...|
-000000c0  cd 07 b5 8b b9 84 3f cf  cc c5 48 40 00 2e e1 c9  |......?...H@....|
-000000d0  0b 41 6d 39 cb 05 00 d6  7a 10 4a ba 96 e1 96 a9  |.Am9....z.J.....|
-000000e0  70 d8 20 76 2f d2 70 83  cb a0 d1 72 43 db 09 cd  |p. v/.p....rC...|
-000000f0  2d e5 89 11 e8 81 15 13  dd 29 2a c8 88 4a d8 73  |-........)*..J.s|
-00000100  35 3d 8e 8a 03 ca ed 32  a9 16 bb 71 88 d5 5f a1  |5=.....2...q.._.|
-00000110  1b ec ee 9e 3d 8c f4 d0  c2 5b 72 84 3c 75 aa de  |....=....[r.<u..|
-00000120  10 a7 78 5a 62 3e b9 11  da 83 94 29 d3 40 8f da  |..xZb>.....).@..|
-00000130  3c f4 32 90 c0 25 b7 f0  fc 6b 16 c1 ab 80 69 79  |<.2..%...k....iy|
-00000140  5e dd 95 5a ba e4 5a 68  64 a6 44 f5 a2 3a d6 30  |^..Z..Zhd.D..:.0|
-00000150  7e b1 27 b1 79 44 ef 79  95 51 75 02 24 2c ea ab  |~.'.yD.y.Qu.$,..|
-00000160  d5 e1 fd aa 81 55 89 cf  bc 9c 11 2b 0b 4a 99 9f  |.....U.....+.J..|
-00000170  50 93 68 a1 c8 79 3d d8  aa d8 54 e3 d5 1a 97 90  |P.h..y=...T.....|
-00000180  33 87 a9 70 1d 9d ba 78  d0 87 8a 98 6f 1b 1e b0  |3..p...x....o...|
-00000190  e8 92 78 df 21 61 88 36  fa 14 4b c9 b1 a4 93 88  |..x.!a.6..K.....|
-000001a0  b4 26 9a 13 1b 8f 6c 84  bc b1 78 a8 a1 e7 64 4b  |.&....l...x...dK|
-000001b0  d4 56 37 b6 d1 80 6d 8d  0f c2 2f 0c 0b 9e 42 8e  |.V7...m.../...B.|
-000001c0  37 e0 9b 73 e4 ab cf 24  43 86 bc d0 40 fd db 4a  |7..s...$C...@..J|
-000001d0  c1 f6 55 56 e9 54 5c c7  3c 17 36 44 7b 99 7e 03  |..UV.T\.<.6D{.~.|
-000001e0  48 f7 a9 cc 4d b9 b4 bf  09 dd 96 37 8c b5 d5 f0  |H...M......7....|
-000001f0  bd af 19 0e 82 6c 5d b6  96 ca 98 a2 56 d3 68 f2  |.....l].....V.h.|
-00000200  94 cd 7a 94 8d b3 97 16  03 3d 6a 94 5d 66 32 5d  |..z......=j.]f2]|
-00000210  11 28 d9 7b c1 8e b1 c4  ec b7 54 94 3b 80 f9 b3  |.(.{......T.;...|
-00000220  9d 2d 74 3c 02 55 a0 4a  02 b7 61 19 b0 a2 e6 44  |.-t<.U.J..a....D|
-00000230  3e c8 81 e3 a4 18 d7 4c  16 d2 fb e3 90 2c 61 71  |>......L.....,aq|
-00000240  a0 82 28 48 de 7c 7c bd  ba 27 85 e1 fd c9 df ac  |..(H.||..'......|
-00000250  b2 61 0f 80 f3 86 31 8f  c1 a3 dc b6 43 98 c9 0e  |.a....1.....C...|
-00000260  73 dd 1d cf 61 f6 25 23  44 ca 5a 4c 12 6c bb 35  |s...a.%#D.ZL.l.5|
-00000270  32 c4 32 0d cc 8c 11 b9  4a ee 88 92 d6 27 d4 a8  |2.2.....J....'..|
-00000280  25 59 1e fe ba 41 63 50  1e b1 e2 c5 75 95 7d 56  |%Y...AcP....u.}V|
-00000290  60 ed 81 d0 e7 12 05 e7  0f b4 5d 6f 27 98 76 72  |`.........]o'.vr|
-000002a0  e7 8a e1 ff 5d 6b 29 9f  75 24 a5 fd 6d 1f bc 58  |....]k).u$..m..X|
-000002b0  f8 b8 67 d1 b0 21 25 f1  09 c7 f9 41 f5 85 1b eb  |..g..!%....A....|
-000002c0  56 f6 14 83 bb 08 d5 3e  ed 22 e1 c5 9c 14 cc de  |V......>."......|
-000002d0  d3 45 e1 0e e3 cb 61 b5  ab f6 03 41 bc 71 5d 17  |.E....a....A.q].|
-000002e0  99 c6 8f 13 41 f8 78 e8  da 3d 40 1c 1a 47 a9 b2  |....A.x..=@..G..|
-000002f0  e7 22 90 2f d8 8f 6f 0d  36 02 b1 36 fa 6d 26 6f  |."./..o.6..6.m&o|
-00000300  82 e2 54 74 a0 26 3c 0c  57 bb d7 01 ff ee 6f 16  |..Tt.&<.W.....o.|
-00000310  63 92 00 17 03 03 00 99  ea 68 e4 08 10 2d 6f b6  |c........h...-o.|
-00000320  a2 f8 f5 03 35 00 63 c8  da 23 4c 96 b8 2a 5c f5  |....5.c..#L..*\.|
-00000330  9d 24 6f 5a 5b c3 aa d2  df d9 16 b6 9a 91 79 39  |.$oZ[.........y9|
-00000340  18 35 65 28 80 97 fe 76  26 79 45 80 4c 8a 7c cc  |.5e(...v&yE.L.|.|
-00000350  a2 36 1a 8a ad aa f3 06  08 1f b7 4a 9b 22 7f 37  |.6.........J.".7|
-00000360  62 3a ae 13 c0 f4 22 05  6f fc 92 5a e0 ed f1 5b  |b:....".o..Z...[|
-00000370  c6 6b 4f 18 83 a6 39 a7  5c 1c 53 32 08 76 25 03  |.kO...9.\.S2.v%.|
-00000380  20 d5 47 57 76 06 38 4e  bd b8 dd 7f 0e 37 b3 4e  | .GWv.8N.....7.N|
-00000390  f1 f3 b1 98 d4 f0 d6 00  ea 6a e9 ec a4 b0 fd 20  |.........j..... |
-000003a0  2d 67 20 c8 ef 9f a1 97  00 cd 15 c2 8e c2 ba 46  |-g ............F|
-000003b0  76 17 03 03 00 35 d0 f3  18 d0 71 4c 66 8c 40 ef  |v....5....qLf.@.|
-000003c0  57 92 f3 56 5a 42 1e 4c  e6 13 5a cc ab 26 90 6a  |W..VZB.L..Z..&.j|
-000003d0  9b ca 49 b0 81 ec 38 30  44 27 5a fa ac d6 1f 5c  |..I...80D'Z....\|
-000003e0  bc 64 4b 0b c3 69 b2 5b  ef 7f 4a                 |.dK..i.[..J|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 3d  |..+.....3.$... =|
+00000060  1c 09 5d 44 bc 3f 39 2d  9a dd c1 15 0f dc 5d 7c  |..]D.?9-......]||
+00000070  93 06 89 42 27 f0 cd 63  55 3e 74 3f 87 10 7a 14  |...B'..cU>t?..z.|
+00000080  03 03 00 01 01 17 03 03  00 17 bd 92 4d 21 8d dc  |............M!..|
+00000090  7b 19 1b f9 44 64 38 5c  61 c3 19 70 75 29 05 e8  |{...Dd8\a..pu)..|
+000000a0  ef 17 03 03 02 6d a4 a0  79 ad 41 c1 d2 6b 78 fd  |.....m..y.A..kx.|
+000000b0  4b 1f 6f 72 c4 92 94 17  dd 40 80 b6 f2 a0 85 4d  |K.or.....@.....M|
+000000c0  ba 4c 3a 34 80 67 21 2f  6d 2e fc 4e a8 2b ab 86  |.L:4.g!/m..N.+..|
+000000d0  18 6c 03 2d e6 ac 2c 3c  ce 4c 2d ff 7d fd 44 fc  |.l.-..,<.L-.}.D.|
+000000e0  4e 1d 62 c5 b1 22 60 6c  56 1e 6d bf d8 90 02 cb  |N.b.."`lV.m.....|
+000000f0  d2 6c 52 7c f3 51 11 49  62 7a f0 f3 8f 51 bf 0e  |.lR|.Q.Ibz...Q..|
+00000100  bc 07 9b 1f d9 32 26 d8  c5 01 4d 84 31 3f 4b 33  |.....2&...M.1?K3|
+00000110  d0 c7 0c 86 89 bc 88 7d  70 6d 70 38 89 5b 8c d0  |.......}pmp8.[..|
+00000120  4d c0 9d 35 20 50 52 c7  5d 9c b3 51 30 46 6a 12  |M..5 PR.]..Q0Fj.|
+00000130  54 36 34 55 9a 25 43 39  28 40 13 9a 56 fa a7 f9  |T64U.%C9(@..V...|
+00000140  1f 3c 0f da fb ce c2 ed  da 9f 6c 99 53 76 74 a8  |.<........l.Svt.|
+00000150  4b 62 8a 55 cf a1 bc 5f  10 bb 8e 77 c8 4f bd 1b  |Kb.U..._...w.O..|
+00000160  d4 72 07 00 4c 8b b6 d7  3a 1a 43 93 34 b4 0a 2d  |.r..L...:.C.4..-|
+00000170  62 62 a1 e6 96 1a 71 38  a9 06 ae 6f ca 08 6f 52  |bb....q8...o..oR|
+00000180  09 c7 c8 37 13 4c 3b be  7b 60 29 7b d4 28 3e 71  |...7.L;.{`){.(>q|
+00000190  55 29 bd ab 62 3c 90 1f  8c ed 55 5d 81 85 0b 63  |U)..b<....U]...c|
+000001a0  57 8e f9 50 eb b8 3e c6  e0 b0 fa cc 68 42 41 0c  |W..P..>.....hBA.|
+000001b0  b0 34 f7 5d 39 f4 cd fe  9c ac 42 78 60 b2 27 55  |.4.]9.....Bx`.'U|
+000001c0  c2 2e e0 aa 84 00 8f 80  11 d2 52 92 78 2d b7 f6  |..........R.x-..|
+000001d0  70 37 e8 87 0b 13 04 29  5b a2 50 fb 4d ad 5e 98  |p7.....)[.P.M.^.|
+000001e0  59 a1 f7 7a 80 30 42 c2  59 96 97 f8 47 88 25 f3  |Y..z.0B.Y...G.%.|
+000001f0  25 02 ec 9c f3 93 97 63  b1 b2 90 0a 96 66 17 68  |%......c.....f.h|
+00000200  3d f0 32 5b d2 4a 3b 97  95 30 f1 22 be f9 04 87  |=.2[.J;..0."....|
+00000210  8d 58 d6 81 62 00 85 6c  76 07 c4 7d 05 42 0e 25  |.X..b..lv..}.B.%|
+00000220  7b 0d 92 42 bb 8a 36 47  11 2f f1 59 aa 01 44 28  |{..B..6G./.Y..D(|
+00000230  96 f0 f6 22 c4 74 c7 1b  3f 9d 67 30 f5 72 f8 24  |...".t..?.g0.r.$|
+00000240  b7 5c 9f d5 cb 51 a8 e5  6c b3 f6 0b 00 86 fc bb  |.\...Q..l.......|
+00000250  ab 1f d8 89 07 e9 a6 0b  48 93 e6 6e ca a3 b4 9a  |........H..n....|
+00000260  bc 5c 9c 4e ae 64 17 9d  4d 1f b7 c9 fa 8e a3 94  |.\.N.d..M.......|
+00000270  a0 da 4e 17 1a b8 f8 1a  a7 df dd cb 29 3b bb cf  |..N.........);..|
+00000280  1a 26 a2 74 d6 b2 80 63  f4 fb 28 10 ea 27 fa 48  |.&.t...c..(..'.H|
+00000290  d8 e6 68 34 0f 5f ca 20  e9 3e 01 77 f2 e8 23 70  |..h4._. .>.w..#p|
+000002a0  29 67 60 96 81 63 2e 7f  7d d3 30 fa 4c e1 fc bd  |)g`..c..}.0.L...|
+000002b0  a2 94 e5 1a 0c f3 bc 68  19 aa 20 09 7c 37 68 ac  |.......h.. .|7h.|
+000002c0  d2 3e 08 1c e5 fb e6 ef  b4 1b 8b 58 9c 32 ef 66  |.>.........X.2.f|
+000002d0  a0 a3 32 4f ce 37 5b 2f  99 d0 65 1a 26 2c 69 ca  |..2O.7[/..e.&,i.|
+000002e0  53 2a a2 cb 95 b6 a4 aa  bf 51 53 ab 56 73 22 ad  |S*.......QS.Vs".|
+000002f0  b0 26 18 dd 9c 34 f4 01  bc 10 7c fb b0 b4 97 55  |.&...4....|....U|
+00000300  93 fb 94 b1 16 2f 31 50  a5 fa d4 1d 7c b1 a3 3a  |...../1P....|..:|
+00000310  28 c1 ab 17 03 03 00 99  37 2c 7e fb bc 61 42 37  |(.......7,~..aB7|
+00000320  b4 d1 ab 9c e2 45 25 1f  dd 2a d3 f2 90 a1 25 01  |.....E%..*....%.|
+00000330  26 44 18 6b f3 ba c5 a1  e2 d2 71 c8 00 81 97 2d  |&D.k......q....-|
+00000340  08 a7 f3 4e 9e 8c b4 d2  a4 22 77 89 65 23 82 56  |...N....."w.e#.V|
+00000350  f6 21 f3 5f 06 0c 50 9b  5b 09 b5 b9 a4 d8 d5 dd  |.!._..P.[.......|
+00000360  e6 2b 98 8b 7d c7 0e 5c  00 1d 2b ab 52 d0 1a 57  |.+..}..\..+.R..W|
+00000370  9f d2 ee 5c c8 5c 9e da  df 36 f5 29 2c 31 ec 93  |...\.\...6.),1..|
+00000380  36 61 2c a6 a2 09 04 f5  58 ed ac e8 cc b9 20 11  |6a,.....X..... .|
+00000390  94 73 f7 98 0b 88 46 7d  37 f2 2d 67 57 e5 66 cb  |.s....F}7.-gW.f.|
+000003a0  69 03 3b 1d ec 98 e8 98  d0 48 d1 15 34 22 f1 d5  |i.;......H..4"..|
+000003b0  2e 17 03 03 00 35 50 7a  9f 59 68 a8 06 55 35 93  |.....5Pz.Yh..U5.|
+000003c0  ae 92 9d e6 1a 9b 33 c6  bb ee 1a 4a 87 29 89 e6  |......3....J.)..|
+000003d0  69 0c b7 c9 b5 1d 73 9d  70 4c 4e 35 e2 a6 b3 9e  |i.....s.pLN5....|
+000003e0  0e 51 06 42 dd bf b0 6b  32 b3 8b                 |.Q.B...k2..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 ef 3b a2 4d 0f  |..........5.;.M.|
-00000010  69 53 f2 a3 80 a0 06 a9  99 a9 15 1e bc 8b 4a 08  |iS............J.|
-00000020  de 87 e7 b6 10 d6 b3 fc  89 f8 24 f9 2d 04 a1 fd  |..........$.-...|
-00000030  c2 ce eb 14 e9 df bf ab  80 8e f1 00 53 60 88 82  |............S`..|
-00000040  17 03 03 00 17 22 aa a9  e0 1f f8 55 03 22 9b 0f  |.....".....U."..|
-00000050  b2 6d 73 be 10 5d 6c c6  d8 0e 5e 0d 17 03 03 00  |.ms..]l...^.....|
-00000060  13 45 f2 81 7f ea ae 0d  77 bb d4 05 1e 55 af a8  |.E......w....U..|
-00000070  3e 0d 10 0f                                       |>...|
+00000000  14 03 03 00 01 01 17 03  03 00 35 6a 64 a5 70 df  |..........5jd.p.|
+00000010  c8 89 29 86 27 8e 2f 03  f0 a3 26 0b f4 d2 99 73  |..).'./...&....s|
+00000020  0d 52 8b 49 ac 3a 61 0c  30 0f 89 8b 29 91 8c 30  |.R.I.:a.0...)..0|
+00000030  1d 82 4d c2 92 9f 47 33  9a 59 b9 a0 da 8b a9 0e  |..M...G3.Y......|
+00000040  17 03 03 00 17 e2 b8 0e  b0 8d eb a1 b2 1f 07 70  |...............p|
+00000050  fc 0e 0f 06 c7 fa b3 cc  9e 95 d8 bc 17 03 03 00  |................|
+00000060  13 04 92 08 57 71 45 d0  65 d9 c9 27 05 49 e1 7e  |....WqE.e..'.I.~|
+00000070  12 c9 77 07                                       |..w.|
diff --git a/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
index db13bd63..9aa65c67 100644
--- a/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
+++ b/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,134 +7,136 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 37 0c 23 2f 26  |....z...v..7.#/&|
-00000010  2a b0 8d 47 84 3b 9b 9c  7e 0f 0a cd 77 39 6c c2  |*..G.;..~...w9l.|
-00000020  7b c0 56 a8 9d 07 a0 ec  b6 e5 79 20 00 00 00 00  |{.V.......y ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 71 fd 9f ba 42  |....z...v..q...B|
+00000010  4c 98 22 8e 16 d3 63 6c  a6 34 c2 41 37 f9 98 ad  |L."...cl.4.A7...|
+00000020  7a a6 c5 61 12 df 37 32  a2 95 a3 20 00 00 00 00  |z..a..72... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 5e  |..+.....3.$... ^|
-00000060  9a da 1d cb 90 03 f2 d2  23 e3 54 fc 3d 9b 8c 92  |........#.T.=...|
-00000070  42 df cf 7a 3d 47 3f 66  a4 a6 7a 07 44 76 5c 14  |B..z=G?f..z.Dv\.|
-00000080  03 03 00 01 01 17 03 03  00 17 53 54 e6 de 6a af  |..........ST..j.|
-00000090  c2 d9 b8 39 b6 ae 3e 9f  54 60 e1 fa 29 5a fb 16  |...9..>.T`..)Z..|
-000000a0  20 17 03 03 00 42 f4 a5  7f e3 e7 ba 6a 88 e1 f2  | ....B......j...|
-000000b0  fd 25 3e ba 05 00 29 77  ff 69 6e e0 ac 50 99 50  |.%>...)w.in..P.P|
-000000c0  ac 1e bd 8c 52 e6 28 5d  67 bb bb 20 61 69 5b 97  |....R.(]g.. ai[.|
-000000d0  7f 29 79 97 bf 13 24 25  ad 3b 01 78 c4 a4 4e 9a  |.)y...$%.;.x..N.|
-000000e0  06 d6 20 da 63 27 97 8d  17 03 03 02 6d 79 7e 9e  |.. .c'......my~.|
-000000f0  01 98 a9 7c ba 63 43 2b  21 b1 bc 2c b2 17 c2 35  |...|.cC+!..,...5|
-00000100  76 f2 30 01 69 45 d4 56  e0 5a 2c 62 aa 6f a8 1f  |v.0.iE.V.Z,b.o..|
-00000110  b8 31 df be 6f 3f 60 16  dc 61 5c 9f 99 a9 63 7d  |.1..o?`..a\...c}|
-00000120  7e 2b d2 ae 02 46 12 db  be 51 9e 15 dd 1c 96 b0  |~+...F...Q......|
-00000130  74 69 20 c0 e1 78 46 01  a6 23 72 28 ba c7 a3 48  |ti ..xF..#r(...H|
-00000140  1e dc 0b 57 c9 b4 39 88  3d 39 c7 6c 38 c7 3a 29  |...W..9.=9.l8.:)|
-00000150  a4 45 79 10 04 61 cd db  df 5b 88 c1 35 4b 38 ea  |.Ey..a...[..5K8.|
-00000160  6d 72 57 9f e0 2e 37 61  3d c8 aa b2 25 a6 11 5c  |mrW...7a=...%..\|
-00000170  09 e2 3a 17 d3 c5 37 2f  a7 b4 73 fe e2 61 df 1d  |..:...7/..s..a..|
-00000180  cd 4f 72 4a 67 c3 c7 e2  53 78 61 78 2c 37 44 12  |.OrJg...Sxax,7D.|
-00000190  4d 0e 8c 14 0b de 3b a4  cf ad 8f d4 74 61 77 4b  |M.....;.....tawK|
-000001a0  36 2d f2 8f 68 95 38 9d  e2 9f cf cc 03 15 89 b9  |6-..h.8.........|
-000001b0  96 c4 47 e5 2f 65 0a 5c  5d 8f 5c 64 9d c8 76 d2  |..G./e.\].\d..v.|
-000001c0  5d a7 90 4d f5 84 2d 31  2d 6c bd ee 0d 45 2b 50  |]..M..-1-l...E+P|
-000001d0  79 f7 8c 34 40 f9 bc f4  38 b3 56 a9 6b ca 54 50  |y..4@...8.V.k.TP|
-000001e0  19 f8 9a 73 74 9b 0a 92  ee 22 53 05 01 38 43 3a  |...st...."S..8C:|
-000001f0  49 fe 2d e9 39 c1 76 b0  04 df 8a 3d cc fc 9b 84  |I.-.9.v....=....|
-00000200  cd 22 ba 40 24 69 93 b9  c5 b3 ed fd ad 94 1b 83  |.".@$i..........|
-00000210  b5 07 a9 e7 94 14 4b c1  59 89 78 56 03 28 29 c3  |......K.Y.xV.().|
-00000220  a8 a4 96 14 5a 51 9a 50  f9 34 3c 5a 76 8f 74 68  |....ZQ.P.4<Zv.th|
-00000230  63 cc 5c 0c de e2 30 b8  c0 46 13 78 c5 92 97 7f  |c.\...0..F.x....|
-00000240  23 74 0b 54 4e ea 6e 5d  bd 8e b8 89 12 2c 01 b0  |#t.TN.n].....,..|
-00000250  ed 03 4d 67 1e 96 22 03  77 78 d1 4f c0 b7 4a 71  |..Mg..".wx.O..Jq|
-00000260  6b 11 a3 c4 18 7a da c4  b5 7b 78 74 21 f5 44 49  |k....z...{xt!.DI|
-00000270  70 0e 78 34 fb 66 ed a1  86 52 3c 93 de 17 a1 4d  |p.x4.f...R<....M|
-00000280  4a f3 f6 9e ff f8 e1 18  b9 80 12 9a 34 7a 58 bb  |J...........4zX.|
-00000290  7a aa 95 d0 c7 a7 88 d2  d3 86 bf 7a c9 e3 fc 83  |z..........z....|
-000002a0  c6 b9 db ee ad eb b8 fd  4b 82 4f 34 9d eb 45 eb  |........K.O4..E.|
-000002b0  33 19 aa a5 b6 82 47 b3  5b f4 e7 be f0 49 bd 76  |3.....G.[....I.v|
-000002c0  41 82 8d 09 86 82 cb 45  12 f8 aa 9a 99 43 da 31  |A......E.....C.1|
-000002d0  4f cb 9e c4 f6 a0 40 85  2b 9d 55 6e 15 66 b5 f8  |O.....@.+.Un.f..|
-000002e0  0b 3e 0e aa 4b aa 2e 6b  2a 44 3f ea 23 d5 ab 55  |.>..K..k*D?.#..U|
-000002f0  a0 11 51 04 0b 82 02 d9  24 85 13 2e d1 29 44 9a  |..Q.....$....)D.|
-00000300  15 7f a4 1b c4 f5 36 44  88 9a 6e 5a 1e 2f 14 fa  |......6D..nZ./..|
-00000310  d0 e7 fc 6a fa e5 f3 4a  55 20 73 9b e4 73 2e 47  |...j...JU s..s.G|
-00000320  88 25 b7 69 d9 28 fe 50  8c fc f2 94 29 84 c4 7f  |.%.i.(.P....)...|
-00000330  d6 b2 eb 28 fa 51 8e ff  00 09 35 d3 b2 32 3a c6  |...(.Q....5..2:.|
-00000340  bb 91 a7 c4 b7 88 df 4b  f7 09 ef e7 e1 92 60 cd  |.......K......`.|
-00000350  de 34 4f 39 ee b8 ce 50  6a b9 17 03 03 00 99 64  |.4O9...Pj......d|
-00000360  76 ab 48 eb 68 7d a6 68  60 aa c2 93 bd 31 81 c8  |v.H.h}.h`....1..|
-00000370  b6 15 ba d1 54 94 04 1b  4b 29 86 e1 12 84 ad d5  |....T...K)......|
-00000380  ba eb 4a 7a 7a a8 56 41  04 8c 84 c7 83 46 8c 50  |..Jzz.VA.....F.P|
-00000390  c4 e3 02 d0 28 a4 fe 24  c4 b8 96 13 4f 87 27 ec  |....(..$....O.'.|
-000003a0  6b e3 84 4b 97 13 65 fa  1e 5e 9d ac 85 ea a0 3d  |k..K..e..^.....=|
-000003b0  67 96 e5 ec 88 84 6b 79  d9 16 55 c1 1c 72 17 aa  |g.....ky..U..r..|
-000003c0  9b 49 13 86 d4 39 0d 2a  c8 88 b3 5f f5 11 cb 5f  |.I...9.*..._..._|
-000003d0  bd 22 57 2c bc c1 01 72  b9 c3 f5 d9 a2 3b 8e ff  |."W,...r.....;..|
-000003e0  44 b2 82 b6 5b 35 75 b5  7a 50 40 81 4e a7 2d 40  |D...[5u.zP@.N.-@|
-000003f0  21 28 d9 c4 d9 e5 07 e1  17 03 03 00 35 23 ab b2  |!(..........5#..|
-00000400  60 56 47 6a fe cb 0e 54  22 d5 8f 29 0a 34 e6 82  |`VGj...T"..).4..|
-00000410  5b 10 35 ac 93 97 92 6b  39 5d b8 01 54 9c 86 b0  |[.5....k9]..T...|
-00000420  41 70 52 88 92 cf dd b7  f8 5d d1 18 e1 1f 78 53  |ApR......]....xS|
-00000430  e4 43                                             |.C|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 50  |..+.....3.$... P|
+00000060  f1 4d 28 5f 81 28 a7 d7  cb 82 20 48 91 0b 86 94  |.M(_.(.... H....|
+00000070  ae d8 b0 1c d0 84 55 5a  93 4c ee 65 9d 19 68 14  |......UZ.L.e..h.|
+00000080  03 03 00 01 01 17 03 03  00 17 7d af 66 34 6e f8  |..........}.f4n.|
+00000090  38 18 0a 6a 24 91 d8 6c  4d 7f e6 4c fc 40 8a a7  |8..j$..lM..L.@..|
+000000a0  bc 17 03 03 00 42 77 e7  1c fd d3 a9 f5 86 8e 92  |.....Bw.........|
+000000b0  f0 28 92 e5 e7 aa 8c 13  00 cb 07 0c b4 3d 13 7c  |.(...........=.||
+000000c0  2d 58 a0 94 0c 8f 4b 45  8d aa 97 7a 30 0e 78 d7  |-X....KE...z0.x.|
+000000d0  22 89 e0 8b 53 31 1b 9b  2d 7f f7 ff e0 b3 13 d5  |"...S1..-.......|
+000000e0  49 12 9e 50 31 38 eb d5  17 03 03 02 6d 65 2e 6f  |I..P18......me.o|
+000000f0  91 62 81 e9 8c fc 11 34  c1 59 58 44 3d 4f 74 6d  |.b.....4.YXD=Otm|
+00000100  ae 5a 47 29 56 6d 43 08  43 aa 69 d8 20 6c 02 99  |.ZG)VmC.C.i. l..|
+00000110  68 eb fa 47 c6 b0 7d 5b  70 2a a1 f9 f6 4f 70 02  |h..G..}[p*...Op.|
+00000120  88 f5 d1 b6 74 6e e2 54  7f fe 04 ce b2 03 9e e4  |....tn.T........|
+00000130  6e 3e 5d cf 27 49 de 90  7f 0a 2e 51 87 97 38 0e  |n>].'I.....Q..8.|
+00000140  cc f9 31 56 c5 bd b2 17  4c a4 a3 95 d7 c4 47 43  |..1V....L.....GC|
+00000150  58 cb 60 4f 73 65 71 e3  83 3d 60 04 d4 4d 6b a4  |X.`Oseq..=`..Mk.|
+00000160  96 c1 51 ec c5 48 29 13  ae 6d 7c 4c 0c 47 40 26  |..Q..H)..m|L.G@&|
+00000170  50 13 71 a9 55 3e bc 7b  ce a6 a5 8a 23 3e 41 d5  |P.q.U>.{....#>A.|
+00000180  2c 22 3e 3e 65 3e 53 0b  13 fb b9 36 25 77 bd 89  |,">>e>S....6%w..|
+00000190  f1 4e c2 99 5c 0a 14 c4  f8 9b da 01 a9 61 f5 a9  |.N..\........a..|
+000001a0  f5 a7 04 17 cc e5 a9 8b  b7 e8 ce 13 6c 87 75 99  |............l.u.|
+000001b0  cb 05 a5 2d c6 8d 03 73  b0 1c ba e3 64 66 d7 a9  |...-...s....df..|
+000001c0  b9 3c 16 41 ce ca 7a 9d  67 84 81 78 57 22 24 6e  |.<.A..z.g..xW"$n|
+000001d0  80 55 10 87 e4 6a b7 3e  62 23 84 ea a6 9b ee 1d  |.U...j.>b#......|
+000001e0  d0 32 96 74 7a b0 ed 05  a9 ca 53 8c 8c 66 bf ee  |.2.tz.....S..f..|
+000001f0  2d b4 5f 78 4a 7e 88 6a  bf e4 44 fc fb 71 df 9c  |-._xJ~.j..D..q..|
+00000200  34 a6 f0 4c 5b b9 0f a2  72 b4 28 0a 67 a2 99 be  |4..L[...r.(.g...|
+00000210  97 da 1d 64 24 c3 99 e6  cb 43 9a eb 28 6e 54 e9  |...d$....C..(nT.|
+00000220  34 5a 3c a1 1c 2f 07 27  a1 bf 1b fb a5 2f 61 8d  |4Z<../.'...../a.|
+00000230  26 ab f4 9f 7e ec 22 dc  4f 34 3d c9 6f 5d 6a 18  |&...~.".O4=.o]j.|
+00000240  30 09 bc f0 06 6d 3e bc  f7 96 9f 90 4b d8 e3 ac  |0....m>.....K...|
+00000250  96 3c f4 e2 3e 26 4a 43  07 1f 7e 79 08 f8 12 14  |.<..>&JC..~y....|
+00000260  82 1d 27 a5 16 d6 88 c2  31 26 8d 60 40 04 30 7b  |..'.....1&.`@.0{|
+00000270  49 7b 6d 11 d4 80 c5 09  9f 6a 85 f4 d3 41 ce c4  |I{m......j...A..|
+00000280  f6 bc 49 38 05 19 86 55  fa 9a 73 d7 5d 61 97 42  |..I8...U..s.]a.B|
+00000290  39 f2 6e 26 c7 11 ca b8  bf 85 2d 25 c2 83 30 6d  |9.n&......-%..0m|
+000002a0  17 07 af da 39 e9 c5 e4  88 f6 5f 58 e7 00 72 38  |....9....._X..r8|
+000002b0  e1 ac f4 75 eb 7f e2 00  d7 d9 e8 aa 77 8b 63 5e  |...u........w.c^|
+000002c0  85 4c c5 2a dd 8d 89 f4  ea ff 14 9d bb d7 b1 9a  |.L.*............|
+000002d0  7b d0 38 e9 9d 26 a9 79  f4 de 10 63 1f 09 67 bc  |{.8..&.y...c..g.|
+000002e0  51 ca 12 51 05 93 29 fe  5f 17 79 7f 84 e2 87 39  |Q..Q..)._.y....9|
+000002f0  d4 80 ac 76 fe c4 ab bb  63 06 64 b0 ba 5f 2f 8b  |...v....c.d.._/.|
+00000300  d9 b5 39 b5 80 69 0d 97  c6 f4 ce e1 2c cf 29 1c  |..9..i......,.).|
+00000310  e7 f4 b7 02 f5 da b4 63  26 d9 a9 4a 4e 34 66 56  |.......c&..JN4fV|
+00000320  c2 89 6a 12 95 16 9c 8b  b3 95 fb 8d 1f 4b 67 53  |..j..........KgS|
+00000330  5e 1f 68 70 ed 9b aa 89  78 16 88 d2 39 31 d9 59  |^.hp....x...91.Y|
+00000340  b5 bd 01 64 59 61 11 22  ab 73 f8 00 c3 7a 8c 45  |...dYa.".s...z.E|
+00000350  54 32 4f 5c 24 6a 0b 87  6c dc 17 03 03 00 99 4b  |T2O\$j..l......K|
+00000360  2d c9 21 11 87 71 41 cf  67 23 4e cd c8 7f e4 73  |-.!..qA.g#N....s|
+00000370  97 46 dd ff 0e 13 b4 4a  0e 81 4d fe 6c 0a 1d a0  |.F.....J..M.l...|
+00000380  b4 57 e5 4d e0 8d 82 e5  33 71 26 4a ef 72 8d 1f  |.W.M....3q&J.r..|
+00000390  a2 7b 43 e7 6c 99 19 24  18 7f 53 4a 16 c1 51 0c  |.{C.l..$..SJ..Q.|
+000003a0  3c 7d 3d c6 64 14 74 65  51 0b 04 09 dc c5 c0 ef  |<}=.d.teQ.......|
+000003b0  a1 a9 b3 d3 1d 16 2d 9a  5d 40 ec 13 9a 16 7c 9b  |......-.]@....|.|
+000003c0  6c 18 ba ec e3 e6 25 99  c3 1a 16 44 05 a3 85 ac  |l.....%....D....|
+000003d0  6a 49 e0 30 af 1c d1 5d  f5 6e e6 4b dc f3 71 49  |jI.0...].n.K..qI|
+000003e0  b0 5e 1d 7a e2 8b ba 13  7d a2 4a 12 cb 69 5a fe  |.^.z....}.J..iZ.|
+000003f0  7d cf e5 cf 0a d0 6e 26  17 03 03 00 35 cd 5a 61  |}.....n&....5.Za|
+00000400  28 1f 69 d8 c0 48 8a 10  4e 46 3a 51 06 87 28 8d  |(.i..H..NF:Q..(.|
+00000410  9d 68 60 bc e1 6e a4 a2  21 81 2a 17 57 b9 6a 7a  |.h`..n..!.*.W.jz|
+00000420  47 ae fb e0 a8 fc 7a 72  0f 9f 52 46 18 a8 b1 01  |G.....zr..RF....|
+00000430  0d 9b                                             |..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 1e 19 c5 11 9d 64  |...............d|
-00000010  8f f5 a9 21 53 fa cc 91  67 30 39 c0 77 d6 35 7b  |...!S...g09.w.5{|
-00000020  b8 a3 ae 44 8a 9a b1 68  5a 20 72 a6 ae 3a 1b 9f  |...D...hZ r..:..|
-00000030  03 eb d9 ed 91 20 49 ba  88 39 99 1c 4e 3a 2b 1b  |..... I..9..N:+.|
-00000040  42 b7 a3 97 a3 a3 6c 7e  3b 4c c1 74 dc 71 e6 14  |B.....l~;L.t.q..|
-00000050  6c 5a 36 12 cb 87 a6 75  ce b3 e3 a8 f2 c8 36 12  |lZ6....u......6.|
-00000060  3d c8 b8 2a 36 e4 40 38  3e 20 1d de 2a 31 b1 04  |=..*6.@8> ..*1..|
-00000070  86 cb 9b c1 f3 fc 01 67  7e 40 0b b8 c4 fa 8f a0  |.......g~@......|
-00000080  a7 5b 24 43 a9 d3 eb 55  99 ec 0b 19 cb ec 19 97  |.[$C...U........|
-00000090  c8 0f c0 5e 8c b2 b1 93  80 70 7c 0b aa 7c 6c 44  |...^.....p|..|lD|
-000000a0  1a 11 dc bd 0d 97 18 f3  ca c6 50 68 ca 77 ab 18  |..........Ph.w..|
-000000b0  79 a9 8b 73 13 48 90 c3  4a cd ae f2 60 ea 0c 20  |y..s.H..J...`.. |
-000000c0  eb ad 84 fb 2f 01 7e 2c  f6 7d ea da 22 59 5f 88  |..../.~,.}.."Y_.|
-000000d0  ff 10 19 81 d5 29 1b 0f  36 7b 84 66 eb bf e3 f9  |.....)..6{.f....|
-000000e0  1c 68 fa 03 93 3e ba c6  58 e2 a9 57 94 8c a8 29  |.h...>..X..W...)|
-000000f0  e2 f9 4b 6d 85 01 e8 f2  11 a2 04 38 73 8e 69 49  |..Km.......8s.iI|
-00000100  4b 7f ca be aa 5f 50 ac  82 16 e6 92 78 87 13 f4  |K...._P.....x...|
-00000110  fc 21 e8 2d 89 d0 f7 fb  73 0b f3 b7 6a 67 24 e8  |.!.-....s...jg$.|
-00000120  d9 33 59 49 d6 88 24 a2  66 f5 c8 4d fe 88 93 77  |.3YI..$.f..M...w|
-00000130  f9 3f ee ae 0b 6a 23 7a  8f b7 66 d4 68 7d 38 51  |.?...j#z..f.h}8Q|
-00000140  85 0a a0 f5 03 f6 e8 2f  cd 0b ac 58 64 82 38 20  |......./...Xd.8 |
-00000150  f2 72 0a 85 83 55 cb db  62 59 f4 40 08 28 f9 8a  |.r...U..bY.@.(..|
-00000160  47 a2 ea a1 1b e1 4c 0a  a4 74 cb a2 11 6f e5 68  |G.....L..t...o.h|
-00000170  e4 ff 38 b0 a5 fc 21 9e  eb de 43 b6 e7 27 cf 9a  |..8...!...C..'..|
-00000180  80 23 59 a2 e9 a8 12 ae  47 09 5c 48 c2 cb c8 e0  |.#Y.....G.\H....|
-00000190  a6 fa 81 c5 49 a4 77 4b  d3 83 0a ce 6e a5 2b 88  |....I.wK....n.+.|
-000001a0  f2 f5 12 2f 0e 7e 10 20  5b c7 31 39 54 ed 19 33  |.../.~. [.19T..3|
-000001b0  5c 94 b5 56 16 fa 0c b0  ec 28 76 fa 38 ca 08 c6  |\..V.....(v.8...|
-000001c0  13 c3 1f 8a 20 35 73 4b  bb bf d8 96 65 de cd f3  |.... 5sK....e...|
-000001d0  44 d4 5b 3d 54 aa ac 53  a9 cc 31 99 86 22 5a f9  |D.[=T..S..1.."Z.|
-000001e0  9e bd f1 f3 74 07 e4 fe  f7 3a 35 44 e5 c6 48 3f  |....t....:5D..H?|
-000001f0  a3 81 1e 67 96 51 0f e6  7d 43 67 9c 12 6c dd 91  |...g.Q..}Cg..l..|
-00000200  c4 f9 20 4d 88 41 fc 40  c5 ee c2 11 fb f1 67 da  |.. M.A.@......g.|
-00000210  7b b6 d0 1b f8 6e f7 8b  07 f2 9e 12 56 dc 75 31  |{....n......V.u1|
-00000220  cd b9 53 62 3f 2f 72 cf  ee 17 03 03 00 a4 f9 ec  |..Sb?/r.........|
-00000230  72 94 94 1c 52 ab 9e 6d  04 5a 26 07 15 3a f5 dd  |r...R..m.Z&..:..|
-00000240  f3 45 18 20 de 2e 97 f7  6a a4 7c 92 68 aa 71 55  |.E. ....j.|.h.qU|
-00000250  b7 7a 3c 8f 54 e7 cc 31  e1 54 9c ad 8e b4 57 11  |.z<.T..1.T....W.|
-00000260  1d 79 85 4a da 3f 1b ab  fb f4 d4 d9 4d 8a 2e da  |.y.J.?......M...|
-00000270  68 3e f9 aa 16 52 cc 4e  49 7a 00 bf fc e8 b5 16  |h>...R.NIz......|
-00000280  43 0c 6d aa 82 49 3c 16  43 56 55 35 ee 47 c3 1c  |C.m..I<.CVU5.G..|
-00000290  99 25 6d 30 89 64 5e 23  bf de fc cc 7c 40 94 28  |.%m0.d^#....|@.(|
-000002a0  d8 ed ec c2 e2 8b 24 64  64 b6 e8 6c 29 82 b5 ba  |......$dd..l)...|
-000002b0  d5 59 7a 6f 11 6e cc 30  91 c8 c0 8b 9f dd 13 59  |.Yzo.n.0.......Y|
-000002c0  a9 72 18 f6 6e ce 3a 47  6b 4f 26 55 61 bf 20 7a  |.r..n.:GkO&Ua. z|
-000002d0  d8 c3 17 03 03 00 35 d7  fc bc 10 29 75 c3 70 0a  |......5....)u.p.|
-000002e0  02 e4 cf 36 20 49 5d 64  78 e9 27 db 2d e3 1a 66  |...6 I]dx.'.-..f|
-000002f0  f3 a8 82 7e 64 f0 29 27  81 6c bd b7 a7 86 a2 6a  |...~d.)'.l.....j|
-00000300  ac 4e 7b da 48 7c d8 9c  39 6c 95 45 17 03 03 00  |.N{.H|..9l.E....|
-00000310  17 c9 13 54 e9 22 62 7e  89 17 de 98 52 93 26 76  |...T."b~....R.&v|
-00000320  73 a0 7d 2c 60 68 c8 68  17 03 03 00 13 ad 3a 53  |s.},`h.h......:S|
-00000330  d1 41 0e 99 26 c8 fb 22  8f e6 d3 a4 1d 83 ff 28  |.A..&..".......(|
+00000000  14 03 03 00 01 01 17 03  03 02 1e ab 60 cd 30 a1  |............`.0.|
+00000010  d1 e0 a1 d4 77 15 50 bf  aa c7 bf 1a c0 e1 cd dd  |....w.P.........|
+00000020  6a 64 0b 5e f0 83 24 77  1d 7a ff 97 5b ab 5b 15  |jd.^..$w.z..[.[.|
+00000030  eb 9e af 09 c9 38 e1 8a  7d c1 c9 04 40 b9 ca 6e  |.....8..}...@..n|
+00000040  01 8d cb 1e 66 52 a4 c2  20 44 68 bf d0 0d ec c0  |....fR.. Dh.....|
+00000050  0b d2 9e ae 60 e4 5e 19  cf 92 96 22 88 b1 35 e3  |....`.^...."..5.|
+00000060  c9 89 c8 67 6d 14 83 e1  ad 76 ca e6 9a d0 34 e0  |...gm....v....4.|
+00000070  de 9d 46 44 85 97 b0 cc  4e ef 72 d9 85 47 13 fb  |..FD....N.r..G..|
+00000080  86 9f 3c 26 20 fa fd 15  f7 83 1f c2 1f 51 3f 4a  |..<& ........Q?J|
+00000090  b4 3c 3b 09 2b 16 22 d1  30 f2 16 ae b9 28 f7 8e  |.<;.+.".0....(..|
+000000a0  a2 84 15 c8 42 58 a5 6d  8a 86 a9 7f 23 18 ed ee  |....BX.m....#...|
+000000b0  18 d7 2d 47 4f b8 f2 44  60 cb 2f 1d 1a ad 7b e7  |..-GO..D`./...{.|
+000000c0  15 d3 d8 55 9e fb 0b 0e  b8 e3 1f 4e a4 8c 14 ec  |...U.......N....|
+000000d0  4b 3a c4 d1 66 16 9d 7a  72 20 8a fb 41 33 bc 04  |K:..f..zr ..A3..|
+000000e0  4e b7 e4 65 2e 21 d2 3b  5f 07 00 cd 38 b3 9d 78  |N..e.!.;_...8..x|
+000000f0  eb 36 00 db d1 e0 8a 3f  50 84 3f d9 4b 2d 85 41  |.6.....?P.?.K-.A|
+00000100  bc cc ec 9b 15 2c f9 95  02 18 41 08 13 f3 d5 ec  |.....,....A.....|
+00000110  e7 32 8c ca 7e 0a e6 81  ed db 8a 49 46 ac a9 42  |.2..~......IF..B|
+00000120  27 13 85 f1 16 9b 15 bd  ec eb 1c 25 24 9a 7f 0e  |'..........%$...|
+00000130  a4 67 e1 32 3f cf 8b 61  49 9b 43 a4 57 79 48 14  |.g.2?..aI.C.WyH.|
+00000140  90 00 b1 2d 6f 82 9f ef  f3 a0 c6 e8 9f fd d4 08  |...-o...........|
+00000150  1f 16 5e 7f be 73 7e a6  5b d2 02 12 c9 76 c3 f3  |..^..s~.[....v..|
+00000160  13 4c 44 7f e9 8e 5b ce  d8 56 d6 2f 76 ff 5a 8e  |.LD...[..V./v.Z.|
+00000170  6d cb 5b 8e c6 62 29 4e  c6 34 a9 74 44 84 b7 28  |m.[..b)N.4.tD..(|
+00000180  96 cd fa 6d 2e ac 75 3e  86 73 c3 a9 50 ef e9 e4  |...m..u>.s..P...|
+00000190  70 a5 ba bc 1f 9c c3 05  17 30 2c 1b ba c0 15 bf  |p........0,.....|
+000001a0  f4 47 45 b1 42 d9 6c 6d  57 b0 7a 94 61 ee 78 0e  |.GE.B.lmW.z.a.x.|
+000001b0  32 4f 01 da df d8 29 51  91 1c 3f f6 40 a7 15 76  |2O....)Q..?.@..v|
+000001c0  99 d7 e0 45 af 04 5a 69  f0 65 bf 40 e9 5c 4b e5  |...E..Zi.e.@.\K.|
+000001d0  eb e6 2e 79 f7 c8 4a e4  0b 71 e3 d5 dd 7e 25 d4  |...y..J..q...~%.|
+000001e0  d9 7f 1b 9b 8b 3f b6 9c  35 59 2e 40 34 e3 c8 2a  |.....?..5Y.@4..*|
+000001f0  3c 74 0b d6 35 d3 12 e8  93 7e 44 61 b4 3d da 19  |<t..5....~Da.=..|
+00000200  60 34 e0 19 97 9f 75 a9  be ff 0e ca 14 32 7e 20  |`4....u......2~ |
+00000210  48 fa e3 43 1b 94 86 6c  e4 c2 7d 91 1c 21 42 88  |H..C...l..}..!B.|
+00000220  16 0b 26 f6 16 dc 09 d4  8e 17 03 03 00 a4 b9 22  |..&............"|
+00000230  dc d6 d7 9f a8 83 b2 a6  bd 8a 5a da 0a 75 d6 10  |..........Z..u..|
+00000240  e5 0e ff a5 ec f2 31 8a  4e ff e6 21 3a a0 65 32  |......1.N..!:.e2|
+00000250  73 e5 e2 c3 f8 24 a4 b2  34 b9 d4 e2 04 ea ff e5  |s....$..4.......|
+00000260  2e dc 75 03 9f e6 55 6b  95 06 1b f9 fb 32 ea b2  |..u...Uk.....2..|
+00000270  d6 f9 05 9c df 1f 18 cb  27 ca 40 d8 03 e5 70 fc  |........'.@...p.|
+00000280  78 9b 84 a5 28 6a 14 2e  f3 1a f1 92 8d d8 93 54  |x...(j.........T|
+00000290  68 c7 12 37 84 e5 b5 73  23 90 6f 4c d3 35 bb ba  |h..7...s#.oL.5..|
+000002a0  bd 7d 11 8e 93 25 85 f8  46 56 39 d0 23 b9 06 68  |.}...%..FV9.#..h|
+000002b0  25 86 09 28 3c 24 25 2b  fd 27 17 83 eb 5c 53 42  |%..(<$%+.'...\SB|
+000002c0  a2 0d f8 a5 5e c9 4f 53  83 e3 90 d8 0c 49 03 cf  |....^.OS.....I..|
+000002d0  b1 03 17 03 03 00 35 dc  ac dc ee c6 92 3d 1b 5d  |......5......=.]|
+000002e0  e9 c2 5c e0 0d 1b 28 9b  cb 79 7f 58 8a 02 cd 85  |..\...(..y.X....|
+000002f0  34 c0 a3 72 71 b5 26 c5  56 c5 38 09 ee 0e 9a e4  |4..rq.&.V.8.....|
+00000300  f4 29 ad 76 e2 61 27 61  ea e0 a7 1d 17 03 03 00  |.).v.a'a........|
+00000310  17 7b 6b 82 47 b6 bb 41  d0 5b b4 23 38 bf 15 58  |.{k.G..A.[.#8..X|
+00000320  27 1e fa 7a 58 09 02 e8  17 03 03 00 13 cf d5 c3  |'..zX...........|
+00000330  22 18 f9 28 3e c9 64 d0  51 8d dc 4b a2 f1 bf 9f  |"..(>.d.Q..K....|
diff --git a/testdata/Client-TLSv13-ClientCert-Ed25519 b/testdata/Client-TLSv13-ClientCert-Ed25519
index b524ef43..c174bd9f 100644
--- a/testdata/Client-TLSv13-ClientCert-Ed25519
+++ b/testdata/Client-TLSv13-ClientCert-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,117 +7,119 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 28 10 3b 44 b1  |....z...v..(.;D.|
-00000010  0f a9 77 89 f9 dd 3c 3a  ad 83 a0 ca 3e 60 d6 0e  |..w...<:....>`..|
-00000020  ab 94 3a ec 2e 63 ef b1  41 90 48 20 00 00 00 00  |..:..c..A.H ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 94 b3 83 34 fd  |....z...v.....4.|
+00000010  0f d0 16 30 14 0e 57 a1  d3 29 cd 81 c7 a2 59 c9  |...0..W..)....Y.|
+00000020  fb 8f 54 d4 9b 69 a8 47  7d c3 63 20 00 00 00 00  |..T..i.G}.c ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d9  |..+.....3.$... .|
-00000060  ce 37 c6 7e 9c 0f 75 bb  b6 91 c9 af 59 eb 24 07  |.7.~..u.....Y.$.|
-00000070  2e 80 3a 7e d2 fc 39 9e  45 19 94 2d ae 33 2c 14  |..:~..9.E..-.3,.|
-00000080  03 03 00 01 01 17 03 03  00 17 c6 b7 f1 35 ee 93  |.............5..|
-00000090  75 ca 2e 3a a2 3d ed 32  5c e1 2c e0 5b 1c 01 e0  |u..:.=.2\.,.[...|
-000000a0  bb 17 03 03 00 42 02 e5  db dc 80 e1 c2 6f 31 1c  |.....B.......o1.|
-000000b0  33 7b 76 8f 51 9c f8 a8  b0 1b 1a 8a 46 00 c7 ff  |3{v.Q.......F...|
-000000c0  ff 4c c9 d8 28 14 32 74  ee 59 b3 15 4b 45 90 b6  |.L..(.2t.Y..KE..|
-000000d0  da 56 b3 ef d4 6f 8a eb  96 b9 94 ab b9 9e b1 2e  |.V...o..........|
-000000e0  fe 29 f2 0d 0d 93 66 1a  17 03 03 02 6d 84 4e 43  |.)....f.....m.NC|
-000000f0  92 85 d5 e0 7a cd da a6  c0 5a bf 8b eb 83 db a0  |....z....Z......|
-00000100  dc c3 e2 a8 d5 ca ad 87  75 19 08 dd 3e 2e 36 a0  |........u...>.6.|
-00000110  a1 53 28 09 cd 1c 1d a0  24 77 e3 e6 4d b1 8f 36  |.S(.....$w..M..6|
-00000120  43 29 79 b3 e2 fb 9e dc  39 90 b5 b7 db 6d 0a c0  |C)y.....9....m..|
-00000130  55 d2 1c fd 8d 57 5b bf  e3 70 b7 6a bc af 4f 34  |U....W[..p.j..O4|
-00000140  e7 e1 46 d3 9a cc e4 73  33 fb e6 ad f9 b5 35 af  |..F....s3.....5.|
-00000150  97 77 88 11 19 7c e6 7d  8b 08 bb 78 2c 50 29 0c  |.w...|.}...x,P).|
-00000160  87 5f ef 04 19 34 9f 59  54 df 14 71 d1 5f e7 dc  |._...4.YT..q._..|
-00000170  46 2e 73 1a 07 12 be 6e  74 e1 8e 82 ca db a2 6d  |F.s....nt......m|
-00000180  35 5b fc 4c 71 42 45 86  35 1c c0 dc 0d 4c 40 a8  |5[.LqBE.5....L@.|
-00000190  c7 ea 4a b8 33 0b 30 e2  6d a4 82 dc 28 35 1f f2  |..J.3.0.m...(5..|
-000001a0  ac 23 41 10 a4 d4 1a 40  28 4d ea db 32 d5 06 de  |.#A....@(M..2...|
-000001b0  1e 37 91 77 34 ed b4 c8  f2 1c 44 de ee 2f dd af  |.7.w4.....D../..|
-000001c0  61 cc 1e 59 87 a6 be 36  b0 8e a3 61 01 aa f4 60  |a..Y...6...a...`|
-000001d0  1e c8 3a 3c 53 57 31 28  3e 40 32 95 67 02 41 9c  |..:<SW1(>@2.g.A.|
-000001e0  58 28 50 51 5e 06 1d f1  57 e1 39 ba e0 ab 30 26  |X(PQ^...W.9...0&|
-000001f0  25 fe b6 0a a9 d5 b3 72  61 3a 71 ec a2 44 91 5e  |%......ra:q..D.^|
-00000200  30 1b d4 dd 07 cf 35 6a  85 4a 95 b2 a9 f5 5c 6e  |0.....5j.J....\n|
-00000210  35 f9 07 7b d9 b0 a5 64  2f c3 34 23 84 3f 1a 97  |5..{...d/.4#.?..|
-00000220  dd 25 75 7c 76 0f 9b 73  5b aa c0 a1 00 4b f6 b1  |.%u|v..s[....K..|
-00000230  61 34 51 d0 d1 3b 00 4f  87 93 f5 45 2e 23 93 ee  |a4Q..;.O...E.#..|
-00000240  e6 ce e5 1c 02 22 3c c1  22 ed 33 b2 71 99 52 26  |....."<.".3.q.R&|
-00000250  70 86 ad bc 41 d9 13 54  d3 3e 5d 4b 63 4d d2 6f  |p...A..T.>]KcM.o|
-00000260  bf a5 24 f8 7b 83 b2 0b  13 02 0d 42 74 9b 04 4e  |..$.{......Bt..N|
-00000270  8a 86 6b 40 92 42 3a d8  a8 21 2f ce e0 90 71 65  |..k@.B:..!/...qe|
-00000280  5f ed c7 65 38 e3 85 e2  32 d5 4b c0 84 61 24 a1  |_..e8...2.K..a$.|
-00000290  00 be 67 f3 59 b0 b2 f0  65 fe a6 49 19 41 f9 9b  |..g.Y...e..I.A..|
-000002a0  40 3a 62 ec 4d 1f 83 77  03 9d 4b 4c d2 5d 93 ca  |@:b.M..w..KL.]..|
-000002b0  01 39 44 dc c6 f7 18 6b  2a c9 1b 3d ef 27 6d a4  |.9D....k*..=.'m.|
-000002c0  2e 8f 33 63 2b c5 fb bb  52 23 68 7e 0b 16 92 64  |..3c+...R#h~...d|
-000002d0  d9 72 04 2d 0d b2 ba 67  45 ae 14 16 f1 57 3b 59  |.r.-...gE....W;Y|
-000002e0  44 ba db b0 c9 d2 9b 8f  6d b2 a4 8c c2 d1 1c e4  |D.......m.......|
-000002f0  ce d3 32 bf 04 d9 09 d1  28 3d 25 2d b5 d3 da 12  |..2.....(=%-....|
-00000300  77 01 45 09 08 e0 df cc  f3 4c c0 e0 b7 d7 d8 16  |w.E......L......|
-00000310  82 19 1d 57 dc b4 27 83  48 1b 9f a9 0e cc d6 39  |...W..'.H......9|
-00000320  c1 4a 66 b3 42 85 a5 a7  14 97 5c 58 fe 41 e1 2e  |.Jf.B.....\X.A..|
-00000330  16 e9 70 89 e7 98 a8 f3  4a 81 d4 d8 ff 5f 48 6e  |..p.....J...._Hn|
-00000340  60 c6 4a 07 c5 57 9c 22  25 3a 9f bf 7e 71 f3 0d  |`.J..W."%:..~q..|
-00000350  71 e5 a5 d4 2b 6d 70 2f  c5 a3 17 03 03 00 99 b9  |q...+mp/........|
-00000360  15 c7 70 bc 06 75 26 50  0f 22 90 43 99 25 0d 0f  |..p..u&P.".C.%..|
-00000370  05 d3 ce e7 3c 53 fb 01  d4 d2 e8 fb b7 49 87 03  |....<S.......I..|
-00000380  ac ad 15 11 46 dc 0c d1  89 01 5f 64 85 b9 6e bf  |....F....._d..n.|
-00000390  30 22 d6 2c 6d ac b0 f7  83 f6 2e 3a 4c 8c 72 37  |0".,m......:L.r7|
-000003a0  99 0f b5 80 b3 61 85 97  69 26 cc 95 a1 1f e5 9f  |.....a..i&......|
-000003b0  59 8a 30 0a f7 18 f4 c4  c5 15 11 d6 8b 8d 2a e0  |Y.0...........*.|
-000003c0  71 c3 86 dc d2 7f c4 95  98 c7 6c b7 21 78 d0 e6  |q.........l.!x..|
-000003d0  a7 3e 4b 12 11 df b7 d9  1e 23 d9 db 0f 5f 43 f0  |.>K......#..._C.|
-000003e0  75 65 ac ba 46 43 61 b4  3d be b8 49 44 ad 15 00  |ue..FCa.=..ID...|
-000003f0  3b c0 07 ba 18 b2 14 71  17 03 03 00 35 d1 22 81  |;......q....5.".|
-00000400  7f 21 e9 e2 7b 11 f5 df  dd 3f 15 ce b5 fc 71 f3  |.!..{....?....q.|
-00000410  0e f2 d0 1c a4 85 29 88  f2 ca 73 01 ee 1c e4 66  |......)...s....f|
-00000420  07 fa 5c a3 32 b0 e4 2a  e4 97 e5 70 b1 cd db 79  |..\.2..*...p...y|
-00000430  83 1f                                             |..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 38  |..+.....3.$... 8|
+00000060  5e 40 05 c2 91 46 5b e0  c6 c4 8f b6 eb 91 98 b1  |^@...F[.........|
+00000070  b0 41 8e 34 14 8f 2a b1  5e e6 80 78 f6 0c 3e 14  |.A.4..*.^..x..>.|
+00000080  03 03 00 01 01 17 03 03  00 17 30 61 18 ba 71 15  |..........0a..q.|
+00000090  e0 75 5d 55 f2 1a d1 7e  69 fa 58 41 97 cd c1 9a  |.u]U...~i.XA....|
+000000a0  92 17 03 03 00 42 af 88  92 3e 98 ef 74 a5 06 90  |.....B...>..t...|
+000000b0  fd c0 21 20 01 ec 1d 68  93 8d dc 36 dc 2c 43 77  |..! ...h...6.,Cw|
+000000c0  02 18 47 cf 66 b3 61 88  85 be f1 04 1b da c1 03  |..G.f.a.........|
+000000d0  31 68 2c 1c fc dc ed 6b  f3 a5 e8 52 fd a7 dc c8  |1h,....k...R....|
+000000e0  e1 6a 91 67 83 ce 5c 08  17 03 03 02 6d 55 55 72  |.j.g..\.....mUUr|
+000000f0  6e cc c5 4c f0 10 d7 0d  57 5d 4d f4 61 8d 5d 78  |n..L....W]M.a.]x|
+00000100  c3 cd df 49 4a 1a 4b c6  fe 70 0a 4a 1c 1d 12 25  |...IJ.K..p.J...%|
+00000110  36 1a 68 70 7d 02 e9 cc  4b 92 f9 b8 86 d0 e8 68  |6.hp}...K......h|
+00000120  56 be 25 b3 67 3d c0 92  5a 9f 57 8e 22 63 97 78  |V.%.g=..Z.W."c.x|
+00000130  1a 7e 70 76 87 f7 3a ef  45 1f 38 d3 95 12 72 98  |.~pv..:.E.8...r.|
+00000140  d0 89 e5 bd a7 eb fe b6  89 59 27 07 51 fd 2c 71  |.........Y'.Q.,q|
+00000150  8a 99 ca b2 75 bc ae b9  39 c6 15 bf 4e a7 3d 73  |....u...9...N.=s|
+00000160  f4 2c 7d 4c 88 3b b1 b6  3a 3d 49 c7 d0 91 57 6a  |.,}L.;..:=I...Wj|
+00000170  cc 25 c7 07 dc 08 0c ac  f4 9a 1d 58 17 3b 44 84  |.%.........X.;D.|
+00000180  e4 72 eb d5 11 16 09 f5  1b fb 60 23 63 46 51 10  |.r........`#cFQ.|
+00000190  4e 94 7b 5a 31 81 db 9e  bb 82 28 4a 08 32 88 fa  |N.{Z1.....(J.2..|
+000001a0  d2 e3 c4 6e 28 7d 47 66  a1 66 05 39 9e 20 52 fe  |...n(}Gf.f.9. R.|
+000001b0  3d 4d 2e b4 b8 a6 97 dd  12 8d db 9b 74 71 96 be  |=M..........tq..|
+000001c0  38 07 62 fc 81 97 3f 85  a2 b8 eb 29 0f e6 95 ca  |8.b...?....)....|
+000001d0  7b a1 f3 94 7e a4 3c 14  71 55 eb c6 c2 15 09 35  |{...~.<.qU.....5|
+000001e0  18 22 5b 9a 2c 19 f1 d3  60 f0 ff c2 09 9f 81 93  |."[.,...`.......|
+000001f0  e0 37 6e d0 73 40 c2 66  60 b7 54 85 b4 15 83 fe  |.7n.s@.f`.T.....|
+00000200  d4 de f4 a2 1f 7d 88 7d  6d 7d 30 ab 4a 25 3a a1  |.....}.}m}0.J%:.|
+00000210  2c fa 27 f4 94 35 0d 01  b0 9d fb 58 5b 03 86 9f  |,.'..5.....X[...|
+00000220  24 d8 57 dc e2 2e bf 1a  28 78 62 f5 29 e0 20 06  |$.W.....(xb.). .|
+00000230  38 47 98 b7 44 ce d3 66  92 32 4b 68 3d 45 b9 22  |8G..D..f.2Kh=E."|
+00000240  b9 94 32 1b 93 3f c1 88  a5 91 0f 06 8a 1e e6 a1  |..2..?..........|
+00000250  62 7e 1e 50 7a 2a be 18  cc 62 93 51 e0 c1 87 21  |b~.Pz*...b.Q...!|
+00000260  b3 c3 6b 1a ce f9 95 9e  6f 98 2a 25 43 10 6e 10  |..k.....o.*%C.n.|
+00000270  97 5c 09 33 e9 06 b6 6a  a8 8b fe 11 d7 b3 38 d6  |.\.3...j......8.|
+00000280  67 3f f9 50 37 f5 d2 f0  0d d8 6f 0a 8d 58 ee bc  |g?.P7.....o..X..|
+00000290  18 c2 68 17 c7 d9 05 c4  d1 e6 a9 f3 c4 63 f5 d4  |..h..........c..|
+000002a0  f2 fb 16 05 f3 fb 45 56  c7 ec 2b af fe 26 4c c0  |......EV..+..&L.|
+000002b0  85 86 de c3 f5 81 32 b2  bd a9 6c fd 33 25 8e ad  |......2...l.3%..|
+000002c0  6a 44 3e f0 67 be c8 dc  e1 40 9e 40 88 4d e7 c8  |jD>.g....@.@.M..|
+000002d0  0b 55 18 e6 2b 10 50 84  ff 93 63 f6 93 4a d2 39  |.U..+.P...c..J.9|
+000002e0  62 45 ed 31 1d b5 5a 14  53 6f 0f d1 45 e6 6f 66  |bE.1..Z.So..E.of|
+000002f0  a3 cd ff 28 b4 34 4c 54  67 8c 1b b6 a0 b4 01 6c  |...(.4LTg......l|
+00000300  41 24 ab 5c a0 22 82 8c  fa cd 1e 4d e1 8b 7a 04  |A$.\.".....M..z.|
+00000310  00 62 e3 44 19 59 c8 e2  04 45 ac e6 46 e2 6a df  |.b.D.Y...E..F.j.|
+00000320  ce e1 d2 3b 3f 22 b9 17  f2 eb 75 ea 96 cc af f6  |...;?"....u.....|
+00000330  6b 77 29 e5 5c 96 13 19  b5 e6 0a 5d 31 9d 6e 28  |kw).\......]1.n(|
+00000340  3e ec 58 cc 76 b2 93 1e  d0 e4 c3 b7 44 fd 0e 19  |>.X.v.......D...|
+00000350  91 e5 21 91 06 56 19 80  cf 25 17 03 03 00 99 22  |..!..V...%....."|
+00000360  b0 98 6e 68 69 5c 4d 7e  81 2c dc 0f 68 3e 6c 8a  |..nhi\M~.,..h>l.|
+00000370  02 4a 56 1b f2 b4 a2 04  31 64 b4 07 2c 37 47 a3  |.JV.....1d..,7G.|
+00000380  4c b6 5a 64 94 a8 c2 b6  d8 d2 6f 2e b6 4e ce 46  |L.Zd......o..N.F|
+00000390  72 ce 87 73 c4 ce 32 8e  0e e3 6a d2 62 19 56 33  |r..s..2...j.b.V3|
+000003a0  95 94 e2 8f 1b 20 db 2a  cc c7 61 f8 bc 47 18 11  |..... .*..a..G..|
+000003b0  4e d5 d1 66 7a 33 27 e7  38 2b 4b de 01 4c df f7  |N..fz3'.8+K..L..|
+000003c0  a9 c3 e9 50 0e e2 8b 94  16 30 fa 82 51 98 b4 2b  |...P.....0..Q..+|
+000003d0  b6 e6 83 a3 49 13 a5 95  1d 37 38 86 51 08 68 0a  |....I....78.Q.h.|
+000003e0  73 5e 91 e8 24 57 41 f2  15 5f 28 ca a7 f8 9a db  |s^..$WA.._(.....|
+000003f0  e9 fc ba 22 dc e7 25 5f  17 03 03 00 35 b3 81 2b  |..."..%_....5..+|
+00000400  ca e3 9c 5c db 80 ae 0b  41 f7 8c 26 af 9f 68 0a  |...\....A..&..h.|
+00000410  33 24 6a ea 22 b6 fc 57  37 0d 4e ab 48 29 03 d6  |3$j."..W7.N.H)..|
+00000420  d4 25 5f 14 b8 74 2b 80  84 9c 99 3c 18 6c 95 0d  |.%_..t+....<.l..|
+00000430  7d e0                                             |}.|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 01 50 dd d8 5d 40 64  |..........P..]@d|
-00000010  5d 35 b0 82 0d 46 97 4c  a2 d1 4d dd 3c c9 0a f9  |]5...F.L..M.<...|
-00000020  39 6a 1c 17 c3 f6 1a 6b  42 cc f7 37 23 7a e1 bf  |9j.....kB..7#z..|
-00000030  de 51 7f 87 6b 3d d6 4d  ed 24 b3 de dd 62 18 4a  |.Q..k=.M.$...b.J|
-00000040  b5 b3 1e 0f 2f a3 c5 e8  67 65 04 bc 37 97 15 a8  |..../...ge..7...|
-00000050  a8 f3 a8 79 99 82 e1 10  5d d7 f2 ee 21 46 aa b8  |...y....]...!F..|
-00000060  40 9f 3b fc 12 19 c8 82  b4 8e bc b8 9b a9 f6 aa  |@.;.............|
-00000070  18 6b 48 4e 03 92 43 12  b8 54 f2 b7 29 0b 0a a1  |.kHN..C..T..)...|
-00000080  6f c4 1c 2a af 22 c1 3d  1b 43 a5 3c 7d 39 83 5d  |o..*.".=.C.<}9.]|
-00000090  ee 09 fb f1 9a 4c ff b3  2a bb 85 53 04 18 5e 18  |.....L..*..S..^.|
-000000a0  62 e8 cf ec 01 be 76 31  82 1a 60 19 33 c7 37 0a  |b.....v1..`.3.7.|
-000000b0  fa 45 4d b1 9a 1e 07 e9  9c 45 c3 89 60 a2 c9 59  |.EM......E..`..Y|
-000000c0  8c 7d 02 f6 d6 5c 12 26  bd 6d 97 15 e2 07 27 be  |.}...\.&.m....'.|
-000000d0  2f 59 93 1b 11 0e 05 ef  83 c6 a2 c0 1a 9a 4c 60  |/Y............L`|
-000000e0  a6 84 c0 72 b6 2b 7c a1  37 4c d7 eb 76 0f 00 97  |...r.+|.7L..v...|
-000000f0  43 b6 25 ed 36 e1 eb 3a  3d 71 05 d8 d0 f9 80 18  |C.%.6..:=q......|
-00000100  b2 9b c0 4e 2c 8e 05 41  52 a5 40 57 3c 1f 48 0c  |...N,..AR.@W<.H.|
-00000110  55 ea d3 76 6d 3a 26 5d  5d 71 74 1c d5 8d 96 92  |U..vm:&]]qt.....|
-00000120  79 c5 9c 78 68 5f 20 12  01 06 c3 52 49 66 e4 5b  |y..xh_ ....RIf.[|
-00000130  41 09 fa 72 c5 d7 d9 26  1b fa a5 1d 23 b2 4a 1e  |A..r...&....#.J.|
-00000140  da 83 5e 89 c8 3a c4 26  f2 42 70 6d 1b 90 67 eb  |..^..:.&.Bpm..g.|
-00000150  37 15 35 b9 a2 b0 2b ef  93 5f 11 17 03 03 00 59  |7.5...+.._.....Y|
-00000160  b4 a0 79 ba e4 3f 78 d2  11 1a 71 8a a1 a4 28 fc  |..y..?x...q...(.|
-00000170  44 c7 bc 32 19 06 71 1b  6d 50 20 26 d5 91 39 48  |D..2..q.mP &..9H|
-00000180  59 8b fd 55 0a 35 14 f5  31 47 62 15 ee c1 69 23  |Y..U.5..1Gb...i#|
-00000190  eb db 79 ef 20 47 5c ef  31 e1 ae bd 2f 72 f8 9d  |..y. G\.1.../r..|
-000001a0  92 cc 04 6f 73 22 5d 93  59 9f 06 cb bd 70 9b d8  |...os"].Y....p..|
-000001b0  c9 41 44 8f 5b b2 59 2b  a9 17 03 03 00 35 22 65  |.AD.[.Y+.....5"e|
-000001c0  ef 1e dc 4c 63 ba 6d 6a  46 1c d2 9c 9a 81 4b f3  |...Lc.mjF.....K.|
-000001d0  1f 58 4e 08 86 93 f8 3a  53 13 64 1f ca 20 d2 da  |.XN....:S.d.. ..|
-000001e0  6b df 54 88 a8 f3 af 0d  4a 1b 29 91 3a bb 90 27  |k.T.....J.).:..'|
-000001f0  29 3a 97 17 03 03 00 17  09 78 1d f3 95 2e 92 af  |):.......x......|
-00000200  d8 af 64 59 fb 77 e3 85  de f0 37 be 11 91 2f 17  |..dY.w....7.../.|
-00000210  03 03 00 13 4e a2 06 c3  90 6f d3 b0 04 a8 25 32  |....N....o....%2|
-00000220  09 65 1c f2 ef 9c 32                              |.e....2|
+00000000  14 03 03 00 01 01 17 03  03 01 50 85 7f 0a 8b bc  |..........P.....|
+00000010  d1 2a 9f 69 55 c4 37 16  81 a5 46 23 cd af 5a 89  |.*.iU.7...F#..Z.|
+00000020  ad a6 c0 c3 5b 7a dc e5  29 c7 47 13 01 e9 64 4b  |....[z..).G...dK|
+00000030  86 83 50 72 0a bc 45 72  d1 66 47 04 ad 69 01 a7  |..Pr..Er.fG..i..|
+00000040  8c 49 4e 38 00 d7 d1 68  48 bd ff 2f a3 72 de 29  |.IN8...hH../.r.)|
+00000050  86 56 52 7b f1 2f c4 d3  93 3a c9 bc b8 e7 c2 c0  |.VR{./...:......|
+00000060  07 d8 46 81 a2 bd 36 54  79 28 91 1a 85 ab a3 64  |..F...6Ty(.....d|
+00000070  6b 33 e4 15 4c 07 c9 f0  45 49 e5 4c 9e b9 48 12  |k3..L...EI.L..H.|
+00000080  3b 31 12 51 72 89 7b 0f  79 07 6b 35 11 42 af a8  |;1.Qr.{.y.k5.B..|
+00000090  21 40 bd 9b e9 0f 98 80  70 6e e0 b1 99 58 9e 42  |!@......pn...X.B|
+000000a0  ca 0c 6f 87 2f 9b 91 10  7d fc c4 4e 57 1d 2f 79  |..o./...}..NW./y|
+000000b0  18 ba 6f 6f 61 f2 e4 c0  5e 4f fd 6c 58 06 83 6e  |..ooa...^O.lX..n|
+000000c0  52 b1 88 69 74 e1 12 3a  81 d6 32 b3 ac 06 4e 79  |R..it..:..2...Ny|
+000000d0  7a 50 1c 70 1e 63 6f 46  fa 17 b8 e2 1b b9 31 e2  |zP.p.coF......1.|
+000000e0  b0 f6 2f f3 ca 39 95 57  e2 51 82 d1 bf f0 f0 a2  |../..9.W.Q......|
+000000f0  3c 1b 28 cc e2 88 83 1d  db f7 56 b3 dd 39 d5 cb  |<.(.......V..9..|
+00000100  80 28 dc d4 2e e7 c6 a1  3a be 1f 8d 9f 53 5e 31  |.(......:....S^1|
+00000110  24 f1 25 36 2f f9 b1 f1  56 91 74 c8 44 6e bc c1  |$.%6/...V.t.Dn..|
+00000120  a3 cf 35 03 aa cf 87 66  9f 30 e7 eb f6 ff fd b9  |..5....f.0......|
+00000130  de 41 d4 b9 ef ce 99 d6  f3 e2 a6 ae 05 39 83 56  |.A...........9.V|
+00000140  5b 18 b6 52 8d a0 24 5e  34 4a 12 a6 8a 66 e3 c5  |[..R..$^4J...f..|
+00000150  70 92 3c f9 95 0c 59 58  65 b0 dc 17 03 03 00 59  |p.<...YXe......Y|
+00000160  56 82 fd bc ab b7 55 ee  45 23 0a cc 55 f7 fb d3  |V.....U.E#..U...|
+00000170  9f 75 0c 1f a1 f9 bc 3b  4f d5 4a 6b 47 14 6f 34  |.u.....;O.JkG.o4|
+00000180  61 85 c4 e5 3f fb 6d 0e  49 c8 f5 66 81 6b 3a b5  |a...?.m.I..f.k:.|
+00000190  14 f2 74 52 bf 8e d7 40  63 a0 45 ce 0b 69 e5 d6  |..tR...@c.E..i..|
+000001a0  43 6e 01 8b fd 54 6f ab  ce 03 57 c5 3f 6a 00 c1  |Cn...To...W.?j..|
+000001b0  bb 79 01 ee 90 7d 50 e7  de 17 03 03 00 35 cc 30  |.y...}P......5.0|
+000001c0  81 af c1 0c 4a e7 c9 d4  d2 fc 8f 0f a4 54 1c 41  |....J........T.A|
+000001d0  86 c9 a9 81 64 ce 4c 56  1a 94 fc 4b f7 e8 9d 50  |....d.LV...K...P|
+000001e0  33 4b b2 92 99 ee 79 43  ce 1f ea e2 14 5e 24 f1  |3K....yC.....^$.|
+000001f0  72 be c8 17 03 03 00 17  45 29 9b e2 ea a1 d3 16  |r.......E)......|
+00000200  8e 0c ce 85 30 a6 cd 37  b7 5a 42 0f dd 55 4d 17  |....0..7.ZB..UM.|
+00000210  03 03 00 13 ef e7 22 eb  4a e8 2a b4 88 da 2e 08  |......".J.*.....|
+00000220  01 95 77 ad 88 2e 53                              |..w...S|
diff --git a/testdata/Client-TLSv13-ClientCert-RSA-ECDSA b/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
index 0cd5b76d..e159d3e5 100644
--- a/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,129 +7,131 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 40 ad 79 0c ad  |....z...v..@.y..|
-00000010  83 38 58 82 dc b2 5a d1  e2 de f5 43 99 72 8a 93  |.8X...Z....C.r..|
-00000020  ba b1 ea 17 21 52 a7 e9  ed dc 48 20 00 00 00 00  |....!R....H ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 12 8c 45 11 2d  |....z...v....E.-|
+00000010  22 19 db e3 07 f4 31 70  a6 9d f5 b2 6a df 8f b5  |".....1p....j...|
+00000020  57 6e a1 80 75 6b 6b 77  53 cd b4 20 00 00 00 00  |Wn..ukkwS.. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 bd  |..+.....3.$... .|
-00000060  d2 3a 7e c2 30 84 4f f2  39 7e 26 11 65 49 b9 b2  |.:~.0.O.9~&.eI..|
-00000070  ac 63 c8 ef ea 5e f6 23  33 70 ec 16 86 49 03 14  |.c...^.#3p...I..|
-00000080  03 03 00 01 01 17 03 03  00 17 16 47 c1 58 83 6b  |...........G.X.k|
-00000090  66 06 c4 39 42 8f 68 fb  3a 07 9e e7 74 41 0d 10  |f..9B.h.:...tA..|
-000000a0  97 17 03 03 00 42 42 b2  84 94 a6 18 c6 b6 21 77  |.....BB.......!w|
-000000b0  1e 02 57 4a 14 2d c4 84  17 f1 fa b4 63 0f aa d7  |..WJ.-......c...|
-000000c0  4a d5 ae 75 f1 da 14 ec  51 09 93 6b 62 6f 8f 7e  |J..u....Q..kbo.~|
-000000d0  fe 0c 7f 63 ef 1b 87 d8  43 42 d0 f4 2d 6d 0f cc  |...c....CB..-m..|
-000000e0  ef 77 79 17 1e 39 1e 75  17 03 03 02 22 9c 82 27  |.wy..9.u...."..'|
-000000f0  99 e0 4b 44 a7 a7 bb a9  25 a2 58 7f 70 3f 82 1a  |..KD....%.X.p?..|
-00000100  4b bc e1 35 3e 66 fa 4f  ac 7f 7e da 73 13 06 0f  |K..5>f.O..~.s...|
-00000110  fe 97 ef 82 53 2e d0 e2  11 c6 ee 8d 25 d2 f0 5c  |....S.......%..\|
-00000120  2e b8 61 40 09 12 d4 11  9b b8 3d 38 d7 d5 a7 76  |..a@......=8...v|
-00000130  ed a7 bf 6f 39 9c 83 49  57 86 de 53 da c5 ff 8a  |...o9..IW..S....|
-00000140  ee 47 bc 19 72 d3 cc d0  5b fc 6b 25 2f 64 2a 0c  |.G..r...[.k%/d*.|
-00000150  7d e9 8a 1f f8 48 d1 74  d5 70 97 e7 b4 e2 c8 ce  |}....H.t.p......|
-00000160  dc 74 27 e9 af b1 64 56  19 28 8a 34 93 4e 1c 03  |.t'...dV.(.4.N..|
-00000170  67 ae 41 fb 5f d1 e3 20  45 6b bd 49 25 d8 b4 8b  |g.A._.. Ek.I%...|
-00000180  d4 96 d6 96 b2 72 72 f0  d0 68 f1 f7 f3 17 76 85  |.....rr..h....v.|
-00000190  78 0e dd 35 83 8a 7a 45  c5 91 86 4b a6 b5 77 b4  |x..5..zE...K..w.|
-000001a0  ef 02 43 5c 42 c7 f8 a6  1d ed 73 d2 41 02 be cb  |..C\B.....s.A...|
-000001b0  24 40 61 5a 5f 7a f6 bf  f9 d0 bd 05 7f 90 52 16  |$@aZ_z........R.|
-000001c0  65 49 c6 74 61 f0 05 fa  dd 83 69 b7 ff 5a 2c 4b  |eI.ta.....i..Z,K|
-000001d0  63 6d d2 57 01 43 67 54  25 90 72 f8 12 7e c2 39  |cm.W.CgT%.r..~.9|
-000001e0  26 a9 65 55 02 ca 87 8a  e6 13 cd a4 6b eb 3c 4d  |&.eU........k.<M|
-000001f0  3b 6e b5 4e 4e c2 64 c8  c4 70 0f 86 bb de ba 7e  |;n.NN.d..p.....~|
-00000200  9f 15 b7 11 fd f4 43 0e  f8 ad 53 b8 98 81 1c 81  |......C...S.....|
-00000210  63 1b 64 49 52 8b d8 24  49 04 1f d1 0c 7c d8 2d  |c.dIR..$I....|.-|
-00000220  89 7b 74 83 a6 eb 6a e5  5d d4 16 e8 67 20 52 a4  |.{t...j.]...g R.|
-00000230  78 3c 59 7a d2 de a0 51  c7 52 59 1e 9f 41 16 68  |x<Yz...Q.RY..A.h|
-00000240  57 68 d1 39 17 9a b3 a2  19 fb bb 49 bd 29 3e 23  |Wh.9.......I.)>#|
-00000250  59 38 6c 9f be 1b ba 60  93 e8 c9 24 fb 13 11 b7  |Y8l....`...$....|
-00000260  78 d8 a7 30 6d 06 0f 4d  59 5d d1 1f 81 13 33 99  |x..0m..MY]....3.|
-00000270  a8 4d 63 16 53 73 40 22  4b 55 21 79 c1 ce 1c 92  |.Mc.Ss@"KU!y....|
-00000280  8c d6 95 14 fd 93 5d c2  54 20 30 c5 79 b0 cd eb  |......].T 0.y...|
-00000290  ac 1b 50 6a 25 b7 e8 f1  0f da f3 d8 6b 17 2b 12  |..Pj%.......k.+.|
-000002a0  06 a8 9a 88 be 2f f3 52  b3 d7 70 05 df 57 88 f9  |...../.R..p..W..|
-000002b0  ec 59 d4 e7 ce cb c3 1f  33 3e c0 d8 04 9f 59 a0  |.Y......3>....Y.|
-000002c0  04 c0 13 b3 a6 7c ce 6c  c4 fa 82 cd da 11 17 b6  |.....|.l........|
-000002d0  c2 40 cd e6 5a 6e d3 b5  17 f0 4d c4 34 8f 2a 28  |.@..Zn....M.4.*(|
-000002e0  4d ce 93 d5 eb 7e 0a d2  57 0a 98 cf ac 48 ee a8  |M....~..W....H..|
-000002f0  8a bd ec c2 d7 d9 39 af  e2 a0 9f b2 fd d1 4e 96  |......9.......N.|
-00000300  fa fd 34 f7 a4 3e 3d 31  9a f6 a2 a7 97 a3 43 17  |..4..>=1......C.|
-00000310  03 03 00 a4 cf 0d e1 8d  b7 e4 1a c0 79 0d 7e d9  |............y.~.|
-00000320  70 a3 34 57 0f 72 b4 5c  05 7f 1e 16 52 ba d3 e7  |p.4W.r.\....R...|
-00000330  fb e5 b8 b0 8d cf 91 7e  96 c4 70 6e cb e5 7e 51  |.......~..pn..~Q|
-00000340  19 17 c1 94 e9 49 69 a0  21 59 74 a9 1d 34 9c 10  |.....Ii.!Yt..4..|
-00000350  a9 10 f0 4a 51 2c e3 1d  e3 59 28 f2 3b ea 66 c1  |...JQ,...Y(.;.f.|
-00000360  ed 6a 8d 39 72 ea 5a 24  7a ee 9f cd 85 9d 54 60  |.j.9r.Z$z.....T`|
-00000370  d4 95 fd 8d 63 a4 78 6c  2f 7d 6a a5 53 e4 42 97  |....c.xl/}j.S.B.|
-00000380  e8 19 36 bf 14 9c a8 48  9f 57 ad 29 7a 30 e5 a9  |..6....H.W.)z0..|
-00000390  32 e7 0f 24 9c ca 9d 6d  b7 47 46 1c cb 90 7d 18  |2..$...m.GF...}.|
-000003a0  39 70 d2 c1 08 28 dc d7  3a 3e 5e 62 a7 4a 4a af  |9p...(..:>^b.JJ.|
-000003b0  02 93 ce 4b 5d a2 96 f3  17 03 03 00 35 10 07 d6  |...K].......5...|
-000003c0  82 f3 28 ef 2f 08 17 f6  0b c2 da 1f b7 52 e1 eb  |..(./........R..|
-000003d0  ca f4 0b c6 21 5c 54 4d  f9 0b 04 c1 5a bf 63 58  |....!\TM....Z.cX|
-000003e0  1c e1 da 7f f7 1f 84 77  09 3a 35 7c e6 1f 89 f2  |.......w.:5|....|
-000003f0  fd 01                                             |..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d9  |..+.....3.$... .|
+00000060  7a 4f 73 11 d0 32 a9 32  96 d4 d6 5d 93 25 4a 83  |zOs..2.2...].%J.|
+00000070  26 6d 4d 30 02 8e ed 8e  65 0a 13 27 f3 53 5b 14  |&mM0....e..'.S[.|
+00000080  03 03 00 01 01 17 03 03  00 17 85 46 a7 e1 6f a9  |...........F..o.|
+00000090  d5 ea 00 e8 d2 7c 10 b9  e2 b1 98 9c eb a3 54 02  |.....|........T.|
+000000a0  61 17 03 03 00 42 ca 37  9a 89 50 e8 5d b2 6d 21  |a....B.7..P.].m!|
+000000b0  56 68 10 a1 47 76 16 87  f3 50 f0 5f d1 50 3a 03  |Vh..Gv...P._.P:.|
+000000c0  1e c7 27 84 d6 82 94 35  92 34 d7 54 f4 9b 30 8d  |..'....5.4.T..0.|
+000000d0  e9 9b 5a 04 88 4c 27 b3  3a 32 37 9e c2 a5 8a 19  |..Z..L'.:27.....|
+000000e0  d3 71 30 7b ba 9f d3 7f  17 03 03 02 22 4e e7 88  |.q0{........"N..|
+000000f0  d6 55 13 2b c9 db 93 db  9f 6b ca 4e a7 91 a1 30  |.U.+.....k.N...0|
+00000100  04 c7 e7 fc 5d f8 28 0d  b0 cd 73 b2 4b 59 e5 89  |....].(...s.KY..|
+00000110  68 f8 bb 47 1f 73 a2 d7  fe 75 73 8d a4 02 e7 22  |h..G.s...us...."|
+00000120  80 c0 aa d1 4c de f8 89  1a d2 12 86 35 7f cf 40  |....L.......5..@|
+00000130  e1 4f 47 f2 69 51 7c a7  7c 23 32 ed a6 53 8a 4a  |.OG.iQ|.|#2..S.J|
+00000140  47 86 e7 0c c5 5f 34 9f  91 eb d2 c1 bd 65 1e 7c  |G...._4......e.||
+00000150  6e ec 18 70 21 d9 95 dc  fe 44 cf d7 3f 58 fa e1  |n..p!....D..?X..|
+00000160  43 df 2e 44 7f a0 5f 48  e3 02 2c fd 18 f2 23 25  |C..D.._H..,...#%|
+00000170  a5 fc d1 23 2c 81 16 c3  8e 58 47 51 bf 0e c3 57  |...#,....XGQ...W|
+00000180  54 bf d1 8e f6 82 91 ce  5f 24 2d fd e5 80 52 c6  |T......._$-...R.|
+00000190  db b9 a1 3a 0d 80 25 98  17 ed cc 81 36 9f 85 31  |...:..%.....6..1|
+000001a0  11 25 65 36 50 ed 8e c7  6f b5 28 22 4c f3 93 94  |.%e6P...o.("L...|
+000001b0  61 0d c1 10 19 37 b2 3b  ec 41 3c 95 bc ae b5 8d  |a....7.;.A<.....|
+000001c0  95 87 39 bd 41 a7 cf 3e  b2 83 7c 12 fd 37 e4 6b  |..9.A..>..|..7.k|
+000001d0  0d c7 f9 7f f5 02 74 e0  37 c2 45 68 ab 84 f5 65  |......t.7.Eh...e|
+000001e0  78 4f 64 c5 d2 de 15 2b  1b d9 06 7a d5 f8 34 13  |xOd....+...z..4.|
+000001f0  19 54 2e 7a 85 04 d0 90  51 78 2a e2 4b ca 11 b9  |.T.z....Qx*.K...|
+00000200  7d 38 bd 5f be 5d d5 da  36 41 49 95 39 8e 1e df  |}8._.]..6AI.9...|
+00000210  a9 3b cc 18 8f 26 bd 37  97 f1 49 42 d4 e9 48 91  |.;...&.7..IB..H.|
+00000220  21 dc 70 9b 21 7a 24 13  8d 8e 7a d6 5f 11 2a ab  |!.p.!z$...z._.*.|
+00000230  73 9a cf cb af bf 3e 19  46 81 48 0a 17 b1 f1 24  |s.....>.F.H....$|
+00000240  a5 aa 60 91 fa d0 9b e4  95 28 7a a2 bf 2b ac 18  |..`......(z..+..|
+00000250  5f 1d 98 b8 e8 1a b4 58  fe 66 25 d2 0a 8d ad 7f  |_......X.f%.....|
+00000260  d2 46 95 8d d8 42 de 94  12 88 a6 30 80 14 ce 7c  |.F...B.....0...||
+00000270  ef 20 31 cd a3 e7 6b 29  b7 74 aa 62 c4 4c d5 52  |. 1...k).t.b.L.R|
+00000280  15 8e 7b da 51 60 24 ca  8d 65 9b 9b d8 2a df 1c  |..{.Q`$..e...*..|
+00000290  28 63 28 e7 20 07 f2 b4  99 d8 d6 2a d2 d3 ae 28  |(c(. ......*...(|
+000002a0  5e c5 12 25 fa b5 1c 31  1c 6d eb 1f d9 92 2b cf  |^..%...1.m....+.|
+000002b0  de fa d9 7c 39 69 0b a3  a3 05 aa 11 7d 41 3f d7  |...|9i......}A?.|
+000002c0  17 48 41 a7 3c 4b 42 93  46 26 da de 47 fe f8 76  |.HA.<KB.F&..G..v|
+000002d0  4a fb cc 08 78 19 98 d4  ad a7 4e c4 c6 47 2d 8f  |J...x.....N..G-.|
+000002e0  3f 59 57 09 89 8e 95 eb  a3 37 94 e2 6a a9 62 ee  |?YW......7..j.b.|
+000002f0  cd 8a b8 88 36 e1 ca 2a  ad 78 b8 2c 74 bc e0 11  |....6..*.x.,t...|
+00000300  6c 87 a3 06 51 b2 84 94  a2 d2 7b 57 94 79 5c 17  |l...Q.....{W.y\.|
+00000310  03 03 00 a4 07 a2 96 5b  70 21 8a a7 2e 2c 80 7a  |.......[p!...,.z|
+00000320  7a 70 09 bf 12 2e 80 1d  60 be 20 65 ff 02 74 ee  |zp......`. e..t.|
+00000330  33 27 10 b1 bf b8 aa 2b  f8 8e 2e b1 41 17 4d d5  |3'.....+....A.M.|
+00000340  bd 53 37 3c d0 85 2f 04  3c 92 e4 c0 0c 99 bd 34  |.S7<../.<......4|
+00000350  38 65 36 68 ae 12 1b 25  e7 a4 0e 2a 46 fc 29 1d  |8e6h...%...*F.).|
+00000360  5e 2d 32 42 00 59 33 da  43 53 d0 d0 61 03 7d 6b  |^-2B.Y3.CS..a.}k|
+00000370  ee 3a a5 bc 42 15 4d 04  5c 56 d4 b0 2d 2c 0e 5e  |.:..B.M.\V..-,.^|
+00000380  cd 2e 7b 83 22 a8 c4 bb  6d 6e 8b 5b 6d 7f cd 5d  |..{."...mn.[m..]|
+00000390  78 19 52 ff 72 a5 bf 5c  80 ba 0a 94 db c1 f8 24  |x.R.r..\.......$|
+000003a0  27 fe d7 0d 20 07 3a 8e  34 f9 32 ed 9a ae e3 de  |'... .:.4.2.....|
+000003b0  dc a7 2b c2 9e 8e 36 89  17 03 03 00 35 d8 4d df  |..+...6.....5.M.|
+000003c0  c5 6f 77 cc d2 2c 30 9b  db bb 4c 12 25 8e 2a 3a  |.ow..,0...L.%.*:|
+000003d0  ab e1 51 14 e5 16 22 8a  83 78 b1 98 7b 71 c9 a7  |..Q..."..x..{q..|
+000003e0  08 fd 5d 20 95 0b bf cb  64 08 df dd ca df f5 d7  |..] ....d.......|
+000003f0  f9 c2                                             |..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 11 f1 43 fc 28 7d  |............C.(}|
-00000010  43 0b 17 e4 ed cc 95 d5  09 4e 8f 44 3c 3b 46 23  |C........N.D<;F#|
-00000020  59 a4 62 a7 94 1e da b6  a7 a5 22 15 6a ed e3 eb  |Y.b.......".j...|
-00000030  4f 6d 0e 91 c6 20 74 af  97 80 95 db 6a b6 2d ac  |Om... t.....j.-.|
-00000040  a8 d9 95 84 95 5b 32 27  ec 42 42 a8 fd 05 fc ad  |.....[2'.BB.....|
-00000050  2e 00 e3 4a 9d 93 d1 5e  fd dc 22 30 1f 9c e9 cb  |...J...^.."0....|
-00000060  3f 2e ac ad 0f ab b7 46  82 69 38 db c6 8a be 77  |?......F.i8....w|
-00000070  7e 83 77 4c e1 f4 f2 cf  c2 b1 86 ff 17 d3 1d 79  |~.wL...........y|
-00000080  3e ac f8 6e 73 15 ab 02  4c bf 2a 63 41 ce 93 3b  |>..ns...L.*cA..;|
-00000090  af 11 70 8c 91 91 f4 14  5c 1b 63 4b 42 3b d8 ca  |..p.....\.cKB;..|
-000000a0  00 f6 02 b3 c8 d3 ab 01  1d f2 71 86 7b f9 13 de  |..........q.{...|
-000000b0  1e 39 1c e7 b5 3b b5 bb  26 33 f7 a9 3f 29 e2 8c  |.9...;..&3..?)..|
-000000c0  d1 67 64 11 b4 29 be 6e  c9 cf c5 6e 41 43 41 e7  |.gd..).n...nACA.|
-000000d0  43 9c 5d fb a1 b6 b3 f9  0f 4c 17 11 3c 56 0e 49  |C.]......L..<V.I|
-000000e0  a0 41 8f ca 62 38 d2 83  8d 41 9b 86 5e 47 9b 79  |.A..b8...A..^G.y|
-000000f0  c6 66 61 4d 72 05 7a 4b  e9 43 96 9b b3 09 f1 60  |.faMr.zK.C.....`|
-00000100  65 98 db 4a fb 57 dc 6b  de 48 e4 78 7c 86 0f 58  |e..J.W.k.H.x|..X|
-00000110  93 ea ec fa 7b c0 c2 c4  57 f8 99 13 c0 97 d6 df  |....{...W.......|
-00000120  01 a8 a2 3e da 7a 1a 55  ae ab f6 d1 d8 34 83 0d  |...>.z.U.....4..|
-00000130  11 86 8a 14 8e d6 5c c0  c2 55 de da 37 c4 ac 69  |......\..U..7..i|
-00000140  95 42 84 5f 1d 5f c7 32  91 a9 45 02 c3 a3 da 4f  |.B._._.2..E....O|
-00000150  96 da c0 a2 09 7a a6 2b  25 f4 a2 94 89 fa bd 0f  |.....z.+%.......|
-00000160  87 04 e1 87 00 c4 4f 45  39 7a 5a 7d 75 c5 c9 f6  |......OE9zZ}u...|
-00000170  27 34 2d ba 12 c5 2c 76  06 b0 aa d0 34 e1 99 e9  |'4-...,v....4...|
-00000180  9b 01 db 2a b4 d5 dd 55  2b 92 6d e3 9e fc f1 09  |...*...U+.m.....|
-00000190  2b 37 8b 37 8f 70 31 ee  d2 f0 86 5a 1f d3 4a 29  |+7.7.p1....Z..J)|
-000001a0  7c c9 0e 97 7c 4f e6 87  b7 c8 94 f3 d2 0b 4a 1d  ||...|O........J.|
-000001b0  59 60 09 81 55 6a 01 38  9f ca 20 e0 6e 44 f7 b5  |Y`..Uj.8.. .nD..|
-000001c0  f6 3e 2e d0 81 f6 e6 1d  15 cf c3 d8 ae 98 84 d1  |.>..............|
-000001d0  0b c9 e4 65 96 f9 eb c9  60 6d 50 37 49 9f 6d b1  |...e....`mP7I.m.|
-000001e0  b9 f6 25 20 81 2d cf b4  17 2b 4c a9 8a 76 8a db  |..% .-...+L..v..|
-000001f0  77 8c 29 47 05 0b 27 e1  52 8d 37 27 fb c0 70 26  |w.)G..'.R.7'..p&|
-00000200  3b 6d 2e 74 05 75 88 e4  63 3d ac 98 3f 74 67 3b  |;m.t.u..c=..?tg;|
-00000210  c6 dc 41 39 2b 20 ef f9  8b 2f 4e 20 17 03 03 00  |..A9+ .../N ....|
-00000220  99 7d 8a 83 dd 34 5e 37  e2 c3 85 22 f3 6b ee bc  |.}...4^7...".k..|
-00000230  a5 21 1b c5 2c 38 cf 99  09 5b 31 97 5e a0 8b 69  |.!..,8...[1.^..i|
-00000240  75 3a 23 64 18 22 fb 31  ed ac 8b 0f ae 9c 4e ee  |u:#d.".1......N.|
-00000250  06 0e 3c 3a 18 d3 8e 0c  dc d4 3f 7b 25 e3 90 85  |..<:......?{%...|
-00000260  ca f4 8a 5c 5e 5e 44 f3  1b 57 cd 14 e0 8d 67 36  |...\^^D..W....g6|
-00000270  6e c2 a6 95 60 f3 86 20  29 a6 a8 8f b3 b0 0d 57  |n...`.. )......W|
-00000280  d2 1e 4a b9 d2 63 33 09  f9 c5 87 94 89 c5 fd 2e  |..J..c3.........|
-00000290  de b3 f0 0e 7b 4e 3e d6  21 b4 3b 58 bd 2a 35 49  |....{N>.!.;X.*5I|
-000002a0  5e b0 f4 5a ca 58 dc a5  8b 45 a5 d1 7b 13 b2 00  |^..Z.X...E..{...|
-000002b0  52 c4 b2 6c d1 9a b8 c5  1b fe 17 03 03 00 35 c9  |R..l..........5.|
-000002c0  9b c7 94 b3 eb 5f 4e ab  8c c0 de cf b6 b4 5c ee  |....._N.......\.|
-000002d0  bb 5f fa 48 a2 06 f0 ed  f5 b1 ba 74 0c c5 64 1a  |._.H.......t..d.|
-000002e0  ce 2e 9e 90 4b 6e 98 13  a0 98 99 a3 b4 6f 73 76  |....Kn.......osv|
-000002f0  7b e3 26 15 17 03 03 00  17 3e a1 f0 68 e6 00 86  |{.&......>..h...|
-00000300  10 f4 bf 26 b6 f5 e6 77  85 ca b7 c1 75 bb f9 78  |...&...w....u..x|
-00000310  17 03 03 00 13 43 7f f3  84 ee d7 a9 59 9d c3 5c  |.....C......Y..\|
-00000320  c0 b7 c8 20 4e 83 ba 23                           |... N..#|
+00000000  14 03 03 00 01 01 17 03  03 02 11 67 1a 6d 9c e6  |...........g.m..|
+00000010  fd 73 aa 96 0b 7a 9b 1a  28 fd e8 5c 7b a2 65 91  |.s...z..(..\{.e.|
+00000020  e8 6a 96 48 6e 56 da 2d  8f 79 d3 d9 bb db f1 26  |.j.HnV.-.y.....&|
+00000030  27 99 e5 d2 2e b2 20 ee  af e5 b5 8b 6d a3 ea a3  |'..... .....m...|
+00000040  2a 6a a5 5e 28 61 04 10  d3 01 62 bd 16 f3 2b 84  |*j.^(a....b...+.|
+00000050  1b ca 26 67 62 4b b6 24  df 20 9a 06 57 ed 21 37  |..&gbK.$. ..W.!7|
+00000060  a1 0c e4 e1 cd c8 39 e6  5c bc 78 46 8c fb ad f1  |......9.\.xF....|
+00000070  55 15 bc d5 f5 21 2b b1  b6 03 5c 14 0f cf 8d 79  |U....!+...\....y|
+00000080  ad 64 b6 fd de 92 a9 51  f5 29 f3 d3 14 22 9a d5  |.d.....Q.)..."..|
+00000090  70 37 87 19 dd c3 d3 7b  79 ce 80 c3 f8 02 ea dc  |p7.....{y.......|
+000000a0  86 f8 af d2 fe 0d 49 a5  ba 6d ec 42 cf 28 21 ed  |......I..m.B.(!.|
+000000b0  5f 23 90 3b 83 d8 c4 73  fd 18 57 7f b1 81 9f 88  |_#.;...s..W.....|
+000000c0  19 3c bc 4b 24 4c 22 2f  07 f3 07 29 e8 6c 30 8e  |.<.K$L"/...).l0.|
+000000d0  12 b5 bc 2f 2f c0 80 fb  a1 f0 73 0c 22 ea 4f 24  |...//.....s.".O$|
+000000e0  3b 37 a5 68 65 12 42 0b  6b 7f eb ff 59 eb 92 de  |;7.he.B.k...Y...|
+000000f0  96 d9 f7 23 95 b1 b5 93  61 8b a5 bd c2 bf b0 86  |...#....a.......|
+00000100  af 54 91 21 38 b1 7e 4c  05 82 71 70 30 a0 19 ac  |.T.!8.~L..qp0...|
+00000110  10 63 fa 6a 05 95 14 18  27 cc f3 2e 2d 78 93 35  |.c.j....'...-x.5|
+00000120  65 c9 4e ec 3a 10 9e 75  60 21 18 71 f9 b5 95 37  |e.N.:..u`!.q...7|
+00000130  af 29 a1 51 a9 e5 a9 b5  5b a5 81 72 65 6c eb f2  |.).Q....[..rel..|
+00000140  2e 78 85 04 b8 c0 3c e6  3a 49 0e 28 fa 0a f8 73  |.x....<.:I.(...s|
+00000150  16 da ba 60 db ed ad de  7d 5b 10 15 03 5b 79 d0  |...`....}[...[y.|
+00000160  d7 da 91 ff 12 76 37 94  43 ad f4 f8 b9 39 23 e6  |.....v7.C....9#.|
+00000170  7c ed 92 d9 92 c4 2b bd  8c 7a fd ab 0d 17 0b b5  ||.....+..z......|
+00000180  5b 8a 5f a6 9b 19 04 88  37 75 54 a9 35 15 ff df  |[._.....7uT.5...|
+00000190  42 8b aa fb 9f 30 28 ef  bb 74 95 a5 af 44 c2 70  |B....0(..t...D.p|
+000001a0  55 c7 cc f5 37 b9 34 c6  dd fb 9b c5 70 fa 0f ed  |U...7.4.....p...|
+000001b0  45 54 38 02 34 0a 09 df  4c bd 07 78 ce 66 c7 0d  |ET8.4...L..x.f..|
+000001c0  57 94 06 97 6d b3 ec 90  70 81 37 23 77 b7 2f cb  |W...m...p.7#w./.|
+000001d0  c5 af 12 bd a7 c5 81 87  92 9e 9b ed 78 6d bf 63  |............xm.c|
+000001e0  01 aa d7 f3 50 f2 f7 c6  af a9 7f 73 d8 fb 17 27  |....P......s...'|
+000001f0  c3 33 8d 2b 2c ad 10 4d  36 5c 49 e8 19 06 34 45  |.3.+,..M6\I...4E|
+00000200  00 eb 1f c1 09 c8 19 06  55 91 52 df cd db f2 d5  |........U.R.....|
+00000210  22 2a af 92 cb 18 9f 96  2a 12 d5 ea 17 03 03 00  |"*......*.......|
+00000220  99 01 94 eb cc e4 e7 4f  90 c1 9b 85 c8 1f 73 f0  |.......O......s.|
+00000230  50 52 7d 62 50 f9 90 49  59 e8 31 a0 ea 3b 42 2c  |PR}bP..IY.1..;B,|
+00000240  2c dd e8 9c 42 d5 5f 50  84 b9 78 0a 5e 73 55 d9  |,...B._P..x.^sU.|
+00000250  21 39 e5 bc c7 88 04 1d  b8 d3 46 b3 a0 b6 07 60  |!9........F....`|
+00000260  4a 39 1a 39 cc e3 22 2f  de 30 16 71 54 1d c0 69  |J9.9.."/.0.qT..i|
+00000270  ea 73 81 bf 17 7d 82 dc  33 cd 1f c2 e8 eb 67 61  |.s...}..3.....ga|
+00000280  60 1e dd 2c 56 45 d4 49  fb 7f 21 dd a8 23 8c 13  |`..,VE.I..!..#..|
+00000290  d3 1b c5 c1 3b 08 e4 21  ac 35 eb d6 44 a6 48 c9  |....;..!.5..D.H.|
+000002a0  e2 ae 04 a8 36 fb e8 f6  2e 91 90 da 5a ae 18 3b  |....6.......Z..;|
+000002b0  a7 14 94 ed b7 f4 8a cc  74 be 17 03 03 00 35 a2  |........t.....5.|
+000002c0  9f 3f bd d0 7c 1e ac 4e  c9 7e 9d ee 9a 89 61 55  |.?..|..N.~....aU|
+000002d0  38 41 8c d9 e1 56 35 bd  0b 6e ad 77 0e 0d 08 df  |8A...V5..n.w....|
+000002e0  73 67 36 28 e0 9b 96 ba  c0 38 de 95 31 53 49 9c  |sg6(.....8..1SI.|
+000002f0  db 16 c2 90 17 03 03 00  17 6f cc cb 4e ac ef a0  |.........o..N...|
+00000300  48 75 94 28 c5 8d 06 33  28 94 11 84 25 9f 26 a6  |Hu.(...3(...%.&.|
+00000310  17 03 03 00 13 d2 ce 1b  90 04 b1 32 38 db 0d b5  |...........28...|
+00000320  3c e8 e3 34 bc c3 d1 33                           |<..4...3|
diff --git a/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS b/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
index e557181b..a306d4bb 100644
--- a/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
+++ b/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,138 +7,140 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 46 b8 dc eb 72  |....z...v..F...r|
-00000010  ac 41 0a 3c 58 14 84 a0  75 91 e1 ca d7 3c c7 2c  |.A.<X...u....<.,|
-00000020  62 20 c4 28 9e 5a 09 19  2e 51 7b 20 00 00 00 00  |b .(.Z...Q{ ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 59 1d 08 4c 9a  |....z...v..Y..L.|
+00000010  08 52 d3 3b 7b 4c 3e d3  23 53 e3 17 09 07 52 8b  |.R.;{L>.#S....R.|
+00000020  e5 c9 55 c3 c1 0d db 83  aa ba 4e 20 00 00 00 00  |..U.......N ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 f9  |..+.....3.$... .|
-00000060  c2 64 c8 93 91 3a 81 55  ca 85 23 d4 91 37 3e 01  |.d...:.U..#..7>.|
-00000070  42 63 2e 2a a9 13 0c a9  f2 e6 74 14 1e 5c 52 14  |Bc.*......t..\R.|
-00000080  03 03 00 01 01 17 03 03  00 17 23 71 3e 39 7a 0c  |..........#q>9z.|
-00000090  2a fa 89 f1 65 d1 b0 23  96 8e 6a e4 55 2c fd 34  |*...e..#..j.U,.4|
-000000a0  ea 17 03 03 00 20 b7 a2  d6 ff b3 b4 db ce f8 90  |..... ..........|
-000000b0  f9 a3 9c 0c 8f f0 77 3e  37 f2 d9 e7 84 65 28 f6  |......w>7....e(.|
-000000c0  dd fe b9 42 03 3c 17 03  03 02 7a d4 cf 93 f6 2b  |...B.<....z....+|
-000000d0  64 e3 13 75 41 62 7d bd  cf 4f 42 80 23 f4 03 92  |d..uAb}..OB.#...|
-000000e0  35 02 5e ed bb c6 2f b1  a8 57 cf d4 69 94 6a db  |5.^.../..W..i.j.|
-000000f0  39 b8 3a 05 07 dd f1 1d  63 13 22 9b d7 58 68 6f  |9.:.....c."..Xho|
-00000100  4f ac 79 6a 47 0a 23 35  3c 9b 9f 15 04 e7 6b d8  |O.yjG.#5<.....k.|
-00000110  ff df 00 6c 68 5e a0 41  6a a9 34 9f 37 98 c2 3d  |...lh^.Aj.4.7..=|
-00000120  51 29 73 c4 ad 34 e5 69  78 18 eb 03 55 c0 c6 0d  |Q)s..4.ix...U...|
-00000130  43 d5 4a 5d cb 53 e6 b9  df e8 8b 0e 98 04 89 bb  |C.J].S..........|
-00000140  f4 a1 48 01 af d3 42 ef  17 e7 f9 27 b4 b1 63 99  |..H...B....'..c.|
-00000150  91 a6 c5 c1 cb 6d 1c 55  b1 69 1c ec b1 b7 c3 cd  |.....m.U.i......|
-00000160  7a 93 f2 d8 e4 c4 96 43  0a e1 18 b5 9a 3b 57 83  |z......C.....;W.|
-00000170  98 ce 74 f2 4c 65 ad 01  aa 76 b5 b0 7c a0 7d 09  |..t.Le...v..|.}.|
-00000180  ad d6 20 7d 12 67 f8 4c  2c 41 37 34 66 86 fe 3d  |.. }.g.L,A74f..=|
-00000190  44 52 f0 08 26 4c b3 e7  71 b3 89 b3 5c 78 7e db  |DR..&L..q...\x~.|
-000001a0  34 31 dc dc 7c 7d 28 e1  41 96 f4 2f 28 60 9f 5b  |41..|}(.A../(`.[|
-000001b0  b2 2b 37 6b 3f 3a 37 e2  38 7a 66 40 fe 44 44 72  |.+7k?:7.8zf@.DDr|
-000001c0  b4 e3 97 f3 db 73 c8 af  96 c8 a6 24 ef ea 34 8f  |.....s.....$..4.|
-000001d0  5e 4b 21 22 19 d8 4a db  2e f1 23 90 d0 d2 38 f3  |^K!"..J...#...8.|
-000001e0  c6 08 5d 1d c9 a3 f2 6d  01 eb 30 5e cd f4 98 f5  |..]....m..0^....|
-000001f0  0d d8 68 4f 00 f4 cd 24  9f c4 3c 6a 31 5d c0 e5  |..hO...$..<j1]..|
-00000200  21 35 9b 4f db f0 0e 9c  5a e5 be 3f 63 ed 39 b3  |!5.O....Z..?c.9.|
-00000210  ea 1a fe cb 4b 6b ae 57  9f 5d 63 40 2d 61 76 83  |....Kk.W.]c@-av.|
-00000220  7a ca c0 9c 82 55 74 16  9d e2 84 31 71 28 fd ae  |z....Ut....1q(..|
-00000230  a1 5c 66 aa b4 7e e4 bf  54 fc 95 e7 e0 e5 e7 54  |.\f..~..T......T|
-00000240  54 a9 cf 14 d1 ef 18 a6  70 b8 c6 58 2c ba 7c 74  |T.......p..X,.|t|
-00000250  e4 72 14 aa 2e e1 6d ba  dc 06 9f fd 82 cd 3f 20  |.r....m.......? |
-00000260  3b 46 bf a9 1d 54 ae 3a  40 4a 76 8c 91 de 1c 42  |;F...T.:@Jv....B|
-00000270  94 a8 62 2c 53 c0 08 a6  32 f1 5f 13 28 a4 83 d1  |..b,S...2._.(...|
-00000280  de 7e d4 2b 2e b8 f7 c8  1c e6 58 0d 66 8e 5f 88  |.~.+......X.f._.|
-00000290  47 ca 4f 98 58 36 de fa  be 59 7e 64 8a d0 3a 6c  |G.O.X6...Y~d..:l|
-000002a0  e5 9d 90 7b 3a 88 16 bc  16 10 81 8b 9d 1b 09 0a  |...{:...........|
-000002b0  0b e8 d1 1e 06 41 de 41  87 e6 52 d9 03 d9 86 d3  |.....A.A..R.....|
-000002c0  27 89 55 f3 b5 4a 6f 74  42 d8 6b 8e a1 91 da 6d  |'.U..JotB.k....m|
-000002d0  1a 23 61 5e 8b f0 50 7e  e2 17 ed 0c fc b1 a7 0b  |.#a^..P~........|
-000002e0  37 1e 91 de 6e 57 02 dd  f9 2c 70 c9 0e 24 27 e3  |7...nW...,p..$'.|
-000002f0  6e 9c ef 41 bd 7f 19 62  95 6c f6 c1 73 e5 08 2c  |n..A...b.l..s..,|
-00000300  b1 80 ec aa 64 c7 ab 77  f3 86 43 8a 61 fa b9 ba  |....d..w..C.a...|
-00000310  c0 0c ce de d9 f9 0f ea  2d 0b 77 9e bb 29 0a 7f  |........-.w..)..|
-00000320  9b 90 1c 54 5e c4 95 7c  fd 0e b9 9f 8d ff d7 7c  |...T^..|.......||
-00000330  e4 2b 4c d9 d5 b3 79 83  d3 75 cc a4 47 01 74 0b  |.+L...y..u..G.t.|
-00000340  35 84 be 59 bd 17 03 03  00 99 72 3e 53 38 42 12  |5..Y......r>S8B.|
-00000350  6f 99 20 c4 98 59 48 61  e0 13 80 8e 96 25 96 f8  |o. ..YHa.....%..|
-00000360  c9 c8 35 9c 35 c0 13 d7  34 24 0b 6e 59 4f 1b 77  |..5.5...4$.nYO.w|
-00000370  1f 9a 71 6b 6b dc 71 23  b1 a2 e8 1e c2 a0 b1 8c  |..qkk.q#........|
-00000380  27 5e 90 c5 f8 65 30 a2  de fc 6b b2 e3 5d 8d 9f  |'^...e0...k..]..|
-00000390  70 32 3c 92 47 c7 91 10  49 0d f1 3b 41 f1 14 3b  |p2<.G...I..;A..;|
-000003a0  09 55 f5 78 0e 91 1b 75  a0 58 fc c9 34 82 fe 51  |.U.x...u.X..4..Q|
-000003b0  20 73 71 3d 7f 82 a4 29  bc 04 67 d7 30 c7 a5 4b  | sq=...)..g.0..K|
-000003c0  f3 94 4d 15 35 2a 1e 46  82 3f 36 f4 7b ff 9f 88  |..M.5*.F.?6.{...|
-000003d0  3b e6 60 bc 86 51 59 ad  97 58 95 7e 6a 4b c9 6c  |;.`..QY..X.~jK.l|
-000003e0  34 96 03 17 03 03 00 35  03 94 eb e1 e5 9d eb 8f  |4......5........|
-000003f0  34 b1 28 3c 9d 26 40 a9  e7 4c 2b bf 37 32 b6 aa  |4.(<.&@..L+.72..|
-00000400  78 d2 45 0c 6c 5b 0a 0e  8a 3a b6 1a 01 09 3e 0a  |x.E.l[...:....>.|
-00000410  45 25 c6 83 8a 4a cc 22  d9 29 c8 8a 32           |E%...J.".)..2|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d8  |..+.....3.$... .|
+00000060  b2 05 15 9a 39 db 4f d6  d1 d1 e5 6c f0 8d 6f b1  |....9.O....l..o.|
+00000070  54 d6 ff f2 48 2b a7 14  2a f6 4e cd 28 41 61 14  |T...H+..*.N.(Aa.|
+00000080  03 03 00 01 01 17 03 03  00 17 c9 09 91 34 14 6c  |.............4.l|
+00000090  de cb 9f d5 0d 03 5e 58  69 4e 61 75 8a 4b a9 35  |......^XiNau.K.5|
+000000a0  51 17 03 03 00 20 4f 41  5c 1d f6 73 a0 ca a7 a9  |Q.... OA\..s....|
+000000b0  4c b9 34 ee 7c c0 68 eb  e6 28 9f 1f 7f bf 6e 17  |L.4.|.h..(....n.|
+000000c0  17 cf 6c cb ad 72 17 03  03 02 7a 1f d1 c8 b3 7a  |..l..r....z....z|
+000000d0  7b 7b c9 fa c0 5a cb e9  18 64 b9 ef 49 8f 2d da  |{{...Z...d..I.-.|
+000000e0  cd 97 44 ec dc 2e 32 d8  39 e3 40 78 97 ef 01 69  |..D...2.9.@x...i|
+000000f0  0a b6 fc 31 d4 53 85 0c  c1 51 3a a7 02 e3 af ae  |...1.S...Q:.....|
+00000100  20 4b 44 13 c2 d1 4d de  b3 5d 24 3e 64 36 78 fd  | KD...M..]$>d6x.|
+00000110  6f 36 79 3e c2 ef 48 27  e0 e2 a3 86 61 22 14 61  |o6y>..H'....a".a|
+00000120  88 df 08 86 ed af 2a d6  2f b6 9d 30 f7 6e 28 7a  |......*./..0.n(z|
+00000130  44 2c b1 32 cc 4b 9b 6f  67 69 83 cc 7b 59 64 16  |D,.2.K.ogi..{Yd.|
+00000140  76 43 b5 0c 6f 5e 5c f0  17 e6 b4 32 0d 2d 01 91  |vC..o^\....2.-..|
+00000150  7c 00 af bf 99 fb 0b 97  8e fa 1f cc 10 4c cb 73  ||............L.s|
+00000160  81 f8 b3 7c 2e 8d ba c5  95 f1 7b 19 f2 19 48 c5  |...|......{...H.|
+00000170  ba a0 ba fd b3 29 42 1d  3a e2 f1 8f 13 c5 38 66  |.....)B.:.....8f|
+00000180  be 60 e9 a3 e4 b7 c3 e1  3d cf c3 62 85 4f f3 29  |.`......=..b.O.)|
+00000190  11 e4 72 cd c5 90 9c 45  36 11 67 8a 09 a2 f8 b1  |..r....E6.g.....|
+000001a0  48 e3 26 c5 d8 5d 8e b4  c0 af a6 e8 93 2f e8 99  |H.&..]......./..|
+000001b0  75 07 56 82 ed 58 21 2a  d8 4f dc 60 41 2f a9 49  |u.V..X!*.O.`A/.I|
+000001c0  aa 73 68 22 b7 73 5c 14  a4 46 b2 de 68 a8 f1 4a  |.sh".s\..F..h..J|
+000001d0  97 db 0d cd 29 26 d7 28  d2 d0 0c 81 43 c7 ae 0a  |....)&.(....C...|
+000001e0  c5 35 fe 55 da 7a ea 0f  78 95 f8 ed 02 84 de 5b  |.5.U.z..x......[|
+000001f0  3e ed e2 d2 25 75 a8 ec  7a 5a a9 35 eb d5 b9 08  |>...%u..zZ.5....|
+00000200  36 f9 fd 1a 18 27 d0 bf  07 46 bb 8b a8 52 bf 8b  |6....'...F...R..|
+00000210  d6 c5 3f 16 11 f9 ea 85  e9 f9 5a 68 17 20 2b 92  |..?.......Zh. +.|
+00000220  0c 58 55 b8 9a 66 6b 80  bb be 24 41 b4 2f 76 9a  |.XU..fk...$A./v.|
+00000230  c5 29 c5 86 e0 d3 1f 63  96 95 3f f2 67 7b 66 d5  |.).....c..?.g{f.|
+00000240  79 cc 47 80 8e 13 1a 29  ee 9a 97 3f 79 e0 be 20  |y.G....)...?y.. |
+00000250  c8 a1 6e 4a 85 91 7d 93  86 f4 0d 4d 5e e4 52 a9  |..nJ..}....M^.R.|
+00000260  a9 17 8b ab fd aa dc fd  a2 4b d3 d9 db 41 95 f9  |.........K...A..|
+00000270  e3 31 a4 2d 53 43 a2 b9  6a 1e f8 5b f4 0d 55 70  |.1.-SC..j..[..Up|
+00000280  f0 18 70 82 8e f3 53 3c  81 ac 13 2a b9 d0 33 dc  |..p...S<...*..3.|
+00000290  b9 8d b9 41 6a 4d 87 c6  70 f2 04 2c 60 01 5b 5d  |...AjM..p..,`.[]|
+000002a0  76 91 19 af 2d 48 82 69  59 15 c4 42 40 6a 38 3a  |v...-H.iY..B@j8:|
+000002b0  a2 db 21 b6 6d b3 e7 50  91 7c 8f f0 97 8f 7c 56  |..!.m..P.|....|V|
+000002c0  8b 4d f5 d3 7a 81 b5 4d  c5 33 ba 14 36 6f be ea  |.M..z..M.3..6o..|
+000002d0  95 1d d2 3d 29 a8 72 34  35 38 56 4c 65 47 b5 8b  |...=).r458VLeG..|
+000002e0  cb 43 9e 8d bd 1b 6b c3  2e 5b 9f f5 5a 60 e6 c9  |.C....k..[..Z`..|
+000002f0  6b c4 85 5c ac 55 fa 67  47 15 45 b4 e9 49 dd 0a  |k..\.U.gG.E..I..|
+00000300  aa be 5f d3 ec c9 88 71  52 eb 91 e9 38 e4 14 15  |.._....qR...8...|
+00000310  f3 ef 37 27 9c b1 c1 66  bb 40 c7 01 b5 8e f2 45  |..7'...f.@.....E|
+00000320  fb be c1 6a 73 a4 48 cf  e6 59 00 0b 37 56 a2 07  |...js.H..Y..7V..|
+00000330  41 29 56 2e 11 28 88 6a  37 df 46 33 a8 3d 14 3a  |A)V..(.j7.F3.=.:|
+00000340  c7 5a be 5e dc 17 03 03  00 99 15 b7 d6 a9 5d ae  |.Z.^..........].|
+00000350  e0 61 a0 09 69 01 c3 61  63 eb 94 9c e3 e3 78 e4  |.a..i..ac.....x.|
+00000360  b9 00 c3 db df cd 72 1b  86 2f 34 4f d0 da 63 c6  |......r../4O..c.|
+00000370  a9 b3 55 57 81 76 f1 fe  2b c0 85 6e 9b 6a c7 14  |..UW.v..+..n.j..|
+00000380  4c b0 48 fb a9 6d 14 f3  44 d1 30 9d ec c4 fc ac  |L.H..m..D.0.....|
+00000390  0a 79 c3 89 55 c8 92 9f  b6 bd 0b aa 85 bd 81 9b  |.y..U...........|
+000003a0  8e 94 b4 27 32 6f 26 da  40 27 6e 1f d9 7e 5e 16  |...'2o&.@'n..~^.|
+000003b0  b1 10 be 7a 9e 3a 80 ed  89 2e b9 9b b4 a9 70 11  |...z.:........p.|
+000003c0  61 46 c3 e9 b3 5e c0 b4  17 71 4a 28 44 1a 27 a4  |aF...^...qJ(D.'.|
+000003d0  20 19 47 70 2c 06 66 6a  19 a4 cb 67 2a 28 3d 4b  | .Gp,.fj...g*(=K|
+000003e0  50 02 c5 17 03 03 00 35  5b 49 ab 32 a4 7e 3c 35  |P......5[I.2.~<5|
+000003f0  a3 47 b6 57 da 5e 4a c8  5b cc 5e 71 35 32 63 7f  |.G.W.^J.[.^q52c.|
+00000400  13 ff c2 d2 db 31 d5 22  3f 6d 26 c3 d3 70 40 4d  |.....1."?m&..p@M|
+00000410  e5 2a cc 0b 51 a6 61 9e  a9 69 22 bf fb           |.*..Q.a..i"..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 7a 3e 62 91 75 b4  |..........z>b.u.|
-00000010  58 7d 61 ac 42 4b 1b 91  86 cd 3f c0 6d 30 5a 01  |X}a.BK....?.m0Z.|
-00000020  11 1e 77 87 92 50 bb a0  d2 c6 84 b6 10 37 02 ab  |..w..P.......7..|
-00000030  2d c2 c2 12 0a db f5 8f  e4 1f dd 16 ec 83 ad db  |-...............|
-00000040  2d 8b ec fa aa 56 44 4e  d4 af ce d2 9f 44 3d de  |-....VDN.....D=.|
-00000050  12 29 db bc 29 2a df 99  d7 d0 53 79 84 a4 b8 2d  |.)..)*....Sy...-|
-00000060  8b 5c e6 a4 b7 98 07 5a  f4 63 10 21 87 13 09 07  |.\.....Z.c.!....|
-00000070  28 98 49 48 07 70 c1 ab  8b 62 6d 40 a8 47 27 67  |(.IH.p...bm@.G'g|
-00000080  d6 ad 29 8d 2e 14 34 14  18 6b dd f0 76 3b 91 f9  |..)...4..k..v;..|
-00000090  e1 93 a2 1c 3a 5e 18 a3  c9 ca b0 c9 cf d9 3c f5  |....:^........<.|
-000000a0  a3 38 c7 83 53 67 14 ba  65 6f 11 a2 ef 78 7e ea  |.8..Sg..eo...x~.|
-000000b0  4a 90 c9 aa bf e9 8e ff  8c 9d 7c 5f 56 c3 9b 16  |J.........|_V...|
-000000c0  c1 8a a9 51 24 20 86 dc  99 ac d2 28 af 7b 2d 6e  |...Q$ .....(.{-n|
-000000d0  16 9b 71 71 82 00 94 51  a4 4f 22 c1 26 a2 6f 67  |..qq...Q.O".&.og|
-000000e0  d9 45 ff 80 13 39 16 0f  9c 43 76 54 e5 12 0f 89  |.E...9...CvT....|
-000000f0  95 ed 75 df eb cb 6b d2  77 fd fa 37 d7 a3 31 b5  |..u...k.w..7..1.|
-00000100  61 47 69 8f 99 55 70 d0  96 b0 f7 a9 1b 53 69 a3  |aGi..Up......Si.|
-00000110  e4 59 cc a1 d9 4b d5 4f  e2 47 c1 53 30 60 50 03  |.Y...K.O.G.S0`P.|
-00000120  c7 07 67 3f 68 ce 8c 32  7e f1 93 12 ba d8 67 21  |..g?h..2~.....g!|
-00000130  71 4f c9 ca ae 7b 56 8d  f7 64 14 e3 8d d6 a6 ed  |qO...{V..d......|
-00000140  d0 63 5e 00 1e f7 8a 0c  1e c3 24 e0 bd e2 e8 99  |.c^.......$.....|
-00000150  da ca 01 9e fb 21 9e 1f  57 98 f1 36 7d c8 a8 7b  |.....!..W..6}..{|
-00000160  4b 27 13 fb 8c ab d6 b3  27 3e f5 b5 08 eb cb a9  |K'......'>......|
-00000170  b0 a4 d4 3e c9 14 08 75  51 83 48 03 e7 79 65 30  |...>...uQ.H..ye0|
-00000180  a4 1a 4f a8 7a 41 c8 af  9e 74 89 4d ec eb 58 9b  |..O.zA...t.M..X.|
-00000190  20 db 80 ce e0 c8 a7 1c  b2 62 fc 85 7d 87 ca 00  | ........b..}...|
-000001a0  64 4c 25 4d 3c b2 bf 9d  46 c5 04 b5 dd 7a 29 87  |dL%M<...F....z).|
-000001b0  29 30 2e bc 42 31 9b f2  eb 7b 58 63 91 28 6f 43  |)0..B1...{Xc.(oC|
-000001c0  6b c1 4e 00 b2 4b 9d 0c  ef 18 5b 61 ec 77 84 e1  |k.N..K....[a.w..|
-000001d0  88 49 f9 e2 71 2e 35 23  b8 73 6d c2 52 d1 2f ad  |.I..q.5#.sm.R./.|
-000001e0  55 40 4e a2 b0 14 1b 50  d7 9d 12 80 89 ab 88 a5  |U@N....P........|
-000001f0  01 16 88 d5 4f 95 0c ce  79 c7 49 27 4b 44 4d fe  |....O...y.I'KDM.|
-00000200  f5 cd 95 08 b9 26 8d 52  ff d7 bc 47 11 16 d5 d0  |.....&.R...G....|
-00000210  7d 4c 3c 04 74 92 5b 85  d2 2c 95 b8 4b 02 0b 66  |}L<.t.[..,..K..f|
-00000220  60 7d b9 12 6e d3 06 73  cc c2 69 b9 fe ad f9 4c  |`}..n..s..i....L|
-00000230  f6 24 a0 eb 96 f0 b8 7c  32 dc 4c 67 04 83 15 84  |.$.....|2.Lg....|
-00000240  f9 ef 70 e7 55 85 0e 8f  b3 78 20 2c ed 69 29 89  |..p.U....x ,.i).|
-00000250  d4 d8 5e 97 16 59 90 0f  79 41 6e cf 02 d3 9d 08  |..^..Y..yAn.....|
-00000260  e4 0c 27 0c 74 97 c6 d6  89 6b c9 65 37 7b ae 6b  |..'.t....k.e7{.k|
-00000270  b7 0f e8 70 57 a3 1c 95  8d 66 da 4e 34 51 c8 e0  |...pW....f.N4Q..|
-00000280  0e 83 e3 24 64 17 03 03  00 99 e3 31 2c ae ae 1c  |...$d......1,...|
-00000290  64 6c fc 36 c8 9f c2 88  16 c7 b2 ae 4a ef 3a 90  |dl.6........J.:.|
-000002a0  f4 ad f2 91 58 37 7c 94  c2 e3 ed 76 c5 90 fb e6  |....X7|....v....|
-000002b0  88 08 a6 a2 53 5a 78 cb  bd f2 3c 6e 36 b4 cd 87  |....SZx...<n6...|
-000002c0  67 0d 0a fa c0 71 98 c8  13 dc f0 ea 51 21 16 70  |g....q......Q!.p|
-000002d0  17 03 e1 96 f5 d3 66 3b  7b f2 a1 aa 3a 67 95 13  |......f;{...:g..|
-000002e0  be 71 5f 38 a7 8a 73 4d  64 30 1c 1d 18 32 7f 7d  |.q_8..sMd0...2.}|
-000002f0  79 3e 58 43 4b c0 3c 58  58 e6 ef ac 65 99 d3 5b  |y>XCK.<XX...e..[|
-00000300  df ba 46 6d 7f ac 2e bc  8e d0 9e e1 11 ce 31 24  |..Fm..........1$|
-00000310  78 a2 1e 14 54 0a 36 9a  97 48 da 8c d4 f0 01 8c  |x...T.6..H......|
-00000320  ea 88 e1 17 03 03 00 35  95 27 fc 94 c3 7b 3b 3f  |.......5.'...{;?|
-00000330  8a 38 aa 6c d9 17 7b 69  d3 5c c5 37 61 1f 56 9f  |.8.l..{i.\.7a.V.|
-00000340  42 e3 4e ca 2d c3 ae 28  74 b2 26 ca c4 89 24 49  |B.N.-..(t.&...$I|
-00000350  fe 22 b1 6c 9b 5b 77 a3  37 fc be 06 45 17 03 03  |.".l.[w.7...E...|
-00000360  00 17 10 9e e6 81 2e 85  40 22 79 18 be 0f 7c ce  |........@"y...|.|
-00000370  c9 1e 34 c1 f6 43 94 02  59 17 03 03 00 13 da 48  |..4..C..Y......H|
-00000380  a9 c4 2f b8 08 9c ab 61  00 50 d3 ec e3 8d 50 f6  |../....a.P....P.|
-00000390  92                                                |.|
+00000000  14 03 03 00 01 01 17 03  03 02 7a 5c ca 9a 42 8c  |..........z\..B.|
+00000010  89 80 5e f5 67 03 ec e8  79 ac 9e 95 3b 12 bf 9c  |..^.g...y...;...|
+00000020  e8 c6 85 54 36 f3 7e ad  5e b8 0e 78 f7 f2 9f 73  |...T6.~.^..x...s|
+00000030  da 8a 1e f3 0f 0c be 7d  ef 3d ec d8 51 91 55 3d  |.......}.=..Q.U=|
+00000040  21 ba 3d 10 32 94 7b 1c  6b 5e 5a 18 0e 79 9c f9  |!.=.2.{.k^Z..y..|
+00000050  7c 48 73 21 ae ed 2d b7  fe 34 9c 70 10 fb 67 9f  ||Hs!..-..4.p..g.|
+00000060  c6 28 56 2e cb 42 e3 be  c5 b8 7d cf 4d 54 22 a0  |.(V..B....}.MT".|
+00000070  8f 7c ce 49 96 d2 ad 88  80 6b 06 be 36 0d c8 24  |.|.I.....k..6..$|
+00000080  c1 bd 09 e8 36 a4 a9 e7  cc 4c de ed bb d6 cf 5b  |....6....L.....[|
+00000090  da 21 75 f1 f5 6d ed 75  d2 a5 13 11 4d 4e 62 e9  |.!u..m.u....MNb.|
+000000a0  92 23 49 37 57 f4 56 a4  54 1b 59 c0 ed cf 43 d1  |.#I7W.V.T.Y...C.|
+000000b0  c3 d1 18 4d 47 5f e1 f8  13 ed f2 7d 1e 97 9d ba  |...MG_.....}....|
+000000c0  c5 49 e9 2c 76 ca 02 60  89 01 7a 47 b7 1d 07 54  |.I.,v..`..zG...T|
+000000d0  01 17 52 39 10 59 c1 58  66 3e 24 24 7d a7 94 5f  |..R9.Y.Xf>$$}.._|
+000000e0  3b df 0c 47 fc 96 bc 4a  fc 82 55 cf d3 33 b1 da  |;..G...J..U..3..|
+000000f0  37 7b b4 f3 b2 03 31 cc  2b 60 a2 e4 76 28 d5 fd  |7{....1.+`..v(..|
+00000100  4a 5f 47 e3 97 21 11 6a  5d 51 a5 43 9e bb b0 50  |J_G..!.j]Q.C...P|
+00000110  21 09 7c c8 e5 ca f9 7a  69 2c 0b 83 37 7a 8b 35  |!.|....zi,..7z.5|
+00000120  ff 63 cf df aa 18 0c 75  39 14 e7 90 0b 67 5f b6  |.c.....u9....g_.|
+00000130  94 cd 1a 49 ce 4f 46 dd  2b 61 7d 07 72 11 6e 69  |...I.OF.+a}.r.ni|
+00000140  3b 6f 0c 1c 6c 8c 10 ef  ef a1 bc 05 2f c9 20 8b  |;o..l......./. .|
+00000150  e2 fa 94 89 48 49 5d 1c  73 85 d7 e3 25 27 de a9  |....HI].s...%'..|
+00000160  1a fb 2e e0 74 c8 aa 52  4c e7 48 ec ca 99 48 ba  |....t..RL.H...H.|
+00000170  03 9b f7 75 de 01 0b 2e  9e 14 2f 1b 82 13 01 7c  |...u....../....||
+00000180  55 7e 24 06 55 59 62 f4  b6 33 69 7e c9 c1 07 07  |U~$.UYb..3i~....|
+00000190  6d 61 e0 18 d3 2b 46 4f  ff 14 01 31 06 d6 b2 d2  |ma...+FO...1....|
+000001a0  56 40 1e 69 70 21 a1 33  98 ef 23 79 6c b1 ed f6  |V@.ip!.3..#yl...|
+000001b0  15 b9 8f fc 69 7a f4 4d  3b f8 bd 50 ee 6a 15 15  |....iz.M;..P.j..|
+000001c0  0a 81 b6 4b 40 6c 15 e6  55 92 cf 8f a1 00 bf d5  |...K@l..U.......|
+000001d0  f7 74 13 30 ba ab eb 9d  82 bb 76 14 17 7e ab 30  |.t.0......v..~.0|
+000001e0  36 62 61 0a d3 2c 92 ca  95 b0 8b 41 54 b3 fa 0a  |6ba..,.....AT...|
+000001f0  82 8c aa bd 89 e2 fa 1a  87 9d 9a 1e 21 78 a4 27  |............!x.'|
+00000200  5d 16 4d e6 a7 43 a5 11  0d db 35 08 9c 23 96 8b  |].M..C....5..#..|
+00000210  80 46 5d 9f 1d 4e a2 04  17 8e 4d 57 c6 55 35 b4  |.F]..N....MW.U5.|
+00000220  ac 0b c2 44 60 f6 08 1c  cc c7 ba 7c e1 14 fb c2  |...D`......|....|
+00000230  1d 67 67 ed 20 99 14 34  5a 97 85 0b ca 36 34 8e  |.gg. ..4Z....64.|
+00000240  18 de ab 4d c6 32 6c 4f  44 eb b6 05 7b a6 37 db  |...M.2lOD...{.7.|
+00000250  57 65 8a 62 5e c4 8c 14  13 6c 41 b4 7a 0d a8 75  |We.b^....lA.z..u|
+00000260  42 a7 1b 92 34 16 2a 77  e3 63 bf 23 cc 42 9b 9d  |B...4.*w.c.#.B..|
+00000270  bd c9 ba b3 20 77 6a 56  c2 2c dc 72 9f ec b2 a8  |.... wjV.,.r....|
+00000280  57 cc 00 17 a1 17 03 03  00 99 0a d6 46 7f 5a 00  |W...........F.Z.|
+00000290  7e c4 1b 10 c4 d6 ae 8a  37 cb 47 3d bd f0 17 f3  |~.......7.G=....|
+000002a0  9b 25 fa 31 cb 75 10 1c  95 4b 80 9e ff 78 ae b4  |.%.1.u...K...x..|
+000002b0  65 b7 2f 00 3f 94 79 1d  66 52 f7 48 03 df 35 6b  |e./.?.y.fR.H..5k|
+000002c0  06 42 55 1a bd 0d f0 e0  6f 8e 8e b7 60 dc e2 ec  |.BU.....o...`...|
+000002d0  8b 9b 2e de 1a 08 65 b1  ad 9d 41 a5 32 6f bd f2  |......e...A.2o..|
+000002e0  02 47 79 4a 02 03 45 e0  2e 0e 9c e4 05 ae 8a 47  |.GyJ..E........G|
+000002f0  20 61 5a a3 da ab 84 33  11 76 81 a3 93 6b b0 9a  | aZ....3.v...k..|
+00000300  9d 64 6e f3 ba a0 ab 17  c5 3e 95 8a 1e 95 62 99  |.dn......>....b.|
+00000310  5a 12 68 96 49 05 33 b6  6e 95 46 11 9b af de 62  |Z.h.I.3.n.F....b|
+00000320  0c 5e e1 17 03 03 00 35  78 f6 24 17 fb 8f 65 3f  |.^.....5x.$...e?|
+00000330  5b 1d dd 3d 3d 73 c5 fb  1f 37 fb 54 a5 d3 58 49  |[..==s...7.T..XI|
+00000340  ed 63 22 f9 b6 fb a2 68  59 9b 04 55 03 f1 38 af  |.c"....hY..U..8.|
+00000350  2e ee 85 0c c8 95 2f f9  a9 e7 de d9 14 17 03 03  |....../.........|
+00000360  00 17 8b 72 27 df c9 0d  69 d1 95 e2 5a ea 3e dd  |...r'...i...Z.>.|
+00000370  be df 0b 72 de 0c e5 4a  19 17 03 03 00 13 0d b2  |...r...J........|
+00000380  7c 8d b1 44 32 9d 63 b1  8b 90 e1 2d 92 9c c4 b9  ||..D2.c....-....|
+00000390  cd                                                |.|
diff --git a/testdata/Client-TLSv13-ECDSA b/testdata/Client-TLSv13-ECDSA
index b6a3b2ad..53624650 100644
--- a/testdata/Client-TLSv13-ECDSA
+++ b/testdata/Client-TLSv13-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,81 +7,83 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 24 80 76 3d db  |....z...v..$.v=.|
-00000010  cf 32 53 04 de ce 2e 74  95 bb 30 a8 d5 5e ab ed  |.2S....t..0..^..|
-00000020  3c 1e 1a ae 92 63 8f 40  0b ce a4 20 00 00 00 00  |<....c.@... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 cd 84 c1 22 3c  |....z...v....."<|
+00000010  2e 71 03 57 5f c1 27 88  ae 0e 7f 1a e7 aa 82 6d  |.q.W_.'........m|
+00000020  8d f1 18 78 8d b2 4c d6  11 c3 b0 20 00 00 00 00  |...x..L.... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d2  |..+.....3.$... .|
-00000060  b3 86 f1 35 22 26 89 f4  07 ab b8 f5 27 a6 d5 c9  |...5"&......'...|
-00000070  87 00 59 43 b8 df da 92  f6 f5 ed f4 8d 04 26 14  |..YC..........&.|
-00000080  03 03 00 01 01 17 03 03  00 17 ed 6b 14 3a 82 c5  |...........k.:..|
-00000090  88 9d a4 96 c7 c4 c7 73  63 c6 58 65 d0 d4 a6 cb  |.......sc.Xe....|
-000000a0  dc 17 03 03 02 22 e8 c5  15 54 3c 26 7b 87 8c d3  |....."...T<&{...|
-000000b0  99 b0 af 98 21 1b 8f be  f5 d8 40 c9 05 97 39 fd  |....!.....@...9.|
-000000c0  3d b2 da 2d 80 26 c9 24  cd 14 0b 48 2e d7 c4 dc  |=..-.&.$...H....|
-000000d0  4c 61 1e 5d 46 ce 66 cd  94 50 a4 e8 c4 d7 f0 48  |La.]F.f..P.....H|
-000000e0  20 16 52 fb 12 04 17 48  7d 65 49 50 c5 b8 e6 9c  | .R....H}eIP....|
-000000f0  be f6 58 09 ea 8b 94 51  93 cf 0d 7a 76 88 78 cb  |..X....Q...zv.x.|
-00000100  37 83 43 fa 37 d5 5b 3f  10 1d 07 b1 bb 9b ac 3a  |7.C.7.[?.......:|
-00000110  43 e0 62 b1 fe 64 43 83  53 49 96 9e 81 1c 05 64  |C.b..dC.SI.....d|
-00000120  40 2a 1b 98 5f ed 8d 47  52 2c db 84 8b 6a 1e 3b  |@*.._..GR,...j.;|
-00000130  de bb 7d 20 e6 cf 2a 79  2e c4 54 71 56 2f 79 45  |..} ..*y..TqV/yE|
-00000140  07 3f 05 6c 82 e8 ab f7  62 0a 28 e0 db 83 6b bd  |.?.l....b.(...k.|
-00000150  55 81 8f 3f b6 1f d0 83  cd 97 67 71 56 f5 13 aa  |U..?......gqV...|
-00000160  45 95 65 ce 1e 42 bf 6a  83 6e bc 2e 41 28 79 b7  |E.e..B.j.n..A(y.|
-00000170  b8 3f 6e 64 14 8d ed 3a  a4 02 06 46 17 e5 c7 f8  |.?nd...:...F....|
-00000180  72 f1 5f 9b 14 96 c9 c6  53 e6 32 b2 0b cc d5 d7  |r._.....S.2.....|
-00000190  89 1e d9 52 fb 8f 48 8b  41 6e c6 f3 55 57 41 5d  |...R..H.An..UWA]|
-000001a0  95 03 9c 34 ea 3c a8 58  8d b7 89 82 e1 40 e0 60  |...4.<.X.....@.`|
-000001b0  22 ab 23 30 e8 f0 4e 21  a1 11 0a 7f 18 80 ad de  |".#0..N!........|
-000001c0  41 ba a1 12 60 31 60 0f  84 f6 91 b1 ae ca f5 81  |A...`1`.........|
-000001d0  3e d6 4e 3a 89 b6 b0 fe  3f 27 18 20 65 a9 d4 6c  |>.N:....?'. e..l|
-000001e0  ac 8a 46 08 e2 7d 06 6d  52 8c 69 9e 24 9b 8d f9  |..F..}.mR.i.$...|
-000001f0  b7 a7 74 87 bd f9 84 ca  18 7d 5b 50 1d 8e 64 e1  |..t......}[P..d.|
-00000200  39 6f f7 56 5a ef 08 6b  e2 a1 87 e4 7a 5e ea b6  |9o.VZ..k....z^..|
-00000210  12 75 2d ee e9 af a4 36  99 91 88 11 97 f3 d5 fb  |.u-....6........|
-00000220  8b 52 59 bc 9c 18 03 5b  b1 59 47 ae d4 bb a1 65  |.RY....[.YG....e|
-00000230  cf bf 40 54 e5 e7 6e e0  0c 26 0e a1 d2 4d 41 19  |..@T..n..&...MA.|
-00000240  36 b5 b6 48 33 96 8a e3  a5 56 9b 34 16 ae 36 48  |6..H3....V.4..6H|
-00000250  c5 ff 12 a7 33 f4 76 40  de d1 4b 41 ed 18 3b 04  |....3.v@..KA..;.|
-00000260  06 32 6e f3 57 c6 be 72  58 7f 78 b7 91 65 00 a8  |.2n.W..rX.x..e..|
-00000270  8d 5c 7f ff 0a 62 d4 99  82 b2 6b c8 80 3e 89 30  |.\...b....k..>.0|
-00000280  dd 31 60 7a 00 6e a2 13  c7 58 08 b0 d5 32 03 2e  |.1`z.n...X...2..|
-00000290  08 86 a2 97 7a f0 a1 95  10 5f a2 d6 fc e7 a3 93  |....z...._......|
-000002a0  16 a2 3d 33 04 e7 aa 3b  99 a5 ce c7 2c 28 71 bb  |..=3...;....,(q.|
-000002b0  ed e6 b9 5a a5 ec d1 44  54 e0 ff 41 cf 1a cb ff  |...Z...DT..A....|
-000002c0  67 43 6b af 87 19 40 74  17 03 03 00 a4 bc ef 32  |gCk...@t.......2|
-000002d0  22 da e9 d5 93 ce 06 bd  3d 6c 2e f0 0c de ec b8  |".......=l......|
-000002e0  12 d6 28 17 c6 64 aa 8d  4b 04 76 9e 41 3c 4a 94  |..(..d..K.v.A<J.|
-000002f0  9b 90 27 d2 8c bf eb 57  84 d8 72 66 c2 06 f3 99  |..'....W..rf....|
-00000300  90 d5 5d 0f fb 01 6a 29  54 25 39 3b d9 fb 1c a7  |..]...j)T%9;....|
-00000310  7e d9 cd 67 00 49 60 94  e5 47 40 15 a6 d5 d8 97  |~..g.I`..G@.....|
-00000320  57 79 1d f0 03 37 69 54  6a 7c 36 95 16 96 c3 39  |Wy...7iTj|6....9|
-00000330  d8 d2 8f 85 c3 1e 35 28  4a 62 b4 a0 47 ef 10 0c  |......5(Jb..G...|
-00000340  dc d0 b9 9a 46 42 34 e2  be 43 0f 67 bc f6 dd bc  |....FB4..C.g....|
-00000350  ab cd 44 79 77 1a 1a c3  03 4c 1f 4a ff 7e 27 3b  |..Dyw....L.J.~';|
-00000360  e1 83 84 a6 30 cf 53 ba  d9 f6 1e ae 1c 9b c3 28  |....0.S........(|
-00000370  96 17 03 03 00 35 3b b4  72 13 ca b8 f1 2f dd 42  |.....5;.r..../.B|
-00000380  5d f1 a4 93 b5 25 2b fb  12 5b dd 90 7e cb 45 3a  |]....%+..[..~.E:|
-00000390  fb 13 e6 21 42 13 08 b4  d8 3e 72 75 40 9e 30 a7  |...!B....>ru@.0.|
-000003a0  fd 46 9d 5e 79 39 e1 a8  f9 27 2b                 |.F.^y9...'+|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 1a  |..+.....3.$... .|
+00000060  28 ce a9 6b 7d 26 24 78  52 fe e1 65 34 6b 12 50  |(..k}&$xR..e4k.P|
+00000070  5c 4b b0 10 2e 94 3f b3  a0 b7 45 fc 3b 4d 31 14  |\K....?...E.;M1.|
+00000080  03 03 00 01 01 17 03 03  00 17 21 d8 25 9d 8a 8a  |..........!.%...|
+00000090  84 70 10 37 95 29 4e 00  da eb c1 e7 20 a3 09 a3  |.p.7.)N..... ...|
+000000a0  63 17 03 03 02 22 51 4c  48 48 ce 06 1d 4d 42 fa  |c...."QLHH...MB.|
+000000b0  54 16 a0 fe 66 f2 62 56  55 8e 71 0a 8a 75 8f ff  |T...f.bVU.q..u..|
+000000c0  71 72 29 09 54 f2 74 a8  0a 8c f3 62 84 2d 4c 11  |qr).T.t....b.-L.|
+000000d0  02 f1 c5 6f 2c f0 39 91  3e 58 98 e2 3d 87 0d 8b  |...o,.9.>X..=...|
+000000e0  5a 77 8f 2d 38 fb 3a b8  63 4f 79 24 bb 40 6f 09  |Zw.-8.:.cOy$.@o.|
+000000f0  28 01 bd 03 53 f0 63 fc  49 92 ba 9b 3b fd a1 75  |(...S.c.I...;..u|
+00000100  cf be 2c 5a da 3d 53 b2  11 5c f8 66 26 d0 78 6c  |..,Z.=S..\.f&.xl|
+00000110  3e a0 34 16 2b 28 6b 73  95 08 d7 e6 2f f4 f3 74  |>.4.+(ks..../..t|
+00000120  3f 1d e1 a5 e4 0e 82 af  52 58 09 b0 90 f8 ee ea  |?.......RX......|
+00000130  5a 34 b7 29 7a a6 bb 0a  2f 64 f7 51 80 71 90 82  |Z4.)z.../d.Q.q..|
+00000140  d2 1a fa c9 43 de 31 eb  a1 f6 b0 31 99 5e 8b 84  |....C.1....1.^..|
+00000150  6b f1 66 6e 49 6d 2e 52  e1 c4 21 76 7b 1e bf d4  |k.fnIm.R..!v{...|
+00000160  c1 8f 7c 1b a9 6f 4d 1b  03 86 63 8b d4 64 24 79  |..|..oM...c..d$y|
+00000170  73 00 1e cc 2b 5c a6 65  db 35 74 95 9b 04 5d ce  |s...+\.e.5t...].|
+00000180  ef 54 eb be 6a 6a 04 5d  e2 ba cb 4f c7 3f 33 8f  |.T..jj.]...O.?3.|
+00000190  20 51 6c 03 0a 1a 90 e3  74 e4 e3 2f 78 00 1b 4a  | Ql.....t../x..J|
+000001a0  17 9a 6f 35 0b b8 0e 30  cc 51 87 fa 17 d9 95 39  |..o5...0.Q.....9|
+000001b0  b5 51 c6 3f 6f 9b 39 74  c6 3e a3 8e 10 2f fc eb  |.Q.?o.9t.>.../..|
+000001c0  85 b3 a3 6e 21 5d 9f dc  fb 6a 5f 4b 42 5c a1 f5  |...n!]...j_KB\..|
+000001d0  c3 b7 5c ef 86 22 e9 bb  ae 97 96 ff 06 b1 d8 19  |..\.."..........|
+000001e0  38 6b 23 03 30 ea 1c 6f  c3 4a 94 74 35 16 61 2e  |8k#.0..o.J.t5.a.|
+000001f0  c6 9d a7 db b0 50 63 f7  e2 7c 00 2b 12 05 89 f2  |.....Pc..|.+....|
+00000200  e9 06 98 12 3c 77 6e d3  09 7f 6f 93 28 1e ce 1f  |....<wn...o.(...|
+00000210  e5 1f 18 b3 65 14 71 22  58 3b e1 a9 6a 03 16 37  |....e.q"X;..j..7|
+00000220  5c 93 3c ad 66 29 59 45  05 8f ae 0d b3 ca 79 ad  |\.<.f)YE......y.|
+00000230  40 9f ad 12 94 26 80 69  12 32 3d bf 90 90 e6 a1  |@....&.i.2=.....|
+00000240  f6 d4 ab 94 27 0c ab 1b  e9 36 7a 6f 88 58 4a 54  |....'....6zo.XJT|
+00000250  5d 86 bf 2b 1c 0d 3c 02  2e f1 93 63 7f 16 75 8b  |]..+..<....c..u.|
+00000260  a4 ef ee ea b3 dd 2a cf  c8 4a 78 79 54 ca 78 82  |......*..JxyT.x.|
+00000270  1f b2 20 af 90 39 9b 90  01 ce eb 5f 42 c1 9a 1e  |.. ..9....._B...|
+00000280  33 b9 a5 9b ff 48 40 7e  ed 26 ba 51 93 50 31 20  |3....H@~.&.Q.P1 |
+00000290  dd 38 f1 51 53 92 ee c5  63 a8 5a 62 db 1b d6 79  |.8.QS...c.Zb...y|
+000002a0  77 7c c8 45 8d f4 b3 c9  c9 60 e2 5d f3 8a 4c bc  |w|.E.....`.]..L.|
+000002b0  f8 f0 ee 10 61 50 4b 2d  df 5a e7 2b 48 fe 96 06  |....aPK-.Z.+H...|
+000002c0  c8 92 73 4c fc 5a 03 17  17 03 03 00 a3 24 2b 19  |..sL.Z.......$+.|
+000002d0  f9 ef c8 14 4e 1a 90 bc  2b a3 ff 95 52 99 b8 73  |....N...+...R..s|
+000002e0  49 10 fa 44 8e 39 a8 48  17 6c e6 7f bf 0d 93 95  |I..D.9.H.l......|
+000002f0  09 93 92 27 57 49 f2 79  16 36 2b 90 a9 1c 17 32  |...'WI.y.6+....2|
+00000300  a7 fa 2e 8d ca 68 40 09  dd c7 68 40 6a 2a 87 11  |.....h@...h@j*..|
+00000310  fc fc 2f fe e2 3a df 86  23 8b 4d 15 29 d9 a1 87  |../..:..#.M.)...|
+00000320  2b ac 58 72 eb c3 ac 3a  a2 30 6f 07 54 d1 72 ea  |+.Xr...:.0o.T.r.|
+00000330  7e 7b 7b 71 6c b6 57 64  d7 3f a6 59 f7 b0 8c 3f  |~{{ql.Wd.?.Y...?|
+00000340  8e d1 cb e6 75 f6 7d bf  43 cc be 35 a4 19 f9 48  |....u.}.C..5...H|
+00000350  c4 b7 bf 91 44 df 9a d5  97 7a f3 4c 98 08 b3 6e  |....D....z.L...n|
+00000360  a8 1c c6 d9 36 89 06 37  84 98 d3 e7 7c 11 f3 06  |....6..7....|...|
+00000370  17 03 03 00 35 9c d8 82  e3 d2 7b b5 48 1e 82 ee  |....5.....{.H...|
+00000380  05 ff a5 9f 3b bb 69 41  72 99 2e 78 57 d6 81 9c  |....;.iAr..xW...|
+00000390  57 36 f9 bf 52 cd 8d 30  f6 67 5e e3 30 12 2f f5  |W6..R..0.g^.0./.|
+000003a0  19 a1 27 97 af a8 1f c3  73 78                    |..'.....sx|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 09 35 dd b0 97  |..........5.5...|
-00000010  7b a4 5b ef 16 90 e4 15  aa 19 e4 5b e8 f1 11 c0  |{.[........[....|
-00000020  e0 fa 4b 0e df a3 4a 7c  cd 9a 0a c4 05 65 e9 5b  |..K...J|.....e.[|
-00000030  8b 0b e0 3c b2 5a cc eb  87 2b 67 0d 9f 19 d0 ec  |...<.Z...+g.....|
-00000040  17 03 03 00 17 68 1f ad  70 7c 49 62 6b 2f 67 15  |.....h..p|Ibk/g.|
-00000050  d1 bf bb 35 b3 b3 2b f3  12 27 b6 0e 17 03 03 00  |...5..+..'......|
-00000060  13 23 39 42 9f 8a 9e 68  41 39 fa 3b 50 bc 56 59  |.#9B...hA9.;P.VY|
-00000070  d0 3a 5a 9a                                       |.:Z.|
+00000000  14 03 03 00 01 01 17 03  03 00 35 c8 b8 4f 16 71  |..........5..O.q|
+00000010  03 a4 39 02 a9 6e 62 a5  62 8e 64 7d 13 8c 11 66  |..9..nb.b.d}...f|
+00000020  f2 6c 24 36 5b 9c 95 6b  5b ea fc 66 a2 ef 7c 97  |.l$6[..k[..f..|.|
+00000030  0c 75 7a 05 99 21 ff af  fc 91 b3 64 74 64 89 76  |.uz..!.....dtd.v|
+00000040  17 03 03 00 17 3f b3 8e  94 d5 bd e2 79 9c e5 d3  |.....?......y...|
+00000050  f7 3d bd aa 6a 35 5a 1a  0b 96 69 3d 17 03 03 00  |.=..j5Z...i=....|
+00000060  13 d7 34 66 9d 25 f2 de  49 40 34 20 a5 0c 88 b5  |..4f.%..I@4 ....|
+00000070  00 e8 ac ee                                       |....|
diff --git a/testdata/Client-TLSv13-Ed25519 b/testdata/Client-TLSv13-Ed25519
index 3a2915d6..04c26cb6 100644
--- a/testdata/Client-TLSv13-Ed25519
+++ b/testdata/Client-TLSv13-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,63 +7,65 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 b2 4d aa 76 5b  |....z...v...M.v[|
-00000010  b7 38 95 18 e6 81 66 f8  27 82 26 2c b3 44 50 b0  |.8....f.'.&,.DP.|
-00000020  f4 a8 f5 f2 87 f0 9d 85  4f ac 60 20 00 00 00 00  |........O.` ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 41 2a 70 9e fa  |....z...v..A*p..|
+00000010  49 ab 26 ea 07 12 90 9f  e9 be 67 21 3a 0f e8 c9  |I.&.......g!:...|
+00000020  54 97 77 ce d4 54 04 0d  2d b6 1a 20 00 00 00 00  |T.w..T..-.. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 e7  |..+.....3.$... .|
-00000060  c2 3e 68 73 d9 fd 6e 69  16 15 85 84 24 45 36 47  |.>hs..ni....$E6G|
-00000070  1b ad d9 c4 dc 4a 61 c6  12 5c 22 bf 1e 2f 59 14  |.....Ja..\"../Y.|
-00000080  03 03 00 01 01 17 03 03  00 17 0f a4 05 81 10 48  |...............H|
-00000090  c7 b7 78 9b 56 14 6c 9f  55 28 e3 4c 42 80 cc 1c  |..x.V.l.U(.LB...|
-000000a0  31 17 03 03 01 50 0d af  3b 08 02 84 89 42 b5 75  |1....P..;....B.u|
-000000b0  c5 8f 9f c2 b1 dc cb 7c  6a d5 31 41 9a 16 8f fa  |.......|j.1A....|
-000000c0  74 40 21 5d f9 cc b0 1d  30 80 87 9a b2 57 58 53  |t@!]....0....WXS|
-000000d0  2c 9e 5c 97 20 9c 81 77  16 25 62 9b fc a4 e1 9a  |,.\. ..w.%b.....|
-000000e0  80 c8 9a 4c f6 fc ae 79  a5 c2 26 4b 55 41 ff d0  |...L...y..&KUA..|
-000000f0  25 4b 70 c9 ad b6 04 80  65 19 e0 fe 05 e7 b4 dc  |%Kp.....e.......|
-00000100  53 8f f8 3b ed 2c df b9  08 c2 da 60 b9 23 17 50  |S..;.,.....`.#.P|
-00000110  da 0f 24 76 15 21 e6 e9  a8 f5 3e 08 cc 1b ee 92  |..$v.!....>.....|
-00000120  2b 01 92 8d f9 4f 5a 3a  53 11 fc 32 52 cc af cd  |+....OZ:S..2R...|
-00000130  7b 94 0e 76 10 c2 16 36  2d a4 64 69 1c 05 70 20  |{..v...6-.di..p |
-00000140  0d 23 cd 4a 33 c5 c7 db  db 0f f8 b6 42 0c 83 0a  |.#.J3.......B...|
-00000150  a1 73 68 fb 87 2c 9d d2  d3 cf d7 3a bb 36 7e 83  |.sh..,.....:.6~.|
-00000160  c3 3f bc e2 61 d9 c2 8b  15 a2 cc bf 14 a0 69 f4  |.?..a.........i.|
-00000170  22 02 a9 ff 5e 55 37 6e  61 86 71 73 94 2f 7e 50  |"...^U7na.qs./~P|
-00000180  45 96 cf 23 dd 39 90 5d  57 04 a3 d0 9f 97 f8 56  |E..#.9.]W......V|
-00000190  fa cf 7a a9 e6 57 1f cb  33 a0 82 7a 84 94 1f 6d  |..z..W..3..z...m|
-000001a0  d8 0b c7 fb bc 62 94 36  4a d6 96 ce f6 f2 7f 06  |.....b.6J.......|
-000001b0  18 59 66 77 77 12 8c 74  06 61 8f b6 37 35 65 fd  |.Yfww..t.a..75e.|
-000001c0  f1 0b fe e6 cc a9 64 f5  b5 0d 06 4e 38 4b 4b 78  |......d....N8KKx|
-000001d0  be 6a cc 67 9e 39 f8 f2  27 33 a9 2d bc 9c 5e 06  |.j.g.9..'3.-..^.|
-000001e0  b9 fb 76 0c be 8d 2a a5  6d cf 83 55 4f c5 6e 6e  |..v...*.m..UO.nn|
-000001f0  d0 08 8b f6 5a 61 17 03  03 00 59 c1 cc 58 14 33  |....Za....Y..X.3|
-00000200  5a 39 b5 40 46 e8 b1 28  06 08 22 d3 27 b4 e6 ef  |Z9.@F..(..".'...|
-00000210  10 79 08 d4 ce 9e e2 cb  0b 86 a4 b1 80 e4 1b ac  |.y..............|
-00000220  71 15 fd 16 5b aa 01 c2  7b e3 c2 84 01 c0 f6 04  |q...[...{.......|
-00000230  a7 31 2b ec f2 50 bf 5a  07 6f b8 03 9f d2 c6 ad  |.1+..P.Z.o......|
-00000240  73 18 81 f5 fd 9a 5a b2  bc 9f 85 94 9f f6 da da  |s.....Z.........|
-00000250  dd 56 bc 66 17 03 03 00  35 9f 7e 2e 02 66 bb ac  |.V.f....5.~..f..|
-00000260  3d d8 92 70 c9 35 c6 df  ff 0f 81 b5 ca d4 56 4a  |=..p.5........VJ|
-00000270  24 06 06 57 28 e9 9d 82  0e 40 06 a7 f8 cc bc 6c  |$..W(....@.....l|
-00000280  a2 ea 2b 0e 88 77 05 de  3d 30 a0 6f bc 98        |..+..w..=0.o..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 28  |..+.....3.$... (|
+00000060  42 18 1f f9 3f 73 01 41  63 08 8d a1 1a a5 8b 5f  |B...?s.Ac......_|
+00000070  d0 63 44 21 d2 fc d8 7e  46 9f 66 62 0d c0 19 14  |.cD!...~F.fb....|
+00000080  03 03 00 01 01 17 03 03  00 17 66 d5 4f 1f 0b 85  |..........f.O...|
+00000090  65 0a 81 21 55 2f 17 bc  ad e1 83 69 29 51 6b 7f  |e..!U/.....i)Qk.|
+000000a0  15 17 03 03 01 50 b2 f9  51 18 c9 23 24 91 b8 b0  |.....P..Q..#$...|
+000000b0  32 8d 3c 81 8a ca c3 25  8a 1f cc 17 d1 67 07 42  |2.<....%.....g.B|
+000000c0  7b 82 ae 1f b8 65 55 e2  ce 2e ad d3 90 bf 3f 2d  |{....eU.......?-|
+000000d0  85 dc 68 3a 4c 1a 79 9e  cc 86 d3 20 7b 7e ba b4  |..h:L.y.... {~..|
+000000e0  cf 8b 4b f8 9b 58 0f 7f  24 cc aa 80 4b be 8f 3e  |..K..X..$...K..>|
+000000f0  88 1e b1 10 0b 8c 74 6b  2e ad 8d c9 40 e1 3f 4a  |......tk....@.?J|
+00000100  90 5c 97 79 f4 aa 62 e1  e1 2e e4 f4 22 ce ab 85  |.\.y..b....."...|
+00000110  d6 ac e1 d8 21 f8 ed 70  3e 92 0d 2c b2 39 f9 a5  |....!..p>..,.9..|
+00000120  da ce 3e ff 76 09 54 10  35 86 80 f8 fa 86 44 a1  |..>.v.T.5.....D.|
+00000130  78 7c 9c a8 15 c9 55 92  e8 14 0d 99 c8 40 7c f7  |x|....U......@|.|
+00000140  d9 d6 cd ae bf 05 f9 da  0f 33 b1 ee ae 39 bb 30  |.........3...9.0|
+00000150  3c f2 3d e4 0a b7 e1 e7  6a 5f 48 65 a6 28 37 26  |<.=.....j_He.(7&|
+00000160  c1 18 0b 31 f2 79 00 fd  25 d6 76 8f 7b bc 7e 2e  |...1.y..%.v.{.~.|
+00000170  3d f2 bb b2 1a 5f 1b 7d  df b5 f5 bb b2 e7 1b 51  |=...._.}.......Q|
+00000180  de cc 4d 2b 32 c6 cd 33  97 32 d3 c8 02 89 a2 0a  |..M+2..3.2......|
+00000190  a2 6a 2c d4 6f b8 97 3b  7d bf 42 18 97 a3 2d 51  |.j,.o..;}.B...-Q|
+000001a0  70 a7 f0 9f 04 2a a0 6f  2f 30 7c fe b6 fc dd c5  |p....*.o/0|.....|
+000001b0  6a 65 e3 a2 7a c0 d8 31  37 3f c0 36 79 d2 a0 20  |je..z..17?.6y.. |
+000001c0  7d 4e ea 8c 44 77 53 e9  db 90 ef 24 26 05 ce b0  |}N..DwS....$&...|
+000001d0  9e 18 a9 8f 21 55 b6 40  63 b5 4c f6 74 2d 4a c5  |....!U.@c.L.t-J.|
+000001e0  7f 67 ee 95 35 21 e0 22  61 c5 68 5f e7 b3 ac 4d  |.g..5!."a.h_...M|
+000001f0  4e e5 31 bb 10 22 17 03  03 00 59 ab 04 24 cb f7  |N.1.."....Y..$..|
+00000200  33 03 08 97 0b d5 9e a7  23 18 ec b6 f6 e8 ee 1f  |3.......#.......|
+00000210  2d 5f 6b 73 92 ce ac 3b  59 50 27 77 ac 73 ac fe  |-_ks...;YP'w.s..|
+00000220  b1 5a 8e 9e 81 50 54 4d  3b f7 7b 1e f9 f9 c1 d5  |.Z...PTM;.{.....|
+00000230  c6 08 b5 88 55 96 13 c6  d4 f6 cd b5 5d 5a 27 ae  |....U.......]Z'.|
+00000240  27 95 e0 55 0e c5 fe 6b  9a ae 3d f8 3a b9 05 f6  |'..U...k..=.:...|
+00000250  ef 90 99 30 17 03 03 00  35 54 af 85 8b 06 b2 ee  |...0....5T......|
+00000260  a8 6f 18 76 9b 9a ea 2e  57 b9 2c 9e a7 56 6c 49  |.o.v....W.,..VlI|
+00000270  ab 6e 10 4e fc c8 9c 37  b3 dc 95 8b 74 07 e9 90  |.n.N...7....t...|
+00000280  a3 35 72 b4 60 9a ea 87  a7 76 72 42 7d b7        |.5r.`....vrB}.|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 1c 60 8f 01 6b  |..........5.`..k|
-00000010  7c e3 d4 28 24 d8 7c 85  7f 63 44 23 97 7c a0 de  ||..($.|..cD#.|..|
-00000020  70 61 9e d9 ce 35 d9 3b  81 68 09 12 c1 b9 5e f5  |pa...5.;.h....^.|
-00000030  32 23 9b 47 fc be 74 3c  e6 1b 3f cd e8 c1 f1 4f  |2#.G..t<..?....O|
-00000040  17 03 03 00 17 1a 16 bc  fe 99 30 d8 97 c1 00 d9  |..........0.....|
-00000050  fd 1a 44 bd 84 35 dc 66  62 eb 28 3d 17 03 03 00  |..D..5.fb.(=....|
-00000060  13 b4 8a 54 df ae 97 ce  2e ae fa 38 ca 02 a1 d6  |...T.......8....|
-00000070  f5 40 64 2b                                       |.@d+|
+00000000  14 03 03 00 01 01 17 03  03 00 35 70 04 7a 93 3e  |..........5p.z.>|
+00000010  de c0 df 1d 2b 25 ea c4  7d 57 eb 94 59 80 2c d6  |....+%..}W..Y.,.|
+00000020  80 0e 5e 9f 22 00 82 1c  e0 2e 15 1e 5d b6 16 84  |..^.".......]...|
+00000030  83 83 79 29 54 49 dc bb  b8 f0 f8 71 13 09 7d e9  |..y)TI.....q..}.|
+00000040  17 03 03 00 17 93 e8 8f  30 24 3b e7 5e a4 15 b3  |........0$;.^...|
+00000050  f6 53 15 d6 f8 4c ab 0c  32 d6 28 ef 17 03 03 00  |.S...L..2.(.....|
+00000060  13 2b ea 8e 10 9d 46 08  d9 43 04 da d8 5a 78 f8  |.+....F..C...Zx.|
+00000070  33 c0 62 33                                       |3.b3|
diff --git a/testdata/Client-TLSv13-ExportKeyingMaterial b/testdata/Client-TLSv13-ExportKeyingMaterial
index 13ae9715..ef0029ff 100644
--- a/testdata/Client-TLSv13-ExportKeyingMaterial
+++ b/testdata/Client-TLSv13-ExportKeyingMaterial
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,85 +7,87 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 48 e6 a7 a9 4c  |....z...v..H...L|
-00000010  c3 a7 cc 18 b7 71 7d ed  c5 6a cb ca b5 9f 00 fd  |.....q}..j......|
-00000020  f8 2c ac 9c 1f 24 27 b9  c6 55 8e 20 00 00 00 00  |.,...$'..U. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 3e 1e de 6b d3  |....z...v..>..k.|
+00000010  83 f0 87 bd 4c 26 fe 68  40 01 f3 c6 c8 39 b4 b3  |....L&.h@....9..|
+00000020  46 c7 ae 97 1a b2 67 a0  6a 7f 93 20 00 00 00 00  |F.....g.j.. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 dd  |..+.....3.$... .|
-00000060  be 27 eb a0 9c b1 22 6a  8c 29 9a d4 47 c2 ee 14  |.'...."j.)..G...|
-00000070  39 0c 60 81 c9 06 3f dc  e5 e0 24 9a c4 88 35 14  |9.`...?...$...5.|
-00000080  03 03 00 01 01 17 03 03  00 17 25 70 5a e5 6b 9e  |..........%pZ.k.|
-00000090  56 b9 cf 83 48 b0 bc 99  6a 86 e1 cb 4e ce b5 10  |V...H...j...N...|
-000000a0  e0 17 03 03 02 6d c7 a6  79 ef b0 81 d6 e4 0e 02  |.....m..y.......|
-000000b0  59 32 88 cc b1 0d 53 f6  33 9b d2 e8 74 a9 0a a7  |Y2....S.3...t...|
-000000c0  f9 76 e9 6e 0d 16 75 0b  e0 8f 5c b5 31 47 6b 68  |.v.n..u...\.1Gkh|
-000000d0  52 c7 c2 84 cb 48 81 a3  da bd a1 50 5c ec 5c a7  |R....H.....P\.\.|
-000000e0  10 01 58 cc 03 c3 53 04  03 69 80 f4 ad 4d ce 72  |..X...S..i...M.r|
-000000f0  26 4e 6c c7 2c 31 69 2b  fd 97 67 5e 7d e0 05 b3  |&Nl.,1i+..g^}...|
-00000100  f4 40 64 a1 bd a3 fd a8  f9 7b 18 82 89 8f 25 f9  |.@d......{....%.|
-00000110  ca ca c4 8f e4 90 7b 26  7a d5 b2 1e fa 05 db ad  |......{&z.......|
-00000120  8a 9f 93 e9 13 5b 28 cc  cb 8b 30 f2 4c 1d 73 09  |.....[(...0.L.s.|
-00000130  7f 6b 63 5c 29 36 2f fc  a5 6e eb 24 79 f8 7c 63  |.kc\)6/..n.$y.|c|
-00000140  1f ef 41 72 98 69 7c d6  8d f9 76 d4 4d af b0 71  |..Ar.i|...v.M..q|
-00000150  2e f7 f8 b5 73 45 05 52  fa 25 46 02 28 0d d9 7a  |....sE.R.%F.(..z|
-00000160  60 13 b9 6c 6d fb f3 be  e3 04 74 76 72 d6 a4 91  |`..lm.....tvr...|
-00000170  d1 2c 0d 1e fa 23 ef c7  80 ff 1e aa 1b af 50 58  |.,...#........PX|
-00000180  77 ea 49 d9 22 4d ed bc  bf a6 0a 41 8e e7 5b 31  |w.I."M.....A..[1|
-00000190  de 33 05 10 46 a5 54 aa  5e 90 5c 15 64 2d 1b e9  |.3..F.T.^.\.d-..|
-000001a0  5c fc 93 8d 2f b2 af 74  d7 d2 c6 7f 27 68 fd 44  |\.../..t....'h.D|
-000001b0  13 60 70 87 e8 08 e1 e2  af 7f 1a 2c 29 5f 45 fe  |.`p........,)_E.|
-000001c0  49 9a d0 42 c9 51 ef f7  5b ae 02 df 27 1c 29 20  |I..B.Q..[...'.) |
-000001d0  35 4f 3d 7d 74 97 0c 20  be f8 a3 c9 b7 ff 65 69  |5O=}t.. ......ei|
-000001e0  08 89 92 fe 85 65 9f 8a  00 4b 9f 39 8d 6f 29 7c  |.....e...K.9.o)||
-000001f0  7c e9 16 e4 bd 06 a3 b0  5b 7f cf f0 74 14 56 a2  ||.......[...t.V.|
-00000200  76 61 b8 79 10 44 55 4f  25 55 a7 be a4 eb 2e 7d  |va.y.DUO%U.....}|
-00000210  9a b8 7a d8 d7 34 b6 ef  6c f7 fb ef fd 16 c2 61  |..z..4..l......a|
-00000220  89 bb 98 22 c6 80 9e 33  7f e9 35 7a 58 b6 33 1c  |..."...3..5zX.3.|
-00000230  d6 87 68 b7 62 21 3b 26  9b f1 b1 f2 92 d5 4b 19  |..h.b!;&......K.|
-00000240  02 58 05 3c 81 cf 00 5a  54 86 a5 61 8f 71 ae 32  |.X.<...ZT..a.q.2|
-00000250  f2 0f 08 3b 13 4d f3 e6  03 2e 73 9c 50 4a b7 6c  |...;.M....s.PJ.l|
-00000260  d8 0a 04 fc b5 44 a5 45  c8 86 c9 9f 29 b4 00 90  |.....D.E....)...|
-00000270  d8 8b e0 c8 ba 63 9f 42  65 ef ba 5b dc b2 61 53  |.....c.Be..[..aS|
-00000280  e6 4b 29 72 51 c9 21 d4  d7 2d 14 56 82 80 32 36  |.K)rQ.!..-.V..26|
-00000290  fd 72 b6 16 6f 06 71 f9  60 4f 32 ce f6 83 94 75  |.r..o.q.`O2....u|
-000002a0  d9 23 d3 41 f8 e7 90 60  80 a8 a5 95 c0 a2 dd 2e  |.#.A...`........|
-000002b0  e7 60 73 5b c0 a5 a0 bd  8b bc cc 32 8a 9e 30 6a  |.`s[.......2..0j|
-000002c0  72 2f 61 24 56 0b 1e 3e  52 92 d2 e0 11 cd 52 69  |r/a$V..>R.....Ri|
-000002d0  c4 73 7f 72 95 fd f5 c4  72 d7 77 73 85 bf be e0  |.s.r....r.ws....|
-000002e0  cd 3c 3b 3d 92 63 91 ba  c8 a8 d2 32 40 6a 33 91  |.<;=.c.....2@j3.|
-000002f0  c0 71 fe ea 76 9f a9 96  dc c0 a9 bd 67 b6 23 42  |.q..v.......g.#B|
-00000300  d9 1b 3d 8d d4 5f 81 38  74 1c db 36 9e bd 79 fd  |..=.._.8t..6..y.|
-00000310  30 c5 db 17 03 03 00 99  61 1e 25 cb 11 26 61 72  |0.......a.%..&ar|
-00000320  a0 9a de 5b ad 5b ad 8a  29 43 eb 76 5a 16 a4 d3  |...[.[..)C.vZ...|
-00000330  d4 a1 84 e4 7e a1 2b 76  75 b6 a5 a6 36 da d3 bf  |....~.+vu...6...|
-00000340  0c 3a 39 ca ef 3f 02 22  63 3d 5d c1 30 94 ba 32  |.:9..?."c=].0..2|
-00000350  fe c0 20 c1 ba c8 fa 29  e8 1c c6 ab f0 c9 53 a4  |.. ....)......S.|
-00000360  73 d0 9a 2d 50 d8 b4 0c  db e5 4a 9f 98 38 34 c9  |s..-P.....J..84.|
-00000370  9f ff 63 a9 50 7b 26 00  64 26 4d 0d 20 d5 e5 27  |..c.P{&.d&M. ..'|
-00000380  e1 41 7b 5a 03 97 0a 14  8c 55 3c 45 4b 72 ce de  |.A{Z.....U<EKr..|
-00000390  38 59 4b ed fe 70 a7 af  a7 67 c9 03 f8 fe ea 96  |8YK..p...g......|
-000003a0  ac 81 9a ed 8e ef 69 aa  7a eb 03 1b 13 1e ca da  |......i.z.......|
-000003b0  58 17 03 03 00 35 70 23  20 5a eb 40 0b b8 6f 1a  |X....5p# Z.@..o.|
-000003c0  d8 b0 ae c5 de 52 6b 77  10 87 cd 2f ec fe 99 1c  |.....Rkw.../....|
-000003d0  93 c0 f7 6b 8b d2 8b 81  9b 05 36 82 bf 4a b4 a0  |...k......6..J..|
-000003e0  d2 9f 75 b3 ef 64 50 7f  00 ac fa                 |..u..dP....|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 6a  |..+.....3.$... j|
+00000060  bc 9c e7 36 da f4 e7 90  ca e8 12 65 27 0c f0 b4  |...6.......e'...|
+00000070  e9 e4 e8 b9 6e 4c 2c 56  29 7d 97 e5 89 d6 71 14  |....nL,V)}....q.|
+00000080  03 03 00 01 01 17 03 03  00 17 14 a3 91 83 8e 8b  |................|
+00000090  cb 7b 17 d0 1d 4b 37 bb  94 3f c1 18 44 7f ac 57  |.{...K7..?..D..W|
+000000a0  0d 17 03 03 02 6d 60 0a  40 97 d6 cb 85 46 8c 9b  |.....m`.@....F..|
+000000b0  fd c6 3b 03 02 e4 57 84  00 f8 b4 8e 25 0c 85 21  |..;...W.....%..!|
+000000c0  70 bc 17 c2 32 57 46 63  a9 42 32 c6 fb 6c b1 7c  |p...2WFc.B2..l.||
+000000d0  be 7d 4d 37 9c 72 42 ca  02 39 43 9e 70 4c 73 f6  |.}M7.rB..9C.pLs.|
+000000e0  72 45 91 f4 72 8b dc cd  c4 25 68 77 d6 91 62 8f  |rE..r....%hw..b.|
+000000f0  f1 88 ee 92 f8 ce 4c dd  86 d0 eb c7 c7 75 48 fe  |......L......uH.|
+00000100  3c 27 48 f7 6c 3e 2e 18  64 02 82 0f 08 6f 93 1c  |<'H.l>..d....o..|
+00000110  15 bb d0 06 36 1c a9 ab  5e 76 b5 7b f1 fa 0b 27  |....6...^v.{...'|
+00000120  09 01 23 58 1d 5e 8e 7c  a9 ba 87 de c2 05 31 a5  |..#X.^.|......1.|
+00000130  7a 20 cc 4c 4a 72 65 3b  8a a5 66 b6 d3 49 10 49  |z .LJre;..f..I.I|
+00000140  7c 3d 27 13 88 01 48 65  41 5d 25 b7 6a 96 78 86  ||='...HeA]%.j.x.|
+00000150  03 d7 53 7b 9c fb db db  c8 d7 5e 71 f4 6c 03 49  |..S{......^q.l.I|
+00000160  6b e3 0d a4 07 ac 7c 45  b7 98 d1 0d 24 72 93 1d  |k.....|E....$r..|
+00000170  f3 f6 51 3b 5f 08 43 fe  5b db 1a ad 84 10 bd d1  |..Q;_.C.[.......|
+00000180  88 fe 24 83 e3 46 d1 40  a0 c0 e9 dc 19 75 b2 8f  |..$..F.@.....u..|
+00000190  5e ea 67 2e 0e a3 79 bd  9f 92 f4 0a d0 fd f0 26  |^.g...y........&|
+000001a0  f9 40 d1 3c 76 03 61 ab  11 d1 c6 22 e2 62 ea 35  |.@.<v.a....".b.5|
+000001b0  bf e5 22 17 1b 6a be bf  0b 8f 3b ae 3e 87 1f 40  |.."..j....;.>..@|
+000001c0  79 1f 3b 1f 56 6f b7 98  e1 6e bb 4c 0a 11 cf 1c  |y.;.Vo...n.L....|
+000001d0  68 a2 87 a6 83 72 ab d1  a8 4f 39 48 fc d0 54 bf  |h....r...O9H..T.|
+000001e0  47 7f 7c 8f 91 7d 40 96  01 b0 ec 62 b0 16 b8 d3  |G.|..}@....b....|
+000001f0  02 15 68 e0 7e d7 40 0a  9f 5e cf 21 75 40 d6 4c  |..h.~.@..^.!u@.L|
+00000200  50 c0 05 8f 8e db b5 44  d3 50 24 be c3 7b 5d 39  |P......D.P$..{]9|
+00000210  a5 cb 92 d5 dd 4b 16 c2  6a ec e5 f6 79 6d 04 6f  |.....K..j...ym.o|
+00000220  26 fd 55 ba 8a 38 db ab  dd 78 13 a7 de 23 e7 c0  |&.U..8...x...#..|
+00000230  c6 97 34 18 26 2e d0 ef  b0 d7 1a 3c af cc 2f 79  |..4.&......<../y|
+00000240  ea cd d3 b2 02 99 5a ca  c8 49 39 f7 df 64 5d 1a  |......Z..I9..d].|
+00000250  89 59 92 33 e8 ae 19 ca  42 53 c0 1a 18 6b 9e 8f  |.Y.3....BS...k..|
+00000260  65 64 b3 b3 6f 4c c8 7c  46 fb 2f 0a ad ed ef 15  |ed..oL.|F./.....|
+00000270  14 dd dd ae b0 09 d4 5a  ba 2e 78 a2 3e 8e d4 35  |.......Z..x.>..5|
+00000280  a2 96 a1 a2 08 f8 0c c6  a3 13 be 09 b8 5f 00 04  |............._..|
+00000290  22 78 98 cf 41 24 40 e9  93 4e b0 86 15 e1 5e c2  |"x..A$@..N....^.|
+000002a0  cf c3 49 51 1a d8 a1 e6  c0 a9 ea 35 b2 56 ee 2d  |..IQ.......5.V.-|
+000002b0  08 4e 3b 3d 03 cb f1 54  94 a0 d5 6a 9c bc d8 7c  |.N;=...T...j...||
+000002c0  f1 22 10 0a 5c d9 66 87  fa e2 8e e8 41 cc ce cd  |."..\.f.....A...|
+000002d0  a9 c2 c7 11 4c e2 e4 20  70 ae aa d1 1e 47 b7 ee  |....L.. p....G..|
+000002e0  b3 45 18 3a a9 31 44 bb  b0 7f 73 6a df 2a 67 00  |.E.:.1D...sj.*g.|
+000002f0  81 c6 da 9d 8b 65 98 f8  b8 e5 fb da 85 cc 68 c2  |.....e........h.|
+00000300  77 ed d5 14 a8 32 74 b1  d1 9c 89 1c 3e b8 d9 d4  |w....2t.....>...|
+00000310  89 8d d5 17 03 03 00 99  1c 42 3c cc 38 4d ed 1e  |.........B<.8M..|
+00000320  14 2e cb e7 a4 43 64 95  a5 8f c6 ff 81 a1 4f d8  |.....Cd.......O.|
+00000330  2a 1e 82 cf 4c 6a a2 32  ee 3b 8e f9 d5 63 99 2b  |*...Lj.2.;...c.+|
+00000340  7a 7e 4c 9b 1a c8 48 78  4f 8e ad af ea 3a 60 65  |z~L...HxO....:`e|
+00000350  b6 05 62 78 36 5f c1 40  e3 16 f2 be 48 41 ca a6  |..bx6_.@....HA..|
+00000360  e1 10 e4 fe 14 0b 59 6d  da fc 35 1e f5 eb fc 71  |......Ym..5....q|
+00000370  08 49 a4 04 55 df 5e 09  cc 48 79 ba 3b e6 12 20  |.I..U.^..Hy.;.. |
+00000380  4e 57 b3 22 a0 4f 62 b9  30 e3 1c 3e ed 95 6c c7  |NW.".Ob.0..>..l.|
+00000390  49 a3 b4 c5 2d 25 11 18  94 7b 10 43 d3 fe de 98  |I...-%...{.C....|
+000003a0  74 65 c1 cd d2 d1 67 a1  86 03 a4 7e 12 88 0e 6e  |te....g....~...n|
+000003b0  49 17 03 03 00 35 d3 c7  fa 89 82 0d 80 29 53 f8  |I....5.......)S.|
+000003c0  49 ba 86 1f aa dd ec d4  4c 8d cc a4 88 95 27 a8  |I.......L.....'.|
+000003d0  23 dc b2 09 e6 d3 47 34  fa e1 0c 5c 01 ae 95 a0  |#.....G4...\....|
+000003e0  4d 1c 42 fe e7 d6 ed cb  a7 83 fd                 |M.B........|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 a6 7f ef 71 68  |..........5...qh|
-00000010  8b 86 84 20 a6 e7 65 3f  3f f8 c6 8b 62 40 31 e2  |... ..e??...b@1.|
-00000020  1a ee 8d 0a 64 88 ea 4b  83 5f c5 ff 1b 9d aa 5f  |....d..K._....._|
-00000030  ce a4 31 76 06 90 da ad  b9 17 49 0b a6 b5 37 80  |..1v......I...7.|
-00000040  17 03 03 00 17 2b be e8  98 11 37 0d db 46 69 0d  |.....+....7..Fi.|
-00000050  51 34 ee 13 00 c3 f1 12  8a 13 21 b7 17 03 03 00  |Q4........!.....|
-00000060  13 8d ec 94 6f 55 b1 d5  c0 d6 a3 6e a2 8d 67 76  |....oU.....n..gv|
-00000070  7b c7 b8 1d                                       |{...|
+00000000  14 03 03 00 01 01 17 03  03 00 35 b4 e6 ba 4c 98  |..........5...L.|
+00000010  46 1c 04 eb 9a 06 4a ef  8c 2a 6e 9a 69 35 78 4c  |F.....J..*n.i5xL|
+00000020  9a 5e 43 93 11 d8 8d a5  c9 d0 1a db b6 ef 65 ec  |.^C...........e.|
+00000030  a9 21 e4 0f a6 3e 0a c1  a0 a1 49 35 c3 e7 d9 20  |.!...>....I5... |
+00000040  17 03 03 00 17 d7 8d d4  53 d5 40 dc ae d6 73 24  |........S.@...s$|
+00000050  f8 f5 65 4e 0f 8d a6 f0  9d 4a e1 5b 17 03 03 00  |..eN.....J.[....|
+00000060  13 fd e0 76 85 ee 46 e9  d4 3c 0d 05 56 9b b3 5b  |...v..F..<..V..[|
+00000070  9c 42 de d4                                       |.B..|
diff --git a/testdata/Client-TLSv13-HelloRetryRequest b/testdata/Client-TLSv13-HelloRetryRequest
index a669920d..2ef8e406 100644
--- a/testdata/Client-TLSv13-HelloRetryRequest
+++ b/testdata/Client-TLSv13-HelloRetryRequest
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fa 01 00 00  f6 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,14 +7,16 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7b 00 0b 00 02  01 00 ff 01 00 01 00 00  |...{............|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 06 00 04 00 1d  00 17 00 0d 00 1a 00 18  |................|
 000000b0  08 04 04 03 08 07 08 05  08 06 04 01 05 01 06 01  |................|
-000000c0  05 03 06 03 02 01 02 03  00 2b 00 09 08 03 04 03  |.........+......|
-000000d0  03 03 02 03 01 00 33 00  26 00 24 00 1d 00 20 2f  |......3.&.$... /|
-000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
-000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
+000000c0  05 03 06 03 02 01 02 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 58 02 00 00  54 03 03 cf 21 ad 74 e5  |....X...T...!.t.|
 00000010  9a 61 11 be 1d 8c 02 1e  65 b8 91 c2 a2 11 16 7a  |.a......e......z|
@@ -24,7 +26,7 @@
 00000050  0c 00 2b 00 02 03 04 00  33 00 02 00 17 14 03 03  |..+.....3.......|
 00000060  00 01 01                                          |...|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 16 03  03 01 1b 01 00 01 17 03  |................|
+00000000  14 03 03 00 01 01 16 03  03 01 39 01 00 01 35 03  |..........9...5.|
 00000010  03 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000030  00 20 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |. ..............|
@@ -32,88 +34,90 @@
 00000050  00 00 00 32 cc a9 cc a8  c0 2b c0 2f c0 2c c0 30  |...2.....+./.,.0|
 00000060  c0 09 c0 13 c0 0a c0 14  00 9c 00 9d 00 2f 00 35  |............./.5|
 00000070  c0 12 00 0a c0 23 c0 27  00 3c c0 07 c0 11 00 05  |.....#.'.<......|
-00000080  13 03 13 01 13 02 01 00  00 9c 00 0b 00 02 01 00  |................|
+00000080  13 03 13 01 13 02 01 00  00 ba 00 0b 00 02 01 00  |................|
 00000090  ff 01 00 01 00 00 17 00  00 00 12 00 00 00 05 00  |................|
 000000a0  05 01 00 00 00 00 00 0a  00 06 00 04 00 1d 00 17  |................|
 000000b0  00 0d 00 1a 00 18 08 04  04 03 08 07 08 05 08 06  |................|
-000000c0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 2b  |...............+|
-000000d0  00 09 08 03 04 03 03 03  02 03 01 00 33 00 47 00  |............3.G.|
-000000e0  45 00 17 00 41 04 1e 18  37 ef 0d 19 51 88 35 75  |E...A...7...Q.5u|
-000000f0  71 b5 e5 54 5b 12 2e 8f  09 67 fd a7 24 20 3e b2  |q..T[....g..$ >.|
-00000100  56 1c ce 97 28 5e f8 2b  2d 4f 9e f1 07 9f 6c 4b  |V...(^.+-O....lK|
-00000110  5b 83 56 e2 32 42 e9 58  b6 d7 49 a6 b5 68 1a 41  |[.V.2B.X..I..h.A|
-00000120  03 56 6b dc 5a 89                                 |.Vk.Z.|
+000000c0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 32  |...............2|
+000000d0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000e0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
+000000f0  08 03 04 03 03 03 02 03  01 00 33 00 47 00 45 00  |..........3.G.E.|
+00000100  17 00 41 04 1e 18 37 ef  0d 19 51 88 35 75 71 b5  |..A...7...Q.5uq.|
+00000110  e5 54 5b 12 2e 8f 09 67  fd a7 24 20 3e b2 56 1c  |.T[....g..$ >.V.|
+00000120  ce 97 28 5e f8 2b 2d 4f  9e f1 07 9f 6c 4b 5b 83  |..(^.+-O....lK[.|
+00000130  56 e2 32 42 e9 58 b6 d7  49 a6 b5 68 1a 41 03 56  |V.2B.X..I..h.A.V|
+00000140  6b dc 5a 89                                       |k.Z.|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 9b 02 00 00  97 03 03 9a 1f 7a fa 06  |.............z..|
-00000010  c4 5f 92 61 62 d2 a5 f3  ae b9 a6 d8 6b eb 13 a7  |._.ab.......k...|
-00000020  2f 17 62 79 3a ca 42 8b  18 06 15 20 00 00 00 00  |/.by:.B.... ....|
+00000000  16 03 03 00 9b 02 00 00  97 03 03 fe 4a 7b 8f ac  |............J{..|
+00000010  ff 16 9d af dc a9 3a c4  e6 91 99 1f 20 62 3d 0b  |......:..... b=.|
+00000020  1f 75 28 88 56 eb 36 d1  84 e5 58 20 00 00 00 00  |.u(.V.6...X ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
 00000050  4f 00 2b 00 02 03 04 00  33 00 45 00 17 00 41 04  |O.+.....3.E...A.|
-00000060  d1 56 18 67 59 a5 e1 ed  99 0f ca e5 6b 5f e3 d9  |.V.gY.......k_..|
-00000070  e3 fd e6 a2 50 93 bf 87  85 60 e7 7f 0b a0 96 c4  |....P....`......|
-00000080  29 55 63 de fe 6b 75 99  b2 a6 75 92 61 d0 96 19  |)Uc..ku...u.a...|
-00000090  f5 60 8f ec e9 d3 98 4a  b9 6b 98 26 c1 3e 27 7e  |.`.....J.k.&.>'~|
-000000a0  17 03 03 00 17 5a aa bb  35 67 ec 83 da 8e 85 bd  |.....Z..5g......|
-000000b0  ae a5 0d c9 8b cd 03 bf  96 2b 35 61 17 03 03 02  |.........+5a....|
-000000c0  6d 85 0c 7c d5 ff 0f 77  0a a4 b7 97 aa d3 f7 af  |m..|...w........|
-000000d0  4b 58 cb 24 4d 9f a6 d8  e2 c3 10 ce 3a 5d e4 cc  |KX.$M.......:]..|
-000000e0  84 7d 1f 71 bd b6 25 0c  10 75 d3 8d b6 12 04 56  |.}.q..%..u.....V|
-000000f0  63 af 53 e5 cc 29 ce f7  18 7a 93 91 73 ae ff c1  |c.S..)...z..s...|
-00000100  2e 2b 3d 76 ab 99 c8 e0  fd 69 b3 67 39 e9 58 40  |.+=v.....i.g9.X@|
-00000110  4a 63 e8 71 c5 8d de 44  fb ef 4d 0a dc ae 51 12  |Jc.q...D..M...Q.|
-00000120  7e ea 6a 25 32 8e 5b 08  6e c7 b2 87 00 4e 35 d8  |~.j%2.[.n....N5.|
-00000130  cd 3b bd 8c dc e8 55 a9  2f 65 d1 7f c1 28 33 f9  |.;....U./e...(3.|
-00000140  70 e1 af d8 2d 64 4c ac  5a 3a 16 6d 3e 97 a7 0e  |p...-dL.Z:.m>...|
-00000150  cd 28 05 1c ea 28 8d 63  a3 41 e2 3a 24 27 f4 43  |.(...(.c.A.:$'.C|
-00000160  97 c8 89 09 ed 8b 96 74  b3 dc 98 f4 0c c2 6f 25  |.......t......o%|
-00000170  fc 30 8a f8 25 49 e1 91  fb c6 39 23 ca d5 16 08  |.0..%I....9#....|
-00000180  5f bf 10 88 71 a4 c5 ac  e7 ad 9e 5a 4d e8 d3 1f  |_...q......ZM...|
-00000190  f0 5d 83 9d c9 e2 b3 f8  e4 a3 a5 57 5d ca 30 74  |.].........W].0t|
-000001a0  a6 1b c7 51 50 05 5f 7e  93 71 1a 8d fc 04 d6 fe  |...QP._~.q......|
-000001b0  4e 4b 95 54 18 43 19 4d  d2 dc 81 a8 94 76 7e 23  |NK.T.C.M.....v~#|
-000001c0  56 8c 86 f9 15 d2 a8 0c  48 4e 0e 81 df e0 31 52  |V.......HN....1R|
-000001d0  c9 2e b4 39 f3 cf ae e2  29 72 01 ed 34 4f 09 ce  |...9....)r..4O..|
-000001e0  64 de a9 9b 84 61 3a bb  0b ac 4e b1 6d 37 41 10  |d....a:...N.m7A.|
-000001f0  5b cf 99 b1 3e e6 f5 7b  1c d4 d0 d5 34 fc ab c6  |[...>..{....4...|
-00000200  29 8e 0b 53 e4 7b 35 33  e4 e3 f6 77 9b f6 c6 ae  |)..S.{53...w....|
-00000210  73 3c c5 80 c8 72 f7 56  6c 4c ce e5 a7 05 63 ee  |s<...r.VlL....c.|
-00000220  07 e0 1d 3e 73 3e 55 73  ba 63 a8 d7 99 6a 48 57  |...>s>Us.c...jHW|
-00000230  0c 55 51 42 4b 27 91 4b  75 b3 3b 4c 29 f1 52 e8  |.UQBK'.Ku.;L).R.|
-00000240  85 f9 49 53 ed 87 6d 9e  8f 5c 29 7c 5c 9c 4e 9a  |..IS..m..\)|\.N.|
-00000250  90 a8 99 2a 53 65 f7 d9  61 ef 6a 56 2a da 76 ed  |...*Se..a.jV*.v.|
-00000260  04 84 11 f5 1c 40 82 52  7d fa 00 79 43 12 42 b4  |.....@.R}..yC.B.|
-00000270  ca 7a 86 d5 8d d6 c5 7b  04 13 79 08 72 0c ce d7  |.z.....{..y.r...|
-00000280  88 9a f2 2c b5 9a 18 a4  d2 87 48 ce ab 17 33 fd  |...,......H...3.|
-00000290  cf 22 3c 72 03 86 af 35  2a b3 fe 24 0e 86 d8 82  |."<r...5*..$....|
-000002a0  df 21 c6 8b ff f5 f1 0a  86 3b 28 a9 41 f6 32 df  |.!.......;(.A.2.|
-000002b0  a6 69 fa e3 38 b2 3e 1d  c3 82 8e 03 da 44 e9 2e  |.i..8.>......D..|
-000002c0  14 12 cd 16 e5 6a 58 1b  3f f8 70 d6 47 e6 1b 98  |.....jX.?.p.G...|
-000002d0  74 9c 21 2b 6d f8 8a 47  05 86 b1 fa 63 9d cc 19  |t.!+m..G....c...|
-000002e0  da 9a a0 ea 5a 26 98 e6  b7 d0 da 03 b3 1d 33 e8  |....Z&........3.|
-000002f0  55 74 ee 4b 6a 06 0f f1  45 35 72 81 bb c9 61 4e  |Ut.Kj...E5r...aN|
-00000300  60 d6 83 e6 ab 08 77 a4  f9 73 e5 d8 cb 66 9f 41  |`.....w..s...f.A|
-00000310  00 15 2c 09 0e ad 16 02  6c 06 5f bc bf 47 f1 5a  |..,.....l._..G.Z|
-00000320  85 97 ab 88 e8 45 b0 31  96 ad 56 00 97 59 17 03  |.....E.1..V..Y..|
-00000330  03 00 99 5e 77 80 46 1d  2f 47 9f b3 43 4d a6 2b  |...^w.F./G..CM.+|
-00000340  e9 f7 72 a2 d0 c6 69 7c  df 5d ce a0 3b 89 e2 69  |..r...i|.]..;..i|
-00000350  e7 35 5e 00 fb 87 10 4a  a8 41 02 b7 89 fa 88 fc  |.5^....J.A......|
-00000360  72 63 ce bf 41 61 16 91  55 06 cd b6 fa 78 09 bc  |rc..Aa..U....x..|
-00000370  f6 21 a0 c2 1f f3 fa 34  2a 9e b9 8a 0c 72 81 02  |.!.....4*....r..|
-00000380  66 a7 da 6b d6 e2 aa 99  6d 4b 42 f5 19 83 52 89  |f..k....mKB...R.|
-00000390  9a 26 56 5d d5 a4 a7 bd  ad b4 10 db ee 87 1d 15  |.&V]............|
-000003a0  15 df 30 95 d8 61 e2 c4  88 47 e1 91 e3 85 33 fe  |..0..a...G....3.|
-000003b0  7d 02 0c 22 6b 52 22 a7  cf bf bf f0 9d 25 65 e0  |}.."kR"......%e.|
-000003c0  6b da a2 8c 9a 00 3d 68  78 55 38 69 17 03 03 00  |k.....=hxU8i....|
-000003d0  35 c8 ca 51 96 aa c1 4b  a0 09 d3 bc d9 ea 35 db  |5..Q...K......5.|
-000003e0  f2 8d bb ab b3 23 09 a1  d1 9c 40 3e e4 84 d3 1c  |.....#....@>....|
-000003f0  60 64 5c ff 01 c7 78 69  c2 4a fb e1 c3 d6 f0 57  |`d\...xi.J.....W|
-00000400  fa 3a 5f 7a 8b 70                                 |.:_z.p|
+00000060  22 29 04 60 1f aa 8e 3f  bd 63 99 c0 66 e1 e1 d7  |").`...?.c..f...|
+00000070  c1 59 57 1d db 9d ba 28  a7 d4 fc fd bd 15 64 14  |.YW....(......d.|
+00000080  ec 78 e3 dc e1 c7 3e 07  c3 c5 c4 4e 43 51 10 e2  |.x....>....NCQ..|
+00000090  f0 ac 57 6b 56 4b b1 6a  46 e9 70 81 28 68 62 dc  |..WkVK.jF.p.(hb.|
+000000a0  17 03 03 00 17 2d a3 1d  ea 4e f0 8b 4b 19 3f 2d  |.....-...N..K.?-|
+000000b0  18 ef 9d b1 65 b4 e8 93  b2 80 fe 28 17 03 03 02  |....e......(....|
+000000c0  6d 3b 1b 01 88 15 65 6a  66 4a 91 e2 0a c2 c4 64  |m;....ejfJ.....d|
+000000d0  c1 f5 d0 c2 fd 1d 18 4a  e2 32 e2 d2 6f 25 04 78  |.......J.2..o%.x|
+000000e0  96 66 48 53 0b bc 24 0a  6c 46 54 28 bb 63 ed 4e  |.fHS..$.lFT(.c.N|
+000000f0  ab c3 15 bb ae 1e ea c9  63 2a f1 4b fc 55 60 b2  |........c*.K.U`.|
+00000100  8b 46 e3 09 f8 b4 72 87  3c ec 98 e2 21 53 c8 4d  |.F....r.<...!S.M|
+00000110  9b 07 4a 88 fc 0f c6 42  40 e5 74 5e 3e cf 88 3a  |..J....B@.t^>..:|
+00000120  f1 d9 ef 88 e8 eb 0a 4b  f4 64 12 d1 3f 36 25 f8  |.......K.d..?6%.|
+00000130  6d 91 49 a6 c1 ac 9e b7  e7 36 7f a0 0c af 11 48  |m.I......6.....H|
+00000140  83 e6 5c ee 23 d9 18 9a  0b 73 76 8f 0e f0 2c 4d  |..\.#....sv...,M|
+00000150  a8 07 15 da 33 b8 57 de  c4 a2 c2 97 ae d2 0b a0  |....3.W.........|
+00000160  96 da 1c c5 d6 6d 7f 66  c9 a6 ee ab 91 53 fc d4  |.....m.f.....S..|
+00000170  c1 e9 1b 7e e8 be 3e 44  65 8d 91 de 49 86 1c de  |...~..>De...I...|
+00000180  55 a1 42 5c 4c b5 24 30  67 23 d8 fe ad 54 6f e5  |U.B\L.$0g#...To.|
+00000190  e9 ae 78 46 4a f7 cc ed  d0 8d d3 65 95 76 ac fb  |..xFJ......e.v..|
+000001a0  f1 91 d2 90 35 17 5e c4  72 6c 16 2a 52 08 7b 16  |....5.^.rl.*R.{.|
+000001b0  10 e4 c4 08 28 86 f7 dd  17 50 6c d0 ea 06 f3 8a  |....(....Pl.....|
+000001c0  b9 c7 0e fd 67 9d 14 75  13 5b 85 a2 8e 1f 7a be  |....g..u.[....z.|
+000001d0  17 17 ad 72 a1 40 9d 02  5e 80 16 df e7 30 8a eb  |...r.@..^....0..|
+000001e0  2d 62 f5 63 e6 c2 96 f3  1c 19 c4 bf 14 50 73 b6  |-b.c.........Ps.|
+000001f0  6d 02 0e 7f 70 8f 6f f8  3d 6c 36 60 b5 41 3f 09  |m...p.o.=l6`.A?.|
+00000200  f9 72 26 59 fc d3 b2 70  84 2c 9b 7d 7b ab 14 a1  |.r&Y...p.,.}{...|
+00000210  43 65 89 51 75 9e 3b 4c  8c 01 8d a9 38 0a e3 fe  |Ce.Qu.;L....8...|
+00000220  0f f1 58 c5 9e b2 42 28  1e 7c 4a e0 6f fe 53 69  |..X...B(.|J.o.Si|
+00000230  e0 bc 8c c2 d5 00 c4 00  c6 f6 47 fe 70 cc a5 c0  |..........G.p...|
+00000240  cb 21 d8 89 37 8a ef bc  c6 9b 9d 5d 74 a7 22 6b  |.!..7......]t."k|
+00000250  5c e0 24 89 8d 88 a1 19  8a bf e6 bb d3 43 e3 71  |\.$..........C.q|
+00000260  38 99 60 20 2c d5 6e 93  83 20 be 0f ce 35 3d 02  |8.` ,.n.. ...5=.|
+00000270  2f 39 5e bb 06 68 b2 c7  fc 42 be a7 81 f5 40 dd  |/9^..h...B....@.|
+00000280  49 6f 4b 1b 3f a9 6c 5b  dd b9 38 29 01 be f7 76  |IoK.?.l[..8)...v|
+00000290  cc 7b 8e 34 25 72 64 2a  4b bc 38 f7 07 4e cd 16  |.{.4%rd*K.8..N..|
+000002a0  0b 9a 1f c5 5f 3e 5d 6e  fe 2c d6 fd 7c cc af 97  |...._>]n.,..|...|
+000002b0  89 04 75 20 83 c8 a9 4a  d8 65 08 a0 4f 6a f7 71  |..u ...J.e..Oj.q|
+000002c0  4a f0 34 b9 49 29 f1 44  d7 95 86 c1 cf fd 3a 46  |J.4.I).D......:F|
+000002d0  fb 0a 7a 13 ee ca 0d ce  bd 1e 62 63 cd 63 7a 75  |..z.......bc.czu|
+000002e0  26 a6 0c 6e d6 77 06 df  f7 1b e1 6c 96 e8 55 20  |&..n.w.....l..U |
+000002f0  62 f0 98 2d 22 28 3b 95  9b ec dc d7 cb 6c 1d b5  |b..-"(;......l..|
+00000300  3a de fd 2d a7 23 59 4b  69 85 20 13 8c e0 a4 b5  |:..-.#YKi. .....|
+00000310  c1 e0 72 08 e7 c2 c9 c6  c2 5c 23 e7 d3 15 dd de  |..r......\#.....|
+00000320  6a 9b d2 0c 47 4d d1 e7  d8 a9 4d 5f 60 03 17 03  |j...GM....M_`...|
+00000330  03 00 99 e8 da 65 12 48  68 fa d8 9c ee bf c8 3d  |.....e.Hh......=|
+00000340  a4 5d e1 bc 8a e3 18 46  a8 89 c9 7b 3e a2 b0 fb  |.].....F...{>...|
+00000350  1c 7e 64 69 4a 06 aa 0a  ce 79 b6 e0 8b 57 a7 7b  |.~diJ....y...W.{|
+00000360  7f b7 80 3f cf 1b f2 00  2f 22 63 00 97 60 e8 bf  |...?..../"c..`..|
+00000370  16 c1 37 fd e0 40 96 24  e1 48 c8 c5 7d a4 50 ed  |..7..@.$.H..}.P.|
+00000380  04 c4 17 88 84 e6 d3 8c  b9 8b bf 81 f8 3b 19 32  |.............;.2|
+00000390  27 d2 f6 41 2f d1 fb f3  49 79 c9 99 6d db c8 25  |'..A/...Iy..m..%|
+000003a0  36 fa 72 d1 c3 2c 1f 01  90 e0 a4 45 2b 3f 24 59  |6.r..,.....E+?$Y|
+000003b0  4c 87 04 af 4c 8b 48 04  b3 f6 e5 19 ab cd 57 f1  |L...L.H.......W.|
+000003c0  1c 4f a8 ec 48 23 20 65  df 7b cc 01 17 03 03 00  |.O..H# e.{......|
+000003d0  35 64 87 14 09 0b dd 3e  b1 58 d7 b5 46 e7 e3 c4  |5d.....>.X..F...|
+000003e0  76 fa 86 c4 6d 53 97 fd  4f c8 29 77 a7 f8 4f 70  |v...mS..O.)w..Op|
+000003f0  0d 91 e9 ba 06 a7 83 df  fb 6f 8e c9 fb fb 8f 88  |.........o......|
+00000400  1d 2b f9 ce cc 5c                                 |.+...\|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 35 24 4a 53  55 49 92 7a 21 a2 db 69  |....5$JSUI.z!..i|
-00000010  e5 2b 00 29 83 cb 91 32  17 48 73 96 89 d1 b2 11  |.+.)...2.Hs.....|
-00000020  c4 23 48 41 eb df eb 5a  10 c2 78 4e a2 e4 f0 38  |.#HA...Z..xN...8|
-00000030  4a 1c b6 d3 bb 52 bc 7e  f6 94 17 03 03 00 17 74  |J....R.~.......t|
-00000040  04 34 8d 27 19 da f3 d8  14 30 1b 85 ad 1e 99 cd  |.4.'.....0......|
-00000050  06 f0 a3 50 94 48 17 03  03 00 13 ac 8f 7e 2e 9c  |...P.H.......~..|
-00000060  90 96 db 33 e2 e9 94 c1  c9 95 f2 7a d1 8f        |...3.......z..|
+00000000  17 03 03 00 35 44 f5 f8  bb f8 ef a5 7e c7 6f 34  |....5D......~.o4|
+00000010  88 d9 96 2e 59 11 6e 08  0d 17 20 fb 45 c6 86 7c  |....Y.n... .E..||
+00000020  d3 ac 29 0f 50 89 d3 e9  b8 eb 42 63 bc 18 49 99  |..).P.....Bc..I.|
+00000030  75 d5 08 2a 72 57 ea a2  a2 21 17 03 03 00 17 38  |u..*rW...!.....8|
+00000040  12 6b 56 f1 33 2a 3d 42  94 42 85 e5 3b 49 10 52  |.kV.3*=B.B..;I.R|
+00000050  13 82 59 6d 28 fa 17 03  03 00 13 ab 4c ec 58 94  |..Ym(.......L.X.|
+00000060  13 b6 f6 91 ce b5 91 f7  34 7f c5 98 38 f2        |........4...8.|
diff --git a/testdata/Client-TLSv13-KeyUpdate b/testdata/Client-TLSv13-KeyUpdate
index 1b8004ad..18d547b9 100644
--- a/testdata/Client-TLSv13-KeyUpdate
+++ b/testdata/Client-TLSv13-KeyUpdate
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 fe 01 00 00  fa 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,97 +7,99 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 7f 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
 000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000d0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
-000000e0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
-000000f0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
-00000100  cb 3b 74                                          |.;t|
+000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
+000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
+000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
+000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000120  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 dc 81 c4 82 2e  |....z...v.......|
-00000010  a2 4f c4 c2 53 c2 bc 6a  bd f3 46 84 b5 ba 66 b5  |.O..S..j..F...f.|
-00000020  8b 67 7c 90 51 40 12 39  18 e1 bf 20 00 00 00 00  |.g|.Q@.9... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 84 8c be 3d 27  |....z...v.....='|
+00000010  0b ef 9d b0 8b bd 21 91  9d 12 b8 4c f2 0f bb 29  |......!....L...)|
+00000020  6a f4 1c 56 09 bb 85 c6  9b b7 7b 20 00 00 00 00  |j..V......{ ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 3b  |..+.....3.$... ;|
-00000060  6b 2a e6 c2 7e b6 59 68  e4 e3 f2 f3 14 e5 72 bc  |k*..~.Yh......r.|
-00000070  c9 61 b4 b0 0a c6 41 0d  a9 8e d9 9b 7d 2a 11 14  |.a....A.....}*..|
-00000080  03 03 00 01 01 17 03 03  00 17 43 af 38 b9 56 06  |..........C.8.V.|
-00000090  2d 10 e3 e5 1d 1b 1e a9  5f 90 ca 0d a9 52 33 86  |-......._....R3.|
-000000a0  85 17 03 03 02 6d ac 6a  a1 8f 42 27 74 80 25 f9  |.....m.j..B't.%.|
-000000b0  1f 48 49 2d c2 33 38 e7  93 7e b0 b2 50 b8 6a ea  |.HI-.38..~..P.j.|
-000000c0  a6 81 ef 9b 55 83 4e 93  df 92 97 6f 00 f5 c4 fc  |....U.N....o....|
-000000d0  ec b1 19 dd 68 b5 bd c4  bb ba 63 9a e4 c9 24 af  |....h.....c...$.|
-000000e0  88 13 65 11 bf ea d9 07  e9 46 fd 5b 60 ce 57 46  |..e......F.[`.WF|
-000000f0  8b a9 bd c6 58 1a 3b bd  5e fb 0f 46 ec fc 8b 2c  |....X.;.^..F...,|
-00000100  ea a7 19 06 6a e5 6f 10  7a 27 04 6b aa a4 2c f4  |....j.o.z'.k..,.|
-00000110  ef 3b e8 8a 51 88 fd e0  ae 33 b1 4c b3 04 5e 91  |.;..Q....3.L..^.|
-00000120  b0 98 0b 9f 38 a3 3c fb  9f d5 d2 36 e4 09 19 18  |....8.<....6....|
-00000130  a5 b3 12 aa c9 03 ac b5  ab bb f1 7a 02 d2 dd 75  |...........z...u|
-00000140  0e cb 60 09 39 23 c3 b2  c1 8e e0 18 57 72 54 61  |..`.9#......WrTa|
-00000150  4c 99 35 1d ba 31 01 0c  48 d2 f2 88 22 9c 91 7d  |L.5..1..H..."..}|
-00000160  e3 74 f9 b3 52 bf 0e 0b  e1 31 7c 2c cb fd f2 8c  |.t..R....1|,....|
-00000170  bf 27 40 6d 26 b7 62 47  56 91 22 00 67 9a df 4f  |.'@m&.bGV.".g..O|
-00000180  f0 47 57 3c a6 46 4d 16  f6 8d fc 2d 91 c4 1a bf  |.GW<.FM....-....|
-00000190  38 63 ec 63 fe 97 14 80  aa 5b 60 ff c8 77 57 9c  |8c.c.....[`..wW.|
-000001a0  d5 86 a6 76 96 b3 e9 db  c9 eb dd 94 84 2a 46 f5  |...v.........*F.|
-000001b0  6a c1 10 66 59 f1 13 b9  41 f3 89 26 ba 52 69 95  |j..fY...A..&.Ri.|
-000001c0  b1 f3 66 30 f8 aa 90 f7  90 49 19 48 4c 25 4a 1f  |..f0.....I.HL%J.|
-000001d0  12 9d 67 32 79 bb 53 d8  c5 d1 b4 6e 89 75 49 c0  |..g2y.S....n.uI.|
-000001e0  65 86 ac 72 23 2f 97 d3  ae e2 64 79 5e e2 10 4e  |e..r#/....dy^..N|
-000001f0  55 0c c6 70 d3 2e 4a 6c  b0 73 0a 11 eb ae f7 a1  |U..p..Jl.s......|
-00000200  a1 f0 5f 67 45 46 d3 8c  11 ff 21 62 7d ed f9 0e  |.._gEF....!b}...|
-00000210  2a ba b3 82 f5 6b c1 4a  4e cc 11 90 48 81 96 7a  |*....k.JN...H..z|
-00000220  df f9 22 ae 53 31 14 9d  c9 5c 85 e7 db a2 dd 02  |..".S1...\......|
-00000230  56 eb d0 fe 20 35 21 c9  33 63 b5 b7 a8 93 30 7f  |V... 5!.3c....0.|
-00000240  86 1f d1 af b1 ff 3e 9a  d1 a8 90 d9 9c 86 55 e8  |......>.......U.|
-00000250  d0 4c c4 6d a3 ce c6 c0  df f8 a8 b6 43 03 ae fc  |.L.m........C...|
-00000260  7d 94 7b fe be 85 46 d8  42 9d b6 15 b9 a3 27 3d  |}.{...F.B.....'=|
-00000270  80 64 54 c8 53 c4 a7 94  52 8f 9d 4c 58 54 a5 c4  |.dT.S...R..LXT..|
-00000280  e0 e7 2e cb f3 8c d0 82  3f 95 76 c9 ea ea 80 41  |........?.v....A|
-00000290  21 5d 3e a3 1e be 4e 0b  ce 10 ab 61 a5 76 ef 62  |!]>...N....a.v.b|
-000002a0  50 1b 52 a8 75 23 fd eb  ea 76 f9 d8 41 3c a2 e4  |P.R.u#...v..A<..|
-000002b0  21 cb 56 f7 40 81 78 56  22 06 2a 38 fc 1f d8 9f  |!.V.@.xV".*8....|
-000002c0  38 b0 7a 93 f0 8c ad 3e  54 27 a2 d7 8b 2c 79 46  |8.z....>T'...,yF|
-000002d0  15 65 f1 55 b2 2a 06 a1  97 9b 47 23 f8 9a 3f 88  |.e.U.*....G#..?.|
-000002e0  8e 26 7e 13 cd 6e 8b cb  d5 a5 78 48 f7 ba ad d8  |.&~..n....xH....|
-000002f0  08 3b 34 5b 52 cd e3 2d  12 ac 81 00 c0 d0 4d df  |.;4[R..-......M.|
-00000300  56 d6 40 86 91 31 3d ba  6b 41 bc 51 6f ac b2 df  |V.@..1=.kA.Qo...|
-00000310  90 4b 78 17 03 03 00 99  21 0f 5b 18 54 84 98 0c  |.Kx.....!.[.T...|
-00000320  3a 7b 0b db 99 0e 09 f6  b7 4f a9 cc da bf 4c ac  |:{.......O....L.|
-00000330  5f 44 fc ba 9d 5d 52 d5  ec 2e 08 0c cc 3c e1 72  |_D...]R......<.r|
-00000340  10 77 5b 7b 55 f7 c1 44  a3 25 e0 48 20 9a 3a de  |.w[{U..D.%.H .:.|
-00000350  2f ae 30 a9 e9 5b 75 84  e3 59 f0 6b 23 a6 d8 20  |/.0..[u..Y.k#.. |
-00000360  16 51 2a 19 61 60 35 28  74 41 32 fa 97 8d 3b ed  |.Q*.a`5(tA2...;.|
-00000370  ff 64 94 d7 27 4c 9b 1e  5e b8 89 43 e3 ae 2a b6  |.d..'L..^..C..*.|
-00000380  60 a8 bb f0 d1 75 85 15  bb 95 3c 82 f1 62 da b1  |`....u....<..b..|
-00000390  25 d2 58 7d 67 7f 02 5b  b4 91 68 3c 70 10 09 94  |%.X}g..[..h<p...|
-000003a0  b0 6d ca d9 39 bf 4a 16  5e 44 e8 92 a9 f5 af 81  |.m..9.J.^D......|
-000003b0  08 17 03 03 00 35 46 1a  28 22 ca 25 09 12 b5 e6  |.....5F.(".%....|
-000003c0  7e 70 f1 0a 0d 9b 7d f2  59 98 41 d5 9d fd be 8e  |~p....}.Y.A.....|
-000003d0  ff b2 89 e7 1a 3c 9a b7  50 01 ce af 22 4a 4b ce  |.....<..P..."JK.|
-000003e0  51 63 56 c3 93 28 29 fb  b2 67 1d                 |QcV..()..g.|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 32  |..+.....3.$... 2|
+00000060  ef 3c 13 61 12 2a 28 1c  73 77 7e 6f 7a 43 38 d3  |.<.a.*(.sw~ozC8.|
+00000070  6f f1 a6 87 34 92 b5 ad  55 7a a0 db 1c 5b 1e 14  |o...4...Uz...[..|
+00000080  03 03 00 01 01 17 03 03  00 17 18 cf a9 9c 7d 12  |..............}.|
+00000090  7e f7 a7 44 09 34 a6 40  22 8b 73 f8 87 69 35 ba  |~..D.4.@".s..i5.|
+000000a0  5a 17 03 03 02 6d 49 c5  1d 7e 9c f9 d7 5d 9f 3f  |Z....mI..~...].?|
+000000b0  41 5d a7 14 68 12 0b 3f  00 38 25 30 d9 9f 84 09  |A]..h..?.8%0....|
+000000c0  dd c9 9c 76 8a 73 40 5f  63 83 a9 4a b6 f1 4c 36  |...v.s@_c..J..L6|
+000000d0  74 13 bc 4b a6 47 9d 5b  50 3a 56 c7 6e 65 46 5d  |t..K.G.[P:V.neF]|
+000000e0  6a 1a 33 1d 9a 67 76 a2  7d 98 05 f3 3b 8b 62 3e  |j.3..gv.}...;.b>|
+000000f0  b0 72 f8 16 18 eb 47 ca  fe bc 83 ca 0a b6 df 6f  |.r....G........o|
+00000100  1c dd 95 6e 27 60 a3 88  40 0f a0 3f 6e f8 a8 9c  |...n'`..@..?n...|
+00000110  20 ee 43 60 66 e7 97 8c  c2 03 a8 e6 3d 87 6f cd  | .C`f.......=.o.|
+00000120  e9 3a 69 de 10 1f 49 ea  9d 9b 4d c9 e9 58 55 b2  |.:i...I...M..XU.|
+00000130  44 b7 09 f2 29 65 d1 fa  c1 00 b8 c0 0c 4d a1 89  |D...)e.......M..|
+00000140  1c 03 c5 0a 20 d9 88 b2  8e c6 b6 19 e1 a4 10 92  |.... ...........|
+00000150  2b 86 20 f8 0e 7c ed a5  37 03 9e 36 7a bd 0b de  |+. ..|..7..6z...|
+00000160  13 ef 6e e8 6d 1c 94 4d  6a 3f 17 db c8 44 84 47  |..n.m..Mj?...D.G|
+00000170  8b 23 d1 64 c8 90 7a da  ac 11 a0 51 c0 f2 76 10  |.#.d..z....Q..v.|
+00000180  57 1e bd a5 37 25 a9 a0  1d 3f cf 71 b1 d4 80 ed  |W...7%...?.q....|
+00000190  b9 eb 28 ec df 36 c4 f0  d1 2b fa 5b 13 fd b4 1a  |..(..6...+.[....|
+000001a0  82 3a e2 53 53 90 9a 42  0f 4b 3f 62 0e d5 e3 ab  |.:.SS..B.K?b....|
+000001b0  c2 93 b6 ab e2 db f5 43  fd f3 70 6d 44 68 c4 56  |.......C..pmDh.V|
+000001c0  4c 37 5a 9e 50 06 94 b6  d8 e1 f7 0c 97 f9 0f d1  |L7Z.P...........|
+000001d0  4f 5a 47 b4 1c 0a 1b 0a  ff bc 5d 08 7d ef b7 e6  |OZG.......].}...|
+000001e0  72 35 40 12 02 cc ed 48  19 ff e6 c8 e2 90 30 42  |r5@....H......0B|
+000001f0  04 bc 3a d0 a1 27 c6 c2  c8 b1 ab 48 a8 ff b2 c4  |..:..'.....H....|
+00000200  2e 1b 3b 9d 14 01 01 2e  53 1d 0c f7 6a 8d 49 64  |..;.....S...j.Id|
+00000210  5a bf 6e de 66 91 a8 97  2a 9f 2f 36 01 2e 33 2d  |Z.n.f...*./6..3-|
+00000220  de 5e a8 ba a1 66 fa 8a  18 c3 6e 33 a2 ab 3e 02  |.^...f....n3..>.|
+00000230  8b 25 21 dd 8b 9f de 4e  91 c9 14 dd 92 f0 4d b2  |.%!....N......M.|
+00000240  15 bf 44 89 8d 00 67 5e  01 c8 6d e7 44 3f 2b c6  |..D...g^..m.D?+.|
+00000250  cf 7a c1 4d fc b3 c1 81  f3 07 eb 6c 64 14 19 f1  |.z.M.......ld...|
+00000260  94 86 c0 c6 ea 95 35 c2  52 0e 67 37 74 df 27 c7  |......5.R.g7t.'.|
+00000270  76 1c 8e 2c 36 7d ef 71  c3 61 dd cb 8e 82 7b a1  |v..,6}.q.a....{.|
+00000280  78 c8 88 3c 90 31 17 7c  d6 f5 7c ed 67 64 ed 16  |x..<.1.|..|.gd..|
+00000290  bf 59 78 ee ee 6c 3e 3c  bd ba 29 21 23 15 50 68  |.Yx..l><..)!#.Ph|
+000002a0  40 23 ea b7 0f 03 9d 84  52 23 57 c1 dd 03 26 55  |@#......R#W...&U|
+000002b0  01 3d 46 ff 15 d0 08 fb  e1 a5 90 ac c2 e8 c8 18  |.=F.............|
+000002c0  96 e4 79 9a 0f 09 25 71  9a a0 fa 43 08 9a ca a4  |..y...%q...C....|
+000002d0  f8 8d cd f9 4f d4 d3 50  4e d2 5e 41 3a e0 e7 2e  |....O..PN.^A:...|
+000002e0  60 c6 70 8e 10 20 68 a3  8f ac 68 22 14 a2 54 5c  |`.p.. h...h"..T\|
+000002f0  ee 37 94 68 ff 93 cb 21  6b 2d 61 a3 ba 95 08 15  |.7.h...!k-a.....|
+00000300  cc 2d f1 be 22 3d 7b 02  63 01 c2 9a 88 37 aa 76  |.-.."={.c....7.v|
+00000310  2c 98 d1 17 03 03 00 99  21 4e 58 2e 4f 2b 3c c6  |,.......!NX.O+<.|
+00000320  2e ad 3b 8b d2 bf 54 81  ca 81 c6 7d 8c 40 62 cd  |..;...T....}.@b.|
+00000330  6a 42 6b 4a 81 b9 81 ce  dc c2 e8 3e 63 79 c8 2c  |jBkJ.......>cy.,|
+00000340  2c 8c 06 eb 70 2c 04 e1  62 6a 56 6e 72 c4 c8 69  |,...p,..bjVnr..i|
+00000350  39 39 c3 c2 94 3c bd 6f  cf 47 50 bb 8f d7 8e ac  |99...<.o.GP.....|
+00000360  68 4b 0b 06 e9 6a 44 68  fa 0e 0e 42 82 37 2a 1f  |hK...jDh...B.7*.|
+00000370  7d 0a 29 0a 18 f4 4f 5b  39 7f 40 9d 63 fe 20 b8  |}.)...O[9.@.c. .|
+00000380  6e 4a 64 9d 5f 18 68 16  6e 26 e1 5c 42 c8 0b 74  |nJd._.h.n&.\B..t|
+00000390  43 66 5a 9f 1e 32 2d bd  f3 2f 45 86 c4 e3 d2 c3  |CfZ..2-../E.....|
+000003a0  85 2e 7e ad 29 26 f8 f5  de f6 5c b2 c2 3f d1 61  |..~.)&....\..?.a|
+000003b0  6a 17 03 03 00 35 59 e1  a3 78 46 e2 7f db 1e a6  |j....5Y..xF.....|
+000003c0  28 ea 50 8a f5 33 1d eb  49 ef b3 34 ea 6a f8 76  |(.P..3..I..4.j.v|
+000003d0  69 70 ac d1 49 77 79 19  2c 2d 7c 95 9c e0 b7 c0  |ip..Iwy.,-|.....|
+000003e0  d2 6c d6 dd 3d ee 5a 89  0c 7b 66                 |.l..=.Z..{f|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 c9 09 ac f5 44  |..........5....D|
-00000010  40 83 88 5a b9 46 70 b9  ff 9b 2e bb b4 7e 72 b0  |@..Z.Fp......~r.|
-00000020  85 26 d6 37 33 ec d1 ac  ce f4 db 72 8c e1 07 b5  |.&.73......r....|
-00000030  d0 ce ee 2f 19 77 62 ec  97 ae 1b e1 5f 85 bf c4  |.../.wb....._...|
-00000040  17 03 03 00 17 1c ae 0f  1d 50 be 4b d0 64 4f 23  |.........P.K.dO#|
-00000050  41 60 d9 c7 f5 60 a6 5c  38 14 fd d5              |A`...`.\8...|
+00000000  14 03 03 00 01 01 17 03  03 00 35 38 8f 9d c3 39  |..........58...9|
+00000010  03 62 38 be b8 03 22 be  53 0a 0e ff 33 82 29 2a  |.b8...".S...3.)*|
+00000020  3e a5 4b d0 0e fe 6b c8  bc d8 07 71 77 ca 0f aa  |>.K...k....qw...|
+00000030  a9 8f 3e 6e 69 5d fc 37  0c 5a f6 1d 8b fc 46 8d  |..>ni].7.Z....F.|
+00000040  17 03 03 00 17 ac 0d 5d  2a 0b dd 2e 62 ab ac cc  |.......]*...b...|
+00000050  d6 43 d4 76 ea 52 62 7f  5b 10 93 63              |.C.v.Rb.[..c|
 >>> Flow 4 (server to client)
-00000000  17 03 03 00 16 ad 61 13  66 9c 3c dd 88 42 2c 6c  |......a.f.<..B,l|
-00000010  d1 22 5d b4 b2 6f f0 68  4f 37 4d                 |."]..o.hO7M|
+00000000  17 03 03 00 16 e0 09 97  59 52 91 65 5a cd 3b d5  |........YR.eZ.;.|
+00000010  95 c6 be 7a c7 a8 48 a6  39 73 44                 |...z..H.9sD|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 e5 b5 ff  ad d4 f5 e5 55 04 83 a7  |............U...|
-00000010  59 43 9a 3e 68 4d 38 6f  b1 1c 30                 |YC.>hM8o..0|
+00000000  17 03 03 00 16 12 d4 4b  bd d2 98 10 6a 72 29 bc  |.......K....jr).|
+00000010  6d c1 23 38 88 c3 7b d8  32 b6 7f                 |m.#8..{.2..|
 >>> Flow 6 (server to client)
-00000000  17 03 03 00 1a 64 0c f4  8e 8f 2b 04 e2 36 28 77  |.....d....+..6(w|
-00000010  a2 28 97 4b 15 ba 1b b2  10 31 b3 4d 87 09 af     |.(.K.....1.M...|
+00000000  17 03 03 00 1a 0c 7b fb  83 bb 87 60 52 4d fb b8  |......{....`RM..|
+00000010  c8 cf 95 98 80 60 87 f4  04 ee d1 0a 5d 57 51     |.....`......]WQ|
 >>> Flow 7 (client to server)
-00000000  17 03 03 00 1d 90 c9 33  bf fc 76 12 3d af 9e c8  |.......3..v.=...|
-00000010  8c ca e7 a1 63 6e 80 91  b1 7f 5e e4 dc c2 e6 1c  |....cn....^.....|
-00000020  b6 2b 17 03 03 00 13 ef  a8 30 91 b1 20 fe 82 79  |.+.......0.. ..y|
-00000030  44 31 a8 af 99 bb 5e 97  75 a3                    |D1....^.u.|
+00000000  17 03 03 00 1d b1 21 2b  13 dc 27 c2 50 07 61 8d  |......!+..'.P.a.|
+00000010  63 fa c3 1f 1b ab 19 77  a0 8b 97 5f 03 26 80 54  |c......w..._.&.T|
+00000020  04 00 17 03 03 00 13 91  28 90 11 9b f8 75 52 b8  |........(....uR.|
+00000030  de 14 32 09 9d 2b 77 bb  3c 5a                    |..2..+w.<Z|
diff --git a/testdata/Client-TLSv13-P256-ECDHE b/testdata/Client-TLSv13-P256-ECDHE
index fa8d3123..5add59da 100644
--- a/testdata/Client-TLSv13-P256-ECDHE
+++ b/testdata/Client-TLSv13-P256-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 19 01 00 01  15 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 37 01 00 01  33 03 03 00 00 00 00 00  |....7...3.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,88 +7,90 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9a 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 b8 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 04 00 02 00 17  00 0d 00 1a 00 18 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000d0  02 03 01 00 33 00 47 00  45 00 17 00 41 04 1e 18  |....3.G.E...A...|
-000000e0  37 ef 0d 19 51 88 35 75  71 b5 e5 54 5b 12 2e 8f  |7...Q.5uq..T[...|
-000000f0  09 67 fd a7 24 20 3e b2  56 1c ce 97 28 5e f8 2b  |.g..$ >.V...(^.+|
-00000100  2d 4f 9e f1 07 9f 6c 4b  5b 83 56 e2 32 42 e9 58  |-O....lK[.V.2B.X|
-00000110  b6 d7 49 a6 b5 68 1a 41  03 56 6b dc 5a 89        |..I..h.A.Vk.Z.|
+000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
+000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
+000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
+000000f0  01 00 33 00 47 00 45 00  17 00 41 04 1e 18 37 ef  |..3.G.E...A...7.|
+00000100  0d 19 51 88 35 75 71 b5  e5 54 5b 12 2e 8f 09 67  |..Q.5uq..T[....g|
+00000110  fd a7 24 20 3e b2 56 1c  ce 97 28 5e f8 2b 2d 4f  |..$ >.V...(^.+-O|
+00000120  9e f1 07 9f 6c 4b 5b 83  56 e2 32 42 e9 58 b6 d7  |....lK[.V.2B.X..|
+00000130  49 a6 b5 68 1a 41 03 56  6b dc 5a 89              |I..h.A.Vk.Z.|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 9b 02 00 00  97 03 03 1c 1a ee 30 2f  |..............0/|
-00000010  02 10 0c 84 ee 6a 2c d1  67 76 00 8a 16 e5 15 c5  |.....j,.gv......|
-00000020  4c d7 a9 26 33 43 9a 9a  d6 f8 e7 20 00 00 00 00  |L..&3C..... ....|
+00000000  16 03 03 00 9b 02 00 00  97 03 03 b4 cc 04 30 25  |..............0%|
+00000010  f5 36 2e 22 d7 f5 f2 46  5b 01 09 94 ec 5e 48 df  |.6."...F[....^H.|
+00000020  60 d5 70 b6 db 62 00 36  dc 66 cb 20 00 00 00 00  |`.p..b.6.f. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
 00000050  4f 00 2b 00 02 03 04 00  33 00 45 00 17 00 41 04  |O.+.....3.E...A.|
-00000060  f0 2e aa 75 ea 32 f4 3c  ea b7 61 13 0f 22 8d 39  |...u.2.<..a..".9|
-00000070  9e 0a 53 c8 d6 92 ea 5e  87 5b 46 d3 71 2d d1 df  |..S....^.[F.q-..|
-00000080  fa 1e 9a 6a 0e b2 bc d7  91 6e 26 56 17 24 11 d8  |...j.....n&V.$..|
-00000090  0f be c0 1d f5 fd c7 9d  2d 3c a0 0f ee 03 70 1f  |........-<....p.|
-000000a0  14 03 03 00 01 01 17 03  03 00 17 8e 76 66 0d 44  |............vf.D|
-000000b0  aa a2 d9 80 84 7c 6d 42  f0 ee 9f a3 6c b8 83 21  |.....|mB....l..!|
-000000c0  5d 7b 17 03 03 02 6d 18  d3 53 cc 09 6a 23 fc c5  |]{....m..S..j#..|
-000000d0  a9 2e 73 b4 3d ea 54 56  42 f5 1f 71 3e 8f 8e 7b  |..s.=.TVB..q>..{|
-000000e0  12 18 d7 d6 ab ed 24 5f  16 c8 18 5e e0 28 84 40  |......$_...^.(.@|
-000000f0  89 49 a7 91 57 d6 2b a0  9c ab 5d 85 ac 4f 6b 70  |.I..W.+...]..Okp|
-00000100  c3 31 e0 57 87 d7 7c 45  27 34 54 eb 85 02 14 2c  |.1.W..|E'4T....,|
-00000110  a0 53 4f ec 21 9f 04 91  38 b8 df 2c 5d 0b 79 0a  |.SO.!...8..,].y.|
-00000120  4f 96 79 15 72 de b5 fb  43 1f d8 71 62 d8 e0 69  |O.y.r...C..qb..i|
-00000130  21 13 87 ab e5 b8 e5 86  01 74 25 b7 39 fc 86 e2  |!........t%.9...|
-00000140  2f de 0b 1f 8c db b2 98  b3 47 c1 4e dd db 36 d3  |/........G.N..6.|
-00000150  28 de cf 4c 4d 54 8e a3  e5 d3 38 19 1f 4b 05 7f  |(..LMT....8..K..|
-00000160  9a e1 59 4c a3 4e 42 b6  71 0d 9c 96 e4 d8 29 73  |..YL.NB.q.....)s|
-00000170  4e e6 f5 87 56 04 99 c2  56 15 6c 8b 04 7c e5 83  |N...V...V.l..|..|
-00000180  8b f3 42 e8 97 7a b0 cc  7d 15 b8 84 d3 08 dd c1  |..B..z..}.......|
-00000190  89 f5 d4 19 d2 f6 fd 32  b4 37 6e 6a cc 0c 7a 69  |.......2.7nj..zi|
-000001a0  09 57 78 36 d4 5b 8c 23  0f e6 39 08 4c 58 3e 3f  |.Wx6.[.#..9.LX>?|
-000001b0  b1 a0 ae 2e 85 b7 64 45  dd e1 ae c4 91 53 8c 6f  |......dE.....S.o|
-000001c0  02 70 45 f0 97 7b c8 90  88 0e 95 ed 1e 81 fc 86  |.pE..{..........|
-000001d0  27 83 3d 32 43 d6 e4 f3  84 c6 c4 c1 b2 1c 0d 4a  |'.=2C..........J|
-000001e0  22 78 cd 1c f8 0a aa 19  1a 96 cc 46 6d a0 7f c7  |"x.........Fm...|
-000001f0  2f d8 68 de 48 7d ae 42  b3 75 2a d5 ab cf e7 a7  |/.h.H}.B.u*.....|
-00000200  a1 e6 66 e0 88 d8 14 25  81 21 4a 6f f7 7c 84 57  |..f....%.!Jo.|.W|
-00000210  9c cd 45 8a c0 2d 5f 97  b6 66 96 f1 be d8 02 d2  |..E..-_..f......|
-00000220  a4 8e fb 0d c4 cc 02 12  1d b7 76 73 8d 73 8e 71  |..........vs.s.q|
-00000230  ec 62 4b ba d1 94 98 e5  de 45 f4 92 22 79 9a 2e  |.bK......E.."y..|
-00000240  b4 12 a6 f8 ab 8a 52 c3  df f8 77 a9 71 8b ff d6  |......R...w.q...|
-00000250  2b bc 47 0b 63 5b 0f cf  f8 f1 86 7a 72 91 78 7b  |+.G.c[.....zr.x{|
-00000260  b8 52 74 96 40 4c 08 f3  ca 46 ef d9 b9 6d 7a dc  |.Rt.@L...F...mz.|
-00000270  2c da f1 c2 c4 1f 19 38  84 cf 7d b7 5d f2 19 a7  |,......8..}.]...|
-00000280  bc 81 70 48 1c 5d da e7  e1 8f 94 33 fa b9 44 97  |..pH.].....3..D.|
-00000290  52 7a 22 75 f3 3e 08 f5  d3 66 be 63 8e e6 fc 7b  |Rz"u.>...f.c...{|
-000002a0  54 6d 14 2e 88 09 c7 a1  a6 b7 8e f3 9f 66 dd a4  |Tm...........f..|
-000002b0  ec 81 e9 4b 44 69 29 78  95 dd 44 80 f5 f9 41 23  |...KDi)x..D...A#|
-000002c0  97 53 71 63 2d cc d0 47  d6 f7 3f 6b 61 5f 44 33  |.Sqc-..G..?ka_D3|
-000002d0  61 d1 35 94 42 7b 88 b9  af 6f e2 c1 71 7b d9 12  |a.5.B{...o..q{..|
-000002e0  2c b6 57 fa 42 98 27 6d  8a da f8 dd de 6f b2 ea  |,.W.B.'m.....o..|
-000002f0  c8 de 5c 09 cd 47 36 10  0f 52 72 39 b2 e5 92 19  |..\..G6..Rr9....|
-00000300  81 2a e0 ae aa cc b5 d1  68 98 c4 69 02 fc 86 1a  |.*......h..i....|
-00000310  79 9c 11 54 fc 43 8a ed  63 50 83 49 ac bf 4c ad  |y..T.C..cP.I..L.|
-00000320  80 04 98 fd 33 19 76 49  8f fe 5a 0f 22 69 3e eb  |....3.vI..Z."i>.|
-00000330  d8 eb 51 71 17 03 03 00  99 42 4d 4b db 37 6c c3  |..Qq.....BMK.7l.|
-00000340  fb 93 1f a6 7a 86 3c 5e  88 e5 75 d4 a1 73 4a b3  |....z.<^..u..sJ.|
-00000350  0b 99 f1 a6 98 5f 6d 0f  00 0e 4f fa a3 5e 7d f0  |....._m...O..^}.|
-00000360  41 dd dd 5c 71 3b 10 f9  75 07 d5 6c f2 83 83 5c  |A..\q;..u..l...\|
-00000370  60 32 d9 d2 b3 13 1b 6c  84 2b 02 58 da b6 18 4e  |`2.....l.+.X...N|
-00000380  ea 7d b3 46 2b a9 ec e7  65 3a 8e 2f 77 48 92 72  |.}.F+...e:./wH.r|
-00000390  6a 82 47 bd 82 2b f7 01  6b c4 22 e2 43 78 78 03  |j.G..+..k.".Cxx.|
-000003a0  3c 40 d9 6c d1 b3 5e 21  4d 52 74 e4 07 70 56 21  |<@.l..^!MRt..pV!|
-000003b0  05 37 37 82 13 cd e6 ce  3f 93 61 74 b4 9a 42 7d  |.77.....?.at..B}|
-000003c0  26 fa 15 4f ed b7 63 22  3c 92 f3 72 9c d2 80 17  |&..O..c"<..r....|
-000003d0  30 f0 17 03 03 00 35 8c  f6 08 33 76 5a a4 7b ef  |0.....5...3vZ.{.|
-000003e0  0d 91 b6 bf fa 9e 39 19  6f 79 77 4c 4d 74 95 71  |......9.oywLMt.q|
-000003f0  00 73 37 17 50 ef 55 fb  71 04 36 87 2e 16 5e 25  |.s7.P.U.q.6...^%|
-00000400  9b d4 9c 52 f9 ec c5 26  7e 58 ed 9f              |...R...&~X..|
+00000060  a4 00 4f 38 9f 17 cc 91  60 06 78 48 40 f3 be ac  |..O8....`.xH@...|
+00000070  f4 09 3f b1 41 0d 60 66  50 d5 a8 2c bf a6 c6 c8  |..?.A.`fP..,....|
+00000080  ca fe ed 4b 3f 5f 51 eb  fb da 45 b2 ad d3 70 d4  |...K?_Q...E...p.|
+00000090  59 e5 ad 07 5a 02 2e f4  6b 01 7e 57 c5 b7 71 02  |Y...Z...k.~W..q.|
+000000a0  14 03 03 00 01 01 17 03  03 00 17 3c 06 c9 4d 5a  |...........<..MZ|
+000000b0  51 b5 51 d9 dc ae 31 6d  75 9b f8 6e c1 9f e1 48  |Q.Q...1mu..n...H|
+000000c0  d6 c4 17 03 03 02 6d 9c  e1 d2 b9 0e da 85 ab 4e  |......m........N|
+000000d0  48 10 60 40 e4 1e 47 22  6f 26 2c fc f8 39 70 0f  |H.`@..G"o&,..9p.|
+000000e0  34 c8 40 80 dd c4 2b 39  50 d2 9c 9c 13 88 61 9e  |4.@...+9P.....a.|
+000000f0  62 14 01 ac be 34 95 dd  46 b6 e9 13 36 8f 54 00  |b....4..F...6.T.|
+00000100  43 5f 34 61 88 df 09 85  c7 0f 36 f3 0d 22 ef 25  |C_4a......6..".%|
+00000110  71 01 a7 ba fa 8d 24 7d  03 34 cf 92 d4 37 be b3  |q.....$}.4...7..|
+00000120  8b 79 e4 12 6d 19 32 28  47 51 d4 ec 85 b9 e2 88  |.y..m.2(GQ......|
+00000130  60 54 9d b5 75 56 27 fe  db bb 2d c9 38 49 f9 dc  |`T..uV'...-.8I..|
+00000140  cf 3e 71 af 65 b7 c4 72  7a f9 69 d5 a3 d6 be aa  |.>q.e..rz.i.....|
+00000150  e9 79 fa ec e0 55 33 78  21 2f 2d 54 62 83 6c 77  |.y...U3x!/-Tb.lw|
+00000160  2d 1e c9 5a 97 b4 11 46  ca 0e ba 75 58 d4 c4 a0  |-..Z...F...uX...|
+00000170  49 d8 76 f1 f0 37 0c 30  c2 a8 86 78 a7 c5 24 00  |I.v..7.0...x..$.|
+00000180  6e bd 89 fb 6a e6 73 1e  11 b9 21 29 92 c2 fd 44  |n...j.s...!)...D|
+00000190  cd 84 25 e0 19 09 56 a8  65 73 01 f9 1d 26 ed 02  |..%...V.es...&..|
+000001a0  67 3c 8a 1d 53 d7 c2 ea  a4 0d dd 03 26 85 eb b8  |g<..S.......&...|
+000001b0  20 c9 06 64 76 24 9a 4a  96 44 48 78 2e 86 01 9c  | ..dv$.J.DHx....|
+000001c0  be a3 60 7e 6e 5b 56 30  c7 b4 2d ff 71 db 58 15  |..`~n[V0..-.q.X.|
+000001d0  86 22 84 fb 00 d3 96 1d  f5 5f e5 39 3a 51 cc 04  |."......._.9:Q..|
+000001e0  95 fd 49 f0 c2 cc 34 e1  0b 1d ba bb 62 f8 14 4d  |..I...4.....b..M|
+000001f0  aa 94 f0 09 b5 04 d3 b7  52 10 d2 ee 01 0c a0 68  |........R......h|
+00000200  62 83 4f 11 33 b9 1c b1  4e 23 09 e7 d1 c2 c9 a4  |b.O.3...N#......|
+00000210  de 63 c3 48 3f c7 51 9a  78 4c 2e e7 fa 2c bd 06  |.c.H?.Q.xL...,..|
+00000220  82 e8 2f 61 35 83 aa 92  8b de 76 fb 0b 5a a7 44  |../a5.....v..Z.D|
+00000230  07 6b 8f d9 de d6 dd 35  ec 08 44 31 97 15 9c 70  |.k.....5..D1...p|
+00000240  38 89 2d 06 5d 01 39 23  45 ce c1 98 ca 90 f6 4a  |8.-.].9#E......J|
+00000250  47 a2 d4 6a ea 9f bc 7e  ab 42 f5 b9 bd 54 44 0c  |G..j...~.B...TD.|
+00000260  b8 1c 34 10 53 80 ae fb  97 b5 64 75 2e c0 72 30  |..4.S.....du..r0|
+00000270  dc 4a 3d aa 73 25 42 be  18 da 7c ae 0b 31 b0 f9  |.J=.s%B...|..1..|
+00000280  55 d6 15 42 da bb e0 91  c9 ee bb b8 e3 6a ea f7  |U..B.........j..|
+00000290  bf ae 2d 29 c0 58 4f 61  0c 55 e5 07 78 aa d1 45  |..-).XOa.U..x..E|
+000002a0  76 8e e4 a9 d0 dd 49 29  7d f1 ab b8 82 39 31 23  |v.....I)}....91#|
+000002b0  4c d4 5f f4 18 e7 b0 70  5f 78 e3 22 65 3b 84 e7  |L._....p_x."e;..|
+000002c0  40 d7 cb b5 e3 8c 5d fa  77 cb 45 fa 57 c0 4c fd  |@.....].w.E.W.L.|
+000002d0  11 7c f1 80 fa 4c 51 d9  78 5d b6 cc 08 90 91 9a  |.|...LQ.x]......|
+000002e0  71 20 e3 50 ec 21 7e 0d  2d e5 97 12 4a 18 17 ab  |q .P.!~.-...J...|
+000002f0  a0 1f 74 75 71 6b 8b 81  ac 85 18 99 ad 75 88 4c  |..tuqk.......u.L|
+00000300  15 87 04 57 1e 78 10 13  4b 51 f2 e9 8a 76 17 77  |...W.x..KQ...v.w|
+00000310  32 92 6c 12 6c db 2e ef  c1 2d 18 64 e8 b1 62 79  |2.l.l....-.d..by|
+00000320  4c 8a d0 23 9a ac 14 ab  c3 9f d7 37 0c cb 57 29  |L..#.......7..W)|
+00000330  bd 89 d8 32 17 03 03 00  99 40 69 b7 6b 35 af 37  |...2.....@i.k5.7|
+00000340  fd 28 d7 52 34 fa 65 84  83 41 a8 cd d9 5d e7 68  |.(.R4.e..A...].h|
+00000350  41 9b 39 7c f8 ef cf d8  8d 50 b9 2a 11 13 df f2  |A.9|.....P.*....|
+00000360  3c b3 4c 4b 7d c5 a5 d6  cf f2 72 c8 ea 26 0b 90  |<.LK}.....r..&..|
+00000370  42 5e b3 44 da a6 7d 81  13 0f f6 eb 4d c4 98 65  |B^.D..}.....M..e|
+00000380  84 aa 47 bf ba b3 f5 57  3c 18 cd 8c b2 9d 3f eb  |..G....W<.....?.|
+00000390  0e 13 aa b2 ed 42 97 cd  3f f9 d0 b7 8c 1a 94 5c  |.....B..?......\|
+000003a0  63 c3 f8 45 be 91 61 c6  d9 01 bd 88 d7 fa 15 6d  |c..E..a........m|
+000003b0  8c 48 87 6a 10 eb 43 39  66 a2 a4 cd ef 15 db 4f  |.H.j..C9f......O|
+000003c0  0d da 85 48 81 af d1 60  4b bc b9 03 a9 c5 c0 7b  |...H...`K......{|
+000003d0  9a 60 17 03 03 00 35 9a  10 8d b7 6a 5c 8e 16 96  |.`....5....j\...|
+000003e0  0a d3 2d 81 4f 3c 47 f5  bc f8 cd 92 c0 17 07 89  |..-.O<G.........|
+000003f0  28 82 42 9f f2 b0 c5 99  4f a3 33 46 f8 ea 7a b7  |(.B.....O.3F..z.|
+00000400  9e e9 a0 d6 f2 45 7e 8b  f3 4d 80 d2              |.....E~..M..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 f5 7f 27 09 c2  |..........5..'..|
-00000010  54 9d e7 a7 3b 14 b3 f2  a6 6d 27 5f 9b 79 04 17  |T...;....m'_.y..|
-00000020  28 5c de 4f 67 cf a5 24  e4 d3 c5 e1 38 fa 7e e8  |(\.Og..$....8.~.|
-00000030  97 03 7e 66 3b d0 6b e7  f8 7e 97 e0 db 6a da 79  |..~f;.k..~...j.y|
-00000040  17 03 03 00 17 30 1a e2  fe 4a 7a 03 03 82 f6 05  |.....0...Jz.....|
-00000050  e8 18 67 1d 14 ab 4f 3c  22 c6 45 f5 17 03 03 00  |..g...O<".E.....|
-00000060  13 f8 8f 43 e7 74 3c a0  28 b2 71 5a 85 69 e5 86  |...C.t<.(.qZ.i..|
-00000070  06 e3 4c 91                                       |..L.|
+00000000  14 03 03 00 01 01 17 03  03 00 35 5e d8 a7 91 d2  |..........5^....|
+00000010  39 b1 74 e8 a4 a2 02 97  c9 23 be a2 40 f8 94 39  |9.t......#..@..9|
+00000020  4b e8 ed 35 6c 8e 23 ce  da 32 90 93 50 f6 80 75  |K..5l.#..2..P..u|
+00000030  43 91 9c 90 09 b5 bb 7d  ab 56 53 0c a8 95 a5 c3  |C......}.VS.....|
+00000040  17 03 03 00 17 7e 95 f6  cc 40 0f 64 9f 6b d6 63  |.....~...@.d.k.c|
+00000050  29 28 6d 21 12 c4 70 6f  dd 69 ad d1 17 03 03 00  |)(m!..po.i......|
+00000060  13 8a b3 a5 7b 42 fe 41  be 86 57 03 16 d4 f1 25  |....{B.A..W....%|
+00000070  95 8d 2b f7                                       |..+.|
diff --git a/testdata/Client-TLSv13-X25519-ECDHE b/testdata/Client-TLSv13-X25519-ECDHE
index 855f63de..c10e6c91 100644
--- a/testdata/Client-TLSv13-X25519-ECDHE
+++ b/testdata/Client-TLSv13-X25519-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f8 01 00 00  f4 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 16 01 00 01  12 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,84 +7,86 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 79 00 0b 00 02  01 00 ff 01 00 01 00 00  |...y............|
+00000080  01 00 00 97 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 04 00 02 00 1d  00 0d 00 1a 00 18 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000d0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
-000000e0  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
-000000f0  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
+000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
+000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
+000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
+000000f0  01 00 33 00 26 00 24 00  1d 00 20 2f e5 7d a3 47  |..3.&.$... /.}.G|
+00000100  cd 62 43 15 28 da ac 5f  bb 29 07 30 ff f6 84 af  |.bC.(.._.).0....|
+00000110  c4 cf c2 ed 90 99 5f 58  cb 3b 74                 |......_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 6c f6 24 8a 4a  |....z...v..l.$.J|
-00000010  82 87 8f c9 9a a3 5a d2  4a 24 d3 52 c8 5d 52 95  |......Z.J$.R.]R.|
-00000020  0f 12 e8 8e e6 0c a6 5d  60 de 3c 20 00 00 00 00  |.......]`.< ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 97 02 8a b6 20  |....z...v...... |
+00000010  f7 b6 e4 eb 5b eb f8 c0  ea 29 ad 6a cb 1a 0a d7  |....[....).j....|
+00000020  40 a5 e7 dd 1d 75 88 61  b4 92 2b 20 00 00 00 00  |@....u.a..+ ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 1b  |..+.....3.$... .|
-00000060  e6 5f 3d 83 17 1c a6 90  45 f9 00 d9 96 be 4a 58  |._=.....E.....JX|
-00000070  ec 82 73 4d e6 8c 74 e9  80 bc 3a 48 1b 93 71 14  |..sM..t...:H..q.|
-00000080  03 03 00 01 01 17 03 03  00 17 71 c1 fc 68 5e 33  |..........q..h^3|
-00000090  54 8f 43 df 20 55 ac 3b  e8 a4 ee 68 ff 88 7c 71  |T.C. U.;...h..|q|
-000000a0  92 17 03 03 02 6d 2a 26  5c 45 13 5f 75 46 56 41  |.....m*&\E._uFVA|
-000000b0  25 92 a1 6f cd 7b 01 e2  cb 76 81 4d 33 f0 9d d1  |%..o.{...v.M3...|
-000000c0  0d db b1 90 1a a7 d9 a8  4a 79 b1 12 59 62 0d c8  |........Jy..Yb..|
-000000d0  cc 92 16 26 27 3e 07 b6  8a 15 77 a8 f6 c3 02 e7  |...&'>....w.....|
-000000e0  44 0d b5 d3 11 57 6b 81  15 7d 23 b3 91 82 21 3c  |D....Wk..}#...!<|
-000000f0  0a 0c ef d5 5b 96 5d 85  aa 3a 1e a6 7b fc 3a eb  |....[.]..:..{.:.|
-00000100  24 af 13 fa 7f 90 0a 83  b5 0a 0b d0 f7 0c 2d 99  |$.............-.|
-00000110  75 9b 84 0c d8 dc 60 a3  62 ed 64 55 02 73 a1 74  |u.....`.b.dU.s.t|
-00000120  c1 53 c6 97 a5 23 7c 19  c8 f7 1c 97 e9 e9 f8 ee  |.S...#|.........|
-00000130  4c 47 7e c4 5e 0f 03 fc  60 9e ba 47 ea a9 9b ef  |LG~.^...`..G....|
-00000140  9a 04 62 e3 db bf 30 d7  5a 1f 20 c9 4c 37 ff 0e  |..b...0.Z. .L7..|
-00000150  46 d9 ce 85 c5 47 16 43  9a 89 0b 97 44 7a be 09  |F....G.C....Dz..|
-00000160  5d 03 a0 b1 1f a6 ca 78  0d fb f4 1a 6d 3a ec 40  |]......x....m:.@|
-00000170  1e 58 fc 67 5e bb 69 a1  ae 1d 6d bc b4 80 b9 71  |.X.g^.i...m....q|
-00000180  1a 11 12 35 6a 2a 0c dc  b3 b5 4b 0a 06 a7 8b be  |...5j*....K.....|
-00000190  38 4b 70 32 d4 51 e3 99  5b 60 28 e7 9a 60 90 6b  |8Kp2.Q..[`(..`.k|
-000001a0  1f 3a 9b 4b 66 fd e6 76  b5 8c 29 c3 36 ae a8 81  |.:.Kf..v..).6...|
-000001b0  7e 7c bf e7 46 7d 13 27  0d 38 75 f0 15 e1 64 93  |~|..F}.'.8u...d.|
-000001c0  1e 26 bc a8 5d 95 60 a2  e5 42 7f 2f 08 a1 e8 d3  |.&..].`..B./....|
-000001d0  79 e8 5e 1f 02 45 cc 05  ca 63 7b f2 d9 ad af ab  |y.^..E...c{.....|
-000001e0  5a 94 f0 16 e7 60 14 c2  3d 05 3f 8d bb 33 c1 ca  |Z....`..=.?..3..|
-000001f0  79 28 04 c7 20 07 c8 13  89 7a 11 a2 54 6d b8 d5  |y(.. ....z..Tm..|
-00000200  e1 b7 b1 43 48 9b a9 b9  e8 e0 40 7e 5a 36 24 70  |...CH.....@~Z6$p|
-00000210  42 9a 51 70 6e 22 8a 2b  4b 9d b0 58 ff ae a9 45  |B.Qpn".+K..X...E|
-00000220  34 b2 8b c1 35 d8 65 a5  7e 1f 32 fd 51 21 79 00  |4...5.e.~.2.Q!y.|
-00000230  79 20 f7 5f 8a e2 e0 b3  4a 78 3b 03 a8 03 b6 ef  |y ._....Jx;.....|
-00000240  b2 25 37 e9 f3 ce 22 f0  2b fc f8 dd be 50 10 22  |.%7...".+....P."|
-00000250  0b fa fb 04 ab a7 33 07  48 2f ca ec 0d fe 19 75  |......3.H/.....u|
-00000260  cc c5 3d 17 36 06 5c 07  08 15 df 36 6c 4f f4 73  |..=.6.\....6lO.s|
-00000270  50 49 ff 47 ba 47 6d e1  bb 2d 8f 77 d5 44 a9 87  |PI.G.Gm..-.w.D..|
-00000280  2a 05 12 52 bf 2b e2 4b  64 94 9c 89 bb 2c 65 cb  |*..R.+.Kd....,e.|
-00000290  59 2a f0 1a 15 b2 e3 6e  5a cc 48 b4 44 6c 44 07  |Y*.....nZ.H.DlD.|
-000002a0  80 01 93 25 86 83 f2 8f  01 e6 ef 5e 9a 36 4e 7f  |...%.......^.6N.|
-000002b0  bc 27 0e 4d f0 67 3a de  29 b5 e9 6a 7f 4b b4 77  |.'.M.g:.)..j.K.w|
-000002c0  9b e2 3b 73 c9 51 e5 a6  df 97 a7 02 fa f2 f7 db  |..;s.Q..........|
-000002d0  df 71 fb d1 ad 64 37 46  3e de 57 de 1d fc 8f 6e  |.q...d7F>.W....n|
-000002e0  bb 6f 58 3f 87 00 d1 a3  52 a5 35 12 17 83 19 a4  |.oX?....R.5.....|
-000002f0  2b be 31 bd dc a6 62 ca  c3 09 39 e1 cd 0b 64 44  |+.1...b...9...dD|
-00000300  1a ef 65 26 f3 e5 31 fb  61 56 df d3 11 d9 cc 65  |..e&..1.aV.....e|
-00000310  7f 8f ab 17 03 03 00 99  94 ce 37 3c e1 7f b1 f5  |..........7<....|
-00000320  7e 2b 04 17 45 3d 38 40  1b 82 0e f7 22 ef 28 ce  |~+..E=8@....".(.|
-00000330  1a 69 33 a6 ad c6 1f ab  08 12 31 b4 c7 41 ac c5  |.i3.......1..A..|
-00000340  b3 e5 4b 84 56 d9 0c 53  58 4c 8f 40 3a 34 66 d0  |..K.V..SXL.@:4f.|
-00000350  c7 8f 9b b3 26 25 1f 68  fc 97 ba a7 de ac cf c5  |....&%.h........|
-00000360  8b b3 26 99 68 6e ca e9  65 47 07 bd 38 15 f3 0c  |..&.hn..eG..8...|
-00000370  d0 14 8e 6d 89 a2 ad cd  ad ef 00 54 07 5a 4b ef  |...m.......T.ZK.|
-00000380  02 ce b9 a1 b0 d0 d6 f7  bb e0 91 51 72 87 99 50  |...........Qr..P|
-00000390  f4 68 4c 0e d8 fa 00 d4  dd bd 1d 2e 7b f6 e2 61  |.hL.........{..a|
-000003a0  d3 a8 46 9c f7 dc 2a 04  be 3c 42 85 4f ad 59 20  |..F...*..<B.O.Y |
-000003b0  a2 17 03 03 00 35 ee cf  79 7c 39 a5 02 f9 99 e4  |.....5..y|9.....|
-000003c0  5d e5 76 ba bf 74 f9 b4  fe bc 1e 85 06 2e 2c 58  |].v..t........,X|
-000003d0  b4 a5 5f dd e5 a2 7c d0  3a 3b 95 97 85 76 7f bc  |.._...|.:;...v..|
-000003e0  6f 9d 49 98 48 93 dc 46  ac 60 ba                 |o.I.H..F.`.|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 b3  |..+.....3.$... .|
+00000060  73 c5 08 81 cd 33 2e 44  42 46 70 03 40 b1 cf 44  |s....3.DBFp.@..D|
+00000070  39 17 fa 84 e2 44 0e 37  f5 d1 3a a7 3c ca 5d 14  |9....D.7..:.<.].|
+00000080  03 03 00 01 01 17 03 03  00 17 29 94 4c 54 36 71  |..........).LT6q|
+00000090  24 9c 5c 24 f2 e7 85 50  b7 fd cb 8c db 28 14 f7  |$.\$...P.....(..|
+000000a0  f9 17 03 03 02 6d c7 4c  08 32 d5 0f 28 ec e9 4f  |.....m.L.2..(..O|
+000000b0  08 45 1d cb 93 c8 61 47  1d 6b c9 ef 33 25 e0 07  |.E....aG.k..3%..|
+000000c0  14 18 d9 ec 1b 6f 5a e1  d1 8c 9d ad 2d 46 0f b8  |.....oZ.....-F..|
+000000d0  c7 f7 0d f8 e7 86 3d 70  8d e1 ce 78 a0 3a cc 36  |......=p...x.:.6|
+000000e0  26 f0 e2 49 99 24 dd 61  c7 ae cd 10 4c 59 09 8a  |&..I.$.a....LY..|
+000000f0  43 26 35 2a b7 64 45 53  60 13 17 e6 7d 59 b7 4b  |C&5*.dES`...}Y.K|
+00000100  90 57 88 d9 21 8b d8 7d  bc 00 9e f7 bf 89 a9 d0  |.W..!..}........|
+00000110  5e 2d 17 2c cd ff cb cd  93 e8 a1 55 b7 11 fe b5  |^-.,.......U....|
+00000120  29 62 3f 6a 4c 41 ba 31  a9 ba 7a 54 7b 16 be 73  |)b?jLA.1..zT{..s|
+00000130  d4 17 35 e3 35 f2 41 a0  af d5 c7 b8 0b ea 79 bc  |..5.5.A.......y.|
+00000140  ff 2c 48 d4 2a 8b 86 e8  42 f5 75 50 31 09 4c f4  |.,H.*...B.uP1.L.|
+00000150  b8 c4 6c f4 24 9b 53 06  5c 2e c1 f0 37 22 51 9f  |..l.$.S.\...7"Q.|
+00000160  12 a1 4d 06 c8 0d 11 e4  5b 5d 72 ed f1 c2 8d 64  |..M.....[]r....d|
+00000170  74 63 0f 4e d3 9a 92 f6  68 47 36 53 5a 19 90 bc  |tc.N....hG6SZ...|
+00000180  7e de e9 05 73 5b 13 80  92 bb f4 ff 6d 4e e5 1c  |~...s[......mN..|
+00000190  40 b6 29 f3 34 0f 3c 7b  06 af 54 14 67 cb 43 43  |@.).4.<{..T.g.CC|
+000001a0  ad 30 68 a9 d1 09 29 43  02 01 ba 6e 87 e5 7a 75  |.0h...)C...n..zu|
+000001b0  67 53 54 cf bf 33 d9 f1  ca fa 63 cf 04 87 00 c6  |gST..3....c.....|
+000001c0  82 ab 0e a7 4e 8f 00 ad  0b 64 2e 87 3c 07 d7 a1  |....N....d..<...|
+000001d0  1d 4c 68 b5 78 e0 83 1f  5e d3 21 35 ed bb ca 8a  |.Lh.x...^.!5....|
+000001e0  91 cf 39 ec 74 c5 e4 51  2b 00 cf 3b 71 e1 ba af  |..9.t..Q+..;q...|
+000001f0  e6 c6 29 cc cf 8f a3 23  89 ae 3c 0f d0 47 e7 29  |..)....#..<..G.)|
+00000200  d4 11 7e 62 57 3a ee 7a  42 98 0d 53 1b 14 a7 45  |..~bW:.zB..S...E|
+00000210  12 15 8c 0b 9d 32 1d 9e  f3 a1 31 b5 34 c5 d8 03  |.....2....1.4...|
+00000220  69 df 1f ab a4 4e 01 d7  35 f7 3e 83 3d 7b 7e cc  |i....N..5.>.={~.|
+00000230  30 cd 8a 3b 9e 80 1b 5c  cc 48 2d 92 37 b8 5d 23  |0..;...\.H-.7.]#|
+00000240  8b 43 9e 1e 6d 60 04 7f  91 b1 7f 7d 4a ff 3f 5f  |.C..m`.....}J.?_|
+00000250  e8 e4 49 9e 48 04 69 20  5d e9 13 3a 61 23 fa 4e  |..I.H.i ]..:a#.N|
+00000260  31 f9 d6 3e cd fc 20 e2  14 d7 2d 47 63 7b e5 fd  |1..>.. ...-Gc{..|
+00000270  20 01 9c f4 b3 82 1f 56  60 f5 7c e2 2a 70 64 91  | ......V`.|.*pd.|
+00000280  75 75 68 fb 61 08 72 83  fc 4f a0 75 3a 2d ff f8  |uuh.a.r..O.u:-..|
+00000290  c9 1b 02 bf cf 84 fd 5e  ab dd 01 28 de d9 d8 1c  |.......^...(....|
+000002a0  78 7e a0 66 35 43 d5 54  08 66 41 74 df 43 b1 23  |x~.f5C.T.fAt.C.#|
+000002b0  f4 f1 3d 78 d0 d2 99 0d  99 c5 c1 f2 cf 86 74 29  |..=x..........t)|
+000002c0  10 31 10 4e 56 aa 90 0b  39 1f 7c 7d 6f f7 39 6b  |.1.NV...9.|}o.9k|
+000002d0  9b 4e 3c 3e 52 2f 7e 6f  6e 55 b5 64 58 08 7d dd  |.N<>R/~onU.dX.}.|
+000002e0  3b 79 08 b3 30 49 17 28  a0 6e 76 b3 38 54 56 19  |;y..0I.(.nv.8TV.|
+000002f0  f7 67 11 5f d5 54 c3 22  07 e8 83 c8 22 19 37 ab  |.g._.T."....".7.|
+00000300  8e 3a ed 07 47 02 b8 4f  03 6c ca e1 16 20 a0 b6  |.:..G..O.l... ..|
+00000310  43 d9 39 17 03 03 00 99  26 fb 79 ee 89 6d e8 ce  |C.9.....&.y..m..|
+00000320  89 95 ec 7d a2 19 ab 24  b7 b5 49 00 de ae a3 29  |...}...$..I....)|
+00000330  00 ce bf 8d 71 42 c2 dc  ae 65 ed 84 a3 af 1b d9  |....qB...e......|
+00000340  64 0a fa 49 b6 5e a9 64  bb 91 43 25 65 df 06 ee  |d..I.^.d..C%e...|
+00000350  90 a9 c9 48 99 c2 b6 0d  91 91 77 70 3b ca 58 a4  |...H......wp;.X.|
+00000360  c7 e8 fd 01 67 7c b3 ea  8e b9 9d c5 4c cf 55 67  |....g|......L.Ug|
+00000370  09 23 99 e7 2d ff 54 4b  e4 56 d5 24 72 a9 1b 03  |.#..-.TK.V.$r...|
+00000380  bc 4c d9 c8 37 f2 0b 62  88 4e 89 05 db 11 0f 3a  |.L..7..b.N.....:|
+00000390  9f 8b a7 4f a4 0a 89 d5  c8 df 11 06 af 73 71 38  |...O.........sq8|
+000003a0  bd 2f 97 15 24 b6 54 ca  bb 1c 3c e1 16 ad eb c6  |./..$.T...<.....|
+000003b0  64 17 03 03 00 35 b8 1c  a1 16 59 5c 46 6e 4c 3f  |d....5....Y\FnL?|
+000003c0  3c 79 d0 1f 4f 8a c8 49  49 6e 7e 53 de fb 43 99  |<y..O..IIn~S..C.|
+000003d0  c8 a8 3d ab 1e a4 05 de  34 0a 85 9e 9c 3e 33 2d  |..=.....4....>3-|
+000003e0  3b 78 12 70 cc 3e cf f6  36 47 23                 |;x.p.>..6G#|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 19 50 85 5d 08  |..........5.P.].|
-00000010  c9 5e 25 05 37 ed cc 54  fe ba 86 3e 8a d4 e9 fd  |.^%.7..T...>....|
-00000020  66 54 6e a3 1f 8b 4f 95  cf 04 51 db 60 96 ae 78  |fTn...O...Q.`..x|
-00000030  6b 7d 19 63 03 2a b6 e5  97 37 26 79 98 3f 85 52  |k}.c.*...7&y.?.R|
-00000040  17 03 03 00 17 c9 80 91  3e 92 1e a7 9b 00 a3 01  |........>.......|
-00000050  19 31 d0 6f 2e 69 0c 15  03 73 20 36 17 03 03 00  |.1.o.i...s 6....|
-00000060  13 97 85 32 6f a2 9c 72  be ca 43 db 18 a7 98 b7  |...2o..r..C.....|
-00000070  67 44 71 ce                                       |gDq.|
+00000000  14 03 03 00 01 01 17 03  03 00 35 59 5c b8 42 f1  |..........5Y\.B.|
+00000010  bb fc 65 3e 0a 8b 1c 70  be 4b 39 8c ae 0d 91 e1  |..e>...p.K9.....|
+00000020  82 b8 ad 51 1f f3 d4 06  13 33 96 71 27 96 1f f2  |...Q.....3.q'...|
+00000030  dd 6f ef 94 9b bb 56 bf  8a 59 2b 92 c9 01 b7 72  |.o....V..Y+....r|
+00000040  17 03 03 00 17 3a b4 c3  77 5b e6 98 a2 b4 3d f6  |.....:..w[....=.|
+00000050  83 fb f4 f5 6e f5 5f 5a  1e 5b 96 4c 17 03 03 00  |....n._Z.[.L....|
+00000060  13 3b 5f a0 57 f0 27 8d  dd 6a 36 fc 4c 33 86 f6  |.;_.W.'..j6.L3..|
+00000070  fe 8b 6f 5a                                       |..oZ|
diff --git a/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven b/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven
index a957c263..686011b0 100644
--- a/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven
+++ b/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven
@@ -1,180 +1,182 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 ca 01 00 00  c6 03 03 cd 87 c0 5e 7c  |..............^||
-00000010  7b d7 c6 77 d9 21 6f 46  00 07 88 61 18 8c b9 d4  |{..w.!oF...a....|
-00000020  ad 25 6a 9d 7e 54 cc 70  52 7c 0f 20 67 9b dd 18  |.%j.~T.pR|. g...|
-00000030  84 bb 23 7d 53 10 b9 6c  01 ef 30 6f 79 7d 64 5c  |..#}S..l..0oy}d\|
-00000040  79 3e c1 11 8f 75 cf 83  02 d3 e8 d9 00 04 13 01  |y>...u..........|
+00000000  16 03 01 00 ca 01 00 00  c6 03 03 af 29 1d da b2  |............)...|
+00000010  1b 14 96 f9 c9 6a 4d 28  cc 1d 9f c4 95 d0 a6 16  |.....jM(........|
+00000020  1f 83 3d d6 17 80 5e 4f  9f d9 87 20 cb 34 16 64  |..=...^O... .4.d|
+00000030  39 bb 98 16 55 43 38 3a  a2 b4 e0 38 02 04 ee 6b  |9...UC8:...8...k|
+00000040  a6 4e b9 f8 83 09 aa 7b  f5 de e0 79 00 04 13 01  |.N.....{...y....|
 00000050  00 ff 01 00 00 79 00 0b  00 04 03 00 01 02 00 0a  |.....y..........|
 00000060  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 16  |................|
 00000070  00 00 00 17 00 00 00 0d  00 1e 00 1c 04 03 05 03  |................|
 00000080  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000090  08 06 04 01 05 01 06 01  00 2b 00 03 02 03 04 00  |.........+......|
-000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 d7  |-.....3.&.$... .|
-000000b0  18 8a c1 a5 4d cb 7c f2  7d e4 cf 7a c6 92 28 ee  |....M.|.}..z..(.|
-000000c0  a6 b4 79 65 bf 2b fb 71  2e a5 2a 58 da 6f 5e     |..ye.+.q..*X.o^|
+000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 ee  |-.....3.&.$... .|
+000000b0  90 71 47 4a 18 b1 78 c4  9a 7d 65 5d 4e b3 88 96  |.qGJ..x..}e]N...|
+000000c0  6c b1 bc 2d a3 9d 2d 8e  a2 7a 7b eb 94 11 4e     |l..-..-..z{...N|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 7a 02 00 00  76 03 03 00 00 00 00 00  |....z...v.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 20 67 9b dd 18  |........... g...|
-00000030  84 bb 23 7d 53 10 b9 6c  01 ef 30 6f 79 7d 64 5c  |..#}S..l..0oy}d\|
-00000040  79 3e c1 11 8f 75 cf 83  02 d3 e8 d9 13 01 00 00  |y>...u..........|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 cb 34 16 64  |........... .4.d|
+00000030  39 bb 98 16 55 43 38 3a  a2 b4 e0 38 02 04 ee 6b  |9...UC8:...8...k|
+00000040  a6 4e b9 f8 83 09 aa 7b  f5 de e0 79 13 01 00 00  |.N.....{...y....|
 00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 2f  |..+.....3.$... /|
 00000060  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 00000070  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 14  |.........._X.;t.|
-00000080  03 03 00 01 01 17 03 03  00 17 4d 4b 33 12 cb ed  |..........MK3...|
-00000090  f7 a2 55 e7 a6 ab 5b b1  55 16 30 c3 ee e1 5c 14  |..U...[.U.0...\.|
-000000a0  b8 17 03 03 00 3e 30 04  2a e5 e8 b8 f3 25 9b a9  |.....>0.*....%..|
-000000b0  92 e6 eb d9 fb b6 62 64  e2 de 9d c0 48 68 b3 d7  |......bd....Hh..|
-000000c0  0f 8b ad 21 69 c7 f0 d7  96 ff 6a 24 2f 01 c9 e7  |...!i.....j$/...|
-000000d0  e9 06 4b 93 94 67 97 44  46 c4 69 2f 0e aa e0 9b  |..K..g.DF.i/....|
-000000e0  8d 19 f2 2c 17 03 03 02  6d a1 fb 2b 5f 10 e9 62  |...,....m..+_..b|
-000000f0  8b ad c1 33 58 f6 a7 89  78 a6 dd 64 ff c2 c7 57  |...3X...x..d...W|
-00000100  80 9f 59 be 2d bd f5 b9  8a 6b d9 22 1c fe 10 ea  |..Y.-....k."....|
-00000110  c4 a5 3e 45 d9 d7 12 cf  48 d5 26 18 49 50 80 69  |..>E....H.&.IP.i|
-00000120  44 28 03 3b b6 f8 0a 0e  b4 cb 5e 5b 57 0f c0 2f  |D(.;......^[W../|
-00000130  59 4f 13 e3 9c 02 18 b1  ce 94 78 05 18 64 73 c6  |YO........x..ds.|
-00000140  05 89 d1 54 37 18 ea 09  61 08 c5 6a 54 f6 48 44  |...T7...a..jT.HD|
-00000150  40 63 6a 53 b9 41 5f 4f  8e 05 e7 31 7b 08 d0 67  |@cjS.A_O...1{..g|
-00000160  8e bf 56 c4 56 0a 82 b2  74 6a 89 dd b4 f7 3c 0b  |..V.V...tj....<.|
-00000170  3c fd 21 1f 00 72 1d 4f  be b1 50 44 9a 14 67 7d  |<.!..r.O..PD..g}|
-00000180  a9 93 30 a2 4e ea 61 c9  fd 44 de 5c 88 36 59 a2  |..0.N.a..D.\.6Y.|
-00000190  e3 63 b1 9c ea dd 47 0a  ca 63 9e 50 9d ca 57 12  |.c....G..c.P..W.|
-000001a0  05 9b fc f1 26 a2 5e 18  9b 32 00 38 1f ce a6 58  |....&.^..2.8...X|
-000001b0  58 0f 61 e2 44 c2 89 34  cc f4 fd 9a dc 1a 67 a6  |X.a.D..4......g.|
-000001c0  e8 b1 fc 9f dc bd 0b 21  01 49 0d 9b e1 40 00 f6  |.......!.I...@..|
-000001d0  33 1a 57 c5 84 c1 98 3d  7f 53 d3 4d 2e 04 5e 40  |3.W....=.S.M..^@|
-000001e0  7d 38 80 66 bc c5 40 d9  14 f6 83 26 82 9b c8 14  |}8.f..@....&....|
-000001f0  61 aa 6c 1c a1 53 81 f8  b0 7f 06 92 5c af be 57  |a.l..S......\..W|
-00000200  1a 54 97 02 27 31 1f 58  52 cf 39 2f 82 26 ae 6c  |.T..'1.XR.9/.&.l|
-00000210  86 d9 46 cd 38 16 e2 67  62 82 2e 53 7a 86 15 30  |..F.8..gb..Sz..0|
-00000220  08 0c a7 e2 85 18 55 79  16 44 4d 50 9e b5 e7 e1  |......Uy.DMP....|
-00000230  2c 1e 1d eb e1 83 f3 9e  d0 7b 45 b8 1e 51 d9 79  |,........{E..Q.y|
-00000240  91 7a b8 90 bc 18 94 69  ad 94 08 e5 23 de 2b fa  |.z.....i....#.+.|
-00000250  8d ef 23 4c 40 df e1 43  0d 71 51 ef 88 a9 bb 89  |..#L@..C.qQ.....|
-00000260  59 87 9c db e1 d4 31 94  a7 f5 af 7d 51 be e9 d0  |Y.....1....}Q...|
-00000270  f2 49 12 72 47 65 a0 5b  7d 9f 91 85 f7 e8 d6 90  |.I.rGe.[}.......|
-00000280  b3 4d f3 5d 6a 51 96 a9  81 84 72 95 47 e8 0a f5  |.M.]jQ....r.G...|
-00000290  8d d6 2a 64 c2 34 1b d8  f0 f9 62 0c be 17 12 9b  |..*d.4....b.....|
-000002a0  40 a2 c3 8a eb 30 20 04  e4 69 a3 27 90 a6 1a 4f  |@....0 ..i.'...O|
-000002b0  3f 95 65 e6 9e c7 ad 03  e1 d2 34 d2 84 d5 f6 8c  |?.e.......4.....|
-000002c0  1e 8a aa e4 75 c0 7f 1d  79 4e 70 10 4e 18 9c eb  |....u...yNp.N...|
-000002d0  17 76 0c 66 6c 82 72 41  83 98 fc 41 41 4a 07 03  |.v.fl.rA...AAJ..|
-000002e0  a6 16 51 0d 60 96 43 0a  97 27 72 42 31 70 6b 02  |..Q.`.C..'rB1pk.|
-000002f0  e4 58 b0 15 4f 2e a3 5a  ed dc 82 99 82 47 d5 6c  |.X..O..Z.....G.l|
-00000300  4b b4 68 70 f5 a3 31 36  52 8d af ab d1 ac f6 28  |K.hp..16R......(|
-00000310  2e 18 bc 4f 1b 7c a8 ad  c3 1f 2f 70 a6 c4 39 c6  |...O.|..../p..9.|
-00000320  ae 0f 2e b7 58 c9 c0 2a  4b 34 c2 42 12 e3 5d ed  |....X..*K4.B..].|
-00000330  d1 ac e1 f1 14 66 d4 09  1c a0 99 82 d3 04 13 2a  |.....f.........*|
-00000340  a4 20 c4 e7 38 1e 0a 02  4e 96 02 71 9d f6 f7 86  |. ..8...N..q....|
-00000350  f7 30 1a 5d 65 4f 17 03  03 00 99 3f 3d 4a 91 ae  |.0.]eO.....?=J..|
-00000360  0f 80 52 0f 1c d1 a2 75  83 e5 08 d8 1f 9d c8 24  |..R....u.......$|
-00000370  fc 85 ba 76 1f 9e 1e 35  a3 dd 45 83 8e b9 55 a6  |...v...5..E...U.|
-00000380  3b 26 ae 82 4f 1f 2e 8f  e5 25 fb d6 22 0f 55 d6  |;&..O....%..".U.|
-00000390  ac fa 93 6d d1 d3 7c 41  af c0 15 5c 8b e1 64 c1  |...m..|A...\..d.|
-000003a0  3f a2 c8 9e 48 f5 63 61  3a df 13 6e f4 e3 60 9d  |?...H.ca:..n..`.|
-000003b0  bc 52 bd b7 94 e9 4b 7a  65 97 28 ac 39 6a 77 a7  |.R....Kze.(.9jw.|
-000003c0  86 1d b4 6b e4 15 c4 bd  2b 41 b6 06 ac ff b5 9f  |...k....+A......|
-000003d0  17 47 b4 a7 1d 69 8b 6e  82 eb f7 39 03 95 10 dd  |.G...i.n...9....|
-000003e0  18 78 50 58 c8 78 80 ae  45 dc 54 0f 33 cb 4a d2  |.xPX.x..E.T.3.J.|
-000003f0  90 00 12 d4 17 03 03 00  35 76 fa bf ab 3f c3 3d  |........5v...?.=|
-00000400  dd 78 65 cc 35 1e 24 35  4f 7d 3c e4 bb 73 d8 19  |.xe.5.$5O}<..s..|
-00000410  56 94 f4 ce ad bc 1d 6a  fb 1b 75 01 93 36 2b 44  |V......j..u..6+D|
-00000420  3a 3c a3 9b 7c 57 6f 98  24 a3 64 b1 13 47        |:<..|Wo.$.d..G|
+00000080  03 03 00 01 01 17 03 03  00 17 c3 9d 29 f6 f8 18  |............)...|
+00000090  b9 39 9f 93 b2 f5 ab 30  41 d6 95 40 21 ba f8 8e  |.9.....0A..@!...|
+000000a0  25 17 03 03 00 52 08 a9  80 f3 24 c6 a6 b6 aa bc  |%....R....$.....|
+000000b0  30 c2 f7 dd e6 47 10 88  db 0c dd 43 ab 78 bd 16  |0....G.....C.x..|
+000000c0  82 7b 4f 26 9c 0e 47 6b  75 79 4e da 8e 43 8b e6  |.{O&..GkuyN..C..|
+000000d0  6a 25 0d 47 50 bf 26 c8  16 70 41 1c b2 b5 cd d1  |j%.GP.&..pA.....|
+000000e0  34 9b 26 13 92 45 b5 f5  03 04 cf 55 ee ff c8 e6  |4.&..E.....U....|
+000000f0  92 9e 04 d9 c5 f5 fd 0f  17 03 03 02 6d f6 33 26  |............m.3&|
+00000100  26 da 41 f2 4e 6e ed 41  23 44 29 5f 43 38 7d 24  |&.A.Nn.A#D)_C8}$|
+00000110  f7 a1 01 d4 23 a5 bf 85  db 39 86 27 ff 9c e9 ac  |....#....9.'....|
+00000120  6c 0e 0e 51 c7 95 8d aa  f6 59 53 0a 89 d4 e7 2d  |l..Q.....YS....-|
+00000130  6e f8 66 7d e5 b2 ac e4  7b b2 91 2b 31 c9 2b 4e  |n.f}....{..+1.+N|
+00000140  92 8f a9 c8 79 21 9a 8f  a2 79 29 47 c4 ef ab 80  |....y!...y)G....|
+00000150  25 02 d6 8c ae 32 3b 1a  55 0e f9 4a ba 92 b9 61  |%....2;.U..J...a|
+00000160  86 39 04 0a a7 d6 eb 95  50 4f 86 1b c9 d1 1d 1e  |.9......PO......|
+00000170  61 06 43 00 c2 2a a9 e2  06 ff ce 4a fd 6f d0 19  |a.C..*.....J.o..|
+00000180  2a 0e ec 14 86 19 9c bc  1d 96 e1 b1 00 b2 19 c4  |*...............|
+00000190  15 64 4c 33 54 89 fc 15  01 90 13 3b ff 99 e6 23  |.dL3T......;...#|
+000001a0  19 38 4f 67 97 ee ab b3  9f ca 1f 18 7d 45 ef 87  |.8Og........}E..|
+000001b0  42 7b 57 51 d0 c3 43 50  35 a3 33 ff 19 df 54 8e  |B{WQ..CP5.3...T.|
+000001c0  e9 98 2f 46 93 87 b4 b1  c2 73 04 4f 06 5b 3c 0a  |../F.....s.O.[<.|
+000001d0  c3 87 6c 68 68 b4 61 a2  33 bd 11 06 93 19 fb 05  |..lhh.a.3.......|
+000001e0  c3 e6 3f 14 e5 a6 6d ec  48 56 a6 37 60 81 a4 cd  |..?...m.HV.7`...|
+000001f0  89 b5 4e c8 dc 99 79 66  5e 40 44 de 4a 22 9a ce  |..N...yf^@D.J"..|
+00000200  3d c4 a0 17 03 45 e6 28  70 27 f5 24 e1 81 7a 5f  |=....E.(p'.$..z_|
+00000210  5d 6e 6c bc 28 c3 fb b1  8b 18 fa 3d 9d f3 c3 a5  |]nl.(......=....|
+00000220  f0 41 7a 0d 87 c1 70 77  d3 3a fa ef 2b 11 9b 61  |.Az...pw.:..+..a|
+00000230  12 f8 d1 25 73 bc 79 bf  ee 9a 5e e0 3b fb 06 da  |...%s.y...^.;...|
+00000240  7e d6 08 aa 13 73 8a 8c  97 d7 5a e4 dc 88 51 60  |~....s....Z...Q`|
+00000250  8c 61 51 65 f6 d0 4e 7d  b0 b1 23 2c 69 77 20 fe  |.aQe..N}..#,iw .|
+00000260  d1 ff 13 57 d8 c5 58 1f  3c e9 86 f4 3a 45 1a 9c  |...W..X.<...:E..|
+00000270  c2 e0 4d da 67 1b 81 62  bf 07 de a6 ea 74 81 e3  |..M.g..b.....t..|
+00000280  ba 1b 1f bf b0 d3 d3 08  c0 23 5f 05 d5 1f 41 51  |.........#_...AQ|
+00000290  f2 11 2e 36 ed 00 f8 b5  ea f1 4c 0b b8 d0 a3 cc  |...6......L.....|
+000002a0  c6 a7 2a ee 1f 6c 6b 33  0d 38 5b 5c 6e f4 53 d2  |..*..lk3.8[\n.S.|
+000002b0  6e 90 5b ce 44 e7 f1 50  1e 12 21 76 35 d1 2f 49  |n.[.D..P..!v5./I|
+000002c0  a1 27 66 00 93 27 27 34  5d e5 ed 4b 6f 7e 3d e3  |.'f..''4]..Ko~=.|
+000002d0  78 de 2f 48 9f 4c 36 a7  5d 62 98 1e 2c ee 82 3c  |x./H.L6.]b..,..<|
+000002e0  18 17 2d 80 f4 a2 ac e9  a6 c8 2c b9 92 d1 9e 2b  |..-.......,....+|
+000002f0  5f 3e 33 56 03 b5 76 51  ea c7 af 1c 42 8e 0e 65  |_>3V..vQ....B..e|
+00000300  f7 0f ad 36 9f fe b5 a0  06 31 f0 89 02 b4 bf c3  |...6.....1......|
+00000310  8e 2f 52 4d 97 99 dd 95  0f c4 32 9e 81 55 d1 2a  |./RM......2..U.*|
+00000320  05 ff b5 7a 02 0f 6f 1b  ef f1 de 48 dc a8 f8 44  |...z..o....H...D|
+00000330  35 8c eb df 6b 78 cd 89  75 ca ef 31 ba 8f b8 ff  |5...kx..u..1....|
+00000340  a3 74 39 ce 42 a0 01 8b  db 68 34 21 0a bf 84 fd  |.t9.B....h4!....|
+00000350  5f 28 87 d4 09 b2 91 c2  f3 1f b8 39 da 2b 55 3c  |_(.........9.+U<|
+00000360  46 a2 fa 3d 65 eb 41 0c  37 c8 17 03 03 00 99 e8  |F..=e.A.7.......|
+00000370  25 eb 99 2f 80 e2 09 ed  2f b9 78 90 7c dc e2 4a  |%../..../.x.|..J|
+00000380  78 19 49 46 a8 e7 82 a0  85 84 71 da 80 fb d2 5d  |x.IF......q....]|
+00000390  28 c4 69 cf ac 1c bc 1e  ba 90 5c 0a ec dd 31 5c  |(.i.......\...1\|
+000003a0  87 d0 4f 31 3f 62 cd 91  1e 99 a5 08 c6 de 6c 75  |..O1?b........lu|
+000003b0  91 be 31 83 12 5b fd 5a  eb 96 ae 70 9c 06 c9 ee  |..1..[.Z...p....|
+000003c0  63 e9 3c a0 5b 9c 55 cb  cd 9d a2 31 33 17 92 fa  |c.<.[.U....13...|
+000003d0  dc 34 20 43 71 92 8b 16  dd 1c 29 f5 ec a2 e4 ad  |.4 Cq.....).....|
+000003e0  d6 21 27 37 32 0c 7b f1  60 7f 58 aa fc d6 ae f3  |.!'72.{.`.X.....|
+000003f0  c9 7b 5f 59 39 cf 79 ab  5b a3 7e ea 13 72 51 9f  |.{_Y9.y.[.~..rQ.|
+00000400  a9 c5 fc fb c0 da 39 2a  17 03 03 00 35 b7 6d ed  |......9*....5.m.|
+00000410  8d d3 c6 09 fd 9b 6b be  6e bc 01 64 3b a1 4e 2d  |......k.n..d;.N-|
+00000420  3d 85 e3 5b 4b 7b 44 49  81 fd c8 d9 07 fe e5 53  |=..[K{DI.......S|
+00000430  ab 5f a3 64 f6 be 22 79  80 52 f0 ee 3c 1e 4e 65  |._.d.."y.R..<.Ne|
+00000440  0e e3                                             |..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 1e e0 29 6d d1 38  |............)m.8|
-00000010  a6 03 d7 fc 2b df a4 a4  d0 ae 87 01 b8 82 5d eb  |....+.........].|
-00000020  3c 25 3e a1 33 89 b5 05  eb bc 02 0f ad 84 f0 2b  |<%>.3..........+|
-00000030  5f 14 af 0d f8 f1 08 e3  ca c1 8e ad 4b a5 a0 09  |_...........K...|
-00000040  b8 a0 4f bf e4 0f 93 a9  4a 35 35 26 22 d7 04 03  |..O.....J55&"...|
-00000050  70 95 4f 80 df d4 47 5b  21 14 27 d6 17 ea 32 6e  |p.O...G[!.'...2n|
-00000060  ea 3a ca 31 7c f2 d1 46  a2 ef 47 b9 16 d6 18 d5  |.:.1|..F..G.....|
-00000070  17 35 71 9d 14 37 63 cd  e1 c6 ff 3d ec a5 d8 53  |.5q..7c....=...S|
-00000080  48 d5 d8 0b 75 39 c1 d2  66 ad 97 4e 5f eb c3 c7  |H...u9..f..N_...|
-00000090  e0 77 95 fd 16 84 e2 a3  6a f2 a8 88 5e 4c 86 be  |.w......j...^L..|
-000000a0  81 a5 f2 6b 12 86 63 f1  4f a6 8d 63 7c 07 0f 8d  |...k..c.O..c|...|
-000000b0  53 d5 d4 00 c7 b7 2a ef  b2 1d 07 4e 43 d6 25 35  |S.....*....NC.%5|
-000000c0  c9 b1 fa 91 d1 f7 87 c6  98 c7 e7 c2 c3 7d 42 09  |.............}B.|
-000000d0  e5 3c 50 83 1b 20 ef ec  e4 ac 2e f2 3e 03 73 52  |.<P.. ......>.sR|
-000000e0  2e 1d 20 cf e2 8d 15 c3  c7 a6 2f 68 b5 8e 5f bc  |.. ......./h.._.|
-000000f0  c5 73 61 ff 52 3c b0 7b  47 82 47 a0 73 f8 1c ab  |.sa.R<.{G.G.s...|
-00000100  4d ea 15 fa 94 e0 7f 70  c1 c8 9c 55 f0 96 38 42  |M......p...U..8B|
-00000110  76 d4 26 6d a7 73 11 59  43 19 2f 49 70 a9 18 1c  |v.&m.s.YC./Ip...|
-00000120  12 9e ee d3 eb ca 1c c0  3b e1 99 e3 c2 25 de 39  |........;....%.9|
-00000130  1a 15 e0 d7 20 9d 1b 95  74 8c ee 96 7b 5e de 13  |.... ...t...{^..|
-00000140  99 56 54 a2 31 7b e9 96  02 9e 86 7b 15 9d c6 3e  |.VT.1{.....{...>|
-00000150  24 a5 19 e5 8e de 85 97  05 68 4f 39 d1 49 05 c9  |$........hO9.I..|
-00000160  7a 54 90 29 e7 93 ec 8e  6f cc 73 73 82 7d 72 8d  |zT.)....o.ss.}r.|
-00000170  4a 85 29 7f a5 53 13 26  16 b2 fa c3 ce 1f 8b ae  |J.)..S.&........|
-00000180  e6 60 8c 2d b0 64 66 d4  29 7c b5 2d 1d 11 c5 09  |.`.-.df.)|.-....|
-00000190  bb a5 44 c6 c8 af e6 f1  d5 f8 d9 45 97 64 7f 03  |..D........E.d..|
-000001a0  02 f7 f5 9f cb 31 1e 89  e4 5d a0 e9 34 db be 28  |.....1...]..4..(|
-000001b0  51 15 68 54 01 7c e5 1d  b4 05 d2 d6 24 ca 10 69  |Q.hT.|......$..i|
-000001c0  31 bf 8b 7a ee d9 bf e1  2a d4 7c c8 e8 79 ca dd  |1..z....*.|..y..|
-000001d0  0f 73 09 c8 cf 97 28 78  04 5b 04 51 44 c4 5f d1  |.s....(x.[.QD._.|
-000001e0  dc da 4f f5 d9 5c 9c b1  ea f8 1b f7 43 90 c0 c0  |..O..\......C...|
-000001f0  fd 82 56 e3 71 15 18 5e  7e 5c 61 5e b3 80 c1 1c  |..V.q..^~\a^....|
-00000200  22 92 32 67 23 f6 3b 74  e4 20 4e 1f fb f8 89 55  |".2g#.;t. N....U|
-00000210  e7 3c 18 30 24 77 7c 33  5c 89 91 60 65 14 06 9e  |.<.0$w|3\..`e...|
-00000220  e2 6d f0 07 84 4b b4 14  e8 17 03 03 00 a3 a7 e1  |.m...K..........|
-00000230  f7 26 48 56 da 6d ef a5  f4 5f 19 52 37 9e e7 6d  |.&HV.m..._.R7..m|
-00000240  28 07 70 ee 1e de 85 2b  7a 2d bf eb 48 06 f5 d4  |(.p....+z-..H...|
-00000250  ea 4d 83 86 59 d4 14 4f  46 bc 17 89 f1 f5 37 0e  |.M..Y..OF.....7.|
-00000260  84 60 6e ba 73 d7 c1 bc  6f d7 aa cf f0 36 96 a2  |.`n.s...o....6..|
-00000270  83 60 81 6f 48 6c 9d 87  e5 b6 5e 77 ab c5 e3 cb  |.`.oHl....^w....|
-00000280  8e 55 94 dc 94 f3 8a ce  cb f7 b4 d5 33 55 df 88  |.U..........3U..|
-00000290  22 44 04 ee 4e f5 30 e7  30 94 dc 95 2d 97 2c e4  |"D..N.0.0...-.,.|
-000002a0  34 58 4d 38 9e 25 61 96  c1 37 66 34 2b be ee e6  |4XM8.%a..7f4+...|
-000002b0  ee 39 73 89 a3 aa 1b 0a  5a bf 44 23 4e 19 5c c4  |.9s.....Z.D#N.\.|
-000002c0  3f 27 47 5c 40 67 6c 50  b8 3f 7c c9 97 f0 55 02  |?'G\@glP.?|...U.|
-000002d0  16 17 03 03 00 35 82 8b  0d 4e 87 3c c6 bc 41 8b  |.....5...N.<..A.|
-000002e0  ec ab 71 9d 57 7b e6 22  e4 87 82 61 5d f8 69 31  |..q.W{."...a].i1|
-000002f0  8a 2c be 2c d8 4d 2f dc  9a 91 31 7a ab d8 a4 0e  |.,.,.M/...1z....|
-00000300  ba cb fc ef 17 a4 7c 87  ca 13 bb 17 03 03 00 13  |......|.........|
-00000310  3b d0 da 9f d4 be fa 59  7a 30 8b 7e 8e a0 99 c0  |;......Yz0.~....|
-00000320  c2 36 f3                                          |.6.|
+00000000  14 03 03 00 01 01 17 03  03 02 1e a8 48 8d 47 f6  |............H.G.|
+00000010  3d d8 59 5b 26 9e bd fc  d1 15 7c e1 37 1b db 3c  |=.Y[&.....|.7..<|
+00000020  e4 02 98 fd aa cc a6 45  97 6e c5 18 4e 45 8e d6  |.......E.n..NE..|
+00000030  84 7a b5 e4 da 8b 17 34  e5 fb 21 3c f6 02 c2 5c  |.z.....4..!<...\|
+00000040  ea 57 ea 16 67 4a 6d b2  0e 5a 39 f8 6b 11 84 bd  |.W..gJm..Z9.k...|
+00000050  43 80 03 40 5e d2 d2 54  2e d1 38 bc 9a 16 4f 21  |C..@^..T..8...O!|
+00000060  0e 07 38 b5 80 21 16 c6  a1 bb 23 79 a6 df ef 27  |..8..!....#y...'|
+00000070  dc 30 3c 4a 53 b1 5c 54  a7 fb ff 73 e2 12 ab 90  |.0<JS.\T...s....|
+00000080  39 2a c7 8d 8f 9c 99 02  5a cc fe ab 00 0b 69 6e  |9*......Z.....in|
+00000090  04 cd 8c 46 68 59 dc f9  cc ef f6 dd 01 7a 69 29  |...FhY.......zi)|
+000000a0  38 50 a2 37 bf 68 8b 3a  8a 7e 88 57 57 35 5f 65  |8P.7.h.:.~.WW5_e|
+000000b0  e8 d3 b0 5d 98 41 f2 32  51 9f 8f a3 83 2f 50 42  |...].A.2Q..../PB|
+000000c0  97 59 71 8a 7c 93 2c ae  ad 94 d5 87 d3 54 fc 06  |.Yq.|.,......T..|
+000000d0  fb 0f 8f 06 0f fe ec 59  38 fc e7 e0 86 45 c2 ce  |.......Y8....E..|
+000000e0  0c e2 d3 ac 0a 34 30 21  a7 cb 1e 6d c4 41 93 81  |.....40!...m.A..|
+000000f0  cd 7d 0b 10 cb 77 0d e4  5f d9 af 49 ff 11 fb 87  |.}...w.._..I....|
+00000100  d4 2b 54 78 52 86 c6 43  e1 da fb da 60 e3 76 1a  |.+TxR..C....`.v.|
+00000110  ed 0e f1 bd 33 e9 70 fa  1c 6e 75 3a 99 08 0e 9f  |....3.p..nu:....|
+00000120  e2 cd 2e a0 d0 a2 ea bd  85 44 ee 4f 93 fd 84 0b  |.........D.O....|
+00000130  d2 7b af da 5c ab c9 10  45 f0 eb e5 87 19 fd 79  |.{..\...E......y|
+00000140  80 02 da aa 25 72 15 f2  1e 5c f0 63 f5 a2 be 7c  |....%r...\.c...||
+00000150  a3 4d f5 de 92 2e 15 3a  c7 54 cf 88 c3 01 89 82  |.M.....:.T......|
+00000160  12 fb fa 92 5b 8d e0 b9  27 44 0a ed 0c b5 3c eb  |....[...'D....<.|
+00000170  72 e0 23 2d 9d f9 d4 0e  f3 c0 24 c7 1d d9 5b 02  |r.#-......$...[.|
+00000180  35 49 51 77 fb 84 58 75  72 2b 4b c1 cd dc 7d 39  |5IQw..Xur+K...}9|
+00000190  c0 9b dd cd f8 48 af 9a  00 ed 5b 92 85 18 24 8a  |.....H....[...$.|
+000001a0  4b 47 59 18 be 3e b5 fe  2a ce 8c 60 af 64 7e 71  |KGY..>..*..`.d~q|
+000001b0  45 26 b8 91 26 cc d6 bf  d5 4d 26 3f 4f c8 73 99  |E&..&....M&?O.s.|
+000001c0  a7 50 9d 14 09 b6 07 1a  af aa 9b 02 31 b2 c6 22  |.P..........1.."|
+000001d0  ca 3e e0 2f 27 87 27 2e  96 f4 b4 ba c6 01 77 d3  |.>./'.'.......w.|
+000001e0  52 09 ea 79 9b ee b4 6a  41 29 b1 de de 74 6b b2  |R..y...jA)...tk.|
+000001f0  11 b1 58 90 5c 6a 0d b5  51 4b 2e 1b 3e e6 f4 17  |..X.\j..QK..>...|
+00000200  8e 8a 1d 1e c8 bd 55 3a  fc f4 90 73 14 5f 63 1b  |......U:...s._c.|
+00000210  22 f0 81 fd 70 05 ca b2  fd 90 3c 9d 2e 73 d3 8c  |"...p.....<..s..|
+00000220  f0 0a 59 9e 46 fe 8c e2  22 17 03 03 00 a4 78 2b  |..Y.F...".....x+|
+00000230  ec c5 5e 71 85 c6 e5 5d  75 f3 b5 3d 55 de 1c f9  |..^q...]u..=U...|
+00000240  06 92 be df ef 77 31 4b  f3 13 b8 c7 7a 68 ec 1b  |.....w1K....zh..|
+00000250  e2 7c c0 ff b5 6f c2 62  bd 34 23 fd 6a 39 c7 ef  |.|...o.b.4#.j9..|
+00000260  91 47 77 7e 32 2e a9 b2  85 ae 01 3e 61 43 8a 93  |.Gw~2......>aC..|
+00000270  72 14 e1 b7 a5 14 4b ca  6e cb 4d e7 a3 cd 74 98  |r.....K.n.M...t.|
+00000280  4e 08 a4 d4 34 ea 73 17  4b 20 8b 40 03 10 a0 33  |N...4.s.K .@...3|
+00000290  c9 2f c0 4c 3b a2 2c 61  3c ab ec e3 c0 e8 e2 d6  |./.L;.,a<.......|
+000002a0  a0 85 fa 26 26 a9 65 dc  70 5b 8f b7 3f 9e b3 fb  |...&&.e.p[..?...|
+000002b0  44 36 62 79 75 af ef 94  05 6b d2 44 07 51 ae 91  |D6byu....k.D.Q..|
+000002c0  ea e3 e7 d2 f4 2f 19 17  38 aa 1c ae cb 88 db 0b  |...../..8.......|
+000002d0  66 5a 17 03 03 00 35 6d  d9 23 d1 3c c3 25 7b 5d  |fZ....5m.#.<.%{]|
+000002e0  8a 1a 41 00 00 f8 0c a7  3e 53 4e e5 f6 cb 11 3f  |..A.....>SN....?|
+000002f0  9c 66 62 80 98 6c 55 19  b1 6f 00 5d 46 93 d2 0b  |.fb..lU..o.]F...|
+00000300  79 58 1c d6 d7 f9 fc fb  38 c5 32 63 17 03 03 00  |yX......8.2c....|
+00000310  13 72 a9 fd 60 5c cf 68  b3 32 15 04 33 1c e1 5f  |.r..`\.h.2..3.._|
+00000320  11 11 9e 8c                                       |....|
 >>> Flow 4 (server to client)
-00000000  17 03 03 02 90 a2 a0 e4  83 63 ad 8d d5 45 25 dc  |.........c...E%.|
-00000010  41 02 31 28 8d b0 87 85  66 b8 9c 36 f3 1f 97 87  |A.1(....f..6....|
-00000020  8c c9 e6 b4 67 1e 42 ab  84 c4 eb 0a 41 b1 0f 50  |....g.B.....A..P|
-00000030  25 c3 7e 69 20 cf 8a d0  56 79 61 e3 e1 5b cc a4  |%.~i ...Vya..[..|
-00000040  24 5a c7 2d 3b 17 33 92  59 6c 7e 29 a9 a2 2c 73  |$Z.-;.3.Yl~)..,s|
-00000050  3e b1 65 32 3d 6a 2b 61  5d 76 c4 66 0e 4f f1 da  |>.e2=j+a]v.f.O..|
-00000060  dd d3 7e 29 3d f5 42 99  9e 04 60 a4 9a a1 c0 f7  |..~)=.B...`.....|
-00000070  54 4e d5 58 73 85 02 83  38 ba 4e 93 9a 69 68 07  |TN.Xs...8.N..ih.|
-00000080  71 c9 a7 e4 83 51 4c 11  21 26 b2 dd ad 4b 2a ef  |q....QL.!&...K*.|
-00000090  23 9b b0 f6 d6 96 9f 99  1f 69 fe 35 28 86 49 bc  |#........i.5(.I.|
-000000a0  ec 97 11 4d 4e b7 c1 c2  da 6c ae c7 40 b9 2a 1f  |...MN....l..@.*.|
-000000b0  ff 9d 9d ea 90 b9 61 6f  76 ae fe 55 70 f6 ee 54  |......aov..Up..T|
-000000c0  54 62 6d 19 9a fc 40 16  e5 c2 e2 3e d1 68 c6 09  |Tbm...@....>.h..|
-000000d0  be 54 64 25 8a a0 2b e6  b3 14 7e 74 17 91 f0 de  |.Td%..+...~t....|
-000000e0  87 e8 3c 3e 58 8d 1b b2  4e 2d 7d c1 f8 aa 16 ca  |..<>X...N-}.....|
-000000f0  2a 3e 8f aa 52 14 e4 f2  2a b9 6e 62 46 ab ed 3a  |*>..R...*.nbF..:|
-00000100  ff a1 51 53 92 7a 78 c4  ed 9d fd 1f b4 62 2e e7  |..QS.zx......b..|
-00000110  cc 9d 09 fa 06 2e 9e 55  e5 98 9e b8 be e9 12 94  |.......U........|
-00000120  33 58 6b be 71 a1 4f f8  a0 83 85 f8 7e b4 28 a7  |3Xk.q.O.....~.(.|
-00000130  ee 1b ac 3c 46 b6 ac 60  af 5d cc b0 a8 2c 3f 95  |...<F..`.]...,?.|
-00000140  75 2a 73 ac 02 7e d8 04  21 fc 68 d7 6f 1d 31 40  |u*s..~..!.h.o.1@|
-00000150  43 81 26 b7 00 5f 77 d9  21 7b b4 7c cd 9f 89 69  |C.&.._w.!{.|...i|
-00000160  ef 11 0c 60 db 22 94 98  eb 10 d9 0c 0e 29 c2 d9  |...`.".......)..|
-00000170  74 8d 71 25 b8 5a c1 13  d6 f6 01 58 6d 71 31 7c  |t.q%.Z.....Xmq1||
-00000180  66 e8 e5 36 06 b3 e4 51  0c b1 43 88 bf 2b 54 d7  |f..6...Q..C..+T.|
-00000190  52 79 3d 07 a9 c2 e5 97  cc 79 87 b1 c7 8b 30 7b  |Ry=......y....0{|
-000001a0  b1 fe 90 58 35 a1 dc 18  8a fa cc df 63 2b 72 57  |...X5.......c+rW|
-000001b0  14 e1 12 4c bc d7 ba c2  e5 f7 4c 40 d6 34 ea 11  |...L......L@.4..|
-000001c0  8f be 3d 7a 34 11 c1 1a  ad f8 2e 89 94 8a 3a ce  |..=z4.........:.|
-000001d0  e5 8f e8 bc 77 71 38 8c  3c 6e 29 a3 1a 14 9d 3d  |....wq8.<n)....=|
-000001e0  a3 28 46 32 38 f0 14 74  ff 9b 99 71 65 ab ef c8  |.(F28..t...qe...|
-000001f0  67 ab 47 91 61 d1 af cf  7d 96 89 d5 57 17 96 d3  |g.G.a...}...W...|
-00000200  30 d5 fb 74 3b b8 df 77  98 7b 04 3e a1 a8 5a f1  |0..t;..w.{.>..Z.|
-00000210  6b 5c d2 4d b2 20 35 63  9e 83 c0 7e 83 60 46 57  |k\.M. 5c...~.`FW|
-00000220  c0 80 0d d7 b9 9f 14 c0  58 2d 48 2a cc 8c 1d 32  |........X-H*...2|
-00000230  2c 34 ec 10 f2 34 b4 28  e1 0e 83 38 c4 2e 5a 09  |,4...4.(...8..Z.|
-00000240  ff e6 3f d3 9a 32 8e 33  9e 31 18 e5 1d 6b 97 12  |..?..2.3.1...k..|
-00000250  9b 93 84 86 62 8a 0a 8a  ab 8d 37 68 af a1 ec 8e  |....b.....7h....|
-00000260  38 c8 47 ef 10 f8 64 7c  e1 13 0a 33 eb c2 4b bf  |8.G...d|...3..K.|
-00000270  47 49 6d 93 3c c9 44 aa  74 67 a9 93 dd de 66 47  |GIm.<.D.tg....fG|
-00000280  1e b3 55 47 b1 16 88 68  82 24 d6 b8 81 b0 5a b6  |..UG...h.$....Z.|
-00000290  27 7a f8 0b 5c 17 03 03  00 1e a5 9b 8c d2 3e 96  |'z..\.........>.|
-000002a0  f3 49 7a ed d9 fc 33 62  15 12 43 76 11 f9 dc fc  |.Iz...3b..Cv....|
-000002b0  ea d2 d7 87 22 6f 9e 3d  17 03 03 00 13 e1 30 4e  |...."o.=......0N|
-000002c0  4c 1d 02 78 57 a5 ee 8f  1c 5f 19 f0 57 3a 8d 7e  |L..xW...._..W:.~|
+00000000  17 03 03 02 90 2e 71 49  81 51 71 9c 2f da 1e dc  |......qI.Qq./...|
+00000010  22 c0 a2 59 13 ad 41 ae  7b 18 56 d0 00 7b b5 cf  |"..Y..A.{.V..{..|
+00000020  47 e7 bc 8e 92 9e dc 88  78 3e 40 8e 8b 01 b0 30  |G.......x>@....0|
+00000030  8f 7e 88 95 77 ed de 31  bf c5 78 ba a1 44 55 ec  |.~..w..1..x..DU.|
+00000040  b6 df 49 a9 df a0 92 b2  be b7 2c 1c 39 1b a0 63  |..I.......,.9..c|
+00000050  18 e5 12 b7 5a a5 85 14  97 7d 9e e1 80 b7 15 c5  |....Z....}......|
+00000060  2f ca e3 3b 48 91 42 07  f4 49 25 99 2c ee b8 b5  |/..;H.B..I%.,...|
+00000070  05 a2 34 7d bb c0 87 4c  f3 a8 07 89 fe b7 08 2c  |..4}...L.......,|
+00000080  e2 0b 27 6f 49 88 80 2f  3b 9c ae a6 3e 38 74 23  |..'oI../;...>8t#|
+00000090  53 70 f5 84 0f 77 d4 94  68 f9 86 18 2f dc e1 94  |Sp...w..h.../...|
+000000a0  3c e1 2c f2 84 07 f5 3c  88 99 63 ef a1 96 73 f9  |<.,....<..c...s.|
+000000b0  46 43 c2 92 be 04 b8 6b  9e db e1 7f 63 b1 d4 15  |FC.....k....c...|
+000000c0  36 2c 37 e3 c2 24 b2 4c  c5 60 96 15 3b 20 01 67  |6,7..$.L.`..; .g|
+000000d0  e5 52 9a 4f 17 6c 0a f1  a0 a3 31 48 e5 31 8e d3  |.R.O.l....1H.1..|
+000000e0  b9 49 38 d2 55 4d 40 8e  a2 bf dd 0f 19 25 42 55  |.I8.UM@......%BU|
+000000f0  06 57 22 c5 06 c9 59 13  f7 c7 56 b1 68 20 f4 62  |.W"...Y...V.h .b|
+00000100  19 0a 5d ab 5f 81 c6 50  b7 a2 f8 ce 55 f2 b6 6c  |..]._..P....U..l|
+00000110  67 39 75 82 1b a1 6b 85  58 37 c0 a5 12 64 a6 ee  |g9u...k.X7...d..|
+00000120  2e f8 f0 dc d2 50 08 47  0f 15 c8 37 2d ba 69 64  |.....P.G...7-.id|
+00000130  e9 ea 7b fa 16 91 ed b6  24 0d fb e8 aa 74 6b 74  |..{.....$....tkt|
+00000140  2d 78 2d 1c 2b 98 8e ab  74 6d 06 a3 00 8a e5 be  |-x-.+...tm......|
+00000150  c0 68 09 05 e0 95 0d c1  27 8a cf 05 09 0a 7c b9  |.h......'.....|.|
+00000160  a1 3a 9b 45 3d d4 5d 16  64 5b d5 a3 6c d2 12 78  |.:.E=.].d[..l..x|
+00000170  4f 6b ba 3a fe ad 35 9e  5e 0c 5f d4 f3 32 a2 0b  |Ok.:..5.^._..2..|
+00000180  f1 af d4 e5 f1 91 c6 6c  47 6b 30 a7 2f bf 60 05  |.......lGk0./.`.|
+00000190  e3 c0 2d 9c 34 f2 f0 6b  f2 ce 7f 19 d0 86 26 b0  |..-.4..k......&.|
+000001a0  e1 7e 7b e0 0e 3d e7 f6  3c 7f 42 bc 9f a6 0a 25  |.~{..=..<.B....%|
+000001b0  eb cf 1b 4b 44 10 df 7d  f1 1f e3 a9 ea 4f 6d 52  |...KD..}.....OmR|
+000001c0  70 b2 f0 0b a9 c5 bc 66  46 21 4d 92 c4 c3 f6 71  |p......fF!M....q|
+000001d0  eb 46 c0 f3 e7 6f 4a ee  37 ad 8a ea 3b aa 51 79  |.F...oJ.7...;.Qy|
+000001e0  d5 d5 18 7e e8 ae 31 1a  db 16 04 d8 3c 94 17 f6  |...~..1.....<...|
+000001f0  ad 8f 8b 5d 7d 14 fb b4  e9 b4 7e bb 75 f1 df de  |...]}.....~.u...|
+00000200  6f 0a 0d a8 f9 b5 d8 53  73 36 88 77 db e6 0e 84  |o......Ss6.w....|
+00000210  fc 94 6b c9 cc 74 0f 01  40 39 c4 d0 66 2d 23 76  |..k..t..@9..f-#v|
+00000220  9f 0d a1 53 94 a2 dd 56  83 9e 62 39 10 13 39 40  |...S...V..b9..9@|
+00000230  55 09 b6 77 d2 22 9c 49  ef f9 af 93 ee d1 cf 3d  |U..w.".I.......=|
+00000240  1f 29 ef 27 94 3c 6d 23  d6 7c 33 e1 f7 cd 70 05  |.).'.<m#.|3...p.|
+00000250  ba c1 c3 88 d9 d4 10 22  47 74 01 27 75 f2 7b 72  |......."Gt.'u.{r|
+00000260  95 8a 19 e3 4b e1 61 2e  b2 a5 13 31 84 b1 30 74  |....K.a....1..0t|
+00000270  67 b9 55 df 4b ff ac 15  2a 01 d5 4f 2b c3 49 ee  |g.U.K...*..O+.I.|
+00000280  28 a3 aa 28 0e 51 9e 68  32 70 89 58 07 ba 07 72  |(..(.Q.h2p.X...r|
+00000290  f0 46 b4 ad d2 17 03 03  00 1e fe 98 35 5f 4c be  |.F..........5_L.|
+000002a0  c0 66 51 92 14 0c 3e 5a  eb 02 7e e2 99 69 37 e3  |.fQ...>Z..~..i7.|
+000002b0  b0 90 43 11 e6 76 5e 2d  17 03 03 00 13 4b 69 75  |..C..v^-.....Kiu|
+000002c0  3d 46 35 f6 85 4b 0b 6e  f4 6b 30 2a 28 37 3c f1  |=F5..K.n.k0*(7<.|
diff --git a/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given b/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given
index 6943bf65..016b7da4 100644
--- a/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given
+++ b/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given
@@ -1,149 +1,151 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 ca 01 00 00  c6 03 03 e4 83 a9 75 06  |..............u.|
-00000010  0f 8b c9 35 1e 62 89 7f  a8 df 7c 93 b6 f0 8f 94  |...5.b....|.....|
-00000020  ea 31 dc 66 11 66 bd 77  33 54 bf 20 38 77 15 8d  |.1.f.f.w3T. 8w..|
-00000030  b4 21 50 72 6f 95 61 6c  15 b8 35 c9 92 10 72 99  |.!Pro.al..5...r.|
-00000040  bc 41 03 53 7c 5e 7b b3  a4 2e b4 19 00 04 13 01  |.A.S|^{.........|
+00000000  16 03 01 00 ca 01 00 00  c6 03 03 c3 82 3b bf 9c  |.............;..|
+00000010  31 25 31 c7 8d 18 7f c1  28 22 0f 23 0c 13 b8 81  |1%1.....(".#....|
+00000020  a8 e8 35 00 92 0a 13 21  8d 76 43 20 9e 3a 45 91  |..5....!.vC .:E.|
+00000030  73 a0 99 70 ab 96 99 2b  ae 4a b1 2a 89 3c 74 94  |s..p...+.J.*.<t.|
+00000040  27 3f 71 16 d0 e6 86 a0  e6 61 9d 7a 00 04 13 01  |'?q......a.z....|
 00000050  00 ff 01 00 00 79 00 0b  00 04 03 00 01 02 00 0a  |.....y..........|
 00000060  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 16  |................|
 00000070  00 00 00 17 00 00 00 0d  00 1e 00 1c 04 03 05 03  |................|
 00000080  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000090  08 06 04 01 05 01 06 01  00 2b 00 03 02 03 04 00  |.........+......|
-000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 8e  |-.....3.&.$... .|
-000000b0  cf 32 24 aa f2 36 c7 41  50 66 dd 57 ce 97 72 8d  |.2$..6.APf.W..r.|
-000000c0  f3 b6 7d a0 a4 5e 5d fe  be bb ce 32 9f 03 75     |..}..^]....2..u|
+000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 f5  |-.....3.&.$... .|
+000000b0  99 bf 34 6f 97 37 52 fd  ed 12 2f 60 bc 2b 0a ce  |..4o.7R.../`.+..|
+000000c0  17 a8 80 db d0 23 6d 82  04 03 78 81 b7 07 01     |.....#m...x....|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 7a 02 00 00  76 03 03 00 00 00 00 00  |....z...v.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 20 38 77 15 8d  |........... 8w..|
-00000030  b4 21 50 72 6f 95 61 6c  15 b8 35 c9 92 10 72 99  |.!Pro.al..5...r.|
-00000040  bc 41 03 53 7c 5e 7b b3  a4 2e b4 19 13 01 00 00  |.A.S|^{.........|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 9e 3a 45 91  |........... .:E.|
+00000030  73 a0 99 70 ab 96 99 2b  ae 4a b1 2a 89 3c 74 94  |s..p...+.J.*.<t.|
+00000040  27 3f 71 16 d0 e6 86 a0  e6 61 9d 7a 13 01 00 00  |'?q......a.z....|
 00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 2f  |..+.....3.$... /|
 00000060  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 00000070  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 14  |.........._X.;t.|
-00000080  03 03 00 01 01 17 03 03  00 17 3b ca 9a d3 b7 99  |..........;.....|
-00000090  d7 d8 c9 f9 96 b8 70 69  3b 22 42 0f c4 72 de 7c  |......pi;"B..r.||
-000000a0  05 17 03 03 00 3e 38 d7  00 60 b9 ce 17 31 26 9f  |.....>8..`...1&.|
-000000b0  db ef e2 b1 99 55 c8 f9  f3 a0 81 19 12 a7 63 85  |.....U........c.|
-000000c0  5a 26 2d d1 1c ad 5d ae  d6 4b 66 93 62 d7 fe 08  |Z&-...]..Kf.b...|
-000000d0  40 e9 fa 16 8b 89 f8 04  e8 33 67 20 2b 21 91 a0  |@........3g +!..|
-000000e0  c6 0a 87 ff 17 03 03 02  6d 79 97 6c 2f f6 01 7b  |........my.l/..{|
-000000f0  3a 49 0e 1a 00 96 10 fd  7f 77 db 76 b2 d4 e4 68  |:I.......w.v...h|
-00000100  46 4e 4f 3c 64 54 ca 27  9a 5c 78 98 f4 96 a4 fe  |FNO<dT.'.\x.....|
-00000110  29 e5 44 cb 6d 3e bd ce  89 15 c6 75 d8 28 00 da  |).D.m>.....u.(..|
-00000120  ff d8 ec 27 2c f2 4c e5  a0 6e 88 ce 67 6e 35 f4  |...',.L..n..gn5.|
-00000130  e5 d5 96 2d 40 af fa 88  12 8a 48 24 2c f9 82 f5  |...-@.....H$,...|
-00000140  cb a4 6e 95 a6 53 bc 79  f7 6a ef 66 77 bc 46 f0  |..n..S.y.j.fw.F.|
-00000150  1b 0d 6b 5c 76 82 15 c4  d0 1c dd ec cc ce 09 93  |..k\v...........|
-00000160  ce 21 55 9b d8 8a 11 1b  0c 24 fa 9e 5f 29 4a f1  |.!U......$.._)J.|
-00000170  2a 2e ad c0 6d 6d 46 06  5b c9 75 b3 3e 32 45 67  |*...mmF.[.u.>2Eg|
-00000180  05 26 cc d8 a8 4a a9 b1  67 71 a6 82 1c dc f0 15  |.&...J..gq......|
-00000190  6d 25 f5 6e be a2 5f 45  39 dc d1 2e df fa e1 e9  |m%.n.._E9.......|
-000001a0  48 ca 7a 78 fa 0e 53 d1  5c 8f c2 40 91 d5 fa 40  |H.zx..S.\..@...@|
-000001b0  7e a1 52 23 c8 56 1f 31  17 91 5c 38 bb 54 56 f3  |~.R#.V.1..\8.TV.|
-000001c0  1e 14 90 43 b7 ef fd 56  b5 ae 13 90 97 dc 60 15  |...C...V......`.|
-000001d0  67 72 fc c2 0a 32 90 be  ec de 69 16 d3 1b 22 2c  |gr...2....i...",|
-000001e0  25 9f 91 27 a7 6d 8c a4  de 02 fd 0e da bf ca 71  |%..'.m.........q|
-000001f0  77 9b 56 b8 07 e8 80 00  9b d9 36 1c 09 4f 9f 54  |w.V.......6..O.T|
-00000200  76 d5 76 f4 9a 03 94 bb  9e 93 f0 b5 3c a1 71 ec  |v.v.........<.q.|
-00000210  b3 83 3a 06 b4 46 97 bf  ef bb f0 26 94 4e b0 08  |..:..F.....&.N..|
-00000220  3b ec 81 20 66 92 11 85  a0 c2 90 fd c5 bc ae 39  |;.. f..........9|
-00000230  2c 87 ec e4 5d 59 ee b4  e9 0d f7 2a e0 3b 2a 94  |,...]Y.....*.;*.|
-00000240  1a 79 2f e8 5c 88 d3 61  2e 47 c0 f3 c4 01 84 a9  |.y/.\..a.G......|
-00000250  cf f6 36 13 cb 4b 0b f7  9a 14 f1 d5 0e 10 80 fd  |..6..K..........|
-00000260  11 79 20 20 ae 56 5e de  58 53 19 38 26 e2 ac bc  |.y  .V^.XS.8&...|
-00000270  0c 40 38 8b f9 67 62 4c  42 7d 18 4f 27 e9 53 96  |.@8..gbLB}.O'.S.|
-00000280  78 4b fa 44 fe c2 c3 d9  99 f2 2c 59 2b 2b 2c 88  |xK.D......,Y++,.|
-00000290  5b dc a8 98 3d 17 14 09  70 ce e4 02 8b 3c 5d 94  |[...=...p....<].|
-000002a0  44 ac ba 57 2d a9 bf b8  70 e9 b8 a8 c3 b8 90 da  |D..W-...p.......|
-000002b0  ec b1 b4 57 d6 e3 0f 41  82 bb 21 4a 57 dc ac 4b  |...W...A..!JW..K|
-000002c0  89 34 75 fc c4 56 6b 70  3d 83 2b fa be c8 2b cd  |.4u..Vkp=.+...+.|
-000002d0  f8 4f 9f 9e 9a 0e d2 d0  46 cd 21 a5 f7 07 a6 2a  |.O......F.!....*|
-000002e0  85 7b 30 92 78 a2 da a5  1d 1c 1c 54 63 4b 66 b2  |.{0.x......TcKf.|
-000002f0  f1 a7 c4 43 57 97 7f 28  37 e7 15 62 9b 1c f5 90  |...CW..(7..b....|
-00000300  0c 19 36 1a c1 48 48 e5  7d 56 93 3c 13 e3 cd 6a  |..6..HH.}V.<...j|
-00000310  aa aa ba d5 24 95 c7 df  9c a9 76 6c 07 bf 09 2d  |....$.....vl...-|
-00000320  4b 7b 55 94 37 ec d4 69  ce ab 0f 48 37 74 37 99  |K{U.7..i...H7t7.|
-00000330  83 0d 60 8a 73 56 fb e2  9e 0c 39 0e 23 bf 68 b2  |..`.sV....9.#.h.|
-00000340  92 51 12 bc cf 1b af 9d  7c fe 77 14 c8 66 4a 6f  |.Q......|.w..fJo|
-00000350  91 06 55 6a 11 61 17 03  03 00 99 c2 bf 26 a6 fa  |..Uj.a.......&..|
-00000360  67 16 a3 b9 1f 36 f8 4f  5d 59 b1 be 43 3a 70 01  |g....6.O]Y..C:p.|
-00000370  c0 3a 4b c5 20 b1 22 49  04 22 bb 7f 5f f4 bb f8  |.:K. ."I.".._...|
-00000380  35 03 0e dc ba ce de 2a  25 ea 96 dd 3d 64 34 90  |5......*%...=d4.|
-00000390  30 f8 34 22 bb e4 94 00  bb b3 ea 3c d2 87 90 9a  |0.4".......<....|
-000003a0  86 76 6b b7 e3 78 fc 35  10 50 ce b6 c0 71 52 ae  |.vk..x.5.P...qR.|
-000003b0  a5 f7 bf 8c 5e 5d c1 96  c7 92 6f f0 04 87 d9 a8  |....^]....o.....|
-000003c0  72 f4 9e ed 6d ab 28 42  7c c8 60 39 81 66 74 a1  |r...m.(B|.`9.ft.|
-000003d0  79 79 6a 59 02 29 b8 14  12 34 a7 96 8f e0 c1 d6  |yyjY.)...4......|
-000003e0  4e da e2 63 22 c1 60 b1  87 64 d3 80 b9 c4 df 9a  |N..c".`..d......|
-000003f0  5f 2c 22 91 17 03 03 00  35 9a 62 4d a2 ba 27 31  |_,".....5.bM..'1|
-00000400  fc 8e 23 cc 5f f0 5c 8c  9b c1 b0 ae 7b b8 fa e2  |..#._.\.....{...|
-00000410  f3 af 6c 6c ac 86 1e e1  2b 9f 14 a1 f3 5f b5 f9  |..ll....+...._..|
-00000420  76 b6 dd 73 f5 6a 08 29  f1 29 9e 79 87 aa        |v..s.j.).).y..|
+00000080  03 03 00 01 01 17 03 03  00 17 84 17 5a 31 cf 40  |............Z1.@|
+00000090  61 37 2b 5a 28 91 d9 e1  7b f2 50 14 8e 7b 40 30  |a7+Z(...{.P..{@0|
+000000a0  4b 17 03 03 00 52 ad d1  15 51 c8 89 48 44 23 64  |K....R...Q..HD#d|
+000000b0  8a b6 8d ac 08 47 ed 65  1d a3 ea cd 3c 89 43 4b  |.....G.e....<.CK|
+000000c0  36 28 4b b7 bc e4 93 93  ce 37 4c f5 63 ad 3b 3f  |6(K......7L.c.;?|
+000000d0  05 b9 92 56 88 35 89 30  5e 40 2d 46 ac 9d 1f ec  |...V.5.0^@-F....|
+000000e0  3d 0a 2a 32 d0 98 79 97  e2 93 2b b0 43 35 37 90  |=.*2..y...+.C57.|
+000000f0  64 e3 a6 fd 09 01 14 61  17 03 03 02 6d 3c 5b ed  |d......a....m<[.|
+00000100  d8 cf c6 d9 e4 b1 7b 15  dc a1 c1 f6 88 87 1a 5c  |......{........\|
+00000110  22 37 53 87 a7 10 13 50  1c 1c 65 70 09 67 f3 63  |"7S....P..ep.g.c|
+00000120  e7 63 88 76 50 45 e6 a8  1a 38 93 3b c0 ef fd c0  |.c.vPE...8.;....|
+00000130  17 c2 c5 04 d6 15 c6 e9  70 bd d2 be 9a 38 50 8a  |........p....8P.|
+00000140  2b 4c a2 ea 4e ad 80 09  8f 24 2c 17 4d 17 e4 d8  |+L..N....$,.M...|
+00000150  a1 47 13 fb 76 18 2d 04  8c 39 23 03 67 64 d2 d6  |.G..v.-..9#.gd..|
+00000160  3d c8 4f 1d 1c 59 44 08  80 52 6e f3 3f 90 35 bc  |=.O..YD..Rn.?.5.|
+00000170  7e 58 1e 16 2c b0 7d 89  2a 4a a9 53 5a 2a ce 65  |~X..,.}.*J.SZ*.e|
+00000180  c9 85 08 0b 6d e9 a4 9c  e7 25 30 49 3c 85 bb 83  |....m....%0I<...|
+00000190  7c 78 be 9d ee de 8f fb  01 d7 59 d5 4e 42 bc 21  ||x........Y.NB.!|
+000001a0  e6 ba ed 0c 84 3c 8a aa  70 43 8a 46 c5 7f 81 65  |.....<..pC.F...e|
+000001b0  b3 18 73 d9 73 8f 4e 67  5e 64 e3 92 0c 2f 03 e4  |..s.s.Ng^d.../..|
+000001c0  81 ec 8a a2 0c 7d e9 97  5f 4b 5f 7e 55 48 24 8c  |.....}.._K_~UH$.|
+000001d0  ea d4 34 18 2b 88 6e 07  17 a9 7a be 6a 99 59 76  |..4.+.n...z.j.Yv|
+000001e0  f5 1d 9b e9 4c ad f7 eb  94 8b bb 7d 93 46 ba a7  |....L......}.F..|
+000001f0  d5 f8 3b 82 91 6d 5c 7e  dc 0f da 08 19 06 40 f0  |..;..m\~......@.|
+00000200  fd 16 68 24 fc 85 84 12  65 71 cf 91 63 46 ea 2f  |..h$....eq..cF./|
+00000210  d6 45 be 8a f3 27 0a 66  cb ed 8a d0 38 02 59 34  |.E...'.f....8.Y4|
+00000220  4a 3d dc 6d 2d ef a4 f6  b4 c0 9d 29 85 b3 da 20  |J=.m-......)... |
+00000230  4d 60 ec 90 eb 0f f1 5f  83 b4 bd 6a d5 0b b1 01  |M`....._...j....|
+00000240  dd df a3 4c 1c b1 f6 b3  0c e0 8d 94 59 84 08 c4  |...L........Y...|
+00000250  31 58 83 11 0b 04 5c 5e  e3 ef 5a f4 6d 95 3a ca  |1X....\^..Z.m.:.|
+00000260  7a 11 b9 db e4 dd 38 66  65 b1 24 40 17 22 8f 90  |z.....8fe.$@."..|
+00000270  f3 88 c6 a0 76 21 67 be  1f 6c aa ca ad c1 58 20  |....v!g..l....X |
+00000280  dd c7 c0 20 32 a8 d7 db  9a 81 c9 82 38 a0 76 6b  |... 2.......8.vk|
+00000290  54 cf 79 cb 01 f1 59 50  3b 99 e2 68 96 2f 49 01  |T.y...YP;..h./I.|
+000002a0  f6 7a ec a5 4f a0 91 be  fb 85 52 ef 9b 6d 0c c1  |.z..O.....R..m..|
+000002b0  36 82 a2 3f 0b 4e 4e 01  31 43 29 2a c0 26 41 83  |6..?.NN.1C)*.&A.|
+000002c0  31 7b 9a b0 bf 0d 0f 96  b7 64 60 4d 07 2b 29 7e  |1{.......d`M.+)~|
+000002d0  d2 f6 c3 92 89 50 a7 19  b7 5b 15 6d 9c 0b 6e e3  |.....P...[.m..n.|
+000002e0  01 d4 58 18 c0 22 95 e6  42 a7 1b 65 a8 2f 5f 6e  |..X.."..B..e./_n|
+000002f0  fc bc 00 ed 01 21 ec a9  6c ac 9e c7 c0 f0 f5 fc  |.....!..l.......|
+00000300  bd 0c c1 26 98 20 fa 1d  a5 2a b6 fc 01 17 1c ba  |...&. ...*......|
+00000310  62 17 7d 39 25 76 bb 8c  77 5a bb 5e 74 22 f7 82  |b.}9%v..wZ.^t"..|
+00000320  f1 65 8a 25 b5 05 53 db  84 de e6 59 1a a6 e7 09  |.e.%..S....Y....|
+00000330  45 8e 14 fc e2 bc 9c 20  42 28 8d e2 ae 48 ad f4  |E...... B(...H..|
+00000340  a0 ab 6b 3e 23 02 0a 0f  ee 92 68 2f 29 1c 7e 4f  |..k>#.....h/).~O|
+00000350  8b 92 85 32 15 2f c1 dc  fa 87 14 1d 21 3e 95 c6  |...2./......!>..|
+00000360  e4 96 f1 66 d6 af bb eb  d8 d4 17 03 03 00 99 31  |...f...........1|
+00000370  1a 82 6b b3 f2 1d 12 83  7c df 15 6a 5b a8 af 96  |..k.....|..j[...|
+00000380  a3 81 92 59 7a 19 c5 6b  b4 ec e0 90 14 f1 00 ca  |...Yz..k........|
+00000390  0d d5 15 c5 24 49 a7 fc  c2 2f 40 89 61 c1 6d d4  |....$I.../@.a.m.|
+000003a0  da 39 f7 c3 42 50 e2 47  62 b2 5f 2b 91 70 e7 61  |.9..BP.Gb._+.p.a|
+000003b0  57 e0 a3 20 a2 79 1f 18  ce f9 ad 5d ea 87 fa 16  |W.. .y.....]....|
+000003c0  85 4b 50 a0 43 8f 0a 40  d7 93 cf 82 b5 82 6c 11  |.KP.C..@......l.|
+000003d0  b7 cb 7c b2 4d 7d 23 ec  a7 f8 2f b6 69 a8 83 29  |..|.M}#.../.i..)|
+000003e0  4a ff 72 86 8e 05 79 91  a7 ed 4b 3d c8 86 fc 29  |J.r...y...K=...)|
+000003f0  74 1e 88 7b a5 b2 2c 6e  62 08 2e a9 02 c9 05 d8  |t..{..,nb.......|
+00000400  66 db 9c 28 35 79 ed 6f  17 03 03 00 35 24 4d e5  |f..(5y.o....5$M.|
+00000410  81 c9 80 a9 1b c8 a9 20  27 c8 17 b3 0e 42 91 70  |....... '....B.p|
+00000420  cb 4d ac 6f b8 b7 9a 96  94 95 fb ce f1 51 65 21  |.M.o.........Qe!|
+00000430  ff 2c c5 53 42 1c b3 1c  b1 9b 38 1a 1c a0 bf 3c  |.,.SB.....8....<|
+00000440  92 06                                             |..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 01 50 ef 68 27 d6 ec  |..........P.h'..|
-00000010  76 00 e1 c6 ed 3c f6 a1  83 b4 4b 26 28 ba 0f d6  |v....<....K&(...|
-00000020  2a fd f0 4a 10 8f 9c ed  84 3f 0a 0e 5b 77 e2 7d  |*..J.....?..[w.}|
-00000030  1e 03 2a 76 5b 2b 87 78  ad bd 45 8b 03 b3 8d e7  |..*v[+.x..E.....|
-00000040  b7 66 ca 5e 36 f8 53 87  90 3c 1a 33 46 1d 32 4f  |.f.^6.S..<.3F.2O|
-00000050  f1 90 fb 36 da 96 1c 1a  db 9f 9b e6 9f 85 f8 13  |...6............|
-00000060  7d e1 ab e1 ca c6 05 df  15 ea af dd 55 58 c7 5f  |}...........UX._|
-00000070  de 62 1b 93 60 a4 fc 39  0a ef 95 bc 0c ca 8f 84  |.b..`..9........|
-00000080  98 0a 6d 5b fd c6 0c ad  02 7f 0c f8 b4 be fe 5a  |..m[...........Z|
-00000090  fb 22 00 08 09 5d c7 47  76 89 e5 06 d1 90 5b e6  |."...].Gv.....[.|
-000000a0  63 64 06 28 37 d9 1b e9  0d 27 45 f7 72 30 d7 f2  |cd.(7....'E.r0..|
-000000b0  db 8e bf 95 97 29 43 e7  16 bf a0 59 9c fa d9 59  |.....)C....Y...Y|
-000000c0  a0 a6 9b 1f b5 74 80 87  d0 61 2f d5 a5 ac dd b2  |.....t...a/.....|
-000000d0  8d 27 fc e6 68 eb 07 b3  3d 97 a9 93 5b 35 99 e9  |.'..h...=...[5..|
-000000e0  ba 99 fe 49 d6 39 1a 0a  38 98 cd 47 b9 67 9b 9a  |...I.9..8..G.g..|
-000000f0  77 65 45 f8 48 fb d3 1c  0f a2 2e af e0 29 68 bc  |weE.H........)h.|
-00000100  81 24 3b 9b 36 0a ef 51  75 ff 61 6a d4 6c 59 42  |.$;.6..Qu.aj.lYB|
-00000110  54 31 47 e9 02 9e 58 33  9e 89 65 b6 65 db b2 81  |T1G...X3..e.e...|
-00000120  bd c1 f4 0a 34 eb f3 26  f5 8d 36 6d da 78 e6 88  |....4..&..6m.x..|
-00000130  00 8f 92 24 dc 76 e3 95  dc 13 b5 92 91 ee c0 82  |...$.v..........|
-00000140  cb 63 85 b6 59 67 dc 14  2e 2d 58 8e 56 7e 7c db  |.c..Yg...-X.V~|.|
-00000150  2f 54 01 ed 17 8d 9a 97  22 39 7f 17 03 03 00 59  |/T......"9.....Y|
-00000160  a1 f2 0d 19 e7 d8 a8 6d  cd ea f6 82 ee 5d 0a 55  |.......m.....].U|
-00000170  22 61 11 21 f7 b0 1d 86  a8 4d c2 e2 9b ac bb 87  |"a.!.....M......|
-00000180  a2 82 67 ee 78 76 9b e0  c0 00 85 bf 1e 2b ab e6  |..g.xv.......+..|
-00000190  f1 43 79 69 a0 3d 04 b7  d9 7f 31 c7 7a b7 4f 5c  |.Cyi.=....1.z.O\|
-000001a0  9f 62 84 dc f4 6d a1 ce  3d ff 24 88 15 10 4a e6  |.b...m..=.$...J.|
-000001b0  5c 12 68 08 3c 55 a2 a9  d7 17 03 03 00 35 f4 d9  |\.h.<U.......5..|
-000001c0  9f 41 70 39 d4 88 2a 0b  43 c3 78 0f c2 42 48 b8  |.Ap9..*.C.x..BH.|
-000001d0  e5 26 ad e3 72 40 66 d7  a0 5e 5e 0c 6a af 1a 47  |.&..r@f..^^.j..G|
-000001e0  c6 5f 25 ce c9 13 77 60  8f 6e a7 9f bc e3 f9 58  |._%...w`.n.....X|
-000001f0  9c 12 cc                                          |...|
+00000000  14 03 03 00 01 01 17 03  03 01 50 0c e7 45 36 eb  |..........P..E6.|
+00000010  2f a0 d5 c8 d2 75 51 8f  ec 65 b5 3f 5b 6f 80 6e  |/....uQ..e.?[o.n|
+00000020  5f 88 db 8f d0 23 07 57  1b 01 d6 20 ba a2 89 6b  |_....#.W... ...k|
+00000030  a4 f8 fe 67 84 29 13 b1  f8 06 48 34 2c bd 4a b3  |...g.)....H4,.J.|
+00000040  1a 87 e1 79 1f f6 06 4e  5a c6 7f 49 87 b3 22 ea  |...y...NZ..I..".|
+00000050  be 13 44 81 ae be 60 dd  37 37 21 41 a9 e0 47 a8  |..D...`.77!A..G.|
+00000060  2f a5 24 b6 8c 1c f7 f3  b4 41 5c 0f d1 f3 08 6f  |/.$......A\....o|
+00000070  52 8b ef eb c9 0c 3a d0  cd 1a 7e fa e2 25 95 ed  |R.....:...~..%..|
+00000080  8d 62 99 e9 ba 99 e9 57  c8 a2 43 b8 36 0c 8b d7  |.b.....W..C.6...|
+00000090  b2 8b 70 12 d5 7e 36 3a  66 44 a6 66 34 e9 aa df  |..p..~6:fD.f4...|
+000000a0  fd f2 d8 1e 8c b8 2e 42  7d 0e 2d a7 54 7a e3 04  |.......B}.-.Tz..|
+000000b0  6c b3 42 90 88 c3 34 54  21 5d da 0b 58 c9 ee 68  |l.B...4T!]..X..h|
+000000c0  ef fa 4c e9 c1 bd 8e da  ef 68 b5 37 7e df 44 8f  |..L......h.7~.D.|
+000000d0  d5 ef 0a 04 98 e0 94 9c  53 37 bc 0b 34 d5 a1 12  |........S7..4...|
+000000e0  8a dc ad 2b 4e e1 3c 79  9e 9a da 18 3c b7 d8 ee  |...+N.<y....<...|
+000000f0  35 77 79 34 58 6e 98 1e  47 c4 37 a0 6c 2e a0 f6  |5wy4Xn..G.7.l...|
+00000100  e0 2c ff cb 72 18 80 3d  d0 1d 7e 4d b0 39 83 34  |.,..r..=..~M.9.4|
+00000110  3b 8d 9d 79 5f e1 a4 6c  07 62 f0 6e da 2c 0a 0b  |;..y_..l.b.n.,..|
+00000120  00 6a 2b 32 53 6f 14 96  06 2a 56 c5 3d 98 e6 01  |.j+2So...*V.=...|
+00000130  67 fa eb 9b b1 cf 3f e7  42 0e 20 f6 46 4f f1 04  |g.....?.B. .FO..|
+00000140  3b f5 f6 94 dc f1 a0 de  db b3 f6 8b 27 22 0f b1  |;...........'"..|
+00000150  19 9f 1e 66 96 fa e1 c3  58 51 79 17 03 03 00 59  |...f....XQy....Y|
+00000160  09 21 09 52 9a 3a 48 f4  b7 6b 8b f9 26 cc c6 4b  |.!.R.:H..k..&..K|
+00000170  78 1c d6 66 48 9c e4 0e  67 79 ea cf 8f 00 a1 86  |x..fH...gy......|
+00000180  3a 84 8d e0 36 7c 4a a3  5c 75 6a 27 d2 e1 d8 87  |:...6|J.\uj'....|
+00000190  5b 29 80 24 9a 7d 71 23  b8 53 29 4e 45 7e 0f ce  |[).$.}q#.S)NE~..|
+000001a0  43 0e c7 2e 72 13 e2 30  bb 62 12 57 1e 74 59 3b  |C...r..0.b.W.tY;|
+000001b0  f8 2a 83 fb 85 e6 3e b7  7a 17 03 03 00 35 3d d3  |.*....>.z....5=.|
+000001c0  94 02 6e 65 f2 98 8d 45  3e d5 af 22 46 f0 70 3e  |..ne...E>.."F.p>|
+000001d0  d4 90 9c 02 0a f9 8d e6  c7 8f 52 af ab 74 67 12  |..........R..tg.|
+000001e0  6d 8e 25 f8 03 73 02 78  5d 9c 8b 38 68 fe e9 96  |m.%..s.x]..8h...|
+000001f0  c6 83 29                                          |..)|
 >>> Flow 4 (server to client)
-00000000  17 03 03 01 c2 80 69 97  9a 20 30 2a 1c f4 31 f9  |......i.. 0*..1.|
-00000010  0f cf f7 79 c0 01 e1 f3  35 f5 16 a0 33 d6 eb 21  |...y....5...3..!|
-00000020  44 db bc c6 c4 91 6b a6  75 da ca d3 63 78 47 8b  |D.....k.u...cxG.|
-00000030  96 e5 6f 63 2c 77 c0 33  29 d8 3e ee bf 8e 6b d4  |..oc,w.3).>...k.|
-00000040  de f7 1b 0e e6 ae ce cd  17 0d 24 77 10 3d e4 89  |..........$w.=..|
-00000050  06 07 a3 77 68 ac 20 ec  0b ae 47 41 3b 80 4e 95  |...wh. ...GA;.N.|
-00000060  02 aa 13 36 19 03 06 1c  47 b3 f7 f0 4b 6d 5a c6  |...6....G...KmZ.|
-00000070  42 14 95 03 20 c7 46 96  42 d3 18 5a 40 bd a1 03  |B... .F.B..Z@...|
-00000080  b6 d2 8b f9 ff 2d d1 b1  3c 8a 34 af 23 64 31 7d  |.....-..<.4.#d1}|
-00000090  46 47 21 b4 82 16 df a2  a4 0f 96 03 4b 38 3d 5d  |FG!.........K8=]|
-000000a0  d0 d1 78 d1 6e 6a a2 95  c0 a7 e6 ee 07 eb 77 68  |..x.nj........wh|
-000000b0  35 78 72 3e df d9 4b e9  1b ab 34 99 2d fe 52 99  |5xr>..K...4.-.R.|
-000000c0  6e 57 63 13 39 ae 5e ce  b6 43 21 07 fd fe b7 6d  |nWc.9.^..C!....m|
-000000d0  8f 72 a4 f8 7e 0a 56 60  61 d5 5a d4 01 b3 47 8e  |.r..~.V`a.Z...G.|
-000000e0  f0 48 cd 85 61 a3 d2 d1  eb ba 04 39 6b 5e 5f fc  |.H..a......9k^_.|
-000000f0  e3 90 c1 cb 3f 40 30 00  5c 94 df bf 5b 89 6d ab  |....?@0.\...[.m.|
-00000100  15 1e 72 50 ac 56 ee 16  7d 84 4c e6 0c 89 68 fa  |..rP.V..}.L...h.|
-00000110  d5 8d 5f 09 85 25 5f 8c  70 df 0b b7 94 15 40 20  |.._..%_.p.....@ |
-00000120  b1 ff 41 50 5d 9f c6 8a  9b 7f 40 6f dc bd 4f 54  |..AP].....@o..OT|
-00000130  d8 1f e6 f1 44 00 11 97  45 ca 80 bc 15 eb 93 01  |....D...E.......|
-00000140  dd 54 c6 75 7e 08 b9 38  f5 4d 97 c5 50 56 97 3c  |.T.u~..8.M..PV.<|
-00000150  3c 72 9a 33 7c 68 b1 73  2b 38 c7 b8 a8 3c 5d af  |<r.3|h.s+8...<].|
-00000160  a6 3e 12 ef d1 c1 99 36  10 02 af 0c 5b 16 16 7a  |.>.....6....[..z|
-00000170  f5 74 8d ac a4 0f 38 34  ee cd 08 50 e0 33 b0 e1  |.t....84...P.3..|
-00000180  52 e1 5d f2 7d c6 7b 64  c7 46 f6 9e d0 a2 cf 89  |R.].}.{d.F......|
-00000190  3c c9 ab 2f fb 8a f3 ba  78 e9 4c c5 2d 62 32 6b  |<../....x.L.-b2k|
-000001a0  50 4c a0 7e d3 bb 2a 66  57 99 38 69 e8 77 ef 18  |PL.~..*fW.8i.w..|
-000001b0  24 af b3 cb e5 c0 37 a2  97 f6 00 d4 68 8a 71 af  |$.....7.....h.q.|
-000001c0  24 a4 ab 19 07 3b c0 17  03 03 00 1e 60 b4 fc 15  |$....;......`...|
-000001d0  f9 9c b1 a1 60 1a ba f5  1b b9 c1 33 f1 8b e5 c0  |....`......3....|
-000001e0  48 77 4f 11 42 21 ad 8c  d2 d6 17 03 03 00 13 5c  |HwO.B!.........\|
-000001f0  db 07 5e 65 40 58 74 a4  7f ab 5f cc f0 9a 91 0c  |..^e@Xt..._.....|
-00000200  17 3d                                             |.=|
+00000000  17 03 03 01 c2 48 66 ba  b6 48 e4 d9 1a 73 81 09  |.....Hf..H...s..|
+00000010  cc 26 f8 2b bd 70 e7 15  c7 29 ac 30 58 21 ee 0c  |.&.+.p...).0X!..|
+00000020  9b c6 f0 b2 85 23 20 1a  7b ad ce fc 5f b6 ce aa  |.....# .{..._...|
+00000030  af a3 40 52 bf b3 3f 3d  61 a9 14 d1 eb 3c 21 78  |..@R..?=a....<!x|
+00000040  76 4c 94 d8 88 f2 67 54  7a d5 fa bf 38 aa 13 51  |vL....gTz...8..Q|
+00000050  c9 3d d3 0e 49 b8 0c 3a  c9 dc 7b 88 f7 8e 43 11  |.=..I..:..{...C.|
+00000060  e5 76 92 1a b2 58 df a4  43 38 fa 29 23 8b a1 c4  |.v...X..C8.)#...|
+00000070  4b 62 c3 af 07 0a f5 6b  74 cc 13 0a 35 cc d7 9e  |Kb.....kt...5...|
+00000080  88 f2 8f 46 a8 bb 85 c0  27 ff 2b 98 ce 4c 33 f6  |...F....'.+..L3.|
+00000090  c5 4a 82 ca 74 e7 71 b7  48 f0 2c 0d 3a 45 bc 06  |.J..t.q.H.,.:E..|
+000000a0  0c ad 39 81 c4 38 3c 66  2d ad ae cf 2b 3a bd 8f  |..9..8<f-...+:..|
+000000b0  c7 db 2a bc 16 ee 35 99  69 43 36 ce 77 67 6a dc  |..*...5.iC6.wgj.|
+000000c0  d0 01 e9 fa 76 4b c3 12  2d fe 66 70 6e c8 30 fa  |....vK..-.fpn.0.|
+000000d0  43 55 ed dc f1 22 9c 51  80 f8 bc aa 38 94 1e 77  |CU...".Q....8..w|
+000000e0  20 3a c6 18 37 47 21 07  48 c5 b8 87 08 76 0c 78  | :..7G!.H....v.x|
+000000f0  74 c1 dd 8b d8 86 29 57  b5 5e 05 4b 9a 42 b3 c7  |t.....)W.^.K.B..|
+00000100  a2 4d 6a 6b de 81 d8 5a  13 23 f6 9b 3a 2f 92 37  |.Mjk...Z.#..:/.7|
+00000110  3c 95 cf d7 ae 82 2b ef  a3 c0 2f 76 0b d0 32 9f  |<.....+.../v..2.|
+00000120  23 64 fe 42 3d 6c 01 55  60 0c 3d 64 e7 ad aa 2f  |#d.B=l.U`.=d.../|
+00000130  9b 58 13 eb 51 c8 61 73  51 0f b1 cd 00 45 a9 b7  |.X..Q.asQ....E..|
+00000140  78 76 1a 72 2e 0b b7 b6  18 16 0c 22 29 fd 26 b8  |xv.r.......").&.|
+00000150  1c e7 c0 6a d5 5f 8e 6b  f0 83 92 4f 8f 7c a2 3d  |...j._.k...O.|.=|
+00000160  31 2c db 3e f9 c1 4a a3  a6 b6 a2 ec ff f2 db b1  |1,.>..J.........|
+00000170  fb ff 37 ce b7 5a 75 34  91 35 de 45 a2 36 71 05  |..7..Zu4.5.E.6q.|
+00000180  20 65 d3 e4 fa 48 00 c1  25 3f f2 98 e8 0f 32 2a  | e...H..%?....2*|
+00000190  ee c5 60 f6 83 25 40 91  f6 13 0b fe 26 a9 f1 4c  |..`..%@.....&..L|
+000001a0  67 0d e8 c9 25 7e f5 f3  e3 ca 34 c3 e7 0e 4b e1  |g...%~....4...K.|
+000001b0  c8 f4 40 94 69 88 a2 81  75 02 7d 6d d4 6a b3 c3  |..@.i...u.}m.j..|
+000001c0  61 84 17 29 2a e9 90 17  03 03 00 1e 43 69 c6 7c  |a..)*.......Ci.||
+000001d0  1a fa 1a cf bf 78 54 c0  8f b7 8d 83 d8 74 f9 54  |.....xT......t.T|
+000001e0  6a 62 2f b1 68 63 69 b7  46 2e 17 03 03 00 13 08  |jb/.hci.F.......|
+000001f0  49 af 4e 5f f1 e1 8a 7d  20 4e 55 2b 86 4f 03 a0  |I.N_...} NU+.O..|
+00000200  d2 b5                                             |..|
diff --git a/testdata/Server-TLSv13-ClientAuthRequestedAndGiven b/testdata/Server-TLSv13-ClientAuthRequestedAndGiven
index 8ba88ebf..2a608bda 100644
--- a/testdata/Server-TLSv13-ClientAuthRequestedAndGiven
+++ b/testdata/Server-TLSv13-ClientAuthRequestedAndGiven
@@ -1,177 +1,180 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 ca 01 00 00  c6 03 03 56 2e 3c 64 35  |...........V.<d5|
-00000010  b8 7d db 8a 3c f0 93 73  0f 64 8d 84 da b6 59 37  |.}..<..s.d....Y7|
-00000020  22 99 3f 69 16 56 16 39  a2 a9 58 20 7c d3 26 20  |".?i.V.9..X |.& |
-00000030  a0 dc e9 7a 07 71 02 2d  3b 27 85 16 fb 6e 26 e5  |...z.q.-;'...n&.|
-00000040  c3 67 e5 0b bd e5 50 8f  bd 39 6f 2c 00 04 13 01  |.g....P..9o,....|
+00000000  16 03 01 00 ca 01 00 00  c6 03 03 c5 cc 07 79 72  |..............yr|
+00000010  50 61 54 df 90 ab 52 54  06 7d 7b 96 7f 13 5c 3c  |PaT...RT.}{...\<|
+00000020  1f ee fe cf d5 31 0a 58  37 96 02 20 b9 21 2b 29  |.....1.X7.. .!+)|
+00000030  79 05 38 92 c6 fe 41 fa  be d7 98 08 0a e4 12 b7  |y.8...A.........|
+00000040  7a ea 10 5a 0d 1a f2 b4  81 5d 9d 01 00 04 13 01  |z..Z.....]......|
 00000050  00 ff 01 00 00 79 00 0b  00 04 03 00 01 02 00 0a  |.....y..........|
 00000060  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 16  |................|
 00000070  00 00 00 17 00 00 00 0d  00 1e 00 1c 04 03 05 03  |................|
 00000080  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000090  08 06 04 01 05 01 06 01  00 2b 00 03 02 03 04 00  |.........+......|
-000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 f6  |-.....3.&.$... .|
-000000b0  96 06 42 18 9d ae a6 49  01 d1 a5 d3 ee c7 5a ed  |..B....I......Z.|
-000000c0  26 20 c7 d5 e8 3c 58 21  1b 17 28 ea f9 e3 45     |& ...<X!..(...E|
+000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 a3  |-.....3.&.$... .|
+000000b0  b9 ae 31 09 ae 42 2d be  67 66 05 37 52 e0 3a cc  |..1..B-.gf.7R.:.|
+000000c0  44 70 80 ff fe d5 2f 0b  19 d5 15 9f ce a0 35     |Dp..../.......5|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 7a 02 00 00  76 03 03 00 00 00 00 00  |....z...v.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 20 7c d3 26 20  |........... |.& |
-00000030  a0 dc e9 7a 07 71 02 2d  3b 27 85 16 fb 6e 26 e5  |...z.q.-;'...n&.|
-00000040  c3 67 e5 0b bd e5 50 8f  bd 39 6f 2c 13 01 00 00  |.g....P..9o,....|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 b9 21 2b 29  |........... .!+)|
+00000030  79 05 38 92 c6 fe 41 fa  be d7 98 08 0a e4 12 b7  |y.8...A.........|
+00000040  7a ea 10 5a 0d 1a f2 b4  81 5d 9d 01 13 01 00 00  |z..Z.....]......|
 00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 2f  |..+.....3.$... /|
 00000060  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 00000070  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 14  |.........._X.;t.|
-00000080  03 03 00 01 01 17 03 03  00 17 43 8e 41 a4 04 13  |..........C.A...|
-00000090  01 08 9f 6e 1a fd 00 68  38 5c 93 d9 9a f7 1e 36  |...n...h8\.....6|
-000000a0  ea 17 03 03 00 3e 9f ae  80 ef f4 20 66 e7 44 fc  |.....>..... f.D.|
-000000b0  4d a4 3f 0e dc bb 33 47  0f 13 96 fa 03 07 d6 6f  |M.?...3G.......o|
-000000c0  cc 9f 3c fd 01 f5 87 d9  ec c9 d0 fc dd bf c8 5c  |..<............\|
-000000d0  0b 3d aa a7 c6 1d 90 18  d9 a1 1a a0 a1 ea 49 32  |.=............I2|
-000000e0  9e 45 86 f7 17 03 03 02  6d 61 29 fe 45 7e 5c b3  |.E......ma).E~\.|
-000000f0  8a 73 f2 65 c1 90 4e 93  0d 84 b2 bd e4 46 93 c2  |.s.e..N......F..|
-00000100  52 3f 07 38 e7 23 db 25  5e 71 98 a9 7d fd e9 ef  |R?.8.#.%^q..}...|
-00000110  3f 2c d8 9c ae 41 c4 d3  c7 9e d5 6e f0 0c 33 78  |?,...A.....n..3x|
-00000120  98 cf bf 22 3d 1f d0 f3  c8 a2 34 e8 ce 5e 0d 37  |..."=.....4..^.7|
-00000130  52 e2 b8 e3 50 ea 35 3e  e5 59 a0 6d ed 9e 09 36  |R...P.5>.Y.m...6|
-00000140  59 20 33 08 a9 41 f4 72  aa 2d 0c b5 d6 96 d9 04  |Y 3..A.r.-......|
-00000150  1a f1 d8 45 ed 67 ab f9  15 fa 25 ef 6d 87 72 ad  |...E.g....%.m.r.|
-00000160  f0 06 59 a5 8e 61 80 8b  28 f9 a0 df 5b b2 a2 3a  |..Y..a..(...[..:|
-00000170  1c 91 43 18 f4 a2 f3 4e  db dc 24 1b c3 0e 77 22  |..C....N..$...w"|
-00000180  83 ae 88 9f 8e 8d 48 38  f4 60 51 42 fa f2 a4 de  |......H8.`QB....|
-00000190  33 78 35 d0 b6 01 3d 7a  f5 54 68 51 fd 0e 4c 9b  |3x5...=z.ThQ..L.|
-000001a0  92 7c a5 01 96 52 7e de  38 b9 b0 ee 60 1e aa eb  |.|...R~.8...`...|
-000001b0  8c e6 b4 f4 7c 35 d2 0b  9b 83 94 ac ac ce 7e 58  |....|5........~X|
-000001c0  51 6e c3 ae 3b cd f5 85  8a 1e 43 78 19 ee dc a1  |Qn..;.....Cx....|
-000001d0  a3 d0 93 24 0d 3b 6a 4b  cd dc 78 9c 0b 2f bc 41  |...$.;jK..x../.A|
-000001e0  46 2f 64 3c 23 95 04 8b  60 75 bf 4d 45 3b e4 1e  |F/d<#...`u.ME;..|
-000001f0  9c 5b 1a 46 bb f3 4d a9  1b 59 33 b4 40 78 bd ff  |.[.F..M..Y3.@x..|
-00000200  30 7d d4 cc 5e 83 03 de  8d a3 a6 27 b4 bc 12 6e  |0}..^......'...n|
-00000210  5e f2 88 e8 b6 60 f3 01  e8 4a 53 c7 a9 fc a1 cc  |^....`...JS.....|
-00000220  27 45 c1 06 90 38 9a fb  1b 2a 9e ed 9e f6 19 85  |'E...8...*......|
-00000230  dd f7 8a 7f 95 08 3a 25  c0 5b 63 96 44 71 c2 16  |......:%.[c.Dq..|
-00000240  9c e1 10 69 e5 6a 5c 4a  e8 2a ed 6f bd de f5 98  |...i.j\J.*.o....|
-00000250  c0 a0 c5 54 7c cc 06 11  b2 54 1a c3 b4 46 c2 b4  |...T|....T...F..|
-00000260  97 d8 9c 7d f1 f3 d4 6f  3c a0 ef 18 c5 a6 e9 13  |...}...o<.......|
-00000270  e9 f4 9d bf 9b 25 a2 da  c6 ba 7a 6d 91 fd 41 a4  |.....%....zm..A.|
-00000280  e8 88 e3 79 2c 99 df 4d  21 48 89 57 5a bf 2a 2d  |...y,..M!H.WZ.*-|
-00000290  72 4e 1e 3a e8 c9 82 7b  c0 ff 6b 7c e8 8f 41 bf  |rN.:...{..k|..A.|
-000002a0  83 19 9e 96 d1 3f 2b 60  8f 7f 0b f8 6c 70 82 dd  |.....?+`....lp..|
-000002b0  34 da 91 62 17 20 e9 99  2e e2 a9 9a 9d fd 5d f8  |4..b. ........].|
-000002c0  a5 c0 ac e8 a3 df 11 b5  df 2c bd e1 e8 0f 7e 0a  |.........,....~.|
-000002d0  f2 47 4c 92 33 7b 6b 49  e5 30 31 8b 2e 16 81 3e  |.GL.3{kI.01....>|
-000002e0  79 25 f7 d7 d2 8f 5e e6  e3 2d ed 0d e1 08 97 13  |y%....^..-......|
-000002f0  f3 ce 7d b1 36 0d 7c b0  4f 23 6b 12 ef 3a a4 8b  |..}.6.|.O#k..:..|
-00000300  b5 d0 c9 ee 48 77 70 28  61 ff ad 49 f6 48 4c 37  |....Hwp(a..I.HL7|
-00000310  7b 00 c4 01 5d 8b 54 bc  44 5c 5f 98 6f 7d 84 84  |{...].T.D\_.o}..|
-00000320  c8 d0 55 88 f9 17 f6 02  f1 84 b6 3c 1a 03 e8 7b  |..U........<...{|
-00000330  b9 4e 24 c6 d8 0a f6 8c  b9 49 c6 10 38 53 e1 10  |.N$......I..8S..|
-00000340  8f 91 cd 39 9a 3a e8 c7  10 f3 c3 91 84 3c 8c a6  |...9.:.......<..|
-00000350  55 ab f4 f5 ab e7 17 03  03 00 99 e5 40 f6 35 34  |U...........@.54|
-00000360  2d 42 3e 7f e1 51 26 56  50 4e 60 b0 2f 65 e3 cd  |-B>..Q&VPN`./e..|
-00000370  c7 08 0e 96 77 08 c7 f6  4f e6 70 90 bc 80 95 e7  |....w...O.p.....|
-00000380  b2 df 98 83 94 4d 9e 5c  8a af d3 45 da e9 d7 fa  |.....M.\...E....|
-00000390  d8 d2 60 f8 b1 06 d9 27  64 45 4d e8 d3 07 8a bb  |..`....'dEM.....|
-000003a0  72 7a c6 71 00 7e 8b b0  2b 7d d0 f7 ab 1a bf d2  |rz.q.~..+}......|
-000003b0  50 be a9 3a 0c 68 b8 48  9a 91 ee db 26 4d d3 66  |P..:.h.H....&M.f|
-000003c0  5b 00 ef c3 cc b8 f2 4e  1e 51 c7 9b 34 3c e3 01  |[......N.Q..4<..|
-000003d0  7f 75 4e 41 e4 56 34 ec  14 92 0f 1e 6d dd 51 9a  |.uNA.V4.....m.Q.|
-000003e0  e0 8b 33 54 df 77 1f ff  d3 72 67 4c 62 16 b7 f8  |..3T.w...rgLb...|
-000003f0  4f 8f f8 ee 17 03 03 00  35 b7 83 d2 27 a3 15 f2  |O.......5...'...|
-00000400  75 55 aa 06 8c 5f c4 fa  0f 43 88 c9 c5 e3 c7 36  |uU..._...C.....6|
-00000410  40 6b 35 0b 7e 60 a1 1e  48 ef 46 2c d6 e4 48 80  |@k5.~`..H.F,..H.|
-00000420  91 b0 e5 3b c0 58 5d fe  5d bd 0a 6c 19 ea        |...;.X].]..l..|
+00000080  03 03 00 01 01 17 03 03  00 17 4d 00 8b d1 bc 63  |..........M....c|
+00000090  c3 8c af c4 0f 2e 36 78  8d 2b 52 32 f6 2c 29 0e  |......6x.+R2.,).|
+000000a0  17 17 03 03 00 52 aa 37  4e 5d 56 9a 8d 72 e7 77  |.....R.7N]V..r.w|
+000000b0  f1 b7 0c 0b be 7d 63 92  58 0f 09 d7 a0 36 12 75  |.....}c.X....6.u|
+000000c0  c9 0d ec d8 44 b4 8f ad  dd a1 84 58 3f 0a 7c 47  |....D......X?.|G|
+000000d0  0b c1 6f 56 7a 90 bf 82  6d 29 22 8b b3 50 03 ea  |..oVz...m)"..P..|
+000000e0  18 96 5e f5 1b f0 67 7d  10 c8 3f a4 f5 44 84 b3  |..^...g}..?..D..|
+000000f0  f3 af 3e f2 b3 93 a1 57  17 03 03 02 6d 54 0a b5  |..>....W....mT..|
+00000100  be 3f e0 77 de 6f e3 d7  83 60 2e 17 94 77 fb e1  |.?.w.o...`...w..|
+00000110  11 e8 8d 22 1a 7b ac 36  94 35 d5 29 e5 fa 9e 07  |...".{.6.5.)....|
+00000120  62 87 34 f8 b4 c5 ae d5  ee 84 76 c8 fd 30 cf a8  |b.4.......v..0..|
+00000130  b1 a4 fe 42 12 e1 36 80  05 76 e2 d2 04 2b 6e c7  |...B..6..v...+n.|
+00000140  0d 7d dc 99 de 3d 62 41  2f 3c c2 78 22 ec 6f 37  |.}...=bA/<.x".o7|
+00000150  ab 0d 03 22 fe fc f4 82  41 49 44 fd 0a 02 4a 79  |..."....AID...Jy|
+00000160  bd 5b 40 63 46 58 cd 84  b6 cf 46 c3 31 68 38 2a  |.[@cFX....F.1h8*|
+00000170  cf e0 3f ee de 06 ee de  f8 e8 3e 37 ab 92 a6 9b  |..?.......>7....|
+00000180  0a f3 a8 64 6a 81 86 5d  ed e3 a2 8c d0 0f 09 1e  |...dj..]........|
+00000190  ba e9 b0 6f 6b 1e 32 be  03 de 97 81 e0 42 ad 6e  |...ok.2......B.n|
+000001a0  f6 af bd 12 7a 2f f4 41  63 c4 f4 6a 61 8c e5 d4  |....z/.Ac..ja...|
+000001b0  60 99 f2 d5 92 54 2f 28  ee 3f 9b ab fa c1 51 9b  |`....T/(.?....Q.|
+000001c0  f5 6b d1 d6 6d b1 17 28  95 5f 3c cc e4 41 bf 9b  |.k..m..(._<..A..|
+000001d0  c5 6e 29 4b 39 f8 ad b0  fe 51 4c 2b 92 76 ce 22  |.n)K9....QL+.v."|
+000001e0  ee 5c 9e ad 0e 50 12 3d  2a a0 7a 6d a1 63 18 f7  |.\...P.=*.zm.c..|
+000001f0  f2 a0 2a b7 b6 c9 f3 60  54 47 a8 90 dd 90 7d c3  |..*....`TG....}.|
+00000200  6e f8 58 1c 28 e7 21 b4  52 33 da 67 67 2b b1 51  |n.X.(.!.R3.gg+.Q|
+00000210  b0 41 97 a3 1f 9b cd c8  28 63 c9 f5 e5 d1 a3 3f  |.A......(c.....?|
+00000220  ac 1c 39 2e 72 1b e5 16  4d 8c b1 6b 4c 35 07 e9  |..9.r...M..kL5..|
+00000230  24 a4 98 fb 67 75 4b 76  b7 2d cc 35 d9 a4 db 74  |$...guKv.-.5...t|
+00000240  96 56 96 e0 74 8e f9 4a  45 19 30 57 a0 22 27 a9  |.V..t..JE.0W."'.|
+00000250  d9 34 d7 73 f0 16 87 e5  be 8e b3 d2 53 f2 9c 19  |.4.s........S...|
+00000260  c1 0a df 07 e7 e8 30 fb  44 ac 34 13 2b 22 4c a2  |......0.D.4.+"L.|
+00000270  00 da 45 fc 95 1f 83 a0  c9 fa b3 b9 16 95 83 0f  |..E.............|
+00000280  a9 fa ae 2f b7 bc a1 55  d2 ab 2d 31 af 39 c2 82  |.../...U..-1.9..|
+00000290  f7 bf 9a 9a 5c e6 61 d7  f2 9c d0 b5 53 85 58 cf  |....\.a.....S.X.|
+000002a0  9d 2e 50 eb 46 a1 a4 a0  aa c4 44 66 f7 61 41 0f  |..P.F.....Df.aA.|
+000002b0  75 68 36 76 11 7d 1e d7  be 0f a4 7a a8 bb 9e 26  |uh6v.}.....z...&|
+000002c0  a9 7b ea 30 14 51 37 78  58 2a 92 e2 2c d3 9e 27  |.{.0.Q7xX*..,..'|
+000002d0  86 92 83 a0 bc e8 50 ed  da 9c 06 f4 d8 3c d5 6c  |......P......<.l|
+000002e0  a5 3a cc 1a ce 00 55 30  20 74 ad 17 5c bd 98 2d  |.:....U0 t..\..-|
+000002f0  1f 11 e7 38 99 2d b4 fc  1c 42 c9 ae f1 af 46 3e  |...8.-...B....F>|
+00000300  67 13 d2 31 16 34 fd e9  26 7c dd bb a0 25 10 7d  |g..1.4..&|...%.}|
+00000310  ca 94 20 6a b9 10 b7 94  0d 26 31 46 f2 bf 45 a8  |.. j.....&1F..E.|
+00000320  ed 8f 08 15 7d db dd 3a  ad 45 9f bd 32 8d ff 80  |....}..:.E..2...|
+00000330  c6 1f bf 57 5e a0 dc 74  3c 8a b3 8f 03 ef a1 ef  |...W^..t<.......|
+00000340  12 65 2c c3 16 4f bc 63  3b 62 ab fa ae 9f d1 84  |.e,..O.c;b......|
+00000350  79 80 25 04 bc e0 f9 70  98 e1 8c 15 55 ba cf a3  |y.%....p....U...|
+00000360  0a 24 64 8c 3a b2 b7 a8  04 c1 17 03 03 00 99 c0  |.$d.:...........|
+00000370  87 16 ce 52 d1 e9 83 f3  46 02 91 89 a1 6d 24 17  |...R....F....m$.|
+00000380  dc 6a 05 bb c2 fb bd 93  94 05 60 8c 6c 47 f6 4a  |.j........`.lG.J|
+00000390  d8 ad 42 99 8b 77 92 91  f3 58 1e 10 3b 59 b1 19  |..B..w...X..;Y..|
+000003a0  55 2c 3b f2 5b f3 e5 67  b2 e1 9c a8 68 dd 0e b9  |U,;.[..g....h...|
+000003b0  67 c4 61 63 b3 bc 15 7b  d6 76 7d 44 42 46 57 96  |g.ac...{.v}DBFW.|
+000003c0  b3 10 40 39 2b 8c d5 fa  cf a0 32 c0 d5 1a aa 96  |..@9+.....2.....|
+000003d0  95 3b d5 55 fe 06 d2 34  31 7c 29 95 86 ac 7e f5  |.;.U...41|)...~.|
+000003e0  e6 6b 7d a6 b5 52 37 2d  02 56 b8 12 66 33 67 80  |.k}..R7-.V..f3g.|
+000003f0  14 5f 78 b3 a3 bf fc 4f  cb 16 82 4e f5 c4 1b a1  |._x....O...N....|
+00000400  33 3e 6c ed df 7b 4d 0b  17 03 03 00 35 dd de ca  |3>l..{M.....5...|
+00000410  4d 9e 09 ba 14 09 72 72  23 9f 3c 7e 2c 46 e5 5e  |M.....rr#.<~,F.^|
+00000420  50 a2 21 02 f7 03 4b 76  ab 4c a8 0b a2 b3 9b 7a  |P.!...Kv.L.....z|
+00000430  fc b9 5d a2 ac 0b c3 55  15 b8 b8 23 2b 61 46 00  |..]....U...#+aF.|
+00000440  1c 5c                                             |.\|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 11 9e 9e cf 44 84  |..............D.|
-00000010  df e7 23 47 2d 4e 85 fa  f2 02 2a 79 4d 3a 3d df  |..#G-N....*yM:=.|
-00000020  48 95 2e d7 0d 3c d0 05  fc bf bb 23 0a 25 59 76  |H....<.....#.%Yv|
-00000030  fd 04 f8 f0 81 88 85 9f  99 f0 55 91 9a 79 8a 39  |..........U..y.9|
-00000040  f4 6e 49 92 be ed 1d d1  20 19 77 bc 55 9b b0 da  |.nI..... .w.U...|
-00000050  d1 c4 9f b5 2f 5c 1a 60  38 e1 92 9b f9 a1 97 6b  |..../\.`8......k|
-00000060  1b d0 d0 d0 05 7a 41 26  d4 6b 12 a0 b3 c6 33 13  |.....zA&.k....3.|
-00000070  4f 74 10 d6 91 fb b0 69  46 46 ca de 7c 05 d6 62  |Ot.....iFF..|..b|
-00000080  51 23 12 58 00 ff 25 8e  c8 5f 54 85 f4 2f e9 f9  |Q#.X..%.._T../..|
-00000090  f1 1e 32 b9 f1 a6 fb 90  9b a9 65 d2 c9 ea a7 1a  |..2.......e.....|
-000000a0  e8 c9 a8 bb 7e 3d 3f 03  62 fc f4 06 a4 a2 f7 41  |....~=?.b......A|
-000000b0  60 f5 f1 df 3e d6 31 51  f4 dc b1 d3 60 4b 84 4f  |`...>.1Q....`K.O|
-000000c0  99 e2 9f b2 f0 d5 fd b2  f3 5c 24 5f 91 a6 94 cd  |.........\$_....|
-000000d0  37 61 91 4e cc ae cd c1  b5 cc 58 5f 9a 91 a1 13  |7a.N......X_....|
-000000e0  23 42 8a c5 27 4c 66 32  69 9c 75 9f 2a ed 73 1d  |#B..'Lf2i.u.*.s.|
-000000f0  29 2e 36 50 34 b4 80 d2  08 e6 9f c6 3e da df 9f  |).6P4.......>...|
-00000100  e0 2a 08 88 47 b6 d3 ff  f7 6c 6c 91 1a 8e 53 89  |.*..G....ll...S.|
-00000110  53 6c b8 d7 83 37 ab 03  59 e6 4f 41 42 af d4 f9  |Sl...7..Y.OAB...|
-00000120  ac 9d ae d1 77 f1 71 79  a0 16 c4 c7 b5 a6 a9 9f  |....w.qy........|
-00000130  59 da 55 fb c5 88 8c 13  04 c2 06 39 8f ae 7e ca  |Y.U........9..~.|
-00000140  99 ce cd aa 86 0a 00 bd  56 f1 98 d9 c8 d2 c1 c0  |........V.......|
-00000150  df 16 c2 6f 78 da 66 3f  cc 43 c7 38 33 1b 3b 5b  |...ox.f?.C.83.;[|
-00000160  f8 7e d8 b7 ef 4c 6d c7  f6 84 56 8d 76 f7 0d 83  |.~...Lm...V.v...|
-00000170  94 e6 ad c5 f3 05 5c f4  17 69 d5 83 98 c3 43 8e  |......\..i....C.|
-00000180  9f a5 5c 7b 12 ea f4 1f  39 ce 0d 83 15 b1 e6 ce  |..\{....9.......|
-00000190  c1 35 9b 8c ec c6 d2 d7  f9 02 36 90 24 f4 3a 70  |.5........6.$.:p|
-000001a0  ce bb 8d bb 4b b2 aa 64  f0 b5 c0 88 cc 06 e3 9c  |....K..d........|
-000001b0  f7 70 64 fd 5d 48 f5 c8  07 48 c2 09 c4 07 56 b9  |.pd.]H...H....V.|
-000001c0  86 e9 d6 7b dc ac a5 00  2c 1d 80 8f 47 f2 c4 c7  |...{....,...G...|
-000001d0  ab dc 7b 41 7b 3d 47 db  09 12 02 9f 1b 63 e7 cc  |..{A{=G......c..|
-000001e0  38 1d 33 56 e0 ae 63 7a  95 73 5f e6 da 13 53 49  |8.3V..cz.s_...SI|
-000001f0  5f 69 e9 ff 86 26 bd 9a  dd be 5c 75 e7 69 66 b4  |_i...&....\u.if.|
-00000200  27 3f 79 d2 2e 8e 79 9e  89 42 58 20 a2 ca 8c 2a  |'?y...y..BX ...*|
-00000210  37 b8 99 81 66 3a 31 66  1a 95 4c 47 17 03 03 00  |7...f:1f..LG....|
-00000220  99 66 08 07 06 6d 95 fe  f1 72 2a 7c de 84 06 b0  |.f...m...r*|....|
-00000230  3d d7 d1 6b 47 0e 4d fb  9e ab 55 f7 71 c5 5d 11  |=..kG.M...U.q.].|
-00000240  cb c7 fb 45 90 9d 22 eb  ec 03 d6 ce 8c 01 ff 81  |...E..".........|
-00000250  a2 90 23 1d 7a f3 cb 16  76 a5 05 57 77 f6 af f0  |..#.z...v..Ww...|
-00000260  29 6c 6c 39 9e 99 55 c0  38 c3 31 68 49 b3 bf cc  |)ll9..U.8.1hI...|
-00000270  31 e2 6d a4 4c e7 99 53  2f 31 3f 05 2c 7c 1b 10  |1.m.L..S/1?.,|..|
-00000280  60 ce 8b 60 47 16 eb e5  8b be 1b 7a 95 b9 3c 60  |`..`G......z..<`|
-00000290  1c d6 b5 13 5f ad b9 bb  13 dd d6 08 8e 70 cb 2a  |...._........p.*|
-000002a0  26 3e df ce 7c 21 e5 27  7e 27 ec 75 b6 47 a0 89  |&>..|!.'~'.u.G..|
-000002b0  2e e1 3c ab 0d 72 90 d1  d5 07 17 03 03 00 35 82  |..<..r........5.|
-000002c0  6b 48 4a 9a 63 16 07 8f  b2 d3 4a 65 7d e0 c4 e8  |kHJ.c.....Je}...|
-000002d0  27 3e ce 4a 0a c8 63 e0  f9 70 98 c0 6a 12 39 ec  |'>.J..c..p..j.9.|
-000002e0  e1 52 de 73 58 2d f0 7c  bc 8d 41 16 be 89 a0 88  |.R.sX-.|..A.....|
-000002f0  56 e5 ef f6                                       |V...|
+00000000  14 03 03 00 01 01 17 03  03 02 11 79 f8 bd a7 4e  |...........y...N|
+00000010  90 84 77 6f d1 a8 95 67  b7 0b e2 7a 4e 16 e9 ca  |..wo...g...zN...|
+00000020  1c f3 31 df a8 0e 99 02  c0 09 68 de 6a bb c2 bd  |..1.......h.j...|
+00000030  19 10 30 65 e6 5d d1 43  e2 aa 81 ba ea 3d 30 9a  |..0e.].C.....=0.|
+00000040  bb a8 66 ef 91 d1 1d 4c  cd 93 97 19 f5 b7 52 1f  |..f....L......R.|
+00000050  c3 4b f8 dd 2f 39 53 54  68 06 dd 90 c1 75 57 9a  |.K../9STh....uW.|
+00000060  d6 9d c5 79 36 f9 5e bc  c6 9b b8 bd 3d 14 40 71  |...y6.^.....=.@q|
+00000070  a8 db 5c a8 d0 28 f3 a6  c1 37 29 c1 38 3f a3 51  |..\..(...7).8?.Q|
+00000080  29 5c 01 eb 5c 7e c7 09  e6 2b fd 48 6f 53 77 25  |)\..\~...+.HoSw%|
+00000090  c8 55 bb fd 68 21 a4 f0  f8 0e 52 41 97 81 20 78  |.U..h!....RA.. x|
+000000a0  5e b8 77 3e 4e 6c 0a b1  32 98 2e d4 58 dd 64 fa  |^.w>Nl..2...X.d.|
+000000b0  8a 3e ba ea 79 67 c1 01  97 d2 5c d6 09 81 57 b0  |.>..yg....\...W.|
+000000c0  fa c3 b8 3d 91 ee 7e 06  47 a8 3e 7b 59 74 14 44  |...=..~.G.>{Yt.D|
+000000d0  29 28 29 1f 52 00 b8 31  4f ae 60 d5 18 72 fb a7  |)().R..1O.`..r..|
+000000e0  21 0f 79 73 d8 e2 5c 6b  b7 aa 78 53 f0 83 b5 ec  |!.ys..\k..xS....|
+000000f0  89 fc d0 fd 84 2e f6 3b  65 1d ac fe e8 75 10 f6  |.......;e....u..|
+00000100  52 01 7f 5a 67 6d 1c 1d  82 4d eb 9d 2f fa 54 4e  |R..Zgm...M../.TN|
+00000110  0f 05 c8 d0 c3 50 6b cb  15 f0 27 5e 1d 15 b4 60  |.....Pk...'^...`|
+00000120  85 bc b0 0e 54 3a 10 54  f9 4c 43 db 57 74 96 4b  |....T:.T.LC.Wt.K|
+00000130  12 1c c8 1b 4c b7 d6 44  e7 df 95 9b 1d 28 cc d0  |....L..D.....(..|
+00000140  20 a5 9f 28 5d da 20 1a  46 42 1c b5 88 81 6b 3e  | ..(]. .FB....k>|
+00000150  0f 7b 37 5f b8 8e e5 b8  57 3c e7 03 6f 4f be 83  |.{7_....W<..oO..|
+00000160  5a 3a a9 46 c6 e9 42 68  4f 10 38 bc ba 4d 67 7b  |Z:.F..BhO.8..Mg{|
+00000170  19 9a b0 bd ce 9a 8f 21  ff eb 82 59 a6 2f 0a 0f  |.......!...Y./..|
+00000180  b2 eb 76 c0 e2 dc 3f f4  3b c5 26 d3 7e 8c ed c3  |..v...?.;.&.~...|
+00000190  5d 0f 80 56 a0 07 76 88  4c ab 04 3c aa 8a 44 65  |]..V..v.L..<..De|
+000001a0  a7 5a 7b 31 29 5f 41 b8  12 c0 c0 f1 cd 95 08 0e  |.Z{1)_A.........|
+000001b0  f7 89 a0 af 91 e6 52 14  5a 2b 39 c5 c6 4e b7 72  |......R.Z+9..N.r|
+000001c0  93 e2 a7 6f 00 b4 57 9b  20 e4 90 b9 57 f0 67 40  |...o..W. ...W.g@|
+000001d0  e3 87 7d f6 6b f6 87 91  7f f6 3b 99 f2 93 b3 35  |..}.k.....;....5|
+000001e0  e7 d4 fe 7c 1c b7 08 4a  00 de 7c 6c 85 df 2d 37  |...|...J..|l..-7|
+000001f0  3b 69 62 18 c6 f9 e0 e3  6e 1d 30 cd 35 7d 83 5c  |;ib.....n.0.5}.\|
+00000200  1d 0c d8 61 df 4b f3 20  77 81 b1 9e 5f 84 79 44  |...a.K. w..._.yD|
+00000210  93 b6 30 60 2d 76 4e 6d  4d 18 3a 21 17 03 03 00  |..0`-vNmM.:!....|
+00000220  99 30 99 a3 ff 5c 70 58  5a d7 f0 ec 97 a0 d9 b8  |.0...\pXZ.......|
+00000230  9e 98 08 f6 ec 87 48 3b  c6 46 c2 45 c4 29 ab 08  |......H;.F.E.)..|
+00000240  f2 ee 94 4d 89 c9 19 b4  0d b0 f6 df f7 a5 8d 4b  |...M...........K|
+00000250  2f 53 62 b8 ee 4c 8a cf  81 be fb 7e 16 2f ec f3  |/Sb..L.....~./..|
+00000260  03 49 18 93 dc d3 53 67  fc a2 03 f8 f6 ab 26 87  |.I....Sg......&.|
+00000270  92 32 7c 06 1a 12 14 29  cf a2 43 e4 36 04 2c ad  |.2|....)..C.6.,.|
+00000280  68 ea 5f 5a d2 83 81 d7  96 7d 8c 2e 9a 98 14 56  |h._Z.....}.....V|
+00000290  a7 a3 23 69 d5 fd 21 9e  2f 81 43 2b 8a ad 2e c9  |..#i..!./.C+....|
+000002a0  50 a8 a5 5c 28 b3 a0 62  c0 95 78 92 f7 3b 7b c0  |P..\(..b..x..;{.|
+000002b0  1c a9 29 c4 34 28 39 c4  0b ef 17 03 03 00 35 8d  |..).4(9.......5.|
+000002c0  35 f3 1d 55 34 aa 92 ff  8f e6 2e c2 9b 2f c6 c8  |5..U4......../..|
+000002d0  29 69 66 08 db fb 6f b5  22 4e bf 62 35 43 6c 72  |)if...o."N.b5Clr|
+000002e0  c6 2a c4 57 8c a9 42 2c  b8 5e 82 25 b2 92 aa 82  |.*.W..B,.^.%....|
+000002f0  77 5f a4 1f 17 03 03 00  13 cc 12 01 75 9c 9f d3  |w_..........u...|
+00000300  3f 17 17 a8 b8 8b b3 ae  dc f6 08 34              |?..........4|
 >>> Flow 4 (server to client)
-00000000  17 03 03 02 83 ce c4 10  39 1a fe 62 a2 ff 27 6d  |........9..b..'m|
-00000010  b7 e3 1d d6 8e b8 a2 7e  f5 30 87 35 16 41 fb 04  |.......~.0.5.A..|
-00000020  3c 79 9e 02 9b 06 4c a7  ba 01 5b cf 94 bc c8 08  |<y....L...[.....|
-00000030  15 03 91 2c 24 34 17 a4  60 dc a5 72 04 5d 78 49  |...,$4..`..r.]xI|
-00000040  4c 2f e4 6a df 1c 38 fe  b2 8c 61 5e a8 ac 3e d1  |L/.j..8...a^..>.|
-00000050  58 7d fe c1 e3 78 79 31  48 d2 74 c0 8d 17 97 6f  |X}...xy1H.t....o|
-00000060  30 bb 8a 2c 8c d4 76 3d  3f f0 20 24 3d 5a 21 0c  |0..,..v=?. $=Z!.|
-00000070  37 7b 14 45 e6 69 db ed  52 50 a0 77 e9 a2 84 59  |7{.E.i..RP.w...Y|
-00000080  0c 96 c1 ad 48 ed 8d 9f  00 4d f2 15 86 71 c0 fa  |....H....M...q..|
-00000090  14 b9 77 cb 9f 04 d9 1b  be da 68 8e 31 8f 25 14  |..w.......h.1.%.|
-000000a0  f5 43 bd e5 6e c5 10 ab  f7 68 22 7f c2 ba 5c a6  |.C..n....h"...\.|
-000000b0  88 31 c0 a5 fb 63 05 95  52 b3 04 94 14 fe eb 0c  |.1...c..R.......|
-000000c0  53 a0 c2 bf ae 58 e3 f9  84 22 6b ca 95 33 12 80  |S....X..."k..3..|
-000000d0  09 e2 97 b0 2b 4b ed fa  34 e1 5a b1 de 52 b1 2c  |....+K..4.Z..R.,|
-000000e0  a0 aa 11 d6 fa 07 e1 41  ed 36 9f 9a 1a 56 18 b0  |.......A.6...V..|
-000000f0  ef e7 85 dc 5b 53 23 56  c2 ac 34 64 c8 9d 4b 49  |....[S#V..4d..KI|
-00000100  6d 29 7e 4b 73 4f 0b 8e  30 86 87 ea cf 1c dd 62  |m)~KsO..0......b|
-00000110  c0 a4 96 aa fe 41 e7 25  94 8e 08 b5 4d 42 26 d3  |.....A.%....MB&.|
-00000120  ba 84 98 bf 27 2b d5 3d  37 b9 b1 b5 24 33 e3 4d  |....'+.=7...$3.M|
-00000130  3f 05 38 54 fe 2c 15 63  20 2e 70 c0 c6 da 0e 89  |?.8T.,.c .p.....|
-00000140  b6 99 07 db e3 7c 3e 58  d0 a3 2b 50 c4 f3 21 92  |.....|>X..+P..!.|
-00000150  62 e0 e9 b5 d4 7a 6b 23  a2 05 ef 9c f5 f5 05 57  |b....zk#.......W|
-00000160  cd d4 4d 0a 2f 17 ca ac  fc 9d 7e 60 ec 3c 80 8c  |..M./.....~`.<..|
-00000170  1f 99 da b7 f6 14 7a e1  86 76 50 8d f8 6b 92 24  |......z..vP..k.$|
-00000180  f2 b7 82 fa 3c 9b 14 af  0f 37 40 ae 7f 10 f5 0a  |....<....7@.....|
-00000190  f2 0f 0f bd 01 b7 0a f7  b6 d0 7f cf bf e6 67 55  |..............gU|
-000001a0  cc 36 af a6 d8 c4 ca 80  c7 af 35 ff 6e 83 56 30  |.6........5.n.V0|
-000001b0  62 26 49 bb 1a 04 8b 39  10 7b 0f 09 19 2b 0f 95  |b&I....9.{...+..|
-000001c0  08 9d c8 85 3b 5d 8c 97  16 ae cd 92 00 d5 3e 50  |....;]........>P|
-000001d0  54 66 85 8f 42 9b 60 3d  f8 99 ca c7 07 3b 51 18  |Tf..B.`=.....;Q.|
-000001e0  d5 20 37 57 35 0a d8 c6  13 0f 48 94 8f 50 7d 0e  |. 7W5.....H..P}.|
-000001f0  5a f0 98 b2 5d 5f 46 fb  ba 85 c8 4f ba 02 19 86  |Z...]_F....O....|
-00000200  0b ef 4a 04 49 1f 06 cd  be dc d5 32 74 14 d8 60  |..J.I......2t..`|
-00000210  17 a5 b5 a2 70 8e b1 75  29 bc e0 02 e0 a2 1c 7b  |....p..u)......{|
-00000220  58 cd 96 69 84 0f 95 7b  78 3e 09 72 a6 e0 50 7e  |X..i...{x>.r..P~|
-00000230  76 b0 7b 44 11 9b b8 7e  7d 09 49 91 75 5b 9b 6f  |v.{D...~}.I.u[.o|
-00000240  42 a4 e6 54 4d c6 21 65  c4 64 7d c6 29 74 13 8d  |B..TM.!e.d}.)t..|
-00000250  69 5f 20 8c f1 88 e8 1e  2d c3 13 d5 f5 52 70 24  |i_ .....-....Rp$|
-00000260  de ec 64 c7 00 3f 57 e2  3f c4 23 fe e9 65 e6 d9  |..d..?W.?.#..e..|
-00000270  92 ae f0 2f 05 4d 01 72  be 0d 7d c0 f4 30 ac 69  |.../.M.r..}..0.i|
-00000280  3c 7c c1 72 c1 b7 c4 c9  17 03 03 00 1e 73 8f 48  |<|.r.........s.H|
-00000290  cf 34 35 31 9b 63 59 59  1b 23 e1 6b b2 3a 0f df  |.451.cYY.#.k.:..|
-000002a0  21 69 8e 73 1a 61 09 5b  82 c7 78 17 03 03 00 13  |!i.s.a.[..x.....|
-000002b0  4f a0 ab 25 3f a4 85 9e  78 58 69 d2 2c c3 b6 df  |O..%?...xXi.,...|
-000002c0  32 4a 7f                                          |2J.|
+00000000  17 03 03 02 83 63 68 c7  ae a5 c2 03 56 49 d3 13  |.....ch.....VI..|
+00000010  45 f0 de 02 20 70 1a cb  a5 cc 6f fa 0e 4b 28 65  |E... p....o..K(e|
+00000020  4f 6d 76 2e b0 61 cf fe  be 43 82 02 44 06 e4 1e  |Omv..a...C..D...|
+00000030  91 0c 64 1b 0e 58 53 c0  15 84 e8 6a 23 64 a1 cb  |..d..XS....j#d..|
+00000040  cd af e6 98 c1 c2 10 23  2b dd 54 9c ff d8 11 af  |.......#+.T.....|
+00000050  41 0c 88 7b 77 5c 12 47  7e f9 61 97 d6 f4 65 a7  |A..{w\.G~.a...e.|
+00000060  5e 9c 06 0e 8a 96 5a 4c  60 f9 ce fb 52 a6 61 44  |^.....ZL`...R.aD|
+00000070  7a d1 41 54 10 51 b6 26  d4 18 fb 37 75 55 7f 18  |z.AT.Q.&...7uU..|
+00000080  10 39 ea b1 f7 d5 8f 3a  a4 e8 d8 be f5 2f c2 90  |.9.....:...../..|
+00000090  1a dd bc d7 50 b7 0e 7e  c8 71 88 8f a0 04 34 2d  |....P..~.q....4-|
+000000a0  6f 35 f5 3f 43 08 1d 28  c7 30 db 8e c0 6c cd 14  |o5.?C..(.0...l..|
+000000b0  93 10 fc b4 58 43 92 6d  a3 3c 2e 87 71 12 70 c5  |....XC.m.<..q.p.|
+000000c0  ec f8 64 5a 28 ee 3c 67  05 f4 00 f8 16 11 a6 49  |..dZ(.<g.......I|
+000000d0  ff 54 ee 27 a7 9e 01 c6  3d 8a e0 8f 7f 2c d7 90  |.T.'....=....,..|
+000000e0  99 68 98 38 1c d2 ac 71  32 90 e6 cd 05 7c b8 b5  |.h.8...q2....|..|
+000000f0  99 86 8d 8e 5b 57 c9 d6  c6 b0 a0 21 09 e9 87 4c  |....[W.....!...L|
+00000100  27 f2 de e0 24 19 98 ea  3e 60 33 65 13 5e 5f 05  |'...$...>`3e.^_.|
+00000110  7b 16 78 d9 8d 2a 92 16  62 02 fc 27 ee 72 f4 2e  |{.x..*..b..'.r..|
+00000120  86 11 32 55 a2 9b b7 d3  3a 3b 87 be 28 8f 30 e7  |..2U....:;..(.0.|
+00000130  c7 ca 34 51 e5 3b 96 55  c1 d2 b2 b1 4e 84 85 0c  |..4Q.;.U....N...|
+00000140  df d9 25 3e 29 b8 56 4a  32 b7 45 1a b3 05 c1 d6  |..%>).VJ2.E.....|
+00000150  ca ac 13 74 59 b6 0d 03  14 f2 fa b7 05 c4 2f da  |...tY........./.|
+00000160  11 65 a4 89 06 c6 fd 2b  10 3c 13 3d 92 d5 6a 1c  |.e.....+.<.=..j.|
+00000170  c5 01 10 b5 1a 3d a0 a5  ea ef 11 74 8b 68 24 20  |.....=.....t.h$ |
+00000180  04 58 68 e4 e3 69 b7 12  03 f1 4c dd 78 65 04 58  |.Xh..i....L.xe.X|
+00000190  d9 85 45 39 d2 74 18 f7  5c b4 59 fc 08 fb e0 49  |..E9.t..\.Y....I|
+000001a0  c6 73 e0 0d 18 05 6a 84  95 03 11 ad 73 1d 45 d3  |.s....j.....s.E.|
+000001b0  d7 66 c9 14 14 f4 ed 39  a6 b2 bd 81 ac 23 c0 d9  |.f.....9.....#..|
+000001c0  ba 6a 82 16 75 2f c1 31  4f 83 25 ce 87 fb 23 97  |.j..u/.1O.%...#.|
+000001d0  a0 0d 7c c8 2d 35 ce a6  e8 76 65 cb 72 cc 95 fc  |..|.-5...ve.r...|
+000001e0  8c 65 eb f7 74 7f a6 fc  1e 03 05 cd dc 56 8d 3c  |.e..t........V.<|
+000001f0  09 0b 74 48 24 72 19 07  c0 c4 a3 32 28 15 33 45  |..tH$r.....2(.3E|
+00000200  ef c6 02 f2 8d bf 39 a9  b9 41 bd 99 77 be 36 67  |......9..A..w.6g|
+00000210  0e eb 62 2b fa cd c9 6e  b8 59 d8 f9 2b dd 09 1e  |..b+...n.Y..+...|
+00000220  4c 4a 90 e5 d4 4c 54 10  b9 f1 e3 5a 88 4b 3f 30  |LJ...LT....Z.K?0|
+00000230  c9 7c d5 be e5 b0 44 4f  bb 41 7a 83 e2 47 0c 73  |.|....DO.Az..G.s|
+00000240  28 b9 f2 c0 6c 28 0c 3c  3a cd 34 92 5c 13 f8 15  |(...l(.<:.4.\...|
+00000250  88 5b 02 fa 65 fd 1c b9  c0 cc 78 17 37 cc 53 50  |.[..e.....x.7.SP|
+00000260  0f 53 5e a0 fa 08 48 93  c2 4e 7d c1 f9 bb f7 6a  |.S^...H..N}....j|
+00000270  e0 0e 8b 14 1a 64 60 b6  67 3a 07 68 13 20 e1 8a  |.....d`.g:.h. ..|
+00000280  f2 7b 0d 25 c6 11 2f 9e  17 03 03 00 1e 1e a5 9c  |.{.%../.........|
+00000290  f5 56 23 e2 91 d8 e1 fd  da 88 04 24 b5 66 79 06  |.V#........$.fy.|
+000002a0  b2 3d e8 95 60 e1 86 2d  34 f4 c8 17 03 03 00 13  |.=..`..-4.......|
+000002b0  2a c7 60 04 0d 2f b5 d7  d2 c2 f9 15 bf 26 d7 84  |*.`../.......&..|
+000002c0  05 98 ee                                          |...|
diff --git a/testdata/Server-TLSv13-ClientAuthRequestedNotGiven b/testdata/Server-TLSv13-ClientAuthRequestedNotGiven
index b839c958..7a06770a 100644
--- a/testdata/Server-TLSv13-ClientAuthRequestedNotGiven
+++ b/testdata/Server-TLSv13-ClientAuthRequestedNotGiven
@@ -1,103 +1,105 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 ca 01 00 00  c6 03 03 4a ea 7e 77 82  |...........J.~w.|
-00000010  17 37 46 db 49 14 d2 41  e4 14 b0 46 20 9d 50 45  |.7F.I..A...F .PE|
-00000020  d1 75 08 82 2b 8d bc 9a  75 e3 71 20 ce 77 9a 79  |.u..+...u.q .w.y|
-00000030  98 24 bc 15 be ac 30 fe  66 35 ab 51 be bd b4 fa  |.$....0.f5.Q....|
-00000040  6f 53 1f e9 5f 54 58 75  ce 94 f9 47 00 04 13 01  |oS.._TXu...G....|
+00000000  16 03 01 00 ca 01 00 00  c6 03 03 00 69 af 00 d0  |............i...|
+00000010  54 e8 0e 25 4c 62 db 87  e1 af 15 9e cf 14 ac b6  |T..%Lb..........|
+00000020  ce 8c 5a 65 99 f3 c0 48  2e b6 00 20 c4 bf 7a 0b  |..Ze...H... ..z.|
+00000030  d8 da 4f 37 b8 12 7c ff  2e 1e ac 80 d4 32 77 0f  |..O7..|......2w.|
+00000040  92 8c b4 76 53 57 ba 7d  bb 15 78 c8 00 04 13 01  |...vSW.}..x.....|
 00000050  00 ff 01 00 00 79 00 0b  00 04 03 00 01 02 00 0a  |.....y..........|
 00000060  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 16  |................|
 00000070  00 00 00 17 00 00 00 0d  00 1e 00 1c 04 03 05 03  |................|
 00000080  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000090  08 06 04 01 05 01 06 01  00 2b 00 03 02 03 04 00  |.........+......|
-000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 e0  |-.....3.&.$... .|
-000000b0  64 7e 58 b6 e7 32 fc c9  d6 3e f7 e0 f5 6a 9c 3a  |d~X..2...>...j.:|
-000000c0  e6 8f 83 d7 1c 27 62 72  71 06 71 de 49 96 05     |.....'brq.q.I..|
+000000a0  2d 00 02 01 01 00 33 00  26 00 24 00 1d 00 20 30  |-.....3.&.$... 0|
+000000b0  a0 2a f8 e2 67 08 84 a8  c9 fc f8 de 0e fb 3c 0c  |.*..g.........<.|
+000000c0  59 10 2d 50 e9 cc d4 32  5c 86 e2 6e 0d ba 03     |Y.-P...2\..n...|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 7a 02 00 00  76 03 03 00 00 00 00 00  |....z...v.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 20 ce 77 9a 79  |........... .w.y|
-00000030  98 24 bc 15 be ac 30 fe  66 35 ab 51 be bd b4 fa  |.$....0.f5.Q....|
-00000040  6f 53 1f e9 5f 54 58 75  ce 94 f9 47 13 01 00 00  |oS.._TXu...G....|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 c4 bf 7a 0b  |........... ..z.|
+00000030  d8 da 4f 37 b8 12 7c ff  2e 1e ac 80 d4 32 77 0f  |..O7..|......2w.|
+00000040  92 8c b4 76 53 57 ba 7d  bb 15 78 c8 13 01 00 00  |...vSW.}..x.....|
 00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 2f  |..+.....3.$... /|
 00000060  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 00000070  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74 14  |.........._X.;t.|
-00000080  03 03 00 01 01 17 03 03  00 17 d0 8f 0a 7e 6c 33  |.............~l3|
-00000090  0b be 2a 24 0e fc af df  6e 7d ad 22 28 82 77 60  |..*$....n}."(.w`|
-000000a0  3d 17 03 03 00 3e 8f 87  8f f1 5a f6 6f eb eb d9  |=....>....Z.o...|
-000000b0  da aa fc 3c 6d ac 73 94  a3 13 5f fe 01 bb 75 eb  |...<m.s..._...u.|
-000000c0  ce d5 75 68 39 3c 0b 3c  5d ab 3f dc eb 6d 30 79  |..uh9<.<].?..m0y|
-000000d0  25 35 a8 2b 72 57 e4 9f  6f 4a 1e 03 74 eb 04 f9  |%5.+rW..oJ..t...|
-000000e0  c4 4f c1 46 17 03 03 02  6d 50 d5 4a 67 1e a7 43  |.O.F....mP.Jg..C|
-000000f0  50 f5 b9 55 8d 57 a3 0e  e4 b0 ae 6c 5b ca f9 d7  |P..U.W.....l[...|
-00000100  f7 22 34 92 72 76 a4 5b  c4 c7 0a 75 cc 97 0c 03  |."4.rv.[...u....|
-00000110  37 25 04 65 a6 fc da a8  fb 8c ef f1 25 d6 4b f6  |7%.e........%.K.|
-00000120  ed d5 80 2b 10 b2 0b 31  f5 33 d7 df a7 9b c7 6e  |...+...1.3.....n|
-00000130  52 f6 ed ac e0 20 1e f2  93 11 b7 bd b0 0d 5e 41  |R.... ........^A|
-00000140  be e4 b5 e4 a1 6d 21 45  27 1d 5e 65 fe 2c e9 f4  |.....m!E'.^e.,..|
-00000150  97 5c 45 5b 23 5a 8c dc  29 64 61 28 48 cf ae 3f  |.\E[#Z..)da(H..?|
-00000160  2c 21 b1 68 9e 09 74 76  77 65 f4 85 07 dc f3 0e  |,!.h..tvwe......|
-00000170  27 97 4d 60 47 35 31 13  92 15 90 f4 ca 24 84 6e  |'.M`G51......$.n|
-00000180  da 91 13 a3 37 54 4e 52  d4 9c 2f 82 6e 76 fd d7  |....7TNR../.nv..|
-00000190  81 29 fa 76 ac be 32 04  0d 7e d0 09 b0 47 ff 6d  |.).v..2..~...G.m|
-000001a0  37 32 6d 2c 8e d3 06 94  da 3f 20 87 56 f8 4a 2f  |72m,.....? .V.J/|
-000001b0  d6 75 4d 90 5c c1 e5 f6  82 c4 3c d9 da a2 95 0a  |.uM.\.....<.....|
-000001c0  4c 36 59 a9 10 50 a0 0d  61 06 4f 65 6e 64 bb 29  |L6Y..P..a.Oend.)|
-000001d0  42 9f 62 81 65 54 22 cb  4c a5 95 1b 2a 49 18 2f  |B.b.eT".L...*I./|
-000001e0  fc 54 b4 38 27 3f cf ab  b0 97 3e 17 8b ae 98 a0  |.T.8'?....>.....|
-000001f0  50 76 d6 79 39 e8 25 bc  3b d9 5a a4 a8 5e 08 6a  |Pv.y9.%.;.Z..^.j|
-00000200  1c 48 b1 11 f0 d9 b9 48  39 e1 23 db 41 8c bf bd  |.H.....H9.#.A...|
-00000210  20 27 7b 0c 89 10 1f b0  ae 70 18 9a 7f f2 b4 1d  | '{......p......|
-00000220  20 cd 6d 80 38 00 a4 33  de 22 ef f6 42 52 c7 66  | .m.8..3."..BR.f|
-00000230  83 4a 67 18 6b a6 38 27  d3 40 cf a2 a9 3e 58 06  |.Jg.k.8'.@...>X.|
-00000240  91 a7 36 08 29 10 4d 8f  1b f9 7c 5a 17 05 81 b9  |..6.).M...|Z....|
-00000250  4b 60 48 40 49 73 63 8a  ef 9f f2 9e 80 85 57 fa  |K`H@Isc.......W.|
-00000260  0a b8 72 83 f3 26 fa 07  ae d2 47 99 b5 a6 5d c5  |..r..&....G...].|
-00000270  1e b5 fc ea 0f 17 f8 ba  e2 5c 7d 59 70 53 2e 23  |.........\}YpS.#|
-00000280  f7 55 75 cb de 82 dc ca  b1 bf 3f 5f 7d 7d 92 3c  |.Uu.......?_}}.<|
-00000290  29 29 64 30 74 0a 01 0b  c0 95 db 45 fe 20 be 38  |))d0t......E. .8|
-000002a0  c5 87 b7 e4 a9 93 63 67  6b 9a 2f 24 9e 62 8f 1d  |......cgk./$.b..|
-000002b0  bd 8c 4a d4 b0 0f 95 2f  56 b2 1c e8 5a 58 81 2e  |..J..../V...ZX..|
-000002c0  b5 b5 b5 f2 1b 7f 6c 39  58 75 51 dc 83 2a 59 0b  |......l9XuQ..*Y.|
-000002d0  78 5e 22 7e af ee 59 af  b9 8f dc 65 97 af a5 b5  |x^"~..Y....e....|
-000002e0  b8 50 af 35 51 30 e7 0a  75 e2 d0 33 e2 fb f4 b1  |.P.5Q0..u..3....|
-000002f0  99 cd 5f 72 6b a9 f8 85  a1 a5 19 7e 2b 91 01 19  |.._rk......~+...|
-00000300  09 dd 88 6e a7 d6 54 57  cd ef d0 97 6a 68 d9 6e  |...n..TW....jh.n|
-00000310  52 38 ef a5 fa 84 63 70  f0 6d 64 ec 66 1a c9 b5  |R8....cp.md.f...|
-00000320  78 ba 17 74 f4 b4 2b a2  fe 9a 7f 38 b8 5e 8b 56  |x..t..+....8.^.V|
-00000330  a6 7b 2c 92 7f db 58 c8  fa f9 2d 6b 00 25 dc 0a  |.{,...X...-k.%..|
-00000340  aa 13 e8 40 f3 fd 47 23  f6 bf 1c 30 fc 91 18 95  |...@..G#...0....|
-00000350  ac a8 82 3d f5 ef 17 03  03 00 99 7e 30 4f f1 00  |...=.......~0O..|
-00000360  1e dd eb c6 54 d2 f5 f7  21 aa 6b b0 83 0c fa 8b  |....T...!.k.....|
-00000370  12 af ac 15 3e 54 b6 1c  85 9b 0c 80 02 d8 e3 5f  |....>T........._|
-00000380  36 57 64 fe 7a b8 31 d0  aa 59 f1 e6 af e0 27 c5  |6Wd.z.1..Y....'.|
-00000390  b8 d8 2f ab e0 cc c3 02  18 73 30 36 b5 2a 0d 12  |../......s06.*..|
-000003a0  a4 45 e6 c3 79 9f 54 cb  51 61 1a b8 aa 87 45 43  |.E..y.T.Qa....EC|
-000003b0  8e 93 58 66 f2 97 cb 3b  44 df ae 93 17 de 22 99  |..Xf...;D.....".|
-000003c0  3c b4 9d 21 a6 db 03 ce  7b fb 67 b9 6e fb ab 50  |<..!....{.g.n..P|
-000003d0  f8 33 9f 20 a0 fb e9 54  bb 62 16 19 d6 df 8c fe  |.3. ...T.b......|
-000003e0  3d 63 42 7c b0 72 2b 0d  87 1e f7 7d bb 59 ba f5  |=cB|.r+....}.Y..|
-000003f0  d6 e8 f3 57 17 03 03 00  35 9e 6f 39 92 2e 32 10  |...W....5.o9..2.|
-00000400  03 cd f0 28 2c 1a 32 77  19 c8 39 38 60 0c 28 b7  |...(,.2w..98`.(.|
-00000410  8c 3a d8 50 a1 44 e4 d6  c5 64 59 88 2d a4 23 c9  |.:.P.D...dY.-.#.|
-00000420  26 d1 96 0c c9 5d da 84  3e 8a 7d fe 80 77        |&....]..>.}..w|
+00000080  03 03 00 01 01 17 03 03  00 17 47 a8 92 ce cd bb  |..........G.....|
+00000090  b5 b2 f6 47 50 c3 e7 c4  44 59 20 07 13 9a ca 98  |...GP...DY .....|
+000000a0  f5 17 03 03 00 52 b6 9d  37 b2 ed bf 53 10 e2 28  |.....R..7...S..(|
+000000b0  09 25 e5 f1 f8 6d 10 99  f8 b0 b8 1d cd 5c 82 ff  |.%...m.......\..|
+000000c0  de fd 9d 8e 89 94 2e 7a  7f ed 30 80 7e f0 e5 ef  |.......z..0.~...|
+000000d0  13 06 7b cf 8f 91 c9 38  e0 77 52 80 0d 74 a2 28  |..{....8.wR..t.(|
+000000e0  a7 73 cd 06 df c4 7e 04  ad 6e e3 44 04 86 98 95  |.s....~..n.D....|
+000000f0  b7 2d 76 99 3e 8b cd 7c  17 03 03 02 6d cb e5 77  |.-v.>..|....m..w|
+00000100  58 3e c2 74 44 db 85 f8  54 12 02 89 8d 2b 8d 24  |X>.tD...T....+.$|
+00000110  2a c0 db 71 25 b8 23 a1  86 1a 09 66 8e 60 b9 58  |*..q%.#....f.`.X|
+00000120  40 0f 72 34 95 e2 6b 7c  76 8a 85 e5 dd cd be 0a  |@.r4..k|v.......|
+00000130  1f a3 13 42 aa 58 d7 95  0a 69 fc 60 5a 4d 17 db  |...B.X...i.`ZM..|
+00000140  19 59 d3 86 04 3e c2 1b  93 76 68 27 53 ae 07 af  |.Y...>...vh'S...|
+00000150  47 4e e6 03 b8 fe 8e c5  06 f1 84 54 0c e5 24 be  |GN.........T..$.|
+00000160  83 43 1f da 1e 3e 7e a3  2f 2f 4d bc cd e5 a5 b5  |.C...>~.//M.....|
+00000170  5d 66 e1 2a 9b 1e 76 6c  be e7 9d f7 ed c5 1b e9  |]f.*..vl........|
+00000180  91 39 18 30 22 b5 d8 71  66 4d 62 b8 6f 94 7f 5f  |.9.0"..qfMb.o.._|
+00000190  84 77 a2 b5 79 02 a1 44  6a 5c d2 39 c2 95 d6 8e  |.w..y..Dj\.9....|
+000001a0  49 36 91 97 2e 02 59 47  e8 fa 78 b9 a7 0e 41 f2  |I6....YG..x...A.|
+000001b0  df 92 44 7b 59 8f 9c e9  c8 1b 0a 15 cf 1a fe 5a  |..D{Y..........Z|
+000001c0  b2 5a 9d 9c b2 0b 1e 48  03 a9 2b 73 df 9f dd b2  |.Z.....H..+s....|
+000001d0  30 d1 ba bd 46 e6 50 30  ed e3 c5 f7 d8 96 d5 cc  |0...F.P0........|
+000001e0  d2 3a 39 3b f0 a1 f2 8e  29 c4 be e9 ee af cb 7b  |.:9;....)......{|
+000001f0  f6 7d c3 be 4e 20 6e 63  21 50 d5 34 9a b4 9c 7f  |.}..N nc!P.4....|
+00000200  95 22 15 e3 ad 12 c8 6a  9c 68 a3 c1 35 c1 e1 fa  |.".....j.h..5...|
+00000210  ce 15 ef 12 b5 50 5b d3  56 8a 24 b0 61 ca 67 1d  |.....P[.V.$.a.g.|
+00000220  60 12 b3 4b 42 6a 3d ba  ef 80 b1 b9 74 cf ba e0  |`..KBj=.....t...|
+00000230  95 5f 1a b9 c6 24 d7 c5  ec 96 3f 6c e8 13 39 66  |._...$....?l..9f|
+00000240  da e6 49 39 dc ca bc 2a  50 10 cf 51 fe d0 eb 80  |..I9...*P..Q....|
+00000250  9c 21 dc 9d ae 10 31 d6  9c 9b ac 3e d6 84 36 e6  |.!....1....>..6.|
+00000260  76 a1 d2 86 2a a0 2b d8  91 ba c3 f0 17 f7 7a 69  |v...*.+.......zi|
+00000270  0d d3 14 6f ca ba 33 d2  d0 2e 85 a9 d7 dc d2 4a  |...o..3........J|
+00000280  dc bf 88 68 73 4f b1 35  e0 36 3b ed bd f6 37 0b  |...hsO.5.6;...7.|
+00000290  07 32 a1 96 81 29 63 e1  38 4d 52 7c 5a d0 4c 6c  |.2...)c.8MR|Z.Ll|
+000002a0  dd 65 83 75 1d 9e bc e4  c8 e7 75 13 5f 71 11 87  |.e.u......u._q..|
+000002b0  ea 4b f3 ee d2 fd 38 2a  88 a6 35 e4 a8 63 77 0e  |.K....8*..5..cw.|
+000002c0  5f 57 ac a6 a2 e7 43 3c  79 1a 2d c9 1d 5f 65 22  |_W....C<y.-.._e"|
+000002d0  f1 c3 a3 17 79 ca ce 0e  6f e8 15 fb 73 dc 31 f8  |....y...o...s.1.|
+000002e0  99 79 fe d4 b1 e2 0d f1  4c a2 c6 02 51 27 ee cc  |.y......L...Q'..|
+000002f0  3c 8e 6b cf 01 82 b1 d6  f9 6e aa 98 4b 83 07 84  |<.k......n..K...|
+00000300  ef 49 4f ff a2 06 63 43  e1 2d 9e 1b c0 9c d9 60  |.IO...cC.-.....`|
+00000310  ce 68 de ea 22 d4 20 7f  7f 62 3a 7c bf 6c 55 a5  |.h..". ..b:|.lU.|
+00000320  31 5a 86 c4 59 75 28 d7  20 9d d6 1d 3c e4 15 00  |1Z..Yu(. ...<...|
+00000330  74 ad fb 26 3b 9f af 2e  20 5c a5 40 e1 24 fa e6  |t..&;... \.@.$..|
+00000340  f2 7d d3 29 69 0b 70 8a  6c 16 58 52 bd 32 a3 00  |.}.)i.p.l.XR.2..|
+00000350  23 e4 b5 a2 eb b6 71 56  1a 65 d5 26 db 83 55 aa  |#.....qV.e.&..U.|
+00000360  a9 1b 91 99 34 44 f9 1a  5e 2a 17 03 03 00 99 67  |....4D..^*.....g|
+00000370  bf c9 76 ba cc e9 e4 6e  5f f8 45 6f d6 b5 02 e8  |..v....n_.Eo....|
+00000380  b9 e3 05 44 14 be 6d cb  2f 84 8c ff 54 02 3b 06  |...D..m./...T.;.|
+00000390  cd 31 f0 c3 14 9f 68 a6  7c 05 1b 21 35 af fb 3c  |.1....h.|..!5..<|
+000003a0  4e ec c9 66 e8 20 04 8b  50 0a bc b5 6d 9a 52 b9  |N..f. ..P...m.R.|
+000003b0  e8 38 78 6b dc 22 41 e5  a9 82 3e bb 4b e7 35 e6  |.8xk."A...>.K.5.|
+000003c0  29 1d 3e ba a0 91 22 0a  8a aa a3 f8 9b eb 77 fe  |).>...".......w.|
+000003d0  19 ac 2e a7 29 ab 8f 61  91 af 09 b1 3b b3 4b 69  |....)..a....;.Ki|
+000003e0  e6 96 a3 05 46 db 28 9b  1d d0 79 71 3d 93 4e 66  |....F.(...yq=.Nf|
+000003f0  5d f4 22 38 91 a1 30 c5  c3 b7 72 fa e6 91 d8 a4  |]."8..0...r.....|
+00000400  e9 a0 47 cc 5a 87 5e 60  17 03 03 00 35 ce b7 6e  |..G.Z.^`....5..n|
+00000410  2c 11 dc d4 b8 e1 a4 4b  d8 d6 09 1e fe e3 d3 d3  |,......K........|
+00000420  52 be fc cc af 5d 73 45  db 1e 05 b6 b1 38 59 65  |R....]sE.....8Ye|
+00000430  df 72 6d 7b af b5 7a 3d  e1 8a 27 44 6e 72 25 04  |.rm{..z=..'Dnr%.|
+00000440  7c 61                                             ||a|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 19 87 49 99 a6 d9  |............I...|
-00000010  ed cd f7 7a 75 14 e1 26  41 d2 6e 5c 79 a6 be 7c  |...zu..&A.n\y..||
-00000020  5d 9d 44 36 17 03 03 00  35 1b 51 a9 b1 ce 11 ed  |].D6....5.Q.....|
-00000030  95 47 34 b9 3d 2f 6e 27  b2 e5 31 54 7f e3 8a 11  |.G4.=/n'..1T....|
-00000040  fd 54 75 2c b6 8a 56 25  00 29 a7 5f 7a 1e 16 be  |.Tu,..V%.)._z...|
-00000050  16 e3 86 3a 72 84 0e bc  40 ef fd ad 18 33        |...:r...@....3|
+00000000  14 03 03 00 01 01 17 03  03 00 19 01 ab 91 41 25  |..............A%|
+00000010  d3 52 97 b2 f8 4e 57 9d  c5 d3 7d 34 c4 c3 44 93  |.R...NW...}4..D.|
+00000020  79 a5 0c fe 17 03 03 00  35 ba 56 09 d8 9d 73 5e  |y.......5.V...s^|
+00000030  f4 f4 03 4d bf f7 e4 ab  cc 83 26 28 cc 68 78 91  |...M......&(.hx.|
+00000040  9f 6f f6 dc d5 34 e5 a5  e6 86 11 b3 71 89 70 25  |.o...4......q.p%|
+00000050  8c 83 79 b7 c8 56 92 1d  98 c7 35 cd bb 56        |..y..V....5..V|
 >>> Flow 4 (server to client)
-00000000  17 03 03 00 8b 69 2e 81  c4 4d 43 a6 1f 96 b7 8e  |.....i...MC.....|
-00000010  87 4a 9b be 48 3c 31 18  98 f4 8c 04 24 b2 52 96  |.J..H<1.....$.R.|
-00000020  04 b5 12 7c 54 37 83 6d  51 42 c6 52 f4 a5 bc d3  |...|T7.mQB.R....|
-00000030  d1 c8 29 ab 4f e4 02 da  74 ec 8e 13 ad 03 f3 e0  |..).O...t.......|
-00000040  7f 44 58 6b c7 28 a5 6a  75 30 b8 b1 31 38 fe ba  |.DXk.(.ju0..18..|
-00000050  e7 27 ae b3 e7 cb 5e 78  24 82 03 61 ba ae dd 4c  |.'....^x$..a...L|
-00000060  c6 7b f3 45 cf 6f a8 dc  7d 5d 73 65 db ae dc 10  |.{.E.o..}]se....|
-00000070  ff 32 dc 4c b4 5e dc ce  4c 34 37 83 a0 0c d5 20  |.2.L.^..L47.... |
-00000080  f1 f6 81 42 bc 63 65 47  80 d0 d6 f3 08 aa e2 58  |...B.ceG.......X|
-00000090  17 03 03 00 1e 85 84 f3  e4 0f a8 24 c0 fe fa 2c  |...........$...,|
-000000a0  8b 60 52 32 73 2b 95 e9  37 3d 1c bd 2f ee ff e2  |.`R2s+..7=../...|
-000000b0  70 13 df 17 03 03 00 13  65 2b 11 5f 50 7c 11 eb  |p.......e+._P|..|
-000000c0  3b 06 75 23 28 13 ca 4a  b5 fb dc                 |;.u#(..J...|
+00000000  17 03 03 00 8b eb fd 9e  19 36 7f 54 7f 9f 5a 6b  |.........6.T..Zk|
+00000010  31 0e e8 ca f3 40 7d 74  0d 82 6f 97 41 fb 15 52  |1....@}t..o.A..R|
+00000020  36 00 50 c3 c5 36 ea e3  8f ca 02 b1 de ed 61 8e  |6.P..6........a.|
+00000030  60 0a d8 cf 0a 7c 47 60  87 3f fa 00 6f 74 a8 42  |`....|G`.?..ot.B|
+00000040  c1 8d df f7 4d 7c ac c0  52 7c c9 21 5c 45 32 3f  |....M|..R|.!\E2?|
+00000050  42 0d 75 64 76 93 18 29  a1 50 06 36 94 bb 1e 52  |B.udv..).P.6...R|
+00000060  31 5b b7 32 9a b1 9f 59  30 8a da ff 93 4f c1 b3  |1[.2...Y0....O..|
+00000070  e9 8d f2 ec 4a 7b 01 51  5e a2 9b ea 8d a8 53 bd  |....J{.Q^.....S.|
+00000080  db 94 88 73 3b 9f da 77  a8 de 11 55 7b 06 0f c6  |...s;..w...U{...|
+00000090  17 03 03 00 1e 1b 76 21  ea fd a4 47 6e ec 6e 26  |......v!...Gn.n&|
+000000a0  00 3e fc 2f 87 8f 4e ee  08 58 e7 cc 46 aa b7 8c  |.>./..N..X..F...|
+000000b0  c1 5d dd 17 03 03 00 13  dd ed 88 b0 f5 e8 17 f1  |.]..............|
+000000c0  66 85 c4 f5 6b 47 7d 5f  19 21 7f                 |f...kG}_.!.|

From 82661695673ec0db29d023549117aed3e8f5352e Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 15 Mar 2025 15:12:39 +0100
Subject: [PATCH 47/95] crypto/tls: disable SHA-1 signature algorithms in TLS
 1.2

This implements RFC 9155 by removing support for SHA-1 algorithms:

  - we don't advertise them in ClientHello and CertificateRequest
    (where supportedSignatureAlgorithms is used directly)

  - we don't select them in our ServerKeyExchange and CertificateVerify
    (where supportedSignatureAlgorithms filters signatureSchemesForCertificate)

  - we reject them in the peer's ServerKeyExchange and CertificateVerify
    (where we check against the algorithms we advertised in ClientHello
    and CertificateRequest)

Fixes #72883

Change-Id: I6a6a4656e2aafd2c38cdd32090d3d8a9a8047818
Reviewed-on: https://go-review.googlesource.com/c/go/+/658216
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 auth.go                                       |   7 +-
 auth_test.go                                  |  42 +-
 bogo_config.json                              |   2 +
 defaults.go                                   |  20 +-
 handshake_client.go                           |   4 +
 handshake_server.go                           |   4 +
 key_agreement.go                              |   8 +
 testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA | 107 ++--
 testdata/Client-TLSv10-ClientCert-ECDSA-RSA   | 101 ++--
 testdata/Client-TLSv10-ClientCert-RSA-ECDSA   | 105 ++--
 testdata/Client-TLSv10-ClientCert-RSA-RSA     |  99 ++-
 testdata/Client-TLSv10-ECDHE-ECDSA-AES        |  85 ++-
 testdata/Client-TLSv10-ECDHE-RSA-AES          |  81 ++-
 testdata/Client-TLSv10-ExportKeyingMaterial   |  81 ++-
 testdata/Client-TLSv10-RSA-RC4                |  49 +-
 testdata/Client-TLSv11-ECDHE-ECDSA-AES        |  85 ++-
 testdata/Client-TLSv11-ECDHE-RSA-AES          |  81 ++-
 testdata/Client-TLSv11-RSA-RC4                |  49 +-
 testdata/Client-TLSv12-AES128-GCM-SHA256      |  53 +-
 testdata/Client-TLSv12-AES128-SHA256          |  67 +-
 testdata/Client-TLSv12-AES256-GCM-SHA384      |  53 +-
 testdata/Client-TLSv12-ALPN                   |  74 +--
 testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA | 115 ++--
 testdata/Client-TLSv12-ClientCert-ECDSA-RSA   |  99 ++-
 testdata/Client-TLSv12-ClientCert-Ed25519     |  83 ++-
 ...nt-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 |  95 ++-
 testdata/Client-TLSv12-ClientCert-RSA-ECDSA   | 111 ++--
 testdata/Client-TLSv12-ClientCert-RSA-RSA     |  95 ++-
 .../Client-TLSv12-ClientCert-RSA-RSAPKCS1v15  |  95 ++-
 testdata/Client-TLSv12-ClientCert-RSA-RSAPSS  |  93 ++-
 testdata/Client-TLSv12-ECDHE-ECDSA-AES        |  85 ++-
 testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM    |  75 ++-
 .../Client-TLSv12-ECDHE-ECDSA-AES128-SHA256   |  93 ++-
 ...lient-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 |  79 ++-
 ...lient-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 |  76 +--
 testdata/Client-TLSv12-ECDHE-RSA-AES          |  83 ++-
 .../Client-TLSv12-ECDHE-RSA-AES128-SHA256     |  91 ++-
 .../Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 |  74 +--
 testdata/Client-TLSv12-Ed25519                |  63 +-
 testdata/Client-TLSv12-ExportKeyingMaterial   |  73 ++-
 testdata/Client-TLSv12-P256-ECDHE             |  84 +--
 testdata/Client-TLSv12-RSA-RC4                |  49 +-
 testdata/Client-TLSv12-RenegotiateOnce        | 375 ++++++------
 testdata/Client-TLSv12-RenegotiateTwice       | 571 +++++++++---------
 .../Client-TLSv12-RenegotiateTwiceRejected    | 381 ++++++------
 testdata/Client-TLSv12-RenegotiationRejected  |  79 ++-
 testdata/Client-TLSv12-SCT                    |  71 ++-
 testdata/Client-TLSv12-X25519-ECDHE           |  76 +--
 testdata/Client-TLSv13-AES128-SHA256          | 157 +++--
 testdata/Client-TLSv13-AES256-SHA384          | 161 +++--
 testdata/Client-TLSv13-ALPN                   | 162 ++---
 testdata/Client-TLSv13-CHACHA20-SHA256        | 157 +++--
 testdata/Client-TLSv13-ClientCert-ECDSA-RSA   | 255 ++++----
 testdata/Client-TLSv13-ClientCert-Ed25519     | 221 ++++---
 testdata/Client-TLSv13-ClientCert-RSA-ECDSA   | 245 ++++----
 testdata/Client-TLSv13-ClientCert-RSA-RSAPSS  | 263 ++++----
 testdata/Client-TLSv13-ECDSA                  | 149 +++--
 testdata/Client-TLSv13-Ed25519                | 113 ++--
 testdata/Client-TLSv13-ExportKeyingMaterial   | 157 +++--
 testdata/Client-TLSv13-HelloRetryRequest      | 179 +++---
 testdata/Client-TLSv13-KeyUpdate              | 173 +++---
 testdata/Client-TLSv13-P256-ECDHE             | 162 ++---
 testdata/Client-TLSv13-X25519-ECDHE           | 156 ++---
 ...er-TLSv12-ClientAuthRequestedAndECDSAGiven |  80 +--
 ...-TLSv12-ClientAuthRequestedAndEd25519Given |  72 +--
 .../Server-TLSv12-ClientAuthRequestedAndGiven |  80 +--
 ...TLSv12-ClientAuthRequestedAndPKCS1v15Given |  80 +--
 .../Server-TLSv12-ClientAuthRequestedNotGiven |  62 +-
 68 files changed, 3805 insertions(+), 3800 deletions(-)

diff --git a/auth.go b/auth.go
index 7f072204..2d059668 100644
--- a/auth.go
+++ b/auth.go
@@ -219,7 +219,7 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 	}
 
 	// Filter out any unsupported signature algorithms, for example due to
-	// FIPS 140-3 policy, or any downstream changes to defaults.go.
+	// FIPS 140-3 policy, tlssha1=0, or any downstream changes to defaults.go.
 	supportedAlgs := supportedSignatureAlgorithms(version)
 	sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
 		return !isSupportedSignatureAlgorithm(sigAlg, supportedAlgs)
@@ -239,6 +239,11 @@ func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureSche
 	if len(peerAlgs) == 0 && vers == VersionTLS12 {
 		// For TLS 1.2, if the client didn't send signature_algorithms then we
 		// can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1.
+		// RFC 9155 made signature_algorithms mandatory in TLS 1.2, and we gated
+		// it behind the tlssha1 GODEBUG setting.
+		if tlssha1.Value() != "1" {
+			return 0, errors.New("tls: missing signature_algorithms from TLS 1.2 peer")
+		}
 		peerAlgs = []SignatureScheme{PKCS1WithSHA1, ECDSAWithSHA1}
 	}
 	// Pick signature scheme in the peer's preference order, as our
diff --git a/auth_test.go b/auth_test.go
index 616d9bab..727bdc4d 100644
--- a/auth_test.go
+++ b/auth_test.go
@@ -7,6 +7,7 @@ package tls
 import (
 	"crypto"
 	"crypto/tls/internal/fips140tls"
+	"os"
 	"testing"
 )
 
@@ -33,35 +34,41 @@ func TestSignatureSelection(t *testing.T) {
 		cert        *Certificate
 		peerSigAlgs []SignatureScheme
 		tlsVersion  uint16
+		godebug     string
 
 		expectedSigAlg  SignatureScheme
 		expectedSigType uint8
 		expectedHash    crypto.Hash
 	}{
-		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
-		{rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
-		{rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
-		{pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
-		{rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
-		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
-		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
-		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
-		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning},
-		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, Ed25519, signatureEd25519, directSigning},
+		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, "", PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
+		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, "tlssha1=1", PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
+		{rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, "", PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
+		{rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, "", PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
+		{pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, "", PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
+		{rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, "", PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
+		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PSSWithSHA384}, VersionTLS13, "", PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
+		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1, ECDSAWithP256AndSHA256}, VersionTLS12, "", ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
+		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, "tlssha1=1", ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
+		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, "", ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
+		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, "", ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
+		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, "", Ed25519, signatureEd25519, directSigning},
+		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, "", Ed25519, signatureEd25519, directSigning},
 
 		// TLS 1.2 without signature_algorithms extension
-		{rsaCert, nil, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
-		{ecdsaCert, nil, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
+		{rsaCert, nil, VersionTLS12, "tlssha1=1", PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
+		{ecdsaCert, nil, VersionTLS12, "tlssha1=1", ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
 
 		// TLS 1.2 does not restrict the ECDSA curve (our ecdsaCert is P-256)
-		{ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384},
+		{ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, "", ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384},
 	}
 
 	for testNo, test := range tests {
-		if fips140tls.Required() && (test.expectedHash == crypto.SHA1 || test.expectedSigAlg == Ed25519) {
+		if fips140tls.Required() && test.expectedHash == crypto.SHA1 {
 			t.Logf("skipping test[%d] - not compatible with TLS FIPS mode", testNo)
 			continue
 		}
+		savedGODEBUG := os.Getenv("GODEBUG")
+		os.Setenv("GODEBUG", savedGODEBUG+","+test.godebug)
 
 		sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
 		if err != nil {
@@ -80,6 +87,8 @@ func TestSignatureSelection(t *testing.T) {
 		if test.expectedHash != hashFunc {
 			t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc)
 		}
+
+		os.Setenv("GODEBUG", savedGODEBUG)
 	}
 
 	brokenCert := &Certificate{
@@ -116,6 +125,11 @@ func TestSignatureSelection(t *testing.T) {
 		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS13},
 		// The key can be too small for the hash.
 		{rsaCert, []SignatureScheme{PSSWithSHA512}, VersionTLS12},
+		// SHA-1 requires tlssha1=1
+		{rsaCert, []SignatureScheme{PKCS1WithSHA1}, VersionTLS12},
+		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12},
+		{rsaCert, nil, VersionTLS12},
+		{ecdsaCert, nil, VersionTLS12},
 	}
 
 	for testNo, test := range badTests {
diff --git a/bogo_config.json b/bogo_config.json
index 6d764daa..b88201a4 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -20,6 +20,8 @@
         "TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
         "TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
 
+        "ServerAuth-SHA1-Fallback*": "We don't ever support SHA-1 in TLS 1.2, so we fail if there are no signature_algorithms",
+
         "TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
         "TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
         "TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
diff --git a/defaults.go b/defaults.go
index 07986294..3aa1bc2e 100644
--- a/defaults.go
+++ b/defaults.go
@@ -24,11 +24,29 @@ func defaultCurvePreferences() []CurveID {
 	return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}
 }
 
+var tlssha1 = godebug.New("tlssha1")
+
 // defaultSupportedSignatureAlgorithms returns the signature and hash algorithms that
 // the code advertises and supports in a TLS 1.2+ ClientHello and in a TLS 1.2+
 // CertificateRequest. The two fields are merged to match with TLS 1.3.
 // Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
 func defaultSupportedSignatureAlgorithms() []SignatureScheme {
+	if tlssha1.Value() == "1" {
+		return []SignatureScheme{
+			PSSWithSHA256,
+			ECDSAWithP256AndSHA256,
+			Ed25519,
+			PSSWithSHA384,
+			PSSWithSHA512,
+			PKCS1WithSHA256,
+			PKCS1WithSHA384,
+			PKCS1WithSHA512,
+			ECDSAWithP384AndSHA384,
+			ECDSAWithP521AndSHA512,
+			PKCS1WithSHA1,
+			ECDSAWithSHA1,
+		}
+	}
 	return []SignatureScheme{
 		PSSWithSHA256,
 		ECDSAWithP256AndSHA256,
@@ -40,8 +58,6 @@ func defaultSupportedSignatureAlgorithms() []SignatureScheme {
 		PKCS1WithSHA512,
 		ECDSAWithP384AndSHA384,
 		ECDSAWithP521AndSHA512,
-		PKCS1WithSHA1,
-		ECDSAWithSHA1,
 	}
 }
 
diff --git a/handshake_client.go b/handshake_client.go
index 619b47af..2d3a2ef2 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -828,6 +828,10 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 			}
 			certVerify.hasSignatureAlgorithm = true
 			certVerify.signatureAlgorithm = signatureAlgorithm
+			if sigHash == crypto.SHA1 {
+				tlssha1.Value() // ensure godebug is initialized
+				tlssha1.IncNonDefault()
+			}
 		} else {
 			sigType, sigHash, err = legacyTypeAndHashFromPublicKey(key.Public())
 			if err != nil {
diff --git a/handshake_server.go b/handshake_server.go
index 522d3b62..6848407e 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -772,6 +772,10 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 			if err != nil {
 				return c.sendAlert(alertInternalError)
 			}
+			if sigHash == crypto.SHA1 {
+				tlssha1.Value() // ensure godebug is initialized
+				tlssha1.IncNonDefault()
+			}
 		} else {
 			sigType, sigHash, err = legacyTypeAndHashFromPublicKey(pub)
 			if err != nil {
diff --git a/key_agreement.go b/key_agreement.go
index d41bf435..3daa1aa4 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -215,6 +215,10 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 		if err != nil {
 			return nil, err
 		}
+		if sigHash == crypto.SHA1 {
+			tlssha1.Value() // ensure godebug is initialized
+			tlssha1.IncNonDefault()
+		}
 	} else {
 		sigType, sigHash, err = legacyTypeAndHashFromPublicKey(priv.Public())
 		if err != nil {
@@ -339,6 +343,10 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 		if err != nil {
 			return err
 		}
+		if sigHash == crypto.SHA1 {
+			tlssha1.Value() // ensure godebug is initialized
+			tlssha1.IncNonDefault()
+		}
 	} else {
 		sigType, sigHash, err = legacyTypeAndHashFromPublicKey(cert.PublicKey)
 		if err != nil {
diff --git a/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
index 1a973237..3bd86fd9 100644
--- a/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
+++ b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 5f db 69 f3 84  |....]...Y.._.i..|
-00000010  2a 34 27 ec 75 af b4 38  e7 d4 ec 19 70 1a 17 0e  |*4'.u..8....p...|
-00000020  4d 94 8f 93 b7 88 ba cf  60 be e3 20 10 53 38 8a  |M.......`.. .S8.|
-00000030  85 c2 1b 7d e3 21 e2 a8  6b 9f 34 dc c1 a0 38 3e  |...}.!..k.4...8>|
-00000040  66 81 bb c4 1c b8 c5 70  ce 28 81 bf c0 09 00 00  |f......p.(......|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 1a 76 c4 d5 b5  |....]...Y...v...|
+00000010  7e 30 1c 1e c3 62 8b 92  a8 19 9b 62 4e 36 a1 d3  |~0...b.....bN6..|
+00000020  c8 e3 55 f6 64 5f 06 aa  19 9a 48 20 24 a4 2d a9  |..U.d_....H $.-.|
+00000030  8a bd cf 4e 9b cf 7d c7  8e 8f e8 ed f5 09 37 ad  |...N..}.......7.|
+00000040  06 c9 6b a4 d5 de 7f 07  07 a6 9d c7 c0 09 00 00  |..k.............|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,20 +57,20 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 01  00 b4 0c 00 00 b0 03 00  |....*...........|
-00000280  1d 20 07 a5 80 41 74 22  47 af 5d 75 5e ae bd eb  |. ...At"G.]u^...|
-00000290  20 93 4c d3 d1 c6 d0 4b  f8 68 f4 58 fc 88 ca 2a  | .L....K.h.X...*|
-000002a0  8b 08 00 8a 30 81 87 02  41 68 37 4f 22 15 13 23  |....0...Ah7O"..#|
-000002b0  1b 03 6b f2 e1 8b bf 2a  88 4b 14 b3 85 58 ae 5a  |..k....*.K...X.Z|
-000002c0  11 14 9a a3 24 77 c6 a3  a2 8c 12 ae 5c 78 ec 26  |....$w......\x.&|
-000002d0  24 49 b0 57 30 4e 46 71  5b a8 c4 3f 26 09 85 14  |$I.W0NFq[..?&...|
-000002e0  48 3a 8c 4b bf c9 c0 24  1b c1 02 42 01 e1 92 35  |H:.K...$...B...5|
-000002f0  a7 1f 8e ae 3d 3d 0d 89  cc 94 a9 e5 1a 27 6b c1  |....==.......'k.|
-00000300  89 f8 8a 4c ad 8e 84 6f  65 e9 19 ce 99 73 10 4e  |...L...oe....s.N|
-00000310  61 2a 31 19 60 bd ac 37  20 9f 54 90 a5 e2 3a 79  |a*1.`..7 .T...:y|
-00000320  98 a4 1a b4 30 2b 9f 08  86 41 ac f1 4e d7 16 03  |....0+...A..N...|
-00000330  01 00 0a 0d 00 00 06 03  01 02 40 00 00 16 03 01  |..........@.....|
-00000340  00 04 0e 00 00 00                                 |......|
+00000270  95 12 07 8f 2a 16 03 01  00 b5 0c 00 00 b1 03 00  |....*...........|
+00000280  1d 20 3e 61 33 da 82 02  f5 6d 70 2d e5 07 df 43  |. >a3....mp-...C|
+00000290  d7 e6 1a b2 81 3e 58 03  dc 27 37 34 3b 2e 5a d5  |.....>X..'74;.Z.|
+000002a0  d4 1a 00 8b 30 81 88 02  42 00 8b 0c f4 0f fe 8c  |....0...B.......|
+000002b0  01 70 3a c5 e5 29 53 1c  ad 6c f4 35 53 e3 e6 ce  |.p:..)S..l.5S...|
+000002c0  19 21 03 de f5 e3 df 8e  e5 6b 43 00 08 b7 24 2c  |.!.......kC...$,|
+000002d0  27 9e 2b bc 2f 96 07 a0  f9 a9 6b d4 b7 75 a8 5d  |'.+./.....k..u.]|
+000002e0  99 13 ab 5a dd 35 56 08  6d 9c a1 02 42 01 29 62  |...Z.5V.m...B.)b|
+000002f0  b9 64 8b 6d 91 b7 f5 59  73 9d 2d bc 9d 9a 5b 43  |.d.m...Ys.-...[C|
+00000300  d8 d5 76 be 2a 8f c5 f0  2e 5d a8 be 7b d0 36 fe  |..v.*....]..{.6.|
+00000310  62 97 7f 17 96 f6 c3 b4  06 2a e2 cb 77 80 ff 28  |b........*..w..(|
+00000320  02 64 cb bb c7 a9 77 4b  96 7d 07 11 7e e8 28 16  |.d....wK.}..~.(.|
+00000330  03 01 00 0a 0d 00 00 06  03 01 02 40 00 00 16 03  |...........@....|
+00000340  01 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 01 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
 00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
@@ -108,30 +107,30 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 8f 0f 00  |...._X.;t.......|
-00000240  00 8b 00 89 30 81 86 02  41 7c e1 65 0a 33 fc 66  |....0...A|.e.3.f|
-00000250  85 e8 a7 9d a8 e0 12 1e  8c fa 53 00 2a 1b 70 dc  |..........S.*.p.|
-00000260  00 ba 15 e9 b2 fa 95 b1  c2 36 b6 a4 dd 4c 6c c2  |.........6...Ll.|
-00000270  d9 11 cb 12 90 c2 1e ea  7f 4c e4 94 3a a4 c6 ba  |.........L..:...|
-00000280  66 3d b9 fa 3a af 0b 74  e5 1e 02 41 30 b2 11 4f  |f=..:..t...A0..O|
-00000290  f5 06 97 76 2d c9 7c 95  df 44 ba fe 81 2d f4 3f  |...v-.|..D...-.?|
-000002a0  e0 25 81 16 90 80 60 7b  bd 88 14 b3 a4 ef 63 21  |.%....`{......c!|
-000002b0  46 0c 15 a3 bd 1a 4d 3d  fd a2 d7 3a ff bd 15 94  |F.....M=...:....|
-000002c0  40 60 d8 42 14 41 18 7e  55 ab 71 a7 9c 14 03 01  |@`.B.A.~U.q.....|
-000002d0  00 01 01 16 03 01 00 30  3d 4f 1e dd 66 64 5a c2  |.......0=O..fdZ.|
-000002e0  bc 12 e9 63 d8 95 34 7c  6c 93 66 c6 12 54 5c d0  |...c..4|l.f..T\.|
-000002f0  2b 2a 7e 20 4f fc 62 19  5d be 55 1f 82 8a 6c 9b  |+*~ O.b.].U...l.|
-00000300  85 7c b8 db 29 65 d7 7b                           |.|..)e.{|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 90 0f 00  |...._X.;t.......|
+00000240  00 8c 00 8a 30 81 87 02  41 46 5f cc 88 bc 2b e5  |....0...AF_...+.|
+00000250  20 33 a9 ff 52 bb 25 dc  cf a1 08 45 b5 82 9a 1b  | 3..R.%....E....|
+00000260  53 04 18 b4 23 20 c4 d2  d8 92 9b 21 a7 ec 36 d6  |S...# .....!..6.|
+00000270  63 35 68 4c 21 c4 0e 20  07 0c 8f 38 2f 9b b7 9e  |c5hL!.. ...8/...|
+00000280  e7 9d 6d ea da 1c a6 f1  c5 d3 02 42 01 ed 54 c8  |..m........B..T.|
+00000290  9e b2 45 f1 1f 77 ee e3  a7 3a 40 9b fe 9b 1d 38  |..E..w...:@....8|
+000002a0  ff 9b b4 c6 e7 94 07 b8  5f 93 bd 38 8d 31 dd 80  |........_..8.1..|
+000002b0  2f 82 6e b5 85 8f 15 8b  cd b2 04 81 e2 0b 2a fa  |/.n...........*.|
+000002c0  d9 4b 47 0b 86 26 8b 4e  83 a6 15 9e 93 15 14 03  |.KG..&.N........|
+000002d0  01 00 01 01 16 03 01 00  30 f3 06 0e 6f 16 1b 0b  |........0...o...|
+000002e0  46 54 37 fd c6 80 0f ec  4b dd d7 d4 17 b2 d7 8d  |FT7.....K.......|
+000002f0  4e 6a 7f 2a af d2 ea 19  11 8f 23 57 b7 e7 2f b3  |Nj.*......#W../.|
+00000300  97 f6 93 3f ac 0d 5c f8  f5                       |...?..\..|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 1c 42 dd c3 b4  |..........0.B...|
-00000010  9e e8 53 fa 2f 12 1c 80  89 97 ec 99 aa 75 04 e4  |..S./........u..|
-00000020  19 b9 7f 7f e5 61 53 8e  3f a5 1d 1a cb 02 8a 7a  |.....aS.?......z|
-00000030  f3 26 77 2d a0 23 c5 41  e1 fe 5c                 |.&w-.#.A..\|
+00000000  14 03 01 00 01 01 16 03  01 00 30 03 aa a1 4c bf  |..........0...L.|
+00000010  ab 53 f3 96 e7 db b1 a4  d7 19 f7 2f c0 b7 32 ea  |.S........./..2.|
+00000020  bd f3 4a 7c 0d 4c df a4  5f a0 3d f3 1b 57 65 a1  |..J|.L.._.=..We.|
+00000030  d1 31 ae 52 6e ed 15 d2  d9 23 68                 |.1.Rn....#h|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 6f 19 91  24 21 15 50 56 db 29 4f  |.... o..$!.PV.)O|
-00000010  0c e5 d7 85 02 7b dc 76  4f ac ac a1 7d d3 02 07  |.....{.vO...}...|
-00000020  ca c2 1d e0 f5 17 03 01  00 20 f2 f4 da dc e9 c7  |......... ......|
-00000030  c3 60 af d9 7e a4 5f be  80 1d fe a1 ef 98 22 dd  |.`..~._.......".|
-00000040  8f 93 06 22 c3 a2 b1 ed  48 5e 15 03 01 00 20 6b  |..."....H^.... k|
-00000050  2b 7e 37 08 37 21 4e 80  6f 10 e8 d9 30 56 22 aa  |+~7.7!N.o...0V".|
-00000060  f6 c7 fe 33 69 b6 12 f1  11 83 14 12 b5 73 35     |...3i........s5|
+00000000  17 03 01 00 20 aa 0c f4  30 17 b7 59 47 33 91 07  |.... ...0..YG3..|
+00000010  cc 52 7b 52 f8 a0 82 44  25 03 0e b4 45 6e 0c 5a  |.R{R...D%...En.Z|
+00000020  37 6d d6 6d 80 17 03 01  00 20 bc c7 70 3b 94 cc  |7m.m..... ..p;..|
+00000030  09 db 15 84 d8 b9 c5 cf  d6 01 91 93 5b 20 5a b1  |............[ Z.|
+00000040  6a 43 23 30 7e 02 ea 8b  e0 28 15 03 01 00 20 c2  |jC#0~....(.... .|
+00000050  7f c9 90 b3 ef c6 52 68  44 df 05 30 17 39 d9 42  |......RhD..0.9.B|
+00000060  76 7a 1d a1 17 2b fa b4  92 ca 40 a9 58 d4 87     |vz...+....@.X..|
diff --git a/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
index a63734b6..de3de89c 100644
--- a/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
+++ b/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 f6 fc 17 31 02  |....]...Y.....1.|
-00000010  7c 2a e4 6d 3a e7 ae a0  d9 a5 4e 59 88 a6 9c 09  ||*.m:.....NY....|
-00000020  ed 6b a1 6d fb 80 03 72  14 63 93 20 47 4b 39 ed  |.k.m...r.c. GK9.|
-00000030  48 93 f6 9e 80 e0 2a d7  75 30 81 47 b6 94 7a 75  |H.....*.u0.G..zu|
-00000040  1d 29 1f 4a fc 69 5f 92  7f d4 5f dc c0 13 00 00  |.).J.i_..._.....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 fc 68 73 9f 1a  |....]...Y...hs..|
+00000010  9d 3b 9b f9 10 cf b5 84  b9 31 f4 a8 e9 47 ab 33  |.;.......1...G.3|
+00000020  55 42 0b c0 f2 8e fa e7  a0 39 55 20 56 cd 87 f6  |UB.......9U V...|
+00000030  05 e0 b1 e9 aa b8 b2 ca  33 9d 46 02 fd d8 f0 11  |........3.F.....|
+00000040  0e fc 96 7e b4 fa fc c2  f3 da c4 2b c0 13 00 00  |...~.......+....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,17 +62,17 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 2b b0 b2  |............ +..|
-000002d0  f5 17 4b 53 12 c2 b0 12  dc 16 c3 ff 62 b4 18 d9  |..KS........b...|
-000002e0  7f 1a ef e5 a8 b2 98 ea  aa a7 4f 61 01 00 80 2a  |..........Oa...*|
-000002f0  20 54 cc 3b a3 8e f5 db  04 fa 09 7b b1 bf 8a 79  | T.;.......{...y|
-00000300  25 e9 7b 5f 13 0a 3a 23  32 c9 60 90 7c 02 0e 7d  |%.{_..:#2.`.|..}|
-00000310  7f 88 8f 79 73 f7 c8 7c  fe c6 88 d1 d2 c8 88 53  |...ys..|.......S|
-00000320  0f c4 f9 e3 61 28 9d 56  f3 84 eb 88 99 b6 8e a9  |....a(.V........|
-00000330  e4 72 ec 01 a3 81 61 97  45 ab 90 cd 2a 50 a4 68  |.r....a.E...*P.h|
-00000340  35 09 9f d8 99 54 bd 9f  af 6e 63 77 2b 00 a1 e3  |5....T...ncw+...|
-00000350  d6 f8 ab 08 39 3f df 42  55 4c f7 58 69 e8 db 76  |....9?.BUL.Xi..v|
-00000360  43 24 37 5b 65 2c 17 80  c9 c1 50 ba 76 06 71 16  |C$7[e,....P.v.q.|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 74 0e 72  |............ t.r|
+000002d0  d9 71 10 de 9b f7 59 f0  c0 a2 b9 35 68 6a 3d f3  |.q....Y....5hj=.|
+000002e0  27 fb 13 3d a1 c0 4c f6  17 9b f1 25 50 00 80 c2  |'..=..L....%P...|
+000002f0  20 fd 4f 8b c9 6a fc 97  61 9d b3 b0 1d 2d 9a 2f  | .O..j..a....-./|
+00000300  90 15 44 a7 04 01 0b 6f  a9 47 5d a1 46 aa 30 f1  |..D....o.G].F.0.|
+00000310  5f 9b db 4d 8d 7a a4 99  3f 5c cb 4a ff 0a 49 b1  |_..M.z..?\.J..I.|
+00000320  fc df 0a f7 31 90 a9 98  cd da 8c 49 a5 1f 0f c7  |....1......I....|
+00000330  48 63 ee ff a8 fb 07 0a  fe e1 d7 1b ed b3 3f ce  |Hc............?.|
+00000340  39 ef bb 50 e9 a0 f4 c1  6f a6 7e 5b c8 36 1a 76  |9..P....o.~[.6.v|
+00000350  c8 00 3b e2 04 98 88 f1  fa 56 34 8f 02 86 0a 8e  |..;......V4.....|
+00000360  29 4f eb 70 fb 2f 21 ed  8d fa a9 91 66 c9 c0 16  |)O.p./!.....f...|
 00000370  03 01 00 0a 0d 00 00 06  03 01 02 40 00 00 16 03  |...........@....|
 00000380  01 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
@@ -112,30 +111,30 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 90 0f 00  |...._X.;t.......|
-00000240  00 8c 00 8a 30 81 87 02  41 0d b5 15 00 c4 b1 af  |....0...A.......|
-00000250  33 ea 88 c2 cc 9a 1c 16  3d a0 15 bf 20 ef b2 28  |3.......=... ..(|
-00000260  de 8b 36 b4 3a 2f df 8b  b4 7e 3b a4 ad c1 04 32  |..6.:/...~;....2|
-00000270  56 6c 8f 07 ab 3c dc d7  6f 66 41 96 bc 74 e9 4a  |Vl...<..ofA..t.J|
-00000280  55 00 c4 32 df 22 26 6b  98 0d 02 42 01 67 6e 97  |U..2."&k...B.gn.|
-00000290  8b 55 e8 57 74 d8 2e c5  a4 25 1a b6 08 a5 b1 f0  |.U.Wt....%......|
-000002a0  99 26 9c 24 b3 02 82 55  0d d9 3a 13 55 f1 cb cc  |.&.$...U..:.U...|
-000002b0  84 fd b7 5d 82 dd 26 d4  c6 4c 4a 27 ae 08 e7 57  |...]..&..LJ'...W|
-000002c0  74 a3 91 b9 6c f6 50 bb  d9 34 e5 4b c2 66 14 03  |t...l.P..4.K.f..|
-000002d0  01 00 01 01 16 03 01 00  30 be 86 48 b8 3d f0 1e  |........0..H.=..|
-000002e0  b7 58 d4 b6 54 88 b4 57  1d 7d 5c 3f 17 ff 41 6f  |.X..T..W.}\?..Ao|
-000002f0  a4 60 57 21 86 bb 77 d9  dd af 96 fb eb c8 b0 86  |.`W!..w.........|
-00000300  18 e2 00 4a 1b 92 67 75  5a                       |...J..guZ|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 91 0f 00  |...._X.;t.......|
+00000240  00 8d 00 8b 30 81 88 02  42 00 88 3e 14 10 fa b5  |....0...B..>....|
+00000250  65 d8 03 71 7e b7 44 a5  db 04 85 d2 f4 5d c5 de  |e..q~.D......]..|
+00000260  71 e4 f9 ad 5e 47 6c 83  eb 6a 2b fc 8d 60 6b 1b  |q...^Gl..j+..`k.|
+00000270  55 89 7b 03 60 fb 9c b2  b1 42 ef 02 63 29 59 03  |U.{.`....B..c)Y.|
+00000280  02 a8 48 4d 9a 3d f3 e9  6b ac 76 02 42 01 90 36  |..HM.=..k.v.B..6|
+00000290  5d d0 ec dd 76 75 0c 97  66 7f 10 ec 1d 39 5e bb  |]...vu..f....9^.|
+000002a0  2c 81 9e 15 fa 59 3f e8  77 3f 33 03 b6 2d 02 5a  |,....Y?.w?3..-.Z|
+000002b0  28 82 53 7a 18 69 29 5b  d9 7d ce 4f 94 d9 69 29  |(.Sz.i)[.}.O..i)|
+000002c0  b2 84 87 4a 15 47 c6 da  6f c3 df ca 8a 58 0b 14  |...J.G..o....X..|
+000002d0  03 01 00 01 01 16 03 01  00 30 89 15 96 15 9d 93  |.........0......|
+000002e0  e3 ae 94 14 f9 ea 39 d7  3b d6 98 e1 ed c8 0a 3f  |......9.;......?|
+000002f0  6f 2c a2 9b cd c5 ea 1a  1f 27 89 1a 7d ff 60 07  |o,.......'..}.`.|
+00000300  22 1f bc b8 56 3a ee 24  5a ff                    |"...V:.$Z.|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 81 55 c5 00 ab  |..........0.U...|
-00000010  7e 16 3e 35 25 2a 86 0d  bf 69 17 1f e7 13 fd 6c  |~.>5%*...i.....l|
-00000020  a7 3e 63 e6 23 57 1e 63  ca 1f 1a ea 76 df c1 9e  |.>c.#W.c....v...|
-00000030  c9 ee fc 23 8a ec e0 e9  78 38 cb                 |...#....x8.|
+00000000  14 03 01 00 01 01 16 03  01 00 30 bf 0c 82 bd 43  |..........0....C|
+00000010  ba 60 ec df 88 4d 48 be  d5 c4 0c b5 7d c4 94 c4  |.`...MH.....}...|
+00000020  15 6e 50 45 77 56 ce d5  e0 4c 15 fc da 96 0b 41  |.nPEwV...L.....A|
+00000030  fd 70 39 e9 33 3f 57 77  f5 a3 67                 |.p9.3?Ww..g|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 6f 5c 74  f2 48 38 66 86 fe 54 d9  |.... o\t.H8f..T.|
-00000010  69 ec a9 91 d4 4d 07 98  7d df 19 1f fd ec c2 d5  |i....M..}.......|
-00000020  b5 49 a7 0a 05 17 03 01  00 20 62 0d 0e 63 82 cf  |.I....... b..c..|
-00000030  74 e1 eb dd 2f 4f 05 92  7a 08 34 ff 84 6e 13 7f  |t.../O..z.4..n..|
-00000040  21 cb f6 92 c4 d1 4d 49  31 9f 15 03 01 00 20 f1  |!.....MI1..... .|
-00000050  53 aa 8e 29 2c 58 3a 9b  c3 a1 dc 85 ce d1 70 c3  |S..),X:.......p.|
-00000060  06 53 1d 66 4d 51 a5 33  4c 53 41 e8 ac 1b 10     |.S.fMQ.3LSA....|
+00000000  17 03 01 00 20 50 1e 02  79 6b 4b 67 77 bb c0 a7  |.... P..ykKgw...|
+00000010  ef 5a c1 cc bc 28 14 86  2c 83 4f 3f 34 97 c4 73  |.Z...(..,.O?4..s|
+00000020  24 44 ad 59 8c 17 03 01  00 20 e3 52 89 d7 d1 9a  |$D.Y..... .R....|
+00000030  33 21 78 e4 41 36 b1 11  74 c0 73 fb ea c9 42 88  |3!x.A6..t.s...B.|
+00000040  7f 71 ea 40 a0 3a 62 54  dc b7 15 03 01 00 20 4a  |.q.@.:bT...... J|
+00000050  ff f4 c6 c0 5f fd e2 b3  bd 4a a9 aa 19 64 2d 98  |...._....J...d-.|
+00000060  f1 ea 56 4e 3a c9 1c be  8d fb c3 6c 2f 98 ff     |..VN:......l/..|
diff --git a/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
index 8f1ff3f1..8ce1bad1 100644
--- a/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 79 7e 8c 72 46  |....]...Y..y~.rF|
-00000010  e6 1a d5 db 83 07 37 34  cf f5 84 39 87 af 5f 23  |......74...9.._#|
-00000020  47 f9 e2 9d c0 76 e8 6a  7e 88 9c 20 a3 c7 5b 94  |G....v.j~.. ..[.|
-00000030  8f 63 f2 ac 89 b5 ed ee  e0 8f 87 be 2a 3e f1 6c  |.c..........*>.l|
-00000040  2f ca cc d0 ee 22 4c a9  ed 03 5e 18 c0 09 00 00  |/...."L...^.....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 ef c9 5c 4d 29  |....]...Y....\M)|
+00000010  07 24 2a 41 08 94 39 cc  d3 fb 92 88 1c ff 64 6b  |.$*A..9.......dk|
+00000020  0a 14 41 89 c6 5d 9b 25  7e a7 04 20 a0 aa ad 46  |..A..].%~.. ...F|
+00000030  14 01 d2 dd 37 44 05 4b  1d 9f ea e5 98 29 1e 36  |....7D.K.....).6|
+00000040  09 e2 ab 90 93 ee c1 99  7d 17 77 9b c0 09 00 00  |........}.w.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,20 +57,20 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 01  00 b3 0c 00 00 af 03 00  |....*...........|
-00000280  1d 20 37 50 ab 46 a8 24  be 20 fd 71 c2 8d 91 a0  |. 7P.F.$. .q....|
-00000290  88 88 0b 18 f5 ec 43 99  cb 63 45 9c ad b4 27 20  |......C..cE...' |
-000002a0  0d 11 00 89 30 81 86 02  41 35 1d fa 6c 1b a1 b4  |....0...A5..l...|
-000002b0  bc 5f 4d a6 77 64 8d e1  92 94 97 53 c5 01 c2 bb  |._M.wd.....S....|
-000002c0  5c 83 f0 c2 6d 6d d1 1f  ff 7a 00 06 4a a0 de c0  |\...mm...z..J...|
-000002d0  aa a1 9f 6d f6 62 20 d0  08 1e 5b bc 1d af 03 45  |...m.b ...[....E|
-000002e0  d5 70 8b ee d8 a8 ff 3e  2b 7d 02 41 28 ff 3e 45  |.p.....>+}.A(.>E|
-000002f0  7f ec c1 87 df dd 14 8b  64 08 84 02 2b de ff 14  |........d...+...|
-00000300  b9 6f 54 72 b1 a2 99 47  55 2d 76 91 77 ba 4f db  |.oTr...GU-v.w.O.|
-00000310  a3 4c ab 21 62 48 3a 8d  f7 32 57 12 dc 6c a9 51  |.L.!bH:..2W..l.Q|
-00000320  77 cc b3 30 1f e9 41 bf  0b b3 4b a5 e4 16 03 01  |w..0..A...K.....|
-00000330  00 0a 0d 00 00 06 03 01  02 40 00 00 16 03 01 00  |.........@......|
-00000340  04 0e 00 00 00                                    |.....|
+00000270  95 12 07 8f 2a 16 03 01  00 b4 0c 00 00 b0 03 00  |....*...........|
+00000280  1d 20 a4 4e 43 df 00 5c  c7 1c e8 d4 8e 9b cf b0  |. .NC..\........|
+00000290  36 85 64 7c d7 69 95 c0  b4 6f d8 0b 45 b8 a4 34  |6.d|.i...o..E..4|
+000002a0  1a 18 00 8a 30 81 87 02  42 01 d0 4a 3f 65 9d 46  |....0...B..J?e.F|
+000002b0  20 80 34 28 12 93 56 6e  dc e4 0e 91 0b 45 4b 83  | .4(..Vn.....EK.|
+000002c0  c5 e9 83 2c 41 d6 dc 49  15 15 e6 65 9f 18 ba a6  |...,A..I...e....|
+000002d0  20 a6 de c7 20 7e 09 71  e6 59 86 9e aa 32 be 43  | ... ~.q.Y...2.C|
+000002e0  b7 c3 27 98 ba 5b 49 9b  1d b9 67 02 41 4e 36 0e  |..'..[I...g.AN6.|
+000002f0  6d 29 c8 7d 0b d9 6f 06  92 ca 0b b9 33 7e 11 58  |m).}..o.....3~.X|
+00000300  2f cc 06 ae ad 57 80 f4  38 a1 8a e3 6a ef 37 86  |/....W..8...j.7.|
+00000310  58 1a 59 f9 4a 9a 64 89  5b 7c 8a 7a c5 78 dd b5  |X.Y.J.d.[|.z.x..|
+00000320  6c 96 b8 23 ff fc 88 20  59 0b e9 74 99 b9 16 03  |l..#... Y..t....|
+00000330  01 00 0a 0d 00 00 06 03  01 02 40 00 00 16 03 01  |..........@.....|
+00000340  00 04 0e 00 00 00                                 |......|
 >>> Flow 3 (client to server)
 00000000  16 03 01 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -108,29 +107,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 22  5d 5b 59 98 4a a8 53 6b  |......."][Y.J.Sk|
-00000240  78 1d 8f 51 a1 23 6a 87  fb 9d 79 5c 63 9d dc 61  |x..Q.#j...y\c..a|
-00000250  13 9f a1 36 f9 fa ec a0  6f 47 11 d6 7c 8f a4 81  |...6....oG..|...|
-00000260  fb f1 31 59 11 6c 8e 83  1c 56 3b 03 b4 a9 e0 09  |..1Y.l...V;.....|
-00000270  aa 04 c4 d1 7a c5 28 03  ae ce fe a0 95 1b 8c 5c  |....z.(........\|
-00000280  65 32 ca f0 d5 43 fc 9b  e0 8e ca 80 f3 e0 5f 8d  |e2...C........_.|
-00000290  6d 91 ff f2 4b 7b a7 38  64 dd e8 a8 d8 1f 95 31  |m...K{.8d......1|
-000002a0  04 a9 6c 72 45 9c 0d a3  80 60 8e 20 8a af f7 ae  |..lrE....`. ....|
-000002b0  87 10 26 51 0e a5 e8 14  03 01 00 01 01 16 03 01  |..&Q............|
-000002c0  00 30 46 9b a2 75 16 a9  c2 ac d7 47 ca 41 48 bd  |.0F..u.....G.AH.|
-000002d0  2c 3d 56 e3 a4 21 a6 c0  d8 71 6d fb 4a c6 9a a1  |,=V..!...qm.J...|
-000002e0  88 db a5 70 58 e0 e3 5a  c7 62 d1 d4 0f 4b c6 55  |...pX..Z.b...K.U|
-000002f0  0c aa                                             |..|
+00000230  86 0f 00 00 82 00 80 a4  68 2d 1f 8a 97 43 76 aa  |........h-...Cv.|
+00000240  f9 24 95 20 62 13 c0 a3  45 c6 18 1c a3 34 70 02  |.$. b...E....4p.|
+00000250  ff f5 01 4e ba e2 20 1c  f9 06 a6 67 92 d9 e6 9d  |...N.. ....g....|
+00000260  a3 49 e0 75 3e 11 00 74  52 b1 36 58 4b 1e 54 83  |.I.u>..tR.6XK.T.|
+00000270  e0 9a 48 4d df 2c ab fd  cd 5e 7a cf c9 b8 32 08  |..HM.,...^z...2.|
+00000280  74 e6 ae 75 20 f4 41 3a  7c a9 a3 19 38 a0 8d 05  |t..u .A:|...8...|
+00000290  0a e9 3e 50 6c f6 f8 a3  89 a9 55 ea dc 3f be b1  |..>Pl.....U..?..|
+000002a0  0a 92 83 cc f0 9b c9 e1  49 13 db 64 be 55 46 b5  |........I..d.UF.|
+000002b0  12 b1 0b 88 32 e3 f1 14  03 01 00 01 01 16 03 01  |....2...........|
+000002c0  00 30 81 77 0f 6c 7a bc  a8 d2 41 f9 8b a7 da 96  |.0.w.lz...A.....|
+000002d0  29 f1 2f b1 31 f3 57 03  09 21 5c fa dc f7 5c f6  |)./.1.W..!\...\.|
+000002e0  7f a8 24 08 30 70 bb 34  16 22 f8 c6 b2 4d a7 16  |..$.0p.4."...M..|
+000002f0  68 61                                             |ha|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 6b ab 63 56 79  |..........0k.cVy|
-00000010  32 ef f9 df c5 36 29 50  f5 1d 55 c2 4b 84 f5 68  |2....6)P..U.K..h|
-00000020  b0 d8 7d 7d 80 24 e2 5d  b9 0f 66 25 4e 50 21 08  |..}}.$.]..f%NP!.|
-00000030  a3 15 de 0e 04 ef 86 d6  04 2e 9b                 |...........|
+00000000  14 03 01 00 01 01 16 03  01 00 30 71 d2 ee cd f8  |..........0q....|
+00000010  c5 fe b4 96 d5 02 ee cb  f7 f8 93 34 f2 8a ed 71  |...........4...q|
+00000020  9a b7 1f 01 9d fb 6c 3f  ee 22 bb 5c b0 8c 08 f5  |......l?.".\....|
+00000030  bf 1e d3 1c 12 ec 7b 86  05 bd e5                 |......{....|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 86 3b 02  a4 5c 33 eb 57 cc 42 71  |.... .;..\3.W.Bq|
-00000010  32 81 56 00 4a b0 3b 7e  ed cd ab d9 76 2b 12 97  |2.V.J.;~....v+..|
-00000020  d6 be 22 cc 02 17 03 01  00 20 e7 53 2a b7 18 a7  |.."...... .S*...|
-00000030  6f 65 ef 20 9d 38 be 3c  f0 6c 4e 5d e9 cc ac 8c  |oe. .8.<.lN]....|
-00000040  57 7d 61 c6 23 d8 bb d4  97 15 15 03 01 00 20 c9  |W}a.#......... .|
-00000050  c1 b2 03 2b b0 a4 cb 4b  65 31 46 c4 6c e4 12 70  |...+...Ke1F.l..p|
-00000060  0e eb e8 a0 d2 1c ca 2d  4f 87 f0 16 e9 23 b0     |.......-O....#.|
+00000000  17 03 01 00 20 8a 57 b3  89 76 41 f0 b3 51 da f4  |.... .W..vA..Q..|
+00000010  e7 6a f8 46 75 77 4d 8b  67 41 f9 f9 eb a0 cd 12  |.j.FuwM.gA......|
+00000020  78 08 12 d1 7b 17 03 01  00 20 9d 44 6a dd 48 ad  |x...{.... .Dj.H.|
+00000030  0a d9 3f 80 da b1 3d b3  50 be 40 c1 85 b5 bb 59  |..?...=.P.@....Y|
+00000040  e8 b9 2a 9f f5 2e 98 d3  2b c1 15 03 01 00 20 bd  |..*.....+..... .|
+00000050  69 41 45 bb 53 de f8 b7  bf a5 87 12 02 32 1a 05  |iAE.S........2..|
+00000060  09 94 40 a5 64 b3 31 7d  0d dc 01 ff 25 ca 31     |..@.d.1}....%.1|
diff --git a/testdata/Client-TLSv10-ClientCert-RSA-RSA b/testdata/Client-TLSv10-ClientCert-RSA-RSA
index 2ad78c70..37d05fc4 100644
--- a/testdata/Client-TLSv10-ClientCert-RSA-RSA
+++ b/testdata/Client-TLSv10-ClientCert-RSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 26 fc 57 68 fc  |....]...Y..&.Wh.|
-00000010  0d a6 0d 31 5f 98 77 d2  5d 19 e1 35 55 0e 2b d1  |...1_.w.]..5U.+.|
-00000020  08 a0 f2 23 b8 8a 4a 71  58 f5 26 20 23 a6 28 5f  |...#..JqX.& #.(_|
-00000030  5b 57 e9 7d c9 14 a1 ec  75 33 8d 42 ce 0e 3e fc  |[W.}....u3.B..>.|
-00000040  0a d6 12 ef 3e f7 7b 15  8e aa 04 4a c0 13 00 00  |....>.{....J....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 71 32 68 84 f2  |....]...Y..q2h..|
+00000010  93 91 32 5b 71 e6 d1 fd  26 83 00 87 0f 56 f3 8a  |..2[q...&....V..|
+00000020  70 17 5e c9 c3 b3 ce 61  9a 1d 4d 20 85 cc 39 26  |p.^....a..M ..9&|
+00000030  32 1a 78 34 d5 d3 6c e2  df 89 f5 a0 51 2c f5 2d  |2.x4..l.....Q,.-|
+00000040  e0 17 51 e7 51 f4 61 8d  35 72 75 92 c0 13 00 00  |..Q.Q.a.5ru.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,17 +62,17 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 eb d9 23  |............ ..#|
-000002d0  5f 21 7f ab f2 ae b4 9a  c8 06 2c 2a b4 01 50 5b  |_!........,*..P[|
-000002e0  7e 57 e6 7f 03 ac 36 9f  b7 f7 2f fa 5a 00 80 7e  |~W....6.../.Z..~|
-000002f0  74 f4 01 6e cd eb f6 d9  13 72 57 57 f5 2f 8d a7  |t..n.....rWW./..|
-00000300  5a 39 7b 93 ff b1 56 98  b9 72 02 44 e9 de 4f c1  |Z9{...V..r.D..O.|
-00000310  6a 7d 6f 43 73 a8 53 91  0a 82 de 66 21 22 65 f0  |j}oCs.S....f!"e.|
-00000320  31 ff e4 e8 bc 80 7a 79  23 d1 3d b8 a5 be ff 3b  |1.....zy#.=....;|
-00000330  fc 6c f1 45 4e 59 50 29  cd 35 d3 d4 93 eb 1f 65  |.l.ENYP).5.....e|
-00000340  56 b1 e8 5f 35 a8 a6 8a  2b 02 4a 84 33 5b ff 01  |V.._5...+.J.3[..|
-00000350  d0 d1 d5 17 6c 30 e9 ce  03 cc 7c 28 25 50 0c cd  |....l0....|(%P..|
-00000360  74 55 3e cf 3f dc 9c 80  19 35 f5 36 e5 ca 9a 16  |tU>.?....5.6....|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 3a 64 e7  |............ :d.|
+000002d0  9a 59 c3 4e fc 40 5e 2f  5c 89 cd e1 94 85 4e 1f  |.Y.N.@^/\.....N.|
+000002e0  29 37 0b 53 fe 3a 13 76  56 25 2a 97 65 00 80 08  |)7.S.:.vV%*.e...|
+000002f0  1c de 63 0d 31 9b 72 7b  85 0c 03 b0 08 ea 80 a1  |..c.1.r{........|
+00000300  ee 00 03 f9 29 a3 ba 8e  c8 71 3e b4 4d b3 28 54  |....)....q>.M.(T|
+00000310  2c e7 11 3a 15 e0 43 06  f0 36 15 50 54 5e 88 48  |,..:..C..6.PT^.H|
+00000320  ac c4 68 db 83 dc 0c 22  e4 99 4a 08 2a 00 7d 19  |..h...."..J.*.}.|
+00000330  0d 74 ba 7a 27 9c 39 dc  29 41 52 cf a2 ac 29 94  |.t.z'.9.)AR...).|
+00000340  e6 b0 87 60 e5 d3 58 af  3e 8e 41 bd be 48 ba 90  |...`..X.>.A..H..|
+00000350  49 b2 b1 d3 8e b0 49 98  4a 12 70 60 c7 57 d9 a7  |I.....I.J.p`.W..|
+00000360  db dc 41 b0 dc 81 37 1b  6d ac 9c 69 12 f4 fa 16  |..A...7.m..i....|
 00000370  03 01 00 0a 0d 00 00 06  03 01 02 40 00 00 16 03  |...........@....|
 00000380  01 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
@@ -112,29 +111,29 @@
 00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 8b  21 19 8e 69 f9 f2 da 9b  |........!..i....|
-00000240  58 ce 21 ce 77 f1 c4 50  be 04 63 bc 30 ac 9e 32  |X.!.w..P..c.0..2|
-00000250  f0 43 31 36 8a 87 f9 8a  3a f8 00 48 04 07 ad e0  |.C16....:..H....|
-00000260  0d 57 d6 74 86 70 6e 30  74 97 a0 26 e1 6f dd c1  |.W.t.pn0t..&.o..|
-00000270  5b b6 c5 b0 05 35 43 aa  b3 14 fb ca 59 80 fa 4a  |[....5C.....Y..J|
-00000280  d4 be 61 b2 a7 5d f0 b4  dc 9b ee 83 b6 93 09 ca  |..a..]..........|
-00000290  82 76 a8 99 1d 85 b6 77  f4 eb 7d 4b bb 7c 5b d5  |.v.....w..}K.|[.|
-000002a0  7b 40 a9 b0 77 ad a0 8b  08 81 5c 8e 20 e2 2a 62  |{@..w.....\. .*b|
-000002b0  9f 53 28 e4 e1 a3 1d 14  03 01 00 01 01 16 03 01  |.S(.............|
-000002c0  00 30 84 88 01 5f 1e 79  9b f8 60 b3 7b 50 e0 97  |.0..._.y..`.{P..|
-000002d0  e7 94 1c 75 58 89 1e ab  20 c9 2a 35 43 af 5b e1  |...uX... .*5C.[.|
-000002e0  05 25 60 49 ec 7b fc 9f  d2 ea 77 9a fe a7 86 b8  |.%`I.{....w.....|
-000002f0  89 7d                                             |.}|
+00000230  86 0f 00 00 82 00 80 21  34 0c d8 10 ac 90 53 f9  |.......!4.....S.|
+00000240  18 52 42 05 ca e8 c7 4f  33 c4 43 4b 8e 7c e4 23  |.RB....O3.CK.|.#|
+00000250  21 6d e4 07 ef 3f 06 d1  ea 1c 9d 3b e0 d2 66 36  |!m...?.....;..f6|
+00000260  b5 c9 a1 da fe 54 fd e0  fe 0c b6 12 90 93 41 1f  |.....T........A.|
+00000270  43 00 00 e4 a4 04 14 af  00 3e 1b db 16 d6 07 4b  |C........>.....K|
+00000280  55 2f ed 55 e1 e1 a8 8b  d8 e1 fe cb 41 1d fe bc  |U/.U........A...|
+00000290  6d d9 ba 8f 2b 1c 26 19  9d 93 a9 78 fb 8a 54 59  |m...+.&....x..TY|
+000002a0  76 3b 0a df e6 71 2c c0  63 dd 22 8d c6 70 ef 0e  |v;...q,.c."..p..|
+000002b0  4f 1b 4c da 65 11 f6 14  03 01 00 01 01 16 03 01  |O.L.e...........|
+000002c0  00 30 b5 c2 b0 f3 b6 6c  4a 99 de f2 98 2f 37 2b  |.0.....lJ..../7+|
+000002d0  8a d8 ab 96 91 c2 9b cc  56 5c fb e1 4f 5b 89 09  |........V\..O[..|
+000002e0  5f 94 05 60 0e 83 b5 49  9a 15 9b 0f 5d 1a 2b a2  |_..`...I....].+.|
+000002f0  11 23                                             |.#|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 ae 8c 9b 1b 85  |..........0.....|
-00000010  41 7b 53 64 51 07 12 6b  37 c0 75 81 b0 6d 4b bd  |A{SdQ..k7.u..mK.|
-00000020  30 a3 a1 5b a3 9e 3d c3  ed 4f ac e3 67 88 ec a8  |0..[..=..O..g...|
-00000030  fb 6f 09 d5 11 8c 7b ae  39 60 0c                 |.o....{.9`.|
+00000000  14 03 01 00 01 01 16 03  01 00 30 63 a2 f0 9b 1c  |..........0c....|
+00000010  48 6d 23 54 62 b1 2a 19  e7 89 51 fd 0d 83 97 87  |Hm#Tb.*...Q.....|
+00000020  9b 73 31 11 5e 42 56 62  62 37 4d e5 e6 72 8a 6d  |.s1.^BVbb7M..r.m|
+00000030  a3 02 2b 2c 9e a5 1a 5c  34 f2 0d                 |..+,...\4..|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 ca 25 b7  cb b1 74 e5 00 c2 65 b4  |.... .%...t...e.|
-00000010  49 9d 2c c5 a4 0b be 1d  2b 49 30 96 19 f2 10 0c  |I.,.....+I0.....|
-00000020  7a c2 23 57 5b 17 03 01  00 20 39 20 09 37 f3 b0  |z.#W[.... 9 .7..|
-00000030  8f 3a 93 2f 14 6d cd d6  ec 2c 1f 2b 3f ee 13 d3  |.:./.m...,.+?...|
-00000040  72 f4 c4 36 49 a9 80 28  f1 08 15 03 01 00 20 82  |r..6I..(...... .|
-00000050  c8 e7 e5 a1 c0 78 da 98  8a ad 93 da cb cc 9e a8  |.....x..........|
-00000060  c6 60 ec 50 fa d2 25 38  6b e3 5d 0d 1c c7 15     |.`.P..%8k.]....|
+00000000  17 03 01 00 20 63 1a 2c  25 27 68 ed de ba 94 52  |.... c.,%'h....R|
+00000010  73 f2 7a 28 ed 8c e9 3f  a2 48 9a 07 62 22 27 6d  |s.z(...?.H..b"'m|
+00000020  4e be ba e4 67 17 03 01  00 20 1d ee ac 7c fc a7  |N...g.... ...|..|
+00000030  df 74 93 16 c6 ec 58 5e  04 5d 2e 98 0a ba 52 4f  |.t....X^.]....RO|
+00000040  a0 02 c5 79 c3 d6 f0 ab  8d 33 15 03 01 00 20 bb  |...y.....3.... .|
+00000050  54 a6 65 a7 c9 03 e7 83  ae a1 f3 26 9f 73 76 6b  |T.e........&.svk|
+00000060  e6 1e f7 e0 76 e5 ca 9f  c8 87 14 ac 27 f1 e3     |....v.......'..|
diff --git a/testdata/Client-TLSv10-ECDHE-ECDSA-AES b/testdata/Client-TLSv10-ECDHE-ECDSA-AES
index b8f32392..a8593e24 100644
--- a/testdata/Client-TLSv10-ECDHE-ECDSA-AES
+++ b/testdata/Client-TLSv10-ECDHE-ECDSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 65 75 f4 83 d3  |....]...Y..eu...|
-00000010  95 a2 e3 96 5d 70 09 f1  ab 22 18 3d f6 9c 27 b2  |....]p...".=..'.|
-00000020  f0 4f 17 eb f4 6a 32 4d  1f 02 59 20 75 b7 a4 c8  |.O...j2M..Y u...|
-00000030  66 a9 4b 54 d3 0b 8b 82  38 24 31 8a 01 71 95 06  |f.KT....8$1..q..|
-00000040  a9 4f dd b2 d4 42 25 77  8c 91 87 48 c0 09 00 00  |.O...B%w...H....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 3e 61 ab b7 94  |....]...Y..>a...|
+00000010  d9 7c 76 db 26 b6 fc 86  00 8f c4 af bd c6 1a 22  |.|v.&.........."|
+00000020  dd 72 ce 5d 2a 4c d8 61  a1 20 6b 20 c9 82 ca c9  |.r.]*L.a. k ....|
+00000030  99 59 80 37 6c 01 d2 b3  b5 0d 68 9f 65 b0 15 7d  |.Y.7l.....h.e..}|
+00000040  a6 b0 15 b0 49 5a ae 38  d2 77 5e 06 c0 09 00 00  |....IZ.8.w^.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,37 +57,37 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 01  00 b3 0c 00 00 af 03 00  |....*...........|
-00000280  1d 20 37 88 b4 b9 cb 5f  71 5e 4c 36 59 f1 37 97  |. 7...._q^L6Y.7.|
-00000290  ec 3e 16 c8 ac 23 61 8d  fe 75 14 ff 33 eb db 04  |.>...#a..u..3...|
-000002a0  7a 17 00 89 30 81 86 02  41 50 a1 8b 98 a0 b9 21  |z...0...AP.....!|
-000002b0  22 23 a1 ce 76 85 6e 7a  40 ce 2c 65 bc 3c 89 e6  |"#..v.nz@.,e.<..|
-000002c0  1c 74 1e a9 1d 6c c7 60  99 b5 68 62 74 84 0d 7c  |.t...l.`..hbt..||
-000002d0  a3 06 61 b1 d2 9a 5c 3e  92 39 d7 ac be 1d ac ff  |..a...\>.9......|
-000002e0  18 e7 76 29 f1 d2 8f 97  6e 44 02 41 07 e1 ee a8  |..v)....nD.A....|
-000002f0  cc 89 7d a5 6e e5 32 52  51 72 ff dc 9e 77 e2 c8  |..}.n.2RQr...w..|
-00000300  18 07 1e 6e fa 4a b2 05  f8 a5 e6 21 76 90 ba e4  |...n.J.....!v...|
-00000310  9f b4 2a 03 c5 86 07 58  aa 4a c2 d8 24 c9 a5 e0  |..*....X.J..$...|
-00000320  d7 04 0e 41 33 3c b7 e2  82 f1 05 0d 6a 16 03 01  |...A3<......j...|
-00000330  00 04 0e 00 00 00                                 |......|
+00000270  95 12 07 8f 2a 16 03 01  00 b5 0c 00 00 b1 03 00  |....*...........|
+00000280  1d 20 73 36 95 70 b0 c6  fd c6 cf 68 f3 77 1e 46  |. s6.p.....h.w.F|
+00000290  c2 22 3e f8 e6 f4 37 82  73 8e 8d ec 40 64 0d a9  |.">...7.s...@d..|
+000002a0  f7 6f 00 8b 30 81 88 02  42 01 2f 8b 24 b7 24 65  |.o..0...B./.$.$e|
+000002b0  6e f8 a3 55 53 3f da 67  a2 b6 35 b3 ef 8b 87 39  |n..US?.g..5....9|
+000002c0  2f 44 e8 a6 9d 2c 16 c1  82 a9 a9 f6 20 0f 1b 36  |/D...,...... ..6|
+000002d0  32 b8 7a 96 2d 5a b0 4d  43 53 ec c9 06 82 83 0e  |2.z.-Z.MCS......|
+000002e0  fb 0b 8c f8 0b 47 b6 dd  19 4c 96 02 42 01 c6 7e  |.....G...L..B..~|
+000002f0  20 9e d9 2f 33 1f 5f 25  bc 79 a3 df 96 9d e0 05  | ../3._%.y......|
+00000300  d7 72 75 29 7d b3 f2 0a  5e 81 39 71 b7 f9 68 e8  |.ru)}...^.9q..h.|
+00000310  82 07 93 80 88 31 77 2c  db 8b 58 49 28 c5 7b c1  |.....1w,..XI(.{.|
+00000320  e3 84 3c b9 08 2e a0 ab  66 12 b9 3c b9 a2 e8 16  |..<.....f..<....|
+00000330  03 01 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 8b de e9  e0 3d 21 29 46 07 eb da  |....0....=!)F...|
-00000040  60 6a 55 37 05 9c 94 e1  46 1f 12 a0 76 b6 0f 45  |`jU7....F...v..E|
-00000050  9d ad ee 69 ae 01 74 9f  de d4 d1 67 a5 0b 57 48  |...i..t....g..WH|
-00000060  69 c3 e6 2d ad                                    |i..-.|
+00000030  16 03 01 00 30 9a 24 ee  81 ee 6e b3 fe ab 63 04  |....0.$...n...c.|
+00000040  ae b1 1b 11 91 b0 cc 45  b8 67 74 9e 92 15 fd b1  |.......E.gt.....|
+00000050  b4 49 49 b4 f4 a5 61 01  1b ec 91 23 ec c0 98 8d  |.II...a....#....|
+00000060  ee 21 fd 29 95                                    |.!.).|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 f7 8f 4a 28 80  |..........0..J(.|
-00000010  4c 9b cb 02 39 81 a4 19  84 d9 b3 64 48 4d a6 2b  |L...9......dHM.+|
-00000020  20 6a 1e 9d 6f d2 39 53  1a f4 27 0e dc 92 ec 71  | j..o.9S..'....q|
-00000030  7d 48 66 67 6a 51 68 e4  7c 68 63                 |}HfgjQh.|hc|
+00000000  14 03 01 00 01 01 16 03  01 00 30 74 d2 f1 68 1e  |..........0t..h.|
+00000010  1e 11 8a eb 51 ae a6 19  af 60 09 c4 85 65 3e 71  |....Q....`...e>q|
+00000020  af d0 94 14 c3 80 18 91  72 23 97 26 f8 91 2f d6  |........r#.&../.|
+00000030  65 3c 02 06 10 d0 bb e7  92 57 b0                 |e<.......W.|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 ca ea fd  d5 01 d1 47 40 a5 57 4f  |.... ......G@.WO|
-00000010  b0 80 29 e5 a0 4a f2 09  34 02 46 10 45 3a 05 42  |..)..J..4.F.E:.B|
-00000020  0f 19 eb a2 33 17 03 01  00 20 34 92 d3 ed e4 50  |....3.... 4....P|
-00000030  13 e9 5c 65 01 fc c1 a3  28 77 c8 d6 2c 11 7f 68  |..\e....(w..,..h|
-00000040  b9 08 51 53 c9 f3 d3 4e  9a 24 15 03 01 00 20 07  |..QS...N.$.... .|
-00000050  4d 53 0a 85 d4 49 c4 7b  a2 4c 38 8d cc 8e 2a dd  |MS...I.{.L8...*.|
-00000060  24 da 28 07 f8 4b c5 2c  d2 15 e2 b5 b9 56 b1     |$.(..K.,.....V.|
+00000000  17 03 01 00 20 bf f3 92  9c 91 50 02 1e d2 29 17  |.... .....P...).|
+00000010  2c 5d 5f 43 c9 de 49 db  7b 0b bf eb 77 c5 9a 37  |,]_C..I.{...w..7|
+00000020  c7 e1 c3 83 a3 17 03 01  00 20 df 80 0b 7e 80 39  |......... ...~.9|
+00000030  b3 46 d8 7c 09 7a a8 c1  3a 04 77 2f 94 30 eb 8e  |.F.|.z..:.w/.0..|
+00000040  5d 56 08 95 bb 50 80 76  4b e7 15 03 01 00 20 0e  |]V...P.vK..... .|
+00000050  91 ba 25 bb d6 f6 ee 42  e0 8e 08 a1 7f d5 8f e3  |..%....B........|
+00000060  18 05 85 24 b6 0c 81 80  98 89 ae 2c 04 0e 8a     |...$.......,...|
diff --git a/testdata/Client-TLSv10-ECDHE-RSA-AES b/testdata/Client-TLSv10-ECDHE-RSA-AES
index 9790da47..b73fd761 100644
--- a/testdata/Client-TLSv10-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv10-ECDHE-RSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 2d 3f 4f 1e 90  |....]...Y..-?O..|
-00000010  6e 65 37 1c 8e a3 17 98  72 de 49 69 4d b9 61 c9  |ne7.....r.IiM.a.|
-00000020  20 c2 92 6f 4f d1 a8 dc  61 71 4d 20 67 dc 24 8f  | ..oO...aqM g.$.|
-00000030  59 12 a0 19 ab ca e1 3a  44 e7 b3 32 bd 7d 04 96  |Y......:D..2.}..|
-00000040  41 1a 44 f6 fb 60 14 8f  6f f8 0e 69 c0 13 00 00  |A.D..`..o..i....|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 79 f2 d6 96 d6  |....]...Y..y....|
+00000010  6d c9 a1 7a 04 ba 6d 7d  29 8d 91 3f 8e 2e 17 0f  |m..z..m})..?....|
+00000020  c8 c4 3a e1 3c 64 00 28  f8 21 9d 20 16 7b 80 30  |..:.<d.(.!. .{.0|
+00000030  33 a7 f9 1e 06 c5 10 54  85 a0 54 dc 2d 77 09 49  |3......T..T.-w.I|
+00000040  ed d2 1c 0e 52 1f ff 7a  23 19 aa 1c c0 13 00 00  |....R..z#.......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,36 +62,36 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 91 5b 49  |............ .[I|
-000002d0  6b 53 81 6a 82 c4 1b db  31 cd d9 3a aa e4 a3 a8  |kS.j....1..:....|
-000002e0  76 8d 29 ba a4 27 eb fe  19 98 de 4c 20 00 80 71  |v.)..'.....L ..q|
-000002f0  a2 66 8e 70 55 ec 04 3c  dd 5a 5e 79 fb 25 2b af  |.f.pU..<.Z^y.%+.|
-00000300  dc aa 47 03 9b c3 99 d2  20 83 81 cb 82 68 8e 62  |..G..... ....h.b|
-00000310  26 90 78 d0 8c 9c 49 87  34 22 c1 0c 73 a8 de 79  |&.x...I.4"..s..y|
-00000320  3c 73 e9 49 15 f0 63 17  19 bb cb 5f 97 c6 20 80  |<s.I..c...._.. .|
-00000330  22 82 1e d0 be 40 da 53  84 53 43 cb ff 24 56 28  |"....@.S.SC..$V(|
-00000340  58 ec 85 47 3e ce eb f3  cb d6 26 9a 83 3b 4b 88  |X..G>.....&..;K.|
-00000350  15 96 f8 84 30 6d b9 e3  44 c4 45 57 aa d1 53 9e  |....0m..D.EW..S.|
-00000360  cc c9 09 c2 1b 17 0d 8f  f7 d7 0e 9d 86 33 60 16  |.............3`.|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 69 9e db  |............ i..|
+000002d0  5f 4b 5e 7d 1e 00 1e 91  a6 49 81 e3 d9 ee ea 5e  |_K^}.....I.....^|
+000002e0  5c 40 f0 68 fd dd eb 6e  e4 85 58 91 70 00 80 8e  |\@.h...n..X.p...|
+000002f0  d6 64 01 3a 56 c2 58 5c  60 28 bc f6 bd 1e bf 73  |.d.:V.X\`(.....s|
+00000300  21 b8 1a ea fb c2 df d5  f1 b9 4d d7 6f 1c 8b 24  |!.........M.o..$|
+00000310  99 35 a5 ef 20 75 00 3e  83 34 da 40 4e ec e3 43  |.5.. u.>.4.@N..C|
+00000320  04 a4 f2 1e bb 97 23 3e  21 32 88 43 80 99 ec 43  |......#>!2.C...C|
+00000330  66 c3 09 87 1e e2 ad bb  c3 1c db f7 9a 59 3a a8  |f............Y:.|
+00000340  46 43 b6 3d 9a 6e c3 42  5b 1a 7d 85 dc db 96 cc  |FC.=.n.B[.}.....|
+00000350  8d 06 cc 08 d2 f0 09 c3  c6 ed 5f 3b f6 b0 a3 69  |.........._;...i|
+00000360  6c a8 9a a5 ef ad 59 c1  07 96 e8 34 1d f0 d9 16  |l.....Y....4....|
 00000370  03 01 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 16 75 14  eb 02 a0 e1 02 79 5f fe  |....0.u......y_.|
-00000040  fe e6 89 69 f1 5b 57 01  58 0f 4c 7d 4e 27 ed ae  |...i.[W.X.L}N'..|
-00000050  b8 b2 b9 53 24 f1 f1 d0  0b f2 d2 a0 21 ca 68 37  |...S$.......!.h7|
-00000060  26 56 78 68 5c                                    |&Vxh\|
+00000030  16 03 01 00 30 d1 17 2f  22 e5 fa 78 a0 b3 d3 22  |....0../"..x..."|
+00000040  ab cb d2 54 52 e6 b2 74  11 bd 3c 69 9a 71 e8 69  |...TR..t..<i.q.i|
+00000050  1a cd 13 09 72 53 7c 6c  49 24 69 71 73 38 6a b6  |....rS|lI$iqs8j.|
+00000060  a6 c5 e7 53 53                                    |...SS|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 0b c7 b6 d7 69  |..........0....i|
-00000010  7a f5 d7 06 f7 e3 78 7b  35 44 c0 88 4d c2 c7 6f  |z.....x{5D..M..o|
-00000020  93 0c 61 32 10 47 08 0d  e3 44 4f 1a 71 80 e3 96  |..a2.G...DO.q...|
-00000030  15 b4 f0 29 b5 d3 7a 78  94 9e a2                 |...)..zx...|
+00000000  14 03 01 00 01 01 16 03  01 00 30 d1 2e 43 5c f7  |..........0..C\.|
+00000010  fc 5f 96 b7 e6 84 60 08  aa b3 22 d1 d9 e2 f3 4d  |._....`..."....M|
+00000020  c8 44 62 9b fa 0e 18 7c  84 fe 1e 75 09 4a f4 94  |.Db....|...u.J..|
+00000030  67 03 91 79 90 26 70 2d  0e 97 6a                 |g..y.&p-..j|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 aa 76 ee  c2 22 9f 8a 31 45 7e 10  |.... .v.."..1E~.|
-00000010  97 00 68 2f 54 fa d9 a9  ad 6a 22 0b 85 c9 f7 f6  |..h/T....j".....|
-00000020  18 02 59 10 51 17 03 01  00 20 23 9e 9f 87 02 fd  |..Y.Q.... #.....|
-00000030  6f d9 22 8d d3 db 4a 42  ac 9b 9a 69 7e 54 20 ab  |o."...JB...i~T .|
-00000040  72 29 4f 06 c6 d2 54 a9  9f 46 15 03 01 00 20 06  |r)O...T..F.... .|
-00000050  51 cd cd 83 a9 ce c5 18  4f 5c 0f a6 68 5b c2 07  |Q.......O\..h[..|
-00000060  31 59 c1 2a bd 4e 21 be  63 5f 29 49 a7 30 4e     |1Y.*.N!.c_)I.0N|
+00000000  17 03 01 00 20 c9 ce 68  cc e9 a7 f7 1f 3c 19 76  |.... ..h.....<.v|
+00000010  4e a6 2d 64 86 4d 35 9b  5e 5b 8b c7 a1 15 d9 d4  |N.-d.M5.^[......|
+00000020  5e 59 67 df 4d 17 03 01  00 20 26 09 76 e2 16 41  |^Yg.M.... &.v..A|
+00000030  a3 7f 3e 8e cc 75 ab a0  cf e1 42 8d 3c 51 d4 bb  |..>..u....B.<Q..|
+00000040  58 c9 a3 06 9d c5 c2 0a  16 76 15 03 01 00 20 47  |X........v.... G|
+00000050  88 af fd bd f1 91 80 6b  38 41 9e 79 f0 ff d9 6e  |.......k8A.y...n|
+00000060  a1 76 93 a3 aa 9f a5 00  c3 01 1f 2b 34 21 b2     |.v.........+4!.|
diff --git a/testdata/Client-TLSv10-ExportKeyingMaterial b/testdata/Client-TLSv10-ExportKeyingMaterial
index 6c83cc33..0a563ce1 100644
--- a/testdata/Client-TLSv10-ExportKeyingMaterial
+++ b/testdata/Client-TLSv10-ExportKeyingMaterial
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 5d 02 00 00  59 03 01 6f 7c ae 3c cc  |....]...Y..o|.<.|
-00000010  76 04 54 ef 3c b8 48 b2  c3 fb 68 9d a3 91 e1 43  |v.T.<.H...h....C|
-00000020  a1 d5 a0 fa 87 1c ed 6b  9c 14 da 20 c6 25 eb 72  |.......k... .%.r|
-00000030  1c 0f c4 96 6a 75 ed 73  f9 20 75 8a 58 ca 5d 72  |....ju.s. u.X.]r|
-00000040  3d 97 a2 3e e5 36 c5 04  f2 01 c7 1f c0 13 00 00  |=..>.6..........|
+00000000  16 03 01 00 5d 02 00 00  59 03 01 97 c9 b8 e6 c1  |....]...Y.......|
+00000010  0e b3 68 29 30 ed ff df  a6 f3 cd b7 e0 80 a9 76  |..h)0..........v|
+00000020  84 1b 45 bb 42 29 e0 c8  7f 52 4b 20 95 97 03 66  |..E.B)...RK ...f|
+00000030  6b 45 44 7c 5d 4b 9e 47  fc 72 53 5d 3c 8a 28 6e  |kED|]K.G.rS]<.(n|
+00000040  bc 40 6d c3 96 67 f9 f2  72 ec 6d 0d c0 13 00 00  |.@m..g..r.m.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 01 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,36 +62,36 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 71 f2 c9  |............ q..|
-000002d0  aa 88 45 b7 8a 34 c8 0b  f4 09 5d fb c2 a2 27 ad  |..E..4....]...'.|
-000002e0  48 86 ba 5f c7 a6 55 10  a4 ef 9c 45 4e 00 80 b8  |H.._..U....EN...|
-000002f0  82 3a a3 50 23 f2 a5 b2  69 fd 5b 36 b0 7a 16 6d  |.:.P#...i.[6.z.m|
-00000300  b7 7a df 77 bd 11 48 27  6c f5 7c 41 9c 66 50 13  |.z.w..H'l.|A.fP.|
-00000310  1e 57 c5 28 79 2f 55 41  63 18 12 b6 d1 d9 6a 7b  |.W.(y/UAc.....j{|
-00000320  77 fe 95 44 16 f3 e5 6f  f3 6c 39 15 da f5 bd 13  |w..D...o.l9.....|
-00000330  35 fc dc ce 4e 7c 89 ae  46 d0 d5 5a b2 d2 d8 28  |5...N|..F..Z...(|
-00000340  b2 e0 d8 6b 09 ed 4a 17  78 27 8d c4 14 26 86 6d  |...k..J.x'...&.m|
-00000350  2d 15 9e ec a9 09 11 71  1f b8 5b a8 24 33 55 09  |-......q..[.$3U.|
-00000360  b1 b6 4d 55 b4 06 63 c5  89 a6 9d e1 19 41 b2 16  |..MU..c......A..|
+000002c0  16 03 01 00 aa 0c 00 00  a6 03 00 1d 20 15 0b 17  |............ ...|
+000002d0  fd fb 69 3e 44 71 3c 68  b2 6a 99 9e 8c 57 ba e8  |..i>Dq<h.j...W..|
+000002e0  6c 28 ea 32 77 7a de f0  f6 09 3b 96 49 00 80 03  |l(.2wz....;.I...|
+000002f0  f0 bb 3e e2 24 9b 60 ec  91 09 f9 39 de fc b6 5a  |..>.$.`....9...Z|
+00000300  12 2c c9 3e a7 db 25 ab  32 32 e4 79 9e 0a 9f 98  |.,.>..%.22.y....|
+00000310  99 cd be b3 28 34 40 e1  78 3e 3d 20 35 74 79 7f  |....(4@.x>= 5ty.|
+00000320  f6 c5 5d 4c 54 30 1d 64  31 49 78 bd a2 cb 62 5a  |..]LT0.d1Ix...bZ|
+00000330  89 1a bf 65 bf 7f 1c ff  7d 61 6c 7d d2 76 8c 9e  |...e....}al}.v..|
+00000340  e4 80 56 7d 96 79 48 36  ca c0 99 db 9b ea 3a e7  |..V}.yH6......:.|
+00000350  a7 fe cb ed d8 3b 34 8c  be d5 ee be 59 d5 e2 5f  |.....;4.....Y.._|
+00000360  59 17 f3 57 29 eb c8 0e  ed 1a 06 79 c0 3c 16 16  |Y..W)......y.<..|
 00000370  03 01 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 9e df 6e  5c c6 25 f6 20 e1 0d 34  |....0..n\.%. ..4|
-00000040  c8 a7 38 07 20 b7 fc e2  4d da 40 7f 29 38 7b 42  |..8. ...M.@.)8{B|
-00000050  af 9b 6f 14 a7 68 15 2e  a0 53 67 73 19 ef 08 c3  |..o..h...Sgs....|
-00000060  d0 c5 af cf b6                                    |.....|
+00000030  16 03 01 00 30 c6 d7 ad  2c 52 90 50 3c 50 ec 66  |....0...,R.P<P.f|
+00000040  0d 54 6a 04 3c 8c 13 07  0c cd fa be 16 01 21 13  |.Tj.<.........!.|
+00000050  45 82 ab 25 44 68 d4 b4  fc 7c 86 a9 5b 2d 2b ca  |E..%Dh...|..[-+.|
+00000060  66 c6 0d 6e 5d                                    |f..n]|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 5c e5 b5 c2 ef  |..........0\....|
-00000010  6e 64 45 f9 c8 0f 9f 6a  41 b8 47 ad f5 25 af e5  |ndE....jA.G..%..|
-00000020  4c 78 86 dc b9 25 c3 0c  69 f7 41 ec 94 a8 06 4c  |Lx...%..i.A....L|
-00000030  b5 37 f8 17 b8 34 37 c2  7c ff d3                 |.7...47.|..|
+00000000  14 03 01 00 01 01 16 03  01 00 30 8c a1 03 f1 fb  |..........0.....|
+00000010  fe f8 1b 43 7b fb 10 59  c3 ed b3 34 b9 74 e1 89  |...C{..Y...4.t..|
+00000020  7f 5c 9b 81 b1 4f 13 bf  67 c5 87 92 31 96 7f e7  |.\...O..g...1...|
+00000030  35 7b b0 da 2c 79 2e be  43 f4 cf                 |5{..,y..C..|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 20 98 c1 0e  51 02 22 68 39 62 1d 2f  |.... ...Q."h9b./|
-00000010  79 46 0d 97 2c c1 1f 9b  aa cd 21 d8 7f c9 d6 bf  |yF..,.....!.....|
-00000020  f3 ef 94 ad 18 17 03 01  00 20 59 0c 3e 4e c7 ac  |......... Y.>N..|
-00000030  d2 2e 01 b9 39 69 09 ac  76 ce d8 6e e9 ea 6f 09  |....9i..v..n..o.|
-00000040  23 f4 75 4f 20 c0 a9 a8  8f 21 15 03 01 00 20 e5  |#.uO ....!.... .|
-00000050  e1 6c 39 c4 51 0a 13 b1  ec ef 75 ce e0 b8 d5 08  |.l9.Q.....u.....|
-00000060  22 22 b1 d0 61 78 c8 7d  3c 9c f2 bf 08 12 89     |""..ax.}<......|
+00000000  17 03 01 00 20 61 e8 5a  b2 15 88 f2 f9 e2 09 61  |.... a.Z.......a|
+00000010  53 a5 7f 79 4b e8 c7 8d  a9 5d 29 bf b9 0a 1d f7  |S..yK....]).....|
+00000020  90 9f 3b 89 39 17 03 01  00 20 86 93 3b 08 7f 77  |..;.9.... ..;..w|
+00000030  55 e5 51 06 ca 0e 80 96  9d 40 73 55 45 18 28 c7  |U.Q......@sUE.(.|
+00000040  54 6a d8 15 d7 67 1e 4b  52 1e 15 03 01 00 20 56  |Tj...g.KR..... V|
+00000050  d8 23 be 5a 8a a8 a4 8f  13 2f f0 34 24 90 96 87  |.#.Z...../.4$...|
+00000060  59 48 3f 76 77 47 d5 eb  4d cb 80 00 bc 11 cf     |YH?vwG..M......|
diff --git a/testdata/Client-TLSv10-RSA-RC4 b/testdata/Client-TLSv10-RSA-RC4
index cf9ec918..c217b111 100644
--- a/testdata/Client-TLSv10-RSA-RC4
+++ b/testdata/Client-TLSv10-RSA-RC4
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 01 00 55 02 00 00  51 03 01 2a bd da 4f 4d  |....U...Q..*..OM|
-00000010  29 da 36 8a ab 13 02 82  da 2e 53 56 77 18 69 8a  |).6.......SVw.i.|
-00000020  52 ab b2 36 83 38 80 ca  5b 10 38 20 66 2c a6 cf  |R..6.8..[.8 f,..|
-00000030  90 d0 b5 23 0a 4f ac d8  04 09 b3 3a 87 56 f5 8e  |...#.O.....:.V..|
-00000040  68 11 9c 41 2c 3e 14 ea  b8 ad e3 c4 00 05 00 00  |h..A,>..........|
+00000000  16 03 01 00 55 02 00 00  51 03 01 6a dd d7 0d bb  |....U...Q..j....|
+00000010  bd b4 9c de 87 94 32 27  fa 4b 66 e0 8b 95 f2 11  |......2'.Kf.....|
+00000020  a0 a5 30 15 34 6f 76 6b  f7 23 ec 20 ef 7d 52 7d  |..0.4ovk.#. .}R}|
+00000030  2c 3b 30 1b f2 16 e7 8f  b6 62 64 79 51 5b 31 36  |,;0......bdyQ[16|
+00000040  b7 59 b1 f9 d5 26 d6 21  94 ff 7f bd 00 05 00 00  |.Y...&.!........|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 01 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -74,15 +73,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 01 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 01 00 24 e7 0e  d1 a9 78 47 47 d3 9e c7  |.....$....xGG...|
-000000a0  76 6d f7 e7 5e b6 df ff  e0 e8 2f a6 9d b4 70 eb  |vm..^...../...p.|
-000000b0  06 00 c9 0e 42 f6 3f 2f  23 83                    |....B.?/#.|
+00000090  01 16 03 01 00 24 0e 49  42 d7 a8 ca 08 09 a6 63  |.....$.IB......c|
+000000a0  0f b1 4b 06 30 37 5e cb  3a c8 d6 ce f9 9c bf 2f  |..K.07^.:....../|
+000000b0  4a c1 c7 fb 2e 02 a6 b0  de ed                    |J.........|
 >>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 24 3f 6d ab 1f 62  |..........$?m..b|
-00000010  0c 70 c8 df ea 23 f2 36  cf a3 01 89 f2 c4 d6 56  |.p...#.6.......V|
-00000020  59 ac 59 13 24 40 31 19  2b 66 ad d3 5d b7 a4     |Y.Y.$@1.+f..]..|
+00000000  14 03 01 00 01 01 16 03  01 00 24 ea 96 7b ce ae  |..........$..{..|
+00000010  69 a8 0d 6d 0c af a7 4f  5f 27 8d 2a 99 38 18 5a  |i..m...O_'.*.8.Z|
+00000020  f4 4f 67 56 0a 6a f5 fc  f5 ee a0 44 01 b0 d0     |.OgV.j.....D...|
 >>> Flow 5 (client to server)
-00000000  17 03 01 00 1a a0 8c 45  7f 0d 75 48 6f 15 7b af  |.......E..uHo.{.|
-00000010  6c e5 d2 10 c6 f2 ba 1e  09 50 83 40 f2 96 7c 15  |l........P.@..|.|
-00000020  03 01 00 16 53 b3 bd 98  38 ed 20 35 0a 5a 03 f3  |....S...8. 5.Z..|
-00000030  49 5c 69 85 4d ae 7e f9  fc 9d                    |I\i.M.~...|
+00000000  17 03 01 00 1a d3 71 0b  8e 0d d4 e0 06 04 e2 30  |......q........0|
+00000010  59 2c fe 84 81 45 1c e4  59 90 b1 b1 11 85 cb 15  |Y,...E..Y.......|
+00000020  03 01 00 16 ad 5d 98 96  4e 9d 83 af b0 50 64 77  |.....]..N....Pdw|
+00000030  62 a1 2b 1a 63 59 16 9e  60 da                    |b.+.cY..`.|
diff --git a/testdata/Client-TLSv11-ECDHE-ECDSA-AES b/testdata/Client-TLSv11-ECDHE-ECDSA-AES
index 3a5fa10a..dbaefe8e 100644
--- a/testdata/Client-TLSv11-ECDHE-ECDSA-AES
+++ b/testdata/Client-TLSv11-ECDHE-ECDSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 5d 02 00 00  59 03 02 2b 28 48 86 02  |....]...Y..+(H..|
-00000010  ae 35 61 75 02 0b ea 8c  a1 3b ea c3 6c 26 e6 8d  |.5au.....;..l&..|
-00000020  a0 49 0c 96 f2 a4 75 b6  5d f5 29 20 ff 34 87 5d  |.I....u.].) .4.]|
-00000030  f9 ca 98 f2 49 10 3b 98  ff 30 5f a4 28 0d 9b d1  |....I.;..0_.(...|
-00000040  60 02 7b fe a0 b8 7e 40  4e fb 45 54 c0 09 00 00  |`.{...~@N.ET....|
+00000000  16 03 02 00 5d 02 00 00  59 03 02 14 c4 6e 18 e9  |....]...Y....n..|
+00000010  5b 74 0d 7f 05 01 75 e3  a3 af 90 f0 ea e3 a8 f0  |[t....u.........|
+00000020  6e b5 7d 29 97 4d f3 7e  e9 06 20 20 ba 37 13 9f  |n.}).M.~..  .7..|
+00000030  4e dd 10 6d 52 96 14 d0  93 3b 99 5b c2 cd f3 9c  |N..mR....;.[....|
+00000040  48 c1 12 78 c2 e5 e7 9d  a1 d6 b4 da c0 09 00 00  |H..x............|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 02 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,39 +57,39 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 02  00 b4 0c 00 00 b0 03 00  |....*...........|
-00000280  1d 20 33 24 10 dd 39 bf  dd 42 80 f9 51 75 5d d5  |. 3$..9..B..Qu].|
-00000290  e3 97 b0 70 c8 9a e5 3c  90 5a f6 84 e7 17 2e d4  |...p...<.Z......|
-000002a0  71 6e 00 8a 30 81 87 02  42 01 f3 ed 17 7f 96 9d  |qn..0...B.......|
-000002b0  52 49 6b fd fb 94 28 67  8d 2f 75 7c 59 31 d1 b7  |RIk...(g./u|Y1..|
-000002c0  61 ed 94 c6 1a df 49 e6  9f 19 f1 54 0f 28 2f 3b  |a.....I....T.(/;|
-000002d0  18 fc 73 61 6d 7c 7e dd  61 80 d7 98 2e 20 6a 54  |..sam|~.a.... jT|
-000002e0  37 23 2b d7 11 e0 fa a4  98 49 78 02 41 39 49 af  |7#+......Ix.A9I.|
-000002f0  f9 28 5c 2b 50 0d 6e be  13 17 df 9a fb d0 71 9c  |.(\+P.n.......q.|
-00000300  6c 43 eb 09 90 ce 09 bd  f3 54 9f 73 da c7 ef f3  |lC.......T.s....|
-00000310  df 36 0e 75 d5 cc 4d 42  a5 d8 4c f9 e9 32 b9 90  |.6.u..MB..L..2..|
-00000320  9f fd 6c 70 bc d6 cf 73  b6 0b f0 db 55 d6 16 03  |..lp...s....U...|
-00000330  02 00 04 0e 00 00 00                              |.......|
+00000270  95 12 07 8f 2a 16 03 02  00 b5 0c 00 00 b1 03 00  |....*...........|
+00000280  1d 20 d1 90 13 d3 6d b1  e1 ec a3 e1 8b a1 d6 a6  |. ....m.........|
+00000290  40 ac 8e cf 6e 42 06 7d  a8 80 9a 9e a8 06 00 84  |@...nB.}........|
+000002a0  69 1f 00 8b 30 81 88 02  42 01 b6 ba 66 1c de c4  |i...0...B...f...|
+000002b0  8b a1 4a a7 0e f5 cb aa  5c 76 65 59 ba bb e2 7f  |..J.....\veY....|
+000002c0  a5 ee 91 26 77 40 e9 5d  25 73 5a d6 f9 b4 aa ac  |...&w@.]%sZ.....|
+000002d0  c8 bd 2b a4 95 b3 ef e0  c7 bb f1 d0 5e da 76 34  |..+.........^.v4|
+000002e0  a4 34 5b 6c d6 c8 3b 13  b1 d0 12 02 42 01 e1 18  |.4[l..;.....B...|
+000002f0  d5 90 79 c5 06 00 6b 7a  86 19 e0 2f 67 49 db 9e  |..y...kz.../gI..|
+00000300  4a 74 07 30 51 15 7b a1  01 89 9c 94 d8 17 18 a6  |Jt.0Q.{.........|
+00000310  31 aa fb 4b 57 24 52 00  41 1d cc 36 89 6e b4 ed  |1..KW$R.A..6.n..|
+00000320  fc 23 33 63 dd 94 3b 40  6f f1 af d7 78 27 0c 16  |.#3c..;@o...x'..|
+00000330  03 02 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
 00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 2b 2a 78  3f 77 6c 2d e6 26 0f ac  |.....+*x?wl-.&..|
-00000050  c3 d8 c9 0f c0 3d c7 7c  e4 08 da 9c af 0f 88 4c  |.....=.|.......L|
-00000060  2f 8e c0 96 78 a4 1f 2c  73 8c 7d 93 28 d1 ce e2  |/...x..,s.}.(...|
-00000070  06 74 35 9d ba                                    |.t5..|
+00000040  00 00 00 00 00 bd f5 0b  25 31 b7 e6 3f 74 dc 39  |........%1..?t.9|
+00000050  c8 a4 f5 3f 78 f5 6f 66  1b 59 53 51 40 d2 e1 14  |...?x.of.YSQ@...|
+00000060  56 96 ea 1f 08 30 3f 66  ca e4 e4 a0 b5 9f 60 9b  |V....0?f......`.|
+00000070  f8 b0 c7 b8 79                                    |....y|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 a7 8b 1b c5 b8  |..........@.....|
-00000010  b6 44 7d 9b 34 e7 c7 f1  d2 c6 19 e8 13 d4 0a b1  |.D}.4...........|
-00000020  07 ae 88 d1 7b 34 ca 0e  84 ab b3 e5 d6 13 22 22  |....{4........""|
-00000030  2b 1c e6 c9 2e b6 15 46  55 7d 2c 34 69 2b 06 62  |+......FU},4i+.b|
-00000040  d9 ef ce da d7 c8 98 3a  e5 23 87                 |.......:.#.|
+00000000  14 03 02 00 01 01 16 03  02 00 40 68 2d 60 78 1b  |..........@h-`x.|
+00000010  a7 b8 28 3a 2b f5 cd b8  ef 4e 8e ab 3c d5 67 7b  |..(:+....N..<.g{|
+00000020  1f 29 9e 59 de ca 43 3a  4c 0c f5 70 43 cb 0b 40  |.).Y..C:L..pC..@|
+00000030  69 a3 7c f7 1a 3b 48 2f  b8 a2 7c b4 4a 03 36 2a  |i.|..;H/..|.J.6*|
+00000040  24 c9 78 9a 06 6e 18 2e  4a c0 54                 |$.x..n..J.T|
 >>> Flow 5 (client to server)
 00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 8f de 5e  92 28 7d 7d 8a 7e 48 40  |.......^.(}}.~H@|
-00000020  9b a6 8c 13 d3 fe 71 c9  d7 f9 a8 3a 06 64 da f2  |......q....:.d..|
-00000030  dc cf 69 f2 4b 15 03 02  00 30 00 00 00 00 00 00  |..i.K....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 78 0f 3e c5 3c e9  |..........x.>.<.|
-00000050  39 5d 5c 7a 2c 16 f0 7f  b7 ca 3b 85 f3 ab f4 3d  |9]\z,.....;....=|
-00000060  ce df fd 6d 4d ad f4 89  38 ba                    |...mM...8.|
+00000010  00 00 00 00 00 f6 ff 38  da 12 09 78 fe de fb 0f  |.......8...x....|
+00000020  ea d3 5a d8 57 65 73 78  41 2d 0b 1b a4 8d f6 e7  |..Z.WesxA-......|
+00000030  ed 58 97 c9 ea 15 03 02  00 30 00 00 00 00 00 00  |.X.......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 7d 4a 10 43 93 8a  |..........}J.C..|
+00000050  6d d2 50 34 92 22 24 f6  7a 9a c4 1f 57 e8 6d f8  |m.P4."$.z...W.m.|
+00000060  74 c4 cb 8b e0 4d 99 dd  ce 0a                    |t....M....|
diff --git a/testdata/Client-TLSv11-ECDHE-RSA-AES b/testdata/Client-TLSv11-ECDHE-RSA-AES
index f15445e5..d0093da7 100644
--- a/testdata/Client-TLSv11-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv11-ECDHE-RSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 5d 02 00 00  59 03 02 87 2b b1 e5 7b  |....]...Y...+..{|
-00000010  0e 0d 78 af b9 41 3c 0b  5a 38 2f 40 6d 13 69 da  |..x..A<.Z8/@m.i.|
-00000020  3a d6 e5 62 ef 72 70 66  9d f0 f4 20 a4 e2 a1 a7  |:..b.rpf... ....|
-00000030  51 f7 7e 23 38 df 2e dd  0b 2f 87 a5 86 93 aa 9d  |Q.~#8..../......|
-00000040  0e aa 02 2b 42 31 cb 36  f3 6b 8e db c0 13 00 00  |...+B1.6.k......|
+00000000  16 03 02 00 5d 02 00 00  59 03 02 3d 12 00 a1 c0  |....]...Y..=....|
+00000010  6f b2 13 96 d8 c3 b6 4e  81 60 03 60 fa 9a 4b 54  |o......N.`.`..KT|
+00000020  a9 1d e3 e9 10 e6 8d 84  e3 af 76 20 7c 6d 5c 41  |..........v |m\A|
+00000030  f6 19 49 92 b0 d2 1d 74  22 5d 6a 3f c6 5e 77 c0  |..I....t"]j?.^w.|
+00000040  c4 bb 31 2d 62 8d 7b 5c  66 6d c4 94 c0 13 00 00  |..1-b.{\fm......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 02 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,38 +62,38 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 02 00 aa 0c 00 00  a6 03 00 1d 20 94 fa 9b  |............ ...|
-000002d0  b7 34 fd 4c f3 a7 12 a3  0f 6a a2 d2 c3 35 71 3a  |.4.L.....j...5q:|
-000002e0  fa 5c 7e aa ab 17 c9 bf  ae 29 a0 89 4e 00 80 26  |.\~......)..N..&|
-000002f0  6a cd b9 50 a0 61 19 60  c6 fd 58 69 11 7a 11 ac  |j..P.a.`..Xi.z..|
-00000300  16 1d 20 4a 28 4d 7a 9c  7a cb b7 a0 ac 90 3d 25  |.. J(Mz.z.....=%|
-00000310  dc a7 3d d0 5c d7 34 c4  a6 4c 47 73 8e 5a 1b 06  |..=.\.4..LGs.Z..|
-00000320  a5 2d e1 5e 04 d4 c6 31  2e 24 79 6c 0b df 67 3a  |.-.^...1.$yl..g:|
-00000330  f1 7c 5f c0 37 4a ec 1e  d2 32 7c 4f fa 9a d4 51  |.|_.7J...2|O...Q|
-00000340  be 2a 76 f2 74 78 b6 cf  22 d6 3d 16 1b ca 6b 9b  |.*v.tx..".=...k.|
-00000350  d9 9a 3f 65 e4 83 63 91  15 f1 c4 69 45 a3 d9 ab  |..?e..c....iE...|
-00000360  f5 d3 a9 0e 15 00 20 bb  43 20 a7 90 db c6 1d 16  |...... .C ......|
+000002c0  16 03 02 00 aa 0c 00 00  a6 03 00 1d 20 73 f2 57  |............ s.W|
+000002d0  12 5a 50 bb 9d 2d 14 f0  ca ee c1 41 bf da 9e 8e  |.ZP..-.....A....|
+000002e0  d5 a9 25 c3 84 07 e7 5c  35 87 8b 70 3d 00 80 d3  |..%....\5..p=...|
+000002f0  86 1b 82 48 5c 14 9b cf  e4 a0 2b 24 bc 8c ad e9  |...H\.....+$....|
+00000300  7c 1e 4f da c2 22 10 91  76 47 bc 9f 64 ca 1c 69  ||.O.."..vG..d..i|
+00000310  77 c0 c7 2c 50 ea 1a 07  d0 8c ec da aa ed 82 9d  |w..,P...........|
+00000320  a5 6c d6 27 05 f8 24 19  f9 d4 b1 c6 e3 0f 49 6f  |.l.'..$.......Io|
+00000330  e4 47 25 9a 36 f1 d3 ed  b1 b5 a0 cc 66 50 75 64  |.G%.6.......fPud|
+00000340  97 ee 3c 65 84 1b 62 f8  1a 8f 02 5a d4 2c 49 b3  |..<e..b....Z.,I.|
+00000350  3b c4 67 d4 20 58 f3 cc  1d f7 d1 f7 7b 2f bd 5f  |;.g. X......{/._|
+00000360  74 67 23 6c 37 9c 19 c5  a4 69 10 65 e4 4d 15 16  |tg#l7....i.e.M..|
 00000370  03 02 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
 00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 5e 93 f4  06 23 2b f4 7e d1 4f 6c  |.....^...#+.~.Ol|
-00000050  3e ad 67 fe 6c 33 42 e7  c0 ce 2b b9 38 0e ec 6e  |>.g.l3B...+.8..n|
-00000060  dc 78 d0 51 d9 57 ef 67  69 4e cd 51 52 9b 09 df  |.x.Q.W.giN.QR...|
-00000070  7e 8d ee cc f1                                    |~....|
+00000040  00 00 00 00 00 93 60 ad  fa 30 93 3e 31 6d 2c 0c  |......`..0.>1m,.|
+00000050  21 3d 6a 53 b1 51 f9 a9  1f 74 ee 42 7a 90 8a 08  |!=jS.Q...t.Bz...|
+00000060  9e a0 7f 42 19 c4 28 06  77 bb 32 c1 a0 0d ec 71  |...B..(.w.2....q|
+00000070  4f 20 89 c1 7d                                    |O ..}|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 22 ca 73 9e 54  |..........@".s.T|
-00000010  72 60 64 fd f2 29 fa a1  47 04 ca e7 27 db 82 a8  |r`d..)..G...'...|
-00000020  66 ed 3c 2b 8f 67 8e 09  1a 2d 24 3b 9e dc 8e 1e  |f.<+.g...-$;....|
-00000030  64 ba db a7 64 11 5a 6f  e6 29 cc ed 73 6c 13 b8  |d...d.Zo.)..sl..|
-00000040  40 44 5f d8 72 df 59 b8  a4 4f 7e                 |@D_.r.Y..O~|
+00000000  14 03 02 00 01 01 16 03  02 00 40 fb 97 d9 4a c6  |..........@...J.|
+00000010  10 21 6f 7b 77 ba e0 41  b2 50 d3 8c df 54 b1 9f  |.!o{w..A.P...T..|
+00000020  98 55 e7 0e fb bd 25 67  fb fb 5a 5c 86 b8 f0 17  |.U....%g..Z\....|
+00000030  2b 56 b3 81 21 45 58 98  38 63 24 0a ec aa 17 55  |+V..!EX.8c$....U|
+00000040  8c 46 67 a6 44 57 00 8d  49 83 28                 |.Fg.DW..I.(|
 >>> Flow 5 (client to server)
 00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 51 2f d5  ee 59 bc cc c2 73 15 e1  |.....Q/..Y...s..|
-00000020  15 cb 89 24 d8 7a 2c 2e  d9 9c 9f fc 2b 90 f6 28  |...$.z,.....+..(|
-00000030  fd e5 db 9b 0f 15 03 02  00 30 00 00 00 00 00 00  |.........0......|
-00000040  00 00 00 00 00 00 00 00  00 00 a1 7a 29 17 c3 33  |...........z)..3|
-00000050  87 e8 3a 81 97 ae df 40  97 fc 0b f4 6a 00 84 37  |..:....@....j..7|
-00000060  8c 68 d1 8e db a8 d3 04  93 60                    |.h.......`|
+00000010  00 00 00 00 00 e7 87 56  3d 84 0b 17 94 41 94 67  |.......V=....A.g|
+00000020  48 ff 0f e4 2d a9 1c 7a  68 fc 42 36 17 27 b0 66  |H...-..zh.B6.'.f|
+00000030  af 97 25 90 a2 15 03 02  00 30 00 00 00 00 00 00  |..%......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 55 a4 8a bc 52 98  |..........U...R.|
+00000050  07 3a dd 7a dc 4f 2c 8d  f2 1b f0 76 09 ca 88 36  |.:.z.O,....v...6|
+00000060  d4 fa f9 f4 b7 2e ce 6e  26 82                    |.......n&.|
diff --git a/testdata/Client-TLSv11-RSA-RC4 b/testdata/Client-TLSv11-RSA-RC4
index bb770e61..64b06a8f 100644
--- a/testdata/Client-TLSv11-RSA-RC4
+++ b/testdata/Client-TLSv11-RSA-RC4
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 02 00 55 02 00 00  51 03 02 fa ec 74 4b af  |....U...Q....tK.|
-00000010  f7 bb 7c 03 0a 35 f9 91  1e 62 c8 d7 9d b0 cc 29  |..|..5...b.....)|
-00000020  0c 67 f1 a9 c6 be ff aa  ee 45 2c 20 7e 02 45 29  |.g.......E, ~.E)|
-00000030  e8 01 2c 76 c9 49 9c bf  ca b7 0c b0 86 69 2a d0  |..,v.I.......i*.|
-00000040  34 59 2c 16 b1 bd 67 1a  e8 f9 97 3d 00 05 00 00  |4Y,...g....=....|
+00000000  16 03 02 00 55 02 00 00  51 03 02 3d a4 ea 71 81  |....U...Q..=..q.|
+00000010  c9 47 24 2b 53 22 83 07  df 5a 9e 76 ef ca d8 1b  |.G$+S"...Z.v....|
+00000020  1f 16 15 cd 7e e4 62 93  1e 5d a7 20 9d ac ea 5a  |....~.b..]. ...Z|
+00000030  9e e3 7c 14 94 9d 1b 9e  2a 7b 2d 80 55 85 2f 9e  |..|.....*{-.U./.|
+00000040  ed 17 20 79 66 a2 6c 88  81 cb b0 79 00 05 00 00  |.. yf.l....y....|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 02 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -74,15 +73,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 02 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 02 00 24 8b f8  3f ae 9d 41 27 8e 52 ca  |.....$..?..A'.R.|
-000000a0  75 8c 1b 76 fa 20 4f 7f  97 62 ac a6 85 33 71 32  |u..v. O..b...3q2|
-000000b0  34 8d 4b e3 d4 a1 a0 bc  9c 29                    |4.K......)|
+00000090  01 16 03 02 00 24 30 52  7f 8a 5c 3a 31 65 87 8c  |.....$0R..\:1e..|
+000000a0  9e 31 8f b1 22 15 ed af  99 6c 19 47 46 fd e1 3b  |.1.."....l.GF..;|
+000000b0  b3 f4 3a 5b d8 e5 a6 1a  7c 5e                    |..:[....|^|
 >>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 24 1d d6 e8 70 53  |..........$...pS|
-00000010  f2 9e 4f ce 5f 35 4e 8d  41 1f 78 9a 72 79 2b cc  |..O._5N.A.x.ry+.|
-00000020  17 cd 48 16 b0 69 8b 41  b7 5a c6 df ec f6 5d     |..H..i.A.Z....]|
+00000000  14 03 02 00 01 01 16 03  02 00 24 c1 5d da 6d 6e  |..........$.].mn|
+00000010  55 3e 70 a4 52 15 d9 ba  88 a1 b7 f0 40 71 09 fa  |U>p.R.......@q..|
+00000020  3f 00 6f 39 72 88 89 a1  3d cf 7a 7a 97 15 b7     |?.o9r...=.zz...|
 >>> Flow 5 (client to server)
-00000000  17 03 02 00 1a 69 a6 2b  fe 20 e2 2e e6 b2 ed 03  |.....i.+. ......|
-00000010  92 ae e0 ff 84 56 12 f3  60 01 92 c0 f3 0e 8f 15  |.....V..`.......|
-00000020  03 02 00 16 d1 05 c5 6f  f3 3c 18 63 2b 9c 68 39  |.......o.<.c+.h9|
-00000030  c4 45 90 f1 ef 3f e1 00  2f 78                    |.E...?../x|
+00000000  17 03 02 00 1a 56 ea a4  ed 0f 9d 98 3b 48 bc 76  |.....V......;H.v|
+00000010  35 3f fb 78 92 d9 ce ef  53 b2 ef a6 13 9a 4c 15  |5?.x....S.....L.|
+00000020  03 02 00 16 b5 41 d0 98  50 73 73 90 c0 fe ec 11  |.....A..Pss.....|
+00000030  ec 98 d5 fb 02 c0 11 11  29 1c                    |........).|
diff --git a/testdata/Client-TLSv12-AES128-GCM-SHA256 b/testdata/Client-TLSv12-AES128-GCM-SHA256
index 1db74434..33e01c14 100644
--- a/testdata/Client-TLSv12-AES128-GCM-SHA256
+++ b/testdata/Client-TLSv12-AES128-GCM-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 00 13 58 0b 7f  |....U...Q....X..|
-00000010  3c 39 9d df c9 4e 95 64  d5 9f 86 b0 8b 19 35 a2  |<9...N.d......5.|
-00000020  71 da 39 5b 14 a5 a4 fd  79 8b 02 20 bf a6 01 51  |q.9[....y.. ...Q|
-00000030  3e 8d 7a 68 ef 24 9a a1  92 d8 72 6a 71 0e c9 fa  |>.zh.$....rjq...|
-00000040  f9 03 36 ca 4b 8a fd 17  95 f5 53 e7 00 9c 00 00  |..6.K.....S.....|
+00000000  16 03 03 00 55 02 00 00  51 03 03 c5 da f3 88 41  |....U...Q......A|
+00000010  ed 43 a7 4e 49 ad db 74  04 c6 fb c2 13 49 86 14  |.C.NI..t.....I..|
+00000020  fd d0 e1 7a ab d3 df 65  62 c6 1f 20 29 1a 03 bf  |...z...eb.. )...|
+00000030  10 35 3c 58 36 fd 4d 7a  7d dc f1 fd be d0 c6 b5  |.5<X6.Mz}.......|
+00000040  e1 b8 bf a8 f3 b5 31 43  32 37 02 73 00 9c 00 00  |......1C27.s....|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -74,17 +73,17 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 07 7c  |.....(.........||
-000000a0  26 b4 f3 ba 9c 22 69 af  a3 77 5f a3 59 9c b7 58  |&...."i..w_.Y..X|
-000000b0  90 e2 de e3 4f ab b6 2a  08 f4 63 14 9e 5f        |....O..*..c.._|
+00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 2c 46  |.....(........,F|
+000000a0  31 d0 81 b9 6e 55 b0 5b  7b 15 a0 27 da e2 d7 71  |1...nU.[{..'...q|
+000000b0  f4 d0 83 6c 98 d9 75 e2  f4 4c 61 0b fe 3c        |...l..u..La..<|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 d1 2c 6c a6 ff  |..........(.,l..|
-00000010  35 08 ad e8 3d cd f4 71  1c f7 62 97 44 c5 41 26  |5...=..q..b.D.A&|
-00000020  a4 ff a6 eb 63 e7 45 b1  31 3e ea 0e 33 b4 1d 4a  |....c.E.1>..3..J|
-00000030  9b 1f 87                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 e5 b5 71 5d e0  |..........(..q].|
+00000010  c8 9a 75 4c 6e 72 4e a2  5f f9 b4 9f f4 40 a0 de  |..uLnrN._....@..|
+00000020  73 48 9c 01 f3 0b 78 91  5f 85 29 9c 51 dc 77 bc  |sH....x._.).Q.w.|
+00000030  c0 32 42                                          |.2B|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 6f ba 97  |.............o..|
-00000010  a1 bb 88 f8 58 ce b3 81  94 20 97 f0 cd 79 5f 9e  |....X.... ...y_.|
-00000020  3d 3f b5 15 03 03 00 1a  00 00 00 00 00 00 00 02  |=?..............|
-00000030  8e 92 d4 4f a2 0e e5 69  e5 9a 7f 7d da 93 54 5c  |...O...i...}..T\|
-00000040  6e 4d                                             |nM|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 9e 81 42  |...............B|
+00000010  90 9e ab a2 29 b3 f7 a6  31 45 5f a4 2e d5 52 f7  |....)...1E_...R.|
+00000020  72 8b 3b 15 03 03 00 1a  00 00 00 00 00 00 00 02  |r.;.............|
+00000030  96 5a f4 de 37 1b 2c f1  8d 90 91 17 6f 81 90 7f  |.Z..7.,.....o...|
+00000040  e7 9d                                             |..|
diff --git a/testdata/Client-TLSv12-AES128-SHA256 b/testdata/Client-TLSv12-AES128-SHA256
index 57fbc75c..b373f27a 100644
--- a/testdata/Client-TLSv12-AES128-SHA256
+++ b/testdata/Client-TLSv12-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 84 b7 a9 d5 83  |....U...Q.......|
-00000010  f6 80 cf 15 58 39 5a 3b  4b f1 6d 2a 86 8b 92 ed  |....X9Z;K.m*....|
-00000020  f8 fb e0 16 c1 2c 94 3a  eb 69 c4 20 e1 b7 43 24  |.....,.:.i. ..C$|
-00000030  e7 9c 69 47 60 48 b0 8b  2b 0b 52 2a 8b 8b 5b 1f  |..iG`H..+.R*..[.|
-00000040  67 12 f6 94 46 c5 b1 53  73 29 f9 d6 00 3c 00 00  |g...F..Ss)...<..|
+00000000  16 03 03 00 55 02 00 00  51 03 03 eb c3 6e 78 2e  |....U...Q....nx.|
+00000010  9f 47 ec 9d 0e bc 8d 49  d2 46 11 75 5e 50 a5 07  |.G.....I.F.u^P..|
+00000020  0a 99 90 34 34 2d 81 75  1b f4 ca 20 fb 28 c1 8c  |...44-.u... .(..|
+00000030  55 27 36 be 4e d1 c7 ee  e8 b3 2a eb 7a be f1 2a  |U'6.N.....*.z..*|
+00000040  fc 81 df d8 5b c2 1f 1e  7b 47 0f 06 00 3c 00 00  |....[...{G...<..|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -75,25 +74,25 @@
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
 00000090  01 16 03 03 00 50 00 00  00 00 00 00 00 00 00 00  |.....P..........|
-000000a0  00 00 00 00 00 00 46 00  2f ca 25 2b 92 37 79 de  |......F./.%+.7y.|
-000000b0  88 56 36 da ea 43 78 d7  51 72 53 c1 8b ae 33 3a  |.V6..Cx.QrS...3:|
-000000c0  d2 93 57 08 a1 14 22 5b  5b 33 fe 7c 13 33 17 d6  |..W..."[[3.|.3..|
-000000d0  ef 3b be e6 1c ee 09 c0  5e 86 89 9d 50 e2 e9 b3  |.;......^...P...|
-000000e0  3b 09 4c 70 f8 eb                                 |;.Lp..|
+000000a0  00 00 00 00 00 00 ee 37  21 73 05 93 63 ca 4f 0e  |.......7!s..c.O.|
+000000b0  e2 29 7f 90 6f 3a aa 52  a0 e0 71 97 5f f9 66 cf  |.)..o:.R..q._.f.|
+000000c0  06 19 09 51 03 5f 2e 0c  57 26 42 15 ef 8f 4e a9  |...Q._..W&B...N.|
+000000d0  c4 97 95 0a d1 ce 30 2c  bf 7a 85 4b a9 d0 a9 e0  |......0,.z.K....|
+000000e0  64 11 1a dc 48 1d                                 |d...H.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 3a 02 c0 c9 cd  |..........P:....|
-00000010  98 d0 dc ec 0a 58 cf a2  c2 f2 0b b2 5a 2c 9b 6e  |.....X......Z,.n|
-00000020  30 d2 98 0e 8f 9b b5 9f  1e e2 5f 0c bd 2b ce f8  |0........._..+..|
-00000030  08 c9 c1 fe 98 a5 5b ca  be 07 81 85 56 bc f4 a3  |......[.....V...|
-00000040  05 40 48 5b 76 ac 75 14  46 1a 8a 7f e4 ff 4e 76  |.@H[v.u.F.....Nv|
-00000050  8f db 76 19 a5 e3 75 e6  ca 1c 14                 |..v...u....|
+00000000  14 03 03 00 01 01 16 03  03 00 50 58 d1 09 93 e9  |..........PX....|
+00000010  97 c1 cc c3 db 1d 65 d8  97 35 c1 b4 3f 9f a0 00  |......e..5..?...|
+00000020  9f 81 2a 81 61 b5 51 9f  ec 15 94 d0 86 0f a1 70  |..*.a.Q........p|
+00000030  e9 90 59 dd 16 d3 e7 33  21 b7 d8 6e 4b a8 fd fb  |..Y....3!..nK...|
+00000040  dd 98 78 95 16 44 f8 da  bd e3 e2 3f f0 e1 d9 39  |..x..D.....?...9|
+00000050  c0 2e 0d c4 fe a5 ac 41  66 2d f3                 |.......Af-.|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 02 7a 3c  00 71 20 c9 5a 3a 94 ff  |......z<.q .Z:..|
-00000020  ed a9 a1 c9 cd 7a ec 10  96 5d b9 78 2b ff 9a d4  |.....z...].x+...|
-00000030  2d 5c a2 b5 b1 4d f8 22  b8 70 2b 7e 8d 07 13 62  |-\...M.".p+~...b|
-00000040  b2 23 e8 ff a6 15 03 03  00 40 00 00 00 00 00 00  |.#.......@......|
-00000050  00 00 00 00 00 00 00 00  00 00 f6 61 2f e6 18 fb  |...........a/...|
-00000060  dc ed 53 14 e3 a1 6e 22  2d e4 22 c9 a5 d2 cb e8  |..S...n"-.".....|
-00000070  89 35 4b e5 89 b8 20 44  1b 79 cc 83 41 42 a5 4f  |.5K... D.y..AB.O|
-00000080  38 be f4 20 c5 e6 2b 11  ad 3a                    |8.. ..+..:|
+00000010  00 00 00 00 00 2f d9 4b  fc 22 0f 20 dd 2c 20 83  |...../.K.". ., .|
+00000020  bd f0 49 5b bc 57 55 bc  fb 41 13 79 a7 19 4d e3  |..I[.WU..A.y..M.|
+00000030  71 66 ce b5 77 35 9c 54  86 0e fc 21 d6 9e c4 66  |qf..w5.T...!...f|
+00000040  ee 95 3f 0a d5 15 03 03  00 40 00 00 00 00 00 00  |..?......@......|
+00000050  00 00 00 00 00 00 00 00  00 00 54 25 cd 1a 0a d4  |..........T%....|
+00000060  7b a4 ce f1 62 c8 8f 62  af 93 8e 0e e8 fd ef 55  |{...b..b.......U|
+00000070  1d 47 a4 ac 1c 80 25 6f  c4 a2 51 11 84 e9 63 cb  |.G....%o..Q...c.|
+00000080  db d8 e6 bf 2c 89 4e 1a  d4 11                    |....,.N...|
diff --git a/testdata/Client-TLSv12-AES256-GCM-SHA384 b/testdata/Client-TLSv12-AES256-GCM-SHA384
index bedeedbb..9920621b 100644
--- a/testdata/Client-TLSv12-AES256-GCM-SHA384
+++ b/testdata/Client-TLSv12-AES256-GCM-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 ac 7e 0f a7 bc  |....U...Q...~...|
-00000010  e5 97 51 ac d1 a3 f4 e1  a4 a9 b3 52 08 ab cf cd  |..Q........R....|
-00000020  0a 2a 22 89 6e 7d c4 d4  4f 44 99 20 0f 86 62 46  |.*".n}..OD. ..bF|
-00000030  47 98 ce fc 9f ba ba 92  bf 17 dc 94 6f b4 05 ac  |G...........o...|
-00000040  81 87 89 14 c5 e1 c5 30  49 45 cf 7b 00 9d 00 00  |.......0IE.{....|
+00000000  16 03 03 00 55 02 00 00  51 03 03 9f 42 e3 1b 5f  |....U...Q...B.._|
+00000010  00 d9 00 0a a5 fa 6d 63  95 11 d2 5a ff 51 b0 f8  |......mc...Z.Q..|
+00000020  bc a9 7f 18 3c 8d d7 38  d5 e8 2d 20 be 5b 08 a0  |....<..8..- .[..|
+00000030  2f 7b 50 d9 06 0c bf 7c  2d cc f0 39 3a 90 e4 e7  |/{P....|-..9:...|
+00000040  9c 27 9b 88 ea ff c0 51  f8 79 cd b9 00 9d 00 00  |.'.....Q.y......|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -74,17 +73,17 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 2a f2  |.....(........*.|
-000000a0  d8 f8 66 9b 53 99 66 59  83 4b 37 25 44 61 d8 c3  |..f.S.fY.K7%Da..|
-000000b0  ef 7f 3e be 62 9c a0 3a  61 43 0c 87 04 4c        |..>.b..:aC...L|
+00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 0e dd  |.....(..........|
+000000a0  10 e6 7a dd b2 02 5c 0d  0c 73 b4 f1 a1 89 85 95  |..z...\..s......|
+000000b0  91 a9 e4 7a 47 49 9a 52  96 77 93 0b cc 74        |...zGI.R.w...t|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 7a 45 6a 5b 2a  |..........(zEj[*|
-00000010  06 e8 c8 f5 57 07 ee 91  dd f7 33 60 be f1 65 fb  |....W.....3`..e.|
-00000020  8f 3d 48 3c b2 a0 7c 30  30 b1 98 01 de 35 d2 5f  |.=H<..|00....5._|
-00000030  cb 0c de                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 72 c3 d3 ad 10  |..........(r....|
+00000010  71 48 c4 32 9b 24 ac c0  a4 88 db 35 e9 be fe 34  |qH.2.$.....5...4|
+00000020  ee 9a bb 5a a5 90 b6 ec  31 9a bc 4c 56 e2 e6 d5  |...Z....1..LV...|
+00000030  f9 2b 93                                          |.+.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 13 f4 b8  |................|
-00000010  b3 95 de d6 9b b3 8e 27  6f 36 dc a4 0d ab 7d 63  |.......'o6....}c|
-00000020  35 73 a4 15 03 03 00 1a  00 00 00 00 00 00 00 02  |5s..............|
-00000030  9d 64 e3 e6 8f a7 22 ab  82 2f 60 0a 2a 5f fc 39  |.d...."../`.*_.9|
-00000040  90 93                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 ed af c7  |................|
+00000010  74 44 64 5d e3 1b 0c d4  bd a1 7e 7e 87 10 8d bc  |tDd]......~~....|
+00000020  26 db e8 15 03 03 00 1a  00 00 00 00 00 00 00 02  |&...............|
+00000030  42 6b 3e 59 c5 e4 e5 5b  53 0f fe d9 3f 0c 5c f0  |Bk>Y...[S...?.\.|
+00000040  67 d5                                             |g.|
diff --git a/testdata/Client-TLSv12-ALPN b/testdata/Client-TLSv12-ALPN
index 0cba50bd..6686f6e9 100644
--- a/testdata/Client-TLSv12-ALPN
+++ b/testdata/Client-TLSv12-ALPN
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 30 01 00 01  2c 03 03 00 00 00 00 00  |....0...,.......|
+00000000  16 03 01 01 2c 01 00 01  28 03 03 00 00 00 00 00  |....,...(.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,24 +7,24 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 b1 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 ad 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 10 00 10 00 0e  |................|
-000000f0  06 70 72 6f 74 6f 32 06  70 72 6f 74 6f 31 00 2b  |.proto2.proto1.+|
-00000100  00 09 08 03 04 03 03 03  02 03 01 00 33 00 26 00  |............3.&.|
-00000110  24 00 1d 00 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |$... /.}.G.bC.(.|
-00000120  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
-00000130  5f 58 cb 3b 74                                    |_X.;t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 10  00 10 00 0e 06 70 72 6f  |.............pro|
+000000f0  74 6f 32 06 70 72 6f 74  6f 31 00 2b 00 09 08 03  |to2.proto1.+....|
+00000100  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000110  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000120  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000130  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 6a 02 00 00  66 03 03 d7 20 92 e0 ec  |....j...f... ...|
-00000010  a0 c3 77 d9 a8 c8 fe 8f  df 7d ab 20 c4 e9 50 bd  |..w......}. ..P.|
-00000020  9c dc 33 4f ca 0b b1 b1  f4 93 cc 20 d7 5d 8b 7e  |..3O....... .].~|
-00000030  7e 45 21 86 05 21 77 d0  ed 6a 1c 5a f3 60 06 38  |~E!..!w..j.Z.`.8|
-00000040  43 de 49 df 9a 43 60 52  47 57 98 29 cc a8 00 00  |C.I..C`RGW.)....|
+00000000  16 03 03 00 6a 02 00 00  66 03 03 37 57 f9 cb 6a  |....j...f..7W..j|
+00000010  dc 6c e2 4b 1d 74 93 8e  e1 1a 05 e7 fd 8d 29 57  |.l.K.t........)W|
+00000020  5e b4 fc 9a ba 7d df de  56 cc e7 20 57 f3 1a b0  |^....}..V.. W...|
+00000030  20 cd ac a1 e3 93 b9 79  f5 1c ce d2 d1 24 da fc  | ......y.....$..|
+00000040  88 97 25 fb 36 72 75 bb  cc a3 2a 79 cc a8 00 00  |..%.6ru...*y....|
 00000050  1e ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 10  |................|
 00000060  00 09 00 07 06 70 72 6f  74 6f 31 00 17 00 00 16  |.....proto1.....|
 00000070  03 03 02 59 0b 00 02 55  00 02 52 00 02 4f 30 82  |...Y...U..R..O0.|
@@ -65,31 +65,31 @@
 000002a0  43 77 8d 0c 1c f1 0f a1  d8 40 83 61 c9 4c 72 2b  |Cw.......@.a.Lr+|
 000002b0  9d ae db 46 06 06 4d f4  c1 b3 3e c0 d1 bd 42 d4  |...F..M...>...B.|
 000002c0  db fe 3d 13 60 84 5c 21  d3 3b e9 fa e7 16 03 03  |..=.`.\!.;......|
-000002d0  00 ac 0c 00 00 a8 03 00  1d 20 6c a6 83 3b fe d9  |......... l..;..|
-000002e0  f9 da 88 13 dc 34 f4 01  d4 49 a7 43 80 d7 e2 cf  |.....4...I.C....|
-000002f0  1d c9 eb 94 5a 6d 85 b5  1d 7c 08 04 00 80 d2 21  |....Zm...|.....!|
-00000300  1b 9a f4 26 ac 76 28 68  63 68 fe b5 9b e2 16 bb  |...&.v(hch......|
-00000310  fd a5 b7 85 3c f8 f9 da  49 d7 4f 62 c0 af 75 08  |....<...I.Ob..u.|
-00000320  47 3b 3a 48 26 c3 8e 13  25 08 1d 77 ce eb 30 e9  |G;:H&...%..w..0.|
-00000330  b4 2e cc 94 ca 8d b4 60  c6 92 ce 57 ba 1e 46 59  |.......`...W..FY|
-00000340  f6 76 61 da f2 59 79 da  87 08 22 1d 5a e9 1a b8  |.va..Yy...".Z...|
-00000350  9d 31 0f d9 db ab 49 80  d9 5c 20 ab ef 9e e1 4d  |.1....I..\ ....M|
-00000360  0c 69 9b 41 f2 dd 4d e9  ee ff d3 40 47 88 64 76  |.i.A..M....@G.dv|
-00000370  69 8e 3a a1 e0 68 00 6d  2f 95 b6 f9 64 12 16 03  |i.:..h.m/...d...|
+000002d0  00 ac 0c 00 00 a8 03 00  1d 20 27 fd a6 7d 32 28  |......... '..}2(|
+000002e0  d2 44 43 d5 2a 95 3b e2  7e 77 5a d2 66 87 4a 92  |.DC.*.;.~wZ.f.J.|
+000002f0  12 56 ba 40 3e 09 43 b4  90 02 08 04 00 80 8b e9  |.V.@>.C.........|
+00000300  93 0c 5e 72 b8 a8 49 1c  c3 b7 fc 39 af 58 9c 3a  |..^r..I....9.X.:|
+00000310  27 b6 20 23 9a 5d 35 0e  dd 21 da 1b be 34 32 23  |'. #.]5..!...42#|
+00000320  76 2e c8 9e 3d c8 e5 9e  cd 04 11 a9 be 97 52 53  |v...=.........RS|
+00000330  81 b6 01 fc 60 5d 0d dd  0d ba 05 a6 15 3b 29 4e  |....`].......;)N|
+00000340  88 a0 69 b9 c2 46 d9 c2  6d 17 b2 d0 c0 ee de f9  |..i..F..m.......|
+00000350  94 fe 25 31 66 df 72 7d  02 77 a6 2c a6 ad da eb  |..%1f.r}.w.,....|
+00000360  dc 4b ea d4 5b 0a d4 e6  c8 89 15 cf 3f 81 58 20  |.K..[.......?.X |
+00000370  0f 83 2f e1 db a1 cc a7  e1 61 79 7d 14 4b 16 03  |../......ay}.K..|
 00000380  03 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 d5 b6 10  b8 32 7d da 84 25 2b 18  |.... ....2}..%+.|
-00000040  78 a4 e3 6b 34 de b2 83  b6 94 12 f9 d2 9a 27 e5  |x..k4.........'.|
-00000050  ff ef a2 00 50                                    |....P|
+00000030  16 03 03 00 20 50 e7 36  59 68 f6 0f cd b0 cc ae  |.... P.6Yh......|
+00000040  bc 18 23 d3 c0 fb c9 41  49 91 ec 8f cd f0 69 84  |..#....AI.....i.|
+00000050  49 3c 68 6e 05                                    |I<hn.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 91 63 26 79 f6  |.......... .c&y.|
-00000010  6f fc 51 93 c5 9b e9 10  2e 80 f0 5f 6f 49 b8 a5  |o.Q........_oI..|
-00000020  53 d9 a6 2a 4a ec 4c 50  9f 1b 98                 |S..*J.LP...|
+00000000  14 03 03 00 01 01 16 03  03 00 20 84 30 04 4f 3e  |.......... .0.O>|
+00000010  72 f6 d8 6a dc ae fb 55  82 69 8e a3 77 c2 1f 27  |r..j...U.i..w..'|
+00000020  88 14 5b 8d 10 79 4c 6a  41 3e e5                 |..[..yLjA>.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 96 3e 1b  61 d9 00 1a e4 dc 49 cc  |......>.a.....I.|
-00000010  09 f8 b3 3e 21 c6 df 74  e2 6b a0 15 03 03 00 12  |...>!..t.k......|
-00000020  35 41 fc 32 06 30 3b ad  17 a4 19 3c 06 f9 59 e0  |5A.2.0;....<..Y.|
-00000030  d2 02                                             |..|
+00000000  17 03 03 00 16 03 a8 d7  eb 5d 79 60 d4 65 1d c1  |.........]y`.e..|
+00000010  2b 32 b5 c3 fb b2 2f 10  83 4e 39 15 03 03 00 12  |+2..../..N9.....|
+00000020  90 eb 89 fc e7 4c a2 94  02 33 b3 0e 72 6e bc 4e  |.....L...3..rn.N|
+00000030  d4 e7                                             |..|
diff --git a/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
index b3496ced..784e95f8 100644
--- a/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
+++ b/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 c9 60 0f c9 c7  |....]...Y...`...|
-00000010  84 d4 8c 7b e8 33 a1 e2  cc 15 9b 13 21 e6 ff 3a  |...{.3......!..:|
-00000020  72 2a d2 6b 18 bd 7b aa  4c 95 7f 20 f2 dd 03 c8  |r*.k..{.L.. ....|
-00000030  a9 e6 f0 20 b4 72 81 71  ea 10 ca b1 9f 4b 86 96  |... .r.q.....K..|
-00000040  27 b5 d4 6a 6a 35 2f d5  5a f6 75 96 c0 09 00 00  |'..jj5/.Z.u.....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 4a 0b 4d 4a 05  |....]...Y..J.MJ.|
+00000010  a0 5b ca 5d 65 4f f7 7e  82 3c 54 1d a3 42 64 7c  |.[.]eO.~.<T..Bd||
+00000020  60 9a 09 8d 73 5e 86 5d  69 c5 c2 20 f9 43 f4 ed  |`...s^.]i.. .C..|
+00000030  73 ef bf 23 10 c0 25 09  3d e2 d0 89 32 cd 2a 20  |s..#..%.=...2.* |
+00000040  46 56 31 31 59 56 53 81  61 70 a7 ae c0 09 00 00  |FV11YVS.ap......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,23 +57,23 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 fc dd 1d af 2f 7d  77 03 42 8b e4 01 fd 0c  |. ..../}w.B.....|
-00000290  82 3b f8 16 d7 15 cc ce  97 b4 6b ab 78 b6 c4 d5  |.;........k.x...|
-000002a0  78 0a 04 03 00 8a 30 81  87 02 42 01 b1 31 15 d3  |x.....0...B..1..|
-000002b0  f9 0d 44 57 cc d7 d3 a8  08 91 19 ac fd 6d cf f3  |..DW.........m..|
-000002c0  59 87 59 d5 a3 9b 9f 41  0c a6 9d 2f 30 df 97 2c  |Y.Y....A.../0..,|
-000002d0  e5 04 58 a4 06 b6 67 ba  19 84 5e c5 28 cd a6 29  |..X...g...^.(..)|
-000002e0  c7 56 78 ba b5 4f d6 95  34 4c 5f e9 b7 02 41 30  |.Vx..O..4L_...A0|
-000002f0  cb d1 6b 75 7a 78 62 06  13 76 49 a7 cb 05 d1 1d  |..kuzxb..vI.....|
-00000300  14 79 39 e8 80 57 0c ba  52 41 ba 4d c1 82 3b 94  |.y9..W..RA.M..;.|
-00000310  d2 0f 0c 90 9b fa 32 03  7a 53 b5 c9 6b bc 3d 0e  |......2.zS..k.=.|
-00000320  01 2d b2 ca d3 0e b4 45  1a b3 ec 07 b8 ad 28 03  |.-.....E......(.|
-00000330  16 03 03 00 3a 0d 00 00  36 03 01 02 40 00 2e 04  |....:...6...@...|
-00000340  03 05 03 06 03 08 07 08  08 08 09 08 0a 08 0b 08  |................|
-00000350  04 08 05 08 06 04 01 05  01 06 01 03 03 02 03 03  |................|
-00000360  01 02 01 03 02 02 02 04  02 05 02 06 02 00 00 16  |................|
-00000370  03 03 00 04 0e 00 00 00                           |........|
+00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
+00000280  1d 20 b8 ef 9c cd 47 a4  e9 1e e6 02 d5 40 12 95  |. ....G......@..|
+00000290  0e da 1d 8f 2a 4f a6 9f  95 f9 1a 2a 1c ce 3c 32  |....*O.....*..<2|
+000002a0  2b 4e 04 03 00 8b 30 81  88 02 42 00 c2 7d 24 9c  |+N....0...B..}$.|
+000002b0  b8 9c b1 69 fc 53 e9 ae  2c 07 39 23 d3 56 c8 96  |...i.S..,.9#.V..|
+000002c0  e1 5e a9 a6 6b 18 33 f0  f9 50 29 65 2e dd 2b df  |.^..k.3..P)e..+.|
+000002d0  4e 58 67 ee 85 b3 da 8d  28 a1 7a 9f 59 df ae 10  |NXg.....(.z.Y...|
+000002e0  31 d2 1b 6b 59 6d b9 24  16 79 66 49 7c 02 42 00  |1..kYm.$.yfI|.B.|
+000002f0  bd a3 f5 56 db 00 b1 27  63 79 cb 1b 40 b2 e9 90  |...V...'cy..@...|
+00000300  26 9f 44 53 ff fb 68 59  10 42 56 f2 36 fc 96 6a  |&.DS..hY.BV.6..j|
+00000310  a0 37 0e a3 77 5e 4c 0d  7b b6 e3 b5 b5 5b 2e d8  |.7..w^L.{....[..|
+00000320  6f 99 6b af 84 57 9c 14  35 aa 09 23 11 08 83 3a  |o.k..W..5..#...:|
+00000330  63 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |c....:...6...@..|
+00000340  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
+00000350  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
+00000360  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
+00000370  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
 00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
@@ -111,32 +110,32 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 92 0f 00  |...._X.;t.......|
-00000240  00 8e 04 03 00 8a 30 81  87 02 41 5f 38 d1 e6 8e  |......0...A_8...|
-00000250  cd f7 6b 2e 50 d9 e5 40  3a ba e7 67 5d a9 5a 83  |..k.P..@:..g].Z.|
-00000260  c1 9e 45 e7 c2 bc f6 a2  c0 d8 3e ca f6 48 44 72  |..E.......>..HDr|
-00000270  8b c6 e6 24 e4 aa 90 ff  81 10 c5 86 08 64 d4 30  |...$.........d.0|
-00000280  e7 27 e2 9b 66 b9 c8 30  3b 3d 61 51 02 42 01 3b  |.'..f..0;=aQ.B.;|
-00000290  a1 0b 55 d0 2b 23 90 0c  5a 14 9b f4 2b 04 f4 b3  |..U.+#..Z...+...|
-000002a0  b1 9d 6f 86 17 67 3d c1  9d 64 e6 d7 c6 54 eb 99  |..o..g=..d...T..|
-000002b0  51 83 df c9 df 41 48 b8  bc 8f 6c c9 bc 0a 36 0f  |Q....AH...l...6.|
-000002c0  c9 34 70 3a d5 82 5e 42  4f 22 64 23 33 fc e2 d3  |.4p:..^BO"d#3...|
-000002d0  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-000002e0  00 00 00 00 00 00 00 00  00 00 00 13 d5 c1 91 72  |...............r|
-000002f0  5e 32 35 1d c1 a2 d2 62  80 16 71 ea f9 67 d5 8d  |^25....b..q..g..|
-00000300  1d 98 a5 87 15 1b 7e 2a  80 a7 08 a2 c1 82 79 d2  |......~*......y.|
-00000310  60 e3 d5 8f 0b 9b 43 4f  88 09 7d                 |`.....CO..}|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 93 0f 00  |...._X.;t.......|
+00000240  00 8f 04 03 00 8b 30 81  88 02 42 01 dd bf fd e0  |......0...B.....|
+00000250  db 99 16 0b f0 bc a9 4b  93 10 d9 59 06 d2 eb 30  |.......K...Y...0|
+00000260  dc b1 44 69 1d 54 2d 9b  b4 a4 c9 3a f8 d8 9d 2e  |..Di.T-....:....|
+00000270  36 71 3e ff aa 05 98 8a  27 00 dd 65 6a 15 b7 c9  |6q>.....'..ej...|
+00000280  fe 1d 4d 45 02 58 09 4f  38 ea cd 88 3c 02 42 00  |..ME.X.O8...<.B.|
+00000290  a6 27 a5 d7 e7 9e 66 7e  f8 38 37 03 7b 6d df c4  |.'....f~.87.{m..|
+000002a0  81 6a 59 af 5b c7 06 2e  57 e9 8f 8d 1f 9c 9d 94  |.jY.[...W.......|
+000002b0  70 4c 74 ed 03 24 3d df  35 51 a1 76 a7 8f 9b 40  |pLt..$=.5Q.v...@|
+000002c0  16 c6 4f 0e 49 95 34 20  22 dc 5c ce 1d c0 ed bf  |..O.I.4 ".\.....|
+000002d0  f4 14 03 03 00 01 01 16  03 03 00 40 00 00 00 00  |...........@....|
+000002e0  00 00 00 00 00 00 00 00  00 00 00 00 b7 d5 df bf  |................|
+000002f0  2b 32 a9 9e e4 78 40 84  ca c9 7d 54 4e 38 89 3b  |+2...x@...}TN8.;|
+00000300  0f 83 23 42 75 95 6e 4d  70 d4 b6 5a 1a 26 dd bb  |..#Bu.nMp..Z.&..|
+00000310  37 4a 85 88 ab 60 ba 3c  19 bd 02 79              |7J...`.<...y|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 8a f4 68 76 16  |..........@..hv.|
-00000010  0d 13 09 2a e5 3f 25 87  0f ce 03 96 2a 86 58 41  |...*.?%.....*.XA|
-00000020  7a 40 ec 65 ff c5 64 c1  62 6e ae 1d bf b6 4e dd  |z@.e..d.bn....N.|
-00000030  f6 be 55 56 ba 43 b3 c5  3a 6f 35 e6 73 59 63 87  |..UV.C..:o5.sYc.|
-00000040  fd 10 64 b1 94 e3 a9 b7  2d e0 94                 |..d.....-..|
+00000000  14 03 03 00 01 01 16 03  03 00 40 07 8e 16 c5 c2  |..........@.....|
+00000010  e1 e5 32 41 2d 8b 3c fb  2e 3e b2 84 89 56 4d b5  |..2A-.<..>...VM.|
+00000020  1c bd 1e a5 11 a1 b0 18  29 ce eb 46 f8 11 ff dc  |........)..F....|
+00000030  c0 cc ed 5a 38 33 5a 8f  48 df bf e9 8e 09 be b0  |...Z83Z.H.......|
+00000040  9d 70 85 f7 71 f5 1e 5c  aa 6f 88                 |.p..q..\.o.|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 15 82 4f  fa 8d ce 67 fd 63 bb 74  |.......O...g.c.t|
-00000020  98 2f 77 fc 5b 43 70 4d  15 cf 5b 2b 45 ae e7 b3  |./w.[CpM..[+E...|
-00000030  d0 dd ae 4b 27 15 03 03  00 30 00 00 00 00 00 00  |...K'....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 d2 ce b2 c5 1a 62  |...............b|
-00000050  06 9c c1 1e 6f 1e b7 6e  18 5e 74 45 be 10 b7 69  |....o..n.^tE...i|
-00000060  6d da 09 65 3c 38 a5 3d  f1 0a                    |m..e<8.=..|
+00000010  00 00 00 00 00 37 b7 99  22 eb 67 a0 32 57 76 b5  |.....7..".g.2Wv.|
+00000020  53 86 fc 5b 79 c5 4a 4f  3a 6b a9 0f d8 c8 30 de  |S..[y.JO:k....0.|
+00000030  0a 5b 9b af e2 15 03 03  00 30 00 00 00 00 00 00  |.[.......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 57 9c 4b ca 83 a3  |..........W.K...|
+00000050  c0 3a 52 71 24 f5 b1 37  1e 4d c1 5a 2d 29 1c 90  |.:Rq$..7.M.Z-)..|
+00000060  9b 96 cf 1e 07 39 f1 1b  03 2b                    |.....9...+|
diff --git a/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
index 7356bfeb..c20bd95d 100644
--- a/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
+++ b/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 26 62 0d 9d 45  |....]...Y..&b..E|
-00000010  3d 25 b7 ed ec ce b8 d6  8f fd a6 68 0b 07 05 28  |=%.........h...(|
-00000020  d4 2a 9c d9 cf bf e9 a0  92 71 6f 20 18 af a0 13  |.*.......qo ....|
-00000030  72 10 57 69 cf 63 db 73  c4 44 b8 a9 27 cd 9a a0  |r.Wi.c.s.D..'...|
-00000040  3b be f1 57 ef 10 19 80  0b c0 51 94 c0 2f 00 00  |;..W......Q../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 48 41 85 3e fc  |....]...Y..HA.>.|
+00000010  9f e7 b6 84 da fe 2f a7  1d e9 ba 12 4e a1 cf cb  |....../.....N...|
+00000020  9e f8 df 76 7c e7 29 c1  3b 9e 23 20 07 c9 55 c7  |...v|.).;.# ..U.|
+00000030  0e 45 5c 26 17 94 b4 14  6b 58 39 27 43 4e dc 9b  |.E\&....kX9'CN..|
+00000040  65 30 0e f2 bd 59 d9 a2  a1 f3 0a 01 c0 2f 00 00  |e0...Y......./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,18 +62,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 22 fe 67  |............ ".g|
-000002d0  48 d3 90 04 ee 7d c2 2a  6d 9f 3a 36 3c b2 f8 14  |H....}.*m.:6<...|
-000002e0  24 76 54 5a ae ed 2f 62  fc 76 e0 00 07 08 04 00  |$vTZ../b.v......|
-000002f0  80 6d 8b e6 52 be ed 40  b8 b1 51 53 94 08 93 76  |.m..R..@..QS...v|
-00000300  9b 84 06 66 60 b9 be a8  f1 bb 5d fa 81 42 28 8e  |...f`.....]..B(.|
-00000310  aa ce 72 9f df a3 53 2d  c9 6d 34 10 78 36 da 33  |..r...S-.m4.x6.3|
-00000320  09 0c a0 5e ea 56 2e 6f  62 fc 3c 5e 5b 6d 97 c9  |...^.V.ob.<^[m..|
-00000330  39 1b 3c eb 6d 1f 0a b5  02 06 6d 9e 99 24 14 ee  |9.<.m.....m..$..|
-00000340  f9 55 cc 4d 7f 77 0c 58  2c 59 0f a4 66 4b 81 b4  |.U.M.w.X,Y..fK..|
-00000350  d9 e4 f6 24 4f ba 05 83  6c c3 6c 2f 5e 74 42 09  |...$O...l.l/^tB.|
-00000360  b3 be d1 c9 6a c8 a6 34  5c bc 36 65 58 cd 02 ae  |....j..4\.6eX...|
-00000370  16 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 73 d3 a9  |............ s..|
+000002d0  7e 93 32 e3 dd ad 1c b3  c1 ff 03 c2 b9 08 da 09  |~.2.............|
+000002e0  d3 1b 67 95 9c 8c d1 05  12 2e 8b dc 7a 08 04 00  |..g.........z...|
+000002f0  80 85 af 3b 06 67 b0 ab  07 70 21 02 b1 3a 89 40  |...;.g...p!..:.@|
+00000300  d6 90 ef a5 5b 89 49 81  18 20 74 9f 7b dd 58 65  |....[.I.. t.{.Xe|
+00000310  28 6f 2a f1 aa 3f 35 91  b9 88 79 27 a0 f3 e7 41  |(o*..?5...y'...A|
+00000320  9a a5 77 be 55 5e 70 89  37 b6 4a 7b 3b 8c df ad  |..w.U^p.7.J{;...|
+00000330  47 cc ac 45 47 43 05 05  ad c9 7b d8 1d d6 a8 fa  |G..EGC....{.....|
+00000340  38 45 c3 54 35 0c 28 a1  29 be 1f 73 98 a6 02 01  |8E.T5.(.)..s....|
+00000350  fb 9d 12 64 1a 9c f3 82  e5 3f f6 0c 20 67 59 72  |...d.....?.. gYr|
+00000360  3f a7 59 4e ef b4 58 ba  49 4e c9 b6 ea 95 b2 b3  |?.YN..X.IN......|
+00000370  78 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |x....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -115,28 +114,28 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 92 0f 00  |...._X.;t.......|
-00000240  00 8e 04 03 00 8a 30 81  87 02 42 00 8e 41 5f 48  |......0...B..A_H|
-00000250  64 4e 6e 7e 7d ed 5b da  88 7a 38 1f bd 04 ee 93  |dNn~}.[..z8.....|
-00000260  88 f8 3d e5 b7 51 4a 43  6b c5 c1 02 06 c5 2c c1  |..=..QJCk.....,.|
-00000270  48 18 2e 11 63 8a 9d 94  35 98 bc d1 d7 19 1f c0  |H...c...5.......|
-00000280  f6 dc 10 15 89 bf 99 0c  87 7d 3e bf e2 02 41 4f  |.........}>...AO|
-00000290  e3 d4 a0 b2 4d 80 ec 21  2f b3 fc df 6c b7 bd 6d  |....M..!/...l..m|
-000002a0  c7 6d 0a 7a 24 56 a4 c8  36 ec 7d 2d 65 ff 8c 4b  |.m.z$V..6.}-e..K|
-000002b0  c7 cd 52 99 f1 2d e5 19  57 89 fe 52 44 ca e0 c3  |..R..-..W..RD...|
-000002c0  34 fc c5 4a da 59 f5 62  eb c4 c5 cb 1d d7 4b 63  |4..J.Y.b......Kc|
-000002d0  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-000002e0  00 00 00 5d 34 16 3d d0  04 3f b7 3d a2 be 20 8b  |...]4.=..?.=.. .|
-000002f0  19 20 09 7b f0 7e 52 95  e6 b8 f1 06 08 93 6b 91  |. .{.~R.......k.|
-00000300  ee fa c8                                          |...|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 91 0f 00  |...._X.;t.......|
+00000240  00 8d 04 03 00 89 30 81  86 02 41 66 64 90 bc df  |......0...Afd...|
+00000250  a5 d0 19 89 2b ed fc a5  8f 7e 14 d0 9f a2 07 6b  |....+....~.....k|
+00000260  d3 09 07 46 f8 29 4d b5  6c 01 e5 2e 0d d8 a4 b9  |...F.)M.l.......|
+00000270  1a 86 2f b1 10 4c 29 5b  de e7 29 e6 b9 32 53 ca  |../..L)[..)..2S.|
+00000280  d0 fc 7b a1 82 6e 34 2f  11 7a 2b 98 02 41 74 a4  |..{..n4/.z+..At.|
+00000290  51 21 0c 57 ac 99 d1 a3  8c 86 f6 f2 b8 66 b8 1f  |Q!.W.........f..|
+000002a0  2d db 49 1a c1 34 e6 02  fd ce 50 14 7c 9b a4 52  |-.I..4....P.|..R|
+000002b0  17 bc 96 ab 11 5f 97 9a  7f be ab 26 f7 1f 2b cf  |....._.....&..+.|
+000002c0  30 f1 da 80 b5 82 a0 da  44 be c1 00 51 1d b4 14  |0.......D...Q...|
+000002d0  03 03 00 01 01 16 03 03  00 28 00 00 00 00 00 00  |.........(......|
+000002e0  00 00 39 c2 3d 4e 74 16  e2 8c 4b f9 11 38 94 12  |..9.=Nt...K..8..|
+000002f0  8f d3 16 18 9b ad 41 ef  c9 ed 56 7f e3 ed d7 e5  |......A...V.....|
+00000300  0e 52                                             |.R|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 c1 1c 19 bc 14  |..........(.....|
-00000010  d3 44 ec 5d 6e 84 c4 06  ba c2 83 00 80 ea dd 7d  |.D.]n..........}|
-00000020  9b 2e 75 c7 9d 75 40 e8  89 d1 9b 69 16 20 0b 23  |..u..u@....i. .#|
-00000030  94 48 42                                          |.HB|
+00000000  14 03 03 00 01 01 16 03  03 00 28 c0 9a 2a 35 ef  |..........(..*5.|
+00000010  fa 87 1f 74 0a e9 b7 ea  3c 1c ab 1c ce 6e bb 95  |...t....<....n..|
+00000020  ef 92 f3 cb 07 c0 e6 af  b1 2a 60 fb 09 2a d7 68  |.........*`..*.h|
+00000030  27 b0 f1                                          |'..|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 20 ce 1a  |............. ..|
-00000010  b6 65 88 6d 17 9e 9c 9d  ec 36 af d3 7e fa e5 63  |.e.m.....6..~..c|
-00000020  bc 90 f0 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  e5 a6 0e 68 bc 75 29 7e  c1 ee 6b 3b d3 03 c8 0a  |...h.u)~..k;....|
-00000040  4d 75                                             |Mu|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 b1 98 56  |...............V|
+00000010  38 68 a7 d0 da c6 83 4b  00 31 40 d7 1e 81 35 1a  |8h.....K.1@...5.|
+00000020  2f e3 42 15 03 03 00 1a  00 00 00 00 00 00 00 02  |/.B.............|
+00000030  1d 8f a1 cf 12 2f 53 37  4d 60 46 90 e2 db 97 ce  |...../S7M`F.....|
+00000040  3e 99                                             |>.|
diff --git a/testdata/Client-TLSv12-ClientCert-Ed25519 b/testdata/Client-TLSv12-ClientCert-Ed25519
index e4e47030..9eb522b8 100644
--- a/testdata/Client-TLSv12-ClientCert-Ed25519
+++ b/testdata/Client-TLSv12-ClientCert-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 73 ca 08 75 98  |....]...Y..s..u.|
-00000010  14 2e b6 c4 c0 74 e2 cf  05 24 dd 70 f4 aa 22 08  |.....t...$.p..".|
-00000020  39 6d 3a 61 11 90 c6 61  50 41 96 20 d1 c7 24 aa  |9m:a...aPA. ..$.|
-00000030  3a 5e 0c 2c 37 72 8c 80  76 ab c9 2f fb a5 39 7d  |:^.,7r..v../..9}|
-00000040  f5 f3 ce 97 d8 ea e5 4c  db 1b f8 f6 cc a8 00 00  |.......L........|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 7f e3 92 d1 05  |....]...Y.......|
+00000010  fd a2 f7 b4 24 f8 e6 e2  2f 15 51 f2 4b 72 12 59  |....$.../.Q.Kr.Y|
+00000020  e6 af fe c9 0b 86 8b 53  a3 ce ff 20 68 97 1d e3  |.......S... h...|
+00000030  6d 6c fb 67 78 05 ba fc  10 5b 83 87 8c 04 e9 57  |ml.gx....[.....W|
+00000040  19 32 3f ee 88 a0 30 61  de 1c d2 2d cc a8 00 00  |.2?...0a...-....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,18 +62,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 35 1f 14  |............ 5..|
-000002d0  77 42 a0 9c 04 14 f7 8b  df e5 b5 e7 71 40 34 4f  |wB..........q@4O|
-000002e0  f5 0d ab c2 2f 38 97 46  3e c2 57 26 7d 08 04 00  |..../8.F>.W&}...|
-000002f0  80 9d d7 8c 28 d8 a8 6c  a8 14 5d 92 f8 59 ab e5  |....(..l..]..Y..|
-00000300  bd e3 32 1e 49 f6 e6 11  11 ce eb 0c e1 27 3c 34  |..2.I........'<4|
-00000310  8c 94 a9 e9 8f 41 51 64  c2 6c 1c d0 e7 d4 ee cf  |.....AQd.l......|
-00000320  4f 9c f4 92 0f e5 48 c5  2b b5 82 79 c3 91 ee f9  |O.....H.+..y....|
-00000330  1c a6 b2 ee ec 9d 73 7c  df 2d 2b 49 c8 27 c7 cf  |......s|.-+I.'..|
-00000340  79 b4 6a 39 f6 ac fe 6f  fd f4 6c 7d 2c f2 7f 58  |y.j9...o..l},..X|
-00000350  2f a3 d4 f5 92 83 5b 83  19 55 39 e5 f8 d2 2c fd  |/.....[..U9...,.|
-00000360  ad 89 32 90 ba 89 cd 0d  ed 16 02 96 92 bd 77 d2  |..2...........w.|
-00000370  f3 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 55 93 3e  |............ U.>|
+000002d0  dd fc 30 52 61 80 f3 e8  7e e2 fb f8 03 ab e4 86  |..0Ra...~.......|
+000002e0  bc 8b 69 5b f5 8c fd 4b  fc 12 2e 99 1a 08 04 00  |..i[...K........|
+000002f0  80 43 60 48 4c 88 e9 fc  78 36 5f a9 6a 61 54 7e  |.C`HL...x6_.jaT~|
+00000300  a8 a3 67 91 df ff 78 66  d6 b6 ce 95 26 af 8e ac  |..g...xf....&...|
+00000310  42 fa 95 e1 a3 c6 9b 73  bb 7b dc e6 aa ca 6f a0  |B......s.{....o.|
+00000320  17 6b ee 50 ff d9 20 ed  11 c4 e5 81 23 1d 6b 02  |.k.P.. .....#.k.|
+00000330  a8 e6 f6 ef fc 1f 69 9e  c1 28 d9 bd 36 98 ad f6  |......i..(..6...|
+00000340  f3 40 5a e8 a4 e9 3c 62  b2 8d 53 a1 88 06 e6 81  |.@Z...<b..S.....|
+00000350  23 05 4d 23 c5 9d 3f c9  ac 6a 1a 11 ab ce 4f 91  |#.M#..?..j....O.|
+00000360  15 b1 d6 63 4b 60 11 a8  6d 8d 57 31 6d 7c 4b 01  |...cK`..m.W1m|K.|
+00000370  37 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |7....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -103,20 +102,20 @@
 00000140  08 16 03 03 00 25 10 00  00 21 20 2f e5 7d a3 47  |.....%...! /.}.G|
 00000150  cd 62 43 15 28 da ac 5f  bb 29 07 30 ff f6 84 af  |.bC.(.._.).0....|
 00000160  c4 cf c2 ed 90 99 5f 58  cb 3b 74 16 03 03 00 48  |......_X.;t....H|
-00000170  0f 00 00 44 08 07 00 40  a1 8a 00 6d 57 47 ab a4  |...D...@...mWG..|
-00000180  ae 93 3e dd 04 fb 04 3b  dd b7 de 93 bc 2e 40 ff  |..>....;......@.|
-00000190  29 fa d0 f7 63 4e b9 5f  1f d9 5d 8c 87 eb bb 43  |)...cN._..]....C|
-000001a0  25 e5 a7 04 8d 16 88 f8  8b 0d 17 d1 ef 75 7c f1  |%............u|.|
-000001b0  1a b4 8f 2f cd f1 18 00  14 03 03 00 01 01 16 03  |.../............|
-000001c0  03 00 20 b2 95 81 2d 8c  06 f0 54 da ef 31 9a 33  |.. ...-...T..1.3|
-000001d0  89 c3 b5 e8 6a 77 3c fe  e8 e3 d0 24 94 2d 7e f9  |....jw<....$.-~.|
-000001e0  08 d4 ce                                          |...|
+00000170  0f 00 00 44 08 07 00 40  ff da 51 80 4b 76 25 5d  |...D...@..Q.Kv%]|
+00000180  89 dc ce 9a fe 11 c3 95  c5 9a c2 fa ee 8a ba 87  |................|
+00000190  42 be 46 93 da 10 c7 2a  ab 7c 4c 24 a8 a7 b1 de  |B.F....*.|L$....|
+000001a0  17 6a b4 85 13 ff db 8d  69 9a be 0a b1 7d 1d d6  |.j......i....}..|
+000001b0  b1 83 26 d1 2f 26 59 06  14 03 03 00 01 01 16 03  |..&./&Y.........|
+000001c0  03 00 20 7b 59 a9 9c 67  42 6e ce 78 78 cb d0 94  |.. {Y..gBn.xx...|
+000001d0  d1 b1 38 06 65 a7 97 56  3c cf 14 2f 80 1c f4 04  |..8.e..V<../....|
+000001e0  59 de 4d                                          |Y.M|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 b3 9b 27 5a 1e  |.......... ..'Z.|
-00000010  ce 80 3c 04 f7 aa 69 b6  6b 37 9a 86 e9 95 ce 73  |..<...i.k7.....s|
-00000020  8a ef 38 62 6f cb a0 0e  45 78 ad                 |..8bo...Ex.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 91 2c 24 55 e8  |.......... .,$U.|
+00000010  70 9e 88 07 53 e1 60 9e  86 af 53 d4 21 d9 99 ad  |p...S.`...S.!...|
+00000020  3a 2b 83 b0 bc f7 93 5e  63 04 50                 |:+.....^c.P|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 bf 78 66  da 5b a7 fd cf 95 32 20  |......xf.[....2 |
-00000010  b6 ce 1e 5d 4f 21 05 6a  f7 3a 27 15 03 03 00 12  |...]O!.j.:'.....|
-00000020  42 e1 e3 e3 d3 5a 98 8c  d1 e3 ce a5 02 f9 58 ba  |B....Z........X.|
-00000030  ce 33                                             |.3|
+00000000  17 03 03 00 16 e0 69 be  8e c5 4d 63 0e 77 88 42  |......i...Mc.w.B|
+00000010  4e a8 e9 8f f4 c5 05 56  99 92 70 15 03 03 00 12  |N......V..p.....|
+00000020  64 5c 05 8f 23 af e8 aa  f6 76 1b b6 90 36 d9 d5  |d\..#....v...6..|
+00000030  59 e6                                             |Y.|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
index 0fb7a12f..e9f6604b 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
+++ b/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 e8 4b b6 f9 1c  |....]...Y...K...|
-00000010  d9 59 e0 86 7b 9b cf 37  9f 0c f2 14 51 de 10 66  |.Y..{..7....Q..f|
-00000020  39 05 15 ab 17 25 df 89  d7 5b 41 20 e5 28 ba da  |9....%...[A .(..|
-00000030  29 8c 72 40 14 7e 06 2d  f8 04 6d 4d 37 09 62 9a  |).r@.~.-..mM7.b.|
-00000040  87 f7 52 fc 77 61 05 04  2f 65 c0 df c0 30 00 00  |..R.wa../e...0..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 bc b7 27 59 a9  |....]...Y....'Y.|
+00000010  a7 ac ce 8b f5 5b 13 56  60 19 70 2a a7 f0 a2 ea  |.....[.V`.p*....|
+00000020  1a ce 27 2a 67 53 e0 5c  7e 5e 80 20 d5 c6 de 6d  |..'*gS.\~^. ...m|
+00000030  d1 3c 6d cb c9 49 77 00  cc 31 87 0a 86 45 06 70  |.<m..Iw..1...E.p|
+00000040  8e fe b8 56 c9 11 21 1a  5f b9 78 25 c0 30 00 00  |...V..!._.x%.0..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,18 +62,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 57 e9 2a  |............ W.*|
-000002d0  eb ac 52 cf 39 70 0a c3  21 38 2d 46 66 c1 df 26  |..R.9p..!8-Ff..&|
-000002e0  38 ad b2 19 d5 a9 f5 37  15 f7 f6 dc 54 08 04 00  |8......7....T...|
-000002f0  80 35 c5 7a 73 5f 36 ed  72 f9 2d 21 a9 9f 94 3f  |.5.zs_6.r.-!...?|
-00000300  98 de 22 b1 35 c1 9d e2  d2 42 bb 32 7a f3 11 0e  |..".5....B.2z...|
-00000310  f7 3c a0 ca 44 87 95 e6  f3 1a 19 45 51 a8 f5 f2  |.<..D......EQ...|
-00000320  fe ac 00 d0 fc 79 a8 a9  83 fe 81 48 e9 f7 48 ce  |.....y.....H..H.|
-00000330  08 8c 45 3c 24 b5 d4 e0  07 17 d1 f0 fa 3d 13 3c  |..E<$........=.<|
-00000340  ef f5 7b f2 5a c2 9a 60  af de 8e 74 50 c7 df b0  |..{.Z..`...tP...|
-00000350  27 ef 0e dd db 6a 8f a4  94 69 f0 08 7e 3c 3c 93  |'....j...i..~<<.|
-00000360  03 f9 67 ad 30 0b e6 d7  f0 c0 77 bd c4 1a 6e b4  |..g.0.....w...n.|
-00000370  52 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |R....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 8b ea d3  |............ ...|
+000002d0  e4 1f c2 21 cb 32 99 00  d2 a9 a4 f3 e4 9a d7 6e  |...!.2.........n|
+000002e0  f0 6e 7c 45 ca 41 51 60  a3 31 61 f0 34 08 04 00  |.n|E.AQ`.1a.4...|
+000002f0  80 96 62 58 0c b4 72 a7  49 1c b8 73 72 5a c7 ba  |..bX..r.I..srZ..|
+00000300  e2 fe dc a6 a4 54 3d 21  83 70 ab ef de d8 d8 db  |.....T=!.p......|
+00000310  82 56 22 4f 9d f6 04 c2  b6 f7 9d a0 41 88 53 c9  |.V"O........A.S.|
+00000320  2b 57 80 71 a2 bd d7 84  b6 4b cd 65 3d c3 10 cb  |+W.q.....K.e=...|
+00000330  5d 89 03 af 46 d5 b0 39  b8 c8 2d 74 1b 46 8d 0d  |]...F..9..-t.F..|
+00000340  ca 13 30 34 54 10 ea ec  77 ca 84 a6 2c 88 68 d6  |..04T...w...,.h.|
+00000350  69 e6 f3 95 aa 65 af 05  7d e0 c2 84 48 f5 fa ae  |i....e..}...H...|
+00000360  d5 90 2a 79 0c 45 c6 7d  d3 b7 de 85 e8 b5 2b 68  |..*y.E.}......+h|
+00000370  bf 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -115,26 +114,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 ac ba b5 9f a6 2e 81  |................|
-00000240  fa c5 95 f7 27 e6 1c 54  80 51 1f 98 c6 bd 54 79  |....'..T.Q....Ty|
-00000250  ca 24 1a 0d df a0 e4 c8  5a e2 2d 83 35 ed 88 8f  |.$......Z.-.5...|
-00000260  08 23 db c9 fa 56 c9 5d  14 91 43 53 57 40 a1 a6  |.#...V.]..CSW@..|
-00000270  c9 61 b4 99 d5 4b bc 32  b5 2a a0 13 68 d3 06 1b  |.a...K.2.*..h...|
-00000280  07 7f 3a a3 05 32 19 c2  d7 ed 9a 68 f7 da e9 80  |..:..2.....h....|
-00000290  54 1f 1d c3 6b fc 1f 85  b0 8d 91 76 39 a1 56 e2  |T...k......v9.V.|
-000002a0  1b 73 1e c3 1f 57 59 25  17 b2 53 6c fd 47 5f de  |.s...WY%..Sl.G_.|
-000002b0  57 2c c0 e7 76 1b 71 05  6c 14 03 03 00 01 01 16  |W,..v.q.l.......|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 42 57 90 45  |...(........BW.E|
-000002d0  6a b9 64 64 92 ac c5 63  14 66 d1 f0 f9 65 f3 25  |j.dd...c.f...e.%|
-000002e0  de 81 74 da 68 1c cb 90  a5 46 6d 69              |..t.h....Fmi|
+00000230  88 0f 00 00 84 08 04 00  80 48 ae 01 b6 4e e2 f0  |.........H...N..|
+00000240  6b d9 58 e9 95 fb 93 56  10 8f 15 dc e8 3e c7 49  |k.X....V.....>.I|
+00000250  b3 26 c2 06 91 4a 02 27  36 6b 21 cd aa 4a 62 6a  |.&...J.'6k!..Jbj|
+00000260  9d 44 6a b7 6c 16 d4 52  23 12 20 9d e5 5c 83 04  |.Dj.l..R#. ..\..|
+00000270  d8 38 45 61 8b 30 5b 7b  6b 77 be 47 5a f8 fe 4d  |.8Ea.0[{kw.GZ..M|
+00000280  c8 e7 83 97 44 b4 fb 71  89 30 f2 cf d2 49 82 e8  |....D..q.0...I..|
+00000290  d4 a8 73 86 44 29 30 17  7b b6 0e 4f 5f 6b 0c 33  |..s.D)0.{..O_k.3|
+000002a0  43 7f 9b 84 a4 9b c6 30  18 ff 1b 85 a7 a9 17 23  |C......0.......#|
+000002b0  2e 08 d3 57 10 af 49 95  2a 14 03 03 00 01 01 16  |...W..I.*.......|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 43 b8 4c 8a  |...(........C.L.|
+000002d0  84 1e 6c 41 02 fb b6 74  1e 4d 69 0d c0 f8 fc 8b  |..lA...t.Mi.....|
+000002e0  ce 64 53 95 40 c8 e8 52  31 5f a3 65              |.dS.@..R1_.e|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 6b 52 88 32 f1  |..........(kR.2.|
-00000010  6e 1f dd ce 38 ba d4 7d  c7 4a 55 89 4c 91 57 34  |n...8..}.JU.L.W4|
-00000020  1e 54 12 8e 37 e2 dc a9  7d 37 b6 31 57 2f 11 27  |.T..7...}7.1W/.'|
-00000030  42 96 c2                                          |B..|
+00000000  14 03 03 00 01 01 16 03  03 00 28 04 f3 da a1 b9  |..........(.....|
+00000010  b9 1a cf f3 a8 19 aa 23  12 65 8d 68 dc 37 09 9a  |.......#.e.h.7..|
+00000020  e4 0c cd e5 d4 3d cb 42  89 e4 ad 9e 49 34 de 05  |.....=.B....I4..|
+00000030  74 f0 33                                          |t.3|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 be ea d3  |................|
-00000010  87 8c 16 62 86 4a 53 49  9d d7 f8 01 11 8b 9b 58  |...b.JSI.......X|
-00000020  39 89 cf 15 03 03 00 1a  00 00 00 00 00 00 00 02  |9...............|
-00000030  93 9d 61 38 db c4 be 69  5e fb 63 1e ae f3 57 e4  |..a8...i^.c...W.|
-00000040  fe 85                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 00 33 c0  |..............3.|
+00000010  3f 9c 56 3e 9b ed bb 5e  81 0c 4a 01 65 91 f5 da  |?.V>...^..J.e...|
+00000020  f6 4b 62 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.Kb.............|
+00000030  55 6f 8d 18 50 1f aa 00  94 9b 79 26 f0 3e 0a c6  |Uo..P.....y&.>..|
+00000040  45 b0                                             |E.|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
index 689be109..25120914 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 dc 6d a4 87 a5  |....]...Y...m...|
-00000010  a1 8e 67 3d c3 ed c0 e4  ed 38 7a 00 df b1 50 f4  |..g=.....8z...P.|
-00000020  4a cc 0f ab e2 e8 d9 77  b8 1a 18 20 cb e9 02 2a  |J......w... ...*|
-00000030  4f 17 c0 9d 3d 55 60 3e  d8 46 ee 52 dd bf 3e e6  |O...=U`>.F.R..>.|
-00000040  c9 4a b5 24 f5 19 73 56  ab 78 ce ec c0 09 00 00  |.J.$..sV.x......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 80 e4 9b 9d a9  |....]...Y.......|
+00000010  59 27 7f 44 b9 4b 90 31  c7 66 03 90 d6 9b ef 17  |Y'.D.K.1.f......|
+00000020  f8 fb e5 63 04 68 f6 ce  a1 a6 f4 20 cb 84 55 fa  |...c.h..... ..U.|
+00000030  41 77 48 0f 0a 5a 24 92  e3 59 b2 d9 91 0c 18 4a  |AwH..Z$..Y.....J|
+00000040  bf af ad db 64 db cb 57  d8 0b de 46 c0 09 00 00  |....d..W...F....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,23 +57,23 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
-00000280  1d 20 d8 81 5d 07 0c 63  f2 9a bf 82 37 08 f6 6d  |. ..]..c....7..m|
-00000290  e2 20 4b 98 85 cc 62 ad  a2 ac b1 8b 15 de 1d 5e  |. K...b........^|
-000002a0  3b 74 04 03 00 8b 30 81  88 02 42 01 81 b9 d9 e7  |;t....0...B.....|
-000002b0  3b 89 ed 5f cb 0a 10 16  85 69 c3 5e 7f 82 95 f6  |;.._.....i.^....|
-000002c0  49 48 3a 6d 84 c2 f5 04  9a 00 ef 86 f9 10 fc 03  |IH:m............|
-000002d0  a8 ba eb e7 0c 0c 0c 27  7b ba aa 73 a4 23 03 cb  |.......'{..s.#..|
-000002e0  d8 be c8 39 34 1f c4 33  e4 cf 12 98 35 02 42 01  |...94..3....5.B.|
-000002f0  dc 0b c7 df 9c b2 c4 f5  dc 4a a6 b0 ef 40 3c 8c  |.........J...@<.|
-00000300  98 f3 93 ac 14 9b 4d fe  6e 7a 09 fd 23 c3 14 4f  |......M.nz..#..O|
-00000310  cf 1a e6 61 72 58 8c 75  10 6c 75 42 cc 7b 9c 4a  |...arX.u.luB.{.J|
-00000320  11 62 25 12 63 44 9d fe  3d 67 44 7e 74 bd b0 3d  |.b%.cD..=gD~t..=|
-00000330  04 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
-00000340  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
-00000350  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
-00000360  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
-00000370  16 03 03 00 04 0e 00 00  00                       |.........|
+00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
+00000280  1d 20 2f 6b 4c 95 75 59  25 2f f7 fd b1 1f d2 9e  |. /kL.uY%/......|
+00000290  2f 38 5e 57 1a 7c 36 99  1e 11 4a 3f f7 13 5b 0b  |/8^W.|6...J?..[.|
+000002a0  90 33 04 03 00 8a 30 81  87 02 42 01 b4 34 3f d0  |.3....0...B..4?.|
+000002b0  41 09 00 12 f4 79 20 f4  b7 80 5c d1 35 9d 8b d2  |A....y ...\.5...|
+000002c0  fa c9 4a a9 44 6b 05 95  c5 a7 50 08 0d 73 66 3e  |..J.Dk....P..sf>|
+000002d0  dd 49 e4 a4 c6 c0 12 ca  0b 4a df bc c1 3e ec 88  |.I.......J...>..|
+000002e0  ec 9a 0e 71 15 4d 45 98  04 3a 51 7a 67 02 41 15  |...q.ME..:Qzg.A.|
+000002f0  17 de b0 5c 03 a5 74 0e  0f 2b 53 6e 55 17 73 b8  |...\..t..+SnU.s.|
+00000300  ac 16 70 1a 95 f9 25 b1  fc 4b 9d c7 b1 f4 71 f6  |..p...%..K....q.|
+00000310  86 2d 5b 74 9e d3 4e 1b  40 67 f4 a6 62 2e c8 4d  |.-[t..N.@g..b..M|
+00000320  66 f7 32 e9 05 df d5 b0  e8 1a b7 b1 48 c4 1c 91  |f.2.........H...|
+00000330  16 03 03 00 3a 0d 00 00  36 03 01 02 40 00 2e 04  |....:...6...@...|
+00000340  03 05 03 06 03 08 07 08  08 08 09 08 0a 08 0b 08  |................|
+00000350  04 08 05 08 06 04 01 05  01 06 01 03 03 02 03 03  |................|
+00000360  01 02 01 03 02 02 02 04  02 05 02 06 02 00 00 16  |................|
+00000370  03 03 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -111,31 +110,31 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 3c 66 74 5d c3 4b d6  |.........<ft].K.|
-00000240  98 89 fe 1d 47 36 26 62  e8 19 0a 2c a9 8d 9a cf  |....G6&b...,....|
-00000250  f2 a1 15 3a bb c5 90 be  8d 09 d5 e8 3e 1f f3 87  |...:........>...|
-00000260  19 a7 d9 5d 7c f6 65 32  bd 47 e9 2f 90 a8 90 1b  |...]|.e2.G./....|
-00000270  41 05 08 35 32 f6 c2 22  70 61 37 a3 48 96 72 e0  |A..52.."pa7.H.r.|
-00000280  41 26 07 a9 6c c2 34 72  35 d5 43 ce 23 fd 34 9b  |A&..l.4r5.C.#.4.|
-00000290  56 b7 4e c0 be b9 b3 bd  81 df 32 58 3f b2 af 34  |V.N.......2X?..4|
-000002a0  c0 08 69 27 19 43 0f 34  1b 56 ed 08 cd 1b 2b f3  |..i'.C.4.V....+.|
-000002b0  41 75 8c 0a b2 43 4c f6  fe 14 03 03 00 01 01 16  |Au...CL.........|
+00000230  88 0f 00 00 84 08 04 00  80 70 66 f2 ac fb f7 29  |.........pf....)|
+00000240  15 31 a2 12 de 37 3f cc  97 74 5c 5b 7e 6d e4 f8  |.1...7?..t\[~m..|
+00000250  b0 b3 3d 9c ee 32 bf d7  64 90 d7 af ad 8f 61 77  |..=..2..d.....aw|
+00000260  f2 c0 7e 6f 91 1d 4e 95  92 3e ab 23 f0 ac d8 de  |..~o..N..>.#....|
+00000270  32 69 cd bc 04 4c d1 a3  77 7a af ac f0 64 41 aa  |2i...L..wz...dA.|
+00000280  a0 53 f0 89 89 a4 6f 1f  67 21 16 55 4e dc cb a8  |.S....o.g!.UN...|
+00000290  12 7d cb a0 5c a9 48 48  d9 af 03 f0 75 ed 32 72  |.}..\.HH....u.2r|
+000002a0  d5 da 34 a3 ea 82 08 8f  00 fc 7d 1d b8 11 ff f7  |..4.......}.....|
+000002b0  09 52 a8 cc a8 66 b0 06  1e 14 03 03 00 01 01 16  |.R...f..........|
 000002c0  03 03 00 40 00 00 00 00  00 00 00 00 00 00 00 00  |...@............|
-000002d0  00 00 00 00 ce ef 0a 09  6d 11 17 89 31 b3 ac 31  |........m...1..1|
-000002e0  76 fe 02 d1 2b f8 dc df  fc 59 e3 2f aa 14 4e 9d  |v...+....Y./..N.|
-000002f0  c1 d9 5d f6 4f 57 6f 15  db 93 f1 27 12 02 7c 08  |..].OWo....'..|.|
-00000300  75 f6 48 26                                       |u.H&|
+000002d0  00 00 00 00 9c 7d d4 9e  59 53 e7 66 64 63 9c cb  |.....}..YS.fdc..|
+000002e0  58 03 03 26 fe d9 15 eb  03 1c 8f a7 9c 5a 86 4a  |X..&.........Z.J|
+000002f0  6c 4e 06 4a 80 91 94 00  6f 7d 38 6a ea a3 68 df  |lN.J....o}8j..h.|
+00000300  17 08 14 ed                                       |....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 c0 0b de 9c 60  |..........@....`|
-00000010  35 52 38 09 01 7f e5 52  b3 cf b4 e6 27 02 36 52  |5R8....R....'.6R|
-00000020  ce 84 dd f5 ee f8 65 7c  89 ad 5e 1c 86 09 36 d0  |......e|..^...6.|
-00000030  23 c7 52 63 6b 67 97 4e  bf c0 28 83 3a c8 3e a2  |#.Rckg.N..(.:.>.|
-00000040  2f f3 d7 08 8c c0 86 64  8e 9c 3e                 |/......d..>|
+00000000  14 03 03 00 01 01 16 03  03 00 40 7e 6d 15 90 c5  |..........@~m...|
+00000010  99 96 ca bb 16 b5 5a 55  3e b0 ef 3f ab e5 b6 8c  |......ZU>..?....|
+00000020  51 1d 18 c7 c2 25 86 e0  db c1 d0 38 85 51 4e 8d  |Q....%.....8.QN.|
+00000030  37 51 92 cc d0 64 37 b7  67 7b 2c fc e7 1e 16 f6  |7Q...d7.g{,.....|
+00000040  76 3a 94 48 68 eb dc cc  cf 2a 4d                 |v:.Hh....*M|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 98 7e 6b  30 28 7d e1 6f 09 17 40  |......~k0(}.o..@|
-00000020  cf 5f 98 90 46 91 b5 9b  f8 29 22 a0 85 75 f7 f6  |._..F....)"..u..|
-00000030  f4 33 c8 60 75 15 03 03  00 30 00 00 00 00 00 00  |.3.`u....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 02 c0 9e 3b 21 50  |.............;!P|
-00000050  a1 7a 16 67 32 3d 66 6d  c4 7f 9c 9b 44 30 31 f4  |.z.g2=fm....D01.|
-00000060  ea 03 7a e3 54 5d 35 7f  d3 eb                    |..z.T]5...|
+00000010  00 00 00 00 00 db 14 ae  78 62 50 37 42 b8 fc c6  |........xbP7B...|
+00000020  f1 84 40 75 7c e4 3f 8a  57 b8 1c 12 4a 6f 11 f2  |..@u|.?.W...Jo..|
+00000030  ba 1a a6 9b 20 15 03 03  00 30 00 00 00 00 00 00  |.... ....0......|
+00000040  00 00 00 00 00 00 00 00  00 00 09 93 aa 80 fd b2  |................|
+00000050  66 e2 83 0e f8 83 45 3d  e1 39 06 5d a3 12 9e 12  |f.....E=.9.]....|
+00000060  fd f5 cb 32 c4 3b ce 20  e4 10                    |...2.;. ..|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSA b/testdata/Client-TLSv12-ClientCert-RSA-RSA
index 2dd00ba6..3bfb4aaa 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 df 59 a1 48 61  |....]...Y...Y.Ha|
-00000010  ef db cd 29 5f 9b 90 e4  d9 6d db 10 98 ae 69 b8  |...)_....m....i.|
-00000020  97 ed 8f 57 24 42 16 32  0a b0 b1 20 79 b3 fc 90  |...W$B.2... y...|
-00000030  63 58 4b ab 45 d8 e9 39  7c 11 20 09 33 db b5 4c  |cXK.E..9|. .3..L|
-00000040  2c e2 d6 39 63 fe 74 d5  59 18 5c 7d c0 2f 00 00  |,..9c.t.Y.\}./..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 c0 dd 18 ad 41  |....]...Y......A|
+00000010  2b ee fd 45 1f c0 c1 10  75 a7 1d 80 74 3e 8e 66  |+..E....u...t>.f|
+00000020  18 c8 64 c2 b4 89 4f 19  ff e0 0c 20 be c6 2a 8e  |..d...O.... ..*.|
+00000030  73 0a 1e 7a 2a d2 81 71  11 ba e9 de 02 0a aa 52  |s..z*..q.......R|
+00000040  76 b7 43 a3 49 a0 81 24  9c 57 4c 26 c0 2f 00 00  |v.C.I..$.WL&./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,18 +62,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 12 4b 94  |............ .K.|
-000002d0  2b 4a d0 b5 0f ca 87 05  7f 56 c3 11 b0 83 01 27  |+J.......V.....'|
-000002e0  68 a2 dd 63 b6 9b ff e5  48 7e af dd 0f 08 04 00  |h..c....H~......|
-000002f0  80 38 6f 01 25 4e 51 f1  8d 6c 89 4b 85 85 1d cd  |.8o.%NQ..l.K....|
-00000300  63 21 5e 89 d5 04 ac 81  cf 42 3c 6f df f1 53 ac  |c!^......B<o..S.|
-00000310  e3 54 28 a3 9f 06 76 96  9c 64 c7 22 55 14 2e 48  |.T(...v..d."U..H|
-00000320  7e d3 97 9a 35 b8 cf 1c  b8 a0 f2 b1 da 2f 0f a4  |~...5......../..|
-00000330  07 44 43 a8 01 67 a8 94  8d 8e 7a 60 91 48 d0 c7  |.DC..g....z`.H..|
-00000340  b5 c9 c8 ad df b0 33 cd  4a 37 75 ef 65 56 4b fd  |......3.J7u.eVK.|
-00000350  23 e7 b7 d3 3b fc 14 4e  b0 32 9b d3 cb e1 cd 4e  |#...;..N.2.....N|
-00000360  93 0e 01 cf 54 95 af e5  29 1f 8d 07 42 0f 29 67  |....T...)...B.)g|
-00000370  6d 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |m....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 5a f3 c3  |............ Z..|
+000002d0  1b 34 9a 1a 01 68 65 fd  25 e5 e4 62 f4 17 d6 00  |.4...he.%..b....|
+000002e0  88 ae 5e fa 6b ef 60 96  e9 96 1e 33 0f 08 04 00  |..^.k.`....3....|
+000002f0  80 74 91 43 7a 3e 02 93  c6 6c 6d 36 86 2f 74 51  |.t.Cz>...lm6./tQ|
+00000300  50 84 a2 0b 1c b4 90 71  72 2b f9 7d 35 2a a6 fc  |P......qr+.}5*..|
+00000310  56 b1 fa 36 e0 cb ea 5a  4e 89 71 3f 28 d3 fc 90  |V..6...ZN.q?(...|
+00000320  de 21 0c 03 84 d9 23 78  b6 58 f2 03 02 27 48 f9  |.!....#x.X...'H.|
+00000330  6d 6c 2b eb 62 36 47 66  55 fc d9 77 42 1e 9b 93  |ml+.b6GfU..wB...|
+00000340  00 0f 5a 71 76 af 2c d9  b7 c3 6e e8 7a 64 34 0f  |..Zqv.,...n.zd4.|
+00000350  78 36 d7 cf a1 bb 3d 0a  23 64 c4 70 f0 78 8e 42  |x6....=.#d.p.x.B|
+00000360  80 42 1f 0f 1d 7f c9 b6  7b 9c 2a 30 6c 7a ef 0c  |.B......{.*0lz..|
+00000370  2f 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |/....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -115,26 +114,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 a5 81 a8 8a ed 68 25  |..............h%|
-00000240  5d 82 da 0f dc 93 20 56  34 c1 a0 62 0a a7 fb a5  |]..... V4..b....|
-00000250  58 07 79 b0 45 17 2d 13  99 9f 6c dc 53 9e 1c e2  |X.y.E.-...l.S...|
-00000260  1d 9b a3 bb 69 af 58 33  e1 31 d7 72 f4 86 1d 66  |....i.X3.1.r...f|
-00000270  55 a8 c9 77 5b 57 c5 86  74 a0 c9 25 a9 cc 2e da  |U..w[W..t..%....|
-00000280  26 17 6e bb 34 5b 49 94  0e 05 db b4 05 a4 65 22  |&.n.4[I.......e"|
-00000290  98 8c 91 ae d6 1c 89 f4  df 63 8b 45 17 05 0c 50  |.........c.E...P|
-000002a0  c0 1d 5e 75 67 c5 be 32  9d f0 4c a5 85 91 f6 f0  |..^ug..2..L.....|
-000002b0  8d 58 11 61 85 7b 5c e4  7e 14 03 03 00 01 01 16  |.X.a.{\.~.......|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 30 27 fd 36  |...(........0'.6|
-000002d0  e0 91 2d 1d d7 4a 38 d2  73 5c 5d 4c b2 27 42 cf  |..-..J8.s\]L.'B.|
-000002e0  df 0d 33 ee 49 18 36 f3  bd c6 ee a8              |..3.I.6.....|
+00000230  88 0f 00 00 84 08 04 00  80 56 a2 bb f3 05 94 90  |.........V......|
+00000240  46 bc ef 79 ea 74 f9 a4  5c 27 59 dd 93 53 c3 9f  |F..y.t..\'Y..S..|
+00000250  07 b0 bf c1 e2 dc 39 b9  0d 63 62 d1 d0 88 65 e4  |......9..cb...e.|
+00000260  2b 28 d3 ad b1 78 60 4c  0d a6 1f 2e a1 bc 36 81  |+(...x`L......6.|
+00000270  31 f0 aa 0b 52 e6 04 69  ba 8a 9d c1 fd 25 d3 50  |1...R..i.....%.P|
+00000280  43 5b ed fc 78 21 2b cc  13 f8 db f1 8b e7 57 d8  |C[..x!+.......W.|
+00000290  59 f3 cf 54 ab d0 ea d6  8c 61 32 79 b8 be a6 c7  |Y..T.....a2y....|
+000002a0  87 0a 35 88 70 f7 3f 2d  bd 1b 7c 57 35 32 1b 81  |..5.p.?-..|W52..|
+000002b0  87 08 e3 b0 1f a1 2b 13  fb 14 03 03 00 01 01 16  |......+.........|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 49 94 ed a1  |...(........I...|
+000002d0  a3 13 e0 f4 20 2a 63 4d  ef 24 d3 6c 8d 6c de b3  |.... *cM.$.l.l..|
+000002e0  92 16 21 0d b0 6c 64 df  1b 32 ca dc              |..!..ld..2..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 30 5f 74 39 bb  |..........(0_t9.|
-00000010  c8 00 8c d7 bd 74 ce 43  62 ea 08 0f ba b4 88 74  |.....t.Cb......t|
-00000020  d3 31 c9 3c a6 3a 92 14  75 44 95 ee c0 a9 ef 75  |.1.<.:..uD.....u|
-00000030  40 25 5f                                          |@%_|
+00000000  14 03 03 00 01 01 16 03  03 00 28 b9 2c 96 43 03  |..........(.,.C.|
+00000010  f9 8c 28 34 4e 8b 58 ba  d7 1a c4 87 d8 67 5c 0f  |..(4N.X......g\.|
+00000020  36 36 67 54 4e f4 6c 9c  0c 0e 1f df ca a3 8d ab  |66gTN.l.........|
+00000030  31 f2 84                                          |1..|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 f9 d9 d3  |................|
-00000010  ee ec ec 6e 8d 0d dd 62  f3 e1 19 0f f4 24 06 46  |...n...b.....$.F|
-00000020  76 7d 78 15 03 03 00 1a  00 00 00 00 00 00 00 02  |v}x.............|
-00000030  ce 6a 05 27 af 9a 3d 09  27 70 dc c2 4c 8a a5 ab  |.j.'..=.'p..L...|
-00000040  47 d4                                             |G.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 de 90 16  |................|
+00000010  8e ec 2c 60 b8 a7 4f b6  26 8a c9 78 ff e0 73 19  |..,`..O.&..x..s.|
+00000020  b3 01 c1 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  8a 4b 2c 4b 99 51 81 27  34 28 63 00 15 24 e1 47  |.K,K.Q.'4(c..$.G|
+00000040  4a 2f                                             |J/|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15 b/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
index 5fab0f8c..b933f592 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 7b 1f 2c 33 ab  |....]...Y..{.,3.|
-00000010  6e f8 23 ca 20 a9 66 61  ac 29 00 3e ef a6 cd ee  |n.#. .fa.).>....|
-00000020  fe e7 18 b7 66 57 0d af  24 37 7a 20 e7 c8 bd 22  |....fW..$7z ..."|
-00000030  f7 ff 01 c5 ef c0 fb bd  b2 93 d9 81 df 30 96 91  |.............0..|
-00000040  0b af b5 a2 61 87 76 27  d4 bf ce 88 c0 2f 00 00  |....a.v'...../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 0e 33 06 1f 9d  |....]...Y...3...|
+00000010  3d 0e 59 21 38 7d 4c ea  a2 2a 2a c7 99 7b e9 bf  |=.Y!8}L..**..{..|
+00000020  61 e2 44 a1 10 5e 5d a1  e4 fd 90 20 c1 f0 1c 8e  |a.D..^].... ....|
+00000030  00 2f d9 a0 45 23 76 35  e0 01 2e 49 b8 4d b4 76  |./..E#v5...I.M.v|
+00000040  08 65 3f cd 8b dc 80 ea  fd 31 9f 47 c0 2f 00 00  |.e?......1.G./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,18 +62,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 2d 21 55  |............ -!U|
-000002d0  c7 73 14 c1 c8 84 91 4d  16 70 ca 47 46 4a 59 fe  |.s.....M.p.GFJY.|
-000002e0  20 d8 34 0a 78 8e a3 29  f5 40 38 d9 59 04 01 00  | .4.x..).@8.Y...|
-000002f0  80 03 9f da 00 e0 50 28  6b 29 84 9b 96 05 f1 86  |......P(k)......|
-00000300  ef f5 6d 9f 17 5f 07 f7  2d 32 af 5e 0d 72 f4 86  |..m.._..-2.^.r..|
-00000310  af 7c b9 e8 2d 80 b3 10  80 dd 61 5b e5 a7 53 5a  |.|..-.....a[..SZ|
-00000320  5e 19 47 5f f1 96 a4 ab  d8 e7 65 eb be eb bc 51  |^.G_......e....Q|
-00000330  95 6f 29 48 ac cb a7 08  3a b9 45 77 37 30 a3 83  |.o)H....:.Ew70..|
-00000340  e4 ef 58 06 0e ec a1 cf  2c 06 62 a8 1c 97 64 ac  |..X.....,.b...d.|
-00000350  c7 86 13 4c 9b 80 69 d4  89 9c 96 2c f9 20 c6 2c  |...L..i....,. .,|
-00000360  d2 11 64 ab 8d df c0 ea  1c 73 da ed 10 28 dc 90  |..d......s...(..|
-00000370  8a 16 03 03 00 0c 0d 00  00 08 01 01 00 02 04 01  |................|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 09 ce 63  |............ ..c|
+000002d0  9c 52 37 83 ef 21 78 60  eb 8b dd 22 91 fb 34 4f  |.R7..!x`..."..4O|
+000002e0  ee 04 ef 48 75 2f 49 7e  3f 0b 00 62 15 04 01 00  |...Hu/I~?..b....|
+000002f0  80 a0 11 99 d2 bc a9 fd  59 ad 38 20 bb 44 85 8e  |........Y.8 .D..|
+00000300  89 35 2e 42 ff a2 87 81  86 f5 e3 6c 9d 84 2a cf  |.5.B.......l..*.|
+00000310  0d cc 6a c0 ce 31 01 91  48 78 75 23 24 3e 3d 93  |..j..1..Hxu#$>=.|
+00000320  bf ad c9 49 9d 63 66 cd  4b cc 92 0f 6d 64 2c 80  |...I.cf.K...md,.|
+00000330  71 22 bf 6d 62 8e 8a f7  19 6f 50 2a 86 46 e4 46  |q".mb....oP*.F.F|
+00000340  71 73 df 8c 25 84 6f 28  a7 8c bd 78 01 22 a2 91  |qs..%.o(...x."..|
+00000350  f4 17 ef 88 55 9d d5 ac  42 5a 8a c8 7a 1b bf d1  |....U...BZ..z...|
+00000360  d9 6d 15 42 b9 37 16 7b  2b 3c c7 58 99 da ab 98  |.m.B.7.{+<.X....|
+00000370  f3 16 03 03 00 0c 0d 00  00 08 01 01 00 02 04 01  |................|
 00000380  00 00 16 03 03 00 04 0e  00 00 00                 |...........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
@@ -112,26 +111,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 04 01 00  80 5e cb 28 a9 f4 b7 f1  |.........^.(....|
-00000240  a7 31 a5 51 4c 2d b0 c9  fb 84 0a 77 30 bc 00 72  |.1.QL-.....w0..r|
-00000250  66 65 aa 20 78 34 f1 3f  31 93 42 f7 7c 28 23 70  |fe. x4.?1.B.|(#p|
-00000260  b6 ad 2a 8f ed 70 2f a8  db ce 69 20 3e 9f 2a 6d  |..*..p/...i >.*m|
-00000270  1f 32 f8 32 7c 74 c9 2a  cd b5 c0 0d 0e 1a 32 d5  |.2.2|t.*......2.|
-00000280  ed a3 09 fb 8b ce 1d 30  52 5e ba c2 17 85 f0 c2  |.......0R^......|
-00000290  59 e6 db 0c 17 b3 2c 81  cd 1b f1 4c 92 e7 1b 6a  |Y.....,....L...j|
-000002a0  49 86 50 25 00 59 40 df  b2 fd c8 3b 9d c7 2f 57  |I.P%.Y@....;../W|
-000002b0  e1 e5 31 91 57 60 f2 b8  e5 14 03 03 00 01 01 16  |..1.W`..........|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 07 cd 54 b1  |...(..........T.|
-000002d0  e3 78 20 90 ca 71 5e 06  f4 32 e9 02 41 60 c1 9d  |.x ..q^..2..A`..|
-000002e0  d3 c6 42 45 d8 2e fc 3d  07 9a 9d 04              |..BE...=....|
+00000230  88 0f 00 00 84 04 01 00  80 01 83 0b 8b bf a3 50  |...............P|
+00000240  03 89 e8 24 9b 9e 2e f5  7b 72 58 b1 b1 ba b2 64  |...$....{rX....d|
+00000250  9f a9 e2 b4 00 78 79 50  ec 55 18 43 e5 c4 a4 76  |.....xyP.U.C...v|
+00000260  c8 21 bc 7e e0 c4 2d 78  85 d7 33 ca d7 4d e0 f1  |.!.~..-x..3..M..|
+00000270  cd 6d bd 17 2f a0 b9 39  93 29 ba d7 09 4f bb 08  |.m../..9.)...O..|
+00000280  b0 b0 05 f1 83 de d0 db  39 f9 b4 34 a3 ca d3 76  |........9..4...v|
+00000290  97 35 f6 ea cd 53 fe bb  94 99 30 e3 a2 0a 29 1a  |.5...S....0...).|
+000002a0  5f f4 28 0e 8c 80 fc 75  84 a4 e2 3a 29 a9 50 be  |_.(....u...:).P.|
+000002b0  11 99 bb a5 12 64 5c af  5f 14 03 03 00 01 01 16  |.....d\._.......|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 8e 51 58 0e  |...(.........QX.|
+000002d0  1a fd 8e 01 f1 6b 59 94  54 ab 00 be 45 8b 4c ae  |.....kY.T...E.L.|
+000002e0  70 c3 db 53 de 82 12 6c  cb df 32 72              |p..S...l..2r|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 75 60 b0 0a 19  |..........(u`...|
-00000010  12 ee 0f 5c c2 6a 31 f8  27 e3 53 b1 76 2b 6a 93  |...\.j1.'.S.v+j.|
-00000020  a2 37 72 74 e8 e9 c8 e7  94 56 6b d5 a3 49 09 79  |.7rt.....Vk..I.y|
-00000030  59 66 34                                          |Yf4|
+00000000  14 03 03 00 01 01 16 03  03 00 28 7b 7f 81 c9 d7  |..........({....|
+00000010  1d 3a 32 48 da 92 d6 9f  78 6e 2f d3 e9 7e 9f 12  |.:2H....xn/..~..|
+00000020  9b 0b e1 00 e8 2f 4b 63  2c 3d 94 e4 f8 1e 06 7d  |...../Kc,=.....}|
+00000030  a7 7e 6a                                          |.~j|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 70 7a 77  |.............pzw|
-00000010  14 b3 3d 3e 51 19 5e ae  97 56 bc e8 3c 1c 46 dd  |..=>Q.^..V..<.F.|
-00000020  67 e6 f5 15 03 03 00 1a  00 00 00 00 00 00 00 02  |g...............|
-00000030  50 4b b6 03 84 33 58 6a  a1 95 dc 8e ad d1 1f 8b  |PK...3Xj........|
-00000040  93 ca                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 ee 21 1b  |..............!.|
+00000010  45 15 6a 0c 79 12 4d 79  d2 26 db fc e4 da 0f e4  |E.j.y.My.&......|
+00000020  20 7e c7 15 03 03 00 1a  00 00 00 00 00 00 00 02  | ~..............|
+00000030  2a 46 62 6b 5e c3 14 56  e1 fb d0 61 f5 e8 7b 2f  |*Fbk^..V...a..{/|
+00000040  cc fd                                             |..|
diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS b/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
index 867ec87a..64602679 100644
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 97 c2 4c 45 c0  |....]...Y....LE.|
-00000010  22 6a 7d 71 93 1a 71 a7  e1 40 a5 44 5e 39 8a 3e  |"j}q..q..@.D^9.>|
-00000020  99 04 1f e1 74 ad 3a 64  89 ad 93 20 61 76 9a e1  |....t.:d... av..|
-00000030  39 26 af 37 ad ea f2 9c  4c 2e 1b a2 18 0c 73 8e  |9&.7....L.....s.|
-00000040  5b 8b f0 0f 44 04 80 31  5a 49 39 f0 c0 2f 00 00  |[...D..1ZI9../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 cd 47 5d a7 66  |....]...Y...G].f|
+00000010  aa b1 e1 bd ed 83 bd 3d  4a b7 b2 08 b8 79 08 c5  |.......=J....y..|
+00000020  22 7b 8d be fe 55 4c 2d  b5 4c b9 20 13 26 2a e6  |"{...UL-.L. .&*.|
+00000030  ab 60 4c 53 8c b7 27 c4  d5 12 ff 38 64 b1 a2 1d  |.`LS..'....8d...|
+00000040  4f a4 c7 28 53 95 01 8f  7e 4a 7b 02 c0 2f 00 00  |O..(S...~J{../..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 66 0b  00 02 62 00 02 5f 00 02  |......f...b.._..|
 00000070  5c 30 82 02 58 30 82 01  8d a0 03 02 01 02 02 11  |\0..X0..........|
@@ -64,17 +63,17 @@
 000002a0  fa b1 3f 14 11 89 66 79  d1 8e 88 0e 0b a0 9e 30  |..?...fy.......0|
 000002b0  2a c0 67 ef ca 46 02 88  e9 53 81 22 69 22 97 ad  |*.g..F...S."i"..|
 000002c0  80 93 d4 f7 dd 70 14 24  d7 70 0a 46 a1 16 03 03  |.....p.$.p.F....|
-000002d0  00 ac 0c 00 00 a8 03 00  1d 20 ae c6 bf 84 a5 c3  |......... ......|
-000002e0  05 6b fa 30 b0 ec b7 c2  ff ec 7d e4 b8 e0 f2 0f  |.k.0......}.....|
-000002f0  3d 0e ef de 32 ad f2 6e  52 55 08 04 00 80 07 86  |=...2..nRU......|
-00000300  e1 b2 04 6e b2 43 09 df  c9 20 35 11 3b 0f 10 61  |...n.C... 5.;..a|
-00000310  7e 67 cc 65 c6 60 80 c3  43 7d b8 1c 52 e3 09 af  |~g.e.`..C}..R...|
-00000320  df 38 79 e1 ea 6d b4 6b  bc 50 fe a8 6f 46 6f 9c  |.8y..m.k.P..oFo.|
-00000330  40 1c 6f f2 e5 c6 d9 a4  db 72 24 4a 9c 57 e7 d6  |@.o......r$J.W..|
-00000340  91 91 5b 1b f1 40 f2 d9  58 a2 81 4c d7 be 20 d4  |..[..@..X..L.. .|
-00000350  12 4f 64 05 e5 ec ba 35  22 a7 fe df c9 ea b3 43  |.Od....5"......C|
-00000360  dc 47 29 98 eb c9 92 11  42 a0 80 a4 2a 2e 4d 47  |.G).....B...*.MG|
-00000370  73 9e 0f 13 37 79 92 ca  db c4 84 db 05 4a 16 03  |s...7y.......J..|
+000002d0  00 ac 0c 00 00 a8 03 00  1d 20 a8 94 95 94 cc 16  |......... ......|
+000002e0  f1 dc 11 b6 c5 52 b3 fe  95 4d 28 34 1f 2d 87 ec  |.....R...M(4.-..|
+000002f0  8d 56 51 0e 5b 92 03 f9  60 0d 08 04 00 80 09 3a  |.VQ.[...`......:|
+00000300  99 39 d8 3f 63 b4 86 12  ba ce e6 6d d6 22 aa d8  |.9.?c......m."..|
+00000310  31 60 86 eb 48 cc c0 87  97 a5 0d c7 42 86 cc f8  |1`..H.......B...|
+00000320  f7 f9 d5 1a 34 86 ec 41  02 08 99 c2 93 9b d1 b5  |....4..A........|
+00000330  57 a4 84 3c a8 93 0a c9  f7 1e a1 33 07 ca 60 c4  |W..<.......3..`.|
+00000340  4b 40 32 20 a6 22 3f 6d  4e 28 22 3b 52 70 9a 4d  |K@2 ."?mN(";Rp.M|
+00000350  fa 84 67 88 ba b5 0d 92  eb 23 94 90 00 e2 68 74  |..g......#....ht|
+00000360  5f 13 a3 d4 2d fb 24 f2  32 09 b1 e3 63 15 39 b1  |_...-.$.2...c.9.|
+00000370  9e 1e a6 61 fd 8d c6 cf  1f f7 f7 43 0c 64 16 03  |...a.......C.d..|
 00000380  03 00 0c 0d 00 00 08 01  01 00 02 08 04 00 00 16  |................|
 00000390  03 03 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
@@ -120,26 +119,26 @@
 00000270  10 00 00 21 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |...! /.}.G.bC.(.|
 00000280  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
 00000290  5f 58 cb 3b 74 16 03 03  00 88 0f 00 00 84 08 04  |_X.;t...........|
-000002a0  00 80 cb ab 63 1d e6 7e  16 22 27 8b e7 91 f4 5c  |....c..~."'....\|
-000002b0  66 fc 70 eb f7 e6 9c 86  7c 62 30 1c 78 35 bf 09  |f.p.....|b0.x5..|
-000002c0  af d1 5b e3 55 45 98 8d  4c 16 8e 69 cb 8f 45 97  |..[.UE..L..i..E.|
-000002d0  6d c4 6a 25 2a 47 43 64  ac 52 12 bd f5 b9 c0 b0  |m.j%*GCd.R......|
-000002e0  51 38 e7 d4 c8 a2 9c 35  4b 5b ab 21 76 73 68 fe  |Q8.....5K[.!vsh.|
-000002f0  d0 7a f2 95 3c 44 3b 55  b0 89 76 3e 42 e1 23 51  |.z..<D;U..v>B.#Q|
-00000300  29 92 3d 6a df 29 61 ee  52 f5 78 71 97 13 d6 09  |).=j.)a.R.xq....|
-00000310  ff 08 7a 5f 9d 20 49 83  2e 84 82 ba 08 69 db ae  |..z_. I......i..|
-00000320  e2 1b 14 03 03 00 01 01  16 03 03 00 28 00 00 00  |............(...|
-00000330  00 00 00 00 00 6a ff 4b  3d c1 06 20 69 ed f0 a8  |.....j.K=.. i...|
-00000340  7c ec a7 f8 cc 8e a6 de  2d 5e 50 f7 b2 28 9e 97  ||.......-^P..(..|
-00000350  27 35 c3 67 72                                    |'5.gr|
+000002a0  00 80 86 14 3f 28 40 db  2b 02 d6 56 d3 58 d0 77  |....?(@.+..V.X.w|
+000002b0  58 f8 a3 25 1f 18 d1 9c  0a d2 56 09 32 59 34 db  |X..%......V.2Y4.|
+000002c0  d9 2e 0a bf b4 c2 0a 86  ee 6e 29 56 53 aa 82 11  |.........n)VS...|
+000002d0  96 6d 86 29 7c 85 a4 71  56 04 71 5f e6 68 3f 3f  |.m.)|..qV.q_.h??|
+000002e0  71 54 13 a2 22 b4 3e 38  fa c2 96 a4 c4 ab 83 c6  |qT..".>8........|
+000002f0  f5 ca 7a ea 2c 8d 62 4d  76 d6 db 9c f0 0e 8c 2a  |..z.,.bMv......*|
+00000300  38 2f 9d 24 34 f4 33 73  54 a2 44 9a e3 4c 1f a7  |8/.$4.3sT.D..L..|
+00000310  ca 49 16 e8 35 29 29 d1  48 95 0a 38 19 64 4c e7  |.I..5)).H..8.dL.|
+00000320  0d a5 14 03 03 00 01 01  16 03 03 00 28 00 00 00  |............(...|
+00000330  00 00 00 00 00 09 7f fa  f5 c5 e5 b1 46 7e 3d e2  |............F~=.|
+00000340  d4 51 a7 b8 ae 0a 56 a3  8c 45 40 97 d4 c5 81 4e  |.Q....V..E@....N|
+00000350  6f 12 50 b3 f6                                    |o.P..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 e3 2f c4 66 7e  |..........(./.f~|
-00000010  8f bf 41 2e 56 f3 d1 76  63 f8 c0 b1 86 50 98 a0  |..A.V..vc....P..|
-00000020  63 c0 c9 23 68 c5 7c f7  08 17 0a 62 78 a8 3d 86  |c..#h.|....bx.=.|
-00000030  5c 1a c6                                          |\..|
+00000000  14 03 03 00 01 01 16 03  03 00 28 0b 0d 27 bb 5f  |..........(..'._|
+00000010  c5 fa 62 08 8f 7a 24 65  90 bc de be 28 ae a4 e2  |..b..z$e....(...|
+00000020  1f ac 18 7a 83 3e 90 bb  76 2f 73 ec 35 ca d3 e7  |...z.>..v/s.5...|
+00000030  d8 25 7f                                          |.%.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 e9 51 91  |..............Q.|
-00000010  f5 cb 2d b9 5e cb b3 52  14 7c e8 18 8f fe b6 ee  |..-.^..R.|......|
-00000020  7a 41 90 15 03 03 00 1a  00 00 00 00 00 00 00 02  |zA..............|
-00000030  d3 5f c1 e2 f5 12 40 c0  4c 1d ab ef 16 3a af 19  |._....@.L....:..|
-00000040  30 59                                             |0Y|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 a7 07 a5  |................|
+00000010  b5 4c 26 d0 d1 6b 52 10  8f 7c 3a 4c 31 ce 74 fa  |.L&..kR..|:L1.t.|
+00000020  4a c7 9b 15 03 03 00 1a  00 00 00 00 00 00 00 02  |J...............|
+00000030  22 22 5a b9 ef 4f 05 9f  2e 1e 9c 11 e1 6c 0b 1e  |""Z..O.......l..|
+00000040  bd 10                                             |..|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES b/testdata/Client-TLSv12-ECDHE-ECDSA-AES
index a17b1860..6268dbcc 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 be 37 6c 0c 68  |....]...Y...7l.h|
-00000010  bd 81 e4 4e 28 fa 5d 2c  03 8d 17 7a 47 b8 de 89  |...N(.],...zG...|
-00000020  3d 06 71 dd 40 c0 70 c1  a8 3d 00 20 22 7e 4c f8  |=.q.@.p..=. "~L.|
-00000030  1c 6b 13 c4 12 46 d3 de  c4 88 2e 41 c3 d7 df 10  |.k...F.....A....|
-00000040  23 aa 30 b1 34 a5 7b c9  03 fb d8 3e c0 09 00 00  |#.0.4.{....>....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 61 e9 cc eb 72  |....]...Y..a...r|
+00000010  7c 11 18 0e 9d 6b 72 e9  be 84 f3 92 8d 5f e6 4c  ||....kr......_.L|
+00000020  ec 9e f0 00 ca 00 6f af  90 5b de 20 29 97 82 6d  |......o..[. )..m|
+00000030  57 ac 60 59 41 1d bb 29  b1 12 a4 ac 60 18 3b 51  |W.`YA..)....`.;Q|
+00000040  af 5c e7 80 1a dc 9d 72  ed 3a 74 96 c0 09 00 00  |.\.....r.:t.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,39 +57,39 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 47 dc 78 14 d8 57  a7 37 29 1a 49 f6 07 09  |. G.x..W.7).I...|
-00000290  37 49 df 36 32 a1 e2 c9  67 e3 9c 40 ed f5 ac ea  |7I.62...g..@....|
-000002a0  c2 34 04 03 00 8a 30 81  87 02 41 14 f9 1f 8e 3d  |.4....0...A....=|
-000002b0  b6 d9 91 86 b0 b2 94 dd  14 89 47 b7 a5 2b d3 3a  |..........G..+.:|
-000002c0  b9 f8 ef 4c ae 5c 26 74  e8 c1 c5 18 f1 e5 cd 3f  |...L.\&t.......?|
-000002d0  4e 70 45 64 3b 53 14 b7  f7 86 bf d1 ee 3b cd ab  |NpEd;S.......;..|
-000002e0  cf 3a bd 12 c7 1e 89 fb  60 bf 34 be 02 42 01 7c  |.:......`.4..B.||
-000002f0  7b 7b 03 94 f9 1b 70 4c  25 3c c5 11 2c 1b e0 39  |{{....pL%<..,..9|
-00000300  6c ee d1 11 0e 73 82 97  06 c9 eb 92 44 cb 78 66  |l....s......D.xf|
-00000310  7c 9e 93 70 79 08 3e 20  90 ef 4b 9b 73 75 80 d4  ||..py.> ..K.su..|
-00000320  68 68 f0 06 b1 e8 d8 92  22 e0 07 a7 78 e7 e2 19  |hh......"...x...|
-00000330  16 03 03 00 04 0e 00 00  00                       |.........|
+00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
+00000280  1d 20 88 7d 69 d3 1b 2d  b5 dd 4e 0a f4 98 f3 8c  |. .}i..-..N.....|
+00000290  42 d7 ee e2 7c 28 dc f2  75 ec b0 9e ca ad cb 21  |B...|(..u......!|
+000002a0  59 34 04 03 00 8b 30 81  88 02 42 01 32 2c 84 f3  |Y4....0...B.2,..|
+000002b0  d8 7c 05 58 ac d0 25 46  42 11 b4 7c 0a cb ee 83  |.|.X..%FB..|....|
+000002c0  7f 68 36 b6 be f8 d2 0a  8d d7 bc 8a 95 d8 2d b3  |.h6...........-.|
+000002d0  fa 87 56 ae 4c 01 3f bf  29 d1 81 c1 5d e9 f0 93  |..V.L.?.)...]...|
+000002e0  f6 32 91 e7 da 18 84 dd  8d a4 94 3f 81 02 42 01  |.2.........?..B.|
+000002f0  70 96 e1 3c c9 aa b8 72  8d 8e 13 68 00 50 65 9c  |p..<...r...h.Pe.|
+00000300  cf c6 1e 5f 5a d0 80 e8  8b ff 24 df a9 55 42 d9  |..._Z.....$..UB.|
+00000310  75 83 67 d7 20 69 f1 29  2d 15 f4 83 f9 ff 3d c8  |u.g. i.)-.....=.|
+00000320  0e 79 a9 3e 86 38 4a c5  a2 93 f1 47 a2 43 41 a5  |.y.>.8J....G.CA.|
+00000330  bb 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 27 23 d3  72 40 80 76 5c b6 7a fd  |.....'#.r@.v\.z.|
-00000050  bf 45 9e 33 76 d1 3d 1b  77 23 90 ed 75 7b aa 91  |.E.3v.=.w#..u{..|
-00000060  f2 8e e7 b1 bb 69 86 84  b2 b5 40 2c 4a 1d f9 cf  |.....i....@,J...|
-00000070  3e de fe 39 36                                    |>..96|
+00000040  00 00 00 00 00 84 08 13  72 05 4e a7 cb ac c1 40  |........r.N....@|
+00000050  9e 31 9c a4 8f 7f f1 41  c6 63 19 39 3d d4 27 74  |.1.....A.c.9=.'t|
+00000060  f9 5c 59 88 15 c3 e2 a7  6a 6f 6d fb 52 6f 94 36  |.\Y.....jom.Ro.6|
+00000070  1e 8d 47 50 db                                    |..GP.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 54 e0 6f 57 aa  |..........@T.oW.|
-00000010  e7 14 b0 06 69 45 42 ee  6c ce a7 0b a7 27 94 83  |....iEB.l....'..|
-00000020  cd 63 81 19 ac 06 1b 9f  78 86 5b 04 82 40 e7 41  |.c......x.[..@.A|
-00000030  f1 df 17 26 8a b4 1c f1  59 ca 43 6b 13 f8 d7 8b  |...&....Y.Ck....|
-00000040  4e ce 28 cd d2 9b ca c6  42 04 e6                 |N.(.....B..|
+00000000  14 03 03 00 01 01 16 03  03 00 40 9f 65 82 54 e1  |..........@.e.T.|
+00000010  50 68 92 33 d1 f2 a1 1d  95 81 e1 df c3 b2 4c 9b  |Ph.3..........L.|
+00000020  f4 8d ee b2 4b 43 2f e9  e3 af 60 ae d4 4c 7a 4b  |....KC/...`..LzK|
+00000030  f5 03 22 f0 11 58 de 4d  ac 46 5a bf 98 da 01 1d  |.."..X.M.FZ.....|
+00000040  fa 19 ad a6 48 66 fa c1  25 4b a0                 |....Hf..%K.|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 d7 38 5f  c6 c8 c8 c0 2e fc 08 d7  |......8_........|
-00000020  40 aa 3d 6a 90 75 2f 90  c4 33 d9 a8 50 db 57 f6  |@.=j.u/..3..P.W.|
-00000030  3e 4d 03 c8 b0 15 03 03  00 30 00 00 00 00 00 00  |>M.......0......|
-00000040  00 00 00 00 00 00 00 00  00 00 bf 0d 85 fb 60 57  |..............`W|
-00000050  02 4a 5f 95 9e 6b 00 6e  6e e6 a9 3e 6d fd 62 b9  |.J_..k.nn..>m.b.|
-00000060  79 d3 5e e2 63 cd 3b f1  a8 0d                    |y.^.c.;...|
+00000010  00 00 00 00 00 b3 26 24  39 5d 7c fc 25 23 ee fc  |......&$9]|.%#..|
+00000020  3a 6a 38 08 f5 bf 5e cc  dc 34 83 1f 5e af b0 b4  |:j8...^..4..^...|
+00000030  ee 34 fc f5 e1 15 03 03  00 30 00 00 00 00 00 00  |.4.......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 84 b2 cc 06 95 78  |...............x|
+00000050  de 1d a0 cc d3 15 32 b7  89 74 8d 99 70 13 37 c3  |......2..t..p.7.|
+00000060  e2 99 6e fe 8c 2d 69 77  cc 93                    |..n..-iw..|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
index 93bdcc53..e235f27b 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 a7 4e f4 80 a2  |....]...Y...N...|
-00000010  78 28 eb 69 72 3a 45 21  e6 dd 67 7c a4 64 70 97  |x(.ir:E!..g|.dp.|
-00000020  51 60 f1 e3 27 16 b2 08  54 2d 78 20 07 7c ed b5  |Q`..'...T-x .|..|
-00000030  dd aa 68 7a a6 8b 85 3d  49 be e4 78 ac 47 b1 02  |..hz...=I..x.G..|
-00000040  15 35 ea f2 db 4b 03 f3  29 f3 d1 87 c0 2b 00 00  |.5...K..)....+..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 ac 28 cc 34 03  |....]...Y...(.4.|
+00000010  c8 91 48 22 79 a2 98 74  e4 55 df 72 6b 41 cb 40  |..H"y..t.U.rkA.@|
+00000020  58 ba 04 93 e7 f3 1c 8e  0a 19 d1 20 98 93 cb 7c  |X.......... ...||
+00000030  a3 57 a1 c7 ca 19 13 5c  e1 ac c4 44 17 30 cb a3  |.W.....\...D.0..|
+00000040  b2 83 81 90 82 1d 37 c3  71 ae b8 45 c0 2b 00 00  |......7.q..E.+..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -59,33 +58,33 @@
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
 00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 26 c9 de 9d 39 5a  31 f1 7c 95 e8 c4 13 8f  |. &...9Z1.|.....|
-00000290  a7 ac 82 75 12 ac 50 ad  15 41 c9 e8 92 24 1a d1  |...u..P..A...$..|
-000002a0  c8 2b 04 03 00 8a 30 81  87 02 41 15 01 bf f7 9b  |.+....0...A.....|
-000002b0  94 32 92 67 13 9a c6 f5  31 f8 42 67 a3 74 79 24  |.2.g....1.Bg.ty$|
-000002c0  55 e5 d3 f4 14 e1 3e 5e  ac 65 8c 28 48 d5 ee 05  |U.....>^.e.(H...|
-000002d0  d0 12 96 5b 8f 14 30 fa  ce e7 19 ee f0 38 86 c2  |...[..0......8..|
-000002e0  f4 32 0a 0c d9 7d 9e 40  9b 11 a4 0e 02 42 00 fb  |.2...}.@.....B..|
-000002f0  c7 0f 07 f9 87 f7 ea af  30 3a 04 e7 6a 89 3f bd  |........0:..j.?.|
-00000300  39 3f 20 0e b5 b0 aa 5f  29 ea c4 69 22 fb 38 9f  |9? ...._)..i".8.|
-00000310  35 e1 35 a6 80 86 2d eb  bc bf 01 e9 56 78 ca 21  |5.5...-.....Vx.!|
-00000320  68 a3 01 07 3c 9e 7f c2  9a 11 3d ef b7 ce 6e 02  |h...<.....=...n.|
+00000280  1d 20 40 9c d1 ec 0a 11  08 c3 fa a0 33 80 00 62  |. @.........3..b|
+00000290  5b 65 59 c6 4f 4e 32 8a  79 fc df 63 2f ee f6 59  |[eY.ON2.y..c/..Y|
+000002a0  40 4a 04 03 00 8a 30 81  87 02 41 39 af 63 7a fa  |@J....0...A9.cz.|
+000002b0  dc e3 40 85 19 9d 1b 8f  ca 55 26 e4 00 a1 f5 01  |..@......U&.....|
+000002c0  73 e6 b5 6f ab bb c3 f3  b4 e0 c2 a1 33 37 ae ec  |s..o........37..|
+000002d0  e7 90 f6 dd b4 a4 c8 f1  3c 51 67 94 c1 ee d7 f3  |........<Qg.....|
+000002e0  7c 6c 10 9d 58 bf 4b 4a  fd 66 b5 d2 02 42 00 83  ||l..X.KJ.f...B..|
+000002f0  37 10 03 0d 5a 39 63 04  cb bb 37 ab 3f 31 02 8a  |7...Z9c...7.?1..|
+00000300  1c 19 ce 62 f7 f4 15 b0  bf 43 0c ea 7c 16 43 f9  |...b.....C..|.C.|
+00000310  ca a3 b3 95 b1 8b 00 ed  9c 99 ac 74 39 8a 2e a0  |...........t9...|
+00000320  7e 07 e3 46 35 a2 26 3b  67 4f 3b 86 55 69 f1 c9  |~..F5.&;gO;.Ui..|
 00000330  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 32 28 d6  |....(........2(.|
-00000040  94 ba 29 2f 2b 40 56 07  0b fd a7 ce a7 79 94 b6  |..)/+@V......y..|
-00000050  f6 e4 dd eb a6 23 f3 97  8c 1f c6 a5 52           |.....#......R|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 50 16 81  |....(........P..|
+00000040  fe 51 5b ac de d7 31 1b  9a 09 4f 1e d4 de a4 af  |.Q[...1...O.....|
+00000050  c9 62 5d 38 85 23 84 8c  ae 4f 55 5d 0d           |.b]8.#...OU].|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 73 67 36 43 96  |..........(sg6C.|
-00000010  59 15 59 7a dd 3c 3f d5  88 bf 55 e1 cb d0 41 10  |Y.Yz.<?...U...A.|
-00000020  df f1 85 72 9e 87 7f fd  e8 b0 62 61 41 10 42 1e  |...r......baA.B.|
-00000030  2d 34 e1                                          |-4.|
+00000000  14 03 03 00 01 01 16 03  03 00 28 d3 0d f6 53 0f  |..........(...S.|
+00000010  c8 3e f0 e6 c0 2c ed ec  bc 8f cc 19 5e 33 30 69  |.>...,......^30i|
+00000020  3c d9 55 8b e4 14 e2 0e  3a f9 89 39 fc a7 89 70  |<.U.....:..9...p|
+00000030  58 16 44                                          |X.D|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 31 23 80  |.............1#.|
-00000010  a4 01 5a f9 7c 3b fc 2f  4d 70 4e 4f 8f 69 fc 99  |..Z.|;./MpNO.i..|
-00000020  d4 7a a7 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.z..............|
-00000030  37 75 3a 5a 6c d8 5a fd  0d cf 1f 88 67 2c 48 89  |7u:Zl.Z.....g,H.|
-00000040  6c 9e                                             |l.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 0b 26 61  |..............&a|
+00000010  e6 d8 6a 6d db c6 2d 8a  c3 8e f4 17 1a f7 8e f3  |..jm..-.........|
+00000020  ce 04 ce 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  fa f7 0a 81 bb 8d 83 f3  82 05 ee 26 69 22 90 b2  |...........&i"..|
+00000040  bb b1                                             |..|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 b/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
index eed1e965..f81845ab 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 83 27 64 12 65  |....]...Y...'d.e|
-00000010  ed df dd 5e 6c 79 e4 7b  fe fd 05 26 e0 c8 5a ca  |...^ly.{...&..Z.|
-00000020  fa 08 c2 2a 78 e1 65 33  b3 b9 82 20 01 95 06 02  |...*x.e3... ....|
-00000030  41 f4 d7 e9 64 9a a8 91  df dc 15 d0 87 02 28 7c  |A...d.........(||
-00000040  e2 75 8c 94 a3 0f 20 19  e6 e8 c4 b7 c0 23 00 00  |.u.... ......#..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 be 62 2f ca 91  |....]...Y...b/..|
+00000010  8b 79 1d ce e3 3f 2e 37  bc 74 da c8 7d de a5 85  |.y...?.7.t..}...|
+00000020  58 c8 04 55 4e c6 51 f2  18 60 33 20 2f 33 8b c1  |X..UN.Q..`3 /3..|
+00000030  b6 be 54 3e 3f 78 12 1b  d9 d0 db 71 fa 0c ee f9  |..T>?x.....q....|
+00000040  60 fb 49 08 a1 83 a4 f6  22 e8 dc 2c c0 23 00 00  |`.I....."..,.#..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,43 +57,43 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b5 0c 00 00 b1 03 00  |....*...........|
-00000280  1d 20 69 77 9a 39 8f bb  af a5 cd 5e 60 af f9 6a  |. iw.9.....^`..j|
-00000290  dc e7 2a 36 a9 bc 47 e1  fa 2d 3f a6 91 1e 6f ae  |..*6..G..-?...o.|
-000002a0  43 01 04 03 00 89 30 81  86 02 41 01 b7 fa da 05  |C.....0...A.....|
-000002b0  7c 23 3c b6 32 ea 79 ea  7c 48 62 62 c1 af 4c ff  ||#<.2.y.|Hbb..L.|
-000002c0  3f 1f e6 11 a5 8e 78 76  f6 40 d3 27 a1 24 87 90  |?.....xv.@.'.$..|
-000002d0  14 5b 66 75 31 00 0a 97  f8 98 25 af 3c 59 39 a9  |.[fu1.....%.<Y9.|
-000002e0  3a df 7b 01 ac 0b 2d 69  96 f9 89 43 02 41 6f fd  |:.{...-i...C.Ao.|
-000002f0  1f 23 6d 10 61 1e 13 27  cf 44 9e 98 46 4b d3 6c  |.#m.a..'.D..FK.l|
-00000300  d4 54 57 18 85 3d 3b 19  5e 32 9c 5f 33 96 58 0e  |.TW..=;.^2._3.X.|
-00000310  b0 b6 40 89 2b 73 bb 4c  34 74 57 01 f3 8a cb 7e  |..@.+s.L4tW....~|
-00000320  6f b2 df b4 d1 d7 1b 64  df 46 0f 96 02 fd f9 16  |o......d.F......|
-00000330  03 03 00 04 0e 00 00 00                           |........|
+00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
+00000280  1d 20 72 d6 7b c0 ab ad  36 11 45 d6 b8 4a ea be  |. r.{...6.E..J..|
+00000290  bd ad 7a f6 29 f8 9d 0e  ac d8 fc 67 f7 9c d7 63  |..z.)......g...c|
+000002a0  32 22 04 03 00 8a 30 81  87 02 42 01 09 a3 3e 2b  |2"....0...B...>+|
+000002b0  e8 b6 0b c9 76 80 60 6f  9a c5 4c 6e 7c d8 53 00  |....v.`o..Ln|.S.|
+000002c0  56 c7 f9 37 36 32 2d dc  82 d8 0c 67 7a 96 5c 34  |V..762-....gz.\4|
+000002d0  db 10 71 4e f4 29 e0 20  84 01 09 9a dc 74 76 39  |..qN.). .....tv9|
+000002e0  63 e3 b2 c5 b4 7b cc 20  92 77 f1 3b a0 02 41 5d  |c....{. .w.;..A]|
+000002f0  36 ae 86 8c 27 7f 9e 0d  17 8e 16 48 20 2a 43 ac  |6...'......H *C.|
+00000300  d4 ce c6 9b 6a 95 47 5a  47 5c 13 b6 eb db 0b a6  |....j.GZG\......|
+00000310  fa 23 fe 0c 76 e0 a9 b2  97 76 02 ff 68 3d 68 c5  |.#..v....v..h=h.|
+00000320  17 08 54 25 1a 22 c0 a3  06 bd a3 f6 7c 68 07 9e  |..T%."......|h..|
+00000330  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 50 00 00 00  00 00 00 00 00 00 00 00  |....P...........|
-00000040  00 00 00 00 00 1b 00 be  75 a8 f7 e4 b6 76 b2 7c  |........u....v.||
-00000050  30 bb 35 a2 e0 d1 ea 35  83 6d 05 6b 29 0f 4e 80  |0.5....5.m.k).N.|
-00000060  26 16 53 96 67 8e 71 ed  4a 32 1a 9f f3 8d de 34  |&.S.g.q.J2.....4|
-00000070  cb d4 b4 11 c8 7d 05 36  21 87 2b ae 33 92 d3 16  |.....}.6!.+.3...|
-00000080  1c b6 3b a3 6d                                    |..;.m|
+00000040  00 00 00 00 00 27 1a a1  cf 9d f5 8f 91 e4 7f dc  |.....'..........|
+00000050  2f 81 3f 1e 3a c3 40 21  c2 6d dd dd 8f f6 9c 4b  |/.?.:.@!.m.....K|
+00000060  0b da 8d 10 f6 83 da 35  bb b9 a4 bf 2f 29 27 a5  |.......5..../)'.|
+00000070  12 52 6a 74 6e 15 8d 82  cf 86 df f0 52 26 32 ca  |.Rjtn.......R&2.|
+00000080  02 91 8c 03 f7                                    |.....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 c0 c8 04 54 26  |..........P...T&|
-00000010  72 7d 0d a5 86 d5 92 7b  09 73 02 62 37 7a 86 6f  |r}.....{.s.b7z.o|
-00000020  5b 31 1f 28 42 3c 98 2b  08 20 03 55 c0 d6 bd 62  |[1.(B<.+. .U...b|
-00000030  8b c4 18 57 f1 d8 51 ef  f1 93 6b 70 af 72 95 06  |...W..Q...kp.r..|
-00000040  77 91 b5 37 b3 31 73 a4  a3 fb bb 63 9d 41 45 30  |w..7.1s....c.AE0|
-00000050  b4 07 43 8a 74 44 83 16  50 22 a0                 |..C.tD..P".|
+00000000  14 03 03 00 01 01 16 03  03 00 50 1f 1c 35 9b 6c  |..........P..5.l|
+00000010  a8 9f 58 0d bf 0f db b5  91 c6 74 de b1 b7 68 b6  |..X.......t...h.|
+00000020  05 0d 39 68 87 7d b3 b0  8b 86 15 67 ba 7e 54 0c  |..9h.}.....g.~T.|
+00000030  0d 4f 6e f3 ad d8 27 e8  1d fa 43 31 be 30 67 d2  |.On...'...C1.0g.|
+00000040  bc 0a 30 37 78 3e 30 62  bf 81 2e 53 da b3 88 73  |..07x>0b...S...s|
+00000050  17 42 79 ee ef 0e d3 3c  87 c8 85                 |.By....<...|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 ba c5 0e  9d f6 a1 64 f9 13 fa aa  |...........d....|
-00000020  07 1f cb d1 b6 f3 42 11  ac 2e aa 08 a4 f6 67 9e  |......B.......g.|
-00000030  1d d9 35 6a 70 85 24 25  aa b0 f3 13 87 fd 9e d5  |..5jp.$%........|
-00000040  69 60 88 bc 5c 15 03 03  00 40 00 00 00 00 00 00  |i`..\....@......|
-00000050  00 00 00 00 00 00 00 00  00 00 41 86 ed 8a 40 26  |..........A...@&|
-00000060  39 b4 bf 47 01 bf a9 9c  df 12 07 f0 dc 64 2f 5b  |9..G.........d/[|
-00000070  1e 44 94 78 85 b7 d8 92  f1 d4 d6 a7 d2 39 b5 3f  |.D.x.........9.?|
-00000080  f9 e0 78 d6 40 61 c9 4e  b0 32                    |..x.@a.N.2|
+00000010  00 00 00 00 00 2c 39 43  06 0a c3 81 10 24 e8 bb  |.....,9C.....$..|
+00000020  de b8 74 00 a9 a3 ab 9a  2a a7 8a 0e 62 b8 2a 23  |..t.....*...b.*#|
+00000030  10 46 1b 76 dc a7 81 2d  37 2e e8 5f b5 75 5e 65  |.F.v...-7.._.u^e|
+00000040  73 11 ef 71 16 15 03 03  00 40 00 00 00 00 00 00  |s..q.....@......|
+00000050  00 00 00 00 00 00 00 00  00 00 a5 24 00 67 c6 ae  |...........$.g..|
+00000060  7f 05 91 ab 17 c9 ea eb  5a f8 8f 07 f3 e5 9b 9c  |........Z.......|
+00000070  20 41 63 21 69 3e f1 bb  66 7e 0b 3d c0 0a 14 b1  | Ac!i>..f~.=....|
+00000080  a3 de 2e d9 10 23 37 84  4d 88                    |.....#7.M.|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 b/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
index 2a1b2918..bf3f0192 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 77 69 ed c9 15  |....]...Y..wi...|
-00000010  48 74 3a b5 29 8b 17 d7  88 88 33 ac 7d 5e b2 c1  |Ht:.).....3.}^..|
-00000020  73 a8 e2 4c 5e 66 a6 07  54 57 0e 20 9f b9 f0 03  |s..L^f..TW. ....|
-00000030  74 51 4a bc 23 0b 4c 6d  e3 09 8a d9 1f 09 68 33  |tQJ.#.Lm......h3|
-00000040  d7 13 a7 7a 8e 34 73 73  97 32 a6 02 c0 2c 00 00  |...z.4ss.2...,..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 45 43 2c 7b 07  |....]...Y..EC,{.|
+00000010  6e 76 10 6b f3 9c 7c 2e  b8 c9 6b 8d a0 b6 7b be  |nv.k..|...k...{.|
+00000020  79 7a 52 ab 8d f8 c6 cb  00 f6 48 20 a3 a7 3c ca  |yzR.......H ..<.|
+00000030  d7 57 be c7 6e 45 d6 75  c1 70 e0 86 1e 58 14 a3  |.W..nE.u.p...X..|
+00000040  b4 7d 78 2c ca 82 2f 38  b8 96 ef c4 c0 2c 00 00  |.}x,../8.....,..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -58,34 +57,34 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
-00000280  1d 20 a4 6e f2 07 14 a1  e4 02 87 6c 49 4e bf 77  |. .n.......lIN.w|
-00000290  c0 d9 85 13 9a 65 b7 a7  27 d7 1c 34 c4 91 bc fb  |.....e..'..4....|
-000002a0  ef 31 04 03 00 8a 30 81  87 02 42 00 8f a1 f7 fa  |.1....0...B.....|
-000002b0  18 35 a7 14 ed 02 80 4d  12 bd 07 91 5c b1 e0 8f  |.5.....M....\...|
-000002c0  c8 74 e9 37 04 56 96 8a  f3 57 42 a0 53 18 45 ad  |.t.7.V...WB.S.E.|
-000002d0  1d 90 27 fb 75 f8 d2 df  e2 e7 ad b5 98 f1 b2 88  |..'.u...........|
-000002e0  d9 e0 9d 46 fb 53 6d 5a  95 31 75 a4 1e 02 41 3f  |...F.SmZ.1u...A?|
-000002f0  63 12 d6 e0 8a 92 81 7d  93 fe f6 98 5a a7 75 13  |c......}....Z.u.|
-00000300  be 4e 31 8c b0 ee a7 41  82 fe b4 05 01 69 7f 61  |.N1....A.....i.a|
-00000310  65 41 d3 9e 59 37 03 e9  e0 4b 18 88 a5 67 d2 c1  |eA..Y7...K...g..|
-00000320  83 22 3a 09 88 c0 6e b7  e5 a4 c3 e8 ce d9 3c cc  |.":...n.......<.|
-00000330  16 03 03 00 04 0e 00 00  00                       |.........|
+00000270  95 12 07 8f 2a 16 03 03  00 b5 0c 00 00 b1 03 00  |....*...........|
+00000280  1d 20 2c 21 c0 1d 0f 62  0d 25 60 02 a2 5f 10 5b  |. ,!...b.%`.._.[|
+00000290  68 fb b8 74 a5 2f 33 d6  1e 3f 05 43 19 6d 1c 74  |h..t./3..?.C.m.t|
+000002a0  ce 5b 04 03 00 89 30 81  86 02 41 4c 6b 04 c2 3f  |.[....0...ALk..?|
+000002b0  98 87 0d 54 5a d5 1f 4c  77 1b b6 e5 f8 1f 35 29  |...TZ..Lw.....5)|
+000002c0  e9 72 13 34 ba f8 f9 b3  0f 49 ed b5 69 bd 03 3e  |.r.4.....I..i..>|
+000002d0  10 7d a5 0f 7a aa a6 c5  e0 48 24 2a 61 85 17 5d  |.}..z....H$*a..]|
+000002e0  ac 93 35 47 41 60 f6 3b  d6 41 32 20 02 41 02 4b  |..5GA`.;.A2 .A.K|
+000002f0  b7 28 37 9d 5d f3 fe 87  7b 13 9a 71 b0 59 7b f0  |.(7.]...{..q.Y{.|
+00000300  50 e2 87 aa 9a ef 0e e8  47 bd 85 60 d5 41 32 00  |P.......G..`.A2.|
+00000310  aa 26 e4 f3 c9 4c 9d df  6c dc 6a de 2b fc 76 b2  |.&...L..l.j.+.v.|
+00000320  99 28 41 1c d3 04 a2 e0  71 92 41 97 0a b3 4b 16  |.(A.....q.A...K.|
+00000330  03 03 00 04 0e 00 00 00                           |........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 dd 37 75  |....(.........7u|
-00000040  d9 75 19 9e aa 4b dd 1e  c7 af 7f 26 e2 72 30 92  |.u...K.....&.r0.|
-00000050  70 68 97 ce 03 e3 a2 99  9a 85 1a c8 09           |ph...........|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 5a b1 f1  |....(........Z..|
+00000040  5a c2 32 50 dd 2b 6c 8a  0b de b7 04 cd 69 de 3a  |Z.2P.+l......i.:|
+00000050  45 3c 72 94 80 e2 f6 6c  66 98 c3 2d 4d           |E<r....lf..-M|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 f2 ba 40 ec e3  |..........(..@..|
-00000010  77 30 c8 b1 b3 3f 97 f1  28 3b 59 26 2c a0 d3 19  |w0...?..(;Y&,...|
-00000020  4a bd d3 f1 5d e3 6c 62  56 ee 75 75 05 05 3c 1c  |J...].lbV.uu..<.|
-00000030  17 98 0a                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 be d2 0b b0 a2  |..........(.....|
+00000010  ac 18 1e dc 59 4f b4 85  be 3a 81 bd 73 51 47 35  |....YO...:..sQG5|
+00000020  b3 2b b2 84 45 3a 08 11  a3 40 13 0e 5d ef 4b 26  |.+..E:...@..].K&|
+00000030  9d e6 83                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 0b bc a8  |................|
-00000010  12 42 1b c7 8e a4 e9 26  65 4d 89 d6 e1 f0 33 67  |.B.....&eM....3g|
-00000020  5a 29 8c 15 03 03 00 1a  00 00 00 00 00 00 00 02  |Z)..............|
-00000030  42 d5 85 47 7f 6e b0 ad  23 13 74 44 84 75 4b 85  |B..G.n..#.tD.uK.|
-00000040  22 3a                                             |":|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 0f 8d 3a  |...............:|
+00000010  5b dd b2 49 18 84 73 e7  a5 c0 46 c0 ad fa cc 44  |[..I..s...F....D|
+00000020  60 0d 8c 15 03 03 00 1a  00 00 00 00 00 00 00 02  |`...............|
+00000030  f6 4c c6 95 ff e5 01 3a  3b a9 46 23 f3 bc 24 29  |.L.....:;.F#..$)|
+00000040  6d 52                                             |mR|
diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 b/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
index 3cea3743..db53e96a 100644
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
@@ -1,26 +1,26 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f2 01 00 00  ee 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 ee 01 00 00  ea 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 08 cc a9  |................|
-00000050  13 03 13 01 13 02 01 00  00 9d 00 0b 00 02 01 00  |................|
+00000050  13 03 13 01 13 02 01 00  00 99 00 0b 00 02 01 00  |................|
 00000060  ff 01 00 01 00 00 17 00  00 00 12 00 00 00 05 00  |................|
 00000070  05 01 00 00 00 00 00 0a  00 0a 00 08 00 1d 00 17  |................|
-00000080  00 18 00 19 00 0d 00 1a  00 18 08 04 04 03 08 07  |................|
-00000090  08 05 08 06 04 01 05 01  06 01 05 03 06 03 02 01  |................|
-000000a0  02 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
-000000b0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
-000000c0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
-000000d0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
-000000e0  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
-000000f0  90 99 5f 58 cb 3b 74                              |.._X.;t|
+00000080  00 18 00 19 00 0d 00 16  00 14 08 04 04 03 08 07  |................|
+00000090  08 05 08 06 04 01 05 01  06 01 05 03 06 03 00 32  |...............2|
+000000a0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000b0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
+000000c0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
+000000d0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
+000000e0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
+000000f0  cb 3b 74                                          |.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 32 3b b0 38 26  |....]...Y..2;.8&|
-00000010  a2 4b 38 02 83 42 af 10  77 e7 6b a9 d6 e7 ac c8  |.K8..B..w.k.....|
-00000020  69 ba 70 cb f8 de 6d 28  a9 b5 40 20 9f f0 a4 35  |i.p...m(..@ ...5|
-00000030  3e eb cf 99 5a 69 6c 0c  9d 45 21 ca fe e7 03 52  |>...Zil..E!....R|
-00000040  39 66 c5 90 1f 75 57 9d  03 51 3b 21 cc a9 00 00  |9f...uW..Q;!....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 74 9e c0 76 74  |....]...Y..t..vt|
+00000010  c1 54 da a1 cf ad 75 4c  fe 91 3b e2 06 e9 fb 1a  |.T....uL..;.....|
+00000020  9c 69 ee bf 30 1f 5c 0c  92 ca 58 20 a9 bb 64 3d  |.i..0.\...X ..d=|
+00000030  1e 8a 19 db 31 25 15 f2  65 5a 78 ad 7e d2 98 90  |....1%..eZx.~...|
+00000040  8a 8b 0f 0e 77 53 db a2  93 b4 76 6d cc a9 00 00  |....wS....vm....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 0e 0b  00 02 0a 00 02 07 00 02  |................|
 00000070  04 30 82 02 00 30 82 01  62 02 09 00 b8 bf 2d 47  |.0...0..b.....-G|
@@ -55,32 +55,32 @@
 00000240  8c 25 c1 33 13 83 0d 94  06 bb d4 37 7a f6 ec 7a  |.%.3.......7z..z|
 00000250  c9 86 2e dd d7 11 69 7f  85 7c 56 de fb 31 78 2b  |......i..|V..1x+|
 00000260  e4 c7 78 0d ae cb be 9e  4e 36 24 31 7b 6a 0f 39  |..x.....N6$1{j.9|
-00000270  95 12 07 8f 2a 16 03 03  00 b7 0c 00 00 b3 03 00  |....*...........|
-00000280  1d 20 b4 e4 ee 96 88 73  de d8 bc 4f 90 ca fa df  |. .....s...O....|
-00000290  26 b4 88 19 04 0e d1 be  0f 3c bb 23 68 0e a6 20  |&........<.#h.. |
-000002a0  39 17 04 03 00 8b 30 81  88 02 42 00 c7 4a 60 ba  |9.....0...B..J`.|
-000002b0  7d 8f 8a 69 93 dc 5b 9d  ce a1 33 82 ed 95 00 fb  |}..i..[...3.....|
-000002c0  96 6b 31 d9 3a 10 80 fd  03 5f d2 63 40 e1 26 75  |.k1.:...._.c@.&u|
-000002d0  d3 bd d7 4e 79 c7 1a 82  c2 3b ef e0 72 c2 a6 d3  |...Ny....;..r...|
-000002e0  28 bb d4 49 46 39 8d bd  03 9d a8 98 8b 02 42 01  |(..IF9........B.|
-000002f0  d2 51 90 9c 41 a2 51 24  8f 2e 4a 24 31 69 91 d0  |.Q..A.Q$..J$1i..|
-00000300  c3 39 0b f6 55 3e e7 b0  43 36 99 50 dd c6 45 9a  |.9..U>..C6.P..E.|
-00000310  a7 e3 c0 65 c9 b5 02 85  f6 f1 55 b2 f6 f9 8e 30  |...e......U....0|
-00000320  3b 2a 3d 8a 5c 51 31 5d  9a 3f 9d e5 63 a9 4e ba  |;*=.\Q1].?..c.N.|
-00000330  fe 16 03 03 00 04 0e 00  00 00                    |..........|
+00000270  95 12 07 8f 2a 16 03 03  00 b6 0c 00 00 b2 03 00  |....*...........|
+00000280  1d 20 6b 7f 5e 5e cd 37  8e 2a cf 07 bf 99 89 93  |. k.^^.7.*......|
+00000290  05 be e6 3c 1d a8 67 07  b4 0d 28 22 be 3f 57 88  |...<..g...(".?W.|
+000002a0  e4 41 04 03 00 8a 30 81  87 02 42 00 ce 0f 5f f7  |.A....0...B..._.|
+000002b0  52 8c 44 e3 58 4c ed 4a  4f bf 2d 14 77 0f 3c a7  |R.D.XL.JO.-.w.<.|
+000002c0  8a 7b fc 2d 0f 94 6e 51  01 51 e0 8c 58 b0 72 e4  |.{.-..nQ.Q..X.r.|
+000002d0  57 cd ab ad fd a9 8c c2  e7 92 f3 0e e0 a0 22 64  |W............."d|
+000002e0  a0 36 f9 e1 a3 f5 19 c8  8a b8 25 f6 0b 02 41 5d  |.6........%...A]|
+000002f0  d3 7c a0 42 5b f9 5d b8  f9 c2 a3 d4 8f 0e 4c c7  |.|.B[.].......L.|
+00000300  d4 61 11 73 f0 35 7e b1  73 29 0f 97 52 75 8a 1f  |.a.s.5~.s)..Ru..|
+00000310  00 e9 6e 59 25 bb ca 72  bd 1e 4f 34 fc 55 ef 66  |..nY%..r..O4.U.f|
+00000320  33 3d 5f fc e2 8d ac 09  7f 20 85 ca b3 a4 b3 ca  |3=_...... ......|
+00000330  16 03 03 00 04 0e 00 00  00                       |.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 ae 4e 75  d9 a7 be a2 6c 68 b0 19  |.... .Nu....lh..|
-00000040  b6 ef dd 90 f6 6b 27 ce  52 23 66 56 54 4a e0 b7  |.....k'.R#fVTJ..|
-00000050  d8 77 fc be 32                                    |.w..2|
+00000030  16 03 03 00 20 1a fc 19  6c ef eb a5 d1 28 d9 aa  |.... ...l....(..|
+00000040  56 3f b7 12 a0 18 eb 76  16 be 6d 1e d9 3b 6f 14  |V?.....v..m..;o.|
+00000050  51 68 9c 63 b3                                    |Qh.c.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 b5 41 67 54 66  |.......... .AgTf|
-00000010  94 8b 39 45 fb aa 66 f7  01 4b 4d d3 55 03 56 b3  |..9E..f..KM.U.V.|
-00000020  2b 08 ca bb 29 f5 0c 6b  12 8d 76                 |+...)..k..v|
+00000000  14 03 03 00 01 01 16 03  03 00 20 38 c9 5f c3 6f  |.......... 8._.o|
+00000010  1b 84 54 77 40 98 70 cb  f1 d1 5f 9e 11 16 24 c6  |..Tw@.p..._...$.|
+00000020  c4 7e f0 44 32 2c ce 29  dd 8e 20                 |.~.D2,.).. |
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 7b 7f a6  ce de 59 a8 56 2f 1b a0  |.....{....Y.V/..|
-00000010  30 39 9d 87 41 3e bf 7c  af 5d f8 15 03 03 00 12  |09..A>.|.]......|
-00000020  47 4e 8a e8 c7 b7 5e d2  0d 57 f5 7d 85 91 08 f6  |GN....^..W.}....|
-00000030  57 b9                                             |W.|
+00000000  17 03 03 00 16 86 12 a2  e2 ae df 03 ed e4 a4 74  |...............t|
+00000010  d0 8b 8c 17 92 20 4d bd  c2 29 ac 15 03 03 00 12  |..... M..)......|
+00000020  e1 66 4e 21 16 24 34 9f  0f 95 63 80 d6 22 52 c4  |.fN!.$4...c.."R.|
+00000030  67 ac                                             |g.|
diff --git a/testdata/Client-TLSv12-ECDHE-RSA-AES b/testdata/Client-TLSv12-ECDHE-RSA-AES
index 2e8cf680..70b43803 100644
--- a/testdata/Client-TLSv12-ECDHE-RSA-AES
+++ b/testdata/Client-TLSv12-ECDHE-RSA-AES
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 aa fb 37 3d 67  |....]...Y....7=g|
-00000010  95 94 f7 8e 74 8b 21 20  8b 63 e3 61 7f 00 53 e7  |....t.! .c.a..S.|
-00000020  cc 9e b4 72 3e ae e5 36  93 b8 17 20 be 6d 69 ec  |...r>..6... .mi.|
-00000030  ba 51 86 16 80 1e e5 dc  59 d2 6f d5 c0 28 0c bd  |.Q......Y.o..(..|
-00000040  98 3b 5f 7b 70 36 ce 40  cd 37 23 98 c0 13 00 00  |.;_{p6.@.7#.....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 c7 61 5d 9b a7  |....]...Y...a]..|
+00000010  9f 27 4f de 56 2b 83 b8  dc 21 7d 27 e5 23 c0 b4  |.'O.V+...!}'.#..|
+00000020  a7 b1 61 3c 7c b7 af 1a  b0 c6 ed 20 82 8c 08 27  |..a<|...... ...'|
+00000030  79 99 c6 a7 dd 7e 33 bb  6c d0 4b 4a 02 e7 2e 87  |y....~3.l.KJ....|
+00000040  69 24 05 ac 32 6f 40 4f  dc 2e 11 3f c0 13 00 00  |i$..2o@O...?....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,38 +62,38 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 67 97 c9  |............ g..|
-000002d0  92 1a a5 f1 e1 9b 81 36  74 0a 00 b1 f9 78 a3 0e  |.......6t....x..|
-000002e0  a1 44 98 69 92 ac cd 03  3e 94 a1 ee 1c 08 04 00  |.D.i....>.......|
-000002f0  80 93 2b a2 28 51 d1 7d  2e 07 e2 07 07 5b 3f 56  |..+.(Q.}.....[?V|
-00000300  1a 17 4a 70 6b 74 ac a2  12 02 f9 3d ec 85 b1 df  |..Jpkt.....=....|
-00000310  5a 17 a2 79 9b bb 40 4a  2f 27 a5 c1 71 7f 70 25  |Z..y..@J/'..q.p%|
-00000320  a1 72 c5 20 86 3a a2 1e  0c 53 a0 2e 76 7f 5f 5a  |.r. .:...S..v._Z|
-00000330  00 55 6b 9d 0b 5e 3a c7  8e 25 97 fb d5 a4 ea 68  |.Uk..^:..%.....h|
-00000340  79 9c 29 34 e5 6f 44 07  8b a7 7a 9c 31 c5 34 08  |y.)4.oD...z.1.4.|
-00000350  31 8d 5e 9f 0f cb 42 ae  e7 66 59 41 62 37 25 f6  |1.^...B..fYAb7%.|
-00000360  09 42 10 11 9e 19 08 6b  56 43 ae 05 ac 1c a4 24  |.B.....kVC.....$|
-00000370  f5 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 5c ce 07  |............ \..|
+000002d0  a8 0b 8f ff 08 19 e7 d7  38 62 98 bf c1 f7 92 27  |........8b.....'|
+000002e0  cb 7b 5e 50 36 51 83 61  8d b4 d6 29 1c 08 04 00  |.{^P6Q.a...)....|
+000002f0  80 98 88 66 48 81 8b 9d  9b e0 6e 6e c4 c4 99 fb  |...fH.....nn....|
+00000300  63 46 fd 8c 7e e1 d0 dd  01 e6 bb 23 97 b8 21 2e  |cF..~......#..!.|
+00000310  53 06 e0 5d 58 c8 79 c3  01 a5 01 e2 81 7b c7 a9  |S..]X.y......{..|
+00000320  04 15 98 9b 53 98 42 0b  3d 4e 97 93 b9 88 80 2c  |....S.B.=N.....,|
+00000330  78 fd 9b 99 12 7f a8 de  a0 c0 c4 1d 15 59 d4 d8  |x............Y..|
+00000340  ef 0d bd 0b 46 c3 6e e6  4b 04 69 91 c0 db 74 ca  |....F.n.K.i...t.|
+00000350  99 2e 6f 47 8b 9b 22 3f  b3 4a e3 10 47 2d dd 47  |..oG.."?.J..G-.G|
+00000360  d5 e1 9b 66 8f d9 b2 fb  b7 52 ae 6a 14 74 32 2d  |...f.....R.j.t2-|
+00000370  6e 16 03 03 00 04 0e 00  00 00                    |n.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 fc 6b 1b  7e 07 14 39 83 00 01 20  |......k.~..9... |
-00000050  ca 14 c9 c8 03 6e cb 3c  05 b8 63 c3 37 a1 63 c9  |.....n.<..c.7.c.|
-00000060  9b a1 94 01 de 61 0c 7f  ae 92 95 4d 31 6b e8 5e  |.....a.....M1k.^|
-00000070  bb 73 3f 3b a5                                    |.s?;.|
+00000040  00 00 00 00 00 99 c9 2d  35 8b 96 18 36 f4 db a4  |.......-5...6...|
+00000050  9a 56 67 6a 6b 9d ee b1  cb 95 54 43 93 7c 0e ff  |.Vgjk.....TC.|..|
+00000060  c0 54 84 83 14 bf d5 95  85 a1 b5 c5 2c fe c3 29  |.T..........,..)|
+00000070  81 7b 1e 16 2e                                    |.{...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 e4 fe 65 a6 8e  |..........@..e..|
-00000010  05 32 44 9d 56 27 03 e2  da 79 c9 fd 52 76 2e bb  |.2D.V'...y..Rv..|
-00000020  37 9f 40 59 ba de ba 56  82 a1 b4 39 29 b0 29 af  |7.@Y...V...9).).|
-00000030  96 42 9e f8 c4 e7 cf 72  1c 2c c8 c7 cb ba cd 82  |.B.....r.,......|
-00000040  bf 21 17 07 6b 39 2c 0a  17 0b 74                 |.!..k9,...t|
+00000000  14 03 03 00 01 01 16 03  03 00 40 8b 6e b0 cb bf  |..........@.n...|
+00000010  35 8d c3 7e 48 27 92 77  20 8a 38 c6 81 94 17 d4  |5..~H'.w .8.....|
+00000020  b8 18 4e 23 e7 8b 0a 89  7b d1 72 58 aa b9 9b bb  |..N#....{.rX....|
+00000030  c9 40 c7 c4 8e 74 77 f3  3e 90 9c b0 19 04 6c ea  |.@...tw.>.....l.|
+00000040  87 85 f1 fd d9 fd 2d 57  57 f1 c9                 |......-WW..|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 e4 be e7  a6 e6 3c 1e ca 47 07 07  |..........<..G..|
-00000020  98 a3 4d 13 6d ac 75 57  45 de 8e fc ca 02 c8 b6  |..M.m.uWE.......|
-00000030  00 fc 7f e0 50 15 03 03  00 30 00 00 00 00 00 00  |....P....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 84 c2 3c b7 11 8c  |............<...|
-00000050  d2 65 43 4d aa 28 0c 7f  5f 73 9c cf 43 fe 72 d1  |.eCM.(.._s..C.r.|
-00000060  87 86 9b c8 1b 04 13 a7  44 5c                    |........D\|
+00000010  00 00 00 00 00 b9 8c 86  6d 84 db d0 60 f7 11 22  |........m...`.."|
+00000020  97 52 b3 fe bb 1c 0c bd  26 9c a1 84 51 3d a2 2b  |.R......&...Q=.+|
+00000030  c0 79 e5 a5 96 15 03 03  00 30 00 00 00 00 00 00  |.y.......0......|
+00000040  00 00 00 00 00 00 00 00  00 00 7a 42 27 d5 ae 30  |..........zB'..0|
+00000050  81 b5 94 05 55 c9 93 e0  11 98 6d f8 aa 18 92 f4  |....U.....m.....|
+00000060  32 8f d1 aa a6 86 cd df  11 c2                    |2.........|
diff --git a/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 b/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
index ccfa718f..9081031e 100644
--- a/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
+++ b/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 81 ab 9b 85 bf  |....]...Y.......|
-00000010  f2 7f b2 d1 38 37 f5 dd  42 34 b6 69 e9 25 48 1c  |....87..B4.i.%H.|
-00000020  65 59 3b 6a 04 17 05 49  87 42 87 20 6a da fc 8d  |eY;j...I.B. j...|
-00000030  38 a9 cd 09 65 ac f1 9c  d6 ee ab 74 ad 96 df a0  |8...e......t....|
-00000040  87 98 23 29 79 78 0b c3  8f af ea 3c c0 27 00 00  |..#)yx.....<.'..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 7b 18 cc 97 f2  |....]...Y..{....|
+00000010  59 62 62 18 bc ee e1 09  0c 7b 8c 3e f0 36 3d 8b  |Ybb......{.>.6=.|
+00000020  96 54 26 93 c8 ac bb 7c  19 63 6a 20 96 8e 51 d2  |.T&....|.cj ..Q.|
+00000030  18 6d 8a 72 6b 5d d2 5e  2b 53 4e a5 43 cf 75 4f  |.m.rk].^+SN.C.uO|
+00000040  e6 9c 3a 30 f5 23 3f bf  66 bc fe a2 c0 27 00 00  |..:0.#?.f....'..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,42 +62,42 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 88 0b 7c  |............ ..||
-000002d0  04 c5 e3 0b 1c aa 4b 4c  0a 3a 5c 67 a5 ac 01 be  |......KL.:\g....|
-000002e0  32 77 9e 69 dc ae 64 0e  c7 4c 34 7d 74 08 04 00  |2w.i..d..L4}t...|
-000002f0  80 b7 0e 09 2f 58 46 d2  7e 19 ca d3 34 31 ac 86  |..../XF.~...41..|
-00000300  94 b3 18 56 e0 b0 75 88  ed d2 5c d2 d6 80 18 30  |...V..u...\....0|
-00000310  28 75 16 eb fb ee b6 ce  13 ed f2 75 7c b5 0d a8  |(u.........u|...|
-00000320  04 33 95 aa 2b c0 21 db  8a a8 cc 9b fe eb 55 32  |.3..+.!.......U2|
-00000330  04 22 e6 02 83 ca b1 c0  1d 14 7f 8c 44 de ce c7  |."..........D...|
-00000340  6a 60 73 1f 96 c3 62 7d  9d 36 cc f9 c1 a8 12 cb  |j`s...b}.6......|
-00000350  ea 93 36 db 8c 15 29 a1  03 3a 4f 82 13 52 f8 de  |..6...)..:O..R..|
-00000360  6f 80 b6 9d ad e8 ea 04  03 0d a5 63 74 e9 bf 2f  |o..........ct../|
-00000370  5f 16 03 03 00 04 0e 00  00 00                    |_.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 e4 05 36  |............ ..6|
+000002d0  05 47 cf b0 62 f8 f6 d6  e0 ce a5 f9 45 f6 28 f9  |.G..b.......E.(.|
+000002e0  d2 58 47 6c 0a 58 9d 85  74 52 d3 0d 17 08 04 00  |.XGl.X..tR......|
+000002f0  80 d0 8b 12 95 dd 2a 7f  b2 55 33 e0 13 28 41 47  |......*..U3..(AG|
+00000300  06 38 fe fb 11 b3 3f 66  c4 62 db 1c f9 29 9e ea  |.8....?f.b...)..|
+00000310  2f e4 62 22 4f 99 36 05  fb 89 8f d5 29 bf a6 e0  |/.b"O.6.....)...|
+00000320  fc 12 88 d8 60 9a 4d 82  eb 64 ba 99 1c 1c 82 ff  |....`.M..d......|
+00000330  df 57 a9 b9 14 d5 a7 ad  57 45 1d e0 91 db 61 90  |.W......WE....a.|
+00000340  ca 15 9b 0c 49 f8 a9 40  5f 34 6b d2 fe 00 48 e5  |....I..@_4k...H.|
+00000350  ea 1e 3b ae 1f 81 a9 d7  91 ff 46 e9 af 48 04 b3  |..;.......F..H..|
+00000360  83 0c 95 91 ea 5f 1f 5b  48 98 2a 9c f6 80 2a db  |....._.[H.*...*.|
+00000370  d2 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
 00000030  16 03 03 00 50 00 00 00  00 00 00 00 00 00 00 00  |....P...........|
-00000040  00 00 00 00 00 f3 03 08  16 9c 4f c9 0e 8c 2a 74  |..........O...*t|
-00000050  4f d4 8a 84 50 fa 16 da  5e 76 d5 80 26 40 6a 55  |O...P...^v..&@jU|
-00000060  75 16 4c 28 58 09 c9 88  fd af 93 f2 94 46 3d 1b  |u.L(X........F=.|
-00000070  6c 04 af af b4 c1 14 c7  76 5e 10 64 4e 61 19 a9  |l.......v^.dNa..|
-00000080  c8 94 aa 7b fc                                    |...{.|
+00000040  00 00 00 00 00 c0 4e 63  30 1d 23 c8 dc ef 03 e9  |......Nc0.#.....|
+00000050  29 7c 61 b8 7a a4 52 c3  09 f4 aa 97 30 3c 5a 7c  |)|a.z.R.....0<Z||
+00000060  28 d4 83 77 0d 5d 74 92  82 92 a1 e3 df 37 1d d0  |(..w.]t......7..|
+00000070  01 c1 c0 6e 83 04 4b c9  18 9b f0 92 93 2c 69 ee  |...n..K......,i.|
+00000080  60 54 ec 0b ae                                    |`T...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 9f 93 29 9e ce  |..........P..)..|
-00000010  ec cb 1f 2e 0a 4b a9 cf  2a 18 2c 6a 4e b6 4f e5  |.....K..*.,jN.O.|
-00000020  e1 15 c5 fc 8b 07 31 c1  88 ea 34 dd 14 c8 e0 e3  |......1...4.....|
-00000030  da 9e cf 42 5e 6b d9 3f  a7 00 e7 37 b0 2f cb fb  |...B^k.?...7./..|
-00000040  bb 80 4b c8 e0 00 47 af  04 26 7d e4 c0 71 0a c9  |..K...G..&}..q..|
-00000050  73 d4 35 99 e9 d8 06 c3  6f 09 69                 |s.5.....o.i|
+00000000  14 03 03 00 01 01 16 03  03 00 50 bd 21 3f c1 94  |..........P.!?..|
+00000010  2f 3e 00 3c 43 00 17 39  90 74 b2 4f 40 5d 0c 2b  |/>.<C..9.t.O@].+|
+00000020  00 09 8b fc df 5b eb 15  8b 4a 5a 5c b3 a4 e8 9f  |.....[...JZ\....|
+00000030  ce b1 e9 17 c3 8c 09 77  e2 5a 36 44 5d 38 ce f8  |.......w.Z6D]8..|
+00000040  4a c8 65 07 da 01 96 92  40 04 71 51 69 de d9 47  |J.e.....@.qQi..G|
+00000050  ae c8 99 15 41 14 18 43  9e a9 9f                 |....A..C...|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 65 8e 6b  75 f5 ea 6f 63 c0 12 d8  |.....e.ku..oc...|
-00000020  c5 42 81 1a ef 04 64 0b  38 99 35 9b 4e 84 9c 40  |.B....d.8.5.N..@|
-00000030  bc d6 f9 6f 52 16 4b c3  cb 26 42 30 af a1 d0 f9  |...oR.K..&B0....|
-00000040  07 56 27 c2 12 15 03 03  00 40 00 00 00 00 00 00  |.V'......@......|
-00000050  00 00 00 00 00 00 00 00  00 00 b1 d0 14 32 93 af  |.............2..|
-00000060  02 66 bd 5d 39 26 20 3f  c5 f1 24 54 52 a6 38 18  |.f.]9& ?..$TR.8.|
-00000070  91 6e b8 07 d9 37 58 6d  cc a9 b0 86 11 c6 b1 10  |.n...7Xm........|
-00000080  06 0c dc a5 5b ad c7 a6  fe b1                    |....[.....|
+00000010  00 00 00 00 00 ad 41 d8  27 7d f4 06 b7 6c 89 f4  |......A.'}...l..|
+00000020  e3 c5 de 6d 06 80 0c 2e  f8 42 5a 2c da f1 e2 b6  |...m.....BZ,....|
+00000030  e6 e8 6f 5c ee e0 aa 4b  d6 8a 7a 04 6a 5e 8c 99  |..o\...K..z.j^..|
+00000040  1b 36 be f9 d0 15 03 03  00 40 00 00 00 00 00 00  |.6.......@......|
+00000050  00 00 00 00 00 00 00 00  00 00 f1 cf 76 91 15 bd  |............v...|
+00000060  33 f3 96 25 c7 d9 77 30  a6 84 1a 06 c1 96 96 27  |3..%..w0.......'|
+00000070  70 ff d2 ce 82 1e 39 8f  19 75 c7 f2 0f cb de bc  |p.....9..u......|
+00000080  9a ef 4c 93 e3 3c 0c 2f  97 ad                    |..L..<./..|
diff --git a/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
index c1670a67..30ea8ec5 100644
--- a/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
+++ b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
@@ -1,26 +1,26 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 f2 01 00 00  ee 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 ee 01 00 00  ea 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 08 cc a8  |................|
-00000050  13 03 13 01 13 02 01 00  00 9d 00 0b 00 02 01 00  |................|
+00000050  13 03 13 01 13 02 01 00  00 99 00 0b 00 02 01 00  |................|
 00000060  ff 01 00 01 00 00 17 00  00 00 12 00 00 00 05 00  |................|
 00000070  05 01 00 00 00 00 00 0a  00 0a 00 08 00 1d 00 17  |................|
-00000080  00 18 00 19 00 0d 00 1a  00 18 08 04 04 03 08 07  |................|
-00000090  08 05 08 06 04 01 05 01  06 01 05 03 06 03 02 01  |................|
-000000a0  02 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
-000000b0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
-000000c0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
-000000d0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
-000000e0  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
-000000f0  90 99 5f 58 cb 3b 74                              |.._X.;t|
+00000080  00 18 00 19 00 0d 00 16  00 14 08 04 04 03 08 07  |................|
+00000090  08 05 08 06 04 01 05 01  06 01 05 03 06 03 00 32  |...............2|
+000000a0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000b0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
+000000c0  08 03 04 03 03 03 02 03  01 00 33 00 26 00 24 00  |..........3.&.$.|
+000000d0  1d 00 20 2f e5 7d a3 47  cd 62 43 15 28 da ac 5f  |.. /.}.G.bC.(.._|
+000000e0  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
+000000f0  cb 3b 74                                          |.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 34 c1 8b 5f 3a  |....]...Y..4.._:|
-00000010  34 19 b4 a5 7a b6 d4 d8  83 54 60 22 6c 56 52 d0  |4...z....T`"lVR.|
-00000020  c6 ae 08 d2 17 49 97 ec  fe f2 8a 20 d5 fc 67 75  |.....I..... ..gu|
-00000030  b1 26 04 0e ce 3a 0e c3  4a e3 9a 20 0b 36 12 43  |.&...:..J.. .6.C|
-00000040  13 0e db 9e 50 ca d6 54  89 01 33 56 cc a8 00 00  |....P..T..3V....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 1b 61 37 54 ad  |....]...Y...a7T.|
+00000010  7e 92 6a 93 df 5e f8 16  be e7 06 12 3f e7 23 84  |~.j..^......?.#.|
+00000020  be 2a 30 78 98 cf 60 8a  8a 2d 26 20 44 fb 40 31  |.*0x..`..-& D.@1|
+00000030  88 38 6e fc ce 1d af 07  e3 c0 49 05 ff bc 92 ae  |.8n.......I.....|
+00000040  58 79 51 ec a7 24 82 75  9a 16 45 fa cc a8 00 00  |XyQ..$.u..E.....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -60,31 +60,31 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 63 b1 95  |............ c..|
-000002d0  d7 d2 63 99 59 8e 56 00  0a 08 29 c9 a5 30 bd 1b  |..c.Y.V...)..0..|
-000002e0  f1 e4 ad 7d 99 c0 ea 9d  44 1c c6 22 56 08 04 00  |...}....D.."V...|
-000002f0  80 d8 02 bd 3f 32 2e 05  8b 2f 2b 98 ef fe 6b 96  |....?2.../+...k.|
-00000300  80 ab d3 e1 d0 56 45 f6  66 2a 44 52 f3 47 85 f6  |.....VE.f*DR.G..|
-00000310  3a 0a 08 11 31 be 39 68  e8 8a cd ac 83 c2 32 10  |:...1.9h......2.|
-00000320  d5 9a d6 d4 9c 93 3a 49  1e d2 43 d6 f3 b8 96 6a  |......:I..C....j|
-00000330  0b 50 53 58 77 2f 7a d5  a3 d8 f7 33 6a 29 16 05  |.PSXw/z....3j)..|
-00000340  4a 71 d3 23 dc f1 91 ec  4d be 10 53 f5 57 0d 01  |Jq.#....M..S.W..|
-00000350  36 ea 6f b7 42 68 76 6c  15 57 24 bb 92 c6 48 91  |6.o.Bhvl.W$...H.|
-00000360  b2 02 83 75 9a 52 63 2d  3c 6a b5 91 8a cf ad 52  |...u.Rc-<j.....R|
-00000370  a2 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 8b cc 79  |............ ..y|
+000002d0  1e 8e 20 61 5d 00 97 27  cb 24 5c 7c 5f 3f df db  |.. a]..'.$\|_?..|
+000002e0  2d ba 3b f4 a1 1d 3e 3c  08 da 98 22 68 08 04 00  |-.;...><..."h...|
+000002f0  80 10 fc 5b 90 af a6 8e  d4 1b 5e 63 13 55 88 55  |...[......^c.U.U|
+00000300  f3 bb ad 7a 5b 14 95 55  6b 2f 01 eb 22 88 fb 21  |...z[..Uk/.."..!|
+00000310  40 88 d1 7f 52 b2 a2 ff  51 f9 05 8c c8 28 70 77  |@...R...Q....(pw|
+00000320  3c 7a b0 48 28 f0 34 19  cc 8e c8 c9 43 93 aa fa  |<z.H(.4.....C...|
+00000330  f0 38 34 13 5c 2b 34 36  7b d8 61 a3 51 4a 72 44  |.84.\+46{.a.QJrD|
+00000340  ae 3a d0 82 27 be 13 9c  b1 10 95 d0 c9 0d 46 bd  |.:..'.........F.|
+00000350  d0 8d 3e cb 9b 61 f6 02  c3 34 cf 0f 72 7d 11 eb  |..>..a...4..r}..|
+00000360  98 f2 bb c0 ae 5f b8 8e  00 6a 47 9c 8d cf 91 eb  |....._...jG.....|
+00000370  e7 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 ab c0 00  15 90 de 61 3e 0b 60 16  |.... ......a>.`.|
-00000040  88 fe 6e a8 31 b8 cf bf  18 f5 21 c0 51 4f 96 fe  |..n.1.....!.QO..|
-00000050  47 eb c3 75 9b                                    |G..u.|
+00000030  16 03 03 00 20 af 23 75  51 f1 3c 68 f8 87 2e 2b  |.... .#uQ.<h...+|
+00000040  f2 32 9e f9 92 8c c0 f8  19 e6 f5 18 6a 6b 8f 47  |.2..........jk.G|
+00000050  86 38 b1 f9 10                                    |.8...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 38 2e e1 49 d7  |.......... 8..I.|
-00000010  20 aa 42 6c 73 05 b7 37  e3 0c 14 b0 fb bd 0f 04  | .Bls..7........|
-00000020  79 a8 6c 01 63 4a 92 c8  13 a0 d9                 |y.l.cJ.....|
+00000000  14 03 03 00 01 01 16 03  03 00 20 c0 52 cb d5 de  |.......... .R...|
+00000010  b1 43 8a 0b 75 a6 a4 d4  8f af 85 63 71 1d 3b 4f  |.C..u......cq.;O|
+00000020  7a ad 9b 77 85 1a 1d 7e  4b 42 13                 |z..w...~KB.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 d4 37 f1  77 d5 49 df 50 58 c9 41  |......7.w.I.PX.A|
-00000010  ad 99 2b bc 85 a7 33 d4  ff 96 c0 15 03 03 00 12  |..+...3.........|
-00000020  a9 7f 06 84 dd 17 63 18  26 14 5e 3e 04 87 af 37  |......c.&.^>...7|
-00000030  7f 0c                                             |..|
+00000000  17 03 03 00 16 30 b8 0e  dd 42 64 a4 17 ee f5 70  |.....0...Bd....p|
+00000010  1e 00 e8 da a7 f6 8e 73  c7 70 32 15 03 03 00 12  |.......s.p2.....|
+00000020  57 be 7b cf bb 7b fe cb  7e b2 bb 38 9f 31 65 07  |W.{..{..~..8.1e.|
+00000030  ba 61                                             |.a|
diff --git a/testdata/Client-TLSv12-Ed25519 b/testdata/Client-TLSv12-Ed25519
index a3d23b62..40b2f351 100644
--- a/testdata/Client-TLSv12-Ed25519
+++ b/testdata/Client-TLSv12-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 19 33 a6 0c 80  |....]...Y...3...|
-00000010  5d 56 d6 7b 85 ae 50 82  3a 61 7b b0 dd 01 f8 98  |]V.{..P.:a{.....|
-00000020  b9 51 22 e7 12 4c 98 f2  4c 50 49 20 37 6f ad 03  |.Q"..L..LPI 7o..|
-00000030  52 51 44 3e 26 19 df e3  59 cd 6a 41 37 3c 46 95  |RQD>&...Y.jA7<F.|
-00000040  1f e1 07 20 f2 6b b4 15  a2 41 0e b2 cc a9 00 00  |... .k...A......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 cc 3c fc d0 c6  |....]...Y...<...|
+00000010  b8 3e 6b cb 59 8d 68 04  0b 94 10 28 ad 71 06 14  |.>k.Y.h....(.q..|
+00000020  08 6c 10 12 aa 8d e4 f9  aa 7d 9b 20 a0 b8 96 40  |.l.......}. ...@|
+00000030  1a ce 65 ae a6 a2 4d 4d  92 41 8e 2c 8d 94 d1 02  |..e...MM.A.,....|
+00000040  c1 cb bd 6d 8b ee 36 ae  c5 ec 6a 40 cc a9 00 00  |...m..6...j@....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 01 3c 0b  00 01 38 00 01 35 00 01  |......<...8..5..|
 00000070  32 30 82 01 2e 30 81 e1  a0 03 02 01 02 02 10 0f  |20...0..........|
@@ -46,26 +45,26 @@
 00000180  fc ab 7d 4d d4 e0 93 13  d0 a9 42 e0 b6 6b fe 5d  |..}M......B..k.]|
 00000190  67 48 d7 9f 50 bc 6c cd  4b 03 83 7c f2 08 58 cd  |gH..P.l.K..|..X.|
 000001a0  ac cf 0c 16 03 03 00 6c  0c 00 00 68 03 00 1d 20  |.......l...h... |
-000001b0  54 12 8c 8b b0 53 e4 e0  43 90 3d 15 fb 26 ee a9  |T....S..C.=..&..|
-000001c0  12 24 60 7f d5 57 e5 1c  bc ca 4f 31 dd a2 a8 3e  |.$`..W....O1...>|
-000001d0  08 07 00 40 ad 8c 20 13  7d f5 5e 5e b2 41 9f 60  |...@.. .}.^^.A.`|
-000001e0  f7 d2 cc 2f fe 47 6d 8c  24 ca 0d 72 63 eb 0d f8  |.../.Gm.$..rc...|
-000001f0  93 0b 13 de 8f bc 92 0e  f8 77 8a de 2f 9c 32 30  |.........w../.20|
-00000200  96 cb 5b bc b8 94 68 fb  06 62 ce 01 ed b8 f8 f2  |..[...h..b......|
-00000210  c1 c4 16 01 16 03 03 00  04 0e 00 00 00           |.............|
+000001b0  fd f1 12 74 21 62 15 da  36 af d5 6c f3 0a cd 1e  |...t!b..6..l....|
+000001c0  09 37 aa 55 32 1a 27 a7  5b 37 34 32 35 36 f5 14  |.7.U2.'.[74256..|
+000001d0  08 07 00 40 3d 7c 51 33  98 02 91 19 da 47 1a 1a  |...@=|Q3.....G..|
+000001e0  fe 03 4e 1b e8 5c 5e a7  12 9c e6 8a c2 74 18 dd  |..N..\^......t..|
+000001f0  18 9a 9d d6 60 f3 c8 63  00 33 d8 81 3e 2e 40 0f  |....`..c.3..>.@.|
+00000200  c5 98 fc a8 1c 6b 0c 19  70 f5 16 a5 25 ce 7b b8  |.....k..p...%.{.|
+00000210  f2 f5 87 04 16 03 03 00  04 0e 00 00 00           |.............|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 25 48 e8  48 d4 0e e2 2e 91 65 98  |.... %H.H.....e.|
-00000040  60 1e ae 8f e6 7e 5b 0a  bb 7b 90 8a 2b a7 b2 81  |`....~[..{..+...|
-00000050  f6 4b 17 c5 cc                                    |.K...|
+00000030  16 03 03 00 20 91 a7 c4  90 65 85 ce 63 66 fa 8b  |.... ....e..cf..|
+00000040  5c 22 e1 1d fb 14 c2 6c  86 7c 52 7c d1 96 3b 41  |\".....l.|R|..;A|
+00000050  20 0d bf 09 e8                                    | ....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 f5 ed d5 32 97  |.......... ...2.|
-00000010  a7 91 bc 42 03 3b f1 76  21 68 19 41 8f 70 a1 74  |...B.;.v!h.A.p.t|
-00000020  28 fb f4 7a 61 1e cf 79  b6 f7 a8                 |(..za..y...|
+00000000  14 03 03 00 01 01 16 03  03 00 20 d0 3e 15 0e 08  |.......... .>...|
+00000010  5b fd a8 b7 5f 01 7f ca  6d af 78 6e 33 7a 93 42  |[..._...m.xn3z.B|
+00000020  aa 6e e4 f4 a1 bb 9a 2d  bb 17 6f                 |.n.....-..o|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 9b bf f5  4d cb b0 e2 bb 5c df e4  |........M....\..|
-00000010  c8 85 31 11 d1 59 9d 72  03 2a 74 15 03 03 00 12  |..1..Y.r.*t.....|
-00000020  13 fd 92 1a 96 bf 23 2e  06 8b e4 42 f6 05 7d 7e  |......#....B..}~|
-00000030  6c cd                                             |l.|
+00000000  17 03 03 00 16 7b f9 2f  ce ac bc 43 3c 6b 10 3b  |.....{./...C<k.;|
+00000010  9e 06 46 5f 4d d0 56 ca  85 14 96 15 03 03 00 12  |..F_M.V.........|
+00000020  68 81 80 6b 60 6c e6 2d  bb 0a b0 3a 21 04 2e a9  |h..k`l.-...:!...|
+00000030  b7 41                                             |.A|
diff --git a/testdata/Client-TLSv12-ExportKeyingMaterial b/testdata/Client-TLSv12-ExportKeyingMaterial
index 55644403..b3877a7b 100644
--- a/testdata/Client-TLSv12-ExportKeyingMaterial
+++ b/testdata/Client-TLSv12-ExportKeyingMaterial
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 37 1f dc 30 b6  |....]...Y..7..0.|
-00000010  6b 54 22 cd 46 38 00 7b  c2 d4 97 80 f5 b6 cb fc  |kT".F8.{........|
-00000020  01 b7 91 6a ce 1d 20 9f  fb 4a b3 20 d2 72 bb 97  |...j.. ..J. .r..|
-00000030  2a 46 3c da d1 8a 8e 1b  cd ed e7 5a 5a c7 0c ca  |*F<........ZZ...|
-00000040  1f 6e 40 b3 6a d6 7a ae  55 bd 82 42 cc a8 00 00  |.n@.j.z.U..B....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 ad 2d c6 4e 13  |....]...Y...-.N.|
+00000010  72 ea 19 e0 65 33 ec cb  aa 5c 70 bd f5 70 e0 b4  |r...e3...\p..p..|
+00000020  ca 7e 64 da 5e 5f cb a6  69 d4 8c 20 79 45 e2 0a  |.~d.^_..i.. yE..|
+00000030  c7 b2 be 37 28 b5 c6 35  f9 0c c9 34 39 4d 38 3b  |...7(..5...49M8;|
+00000040  c0 47 31 44 e2 47 f7 6f  70 0f 8b 2d cc a8 00 00  |.G1D.G.op..-....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,31 +62,31 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 da a1 33  |............ ..3|
-000002d0  ec 12 5f c7 25 b5 de 66  38 64 74 a9 e2 69 09 e3  |.._.%..f8dt..i..|
-000002e0  12 49 fe 0a 0a 74 c5 c8  04 b0 4c 01 6d 08 04 00  |.I...t....L.m...|
-000002f0  80 5d c4 70 28 74 65 b3  74 bb 2d 71 87 84 48 25  |.].p(te.t.-q..H%|
-00000300  41 14 38 17 cd e3 8c a8  24 a5 6b bd 81 62 ef bc  |A.8.....$.k..b..|
-00000310  9d 15 31 a7 6f a7 55 90  c8 fb 71 8a 45 a6 4a fb  |..1.o.U...q.E.J.|
-00000320  14 5d 92 5b fc 41 79 ca  d4 ac 5b 43 ea 18 f2 e4  |.].[.Ay...[C....|
-00000330  69 91 45 27 8e 32 ef ae  59 70 3e 43 b0 43 3f f0  |i.E'.2..Yp>C.C?.|
-00000340  1b e6 e4 aa 8f 0f 4d 7f  b7 d8 bf fb 40 59 92 2e  |......M.....@Y..|
-00000350  08 51 2a a4 ce c8 da f9  ec b3 d6 f6 63 32 e9 ef  |.Q*.........c2..|
-00000360  b8 42 25 2a 5e ec 4b 39  e5 52 d1 e7 f1 5d 18 9f  |.B%*^.K9.R...]..|
-00000370  97 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 f4 07 0a  |............ ...|
+000002d0  38 0a 4e 5d 59 90 98 e7  19 02 7b 51 76 59 2e 3d  |8.N]Y.....{QvY.=|
+000002e0  d2 f5 2f 1c 87 29 61 94  a0 ad 95 8b 4b 08 04 00  |../..)a.....K...|
+000002f0  80 22 b1 ac 42 df 30 4f  ea 41 75 a5 28 2e a7 50  |."..B.0O.Au.(..P|
+00000300  2a 4f c8 f4 1f c3 35 82  88 47 78 de fe 00 43 ed  |*O....5..Gx...C.|
+00000310  84 48 52 8b bf 77 22 00  fd 92 c4 e0 67 66 28 5c  |.HR..w".....gf(\|
+00000320  8a 7f 32 21 c2 5a bd b2  8f d5 72 48 3a 83 3b d7  |..2!.Z....rH:.;.|
+00000330  c8 c0 fb 54 52 28 41 49  3f 6d b4 4c ef 87 3a e5  |...TR(AI?m.L..:.|
+00000340  30 db e2 c8 5c ed f1 46  a8 f4 04 0b 02 2b 93 03  |0...\..F.....+..|
+00000350  de dc 41 88 50 f6 22 c5  2a 30 ac 47 f2 db 00 5c  |..A.P.".*0.G...\|
+00000360  7e 14 25 fd 72 de 81 ed  30 c8 62 1c 6d 44 4e 90  |~.%.r...0.b.mDN.|
+00000370  3f 16 03 03 00 04 0e 00  00 00                    |?.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 a6 dc 32  3e 35 76 e8 25 41 ad f7  |.... ..2>5v.%A..|
-00000040  64 02 b0 a3 19 0b ea 1c  7f d7 47 4c 73 2d 7e 6f  |d.........GLs-~o|
-00000050  7a 0c 09 41 1f                                    |z..A.|
+00000030  16 03 03 00 20 e1 88 c9  ef 40 26 52 ca d2 d9 31  |.... ....@&R...1|
+00000040  9c 51 a6 fa b3 40 6b 62  7e ad 00 ea da 8f 54 bf  |.Q...@kb~.....T.|
+00000050  f5 89 4b c9 a9                                    |..K..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 77 e0 48 07 28  |.......... w.H.(|
-00000010  72 79 07 2e 8a b8 1c a0  70 78 f1 a8 e9 24 6d 46  |ry......px...$mF|
-00000020  78 27 71 a0 a4 7b da 5b  77 3d 78                 |x'q..{.[w=x|
+00000000  14 03 03 00 01 01 16 03  03 00 20 6f e3 54 91 aa  |.......... o.T..|
+00000010  00 b4 8e f3 b2 51 1e 76  48 91 49 b9 ba dc 5f e4  |.....Q.vH.I..._.|
+00000020  9f 0e 49 b5 54 f5 e3 9d  25 75 38                 |..I.T...%u8|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 d9 2e 8d  11 ee 6a df 43 dc 3b f4  |..........j.C.;.|
-00000010  dd 9e c3 be 2e 78 8a 39  3b 7a a1 15 03 03 00 12  |.....x.9;z......|
-00000020  d5 ef f8 2e 49 c9 f8 27  3e 29 e5 39 fc 25 3d b2  |....I..'>).9.%=.|
-00000030  ff a8                                             |..|
+00000000  17 03 03 00 16 7b 2a af  79 d3 1c 0d cf 0f 83 04  |.....{*.y.......|
+00000010  9e 96 63 69 0c ec f7 98  02 33 12 15 03 03 00 12  |..ci.....3......|
+00000020  58 d3 1a 60 74 2c 92 91  61 2c 13 23 6d e9 5f de  |X..`t,..a,.#m._.|
+00000030  65 42                                             |eB|
diff --git a/testdata/Client-TLSv12-P256-ECDHE b/testdata/Client-TLSv12-P256-ECDHE
index d991b001..0cac7e75 100644
--- a/testdata/Client-TLSv12-P256-ECDHE
+++ b/testdata/Client-TLSv12-P256-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 37 01 00 01  33 03 03 00 00 00 00 00  |....7...3.......|
+00000000  16 03 01 01 33 01 00 01  2f 03 03 00 00 00 00 00  |....3.../.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,24 +7,24 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 b8 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 b4 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
-000000a0  00 0a 00 04 00 02 00 17  00 0d 00 1a 00 18 08 04  |................|
+000000a0  00 0a 00 04 00 02 00 17  00 0d 00 16 00 14 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
-000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
-000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
-000000f0  01 00 33 00 47 00 45 00  17 00 41 04 1e 18 37 ef  |..3.G.E...A...7.|
-00000100  0d 19 51 88 35 75 71 b5  e5 54 5b 12 2e 8f 09 67  |..Q.5uq..T[....g|
-00000110  fd a7 24 20 3e b2 56 1c  ce 97 28 5e f8 2b 2d 4f  |..$ >.V...(^.+-O|
-00000120  9e f1 07 9f 6c 4b 5b 83  56 e2 32 42 e9 58 b6 d7  |....lK[.V.2B.X..|
-00000130  49 a6 b5 68 1a 41 03 56  6b dc 5a 89              |I..h.A.Vk.Z.|
+000000c0  06 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
+000000d0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
+000000e0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
+000000f0  47 00 45 00 17 00 41 04  1e 18 37 ef 0d 19 51 88  |G.E...A...7...Q.|
+00000100  35 75 71 b5 e5 54 5b 12  2e 8f 09 67 fd a7 24 20  |5uq..T[....g..$ |
+00000110  3e b2 56 1c ce 97 28 5e  f8 2b 2d 4f 9e f1 07 9f  |>.V...(^.+-O....|
+00000120  6c 4b 5b 83 56 e2 32 42  e9 58 b6 d7 49 a6 b5 68  |lK[.V.2B.X..I..h|
+00000130  1a 41 03 56 6b dc 5a 89                           |.A.Vk.Z.|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 f2 96 d3 16 ce  |....]...Y.......|
-00000010  7c b8 43 6a 66 b2 9f 58  d2 66 74 f6 92 61 3a 48  ||.Cjf..X.ft..a:H|
-00000020  b1 84 87 be bf 7e 5a 9c  75 e3 e1 20 a6 b6 cc cf  |.....~Z.u.. ....|
-00000030  3a 1e b5 62 01 bd ee 58  eb ea 84 58 08 dc e6 d2  |:..b...X...X....|
-00000040  86 a0 5e f2 63 f2 1f 81  29 0d f7 5c c0 2f 00 00  |..^.c...)..\./..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 d9 70 61 62 c5  |....]...Y...pab.|
+00000010  f4 b4 22 c6 ea f6 e9 8c  fc 29 e8 8c 24 2d 4b c4  |.."......)..$-K.|
+00000020  04 57 01 ae e5 41 7e 7f  6f ec c3 20 86 6b 38 a9  |.W...A~.o.. .k8.|
+00000030  ea cd 51 3b 0f 05 5c a3  98 0c 4d ba 46 d6 99 f3  |..Q;..\...M.F...|
+00000040  67 da f2 62 56 29 f7 e6  8c 14 8a 7a c0 2f 00 00  |g..bV).....z./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -64,37 +64,37 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 cd 0c 00 00  c9 03 00 17 41 04 9f ab  |............A...|
-000002d0  e5 e2 8c b7 47 ce a4 e6  c8 ca 51 d7 28 b3 8b be  |....G.....Q.(...|
-000002e0  83 f4 d5 34 27 f5 89 2b  d0 bb 7e 2f 87 8c 64 3d  |...4'..+..~/..d=|
-000002f0  fc ee 5e c1 35 f6 ff be  49 75 58 65 22 92 5b 6f  |..^.5...IuXe".[o|
-00000300  07 08 61 d0 16 9c 6b 2f  b0 47 a0 ed 45 d8 08 04  |..a...k/.G..E...|
-00000310  00 80 58 85 e9 5f 3b b6  03 25 a8 49 da 56 87 2e  |..X.._;..%.I.V..|
-00000320  d5 89 ce 53 de f2 8e b7  4b 7a 24 be 0b c1 86 4b  |...S....Kz$....K|
-00000330  3a a3 58 ea e2 68 bd 33  91 93 8b f5 cc 6e ea 7d  |:.X..h.3.....n.}|
-00000340  e4 14 fc 6c d2 d3 25 97  73 bf 0d d4 26 65 71 c0  |...l..%.s...&eq.|
-00000350  6f 85 52 e6 e5 34 e7 05  7b 8b d0 96 db f4 cc 49  |o.R..4..{......I|
-00000360  f7 7f da c6 56 54 b0 e0  5e 60 b1 ea 8a 9b 45 06  |....VT..^`....E.|
-00000370  54 ed b4 34 ab a0 0b 72  4f 0e 0a 9c 57 f8 c2 1c  |T..4...rO...W...|
-00000380  87 8b 9c 48 97 ae 08 2b  51 07 cd 5d 5c 0a 1e 47  |...H...+Q..]\..G|
-00000390  b7 bd 16 03 03 00 04 0e  00 00 00                 |...........|
+000002c0  16 03 03 00 cd 0c 00 00  c9 03 00 17 41 04 a0 b7  |............A...|
+000002d0  0f 94 44 46 c4 72 5a 3c  b8 5c cd f1 9e b0 49 17  |..DF.rZ<.\....I.|
+000002e0  ea a0 ca 1d 17 d8 85 5f  0a e3 4a 85 5d f4 bb 52  |......._..J.]..R|
+000002f0  23 79 24 a9 50 81 9f 8a  5e e4 2f 5d cc 7d e2 10  |#y$.P...^./].}..|
+00000300  db 42 f0 26 98 61 b7 f5  39 16 46 d6 04 f7 08 04  |.B.&.a..9.F.....|
+00000310  00 80 05 70 60 b3 39 e0  61 6e 72 b3 13 2c 8c 2d  |...p`.9.anr..,.-|
+00000320  e1 d9 37 8e cd 13 64 2f  4b 65 4f 7c a0 2a 7e 91  |..7...d/KeO|.*~.|
+00000330  e1 fd 7d 3b e3 35 dd 5a  c8 ab 56 13 c3 c6 07 90  |..};.5.Z..V.....|
+00000340  fb d3 cf 22 dd 78 4c 33  c7 d3 6e 64 7e 65 ba 02  |...".xL3..nd~e..|
+00000350  ca 04 50 77 08 65 d5 80  c9 4f c3 b3 5b 97 b2 80  |..Pw.e...O..[...|
+00000360  3d 48 37 20 ab 28 15 0c  f2 86 dd b6 19 66 46 e3  |=H7 .(.......fF.|
+00000370  23 69 e2 5d fb 70 65 fb  c6 ae fc a4 02 42 9f fe  |#i.].pe......B..|
+00000380  b4 5c f0 4b 23 92 2a 4f  a4 1a f4 86 3b 5c 25 9d  |.\.K#.*O....;\%.|
+00000390  86 e2 16 03 03 00 04 0e  00 00 00                 |...........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 46 10 00 00  42 41 04 1e 18 37 ef 0d  |....F...BA...7..|
 00000010  19 51 88 35 75 71 b5 e5  54 5b 12 2e 8f 09 67 fd  |.Q.5uq..T[....g.|
 00000020  a7 24 20 3e b2 56 1c ce  97 28 5e f8 2b 2d 4f 9e  |.$ >.V...(^.+-O.|
 00000030  f1 07 9f 6c 4b 5b 83 56  e2 32 42 e9 58 b6 d7 49  |...lK[.V.2B.X..I|
 00000040  a6 b5 68 1a 41 03 56 6b  dc 5a 89 14 03 03 00 01  |..h.A.Vk.Z......|
-00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 c5 59  |.....(.........Y|
-00000060  bb bb c9 dc 4d 95 d9 70  d0 bc 76 ca e7 0f 50 f8  |....M..p..v...P.|
-00000070  d5 55 e0 3c fb 12 63 ff  8d b4 a9 85 96 0e        |.U.<..c.......|
+00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 3f 54  |.....(........?T|
+00000060  35 c8 33 70 66 0f 9d 3d  57 d7 a8 7f 57 45 63 a4  |5.3pf..=W...WEc.|
+00000070  67 a2 83 c4 17 5b 22 8f  1c 89 78 1c 43 8d        |g....["...x.C.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 98 cb 91 21 85  |..........(...!.|
-00000010  4a fd 3f e5 f7 31 8d 35  c9 11 31 fc 1f 0e e3 0d  |J.?..1.5..1.....|
-00000020  86 c7 93 10 1d 52 21 2c  6f 7a c7 0e 6a d8 67 9c  |.....R!,oz..j.g.|
-00000030  c8 e7 cd                                          |...|
+00000000  14 03 03 00 01 01 16 03  03 00 28 25 5d 63 2d f3  |..........(%]c-.|
+00000010  a5 91 45 d0 7d 68 39 f6  0e 04 6f 4b c9 dd 4a 54  |..E.}h9...oK..JT|
+00000020  f5 a2 04 54 d2 57 4b 40  75 4d 2f b3 5d 00 5b 11  |...T.WK@uM/.].[.|
+00000030  89 0e 92                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 b7 f9 69  |...............i|
-00000010  f9 81 f1 da b7 b7 4b fe  3a a4 d7 d2 af b5 2a e9  |......K.:.....*.|
-00000020  8f 97 c1 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  b2 0d 99 04 5c 56 a2 6e  50 e1 52 80 c5 3c 4b 69  |....\V.nP.R..<Ki|
-00000040  21 df                                             |!.|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 0c 9c ab  |................|
+00000010  24 e8 b2 cf a2 6f f9 8e  54 ed 35 43 07 4d 8f 89  |$....o..T.5C.M..|
+00000020  5c 08 15 15 03 03 00 1a  00 00 00 00 00 00 00 02  |\...............|
+00000030  f8 65 48 1e a4 03 c0 3b  2f 23 c7 9e 92 59 f6 be  |.eH....;/#...Y..|
+00000040  b4 a2                                             |..|
diff --git a/testdata/Client-TLSv12-RSA-RC4 b/testdata/Client-TLSv12-RSA-RC4
index 1bc33d74..faa48c78 100644
--- a/testdata/Client-TLSv12-RSA-RC4
+++ b/testdata/Client-TLSv12-RSA-RC4
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 55 02 00 00  51 03 03 e6 2c 7a 70 96  |....U...Q...,zp.|
-00000010  c0 bf e7 e6 2e 51 35 c7  3e 0a 4c 1e 2a 0b 54 08  |.....Q5.>.L.*.T.|
-00000020  57 e1 66 22 94 26 fe df  ce 7e bf 20 26 07 f0 81  |W.f".&...~. &...|
-00000030  7d 73 2c 70 6f d1 1b 85  f5 af 97 7e 5b 3f 5e a0  |}s,po......~[?^.|
-00000040  fc 9b 7d 5a c3 e2 05 30  b5 f5 47 05 00 05 00 00  |..}Z...0..G.....|
+00000000  16 03 03 00 55 02 00 00  51 03 03 c4 5b d6 0f d4  |....U...Q...[...|
+00000010  64 3a 37 34 a3 84 9d 3d  1b 33 c3 d4 4f 42 f7 3a  |d:74...=.3..OB.:|
+00000020  e8 da 8c 8b 97 1a e5 f4  56 a4 bd 20 03 30 25 fd  |........V.. .0%.|
+00000030  d9 01 7a 7c b8 9d 63 f0  a3 7a 1c 00 6b 75 16 d8  |..z|..c..z..ku..|
+00000040  68 5c 7a 8d 4a ae ed 52  fc 92 e5 03 00 05 00 00  |h\z.J..R........|
 00000050  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
 00000060  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
 00000070  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
@@ -74,15 +73,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 24 ad c5  35 7b 7c 74 c7 24 58 ef  |.....$..5{|t.$X.|
-000000a0  55 3f 8d c1 52 97 f8 91  93 46 02 ff cf 06 00 ba  |U?..R....F......|
-000000b0  26 91 ec c4 91 23 60 b2  c8 77                    |&....#`..w|
+00000090  01 16 03 03 00 24 83 66  73 cf 08 6f c7 29 1b ea  |.....$.fs..o.)..|
+000000a0  86 aa 02 66 2d d9 d4 7b  19 0d cc e5 9e dc e9 20  |...f-..{....... |
+000000b0  d9 62 82 59 bd e9 91 6b  90 62                    |.b.Y...k.b|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 24 e6 06 60 54 3e  |..........$..`T>|
-00000010  39 d8 22 df 83 a7 7a 4d  b4 63 03 77 3d 5d e8 06  |9."...zM.c.w=]..|
-00000020  6f fe 0a 70 4b b3 82 cc  a8 aa 48 2e f2 72 7b     |o..pK.....H..r{|
+00000000  14 03 03 00 01 01 16 03  03 00 24 ef bb 0c 3b fb  |..........$...;.|
+00000010  4e 36 53 b9 fa d4 c3 d0  37 5e 2b 22 a2 12 b6 9e  |N6S.....7^+"....|
+00000020  1c a3 f7 93 74 60 38 18  f1 cc 72 e4 ba 1a 3d     |....t`8...r...=|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1a e5 e3 38  a3 34 e4 02 f1 c4 96 14  |.......8.4......|
-00000010  13 fb 50 7d 6a 26 cf 49  f8 d6 e5 f0 d8 7c b5 15  |..P}j&.I.....|..|
-00000020  03 03 00 16 a4 cd 6c b6  b2 45 d7 35 df 56 ba ae  |......l..E.5.V..|
-00000030  a9 41 09 85 67 bb 16 c0  3e d0                    |.A..g...>.|
+00000000  17 03 03 00 1a 62 a3 b3  3a 89 25 05 89 bc 5a 21  |.....b..:.%...Z!|
+00000010  30 61 84 b0 97 52 26 a2  18 87 25 43 17 1a 52 15  |0a...R&...%C..R.|
+00000020  03 03 00 16 97 d6 18 0c  30 b3 9b 8f 2b f1 f9 3f  |........0...+..?|
+00000030  c7 8d a2 e1 ff 36 0c d6  c2 f1                    |.....6....|
diff --git a/testdata/Client-TLSv12-RenegotiateOnce b/testdata/Client-TLSv12-RenegotiateOnce
index 8456e3ab..868b5273 100644
--- a/testdata/Client-TLSv12-RenegotiateOnce
+++ b/testdata/Client-TLSv12-RenegotiateOnce
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 eb da 48 1d 79  |....]...Y....H.y|
-00000010  90 f6 67 5b 69 7b 40 07  20 12 0b 12 bd 94 75 e0  |..g[i{@. .....u.|
-00000020  84 3f 0d a5 77 c6 36 18  25 79 3c 20 07 6c 6d c7  |.?..w.6.%y< .lm.|
-00000030  b4 7e 2a 2b a5 7e 55 36  83 4d d9 94 9f 73 60 d8  |.~*+.~U6.M...s`.|
-00000040  e9 55 05 b9 bf b0 64 84  09 fe c0 2a cc a8 00 00  |.U....d....*....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 9e b0 dd 2b 97  |....]...Y.....+.|
+00000010  86 13 76 2e 65 fc 27 bc  fd 01 c0 05 86 b9 e3 bd  |..v.e.'.........|
+00000020  b9 46 3b 09 37 2a fe 3a  eb ee e0 20 65 ad 7c 0b  |.F;.7*.:... e.|.|
+00000030  1a 0b 9b da b0 8d 56 86  b6 e1 04 1b dd 5d 93 8e  |......V......]..|
+00000040  a9 ea b6 b7 17 c9 75 26  58 5a c5 37 cc a8 00 00  |......u&XZ.7....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,188 +62,188 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 be 2a c0  |............ .*.|
-000002d0  ce 61 d8 36 d0 41 4c 32  83 bb be 81 66 c8 cf cb  |.a.6.AL2....f...|
-000002e0  a2 d9 ff 9d 05 51 d9 52  bc 06 be 09 10 08 04 00  |.....Q.R........|
-000002f0  80 00 d1 fc 8c 60 a1 8f  36 3d a5 53 62 06 dd 93  |.....`..6=.Sb...|
-00000300  58 30 71 f6 a1 b8 bd c4  4e 44 2d 37 b8 38 d1 6f  |X0q.....ND-7.8.o|
-00000310  16 8d f6 6d 4a 7c af e2  a2 4a 55 b5 17 d2 61 a0  |...mJ|...JU...a.|
-00000320  93 80 d4 a9 11 49 55 cf  e3 d0 87 95 c9 c2 f6 d0  |.....IU.........|
-00000330  44 6f 33 2b ae 4a 1d e4  1e 04 f5 32 ca d6 19 61  |Do3+.J.....2...a|
-00000340  9c 8e 0d d1 1a f3 38 4b  b3 c3 eb dd fb 04 40 b7  |......8K......@.|
-00000350  f7 ef 1f f1 0a 23 08 21  2a b3 d9 f8 cf 2b 65 4c  |.....#.!*....+eL|
-00000360  47 92 52 18 61 5e f3 ad  58 36 26 09 bf 12 b6 ab  |G.R.a^..X6&.....|
-00000370  21 16 03 03 00 04 0e 00  00 00                    |!.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 41 0e e9  |............ A..|
+000002d0  28 d0 77 ab a1 9e 93 62  b1 ec d9 e4 17 7d cb 29  |(.w....b.....}.)|
+000002e0  25 28 6f 7d de fa 2e 89  8c 02 f7 22 25 08 04 00  |%(o}......."%...|
+000002f0  80 c9 63 f4 f2 99 a9 c3  dd 81 1b 3a c2 85 0a e7  |..c........:....|
+00000300  0f a6 5d 71 54 42 9e b9  68 35 5f ff b5 f3 51 9f  |..]qTB..h5_...Q.|
+00000310  16 46 c3 55 44 15 34 22  6d 68 15 6f 86 60 36 27  |.F.UD.4"mh.o.`6'|
+00000320  29 b1 f5 f3 21 5a c5 bc  95 b9 18 f3 57 7b f7 90  |)...!Z......W{..|
+00000330  20 c1 41 f2 53 d2 a0 a6  4a c8 3b 2b 75 7d 27 84  | .A.S...J.;+u}'.|
+00000340  fb 90 1c 9c 29 26 91 71  e8 25 0b 2a f1 76 b5 5c  |....)&.q.%.*.v.\|
+00000350  7f df 02 86 1c a9 ba 5a  4a 6c 25 95 1d 3c 51 21  |.......ZJl%..<Q!|
+00000360  e9 35 53 59 f4 c5 60 af  45 d0 f3 a0 36 8a dc ad  |.5SY..`.E...6...|
+00000370  19 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 68 e5 aa  89 6f 05 45 05 68 e9 53  |.... h...o.E.h.S|
-00000040  35 a0 9b 96 d9 6b ab 2c  7f e1 4c de 3e 06 c6 04  |5....k.,..L.>...|
-00000050  bd 7c 28 fb db                                    |.|(..|
+00000030  16 03 03 00 20 5b d2 2a  ad 40 50 6f a8 b8 70 d0  |.... [.*.@Po..p.|
+00000040  b9 aa ab d5 d7 2a f1 2b  f7 d7 9b cd 10 a5 80 e9  |.....*.+........|
+00000050  d3 15 3f 4f 00                                    |..?O.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 fd 74 c3 42 59  |.......... .t.BY|
-00000010  0d 86 2a 1c c7 51 d9 98  2c 1e 5b bd 44 3e 97 3e  |..*..Q..,.[.D>.>|
-00000020  55 90 5e 74 45 b7 47 0f  f7 3e d7                 |U.^tE.G..>.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 dd 90 d8 8a 0a  |.......... .....|
+00000010  11 a6 30 9b b0 29 50 c8  b1 70 36 bc fb 84 6e 6d  |..0..)P..p6...nm|
+00000020  a9 5e 67 3c e2 2e 0b 09  b2 44 38                 |.^g<.....D8|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 b5 ca 44  da 63 57 7f 6c e9 95 a5  |.......D.cW.l...|
-00000010  56 88 f1 98 dc 73 85 3f  36 66 6f                 |V....s.?6fo|
+00000000  17 03 03 00 16 9f e0 6a  fc e9 a2 bf cf b4 df 07  |.......j........|
+00000010  ba b4 8b 8b 08 ca bd a7  d5 02 2a                 |..........*|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 76 6b 6b  8c c1 38 cf 00 bf 20 c2  |.....vkk..8... .|
-00000010  62 ae df 09 0e 61 61 bf  24                       |b....aa.$|
+00000000  16 03 03 00 14 ed 9b 22  44 dd b2 e2 c3 7e ab 0c  |......."D....~..|
+00000010  69 98 d0 7b 40 9e da e2  67                       |i..{@...g|
 >>> Flow 7 (client to server)
-00000000  16 03 03 01 38 0f c1 53  8f f5 61 aa 61 0a f4 de  |....8..S..a.a...|
-00000010  80 a6 92 99 a0 33 e6 90  5f b0 13 b7 be 93 0f 60  |.....3.._......`|
-00000020  40 97 0a 3c dd 9f 22 fa  c1 8f 1d 3d 11 c1 16 97  |@..<.."....=....|
-00000030  c5 54 e4 08 fb 77 ff fb  51 fb 1a d1 a6 41 b8 4f  |.T...w..Q....A.O|
-00000040  a2 22 d7 11 8c 31 49 d7  d5 b2 16 02 2b 4d b6 ba  |."...1I.....+M..|
-00000050  7d 53 6c 5a 59 59 ec 54  00 c4 6b c3 bd 22 d1 b3  |}SlZYY.T..k.."..|
-00000060  78 f8 e7 25 6e 67 b5 32  51 a6 60 5b 55 9a a0 f4  |x..%ng.2Q.`[U...|
-00000070  ed e8 8c 8d 77 4b c3 04  9d b0 2a ed a0 bf 9f 03  |....wK....*.....|
-00000080  fa e5 2e 17 9e 04 d6 6c  38 70 33 bc 90 eb 6f db  |.......l8p3...o.|
-00000090  33 9e 69 5f 44 8c 63 af  9f 6e 74 e0 a8 d2 1b 7d  |3.i_D.c..nt....}|
-000000a0  d1 11 ea f4 c5 49 2c 7a  98 ae f6 28 58 76 ac da  |.....I,z...(Xv..|
-000000b0  31 0d 7a c7 2d e6 8a 34  9d 37 26 c8 3e 44 ac df  |1.z.-..4.7&.>D..|
-000000c0  0b 4b 2c 4e 7c 63 ec 23  82 13 a3 87 ac f7 9a 08  |.K,N|c.#........|
-000000d0  03 1c e9 ca 89 4a a8 93  37 a3 d6 1f fa dd c8 48  |.....J..7......H|
-000000e0  4a 4a ba 4d 54 80 20 18  a6 e4 98 3d dd 81 58 ec  |JJ.MT. ....=..X.|
-000000f0  9f c0 5f 06 d6 29 04 76  38 1f d0 f4 3f fe 82 ab  |.._..).v8...?...|
-00000100  de cb 12 44 a2 96 eb ac  d2 8d a1 76 37 85 71 80  |...D.......v7.q.|
-00000110  de 8b 66 50 8e 41 17 cf  9b 2b 3a 7e 1d a3 e2 26  |..fP.A...+:~...&|
-00000120  9f 60 1c 1e 89 06 d8 41  21 8d 3d ab 91 15 be 61  |.`.....A!.=....a|
-00000130  6c 07 2a e7 55 8f 6c a5  13 51 9d cc 6f           |l.*.U.l..Q..o|
+00000000  16 03 03 01 34 0d de 90  41 3c 76 1d 54 9d c2 7e  |....4...A<v.T..~|
+00000010  f5 d6 ea 55 32 23 f0 96  f0 45 c8 48 1a 81 ff b6  |...U2#...E.H....|
+00000020  99 70 e4 2d 57 e3 d1 be  8e 28 4d 6f 3c 8a ed 34  |.p.-W....(Mo<..4|
+00000030  36 1f 53 0d 8b 82 ab d5  d2 ca fc 9b 20 38 5e 83  |6.S......... 8^.|
+00000040  25 23 f9 54 30 45 e6 3c  8a a5 8e 48 fa 85 5b 7f  |%#.T0E.<...H..[.|
+00000050  5c 63 1a 7f 80 dc 84 54  02 f4 11 da 19 62 9f 76  |\c.....T.....b.v|
+00000060  ca a0 26 95 3e 3f 4a bc  0b 7d e7 ca b6 fb d3 08  |..&.>?J..}......|
+00000070  4c 1c fb 2c 88 4c 13 8d  c8 d0 e3 7f f6 cb 2e ca  |L..,.L..........|
+00000080  cb 92 ae 30 fe ea 3c 3e  ae 57 51 6a d6 98 5c d6  |...0..<>.WQj..\.|
+00000090  19 85 72 bd 62 56 fa c2  ea 08 eb b4 d9 75 ac de  |..r.bV.......u..|
+000000a0  a5 40 8d 8b 1f c4 8f f6  6d b2 5f d1 6d fb 14 fa  |.@......m._.m...|
+000000b0  e2 92 9e 04 37 d3 60 83  28 4a f9 92 8c b3 4a d2  |....7.`.(J....J.|
+000000c0  ce 6d 95 e4 40 79 7c 3d  98 11 e7 da 5c 56 0a 95  |.m..@y|=....\V..|
+000000d0  e0 6f 36 80 07 da 29 ef  88 44 db cd 2b 5a a5 27  |.o6...)..D..+Z.'|
+000000e0  56 5a 94 49 aa 51 ae 48  f9 12 8d df e0 2a a7 67  |VZ.I.Q.H.....*.g|
+000000f0  7f 55 3e 7a b6 bb 28 e3  a8 d9 44 67 e9 03 8f e5  |.U>z..(...Dg....|
+00000100  2b 40 a3 37 fb e4 51 0a  18 8f bb 14 2e 5b 62 93  |+@.7..Q......[b.|
+00000110  ab a4 40 d7 5f 15 12 cf  93 74 37 d0 ec 14 d3 a3  |..@._....t7.....|
+00000120  eb 6f 61 35 4a c4 b5 d7  d1 bb ae fe 11 6d 04 ac  |.oa5J........m..|
+00000130  58 72 a6 72 b6 06 9d 93  a5                       |Xr.r.....|
 >>> Flow 8 (server to client)
-00000000  16 03 03 00 85 2f 7c ac  ad 05 49 3c 82 9c 82 20  |...../|...I<... |
-00000010  0d 77 42 bd 9d 90 c3 2f  ab c3 c2 60 a4 18 77 23  |.wB..../...`..w#|
-00000020  02 5b e8 e0 3a f3 b7 ee  b8 eb d8 7e c5 f6 52 9e  |.[..:......~..R.|
-00000030  d7 29 b8 1b 51 62 c0 b9  02 79 df 8a 3a 15 ec 74  |.)..Qb...y..:..t|
-00000040  9e 2d cf c9 b1 1f 0b d3  7a b5 95 4d 74 80 5a 31  |.-......z..Mt.Z1|
-00000050  57 f9 dc 03 be e5 d3 0b  2d 6e 55 1a 58 b4 43 a8  |W.......-nU.X.C.|
-00000060  c6 e2 d1 c1 26 30 f5 3e  25 13 b6 4d df de 16 fd  |....&0.>%..M....|
-00000070  fd 29 85 e8 7f bf 54 74  4d 40 9a 58 c9 d2 e6 af  |.)....TtM@.X....|
-00000080  e4 fe 8d fc 0f 2e bc 1a  70 25 16 03 03 02 69 23  |........p%....i#|
-00000090  0f f9 ff b3 8a ba 05 c3  be fb 3b 29 c5 4c 3f 2e  |..........;).L?.|
-000000a0  87 c5 2e ec 88 48 24 b7  25 a8 d2 b9 00 7b aa 4c  |.....H$.%....{.L|
-000000b0  bc 04 96 79 ed a3 e9 3d  cf 64 2b 7f 9c 6b b8 3a  |...y...=.d+..k.:|
-000000c0  53 c3 70 96 39 64 5d 65  c4 aa e3 88 18 7e f6 8c  |S.p.9d]e.....~..|
-000000d0  36 2b 9b 19 4e 91 40 a3  6c 49 f5 37 96 cb ec f1  |6+..N.@.lI.7....|
-000000e0  77 ea 92 dc 17 26 cd 7a  3a 94 30 6a 25 ec 98 6d  |w....&.z:.0j%..m|
-000000f0  87 ed 9b 30 1e c3 5a 40  84 93 34 a4 d3 5a d3 1b  |...0..Z@..4..Z..|
-00000100  10 94 9a 92 73 d3 6f 4d  81 72 08 5a dd 6f f0 cd  |....s.oM.r.Z.o..|
-00000110  ee 45 cf 16 40 a1 60 e8  f9 35 9a 8a 03 79 2f 7c  |.E..@.`..5...y/||
-00000120  4a 08 8d 3b a9 0f 9c f8  1e 86 b7 f5 e8 da 09 06  |J..;............|
-00000130  9b 1e f7 2d 58 22 2b d0  7d 3d 25 63 52 c4 20 e6  |...-X"+.}=%cR. .|
-00000140  a1 c5 37 52 af a2 32 a5  78 fb fb f6 d4 6c 58 cd  |..7R..2.x....lX.|
-00000150  3b 4d 0e b3 6c 7c 00 0a  dc 0e b6 7b f9 b7 42 7e  |;M..l|.....{..B~|
-00000160  0e a3 84 78 69 d5 9e 05  c1 17 4c d5 b0 5b 0a 5b  |...xi.....L..[.[|
-00000170  d1 27 dc 7c b6 44 a1 16  0c 97 80 18 2e 7b 5a fe  |.'.|.D.......{Z.|
-00000180  ca a4 05 36 76 6a a1 89  3e ad 1c 4a 60 7a 35 64  |...6vj..>..J`z5d|
-00000190  fb fc db 28 a9 96 68 86  8d 77 e9 c0 60 1d ed 18  |...(..h..w..`...|
-000001a0  9d 6f c4 4c e9 70 60 66  03 ef 28 99 f3 4b 93 03  |.o.L.p`f..(..K..|
-000001b0  06 ef be de 5a 85 de c0  9a 2f 45 f2 77 bd 2a e3  |....Z..../E.w.*.|
-000001c0  3d f3 6d 3b e8 20 f0 fd  a6 9a cf 43 cf 83 7e 77  |=.m;. .....C..~w|
-000001d0  4b 71 dc 8a d8 4d 85 a5  2d 84 3a ff 75 40 d8 7c  |Kq...M..-.:.u@.||
-000001e0  f4 2f ff 12 86 1a a6 9c  dc 28 28 0f 33 40 63 f8  |./.......((.3@c.|
-000001f0  de 3f 9d 7c ae 9f b9 3a  21 be e9 e7 ae 52 9b 85  |.?.|...:!....R..|
-00000200  2b a6 44 78 e1 23 7d 03  eb a4 c0 59 2d 0c d6 e4  |+.Dx.#}....Y-...|
-00000210  8f 6c 37 bc d5 0c 7f e5  28 e1 5a 0c 65 0b 57 c7  |.l7.....(.Z.e.W.|
-00000220  d2 61 13 b0 dc 19 4b a0  22 cc d9 1f 42 e9 3a 92  |.a....K."...B.:.|
-00000230  ce 4e 37 c9 1b 82 7c 0c  af b5 3f 5a a8 f4 c4 fb  |.N7...|...?Z....|
-00000240  fe dc 4a 19 32 da af aa  7c bf f7 2a b0 dc af ce  |..J.2...|..*....|
-00000250  c9 96 a1 30 b5 f8 4f 07  ca e6 db cd 71 c7 09 75  |...0..O.....q..u|
-00000260  0b 7d 30 d9 5d 02 b0 b7  ff fc 92 11 e0 1e 37 40  |.}0.].........7@|
-00000270  2f eb 50 8d 65 53 db 52  1c e8 42 2f 89 0d 61 cf  |/.P.eS.R..B/..a.|
-00000280  a0 a6 10 0f c7 05 c3 6a  32 eb b1 ca 26 f5 1d fc  |.......j2...&...|
-00000290  96 ec 55 f9 8a e6 05 13  d3 0a fb 74 6a 9a 3f 4f  |..U........tj.?O|
-000002a0  ca ce 4e 29 2f 46 4c ef  47 13 72 72 aa 46 c4 12  |..N)/FL.G.rr.F..|
-000002b0  9a a7 f1 90 b2 ea b2 09  d4 db 77 c7 31 7d 6c d6  |..........w.1}l.|
-000002c0  51 9f 97 91 f6 ba 0a fb  a7 63 3e 68 e3 f2 50 5d  |Q........c>h..P]|
-000002d0  b1 33 b8 8b f1 91 68 df  3f b3 9f 5d a7 b5 c1 93  |.3....h.?..]....|
-000002e0  bf 5d 8d 3e 90 05 88 bc  d9 43 d0 9d 25 17 c1 4a  |.].>.....C..%..J|
-000002f0  4a 7f e5 73 d5 0b d6 a5  16 03 03 00 bc 1d 81 1d  |J..s............|
-00000300  dd 11 fe e7 08 d4 0a 50  1a 15 75 a4 0b 49 03 96  |.......P..u..I..|
-00000310  8a 1f ba 30 e9 e3 55 c2  a7 27 cf 3a f6 4c 0a 3d  |...0..U..'.:.L.=|
-00000320  01 5a 08 9a 88 4d ac 0b  7c 84 5c 15 81 84 2d a7  |.Z...M..|.\...-.|
-00000330  8e 4b 92 0b 7c de e9 91  20 07 ca 16 cd 43 8f ec  |.K..|... ....C..|
-00000340  db 7a 16 c9 2c 19 25 23  07 01 4f 68 cc 09 af e0  |.z..,.%#..Oh....|
-00000350  cf d7 7c 2f e0 e7 65 3c  1a 24 c4 d8 b2 ae b9 25  |..|/..e<.$.....%|
-00000360  20 7b 26 e5 50 a6 e1 b0  a6 18 e1 67 79 f3 a9 f0  | {&.P......gy...|
-00000370  bf b1 16 34 47 75 f2 6c  2d 9c ce c4 c8 7b 7d c5  |...4Gu.l-....{}.|
-00000380  6f 19 3a 2f 3a 5b 3c ce  9f 8d a2 1d 77 ba 9d 15  |o.:/:[<.....w...|
-00000390  7a ee b4 88 62 f1 9e 04  4c be 48 ea 0f 2f e5 cf  |z...b...L.H../..|
-000003a0  c0 0b 11 0b 67 9e c7 1c  3d 6b da 86 31 b0 fb 9c  |....g...=k..1...|
-000003b0  55 94 18 26 7a 0e 9b e7  99 16 03 03 00 4a c4 b6  |U..&z........J..|
-000003c0  b8 bf cc 7e 5e 8f c4 a0  84 53 bd 28 e4 1d 47 48  |...~^....S.(..GH|
-000003d0  88 52 dc 46 46 e3 43 60  d2 90 62 c0 0f f5 37 5a  |.R.FF.C`..b...7Z|
-000003e0  31 4a b1 c8 45 80 b8 91  71 45 f7 64 08 ae c7 c7  |1J..E...qE.d....|
-000003f0  9c ab 03 57 fb d6 04 ff  11 3f be 41 a8 1e a6 d1  |...W.....?.A....|
-00000400  18 d7 ce 5d df 0a 12 d2  16 03 03 00 14 ea 34 3b  |...]..........4;|
-00000410  30 86 2c da 14 f5 a8 c4  0b 08 b9 1a c5 5c 7d ba  |0.,..........\}.|
-00000420  82                                                |.|
+00000000  16 03 03 00 85 8b 8d 61  42 37 50 ee 69 d8 fb e9  |.......aB7P.i...|
+00000010  89 a4 04 63 5d 87 a4 31  cc 22 26 c0 2c 22 1a 73  |...c]..1."&.,".s|
+00000020  cc f0 9f be 65 c4 e0 ad  6d b0 b5 d3 86 2c 0b 59  |....e...m....,.Y|
+00000030  e6 ae 58 38 b5 5f 4f 6e  7c ec e9 27 23 5f 4a 92  |..X8._On|..'#_J.|
+00000040  78 5f cc 9f 7f 2b bb 2c  dd 04 17 ea d4 87 b9 6d  |x_...+.,.......m|
+00000050  d0 1e 35 01 b4 4d 5d 73  6a 9f de 1d 71 47 78 d6  |..5..M]sj...qGx.|
+00000060  89 dc c2 d6 5c 69 0c dc  bb 7b 59 60 56 47 e9 5c  |....\i...{Y`VG.\|
+00000070  04 3e 3c 93 18 9b 40 4b  95 1f 20 e3 17 c6 ab 35  |.><...@K.. ....5|
+00000080  db 3f 88 d7 4b 89 5a 53  b7 a9 16 03 03 02 69 85  |.?..K.ZS......i.|
+00000090  49 cc 00 5a 45 40 9d be  80 06 97 16 a0 c0 dc bb  |I..ZE@..........|
+000000a0  32 62 18 88 31 3b 14 ec  9d f2 3f ed c0 36 ad bb  |2b..1;....?..6..|
+000000b0  69 fa 32 f5 13 54 2b 77  f3 db 6e 20 0a 2b 5c a5  |i.2..T+w..n .+\.|
+000000c0  d8 aa 5a 63 8d c1 51 50  41 f6 6c f7 ef 2f 15 81  |..Zc..QPA.l../..|
+000000d0  85 af 6e e5 01 95 9a 5e  70 26 cb c1 c8 89 3f b8  |..n....^p&....?.|
+000000e0  3d 5a 1b 68 a6 25 08 48  ad dd 29 db bf ce 75 44  |=Z.h.%.H..)...uD|
+000000f0  ca cd 92 79 47 d8 25 f1  23 9a 63 62 15 05 d8 2c  |...yG.%.#.cb...,|
+00000100  c0 30 a4 65 a7 f9 89 a4  fe 87 32 21 07 24 d9 16  |.0.e......2!.$..|
+00000110  64 26 48 75 ab a7 00 e1  9b 48 5c 77 3d 66 18 69  |d&Hu.....H\w=f.i|
+00000120  35 a9 4c 03 f5 9f 42 ff  50 98 73 b1 82 16 fd ff  |5.L...B.P.s.....|
+00000130  94 fd aa 3c 46 1f b5 99  fd de ab 2e 6a 24 00 5a  |...<F.......j$.Z|
+00000140  33 82 e1 65 4c 1b e8 6f  70 8d 79 c7 50 76 06 30  |3..eL..op.y.Pv.0|
+00000150  d5 13 c5 77 00 54 57 16  55 1b cb 10 4b 62 37 ae  |...w.TW.U...Kb7.|
+00000160  76 7e da 97 6c ad bd 67  b2 34 bc 82 f1 09 e2 d4  |v~..l..g.4......|
+00000170  87 6c 5e e7 cd 70 99 57  c7 2f b3 72 ec 7e d1 b6  |.l^..p.W./.r.~..|
+00000180  00 04 32 1d 86 5f ef 55  98 41 68 e8 9d 6c f4 2d  |..2.._.U.Ah..l.-|
+00000190  fb 36 5d 89 02 b2 b9 2b  40 89 88 44 7c 72 6f 1f  |.6]....+@..D|ro.|
+000001a0  9e 42 95 8d 5c 7b 59 b3  47 1d 84 7c 68 21 6a 32  |.B..\{Y.G..|h!j2|
+000001b0  16 06 e0 53 88 35 35 88  25 e6 46 2d 8c b7 d1 52  |...S.55.%.F-...R|
+000001c0  6e dd e7 a2 7b 60 41 54  03 9f c7 60 99 10 4d 89  |n...{`AT...`..M.|
+000001d0  52 4d e3 f1 12 f1 35 a0  f6 02 7d 6e 30 28 d8 75  |RM....5...}n0(.u|
+000001e0  18 34 9d 0d 10 e2 05 58  b1 98 e8 ae ab db a1 e6  |.4.....X........|
+000001f0  88 dc ac 71 ac 63 ad 60  29 f5 8c 60 b7 db b6 b6  |...q.c.`)..`....|
+00000200  60 44 a3 c5 bb 70 1b ac  d7 4b 06 a0 e4 db 62 30  |`D...p...K....b0|
+00000210  20 58 3c a8 70 78 84 ef  d9 21 77 bd 3f 70 29 67  | X<.px...!w.?p)g|
+00000220  35 4d cc 20 a0 b0 86 c8  11 dd dc 71 b4 73 0a ba  |5M. .......q.s..|
+00000230  b3 64 6e 1d e7 ed 48 ac  b4 8a 7c 23 2a 00 a1 45  |.dn...H...|#*..E|
+00000240  1b 1b 91 df 24 a5 2b d7  3c 8a 35 3f fb 75 cc b6  |....$.+.<.5?.u..|
+00000250  7c 86 9f c5 25 1d 54 d1  28 c4 53 fb e6 37 01 85  ||...%.T.(.S..7..|
+00000260  80 cc e5 04 70 9f 6c a3  26 60 cc ce 48 7a 8f fa  |....p.l.&`..Hz..|
+00000270  dc 84 0f bd ad 72 33 a6  a0 f7 67 50 31 77 bd e4  |.....r3...gP1w..|
+00000280  cb d5 7f cf b7 d3 70 ae  7a 70 fa 0b 3d 19 ae 67  |......p.zp..=..g|
+00000290  7e 08 0f 8d c9 77 f7 88  38 1a 1a 1c 36 6e db 36  |~....w..8...6n.6|
+000002a0  5f 70 19 5a a6 15 fc 24  05 a5 30 6d fe a4 25 0b  |_p.Z...$..0m..%.|
+000002b0  8a 14 d4 b0 c9 8f 6e fd  02 e4 7b af f8 11 0d d3  |......n...{.....|
+000002c0  45 fe 4f 41 4f e3 26 aa  4a 58 36 02 d8 d0 d3 4e  |E.OAO.&.JX6....N|
+000002d0  ca e1 0a b2 d4 37 d6 dd  19 d2 7c bd 97 16 8d 47  |.....7....|....G|
+000002e0  87 e7 09 13 e2 ec 89 f5  3a 17 47 36 68 00 58 b4  |........:.G6h.X.|
+000002f0  3d fc db 65 23 e9 2a 3e  16 03 03 00 bc e3 05 22  |=..e#.*>......."|
+00000300  3d 8d 48 5d 28 cd ae 94  db 95 2e a6 44 77 da d5  |=.H](.......Dw..|
+00000310  a1 09 7c a3 4c 3f a6 18  80 92 cf 5c 77 9d 18 5d  |..|.L?.....\w..]|
+00000320  43 78 05 bb cb 8e 27 7c  cc 2e 9c 54 95 ff 1c 74  |Cx....'|...T...t|
+00000330  48 fb df 47 e8 e1 24 94  94 5d cc 2c b2 df 48 6c  |H..G..$..].,..Hl|
+00000340  22 1e 61 f1 e3 c6 56 fb  79 70 b0 ab c5 70 ca 7f  |".a...V.yp...p..|
+00000350  c0 32 8d 6d a5 55 6d 94  8c 7b 9d da 0b 35 d1 da  |.2.m.Um..{...5..|
+00000360  77 85 01 66 15 be 10 c3  3c 9b 80 61 b3 c0 1a 29  |w..f....<..a...)|
+00000370  22 d1 d1 ba 4a ea 01 58  72 94 79 f0 6e 5f 36 23  |"...J..Xr.y.n_6#|
+00000380  8a cf 16 fa 2c 5f 6d dd  54 61 df bc 6f 91 d4 df  |....,_m.Ta..o...|
+00000390  e7 6f 50 8f 9c 27 04 04  19 80 10 a2 8d a5 61 81  |.oP..'........a.|
+000003a0  06 1f b0 79 87 c0 95 87  f7 d8 87 22 75 a5 87 30  |...y......."u..0|
+000003b0  f4 33 6d cb 59 f7 18 75  0f 16 03 03 00 4a d3 e9  |.3m.Y..u.....J..|
+000003c0  2e 47 65 f2 29 70 4c 74  3f e9 13 88 e7 66 c6 73  |.Ge.)pLt?....f.s|
+000003d0  0f e4 7a 8f 0e 49 49 39  90 e7 ff d4 1f 8a d6 c6  |..z..II9........|
+000003e0  91 16 f6 a6 fe 60 d8 ba  26 a6 5e 44 f5 76 88 63  |.....`..&.^D.v.c|
+000003f0  10 d0 89 2f 6b ae 55 64  13 0c 63 76 69 df 6a 4a  |.../k.Ud..cvi.jJ|
+00000400  74 15 51 0b 4d 74 db 49  16 03 03 00 14 f2 0f e7  |t.Q.Mt.I........|
+00000410  38 90 33 ff 5e 20 60 42  32 40 72 2c c8 70 d7 ba  |8.3.^ `B2@r,.p..|
+00000420  a1                                                |.|
 >>> Flow 9 (client to server)
-00000000  16 03 03 02 69 ee f1 51  ac 2b 75 2a 6b 31 f9 25  |....i..Q.+u*k1.%|
-00000010  5a 00 97 42 02 d8 b8 e0  2a a6 0f c2 eb 89 75 42  |Z..B....*.....uB|
-00000020  4c 94 81 59 d0 26 4b e4  51 0a 77 ac bd bc 84 8e  |L..Y.&K.Q.w.....|
-00000030  fa 68 9c 1c 38 90 08 35  96 d2 7e e9 ef 8d 00 78  |.h..8..5..~....x|
-00000040  1e 30 cd 92 df 44 d8 89  fc e5 ce 65 43 65 be db  |.0...D.....eCe..|
-00000050  92 5e 56 0c 8e 86 cf 8f  62 4c 9a a2 ab 8b 0c f6  |.^V.....bL......|
-00000060  13 b4 57 76 fb c4 de b1  68 1c ca c1 23 3d 0d 6a  |..Wv....h...#=.j|
-00000070  be ab 0f 03 19 3a 8c 36  0a ed 1c 2b 59 7a b5 f2  |.....:.6...+Yz..|
-00000080  9c 29 0b e1 ab 74 ad b4  fc f9 ab 18 bf b0 3d 5e  |.)...t........=^|
-00000090  57 70 be 2f 57 7c cc cd  4b 0d e3 c7 d6 74 d8 ae  |Wp./W|..K....t..|
-000000a0  79 b1 f8 aa 28 b7 a4 c7  27 77 a0 20 69 81 f6 a2  |y...(...'w. i...|
-000000b0  76 bc 96 fd 2d 03 9c 97  21 5d ea 50 82 5a 6d 00  |v...-...!].P.Zm.|
-000000c0  7a 80 19 09 4b 4a 8c cc  f4 b4 74 62 60 b6 71 44  |z...KJ....tb`.qD|
-000000d0  d5 06 e0 79 45 cc 78 4a  ee 4c d6 bb 96 70 ac cb  |...yE.xJ.L...p..|
-000000e0  3e 94 d6 46 a3 96 15 4f  70 f0 1a 61 13 ec 6d 0d  |>..F...Op..a..m.|
-000000f0  be ce cd c7 ee 5e c8 ae  cf 1f f1 43 dd 29 21 8b  |.....^.....C.)!.|
-00000100  f1 f0 32 5a 4d 02 09 7f  c0 15 be 33 aa eb 55 97  |..2ZM......3..U.|
-00000110  ea 74 02 dd 74 22 40 b5  33 7d cf ca be 07 0d cb  |.t..t"@.3}......|
-00000120  82 a4 62 56 b1 68 f8 25  d7 1d 57 31 83 cc 7b e9  |..bV.h.%..W1..{.|
-00000130  8a 9f d5 b5 d1 99 da 4b  55 87 c2 d3 99 ea 34 3c  |.......KU.....4<|
-00000140  01 61 5e d4 f2 4a 40 b4  ff 4b eb 68 c7 5e a7 7b  |.a^..J@..K.h.^.{|
-00000150  cf d6 2d 99 ea 6d df a8  b3 74 d1 ad 22 22 81 ae  |..-..m...t..""..|
-00000160  58 a6 1b 87 cb 75 d7 2c  5b a6 4e 04 28 fb f7 6e  |X....u.,[.N.(..n|
-00000170  2a 52 c9 19 21 d8 3c ee  0c 8d 0c 55 d9 7a 1f 75  |*R..!.<....U.z.u|
-00000180  1e 14 4f c2 7c e3 a1 b7  bd 23 32 40 68 d7 9f d7  |..O.|....#2@h...|
-00000190  bc e4 57 62 d2 ba 95 3f  1a c0 2f cf 31 6b 41 e6  |..Wb...?../.1kA.|
-000001a0  92 91 91 6f 49 4b 42 fb  ae e2 82 c2 ac 5b 5d 0f  |...oIKB......[].|
-000001b0  f1 9f e7 18 9d 1d 35 f6  6f 51 d2 05 ed a2 ab 55  |......5.oQ.....U|
-000001c0  38 19 ec 37 ac f2 25 1d  6c 9e f7 30 87 98 03 96  |8..7..%.l..0....|
-000001d0  d6 ae dd 39 74 8f 39 c9  b8 5c aa b2 88 60 5d 96  |...9t.9..\...`].|
-000001e0  7e 3f fe 21 91 41 e1 e9  88 8c 63 20 dc 8d 60 7f  |~?.!.A....c ..`.|
-000001f0  29 36 bd 81 7f 90 48 47  e4 d1 c1 f6 07 06 4f 5d  |)6....HG......O]|
-00000200  2e fa ba e7 8c 57 0d f7  82 80 31 68 a3 78 f9 73  |.....W....1h.x.s|
-00000210  2d 31 0a 76 b1 08 5e 28  af 97 e9 4f 00 b3 eb 99  |-1.v..^(...O....|
-00000220  81 0a 2f 64 53 24 63 eb  16 10 67 97 77 e4 52 98  |../dS$c...g.w.R.|
-00000230  13 d2 bb a5 26 6a 4a c9  6d 9a f7 4c 99 af 05 3b  |....&jJ.m..L...;|
-00000240  da 91 d0 1e bf bc e7 49  90 1e 9f 56 03 38 77 28  |.......I...V.8w(|
-00000250  a2 78 ca 38 51 ec a4 96  70 f2 23 24 ef d2 5e 70  |.x.8Q...p.#$..^p|
-00000260  d0 12 d8 f7 75 64 66 be  f9 30 40 13 30 ca 16 03  |....udf..0@.0...|
-00000270  03 00 35 2e 74 d1 77 b1  56 b9 b6 33 07 39 6d 6b  |..5.t.w.V..3.9mk|
-00000280  c9 c0 9e b1 35 5b 1c 5e  8b c7 15 b8 12 90 3f 62  |....5[.^......?b|
-00000290  01 4a bd 93 2e 5d 0b 6f  9a 33 f3 0f f3 ce 8b 6e  |.J...].o.3.....n|
-000002a0  a2 fb 81 8b 69 9a 3b db  16 03 03 00 98 70 68 40  |....i.;......ph@|
-000002b0  c3 43 46 fc 9b 8a 1d 3f  e2 00 0e e3 a5 a1 d3 b3  |.CF....?........|
-000002c0  4e 99 01 15 d1 91 6c be  4d 05 17 f9 67 14 f5 03  |N.....l.M...g...|
-000002d0  86 f0 f3 c1 b4 74 8d dc  d5 74 d7 b1 f3 f7 5c b1  |.....t...t....\.|
-000002e0  12 20 5e 64 aa e5 fa b4  d5 dd 34 29 42 a4 4e 46  |. ^d......4)B.NF|
-000002f0  9a e0 98 a7 9a 6c c1 b0  bc d7 4d b9 a8 1c 8d 51  |.....l....M....Q|
-00000300  5b 11 bd a3 a9 1c d7 c7  d2 c7 e1 04 a0 6c be a0  |[............l..|
-00000310  74 81 e1 9f f3 a6 ac dc  e6 ac 76 46 03 28 d3 b1  |t.........vF.(..|
-00000320  ab a9 77 b0 84 f2 61 ff  39 a0 e5 09 a0 ad fa 41  |..w...a.9......A|
-00000330  a9 09 4d fb 3f 46 11 73  71 cd 80 1b 1f 5a 43 c9  |..M.?F.sq....ZC.|
-00000340  b0 b0 df 4a 03 14 03 03  00 11 d1 98 c3 73 d0 be  |...J.........s..|
-00000350  45 ea 73 e7 71 1c 78 97  4a b9 05 16 03 03 00 20  |E.s.q.x.J...... |
-00000360  5e e3 1f 19 aa 89 11 71  09 fb 4c f4 36 d4 3a 4b  |^......q..L.6.:K|
-00000370  3e 89 3c 78 99 1a 63 7b  45 22 55 39 74 7f d6 5f  |>.<x..c{E"U9t.._|
+00000000  16 03 03 02 69 78 39 27  1a 64 94 f7 9c 64 ac 37  |....ix9'.d...d.7|
+00000010  28 be d0 a4 74 98 34 51  8e 3b c7 14 02 83 ee a5  |(...t.4Q.;......|
+00000020  05 55 59 f8 04 43 59 cd  33 e6 c4 44 57 30 68 db  |.UY..CY.3..DW0h.|
+00000030  b2 cb 50 db c1 e6 c4 04  a3 79 22 40 15 f9 89 57  |..P......y"@...W|
+00000040  7b 7a 68 d6 d1 15 c9 7f  6b d8 3a 6c dc 32 4f 72  |{zh.....k.:l.2Or|
+00000050  97 57 32 25 f9 78 e6 07  91 f4 45 67 b1 41 dd f9  |.W2%.x....Eg.A..|
+00000060  5b fd 76 53 d5 7d 0f 74  6e 2e ea d9 9c 2d 00 39  |[.vS.}.tn....-.9|
+00000070  2f 7f 49 97 24 bf e4 f2  c7 7e 21 f9 dd 30 3a 78  |/.I.$....~!..0:x|
+00000080  3c 53 41 58 5c 97 3a ff  6f 60 f4 b6 d6 23 a9 ad  |<SAX\.:.o`...#..|
+00000090  6f 5d e8 cb eb d6 87 e1  44 98 4a a0 31 9c af f0  |o]......D.J.1...|
+000000a0  55 cb 04 b8 74 7b f4 bc  0b d1 e7 15 43 ef f7 e6  |U...t{......C...|
+000000b0  dc bd 28 f8 3a af c6 02  a1 95 88 f1 36 f2 35 48  |..(.:.......6.5H|
+000000c0  99 04 06 fd 42 9e 8d 28  8f 98 a2 a8 b5 69 90 05  |....B..(.....i..|
+000000d0  76 62 69 a2 4c 11 59 06  20 3e 9a 63 f4 8a fd da  |vbi.L.Y. >.c....|
+000000e0  6c b5 0d 0c d3 c6 6d 47  2e a8 3a d8 ec fd d3 42  |l.....mG..:....B|
+000000f0  ef 8b e8 75 a6 04 06 3b  5e 57 ae a3 10 2e 6d 01  |...u...;^W....m.|
+00000100  0e ea 94 e6 78 1b 91 f0  a0 1e 55 d3 25 13 15 ac  |....x.....U.%...|
+00000110  eb a4 7c c3 66 83 62 00  a3 d2 f5 7c 64 c6 39 fb  |..|.f.b....|d.9.|
+00000120  6d ee 01 50 d4 13 5d 10  5f 31 30 09 90 91 64 ad  |m..P..]._10...d.|
+00000130  f1 c5 4b ed 9d ef 2a 71  e5 7a b2 5d a8 57 bc b8  |..K...*q.z.].W..|
+00000140  1f 32 c6 f0 61 f0 08 9e  07 9b d3 99 5b 5e a5 32  |.2..a.......[^.2|
+00000150  1f 8a f7 30 1f e9 e6 39  b1 5a c6 a5 22 c8 98 49  |...0...9.Z.."..I|
+00000160  04 f2 58 4d e2 15 e6 cd  d1 2b 05 54 81 cc b8 33  |..XM.....+.T...3|
+00000170  5d 26 52 65 95 32 84 01  f6 05 fa 19 58 c6 57 53  |]&Re.2......X.WS|
+00000180  c8 d7 3d ef 56 4e 6e e4  17 45 1c bc 40 ee 06 32  |..=.VNn..E..@..2|
+00000190  60 74 9e 62 02 47 52 a8  92 57 26 1f ba 2d 93 67  |`t.b.GR..W&..-.g|
+000001a0  94 46 0f c4 0d f5 df 75  b0 d9 27 02 56 f3 82 e1  |.F.....u..'.V...|
+000001b0  da 1c 3b 3e 97 93 c8 2d  12 bd b4 5b 36 7a 5c bf  |..;>...-...[6z\.|
+000001c0  27 9a 75 11 f9 4d 9b c0  ae 6b be 71 5f 37 33 b5  |'.u..M...k.q_73.|
+000001d0  4e d4 5a fb 98 71 c5 77  8c fc e2 f3 91 73 35 f4  |N.Z..q.w.....s5.|
+000001e0  e7 13 b1 ea bd c2 a9 46  b9 ea 88 06 58 a2 49 a2  |.......F....X.I.|
+000001f0  97 2b cf 1b 25 a3 71 a0  22 95 4c 54 81 eb 41 7f  |.+..%.q.".LT..A.|
+00000200  80 15 82 ec 19 0c f8 a3  21 fe 37 2e e1 ca 34 02  |........!.7...4.|
+00000210  5d ec 78 d9 eb 99 93 5d  96 26 cd 4c 56 3a 35 6a  |].x....].&.LV:5j|
+00000220  7f d0 0c c7 b7 c3 80 c6  fe d0 04 54 00 8c 4c 8b  |...........T..L.|
+00000230  43 f4 36 b8 ea 51 35 3c  5e b5 b9 45 dc d2 19 bd  |C.6..Q5<^..E....|
+00000240  d2 2a 95 bc 7f 22 43 4f  84 be bd 7b ab a8 5c 4d  |.*..."CO...{..\M|
+00000250  28 99 e6 e5 05 33 05 38  be 17 55 80 2d e1 de cf  |(....3.8..U.-...|
+00000260  39 4e 5b 7d 89 b4 a6 d3  0a e3 fd 47 e1 2c 16 03  |9N[}.......G.,..|
+00000270  03 00 35 f3 2d 2c 7b fa  06 39 06 40 27 5b ea 9e  |..5.-,{..9.@'[..|
+00000280  2f 4a 6c 32 df 62 c3 bc  af ed 21 6a 1a 34 82 cf  |/Jl2.b....!j.4..|
+00000290  73 e5 b9 1d 8d 42 3d 8e  b7 e6 1c 0a e0 81 3e cd  |s....B=.......>.|
+000002a0  88 23 f3 56 55 09 e2 6e  16 03 03 00 98 73 0f 59  |.#.VU..n.....s.Y|
+000002b0  0e 1b 1b d1 db db 6d 47  d9 05 f8 e1 29 32 e5 16  |......mG....)2..|
+000002c0  f9 f6 24 2b 0f 2d bb 74  da fd 75 9b ec 6a 3f 02  |..$+.-.t..u..j?.|
+000002d0  c8 3a ab 23 ec cb 77 c6  d7 7b ba ce 29 85 66 54  |.:.#..w..{..).fT|
+000002e0  ab df c9 74 2a 50 b5 cd  45 03 e2 ce 6f d3 d0 f1  |...t*P..E...o...|
+000002f0  1a 3e e4 c0 34 72 e1 53  1e 69 9a d7 41 4f d4 3a  |.>..4r.S.i..AO.:|
+00000300  31 af 1a 0b 83 82 e7 6c  4f f6 9a d5 84 bb 9a 14  |1......lO.......|
+00000310  e3 ec 04 12 c8 83 9c c8  d9 81 c1 c9 16 db 35 6e  |..............5n|
+00000320  0f af a0 b3 e6 a9 2b ad  a5 1f cd a0 fb 45 01 84  |......+......E..|
+00000330  ae b5 42 49 21 d8 29 06  0a 0e e8 26 8e f4 f1 56  |..BI!.)....&...V|
+00000340  c2 7c 8f d6 4a 14 03 03  00 11 c6 06 37 68 e0 2b  |.|..J.......7h.+|
+00000350  dd 32 2a b5 c7 b6 ad e2  c8 7c d8 16 03 03 00 20  |.2*......|..... |
+00000360  1d 80 95 df 2d d3 38 50  a2 2d bc 09 50 e4 e8 47  |....-.8P.-..P..G|
+00000370  5f 3e 26 03 5e d3 9b 5a  ee ed d4 bb cb da 05 5b  |_>&.^..Z.......[|
 >>> Flow 10 (server to client)
-00000000  14 03 03 00 11 f4 04 c6  5c 08 6d 53 9b 6e 59 7f  |........\.mS.nY.|
-00000010  75 c7 d9 a9 95 24 16 03  03 00 20 f3 82 ea ea a8  |u....$.... .....|
-00000020  ee 3f 83 7f f4 1e 31 d8  66 32 b7 d9 46 13 ac b5  |.?....1.f2..F...|
-00000030  cc b0 e6 ac 06 4f 65 3b  2e 57 f6 17 03 03 00 19  |.....Oe;.W......|
-00000040  c7 c9 1c 1c 64 a0 c0 90  03 96 5e 94 60 79 f0 85  |....d.....^.`y..|
-00000050  e7 41 db ca 6e 21 5a dd  2a                       |.A..n!Z.*|
+00000000  14 03 03 00 11 13 75 b3  44 ec 4c 6b 24 d3 52 90  |......u.D.Lk$.R.|
+00000010  28 c1 47 92 5c 0d 16 03  03 00 20 c2 61 ed 34 d2  |(.G.\..... .a.4.|
+00000020  c5 cf fd b3 31 3d 1d 5f  30 87 18 65 01 47 da 0f  |....1=._0..e.G..|
+00000030  d9 eb 4f 0f 50 2e 02 86  fe eb 13 17 03 03 00 19  |..O.P...........|
+00000040  3f ac 26 1c 16 0e 16 bf  b1 d3 80 86 dd c6 e2 b6  |?.&.............|
+00000050  3f 5a 0b 0c 3e 7d 3b a8  d5                       |?Z..>};..|
 >>> Flow 11 (client to server)
-00000000  15 03 03 00 12 7a a9 2e  4b 21 84 78 cb 46 52 f3  |.....z..K!.x.FR.|
-00000010  f9 8e 75 3b 7e 77 a1                              |..u;~w.|
+00000000  15 03 03 00 12 ea 81 9d  df ec c1 0c 3d 21 8b fe  |............=!..|
+00000010  b5 24 d8 92 43 1d 3d                              |.$..C.=|
diff --git a/testdata/Client-TLSv12-RenegotiateTwice b/testdata/Client-TLSv12-RenegotiateTwice
index 1c7fadb2..e83ad4b2 100644
--- a/testdata/Client-TLSv12-RenegotiateTwice
+++ b/testdata/Client-TLSv12-RenegotiateTwice
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 c5 11 e0 7f 6f  |....]...Y......o|
-00000010  86 2d f5 8f c2 ba 8b a7  1e 15 94 51 e1 d0 ab 40  |.-.........Q...@|
-00000020  37 5b 68 a7 ee 6f de ae  d2 4b b2 20 a8 02 85 68  |7[h..o...K. ...h|
-00000030  2c 18 6b 1a 6c ba 64 81  8a 0f 72 a6 a3 3a 1a ee  |,.k.l.d...r..:..|
-00000040  6a 9a d6 9a ce 03 78 11  11 b6 fa 7a cc a8 00 00  |j.....x....z....|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 36 29 60 e0 b5  |....]...Y..6)`..|
+00000010  ee 59 a6 3b 1a de 96 8a  51 0c c1 15 30 ce 6a 70  |.Y.;....Q...0.jp|
+00000020  ca 5b fa a5 86 f4 59 79  44 cd 73 20 ad b7 a9 d5  |.[....YyD.s ....|
+00000030  c1 aa a6 49 6d a8 36 a9  bf 40 1e 3a d4 2c 21 4a  |...Im.6..@.:.,!J|
+00000040  5d aa fa 75 80 d4 cb fc  be 2b 41 36 cc a8 00 00  |]..u.....+A6....|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,290 +62,290 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 42 e7 5a  |............ B.Z|
-000002d0  6b 3f 36 51 1f 06 45 c8  de 17 f8 19 9c a2 cb bb  |k?6Q..E.........|
-000002e0  89 52 59 e0 1a d5 c4 1e  42 0c 9b 93 14 08 04 00  |.RY.....B.......|
-000002f0  80 cb 39 db 19 17 fd 12  ec 25 87 ce d2 76 8c c7  |..9......%...v..|
-00000300  aa 30 e3 50 0c 22 a6 73  d0 e5 b0 b6 b6 3c 5a ab  |.0.P.".s.....<Z.|
-00000310  11 97 35 e6 ff de d4 19  46 20 5f 78 33 1c c4 24  |..5.....F _x3..$|
-00000320  48 2d 6a c0 f4 07 d4 5c  8b b6 a3 8c eb 99 e9 70  |H-j....\.......p|
-00000330  d8 46 43 00 3b 1c 4e 37  52 c8 92 57 21 ee c7 af  |.FC.;.N7R..W!...|
-00000340  f0 19 8b 2b f8 c0 e3 1a  79 13 17 fb 14 ed 5c 82  |...+....y.....\.|
-00000350  a9 77 05 b3 3d 25 92 07  3f f5 38 6d dc 86 ce 44  |.w..=%..?.8m...D|
-00000360  3c b7 72 da aa 0c 78 b8  22 bf ef af cf d4 81 bc  |<.r...x.".......|
-00000370  11 16 03 03 00 04 0e 00  00 00                    |..........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 f1 5a 89  |............ .Z.|
+000002d0  7f 84 c0 86 59 fb ca 59  19 b9 7b e8 96 ba 5a fc  |....Y..Y..{...Z.|
+000002e0  3f 2d b5 0f 2f 0e a3 5c  4a 04 1f 55 1a 08 04 00  |?-../..\J..U....|
+000002f0  80 c9 fe 35 a0 c1 cc a5  ea f9 5a 8d 92 b8 e6 cd  |...5......Z.....|
+00000300  5e 56 70 9c e1 de fe 69  73 b8 3c 97 86 6f e1 2a  |^Vp....is.<..o.*|
+00000310  e7 f4 12 fb b8 32 fd 5b  09 80 f8 0f ba 59 ed c4  |.....2.[.....Y..|
+00000320  86 07 33 e9 57 01 49 f8  cb 2d b4 16 07 e7 78 12  |..3.W.I..-....x.|
+00000330  3f e6 b4 d1 21 99 bc d5  cf 93 76 2c 24 18 d1 4d  |?...!.....v,$..M|
+00000340  c4 6c 3f 1c c6 1a fe 04  5a 3e 7b 57 cd 8b 84 2a  |.l?.....Z>{W...*|
+00000350  85 0d b0 5f bf a5 8e 74  55 72 dc 2c 5c 60 52 93  |..._...tUr.,\`R.|
+00000360  1e 28 9d 36 9f fd da a5  3b 51 96 4e 12 d6 d4 ca  |.(.6....;Q.N....|
+00000370  d3 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 c0 2e 41  33 99 c3 00 90 54 c8 ea  |.... ..A3....T..|
-00000040  64 b2 f5 74 5d 3c b8 eb  0c 6e 12 bb 96 01 13 46  |d..t]<...n.....F|
-00000050  1f 7d e9 3a 15                                    |.}.:.|
+00000030  16 03 03 00 20 e4 80 79  12 42 80 88 c3 66 6b 9b  |.... ..y.B...fk.|
+00000040  a2 03 59 f9 a3 54 2f 7f  03 de 90 97 1d cb 48 08  |..Y..T/.......H.|
+00000050  19 a4 bb 13 64                                    |....d|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 50 98 09 8a ad  |.......... P....|
-00000010  b9 ba cb d8 d2 5c a8 69  86 da 30 da 39 ed 3b db  |.....\.i..0.9.;.|
-00000020  5c eb 34 08 4c ca 51 b2  63 0e 08                 |\.4.L.Q.c..|
+00000000  14 03 03 00 01 01 16 03  03 00 20 9e 59 22 68 f2  |.......... .Y"h.|
+00000010  3c 38 7d cf 43 eb 77 73  94 6c 35 e5 3f 3e 7e 03  |<8}.C.ws.l5.?>~.|
+00000020  29 96 e8 c6 f7 5c b4 39  c3 77 61                 |)....\.9.wa|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 62 a6 a2  7c 1a 5e 4b 4e 58 86 12  |.....b..|.^KNX..|
-00000010  35 8b 6e d9 00 b0 f2 31  46 e6 2a                 |5.n....1F.*|
+00000000  17 03 03 00 16 ec 02 9b  89 68 8b 8a c6 e1 36 f1  |.........h....6.|
+00000010  4a b7 c4 d5 63 0a e8 d9  2c 1f ce                 |J...c...,..|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 b0 3a a3  b6 16 b7 9f 65 f8 7f 64  |......:.....e..d|
-00000010  8d 4c 73 1f 41 1b b0 5c  65                       |.Ls.A..\e|
+00000000  16 03 03 00 14 a8 ab 9e  3c 00 e4 6f b3 26 dd 3a  |........<..o.&.:|
+00000010  67 ab ee 28 a0 a1 65 83  91                       |g..(..e..|
 >>> Flow 7 (client to server)
-00000000  16 03 03 01 38 a3 ce 00  8f a3 63 85 d9 cd 78 93  |....8.....c...x.|
-00000010  55 94 fc 68 84 5c fc c5  a3 c3 d1 cc 09 83 e0 a0  |U..h.\..........|
-00000020  b2 b7 d4 10 6f aa 32 99  a5 53 e0 c0 ae 8c 6a e2  |....o.2..S....j.|
-00000030  90 8f 46 ac 71 ce 4e 4f  0a 29 cd 70 ed 8a cc 1e  |..F.q.NO.).p....|
-00000040  53 de d1 75 72 a2 06 36  28 6e fd d0 60 00 ff c6  |S..ur..6(n..`...|
-00000050  a8 18 1e f8 1c 1a 7d e9  d8 16 36 a4 42 d5 59 ad  |......}...6.B.Y.|
-00000060  d9 01 45 e4 03 8b c8 f3  b7 2f 0f 77 62 69 ad 35  |..E....../.wbi.5|
-00000070  16 ef 99 94 7f af 7c f5  44 19 99 65 97 d3 15 af  |......|.D..e....|
-00000080  82 06 1d 80 ab 55 51 70  c7 23 15 5b 00 fb 93 e6  |.....UQp.#.[....|
-00000090  5e 06 c9 db 87 98 af 0b  38 68 5f 0a 06 35 2b bd  |^.......8h_..5+.|
-000000a0  15 04 57 e6 1c 70 35 b3  2a 16 c7 f6 7e 3b bf d7  |..W..p5.*...~;..|
-000000b0  3f f6 35 bd a9 cc 6d aa  75 b4 16 6d 81 0e 34 ab  |?.5...m.u..m..4.|
-000000c0  2e de e7 4a 2e 13 69 c5  c2 e2 2d 38 e6 3f 8a f4  |...J..i...-8.?..|
-000000d0  d5 6a a2 9d 28 a7 98 30  e3 9a 8a 86 15 e6 00 45  |.j..(..0.......E|
-000000e0  63 43 1d 28 b0 24 39 06  5e cb cb eb a1 cc 75 f3  |cC.(.$9.^.....u.|
-000000f0  18 e4 d0 e6 49 0b 00 5d  67 18 35 52 b4 fa ec 9a  |....I..]g.5R....|
-00000100  6a 26 1b f8 38 ef f4 be  30 ef af bb bb 3f 28 a2  |j&..8...0....?(.|
-00000110  0e 17 48 a6 3c d1 73 a7  45 12 4e 7e b2 87 e2 4a  |..H.<.s.E.N~...J|
-00000120  92 6e 26 3a f5 17 08 87  7b 34 bc 11 36 51 5f 0b  |.n&:....{4..6Q_.|
-00000130  e4 05 a9 b7 a5 bd 51 fa  77 e3 72 31 84           |......Q.w.r1.|
+00000000  16 03 03 01 34 d8 7e 6c  f6 7b d5 eb 3f 49 63 78  |....4.~l.{..?Icx|
+00000010  28 92 1c 8b 67 f2 70 a7  ff e2 91 42 43 d8 90 4e  |(...g.p....BC..N|
+00000020  01 47 0a 12 bb 9d a2 9a  e1 a2 d6 ee 5e 91 8c 4d  |.G..........^..M|
+00000030  86 8e 29 d4 e0 b3 67 0f  c4 5e a9 02 c9 e3 8f f0  |..)...g..^......|
+00000040  e6 ea 24 50 da 57 70 35  58 98 81 3e ff b8 8d ea  |..$P.Wp5X..>....|
+00000050  b3 e0 f0 a1 91 39 69 33  40 bc 0f 67 21 10 67 f4  |.....9i3@..g!.g.|
+00000060  93 66 0c f2 66 aa fd a5  2c 8d 2b 38 31 30 b3 50  |.f..f...,.+810.P|
+00000070  71 09 de ce 22 59 c3 96  5a 07 84 c0 1f 96 5c e3  |q..."Y..Z.....\.|
+00000080  7e 6b c8 7e 3f a5 32 77  20 3c 7b 92 df bc 11 57  |~k.~?.2w <{....W|
+00000090  86 e5 a1 03 78 9c 08 ea  49 bc a7 1b 6b fb 47 6d  |....x...I...k.Gm|
+000000a0  9a 86 14 fa cc 98 e6 9a  f8 39 18 57 36 fb 1b ff  |.........9.W6...|
+000000b0  ae ce 1e 96 20 9d 16 be  c6 00 45 51 2a 5a 7b 46  |.... .....EQ*Z{F|
+000000c0  9c c9 c1 eb fb fc 37 52  8d b2 22 e3 58 6a d1 fe  |......7R..".Xj..|
+000000d0  71 55 18 4b ff 92 e1 16  62 29 cb fb d0 0d 94 22  |qU.K....b)....."|
+000000e0  13 ee 8e bb 75 2e 1c ae  11 61 3d 37 69 0d 51 b0  |....u....a=7i.Q.|
+000000f0  61 e3 7f 94 08 54 3a 49  68 94 b5 64 da ac a9 a4  |a....T:Ih..d....|
+00000100  e2 3f 65 ad d7 42 8e 0b  70 5f 4f 6d 6e 0c 27 51  |.?e..B..p_Omn.'Q|
+00000110  5a 48 57 71 6e 9b 58 e0  6e 05 40 48 a8 20 36 98  |ZHWqn.X.n.@H. 6.|
+00000120  f8 71 a3 ef 2d db 8c ae  fa a5 14 d8 1f ff ad 7b  |.q..-..........{|
+00000130  2a 15 0d fb 3d e8 1b fe  48                       |*...=...H|
 >>> Flow 8 (server to client)
-00000000  16 03 03 00 85 5d 34 8c  78 d1 0e 67 b7 5c ee 45  |.....]4.x..g.\.E|
-00000010  ec f6 47 3c 67 11 2e 53  a5 a4 54 d2 25 80 88 bf  |..G<g..S..T.%...|
-00000020  41 89 8f 8f 2d a2 42 48  d7 3c 27 0f f8 45 6b 17  |A...-.BH.<'..Ek.|
-00000030  1a f7 dd 9d 1a aa 92 46  79 1c 24 01 ff 8e c3 17  |.......Fy.$.....|
-00000040  84 07 49 8c 62 8d ca 26  57 40 55 b4 1d 88 98 99  |..I.b..&W@U.....|
-00000050  57 dd e5 23 ab 8e 51 37  4b 57 4e 6e 99 0b a3 18  |W..#..Q7KWNn....|
-00000060  74 ed c5 2d 06 e6 4c e8  65 c0 96 44 44 ce ec 3c  |t..-..L.e..DD..<|
-00000070  7c ef ad c2 08 6b 9f 0f  13 03 1e 66 db 99 07 74  ||....k.....f...t|
-00000080  8b ae cd 6d 78 bd 93 25  76 8a 16 03 03 02 69 8d  |...mx..%v.....i.|
-00000090  e5 8b e8 c8 93 2e f7 70  46 e2 1f cc d5 02 65 7c  |.......pF.....e||
-000000a0  e5 b3 09 7c ea ef 81 b5  a9 f6 52 ab e5 6c f1 ee  |...|......R..l..|
-000000b0  e4 b6 f9 d0 be 7e 47 fe  f7 65 d0 e8 39 4e 99 d9  |.....~G..e..9N..|
-000000c0  4a 00 80 4d ca cb 8b 32  58 d4 63 64 e5 fe f4 1b  |J..M...2X.cd....|
-000000d0  24 c0 00 ea 10 d3 19 04  a7 7a a3 37 79 04 17 6d  |$........z.7y..m|
-000000e0  d3 35 df 6a 0e dc 26 4e  59 48 7e 56 b8 ca e4 57  |.5.j..&NYH~V...W|
-000000f0  ae 66 c9 37 54 e4 a8 0e  2a b5 e5 be 7f ed 35 80  |.f.7T...*.....5.|
-00000100  12 eb 2d 3c d1 04 0c c1  9e ef 0d 60 2e 1c 94 94  |..-<.......`....|
-00000110  b2 39 46 dd 83 22 5a 09  b5 ef 66 6d 8f 2b 32 ca  |.9F.."Z...fm.+2.|
-00000120  b9 28 08 d4 a6 36 6b 62  5c 64 c6 e5 2b 61 13 81  |.(...6kb\d..+a..|
-00000130  50 e5 56 9d d2 ab 3f 7d  ea 1b 4c d3 ff b0 ed 95  |P.V...?}..L.....|
-00000140  20 62 58 ba af 27 51 b4  91 24 37 d7 ac a8 c7 21  | bX..'Q..$7....!|
-00000150  20 54 71 d2 00 d3 39 8a  c1 c4 c7 17 87 21 9d 45  | Tq...9......!.E|
-00000160  36 22 da 4b 89 9e 8b ae  bd 8f c5 94 ee 80 4f 55  |6".K..........OU|
-00000170  6b 43 06 c7 ad 89 50 a9  64 2e de 68 df bc 21 d9  |kC....P.d..h..!.|
-00000180  28 d6 cf 3d e5 94 77 9f  8b 96 f0 fc b6 31 1f 7c  |(..=..w......1.||
-00000190  f8 85 9f 8a 2f 92 7a 52  5b 1c 42 77 87 2e 1b 0a  |..../.zR[.Bw....|
-000001a0  1d 6b a6 09 15 96 77 b0  c1 47 ee b4 54 60 df 2a  |.k....w..G..T`.*|
-000001b0  c7 86 85 c5 3a ee c9 e2  cd b8 99 fc 9d 30 9f a6  |....:........0..|
-000001c0  eb 6c ef 25 18 4c 58 11  45 1f 14 be 4f 2c a7 ed  |.l.%.LX.E...O,..|
-000001d0  71 e8 c2 70 3d e8 b6 55  3f a6 52 44 fd d1 6c 13  |q..p=..U?.RD..l.|
-000001e0  32 df e9 c2 ea 42 1b 69  ce 9d 79 77 b1 a3 f8 a2  |2....B.i..yw....|
-000001f0  ee 28 c2 bc 0e 99 86 fd  d2 e7 f7 2a 14 1c ea a7  |.(.........*....|
-00000200  3a 26 dd 23 4b 48 44 55  ac ea 5e 0e 12 18 49 7a  |:&.#KHDU..^...Iz|
-00000210  56 bc c0 2e 8a 5c 96 83  8d e7 ad c3 25 b2 dd d1  |V....\......%...|
-00000220  2c d3 f7 16 61 78 26 50  f5 69 34 e4 07 3a 0f c6  |,...ax&P.i4..:..|
-00000230  26 fb be e2 a9 b0 76 a2  67 ed 65 75 89 c8 c6 a9  |&.....v.g.eu....|
-00000240  80 8e c6 96 b6 18 61 9e  e9 2e 51 cb 8b 3d 7c db  |......a...Q..=|.|
-00000250  2a a0 5b d6 21 e8 ef a8  83 dc 1a 79 98 18 6d b5  |*.[.!......y..m.|
-00000260  8a b1 7c 6b 4e 8a ad 13  11 94 74 e8 b5 be 1d 74  |..|kN.....t....t|
-00000270  ce 13 b6 1a c4 83 cc fa  ed ec 1e a2 e8 78 2f ac  |.............x/.|
-00000280  b9 51 c7 8e d7 f4 16 e7  31 63 95 cd 79 fc a3 42  |.Q......1c..y..B|
-00000290  99 c4 a7 26 14 6a 0d c3  26 e0 08 bd 21 c8 b8 56  |...&.j..&...!..V|
-000002a0  3e 0e 98 42 76 3d e6 82  51 6c 6a a1 78 c0 c5 9a  |>..Bv=..Qlj.x...|
-000002b0  70 1b 9e 70 63 e3 e6 c4  9a ed c9 1e 9f 95 dd e2  |p..pc...........|
-000002c0  8e b9 12 7d 7a d1 3b 49  df 4c cc ba b4 2d 91 34  |...}z.;I.L...-.4|
-000002d0  f8 05 1e d1 66 39 49 99  49 18 45 da 24 65 bb f8  |....f9I.I.E.$e..|
-000002e0  d0 40 87 6d 5b 5a 2a 41  40 f0 98 07 3c 1a 9e 81  |.@.m[Z*A@...<...|
-000002f0  8f 5d 44 80 10 0b bb f4  16 03 03 00 bc 8a 5e 4c  |.]D...........^L|
-00000300  7b 86 c6 d6 f1 fa ba 03  2d 16 75 46 6a 72 b9 98  |{.......-.uFjr..|
-00000310  11 75 b5 34 96 6a f9 61  7a b4 47 2d 67 b8 ab 1f  |.u.4.j.az.G-g...|
-00000320  69 60 1f 28 ff 3d 03 61  62 22 7a 35 73 e7 0e 15  |i`.(.=.ab"z5s...|
-00000330  f5 e9 64 a6 8b dc e3 f4  fe 7b 53 82 48 6f df fb  |..d......{S.Ho..|
-00000340  69 b8 c3 4c a9 dc 87 8b  46 99 1f ef ae 6a 40 56  |i..L....F....j@V|
-00000350  81 fd e9 1d 8c 8d 12 c0  07 77 fa e3 e2 cd 48 33  |.........w....H3|
-00000360  de b9 db 09 0d d4 eb cc  a5 9e 43 75 b6 45 09 c2  |..........Cu.E..|
-00000370  08 ff cc fa c6 3b 97 da  85 9a c4 9f 56 03 ed b8  |.....;......V...|
-00000380  a5 98 ec b3 b8 d4 39 b5  07 32 b4 f6 70 1f 9f 1d  |......9..2..p...|
-00000390  6e 0e fc 22 6d 1d 29 b7  d7 83 f3 2e 1a 8e d0 77  |n.."m.)........w|
-000003a0  e9 82 4f 21 94 0d e6 39  f4 4f 57 74 0e a6 0d a3  |..O!...9.OWt....|
-000003b0  bf ee 24 ac 3e be f6 46  bb 16 03 03 00 4a 0a eb  |..$.>..F.....J..|
-000003c0  93 1a d4 ab 57 53 2c 5c  40 f1 f8 2f 6c 93 f3 2a  |....WS,\@../l..*|
-000003d0  6d a0 19 d4 d3 92 1a b0  ae 2d 15 9c 63 21 0f 06  |m........-..c!..|
-000003e0  8b ef 7c a4 a6 dc d8 6c  63 ec 24 ce ce ce 55 fa  |..|....lc.$...U.|
-000003f0  de 31 53 2b df 27 4c 20  60 97 f2 62 86 33 97 b2  |.1S+.'L `..b.3..|
-00000400  69 d0 aa 44 3f 1f 02 d5  16 03 03 00 14 0b e0 0c  |i..D?...........|
-00000410  7b 88 84 70 49 7a e4 80  7a 85 90 76 cc aa 0b 42  |{..pIz..z..v...B|
-00000420  6b                                                |k|
+00000000  16 03 03 00 85 1b 2d 33  65 c9 76 7a 52 fc bf 49  |......-3e.vzR..I|
+00000010  7f 21 89 e6 3d 0e 79 55  83 8d 2e de b9 c4 57 08  |.!..=.yU......W.|
+00000020  fc 79 f5 32 95 9f 97 fe  a9 40 3a e6 c6 ec 2a e2  |.y.2.....@:...*.|
+00000030  92 4c cc 48 0b ac bc 66  58 c6 0f 5c b6 62 3d a6  |.L.H...fX..\.b=.|
+00000040  86 9f 4c f5 0d 2e 4b 69  cb 7a 62 25 08 04 de 51  |..L...Ki.zb%...Q|
+00000050  6c 78 99 ff b2 96 5f 3d  85 60 34 28 2e b4 64 ec  |lx...._=.`4(..d.|
+00000060  33 d8 c1 09 49 cf 10 ee  19 6c 89 67 28 b1 4d 00  |3...I....l.g(.M.|
+00000070  08 43 33 8e 8e b9 bf 25  73 a9 88 5d 0d 97 09 26  |.C3....%s..]...&|
+00000080  d3 3d 7f 7e fa da e4 89  16 a5 16 03 03 02 69 3c  |.=.~..........i<|
+00000090  8b c1 7c 1e a4 46 7d 21  40 ed 6f 45 c2 c0 19 d3  |..|..F}!@.oE....|
+000000a0  18 e3 b7 e1 a4 d0 c0 ad  4f cf a7 0f d3 39 ad 0f  |........O....9..|
+000000b0  6a 70 28 d2 ab 8e 26 93  e1 f4 4d 25 65 1a 7e 44  |jp(...&...M%e.~D|
+000000c0  63 30 3c 54 8a 2f 1e 31  f6 d2 e2 26 66 43 91 df  |c0<T./.1...&fC..|
+000000d0  ac 1c a2 2e da e3 be 6f  66 bb a4 f8 42 40 c5 71  |.......of...B@.q|
+000000e0  32 ea ae e1 29 97 44 6a  66 95 b8 b1 fb 21 36 35  |2...).Djf....!65|
+000000f0  ca a3 5a 4f 71 79 29 42  da 44 a2 b0 90 46 7e 15  |..ZOqy)B.D...F~.|
+00000100  e7 58 94 50 bc 09 ac 28  23 4e 18 0e f2 b9 af 66  |.X.P...(#N.....f|
+00000110  6b 13 6e a0 cc a3 8f d3  f3 b1 a3 27 e0 bf bf 84  |k.n........'....|
+00000120  6a d6 fd 19 1c 97 f1 70  79 c2 f0 e3 96 25 87 ae  |j......py....%..|
+00000130  b0 03 30 5e 32 2a a4 02  1b 33 28 0f 5a f8 14 2f  |..0^2*...3(.Z../|
+00000140  27 08 05 ca d9 02 a4 18  b2 0a 75 ad 04 3b e0 98  |'.........u..;..|
+00000150  59 1d de 8c 60 4a bf 17  a4 cf 0a ed f4 6e 94 66  |Y...`J.......n.f|
+00000160  e0 41 da 86 ac 8b 39 d9  7c ee bb 98 eb 27 9d 36  |.A....9.|....'.6|
+00000170  d5 e3 ea 5f 32 62 0f 3b  f3 46 c9 32 ce a9 2a da  |..._2b.;.F.2..*.|
+00000180  32 f8 69 06 1c f4 64 6c  55 19 5d 93 05 1c 93 a0  |2.i...dlU.].....|
+00000190  58 b3 a5 4b 33 35 02 9b  dc 5f 98 24 15 f8 77 20  |X..K35..._.$..w |
+000001a0  d8 8b 19 27 24 8a 12 a4  cc e0 ae 22 58 31 16 7a  |...'$......"X1.z|
+000001b0  3c 9d 1e 36 d3 60 d5 37  40 73 5c 02 1a dc 30 71  |<..6.`.7@s\...0q|
+000001c0  8c c4 31 2a 29 28 bc 88  e9 94 8f ca d2 df ad c8  |..1*)(..........|
+000001d0  88 c7 10 ec 3e bb 1b c3  64 bc c0 ae 56 2a b2 68  |....>...d...V*.h|
+000001e0  45 68 13 da c6 eb 5d f2  7b 51 bd b4 8e 25 0d b7  |Eh....].{Q...%..|
+000001f0  f0 03 dd 2b cd 93 7f 00  96 ca 75 c1 1b c7 d0 95  |...+......u.....|
+00000200  0f 08 52 e0 d6 c9 2c b2  42 b3 0b 0c ed e1 01 e3  |..R...,.B.......|
+00000210  7d ef b1 fb 80 76 c8 08  ec 9f c2 13 a5 04 05 fe  |}....v..........|
+00000220  33 c2 b7 2e 1a 2b 4a 74  f5 f5 92 ad e8 cf f7 76  |3....+Jt.......v|
+00000230  3e 7c 69 4b 2d be 9b 08  3b 80 97 66 63 e5 df db  |>|iK-...;..fc...|
+00000240  1a a4 aa 8a bd 43 2a 65  44 6d f1 e6 60 92 cd 98  |.....C*eDm..`...|
+00000250  a9 ac 81 de fb 22 06 f4  ca 90 4a 67 64 3f 25 ab  |....."....Jgd?%.|
+00000260  3c db 77 cb bc 32 55 bc  2d 48 4e 32 c7 48 d1 2f  |<.w..2U.-HN2.H./|
+00000270  bf 80 03 7e 27 92 8b 6a  90 35 ab 8e 93 dd 27 c7  |...~'..j.5....'.|
+00000280  7d d6 a7 ea d8 1f 6a 43  57 34 d2 a9 7c c3 23 55  |}.....jCW4..|.#U|
+00000290  62 5b 98 80 a1 ec 61 53  63 b9 a7 89 85 7e a8 0e  |b[....aSc....~..|
+000002a0  31 e9 9f 82 e9 1a b3 25  b8 d3 bf 4b f7 da 40 ce  |1......%...K..@.|
+000002b0  30 95 8f 41 75 9e 99 f5  3f fd 90 57 77 ee ad b7  |0..Au...?..Ww...|
+000002c0  56 1e fd a6 d6 98 ae d3  a0 36 8a e0 19 a5 64 63  |V........6....dc|
+000002d0  8f 08 d3 e6 2b c3 8a 29  90 8d e0 d7 1d 8b 84 6d  |....+..).......m|
+000002e0  a8 7a 0d 8b 6d 0e d5 fa  bd c1 31 13 c7 39 61 f6  |.z..m.....1..9a.|
+000002f0  e8 b3 fd 4d fe 49 a0 2c  16 03 03 00 bc 6d 99 1c  |...M.I.,.....m..|
+00000300  76 24 e6 f4 79 ac da e5  71 78 32 8d df a7 74 a4  |v$..y...qx2...t.|
+00000310  e1 22 43 86 62 7a 99 34  9e c1 c7 82 82 f2 ad c0  |."C.bz.4........|
+00000320  cb e5 54 c7 2d 3f bd 00  ba 4f 9f 6b 90 c2 2c bf  |..T.-?...O.k..,.|
+00000330  d5 d1 20 48 28 f0 bc 21  d4 1f 8d a9 89 82 ce 3d  |.. H(..!.......=|
+00000340  b2 52 bd 91 57 65 da 07  74 d9 56 b3 54 a7 2c 20  |.R..We..t.V.T., |
+00000350  93 5e 79 59 d0 d3 33 95  a9 de f6 a4 48 37 11 10  |.^yY..3.....H7..|
+00000360  a7 34 2a 2b 30 a5 24 03  5b d5 63 78 1f ad ca 70  |.4*+0.$.[.cx...p|
+00000370  ff f9 22 ca bc 23 ac 4d  eb 5a d7 de af 31 72 25  |.."..#.M.Z...1r%|
+00000380  84 24 72 b7 b8 c0 a5 7a  b6 7e a9 95 42 bb 5e 52  |.$r....z.~..B.^R|
+00000390  6c 13 87 c2 b5 17 04 a8  0a 43 d0 b4 96 12 12 4b  |l........C.....K|
+000003a0  1e d1 0b ab a1 5d 1a bc  48 15 ec 88 e6 7b 57 aa  |.....]..H....{W.|
+000003b0  da 3b 7f 0b cc 11 93 8f  ee 16 03 03 00 4a 35 4e  |.;...........J5N|
+000003c0  5f 82 88 e9 d5 24 cc 81  3c 0a cc 49 63 13 ea 0c  |_....$..<..Ic...|
+000003d0  e6 d7 a9 f2 7b 4f 7f d4  c1 d8 71 4e 1d e6 68 e6  |....{O....qN..h.|
+000003e0  7e ba 73 f8 23 a5 af 1a  05 35 4c bf 88 8d 8a 90  |~.s.#....5L.....|
+000003f0  09 26 34 1d b6 88 92 2d  60 92 52 2c cb 45 02 a4  |.&4....-`.R,.E..|
+00000400  78 54 3d a3 44 d3 f9 46  16 03 03 00 14 58 29 f7  |xT=.D..F.....X).|
+00000410  44 f4 a0 9f 65 d8 47 1a  01 7e 1b 95 3b 5f 1f 4a  |D...e.G..~..;_.J|
+00000420  12                                                |.|
 >>> Flow 9 (client to server)
-00000000  16 03 03 02 69 97 93 8b  02 bb 85 f7 ec fd ae 99  |....i...........|
-00000010  d2 31 6c 04 64 02 ee dd  86 ea c2 9c 40 22 5a fc  |.1l.d.......@"Z.|
-00000020  6e 6e 66 30 1d bb 71 40  90 b1 c2 1c 38 53 37 21  |nnf0..q@....8S7!|
-00000030  87 a2 df c3 68 b9 c1 90  46 df 73 f8 ba 20 7e 83  |....h...F.s.. ~.|
-00000040  49 2d d8 3c a4 4a 4b 41  70 5d ee 65 68 31 3d f4  |I-.<.JKAp].eh1=.|
-00000050  44 ce 10 be d8 d1 bc 21  25 f0 66 36 f0 b9 8b b9  |D......!%.f6....|
-00000060  89 cc 0c b8 b2 67 ef 86  24 ed 54 2e e8 b7 b3 87  |.....g..$.T.....|
-00000070  c9 58 fa db 3d 0a 78 bb  68 fa 86 26 bd 8b aa 4c  |.X..=.x.h..&...L|
-00000080  f5 8a f8 6a 82 b1 12 79  39 20 71 c4 3f 6a fc 9c  |...j...y9 q.?j..|
-00000090  4a 44 e0 ea 7e 06 35 23  77 dd 07 0e c1 89 85 19  |JD..~.5#w.......|
-000000a0  98 7b e0 31 2d d0 a2 de  be a9 fe 1a 8d ef 45 52  |.{.1-.........ER|
-000000b0  5c ee 4e 7f 0d 69 41 9b  84 a6 84 6c 41 42 31 8c  |\.N..iA....lAB1.|
-000000c0  b8 24 0d cc 54 a6 81 dd  8b 3a 8a 6c ef 75 8c 6b  |.$..T....:.l.u.k|
-000000d0  01 ce 6a ea ae 67 c3 96  8b b6 42 20 c9 e6 7b 2c  |..j..g....B ..{,|
-000000e0  79 fe 1c 25 42 55 95 65  a4 af 16 ec aa 49 e4 fa  |y..%BU.e.....I..|
-000000f0  e5 38 5b c2 82 02 ca 34  8a 20 27 c3 46 55 79 ad  |.8[....4. '.FUy.|
-00000100  31 18 27 ed 14 dc dc ab  75 ba 1f 4c f7 1c 74 f3  |1.'.....u..L..t.|
-00000110  d4 a3 52 f8 39 fe 21 d9  fc 08 7f c6 2c 86 54 90  |..R.9.!.....,.T.|
-00000120  c1 2e b0 de 84 25 eb 36  16 4e 96 c5 fc 6f 83 2b  |.....%.6.N...o.+|
-00000130  3e ad 30 6b ae 33 b2 03  87 2f b7 33 14 50 37 a0  |>.0k.3.../.3.P7.|
-00000140  19 cf 41 1c 68 c9 b8 5c  29 f6 34 db 13 40 10 16  |..A.h..\).4..@..|
-00000150  7c 22 42 38 d5 43 4f 46  4d ae bd e2 7d 78 5f b6  ||"B8.COFM...}x_.|
-00000160  12 ba 19 5a 18 ae b7 76  d6 ae 71 c3 5b c4 b5 3a  |...Z...v..q.[..:|
-00000170  b5 b6 52 9b 0b 92 30 41  4d a0 f4 62 2c c7 4f 27  |..R...0AM..b,.O'|
-00000180  04 f5 7e 77 04 89 11 2a  e0 0c 5e 21 3b 75 13 bf  |..~w...*..^!;u..|
-00000190  1f 48 ed 4d 05 b3 67 f3  d8 71 99 fb 23 c5 0f fd  |.H.M..g..q..#...|
-000001a0  47 7c 36 f8 e0 25 53 f4  15 bd 77 db f5 71 a1 6e  |G|6..%S...w..q.n|
-000001b0  6a 1a 06 a1 8a 5d 2b 28  89 82 7b 29 aa b1 68 a6  |j....]+(..{)..h.|
-000001c0  fb 29 a8 cb ee e0 71 de  52 b8 8a 57 63 ff 74 a5  |.)....q.R..Wc.t.|
-000001d0  ca 8c b5 44 23 74 ab 86  74 cf 82 0b fc 23 90 95  |...D#t..t....#..|
-000001e0  3d 83 87 5a aa af 5d d1  c6 4b dc b0 f3 0f 44 57  |=..Z..]..K....DW|
-000001f0  ca 47 a1 28 64 64 4d 81  15 11 92 5a 8c b9 8d ef  |.G.(ddM....Z....|
-00000200  a9 18 58 67 c7 c3 3b a7  9d 41 be 74 67 cb a8 3e  |..Xg..;..A.tg..>|
-00000210  3d a4 b0 4e 92 15 c1 4a  38 6d 48 ba 57 4b 42 a9  |=..N...J8mH.WKB.|
-00000220  2c de de 6a 5b 60 3e 9d  09 5e 8e d4 97 4a 31 52  |,..j[`>..^...J1R|
-00000230  47 5c ce bc f8 14 49 78  6b 5a 36 aa 3b c7 bc e7  |G\....IxkZ6.;...|
-00000240  59 17 a1 18 d3 b1 54 e8  54 8a 1c 07 a5 3b 9f bd  |Y.....T.T....;..|
-00000250  d1 60 7d e8 78 8c be b2  ea 20 26 59 65 ef 70 71  |.`}.x.... &Ye.pq|
-00000260  98 73 0c 43 cb 3a bc 61  8a f8 19 a4 89 0b 16 03  |.s.C.:.a........|
-00000270  03 00 35 28 53 40 d2 93  99 84 8e d8 fc f1 4a 3e  |..5(S@........J>|
-00000280  22 26 d3 2b c0 e9 32 d4  49 7b 7d 19 61 29 ab 28  |"&.+..2.I{}.a).(|
-00000290  e7 e4 a2 13 2e 5a a8 7f  ef e7 19 7b 9c de fc 21  |.....Z.....{...!|
-000002a0  2a 3d f0 3a d3 dc 17 d2  16 03 03 00 98 30 c7 f4  |*=.:.........0..|
-000002b0  b6 60 3b 87 88 e1 0e 26  d2 34 49 de 8c b8 99 35  |.`;....&.4I....5|
-000002c0  fe 6f 11 4b 8b ab d9 ce  11 b1 f5 05 8d 6b c1 91  |.o.K.........k..|
-000002d0  c8 69 cb 2b 04 99 12 ed  8b 7a 63 e2 9c 5d 80 63  |.i.+.....zc..].c|
-000002e0  57 74 8f 1f 9c f4 6b cb  51 57 6b 33 3e 1b 81 54  |Wt....k.QWk3>..T|
-000002f0  73 54 5c 28 f1 fe 2f 88  41 ea 2b 52 30 93 0e 98  |sT\(../.A.+R0...|
-00000300  fe b1 59 0e 01 26 06 f0  fd 77 cb 59 ec b7 4c 4f  |..Y..&...w.Y..LO|
-00000310  cd 40 c0 36 11 d2 dd c8  1a 40 e2 ba 9c d9 39 99  |.@.6.....@....9.|
-00000320  9a d3 9b 37 ee 76 8b 22  fb 42 a8 90 c6 8d 92 4b  |...7.v.".B.....K|
-00000330  57 83 33 04 75 6a 79 69  8f f9 4d fd d6 bd 01 76  |W.3.ujyi..M....v|
-00000340  98 36 7d b2 b5 14 03 03  00 11 85 15 d7 33 6d 47  |.6}..........3mG|
-00000350  80 84 38 df a3 c2 91 0b  1c e0 82 16 03 03 00 20  |..8............ |
-00000360  0d cc f8 79 c6 13 4e 81  b7 a7 2d 03 18 7e 9d 24  |...y..N...-..~.$|
-00000370  2e 89 d7 7d bf ab a7 1d  2f 15 c1 80 3d f2 89 68  |...}..../...=..h|
+00000000  16 03 03 02 69 ef e7 da  35 77 b6 d6 09 a1 71 43  |....i...5w....qC|
+00000010  1c 2b 72 d6 65 ea b4 38  e4 13 c1 85 c3 36 bb f4  |.+r.e..8.....6..|
+00000020  ef 1a b8 94 de 11 22 6e  b8 28 14 05 88 2a 5d 7a  |......"n.(...*]z|
+00000030  7c 0a 00 ac 74 ce 4f f8  b3 94 5d 5c a1 aa 3e 20  ||...t.O...]\..> |
+00000040  ee 0b e3 50 3d e7 4f 4d  ad 5c 9e 6e 8e 75 26 b4  |...P=.OM.\.n.u&.|
+00000050  80 e1 85 3f ae 76 6f 95  6e f0 79 98 3d 86 17 9c  |...?.vo.n.y.=...|
+00000060  e9 d6 35 1d f5 15 ea c5  29 67 15 9d 03 4b 41 9d  |..5.....)g...KA.|
+00000070  25 b3 ab 3a b0 12 d1 ff  fc 9e 25 af ff 8a c8 1c  |%..:......%.....|
+00000080  4b 4e f0 10 9d d3 98 6e  66 0a 13 82 b9 04 d7 39  |KN.....nf......9|
+00000090  b2 2c c5 f9 cf be 4b 8b  8a 28 e9 24 db c8 fe d6  |.,....K..(.$....|
+000000a0  a1 b1 3c 9e 19 92 0b 5d  2e c8 5f 56 35 dc 16 46  |..<....].._V5..F|
+000000b0  7b a1 d2 43 d9 ee 3f a7  74 c1 4c ed 2a 84 4a ad  |{..C..?.t.L.*.J.|
+000000c0  76 a2 bc 90 8d 19 06 11  1a 6d b8 e0 3a 8e 0d 33  |v........m..:..3|
+000000d0  f2 ad 06 d7 e5 a3 16 8c  14 07 4c 84 8a 47 13 c1  |..........L..G..|
+000000e0  b1 cb 81 8b d7 5b fb 04  2b da 3c 7f d1 0f 2b 8b  |.....[..+.<...+.|
+000000f0  23 ad f5 f1 09 82 24 80  5c bc f7 68 69 c0 90 5f  |#.....$.\..hi.._|
+00000100  fa 96 b4 9d 51 0e 96 1e  06 2a d1 98 5d 96 95 68  |....Q....*..]..h|
+00000110  de df 40 f9 f6 b1 f2 ef  a7 c4 0c 05 ee b3 63 8d  |..@...........c.|
+00000120  3a 1e a2 d8 34 2a b2 99  c3 17 03 60 18 4f 43 21  |:...4*.....`.OC!|
+00000130  99 4f 81 c1 11 8e a4 45  79 d8 fa fc b2 9a f8 d0  |.O.....Ey.......|
+00000140  95 10 79 38 45 1b 82 42  f0 bb 75 27 6b a2 53 d3  |..y8E..B..u'k.S.|
+00000150  e6 dd 2d 43 f5 80 fd 9a  59 ec 07 42 ee b0 9d bd  |..-C....Y..B....|
+00000160  33 dd 58 c8 57 e8 16 de  a4 21 c9 92 51 d2 e5 8b  |3.X.W....!..Q...|
+00000170  48 f5 cb a8 3a d8 f6 a3  b2 00 90 9e f0 e0 ca c7  |H...:...........|
+00000180  fe 79 70 f7 8e 5c 4b 3c  86 c8 cc ca b1 b6 05 e2  |.yp..\K<........|
+00000190  90 66 db 85 fc 7c 87 6f  e0 44 ed 2a c9 66 b7 de  |.f...|.o.D.*.f..|
+000001a0  c5 f0 d2 80 dd f2 c2 26  5b 84 cf b0 c4 78 7e 65  |.......&[....x~e|
+000001b0  66 d9 d8 c5 fe 97 b9 27  6e 55 11 c0 0b 3e e2 c9  |f......'nU...>..|
+000001c0  ce 4d dd 27 28 6f 62 45  70 b3 e4 0c 18 31 f1 b2  |.M.'(obEp....1..|
+000001d0  33 8f 7d 34 7c f6 f3 50  d9 a9 6b ec a7 cf c2 7b  |3.}4|..P..k....{|
+000001e0  36 21 d7 76 68 c1 0e 90  8d af 2e c5 d5 26 c7 c1  |6!.vh........&..|
+000001f0  0b 1c 43 85 a6 43 3e 96  67 46 2d 1e 0a c8 90 99  |..C..C>.gF-.....|
+00000200  0f 71 cc 60 49 68 2c df  17 68 e4 fa 79 05 50 ac  |.q.`Ih,..h..y.P.|
+00000210  16 d0 26 1f 7e 58 a2 dc  73 e9 05 8d 92 f6 8c 56  |..&.~X..s......V|
+00000220  db 08 0a b7 99 64 f7 5b  d0 5f f3 88 f5 02 f5 d0  |.....d.[._......|
+00000230  66 55 e3 db f4 d1 c9 d3  c1 f4 ab 8c 5c 39 fd 64  |fU..........\9.d|
+00000240  ec cd ab 63 da 7b 3e 64  1a b4 c3 d9 79 bd 92 e3  |...c.{>d....y...|
+00000250  97 68 a4 83 b5 f1 fa f5  05 04 84 39 e9 82 a6 84  |.h.........9....|
+00000260  e5 a0 6f a2 6d ea 6b ab  4c f8 a5 87 9c 9c 16 03  |..o.m.k.L.......|
+00000270  03 00 35 08 0b 50 f9 90  d3 e9 58 e5 5b df a1 99  |..5..P....X.[...|
+00000280  89 ea 0b 1a f1 4d e3 fd  a6 79 2c 61 ac 6f da 7c  |.....M...y,a.o.||
+00000290  2a 78 e1 38 05 35 2e 8b  db eb 25 fd eb 2f d7 a3  |*x.8.5....%../..|
+000002a0  27 9d 27 f2 b3 ff 20 8a  16 03 03 00 98 95 42 7e  |'.'... .......B~|
+000002b0  d5 86 40 42 dc 93 fe 80  ef 70 cc fb 2f b1 51 bd  |..@B.....p../.Q.|
+000002c0  ca 5f 1e 0d a0 3f c6 e0  c9 69 0e d4 dc 18 25 52  |._...?...i....%R|
+000002d0  5c c2 8c 37 f6 a8 e6 4d  48 27 81 4d 7a f3 49 5c  |\..7...MH'.Mz.I\|
+000002e0  92 92 68 a9 e0 dc d6 c5  b5 ea 99 5c 51 df 93 a1  |..h........\Q...|
+000002f0  36 2d 65 a8 cb ca 72 76  53 92 7d c7 81 5f 19 2c  |6-e...rvS.}.._.,|
+00000300  3e 83 29 16 41 65 4f 81  d7 3f 5c 15 f0 36 d9 75  |>.).AeO..?\..6.u|
+00000310  a7 c8 52 6f 5b b6 98 46  5e 39 31 83 1c 99 3f f9  |..Ro[..F^91...?.|
+00000320  9e 28 d7 94 ae a7 b4 f7  c9 ce 5b 74 2f 88 9e fd  |.(........[t/...|
+00000330  3c 1c 1e eb f4 b3 39 65  39 07 14 8e 3e 95 87 b2  |<.....9e9...>...|
+00000340  b8 4c e8 7d 3b 14 03 03  00 11 cc eb 21 2a 7c 9a  |.L.};.......!*|.|
+00000350  5c 35 9f 35 e3 09 dd f8  7a 4f 43 16 03 03 00 20  |\5.5....zOC.... |
+00000360  0b ff 00 c0 96 43 18 d9  9d ad 51 55 44 40 11 2f  |.....C....QUD@./|
+00000370  cd 1c bd ae ea 0a c9 eb  de 57 95 c2 81 63 79 4c  |.........W...cyL|
 >>> Flow 10 (server to client)
-00000000  14 03 03 00 11 81 c4 6d  51 fc a3 05 28 42 9a 59  |.......mQ...(B.Y|
-00000010  3f 84 d4 ac 19 a4 16 03  03 00 20 44 a9 25 3f 24  |?......... D.%?$|
-00000020  0a ab 91 47 24 f9 81 fc  1e ab d2 6b ee 81 04 b1  |...G$......k....|
-00000030  3e 16 1f 70 16 e2 74 f5  71 b8 74 17 03 03 00 19  |>..p..t.q.t.....|
-00000040  77 fa 0d b1 b4 fc b6 5b  d0 73 1a 94 d0 6c 05 7d  |w......[.s...l.}|
-00000050  1a fa 6e d4 00 4e 2e 91  e0 16 03 03 00 14 f0 79  |..n..N.........y|
-00000060  e5 37 1f 13 e6 a0 d3 4a  66 a9 e8 03 71 5f 67 37  |.7.....Jf...q_g7|
-00000070  aa b6                                             |..|
+00000000  14 03 03 00 11 d8 35 87  10 ce 65 af f6 19 4d 34  |......5...e...M4|
+00000010  6c 01 68 91 74 2d 16 03  03 00 20 70 df d4 bd c1  |l.h.t-.... p....|
+00000020  29 ac f3 f8 70 a4 5b ca  cb 7e 20 d4 1b 7e 2f 4b  |)...p.[..~ ..~/K|
+00000030  79 0b ea a3 ff 41 4a 5c  ff 5b 16 17 03 03 00 19  |y....AJ\.[......|
+00000040  4b 34 71 05 b5 b8 40 44  d4 2a ec f1 dc e1 ee 6a  |K4q...@D.*.....j|
+00000050  4f e6 c2 bf 44 98 0c 25  9b 16 03 03 00 14 98 20  |O...D..%....... |
+00000060  3c 7a 9f ba ba fd 6e 1f  a1 b9 4b d5 b9 d0 4c 75  |<z....n...K...Lu|
+00000070  1d b7                                             |..|
 >>> Flow 11 (client to server)
-00000000  16 03 03 01 38 e1 e6 8b  40 d6 ae f9 34 1a 27 20  |....8...@...4.' |
-00000010  67 ad c3 86 18 ee c0 e2  82 10 c1 33 df f6 4d 13  |g..........3..M.|
-00000020  46 a1 0b 23 25 12 2e 71  e9 50 2d 08 1c 53 47 a9  |F..#%..q.P-..SG.|
-00000030  69 bd e2 d3 f9 cf 44 91  ec 9a c7 2c ee 2a f8 4e  |i.....D....,.*.N|
-00000040  bf 07 22 9b 6d 00 48 63  78 63 ab 39 b2 be d3 64  |..".m.Hcxc.9...d|
-00000050  7b 46 7a 34 91 e0 1e fc  f4 89 49 e3 75 dc 6b 83  |{Fz4......I.u.k.|
-00000060  95 77 f0 cc 09 b0 3a 19  18 93 6e 9b 5d da b4 93  |.w....:...n.]...|
-00000070  d2 f6 ef de b0 e8 11 04  02 d2 a4 3d cd 95 fd cd  |...........=....|
-00000080  58 93 91 ed 45 1e b9 35  0b 46 5e fc f7 7a e4 18  |X...E..5.F^..z..|
-00000090  96 97 95 f9 8c 84 aa 7c  a9 67 f3 ac b6 e9 9f 12  |.......|.g......|
-000000a0  9f 0f fc 3a 3f 35 ae 13  49 42 04 21 0c b8 06 d3  |...:?5..IB.!....|
-000000b0  e2 13 7a 1e 57 cb 15 91  09 d2 9a 42 84 81 4f b7  |..z.W......B..O.|
-000000c0  6e 6f 8f c0 71 af 7b ca  37 9c 01 2a bc 37 04 8c  |no..q.{.7..*.7..|
-000000d0  ce 3e 82 7f 8b 4e 13 00  15 3c b6 8a 06 63 b6 68  |.>...N...<...c.h|
-000000e0  55 01 97 e6 d1 e1 b8 ae  2a c6 e7 4c fd e5 40 76  |U.......*..L..@v|
-000000f0  11 fa 18 12 db 98 d5 d9  61 8f 33 66 38 95 ba ae  |........a.3f8...|
-00000100  b6 1d 8e 03 27 6c 78 7a  89 82 0f ca 56 d4 19 ae  |....'lxz....V...|
-00000110  e2 79 6b 6d 80 b8 ce fc  3e 42 5a c7 e7 05 3b eb  |.ykm....>BZ...;.|
-00000120  a1 33 a0 56 92 e3 10 e6  ff 17 9b 2d 8e 40 56 fc  |.3.V.......-.@V.|
-00000130  76 9c a6 32 9f 7a a2 d8  e9 77 2f 9f e9           |v..2.z...w/..|
+00000000  16 03 03 01 34 82 8c 60  3d d0 8e d7 cd d6 37 37  |....4..`=.....77|
+00000010  d8 18 6f b1 8c b5 81 f3  0a bf 4f ca 6d 04 9e 6a  |..o.......O.m..j|
+00000020  4f ee bb a0 6c 40 40 96  96 94 b7 44 3d 56 1b 86  |O...l@@....D=V..|
+00000030  eb 52 55 5d 4d da eb 99  85 fb 28 b6 20 33 1c ec  |.RU]M.....(. 3..|
+00000040  95 d9 23 1d 69 fa 40 8f  3f 2b ae 5f 08 c9 eb 71  |..#.i.@.?+._...q|
+00000050  24 b8 4f b0 20 9f db 3d  cb d1 9e d7 7f f0 2e e9  |$.O. ..=........|
+00000060  c0 b5 81 ea 67 3f 70 cc  51 db 8c 00 6b 30 87 61  |....g?p.Q...k0.a|
+00000070  aa 75 dc 1e bc 19 33 82  c2 d4 6e 47 9c c8 ce 60  |.u....3...nG...`|
+00000080  01 73 f2 a9 73 c4 49 da  2e 69 4e 38 66 d8 ab 05  |.s..s.I..iN8f...|
+00000090  39 6b 42 13 43 22 26 ad  bd d7 78 f4 c6 81 b4 8a  |9kB.C"&...x.....|
+000000a0  73 52 6c b8 02 4c 08 fd  7c 79 3b 04 73 61 66 5b  |sRl..L..|y;.saf[|
+000000b0  59 98 50 7d d0 25 89 39  70 b0 e2 b4 3f c6 f1 ce  |Y.P}.%.9p...?...|
+000000c0  83 4b 4a a4 88 7b c5 59  c7 9e 3a e0 a9 d5 95 57  |.KJ..{.Y..:....W|
+000000d0  6f f0 ce 33 c6 58 69 30  04 8b 98 7d 80 74 35 2a  |o..3.Xi0...}.t5*|
+000000e0  a5 40 fe 3b e8 9b c7 2e  30 8c 61 9d e9 f5 56 b2  |.@.;....0.a...V.|
+000000f0  b7 a5 cd 9b a7 91 87 05  ee da e1 5e c7 00 c3 ae  |...........^....|
+00000100  1d c0 71 5d 02 03 15 e6  1b bc a5 da 04 78 89 c6  |..q].........x..|
+00000110  aa 3e 97 31 00 ff e9 12  23 9e 86 74 45 7b 8a db  |.>.1....#..tE{..|
+00000120  d8 c8 c0 8b 00 72 ee d8  a9 64 b8 1b 48 77 98 b9  |.....r...d..Hw..|
+00000130  20 61 b8 23 17 b5 65 7c  fb                       | a.#..e|.|
 >>> Flow 12 (server to client)
-00000000  16 03 03 00 85 12 4a cc  dd af 7e 9f 8f c0 5e dc  |......J...~...^.|
-00000010  db 49 95 90 d0 d4 78 49  8b 34 5c 22 7f f8 9b 42  |.I....xI.4\"...B|
-00000020  99 79 d3 d8 f2 ad 9e e1  67 80 84 8d b5 48 8c 9a  |.y......g....H..|
-00000030  ab 68 65 81 28 16 75 77  e6 57 8a 52 ba ab 2e 3d  |.he.(.uw.W.R...=|
-00000040  27 1c 90 fb 75 99 8f 2b  6b 4e 2c 78 3a f8 5b 25  |'...u..+kN,x:.[%|
-00000050  55 df c6 83 c6 0f 01 f0  00 b0 8e 02 51 62 aa 91  |U...........Qb..|
-00000060  1b 21 b7 2e b3 11 b6 5d  c4 38 04 3c af ad 3e a3  |.!.....].8.<..>.|
-00000070  f5 ec 8f 7f 6f 9d 7a eb  22 51 2c 9e 08 af 9d ab  |....o.z."Q,.....|
-00000080  a7 84 cb f8 68 78 9b 58  50 fa 16 03 03 02 69 07  |....hx.XP.....i.|
-00000090  17 f9 21 47 17 ee f7 d3  06 98 d4 32 e5 a1 c8 f0  |..!G.......2....|
-000000a0  ec eb 61 80 7f 2c 85 66  27 19 cd 8e 6f ca da 0f  |..a..,.f'...o...|
-000000b0  c5 34 76 9f b0 96 5d 6d  67 bd 17 7d 96 62 4e ce  |.4v...]mg..}.bN.|
-000000c0  a1 0e 40 79 6d 25 8c 81  41 a3 2d 0a ba cb d9 35  |..@ym%..A.-....5|
-000000d0  4e a7 fc 74 14 a2 c6 bd  57 46 6a d0 11 37 72 24  |N..t....WFj..7r$|
-000000e0  19 78 e5 86 51 04 f4 10  47 2f a5 d9 e6 44 47 e0  |.x..Q...G/...DG.|
-000000f0  1f 1b ce ea 6f c7 df 17  6a 68 69 01 30 73 e2 48  |....o...jhi.0s.H|
-00000100  61 50 3d 7d 85 aa 5f 74  4c 18 33 d0 e1 95 1b 9a  |aP=}.._tL.3.....|
-00000110  13 30 a2 f4 8e 8b 58 07  15 9b c8 74 ce 58 5b c1  |.0....X....t.X[.|
-00000120  03 75 97 39 5b 00 ee 5a  d6 ba 21 62 6a 19 41 0d  |.u.9[..Z..!bj.A.|
-00000130  4f 77 46 a0 2e 2d c3 77  50 2c dc 3f 04 32 6c be  |OwF..-.wP,.?.2l.|
-00000140  7f 73 c2 58 50 ac 78 eb  b9 b0 a0 2e b7 44 27 0f  |.s.XP.x......D'.|
-00000150  e8 0d 76 d5 a7 4e 9f df  36 bb 63 48 ce f6 2f 9c  |..v..N..6.cH../.|
-00000160  41 a6 76 38 63 72 a0 33  0f 88 94 0d a2 6e 46 d6  |A.v8cr.3.....nF.|
-00000170  57 25 33 e1 36 a0 bf 56  b8 d5 d0 04 2d 23 e8 ac  |W%3.6..V....-#..|
-00000180  93 2c 46 ac 1f e5 2a 48  88 0e 0d 11 67 fe de 21  |.,F...*H....g..!|
-00000190  31 e8 68 9b 7c 4c 49 b8  27 5a c4 89 a4 4c 09 f0  |1.h.|LI.'Z...L..|
-000001a0  de 5f 9c 60 bd 54 e5 96  2c bf a1 86 3a cb 5b 3f  |._.`.T..,...:.[?|
-000001b0  15 3f 4a b2 43 c9 88 0b  49 05 2d d7 61 43 dd 1c  |.?J.C...I.-.aC..|
-000001c0  a9 4d 52 17 98 4d 5b a7  cd 27 52 60 21 57 ed 09  |.MR..M[..'R`!W..|
-000001d0  29 0d c9 a1 b3 6f 11 3a  da 17 00 73 22 4e 7f 40  |)....o.:...s"N.@|
-000001e0  6f 0f 7a a7 7e 73 b8 be  08 b6 10 b3 bb 70 f5 4a  |o.z.~s.......p.J|
-000001f0  96 aa 07 9f e2 68 04 7c  01 e3 92 f9 15 cd 97 b5  |.....h.|........|
-00000200  4e 87 eb 5d 74 db 8b 5a  72 c1 7c b2 b8 73 83 2d  |N..]t..Zr.|..s.-|
-00000210  5f d9 d2 62 b2 db 20 9a  f2 54 ad d4 66 6c 52 9c  |_..b.. ..T..flR.|
-00000220  85 ef a4 90 ca e0 c4 4f  1f 82 0e 80 f5 02 56 e2  |.......O......V.|
-00000230  d0 78 fd 7e c6 73 89 12  5a 11 2e c9 6d a0 6f 8f  |.x.~.s..Z...m.o.|
-00000240  ea a1 4c 88 28 ee 66 79  9c 99 ff 6b e6 e7 f7 bf  |..L.(.fy...k....|
-00000250  1f ef 1f b9 65 46 1e 41  d8 33 13 a1 29 d1 1b 5f  |....eF.A.3..).._|
-00000260  b6 56 3c bf 28 02 d1 5b  b7 77 58 9e cd 4c 5f ac  |.V<.(..[.wX..L_.|
-00000270  2e 60 9e 0c 20 6a 0a 31  60 0b fb a4 75 20 5d c4  |.`.. j.1`...u ].|
-00000280  68 a6 94 bd 99 9c bb 00  57 9c 2e 55 e1 ca d1 0c  |h.......W..U....|
-00000290  40 1f 69 4f 88 79 da 4f  d1 b2 6f 1a 92 77 90 71  |@.iO.y.O..o..w.q|
-000002a0  34 d1 90 f7 c9 fc c9 ac  23 76 d3 2d 6c 54 fa 28  |4.......#v.-lT.(|
-000002b0  a5 2b df 1d f5 39 21 c1  4c 9c 53 08 f5 fc 19 e6  |.+...9!.L.S.....|
-000002c0  29 d4 c2 8b b1 f9 db ae  1f 29 ee 34 8f b0 fe 02  |)........).4....|
-000002d0  06 6a 3e a9 e0 2e e1 71  f8 63 15 f0 ac e5 6b f3  |.j>....q.c....k.|
-000002e0  db 3d b1 de c5 26 a5 18  22 d8 3a 74 1f 57 43 b5  |.=...&..".:t.WC.|
-000002f0  9e f6 40 cc fd ba 68 82  16 03 03 00 bc 0a 05 54  |..@...h........T|
-00000300  61 ad be a6 2a 6e ee f3  b7 fb 50 9f c5 f8 7d b3  |a...*n....P...}.|
-00000310  9a 85 ed 6f 36 5d f3 e5  05 1a c5 b9 6f 9f 2a 99  |...o6]......o.*.|
-00000320  75 d0 49 37 eb 82 fb e0  da bf 8f 6d 0e ab 11 c9  |u.I7.......m....|
-00000330  0d e1 d0 1a cd b1 e7 c9  c2 6e f4 90 ae 56 ba d2  |.........n...V..|
-00000340  65 af f4 7f c2 3c e8 d7  f6 49 57 61 c8 02 0e 72  |e....<...IWa...r|
-00000350  e5 d8 2f 3e f2 d9 4c 64  32 1a 95 f9 f4 f8 47 9f  |../>..Ld2.....G.|
-00000360  c5 63 6b f2 44 48 7f 69  ae 12 f7 ca ff 60 f0 51  |.ck.DH.i.....`.Q|
-00000370  9f 70 7b d9 86 03 fd 9d  d5 29 35 c1 bd 4d fe 45  |.p{......)5..M.E|
-00000380  e1 e0 15 dd 2d f4 20 54  50 61 ba d9 8c bf e6 f1  |....-. TPa......|
-00000390  4a 08 e1 c8 f7 24 f0 5f  41 4c 8e f3 fd 60 31 89  |J....$._AL...`1.|
-000003a0  d6 72 a9 e5 14 65 83 c1  ae be e7 b3 89 99 25 87  |.r...e........%.|
-000003b0  20 13 1b 0a a8 3d d3 dc  5c 16 03 03 00 14 71 4c  | ....=..\.....qL|
-000003c0  20 9c de 36 cc ed 88 6f  c8 84 5a 03 ee 1d cd 3c  | ..6...o..Z....<|
-000003d0  c7 88                                             |..|
+00000000  16 03 03 00 85 93 93 97  db ec 52 74 ce 78 ca e6  |..........Rt.x..|
+00000010  95 19 ac 68 2c 81 ad 6b  c3 6d d5 f7 84 a1 00 d0  |...h,..k.m......|
+00000020  15 4c ae 2d 10 6a 07 d3  82 af af f8 d9 5d 9d 65  |.L.-.j.......].e|
+00000030  8d c9 1e 8c 61 3e b3 67  71 89 41 7e 94 1e 4a 27  |....a>.gq.A~..J'|
+00000040  73 53 83 d4 70 44 9a 4f  8d e7 62 af 9b 71 9e 83  |sS..pD.O..b..q..|
+00000050  72 9a a1 e2 03 47 5f c3  11 4f 56 b9 6f 02 b5 b8  |r....G_..OV.o...|
+00000060  8b 4a cb 99 ed 62 58 45  2d 0f f1 25 ce e9 de 7d  |.J...bXE-..%...}|
+00000070  3f 17 a8 35 d5 73 06 6e  d6 bc 77 2a 82 27 d7 92  |?..5.s.n..w*.'..|
+00000080  91 67 68 07 52 4b ed a0  3c 95 16 03 03 02 69 11  |.gh.RK..<.....i.|
+00000090  73 93 d5 ad 00 17 11 3b  83 81 68 6d 3a 8a 02 1b  |s......;..hm:...|
+000000a0  90 df 84 f6 2b 4a b8 98  cf 50 0d dd 29 22 9d 58  |....+J...P..)".X|
+000000b0  ea 7b 2c 30 2d e7 e2 d1  ae ad 00 9e 01 f6 ef 96  |.{,0-...........|
+000000c0  ae a4 48 58 29 63 1d 2c  19 f3 c2 49 6f cf c9 7b  |..HX)c.,...Io..{|
+000000d0  e3 ca 5c e7 30 a0 b5 72  a9 3d 61 a2 0f 96 e4 d6  |..\.0..r.=a.....|
+000000e0  8f 93 66 f1 de 24 88 14  9f 8b 14 9a b5 94 f7 70  |..f..$.........p|
+000000f0  79 e4 94 68 b7 e0 f1 8e  d0 1b 56 da d0 ce 90 b2  |y..h......V.....|
+00000100  13 b3 4b b5 20 99 77 4a  a4 83 47 4e 1b 1f db 35  |..K. .wJ..GN...5|
+00000110  96 16 f0 d8 2b 7e 18 bf  0c b7 a3 da 44 fe 4c 96  |....+~......D.L.|
+00000120  86 06 52 81 f9 a1 f4 ab  43 6d a3 fd 50 f6 83 08  |..R.....Cm..P...|
+00000130  ba b5 d5 15 55 16 aa 84  95 77 1d 9e cd d6 53 d0  |....U....w....S.|
+00000140  d3 c7 1c 9a 12 4d 8d 7a  b5 0b 02 34 3f cf b5 0f  |.....M.z...4?...|
+00000150  98 56 cc 6e 15 ef 60 88  e0 71 2e 47 46 ce 19 11  |.V.n..`..q.GF...|
+00000160  81 21 fe c6 80 86 d7 be  d9 a7 6f a1 8c 8d ff ba  |.!........o.....|
+00000170  fb 8b 8b 8f 35 95 03 cb  10 e6 f5 71 18 d5 3c e0  |....5......q..<.|
+00000180  60 e7 a2 47 36 41 a0 a3  c4 a3 c1 23 6c da 55 6a  |`..G6A.....#l.Uj|
+00000190  5f ef cd 58 e7 5d d3 cf  50 7b 3d b5 c6 7c 73 d9  |_..X.]..P{=..|s.|
+000001a0  ce c3 ae 6a 46 4a 9a e6  10 57 53 b3 6c e5 ec 9d  |...jFJ...WS.l...|
+000001b0  f0 25 3c a4 a6 f0 42 1a  1e 8c 2b 40 79 e5 51 84  |.%<...B...+@y.Q.|
+000001c0  79 6b c5 8a 3d 25 11 38  97 ca 15 11 e7 51 74 29  |yk..=%.8.....Qt)|
+000001d0  66 9e 4d 4d 50 6a ec 1d  94 6b 4d c9 e9 a7 f8 4e  |f.MMPj...kM....N|
+000001e0  5b c3 06 74 ba 1d a1 79  3c 24 94 c9 3b b0 b1 16  |[..t...y<$..;...|
+000001f0  fe 42 31 fe d0 4b e4 51  e6 06 63 89 2d 3b 56 6a  |.B1..K.Q..c.-;Vj|
+00000200  cf 89 4c 45 49 fd 10 58  9b 6b 4b 35 eb d8 c9 9d  |..LEI..X.kK5....|
+00000210  c0 31 b6 3e 33 da 7e 87  39 e3 c0 6a f8 7f bd 9a  |.1.>3.~.9..j....|
+00000220  26 4f 42 51 86 40 fb f7  fb cc 50 80 b6 0a 63 f4  |&OBQ.@....P...c.|
+00000230  41 62 68 c0 b8 99 7d 8e  ab e1 8a 15 92 f2 35 a4  |Abh...}.......5.|
+00000240  cc 0e e7 9e 74 2d c1 b4  44 be 25 10 92 02 4f e3  |....t-..D.%...O.|
+00000250  e7 ea c4 77 83 18 62 36  ba 9c 77 a6 d4 c1 6f 66  |...w..b6..w...of|
+00000260  fc 07 4b 1a 00 98 a4 10  5e bc d5 93 07 e7 0c e3  |..K.....^.......|
+00000270  34 05 32 23 c7 60 22 a8  52 fa 6e de 3f f9 c6 cc  |4.2#.`".R.n.?...|
+00000280  c2 54 08 d4 2a 98 39 20  09 f4 1d 8e d5 18 77 5a  |.T..*.9 ......wZ|
+00000290  f0 f4 08 a4 66 a7 8e fe  f5 25 50 16 ca 4a 8d f0  |....f....%P..J..|
+000002a0  b4 9f f1 37 e6 9b db 24  25 d0 a0 57 06 74 e2 14  |...7...$%..W.t..|
+000002b0  46 51 e9 9c 03 f0 e0 16  17 d0 c9 54 54 29 e6 04  |FQ.........TT)..|
+000002c0  9a c3 47 93 69 78 1a de  ca f1 d4 b1 52 ff c0 5c  |..G.ix......R..\|
+000002d0  9f 5f 16 a9 35 01 f9 18  47 7b ee 06 f4 f3 3a 1d  |._..5...G{....:.|
+000002e0  94 b9 d5 2c 29 a0 80 85  b0 31 55 37 63 bc a6 e6  |...,)....1U7c...|
+000002f0  67 66 21 5f eb 1c 17 15  16 03 03 00 bc 93 4b d6  |gf!_..........K.|
+00000300  07 b0 12 ca 98 9f 52 b8  14 c3 6e d4 3b f2 74 e4  |......R...n.;.t.|
+00000310  f5 6f 51 40 04 cd 1a 5f  69 fb 3d 68 2b 4e 09 df  |.oQ@..._i.=h+N..|
+00000320  c8 c9 6f c2 87 ae b6 f9  14 6a 41 fa 59 08 0b b0  |..o......jA.Y...|
+00000330  d9 0b d0 61 fd 64 c6 52  3e 40 f2 96 75 b0 82 7a  |...a.d.R>@..u..z|
+00000340  8e 68 11 d2 bc 22 a0 bc  30 d8 a6 1a 88 26 00 d5  |.h..."..0....&..|
+00000350  b5 26 49 c2 5d f3 19 c5  c0 9d 75 c3 f4 3e 95 85  |.&I.].....u..>..|
+00000360  d0 8b de 31 79 b5 5c 27  6e 99 ab 50 fe ef 3a 07  |...1y.\'n..P..:.|
+00000370  a0 a9 ce b7 4b 29 6b 93  42 6d db 34 6b 14 03 a9  |....K)k.Bm.4k...|
+00000380  a8 1f c2 57 65 64 c3 95  ff 2a f8 39 de c3 36 f4  |...Wed...*.9..6.|
+00000390  dd 77 b0 cf 86 be c4 9c  1d d5 ea 88 3c 8c ed 81  |.w..........<...|
+000003a0  51 fc a9 80 78 bc 59 7d  d1 e4 48 d5 d6 07 88 e1  |Q...x.Y}..H.....|
+000003b0  d7 85 80 81 3a 35 9c 57  21 16 03 03 00 14 d9 b1  |....:5.W!.......|
+000003c0  fb 95 82 67 c4 35 92 cd  47 cb 7b 0f 63 1a e0 32  |...g.5..G.{.c..2|
+000003d0  43 75                                             |Cu|
 >>> Flow 13 (client to server)
-00000000  16 03 03 00 35 12 be 58  29 49 7c 4d 6c 24 a0 76  |....5..X)I|Ml$.v|
-00000010  72 a5 f8 e2 2b 61 fc a6  e3 97 00 cc 3f 52 26 9b  |r...+a......?R&.|
-00000020  0e 1c 0b 05 2a f3 86 79  13 2b 33 5f 99 f0 91 5f  |....*..y.+3_..._|
-00000030  95 88 fe d1 0d 84 a7 5b  f0 7b 14 03 03 00 11 82  |.......[.{......|
-00000040  33 3a 3a d4 72 53 72 1a  90 d1 d1 14 18 c6 2d 03  |3::.rSr.......-.|
-00000050  16 03 03 00 20 47 44 78  28 c6 68 5e 4e 7f ae 14  |.... GDx(.h^N...|
-00000060  3c 37 64 45 6c 91 29 ff  19 b6 dd 09 6e 2e f8 b8  |<7dEl.).....n...|
-00000070  91 ed 60 9f ec                                    |..`..|
+00000000  16 03 03 00 35 36 32 d0  64 c8 ba 33 1d 4f 31 73  |....562.d..3.O1s|
+00000010  68 35 f2 76 0c b1 52 12  f5 4b 8a ea 74 0a 7f c2  |h5.v..R..K..t...|
+00000020  a4 90 75 1f 24 0a 76 77  1f 01 15 9d 59 fa 16 56  |..u.$.vw....Y..V|
+00000030  cc fd f9 08 74 76 31 cc  f4 4c 14 03 03 00 11 c0  |....tv1..L......|
+00000040  12 9b 35 78 94 a3 4e c3  b2 30 aa c7 fa 44 20 e6  |..5x..N..0...D .|
+00000050  16 03 03 00 20 c6 a5 79  48 7b c3 2b 2d 6a 73 0a  |.... ..yH{.+-js.|
+00000060  83 a9 2b a7 ba 90 ea 6f  b5 c2 c1 13 d7 7a 86 37  |..+....o.....z.7|
+00000070  5a 24 8e f9 b3                                    |Z$...|
 >>> Flow 14 (server to client)
-00000000  14 03 03 00 11 9b 5d c3  de 7d 32 e1 a2 2c d3 d7  |......]..}2..,..|
-00000010  1b c9 cb bd d3 5b 16 03  03 00 20 21 50 5c ba c2  |.....[.... !P\..|
-00000020  c3 d5 53 42 9c cf 93 86  e3 29 18 f0 4b 6c d9 a7  |..SB.....)..Kl..|
-00000030  17 d6 dc b9 7c 82 9e 61  c1 dd ea 17 03 03 00 19  |....|..a........|
-00000040  59 bd 70 5b d8 4e fd 09  1c 17 c1 82 6a 85 8b fc  |Y.p[.N......j...|
-00000050  2e 59 87 80 13 dc 3e 7a  01                       |.Y....>z.|
+00000000  14 03 03 00 11 c4 0e 59  d8 5e f6 5b 1d e6 20 7b  |.......Y.^.[.. {|
+00000010  45 4f 89 cd 2b a9 16 03  03 00 20 58 ff 80 6c f2  |EO..+..... X..l.|
+00000020  fd 94 e7 66 b3 6d e3 37  57 8a 8c 35 98 4e bb c3  |...f.m.7W..5.N..|
+00000030  42 87 32 b7 3b 6f ee 0f  f1 7d 08 17 03 03 00 19  |B.2.;o...}......|
+00000040  8a f6 02 17 4e 8a 1e 2b  db 44 24 d4 aa c6 d4 af  |....N..+.D$.....|
+00000050  ef 5a a3 17 ba 77 f4 54  6e                       |.Z...w.Tn|
 >>> Flow 15 (client to server)
-00000000  15 03 03 00 12 d9 80 6a  95 a6 37 81 5b d0 78 d3  |.......j..7.[.x.|
-00000010  4a 02 cc a6 ba b8 96                              |J......|
+00000000  15 03 03 00 12 84 3f 11  0b 00 bd 12 5e be 74 4d  |......?.....^.tM|
+00000010  04 e4 44 b2 01 73 66                              |..D..sf|
diff --git a/testdata/Client-TLSv12-RenegotiateTwiceRejected b/testdata/Client-TLSv12-RenegotiateTwiceRejected
index 3d57311b..62b6831a 100644
--- a/testdata/Client-TLSv12-RenegotiateTwiceRejected
+++ b/testdata/Client-TLSv12-RenegotiateTwiceRejected
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 0c 17 84 76 1d  |....]...Y.....v.|
-00000010  f7 2f 64 9b 6a be 05 1b  7c 96 bf f1 d3 33 37 d2  |./d.j...|....37.|
-00000020  4b 33 2d f9 16 12 0a 87  18 60 71 20 36 34 57 1e  |K3-......`q 64W.|
-00000030  53 7d 7c 52 c6 be a5 35  41 f6 72 65 3c 78 42 a5  |S}|R...5A.re<xB.|
-00000040  2b da 18 77 25 2f 0f d6  1b 3a 10 df cc a8 00 00  |+..w%/...:......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 a1 1a ae 12 c9  |....]...Y.......|
+00000010  55 34 c9 23 81 cb 4f b0  d8 35 97 8e d5 b7 ac 67  |U4.#..O..5.....g|
+00000020  e1 9c fd ec 35 61 48 7b  d5 c8 8b 20 e1 e9 61 af  |....5aH{... ..a.|
+00000030  0b 5c 69 7b cb f9 7a ee  73 31 20 07 c3 b9 27 47  |.\i{..z.s1 ...'G|
+00000040  07 e1 c0 34 7c c5 8f 31  ac 9d cd 8c cc a8 00 00  |...4|..1........|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,191 +62,191 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 02 b5 bb  |............ ...|
-000002d0  3d 94 26 c2 04 4c 2d e6  e3 d0 e5 78 c1 00 eb de  |=.&..L-....x....|
-000002e0  df 23 8a f3 d7 67 0c d1  0b 5e 43 84 4f 08 04 00  |.#...g...^C.O...|
-000002f0  80 3d b9 6b 00 6e e7 cf  4a 27 67 de a2 d4 a4 ad  |.=.k.n..J'g.....|
-00000300  37 19 a3 66 ab 1e 92 7f  99 74 6b 4a 5e 3d e6 3b  |7..f.....tkJ^=.;|
-00000310  1a 0a d1 fe 2a 3a c9 08  d9 0a 1a 7f c1 83 fa 9e  |....*:..........|
-00000320  9d 8a 5e 2b 52 3a ef 09  91 63 db 4e 19 9c 59 ef  |..^+R:...c.N..Y.|
-00000330  a9 1c 23 12 8b d5 67 74  05 b7 c4 12 bd 1d 63 9a  |..#...gt......c.|
-00000340  97 a7 9c fe 94 ed 81 96  a6 e6 30 02 11 c2 97 eb  |..........0.....|
-00000350  0a f6 14 e7 d4 d3 11 5d  8f ff 77 f1 19 03 a3 16  |.......]..w.....|
-00000360  1e 0d 0e e1 9b f6 bd de  7e 40 d5 36 56 dd 85 44  |........~@.6V..D|
-00000370  5a 16 03 03 00 04 0e 00  00 00                    |Z.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 95 6f d7  |............ .o.|
+000002d0  37 b9 49 ff 98 39 6f 25  c5 c0 e0 89 61 23 2d 22  |7.I..9o%....a#-"|
+000002e0  5b 86 d6 7f a1 19 07 f7  12 4d 01 e6 1b 08 04 00  |[........M......|
+000002f0  80 ca fd 6e 23 09 33 a7  0c 9b 4b 2b 38 37 a0 32  |...n#.3...K+87.2|
+00000300  21 a4 e4 fe 56 b6 4e c6  d1 e6 86 fa d9 13 b4 f3  |!...V.N.........|
+00000310  72 bf 31 ef c3 33 e9 99  a1 bf a4 e5 10 46 44 7d  |r.1..3.......FD}|
+00000320  cb ea 38 99 d0 bc 1f 16  81 fb ad 09 7e 9e 54 99  |..8.........~.T.|
+00000330  40 c2 44 65 94 53 88 c3  28 db 7f 1b fa 52 f1 63  |@.De.S..(....R.c|
+00000340  9a e9 f2 43 7f 19 2b 3e  02 3d 53 ed a1 f9 9a ff  |...C..+>.=S.....|
+00000350  aa af 8d 4c ab bf d2 7a  b4 ea 1e f9 22 fe ee 7e  |...L...z...."..~|
+00000360  a1 3e dc d4 f1 76 d1 4e  7b 1b 84 f6 b3 a7 f7 a9  |.>...v.N{.......|
+00000370  37 16 03 03 00 04 0e 00  00 00                    |7.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 c3 8e 95  b8 d7 c3 39 43 fd 47 5f  |.... ......9C.G_|
-00000040  b5 3f 9e a3 7a a2 82 d5  82 cf d7 b7 9e 95 9f ed  |.?..z...........|
-00000050  fc f5 76 25 96                                    |..v%.|
+00000030  16 03 03 00 20 d0 64 37  7c 81 1c cd 86 e7 ab 97  |.... .d7|.......|
+00000040  25 1d c5 ee bd 5a 49 44  69 c8 3e db 37 6a dc 9a  |%....ZIDi.>.7j..|
+00000050  fd e2 5e 82 16                                    |..^..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 1e d5 ca 57 c6  |.......... ...W.|
-00000010  43 4f d3 11 44 d1 f8 69  d3 9e 22 17 d6 c1 7f aa  |CO..D..i..".....|
-00000020  ad d6 1f 08 67 9c cd 4f  9f 53 c0                 |....g..O.S.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 18 71 b3 67 a3  |.......... .q.g.|
+00000010  98 36 20 8f e4 17 30 e4  73 de 91 88 ef f7 f3 8a  |.6 ...0.s.......|
+00000020  c6 0e 5e b2 1f e2 e6 5a  52 f6 72                 |..^....ZR.r|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 8d fa 48  d3 57 aa d7 8e 75 8b ff  |.......H.W...u..|
-00000010  bd 03 ea df 3e da d3 15  ec 12 67                 |....>.....g|
+00000000  17 03 03 00 16 20 c3 2a  be 39 d2 7c 1c 83 30 cc  |..... .*.9.|..0.|
+00000010  7b cd 44 ae 2b e8 d4 19  50 69 81                 |{.D.+...Pi.|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 e9 4d ee  89 18 5f bd d8 15 dd 1f  |......M..._.....|
-00000010  a4 94 98 3b 96 75 3c 2b  bc                       |...;.u<+.|
+00000000  16 03 03 00 14 96 2f 3a  b5 b5 56 c9 d5 38 c0 1a  |....../:..V..8..|
+00000010  eb 35 c5 b9 dd 1c 5b e6  50                       |.5....[.P|
 >>> Flow 7 (client to server)
-00000000  16 03 03 01 38 1c b1 26  7d 48 7e 75 46 3c 85 68  |....8..&}H~uF<.h|
-00000010  1c ef 2b 61 c1 f1 c5 dc  38 61 a1 2f a1 f1 3d b8  |..+a....8a./..=.|
-00000020  ab 39 ee c6 c1 2b ec fe  ea a8 0d d3 81 de 73 87  |.9...+........s.|
-00000030  d1 0b e7 cf d0 88 38 11  26 20 aa f4 39 4d 64 ea  |......8.& ..9Md.|
-00000040  97 b8 7c aa 4b b0 81 3d  2b 32 db 8c be 98 73 e2  |..|.K..=+2....s.|
-00000050  e6 81 8b 23 f9 c2 a9 d7  dd 31 17 0f c2 37 b5 95  |...#.....1...7..|
-00000060  31 3f 6b 62 0f 57 73 56  bd 94 d9 87 40 e4 43 46  |1?kb.WsV....@.CF|
-00000070  fc ae cb b6 f9 7c 0a 8b  04 a6 d7 0f ca 66 42 93  |.....|.......fB.|
-00000080  f6 0e 89 b1 b3 1c 6e 4a  a2 d3 b3 1b 33 6c cd 83  |......nJ....3l..|
-00000090  15 99 4f 3c 2c 27 b0 82  18 1a 0f ba e3 b1 55 aa  |..O<,'........U.|
-000000a0  5d 2b 92 24 c4 be 22 3e  07 c6 18 d6 5a 19 f7 5a  |]+.$..">....Z..Z|
-000000b0  f0 6e fe 2a 2c 61 6b cb  9b d3 ad ea 78 c1 9e a2  |.n.*,ak.....x...|
-000000c0  fb 5a 9c e0 d7 0e fb 33  ca 9a ed 2b f9 b2 e8 bf  |.Z.....3...+....|
-000000d0  82 2c 28 09 fd 44 cd 30  b0 e4 a8 5c 8f 28 d1 f5  |.,(..D.0...\.(..|
-000000e0  93 46 33 bd ba 18 ff e5  45 19 da 52 34 48 15 7f  |.F3.....E..R4H..|
-000000f0  39 bd 78 66 9d e4 fd af  58 59 44 8a 46 cc 2c 37  |9.xf....XYD.F.,7|
-00000100  95 26 20 dd 14 65 73 d2  3c 25 e2 54 21 be c5 f6  |.& ..es.<%.T!...|
-00000110  a1 9a 94 e8 41 aa 4b 75  b7 f8 03 78 a4 8a b8 28  |....A.Ku...x...(|
-00000120  7f 72 17 60 37 07 a5 2a  dd 65 34 97 9c ee 72 27  |.r.`7..*.e4...r'|
-00000130  29 14 d8 b9 ed fc 4d fa  df 8b a9 7f 7f           |).....M......|
+00000000  16 03 03 01 34 ae 4f 4c  78 20 df 3b 9e f3 c1 82  |....4.OLx .;....|
+00000010  37 6b ca fc 48 2a 2c 9a  71 7e c3 20 a0 e8 f7 d5  |7k..H*,.q~. ....|
+00000020  76 af 11 81 dd 69 e9 93  58 df 58 8c fb f1 82 ad  |v....i..X.X.....|
+00000030  35 0e fb 6c a9 58 7a 5d  79 38 cb d7 77 1f 93 34  |5..l.Xz]y8..w..4|
+00000040  7e bb 88 61 9e 19 1a 98  bb 6f ad 78 2c a6 73 ab  |~..a.....o.x,.s.|
+00000050  a4 7e 4b d7 75 69 7b 92  47 68 3d 7b 40 03 60 59  |.~K.ui{.Gh={@.`Y|
+00000060  2e 04 bc cd fc ca 45 2c  2c f7 e5 0a 66 49 0b 86  |......E,,...fI..|
+00000070  c5 ec 86 e6 ae c9 39 4b  05 1f 21 db 78 8d 51 e6  |......9K..!.x.Q.|
+00000080  5d fe be 6a 1d 85 e1 15  23 56 86 4c ba 09 bf 7b  |]..j....#V.L...{|
+00000090  9e 36 e9 7a 8f 06 af 10  7b 4a 4b af 58 db f9 4e  |.6.z....{JK.X..N|
+000000a0  13 36 61 f4 e3 a9 c6 37  11 d4 ed 9e 6a c7 bf 16  |.6a....7....j...|
+000000b0  ea a4 ae 01 99 4a b5 3e  9c ca 6c ce e8 a2 3d b8  |.....J.>..l...=.|
+000000c0  81 ef 60 7b 51 79 81 22  87 49 ad ab fb c6 f6 48  |..`{Qy.".I.....H|
+000000d0  c0 ba e0 2b d7 90 42 f7  a8 0d f0 cf 2c 7a 55 7d  |...+..B.....,zU}|
+000000e0  be 65 a6 67 bd 96 7f 01  6f ce db f6 50 2f 45 b6  |.e.g....o...P/E.|
+000000f0  6f cc 74 ba 6f 57 3b e3  a4 08 34 92 e6 ac e4 99  |o.t.oW;...4.....|
+00000100  2e b6 9b 29 4d 26 dd 7f  5c f5 1b 7e 5e 5c fd f7  |...)M&..\..~^\..|
+00000110  d4 da 81 47 51 8c 3f 94  e1 95 5b de b9 6e 4a 76  |...GQ.?...[..nJv|
+00000120  bc 59 6a bb 1f 1c 79 02  93 2e 21 b3 6d be ae b4  |.Yj...y...!.m...|
+00000130  95 6b 8a 48 cb 84 fb ab  b3                       |.k.H.....|
 >>> Flow 8 (server to client)
-00000000  16 03 03 00 85 f4 88 c2  bb 0e c4 2f bc 16 6e 10  |.........../..n.|
-00000010  80 16 34 b2 20 c8 8f 01  64 1a 78 f9 0b d4 b9 4d  |..4. ...d.x....M|
-00000020  97 52 5e 79 86 37 c1 db  ae 6f 7a 41 d4 6f 44 0a  |.R^y.7...ozA.oD.|
-00000030  79 e6 56 02 03 e4 ff 65  cc 7f 95 08 c8 e7 bc 77  |y.V....e.......w|
-00000040  7c 7a 3f 85 04 37 50 55  6c 5f 43 b2 28 9e b5 55  ||z?..7PUl_C.(..U|
-00000050  f6 a7 3c 9a e3 ef 40 76  14 6e 22 1d 09 3f d1 7c  |..<...@v.n"..?.||
-00000060  ba 89 7c 5f e7 91 c3 e8  22 c3 a4 77 e4 da e7 63  |..|_...."..w...c|
-00000070  de ea 1b 1f a8 f2 27 a9  ec 95 03 ef b7 96 64 cf  |......'.......d.|
-00000080  56 56 58 a4 8f c0 f7 58  60 55 16 03 03 02 69 64  |VVX....X`U....id|
-00000090  1f e8 68 47 de 6d 1f 7b  ed 24 0d 7b b4 7e 45 fd  |..hG.m.{.$.{.~E.|
-000000a0  0e 76 9e b8 58 0e fb 00  b1 29 74 93 ce 54 29 e4  |.v..X....)t..T).|
-000000b0  bb 72 1d ea b7 a0 5e d2  b6 31 de 0d c5 72 8c 75  |.r....^..1...r.u|
-000000c0  13 17 41 b6 96 2b e7 f4  4f c4 3f 18 d9 3b 74 65  |..A..+..O.?..;te|
-000000d0  dd 7a df 4f b6 5b 95 ff  24 13 a4 84 15 89 d7 cc  |.z.O.[..$.......|
-000000e0  fc 26 2f e9 8c e6 89 9d  9f d8 65 46 63 5e a0 1d  |.&/.......eFc^..|
-000000f0  2e 50 65 f6 6d df 65 3c  a6 87 c5 65 e5 76 5d 31  |.Pe.m.e<...e.v]1|
-00000100  0d f5 54 4a 05 ec 19 0a  25 54 54 7b ab 34 fb df  |..TJ....%TT{.4..|
-00000110  d2 91 f5 06 36 77 39 1a  67 ab d7 c9 41 a2 eb f4  |....6w9.g...A...|
-00000120  ce c5 3e 0a 02 d8 c7 e0  48 99 2a 2b 2d 97 74 03  |..>.....H.*+-.t.|
-00000130  64 9b 8c d3 fc 65 17 ce  5a 20 2d 66 e9 9a a6 bc  |d....e..Z -f....|
-00000140  48 3c 08 65 d3 6f 47 c7  76 b1 59 6a b0 1c 45 b4  |H<.e.oG.v.Yj..E.|
-00000150  24 9d 71 83 fb 49 96 cb  c4 b9 8a 52 9a 28 92 66  |$.q..I.....R.(.f|
-00000160  6e ef 7c a9 a8 88 d5 16  de 96 8e 67 89 cf 62 12  |n.|........g..b.|
-00000170  93 63 7f e1 b0 76 0b 49  1a 61 af 02 e7 a0 51 9f  |.c...v.I.a....Q.|
-00000180  70 41 45 6f b1 d3 f8 cd  ce d5 d0 a7 e1 f3 1e 7c  |pAEo...........||
-00000190  50 20 ab 03 13 de 4c 1e  b4 f3 6b 21 3f 41 99 4d  |P ....L...k!?A.M|
-000001a0  d0 ca cd de 88 a1 bc 56  72 63 e8 55 c1 31 72 b2  |.......Vrc.U.1r.|
-000001b0  b2 a3 ea cf 39 8b 7f 82  55 1a 05 fb 6b c3 b7 6d  |....9...U...k..m|
-000001c0  08 0f 2a 34 ad 74 10 e0  4a 53 80 f7 98 a4 d6 f1  |..*4.t..JS......|
-000001d0  9c e5 9a 61 a0 f0 ca 30  54 f3 d9 a7 c4 54 08 3c  |...a...0T....T.<|
-000001e0  23 30 f5 3e c6 96 2c 97  84 7c 3d 13 0c 4a e6 0f  |#0.>..,..|=..J..|
-000001f0  ea 99 9c ba e5 34 a2 e6  74 e5 c0 86 d1 4e d4 ed  |.....4..t....N..|
-00000200  a1 e2 81 0a cc ec f8 d2  0a 0d 53 87 d7 d7 cc 75  |..........S....u|
-00000210  6d a8 c0 25 de 31 f3 cb  08 71 f0 e3 5e 7f d0 5c  |m..%.1...q..^..\|
-00000220  fb 48 1a a4 f9 70 08 14  a3 3b 90 87 94 0c 70 df  |.H...p...;....p.|
-00000230  9d b6 db 94 55 99 ac 18  df d1 d5 8c 16 8c c9 25  |....U..........%|
-00000240  2d 78 60 69 66 fb 0d 09  39 18 aa 77 b2 fb ed d1  |-x`if...9..w....|
-00000250  58 d5 53 6a 32 05 6f cc  35 16 6f 19 98 31 f4 36  |X.Sj2.o.5.o..1.6|
-00000260  af 1b 88 39 ad 3b a9 46  b5 49 b3 8e 26 76 ab 02  |...9.;.F.I..&v..|
-00000270  a4 ba f3 29 e5 08 f9 47  a6 b4 f0 ad 4d 70 c6 80  |...)...G....Mp..|
-00000280  ab 33 c7 5a 57 a7 40 37  6b 53 96 e9 35 88 78 bf  |.3.ZW.@7kS..5.x.|
-00000290  dd 81 f8 2f 9c 4d c1 d1  ce 45 16 a4 fb 57 bd ff  |.../.M...E...W..|
-000002a0  67 1c 3f 3f d2 49 89 a2  f3 b3 b9 4b 74 04 c4 e5  |g.??.I.....Kt...|
-000002b0  83 7c ff 9f a0 6b d2 c3  6a 07 ab 91 65 40 ba 20  |.|...k..j...e@. |
-000002c0  7a 59 f1 66 ba f8 47 b1  ab 03 96 c3 e2 57 8d f5  |zY.f..G......W..|
-000002d0  a6 43 a3 6b 6b 9d 42 18  9b 6a 41 09 75 db 8b b7  |.C.kk.B..jA.u...|
-000002e0  7a a6 0e 7e d4 ee da a8  eb 8b 0d 39 8a 1d 6e b5  |z..~.......9..n.|
-000002f0  9b 6a b1 57 f9 9d ec 01  16 03 03 00 bc 5a c0 bc  |.j.W.........Z..|
-00000300  54 9d 60 e3 68 3c 67 38  46 de cb 1f f0 fb 11 90  |T.`.h<g8F.......|
-00000310  10 b6 1b 7a dc f5 91 9c  74 c2 42 91 06 a2 98 17  |...z....t.B.....|
-00000320  27 d0 16 06 3f 02 f6 8e  fb 4c 64 d0 5d 42 06 cd  |'...?....Ld.]B..|
-00000330  aa 11 ec 78 e0 6b d9 97  c0 0f fc 27 9d 8d 8d 8d  |...x.k.....'....|
-00000340  89 cd c3 43 57 86 83 48  d5 00 3b 2b e2 7f 57 48  |...CW..H..;+..WH|
-00000350  4d 11 5e 7a 08 1b f9 01  9a 8e dc 0f c0 a9 9d b7  |M.^z............|
-00000360  86 09 5d 40 3c 12 60 b0  9f 08 26 f2 86 9b 4f 99  |..]@<.`...&...O.|
-00000370  50 f7 9c d6 ff f0 a8 ce  ca 17 57 7a 55 12 fb 5a  |P.........WzU..Z|
-00000380  82 9a fb 3d 05 16 7d 72  9f e5 a1 38 e3 ac fd 72  |...=..}r...8...r|
-00000390  af b0 60 5a ce 67 d9 8e  dc 16 19 17 c7 d6 19 a2  |..`Z.g..........|
-000003a0  a4 97 fe b3 a2 4f 1d 8a  99 72 8f c0 b7 a1 e1 9d  |.....O...r......|
-000003b0  9f 71 fb 90 f5 33 5f c6  e3 16 03 03 00 4a 21 2b  |.q...3_......J!+|
-000003c0  fd 5e f3 e5 f3 86 94 aa  e9 b1 29 a8 dd 96 02 28  |.^........)....(|
-000003d0  e9 8a 82 64 cb 22 06 72  5f 33 f7 70 1b 2a c4 8a  |...d.".r_3.p.*..|
-000003e0  06 fc ee 04 e8 34 d9 88  87 7c 15 7c ce 0d 04 88  |.....4...|.|....|
-000003f0  3c 56 aa 22 57 2f b8 52  eb d8 4c af 34 94 c1 9a  |<V."W/.R..L.4...|
-00000400  a0 ad f2 8d cd 3a a2 5d  16 03 03 00 14 34 4d ae  |.....:.].....4M.|
-00000410  1e 00 57 a0 80 d9 7a e6  04 1e 03 43 1f d5 49 87  |..W...z....C..I.|
-00000420  b7                                                |.|
+00000000  16 03 03 00 85 60 c6 c2  9b 61 f1 1f 81 6f f1 0b  |.....`...a...o..|
+00000010  87 2d f2 93 a6 4e 7e 74  c2 61 cf 1d a1 00 32 8f  |.-...N~t.a....2.|
+00000020  f7 3d 93 da 91 cc 5b d5  21 c6 ba 4c 1b eb 81 a9  |.=....[.!..L....|
+00000030  a1 2a fe 88 6d 3e 1d 1f  57 22 9c ff fe 6c 85 ca  |.*..m>..W"...l..|
+00000040  0b 13 f3 9f 63 55 b9 49  61 2b dd 5e 2b e1 fd ec  |....cU.Ia+.^+...|
+00000050  1d 0d 94 06 42 dc 2c 6f  88 22 cb 30 4f 66 6f 16  |....B.,o.".0Ofo.|
+00000060  3a a0 c0 23 12 82 46 38  70 68 e5 12 b9 16 12 e7  |:..#..F8ph......|
+00000070  38 6b 50 64 55 f0 47 a9  e0 cd 19 01 8e d5 12 96  |8kPdU.G.........|
+00000080  09 db 5c 52 4b db 9b 26  43 37 16 03 03 02 69 41  |..\RK..&C7....iA|
+00000090  52 a8 ca e5 8f e0 33 4b  52 93 74 ef bb 42 20 d1  |R.....3KR.t..B .|
+000000a0  cc 24 79 ce df 51 90 e0  19 b1 11 fb e9 ef b5 e4  |.$y..Q..........|
+000000b0  ae da 72 e1 35 a8 41 88  a8 4b 68 d2 50 58 ba ef  |..r.5.A..Kh.PX..|
+000000c0  b0 1e 20 26 a3 c2 86 a7  68 60 84 2d 23 14 38 21  |.. &....h`.-#.8!|
+000000d0  12 60 05 2f 79 9e c0 08  4c 87 a7 41 b3 d3 84 9a  |.`./y...L..A....|
+000000e0  f1 45 bd 2d ff 7c b5 bd  c4 3a b1 48 10 9a d8 cf  |.E.-.|...:.H....|
+000000f0  ce 58 47 75 e1 6d 01 b6  18 bd 78 6b 86 a1 f2 1b  |.XGu.m....xk....|
+00000100  c8 03 4d 0a ce ce d4 68  8f 9a 54 1e 83 83 89 2c  |..M....h..T....,|
+00000110  36 a2 3a b5 95 09 de c5  8e 8c d0 a4 95 59 7e d6  |6.:..........Y~.|
+00000120  f8 5f 96 e9 c5 cb 9b 6c  c0 b7 55 15 b3 b4 d0 ea  |._.....l..U.....|
+00000130  bf 11 1c 89 1a 5c f2 09  74 9a 43 73 4f 6f 00 33  |.....\..t.CsOo.3|
+00000140  b9 e0 6a 99 b9 e0 02 86  dd cd 07 68 72 63 0d 8b  |..j........hrc..|
+00000150  e0 e8 12 68 4d f6 3b dc  0a 93 82 48 ce f7 96 ba  |...hM.;....H....|
+00000160  7f c5 90 07 45 66 3d 47  b8 8d 5f 0d 41 8d 88 76  |....Ef=G.._.A..v|
+00000170  bf ce 9c 2a 2e 25 7c 47  f6 96 73 0b 43 42 73 2c  |...*.%|G..s.CBs,|
+00000180  d5 b3 bc 82 c5 19 2f 5d  c4 69 21 7d c8 7b 1b b8  |....../].i!}.{..|
+00000190  b6 d1 37 89 92 a6 b7 44  cd e6 23 1f a1 03 08 05  |..7....D..#.....|
+000001a0  1e cf 54 78 e9 af 04 bc  e3 94 aa 12 ce 67 62 ce  |..Tx.........gb.|
+000001b0  f4 2f ef f7 2b 8d 65 06  08 07 2f c6 fa b2 d2 c8  |./..+.e.../.....|
+000001c0  f1 d7 c4 1f cc 8b 0e b8  f2 b2 1d fb 09 19 5a b0  |..............Z.|
+000001d0  a3 23 6e 05 20 9a 28 39  16 05 0e c4 7d d0 59 f5  |.#n. .(9....}.Y.|
+000001e0  9a de 88 da a2 c0 fb 7b  84 19 05 7d 80 6f 9a 03  |.......{...}.o..|
+000001f0  0a f8 5f 97 a2 b4 c0 d9  6d 79 f5 c0 51 d3 63 d2  |.._.....my..Q.c.|
+00000200  b8 ee a6 b0 76 59 7f 92  6d ad 3c bb 96 34 ac 0c  |....vY..m.<..4..|
+00000210  81 61 c5 07 7e 65 f1 c3  dd 3e 69 ad ee 7f 56 8d  |.a..~e...>i...V.|
+00000220  d7 92 48 5c 23 be 94 44  2e 8a 13 76 ce a3 cb d2  |..H\#..D...v....|
+00000230  86 d5 eb 2c 48 55 fd 31  c1 94 08 55 69 8c 20 cd  |...,HU.1...Ui. .|
+00000240  65 fa 47 5e 8e 7f 04 a4  a0 54 c3 cf 4e b5 a0 61  |e.G^.....T..N..a|
+00000250  3a 66 fd 21 5d 42 ab b3  46 d8 2a 64 69 1a d3 da  |:f.!]B..F.*di...|
+00000260  41 65 2c 36 50 f1 79 c3  83 01 d2 87 41 d9 10 1d  |Ae,6P.y.....A...|
+00000270  75 a2 74 de 48 e3 9c 9e  c8 96 58 45 43 82 dd d6  |u.t.H.....XEC...|
+00000280  e1 46 66 2f 13 e4 1d fe  81 8f ea 3d 6d 83 d7 97  |.Ff/.......=m...|
+00000290  4d ed c6 67 0e 4b e5 a1  ca 2b 24 c5 b1 24 af df  |M..g.K...+$..$..|
+000002a0  7a 0e 44 b9 c1 5f 07 43  c1 6f 94 d3 22 fb 14 df  |z.D.._.C.o.."...|
+000002b0  a3 23 38 c9 91 ff 12 41  fa 47 f7 83 fb b6 ca ea  |.#8....A.G......|
+000002c0  19 01 22 8a ba d7 86 c5  d2 82 2f ac f5 4c a4 e9  |.."......./..L..|
+000002d0  90 f5 52 c7 88 96 ae f3  0a 91 53 1c db bf 4b a9  |..R.......S...K.|
+000002e0  42 43 0d 2d cc f2 6a 79  1e 9a 3a bd 55 da 5d 6c  |BC.-..jy..:.U.]l|
+000002f0  a3 84 79 76 7d 96 62 5e  16 03 03 00 bc 51 62 b9  |..yv}.b^.....Qb.|
+00000300  26 c9 f7 dd 55 83 aa cd  90 5d e9 9a 29 92 8c 6f  |&...U....]..)..o|
+00000310  b1 df 4c b7 be 75 89 2b  dc b1 ad ae 01 38 27 0f  |..L..u.+.....8'.|
+00000320  36 43 0b 04 69 6b a4 3a  52 b5 4f df 50 1d 04 ee  |6C..ik.:R.O.P...|
+00000330  4a f1 a0 6c 06 6f 24 2a  f3 dc 7c a4 96 12 e2 83  |J..l.o$*..|.....|
+00000340  9c d8 2d 63 2e 3b 1c 73  e6 32 ce 15 76 01 9a a9  |..-c.;.s.2..v...|
+00000350  3b a7 dc aa 40 82 4d 5a  68 24 78 4e fe 64 db a4  |;...@.MZh$xN.d..|
+00000360  ff 87 6d 90 bc d9 ec 0d  ed 8b 54 12 bd 74 16 1d  |..m.......T..t..|
+00000370  2c 30 57 8f 67 56 7c 09  e6 b1 12 f8 4a 9f e3 79  |,0W.gV|.....J..y|
+00000380  c1 8b fa 91 f7 1a 29 bd  a3 1f 59 59 16 26 04 10  |......)...YY.&..|
+00000390  e4 19 c9 91 a6 b3 c5 b5  df a3 b0 11 a5 87 29 4e  |..............)N|
+000003a0  5b 9f 96 cf 88 19 9e ae  b4 e6 63 19 6d c5 ee 7a  |[.........c.m..z|
+000003b0  c9 38 2d 0a fd f6 3b f8  f5 16 03 03 00 4a f5 3f  |.8-...;......J.?|
+000003c0  ef a3 f8 86 1b f5 ce 8e  48 f2 d0 cb 75 d6 80 b2  |........H...u...|
+000003d0  78 ef bc 77 a6 aa 91 cd  88 39 62 f8 42 78 7c f3  |x..w.....9b.Bx|.|
+000003e0  8b c7 86 71 9c a5 9f 1c  5f 40 25 e9 c6 69 82 a1  |...q...._@%..i..|
+000003f0  45 ee d1 9d f7 9c a0 b9  34 b8 82 72 f9 f8 1d fb  |E.......4..r....|
+00000400  a5 74 b5 a5 68 04 82 c4  16 03 03 00 14 07 9c 37  |.t..h..........7|
+00000410  77 ad 83 27 66 2c 3a ba  26 22 2f 72 b4 d1 c8 c1  |w..'f,:.&"/r....|
+00000420  06                                                |.|
 >>> Flow 9 (client to server)
-00000000  16 03 03 02 69 3d ff d3  96 89 9f 41 3d 64 0c 71  |....i=.....A=d.q|
-00000010  e5 80 34 1f 5d 8a cb b4  47 08 c8 c0 7d 17 3b db  |..4.]...G...}.;.|
-00000020  d4 d1 9d 98 16 b9 84 73  c9 8a ff 76 bf 1e f0 bd  |.......s...v....|
-00000030  da 35 a8 2a d5 6a 28 cf  66 bf e0 dc 45 a9 8f 61  |.5.*.j(.f...E..a|
-00000040  65 75 99 29 fe 5a c8 46  2e 14 10 79 a2 b9 c9 04  |eu.).Z.F...y....|
-00000050  37 f8 01 8e 72 2b b7 c9  23 75 51 59 b9 8d 4a 87  |7...r+..#uQY..J.|
-00000060  9d 54 5d 70 25 66 5b 70  a7 04 e4 c0 6a e9 25 8f  |.T]p%f[p....j.%.|
-00000070  1b e0 39 59 b4 f3 0a 3b  42 bd 25 f3 e3 38 45 d6  |..9Y...;B.%..8E.|
-00000080  d9 22 b6 1f 40 72 19 2d  c6 1d 22 66 c5 cb 10 2c  |."..@r.-.."f...,|
-00000090  1c 6a f8 fc ca f3 b4 f1  d2 e5 cf 7b ef 89 e6 9b  |.j.........{....|
-000000a0  c5 5e 4e 83 6b 55 2f 01  da ad d4 3c 91 d4 17 f2  |.^N.kU/....<....|
-000000b0  8c ee ae e1 6c b4 c9 9d  33 b1 7c d3 e4 61 72 8f  |....l...3.|..ar.|
-000000c0  81 26 8f b9 c5 3f ca 42  00 16 57 1c 9a d2 37 80  |.&...?.B..W...7.|
-000000d0  76 47 b7 59 3c 39 b6 d2  0b 83 45 d1 3e 4d c4 8d  |vG.Y<9....E.>M..|
-000000e0  24 8f 95 f6 44 2f 45 70  69 6f 82 13 f7 42 a2 de  |$...D/Epio...B..|
-000000f0  bb 86 af c3 b1 eb aa 34  ae 5d fb c2 e1 5c 87 d1  |.......4.]...\..|
-00000100  2b f4 36 1f da cf 94 b7  fd 78 de 96 0a cd f5 80  |+.6......x......|
-00000110  6d a5 7c fa a0 1a dd aa  ef 0f 4c 7a cc 10 33 e0  |m.|.......Lz..3.|
-00000120  be c1 1c 9e 3f e0 4c a8  93 95 da 5d 01 bd a8 84  |....?.L....]....|
-00000130  8b e8 53 c2 69 04 92 fa  54 16 38 d7 82 17 07 da  |..S.i...T.8.....|
-00000140  71 af 5d 82 72 3d 6b 10  fd 46 b5 a2 8d 6e fe f8  |q.].r=k..F...n..|
-00000150  65 4a 48 6f 2e e3 8d b9  97 23 7f 51 ec 32 07 3b  |eJHo.....#.Q.2.;|
-00000160  1c df 26 be 29 e7 95 77  ed 1e d0 b2 d9 68 e4 65  |..&.)..w.....h.e|
-00000170  5b e7 97 58 ec 50 0c d1  e1 6e 76 73 d5 7b 37 41  |[..X.P...nvs.{7A|
-00000180  03 03 dd 07 53 48 d6 8c  d5 69 83 05 06 1e 59 54  |....SH...i....YT|
-00000190  9a cb 50 c5 55 12 23 47  57 83 50 83 58 ec 97 95  |..P.U.#GW.P.X...|
-000001a0  09 de e9 01 d7 62 43 eb  1d 80 82 08 c0 1e 7d d4  |.....bC.......}.|
-000001b0  6b d5 dd b7 0c 8d 7f 7c  2d ed f9 b1 16 38 ec b7  |k......|-....8..|
-000001c0  a0 1b 5a da a6 6f b2 59  ce ff d9 fc 9b 0c fc 16  |..Z..o.Y........|
-000001d0  27 5e 79 68 f8 3d 0b dc  bb 6d 9f 0d 4d 3b 19 d4  |'^yh.=...m..M;..|
-000001e0  0f 36 59 5f 41 c4 f6 9c  c1 47 f5 65 e0 d8 b1 06  |.6Y_A....G.e....|
-000001f0  3b 05 6c 90 fd f2 e8 b1  33 a9 1c a7 84 f4 e6 02  |;.l.....3.......|
-00000200  f3 80 2e 9f 81 13 01 ea  9f 09 f0 55 22 34 93 bf  |...........U"4..|
-00000210  b2 13 07 62 f0 fc 3e 08  b2 8d cb 62 64 33 a4 e6  |...b..>....bd3..|
-00000220  1c 26 ff 4e fe 28 3e 82  58 ce 82 a1 ef a4 14 f3  |.&.N.(>.X.......|
-00000230  81 59 e2 29 da 30 ef 1d  20 75 1a 7f 27 b5 90 be  |.Y.).0.. u..'...|
-00000240  40 fc 52 08 0a 62 c4 53  4f 6d e9 fb 96 81 8c 1e  |@.R..b.SOm......|
-00000250  3d 3f bc 87 fb fb 6c 8b  17 7a 14 38 53 df 0c ef  |=?....l..z.8S...|
-00000260  f4 12 24 fa 77 ce 0b 2a  ea 1d 1e 0c 8e 50 16 03  |..$.w..*.....P..|
-00000270  03 00 35 28 fe 49 cd b2  80 e8 65 78 83 02 1f 03  |..5(.I....ex....|
-00000280  75 ab 8c f6 cb c0 fa 86  8f 5e b2 63 f8 a4 37 b9  |u........^.c..7.|
-00000290  2b 82 9e 27 cb 82 97 c6  7c 90 cc de 19 d2 cc 7e  |+..'....|......~|
-000002a0  19 c1 5e da 99 87 05 31  16 03 03 00 98 09 f8 56  |..^....1.......V|
-000002b0  7f 7d 66 c3 a3 e0 e2 68  48 b6 38 cb 6c ca b9 28  |.}f....hH.8.l..(|
-000002c0  ff 5b 52 f9 7b 69 ba 92  a9 ba 25 7a 0a fe 97 3b  |.[R.{i....%z...;|
-000002d0  73 f2 b6 8b a7 cb d6 cf  9e da f1 ce d7 41 98 d3  |s............A..|
-000002e0  3d 59 ef 9c 14 78 e2 d7  46 0b 63 b2 aa 4e 02 1e  |=Y...x..F.c..N..|
-000002f0  40 78 a2 e6 55 c2 20 88  ab 0e bd a8 78 76 4d fe  |@x..U. .....xvM.|
-00000300  68 c4 ad c0 7e 9d 2b 0c  08 e9 0f 65 1c 9e 38 df  |h...~.+....e..8.|
-00000310  f9 07 1f 8a 6b 2c af 94  89 35 75 61 e9 5f 2b 90  |....k,...5ua._+.|
-00000320  b4 38 15 26 a1 ea 15 dc  76 09 0a 2b ff 2d 42 ab  |.8.&....v..+.-B.|
-00000330  b5 f7 37 ce ec 34 8e 9a  55 b5 01 56 98 46 b7 1e  |..7..4..U..V.F..|
-00000340  07 30 0d 25 8a 14 03 03  00 11 c7 b7 3a b1 86 25  |.0.%........:..%|
-00000350  cf 3e a6 ce 37 36 65 11  b2 85 13 16 03 03 00 20  |.>..76e........ |
-00000360  c8 69 c3 d3 63 3d 94 1c  78 e2 b7 dd 84 b5 f9 2d  |.i..c=..x......-|
-00000370  d6 ed 39 fe 23 48 ee 7a  75 17 21 70 eb b8 96 56  |..9.#H.zu.!p...V|
+00000000  16 03 03 02 69 70 78 66  7a 28 3b 50 a6 21 b2 cc  |....ipxfz(;P.!..|
+00000010  52 a6 74 f7 29 8a dc fd  c0 1c 79 d0 20 23 d0 74  |R.t.).....y. #.t|
+00000020  d3 16 a6 4c 6d df 6e 32  2e 69 46 dd 8d 22 9e 8e  |...Lm.n2.iF.."..|
+00000030  cb 75 44 75 7e 24 69 ed  ce cf 5c 4b a9 a2 b5 d0  |.uDu~$i...\K....|
+00000040  48 bf 08 d8 1d 16 d9 9f  6d b4 24 ee f1 f3 58 79  |H.......m.$...Xy|
+00000050  4c 19 4c 99 7f 01 a8 80  b1 3c 4e 55 d1 64 75 89  |L.L......<NU.du.|
+00000060  5a 4a a1 fa cb c2 8c e8  0f de 58 05 bb 1b 1d ab  |ZJ........X.....|
+00000070  3a d8 ed 26 af ea 31 b4  7a e2 09 f6 8a 71 ce ab  |:..&..1.z....q..|
+00000080  7c b1 f1 3f 0f 7b 85 64  92 4c 8f e1 6a 2d c8 d0  ||..?.{.d.L..j-..|
+00000090  7b 01 dd 4d 2d 22 ba 7c  85 1e 35 1d d5 59 67 63  |{..M-".|..5..Ygc|
+000000a0  5f 17 88 e4 32 b2 f7 8f  4a b3 46 aa 82 25 8c 93  |_...2...J.F..%..|
+000000b0  61 3c e6 2e b1 48 73 9a  27 d9 d6 b5 5c 0d 75 07  |a<...Hs.'...\.u.|
+000000c0  aa 67 df f4 e4 c4 f3 ef  1f 31 55 a1 82 c6 66 32  |.g.......1U...f2|
+000000d0  e0 8f 29 eb ae e0 73 bf  0a c4 ac a9 f0 bb 18 46  |..)...s........F|
+000000e0  5f 6b 4d 76 55 10 b2 1e  20 22 44 8b 3f 12 03 84  |_kMvU... "D.?...|
+000000f0  d8 71 45 c7 f4 76 9f 99  15 5e 9a 44 08 41 ee d6  |.qE..v...^.D.A..|
+00000100  dd 5f 73 d5 2c 87 6a 0f  97 06 b5 a8 23 71 56 33  |._s.,.j.....#qV3|
+00000110  26 f2 63 fd 3e 3f d9 50  6a 61 64 2a 51 9f e6 19  |&.c.>?.Pjad*Q...|
+00000120  01 2e 5a 1c 8b 12 58 c5  32 e1 3f ea 0b ac 4c 3b  |..Z...X.2.?...L;|
+00000130  1d 97 11 e9 92 6d 52 f0  1e f7 5a f8 71 5f f5 a6  |.....mR...Z.q_..|
+00000140  6b aa 30 4f 85 41 c6 49  83 37 3a 72 86 1a be 7a  |k.0O.A.I.7:r...z|
+00000150  1d bc d6 ad 67 6c 95 42  5d 74 10 8e ac 4b 8d b3  |....gl.B]t...K..|
+00000160  6e 3d 9c 8f 08 71 be ce  ce aa 64 26 62 2a 58 8c  |n=...q....d&b*X.|
+00000170  e4 7b 75 e9 61 90 38 b2  c2 a0 8d c7 a9 11 cf 5b  |.{u.a.8........[|
+00000180  30 a7 33 3b 2b c2 fd 2a  6b db 3d cf 35 6c 23 28  |0.3;+..*k.=.5l#(|
+00000190  14 e4 7b 10 50 e8 00 9f  af 60 69 cf a9 d9 93 f3  |..{.P....`i.....|
+000001a0  8f 7d 39 49 97 5b 92 4a  35 2a 6c 68 3b 48 25 77  |.}9I.[.J5*lh;H%w|
+000001b0  6e d0 57 76 c4 94 83 10  e3 3d 00 e8 b9 fe da d9  |n.Wv.....=......|
+000001c0  a5 56 22 61 e0 f4 33 dd  c8 dd 4d 2f 39 51 35 12  |.V"a..3...M/9Q5.|
+000001d0  9a cb dd e1 03 d3 27 9f  41 71 83 5c c7 6c a3 38  |......'.Aq.\.l.8|
+000001e0  9f db 39 1c 2a f6 4b e0  48 44 61 1b 34 3c bc ed  |..9.*.K.HDa.4<..|
+000001f0  7a 31 c9 9f 8e 82 2d fb  b6 bd 6e 4c 57 76 23 f5  |z1....-...nLWv#.|
+00000200  7d 68 ff 02 75 42 10 e7  2d 24 83 4a 04 7a 78 d7  |}h..uB..-$.J.zx.|
+00000210  60 b2 70 07 3f e4 bc 54  42 65 22 c3 2e aa 35 85  |`.p.?..TBe"...5.|
+00000220  df fa e5 c9 c9 f5 ee 6a  50 82 7a bf 92 96 78 5e  |.......jP.z...x^|
+00000230  a8 ac 2a d1 5e e2 f0 20  6b 51 97 3d 74 71 eb d8  |..*.^.. kQ.=tq..|
+00000240  40 5f 06 72 b6 8c 1c 2a  71 dd 53 38 fb de b6 31  |@_.r...*q.S8...1|
+00000250  53 8d 8f 4e 0f c1 a5 ea  bf 27 fa ed ff 0c 56 34  |S..N.....'....V4|
+00000260  55 88 e1 d2 65 a7 e5 10  02 4d ba 8e ad fa 16 03  |U...e....M......|
+00000270  03 00 35 94 36 93 c6 5e  c8 ec 8e 63 86 7b 13 d6  |..5.6..^...c.{..|
+00000280  78 b2 5d 2f 54 55 5a 41  1c 65 5e b2 69 ab c2 bd  |x.]/TUZA.e^.i...|
+00000290  d9 a3 55 42 d1 96 29 51  c4 38 c4 ec 1f d4 19 6c  |..UB..)Q.8.....l|
+000002a0  2b 82 75 81 37 07 79 35  16 03 03 00 98 d9 a2 ba  |+.u.7.y5........|
+000002b0  86 ca f4 24 e1 e0 72 0e  21 81 f6 c5 d7 0a 1c 17  |...$..r.!.......|
+000002c0  05 1f ce b8 4d d3 d8 e6  13 c8 a6 4d f3 da 0f 4d  |....M......M...M|
+000002d0  e3 21 29 84 78 90 fa 11  a5 06 19 3a cd ca f2 1f  |.!).x......:....|
+000002e0  a2 39 4d b3 03 8d 22 27  eb bc f4 8b b8 61 c0 f3  |.9M..."'.....a..|
+000002f0  70 34 56 80 28 a2 85 1e  21 7c 11 b8 c6 0c 0d bd  |p4V.(...!|......|
+00000300  02 56 8a b5 d5 7b 22 97  3e 70 20 31 00 a0 16 2d  |.V...{".>p 1...-|
+00000310  87 b5 c7 b0 5e 40 2d 08  82 97 38 64 c4 14 e3 16  |....^@-...8d....|
+00000320  0d 6f d1 b1 6b 5f 7c 14  18 66 67 aa 8a b6 6b 66  |.o..k_|..fg...kf|
+00000330  7d e3 68 ca 97 13 ad ca  0a 46 06 6b 4a a9 c0 ee  |}.h......F.kJ...|
+00000340  8b 61 6d 2d cc 14 03 03  00 11 93 6d 0b 63 c5 e2  |.am-.......m.c..|
+00000350  3f 0f da dd f4 7c ae 95  2a e8 65 16 03 03 00 20  |?....|..*.e.... |
+00000360  62 97 ee b8 34 aa be 0a  2c 24 30 6c 89 f2 80 08  |b...4...,$0l....|
+00000370  05 69 bb ad a8 5c 90 21  04 77 96 44 ae 5f d4 d5  |.i...\.!.w.D._..|
 >>> Flow 10 (server to client)
-00000000  14 03 03 00 11 ce 30 2f  ce ec 08 18 13 0f 64 04  |......0/......d.|
-00000010  6d a0 fb 38 04 17 16 03  03 00 20 03 cd 4e 30 0f  |m..8...... ..N0.|
-00000020  e3 c2 1c 52 7d 30 5f 57  e1 2f 50 7b 00 0b 8a 05  |...R}0_W./P{....|
-00000030  2e 4b 15 23 fd e6 82 35  ac 96 5f 17 03 03 00 19  |.K.#...5.._.....|
-00000040  d9 71 23 60 2a 72 ac 2e  43 66 a9 7a a9 71 5f f3  |.q#`*r..Cf.z.q_.|
-00000050  c3 43 72 41 55 49 81 95  43 16 03 03 00 14 c0 af  |.CrAUI..C.......|
-00000060  63 ad 86 4c 8b 44 8d f1  e1 2c 4e b7 a5 54 b4 1d  |c..L.D...,N..T..|
-00000070  68 de                                             |h.|
+00000000  14 03 03 00 11 03 06 35  7b 36 e4 b2 df 80 68 80  |.......5{6....h.|
+00000010  df e3 d6 3c bb b7 16 03  03 00 20 08 9b ed a0 ae  |...<...... .....|
+00000020  e7 f9 42 9a f5 10 21 7a  38 dc a2 6d 27 a8 bc 00  |..B...!z8..m'...|
+00000030  58 85 6a 85 04 b9 3b 3f  ca 26 68 17 03 03 00 19  |X.j...;?.&h.....|
+00000040  d5 24 ff 37 e7 a2 5d eb  f2 45 ca 73 60 3b c3 8c  |.$.7..]..E.s`;..|
+00000050  87 10 d8 31 c3 a2 e5 3d  0f 16 03 03 00 14 31 8a  |...1...=......1.|
+00000060  c9 a6 3a 3e 36 e0 4f d6  f1 f5 67 70 34 8a ab dc  |..:>6.O...gp4...|
+00000070  82 e2                                             |..|
 >>> Flow 11 (client to server)
-00000000  15 03 03 00 12 6d 7f 8e  31 17 7d 45 96 a9 b0 6e  |.....m..1.}E...n|
-00000010  e1 73 b3 f3 f6 51 9a 15  03 03 00 12 ad 22 dc 06  |.s...Q......."..|
-00000020  98 ee b2 2f 09 4b 40 25  84 65 60 88 2e db        |.../.K@%.e`...|
+00000000  15 03 03 00 12 be b2 bb  cf 44 91 f3 b9 71 00 af  |.........D...q..|
+00000010  9e b6 f5 07 64 36 7b 15  03 03 00 12 ae b2 33 16  |....d6{.......3.|
+00000020  de f1 45 31 a5 fd 07 97  6e 57 f8 22 cc b2        |..E1....nW."..|
diff --git a/testdata/Client-TLSv12-RenegotiationRejected b/testdata/Client-TLSv12-RenegotiationRejected
index f7097847..c907c7cb 100644
--- a/testdata/Client-TLSv12-RenegotiationRejected
+++ b/testdata/Client-TLSv12-RenegotiationRejected
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 50 07 ee 50 d2  |....]...Y..P..P.|
-00000010  77 fa a1 bb 19 fa ea 54  12 26 62 e7 0c 84 b9 2e  |w......T.&b.....|
-00000020  b2 b8 c8 19 59 34 b4 3c  60 21 d9 20 4f 36 b8 c7  |....Y4.<`!. O6..|
-00000030  5c ae b8 11 14 0d 67 88  65 37 f1 a5 16 3a af 92  |\.....g.e7...:..|
-00000040  4d 39 ed 9c 20 1c e7 c1  40 e6 ba b8 cc a8 00 00  |M9.. ...@.......|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 ea a3 8e 85 79  |....]...Y......y|
+00000010  9f 41 1f 7e 05 76 70 3d  bd f4 bb f4 dd 49 a6 fd  |.A.~.vp=.....I..|
+00000020  11 83 a9 70 89 86 87 36  2f 09 b9 20 1a 00 de fc  |...p...6/.. ....|
+00000030  6b e5 93 4e da 98 0b e1  a8 93 8d fc 4b c3 48 6b  |k..N........K.Hk|
+00000040  15 6d de fd e3 0f 36 67  61 1c 91 8e cc a8 00 00  |.m....6ga.......|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,36 +62,36 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 5d 84 3d  |............ ].=|
-000002d0  57 67 a5 0a 3d 25 81 c0  82 e0 b9 03 29 4e e1 87  |Wg..=%......)N..|
-000002e0  37 88 c8 9a 6d 7c 4b c9  22 5a ab 5e 68 08 04 00  |7...m|K."Z.^h...|
-000002f0  80 5d 80 99 26 5c 59 a0  7f f1 96 68 9e 02 11 1c  |.]..&\Y....h....|
-00000300  80 89 f1 50 d1 5c 7c 61  29 77 5e c1 4f 42 4b 03  |...P.\|a)w^.OBK.|
-00000310  0d 92 0d 20 c4 f9 e3 60  a7 de 90 b7 5a b8 3b 06  |... ...`....Z.;.|
-00000320  0a 21 4b 9b 5b e9 2f 85  dc 23 af 5a d0 76 0a 74  |.!K.[./..#.Z.v.t|
-00000330  02 64 32 b6 9a 93 d3 b8  65 04 94 f5 c5 be c2 7f  |.d2.....e.......|
-00000340  9b 76 af cf 1f 77 e0 31  3f 63 0e 0e 78 cd f7 9c  |.v...w.1?c..x...|
-00000350  e3 d4 52 e2 80 53 7f 53  35 10 21 b9 9e 48 92 e3  |..R..S.S5.!..H..|
-00000360  ba 7e 3c 13 0c 36 bc 56  3a 00 d3 13 c1 16 f8 33  |.~<..6.V:......3|
-00000370  68 16 03 03 00 04 0e 00  00 00                    |h.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 6a e1 91  |............ j..|
+000002d0  5d 5d fe 77 50 be a5 52  f1 12 43 30 34 aa 46 87  |]].wP..R..C04.F.|
+000002e0  f9 6a 80 37 eb 46 fb 92  d6 ce 18 c4 0b 08 04 00  |.j.7.F..........|
+000002f0  80 46 10 ab ff 45 fe c5  88 5a da d0 07 b5 a1 30  |.F...E...Z.....0|
+00000300  03 d8 b0 5f 88 37 45 75  ef b7 96 5c c9 1f 47 14  |..._.7Eu...\..G.|
+00000310  24 28 de cf 1f c9 c6 a4  0c 41 1b 51 70 7a e6 e8  |$(.......A.Qpz..|
+00000320  88 1b 35 ce 63 e7 4f 2b  02 c9 35 0a 56 b2 2a 59  |..5.c.O+..5.V.*Y|
+00000330  e9 02 53 11 82 f2 f6 18  06 3a 3e 2e 8e 21 78 9d  |..S......:>..!x.|
+00000340  41 43 e2 ed 49 ce 87 cd  93 b7 13 6c 35 6e 4e 95  |AC..I......l5nN.|
+00000350  68 1b 4b 75 de fa ed 48  53 56 54 40 5f 3f 36 cb  |h.Ku...HSVT@_?6.|
+00000360  6b 57 de 3c fc 51 f4 fb  9d 8d 55 2e e9 ce fc 79  |kW.<.Q....U....y|
+00000370  08 16 03 03 00 04 0e 00  00 00                    |..........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 72 e5 4c  81 fd 78 39 f0 bb 37 cd  |.... r.L..x9..7.|
-00000040  b4 47 cb 1b 52 25 08 9a  ab ab 9b 28 d2 b4 72 eb  |.G..R%.....(..r.|
-00000050  b0 db 8f fe 29                                    |....)|
+00000030  16 03 03 00 20 be b4 f9  49 91 3c c8 f8 7c da ef  |.... ...I.<..|..|
+00000040  06 bd d5 9e d3 b4 74 f6  22 2e b8 5c b6 e2 2d 01  |......t."..\..-.|
+00000050  cb d5 3f 94 7f                                    |..?..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 68 26 ca 41 0e  |.......... h&.A.|
-00000010  ab 2f 28 5d 9e 94 17 4f  9f 25 cb 82 aa 3a e5 40  |./(]...O.%...:.@|
-00000020  8a 35 6d a8 72 bf 25 2a  8a 6d 04                 |.5m.r.%*.m.|
+00000000  14 03 03 00 01 01 16 03  03 00 20 21 a2 e6 72 21  |.......... !..r!|
+00000010  6d 45 36 87 6d 3f c9 70  89 1f b3 0a cc c2 5b 18  |mE6.m?.p......[.|
+00000020  27 37 d8 1f 4e 55 f9 9d  07 96 2f                 |'7..NU..../|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 73 e1 3b  86 fb 05 16 9e a9 af 73  |.....s.;.......s|
-00000010  64 72 8b 02 a0 82 7d 70  16 5c d9                 |dr....}p.\.|
+00000000  17 03 03 00 16 81 33 71  a4 ec a6 67 b2 17 ba 80  |......3q...g....|
+00000010  27 80 a1 62 fb 1e ab 3f  cd b9 fe                 |'..b...?...|
 >>> Flow 6 (server to client)
-00000000  16 03 03 00 14 9b 44 8d  b3 1c 77 2c 12 e7 fe 76  |......D...w,...v|
-00000010  31 c9 ab e7 f0 be 32 0a  e3                       |1.....2..|
+00000000  16 03 03 00 14 b3 2b 93  6f bc d1 11 45 fa 9a d3  |......+.o...E...|
+00000010  f3 82 75 6c ce 40 38 21  5e                       |..ul.@8!^|
 >>> Flow 7 (client to server)
-00000000  15 03 03 00 12 00 54 e7  c6 54 b7 ec 24 d4 07 ad  |......T..T..$...|
-00000010  ff a7 39 d2 7b 62 ba 15  03 03 00 12 de ad f4 f7  |..9.{b..........|
-00000020  0b 8b a3 a3 e5 19 b6 45  63 6f dc 7d f3 c4        |.......Eco.}..|
+00000000  15 03 03 00 12 48 45 72  03 40 44 98 c6 db 40 d4  |.....HEr.@D...@.|
+00000010  a6 9b 67 5d 8b c1 a9 15  03 03 00 12 21 d2 4b 7d  |..g]........!.K}|
+00000020  51 c7 3c 53 0b d9 67 90  aa e6 42 e2 8c 83        |Q.<S..g...B...|
diff --git a/testdata/Client-TLSv12-SCT b/testdata/Client-TLSv12-SCT
index 399c5e9e..b598bf2c 100644
--- a/testdata/Client-TLSv12-SCT
+++ b/testdata/Client-TLSv12-SCT
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 01 ca 02 00 01  c6 03 03 9a 84 91 7d 3b  |..............};|
-00000010  31 f1 28 b9 57 a3 5c ea  ac 1c 43 91 1a e3 1a 88  |1.(.W.\...C.....|
-00000020  29 b8 46 87 18 0a 9d 9e  f6 6a 94 20 45 98 c2 a1  |).F......j. E...|
-00000030  3f 98 33 0f b7 d0 e8 53  70 a5 01 4e 0b a1 3b 3a  |?.3....Sp..N..;:|
-00000040  e1 cd 07 a3 b0 96 eb 05  54 26 de d8 cc a8 00 01  |........T&......|
+00000000  16 03 03 01 ca 02 00 01  c6 03 03 28 44 55 f3 f5  |...........(DU..|
+00000010  c1 63 ac 0b fd 1c 29 d3  90 a5 5c 96 2a d9 13 20  |.c....)...\.*.. |
+00000020  fe 96 11 3f 30 0a e1 a9  8e d9 e6 20 ca 40 de 01  |...?0...... .@..|
+00000030  4f 00 88 88 41 0f df af  85 0e 0e 22 9d a7 46 e8  |O...A......"..F.|
+00000040  df 9c 8e 8c 47 5b 94 91  94 06 f4 14 cc a8 00 01  |....G[..........|
 00000050  7e 00 12 01 69 01 67 00  75 00 a4 b9 09 90 b4 18  |~...i.g.u.......|
 00000060  58 14 87 bb 13 a2 cc 67  70 0a 3c 35 98 04 f9 1b  |X......gp.<5....|
 00000070  df b8 e3 77 cd 0e c8 0d  dc 10 00 00 01 47 97 99  |...w.........G..|
@@ -86,31 +85,31 @@
 00000400  43 77 8d 0c 1c f1 0f a1  d8 40 83 61 c9 4c 72 2b  |Cw.......@.a.Lr+|
 00000410  9d ae db 46 06 06 4d f4  c1 b3 3e c0 d1 bd 42 d4  |...F..M...>...B.|
 00000420  db fe 3d 13 60 84 5c 21  d3 3b e9 fa e7 16 03 03  |..=.`.\!.;......|
-00000430  00 ac 0c 00 00 a8 03 00  1d 20 4e e0 4b c5 9b e7  |......... N.K...|
-00000440  1c 85 3a 3f 64 df cb 87  18 94 c2 e2 cd e9 db 5e  |..:?d..........^|
-00000450  44 11 ee e0 89 4d 11 62  57 1a 08 04 00 80 7d 99  |D....M.bW.....}.|
-00000460  22 49 98 12 7b 7c e7 73  99 dc c1 43 7d 6c ed 8d  |"I..{|.s...C}l..|
-00000470  7e f3 d5 66 76 0b cd 5e  5f cc 60 68 8e 8c 30 6f  |~..fv..^_.`h..0o|
-00000480  54 0d 46 ca da a0 82 44  30 fc f1 bc a4 54 a1 49  |T.F....D0....T.I|
-00000490  d1 17 e6 c5 dc fd 08 41  19 5a e1 5b 9a 93 3c 3b  |.......A.Z.[..<;|
-000004a0  3b 0f be 35 51 55 0e 54  1e dc 03 28 0b fa 49 9f  |;..5QU.T...(..I.|
-000004b0  cf c8 d6 18 79 f7 84 92  0a 37 9f b3 88 3a 46 d9  |....y....7...:F.|
-000004c0  dd 7b e5 2b 52 6c a8 06  ac b5 ba 29 32 82 fb eb  |.{.+Rl.....)2...|
-000004d0  62 78 c9 97 c7 5c 03 e9  26 2e 8d 23 db 35 16 03  |bx...\..&..#.5..|
+00000430  00 ac 0c 00 00 a8 03 00  1d 20 26 24 4e d8 a6 cc  |......... &$N...|
+00000440  2f c9 0e 68 d8 20 e3 97  5b c1 08 72 1e 79 46 d9  |/..h. ..[..r.yF.|
+00000450  a6 00 9c e9 f8 21 9b cd  29 17 08 04 00 80 aa 6d  |.....!..)......m|
+00000460  36 bb 06 e6 11 66 82 44  87 5d 81 53 e2 9a 95 11  |6....f.D.].S....|
+00000470  54 a3 cc a7 c9 9c 19 f6  da 98 4f 91 a6 dd 9e 10  |T.........O.....|
+00000480  14 83 04 55 2d 6c 9a af  26 7c 5d f0 aa ca 69 83  |...U-l..&|]...i.|
+00000490  af fe a5 cb a4 1a d4 bd  86 91 52 11 03 4d 9a ca  |..........R..M..|
+000004a0  37 fd 01 48 e8 5d a8 ea  ad a2 a5 08 cb ce 5f 52  |7..H.]........_R|
+000004b0  92 30 83 de 77 2a 06 c2  f2 53 4d 47 40 b9 2f 61  |.0..w*...SMG@./a|
+000004c0  9c 41 c4 05 45 42 5e 42  d5 5e 30 95 30 4e a1 77  |.A..EB^B.^0.0N.w|
+000004d0  79 b5 50 5c df d6 e7 74  42 d8 2b 66 02 fa 16 03  |y.P\...tB.+f....|
 000004e0  03 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 e4 20 73  0f 70 18 f9 ef a2 7a e3  |.... . s.p....z.|
-00000040  73 d2 8d 38 45 61 89 b5  b0 77 1c 39 ba f8 56 ec  |s..8Ea...w.9..V.|
-00000050  04 0b c6 fb 02                                    |.....|
+00000030  16 03 03 00 20 93 c8 47  ed fd 9b 41 69 97 58 97  |.... ..G...Ai.X.|
+00000040  cc 31 9c 93 a6 77 41 36  7a 90 f0 73 13 4a 7d 85  |.1...wA6z..s.J}.|
+00000050  12 20 7d 91 fa                                    |. }..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 a8 e6 38 02 7a  |.......... ..8.z|
-00000010  d2 1c ca b1 79 ae ba 10  b6 ab e2 5e 79 28 06 7f  |....y......^y(..|
-00000020  0c d4 17 fc e3 72 e2 bf  44 4b 5f                 |.....r..DK_|
+00000000  14 03 03 00 01 01 16 03  03 00 20 16 00 35 d2 e0  |.......... ..5..|
+00000010  ad f5 4c 10 98 fb 4f c7  81 1f 05 4b d6 7d 9c ac  |..L...O....K.}..|
+00000020  50 94 84 c8 35 80 ec 54  fc f3 ee                 |P...5..T...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 00 04 dd  86 fc e7 8c c5 67 e6 0f  |.............g..|
-00000010  32 0a 60 1b f8 b6 1c e7  e1 96 8c 15 03 03 00 12  |2.`.............|
-00000020  35 71 48 37 fb f7 d1 3a  94 aa 3f ec c1 99 8a 7c  |5qH7...:..?....||
-00000030  20 4a                                             | J|
+00000000  17 03 03 00 16 83 e6 0f  3a ad c2 28 6c 82 ee 4a  |........:..(l..J|
+00000010  38 47 cc 86 75 70 e2 94  77 e6 6e 15 03 03 00 12  |8G..up..w.n.....|
+00000020  13 c0 a0 4f 02 5e 6f 33  f6 ae d3 52 7d 72 72 a0  |...O.^o3...R}rr.|
+00000030  1e 8d                                             |..|
diff --git a/testdata/Client-TLSv12-X25519-ECDHE b/testdata/Client-TLSv12-X25519-ECDHE
index a0d9a5eb..6f59dc66 100644
--- a/testdata/Client-TLSv12-X25519-ECDHE
+++ b/testdata/Client-TLSv12-X25519-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 16 01 00 01  12 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 12 01 00 01  0e 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,22 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 97 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 93 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
-000000a0  00 0a 00 04 00 02 00 1d  00 0d 00 1a 00 18 08 04  |................|
+000000a0  00 0a 00 04 00 02 00 1d  00 0d 00 16 00 14 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
-000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
-000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
-000000f0  01 00 33 00 26 00 24 00  1d 00 20 2f e5 7d a3 47  |..3.&.$... /.}.G|
-00000100  cd 62 43 15 28 da ac 5f  bb 29 07 30 ff f6 84 af  |.bC.(.._.).0....|
-00000110  c4 cf c2 ed 90 99 5f 58  cb 3b 74                 |......_X.;t|
+000000c0  06 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
+000000d0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
+000000e0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
+000000f0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
+00000100  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
+00000110  90 99 5f 58 cb 3b 74                              |.._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 c1 cb c6 9e f2  |....]...Y.......|
-00000010  92 cb ca eb 42 5a 30 c2  1a 3f d6 ca fc 69 b9 55  |....BZ0..?...i.U|
-00000020  86 21 dd 3f 1d 33 5c 97  a1 1f b9 20 46 58 d4 b8  |.!.?.3\.... FX..|
-00000030  c4 71 e6 30 97 a1 f3 fe  1c 7f ca cd bf c2 95 96  |.q.0............|
-00000040  ef 5c df 54 60 51 f6 e2  47 7c c5 bd c0 2f 00 00  |.\.T`Q..G|.../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 64 5a cc e0 63  |....]...Y..dZ..c|
+00000010  02 82 64 75 5e 2c b3 5f  23 c6 98 c8 95 07 40 00  |..du^,._#.....@.|
+00000020  3e ef fd f6 00 af 81 0c  3a 47 a0 20 a1 fc 21 83  |>.......:G. ..!.|
+00000030  cf 2b 34 5e b7 7b bd ec  bb 8f 26 6a f2 26 7f 8f  |.+4^.{....&j.&..|
+00000040  51 13 6f ba 0d 1a f5 b7  1c 9d 6d 91 c0 2f 00 00  |Q.o.......m../..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -62,33 +62,33 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 d5 3e d5  |............ .>.|
-000002d0  c0 de 8f f1 12 8d 50 f2  97 d1 d6 1d b9 9f 7f 86  |......P.........|
-000002e0  00 38 c7 77 7b 65 44 7d  97 e4 61 a3 77 08 04 00  |.8.w{eD}..a.w...|
-000002f0  80 07 71 57 61 39 64 7c  d0 1e 5d 57 23 5c 18 0c  |..qWa9d|..]W#\..|
-00000300  46 c8 62 e0 41 5a f9 4f  1b 17 d9 25 64 53 9c 41  |F.b.AZ.O...%dS.A|
-00000310  ea 6a fc 01 69 92 4c d1  4e 98 4d c8 d2 7d 5a 8b  |.j..i.L.N.M..}Z.|
-00000320  19 46 9a 54 57 27 12 ba  f2 91 cb 0b 24 08 06 91  |.F.TW'......$...|
-00000330  c0 4d 5a 9e 45 e0 34 87  93 87 59 08 ae cb 5c 08  |.MZ.E.4...Y...\.|
-00000340  05 bf 71 f7 0c 04 57 b9  d4 9c 00 ec bb 55 ee c3  |..q...W......U..|
-00000350  56 ab f9 08 ab 14 f1 f9  27 85 f3 ea 85 26 db bc  |V.......'....&..|
-00000360  25 54 e8 ad 91 0e 07 f1  bc 48 ca c3 54 c2 da 3c  |%T.......H..T..<|
-00000370  26 16 03 03 00 04 0e 00  00 00                    |&.........|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 15 d1 98  |............ ...|
+000002d0  53 f4 98 b6 58 a5 cd 89  bb 32 21 83 4a e5 ad ba  |S...X....2!.J...|
+000002e0  1f ba db d0 4c c5 a3 89  0e 96 9f 59 60 08 04 00  |....L......Y`...|
+000002f0  80 4e 14 a0 a7 33 e8 47  d5 7d 01 26 19 ff 1d 3c  |.N...3.G.}.&...<|
+00000300  2a f9 77 58 84 c0 07 b7  dc cc 82 85 a6 18 e9 33  |*.wX...........3|
+00000310  70 15 04 75 bb 59 59 9c  fa c0 cd b4 b7 f8 a3 0e  |p..u.YY.........|
+00000320  21 cd ac 7d 18 d2 34 e5  a9 c7 a1 5d 86 f3 74 2b  |!..}..4....]..t+|
+00000330  9b b0 21 5f cb 91 7f a0  d8 78 f0 7c 56 e3 69 ec  |..!_.....x.|V.i.|
+00000340  43 55 80 3f 02 d7 e0 10  52 15 4d 1b bc 2c 7f b7  |CU.?....R.M..,..|
+00000350  86 cd 07 5d b9 f1 21 7e  18 da fc f8 45 45 cf 39  |...]..!~....EE.9|
+00000360  62 3e c8 f1 6c 75 f4 fb  fe f8 23 89 6a 0d b5 2e  |b>..lu....#.j...|
+00000370  4d 16 03 03 00 04 0e 00  00 00                    |M.........|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 1c bd 15  |....(...........|
-00000040  e4 c0 92 d5 1d 85 17 46  b8 46 6b 71 ef b4 36 9f  |.......F.Fkq..6.|
-00000050  f4 0c ca a6 81 f8 da 28  63 29 29 d6 2c           |.......(c)).,|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 e3 a2 01  |....(...........|
+00000040  72 d5 55 57 f7 1a da 10  9a 04 7d 33 f4 18 b1 9a  |r.UW......}3....|
+00000050  09 38 45 dd 74 13 21 70  52 9c cc c2 3f           |.8E.t.!pR...?|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 b7 b5 af 79 b7  |..........(...y.|
-00000010  68 6f d7 fa d6 0f 73 8a  51 ea 97 a4 2f b1 29 58  |ho....s.Q.../.)X|
-00000020  73 fd f2 15 17 c6 cd 1b  2d 1a 39 32 17 78 37 fe  |s.......-.92.x7.|
-00000030  87 71 da                                          |.q.|
+00000000  14 03 03 00 01 01 16 03  03 00 28 86 a1 0b 2b ef  |..........(...+.|
+00000010  13 8d 20 82 ad 17 92 64  0b 44 21 0f f0 dd 20 43  |.. ....d.D!... C|
+00000020  4c db 92 3c 25 3a 12 ca  27 56 86 16 ca 9f ba 46  |L..<%:..'V.....F|
+00000030  dc 96 86                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 a5 8f 5d  |...............]|
-00000010  59 44 d3 65 6c bd b1 68  3c d2 ee 1c 5d 8c 92 4c  |YD.el..h<...]..L|
-00000020  c2 89 f3 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  33 c1 b3 d7 37 52 f7 57  3d 00 af 02 e0 e8 9b 6f  |3...7R.W=......o|
-00000040  ad 0f                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 20 7c 62  |............. |b|
+00000010  05 52 7a 91 a7 13 96 96  29 11 1b 1a fe fa ad 7f  |.Rz.....).......|
+00000020  d2 3a 26 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.:&.............|
+00000030  c7 2b 60 1b 9c 6b cb 22  08 f1 e3 c0 44 ab 70 21  |.+`..k."....D.p!|
+00000040  68 48                                             |hH|
diff --git a/testdata/Client-TLSv13-AES128-SHA256 b/testdata/Client-TLSv13-AES128-SHA256
index c6e3f37d..3673b8da 100644
--- a/testdata/Client-TLSv13-AES128-SHA256
+++ b/testdata/Client-TLSv13-AES128-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,87 +7,86 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 75 19 d0 fb e3  |....z...v..u....|
-00000010  11 c7 2a 09 40 fb 18 4b  17 f8 94 3f 54 2b 33 c9  |..*.@..K...?T+3.|
-00000020  96 c6 46 72 a5 92 31 7d  d3 40 d3 20 00 00 00 00  |..Fr..1}.@. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 07 aa 6b aa b6  |....z...v....k..|
+00000010  ef a5 5c 62 d7 05 bb f8  9d ea 03 34 13 bf 00 1f  |..\b.......4....|
+00000020  e6 95 7b ef a5 2b ad e8  20 2f 21 20 00 00 00 00  |..{..+.. /! ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 01 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 df  |..+.....3.$... .|
-00000060  bb 62 90 62 b0 0d ee a9  4f 2a 45 58 9b d4 1d 0b  |.b.b....O*EX....|
-00000070  b8 49 ee 69 3a e4 48 65  a8 5a 94 60 99 00 2e 14  |.I.i:.He.Z.`....|
-00000080  03 03 00 01 01 17 03 03  00 17 5a fa 5d b7 3e 06  |..........Z.].>.|
-00000090  4f 87 9d 8e f7 c6 9d 6c  9a f9 c8 c1 48 69 a0 1f  |O......l....Hi..|
-000000a0  67 17 03 03 02 6d 0f 4d  e4 f2 24 16 18 d7 0f 1f  |g....m.M..$.....|
-000000b0  eb e4 ff f9 71 99 63 21  41 ff e2 65 96 90 07 88  |....q.c!A..e....|
-000000c0  b4 3b 23 8e 28 01 df c7  f3 71 71 36 25 6c d5 fe  |.;#.(....qq6%l..|
-000000d0  e7 7b 94 f3 2f ba e0 b5  02 1a 24 15 66 2f 4b 2c  |.{../.....$.f/K,|
-000000e0  8e ae da 30 67 9b 33 fa  95 bc ea 80 2d 85 b4 93  |...0g.3.....-...|
-000000f0  28 42 f3 af ab 06 b6 a2  20 4e 9a 9a 07 c4 ad 5a  |(B...... N.....Z|
-00000100  ab 91 b6 f4 b3 ae ba 08  19 4d 0b 5a c7 f8 c6 1c  |.........M.Z....|
-00000110  db b8 61 d1 55 5f 02 34  44 cf c4 f1 7b 25 b2 12  |..a.U_.4D...{%..|
-00000120  a0 37 80 3a 3d 47 b0 cc  92 31 8c 41 d9 85 fa ac  |.7.:=G...1.A....|
-00000130  ea 81 49 4e 60 b9 1a dc  2a 61 fa 89 e3 b5 93 b5  |..IN`...*a......|
-00000140  cf 22 65 46 54 56 bc 3c  f9 62 75 bd 04 8f 39 fb  |."eFTV.<.bu...9.|
-00000150  a3 94 92 20 44 5b 74 51  b1 38 fe 48 a4 26 74 82  |... D[tQ.8.H.&t.|
-00000160  ac 11 04 25 a4 76 06 ce  51 47 2f 56 e8 1d 4f 74  |...%.v..QG/V..Ot|
-00000170  d5 5c 00 b7 22 a5 47 3c  17 d5 f3 13 37 8e b0 82  |.\..".G<....7...|
-00000180  da 5f d9 85 05 e7 12 79  0a 22 97 b5 9b 03 2d 61  |._.....y."....-a|
-00000190  ab 19 4c 40 8a 9d d2 08  77 1d cc f0 b7 c7 48 ba  |..L@....w.....H.|
-000001a0  70 c4 e9 7f 1a ba 5b 0a  d2 1e 0c 95 58 e9 f0 56  |p.....[.....X..V|
-000001b0  c2 a6 a3 58 b6 b2 ea 85  55 77 c8 09 be 1a 7e 2c  |...X....Uw....~,|
-000001c0  ac d3 a0 ce 4c 6d 5a 02  c8 d9 7e b8 3b 46 e9 48  |....LmZ...~.;F.H|
-000001d0  73 9b 97 1c 32 fe e1 99  c4 2e ee 81 38 27 12 d0  |s...2.......8'..|
-000001e0  99 4f dd 18 a3 df 93 24  f3 0d 53 11 fe bb ff b7  |.O.....$..S.....|
-000001f0  cf 5e 18 41 01 d4 d3 06  6a f4 5b e3 26 1f 7c fa  |.^.A....j.[.&.|.|
-00000200  ad 9f 61 a3 b3 05 5e b4  bf 94 9c 94 4b c9 3c 63  |..a...^.....K.<c|
-00000210  88 1d b9 df a9 0d 4f 57  78 73 6a 64 cf 29 49 e4  |......OWxsjd.)I.|
-00000220  a3 f8 cb a3 f0 0d 93 c2  56 65 f8 f9 be ad b2 e6  |........Ve......|
-00000230  c6 c7 f5 73 3c 7a 85 e5  e1 73 d4 76 f6 6b 87 da  |...s<z...s.v.k..|
-00000240  99 79 e4 94 d7 77 88 a2  44 cd 60 58 3f 22 67 88  |.y...w..D.`X?"g.|
-00000250  f1 aa 99 3e 1c 04 be 98  b8 87 f7 c8 e3 0f c7 55  |...>...........U|
-00000260  75 01 95 fa 21 f2 5f df  d2 38 88 87 99 b0 10 4d  |u...!._..8.....M|
-00000270  e3 c9 74 28 59 14 90 89  6c 54 83 0b 71 c2 7e 4b  |..t(Y...lT..q.~K|
-00000280  39 21 92 0f ec 0e 98 53  39 75 54 0b 8d 12 6d 57  |9!.....S9uT...mW|
-00000290  4f bd 2a 02 9a 44 ac 45  47 c3 05 71 cc 7e 60 0e  |O.*..D.EG..q.~`.|
-000002a0  93 1b 70 5b 42 4b d6 7f  01 2d 2a 73 ed 52 b2 8d  |..p[BK...-*s.R..|
-000002b0  2f fb 6e 85 5e c6 70 2d  3b e8 3d f1 57 6e c5 f8  |/.n.^.p-;.=.Wn..|
-000002c0  7b f5 85 af 3e c8 64 28  00 24 1e 8a c9 6c f8 e3  |{...>.d(.$...l..|
-000002d0  24 83 50 39 d0 4d b4 23  62 80 7d 6b f8 ee 5a f0  |$.P9.M.#b.}k..Z.|
-000002e0  c8 63 df 43 6e ce 58 b9  39 18 91 82 3c 84 d9 12  |.c.Cn.X.9...<...|
-000002f0  4a 4b 76 67 2c 07 91 97  ac c9 16 9c b5 7a 84 54  |JKvg,........z.T|
-00000300  fb 99 2a 16 0a 00 a3 d6  04 ac 28 f5 d0 34 a6 3c  |..*.......(..4.<|
-00000310  ac 54 50 17 03 03 00 99  5f ec 9a 27 57 7e 33 28  |.TP....._..'W~3(|
-00000320  b3 06 a4 36 6d 4e 59 3e  9a 75 95 3a d2 72 c0 7c  |...6mNY>.u.:.r.||
-00000330  61 54 a5 46 01 91 2d 11  ac 6e 25 15 62 c4 8f 8f  |aT.F..-..n%.b...|
-00000340  f9 a8 a0 2a d1 51 71 12  9b df 4f 6a 1b e9 b1 c2  |...*.Qq...Oj....|
-00000350  eb 83 00 fd 32 53 b3 5d  3b 6c 34 59 e9 42 21 ff  |....2S.];l4Y.B!.|
-00000360  7a 10 c0 81 81 13 01 db  bb ef 8f 29 a3 ca 07 67  |z..........)...g|
-00000370  b8 8f 5d 27 07 9c ed 67  51 f9 35 a7 11 bf 10 f7  |..]'...gQ.5.....|
-00000380  f4 36 d8 dc fd 14 a8 56  18 c8 4e fb be 27 91 5f  |.6.....V..N..'._|
-00000390  6a a4 da 13 32 3d 6c d9  fa 18 5b 13 26 68 e2 a9  |j...2=l...[.&h..|
-000003a0  d2 b6 72 2e dd 7d 69 30  32 fd 24 35 35 a1 1d bd  |..r..}i02.$55...|
-000003b0  03 17 03 03 00 35 05 56  0b a7 86 2f 45 c1 18 c2  |.....5.V.../E...|
-000003c0  ad c5 2f 54 f6 5b b3 eb  45 fc 76 ff c9 60 89 e1  |../T.[..E.v..`..|
-000003d0  f1 e2 3a 28 60 8d e9 54  62 4d 7a 30 4f 8c 73 b7  |..:(`..TbMz0O.s.|
-000003e0  45 10 27 0f e8 56 91 1f  7c 07 3a                 |E.'..V..|.:|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 53  |..+.....3.$... S|
+00000060  3c 5e 7d 61 39 39 6c f7  ea 14 d3 f0 40 23 30 8b  |<^}a99l.....@#0.|
+00000070  7e 1f 41 86 f8 2e 12 0a  f5 67 13 28 46 6f 14 14  |~.A......g.(Fo..|
+00000080  03 03 00 01 01 17 03 03  00 17 a8 64 4a 9d f1 a0  |...........dJ...|
+00000090  3c 1b e3 20 a2 66 80 7f  13 b5 a9 f0 8f ee 5b 4b  |<.. .f........[K|
+000000a0  af 17 03 03 02 6d 26 d2  8f df b4 d5 d3 9a c8 92  |.....m&.........|
+000000b0  4c 32 63 80 6b 5f 99 11  0f 4b be 14 77 55 86 d1  |L2c.k_...K..wU..|
+000000c0  27 94 18 50 27 1c 84 9c  38 03 fb 11 d3 5a ea 64  |'..P'...8....Z.d|
+000000d0  d1 15 47 1d fc cc 6e bf  5e 4d 45 74 f2 ca 44 77  |..G...n.^MEt..Dw|
+000000e0  32 6d 02 3a 9f 44 aa 5c  5d 62 64 ee 44 0d 45 05  |2m.:.D.\]bd.D.E.|
+000000f0  de 40 d0 83 c9 b3 21 39  a0 8f 5b 5a e1 96 2f 0b  |.@....!9..[Z../.|
+00000100  4b 12 da a7 dc 7b 2a 73  14 7f cc 93 fd a8 47 1c  |K....{*s......G.|
+00000110  f7 88 76 5d 30 29 af 65  ac 52 25 04 13 be 96 92  |..v]0).e.R%.....|
+00000120  bb e4 86 a0 b7 c8 67 63  ef cb 1f 78 7e bf 3c 5f  |......gc...x~.<_|
+00000130  7a a6 89 4a 94 f3 2e 01  8b b9 81 21 57 00 5e 26  |z..J.......!W.^&|
+00000140  22 9b eb e0 73 87 cd 77  46 d4 c8 1d 0a 4f d8 83  |"...s..wF....O..|
+00000150  0b 0a 43 3f 37 53 e2 0a  4b bb ef e8 8d 2a dc 51  |..C?7S..K....*.Q|
+00000160  b0 b9 90 7e 1a c5 31 e0  1b 0f 0c 7e 96 7b aa 49  |...~..1....~.{.I|
+00000170  ad 84 b0 0a 75 d6 37 58  bd 7f f6 ac 50 c5 d7 93  |....u.7X....P...|
+00000180  70 ce b1 cd 00 7c 79 1a  e5 ec 04 7b 12 8f fb 80  |p....|y....{....|
+00000190  54 d0 2b a0 9e 83 0d 05  a7 f5 4b e8 b4 36 1c d0  |T.+.......K..6..|
+000001a0  88 34 a6 71 51 d6 cf 59  c9 ad 03 d8 38 f2 15 f0  |.4.qQ..Y....8...|
+000001b0  63 9d 34 a3 f4 bc de 8f  ae 26 97 c0 98 8e 59 4e  |c.4......&....YN|
+000001c0  1f 74 a1 d4 2c 1a 18 20  ef e8 06 58 74 dd ed 40  |.t..,.. ...Xt..@|
+000001d0  50 dd 8b a4 77 15 1b 9e  63 7e c7 11 63 1a a9 d5  |P...w...c~..c...|
+000001e0  16 c2 8f f5 6c ce cd 03  e6 2d cc da 75 1a ce cb  |....l....-..u...|
+000001f0  ea 41 de dd 59 e5 68 90  98 69 76 a3 d0 d4 ed d1  |.A..Y.h..iv.....|
+00000200  e9 9a cd b8 29 73 eb 9c  e6 6f ee 8d 91 84 9e 2e  |....)s...o......|
+00000210  b9 23 2b 04 a0 f6 5f 0b  16 07 49 ae 6f 33 b0 ee  |.#+..._...I.o3..|
+00000220  be ff 75 52 da 7b 06 05  6c 8f 87 1f 48 2f fb 59  |..uR.{..l...H/.Y|
+00000230  79 a6 99 cb a6 0b 73 fb  4c d0 cc eb ba 51 1a 6d  |y.....s.L....Q.m|
+00000240  9a 33 27 e3 f4 cf 16 bc  c0 82 da 21 04 4a 7b e0  |.3'........!.J{.|
+00000250  12 a5 5e de 22 d2 df b4  c4 c9 fa 11 97 7b 07 ea  |..^."........{..|
+00000260  11 c8 2c 55 b8 6d c2 64  6d fa e0 6f b8 5c 50 ae  |..,U.m.dm..o.\P.|
+00000270  a6 2e aa bf 2f 2a 74 2d  1c 11 c2 44 d7 28 b8 5e  |..../*t-...D.(.^|
+00000280  6a 2d bc 0d 2e a7 a2 b6  b6 ae 12 2c a2 c4 ba 5c  |j-.........,...\|
+00000290  0b 3f 17 2e 98 30 ce 6c  8e 88 3c f9 a8 e1 68 8d  |.?...0.l..<...h.|
+000002a0  52 c8 a1 b3 3f 12 e1 35  f0 eb ee 9f 0d bb 3c 90  |R...?..5......<.|
+000002b0  2c e2 2c 95 2e f3 e2 f6  f2 f1 be b8 03 02 84 69  |,.,............i|
+000002c0  56 8f 3b 1d 68 77 f1 52  eb 48 4f e8 c8 5b 0a df  |V.;.hw.R.HO..[..|
+000002d0  a1 74 1e e1 47 a2 9a 9a  83 6d c2 ea f3 1b fc 8f  |.t..G....m......|
+000002e0  b6 aa 18 7e 85 46 ff 33  0b 6e 1f 5b f1 70 c0 45  |...~.F.3.n.[.p.E|
+000002f0  f6 bb a0 da 74 e0 9a 3c  a7 e2 07 ef 0b e5 9a 5b  |....t..<.......[|
+00000300  6e 9b aa 6c a4 97 84 5d  77 f5 33 b8 e3 45 c0 00  |n..l...]w.3..E..|
+00000310  21 c7 91 17 03 03 00 99  ee bf d2 9c 82 9f 68 b4  |!.............h.|
+00000320  5e 15 09 1a 7a c1 f9 72  ff ca 0e d9 f1 9f 7f 8c  |^...z..r........|
+00000330  dc 4a 8d d3 37 7b 81 42  ef 9b 2b 5f 9a 4b 40 8e  |.J..7{.B..+_.K@.|
+00000340  6b 24 53 79 32 b0 d1 24  2a 6f c9 fb a8 82 c1 01  |k$Sy2..$*o......|
+00000350  1e 0b 11 7f 85 c7 ee d4  29 12 08 99 8f 00 ef af  |........).......|
+00000360  2c 5d c5 b1 25 a3 a9 f0  f1 a3 2b f8 7f e6 31 1b  |,]..%.....+...1.|
+00000370  51 20 af 3f a7 4e 5c 3d  73 21 04 0f 2c 5c cd f3  |Q .?.N\=s!..,\..|
+00000380  eb d1 01 ef b0 e3 64 f7  33 d3 05 82 9f a6 71 3b  |......d.3.....q;|
+00000390  b2 ab 08 61 57 ad 74 d1  e2 8f 2c c9 73 c3 e0 ac  |...aW.t...,.s...|
+000003a0  ed 18 4b 70 0d 9a bf ae  b4 db 07 7d 25 3e 7f 3d  |..Kp.......}%>.=|
+000003b0  14 17 03 03 00 35 db be  d2 61 e1 3f a3 0b fe 39  |.....5...a.?...9|
+000003c0  b2 86 42 72 a6 ee 02 90  c2 d1 d1 5c 3d 61 c8 28  |..Br.......\=a.(|
+000003d0  28 7c 01 40 26 f1 e1 f1  81 50 03 4c 6c 32 6d 8b  |(|.@&....P.Ll2m.|
+000003e0  dd 60 cf fc a9 3c fe e1  4d d0 d2                 |.`...<..M..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 f9 89 62 39 dc  |..........5..b9.|
-00000010  cb f6 be b1 6f db 4c 8e  44 3c 1e 13 ba 25 db dc  |....o.L.D<...%..|
-00000020  f1 64 00 ea f3 56 ba 69  00 5b bd 64 05 8d c7 27  |.d...V.i.[.d...'|
-00000030  39 b6 9c 2f ce e4 74 f1  ab 32 59 f1 6d 27 88 58  |9../..t..2Y.m'.X|
-00000040  17 03 03 00 17 90 42 5e  b1 ae d2 d7 71 4e 8f 51  |......B^....qN.Q|
-00000050  91 3b e4 b0 97 ef 35 27  4f 56 79 81 17 03 03 00  |.;....5'OVy.....|
-00000060  13 7b 6b c7 ab bf f2 de  55 52 b0 ee 67 40 ad bd  |.{k.....UR..g@..|
-00000070  6e 4d 22 f8                                       |nM".|
+00000000  14 03 03 00 01 01 17 03  03 00 35 bd 1e ca 07 84  |..........5.....|
+00000010  c8 ba 87 6d d3 ed 53 20  79 76 34 af 30 e6 bf c5  |...m..S yv4.0...|
+00000020  74 a0 d0 b3 13 17 a9 3c  c7 b3 47 5b e7 b4 6d 18  |t......<..G[..m.|
+00000030  e5 3f 12 5c ca c9 26 87  c4 96 c4 9b 45 23 7f f7  |.?.\..&.....E#..|
+00000040  17 03 03 00 17 28 0b 72  a0 6e ac 55 ec c0 b7 21  |.....(.r.n.U...!|
+00000050  3f 7a 16 98 40 76 7d 3c  95 24 98 3b 17 03 03 00  |?z..@v}<.$.;....|
+00000060  13 8e 23 e0 33 31 dc 39  fb 54 a6 a2 63 36 e4 2a  |..#.31.9.T..c6.*|
+00000070  5a 1c bc 09                                       |Z...|
diff --git a/testdata/Client-TLSv13-AES256-SHA384 b/testdata/Client-TLSv13-AES256-SHA384
index 02eb5092..5fcaba0d 100644
--- a/testdata/Client-TLSv13-AES256-SHA384
+++ b/testdata/Client-TLSv13-AES256-SHA384
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,89 +7,88 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 3e 8f 50 19 e5  |....z...v..>.P..|
-00000010  1b d8 bf 48 bf c6 b3 38  d0 a4 9d 33 39 1f 36 72  |...H...8...39.6r|
-00000020  9a a4 7d 9a e5 61 f1 9b  da 0c a3 20 00 00 00 00  |..}..a..... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 76 2d 81 0b a9  |....z...v..v-...|
+00000010  70 b7 fe 52 ef d3 80 c4  1d bf f7 19 99 3c 4c aa  |p..R.........<L.|
+00000020  60 1e c7 10 b0 24 a8 4e  b4 b8 02 20 00 00 00 00  |`....$.N... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 02 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 80  |..+.....3.$... .|
-00000060  d3 4e d4 ec ef 3e 0b c0  9b 8e 6a 91 2b af f2 cf  |.N...>....j.+...|
-00000070  78 13 e0 9b e1 41 60 7d  bd 83 69 d5 dc 1b 6d 14  |x....A`}..i...m.|
-00000080  03 03 00 01 01 17 03 03  00 17 cd 1f b4 38 20 00  |.............8 .|
-00000090  f5 52 89 92 be 23 95 90  92 b4 2a 06 f9 af f7 6c  |.R...#....*....l|
-000000a0  82 17 03 03 02 6d 4d 51  05 22 11 94 f0 2e 66 9b  |.....mMQ."....f.|
-000000b0  d0 bd b8 01 3c 23 03 3a  28 a7 74 80 81 e6 5c 5e  |....<#.:(.t...\^|
-000000c0  48 fb 4d 29 ab b3 17 c6  25 d8 15 ed 63 ef 07 61  |H.M)....%...c..a|
-000000d0  0e 14 44 da 9f 6c c1 57  37 18 34 16 e0 3a 8d ab  |..D..l.W7.4..:..|
-000000e0  98 45 84 79 e0 19 56 26  61 e1 70 c9 7d 7b 55 b0  |.E.y..V&a.p.}{U.|
-000000f0  5c d5 90 60 87 3c 55 f7  5e 4f df fc 05 6e 90 bc  |\..`.<U.^O...n..|
-00000100  7d a0 2a db 56 17 5a e6  b4 85 99 68 2a fa 83 0d  |}.*.V.Z....h*...|
-00000110  40 84 a6 20 1d 5b 30 25  b3 b2 c6 ba 73 88 f4 c1  |@.. .[0%....s...|
-00000120  30 d0 f5 48 a6 52 c9 3e  bd 8d dc 31 1c 84 25 4d  |0..H.R.>...1..%M|
-00000130  ae c0 0f de 5b 44 97 d1  bf f6 7a 84 88 fb 82 7b  |....[D....z....{|
-00000140  79 5d f0 d8 39 a3 21 5a  67 16 b9 68 55 06 bd 50  |y]..9.!Zg..hU..P|
-00000150  f2 83 77 8e e6 60 f3 46  57 d3 96 e1 f7 02 9e 1d  |..w..`.FW.......|
-00000160  d3 f2 29 0b 8e 34 0d 40  0b 1a 06 c5 33 52 bd 78  |..)..4.@....3R.x|
-00000170  4e ff a2 ec 31 a1 c3 57  0d 82 59 ab a7 46 81 94  |N...1..W..Y..F..|
-00000180  4f 31 63 25 75 3f b1 c9  99 ae 8a 60 6f 4a 96 d2  |O1c%u?.....`oJ..|
-00000190  ce 37 4c 7b f4 f9 83 56  7e 4c 0a 6d a1 0c 80 00  |.7L{...V~L.m....|
-000001a0  46 5a a9 fa d6 7c 9a 18  c2 36 b6 19 fa 76 37 65  |FZ...|...6...v7e|
-000001b0  d4 c0 33 37 c3 90 26 df  4e c7 89 65 26 f3 cb 9d  |..37..&.N..e&...|
-000001c0  a2 a0 ae 50 72 89 45 db  fb a1 44 3a 12 9e e7 4e  |...Pr.E...D:...N|
-000001d0  7a b8 aa f8 87 d2 8d 6b  43 ff 66 b7 ad 06 d5 09  |z......kC.f.....|
-000001e0  ac 4e 75 db b2 d1 4c 43  81 26 43 bf a3 af 0f 97  |.Nu...LC.&C.....|
-000001f0  83 a4 37 e1 aa 50 da e7  6b 3f a1 6c 80 ea b2 06  |..7..P..k?.l....|
-00000200  6b 51 b9 b9 b0 83 71 b1  56 fe c7 f6 9e e7 69 1c  |kQ....q.V.....i.|
-00000210  e7 6b ba 0e 46 b9 9d cb  dd 7f 9f bf a3 06 1d ba  |.k..F...........|
-00000220  5f eb 5e 1f dd 76 5f 8c  d7 4e d9 a0 c1 75 28 61  |_.^..v_..N...u(a|
-00000230  ea ef 4a 79 fc a6 8f 87  98 b2 26 ce 4e ae b7 9c  |..Jy......&.N...|
-00000240  ed 73 f3 98 a4 83 56 55  af d7 6d c3 90 fc ec 8d  |.s....VU..m.....|
-00000250  09 b4 a0 80 ac ff bc 1b  0b f9 70 4d 70 2b 19 ab  |..........pMp+..|
-00000260  d0 14 de 7c d2 ca b7 56  7f 19 d6 1a 11 04 50 3d  |...|...V......P=|
-00000270  12 dc 35 c1 ce b9 b0 e4  70 b3 27 4b 26 98 e3 af  |..5.....p.'K&...|
-00000280  7f 42 62 4b 75 33 61 54  2c 0f 03 bd b6 51 e9 5a  |.BbKu3aT,....Q.Z|
-00000290  bd 90 f9 af 8e 5f c2 ed  aa 63 a4 3b c7 e1 cb cc  |....._...c.;....|
-000002a0  8b 0f 48 39 9b 6c 49 08  9b f4 27 d8 d8 92 56 a3  |..H9.lI...'...V.|
-000002b0  ae a9 60 a9 ab 25 3d 3d  ba 36 60 00 39 bd 60 ab  |..`..%==.6`.9.`.|
-000002c0  58 bd 4d c2 ab 13 2d 70  2d ef 0c a3 65 17 45 ad  |X.M...-p-...e.E.|
-000002d0  b2 fc 92 ce cb 74 e9 b1  59 cb b2 f1 c7 06 6b 9d  |.....t..Y.....k.|
-000002e0  12 7a c1 51 3d c8 81 91  88 02 fa be 18 f2 9d 4d  |.z.Q=..........M|
-000002f0  04 53 3f 39 e9 49 1f fb  99 1b 71 94 44 dd 09 c5  |.S?9.I....q.D...|
-00000300  4a c4 71 45 2a d7 8f b9  a3 7d 2f df 23 d0 2c 83  |J.qE*....}/.#.,.|
-00000310  1a 90 0e 17 03 03 00 99  60 fb bc b6 8b 4a 50 fb  |........`....JP.|
-00000320  88 0e 23 81 34 07 98 f8  07 35 5f 12 98 4d a3 63  |..#.4....5_..M.c|
-00000330  c3 05 e7 99 eb 22 fe a9  da 60 25 70 e6 53 40 18  |....."...`%p.S@.|
-00000340  f9 66 c4 3c 0f 3c 9b 7b  3e 86 5f e9 0f 91 4e ea  |.f.<.<.{>._...N.|
-00000350  4f 38 dd ef 1c a8 80 16  ae 59 50 70 23 92 40 22  |O8.......YPp#.@"|
-00000360  01 d6 72 d4 e5 ee e7 b2  aa 07 d0 ac ee 63 8f dc  |..r..........c..|
-00000370  55 29 5e e5 6f be 28 1e  b5 ad ca 9a 30 94 57 16  |U)^.o.(.....0.W.|
-00000380  de 2b ba 7b 4a 50 a8 7a  fa 9d 45 89 d1 3c 97 d3  |.+.{JP.z..E..<..|
-00000390  9d c5 1d de cd d6 80 9b  bd 68 1c e2 8b e3 bb dc  |.........h......|
-000003a0  c5 2a 4d 38 ae d6 b3 1d  2e 35 52 d0 c0 b4 ae fd  |.*M8.....5R.....|
-000003b0  68 17 03 03 00 45 ac f9  bb 95 b5 c3 fb dc e9 21  |h....E.........!|
-000003c0  65 ef a9 2d 9c 6a 6b 51  35 9b 2b a9 6b f4 2f 66  |e..-.jkQ5.+.k./f|
-000003d0  14 9d e0 30 fc eb 43 bb  4f 1b 50 13 65 72 35 74  |...0..C.O.P.er5t|
-000003e0  dd 20 dc 88 54 e4 05 18  d7 02 ca 5b 27 dd 32 e9  |. ..T......['.2.|
-000003f0  a2 68 68 cc 55 ff 25 21  87 13 9b                 |.hh.U.%!...|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 f7  |..+.....3.$... .|
+00000060  88 ec 33 9c 98 e7 6d 31  3f de eb 97 df 15 ad 66  |..3...m1?......f|
+00000070  4c e1 d0 00 45 75 f7 a2  3c 75 11 db 11 12 0e 14  |L...Eu..<u......|
+00000080  03 03 00 01 01 17 03 03  00 17 6f 20 a1 e0 89 ad  |..........o ....|
+00000090  dd 37 b4 76 3a cf ac 65  4e a6 4b fb f6 d8 07 22  |.7.v:..eN.K...."|
+000000a0  8c 17 03 03 02 6d cc b4  a9 5a 14 96 56 64 55 9a  |.....m...Z..VdU.|
+000000b0  69 a2 5c 3c 07 43 f3 2e  16 ee ce 90 81 12 61 88  |i.\<.C........a.|
+000000c0  b9 d8 05 f5 b2 8e 4b 4c  ca 70 c8 8d 62 30 05 8e  |......KL.p..b0..|
+000000d0  0c b1 52 fa b0 67 a1 a7  24 18 e9 bd 09 25 ec 0a  |..R..g..$....%..|
+000000e0  08 dc 70 47 2b 7f aa 57  41 fe 5f 36 15 28 1c 1f  |..pG+..WA._6.(..|
+000000f0  a8 3c b5 4b ec 37 02 ef  5c 24 46 17 10 f2 9a ad  |.<.K.7..\$F.....|
+00000100  78 a1 04 0c 75 a2 a2 73  e1 12 61 2f 81 c3 f2 18  |x...u..s..a/....|
+00000110  fc e5 cf cd 43 44 47 e8  27 c6 d4 d7 e0 c2 63 db  |....CDG.'.....c.|
+00000120  bd 3e c1 10 9d 89 7c 0a  49 2b 4e 55 92 74 0a 1b  |.>....|.I+NU.t..|
+00000130  23 32 9d aa b1 17 15 3d  37 85 42 0e 5f 7c fa 5b  |#2.....=7.B._|.[|
+00000140  b8 ae f3 b9 4d b2 40 b5  e2 de e2 b3 f0 27 a6 f2  |....M.@......'..|
+00000150  0c 28 4b 77 ee 38 dc ec  17 28 18 03 13 85 60 2c  |.(Kw.8...(....`,|
+00000160  ab 16 e1 1c c6 e1 91 e0  5f f3 b6 f7 1c 3b 5f 03  |........_....;_.|
+00000170  6a d5 b0 a0 5b ab 6d 9c  b2 ee 8e 50 49 94 7d db  |j...[.m....PI.}.|
+00000180  3b fe 68 e2 79 3e 2d 33  06 a6 b2 9c 8b 7d 93 04  |;.h.y>-3.....}..|
+00000190  b4 9e 07 6d 15 80 63 38  8e 4b c5 e6 88 a0 6a f2  |...m..c8.K....j.|
+000001a0  11 60 11 7a f7 6e 7e 47  9f fd 77 12 c9 d5 8e 58  |.`.z.n~G..w....X|
+000001b0  84 51 2c f6 fd 2b d1 dc  a6 51 d8 20 3f 06 76 ad  |.Q,..+...Q. ?.v.|
+000001c0  dd 37 b6 e9 86 4e cb 31  76 79 60 26 c7 b4 d5 67  |.7...N.1vy`&...g|
+000001d0  2c 70 22 f4 4d b5 60 61  41 48 65 a8 d0 b5 d8 47  |,p".M.`aAHe....G|
+000001e0  08 bf 5b 67 e8 99 c4 a5  91 1e 36 6b 37 53 7b 65  |..[g......6k7S{e|
+000001f0  ac af 2d df 8e 77 e2 46  1a 65 45 0a 00 f2 8f 9d  |..-..w.F.eE.....|
+00000200  47 1c 93 64 52 c3 d9 91  47 41 88 7f 81 ea 8f 2b  |G..dR...GA.....+|
+00000210  a9 fa 4b d5 9d 6f 30 36  dc af e0 96 b3 f0 e4 6a  |..K..o06.......j|
+00000220  a3 10 cf 0e 53 64 e3 18  52 08 a9 16 e3 6d e9 0a  |....Sd..R....m..|
+00000230  ec 4d a4 f7 f1 ee 38 28  88 31 aa 38 a7 14 09 f4  |.M....8(.1.8....|
+00000240  1a 31 ac 40 46 dd f2 4f  7f ff f4 fc 71 42 61 73  |.1.@F..O....qBas|
+00000250  03 47 9f ec 69 7f 77 e3  91 29 cd 89 7f 45 6b 9d  |.G..i.w..)...Ek.|
+00000260  f5 33 66 8b 74 bc 53 ff  54 c3 af 48 8e d8 25 0a  |.3f.t.S.T..H..%.|
+00000270  99 49 08 29 f3 b2 a5 d0  5b ca 89 e2 d7 f5 5f 40  |.I.)....[....._@|
+00000280  72 6f b4 d6 20 39 79 4a  0e 7c 00 60 68 eb 1e ab  |ro.. 9yJ.|.`h...|
+00000290  ee 38 35 f2 db 83 9c 0b  52 80 15 14 ae 6b dc f5  |.85.....R....k..|
+000002a0  d5 f3 83 cb e7 5f 5c 98  e2 f2 d0 52 68 92 ff f6  |....._\....Rh...|
+000002b0  7a ce ff ae 96 6e ad 11  d2 5e bc 60 16 55 cd 81  |z....n...^.`.U..|
+000002c0  25 67 5b db 76 59 36 a8  48 d6 91 86 4f cb 87 5f  |%g[.vY6.H...O.._|
+000002d0  ea 96 e4 71 df ac 54 5a  a0 e1 0a bd 88 68 ff 0a  |...q..TZ.....h..|
+000002e0  97 be 9b da cf aa e1 b1  74 c9 8d 5f 19 f5 df 53  |........t.._...S|
+000002f0  a0 57 93 7d c3 fe 37 78  2a ba 6b c2 a1 51 41 f4  |.W.}..7x*.k..QA.|
+00000300  ee 57 ed d2 7d 48 14 31  4a f7 14 d4 0e 42 9e fb  |.W..}H.1J....B..|
+00000310  fb f4 cd 17 03 03 00 99  6b 70 ae fc d3 07 5e 7f  |........kp....^.|
+00000320  39 2a 27 34 54 8a b6 4d  39 36 d4 38 0c ed 8c 24  |9*'4T..M96.8...$|
+00000330  fc 29 1d 59 74 99 f1 e1  a1 23 4b 6d 27 31 f4 2d  |.).Yt....#Km'1.-|
+00000340  8b b3 23 aa 92 5f 01 3d  a1 f6 b5 24 8e 56 ea eb  |..#.._.=...$.V..|
+00000350  4e 0a dc 23 ae 32 1b 0d  cb bc 60 87 b7 35 32 5f  |N..#.2....`..52_|
+00000360  10 32 fb 89 32 3f 99 0e  30 0d 65 28 69 c4 3b f8  |.2..2?..0.e(i.;.|
+00000370  6c 04 a5 bf ec e9 aa c4  bc b4 55 e2 d0 09 a1 4b  |l.........U....K|
+00000380  82 f8 a5 37 ab ca 69 f4  bc 24 69 c4 ce 07 6c ee  |...7..i..$i...l.|
+00000390  d6 08 92 14 41 ca 8f c8  c9 37 ae b5 f3 29 ff 69  |....A....7...).i|
+000003a0  7a 18 4e 93 dd eb 52 58  d2 6b 22 6d b6 29 70 b3  |z.N...RX.k"m.)p.|
+000003b0  ea 17 03 03 00 45 10 35  86 2e d4 e3 92 35 a3 0e  |.....E.5.....5..|
+000003c0  a1 cd 79 11 05 cd 77 c4  93 f4 6a ba f8 fc 4b bd  |..y...w...j...K.|
+000003d0  63 5d c0 2d a0 c9 c2 2a  10 79 e9 0c bc 0b 18 c1  |c].-...*.y......|
+000003e0  15 18 c0 8a d7 05 39 f1  de 6e 8e cb dd 73 5f ee  |......9..n...s_.|
+000003f0  28 93 f9 92 35 56 1f c1  e4 8d 89                 |(...5V.....|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 45 87 09 9a a9 a0  |..........E.....|
-00000010  6a 25 7e 7f ef f2 95 97  45 9f 25 b3 fc 70 1d a5  |j%~.....E.%..p..|
-00000020  c5 e3 bc 95 95 c2 2e 9b  46 d9 cd 5e 04 29 33 9f  |........F..^.)3.|
-00000030  8c 35 d5 b0 4c 35 e7 f4  02 1a 1a 9f 07 e5 e4 9d  |.5..L5..........|
-00000040  6f 63 35 d5 c9 21 9f 90  95 a5 14 14 fc 8a bb 41  |oc5..!.........A|
-00000050  17 03 03 00 17 3d e1 e9  33 73 b4 29 68 d2 50 d2  |.....=..3s.)h.P.|
-00000060  58 9b 85 21 07 3a a8 87  92 37 53 90 17 03 03 00  |X..!.:...7S.....|
-00000070  13 24 0a cf 8a 3e 88 9d  9f 57 81 26 10 06 fc 70  |.$...>...W.&...p|
-00000080  1d fa da 81                                       |....|
+00000000  14 03 03 00 01 01 17 03  03 00 45 2f 08 54 f6 2b  |..........E/.T.+|
+00000010  fd 13 5d 87 d3 b6 73 5e  20 88 af 53 db 7e 3c 37  |..]...s^ ..S.~<7|
+00000020  1d 52 a4 ae 91 3f 24 a7  30 26 02 da 13 f3 c5 60  |.R...?$.0&.....`|
+00000030  28 e6 eb 8f e1 1b 58 2d  bb d0 06 c4 67 33 1c a1  |(.....X-....g3..|
+00000040  03 cb 16 56 1b 91 06 08  b6 34 c5 de 97 04 ee f0  |...V.....4......|
+00000050  17 03 03 00 17 6c 7e 3d  5d 98 4e 42 81 42 c5 2c  |.....l~=].NB.B.,|
+00000060  b2 c2 d3 c9 58 bc 13 bc  61 cd 63 f2 17 03 03 00  |....X...a.c.....|
+00000070  13 83 c7 4a b6 10 69 b4  16 be 25 a1 db cb c9 94  |...J..i...%.....|
+00000080  8f a2 27 22                                       |..'"|
diff --git a/testdata/Client-TLSv13-ALPN b/testdata/Client-TLSv13-ALPN
index d83b2700..ff0989c5 100644
--- a/testdata/Client-TLSv13-ALPN
+++ b/testdata/Client-TLSv13-ALPN
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 30 01 00 01  2c 03 03 00 00 00 00 00  |....0...,.......|
+00000000  16 03 01 01 2c 01 00 01  28 03 03 00 00 00 00 00  |....,...(.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,89 +7,89 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 b1 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 ad 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 10 00 10 00 0e  |................|
-000000f0  06 70 72 6f 74 6f 32 06  70 72 6f 74 6f 31 00 2b  |.proto2.proto1.+|
-00000100  00 09 08 03 04 03 03 03  02 03 01 00 33 00 26 00  |............3.&.|
-00000110  24 00 1d 00 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |$... /.}.G.bC.(.|
-00000120  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
-00000130  5f 58 cb 3b 74                                    |_X.;t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 10  00 10 00 0e 06 70 72 6f  |.............pro|
+000000f0  74 6f 32 06 70 72 6f 74  6f 31 00 2b 00 09 08 03  |to2.proto1.+....|
+00000100  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
+00000110  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
+00000120  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
+00000130  74                                                |t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 cb f0 b7 02 94  |....z...v.......|
-00000010  1a 0a b2 1d 4b 7c 43 99  cb 50 bd aa 72 80 91 98  |....K|C..P..r...|
-00000020  bc 29 68 eb bd 81 b5 32  7c fe 9b 20 00 00 00 00  |.)h....2|.. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 bb 72 d9 b8 e5  |....z...v...r...|
+00000010  0b 80 14 4c 16 9b 86 ec  26 62 f2 f9 00 85 a6 ae  |...L....&b......|
+00000020  44 f4 27 c4 13 67 4a 2e  96 e6 33 20 00 00 00 00  |D.'..gJ...3 ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 78  |..+.....3.$... x|
-00000060  05 c7 69 04 93 8d 93 d7  d3 eb 0b 00 70 98 99 c1  |..i.........p...|
-00000070  2a a9 84 7f e5 6c 4c d0  b1 f3 10 71 11 c6 78 14  |*....lL....q..x.|
-00000080  03 03 00 01 01 17 03 03  00 24 6d 09 77 65 0f 29  |.........$m.we.)|
-00000090  b9 e5 1d df a9 e7 98 f6  f3 37 70 4b 8f cf 49 db  |.........7pK..I.|
-000000a0  fb 8f 73 fc 7f 9e ea e0  a0 35 ee 93 a0 34 17 03  |..s......5...4..|
-000000b0  03 02 6d 90 a9 c1 79 ef  b1 e3 7a 7d 3d f6 8e bd  |..m...y...z}=...|
-000000c0  18 04 6a 1c d4 72 52 ad  36 fc 21 c6 0b 94 8b 98  |..j..rR.6.!.....|
-000000d0  0e 98 54 c5 ff 3c 6d d2  15 c4 63 51 a6 00 4b 28  |..T..<m...cQ..K(|
-000000e0  c7 63 61 5c 09 0d 15 fc  53 0d fa b6 59 ff c9 82  |.ca\....S...Y...|
-000000f0  e1 93 6d 3d b0 24 b2 5d  23 d1 da 61 7f c9 79 32  |..m=.$.]#..a..y2|
-00000100  65 5f 41 6e 49 28 8e 1f  cd 7e 12 98 48 c9 79 ea  |e_AnI(...~..H.y.|
-00000110  db 5a 7f d5 4b dc 41 3c  64 5d 50 83 a2 2b 8c d2  |.Z..K.A<d]P..+..|
-00000120  d7 9e 96 99 25 05 b6 5c  48 62 1c 65 f7 2a a2 77  |....%..\Hb.e.*.w|
-00000130  df 46 30 8f 8a 39 9f 79  49 2d 47 97 75 b7 26 a3  |.F0..9.yI-G.u.&.|
-00000140  5b ee 67 f0 67 ae 1a 9d  f2 77 2f b6 3a 70 52 f8  |[.g.g....w/.:pR.|
-00000150  5d 26 58 21 9e 73 6a 00  99 75 bb 8e 8d b0 2c b9  |]&X!.sj..u....,.|
-00000160  05 cf 69 fe ec 45 06 d5  1d ca f9 c3 08 97 c0 e9  |..i..E..........|
-00000170  38 d8 76 27 d4 4b 40 42  f8 73 bf 7b 4b 42 5e 13  |8.v'.K@B.s.{KB^.|
-00000180  11 7e 75 af 92 7f 47 92  9e d8 15 b4 07 10 bf 74  |.~u...G........t|
-00000190  4f 55 4e 0d 4c 53 b6 5c  f8 07 87 40 0f 79 4e 76  |OUN.LS.\...@.yNv|
-000001a0  0a 19 48 48 37 a6 3c a1  69 56 5f 85 19 61 84 28  |..HH7.<.iV_..a.(|
-000001b0  8c 01 cf 0b 79 94 0f 31  e9 ca ad 5e fb a4 4e 21  |....y..1...^..N!|
-000001c0  13 de b7 d3 fd 38 6f c6  37 42 23 89 e1 23 e0 92  |.....8o.7B#..#..|
-000001d0  f4 ca 3b 92 b4 6d 87 32  11 c6 b5 80 27 d9 de b3  |..;..m.2....'...|
-000001e0  80 fa c4 0d a7 de 0a b3  39 79 3a bc 38 e0 fa 5c  |........9y:.8..\|
-000001f0  ec 3f ab cb a7 d9 02 c4  56 6b f8 90 73 50 98 be  |.?......Vk..sP..|
-00000200  0f ad 95 22 3e 20 97 7c  50 f9 8d 8a 43 4a 20 d1  |..."> .|P...CJ .|
-00000210  68 1c 2f bf 4e 72 a0 51  9f 22 d1 51 bf b4 b0 b1  |h./.Nr.Q.".Q....|
-00000220  fe 78 2b 0e a9 6d f1 27  82 46 a9 2d 43 73 29 0c  |.x+..m.'.F.-Cs).|
-00000230  c2 6d f8 0c c9 78 d3 ba  5d 5f 96 13 fd 2f 1f e9  |.m...x..]_.../..|
-00000240  8f 93 e6 61 7e 0e 07 49  cb 5c af 51 72 85 67 b8  |...a~..I.\.Qr.g.|
-00000250  63 e8 f9 4f 7c d7 e4 d1  25 c0 ed 26 de 1f 65 d4  |c..O|...%..&..e.|
-00000260  2a 3b 23 30 38 12 56 97  01 f1 bd 3f 96 23 72 89  |*;#08.V....?.#r.|
-00000270  2e 88 d6 6a 9f 52 a7 3e  42 72 dc c4 e0 05 81 42  |...j.R.>Br.....B|
-00000280  45 e1 c5 6f 32 82 bf 4e  38 a0 06 eb 99 2c 8b 79  |E..o2..N8....,.y|
-00000290  f9 2e a7 26 3a 78 fd 90  66 7c 0f 53 4c 4a 00 c2  |...&:x..f|.SLJ..|
-000002a0  9d 48 2c a5 37 02 e0 cd  5d 16 1c d4 ee 03 79 71  |.H,.7...].....yq|
-000002b0  c6 c2 e4 15 98 6b 40 bb  e9 b6 21 a1 e7 fc 68 b2  |.....k@...!...h.|
-000002c0  70 cb d5 e1 5b 2d f7 b7  6b d5 2c 50 19 8a 6a 50  |p...[-..k.,P..jP|
-000002d0  54 97 bc 90 2b b2 20 6a  9c 96 5d cf d0 5f 9a 6d  |T...+. j..].._.m|
-000002e0  b4 70 33 ba 83 2d f7 86  41 8b 88 20 51 ae a8 02  |.p3..-..A.. Q...|
-000002f0  af 63 ea 1c 0c b0 99 19  73 56 02 68 a9 50 b2 43  |.c......sV.h.P.C|
-00000300  6b 9c 5d c2 f3 48 dd fe  a3 7c 2b 28 a5 e5 25 ed  |k.]..H...|+(..%.|
-00000310  05 14 a3 d6 63 25 2e 44  4e f9 fd 6d 9e 16 ae e6  |....c%.DN..m....|
-00000320  17 03 03 00 99 b8 3d db  c6 ee 13 dd 97 29 32 71  |......=......)2q|
-00000330  67 28 89 90 cf c5 23 4a  9e 94 31 7c 5d 6c b3 7c  |g(....#J..1|]l.||
-00000340  46 a6 b2 98 c2 e2 b9 a6  c1 7d fd 22 5c 7b 88 67  |F........}."\{.g|
-00000350  cc c6 4a 82 83 f9 8a 09  8b 2c d5 9f 0f c3 1d 23  |..J......,.....#|
-00000360  b5 27 89 ba 5e 0f 74 96  58 da 5e 3f 63 b2 f3 44  |.'..^.t.X.^?c..D|
-00000370  31 86 d0 da 18 54 eb 34  89 fc 11 ee 8e af c1 42  |1....T.4.......B|
-00000380  bd 6b 31 c3 f1 54 96 fd  86 37 0d 20 b9 70 3b 88  |.k1..T...7. .p;.|
-00000390  20 87 c3 9f 1a 6b 90 7d  84 1d 69 42 01 bc 3d 81  | ....k.}..iB..=.|
-000003a0  c9 ea 82 a3 d1 18 bf 4c  3a dc d4 db 92 cc 5d b2  |.......L:.....].|
-000003b0  f2 dd b4 17 39 13 ef 45  cc 66 4d d1 f2 a4 17 03  |....9..E.fM.....|
-000003c0  03 00 35 3f 02 3e 15 06  ad 50 e9 14 30 be 33 d9  |..5?.>...P..0.3.|
-000003d0  18 1c 44 df 42 fa 3f aa  84 31 a7 b3 d8 3c 8e 04  |..D.B.?..1...<..|
-000003e0  b3 fc 41 66 4a f0 71 03  0d 0b b5 46 f1 34 f5 37  |..AfJ.q....F.4.7|
-000003f0  4c 1c 1a 05 75 98 58 f3                           |L...u.X.|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 69  |..+.....3.$... i|
+00000060  d7 31 51 9b e6 1d 98 09  9f 5f 6c 05 10 ba 64 b5  |.1Q......_l...d.|
+00000070  b9 8f b8 c0 2a c1 7f 89  13 ed 04 38 e9 78 43 14  |....*......8.xC.|
+00000080  03 03 00 01 01 17 03 03  00 24 99 f3 d5 db e2 35  |.........$.....5|
+00000090  4b fb b2 05 e6 03 c2 f2  c4 ea 64 d2 e4 d3 17 e7  |K.........d.....|
+000000a0  72 34 e8 b2 d6 61 91 3b  b3 03 ea 1c 33 57 17 03  |r4...a.;....3W..|
+000000b0  03 02 6d 22 da 71 90 42  da 0a 03 52 98 42 e3 71  |..m".q.B...R.B.q|
+000000c0  db 57 e0 9d 70 89 4b 4c  a9 a5 4d 39 02 19 f1 09  |.W..p.KL..M9....|
+000000d0  5a 9c 33 c9 f2 8d 7e 78  c3 b3 ae 1b 2c 7b 73 ef  |Z.3...~x....,{s.|
+000000e0  3a ad d8 51 82 90 bc 6b  0d 6f a6 f0 46 8d 72 29  |:..Q...k.o..F.r)|
+000000f0  ca 84 d8 b1 27 e3 8d 8f  f5 ce f0 f0 d9 2f 9c 71  |....'......../.q|
+00000100  b9 bc 89 af 92 18 d2 c9  07 b2 eb 94 40 42 d2 7a  |............@B.z|
+00000110  c8 be 49 35 b6 b7 f3 b9  64 c1 56 fe fc d8 11 04  |..I5....d.V.....|
+00000120  6c d7 e9 18 98 29 eb d5  6f 59 0d fa 25 85 f7 3c  |l....)..oY..%..<|
+00000130  df 76 d9 52 10 72 59 d6  36 5b b0 54 01 1d ac 9e  |.v.R.rY.6[.T....|
+00000140  9b 86 5f 5b ee 18 74 ec  8e 8b da 0f df 71 50 e2  |.._[..t......qP.|
+00000150  cd 58 98 23 a0 21 94 ac  eb db 3a fe f6 8d aa cc  |.X.#.!....:.....|
+00000160  21 23 e6 35 f7 0e 42 0e  50 48 14 22 f3 83 91 3d  |!#.5..B.PH."...=|
+00000170  73 22 5b 74 e7 e8 d1 b5  ee cd 7e c3 ee 0d 13 a9  |s"[t......~.....|
+00000180  aa ae 0b 12 b0 3a 9d 6f  01 68 27 e4 62 e0 0e 67  |.....:.o.h'.b..g|
+00000190  e4 de 69 74 8d f1 7a 3b  16 bb 1d a0 ad bf c5 4b  |..it..z;.......K|
+000001a0  50 9e b0 dc 08 73 14 99  c9 ad de 04 df 75 09 de  |P....s.......u..|
+000001b0  e4 27 ec 2b 75 79 db 82  8c aa 42 af 40 df 32 0e  |.'.+uy....B.@.2.|
+000001c0  e6 1d 93 d1 00 f7 18 59  43 9c 03 6c f7 bf ac a2  |.......YC..l....|
+000001d0  8b 10 be b1 a8 b6 4e 84  2b c0 ff 87 4d 26 c2 8f  |......N.+...M&..|
+000001e0  63 64 7a 66 a6 12 0b e4  06 9e ff af fe 03 55 c7  |cdzf..........U.|
+000001f0  13 92 22 ec ed 89 76 2d  36 8a 4a 92 f1 a5 b6 ac  |.."...v-6.J.....|
+00000200  d4 19 46 9d f3 e0 52 6d  01 ee bf ab d5 17 c0 33  |..F...Rm.......3|
+00000210  b5 81 e1 81 a2 e9 44 b7  20 0e f4 f0 35 bb d4 8d  |......D. ...5...|
+00000220  bc 83 fc 59 fb 1d 5e e0  c4 4c 9e cc c3 72 b7 3d  |...Y..^..L...r.=|
+00000230  01 a4 f2 df e2 a7 44 d1  f1 20 90 31 53 09 50 eb  |......D.. .1S.P.|
+00000240  80 85 23 52 68 7d b2 51  60 0c 00 87 c3 42 88 07  |..#Rh}.Q`....B..|
+00000250  de 59 fd 3d 68 a3 22 50  cb 67 43 94 02 77 24 6a  |.Y.=h."P.gC..w$j|
+00000260  8d a4 4f 85 7f 19 a0 b5  10 76 2a 85 4c 84 12 e3  |..O......v*.L...|
+00000270  f7 ce b8 30 9f d0 9f 8a  26 42 28 f4 cb f7 c4 c2  |...0....&B(.....|
+00000280  aa 34 c2 72 64 dc 6d 9d  d4 26 2f 14 4d 97 2c 00  |.4.rd.m..&/.M.,.|
+00000290  2d 46 0f 07 9c 3d 76 d4  55 a7 15 13 b2 41 e3 f4  |-F...=v.U....A..|
+000002a0  33 ae 1b 26 68 43 62 de  c1 c2 61 26 08 1b 20 13  |3..&hCb...a&.. .|
+000002b0  bc 58 72 c2 16 fe 4d 2e  68 8b 31 61 ac c9 55 c5  |.Xr...M.h.1a..U.|
+000002c0  3c 5a 77 c2 61 47 4a d6  0d c4 8a bc bb 63 ca ea  |<Zw.aGJ......c..|
+000002d0  32 77 61 86 75 b6 9a 17  d9 68 cb 23 ab cb 06 51  |2wa.u....h.#...Q|
+000002e0  44 0a 87 07 b5 60 ef d4  e6 4f 95 7b 27 80 f2 99  |D....`...O.{'...|
+000002f0  10 cf b8 d1 2f 45 76 58  7e 34 bf 7c 93 eb ed 69  |..../EvX~4.|...i|
+00000300  26 7e 2d 8c 88 02 2a 2c  9e 8c 5f e6 f8 d7 7e 92  |&~-...*,.._...~.|
+00000310  9b 9b 49 ba e7 af 38 c7  46 50 c9 c4 b1 c7 ab 42  |..I...8.FP.....B|
+00000320  17 03 03 00 99 ee 16 d6  9d fb d1 a0 d5 26 b9 91  |.............&..|
+00000330  9d ef e8 18 98 2a 6a ba  9c b7 f7 94 79 89 70 1d  |.....*j.....y.p.|
+00000340  4c f5 82 07 fe 2a 52 00  95 e4 5b bc 43 f5 0b b8  |L....*R...[.C...|
+00000350  bb a2 d0 d2 12 1b 15 a2  e9 e2 ab a0 81 3d 84 5c  |.............=.\|
+00000360  1e 66 57 d2 0a bc d3 38  f7 ed fe 52 3d 43 02 f2  |.fW....8...R=C..|
+00000370  42 aa 04 5e 12 4f ad 0b  d6 43 a7 13 15 8c f7 a0  |B..^.O...C......|
+00000380  69 1c 12 d3 c7 6f 7c aa  19 c5 8a ad 5a 42 a0 69  |i....o|.....ZB.i|
+00000390  d5 ee be ee 76 fc 38 71  59 fe e9 46 df e1 e1 50  |....v.8qY..F...P|
+000003a0  57 8a 36 ea 50 ad 23 10  ae 26 45 49 a2 65 e7 ee  |W.6.P.#..&EI.e..|
+000003b0  2f a5 bc 9f 14 8e 70 89  5c 29 0e 75 fd 88 17 03  |/.....p.\).u....|
+000003c0  03 00 35 d2 0a 4e 43 dc  51 35 78 5d 04 7a 86 6c  |..5..NC.Q5x].z.l|
+000003d0  62 3e 30 bb b3 e1 02 38  62 41 ce 4c 39 34 d9 e8  |b>0....8bA.L94..|
+000003e0  ee 48 70 3c 23 65 90 cb  f9 4f 76 72 dd f3 64 83  |.Hp<#e...Ovr..d.|
+000003f0  23 38 79 13 d2 93 57 fb                           |#8y...W.|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 61 48 9d d3 32  |..........5aH..2|
-00000010  7b ac 9d 5a c5 29 b2 4f  74 ef b8 8e f0 1e b9 33  |{..Z.).Ot......3|
-00000020  4f cb db 0b 3e 49 47 44  64 ce 16 6b e4 a2 7c 8a  |O...>IGDd..k..|.|
-00000030  cc e4 01 9e bd 3d a7 30  cd a1 ff 23 d2 fc 7f fc  |.....=.0...#....|
-00000040  17 03 03 00 17 6b a9 a0  55 b2 53 19 0f 58 7c 79  |.....k..U.S..X|y|
-00000050  5a 19 9a 4a 9b 1b 77 8d  78 9c 9c b6 17 03 03 00  |Z..J..w.x.......|
-00000060  13 f0 e9 91 46 e4 0a a1  0f e9 43 8e 10 d7 61 80  |....F.....C...a.|
-00000070  95 4b db 96                                       |.K..|
+00000000  14 03 03 00 01 01 17 03  03 00 35 f1 1a 54 a4 02  |..........5..T..|
+00000010  59 df 81 64 1d 06 93 27  55 41 83 40 9c a0 fa 44  |Y..d...'UA.@...D|
+00000020  dd 80 16 6b ed fb 36 ec  0d 49 ee 93 99 84 55 30  |...k..6..I....U0|
+00000030  94 4c 46 7a b9 ba db f0  6a e5 90 ce 58 b1 95 2e  |.LFz....j...X...|
+00000040  17 03 03 00 17 ed 07 24  e5 f8 f3 91 4c f1 05 dc  |.......$....L...|
+00000050  d0 ea a5 c2 cd fb bf 14  45 99 69 53 17 03 03 00  |........E.iS....|
+00000060  13 d7 bf a6 c1 66 5d 7b  00 fb 5a 6e b8 81 99 3a  |.....f]{..Zn...:|
+00000070  30 08 a2 3c                                       |0..<|
diff --git a/testdata/Client-TLSv13-CHACHA20-SHA256 b/testdata/Client-TLSv13-CHACHA20-SHA256
index 6becede6..f2c1cb49 100644
--- a/testdata/Client-TLSv13-CHACHA20-SHA256
+++ b/testdata/Client-TLSv13-CHACHA20-SHA256
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,87 +7,86 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 37 bf a4 0d 23  |....z...v..7...#|
-00000010  be 83 2a 9d 84 f6 de 1c  53 be 13 92 f3 de 35 a9  |..*.....S.....5.|
-00000020  cc 95 6d e1 c6 05 2f 53  a6 ce 9f 20 00 00 00 00  |..m.../S... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 f9 23 d9 5d 6c  |....z...v...#.]l|
+00000010  ae 6b 63 2a d8 2c a0 27  8e 7b 39 29 35 04 0e a9  |.kc*.,.'.{9)5...|
+00000020  31 f7 a0 c5 77 a7 f3 c5  25 ca 2f 20 00 00 00 00  |1...w...%./ ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 3d  |..+.....3.$... =|
-00000060  1c 09 5d 44 bc 3f 39 2d  9a dd c1 15 0f dc 5d 7c  |..]D.?9-......]||
-00000070  93 06 89 42 27 f0 cd 63  55 3e 74 3f 87 10 7a 14  |...B'..cU>t?..z.|
-00000080  03 03 00 01 01 17 03 03  00 17 bd 92 4d 21 8d dc  |............M!..|
-00000090  7b 19 1b f9 44 64 38 5c  61 c3 19 70 75 29 05 e8  |{...Dd8\a..pu)..|
-000000a0  ef 17 03 03 02 6d a4 a0  79 ad 41 c1 d2 6b 78 fd  |.....m..y.A..kx.|
-000000b0  4b 1f 6f 72 c4 92 94 17  dd 40 80 b6 f2 a0 85 4d  |K.or.....@.....M|
-000000c0  ba 4c 3a 34 80 67 21 2f  6d 2e fc 4e a8 2b ab 86  |.L:4.g!/m..N.+..|
-000000d0  18 6c 03 2d e6 ac 2c 3c  ce 4c 2d ff 7d fd 44 fc  |.l.-..,<.L-.}.D.|
-000000e0  4e 1d 62 c5 b1 22 60 6c  56 1e 6d bf d8 90 02 cb  |N.b.."`lV.m.....|
-000000f0  d2 6c 52 7c f3 51 11 49  62 7a f0 f3 8f 51 bf 0e  |.lR|.Q.Ibz...Q..|
-00000100  bc 07 9b 1f d9 32 26 d8  c5 01 4d 84 31 3f 4b 33  |.....2&...M.1?K3|
-00000110  d0 c7 0c 86 89 bc 88 7d  70 6d 70 38 89 5b 8c d0  |.......}pmp8.[..|
-00000120  4d c0 9d 35 20 50 52 c7  5d 9c b3 51 30 46 6a 12  |M..5 PR.]..Q0Fj.|
-00000130  54 36 34 55 9a 25 43 39  28 40 13 9a 56 fa a7 f9  |T64U.%C9(@..V...|
-00000140  1f 3c 0f da fb ce c2 ed  da 9f 6c 99 53 76 74 a8  |.<........l.Svt.|
-00000150  4b 62 8a 55 cf a1 bc 5f  10 bb 8e 77 c8 4f bd 1b  |Kb.U..._...w.O..|
-00000160  d4 72 07 00 4c 8b b6 d7  3a 1a 43 93 34 b4 0a 2d  |.r..L...:.C.4..-|
-00000170  62 62 a1 e6 96 1a 71 38  a9 06 ae 6f ca 08 6f 52  |bb....q8...o..oR|
-00000180  09 c7 c8 37 13 4c 3b be  7b 60 29 7b d4 28 3e 71  |...7.L;.{`){.(>q|
-00000190  55 29 bd ab 62 3c 90 1f  8c ed 55 5d 81 85 0b 63  |U)..b<....U]...c|
-000001a0  57 8e f9 50 eb b8 3e c6  e0 b0 fa cc 68 42 41 0c  |W..P..>.....hBA.|
-000001b0  b0 34 f7 5d 39 f4 cd fe  9c ac 42 78 60 b2 27 55  |.4.]9.....Bx`.'U|
-000001c0  c2 2e e0 aa 84 00 8f 80  11 d2 52 92 78 2d b7 f6  |..........R.x-..|
-000001d0  70 37 e8 87 0b 13 04 29  5b a2 50 fb 4d ad 5e 98  |p7.....)[.P.M.^.|
-000001e0  59 a1 f7 7a 80 30 42 c2  59 96 97 f8 47 88 25 f3  |Y..z.0B.Y...G.%.|
-000001f0  25 02 ec 9c f3 93 97 63  b1 b2 90 0a 96 66 17 68  |%......c.....f.h|
-00000200  3d f0 32 5b d2 4a 3b 97  95 30 f1 22 be f9 04 87  |=.2[.J;..0."....|
-00000210  8d 58 d6 81 62 00 85 6c  76 07 c4 7d 05 42 0e 25  |.X..b..lv..}.B.%|
-00000220  7b 0d 92 42 bb 8a 36 47  11 2f f1 59 aa 01 44 28  |{..B..6G./.Y..D(|
-00000230  96 f0 f6 22 c4 74 c7 1b  3f 9d 67 30 f5 72 f8 24  |...".t..?.g0.r.$|
-00000240  b7 5c 9f d5 cb 51 a8 e5  6c b3 f6 0b 00 86 fc bb  |.\...Q..l.......|
-00000250  ab 1f d8 89 07 e9 a6 0b  48 93 e6 6e ca a3 b4 9a  |........H..n....|
-00000260  bc 5c 9c 4e ae 64 17 9d  4d 1f b7 c9 fa 8e a3 94  |.\.N.d..M.......|
-00000270  a0 da 4e 17 1a b8 f8 1a  a7 df dd cb 29 3b bb cf  |..N.........);..|
-00000280  1a 26 a2 74 d6 b2 80 63  f4 fb 28 10 ea 27 fa 48  |.&.t...c..(..'.H|
-00000290  d8 e6 68 34 0f 5f ca 20  e9 3e 01 77 f2 e8 23 70  |..h4._. .>.w..#p|
-000002a0  29 67 60 96 81 63 2e 7f  7d d3 30 fa 4c e1 fc bd  |)g`..c..}.0.L...|
-000002b0  a2 94 e5 1a 0c f3 bc 68  19 aa 20 09 7c 37 68 ac  |.......h.. .|7h.|
-000002c0  d2 3e 08 1c e5 fb e6 ef  b4 1b 8b 58 9c 32 ef 66  |.>.........X.2.f|
-000002d0  a0 a3 32 4f ce 37 5b 2f  99 d0 65 1a 26 2c 69 ca  |..2O.7[/..e.&,i.|
-000002e0  53 2a a2 cb 95 b6 a4 aa  bf 51 53 ab 56 73 22 ad  |S*.......QS.Vs".|
-000002f0  b0 26 18 dd 9c 34 f4 01  bc 10 7c fb b0 b4 97 55  |.&...4....|....U|
-00000300  93 fb 94 b1 16 2f 31 50  a5 fa d4 1d 7c b1 a3 3a  |...../1P....|..:|
-00000310  28 c1 ab 17 03 03 00 99  37 2c 7e fb bc 61 42 37  |(.......7,~..aB7|
-00000320  b4 d1 ab 9c e2 45 25 1f  dd 2a d3 f2 90 a1 25 01  |.....E%..*....%.|
-00000330  26 44 18 6b f3 ba c5 a1  e2 d2 71 c8 00 81 97 2d  |&D.k......q....-|
-00000340  08 a7 f3 4e 9e 8c b4 d2  a4 22 77 89 65 23 82 56  |...N....."w.e#.V|
-00000350  f6 21 f3 5f 06 0c 50 9b  5b 09 b5 b9 a4 d8 d5 dd  |.!._..P.[.......|
-00000360  e6 2b 98 8b 7d c7 0e 5c  00 1d 2b ab 52 d0 1a 57  |.+..}..\..+.R..W|
-00000370  9f d2 ee 5c c8 5c 9e da  df 36 f5 29 2c 31 ec 93  |...\.\...6.),1..|
-00000380  36 61 2c a6 a2 09 04 f5  58 ed ac e8 cc b9 20 11  |6a,.....X..... .|
-00000390  94 73 f7 98 0b 88 46 7d  37 f2 2d 67 57 e5 66 cb  |.s....F}7.-gW.f.|
-000003a0  69 03 3b 1d ec 98 e8 98  d0 48 d1 15 34 22 f1 d5  |i.;......H..4"..|
-000003b0  2e 17 03 03 00 35 50 7a  9f 59 68 a8 06 55 35 93  |.....5Pz.Yh..U5.|
-000003c0  ae 92 9d e6 1a 9b 33 c6  bb ee 1a 4a 87 29 89 e6  |......3....J.)..|
-000003d0  69 0c b7 c9 b5 1d 73 9d  70 4c 4e 35 e2 a6 b3 9e  |i.....s.pLN5....|
-000003e0  0e 51 06 42 dd bf b0 6b  32 b3 8b                 |.Q.B...k2..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 ba  |..+.....3.$... .|
+00000060  2b 6b 27 27 14 c0 42 b6  1f bc ad 77 f1 1f 4a b3  |+k''..B....w..J.|
+00000070  42 94 a6 3a 2c 7f e6 aa  72 8e d0 70 e8 0e 53 14  |B..:,...r..p..S.|
+00000080  03 03 00 01 01 17 03 03  00 17 33 bb 8a 47 b0 a9  |..........3..G..|
+00000090  29 d7 bf e4 94 7d 42 8a  19 95 4e d9 7c b7 9a 87  |)....}B...N.|...|
+000000a0  83 17 03 03 02 6d 86 a7  6c 3c 4e 45 95 f6 f6 66  |.....m..l<NE...f|
+000000b0  84 2e 8c 5d 7d 46 39 a3  0f 99 25 fa 6d df ad 43  |...]}F9...%.m..C|
+000000c0  b6 bb 7a 4c a3 08 d3 91  79 e0 f2 a6 78 03 21 56  |..zL....y...x.!V|
+000000d0  21 64 22 dd 60 76 d1 f1  6f ae 68 d1 74 66 e2 0b  |!d".`v..o.h.tf..|
+000000e0  d4 b2 d8 04 32 91 46 6c  79 09 12 67 b7 33 3b b9  |....2.Fly..g.3;.|
+000000f0  18 73 29 68 3b 26 41 1d  bf d8 b2 4d f4 00 2e 23  |.s)h;&A....M...#|
+00000100  bd e6 53 ff d7 d9 45 1a  6c 3a 6e 43 a0 f2 cc 03  |..S...E.l:nC....|
+00000110  c8 de e5 ac eb d9 5c 8f  25 69 b8 49 8b c5 4c 97  |......\.%i.I..L.|
+00000120  b5 ff 15 49 dd e6 7c 19  ca 75 8f 7c ec 44 a0 2f  |...I..|..u.|.D./|
+00000130  f9 6a ff 99 ab 9f 0b 65  1d c4 74 3c 6e 49 24 47  |.j.....e..t<nI$G|
+00000140  f6 f7 bc 29 72 72 72 2c  21 54 0e 21 c4 18 6f 55  |...)rrr,!T.!..oU|
+00000150  8a bc 28 f0 f0 d4 a7 77  00 8d af a7 3c 1f 46 ab  |..(....w....<.F.|
+00000160  5c 4a 30 ef 27 3c 4c 03  1d 58 43 e9 eb 26 54 6e  |\J0.'<L..XC..&Tn|
+00000170  13 5b 78 85 9f 5e 68 da  92 fa b7 ef 40 c5 18 a5  |.[x..^h.....@...|
+00000180  cb 06 96 dd d2 f7 5d 41  77 51 89 23 41 29 d8 5c  |......]AwQ.#A).\|
+00000190  47 48 12 1c cf 61 ce 42  c8 3c 60 4a 29 f7 c6 95  |GH...a.B.<`J)...|
+000001a0  a1 05 8e 82 bc 73 d7 43  b6 be 09 f9 bb 47 53 08  |.....s.C.....GS.|
+000001b0  a2 6a 10 cc 49 e5 8e 87  d3 89 54 f0 e7 a1 d5 01  |.j..I.....T.....|
+000001c0  35 62 d3 18 3e a7 60 9e  60 7e f0 10 db 80 13 72  |5b..>.`.`~.....r|
+000001d0  a4 bc 66 a7 bd 46 83 88  6e 9f b3 db de e7 b3 04  |..f..F..n.......|
+000001e0  62 4c 61 d6 d0 89 84 e4  30 d7 4d a0 61 4f 56 ad  |bLa.....0.M.aOV.|
+000001f0  51 c6 1f 10 01 9e 8d 75  55 fb 89 b8 d0 57 e3 ce  |Q......uU....W..|
+00000200  40 72 41 27 96 e0 5b f4  cc ba d0 ec 8c d4 91 ca  |@rA'..[.........|
+00000210  8f f0 db 11 86 d5 8e 02  6a 1f 29 00 f6 ff 42 a2  |........j.)...B.|
+00000220  7c c9 e7 18 38 39 c9 e4  2b 0e e9 36 40 d3 dd bc  ||...89..+..6@...|
+00000230  f7 e3 7c 2d e9 f0 52 31  16 85 b4 e2 a8 54 cd d0  |..|-..R1.....T..|
+00000240  d6 e2 ed f4 fc 91 9f 50  68 a0 74 af 37 c7 4c bd  |.......Ph.t.7.L.|
+00000250  de 9e c7 78 06 41 6b 62  07 8c 8b f4 f5 ea ab 16  |...x.Akb........|
+00000260  b0 16 b9 ea 06 2c ee 66  d5 da b3 2c 0f 03 d2 f6  |.....,.f...,....|
+00000270  ae f7 11 85 d8 b6 b8 bf  7e a5 c8 ff 0d 41 29 86  |........~....A).|
+00000280  94 e4 32 58 6c 0e 05 47  b8 c5 77 de d1 81 8d 72  |..2Xl..G..w....r|
+00000290  d4 e0 64 66 f7 17 8a 96  88 bf 1c 04 22 40 e0 cf  |..df........"@..|
+000002a0  28 6d f5 4f 89 e2 4a 23  4b 71 e1 15 3b da 45 0b  |(m.O..J#Kq..;.E.|
+000002b0  13 ee 1f 7f 4e 45 3d 8e  d2 f3 bd 23 e7 4c f3 d2  |....NE=....#.L..|
+000002c0  0f 4b 6e 6a 3d 6a f1 26  b7 ae f6 1d 39 73 cd fd  |.Knj=j.&....9s..|
+000002d0  1c c8 c7 45 fa e0 67 d5  2c eb e9 2b 32 8e 65 7b  |...E..g.,..+2.e{|
+000002e0  c5 32 cc e6 01 91 fc fd  92 6e ab 9a 13 f6 63 81  |.2.......n....c.|
+000002f0  e5 b9 25 6d ce 73 39 9e  82 ae 18 89 a5 32 cb d3  |..%m.s9......2..|
+00000300  a3 85 55 f5 cd 26 96 18  91 1c 41 36 69 49 93 f2  |..U..&....A6iI..|
+00000310  aa 05 ab 17 03 03 00 99  9c 1d 79 c5 7b 73 b9 f9  |..........y.{s..|
+00000320  00 2d ea ff c2 8d f6 57  65 7c 92 fa ba 22 18 03  |.-.....We|..."..|
+00000330  69 69 e9 05 e0 74 1a e5  9d f9 30 9f 1c 39 86 30  |ii...t....0..9.0|
+00000340  aa 1b 86 fa 20 26 20 13  ea 8d eb 8b 4e 8b c1 50  |.... & .....N..P|
+00000350  86 ef a3 c5 8e 48 b2 a1  5a ac 05 e7 8f 23 8a 34  |.....H..Z....#.4|
+00000360  ab 1f 8e 90 b1 e5 9a d3  d7 28 90 b6 12 35 dc cb  |.........(...5..|
+00000370  c5 3c 8d 3d fc e2 99 2a  8b f0 6a f4 8b a9 62 3f  |.<.=...*..j...b?|
+00000380  b6 19 29 fd 79 b9 35 72  b0 89 59 ab 78 c6 c9 f0  |..).y.5r..Y.x...|
+00000390  68 bc 0d f5 9a 45 dd 4f  d2 40 75 19 47 af e9 6f  |h....E.O.@u.G..o|
+000003a0  56 ec 73 ce cd 19 31 c0  39 08 b1 63 e0 ac d4 49  |V.s...1.9..c...I|
+000003b0  e5 17 03 03 00 35 0d 34  de e9 22 e4 56 18 4a 33  |.....5.4..".V.J3|
+000003c0  d1 05 c4 d4 f2 64 24 62  d7 da 6a 8e 34 3b 51 13  |.....d$b..j.4;Q.|
+000003d0  27 69 88 37 4b ba 29 9d  c5 78 af 62 2b 62 6e 5a  |'i.7K.)..x.b+bnZ|
+000003e0  28 7a 93 c5 9a f3 84 1d  50 9a 94                 |(z......P..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 6a 64 a5 70 df  |..........5jd.p.|
-00000010  c8 89 29 86 27 8e 2f 03  f0 a3 26 0b f4 d2 99 73  |..).'./...&....s|
-00000020  0d 52 8b 49 ac 3a 61 0c  30 0f 89 8b 29 91 8c 30  |.R.I.:a.0...)..0|
-00000030  1d 82 4d c2 92 9f 47 33  9a 59 b9 a0 da 8b a9 0e  |..M...G3.Y......|
-00000040  17 03 03 00 17 e2 b8 0e  b0 8d eb a1 b2 1f 07 70  |...............p|
-00000050  fc 0e 0f 06 c7 fa b3 cc  9e 95 d8 bc 17 03 03 00  |................|
-00000060  13 04 92 08 57 71 45 d0  65 d9 c9 27 05 49 e1 7e  |....WqE.e..'.I.~|
-00000070  12 c9 77 07                                       |..w.|
+00000000  14 03 03 00 01 01 17 03  03 00 35 4f 9c 2d 01 8b  |..........5O.-..|
+00000010  4a 31 16 77 b4 f2 2b 40  cb 8e d5 7d 93 bd 66 59  |J1.w..+@...}..fY|
+00000020  f8 f1 f4 45 69 fd f7 9b  88 5a e5 0a 40 67 e2 17  |...Ei....Z..@g..|
+00000030  72 de b0 1d 02 ba b5 a7  58 35 4a 3e b6 2a 0c e8  |r.......X5J>.*..|
+00000040  17 03 03 00 17 4a 50 b7  f1 94 a4 64 9e a2 95 0a  |.....JP....d....|
+00000050  6c f6 93 7f d6 6d 12 10  7a 69 8a d2 17 03 03 00  |l....m..zi......|
+00000060  13 10 60 24 3f 6e c9 ee  c6 27 50 72 5e 19 22 e0  |..`$?n...'Pr^.".|
+00000070  76 12 45 e5                                       |v.E.|
diff --git a/testdata/Client-TLSv13-ClientCert-ECDSA-RSA b/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
index 9aa65c67..6611cdfe 100644
--- a/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
+++ b/testdata/Client-TLSv13-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,136 +7,135 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 71 fd 9f ba 42  |....z...v..q...B|
-00000010  4c 98 22 8e 16 d3 63 6c  a6 34 c2 41 37 f9 98 ad  |L."...cl.4.A7...|
-00000020  7a a6 c5 61 12 df 37 32  a2 95 a3 20 00 00 00 00  |z..a..72... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 ea 4e 78 a5 f4  |....z...v...Nx..|
+00000010  71 78 37 5b 2c e4 69 b2  00 4d 49 8c 8b 86 4c 80  |qx7[,.i..MI...L.|
+00000020  f9 db 03 3f cc 1e 42 f9  87 ff 7b 20 00 00 00 00  |...?..B...{ ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 50  |..+.....3.$... P|
-00000060  f1 4d 28 5f 81 28 a7 d7  cb 82 20 48 91 0b 86 94  |.M(_.(.... H....|
-00000070  ae d8 b0 1c d0 84 55 5a  93 4c ee 65 9d 19 68 14  |......UZ.L.e..h.|
-00000080  03 03 00 01 01 17 03 03  00 17 7d af 66 34 6e f8  |..........}.f4n.|
-00000090  38 18 0a 6a 24 91 d8 6c  4d 7f e6 4c fc 40 8a a7  |8..j$..lM..L.@..|
-000000a0  bc 17 03 03 00 42 77 e7  1c fd d3 a9 f5 86 8e 92  |.....Bw.........|
-000000b0  f0 28 92 e5 e7 aa 8c 13  00 cb 07 0c b4 3d 13 7c  |.(...........=.||
-000000c0  2d 58 a0 94 0c 8f 4b 45  8d aa 97 7a 30 0e 78 d7  |-X....KE...z0.x.|
-000000d0  22 89 e0 8b 53 31 1b 9b  2d 7f f7 ff e0 b3 13 d5  |"...S1..-.......|
-000000e0  49 12 9e 50 31 38 eb d5  17 03 03 02 6d 65 2e 6f  |I..P18......me.o|
-000000f0  91 62 81 e9 8c fc 11 34  c1 59 58 44 3d 4f 74 6d  |.b.....4.YXD=Otm|
-00000100  ae 5a 47 29 56 6d 43 08  43 aa 69 d8 20 6c 02 99  |.ZG)VmC.C.i. l..|
-00000110  68 eb fa 47 c6 b0 7d 5b  70 2a a1 f9 f6 4f 70 02  |h..G..}[p*...Op.|
-00000120  88 f5 d1 b6 74 6e e2 54  7f fe 04 ce b2 03 9e e4  |....tn.T........|
-00000130  6e 3e 5d cf 27 49 de 90  7f 0a 2e 51 87 97 38 0e  |n>].'I.....Q..8.|
-00000140  cc f9 31 56 c5 bd b2 17  4c a4 a3 95 d7 c4 47 43  |..1V....L.....GC|
-00000150  58 cb 60 4f 73 65 71 e3  83 3d 60 04 d4 4d 6b a4  |X.`Oseq..=`..Mk.|
-00000160  96 c1 51 ec c5 48 29 13  ae 6d 7c 4c 0c 47 40 26  |..Q..H)..m|L.G@&|
-00000170  50 13 71 a9 55 3e bc 7b  ce a6 a5 8a 23 3e 41 d5  |P.q.U>.{....#>A.|
-00000180  2c 22 3e 3e 65 3e 53 0b  13 fb b9 36 25 77 bd 89  |,">>e>S....6%w..|
-00000190  f1 4e c2 99 5c 0a 14 c4  f8 9b da 01 a9 61 f5 a9  |.N..\........a..|
-000001a0  f5 a7 04 17 cc e5 a9 8b  b7 e8 ce 13 6c 87 75 99  |............l.u.|
-000001b0  cb 05 a5 2d c6 8d 03 73  b0 1c ba e3 64 66 d7 a9  |...-...s....df..|
-000001c0  b9 3c 16 41 ce ca 7a 9d  67 84 81 78 57 22 24 6e  |.<.A..z.g..xW"$n|
-000001d0  80 55 10 87 e4 6a b7 3e  62 23 84 ea a6 9b ee 1d  |.U...j.>b#......|
-000001e0  d0 32 96 74 7a b0 ed 05  a9 ca 53 8c 8c 66 bf ee  |.2.tz.....S..f..|
-000001f0  2d b4 5f 78 4a 7e 88 6a  bf e4 44 fc fb 71 df 9c  |-._xJ~.j..D..q..|
-00000200  34 a6 f0 4c 5b b9 0f a2  72 b4 28 0a 67 a2 99 be  |4..L[...r.(.g...|
-00000210  97 da 1d 64 24 c3 99 e6  cb 43 9a eb 28 6e 54 e9  |...d$....C..(nT.|
-00000220  34 5a 3c a1 1c 2f 07 27  a1 bf 1b fb a5 2f 61 8d  |4Z<../.'...../a.|
-00000230  26 ab f4 9f 7e ec 22 dc  4f 34 3d c9 6f 5d 6a 18  |&...~.".O4=.o]j.|
-00000240  30 09 bc f0 06 6d 3e bc  f7 96 9f 90 4b d8 e3 ac  |0....m>.....K...|
-00000250  96 3c f4 e2 3e 26 4a 43  07 1f 7e 79 08 f8 12 14  |.<..>&JC..~y....|
-00000260  82 1d 27 a5 16 d6 88 c2  31 26 8d 60 40 04 30 7b  |..'.....1&.`@.0{|
-00000270  49 7b 6d 11 d4 80 c5 09  9f 6a 85 f4 d3 41 ce c4  |I{m......j...A..|
-00000280  f6 bc 49 38 05 19 86 55  fa 9a 73 d7 5d 61 97 42  |..I8...U..s.]a.B|
-00000290  39 f2 6e 26 c7 11 ca b8  bf 85 2d 25 c2 83 30 6d  |9.n&......-%..0m|
-000002a0  17 07 af da 39 e9 c5 e4  88 f6 5f 58 e7 00 72 38  |....9....._X..r8|
-000002b0  e1 ac f4 75 eb 7f e2 00  d7 d9 e8 aa 77 8b 63 5e  |...u........w.c^|
-000002c0  85 4c c5 2a dd 8d 89 f4  ea ff 14 9d bb d7 b1 9a  |.L.*............|
-000002d0  7b d0 38 e9 9d 26 a9 79  f4 de 10 63 1f 09 67 bc  |{.8..&.y...c..g.|
-000002e0  51 ca 12 51 05 93 29 fe  5f 17 79 7f 84 e2 87 39  |Q..Q..)._.y....9|
-000002f0  d4 80 ac 76 fe c4 ab bb  63 06 64 b0 ba 5f 2f 8b  |...v....c.d.._/.|
-00000300  d9 b5 39 b5 80 69 0d 97  c6 f4 ce e1 2c cf 29 1c  |..9..i......,.).|
-00000310  e7 f4 b7 02 f5 da b4 63  26 d9 a9 4a 4e 34 66 56  |.......c&..JN4fV|
-00000320  c2 89 6a 12 95 16 9c 8b  b3 95 fb 8d 1f 4b 67 53  |..j..........KgS|
-00000330  5e 1f 68 70 ed 9b aa 89  78 16 88 d2 39 31 d9 59  |^.hp....x...91.Y|
-00000340  b5 bd 01 64 59 61 11 22  ab 73 f8 00 c3 7a 8c 45  |...dYa.".s...z.E|
-00000350  54 32 4f 5c 24 6a 0b 87  6c dc 17 03 03 00 99 4b  |T2O\$j..l......K|
-00000360  2d c9 21 11 87 71 41 cf  67 23 4e cd c8 7f e4 73  |-.!..qA.g#N....s|
-00000370  97 46 dd ff 0e 13 b4 4a  0e 81 4d fe 6c 0a 1d a0  |.F.....J..M.l...|
-00000380  b4 57 e5 4d e0 8d 82 e5  33 71 26 4a ef 72 8d 1f  |.W.M....3q&J.r..|
-00000390  a2 7b 43 e7 6c 99 19 24  18 7f 53 4a 16 c1 51 0c  |.{C.l..$..SJ..Q.|
-000003a0  3c 7d 3d c6 64 14 74 65  51 0b 04 09 dc c5 c0 ef  |<}=.d.teQ.......|
-000003b0  a1 a9 b3 d3 1d 16 2d 9a  5d 40 ec 13 9a 16 7c 9b  |......-.]@....|.|
-000003c0  6c 18 ba ec e3 e6 25 99  c3 1a 16 44 05 a3 85 ac  |l.....%....D....|
-000003d0  6a 49 e0 30 af 1c d1 5d  f5 6e e6 4b dc f3 71 49  |jI.0...].n.K..qI|
-000003e0  b0 5e 1d 7a e2 8b ba 13  7d a2 4a 12 cb 69 5a fe  |.^.z....}.J..iZ.|
-000003f0  7d cf e5 cf 0a d0 6e 26  17 03 03 00 35 cd 5a 61  |}.....n&....5.Za|
-00000400  28 1f 69 d8 c0 48 8a 10  4e 46 3a 51 06 87 28 8d  |(.i..H..NF:Q..(.|
-00000410  9d 68 60 bc e1 6e a4 a2  21 81 2a 17 57 b9 6a 7a  |.h`..n..!.*.W.jz|
-00000420  47 ae fb e0 a8 fc 7a 72  0f 9f 52 46 18 a8 b1 01  |G.....zr..RF....|
-00000430  0d 9b                                             |..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 f1  |..+.....3.$... .|
+00000060  bf 65 1e fd e0 5d 1b ca  02 b5 9e 3f a8 82 e0 5a  |.e...].....?...Z|
+00000070  97 eb af b5 f1 f7 77 3f  46 a8 66 93 de a8 39 14  |......w?F.f...9.|
+00000080  03 03 00 01 01 17 03 03  00 17 16 a7 f6 48 b9 11  |.............H..|
+00000090  59 75 3d d8 cf eb ba 72  6c f7 0d 26 50 ab 2d 2a  |Yu=....rl..&P.-*|
+000000a0  61 17 03 03 00 42 00 0f  78 f4 5a 62 c5 56 bd f5  |a....B..x.Zb.V..|
+000000b0  4a df d3 78 76 bd 90 71  49 69 8a b3 60 5b 24 8b  |J..xv..qIi..`[$.|
+000000c0  45 fb c7 e0 ff 04 d8 7b  c6 1f 93 c9 f9 b8 0d 38  |E......{.......8|
+000000d0  53 d1 2e 95 99 32 52 2e  45 b2 11 08 45 c7 bc 64  |S....2R.E...E..d|
+000000e0  6a c2 32 db 70 96 77 6f  17 03 03 02 6d ba 3e 97  |j.2.p.wo....m.>.|
+000000f0  ea d7 dd c1 c5 39 9a c4  b1 eb 8b df 35 57 43 35  |.....9......5WC5|
+00000100  31 7a 4c 71 ab 57 79 80  f9 48 96 67 5f 3b fe 98  |1zLq.Wy..H.g_;..|
+00000110  0b 5d d0 ce 8c 0c 5a 03  28 8f 64 b4 3e 74 75 51  |.]....Z.(.d.>tuQ|
+00000120  81 b3 09 a7 8e 33 45 92  49 72 91 b7 2c 45 68 5c  |.....3E.Ir..,Eh\|
+00000130  ee 27 e8 5b fd b0 80 e3  43 35 2f a2 bd e5 cf d6  |.'.[....C5/.....|
+00000140  c3 fc 43 03 1e aa c9 c4  67 db ef 0c c3 aa 46 18  |..C.....g.....F.|
+00000150  39 69 31 26 7f 0a 7a b2  e7 c4 cb 09 3a f1 8e a0  |9i1&..z.....:...|
+00000160  05 70 87 a9 12 c6 f2 a1  25 87 72 0a 2d fb d5 51  |.p......%.r.-..Q|
+00000170  ce 93 8e f8 08 0e 86 90  04 00 9b 76 fd 57 23 cb  |...........v.W#.|
+00000180  bc 78 23 07 8a 35 92 6e  d6 cd f5 b5 2e e1 8f 33  |.x#..5.n.......3|
+00000190  7a bb 61 54 65 4f 4d 12  4b ca db 19 4b 30 6e 2c  |z.aTeOM.K...K0n,|
+000001a0  56 62 b5 32 7a 98 b6 a4  10 98 5a 16 6b 26 8e 7c  |Vb.2z.....Z.k&.||
+000001b0  e0 88 77 a6 20 60 c9 fb  c5 e2 66 c3 6d 0d df dd  |..w. `....f.m...|
+000001c0  21 22 10 da 88 24 21 92  74 3b d8 92 c0 ec 2f 57  |!"...$!.t;..../W|
+000001d0  79 d7 42 bd d7 b0 e0 23  d2 a0 45 7f 2a 2a ff df  |y.B....#..E.**..|
+000001e0  a4 61 53 ec 44 e2 3a 7a  06 15 8a ce 02 84 e7 78  |.aS.D.:z.......x|
+000001f0  9b ef 15 0e 84 16 fe 0f  dd 36 de 0f 69 14 e4 35  |.........6..i..5|
+00000200  90 e4 a0 15 a6 97 e5 c9  a1 3c ed 79 c6 03 ae 39  |.........<.y...9|
+00000210  f2 36 1e ca 20 4f 20 59  e6 6f c7 15 ba 90 ac 4a  |.6.. O Y.o.....J|
+00000220  11 ad 3e f5 48 df 94 fe  f8 48 2f 12 25 01 6c 9a  |..>.H....H/.%.l.|
+00000230  e6 ee 41 7b 13 4c 2f cc  3a 2d 8d b8 e7 d5 62 88  |..A{.L/.:-....b.|
+00000240  88 5d d4 6e c4 64 c5 32  0a e7 86 08 64 2c 0a 11  |.].n.d.2....d,..|
+00000250  8e 51 63 f9 81 30 00 b1  29 fa b8 1c ab 87 88 22  |.Qc..0..)......"|
+00000260  f0 ef 79 04 8c 85 78 df  72 6c 99 d6 c7 3a 9f 2a  |..y...x.rl...:.*|
+00000270  6d c6 24 05 e7 e5 d7 d0  c7 e5 7c 87 50 f9 b7 69  |m.$.......|.P..i|
+00000280  6d 1f 39 77 5d 4c f2 98  35 f7 07 b6 30 0d d6 25  |m.9w]L..5...0..%|
+00000290  40 cb a4 2d b2 f1 22 ca  26 5d 92 22 97 0a 65 a9  |@..-..".&]."..e.|
+000002a0  a0 46 58 be 0d af a1 1c  da c8 bf 98 28 72 ea ee  |.FX.........(r..|
+000002b0  46 f9 c0 0d b3 f1 11 12  5f b7 69 75 ea dd 60 d0  |F......._.iu..`.|
+000002c0  53 51 01 ec 7c ff ef 41  68 04 ec a4 6b 51 bb 89  |SQ..|..Ah...kQ..|
+000002d0  8b 8d a2 89 05 6f 78 81  16 f8 7a c2 f6 c3 0d ef  |.....ox...z.....|
+000002e0  b3 12 e2 57 54 95 a6 cd  5d 04 32 88 70 f9 db db  |...WT...].2.p...|
+000002f0  b3 45 75 32 6f ac 9a fa  ad 54 e5 a5 82 ae 3e 73  |.Eu2o....T....>s|
+00000300  2d 07 f4 48 83 e2 10 7d  cb 2f 4c 18 94 75 37 24  |-..H...}./L..u7$|
+00000310  cd 13 dc 3a 56 93 e8 80  a3 ba de b1 0d 14 79 48  |...:V.........yH|
+00000320  08 69 a6 f3 2e 9f 7a 78  6e 9c de 16 ba 73 0b a6  |.i....zxn....s..|
+00000330  f2 6c 04 e6 e6 89 3d 46  7d db a4 8f 9a e7 5d 0e  |.l....=F}.....].|
+00000340  b9 6b 05 59 4d 4d e9 48  1a 18 e9 59 7b 56 70 d6  |.k.YMM.H...Y{Vp.|
+00000350  0f fc c2 93 31 03 fa ad  b4 c9 17 03 03 00 99 62  |....1..........b|
+00000360  c5 b8 11 10 72 af 5b 36  7b 4b 86 83 05 1f 5a c5  |....r.[6{K....Z.|
+00000370  66 7b b6 ac 30 8d c0 03  64 ec 29 5d 60 e9 e9 9d  |f{..0...d.)]`...|
+00000380  6d 58 3e 55 7e 19 a3 59  f5 8b ca 1a f0 c8 ca 1b  |mX>U~..Y........|
+00000390  c6 ed 7f d7 70 fb 4b a5  6a 96 66 ce 4c 96 d1 b4  |....p.K.j.f.L...|
+000003a0  de 99 e2 31 4a 88 64 51  7b 73 60 bb 5c 46 9b b7  |...1J.dQ{s`.\F..|
+000003b0  9f d8 97 de 03 06 f3 3e  34 8b 75 43 ce cd 9a 12  |.......>4.uC....|
+000003c0  1e 27 b5 28 5e 8f b6 04  d2 02 19 02 02 72 85 46  |.'.(^........r.F|
+000003d0  1c cb 5e 63 09 e6 ba 81  69 29 97 5f 31 1e 8f f5  |..^c....i)._1...|
+000003e0  1a ed 3b 1e 97 83 bf ee  1f 09 f4 f7 be 32 c7 bc  |..;..........2..|
+000003f0  b6 7e 70 b9 32 4b 07 99  17 03 03 00 35 67 1c 72  |.~p.2K......5g.r|
+00000400  de 27 25 26 1b 12 b2 9a  a3 38 5c a7 f7 13 a4 1e  |.'%&.....8\.....|
+00000410  bf f9 7f 1d 57 af ff 2f  89 4b 75 fc 23 c5 47 00  |....W../.Ku.#.G.|
+00000420  cd b7 b6 89 af 4e f0 17  e9 e6 31 cd fb b0 31 19  |.....N....1...1.|
+00000430  73 61                                             |sa|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 1e ab 60 cd 30 a1  |............`.0.|
-00000010  d1 e0 a1 d4 77 15 50 bf  aa c7 bf 1a c0 e1 cd dd  |....w.P.........|
-00000020  6a 64 0b 5e f0 83 24 77  1d 7a ff 97 5b ab 5b 15  |jd.^..$w.z..[.[.|
-00000030  eb 9e af 09 c9 38 e1 8a  7d c1 c9 04 40 b9 ca 6e  |.....8..}...@..n|
-00000040  01 8d cb 1e 66 52 a4 c2  20 44 68 bf d0 0d ec c0  |....fR.. Dh.....|
-00000050  0b d2 9e ae 60 e4 5e 19  cf 92 96 22 88 b1 35 e3  |....`.^...."..5.|
-00000060  c9 89 c8 67 6d 14 83 e1  ad 76 ca e6 9a d0 34 e0  |...gm....v....4.|
-00000070  de 9d 46 44 85 97 b0 cc  4e ef 72 d9 85 47 13 fb  |..FD....N.r..G..|
-00000080  86 9f 3c 26 20 fa fd 15  f7 83 1f c2 1f 51 3f 4a  |..<& ........Q?J|
-00000090  b4 3c 3b 09 2b 16 22 d1  30 f2 16 ae b9 28 f7 8e  |.<;.+.".0....(..|
-000000a0  a2 84 15 c8 42 58 a5 6d  8a 86 a9 7f 23 18 ed ee  |....BX.m....#...|
-000000b0  18 d7 2d 47 4f b8 f2 44  60 cb 2f 1d 1a ad 7b e7  |..-GO..D`./...{.|
-000000c0  15 d3 d8 55 9e fb 0b 0e  b8 e3 1f 4e a4 8c 14 ec  |...U.......N....|
-000000d0  4b 3a c4 d1 66 16 9d 7a  72 20 8a fb 41 33 bc 04  |K:..f..zr ..A3..|
-000000e0  4e b7 e4 65 2e 21 d2 3b  5f 07 00 cd 38 b3 9d 78  |N..e.!.;_...8..x|
-000000f0  eb 36 00 db d1 e0 8a 3f  50 84 3f d9 4b 2d 85 41  |.6.....?P.?.K-.A|
-00000100  bc cc ec 9b 15 2c f9 95  02 18 41 08 13 f3 d5 ec  |.....,....A.....|
-00000110  e7 32 8c ca 7e 0a e6 81  ed db 8a 49 46 ac a9 42  |.2..~......IF..B|
-00000120  27 13 85 f1 16 9b 15 bd  ec eb 1c 25 24 9a 7f 0e  |'..........%$...|
-00000130  a4 67 e1 32 3f cf 8b 61  49 9b 43 a4 57 79 48 14  |.g.2?..aI.C.WyH.|
-00000140  90 00 b1 2d 6f 82 9f ef  f3 a0 c6 e8 9f fd d4 08  |...-o...........|
-00000150  1f 16 5e 7f be 73 7e a6  5b d2 02 12 c9 76 c3 f3  |..^..s~.[....v..|
-00000160  13 4c 44 7f e9 8e 5b ce  d8 56 d6 2f 76 ff 5a 8e  |.LD...[..V./v.Z.|
-00000170  6d cb 5b 8e c6 62 29 4e  c6 34 a9 74 44 84 b7 28  |m.[..b)N.4.tD..(|
-00000180  96 cd fa 6d 2e ac 75 3e  86 73 c3 a9 50 ef e9 e4  |...m..u>.s..P...|
-00000190  70 a5 ba bc 1f 9c c3 05  17 30 2c 1b ba c0 15 bf  |p........0,.....|
-000001a0  f4 47 45 b1 42 d9 6c 6d  57 b0 7a 94 61 ee 78 0e  |.GE.B.lmW.z.a.x.|
-000001b0  32 4f 01 da df d8 29 51  91 1c 3f f6 40 a7 15 76  |2O....)Q..?.@..v|
-000001c0  99 d7 e0 45 af 04 5a 69  f0 65 bf 40 e9 5c 4b e5  |...E..Zi.e.@.\K.|
-000001d0  eb e6 2e 79 f7 c8 4a e4  0b 71 e3 d5 dd 7e 25 d4  |...y..J..q...~%.|
-000001e0  d9 7f 1b 9b 8b 3f b6 9c  35 59 2e 40 34 e3 c8 2a  |.....?..5Y.@4..*|
-000001f0  3c 74 0b d6 35 d3 12 e8  93 7e 44 61 b4 3d da 19  |<t..5....~Da.=..|
-00000200  60 34 e0 19 97 9f 75 a9  be ff 0e ca 14 32 7e 20  |`4....u......2~ |
-00000210  48 fa e3 43 1b 94 86 6c  e4 c2 7d 91 1c 21 42 88  |H..C...l..}..!B.|
-00000220  16 0b 26 f6 16 dc 09 d4  8e 17 03 03 00 a4 b9 22  |..&............"|
-00000230  dc d6 d7 9f a8 83 b2 a6  bd 8a 5a da 0a 75 d6 10  |..........Z..u..|
-00000240  e5 0e ff a5 ec f2 31 8a  4e ff e6 21 3a a0 65 32  |......1.N..!:.e2|
-00000250  73 e5 e2 c3 f8 24 a4 b2  34 b9 d4 e2 04 ea ff e5  |s....$..4.......|
-00000260  2e dc 75 03 9f e6 55 6b  95 06 1b f9 fb 32 ea b2  |..u...Uk.....2..|
-00000270  d6 f9 05 9c df 1f 18 cb  27 ca 40 d8 03 e5 70 fc  |........'.@...p.|
-00000280  78 9b 84 a5 28 6a 14 2e  f3 1a f1 92 8d d8 93 54  |x...(j.........T|
-00000290  68 c7 12 37 84 e5 b5 73  23 90 6f 4c d3 35 bb ba  |h..7...s#.oL.5..|
-000002a0  bd 7d 11 8e 93 25 85 f8  46 56 39 d0 23 b9 06 68  |.}...%..FV9.#..h|
-000002b0  25 86 09 28 3c 24 25 2b  fd 27 17 83 eb 5c 53 42  |%..(<$%+.'...\SB|
-000002c0  a2 0d f8 a5 5e c9 4f 53  83 e3 90 d8 0c 49 03 cf  |....^.OS.....I..|
-000002d0  b1 03 17 03 03 00 35 dc  ac dc ee c6 92 3d 1b 5d  |......5......=.]|
-000002e0  e9 c2 5c e0 0d 1b 28 9b  cb 79 7f 58 8a 02 cd 85  |..\...(..y.X....|
-000002f0  34 c0 a3 72 71 b5 26 c5  56 c5 38 09 ee 0e 9a e4  |4..rq.&.V.8.....|
-00000300  f4 29 ad 76 e2 61 27 61  ea e0 a7 1d 17 03 03 00  |.).v.a'a........|
-00000310  17 7b 6b 82 47 b6 bb 41  d0 5b b4 23 38 bf 15 58  |.{k.G..A.[.#8..X|
-00000320  27 1e fa 7a 58 09 02 e8  17 03 03 00 13 cf d5 c3  |'..zX...........|
-00000330  22 18 f9 28 3e c9 64 d0  51 8d dc 4b a2 f1 bf 9f  |"..(>.d.Q..K....|
+00000000  14 03 03 00 01 01 17 03  03 02 1e e9 c3 0a e9 35  |...............5|
+00000010  c0 d7 d8 1e 01 13 31 2c  39 0c 31 57 df f2 8d 7f  |......1,9.1W....|
+00000020  ca 2e 8c a0 63 60 e2 61  c6 37 8f cf 66 62 e7 d6  |....c`.a.7..fb..|
+00000030  3d 89 6b 3b bd 1c 45 ec  62 a5 1c b3 86 16 bc 03  |=.k;..E.b.......|
+00000040  57 9e 2b cd 31 d4 4d ad  57 96 12 12 19 ce 61 14  |W.+.1.M.W.....a.|
+00000050  d6 1f 7a d1 c8 9b d4 9e  18 cf 1c f7 d0 ca 84 bb  |..z.............|
+00000060  8e 93 85 97 4b 53 68 3d  f6 45 76 e0 a7 42 df 6a  |....KSh=.Ev..B.j|
+00000070  96 04 b9 9e 03 97 bb 57  bf 7f 9c 27 68 ba 04 49  |.......W...'h..I|
+00000080  a7 c9 a3 f3 77 83 1f 15  0e 02 05 b5 8c e4 a6 ed  |....w...........|
+00000090  f8 65 5b bb a4 65 08 a1  a3 34 2a 71 66 6c 2e c8  |.e[..e...4*qfl..|
+000000a0  e2 5b 08 ca 59 91 da 07  14 61 17 b7 19 28 00 33  |.[..Y....a...(.3|
+000000b0  d9 0c 45 df d8 74 83 2e  9b 99 c7 35 cd f4 de 53  |..E..t.....5...S|
+000000c0  b0 df 5c 8b 15 b0 e0 81  77 a5 5d d5 33 40 51 60  |..\.....w.].3@Q`|
+000000d0  09 36 4f b6 6f ce 95 2b  d1 38 88 33 e0 13 a0 c1  |.6O.o..+.8.3....|
+000000e0  5f 2c 15 77 56 d1 16 09  9a 78 5c 6f 8c 93 c3 44  |_,.wV....x\o...D|
+000000f0  54 04 b4 d3 23 31 ff 61  74 e5 09 3a d3 9b f1 2f  |T...#1.at..:.../|
+00000100  de f4 a9 0b b8 9d ca 17  2c 3f d5 2b dd c0 9e 07  |........,?.+....|
+00000110  48 50 6a 51 72 be 92 10  1a 91 b5 2d 39 76 10 a4  |HPjQr......-9v..|
+00000120  42 63 31 df ce 31 9a 5c  0d ee 6e 55 c0 ba 44 9f  |Bc1..1.\..nU..D.|
+00000130  e4 75 77 0f 88 6d 1d 24  9f 1c a0 12 14 4c ce 68  |.uw..m.$.....L.h|
+00000140  24 a5 aa f2 f2 c5 f4 4f  a9 c7 e0 dd 5c 6b 4c 53  |$......O....\kLS|
+00000150  b5 26 8b e2 a4 af e3 13  77 0a fc dd 2b 56 fa a2  |.&......w...+V..|
+00000160  46 7f 9a 11 c6 a0 4c b6  36 29 93 9f 83 99 13 ad  |F.....L.6)......|
+00000170  a0 62 9a ef 42 d0 dd 49  fe ba e4 fd fd 09 4b d4  |.b..B..I......K.|
+00000180  31 6e d9 a5 0e 4d ac 8c  90 7c 26 2b 6b 1a cb 55  |1n...M...|&+k..U|
+00000190  47 53 47 e2 d4 a1 d8 2e  5d 9b 36 75 f0 a4 8a 39  |GSG.....].6u...9|
+000001a0  88 07 c8 ed 75 40 fd 72  0e 57 02 a6 bf 8a 64 0a  |....u@.r.W....d.|
+000001b0  98 8a 1c f4 d3 3d c4 af  7d 97 6e b7 e0 f6 d8 10  |.....=..}.n.....|
+000001c0  17 0b d1 5c f9 41 c9 5e  5c 8a 38 dd 66 b3 e9 74  |...\.A.^\.8.f..t|
+000001d0  41 2a bd 2d f8 6a 27 57  da ef d6 ca 70 49 c6 e2  |A*.-.j'W....pI..|
+000001e0  94 ef 1e c6 57 a0 c8 fc  d1 05 4f 65 c1 71 e4 ab  |....W.....Oe.q..|
+000001f0  44 49 f3 e3 6d b1 f4 5a  69 e7 70 30 b5 81 19 3a  |DI..m..Zi.p0...:|
+00000200  06 33 ef a5 bd 81 8c 3c  7b 2f 9f 41 a5 7d a8 5f  |.3.....<{/.A.}._|
+00000210  3b 3d 95 6e 04 a8 5f 2a  c1 de 6e e4 14 17 91 36  |;=.n.._*..n....6|
+00000220  9d 57 9c 34 1a 7d c8 c3  42 17 03 03 00 a3 a0 20  |.W.4.}..B...... |
+00000230  06 7e 90 c8 0a b2 db 90  28 38 8f 42 12 89 1d 21  |.~......(8.B...!|
+00000240  04 b3 a6 7b 8c 63 60 49  33 4a 70 4b 1a 97 90 51  |...{.c`I3JpK...Q|
+00000250  d2 13 6e 56 9a 1d 41 9c  65 19 31 43 56 96 e2 50  |..nV..A.e.1CV..P|
+00000260  77 17 67 6e df 3b e1 43  22 fe 0c 49 74 ff b0 e9  |w.gn.;.C"..It...|
+00000270  5c f2 66 4e a3 e5 ac 02  1c 69 11 ce de a1 d4 6b  |\.fN.....i.....k|
+00000280  1c 46 97 02 7e 81 d8 29  78 42 82 5e b7 e2 31 02  |.F..~..)xB.^..1.|
+00000290  fb 74 e2 a6 5e 29 f1 28  cf 8a 9c bd f8 a0 09 45  |.t..^).(.......E|
+000002a0  67 7e d7 7d 91 8d fe 43  03 92 16 b1 67 cc 7a 32  |g~.}...C....g.z2|
+000002b0  7e 3a 88 fc 77 36 b5 69  07 09 a0 1c 5c 76 a7 68  |~:..w6.i....\v.h|
+000002c0  93 1a 35 20 f6 c1 20 c7  8f de c9 da 81 25 7a 08  |..5 .. ......%z.|
+000002d0  e0 17 03 03 00 35 fa 5b  68 55 45 ee dd d6 a2 cb  |.....5.[hUE.....|
+000002e0  09 a7 21 23 43 9c c4 ff  1c d6 66 4c ce e1 bd a9  |..!#C.....fL....|
+000002f0  77 22 0b b0 d4 ad f9 23  a7 1c 0e 63 27 36 16 c6  |w".....#...c'6..|
+00000300  a2 f8 00 ef 36 22 89 a7  d6 76 da 17 03 03 00 17  |....6"...v......|
+00000310  ca d3 97 3a 7d cc a0 95  02 4a a8 d8 dd 6d 26 64  |...:}....J...m&d|
+00000320  92 be 64 86 00 d9 bf 17  03 03 00 13 18 1e 4f 7b  |..d...........O{|
+00000330  f9 1a 63 8a 50 6a ee 81  07 76 53 a9 95 ea df     |..c.Pj...vS....|
diff --git a/testdata/Client-TLSv13-ClientCert-Ed25519 b/testdata/Client-TLSv13-ClientCert-Ed25519
index c174bd9f..38382edb 100644
--- a/testdata/Client-TLSv13-ClientCert-Ed25519
+++ b/testdata/Client-TLSv13-ClientCert-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,119 +7,118 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 94 b3 83 34 fd  |....z...v.....4.|
-00000010  0f d0 16 30 14 0e 57 a1  d3 29 cd 81 c7 a2 59 c9  |...0..W..)....Y.|
-00000020  fb 8f 54 d4 9b 69 a8 47  7d c3 63 20 00 00 00 00  |..T..i.G}.c ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 72 63 6c 83 50  |....z...v..rcl.P|
+00000010  e9 4c 88 85 70 4f e3 cb  c7 0e 0c c5 e5 44 b9 7e  |.L..pO.......D.~|
+00000020  4a 88 d3 32 d2 37 5c 16  d4 a1 e5 20 00 00 00 00  |J..2.7\.... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 38  |..+.....3.$... 8|
-00000060  5e 40 05 c2 91 46 5b e0  c6 c4 8f b6 eb 91 98 b1  |^@...F[.........|
-00000070  b0 41 8e 34 14 8f 2a b1  5e e6 80 78 f6 0c 3e 14  |.A.4..*.^..x..>.|
-00000080  03 03 00 01 01 17 03 03  00 17 30 61 18 ba 71 15  |..........0a..q.|
-00000090  e0 75 5d 55 f2 1a d1 7e  69 fa 58 41 97 cd c1 9a  |.u]U...~i.XA....|
-000000a0  92 17 03 03 00 42 af 88  92 3e 98 ef 74 a5 06 90  |.....B...>..t...|
-000000b0  fd c0 21 20 01 ec 1d 68  93 8d dc 36 dc 2c 43 77  |..! ...h...6.,Cw|
-000000c0  02 18 47 cf 66 b3 61 88  85 be f1 04 1b da c1 03  |..G.f.a.........|
-000000d0  31 68 2c 1c fc dc ed 6b  f3 a5 e8 52 fd a7 dc c8  |1h,....k...R....|
-000000e0  e1 6a 91 67 83 ce 5c 08  17 03 03 02 6d 55 55 72  |.j.g..\.....mUUr|
-000000f0  6e cc c5 4c f0 10 d7 0d  57 5d 4d f4 61 8d 5d 78  |n..L....W]M.a.]x|
-00000100  c3 cd df 49 4a 1a 4b c6  fe 70 0a 4a 1c 1d 12 25  |...IJ.K..p.J...%|
-00000110  36 1a 68 70 7d 02 e9 cc  4b 92 f9 b8 86 d0 e8 68  |6.hp}...K......h|
-00000120  56 be 25 b3 67 3d c0 92  5a 9f 57 8e 22 63 97 78  |V.%.g=..Z.W."c.x|
-00000130  1a 7e 70 76 87 f7 3a ef  45 1f 38 d3 95 12 72 98  |.~pv..:.E.8...r.|
-00000140  d0 89 e5 bd a7 eb fe b6  89 59 27 07 51 fd 2c 71  |.........Y'.Q.,q|
-00000150  8a 99 ca b2 75 bc ae b9  39 c6 15 bf 4e a7 3d 73  |....u...9...N.=s|
-00000160  f4 2c 7d 4c 88 3b b1 b6  3a 3d 49 c7 d0 91 57 6a  |.,}L.;..:=I...Wj|
-00000170  cc 25 c7 07 dc 08 0c ac  f4 9a 1d 58 17 3b 44 84  |.%.........X.;D.|
-00000180  e4 72 eb d5 11 16 09 f5  1b fb 60 23 63 46 51 10  |.r........`#cFQ.|
-00000190  4e 94 7b 5a 31 81 db 9e  bb 82 28 4a 08 32 88 fa  |N.{Z1.....(J.2..|
-000001a0  d2 e3 c4 6e 28 7d 47 66  a1 66 05 39 9e 20 52 fe  |...n(}Gf.f.9. R.|
-000001b0  3d 4d 2e b4 b8 a6 97 dd  12 8d db 9b 74 71 96 be  |=M..........tq..|
-000001c0  38 07 62 fc 81 97 3f 85  a2 b8 eb 29 0f e6 95 ca  |8.b...?....)....|
-000001d0  7b a1 f3 94 7e a4 3c 14  71 55 eb c6 c2 15 09 35  |{...~.<.qU.....5|
-000001e0  18 22 5b 9a 2c 19 f1 d3  60 f0 ff c2 09 9f 81 93  |."[.,...`.......|
-000001f0  e0 37 6e d0 73 40 c2 66  60 b7 54 85 b4 15 83 fe  |.7n.s@.f`.T.....|
-00000200  d4 de f4 a2 1f 7d 88 7d  6d 7d 30 ab 4a 25 3a a1  |.....}.}m}0.J%:.|
-00000210  2c fa 27 f4 94 35 0d 01  b0 9d fb 58 5b 03 86 9f  |,.'..5.....X[...|
-00000220  24 d8 57 dc e2 2e bf 1a  28 78 62 f5 29 e0 20 06  |$.W.....(xb.). .|
-00000230  38 47 98 b7 44 ce d3 66  92 32 4b 68 3d 45 b9 22  |8G..D..f.2Kh=E."|
-00000240  b9 94 32 1b 93 3f c1 88  a5 91 0f 06 8a 1e e6 a1  |..2..?..........|
-00000250  62 7e 1e 50 7a 2a be 18  cc 62 93 51 e0 c1 87 21  |b~.Pz*...b.Q...!|
-00000260  b3 c3 6b 1a ce f9 95 9e  6f 98 2a 25 43 10 6e 10  |..k.....o.*%C.n.|
-00000270  97 5c 09 33 e9 06 b6 6a  a8 8b fe 11 d7 b3 38 d6  |.\.3...j......8.|
-00000280  67 3f f9 50 37 f5 d2 f0  0d d8 6f 0a 8d 58 ee bc  |g?.P7.....o..X..|
-00000290  18 c2 68 17 c7 d9 05 c4  d1 e6 a9 f3 c4 63 f5 d4  |..h..........c..|
-000002a0  f2 fb 16 05 f3 fb 45 56  c7 ec 2b af fe 26 4c c0  |......EV..+..&L.|
-000002b0  85 86 de c3 f5 81 32 b2  bd a9 6c fd 33 25 8e ad  |......2...l.3%..|
-000002c0  6a 44 3e f0 67 be c8 dc  e1 40 9e 40 88 4d e7 c8  |jD>.g....@.@.M..|
-000002d0  0b 55 18 e6 2b 10 50 84  ff 93 63 f6 93 4a d2 39  |.U..+.P...c..J.9|
-000002e0  62 45 ed 31 1d b5 5a 14  53 6f 0f d1 45 e6 6f 66  |bE.1..Z.So..E.of|
-000002f0  a3 cd ff 28 b4 34 4c 54  67 8c 1b b6 a0 b4 01 6c  |...(.4LTg......l|
-00000300  41 24 ab 5c a0 22 82 8c  fa cd 1e 4d e1 8b 7a 04  |A$.\.".....M..z.|
-00000310  00 62 e3 44 19 59 c8 e2  04 45 ac e6 46 e2 6a df  |.b.D.Y...E..F.j.|
-00000320  ce e1 d2 3b 3f 22 b9 17  f2 eb 75 ea 96 cc af f6  |...;?"....u.....|
-00000330  6b 77 29 e5 5c 96 13 19  b5 e6 0a 5d 31 9d 6e 28  |kw).\......]1.n(|
-00000340  3e ec 58 cc 76 b2 93 1e  d0 e4 c3 b7 44 fd 0e 19  |>.X.v.......D...|
-00000350  91 e5 21 91 06 56 19 80  cf 25 17 03 03 00 99 22  |..!..V...%....."|
-00000360  b0 98 6e 68 69 5c 4d 7e  81 2c dc 0f 68 3e 6c 8a  |..nhi\M~.,..h>l.|
-00000370  02 4a 56 1b f2 b4 a2 04  31 64 b4 07 2c 37 47 a3  |.JV.....1d..,7G.|
-00000380  4c b6 5a 64 94 a8 c2 b6  d8 d2 6f 2e b6 4e ce 46  |L.Zd......o..N.F|
-00000390  72 ce 87 73 c4 ce 32 8e  0e e3 6a d2 62 19 56 33  |r..s..2...j.b.V3|
-000003a0  95 94 e2 8f 1b 20 db 2a  cc c7 61 f8 bc 47 18 11  |..... .*..a..G..|
-000003b0  4e d5 d1 66 7a 33 27 e7  38 2b 4b de 01 4c df f7  |N..fz3'.8+K..L..|
-000003c0  a9 c3 e9 50 0e e2 8b 94  16 30 fa 82 51 98 b4 2b  |...P.....0..Q..+|
-000003d0  b6 e6 83 a3 49 13 a5 95  1d 37 38 86 51 08 68 0a  |....I....78.Q.h.|
-000003e0  73 5e 91 e8 24 57 41 f2  15 5f 28 ca a7 f8 9a db  |s^..$WA.._(.....|
-000003f0  e9 fc ba 22 dc e7 25 5f  17 03 03 00 35 b3 81 2b  |..."..%_....5..+|
-00000400  ca e3 9c 5c db 80 ae 0b  41 f7 8c 26 af 9f 68 0a  |...\....A..&..h.|
-00000410  33 24 6a ea 22 b6 fc 57  37 0d 4e ab 48 29 03 d6  |3$j."..W7.N.H)..|
-00000420  d4 25 5f 14 b8 74 2b 80  84 9c 99 3c 18 6c 95 0d  |.%_..t+....<.l..|
-00000430  7d e0                                             |}.|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d7  |..+.....3.$... .|
+00000060  fa 97 47 72 9a 7e 63 47  d6 62 2d dc 5d 4f 7f 9b  |..Gr.~cG.b-.]O..|
+00000070  aa 86 c9 ba 65 4c ae 91  82 40 38 ad 4b 46 73 14  |....eL...@8.KFs.|
+00000080  03 03 00 01 01 17 03 03  00 17 27 2e 49 01 db 5e  |..........'.I..^|
+00000090  e1 45 48 97 54 02 31 9f  ad 62 74 58 70 77 21 5b  |.EH.T.1..btXpw![|
+000000a0  81 17 03 03 00 42 2c 0a  8a a0 e0 40 32 b1 2f 9f  |.....B,....@2./.|
+000000b0  e6 13 9f fd 62 88 a7 34  bd 9a bc 64 5d 9d 17 b9  |....b..4...d]...|
+000000c0  b0 f6 fc 84 ca 3f 80 0b  97 4f 7a d9 67 42 c5 0a  |.....?...Oz.gB..|
+000000d0  e5 18 21 e8 08 42 b4 e6  f5 7e c3 70 2c 0e d3 d8  |..!..B...~.p,...|
+000000e0  15 36 37 57 1a d5 58 64  17 03 03 02 6d 07 11 32  |.67W..Xd....m..2|
+000000f0  d3 1e 03 02 fb 04 35 f2  64 a8 78 c2 b2 f7 7d 5c  |......5.d.x...}\|
+00000100  7c 94 0c 7b 16 9a 87 7d  2f 96 de 01 74 d6 6c 6f  ||..{...}/...t.lo|
+00000110  ce 95 eb f0 df 6d 52 89  3a 19 ff 5b b5 f2 d8 6d  |.....mR.:..[...m|
+00000120  e6 10 94 f7 d9 c4 58 e8  80 db f5 30 22 b1 82 b1  |......X....0"...|
+00000130  66 05 b5 d0 71 40 0f 68  83 ec 43 b5 51 c3 f8 ce  |f...q@.h..C.Q...|
+00000140  e9 71 4a c7 cf 57 b5 53  3f 60 99 ae 84 df 98 cc  |.qJ..W.S?`......|
+00000150  9f 90 d0 fc 1d 03 e9 80  72 7c 60 51 a1 89 93 6d  |........r|`Q...m|
+00000160  0a 57 18 c6 dc 22 82 71  be 66 87 93 dd 16 41 c8  |.W...".q.f....A.|
+00000170  84 38 33 63 fc 82 db 38  63 f8 84 f7 12 08 3b 82  |.83c...8c.....;.|
+00000180  18 cb c0 50 0d dd 19 25  16 88 23 97 35 56 6d 46  |...P...%..#.5VmF|
+00000190  3d 75 e1 83 c3 62 e4 19  70 6c 03 f0 33 5d 94 ad  |=u...b..pl..3]..|
+000001a0  6d be d2 db c4 b8 ad d8  78 78 53 76 62 91 f7 cf  |m.......xxSvb...|
+000001b0  83 5b 1e 44 11 2f 27 6a  29 d4 ea 96 fb 40 1c 94  |.[.D./'j)....@..|
+000001c0  69 c2 cc c7 90 2c 60 14  c7 d4 f2 9c f9 0e 66 1c  |i....,`.......f.|
+000001d0  08 76 6e 9f 3b 3a 47 8a  40 0a de 00 e4 6f 45 ca  |.vn.;:G.@....oE.|
+000001e0  1d 41 cc 34 5a 2c 67 78  58 34 eb 19 0c a5 0e a2  |.A.4Z,gxX4......|
+000001f0  fb c1 0a 25 74 f5 ec 55  f8 c3 97 00 d0 a5 90 c5  |...%t..U........|
+00000200  a1 9c aa 19 2b e6 ee c1  9d 73 a1 3c 1f fa 6a 91  |....+....s.<..j.|
+00000210  2b 2d 27 be 06 f3 85 54  63 a5 d9 ac 55 73 0a e4  |+-'....Tc...Us..|
+00000220  4f dc 25 a0 9f 39 c0 0e  1a 9d a7 4c bd c9 3c 64  |O.%..9.....L..<d|
+00000230  aa 28 a4 d2 aa fa 75 95  c2 48 9b 77 52 6e 5e f9  |.(....u..H.wRn^.|
+00000240  da 4d 61 29 51 6b 2a fd  16 4b fa 5d 65 40 9a 39  |.Ma)Qk*..K.]e@.9|
+00000250  f5 7d da d0 b3 17 4a ba  f0 79 ac 8d 41 73 c7 9e  |.}....J..y..As..|
+00000260  bc 0e f4 72 17 96 e5 4e  c2 a3 39 7d e4 95 04 8a  |...r...N..9}....|
+00000270  49 27 25 f4 41 24 7b a3  1c cc 36 a2 fd 16 14 5f  |I'%.A${...6...._|
+00000280  21 00 49 a5 5f 57 7e e3  f7 04 da 07 07 f6 2a 10  |!.I._W~.......*.|
+00000290  80 a5 78 ae 8b 25 5b 67  b3 a8 bc dd e6 5d 92 9e  |..x..%[g.....]..|
+000002a0  9c b6 10 01 4a 77 de 82  7b 24 0c 92 32 b3 1e 56  |....Jw..{$..2..V|
+000002b0  e6 e7 4a 5f 65 82 5d 42  e3 94 52 f3 0b 42 4d 91  |..J_e.]B..R..BM.|
+000002c0  e9 5b da 7c d9 8c f6 37  04 da 61 29 39 91 98 75  |.[.|...7..a)9..u|
+000002d0  67 cb 8d 56 41 28 7a 32  56 b8 92 67 fd 15 d4 7b  |g..VA(z2V..g...{|
+000002e0  22 92 20 5b 92 e5 95 b1  22 a4 07 6f d3 5c 2d bb  |". [...."..o.\-.|
+000002f0  e3 f2 66 ab e3 d8 a5 67  3c 67 db 1b 8e 65 8b 25  |..f....g<g...e.%|
+00000300  d7 38 ea f5 ce 8a 96 f6  c6 9d 40 1b ba c1 5c fd  |.8........@...\.|
+00000310  1f 1b a2 c2 4a 5c 78 1d  a3 11 3d a7 76 b5 4c 58  |....J\x...=.v.LX|
+00000320  7f 80 4c 5c 7c 7b 88 be  f3 35 9d f8 5a 3f fd 07  |..L\|{...5..Z?..|
+00000330  4a 8d 9e a4 ff 85 32 7e  30 6c b0 e2 f5 d9 e2 29  |J.....2~0l.....)|
+00000340  26 03 98 ac 33 10 29 b5  8c a7 43 0a 0a f3 d0 5c  |&...3.)...C....\|
+00000350  93 2c 4b f4 c8 ee ab c6  56 c7 17 03 03 00 99 5c  |.,K.....V......\|
+00000360  53 de 75 39 35 a6 90 d5  d5 f2 3f c2 a5 b7 5e 55  |S.u95.....?...^U|
+00000370  2f fa 91 7a be be d4 ae  8b 55 f8 ef bc de 03 69  |/..z.....U.....i|
+00000380  c7 eb fa 6d 51 0d 23 bf  87 45 55 2f 3f 17 8e 59  |...mQ.#..EU/?..Y|
+00000390  79 73 d5 8b c8 c0 7f cb  ae 60 13 62 85 75 24 e8  |ys.......`.b.u$.|
+000003a0  34 4a 54 36 61 13 5a 2d  9d ea c1 b4 8e a8 4a db  |4JT6a.Z-......J.|
+000003b0  4b 55 9a c0 5d 73 d4 bf  a1 88 f7 c4 af a8 56 71  |KU..]s........Vq|
+000003c0  28 a1 b6 76 f5 da 55 a8  e3 b8 1c d6 55 ea b6 00  |(..v..U.....U...|
+000003d0  7c 0e 4f b9 81 0a ff d9  1a d4 c8 99 c8 51 48 8a  ||.O..........QH.|
+000003e0  1e 99 4c f7 50 07 0a a1  21 5a 4f c7 c9 1c 69 df  |..L.P...!ZO...i.|
+000003f0  1b 2d 89 0e 63 63 1a c0  17 03 03 00 35 81 75 e8  |.-..cc......5.u.|
+00000400  f3 70 95 be 5d 58 0b e3  6a f6 a6 fb f3 b2 73 6d  |.p..]X..j.....sm|
+00000410  4e ab c9 87 44 95 c4 42  07 74 c7 c7 87 51 77 90  |N...D..B.t...Qw.|
+00000420  91 e6 12 0f 87 dd dd d8  02 33 f7 8c d0 39 b2 6f  |.........3...9.o|
+00000430  45 5a                                             |EZ|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 01 50 85 7f 0a 8b bc  |..........P.....|
-00000010  d1 2a 9f 69 55 c4 37 16  81 a5 46 23 cd af 5a 89  |.*.iU.7...F#..Z.|
-00000020  ad a6 c0 c3 5b 7a dc e5  29 c7 47 13 01 e9 64 4b  |....[z..).G...dK|
-00000030  86 83 50 72 0a bc 45 72  d1 66 47 04 ad 69 01 a7  |..Pr..Er.fG..i..|
-00000040  8c 49 4e 38 00 d7 d1 68  48 bd ff 2f a3 72 de 29  |.IN8...hH../.r.)|
-00000050  86 56 52 7b f1 2f c4 d3  93 3a c9 bc b8 e7 c2 c0  |.VR{./...:......|
-00000060  07 d8 46 81 a2 bd 36 54  79 28 91 1a 85 ab a3 64  |..F...6Ty(.....d|
-00000070  6b 33 e4 15 4c 07 c9 f0  45 49 e5 4c 9e b9 48 12  |k3..L...EI.L..H.|
-00000080  3b 31 12 51 72 89 7b 0f  79 07 6b 35 11 42 af a8  |;1.Qr.{.y.k5.B..|
-00000090  21 40 bd 9b e9 0f 98 80  70 6e e0 b1 99 58 9e 42  |!@......pn...X.B|
-000000a0  ca 0c 6f 87 2f 9b 91 10  7d fc c4 4e 57 1d 2f 79  |..o./...}..NW./y|
-000000b0  18 ba 6f 6f 61 f2 e4 c0  5e 4f fd 6c 58 06 83 6e  |..ooa...^O.lX..n|
-000000c0  52 b1 88 69 74 e1 12 3a  81 d6 32 b3 ac 06 4e 79  |R..it..:..2...Ny|
-000000d0  7a 50 1c 70 1e 63 6f 46  fa 17 b8 e2 1b b9 31 e2  |zP.p.coF......1.|
-000000e0  b0 f6 2f f3 ca 39 95 57  e2 51 82 d1 bf f0 f0 a2  |../..9.W.Q......|
-000000f0  3c 1b 28 cc e2 88 83 1d  db f7 56 b3 dd 39 d5 cb  |<.(.......V..9..|
-00000100  80 28 dc d4 2e e7 c6 a1  3a be 1f 8d 9f 53 5e 31  |.(......:....S^1|
-00000110  24 f1 25 36 2f f9 b1 f1  56 91 74 c8 44 6e bc c1  |$.%6/...V.t.Dn..|
-00000120  a3 cf 35 03 aa cf 87 66  9f 30 e7 eb f6 ff fd b9  |..5....f.0......|
-00000130  de 41 d4 b9 ef ce 99 d6  f3 e2 a6 ae 05 39 83 56  |.A...........9.V|
-00000140  5b 18 b6 52 8d a0 24 5e  34 4a 12 a6 8a 66 e3 c5  |[..R..$^4J...f..|
-00000150  70 92 3c f9 95 0c 59 58  65 b0 dc 17 03 03 00 59  |p.<...YXe......Y|
-00000160  56 82 fd bc ab b7 55 ee  45 23 0a cc 55 f7 fb d3  |V.....U.E#..U...|
-00000170  9f 75 0c 1f a1 f9 bc 3b  4f d5 4a 6b 47 14 6f 34  |.u.....;O.JkG.o4|
-00000180  61 85 c4 e5 3f fb 6d 0e  49 c8 f5 66 81 6b 3a b5  |a...?.m.I..f.k:.|
-00000190  14 f2 74 52 bf 8e d7 40  63 a0 45 ce 0b 69 e5 d6  |..tR...@c.E..i..|
-000001a0  43 6e 01 8b fd 54 6f ab  ce 03 57 c5 3f 6a 00 c1  |Cn...To...W.?j..|
-000001b0  bb 79 01 ee 90 7d 50 e7  de 17 03 03 00 35 cc 30  |.y...}P......5.0|
-000001c0  81 af c1 0c 4a e7 c9 d4  d2 fc 8f 0f a4 54 1c 41  |....J........T.A|
-000001d0  86 c9 a9 81 64 ce 4c 56  1a 94 fc 4b f7 e8 9d 50  |....d.LV...K...P|
-000001e0  33 4b b2 92 99 ee 79 43  ce 1f ea e2 14 5e 24 f1  |3K....yC.....^$.|
-000001f0  72 be c8 17 03 03 00 17  45 29 9b e2 ea a1 d3 16  |r.......E)......|
-00000200  8e 0c ce 85 30 a6 cd 37  b7 5a 42 0f dd 55 4d 17  |....0..7.ZB..UM.|
-00000210  03 03 00 13 ef e7 22 eb  4a e8 2a b4 88 da 2e 08  |......".J.*.....|
-00000220  01 95 77 ad 88 2e 53                              |..w...S|
+00000000  14 03 03 00 01 01 17 03  03 01 50 90 77 22 64 76  |..........P.w"dv|
+00000010  a1 cd 65 49 53 cb f0 2e  21 6c 12 7c 63 e5 ff 49  |..eIS...!l.|c..I|
+00000020  6c be e6 ba 70 2d 22 49  6e 5c 5b 65 46 4b 64 01  |l...p-"In\[eFKd.|
+00000030  f7 1d 57 a3 5f d5 a3 39  b6 b9 79 62 b3 e2 52 35  |..W._..9..yb..R5|
+00000040  95 26 d9 2b 72 39 60 23  c4 5f 7e 88 66 d4 c8 2b  |.&.+r9`#._~.f..+|
+00000050  2d 89 38 c8 b8 bd 73 0a  02 27 92 ab 89 8a ee 9b  |-.8...s..'......|
+00000060  a2 bc 9e 55 fd a0 d4 f3  02 d7 d6 4c 6c 49 ef 7e  |...U.......LlI.~|
+00000070  35 56 90 41 90 53 24 f5  c1 19 f0 ff a0 c8 7c 82  |5V.A.S$.......|.|
+00000080  52 01 98 8c ef 87 69 09  d2 17 35 af 9c 4b 3b b3  |R.....i...5..K;.|
+00000090  6c 36 70 63 48 a2 88 df  cb 87 f3 40 03 a8 b0 64  |l6pcH......@...d|
+000000a0  cc 66 fb cf ba b9 be 8c  67 2d 3c 99 ac 7f 93 c1  |.f......g-<.....|
+000000b0  15 2e 05 ae 95 51 3d 71  d9 43 09 d7 44 cb df 67  |.....Q=q.C..D..g|
+000000c0  b8 b3 33 62 c5 60 cf 22  20 e5 45 17 7c d6 74 12  |..3b.`." .E.|.t.|
+000000d0  0f 6d af d0 db dd 91 ad  20 ea 4d 26 fc c4 2b bd  |.m...... .M&..+.|
+000000e0  ec 3d 75 c8 87 36 b2 d0  1e cc 1d 92 fd 58 5e d5  |.=u..6.......X^.|
+000000f0  f7 ad c2 ed 0c b6 c6 bc  25 ff 39 75 ee cf fc 76  |........%.9u...v|
+00000100  77 e0 15 2e 22 82 3b 6f  93 e4 e9 a1 5a bb 9d 78  |w...".;o....Z..x|
+00000110  e2 3d 18 c8 e5 ea e3 82  52 de bf ca 32 c9 56 21  |.=......R...2.V!|
+00000120  ba c9 2b 12 7d 7b f5 18  73 e5 5e 9c 1e e1 23 92  |..+.}{..s.^...#.|
+00000130  ec 58 56 e5 a4 aa dc 2b  59 75 71 19 06 77 83 d7  |.XV....+Yuq..w..|
+00000140  0b 28 03 e9 fa 2c 89 1a  8c 64 f0 84 b6 13 f0 02  |.(...,...d......|
+00000150  22 02 33 cf c4 22 dd fb  b0 76 8a 17 03 03 00 59  |".3.."...v.....Y|
+00000160  9b 4c 67 95 f4 37 c9 2c  b7 33 c7 78 1c e0 1b 49  |.Lg..7.,.3.x...I|
+00000170  41 6f 88 2d 99 a7 e3 d3  d1 d1 f6 36 b1 2a 8e df  |Ao.-.......6.*..|
+00000180  11 b6 8d 04 63 c7 11 49  e2 8c 79 03 6b b8 a4 8b  |....c..I..y.k...|
+00000190  2a 2c 04 ab b3 e2 50 03  51 77 65 eb 3a 45 f1 ce  |*,....P.Qwe.:E..|
+000001a0  65 9f 9c be d6 be 7f 28  14 6a 61 37 55 94 8f a7  |e......(.ja7U...|
+000001b0  23 2f bc fc bb aa 89 47  76 17 03 03 00 35 f5 be  |#/.....Gv....5..|
+000001c0  e6 33 9b 48 97 74 b0 ad  a4 fc 78 fe 20 ab cd fa  |.3.H.t....x. ...|
+000001d0  48 ad 8c 55 c3 46 b8 2e  d6 ea f0 79 e3 a5 cf 29  |H..U.F.....y...)|
+000001e0  56 19 ab 95 c4 7f fd 89  41 f7 a3 6f e4 19 2f 83  |V.......A..o../.|
+000001f0  8c 3e 5d 17 03 03 00 17  74 24 c5 8d 30 40 0a 12  |.>].....t$..0@..|
+00000200  57 37 d0 27 30 3e 24 ea  81 ca c7 0a f5 12 cf 17  |W7.'0>$.........|
+00000210  03 03 00 13 ff 20 1a 76  60 da a1 15 22 16 10 8a  |..... .v`..."...|
+00000220  9f e1 ee 5d 62 a2 cc                              |...]b..|
diff --git a/testdata/Client-TLSv13-ClientCert-RSA-ECDSA b/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
index e159d3e5..10c83c48 100644
--- a/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv13-ClientCert-RSA-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,131 +7,130 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 12 8c 45 11 2d  |....z...v....E.-|
-00000010  22 19 db e3 07 f4 31 70  a6 9d f5 b2 6a df 8f b5  |".....1p....j...|
-00000020  57 6e a1 80 75 6b 6b 77  53 cd b4 20 00 00 00 00  |Wn..ukkwS.. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 af 7e fd 3d 23  |....z...v...~.=#|
+00000010  96 b6 46 26 9c 09 13 f6  80 4f c9 d2 52 d9 df 52  |..F&.....O..R..R|
+00000020  0b 7c da 61 52 ba 99 1b  32 5a 0c 20 00 00 00 00  |.|.aR...2Z. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d9  |..+.....3.$... .|
-00000060  7a 4f 73 11 d0 32 a9 32  96 d4 d6 5d 93 25 4a 83  |zOs..2.2...].%J.|
-00000070  26 6d 4d 30 02 8e ed 8e  65 0a 13 27 f3 53 5b 14  |&mM0....e..'.S[.|
-00000080  03 03 00 01 01 17 03 03  00 17 85 46 a7 e1 6f a9  |...........F..o.|
-00000090  d5 ea 00 e8 d2 7c 10 b9  e2 b1 98 9c eb a3 54 02  |.....|........T.|
-000000a0  61 17 03 03 00 42 ca 37  9a 89 50 e8 5d b2 6d 21  |a....B.7..P.].m!|
-000000b0  56 68 10 a1 47 76 16 87  f3 50 f0 5f d1 50 3a 03  |Vh..Gv...P._.P:.|
-000000c0  1e c7 27 84 d6 82 94 35  92 34 d7 54 f4 9b 30 8d  |..'....5.4.T..0.|
-000000d0  e9 9b 5a 04 88 4c 27 b3  3a 32 37 9e c2 a5 8a 19  |..Z..L'.:27.....|
-000000e0  d3 71 30 7b ba 9f d3 7f  17 03 03 02 22 4e e7 88  |.q0{........"N..|
-000000f0  d6 55 13 2b c9 db 93 db  9f 6b ca 4e a7 91 a1 30  |.U.+.....k.N...0|
-00000100  04 c7 e7 fc 5d f8 28 0d  b0 cd 73 b2 4b 59 e5 89  |....].(...s.KY..|
-00000110  68 f8 bb 47 1f 73 a2 d7  fe 75 73 8d a4 02 e7 22  |h..G.s...us...."|
-00000120  80 c0 aa d1 4c de f8 89  1a d2 12 86 35 7f cf 40  |....L.......5..@|
-00000130  e1 4f 47 f2 69 51 7c a7  7c 23 32 ed a6 53 8a 4a  |.OG.iQ|.|#2..S.J|
-00000140  47 86 e7 0c c5 5f 34 9f  91 eb d2 c1 bd 65 1e 7c  |G...._4......e.||
-00000150  6e ec 18 70 21 d9 95 dc  fe 44 cf d7 3f 58 fa e1  |n..p!....D..?X..|
-00000160  43 df 2e 44 7f a0 5f 48  e3 02 2c fd 18 f2 23 25  |C..D.._H..,...#%|
-00000170  a5 fc d1 23 2c 81 16 c3  8e 58 47 51 bf 0e c3 57  |...#,....XGQ...W|
-00000180  54 bf d1 8e f6 82 91 ce  5f 24 2d fd e5 80 52 c6  |T......._$-...R.|
-00000190  db b9 a1 3a 0d 80 25 98  17 ed cc 81 36 9f 85 31  |...:..%.....6..1|
-000001a0  11 25 65 36 50 ed 8e c7  6f b5 28 22 4c f3 93 94  |.%e6P...o.("L...|
-000001b0  61 0d c1 10 19 37 b2 3b  ec 41 3c 95 bc ae b5 8d  |a....7.;.A<.....|
-000001c0  95 87 39 bd 41 a7 cf 3e  b2 83 7c 12 fd 37 e4 6b  |..9.A..>..|..7.k|
-000001d0  0d c7 f9 7f f5 02 74 e0  37 c2 45 68 ab 84 f5 65  |......t.7.Eh...e|
-000001e0  78 4f 64 c5 d2 de 15 2b  1b d9 06 7a d5 f8 34 13  |xOd....+...z..4.|
-000001f0  19 54 2e 7a 85 04 d0 90  51 78 2a e2 4b ca 11 b9  |.T.z....Qx*.K...|
-00000200  7d 38 bd 5f be 5d d5 da  36 41 49 95 39 8e 1e df  |}8._.]..6AI.9...|
-00000210  a9 3b cc 18 8f 26 bd 37  97 f1 49 42 d4 e9 48 91  |.;...&.7..IB..H.|
-00000220  21 dc 70 9b 21 7a 24 13  8d 8e 7a d6 5f 11 2a ab  |!.p.!z$...z._.*.|
-00000230  73 9a cf cb af bf 3e 19  46 81 48 0a 17 b1 f1 24  |s.....>.F.H....$|
-00000240  a5 aa 60 91 fa d0 9b e4  95 28 7a a2 bf 2b ac 18  |..`......(z..+..|
-00000250  5f 1d 98 b8 e8 1a b4 58  fe 66 25 d2 0a 8d ad 7f  |_......X.f%.....|
-00000260  d2 46 95 8d d8 42 de 94  12 88 a6 30 80 14 ce 7c  |.F...B.....0...||
-00000270  ef 20 31 cd a3 e7 6b 29  b7 74 aa 62 c4 4c d5 52  |. 1...k).t.b.L.R|
-00000280  15 8e 7b da 51 60 24 ca  8d 65 9b 9b d8 2a df 1c  |..{.Q`$..e...*..|
-00000290  28 63 28 e7 20 07 f2 b4  99 d8 d6 2a d2 d3 ae 28  |(c(. ......*...(|
-000002a0  5e c5 12 25 fa b5 1c 31  1c 6d eb 1f d9 92 2b cf  |^..%...1.m....+.|
-000002b0  de fa d9 7c 39 69 0b a3  a3 05 aa 11 7d 41 3f d7  |...|9i......}A?.|
-000002c0  17 48 41 a7 3c 4b 42 93  46 26 da de 47 fe f8 76  |.HA.<KB.F&..G..v|
-000002d0  4a fb cc 08 78 19 98 d4  ad a7 4e c4 c6 47 2d 8f  |J...x.....N..G-.|
-000002e0  3f 59 57 09 89 8e 95 eb  a3 37 94 e2 6a a9 62 ee  |?YW......7..j.b.|
-000002f0  cd 8a b8 88 36 e1 ca 2a  ad 78 b8 2c 74 bc e0 11  |....6..*.x.,t...|
-00000300  6c 87 a3 06 51 b2 84 94  a2 d2 7b 57 94 79 5c 17  |l...Q.....{W.y\.|
-00000310  03 03 00 a4 07 a2 96 5b  70 21 8a a7 2e 2c 80 7a  |.......[p!...,.z|
-00000320  7a 70 09 bf 12 2e 80 1d  60 be 20 65 ff 02 74 ee  |zp......`. e..t.|
-00000330  33 27 10 b1 bf b8 aa 2b  f8 8e 2e b1 41 17 4d d5  |3'.....+....A.M.|
-00000340  bd 53 37 3c d0 85 2f 04  3c 92 e4 c0 0c 99 bd 34  |.S7<../.<......4|
-00000350  38 65 36 68 ae 12 1b 25  e7 a4 0e 2a 46 fc 29 1d  |8e6h...%...*F.).|
-00000360  5e 2d 32 42 00 59 33 da  43 53 d0 d0 61 03 7d 6b  |^-2B.Y3.CS..a.}k|
-00000370  ee 3a a5 bc 42 15 4d 04  5c 56 d4 b0 2d 2c 0e 5e  |.:..B.M.\V..-,.^|
-00000380  cd 2e 7b 83 22 a8 c4 bb  6d 6e 8b 5b 6d 7f cd 5d  |..{."...mn.[m..]|
-00000390  78 19 52 ff 72 a5 bf 5c  80 ba 0a 94 db c1 f8 24  |x.R.r..\.......$|
-000003a0  27 fe d7 0d 20 07 3a 8e  34 f9 32 ed 9a ae e3 de  |'... .:.4.2.....|
-000003b0  dc a7 2b c2 9e 8e 36 89  17 03 03 00 35 d8 4d df  |..+...6.....5.M.|
-000003c0  c5 6f 77 cc d2 2c 30 9b  db bb 4c 12 25 8e 2a 3a  |.ow..,0...L.%.*:|
-000003d0  ab e1 51 14 e5 16 22 8a  83 78 b1 98 7b 71 c9 a7  |..Q..."..x..{q..|
-000003e0  08 fd 5d 20 95 0b bf cb  64 08 df dd ca df f5 d7  |..] ....d.......|
-000003f0  f9 c2                                             |..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 83  |..+.....3.$... .|
+00000060  95 cf ff 0f f6 eb 66 dc  4f 61 f3 94 43 18 7b f5  |......f.Oa..C.{.|
+00000070  91 6a e5 36 75 7b 6b 2c  d4 38 f7 4f 36 f0 3c 14  |.j.6u{k,.8.O6.<.|
+00000080  03 03 00 01 01 17 03 03  00 17 b7 83 3c 5c 9e ee  |............<\..|
+00000090  fc c3 14 33 45 62 69 8b  63 25 03 77 fe 7c 8b c0  |...3Ebi.c%.w.|..|
+000000a0  0a 17 03 03 00 42 6c cd  df 26 24 42 0d 2e 38 64  |.....Bl..&$B..8d|
+000000b0  c5 92 7c 6b 18 47 cc 90  09 57 95 0a f9 cc 81 f1  |..|k.G...W......|
+000000c0  db 90 29 ba b0 3f db 99  55 78 93 ab 05 34 91 46  |..)..?..Ux...4.F|
+000000d0  ce cb c5 2c b8 fb 43 98  31 cc 18 8f 2e 2a 39 78  |...,..C.1....*9x|
+000000e0  68 6d 01 29 05 ff 7e 4f  17 03 03 02 22 c1 3d c5  |hm.)..~O....".=.|
+000000f0  cb 42 fe 5d a8 ea 65 fd  1a a8 cd a9 28 ed 8d 69  |.B.]..e.....(..i|
+00000100  5b eb 28 11 c5 bb 9f 58  8d f2 2d 44 b4 8f 87 d6  |[.(....X..-D....|
+00000110  3f af df 3f 13 c0 7e bf  6f b3 e0 fa 45 5c ee a2  |?..?..~.o...E\..|
+00000120  13 70 08 94 2d 87 a7 1c  23 a9 aa a1 64 d2 49 ed  |.p..-...#...d.I.|
+00000130  33 2c ae 02 9e a7 03 24  3f 4c 43 d4 2e 54 b9 fc  |3,.....$?LC..T..|
+00000140  39 6c 32 8c b1 0c bb f6  31 60 d9 48 82 5b ed 2b  |9l2.....1`.H.[.+|
+00000150  ea dd e3 2d 1a 35 a3 22  be e1 f1 13 04 9c aa 1a  |...-.5."........|
+00000160  24 39 4a 0d 63 fb ce 31  71 af e6 1c f3 a3 dd c1  |$9J.c..1q.......|
+00000170  51 40 28 5a 11 a0 9e 19  0a a5 74 e2 40 56 9c 55  |Q@(Z......t.@V.U|
+00000180  40 45 e6 20 5d 23 aa 85  ec 42 5f 2c 24 10 fb ff  |@E. ]#...B_,$...|
+00000190  8a 52 e6 33 8f e1 1e e1  51 8a 9f 5d 6f 63 b8 04  |.R.3....Q..]oc..|
+000001a0  13 ab fa 5d 85 ba d3 eb  cf b9 0b 89 08 b7 7b a9  |...]..........{.|
+000001b0  ea 07 b9 41 07 7a 08 7b  57 01 35 11 a1 65 99 4a  |...A.z.{W.5..e.J|
+000001c0  4c 4a 1f c2 94 5a 00 09  9a 13 37 23 16 60 45 62  |LJ...Z....7#.`Eb|
+000001d0  96 fa 6b 7a 0f d6 68 14  f5 cd 40 d7 0a eb ea 75  |..kz..h...@....u|
+000001e0  f0 29 cb ea 7f e7 55 36  d9 02 b2 a0 bc 54 ac 04  |.)....U6.....T..|
+000001f0  1b 00 10 c0 db 45 81 e6  97 2a 4a 57 1d e7 de e3  |.....E...*JW....|
+00000200  d1 0a 09 c7 73 6a 9e a0  3c 79 7f a8 26 6a 98 05  |....sj..<y..&j..|
+00000210  5d 68 4c 60 05 86 cd 41  53 7b 08 c1 83 45 2e 5a  |]hL`...AS{...E.Z|
+00000220  6c 1a 65 2a e1 e6 55 b5  94 49 46 6f 71 97 ac 20  |l.e*..U..IFoq.. |
+00000230  65 1e 6b 08 2c bd 47 33  e8 78 e4 45 91 1a 7e 9c  |e.k.,.G3.x.E..~.|
+00000240  09 fa 88 c2 1b 0d 4e 01  0c 3b 9f a1 d8 12 88 4c  |......N..;.....L|
+00000250  d0 27 bd f3 98 67 d2 41  ac 3a ed 6a 56 51 f9 09  |.'...g.A.:.jVQ..|
+00000260  63 4e fe 4c 12 ef 97 04  9f 44 98 e4 68 c0 fc fc  |cN.L.....D..h...|
+00000270  1a 57 2d 87 77 31 fa 94  e7 ea 18 db 92 70 3c 2c  |.W-.w1.......p<,|
+00000280  7f a1 21 1b 68 4e 5c a0  f2 26 0c c8 4f 2e 06 3c  |..!.hN\..&..O..<|
+00000290  b4 98 5f 35 00 25 28 3c  08 d5 a2 bf ae ae 8f e6  |.._5.%(<........|
+000002a0  9d 8b 57 5d 8b 58 72 f7  cf e8 c0 8d 87 ca 75 1b  |..W].Xr.......u.|
+000002b0  79 60 35 d5 bd b2 28 01  47 17 09 b3 58 ff f4 b0  |y`5...(.G...X...|
+000002c0  05 8d fb f4 55 a7 4e cc  7d b6 d8 48 c2 3b 2d df  |....U.N.}..H.;-.|
+000002d0  e6 e2 83 3d 07 17 c5 d2  b2 dd 85 a4 67 74 1e 0f  |...=........gt..|
+000002e0  62 8d 75 9a 26 e2 77 20  5b 9b 5d 11 e5 86 4a cb  |b.u.&.w [.]...J.|
+000002f0  4d 5f c1 53 7f 4f b0 43  29 23 07 5b e7 8f 59 25  |M_.S.O.C)#.[..Y%|
+00000300  e2 74 c1 91 0e 43 cd 25  93 00 39 59 83 5f 89 17  |.t...C.%..9Y._..|
+00000310  03 03 00 a4 44 45 6b 25  93 08 da f7 f0 8b 10 48  |....DEk%.......H|
+00000320  53 09 0e 18 19 1e 26 f9  27 30 ba 80 99 b7 53 3d  |S.....&.'0....S=|
+00000330  6a d2 6b 89 10 ce d3 7b  e9 6f 67 fd 1b 0d 17 5e  |j.k....{.og....^|
+00000340  5b 05 c8 42 f0 4c a1 15  56 09 e2 ac 8d 78 31 b0  |[..B.L..V....x1.|
+00000350  01 82 8e 00 59 1d 3b 70  13 3a 52 1b fb 45 bf 26  |....Y.;p.:R..E.&|
+00000360  9b 8f 85 30 1e ab 54 a5  6b 8f db 47 ed 22 6b 50  |...0..T.k..G."kP|
+00000370  a9 c5 d8 22 98 29 d2 89  61 ab 24 47 79 de 62 88  |...".)..a.$Gy.b.|
+00000380  7a 4a 43 0f 9d a9 ac 16  b9 3a d3 63 88 29 1c 96  |zJC......:.c.)..|
+00000390  45 73 5b f2 eb b3 d0 c5  db 67 d1 78 50 83 f7 a6  |Es[......g.xP...|
+000003a0  f4 5e cd c9 fa da 14 ab  f1 d0 48 2b 4d c0 5a 5b  |.^........H+M.Z[|
+000003b0  e9 18 2d 70 f1 bc 4a d4  17 03 03 00 35 e6 af 63  |..-p..J.....5..c|
+000003c0  24 da e9 dc 90 ad 68 9e  84 d3 b2 74 07 d4 bb cd  |$.....h....t....|
+000003d0  5a d5 00 4c d9 93 b1 8a  57 8f dc 44 fc 9a 9a 17  |Z..L....W..D....|
+000003e0  71 2f 08 30 6a 3b 97 04  2c 3e 42 20 5d 5e b7 e0  |q/.0j;..,>B ]^..|
+000003f0  a3 91                                             |..|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 11 67 1a 6d 9c e6  |...........g.m..|
-00000010  fd 73 aa 96 0b 7a 9b 1a  28 fd e8 5c 7b a2 65 91  |.s...z..(..\{.e.|
-00000020  e8 6a 96 48 6e 56 da 2d  8f 79 d3 d9 bb db f1 26  |.j.HnV.-.y.....&|
-00000030  27 99 e5 d2 2e b2 20 ee  af e5 b5 8b 6d a3 ea a3  |'..... .....m...|
-00000040  2a 6a a5 5e 28 61 04 10  d3 01 62 bd 16 f3 2b 84  |*j.^(a....b...+.|
-00000050  1b ca 26 67 62 4b b6 24  df 20 9a 06 57 ed 21 37  |..&gbK.$. ..W.!7|
-00000060  a1 0c e4 e1 cd c8 39 e6  5c bc 78 46 8c fb ad f1  |......9.\.xF....|
-00000070  55 15 bc d5 f5 21 2b b1  b6 03 5c 14 0f cf 8d 79  |U....!+...\....y|
-00000080  ad 64 b6 fd de 92 a9 51  f5 29 f3 d3 14 22 9a d5  |.d.....Q.)..."..|
-00000090  70 37 87 19 dd c3 d3 7b  79 ce 80 c3 f8 02 ea dc  |p7.....{y.......|
-000000a0  86 f8 af d2 fe 0d 49 a5  ba 6d ec 42 cf 28 21 ed  |......I..m.B.(!.|
-000000b0  5f 23 90 3b 83 d8 c4 73  fd 18 57 7f b1 81 9f 88  |_#.;...s..W.....|
-000000c0  19 3c bc 4b 24 4c 22 2f  07 f3 07 29 e8 6c 30 8e  |.<.K$L"/...).l0.|
-000000d0  12 b5 bc 2f 2f c0 80 fb  a1 f0 73 0c 22 ea 4f 24  |...//.....s.".O$|
-000000e0  3b 37 a5 68 65 12 42 0b  6b 7f eb ff 59 eb 92 de  |;7.he.B.k...Y...|
-000000f0  96 d9 f7 23 95 b1 b5 93  61 8b a5 bd c2 bf b0 86  |...#....a.......|
-00000100  af 54 91 21 38 b1 7e 4c  05 82 71 70 30 a0 19 ac  |.T.!8.~L..qp0...|
-00000110  10 63 fa 6a 05 95 14 18  27 cc f3 2e 2d 78 93 35  |.c.j....'...-x.5|
-00000120  65 c9 4e ec 3a 10 9e 75  60 21 18 71 f9 b5 95 37  |e.N.:..u`!.q...7|
-00000130  af 29 a1 51 a9 e5 a9 b5  5b a5 81 72 65 6c eb f2  |.).Q....[..rel..|
-00000140  2e 78 85 04 b8 c0 3c e6  3a 49 0e 28 fa 0a f8 73  |.x....<.:I.(...s|
-00000150  16 da ba 60 db ed ad de  7d 5b 10 15 03 5b 79 d0  |...`....}[...[y.|
-00000160  d7 da 91 ff 12 76 37 94  43 ad f4 f8 b9 39 23 e6  |.....v7.C....9#.|
-00000170  7c ed 92 d9 92 c4 2b bd  8c 7a fd ab 0d 17 0b b5  ||.....+..z......|
-00000180  5b 8a 5f a6 9b 19 04 88  37 75 54 a9 35 15 ff df  |[._.....7uT.5...|
-00000190  42 8b aa fb 9f 30 28 ef  bb 74 95 a5 af 44 c2 70  |B....0(..t...D.p|
-000001a0  55 c7 cc f5 37 b9 34 c6  dd fb 9b c5 70 fa 0f ed  |U...7.4.....p...|
-000001b0  45 54 38 02 34 0a 09 df  4c bd 07 78 ce 66 c7 0d  |ET8.4...L..x.f..|
-000001c0  57 94 06 97 6d b3 ec 90  70 81 37 23 77 b7 2f cb  |W...m...p.7#w./.|
-000001d0  c5 af 12 bd a7 c5 81 87  92 9e 9b ed 78 6d bf 63  |............xm.c|
-000001e0  01 aa d7 f3 50 f2 f7 c6  af a9 7f 73 d8 fb 17 27  |....P......s...'|
-000001f0  c3 33 8d 2b 2c ad 10 4d  36 5c 49 e8 19 06 34 45  |.3.+,..M6\I...4E|
-00000200  00 eb 1f c1 09 c8 19 06  55 91 52 df cd db f2 d5  |........U.R.....|
-00000210  22 2a af 92 cb 18 9f 96  2a 12 d5 ea 17 03 03 00  |"*......*.......|
-00000220  99 01 94 eb cc e4 e7 4f  90 c1 9b 85 c8 1f 73 f0  |.......O......s.|
-00000230  50 52 7d 62 50 f9 90 49  59 e8 31 a0 ea 3b 42 2c  |PR}bP..IY.1..;B,|
-00000240  2c dd e8 9c 42 d5 5f 50  84 b9 78 0a 5e 73 55 d9  |,...B._P..x.^sU.|
-00000250  21 39 e5 bc c7 88 04 1d  b8 d3 46 b3 a0 b6 07 60  |!9........F....`|
-00000260  4a 39 1a 39 cc e3 22 2f  de 30 16 71 54 1d c0 69  |J9.9.."/.0.qT..i|
-00000270  ea 73 81 bf 17 7d 82 dc  33 cd 1f c2 e8 eb 67 61  |.s...}..3.....ga|
-00000280  60 1e dd 2c 56 45 d4 49  fb 7f 21 dd a8 23 8c 13  |`..,VE.I..!..#..|
-00000290  d3 1b c5 c1 3b 08 e4 21  ac 35 eb d6 44 a6 48 c9  |....;..!.5..D.H.|
-000002a0  e2 ae 04 a8 36 fb e8 f6  2e 91 90 da 5a ae 18 3b  |....6.......Z..;|
-000002b0  a7 14 94 ed b7 f4 8a cc  74 be 17 03 03 00 35 a2  |........t.....5.|
-000002c0  9f 3f bd d0 7c 1e ac 4e  c9 7e 9d ee 9a 89 61 55  |.?..|..N.~....aU|
-000002d0  38 41 8c d9 e1 56 35 bd  0b 6e ad 77 0e 0d 08 df  |8A...V5..n.w....|
-000002e0  73 67 36 28 e0 9b 96 ba  c0 38 de 95 31 53 49 9c  |sg6(.....8..1SI.|
-000002f0  db 16 c2 90 17 03 03 00  17 6f cc cb 4e ac ef a0  |.........o..N...|
-00000300  48 75 94 28 c5 8d 06 33  28 94 11 84 25 9f 26 a6  |Hu.(...3(...%.&.|
-00000310  17 03 03 00 13 d2 ce 1b  90 04 b1 32 38 db 0d b5  |...........28...|
-00000320  3c e8 e3 34 bc c3 d1 33                           |<..4...3|
+00000000  14 03 03 00 01 01 17 03  03 02 11 e0 62 97 8a 4d  |............b..M|
+00000010  01 cf 8f e2 d2 a8 0d d4  9a fc f5 b2 d7 82 2b 7a  |..............+z|
+00000020  8c e7 ce 2a 99 3b 41 a2  a3 ca c4 9d 15 79 7f 2f  |...*.;A......y./|
+00000030  04 7a 18 e4 5b b6 01 d6  b5 03 d2 08 15 41 c7 18  |.z..[........A..|
+00000040  8a 66 78 05 ed 33 19 8e  93 9e c3 ff 4a 92 bb 7b  |.fx..3......J..{|
+00000050  72 e5 81 a6 2a 7f b3 e1  72 67 01 7a 95 f4 3f bc  |r...*...rg.z..?.|
+00000060  cd e4 bc 45 74 9b 4c 1c  69 68 d0 75 89 9f d5 d0  |...Et.L.ih.u....|
+00000070  de 59 d4 1c 47 cc 5e 2e  dd bd f9 1f e4 16 c9 c8  |.Y..G.^.........|
+00000080  9b 4e 07 6b 7a 12 e7 13  71 ae c1 26 48 32 d6 4e  |.N.kz...q..&H2.N|
+00000090  8a 15 c2 a0 91 59 9d 21  0d 28 d2 94 3f e9 fc 74  |.....Y.!.(..?..t|
+000000a0  98 5b e5 be 50 ad 10 7d  d9 a1 da 41 59 15 b3 85  |.[..P..}...AY...|
+000000b0  2d 7b 81 b3 ae fb db 4c  00 24 31 57 f2 54 b7 f7  |-{.....L.$1W.T..|
+000000c0  64 cc 73 23 bc 6a 93 e0  91 a7 5e 1b 63 f1 59 89  |d.s#.j....^.c.Y.|
+000000d0  a9 d9 7b 88 35 17 7a 4d  b9 66 d0 a5 f2 d6 79 ed  |..{.5.zM.f....y.|
+000000e0  c1 3a e7 98 88 96 e7 2f  31 66 bf 16 34 e2 fd 5f  |.:...../1f..4.._|
+000000f0  fb 0f fb 9a aa ba 78 d8  6a c9 72 d6 39 32 3a 99  |......x.j.r.92:.|
+00000100  a2 11 8a 32 79 cf 18 d9  22 da 40 31 3e d3 c8 17  |...2y...".@1>...|
+00000110  c4 1f e2 4f c8 7f b9 2f  83 d7 5e 59 48 d3 9b b9  |...O.../..^YH...|
+00000120  68 9c c2 e4 45 c2 a3 26  91 cd 3a 26 47 c4 b8 7f  |h...E..&..:&G...|
+00000130  8f 91 c0 06 b5 6e 5e b4  65 05 42 ea 48 9e 40 bc  |.....n^.e.B.H.@.|
+00000140  0c 04 22 86 6a 54 6c 27  c3 77 b4 b9 22 99 6a f0  |..".jTl'.w..".j.|
+00000150  91 bc 41 ca 24 41 52 fd  e2 18 0f 64 13 7e a3 6b  |..A.$AR....d.~.k|
+00000160  ab 27 1e 15 87 0d 7f 71  1e 29 16 f9 af 81 ec bc  |.'.....q.)......|
+00000170  28 0b 45 bd 76 fd ff 0e  fb 8d c5 0c aa ef a5 17  |(.E.v...........|
+00000180  55 49 a6 3d 74 5c 8d 77  60 99 a1 8f aa a9 eb 0f  |UI.=t\.w`.......|
+00000190  75 1a 55 21 3a 96 da 08  a2 cd ad 11 78 15 6a ce  |u.U!:.......x.j.|
+000001a0  ef f6 fb 8b a3 dd fd ad  2d a5 2d 59 25 37 fe 53  |........-.-Y%7.S|
+000001b0  48 90 fa 9a d3 3c 09 69  47 d3 d1 e4 48 30 fd df  |H....<.iG...H0..|
+000001c0  15 d7 64 ff ca 91 46 c2  36 82 30 ae 4e 75 12 be  |..d...F.6.0.Nu..|
+000001d0  58 5d da 63 da bd dc be  81 be ad 37 87 ea 0a 26  |X].c.......7...&|
+000001e0  31 cf 1b 1e 7d de a8 04  e3 b8 e5 65 5a 21 db b6  |1...}......eZ!..|
+000001f0  2b 7c e7 23 7c 2b e1 89  3f 28 27 97 dd 1c c6 00  |+|.#|+..?('.....|
+00000200  0e e4 05 68 0f 9a 8a 1d  e6 bd bd aa 1f 46 6e a2  |...h.........Fn.|
+00000210  d9 69 91 9b e7 e3 6c 39  33 77 b8 76 17 03 03 00  |.i....l93w.v....|
+00000220  99 c9 3e 7e 78 3b 91 65  35 cb 19 44 92 f7 77 f5  |..>~x;.e5..D..w.|
+00000230  60 3c 19 2a 97 c5 a0 92  b2 28 e2 44 94 ec 1b 3d  |`<.*.....(.D...=|
+00000240  f8 1a c1 65 eb 41 3f 61  f1 db 42 1a 0d b8 32 12  |...e.A?a..B...2.|
+00000250  f6 1b 83 be 37 d8 fe 78  bd 5b 66 d1 f2 6c 3e e3  |....7..x.[f..l>.|
+00000260  8a 0f 3a 28 57 71 1a 78  ab 2a b5 5f ad a3 6e 2c  |..:(Wq.x.*._..n,|
+00000270  a3 d9 3a 0b d0 99 95 d6  dc 8e 7a f0 b6 e4 cb 46  |..:.......z....F|
+00000280  ab cb eb cf ec 86 b3 fe  e6 e6 73 2c a2 64 d2 d5  |..........s,.d..|
+00000290  9c 8c 25 39 62 07 51 93  12 92 2b e3 4b 2e 3d f5  |..%9b.Q...+.K.=.|
+000002a0  f1 d4 22 69 c3 90 cf 91  35 2f e4 60 35 44 6f bf  |.."i....5/.`5Do.|
+000002b0  7a 75 3d fb 70 bd 20 05  a8 f8 17 03 03 00 35 6e  |zu=.p. .......5n|
+000002c0  09 00 fa 13 8f d4 17 40  ee 9e 5f 8a 56 ba 7c 69  |.......@.._.V.|i|
+000002d0  05 ee 65 8e fd 9c 62 7f  f9 af 04 c7 46 20 07 da  |..e...b.....F ..|
+000002e0  bc 79 f8 cc 53 c6 fc 47  b5 54 9c fb 4d a3 cf 56  |.y..S..G.T..M..V|
+000002f0  a4 57 c5 aa 17 03 03 00  17 d6 ea 39 50 a5 8e 67  |.W.........9P..g|
+00000300  b9 79 76 17 77 86 a8 58  fb 86 03 74 1a e4 12 37  |.yv.w..X...t...7|
+00000310  17 03 03 00 13 e7 07 59  c3 d0 27 b3 d8 e8 a3 7b  |.......Y..'....{|
+00000320  df e8 17 08 78 4e 9a 6b                           |....xN.k|
diff --git a/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS b/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
index a306d4bb..4892e2b5 100644
--- a/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
+++ b/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,140 +7,139 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 59 1d 08 4c 9a  |....z...v..Y..L.|
-00000010  08 52 d3 3b 7b 4c 3e d3  23 53 e3 17 09 07 52 8b  |.R.;{L>.#S....R.|
-00000020  e5 c9 55 c3 c1 0d db 83  aa ba 4e 20 00 00 00 00  |..U.......N ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 56 a4 21 f9 b3  |....z...v..V.!..|
+00000010  ff ed 23 dc a7 eb cd 4b  f3 0a a9 12 a4 52 84 04  |..#....K.....R..|
+00000020  77 59 23 09 26 6c 49 42  9f 68 b2 20 00 00 00 00  |wY#.&lIB.h. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d8  |..+.....3.$... .|
-00000060  b2 05 15 9a 39 db 4f d6  d1 d1 e5 6c f0 8d 6f b1  |....9.O....l..o.|
-00000070  54 d6 ff f2 48 2b a7 14  2a f6 4e cd 28 41 61 14  |T...H+..*.N.(Aa.|
-00000080  03 03 00 01 01 17 03 03  00 17 c9 09 91 34 14 6c  |.............4.l|
-00000090  de cb 9f d5 0d 03 5e 58  69 4e 61 75 8a 4b a9 35  |......^XiNau.K.5|
-000000a0  51 17 03 03 00 20 4f 41  5c 1d f6 73 a0 ca a7 a9  |Q.... OA\..s....|
-000000b0  4c b9 34 ee 7c c0 68 eb  e6 28 9f 1f 7f bf 6e 17  |L.4.|.h..(....n.|
-000000c0  17 cf 6c cb ad 72 17 03  03 02 7a 1f d1 c8 b3 7a  |..l..r....z....z|
-000000d0  7b 7b c9 fa c0 5a cb e9  18 64 b9 ef 49 8f 2d da  |{{...Z...d..I.-.|
-000000e0  cd 97 44 ec dc 2e 32 d8  39 e3 40 78 97 ef 01 69  |..D...2.9.@x...i|
-000000f0  0a b6 fc 31 d4 53 85 0c  c1 51 3a a7 02 e3 af ae  |...1.S...Q:.....|
-00000100  20 4b 44 13 c2 d1 4d de  b3 5d 24 3e 64 36 78 fd  | KD...M..]$>d6x.|
-00000110  6f 36 79 3e c2 ef 48 27  e0 e2 a3 86 61 22 14 61  |o6y>..H'....a".a|
-00000120  88 df 08 86 ed af 2a d6  2f b6 9d 30 f7 6e 28 7a  |......*./..0.n(z|
-00000130  44 2c b1 32 cc 4b 9b 6f  67 69 83 cc 7b 59 64 16  |D,.2.K.ogi..{Yd.|
-00000140  76 43 b5 0c 6f 5e 5c f0  17 e6 b4 32 0d 2d 01 91  |vC..o^\....2.-..|
-00000150  7c 00 af bf 99 fb 0b 97  8e fa 1f cc 10 4c cb 73  ||............L.s|
-00000160  81 f8 b3 7c 2e 8d ba c5  95 f1 7b 19 f2 19 48 c5  |...|......{...H.|
-00000170  ba a0 ba fd b3 29 42 1d  3a e2 f1 8f 13 c5 38 66  |.....)B.:.....8f|
-00000180  be 60 e9 a3 e4 b7 c3 e1  3d cf c3 62 85 4f f3 29  |.`......=..b.O.)|
-00000190  11 e4 72 cd c5 90 9c 45  36 11 67 8a 09 a2 f8 b1  |..r....E6.g.....|
-000001a0  48 e3 26 c5 d8 5d 8e b4  c0 af a6 e8 93 2f e8 99  |H.&..]......./..|
-000001b0  75 07 56 82 ed 58 21 2a  d8 4f dc 60 41 2f a9 49  |u.V..X!*.O.`A/.I|
-000001c0  aa 73 68 22 b7 73 5c 14  a4 46 b2 de 68 a8 f1 4a  |.sh".s\..F..h..J|
-000001d0  97 db 0d cd 29 26 d7 28  d2 d0 0c 81 43 c7 ae 0a  |....)&.(....C...|
-000001e0  c5 35 fe 55 da 7a ea 0f  78 95 f8 ed 02 84 de 5b  |.5.U.z..x......[|
-000001f0  3e ed e2 d2 25 75 a8 ec  7a 5a a9 35 eb d5 b9 08  |>...%u..zZ.5....|
-00000200  36 f9 fd 1a 18 27 d0 bf  07 46 bb 8b a8 52 bf 8b  |6....'...F...R..|
-00000210  d6 c5 3f 16 11 f9 ea 85  e9 f9 5a 68 17 20 2b 92  |..?.......Zh. +.|
-00000220  0c 58 55 b8 9a 66 6b 80  bb be 24 41 b4 2f 76 9a  |.XU..fk...$A./v.|
-00000230  c5 29 c5 86 e0 d3 1f 63  96 95 3f f2 67 7b 66 d5  |.).....c..?.g{f.|
-00000240  79 cc 47 80 8e 13 1a 29  ee 9a 97 3f 79 e0 be 20  |y.G....)...?y.. |
-00000250  c8 a1 6e 4a 85 91 7d 93  86 f4 0d 4d 5e e4 52 a9  |..nJ..}....M^.R.|
-00000260  a9 17 8b ab fd aa dc fd  a2 4b d3 d9 db 41 95 f9  |.........K...A..|
-00000270  e3 31 a4 2d 53 43 a2 b9  6a 1e f8 5b f4 0d 55 70  |.1.-SC..j..[..Up|
-00000280  f0 18 70 82 8e f3 53 3c  81 ac 13 2a b9 d0 33 dc  |..p...S<...*..3.|
-00000290  b9 8d b9 41 6a 4d 87 c6  70 f2 04 2c 60 01 5b 5d  |...AjM..p..,`.[]|
-000002a0  76 91 19 af 2d 48 82 69  59 15 c4 42 40 6a 38 3a  |v...-H.iY..B@j8:|
-000002b0  a2 db 21 b6 6d b3 e7 50  91 7c 8f f0 97 8f 7c 56  |..!.m..P.|....|V|
-000002c0  8b 4d f5 d3 7a 81 b5 4d  c5 33 ba 14 36 6f be ea  |.M..z..M.3..6o..|
-000002d0  95 1d d2 3d 29 a8 72 34  35 38 56 4c 65 47 b5 8b  |...=).r458VLeG..|
-000002e0  cb 43 9e 8d bd 1b 6b c3  2e 5b 9f f5 5a 60 e6 c9  |.C....k..[..Z`..|
-000002f0  6b c4 85 5c ac 55 fa 67  47 15 45 b4 e9 49 dd 0a  |k..\.U.gG.E..I..|
-00000300  aa be 5f d3 ec c9 88 71  52 eb 91 e9 38 e4 14 15  |.._....qR...8...|
-00000310  f3 ef 37 27 9c b1 c1 66  bb 40 c7 01 b5 8e f2 45  |..7'...f.@.....E|
-00000320  fb be c1 6a 73 a4 48 cf  e6 59 00 0b 37 56 a2 07  |...js.H..Y..7V..|
-00000330  41 29 56 2e 11 28 88 6a  37 df 46 33 a8 3d 14 3a  |A)V..(.j7.F3.=.:|
-00000340  c7 5a be 5e dc 17 03 03  00 99 15 b7 d6 a9 5d ae  |.Z.^..........].|
-00000350  e0 61 a0 09 69 01 c3 61  63 eb 94 9c e3 e3 78 e4  |.a..i..ac.....x.|
-00000360  b9 00 c3 db df cd 72 1b  86 2f 34 4f d0 da 63 c6  |......r../4O..c.|
-00000370  a9 b3 55 57 81 76 f1 fe  2b c0 85 6e 9b 6a c7 14  |..UW.v..+..n.j..|
-00000380  4c b0 48 fb a9 6d 14 f3  44 d1 30 9d ec c4 fc ac  |L.H..m..D.0.....|
-00000390  0a 79 c3 89 55 c8 92 9f  b6 bd 0b aa 85 bd 81 9b  |.y..U...........|
-000003a0  8e 94 b4 27 32 6f 26 da  40 27 6e 1f d9 7e 5e 16  |...'2o&.@'n..~^.|
-000003b0  b1 10 be 7a 9e 3a 80 ed  89 2e b9 9b b4 a9 70 11  |...z.:........p.|
-000003c0  61 46 c3 e9 b3 5e c0 b4  17 71 4a 28 44 1a 27 a4  |aF...^...qJ(D.'.|
-000003d0  20 19 47 70 2c 06 66 6a  19 a4 cb 67 2a 28 3d 4b  | .Gp,.fj...g*(=K|
-000003e0  50 02 c5 17 03 03 00 35  5b 49 ab 32 a4 7e 3c 35  |P......5[I.2.~<5|
-000003f0  a3 47 b6 57 da 5e 4a c8  5b cc 5e 71 35 32 63 7f  |.G.W.^J.[.^q52c.|
-00000400  13 ff c2 d2 db 31 d5 22  3f 6d 26 c3 d3 70 40 4d  |.....1."?m&..p@M|
-00000410  e5 2a cc 0b 51 a6 61 9e  a9 69 22 bf fb           |.*..Q.a..i"..|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 e0  |..+.....3.$... .|
+00000060  70 9a 3d 69 69 1f 8f de  d4 c8 7c dc 65 53 9a c6  |p.=ii.....|.eS..|
+00000070  77 c2 c4 21 1b 06 2d c4  4f 24 61 52 5b 00 69 14  |w..!..-.O$aR[.i.|
+00000080  03 03 00 01 01 17 03 03  00 17 96 99 40 9f d8 9d  |............@...|
+00000090  70 f0 cf f0 86 3e 7f 4a  3a 8a a4 63 6e e1 7f 24  |p....>.J:..cn..$|
+000000a0  f4 17 03 03 00 20 72 bb  5a aa 0e 2e d9 cc 38 0c  |..... r.Z.....8.|
+000000b0  c8 b9 88 08 6f 19 d8 38  14 14 d7 97 42 6c 45 43  |....o..8....BlEC|
+000000c0  51 dc 2b f6 02 e2 17 03  03 02 7a 8d 04 2f 64 c0  |Q.+.......z../d.|
+000000d0  e2 7b b5 20 9d 04 69 5e  88 82 aa f3 c6 b2 8d 6c  |.{. ..i^.......l|
+000000e0  41 08 c3 b1 0c 7d d1 5f  d6 e6 b7 1d c0 ad 2b 0d  |A....}._......+.|
+000000f0  02 c5 f7 6d a0 87 91 07  20 d3 d4 2e 5a 7d 5e 29  |...m.... ...Z}^)|
+00000100  37 2b ac 5f d6 cb eb e9  99 a7 05 f7 e7 ea 9c 99  |7+._............|
+00000110  cd 33 25 f8 45 95 43 f4  7a 59 2a 91 8c e2 ac 84  |.3%.E.C.zY*.....|
+00000120  ba 99 ef d0 d7 ea 9b db  31 b0 27 0c 81 3b b2 83  |........1.'..;..|
+00000130  20 c4 8b 7e 05 ac c6 82  e9 56 5a a2 b6 7c c7 33  | ..~.....VZ..|.3|
+00000140  a8 31 2f ad 60 be ec c3  2d c0 a8 b4 40 50 98 ea  |.1/.`...-...@P..|
+00000150  83 d1 cc a8 34 20 11 7c  2e f7 7c ca d8 27 03 a2  |....4 .|..|..'..|
+00000160  58 86 e8 e6 41 46 07 18  c7 a7 61 f9 cc 2f 7d 1e  |X...AF....a../}.|
+00000170  bb 34 7c 6e cb b3 9c 03  2f b0 dd e9 a1 32 13 10  |.4|n..../....2..|
+00000180  85 1d fa a6 bf c7 4d ec  94 8f 26 07 94 34 b3 5f  |......M...&..4._|
+00000190  b8 e4 da 6f 3d 5b 0a 61  8f 44 58 10 1a 4c f3 bc  |...o=[.a.DX..L..|
+000001a0  ff c7 8f 09 0a e4 1b 35  e8 a9 dc 9c 14 86 e5 67  |.......5.......g|
+000001b0  7e 96 e9 79 8d b2 d7 34  a0 7f 43 07 11 f1 03 68  |~..y...4..C....h|
+000001c0  95 5e f5 fa e7 8f c8 d6  5b 23 c4 84 e4 c5 40 58  |.^......[#....@X|
+000001d0  80 4a ac b7 a7 07 21 93  c1 a9 ad 9a 89 f7 f3 9e  |.J....!.........|
+000001e0  bb 7d 2a 00 d0 e0 66 9d  f7 86 4a ba b1 c9 1e 3b  |.}*...f...J....;|
+000001f0  f1 c6 6e c1 9c 09 85 38  9d fa 5a b9 ca bb a4 f5  |..n....8..Z.....|
+00000200  9e 3f ba d4 31 7d aa d7  f9 bf 83 05 5c 1f 61 18  |.?..1}......\.a.|
+00000210  d4 5e 16 98 c6 92 7b bd  12 96 18 c7 33 75 ad 08  |.^....{.....3u..|
+00000220  d1 0b 47 4c c8 73 3e 68  fb 53 ff e0 1a 10 6c 5a  |..GL.s>h.S....lZ|
+00000230  7f 9d 92 32 2f c2 2d 95  7d c6 ef 18 9b 44 a1 bc  |...2/.-.}....D..|
+00000240  6a f5 88 79 e1 00 a3 14  8f 66 07 03 16 2a 53 80  |j..y.....f...*S.|
+00000250  9b 26 80 0d 0b 5e 0c c6  c9 fa a1 3b c9 a6 91 1f  |.&...^.....;....|
+00000260  bd fb 79 24 ab 93 e4 25  d1 a6 41 8b 9e a9 06 0f  |..y$...%..A.....|
+00000270  80 2e 4e 8c 20 2c 1e a8  7e 63 7a 4f b8 90 c3 56  |..N. ,..~czO...V|
+00000280  a3 9e 63 2a 8b 85 9e ef  66 f5 16 be 79 c3 9b 47  |..c*....f...y..G|
+00000290  dc 1c 75 0b 30 3c db 32  e8 ec 33 f9 9f 26 3d 56  |..u.0<.2..3..&=V|
+000002a0  36 e9 ea 83 57 c4 59 ac  73 db 04 5a 1d 38 9b e4  |6...W.Y.s..Z.8..|
+000002b0  47 50 f8 92 92 7f c9 09  4f f4 9c ab 3e 03 df 80  |GP......O...>...|
+000002c0  cc 5b 50 0b 06 ef 8c 59  d2 f6 f3 a4 16 e7 0f 90  |.[P....Y........|
+000002d0  c8 79 95 0a 39 0f 33 69  31 29 1c 30 77 72 58 b5  |.y..9.3i1).0wrX.|
+000002e0  cf 0e 4c 30 fc 0a 01 93  b1 20 21 34 2a ce 28 8d  |..L0..... !4*.(.|
+000002f0  57 71 3e c9 b1 51 c9 4f  e5 e4 09 0b 1e 32 52 4e  |Wq>..Q.O.....2RN|
+00000300  d0 be f2 a2 90 75 f4 a8  61 66 43 84 74 4e bb 28  |.....u..afC.tN.(|
+00000310  7b ea 68 96 92 6d 4b 8c  af 50 13 84 92 b9 6b 48  |{.h..mK..P....kH|
+00000320  60 1c 60 62 28 a2 37 d1  1c 86 d4 60 27 a6 5b 6d  |`.`b(.7....`'.[m|
+00000330  88 d7 56 21 b7 86 f5 b6  34 f9 55 cf 47 f8 4f 90  |..V!....4.U.G.O.|
+00000340  78 5c 56 52 97 17 03 03  00 99 35 71 51 6f 73 ba  |x\VR......5qQos.|
+00000350  76 60 e1 4a 5f ec ce 52  b6 91 58 3d 0c ea e6 58  |v`.J_..R..X=...X|
+00000360  7e ee da 1e aa df bb 8e  c9 89 ce 43 bd e7 34 9b  |~..........C..4.|
+00000370  b8 4b dd 50 73 0c f7 e5  15 e0 a1 c3 bd 07 08 62  |.K.Ps..........b|
+00000380  a2 d5 2e 9f 46 f7 4d 9c  ae ad be 22 89 0f b0 3e  |....F.M...."...>|
+00000390  82 1c 80 60 38 39 4f 06  f9 fc 4c f8 02 bf b3 5a  |...`89O...L....Z|
+000003a0  25 22 f4 62 61 ba eb 78  b2 40 68 ea 99 ef 95 90  |%".ba..x.@h.....|
+000003b0  b1 b5 25 17 81 43 5c 15  bd a9 1f e8 0f b9 91 be  |..%..C\.........|
+000003c0  f1 47 91 99 ec 50 3b fa  c2 06 fc 89 09 a3 d7 b3  |.G...P;.........|
+000003d0  ed e3 3d 41 57 07 4b b0  3d 02 51 7e 13 bb d3 68  |..=AW.K.=.Q~...h|
+000003e0  49 4c 6a 17 03 03 00 35  63 f7 b5 68 31 22 c7 f5  |ILj....5c..h1"..|
+000003f0  50 ae c0 81 0f 50 fb ba  50 72 8a d7 e0 c0 73 07  |P....P..Pr....s.|
+00000400  d0 88 ed 6d 7b e7 66 b3  8d e3 10 ca 2f 68 c3 39  |...m{.f...../h.9|
+00000410  d9 b9 09 44 78 4a 11 91  fb 51 ea 9f 9a           |...DxJ...Q...|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 02 7a 5c ca 9a 42 8c  |..........z\..B.|
-00000010  89 80 5e f5 67 03 ec e8  79 ac 9e 95 3b 12 bf 9c  |..^.g...y...;...|
-00000020  e8 c6 85 54 36 f3 7e ad  5e b8 0e 78 f7 f2 9f 73  |...T6.~.^..x...s|
-00000030  da 8a 1e f3 0f 0c be 7d  ef 3d ec d8 51 91 55 3d  |.......}.=..Q.U=|
-00000040  21 ba 3d 10 32 94 7b 1c  6b 5e 5a 18 0e 79 9c f9  |!.=.2.{.k^Z..y..|
-00000050  7c 48 73 21 ae ed 2d b7  fe 34 9c 70 10 fb 67 9f  ||Hs!..-..4.p..g.|
-00000060  c6 28 56 2e cb 42 e3 be  c5 b8 7d cf 4d 54 22 a0  |.(V..B....}.MT".|
-00000070  8f 7c ce 49 96 d2 ad 88  80 6b 06 be 36 0d c8 24  |.|.I.....k..6..$|
-00000080  c1 bd 09 e8 36 a4 a9 e7  cc 4c de ed bb d6 cf 5b  |....6....L.....[|
-00000090  da 21 75 f1 f5 6d ed 75  d2 a5 13 11 4d 4e 62 e9  |.!u..m.u....MNb.|
-000000a0  92 23 49 37 57 f4 56 a4  54 1b 59 c0 ed cf 43 d1  |.#I7W.V.T.Y...C.|
-000000b0  c3 d1 18 4d 47 5f e1 f8  13 ed f2 7d 1e 97 9d ba  |...MG_.....}....|
-000000c0  c5 49 e9 2c 76 ca 02 60  89 01 7a 47 b7 1d 07 54  |.I.,v..`..zG...T|
-000000d0  01 17 52 39 10 59 c1 58  66 3e 24 24 7d a7 94 5f  |..R9.Y.Xf>$$}.._|
-000000e0  3b df 0c 47 fc 96 bc 4a  fc 82 55 cf d3 33 b1 da  |;..G...J..U..3..|
-000000f0  37 7b b4 f3 b2 03 31 cc  2b 60 a2 e4 76 28 d5 fd  |7{....1.+`..v(..|
-00000100  4a 5f 47 e3 97 21 11 6a  5d 51 a5 43 9e bb b0 50  |J_G..!.j]Q.C...P|
-00000110  21 09 7c c8 e5 ca f9 7a  69 2c 0b 83 37 7a 8b 35  |!.|....zi,..7z.5|
-00000120  ff 63 cf df aa 18 0c 75  39 14 e7 90 0b 67 5f b6  |.c.....u9....g_.|
-00000130  94 cd 1a 49 ce 4f 46 dd  2b 61 7d 07 72 11 6e 69  |...I.OF.+a}.r.ni|
-00000140  3b 6f 0c 1c 6c 8c 10 ef  ef a1 bc 05 2f c9 20 8b  |;o..l......./. .|
-00000150  e2 fa 94 89 48 49 5d 1c  73 85 d7 e3 25 27 de a9  |....HI].s...%'..|
-00000160  1a fb 2e e0 74 c8 aa 52  4c e7 48 ec ca 99 48 ba  |....t..RL.H...H.|
-00000170  03 9b f7 75 de 01 0b 2e  9e 14 2f 1b 82 13 01 7c  |...u....../....||
-00000180  55 7e 24 06 55 59 62 f4  b6 33 69 7e c9 c1 07 07  |U~$.UYb..3i~....|
-00000190  6d 61 e0 18 d3 2b 46 4f  ff 14 01 31 06 d6 b2 d2  |ma...+FO...1....|
-000001a0  56 40 1e 69 70 21 a1 33  98 ef 23 79 6c b1 ed f6  |V@.ip!.3..#yl...|
-000001b0  15 b9 8f fc 69 7a f4 4d  3b f8 bd 50 ee 6a 15 15  |....iz.M;..P.j..|
-000001c0  0a 81 b6 4b 40 6c 15 e6  55 92 cf 8f a1 00 bf d5  |...K@l..U.......|
-000001d0  f7 74 13 30 ba ab eb 9d  82 bb 76 14 17 7e ab 30  |.t.0......v..~.0|
-000001e0  36 62 61 0a d3 2c 92 ca  95 b0 8b 41 54 b3 fa 0a  |6ba..,.....AT...|
-000001f0  82 8c aa bd 89 e2 fa 1a  87 9d 9a 1e 21 78 a4 27  |............!x.'|
-00000200  5d 16 4d e6 a7 43 a5 11  0d db 35 08 9c 23 96 8b  |].M..C....5..#..|
-00000210  80 46 5d 9f 1d 4e a2 04  17 8e 4d 57 c6 55 35 b4  |.F]..N....MW.U5.|
-00000220  ac 0b c2 44 60 f6 08 1c  cc c7 ba 7c e1 14 fb c2  |...D`......|....|
-00000230  1d 67 67 ed 20 99 14 34  5a 97 85 0b ca 36 34 8e  |.gg. ..4Z....64.|
-00000240  18 de ab 4d c6 32 6c 4f  44 eb b6 05 7b a6 37 db  |...M.2lOD...{.7.|
-00000250  57 65 8a 62 5e c4 8c 14  13 6c 41 b4 7a 0d a8 75  |We.b^....lA.z..u|
-00000260  42 a7 1b 92 34 16 2a 77  e3 63 bf 23 cc 42 9b 9d  |B...4.*w.c.#.B..|
-00000270  bd c9 ba b3 20 77 6a 56  c2 2c dc 72 9f ec b2 a8  |.... wjV.,.r....|
-00000280  57 cc 00 17 a1 17 03 03  00 99 0a d6 46 7f 5a 00  |W...........F.Z.|
-00000290  7e c4 1b 10 c4 d6 ae 8a  37 cb 47 3d bd f0 17 f3  |~.......7.G=....|
-000002a0  9b 25 fa 31 cb 75 10 1c  95 4b 80 9e ff 78 ae b4  |.%.1.u...K...x..|
-000002b0  65 b7 2f 00 3f 94 79 1d  66 52 f7 48 03 df 35 6b  |e./.?.y.fR.H..5k|
-000002c0  06 42 55 1a bd 0d f0 e0  6f 8e 8e b7 60 dc e2 ec  |.BU.....o...`...|
-000002d0  8b 9b 2e de 1a 08 65 b1  ad 9d 41 a5 32 6f bd f2  |......e...A.2o..|
-000002e0  02 47 79 4a 02 03 45 e0  2e 0e 9c e4 05 ae 8a 47  |.GyJ..E........G|
-000002f0  20 61 5a a3 da ab 84 33  11 76 81 a3 93 6b b0 9a  | aZ....3.v...k..|
-00000300  9d 64 6e f3 ba a0 ab 17  c5 3e 95 8a 1e 95 62 99  |.dn......>....b.|
-00000310  5a 12 68 96 49 05 33 b6  6e 95 46 11 9b af de 62  |Z.h.I.3.n.F....b|
-00000320  0c 5e e1 17 03 03 00 35  78 f6 24 17 fb 8f 65 3f  |.^.....5x.$...e?|
-00000330  5b 1d dd 3d 3d 73 c5 fb  1f 37 fb 54 a5 d3 58 49  |[..==s...7.T..XI|
-00000340  ed 63 22 f9 b6 fb a2 68  59 9b 04 55 03 f1 38 af  |.c"....hY..U..8.|
-00000350  2e ee 85 0c c8 95 2f f9  a9 e7 de d9 14 17 03 03  |....../.........|
-00000360  00 17 8b 72 27 df c9 0d  69 d1 95 e2 5a ea 3e dd  |...r'...i...Z.>.|
-00000370  be df 0b 72 de 0c e5 4a  19 17 03 03 00 13 0d b2  |...r...J........|
-00000380  7c 8d b1 44 32 9d 63 b1  8b 90 e1 2d 92 9c c4 b9  ||..D2.c....-....|
-00000390  cd                                                |.|
+00000000  14 03 03 00 01 01 17 03  03 02 7a 63 6c 83 c6 db  |..........zcl...|
+00000010  85 98 08 0a da be 96 d7  7a 2e 61 7b 7e d1 4f d4  |........z.a{~.O.|
+00000020  45 03 25 05 50 fc 20 ee  8f ae 56 39 15 0b c3 44  |E.%.P. ...V9...D|
+00000030  80 5c 81 45 55 df 1d cd  30 92 7c 5e 43 16 e1 29  |.\.EU...0.|^C..)|
+00000040  46 77 d3 03 6d 36 11 d0  91 76 a8 34 f0 98 67 f6  |Fw..m6...v.4..g.|
+00000050  88 f8 f7 d0 a3 ee e0 d1  30 9f 6f e9 75 ad d6 e9  |........0.o.u...|
+00000060  e8 e9 6f 11 55 7e 66 87  9a 7e 9d a5 31 b2 67 fd  |..o.U~f..~..1.g.|
+00000070  a2 a7 c8 c8 4d d8 2b f1  5b a9 b5 df 03 42 55 96  |....M.+.[....BU.|
+00000080  9e 73 9c 9a 6a b9 9f 2e  a5 ec ba 0b a3 5b 99 b4  |.s..j........[..|
+00000090  7c 57 96 fb f5 96 20 ac  71 90 bb 4b 76 dd 2e 01  ||W.... .q..Kv...|
+000000a0  17 d0 63 76 c9 4a e5 ae  58 bd 59 b5 e1 85 6d 46  |..cv.J..X.Y...mF|
+000000b0  9f d5 3e 9d a7 f0 92 96  ec 4e 90 c3 5a 52 ba e5  |..>......N..ZR..|
+000000c0  bd fa f0 a7 88 d5 9e 76  9b 2b 23 fb 37 c0 f1 0a  |.......v.+#.7...|
+000000d0  d2 df d4 2c 5d 8c 64 f0  98 3c 85 3f bb ed 30 44  |...,].d..<.?..0D|
+000000e0  eb cb fc 47 e5 8a 57 ff  37 23 6d e2 75 a7 15 e4  |...G..W.7#m.u...|
+000000f0  dc f9 02 8f c4 af d8 e8  bb 07 43 90 5b c2 86 f3  |..........C.[...|
+00000100  40 22 a7 bb b6 f1 f6 4c  2e d6 fd d8 02 f0 3d 27  |@".....L......='|
+00000110  89 38 97 7d 6e d3 6c b1  4c 87 ca 30 e9 ec fe b3  |.8.}n.l.L..0....|
+00000120  db 62 ea 2f 3a 83 95 18  4e 44 4f 97 c4 ff f6 bb  |.b./:...NDO.....|
+00000130  0b b0 98 c7 c6 c7 94 0a  8b c9 c0 d9 51 d3 6a e1  |............Q.j.|
+00000140  36 55 79 c4 37 75 6f e7  14 53 60 9e 22 00 fe d7  |6Uy.7uo..S`."...|
+00000150  ef e4 ca 60 38 12 25 8c  c6 c9 7e 5f 1a 7c f1 c1  |...`8.%...~_.|..|
+00000160  a7 15 b2 f4 32 31 de c8  a2 d4 59 46 1e 68 a6 94  |....21....YF.h..|
+00000170  b8 18 52 df 44 01 0b a0  a0 02 60 83 84 fc ad 99  |..R.D.....`.....|
+00000180  fc 60 0b 23 0a 7a f9 73  bf d8 a5 af 9b ea dd a3  |.`.#.z.s........|
+00000190  fb 5b 41 17 95 0a 57 4a  94 7e 24 9f 31 74 06 65  |.[A...WJ.~$.1t.e|
+000001a0  95 90 40 20 17 0b 95 22  b8 49 4e a6 a4 be e1 74  |..@ ...".IN....t|
+000001b0  01 a2 7e cd 60 50 46 5c  fd 2a 88 90 ef 7f 6c b8  |..~.`PF\.*....l.|
+000001c0  3e a1 40 8e 91 cd 8d db  ad 81 d0 08 b0 d0 d7 ae  |>.@.............|
+000001d0  18 4f 47 9b 1a 66 8b a5  d2 fb 01 d3 67 79 46 71  |.OG..f......gyFq|
+000001e0  5a 49 dd df 06 c6 57 c7  e0 b1 60 39 d4 a9 37 88  |ZI....W...`9..7.|
+000001f0  31 0d c0 92 4e c7 2a 25  c4 df b0 d8 df bb 31 1b  |1...N.*%......1.|
+00000200  ff 0a 34 46 46 88 0b 11  7d 20 32 cd 01 d0 3f 11  |..4FF...} 2...?.|
+00000210  e1 6e 63 42 d7 4a 83 ab  ad f7 51 bd c3 37 2b 76  |.ncB.J....Q..7+v|
+00000220  9e bb 45 3b 81 d8 47 71  02 b9 fe 7c 56 46 78 3e  |..E;..Gq...|VFx>|
+00000230  9e 94 00 1b 98 17 72 37  c0 e5 36 a9 f0 02 b7 cf  |......r7..6.....|
+00000240  f0 b4 66 10 1b 91 07 5f  bb 22 e8 12 d9 e3 33 dd  |..f...._."....3.|
+00000250  87 66 e4 f6 00 f6 3a dc  19 59 af ce 8e ae c4 d3  |.f....:..Y......|
+00000260  03 d8 25 02 40 7e 95 70  31 85 53 bc 9e 96 11 69  |..%.@~.p1.S....i|
+00000270  5b 2f b9 17 48 f4 ae c5  a1 c5 d1 7f 4a 10 06 b6  |[/..H.......J...|
+00000280  2e 34 6c 09 12 17 03 03  00 99 16 4c 04 64 97 e0  |.4l........L.d..|
+00000290  26 e1 66 e9 34 05 d7 d3  75 e3 b9 de 56 15 51 67  |&.f.4...u...V.Qg|
+000002a0  fb fe 9a c6 9a 3c 38 08  2c c8 8c dd fe 49 c5 ed  |.....<8.,....I..|
+000002b0  a8 54 86 90 2c f6 7c d1  12 02 99 94 5e 2e 4b 4e  |.T..,.|.....^.KN|
+000002c0  84 e9 b4 96 5c dc 56 28  3d ea a9 4f 8f ad 51 ff  |....\.V(=..O..Q.|
+000002d0  02 b1 b9 7a 29 e5 32 7c  2a 8b 60 5d e2 fc b4 8f  |...z).2|*.`]....|
+000002e0  06 32 4a ea 37 ed 03 f0  68 72 b7 83 1f 04 10 2b  |.2J.7...hr.....+|
+000002f0  24 db 5b 10 6c 41 55 40  54 69 07 39 d4 db ac 10  |$.[.lAU@Ti.9....|
+00000300  77 9f 04 f4 b9 3f 35 7e  04 af ab 7a a0 47 b9 d9  |w....?5~...z.G..|
+00000310  4c 6e 25 00 ce ef 93 3f  28 2c 2d f6 42 e4 5f 3e  |Ln%....?(,-.B._>|
+00000320  26 92 13 17 03 03 00 35  fb 14 eb 5f 18 61 75 ba  |&......5..._.au.|
+00000330  e4 dc d2 95 fe 93 bb 54  29 e3 38 e3 59 54 81 9f  |.......T).8.YT..|
+00000340  4e 29 be c6 e6 cd ad 8c  9d 6a ad 28 ec d3 a6 e4  |N).......j.(....|
+00000350  bc 5e 8c df a8 7e 14 d8  69 3c 30 7c 0a 17 03 03  |.^...~..i<0|....|
+00000360  00 17 10 73 c0 75 88 af  51 90 ff 3f b2 83 47 27  |...s.u..Q..?..G'|
+00000370  19 c0 e6 cd 14 a4 c7 8d  a0 17 03 03 00 13 fb 1f  |................|
+00000380  ed 8e 47 c8 79 f9 53 df  6d 97 a7 1d 53 8d 80 85  |..G.y.S.m...S...|
+00000390  dd                                                |.|
diff --git a/testdata/Client-TLSv13-ECDSA b/testdata/Client-TLSv13-ECDSA
index 53624650..eeab8711 100644
--- a/testdata/Client-TLSv13-ECDSA
+++ b/testdata/Client-TLSv13-ECDSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,83 +7,82 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 cd 84 c1 22 3c  |....z...v....."<|
-00000010  2e 71 03 57 5f c1 27 88  ae 0e 7f 1a e7 aa 82 6d  |.q.W_.'........m|
-00000020  8d f1 18 78 8d b2 4c d6  11 c3 b0 20 00 00 00 00  |...x..L.... ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 a5 7b 07 50 bc  |....z...v...{.P.|
+00000010  01 11 74 76 99 fb 85 e5  40 6b 02 14 d9 64 b1 8a  |..tv....@k...d..|
+00000020  8b 78 a3 ee 2e 4d b0 96  14 3a fb 20 00 00 00 00  |.x...M...:. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 1a  |..+.....3.$... .|
-00000060  28 ce a9 6b 7d 26 24 78  52 fe e1 65 34 6b 12 50  |(..k}&$xR..e4k.P|
-00000070  5c 4b b0 10 2e 94 3f b3  a0 b7 45 fc 3b 4d 31 14  |\K....?...E.;M1.|
-00000080  03 03 00 01 01 17 03 03  00 17 21 d8 25 9d 8a 8a  |..........!.%...|
-00000090  84 70 10 37 95 29 4e 00  da eb c1 e7 20 a3 09 a3  |.p.7.)N..... ...|
-000000a0  63 17 03 03 02 22 51 4c  48 48 ce 06 1d 4d 42 fa  |c...."QLHH...MB.|
-000000b0  54 16 a0 fe 66 f2 62 56  55 8e 71 0a 8a 75 8f ff  |T...f.bVU.q..u..|
-000000c0  71 72 29 09 54 f2 74 a8  0a 8c f3 62 84 2d 4c 11  |qr).T.t....b.-L.|
-000000d0  02 f1 c5 6f 2c f0 39 91  3e 58 98 e2 3d 87 0d 8b  |...o,.9.>X..=...|
-000000e0  5a 77 8f 2d 38 fb 3a b8  63 4f 79 24 bb 40 6f 09  |Zw.-8.:.cOy$.@o.|
-000000f0  28 01 bd 03 53 f0 63 fc  49 92 ba 9b 3b fd a1 75  |(...S.c.I...;..u|
-00000100  cf be 2c 5a da 3d 53 b2  11 5c f8 66 26 d0 78 6c  |..,Z.=S..\.f&.xl|
-00000110  3e a0 34 16 2b 28 6b 73  95 08 d7 e6 2f f4 f3 74  |>.4.+(ks..../..t|
-00000120  3f 1d e1 a5 e4 0e 82 af  52 58 09 b0 90 f8 ee ea  |?.......RX......|
-00000130  5a 34 b7 29 7a a6 bb 0a  2f 64 f7 51 80 71 90 82  |Z4.)z.../d.Q.q..|
-00000140  d2 1a fa c9 43 de 31 eb  a1 f6 b0 31 99 5e 8b 84  |....C.1....1.^..|
-00000150  6b f1 66 6e 49 6d 2e 52  e1 c4 21 76 7b 1e bf d4  |k.fnIm.R..!v{...|
-00000160  c1 8f 7c 1b a9 6f 4d 1b  03 86 63 8b d4 64 24 79  |..|..oM...c..d$y|
-00000170  73 00 1e cc 2b 5c a6 65  db 35 74 95 9b 04 5d ce  |s...+\.e.5t...].|
-00000180  ef 54 eb be 6a 6a 04 5d  e2 ba cb 4f c7 3f 33 8f  |.T..jj.]...O.?3.|
-00000190  20 51 6c 03 0a 1a 90 e3  74 e4 e3 2f 78 00 1b 4a  | Ql.....t../x..J|
-000001a0  17 9a 6f 35 0b b8 0e 30  cc 51 87 fa 17 d9 95 39  |..o5...0.Q.....9|
-000001b0  b5 51 c6 3f 6f 9b 39 74  c6 3e a3 8e 10 2f fc eb  |.Q.?o.9t.>.../..|
-000001c0  85 b3 a3 6e 21 5d 9f dc  fb 6a 5f 4b 42 5c a1 f5  |...n!]...j_KB\..|
-000001d0  c3 b7 5c ef 86 22 e9 bb  ae 97 96 ff 06 b1 d8 19  |..\.."..........|
-000001e0  38 6b 23 03 30 ea 1c 6f  c3 4a 94 74 35 16 61 2e  |8k#.0..o.J.t5.a.|
-000001f0  c6 9d a7 db b0 50 63 f7  e2 7c 00 2b 12 05 89 f2  |.....Pc..|.+....|
-00000200  e9 06 98 12 3c 77 6e d3  09 7f 6f 93 28 1e ce 1f  |....<wn...o.(...|
-00000210  e5 1f 18 b3 65 14 71 22  58 3b e1 a9 6a 03 16 37  |....e.q"X;..j..7|
-00000220  5c 93 3c ad 66 29 59 45  05 8f ae 0d b3 ca 79 ad  |\.<.f)YE......y.|
-00000230  40 9f ad 12 94 26 80 69  12 32 3d bf 90 90 e6 a1  |@....&.i.2=.....|
-00000240  f6 d4 ab 94 27 0c ab 1b  e9 36 7a 6f 88 58 4a 54  |....'....6zo.XJT|
-00000250  5d 86 bf 2b 1c 0d 3c 02  2e f1 93 63 7f 16 75 8b  |]..+..<....c..u.|
-00000260  a4 ef ee ea b3 dd 2a cf  c8 4a 78 79 54 ca 78 82  |......*..JxyT.x.|
-00000270  1f b2 20 af 90 39 9b 90  01 ce eb 5f 42 c1 9a 1e  |.. ..9....._B...|
-00000280  33 b9 a5 9b ff 48 40 7e  ed 26 ba 51 93 50 31 20  |3....H@~.&.Q.P1 |
-00000290  dd 38 f1 51 53 92 ee c5  63 a8 5a 62 db 1b d6 79  |.8.QS...c.Zb...y|
-000002a0  77 7c c8 45 8d f4 b3 c9  c9 60 e2 5d f3 8a 4c bc  |w|.E.....`.]..L.|
-000002b0  f8 f0 ee 10 61 50 4b 2d  df 5a e7 2b 48 fe 96 06  |....aPK-.Z.+H...|
-000002c0  c8 92 73 4c fc 5a 03 17  17 03 03 00 a3 24 2b 19  |..sL.Z.......$+.|
-000002d0  f9 ef c8 14 4e 1a 90 bc  2b a3 ff 95 52 99 b8 73  |....N...+...R..s|
-000002e0  49 10 fa 44 8e 39 a8 48  17 6c e6 7f bf 0d 93 95  |I..D.9.H.l......|
-000002f0  09 93 92 27 57 49 f2 79  16 36 2b 90 a9 1c 17 32  |...'WI.y.6+....2|
-00000300  a7 fa 2e 8d ca 68 40 09  dd c7 68 40 6a 2a 87 11  |.....h@...h@j*..|
-00000310  fc fc 2f fe e2 3a df 86  23 8b 4d 15 29 d9 a1 87  |../..:..#.M.)...|
-00000320  2b ac 58 72 eb c3 ac 3a  a2 30 6f 07 54 d1 72 ea  |+.Xr...:.0o.T.r.|
-00000330  7e 7b 7b 71 6c b6 57 64  d7 3f a6 59 f7 b0 8c 3f  |~{{ql.Wd.?.Y...?|
-00000340  8e d1 cb e6 75 f6 7d bf  43 cc be 35 a4 19 f9 48  |....u.}.C..5...H|
-00000350  c4 b7 bf 91 44 df 9a d5  97 7a f3 4c 98 08 b3 6e  |....D....z.L...n|
-00000360  a8 1c c6 d9 36 89 06 37  84 98 d3 e7 7c 11 f3 06  |....6..7....|...|
-00000370  17 03 03 00 35 9c d8 82  e3 d2 7b b5 48 1e 82 ee  |....5.....{.H...|
-00000380  05 ff a5 9f 3b bb 69 41  72 99 2e 78 57 d6 81 9c  |....;.iAr..xW...|
-00000390  57 36 f9 bf 52 cd 8d 30  f6 67 5e e3 30 12 2f f5  |W6..R..0.g^.0./.|
-000003a0  19 a1 27 97 af a8 1f c3  73 78                    |..'.....sx|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 67  |..+.....3.$... g|
+00000060  b0 dc 13 4f 2b 92 43 27  38 b5 2c 7a 3a 87 83 6f  |...O+.C'8.,z:..o|
+00000070  a1 cc 43 fa 90 9e 2e 4d  88 f6 60 d4 20 32 6a 14  |..C....M..`. 2j.|
+00000080  03 03 00 01 01 17 03 03  00 17 9b 51 d0 81 30 4b  |...........Q..0K|
+00000090  52 65 8b b5 fe 1a cc 44  c9 7a 10 83 41 0b 1a 00  |Re.....D.z..A...|
+000000a0  76 17 03 03 02 22 4e 55  d0 64 9c 41 c8 22 2c 9c  |v...."NU.d.A.",.|
+000000b0  0e 0a 0c 2b 2b 2e 6e 08  d5 54 75 61 99 bf ea f5  |...++.n..Tua....|
+000000c0  ca 12 3e 44 7f 81 a8 40  d1 7c 4d a0 a3 d2 f3 07  |..>D...@.|M.....|
+000000d0  40 af 68 81 69 dd 7c 77  24 26 87 73 73 5e d2 0c  |@.h.i.|w$&.ss^..|
+000000e0  2a 32 c5 34 50 ef a8 0f  63 12 3a 47 34 8f f2 c6  |*2.4P...c.:G4...|
+000000f0  9f bd 81 bf ea 69 47 04  8b 87 64 4e 67 81 10 a5  |.....iG...dNg...|
+00000100  f1 76 92 5e d6 11 a5 48  5b cc ef a8 43 dd cf f5  |.v.^...H[...C...|
+00000110  20 9d b8 2f f4 0d 92 10  55 af d1 fa ab 64 5f 99  | ../....U....d_.|
+00000120  3e 6b e9 70 70 f1 22 d9  05 04 89 3a fa 65 ae 91  |>k.pp."....:.e..|
+00000130  9d 07 ea 54 93 2d 02 0c  c0 70 d9 e9 f0 9a 5a 81  |...T.-...p....Z.|
+00000140  c6 c6 79 e0 e1 90 ad 34  78 bf d3 c8 9c 68 2e ac  |..y....4x....h..|
+00000150  e6 2d c0 e5 c8 3c 77 80  d7 dd e5 a4 ac b8 36 4f  |.-...<w.......6O|
+00000160  9f 47 3e 40 bf 95 49 3c  1a e7 46 57 c8 59 65 e7  |.G>@..I<..FW.Ye.|
+00000170  4e db 21 ea ab 72 47 79  e6 c1 4f ea 17 e3 b4 73  |N.!..rGy..O....s|
+00000180  9d e2 e5 72 be 88 0a 60  1e 35 02 67 33 a0 7a 05  |...r...`.5.g3.z.|
+00000190  b8 ae 05 b2 53 6c cd c5  e3 a5 16 56 2b b0 0e 8e  |....Sl.....V+...|
+000001a0  a0 ca 54 c0 34 6b 00 22  69 de e1 57 81 48 c6 1a  |..T.4k."i..W.H..|
+000001b0  cc 88 f6 15 1c 7e b6 1f  b0 48 82 75 6b ff 42 78  |.....~...H.uk.Bx|
+000001c0  f9 85 10 86 5b af 31 62  f6 7b d4 8a a6 86 3f 99  |....[.1b.{....?.|
+000001d0  9b ce 91 c0 4d 44 5b 3f  16 81 d0 a9 4a e0 2d 85  |....MD[?....J.-.|
+000001e0  a4 80 91 64 13 20 33 dc  84 48 da 79 2e 73 cb 78  |...d. 3..H.y.s.x|
+000001f0  9c 05 8a 6c 42 ce b0 b0  45 3c 05 47 47 f7 92 3b  |...lB...E<.GG..;|
+00000200  d2 fb 65 f0 40 a3 52 b7  aa 04 ae 71 84 35 12 7a  |..e.@.R....q.5.z|
+00000210  33 f8 8b 0d 21 a3 29 ad  78 de df 7f 53 71 fb 5f  |3...!.).x...Sq._|
+00000220  a5 ab 07 89 3a 1f e9 ca  6d 8d bb 04 39 8d b3 50  |....:...m...9..P|
+00000230  7e 2e bd 0f b8 ff 4f 3f  d1 a5 23 b9 80 33 da b0  |~.....O?..#..3..|
+00000240  2c dc 0f c2 26 b2 cf 59  d9 10 ef 66 52 40 e4 54  |,...&..Y...fR@.T|
+00000250  28 5e 7f c1 94 62 8f 4f  9b 94 fc c9 32 af f5 17  |(^...b.O....2...|
+00000260  5d 04 32 08 83 f4 90 68  68 01 d3 00 ed 82 f3 da  |].2....hh.......|
+00000270  81 2e d5 df 1e 13 c3 c3  76 83 c4 67 23 c4 32 c0  |........v..g#.2.|
+00000280  59 5d dd 56 78 d9 74 ef  7b d5 c9 13 4d 62 29 85  |Y].Vx.t.{...Mb).|
+00000290  ca 24 53 1a b1 2b 09 a1  a6 26 db 13 cf 2a 2b 92  |.$S..+...&...*+.|
+000002a0  85 a3 51 2b 24 e1 90 2a  fe 0c 74 ee 86 cc 3b 6a  |..Q+$..*..t...;j|
+000002b0  07 21 a6 b6 97 a4 e0 9f  3d 75 9a 2b 9e 91 ef d8  |.!......=u.+....|
+000002c0  c9 94 28 ba 40 e4 cc 6a  17 03 03 00 a4 ab c3 c1  |..(.@..j........|
+000002d0  32 1d 44 0d f7 85 e3 85  df 9e bb 0c 82 18 a2 9f  |2.D.............|
+000002e0  27 de 78 4f 06 9b 43 59  27 b5 8e 34 4d 96 b3 96  |'.xO..CY'..4M...|
+000002f0  af 8b 98 d0 36 91 52 df  9c aa c2 fe e7 0f ed ca  |....6.R.........|
+00000300  ef 57 73 97 cc c8 dc 7c  c8 15 73 ad a6 3e 54 93  |.Ws....|..s..>T.|
+00000310  1a ab 72 f6 e0 e3 cb bb  fe a5 d1 45 47 f3 1a 89  |..r........EG...|
+00000320  40 f7 9d f5 e4 61 16 fa  12 0a 62 24 a7 34 ab 6f  |@....a....b$.4.o|
+00000330  08 85 b2 fe b2 5c 49 59  7b cb 05 b2 e3 1a 37 79  |.....\IY{.....7y|
+00000340  b1 27 28 a5 ab ee ae 72  11 19 61 c0 3b ed 32 ec  |.'(....r..a.;.2.|
+00000350  57 26 76 8e 42 3c 98 4a  ec 10 4e e0 eb e2 19 3d  |W&v.B<.J..N....=|
+00000360  67 47 99 9c e5 97 a4 07  ff 7a b5 15 65 0e b9 e4  |gG.......z..e...|
+00000370  e3 17 03 03 00 35 61 d9  d8 36 a0 1e 83 b0 f8 1f  |.....5a..6......|
+00000380  74 61 a0 4b 93 7f 98 8b  63 1c 63 82 f4 cd 57 8d  |ta.K....c.c...W.|
+00000390  1f 75 7a 6d a9 1d e2 35  0b 2b 9a 5f 5f 71 cd 46  |.uzm...5.+.__q.F|
+000003a0  48 7f 27 af a5 da 8b 35  b1 18 39                 |H.'....5..9|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 c8 b8 4f 16 71  |..........5..O.q|
-00000010  03 a4 39 02 a9 6e 62 a5  62 8e 64 7d 13 8c 11 66  |..9..nb.b.d}...f|
-00000020  f2 6c 24 36 5b 9c 95 6b  5b ea fc 66 a2 ef 7c 97  |.l$6[..k[..f..|.|
-00000030  0c 75 7a 05 99 21 ff af  fc 91 b3 64 74 64 89 76  |.uz..!.....dtd.v|
-00000040  17 03 03 00 17 3f b3 8e  94 d5 bd e2 79 9c e5 d3  |.....?......y...|
-00000050  f7 3d bd aa 6a 35 5a 1a  0b 96 69 3d 17 03 03 00  |.=..j5Z...i=....|
-00000060  13 d7 34 66 9d 25 f2 de  49 40 34 20 a5 0c 88 b5  |..4f.%..I@4 ....|
-00000070  00 e8 ac ee                                       |....|
+00000000  14 03 03 00 01 01 17 03  03 00 35 3d 13 d4 8c 88  |..........5=....|
+00000010  73 62 97 8b 18 04 f7 05  8d c8 56 d2 f4 0a 86 93  |sb........V.....|
+00000020  d4 6f 08 1c d8 7f 57 be  50 03 a7 4a c8 37 80 04  |.o....W.P..J.7..|
+00000030  43 1b 2a 86 21 25 ae 84  53 80 0c f6 4f 2e 73 67  |C.*.!%..S...O.sg|
+00000040  17 03 03 00 17 43 99 86  f2 2f a2 22 05 36 d8 47  |.....C.../.".6.G|
+00000050  c5 57 92 93 c7 79 d9 fd  13 70 8f 75 17 03 03 00  |.W...y...p.u....|
+00000060  13 15 90 47 ea af 57 89  d4 19 70 e7 e1 ce 68 8a  |...G..W...p...h.|
+00000070  7b 83 8c a5                                       |{...|
diff --git a/testdata/Client-TLSv13-Ed25519 b/testdata/Client-TLSv13-Ed25519
index 04c26cb6..274620a2 100644
--- a/testdata/Client-TLSv13-Ed25519
+++ b/testdata/Client-TLSv13-Ed25519
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,65 +7,64 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 41 2a 70 9e fa  |....z...v..A*p..|
-00000010  49 ab 26 ea 07 12 90 9f  e9 be 67 21 3a 0f e8 c9  |I.&.......g!:...|
-00000020  54 97 77 ce d4 54 04 0d  2d b6 1a 20 00 00 00 00  |T.w..T..-.. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 5a e2 b6 f0 cf  |....z...v..Z....|
+00000010  f2 85 49 e0 28 8c d7 89  41 39 5f a4 e8 41 9b f6  |..I.(...A9_..A..|
+00000020  1d 2b 3a 8a 3e a3 40 29  76 17 22 20 00 00 00 00  |.+:.>.@)v." ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 28  |..+.....3.$... (|
-00000060  42 18 1f f9 3f 73 01 41  63 08 8d a1 1a a5 8b 5f  |B...?s.Ac......_|
-00000070  d0 63 44 21 d2 fc d8 7e  46 9f 66 62 0d c0 19 14  |.cD!...~F.fb....|
-00000080  03 03 00 01 01 17 03 03  00 17 66 d5 4f 1f 0b 85  |..........f.O...|
-00000090  65 0a 81 21 55 2f 17 bc  ad e1 83 69 29 51 6b 7f  |e..!U/.....i)Qk.|
-000000a0  15 17 03 03 01 50 b2 f9  51 18 c9 23 24 91 b8 b0  |.....P..Q..#$...|
-000000b0  32 8d 3c 81 8a ca c3 25  8a 1f cc 17 d1 67 07 42  |2.<....%.....g.B|
-000000c0  7b 82 ae 1f b8 65 55 e2  ce 2e ad d3 90 bf 3f 2d  |{....eU.......?-|
-000000d0  85 dc 68 3a 4c 1a 79 9e  cc 86 d3 20 7b 7e ba b4  |..h:L.y.... {~..|
-000000e0  cf 8b 4b f8 9b 58 0f 7f  24 cc aa 80 4b be 8f 3e  |..K..X..$...K..>|
-000000f0  88 1e b1 10 0b 8c 74 6b  2e ad 8d c9 40 e1 3f 4a  |......tk....@.?J|
-00000100  90 5c 97 79 f4 aa 62 e1  e1 2e e4 f4 22 ce ab 85  |.\.y..b....."...|
-00000110  d6 ac e1 d8 21 f8 ed 70  3e 92 0d 2c b2 39 f9 a5  |....!..p>..,.9..|
-00000120  da ce 3e ff 76 09 54 10  35 86 80 f8 fa 86 44 a1  |..>.v.T.5.....D.|
-00000130  78 7c 9c a8 15 c9 55 92  e8 14 0d 99 c8 40 7c f7  |x|....U......@|.|
-00000140  d9 d6 cd ae bf 05 f9 da  0f 33 b1 ee ae 39 bb 30  |.........3...9.0|
-00000150  3c f2 3d e4 0a b7 e1 e7  6a 5f 48 65 a6 28 37 26  |<.=.....j_He.(7&|
-00000160  c1 18 0b 31 f2 79 00 fd  25 d6 76 8f 7b bc 7e 2e  |...1.y..%.v.{.~.|
-00000170  3d f2 bb b2 1a 5f 1b 7d  df b5 f5 bb b2 e7 1b 51  |=...._.}.......Q|
-00000180  de cc 4d 2b 32 c6 cd 33  97 32 d3 c8 02 89 a2 0a  |..M+2..3.2......|
-00000190  a2 6a 2c d4 6f b8 97 3b  7d bf 42 18 97 a3 2d 51  |.j,.o..;}.B...-Q|
-000001a0  70 a7 f0 9f 04 2a a0 6f  2f 30 7c fe b6 fc dd c5  |p....*.o/0|.....|
-000001b0  6a 65 e3 a2 7a c0 d8 31  37 3f c0 36 79 d2 a0 20  |je..z..17?.6y.. |
-000001c0  7d 4e ea 8c 44 77 53 e9  db 90 ef 24 26 05 ce b0  |}N..DwS....$&...|
-000001d0  9e 18 a9 8f 21 55 b6 40  63 b5 4c f6 74 2d 4a c5  |....!U.@c.L.t-J.|
-000001e0  7f 67 ee 95 35 21 e0 22  61 c5 68 5f e7 b3 ac 4d  |.g..5!."a.h_...M|
-000001f0  4e e5 31 bb 10 22 17 03  03 00 59 ab 04 24 cb f7  |N.1.."....Y..$..|
-00000200  33 03 08 97 0b d5 9e a7  23 18 ec b6 f6 e8 ee 1f  |3.......#.......|
-00000210  2d 5f 6b 73 92 ce ac 3b  59 50 27 77 ac 73 ac fe  |-_ks...;YP'w.s..|
-00000220  b1 5a 8e 9e 81 50 54 4d  3b f7 7b 1e f9 f9 c1 d5  |.Z...PTM;.{.....|
-00000230  c6 08 b5 88 55 96 13 c6  d4 f6 cd b5 5d 5a 27 ae  |....U.......]Z'.|
-00000240  27 95 e0 55 0e c5 fe 6b  9a ae 3d f8 3a b9 05 f6  |'..U...k..=.:...|
-00000250  ef 90 99 30 17 03 03 00  35 54 af 85 8b 06 b2 ee  |...0....5T......|
-00000260  a8 6f 18 76 9b 9a ea 2e  57 b9 2c 9e a7 56 6c 49  |.o.v....W.,..VlI|
-00000270  ab 6e 10 4e fc c8 9c 37  b3 dc 95 8b 74 07 e9 90  |.n.N...7....t...|
-00000280  a3 35 72 b4 60 9a ea 87  a7 76 72 42 7d b7        |.5r.`....vrB}.|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 d1  |..+.....3.$... .|
+00000060  41 fa 43 c4 c8 0a 98 e0  da 88 c8 58 36 ab 12 61  |A.C........X6..a|
+00000070  d5 2d 9a 5b 10 fd 1f 10  bf d4 df 23 d0 de 2c 14  |.-.[.......#..,.|
+00000080  03 03 00 01 01 17 03 03  00 17 bf 64 74 65 06 48  |...........dte.H|
+00000090  41 72 b9 9f 41 24 a9 d0  05 00 4e 8c 93 a8 bd 91  |Ar..A$....N.....|
+000000a0  ce 17 03 03 01 50 20 58  c1 4f 42 ed e9 e6 50 86  |.....P X.OB...P.|
+000000b0  5f 49 88 ac 8b b8 3d 25  1d 87 b5 7f 9f 1a a2 cd  |_I....=%........|
+000000c0  f2 90 d0 6d 13 ed a6 6c  f9 1e af c8 73 dd 68 d4  |...m...l....s.h.|
+000000d0  46 1f ce d4 74 87 57 0f  c1 b7 dd bd 5a 44 7c 08  |F...t.W.....ZD|.|
+000000e0  2d 60 ca 34 1f 94 ee 4a  cd e7 4a 69 1c 8d 4c 64  |-`.4...J..Ji..Ld|
+000000f0  e8 a1 90 89 75 e2 3b 5b  0e 58 f8 7a 0a fe 2d 6d  |....u.;[.X.z..-m|
+00000100  ee 82 ab 07 e3 09 ae 37  d5 d6 31 9f 47 a5 eb ca  |.......7..1.G...|
+00000110  fd d9 5e b3 f1 ab 8a 64  8f 66 7d e7 a5 66 b4 46  |..^....d.f}..f.F|
+00000120  3c 3c 2c 2f f7 5a 46 b3  e7 8b a4 3e 5f 21 ab 66  |<<,/.ZF....>_!.f|
+00000130  60 4d ca 20 4b 7b 75 5a  88 a5 65 97 1b 70 5b 69  |`M. K{uZ..e..p[i|
+00000140  7b 22 87 48 e4 a2 a8 32  06 65 00 91 e6 ac 6c 9b  |{".H...2.e....l.|
+00000150  42 04 53 f5 e5 46 72 d6  3a 7d d8 c1 e4 f1 79 dc  |B.S..Fr.:}....y.|
+00000160  de 7b 21 83 d0 98 90 99  2d 9d 78 67 89 31 2a 7d  |.{!.....-.xg.1*}|
+00000170  6a 97 c7 80 a9 2a 91 4e  e2 30 29 96 25 97 e9 94  |j....*.N.0).%...|
+00000180  2d 0a e0 30 8c e3 54 00  2a 29 e9 60 ef 4c 60 1c  |-..0..T.*).`.L`.|
+00000190  76 51 db 5d d7 7c 0c ae  f3 a8 9e 3b 49 c6 a7 ce  |vQ.].|.....;I...|
+000001a0  a3 e8 e6 8c 13 ea fa bd  7f 59 36 06 1e 0c 54 2d  |.........Y6...T-|
+000001b0  d2 75 8a 75 94 f3 5c 77  0a 8e a0 23 9f 21 d8 ed  |.u.u..\w...#.!..|
+000001c0  65 87 fa f0 65 e1 81 2b  45 50 91 9e 48 8f 4c 80  |e...e..+EP..H.L.|
+000001d0  7a c7 32 07 9a d9 d4 59  7a 7c 11 01 c2 75 fd 25  |z.2....Yz|...u.%|
+000001e0  15 7b de b1 72 54 42 9e  02 41 a8 1a 04 6a 64 ba  |.{..rTB..A...jd.|
+000001f0  97 48 48 48 24 3d 17 03  03 00 59 d7 53 12 64 01  |.HHH$=....Y.S.d.|
+00000200  d4 b7 e4 bf e1 33 f6 49  24 cf e8 6f 48 56 d6 1b  |.....3.I$..oHV..|
+00000210  e3 11 e9 a5 fb 7d f7 f5  b7 06 6c ce 4d e7 3c ca  |.....}....l.M.<.|
+00000220  bc 30 27 2e 02 4a 50 ec  7e 8c d4 cd 7a 78 43 3f  |.0'..JP.~...zxC?|
+00000230  5d 17 d7 bd 3e 78 68 21  ad 98 93 ad 90 de f7 c9  |]...>xh!........|
+00000240  ab 7d 36 59 7e 7b e8 10  92 de ee 44 a2 e3 df 41  |.}6Y~{.....D...A|
+00000250  6c a8 6c 9b 17 03 03 00  35 3a 9b 88 fc 4d 78 aa  |l.l.....5:...Mx.|
+00000260  a3 96 c7 f9 80 87 75 88  41 e6 58 9c f7 f6 88 0c  |......u.A.X.....|
+00000270  8f 57 8f 41 b7 49 a9 c2  db d6 44 51 a6 cb eb c3  |.W.A.I....DQ....|
+00000280  8d e5 32 19 4b e5 dd 4e  19 6b f4 38 cd 3d        |..2.K..N.k.8.=|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 70 04 7a 93 3e  |..........5p.z.>|
-00000010  de c0 df 1d 2b 25 ea c4  7d 57 eb 94 59 80 2c d6  |....+%..}W..Y.,.|
-00000020  80 0e 5e 9f 22 00 82 1c  e0 2e 15 1e 5d b6 16 84  |..^.".......]...|
-00000030  83 83 79 29 54 49 dc bb  b8 f0 f8 71 13 09 7d e9  |..y)TI.....q..}.|
-00000040  17 03 03 00 17 93 e8 8f  30 24 3b e7 5e a4 15 b3  |........0$;.^...|
-00000050  f6 53 15 d6 f8 4c ab 0c  32 d6 28 ef 17 03 03 00  |.S...L..2.(.....|
-00000060  13 2b ea 8e 10 9d 46 08  d9 43 04 da d8 5a 78 f8  |.+....F..C...Zx.|
-00000070  33 c0 62 33                                       |3.b3|
+00000000  14 03 03 00 01 01 17 03  03 00 35 64 73 84 51 69  |..........5ds.Qi|
+00000010  81 4c a7 ce 8b 39 08 0e  0f 25 d2 24 49 3c 9d 98  |.L...9...%.$I<..|
+00000020  c7 46 f5 7e ba bd d1 9d  79 d3 f6 cb 29 00 95 90  |.F.~....y...)...|
+00000030  c2 fa c6 65 01 f2 9d 12  a7 db 14 49 e6 0b 40 c9  |...e.......I..@.|
+00000040  17 03 03 00 17 df ad 2a  5f f7 bd 94 90 dd 11 24  |.......*_......$|
+00000050  b8 97 6e fc d3 93 91 47  36 26 2d e1 17 03 03 00  |..n....G6&-.....|
+00000060  13 40 ad 3c c3 49 76 47  c0 02 f0 bc 80 66 3c e4  |.@.<.IvG.....f<.|
+00000070  35 28 eb b5                                       |5(..|
diff --git a/testdata/Client-TLSv13-ExportKeyingMaterial b/testdata/Client-TLSv13-ExportKeyingMaterial
index ef0029ff..13fb6048 100644
--- a/testdata/Client-TLSv13-ExportKeyingMaterial
+++ b/testdata/Client-TLSv13-ExportKeyingMaterial
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,87 +7,86 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 3e 1e de 6b d3  |....z...v..>..k.|
-00000010  83 f0 87 bd 4c 26 fe 68  40 01 f3 c6 c8 39 b4 b3  |....L&.h@....9..|
-00000020  46 c7 ae 97 1a b2 67 a0  6a 7f 93 20 00 00 00 00  |F.....g.j.. ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 67 c5 21 e2 8b  |....z...v..g.!..|
+00000010  b6 6a cc 42 40 24 b2 4f  55 61 d9 20 78 e2 e3 40  |.j.B@$.OUa. x..@|
+00000020  83 62 3d 08 e3 0a 31 0b  55 f5 b6 20 00 00 00 00  |.b=...1.U.. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 6a  |..+.....3.$... j|
-00000060  bc 9c e7 36 da f4 e7 90  ca e8 12 65 27 0c f0 b4  |...6.......e'...|
-00000070  e9 e4 e8 b9 6e 4c 2c 56  29 7d 97 e5 89 d6 71 14  |....nL,V)}....q.|
-00000080  03 03 00 01 01 17 03 03  00 17 14 a3 91 83 8e 8b  |................|
-00000090  cb 7b 17 d0 1d 4b 37 bb  94 3f c1 18 44 7f ac 57  |.{...K7..?..D..W|
-000000a0  0d 17 03 03 02 6d 60 0a  40 97 d6 cb 85 46 8c 9b  |.....m`.@....F..|
-000000b0  fd c6 3b 03 02 e4 57 84  00 f8 b4 8e 25 0c 85 21  |..;...W.....%..!|
-000000c0  70 bc 17 c2 32 57 46 63  a9 42 32 c6 fb 6c b1 7c  |p...2WFc.B2..l.||
-000000d0  be 7d 4d 37 9c 72 42 ca  02 39 43 9e 70 4c 73 f6  |.}M7.rB..9C.pLs.|
-000000e0  72 45 91 f4 72 8b dc cd  c4 25 68 77 d6 91 62 8f  |rE..r....%hw..b.|
-000000f0  f1 88 ee 92 f8 ce 4c dd  86 d0 eb c7 c7 75 48 fe  |......L......uH.|
-00000100  3c 27 48 f7 6c 3e 2e 18  64 02 82 0f 08 6f 93 1c  |<'H.l>..d....o..|
-00000110  15 bb d0 06 36 1c a9 ab  5e 76 b5 7b f1 fa 0b 27  |....6...^v.{...'|
-00000120  09 01 23 58 1d 5e 8e 7c  a9 ba 87 de c2 05 31 a5  |..#X.^.|......1.|
-00000130  7a 20 cc 4c 4a 72 65 3b  8a a5 66 b6 d3 49 10 49  |z .LJre;..f..I.I|
-00000140  7c 3d 27 13 88 01 48 65  41 5d 25 b7 6a 96 78 86  ||='...HeA]%.j.x.|
-00000150  03 d7 53 7b 9c fb db db  c8 d7 5e 71 f4 6c 03 49  |..S{......^q.l.I|
-00000160  6b e3 0d a4 07 ac 7c 45  b7 98 d1 0d 24 72 93 1d  |k.....|E....$r..|
-00000170  f3 f6 51 3b 5f 08 43 fe  5b db 1a ad 84 10 bd d1  |..Q;_.C.[.......|
-00000180  88 fe 24 83 e3 46 d1 40  a0 c0 e9 dc 19 75 b2 8f  |..$..F.@.....u..|
-00000190  5e ea 67 2e 0e a3 79 bd  9f 92 f4 0a d0 fd f0 26  |^.g...y........&|
-000001a0  f9 40 d1 3c 76 03 61 ab  11 d1 c6 22 e2 62 ea 35  |.@.<v.a....".b.5|
-000001b0  bf e5 22 17 1b 6a be bf  0b 8f 3b ae 3e 87 1f 40  |.."..j....;.>..@|
-000001c0  79 1f 3b 1f 56 6f b7 98  e1 6e bb 4c 0a 11 cf 1c  |y.;.Vo...n.L....|
-000001d0  68 a2 87 a6 83 72 ab d1  a8 4f 39 48 fc d0 54 bf  |h....r...O9H..T.|
-000001e0  47 7f 7c 8f 91 7d 40 96  01 b0 ec 62 b0 16 b8 d3  |G.|..}@....b....|
-000001f0  02 15 68 e0 7e d7 40 0a  9f 5e cf 21 75 40 d6 4c  |..h.~.@..^.!u@.L|
-00000200  50 c0 05 8f 8e db b5 44  d3 50 24 be c3 7b 5d 39  |P......D.P$..{]9|
-00000210  a5 cb 92 d5 dd 4b 16 c2  6a ec e5 f6 79 6d 04 6f  |.....K..j...ym.o|
-00000220  26 fd 55 ba 8a 38 db ab  dd 78 13 a7 de 23 e7 c0  |&.U..8...x...#..|
-00000230  c6 97 34 18 26 2e d0 ef  b0 d7 1a 3c af cc 2f 79  |..4.&......<../y|
-00000240  ea cd d3 b2 02 99 5a ca  c8 49 39 f7 df 64 5d 1a  |......Z..I9..d].|
-00000250  89 59 92 33 e8 ae 19 ca  42 53 c0 1a 18 6b 9e 8f  |.Y.3....BS...k..|
-00000260  65 64 b3 b3 6f 4c c8 7c  46 fb 2f 0a ad ed ef 15  |ed..oL.|F./.....|
-00000270  14 dd dd ae b0 09 d4 5a  ba 2e 78 a2 3e 8e d4 35  |.......Z..x.>..5|
-00000280  a2 96 a1 a2 08 f8 0c c6  a3 13 be 09 b8 5f 00 04  |............._..|
-00000290  22 78 98 cf 41 24 40 e9  93 4e b0 86 15 e1 5e c2  |"x..A$@..N....^.|
-000002a0  cf c3 49 51 1a d8 a1 e6  c0 a9 ea 35 b2 56 ee 2d  |..IQ.......5.V.-|
-000002b0  08 4e 3b 3d 03 cb f1 54  94 a0 d5 6a 9c bc d8 7c  |.N;=...T...j...||
-000002c0  f1 22 10 0a 5c d9 66 87  fa e2 8e e8 41 cc ce cd  |."..\.f.....A...|
-000002d0  a9 c2 c7 11 4c e2 e4 20  70 ae aa d1 1e 47 b7 ee  |....L.. p....G..|
-000002e0  b3 45 18 3a a9 31 44 bb  b0 7f 73 6a df 2a 67 00  |.E.:.1D...sj.*g.|
-000002f0  81 c6 da 9d 8b 65 98 f8  b8 e5 fb da 85 cc 68 c2  |.....e........h.|
-00000300  77 ed d5 14 a8 32 74 b1  d1 9c 89 1c 3e b8 d9 d4  |w....2t.....>...|
-00000310  89 8d d5 17 03 03 00 99  1c 42 3c cc 38 4d ed 1e  |.........B<.8M..|
-00000320  14 2e cb e7 a4 43 64 95  a5 8f c6 ff 81 a1 4f d8  |.....Cd.......O.|
-00000330  2a 1e 82 cf 4c 6a a2 32  ee 3b 8e f9 d5 63 99 2b  |*...Lj.2.;...c.+|
-00000340  7a 7e 4c 9b 1a c8 48 78  4f 8e ad af ea 3a 60 65  |z~L...HxO....:`e|
-00000350  b6 05 62 78 36 5f c1 40  e3 16 f2 be 48 41 ca a6  |..bx6_.@....HA..|
-00000360  e1 10 e4 fe 14 0b 59 6d  da fc 35 1e f5 eb fc 71  |......Ym..5....q|
-00000370  08 49 a4 04 55 df 5e 09  cc 48 79 ba 3b e6 12 20  |.I..U.^..Hy.;.. |
-00000380  4e 57 b3 22 a0 4f 62 b9  30 e3 1c 3e ed 95 6c c7  |NW.".Ob.0..>..l.|
-00000390  49 a3 b4 c5 2d 25 11 18  94 7b 10 43 d3 fe de 98  |I...-%...{.C....|
-000003a0  74 65 c1 cd d2 d1 67 a1  86 03 a4 7e 12 88 0e 6e  |te....g....~...n|
-000003b0  49 17 03 03 00 35 d3 c7  fa 89 82 0d 80 29 53 f8  |I....5.......)S.|
-000003c0  49 ba 86 1f aa dd ec d4  4c 8d cc a4 88 95 27 a8  |I.......L.....'.|
-000003d0  23 dc b2 09 e6 d3 47 34  fa e1 0c 5c 01 ae 95 a0  |#.....G4...\....|
-000003e0  4d 1c 42 fe e7 d6 ed cb  a7 83 fd                 |M.B........|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 ba  |..+.....3.$... .|
+00000060  d1 5b 5d b4 ca a0 c2 a8  20 f2 d4 12 03 c1 95 ba  |.[]..... .......|
+00000070  f0 ca 33 f0 22 56 f6 15  2c 15 b9 7b c6 78 6a 14  |..3."V..,..{.xj.|
+00000080  03 03 00 01 01 17 03 03  00 17 da b1 6a 79 21 51  |............jy!Q|
+00000090  6b 2a 57 47 22 f1 be 5d  24 36 ec 0f 82 fd bf b8  |k*WG"..]$6......|
+000000a0  5e 17 03 03 02 6d e7 ed  1e c2 be f9 15 80 5e 01  |^....m........^.|
+000000b0  73 b7 57 07 40 68 ae 88  d6 43 eb 6b fb 0c a3 4e  |s.W.@h...C.k...N|
+000000c0  b3 86 9d 5b 92 8a 1c da  a2 9b a5 11 a3 e4 4e 2c  |...[..........N,|
+000000d0  8d 3f 96 20 ec 13 e8 ea  10 47 4a 4a cd 64 ad f9  |.?. .....GJJ.d..|
+000000e0  48 af 11 58 ff 2f cd 29  6e 8e 0f fc 31 96 29 b4  |H..X./.)n...1.).|
+000000f0  df 57 e4 e9 65 62 b5 35  8e 7f a0 36 1d b1 fd 19  |.W..eb.5...6....|
+00000100  c1 b8 7e d9 59 44 a8 3c  97 15 57 fa 64 95 c8 ff  |..~.YD.<..W.d...|
+00000110  db a5 12 85 86 2c aa bc  87 f1 7e f3 2c 08 64 05  |.....,....~.,.d.|
+00000120  4a b1 8e a3 6a 26 e3 e8  fd 80 47 3c 9c a3 4a bb  |J...j&....G<..J.|
+00000130  73 9b 5d 6e 18 06 ac e5  63 de a8 53 e4 a1 b0 41  |s.]n....c..S...A|
+00000140  6a 88 ab 91 94 df 77 55  11 eb 29 97 69 59 67 19  |j.....wU..).iYg.|
+00000150  b3 23 df bf 2c ac 15 03  77 88 ad bf df 8d 4e 96  |.#..,...w.....N.|
+00000160  59 86 9b 77 e9 74 fc 29  c6 cd 65 c9 aa 7a 36 9b  |Y..w.t.)..e..z6.|
+00000170  11 f8 47 fd 8b 59 8b 26  8c f4 f1 f1 38 12 0e 02  |..G..Y.&....8...|
+00000180  e8 27 f2 ce bc 4a be c3  22 ff ae ce ef 31 d0 4c  |.'...J.."....1.L|
+00000190  d2 13 b3 1b 40 fd a0 c0  e9 f3 00 54 cf b8 9c 9d  |....@......T....|
+000001a0  2c 4b de 9a f8 82 11 e7  ea eb cf 45 99 a2 f8 ff  |,K.........E....|
+000001b0  53 71 e5 e0 bd f1 bb 4e  eb 39 7f 85 c4 e9 0d c0  |Sq.....N.9......|
+000001c0  46 de b4 1b 0e 1f 18 8c  5b cf 12 03 8a 91 06 23  |F.......[......#|
+000001d0  3f f3 54 3e e9 e6 e1 2c  84 d3 4e cc 16 f6 aa 92  |?.T>...,..N.....|
+000001e0  6b 24 30 5d f8 a0 52 ca  02 9a 50 58 43 b6 22 04  |k$0]..R...PXC.".|
+000001f0  47 c6 ba 1c e1 aa c2 2c  ca 50 13 de 2b 2b 34 ec  |G......,.P..++4.|
+00000200  80 8c 34 77 20 ab f3 f3  42 d2 9a 2b 9d 38 32 f9  |..4w ...B..+.82.|
+00000210  de 9c 7b ee 22 4f 41 9e  ea 35 88 8c e7 74 f6 ac  |..{."OA..5...t..|
+00000220  a5 fe af d9 c4 b1 a4 87  aa 9f d9 02 3b 4b 92 2b  |............;K.+|
+00000230  f4 ea 6f 81 b8 54 ca 77  3d a2 37 f0 60 d8 26 e4  |..o..T.w=.7.`.&.|
+00000240  27 04 c8 5b bf bc 5e 9c  8b a9 f6 c1 58 31 de 48  |'..[..^.....X1.H|
+00000250  67 5b c5 d7 ae 35 cc d8  8d 01 9b e0 d0 c7 33 f8  |g[...5........3.|
+00000260  36 c1 e8 50 32 27 87 6c  64 71 27 3f 66 82 fa 92  |6..P2'.ldq'?f...|
+00000270  d3 fe b9 9e d3 e2 63 43  64 13 73 4b e9 34 d9 ae  |......cCd.sK.4..|
+00000280  49 dd 9c 17 f3 a6 34 27  3e 07 68 ed 6b 98 0a 69  |I.....4'>.h.k..i|
+00000290  9c f5 4f 1e fc ac 72 08  7e bb bd 97 fe f9 c1 09  |..O...r.~.......|
+000002a0  a2 69 75 c4 e7 a1 83 df  03 0f 74 21 e8 4c 4c d7  |.iu.......t!.LL.|
+000002b0  a2 90 5a 4d d9 a2 fa f1  e4 dc ff 75 e8 fe a1 91  |..ZM.......u....|
+000002c0  46 a4 c2 0b c3 9e 83 45  40 b4 ba fe ed 9e 3a 81  |F......E@.....:.|
+000002d0  a9 27 b9 fa 6f 9e 38 10  2f e6 05 9a 00 43 e9 fb  |.'..o.8./....C..|
+000002e0  60 b8 26 2e 18 4a 0c 14  6a 9f aa 26 1d 53 9e 4f  |`.&..J..j..&.S.O|
+000002f0  fc 7e e1 90 60 28 b1 89  db b6 68 58 5d 2a fa 43  |.~..`(....hX]*.C|
+00000300  91 99 c1 94 74 77 a9 30  cf 1e 9d 49 fc cd be 6c  |....tw.0...I...l|
+00000310  5a 72 90 17 03 03 00 99  1b 1f 16 9b 8e 85 5a 8a  |Zr............Z.|
+00000320  3c c7 d8 e5 86 20 eb 71  83 12 e7 3b 02 ca a1 18  |<.... .q...;....|
+00000330  aa b7 ef 67 9d bf 57 46  14 3b ed b2 9b 2e f1 96  |...g..WF.;......|
+00000340  67 b0 cc 20 ab 67 63 5c  a9 96 d8 22 8e fa f0 94  |g.. .gc\..."....|
+00000350  1e 83 6c 53 8a 75 a5 37  1d f1 de 1f a7 22 13 08  |..lS.u.7....."..|
+00000360  b7 13 dd 25 26 eb 7a 85  72 33 ed a8 27 be cc ff  |...%&.z.r3..'...|
+00000370  8d 42 fa 6a f8 0a 59 44  6f 48 4d 58 27 d5 28 fb  |.B.j..YDoHMX'.(.|
+00000380  37 b0 85 25 49 d0 32 7c  dd b8 46 1a aa dc 16 b7  |7..%I.2|..F.....|
+00000390  f2 fd 99 17 67 41 c0 2d  75 0d 66 ef 65 e2 5f af  |....gA.-u.f.e._.|
+000003a0  d8 b4 aa 15 1c 24 40 0d  0d 4f a8 bc c9 92 1c ab  |.....$@..O......|
+000003b0  91 17 03 03 00 35 f9 69  7e 2a d6 fa 6e 42 25 6c  |.....5.i~*..nB%l|
+000003c0  da 96 f7 79 5f 02 44 1f  d8 1c a2 41 fc eb a5 12  |...y_.D....A....|
+000003d0  bf 37 ab b0 40 92 55 50  64 8e 7b e9 e5 f3 04 b5  |.7..@.UPd.{.....|
+000003e0  0f 04 93 98 fa ca 24 69  a1 73 26                 |......$i.s&|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 b4 e6 ba 4c 98  |..........5...L.|
-00000010  46 1c 04 eb 9a 06 4a ef  8c 2a 6e 9a 69 35 78 4c  |F.....J..*n.i5xL|
-00000020  9a 5e 43 93 11 d8 8d a5  c9 d0 1a db b6 ef 65 ec  |.^C...........e.|
-00000030  a9 21 e4 0f a6 3e 0a c1  a0 a1 49 35 c3 e7 d9 20  |.!...>....I5... |
-00000040  17 03 03 00 17 d7 8d d4  53 d5 40 dc ae d6 73 24  |........S.@...s$|
-00000050  f8 f5 65 4e 0f 8d a6 f0  9d 4a e1 5b 17 03 03 00  |..eN.....J.[....|
-00000060  13 fd e0 76 85 ee 46 e9  d4 3c 0d 05 56 9b b3 5b  |...v..F..<..V..[|
-00000070  9c 42 de d4                                       |.B..|
+00000000  14 03 03 00 01 01 17 03  03 00 35 80 f8 9b f1 1d  |..........5.....|
+00000010  89 31 a8 ea b8 cc 44 a7  6c c3 f7 ea 0f fd f4 a3  |.1....D.l.......|
+00000020  4c c2 15 06 bd 79 16 90  a1 bf 44 df e5 21 03 ff  |L....y....D..!..|
+00000030  e5 83 08 67 70 09 11 21  8e 96 47 e6 f4 e3 36 6e  |...gp..!..G...6n|
+00000040  17 03 03 00 17 7b 87 be  4e f8 ce 6f 30 b8 5b 95  |.....{..N..o0.[.|
+00000050  20 79 23 f7 50 6b 17 b8  13 a2 38 6a 17 03 03 00  | y#.Pk....8j....|
+00000060  13 2a d5 e0 a4 17 7d 4f  3b 5a 6c bc 9d 5a 79 5b  |.*....}O;Zl..Zy[|
+00000070  a8 f6 b2 4a                                       |...J|
diff --git a/testdata/Client-TLSv13-HelloRetryRequest b/testdata/Client-TLSv13-HelloRetryRequest
index 2ef8e406..4d58f8d4 100644
--- a/testdata/Client-TLSv13-HelloRetryRequest
+++ b/testdata/Client-TLSv13-HelloRetryRequest
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 14 01 00 01  10 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,16 +7,16 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 95 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
-000000a0  00 0a 00 06 00 04 00 1d  00 17 00 0d 00 1a 00 18  |................|
+000000a0  00 0a 00 06 00 04 00 1d  00 17 00 0d 00 16 00 14  |................|
 000000b0  08 04 04 03 08 07 08 05  08 06 04 01 05 01 06 01  |................|
-000000c0  05 03 06 03 02 01 02 03  00 32 00 1a 00 18 08 04  |.........2......|
-000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
-000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
-00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
-00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
+000000c0  05 03 06 03 00 32 00 1a  00 18 08 04 04 03 08 07  |.....2..........|
+000000d0  08 05 08 06 04 01 05 01  06 01 05 03 06 03 02 01  |................|
+000000e0  02 03 00 2b 00 09 08 03  04 03 03 03 02 03 01 00  |...+............|
+000000f0  33 00 26 00 24 00 1d 00  20 2f e5 7d a3 47 cd 62  |3.&.$... /.}.G.b|
+00000100  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
+00000110  c2 ed 90 99 5f 58 cb 3b  74                       |...._X.;t|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 58 02 00 00  54 03 03 cf 21 ad 74 e5  |....X...T...!.t.|
 00000010  9a 61 11 be 1d 8c 02 1e  65 b8 91 c2 a2 11 16 7a  |.a......e......z|
@@ -26,7 +26,7 @@
 00000050  0c 00 2b 00 02 03 04 00  33 00 02 00 17 14 03 03  |..+.....3.......|
 00000060  00 01 01                                          |...|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 16 03  03 01 39 01 00 01 35 03  |..........9...5.|
+00000000  14 03 03 00 01 01 16 03  03 01 35 01 00 01 31 03  |..........5...1.|
 00000010  03 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000030  00 20 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |. ..............|
@@ -34,90 +34,89 @@
 00000050  00 00 00 32 cc a9 cc a8  c0 2b c0 2f c0 2c c0 30  |...2.....+./.,.0|
 00000060  c0 09 c0 13 c0 0a c0 14  00 9c 00 9d 00 2f 00 35  |............./.5|
 00000070  c0 12 00 0a c0 23 c0 27  00 3c c0 07 c0 11 00 05  |.....#.'.<......|
-00000080  13 03 13 01 13 02 01 00  00 ba 00 0b 00 02 01 00  |................|
+00000080  13 03 13 01 13 02 01 00  00 b6 00 0b 00 02 01 00  |................|
 00000090  ff 01 00 01 00 00 17 00  00 00 12 00 00 00 05 00  |................|
 000000a0  05 01 00 00 00 00 00 0a  00 06 00 04 00 1d 00 17  |................|
-000000b0  00 0d 00 1a 00 18 08 04  04 03 08 07 08 05 08 06  |................|
-000000c0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 32  |...............2|
-000000d0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000e0  05 01 06 01 05 03 06 03  02 01 02 03 00 2b 00 09  |.............+..|
-000000f0  08 03 04 03 03 03 02 03  01 00 33 00 47 00 45 00  |..........3.G.E.|
-00000100  17 00 41 04 1e 18 37 ef  0d 19 51 88 35 75 71 b5  |..A...7...Q.5uq.|
-00000110  e5 54 5b 12 2e 8f 09 67  fd a7 24 20 3e b2 56 1c  |.T[....g..$ >.V.|
-00000120  ce 97 28 5e f8 2b 2d 4f  9e f1 07 9f 6c 4b 5b 83  |..(^.+-O....lK[.|
-00000130  56 e2 32 42 e9 58 b6 d7  49 a6 b5 68 1a 41 03 56  |V.2B.X..I..h.A.V|
-00000140  6b dc 5a 89                                       |k.Z.|
+000000b0  00 0d 00 16 00 14 08 04  04 03 08 07 08 05 08 06  |................|
+000000c0  04 01 05 01 06 01 05 03  06 03 00 32 00 1a 00 18  |...........2....|
+000000d0  08 04 04 03 08 07 08 05  08 06 04 01 05 01 06 01  |................|
+000000e0  05 03 06 03 02 01 02 03  00 2b 00 09 08 03 04 03  |.........+......|
+000000f0  03 03 02 03 01 00 33 00  47 00 45 00 17 00 41 04  |......3.G.E...A.|
+00000100  1e 18 37 ef 0d 19 51 88  35 75 71 b5 e5 54 5b 12  |..7...Q.5uq..T[.|
+00000110  2e 8f 09 67 fd a7 24 20  3e b2 56 1c ce 97 28 5e  |...g..$ >.V...(^|
+00000120  f8 2b 2d 4f 9e f1 07 9f  6c 4b 5b 83 56 e2 32 42  |.+-O....lK[.V.2B|
+00000130  e9 58 b6 d7 49 a6 b5 68  1a 41 03 56 6b dc 5a 89  |.X..I..h.A.Vk.Z.|
 >>> Flow 4 (server to client)
-00000000  16 03 03 00 9b 02 00 00  97 03 03 fe 4a 7b 8f ac  |............J{..|
-00000010  ff 16 9d af dc a9 3a c4  e6 91 99 1f 20 62 3d 0b  |......:..... b=.|
-00000020  1f 75 28 88 56 eb 36 d1  84 e5 58 20 00 00 00 00  |.u(.V.6...X ....|
+00000000  16 03 03 00 9b 02 00 00  97 03 03 3e b5 60 d1 cd  |...........>.`..|
+00000010  f5 a6 76 2c bd 49 f6 0f  c2 ff ff 6b c9 f6 45 19  |..v,.I.....k..E.|
+00000020  f6 e3 e7 fc 31 8b 49 4e  88 29 55 20 00 00 00 00  |....1.IN.)U ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
 00000050  4f 00 2b 00 02 03 04 00  33 00 45 00 17 00 41 04  |O.+.....3.E...A.|
-00000060  22 29 04 60 1f aa 8e 3f  bd 63 99 c0 66 e1 e1 d7  |").`...?.c..f...|
-00000070  c1 59 57 1d db 9d ba 28  a7 d4 fc fd bd 15 64 14  |.YW....(......d.|
-00000080  ec 78 e3 dc e1 c7 3e 07  c3 c5 c4 4e 43 51 10 e2  |.x....>....NCQ..|
-00000090  f0 ac 57 6b 56 4b b1 6a  46 e9 70 81 28 68 62 dc  |..WkVK.jF.p.(hb.|
-000000a0  17 03 03 00 17 2d a3 1d  ea 4e f0 8b 4b 19 3f 2d  |.....-...N..K.?-|
-000000b0  18 ef 9d b1 65 b4 e8 93  b2 80 fe 28 17 03 03 02  |....e......(....|
-000000c0  6d 3b 1b 01 88 15 65 6a  66 4a 91 e2 0a c2 c4 64  |m;....ejfJ.....d|
-000000d0  c1 f5 d0 c2 fd 1d 18 4a  e2 32 e2 d2 6f 25 04 78  |.......J.2..o%.x|
-000000e0  96 66 48 53 0b bc 24 0a  6c 46 54 28 bb 63 ed 4e  |.fHS..$.lFT(.c.N|
-000000f0  ab c3 15 bb ae 1e ea c9  63 2a f1 4b fc 55 60 b2  |........c*.K.U`.|
-00000100  8b 46 e3 09 f8 b4 72 87  3c ec 98 e2 21 53 c8 4d  |.F....r.<...!S.M|
-00000110  9b 07 4a 88 fc 0f c6 42  40 e5 74 5e 3e cf 88 3a  |..J....B@.t^>..:|
-00000120  f1 d9 ef 88 e8 eb 0a 4b  f4 64 12 d1 3f 36 25 f8  |.......K.d..?6%.|
-00000130  6d 91 49 a6 c1 ac 9e b7  e7 36 7f a0 0c af 11 48  |m.I......6.....H|
-00000140  83 e6 5c ee 23 d9 18 9a  0b 73 76 8f 0e f0 2c 4d  |..\.#....sv...,M|
-00000150  a8 07 15 da 33 b8 57 de  c4 a2 c2 97 ae d2 0b a0  |....3.W.........|
-00000160  96 da 1c c5 d6 6d 7f 66  c9 a6 ee ab 91 53 fc d4  |.....m.f.....S..|
-00000170  c1 e9 1b 7e e8 be 3e 44  65 8d 91 de 49 86 1c de  |...~..>De...I...|
-00000180  55 a1 42 5c 4c b5 24 30  67 23 d8 fe ad 54 6f e5  |U.B\L.$0g#...To.|
-00000190  e9 ae 78 46 4a f7 cc ed  d0 8d d3 65 95 76 ac fb  |..xFJ......e.v..|
-000001a0  f1 91 d2 90 35 17 5e c4  72 6c 16 2a 52 08 7b 16  |....5.^.rl.*R.{.|
-000001b0  10 e4 c4 08 28 86 f7 dd  17 50 6c d0 ea 06 f3 8a  |....(....Pl.....|
-000001c0  b9 c7 0e fd 67 9d 14 75  13 5b 85 a2 8e 1f 7a be  |....g..u.[....z.|
-000001d0  17 17 ad 72 a1 40 9d 02  5e 80 16 df e7 30 8a eb  |...r.@..^....0..|
-000001e0  2d 62 f5 63 e6 c2 96 f3  1c 19 c4 bf 14 50 73 b6  |-b.c.........Ps.|
-000001f0  6d 02 0e 7f 70 8f 6f f8  3d 6c 36 60 b5 41 3f 09  |m...p.o.=l6`.A?.|
-00000200  f9 72 26 59 fc d3 b2 70  84 2c 9b 7d 7b ab 14 a1  |.r&Y...p.,.}{...|
-00000210  43 65 89 51 75 9e 3b 4c  8c 01 8d a9 38 0a e3 fe  |Ce.Qu.;L....8...|
-00000220  0f f1 58 c5 9e b2 42 28  1e 7c 4a e0 6f fe 53 69  |..X...B(.|J.o.Si|
-00000230  e0 bc 8c c2 d5 00 c4 00  c6 f6 47 fe 70 cc a5 c0  |..........G.p...|
-00000240  cb 21 d8 89 37 8a ef bc  c6 9b 9d 5d 74 a7 22 6b  |.!..7......]t."k|
-00000250  5c e0 24 89 8d 88 a1 19  8a bf e6 bb d3 43 e3 71  |\.$..........C.q|
-00000260  38 99 60 20 2c d5 6e 93  83 20 be 0f ce 35 3d 02  |8.` ,.n.. ...5=.|
-00000270  2f 39 5e bb 06 68 b2 c7  fc 42 be a7 81 f5 40 dd  |/9^..h...B....@.|
-00000280  49 6f 4b 1b 3f a9 6c 5b  dd b9 38 29 01 be f7 76  |IoK.?.l[..8)...v|
-00000290  cc 7b 8e 34 25 72 64 2a  4b bc 38 f7 07 4e cd 16  |.{.4%rd*K.8..N..|
-000002a0  0b 9a 1f c5 5f 3e 5d 6e  fe 2c d6 fd 7c cc af 97  |...._>]n.,..|...|
-000002b0  89 04 75 20 83 c8 a9 4a  d8 65 08 a0 4f 6a f7 71  |..u ...J.e..Oj.q|
-000002c0  4a f0 34 b9 49 29 f1 44  d7 95 86 c1 cf fd 3a 46  |J.4.I).D......:F|
-000002d0  fb 0a 7a 13 ee ca 0d ce  bd 1e 62 63 cd 63 7a 75  |..z.......bc.czu|
-000002e0  26 a6 0c 6e d6 77 06 df  f7 1b e1 6c 96 e8 55 20  |&..n.w.....l..U |
-000002f0  62 f0 98 2d 22 28 3b 95  9b ec dc d7 cb 6c 1d b5  |b..-"(;......l..|
-00000300  3a de fd 2d a7 23 59 4b  69 85 20 13 8c e0 a4 b5  |:..-.#YKi. .....|
-00000310  c1 e0 72 08 e7 c2 c9 c6  c2 5c 23 e7 d3 15 dd de  |..r......\#.....|
-00000320  6a 9b d2 0c 47 4d d1 e7  d8 a9 4d 5f 60 03 17 03  |j...GM....M_`...|
-00000330  03 00 99 e8 da 65 12 48  68 fa d8 9c ee bf c8 3d  |.....e.Hh......=|
-00000340  a4 5d e1 bc 8a e3 18 46  a8 89 c9 7b 3e a2 b0 fb  |.].....F...{>...|
-00000350  1c 7e 64 69 4a 06 aa 0a  ce 79 b6 e0 8b 57 a7 7b  |.~diJ....y...W.{|
-00000360  7f b7 80 3f cf 1b f2 00  2f 22 63 00 97 60 e8 bf  |...?..../"c..`..|
-00000370  16 c1 37 fd e0 40 96 24  e1 48 c8 c5 7d a4 50 ed  |..7..@.$.H..}.P.|
-00000380  04 c4 17 88 84 e6 d3 8c  b9 8b bf 81 f8 3b 19 32  |.............;.2|
-00000390  27 d2 f6 41 2f d1 fb f3  49 79 c9 99 6d db c8 25  |'..A/...Iy..m..%|
-000003a0  36 fa 72 d1 c3 2c 1f 01  90 e0 a4 45 2b 3f 24 59  |6.r..,.....E+?$Y|
-000003b0  4c 87 04 af 4c 8b 48 04  b3 f6 e5 19 ab cd 57 f1  |L...L.H.......W.|
-000003c0  1c 4f a8 ec 48 23 20 65  df 7b cc 01 17 03 03 00  |.O..H# e.{......|
-000003d0  35 64 87 14 09 0b dd 3e  b1 58 d7 b5 46 e7 e3 c4  |5d.....>.X..F...|
-000003e0  76 fa 86 c4 6d 53 97 fd  4f c8 29 77 a7 f8 4f 70  |v...mS..O.)w..Op|
-000003f0  0d 91 e9 ba 06 a7 83 df  fb 6f 8e c9 fb fb 8f 88  |.........o......|
-00000400  1d 2b f9 ce cc 5c                                 |.+...\|
+00000060  f8 a5 4d 81 0a 05 43 42  0b d6 ca 3b 3e 02 44 20  |..M...CB...;>.D |
+00000070  56 89 80 d3 03 50 1a b4  70 50 78 aa 81 2b 5b 03  |V....P..pPx..+[.|
+00000080  6c 38 22 c1 17 4f e5 b9  57 ab 58 33 76 8e ae c9  |l8"..O..W.X3v...|
+00000090  a0 74 47 a0 10 c0 5c a7  8c 77 24 c8 90 bb f4 2a  |.tG...\..w$....*|
+000000a0  17 03 03 00 17 0c 2a 67  cb 9f a8 e8 5b 97 4a 75  |......*g....[.Ju|
+000000b0  24 80 65 28 15 a7 d4 71  eb 24 74 7e 17 03 03 02  |$.e(...q.$t~....|
+000000c0  6d 89 a3 fa 0f a6 dd dc  b5 5a f9 03 93 5a 2a a6  |m........Z...Z*.|
+000000d0  2f 65 81 9e 0d 2c 21 25  0b 7c 04 41 40 3e 95 a4  |/e...,!%.|.A@>..|
+000000e0  31 21 2a 08 db 35 bc 5a  93 aa b4 8f 30 28 0c e5  |1!*..5.Z....0(..|
+000000f0  11 f6 31 d6 7a b0 df 9c  f3 76 30 72 e2 27 1c d3  |..1.z....v0r.'..|
+00000100  75 68 3d 63 71 27 da 72  7a 18 19 da 25 94 ee e3  |uh=cq'.rz...%...|
+00000110  62 6f 45 c5 38 67 ba 4a  1f 6f f3 ea 46 c6 09 ad  |boE.8g.J.o..F...|
+00000120  db 3c 42 3c d7 8d 9c 49  8d 2c 22 15 74 98 60 5b  |.<B<...I.,".t.`[|
+00000130  f7 7f f2 87 6c 11 ed 82  72 e7 de aa e1 5b a6 85  |....l...r....[..|
+00000140  6c f0 d6 9f 94 3d 8b 9e  65 ee c2 f5 4c e7 16 eb  |l....=..e...L...|
+00000150  1e 0d 73 f0 ef a3 28 e1  df 51 81 56 16 f1 68 71  |..s...(..Q.V..hq|
+00000160  7a 17 09 95 6f dc b9 43  de 82 7a 5a a3 76 80 3a  |z...o..C..zZ.v.:|
+00000170  4b c7 f8 50 6a e9 a3 96  cb e5 60 14 cf 72 aa f5  |K..Pj.....`..r..|
+00000180  b0 fe 69 f1 f8 de fc 68  42 95 ef 81 16 3e e2 97  |..i....hB....>..|
+00000190  c6 b2 c3 eb ec 03 7d d2  85 2b c3 7f e7 07 c1 50  |......}..+.....P|
+000001a0  c9 b6 6f ab 7a 86 7b b3  fd 8b 9a 6a 3c ea 18 06  |..o.z.{....j<...|
+000001b0  13 e4 a4 9b d0 2c ef 8c  3f ea 8e d8 c4 d4 54 33  |.....,..?.....T3|
+000001c0  2e e5 b6 40 85 a8 4b 5d  9b 3c f2 9e 70 5a 23 d7  |...@..K].<..pZ#.|
+000001d0  c1 e1 b4 7a 42 69 fb b1  49 99 cf 60 5c 8a c0 7f  |...zBi..I..`\...|
+000001e0  c2 8c 8c 26 4f 0f 6c 10  bd e4 51 ab 19 4d 2a 63  |...&O.l...Q..M*c|
+000001f0  b3 39 1e d6 55 00 c9 89  3a c0 5a 2b 5b 0a e9 10  |.9..U...:.Z+[...|
+00000200  56 4c 8a 88 2d 37 27 50  07 2a 77 19 92 6a a0 67  |VL..-7'P.*w..j.g|
+00000210  c9 34 e7 b2 e4 f8 f8 fc  e0 24 c1 8e 6a 04 b0 6a  |.4.......$..j..j|
+00000220  35 1b 5a 74 78 34 81 09  d5 ed bc 61 55 bd bf 6f  |5.Ztx4.....aU..o|
+00000230  e4 a1 13 e9 b1 9a de de  54 3b 99 19 f7 90 74 be  |........T;....t.|
+00000240  48 b0 80 92 e7 19 91 17  12 12 9a 08 77 bf 2c 21  |H...........w.,!|
+00000250  33 51 9a 02 fc 8c c5 7b  90 52 89 61 df 64 1f af  |3Q.....{.R.a.d..|
+00000260  1e 49 2a 7b 33 1b 47 df  34 7f aa ca e3 16 2d 28  |.I*{3.G.4.....-(|
+00000270  94 cc 07 d1 0d 1a 07 80  a4 c6 cc 10 a7 72 58 bc  |.............rX.|
+00000280  65 92 de a1 c7 8b e5 63  9a 83 85 eb ee e8 8d e9  |e......c........|
+00000290  63 06 f0 6d 14 81 5a d5  a6 1b 84 d3 a2 5d f1 94  |c..m..Z......]..|
+000002a0  a4 af f7 eb 85 d3 00 41  12 b3 bc bf 4a 1a c1 c0  |.......A....J...|
+000002b0  b0 46 38 63 f4 05 de e0  c2 b7 ee 5b f8 c8 6c e7  |.F8c.......[..l.|
+000002c0  fe a4 3d a2 52 e8 25 4c  d0 b4 dd 1a aa e4 9c 5b  |..=.R.%L.......[|
+000002d0  3c 5c 9b 0f e2 ca 18 a8  59 1d 22 d8 2d cb ca 0d  |<\......Y.".-...|
+000002e0  61 f0 8e be 55 5e 0b b4  72 2f 32 f1 47 fe b8 94  |a...U^..r/2.G...|
+000002f0  ec 14 af c4 59 dd f9 b1  1b 18 84 44 54 c0 16 f0  |....Y......DT...|
+00000300  f4 e6 19 82 fb 00 84 6e  c0 87 05 82 33 7b 62 d8  |.......n....3{b.|
+00000310  e3 83 86 55 d6 06 bd e5  a3 1c c0 f1 ef b3 ae 2c  |...U...........,|
+00000320  f7 6e fa 9a 3d 6c cf de  5d 77 54 08 03 0c 17 03  |.n..=l..]wT.....|
+00000330  03 00 99 03 00 b3 cc ca  76 27 18 16 0a 8e d0 81  |........v'......|
+00000340  32 5d 9e 32 75 5e bb b4  c5 5c 6b 61 62 38 3d 2e  |2].2u^...\kab8=.|
+00000350  21 1a 93 c9 fc b7 90 74  17 78 ae 18 78 86 fc 6d  |!......t.x..x..m|
+00000360  0b 0c 50 d3 a6 5a 98 a8  76 6f ff 3b 98 f5 2f 11  |..P..Z..vo.;../.|
+00000370  3d af 84 92 04 42 93 33  33 5c 9a f2 fc 5f 05 dd  |=....B.33\..._..|
+00000380  89 a8 c3 c1 e7 92 0f 76  3a ed da 7c 25 e0 96 89  |.......v:..|%...|
+00000390  27 97 c1 3e 27 70 3f a4  15 f3 24 6a 47 43 7f d7  |'..>'p?...$jGC..|
+000003a0  70 b9 7b 2d 3d 53 c0 f6  53 85 fb f7 62 4a 01 8e  |p.{-=S..S...bJ..|
+000003b0  3e 30 3b b4 79 17 af 2e  73 56 e5 de ba 48 0e 0c  |>0;.y...sV...H..|
+000003c0  e0 d3 0a 80 07 b9 53 f1  1d a6 cf 29 17 03 03 00  |......S....)....|
+000003d0  35 f8 8f 94 ec 0a b9 d9  b1 2c d3 02 c9 0b ef 19  |5........,......|
+000003e0  89 ee a9 c0 b1 f3 9c 87  09 0e fb 9a e2 ad 4a 1e  |..............J.|
+000003f0  16 6d 84 af b3 fa b9 af  98 79 54 7d 45 29 99 85  |.m.......yT}E)..|
+00000400  8c a9 69 b6 ee 4e                                 |..i..N|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 35 44 f5 f8  bb f8 ef a5 7e c7 6f 34  |....5D......~.o4|
-00000010  88 d9 96 2e 59 11 6e 08  0d 17 20 fb 45 c6 86 7c  |....Y.n... .E..||
-00000020  d3 ac 29 0f 50 89 d3 e9  b8 eb 42 63 bc 18 49 99  |..).P.....Bc..I.|
-00000030  75 d5 08 2a 72 57 ea a2  a2 21 17 03 03 00 17 38  |u..*rW...!.....8|
-00000040  12 6b 56 f1 33 2a 3d 42  94 42 85 e5 3b 49 10 52  |.kV.3*=B.B..;I.R|
-00000050  13 82 59 6d 28 fa 17 03  03 00 13 ab 4c ec 58 94  |..Ym(.......L.X.|
-00000060  13 b6 f6 91 ce b5 91 f7  34 7f c5 98 38 f2        |........4...8.|
+00000000  17 03 03 00 35 4c c3 af  0b 49 46 e0 51 3a 73 a8  |....5L...IF.Q:s.|
+00000010  28 46 95 22 ef d7 05 8a  fc 4f 12 98 2f 09 ca a9  |(F.".....O../...|
+00000020  4d b8 17 e4 15 15 b5 13  3f 1a cb 8e 3d 19 00 d6  |M.......?...=...|
+00000030  19 af 90 66 0e 93 d4 22  4d 54 17 03 03 00 17 56  |...f..."MT.....V|
+00000040  31 7c 05 02 1d 84 64 d0  32 21 8d c1 61 7e 7f ce  |1|....d.2!..a~..|
+00000050  d3 45 b2 df ba df 17 03  03 00 13 3a 57 b6 2e 79  |.E.........:W..y|
+00000060  96 09 e9 66 f2 85 7a 21  88 45 cc b4 ff 12        |...f..z!.E....|
diff --git a/testdata/Client-TLSv13-KeyUpdate b/testdata/Client-TLSv13-KeyUpdate
index 18d547b9..7d04d95a 100644
--- a/testdata/Client-TLSv13-KeyUpdate
+++ b/testdata/Client-TLSv13-KeyUpdate
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,99 +7,98 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 84 8c be 3d 27  |....z...v.....='|
-00000010  0b ef 9d b0 8b bd 21 91  9d 12 b8 4c f2 0f bb 29  |......!....L...)|
-00000020  6a f4 1c 56 09 bb 85 c6  9b b7 7b 20 00 00 00 00  |j..V......{ ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 b2 4e f2 da 8b  |....z...v...N...|
+00000010  79 31 33 74 d5 37 8e 44  9d ad 6f 91 c4 bb 5d d4  |y13t.7.D..o...].|
+00000020  fd f1 e2 42 50 43 f5 3c  7f cf 92 20 00 00 00 00  |...BPC.<... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 32  |..+.....3.$... 2|
-00000060  ef 3c 13 61 12 2a 28 1c  73 77 7e 6f 7a 43 38 d3  |.<.a.*(.sw~ozC8.|
-00000070  6f f1 a6 87 34 92 b5 ad  55 7a a0 db 1c 5b 1e 14  |o...4...Uz...[..|
-00000080  03 03 00 01 01 17 03 03  00 17 18 cf a9 9c 7d 12  |..............}.|
-00000090  7e f7 a7 44 09 34 a6 40  22 8b 73 f8 87 69 35 ba  |~..D.4.@".s..i5.|
-000000a0  5a 17 03 03 02 6d 49 c5  1d 7e 9c f9 d7 5d 9f 3f  |Z....mI..~...].?|
-000000b0  41 5d a7 14 68 12 0b 3f  00 38 25 30 d9 9f 84 09  |A]..h..?.8%0....|
-000000c0  dd c9 9c 76 8a 73 40 5f  63 83 a9 4a b6 f1 4c 36  |...v.s@_c..J..L6|
-000000d0  74 13 bc 4b a6 47 9d 5b  50 3a 56 c7 6e 65 46 5d  |t..K.G.[P:V.neF]|
-000000e0  6a 1a 33 1d 9a 67 76 a2  7d 98 05 f3 3b 8b 62 3e  |j.3..gv.}...;.b>|
-000000f0  b0 72 f8 16 18 eb 47 ca  fe bc 83 ca 0a b6 df 6f  |.r....G........o|
-00000100  1c dd 95 6e 27 60 a3 88  40 0f a0 3f 6e f8 a8 9c  |...n'`..@..?n...|
-00000110  20 ee 43 60 66 e7 97 8c  c2 03 a8 e6 3d 87 6f cd  | .C`f.......=.o.|
-00000120  e9 3a 69 de 10 1f 49 ea  9d 9b 4d c9 e9 58 55 b2  |.:i...I...M..XU.|
-00000130  44 b7 09 f2 29 65 d1 fa  c1 00 b8 c0 0c 4d a1 89  |D...)e.......M..|
-00000140  1c 03 c5 0a 20 d9 88 b2  8e c6 b6 19 e1 a4 10 92  |.... ...........|
-00000150  2b 86 20 f8 0e 7c ed a5  37 03 9e 36 7a bd 0b de  |+. ..|..7..6z...|
-00000160  13 ef 6e e8 6d 1c 94 4d  6a 3f 17 db c8 44 84 47  |..n.m..Mj?...D.G|
-00000170  8b 23 d1 64 c8 90 7a da  ac 11 a0 51 c0 f2 76 10  |.#.d..z....Q..v.|
-00000180  57 1e bd a5 37 25 a9 a0  1d 3f cf 71 b1 d4 80 ed  |W...7%...?.q....|
-00000190  b9 eb 28 ec df 36 c4 f0  d1 2b fa 5b 13 fd b4 1a  |..(..6...+.[....|
-000001a0  82 3a e2 53 53 90 9a 42  0f 4b 3f 62 0e d5 e3 ab  |.:.SS..B.K?b....|
-000001b0  c2 93 b6 ab e2 db f5 43  fd f3 70 6d 44 68 c4 56  |.......C..pmDh.V|
-000001c0  4c 37 5a 9e 50 06 94 b6  d8 e1 f7 0c 97 f9 0f d1  |L7Z.P...........|
-000001d0  4f 5a 47 b4 1c 0a 1b 0a  ff bc 5d 08 7d ef b7 e6  |OZG.......].}...|
-000001e0  72 35 40 12 02 cc ed 48  19 ff e6 c8 e2 90 30 42  |r5@....H......0B|
-000001f0  04 bc 3a d0 a1 27 c6 c2  c8 b1 ab 48 a8 ff b2 c4  |..:..'.....H....|
-00000200  2e 1b 3b 9d 14 01 01 2e  53 1d 0c f7 6a 8d 49 64  |..;.....S...j.Id|
-00000210  5a bf 6e de 66 91 a8 97  2a 9f 2f 36 01 2e 33 2d  |Z.n.f...*./6..3-|
-00000220  de 5e a8 ba a1 66 fa 8a  18 c3 6e 33 a2 ab 3e 02  |.^...f....n3..>.|
-00000230  8b 25 21 dd 8b 9f de 4e  91 c9 14 dd 92 f0 4d b2  |.%!....N......M.|
-00000240  15 bf 44 89 8d 00 67 5e  01 c8 6d e7 44 3f 2b c6  |..D...g^..m.D?+.|
-00000250  cf 7a c1 4d fc b3 c1 81  f3 07 eb 6c 64 14 19 f1  |.z.M.......ld...|
-00000260  94 86 c0 c6 ea 95 35 c2  52 0e 67 37 74 df 27 c7  |......5.R.g7t.'.|
-00000270  76 1c 8e 2c 36 7d ef 71  c3 61 dd cb 8e 82 7b a1  |v..,6}.q.a....{.|
-00000280  78 c8 88 3c 90 31 17 7c  d6 f5 7c ed 67 64 ed 16  |x..<.1.|..|.gd..|
-00000290  bf 59 78 ee ee 6c 3e 3c  bd ba 29 21 23 15 50 68  |.Yx..l><..)!#.Ph|
-000002a0  40 23 ea b7 0f 03 9d 84  52 23 57 c1 dd 03 26 55  |@#......R#W...&U|
-000002b0  01 3d 46 ff 15 d0 08 fb  e1 a5 90 ac c2 e8 c8 18  |.=F.............|
-000002c0  96 e4 79 9a 0f 09 25 71  9a a0 fa 43 08 9a ca a4  |..y...%q...C....|
-000002d0  f8 8d cd f9 4f d4 d3 50  4e d2 5e 41 3a e0 e7 2e  |....O..PN.^A:...|
-000002e0  60 c6 70 8e 10 20 68 a3  8f ac 68 22 14 a2 54 5c  |`.p.. h...h"..T\|
-000002f0  ee 37 94 68 ff 93 cb 21  6b 2d 61 a3 ba 95 08 15  |.7.h...!k-a.....|
-00000300  cc 2d f1 be 22 3d 7b 02  63 01 c2 9a 88 37 aa 76  |.-.."={.c....7.v|
-00000310  2c 98 d1 17 03 03 00 99  21 4e 58 2e 4f 2b 3c c6  |,.......!NX.O+<.|
-00000320  2e ad 3b 8b d2 bf 54 81  ca 81 c6 7d 8c 40 62 cd  |..;...T....}.@b.|
-00000330  6a 42 6b 4a 81 b9 81 ce  dc c2 e8 3e 63 79 c8 2c  |jBkJ.......>cy.,|
-00000340  2c 8c 06 eb 70 2c 04 e1  62 6a 56 6e 72 c4 c8 69  |,...p,..bjVnr..i|
-00000350  39 39 c3 c2 94 3c bd 6f  cf 47 50 bb 8f d7 8e ac  |99...<.o.GP.....|
-00000360  68 4b 0b 06 e9 6a 44 68  fa 0e 0e 42 82 37 2a 1f  |hK...jDh...B.7*.|
-00000370  7d 0a 29 0a 18 f4 4f 5b  39 7f 40 9d 63 fe 20 b8  |}.)...O[9.@.c. .|
-00000380  6e 4a 64 9d 5f 18 68 16  6e 26 e1 5c 42 c8 0b 74  |nJd._.h.n&.\B..t|
-00000390  43 66 5a 9f 1e 32 2d bd  f3 2f 45 86 c4 e3 d2 c3  |CfZ..2-../E.....|
-000003a0  85 2e 7e ad 29 26 f8 f5  de f6 5c b2 c2 3f d1 61  |..~.)&....\..?.a|
-000003b0  6a 17 03 03 00 35 59 e1  a3 78 46 e2 7f db 1e a6  |j....5Y..xF.....|
-000003c0  28 ea 50 8a f5 33 1d eb  49 ef b3 34 ea 6a f8 76  |(.P..3..I..4.j.v|
-000003d0  69 70 ac d1 49 77 79 19  2c 2d 7c 95 9c e0 b7 c0  |ip..Iwy.,-|.....|
-000003e0  d2 6c d6 dd 3d ee 5a 89  0c 7b 66                 |.l..=.Z..{f|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 74  |..+.....3.$... t|
+00000060  4e d7 36 eb 1f e1 51 c6  8e 48 2d c4 67 e8 c1 d5  |N.6...Q..H-.g...|
+00000070  32 2b 4b 64 77 43 ee 04  eb 9c 07 03 45 4f 25 14  |2+KdwC......EO%.|
+00000080  03 03 00 01 01 17 03 03  00 17 c5 a9 04 f5 f0 9c  |................|
+00000090  db 59 34 64 cb 01 0d 41  fe c9 75 76 f5 0c 43 f0  |.Y4d...A..uv..C.|
+000000a0  af 17 03 03 02 6d 85 7c  c1 3f 80 ae 73 7a 81 6a  |.....m.|.?..sz.j|
+000000b0  cc ec 35 79 a9 6c b4 81  4b 11 2e a1 4b 59 23 9b  |..5y.l..K...KY#.|
+000000c0  fc ad 8a e6 ec 39 f8 db  cc f9 36 c7 93 25 47 38  |.....9....6..%G8|
+000000d0  9e 1c f9 9e 88 25 96 e4  bc cf 9c 8e c7 d3 e3 e4  |.....%..........|
+000000e0  4b 9a 75 f1 fa d0 2b 46  a6 56 ff c2 59 16 77 8a  |K.u...+F.V..Y.w.|
+000000f0  f3 1f 31 14 0f cf b9 88  4b 21 7b d3 39 e5 96 82  |..1.....K!{.9...|
+00000100  bd 16 fb 6a af 12 29 b2  7a 0a 11 ae 90 9b 3c 34  |...j..).z.....<4|
+00000110  52 89 2d 4a b5 81 68 18  18 e4 c4 56 b7 76 c9 23  |R.-J..h....V.v.#|
+00000120  5d 0e 8e f4 a5 a4 63 a2  76 06 66 67 a8 96 cd d8  |].....c.v.fg....|
+00000130  3f cf bc 0d e5 c6 5c 27  7f 43 bf a8 b7 02 f9 24  |?.....\'.C.....$|
+00000140  ee b5 a1 09 63 d6 7c 5a  9b e0 f4 3b 99 f9 03 42  |....c.|Z...;...B|
+00000150  0a eb 55 f5 77 ee 38 70  6b de 27 63 47 2f ed 78  |..U.w.8pk.'cG/.x|
+00000160  f7 a1 39 d8 c4 4a 9c a8  2b 38 8c 3c c4 3c 8a 24  |..9..J..+8.<.<.$|
+00000170  63 7e df bc 9f 21 8e 04  9e 53 ce 0a 46 99 87 3d  |c~...!...S..F..=|
+00000180  80 70 cc 27 05 82 2a dc  7b bb 03 e9 84 6f 18 ca  |.p.'..*.{....o..|
+00000190  4d be b1 73 06 72 27 1e  80 c0 84 73 69 39 07 b3  |M..s.r'....si9..|
+000001a0  72 81 09 9b 03 8d 97 36  a7 04 a7 08 01 94 d0 17  |r......6........|
+000001b0  6c 13 cd 9d 47 a9 81 b1  59 fd 90 1b 47 04 b5 30  |l...G...Y...G..0|
+000001c0  64 6a b6 f5 52 0f f8 41  83 0e e7 ee fc ac 7e f5  |dj..R..A......~.|
+000001d0  02 65 eb 12 1d 9a 0e cc  f1 4c 12 f9 17 98 4e 32  |.e.......L....N2|
+000001e0  27 24 41 15 bf 17 c2 ae  73 1c 45 19 7b 68 e5 74  |'$A.....s.E.{h.t|
+000001f0  07 6b 59 92 f3 a7 cc c0  c7 bb a4 60 d9 2d 17 e9  |.kY........`.-..|
+00000200  4f e0 90 0c 70 00 0e 75  55 78 37 0c 4b 16 06 78  |O...p..uUx7.K..x|
+00000210  bf cb 77 1c 8c 4b b3 f5  68 99 06 2d b7 50 a8 03  |..w..K..h..-.P..|
+00000220  54 36 85 33 41 1c 1a 16  16 bc f3 76 9f d9 65 c8  |T6.3A......v..e.|
+00000230  31 a5 f4 1f e1 ab 36 ac  33 54 bb fb f2 57 ec 46  |1.....6.3T...W.F|
+00000240  85 79 15 35 30 84 cc 8b  a6 bb d8 cf 6c 88 8b ab  |.y.50.......l...|
+00000250  d1 36 bd 2d 9a 11 6e 4d  09 5c 10 06 7e 26 23 b6  |.6.-..nM.\..~&#.|
+00000260  57 4a 18 dd 5b 0c 45 1c  4c 60 27 6d cf 77 1c 70  |WJ..[.E.L`'m.w.p|
+00000270  ef b9 81 af 02 fc 7b ca  80 0e 1f 48 ad 22 ce 33  |......{....H.".3|
+00000280  44 2f 28 47 a8 cd a3 98  e6 28 8e dc ac df b5 1c  |D/(G.....(......|
+00000290  34 47 8a 7a 98 c5 79 c9  38 ba 34 7e 76 63 51 3d  |4G.z..y.8.4~vcQ=|
+000002a0  ae 9b eb 2c bb 89 6d 01  cd 81 ab a4 b8 4f 27 82  |...,..m......O'.|
+000002b0  23 09 fb 9f b2 56 0f 7a  a3 f6 13 70 c3 6d 13 61  |#....V.z...p.m.a|
+000002c0  eb dd 39 da 99 8e a3 00  9e 7a 48 fe d8 78 c2 ff  |..9......zH..x..|
+000002d0  c9 ce 14 3f 37 8d 4d fb  80 6b 39 e6 cc f1 23 a0  |...?7.M..k9...#.|
+000002e0  e2 e5 cd 3d ed 07 80 85  ea 60 9d 6b e0 93 7f 53  |...=.....`.k...S|
+000002f0  89 94 32 b8 a1 4e f0 d7  33 f6 9c 07 48 f6 43 89  |..2..N..3...H.C.|
+00000300  3b 52 89 0f 31 98 a8 86  5b 2b c5 6c 0d 0c 26 04  |;R..1...[+.l..&.|
+00000310  9f 90 29 17 03 03 00 99  62 df 1f c6 0c 83 e0 8e  |..).....b.......|
+00000320  9e 30 43 4b 9b 63 c7 b7  96 bf 79 35 14 89 43 f6  |.0CK.c....y5..C.|
+00000330  5e e6 fb ec 28 6a 62 cc  64 4a e8 86 07 da 38 f3  |^...(jb.dJ....8.|
+00000340  30 c7 5a 98 78 fc e8 ee  ab 53 81 72 15 92 e1 1b  |0.Z.x....S.r....|
+00000350  d1 78 1d d3 7a 5b 7a c6  78 82 6e 8e ec a6 bd d7  |.x..z[z.x.n.....|
+00000360  8a da 12 68 64 65 2b ec  46 c4 b4 01 a8 e9 b6 00  |...hde+.F.......|
+00000370  67 b1 bf ac 26 7e 11 64  3d de 40 ae 57 8d 7d 07  |g...&~.d=.@.W.}.|
+00000380  3f 06 65 6c 92 10 42 b9  be 30 ef bd 26 a2 87 96  |?.el..B..0..&...|
+00000390  12 61 4a 56 3b 26 c1 d2  81 d3 71 d0 4c 6d 01 c3  |.aJV;&....q.Lm..|
+000003a0  a0 ec 55 96 0c 10 2a f6  9e 6c 99 78 5a 49 a8 50  |..U...*..l.xZI.P|
+000003b0  af 17 03 03 00 35 5e 78  9a 3e c9 92 b6 2d 32 1d  |.....5^x.>...-2.|
+000003c0  cd 16 ab da cd e7 93 0d  c2 90 a2 62 7b 3c 54 bb  |...........b{<T.|
+000003d0  73 dd 5a 8f f0 3d 3a e8  08 c5 a0 77 59 5c d5 db  |s.Z..=:....wY\..|
+000003e0  28 db 9a ef 03 72 e2 96  c4 77 eb                 |(....r...w.|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 38 8f 9d c3 39  |..........58...9|
-00000010  03 62 38 be b8 03 22 be  53 0a 0e ff 33 82 29 2a  |.b8...".S...3.)*|
-00000020  3e a5 4b d0 0e fe 6b c8  bc d8 07 71 77 ca 0f aa  |>.K...k....qw...|
-00000030  a9 8f 3e 6e 69 5d fc 37  0c 5a f6 1d 8b fc 46 8d  |..>ni].7.Z....F.|
-00000040  17 03 03 00 17 ac 0d 5d  2a 0b dd 2e 62 ab ac cc  |.......]*...b...|
-00000050  d6 43 d4 76 ea 52 62 7f  5b 10 93 63              |.C.v.Rb.[..c|
+00000000  14 03 03 00 01 01 17 03  03 00 35 a8 d6 93 8f 7e  |..........5....~|
+00000010  65 3a ee 6f c8 37 2a 27  14 dc b7 19 0e aa 14 b6  |e:.o.7*'........|
+00000020  22 21 2d ea f4 00 d1 60  55 c0 f1 56 db 43 7a f0  |"!-....`U..V.Cz.|
+00000030  1a 47 ce 93 d9 07 7e 61  43 92 3a 95 a9 54 7b c6  |.G....~aC.:..T{.|
+00000040  17 03 03 00 17 e6 e4 52  74 15 e2 18 d7 14 59 29  |.......Rt.....Y)|
+00000050  59 d8 ce 49 68 3a a8 79  9e f4 ee f1              |Y..Ih:.y....|
 >>> Flow 4 (server to client)
-00000000  17 03 03 00 16 e0 09 97  59 52 91 65 5a cd 3b d5  |........YR.eZ.;.|
-00000010  95 c6 be 7a c7 a8 48 a6  39 73 44                 |...z..H.9sD|
+00000000  17 03 03 00 16 e6 cd 54  e3 31 d9 70 20 25 f4 aa  |.......T.1.p %..|
+00000010  cd 8f fe e7 88 6b 7f 62  9b 7b de                 |.....k.b.{.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 12 d4 4b  bd d2 98 10 6a 72 29 bc  |.......K....jr).|
-00000010  6d c1 23 38 88 c3 7b d8  32 b6 7f                 |m.#8..{.2..|
+00000000  17 03 03 00 16 bd e9 c4  24 4a 6d 76 aa 83 bb da  |........$Jmv....|
+00000010  ec 9e d0 c9 38 cc 6b 3c  65 38 91                 |....8.k<e8.|
 >>> Flow 6 (server to client)
-00000000  17 03 03 00 1a 0c 7b fb  83 bb 87 60 52 4d fb b8  |......{....`RM..|
-00000010  c8 cf 95 98 80 60 87 f4  04 ee d1 0a 5d 57 51     |.....`......]WQ|
+00000000  17 03 03 00 1a 6a e1 ea  df 76 a9 fc 4a 80 7b 49  |.....j...v..J.{I|
+00000010  dd fa c3 87 e9 e7 c9 b3  ab bf bc a7 d8 cd 36     |..............6|
 >>> Flow 7 (client to server)
-00000000  17 03 03 00 1d b1 21 2b  13 dc 27 c2 50 07 61 8d  |......!+..'.P.a.|
-00000010  63 fa c3 1f 1b ab 19 77  a0 8b 97 5f 03 26 80 54  |c......w..._.&.T|
-00000020  04 00 17 03 03 00 13 91  28 90 11 9b f8 75 52 b8  |........(....uR.|
-00000030  de 14 32 09 9d 2b 77 bb  3c 5a                    |..2..+w.<Z|
+00000000  17 03 03 00 1d 1e c5 6f  93 48 41 07 03 e5 8c 6f  |.......o.HA....o|
+00000010  09 8e 2f 8e da cb 6e 01  e9 b8 6e f6 3f 59 5c 17  |../...n...n.?Y\.|
+00000020  91 46 17 03 03 00 13 35  33 12 5e d3 97 0a 1c 54  |.F.....53.^....T|
+00000030  cf 54 bb 7d 78 2e 57 a2  5b 39                    |.T.}x.W.[9|
diff --git a/testdata/Client-TLSv13-P256-ECDHE b/testdata/Client-TLSv13-P256-ECDHE
index 5add59da..410f0dd1 100644
--- a/testdata/Client-TLSv13-P256-ECDHE
+++ b/testdata/Client-TLSv13-P256-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 37 01 00 01  33 03 03 00 00 00 00 00  |....7...3.......|
+00000000  16 03 01 01 33 01 00 01  2f 03 03 00 00 00 00 00  |....3.../.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,90 +7,90 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 b8 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 b4 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
-000000a0  00 0a 00 04 00 02 00 17  00 0d 00 1a 00 18 08 04  |................|
+000000a0  00 0a 00 04 00 02 00 17  00 0d 00 16 00 14 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
-000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
-000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
-000000f0  01 00 33 00 47 00 45 00  17 00 41 04 1e 18 37 ef  |..3.G.E...A...7.|
-00000100  0d 19 51 88 35 75 71 b5  e5 54 5b 12 2e 8f 09 67  |..Q.5uq..T[....g|
-00000110  fd a7 24 20 3e b2 56 1c  ce 97 28 5e f8 2b 2d 4f  |..$ >.V...(^.+-O|
-00000120  9e f1 07 9f 6c 4b 5b 83  56 e2 32 42 e9 58 b6 d7  |....lK[.V.2B.X..|
-00000130  49 a6 b5 68 1a 41 03 56  6b dc 5a 89              |I..h.A.Vk.Z.|
+000000c0  06 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
+000000d0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
+000000e0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
+000000f0  47 00 45 00 17 00 41 04  1e 18 37 ef 0d 19 51 88  |G.E...A...7...Q.|
+00000100  35 75 71 b5 e5 54 5b 12  2e 8f 09 67 fd a7 24 20  |5uq..T[....g..$ |
+00000110  3e b2 56 1c ce 97 28 5e  f8 2b 2d 4f 9e f1 07 9f  |>.V...(^.+-O....|
+00000120  6c 4b 5b 83 56 e2 32 42  e9 58 b6 d7 49 a6 b5 68  |lK[.V.2B.X..I..h|
+00000130  1a 41 03 56 6b dc 5a 89                           |.A.Vk.Z.|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 9b 02 00 00  97 03 03 b4 cc 04 30 25  |..............0%|
-00000010  f5 36 2e 22 d7 f5 f2 46  5b 01 09 94 ec 5e 48 df  |.6."...F[....^H.|
-00000020  60 d5 70 b6 db 62 00 36  dc 66 cb 20 00 00 00 00  |`.p..b.6.f. ....|
+00000000  16 03 03 00 9b 02 00 00  97 03 03 1f 9f 7f 3f 27  |..............?'|
+00000010  c5 5c f2 f1 bb cc a2 89  0d 7f 66 6a ff 85 7e 55  |.\........fj..~U|
+00000020  ec 47 a6 5e 9c 09 00 ec  96 e2 a7 20 00 00 00 00  |.G.^....... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
 00000050  4f 00 2b 00 02 03 04 00  33 00 45 00 17 00 41 04  |O.+.....3.E...A.|
-00000060  a4 00 4f 38 9f 17 cc 91  60 06 78 48 40 f3 be ac  |..O8....`.xH@...|
-00000070  f4 09 3f b1 41 0d 60 66  50 d5 a8 2c bf a6 c6 c8  |..?.A.`fP..,....|
-00000080  ca fe ed 4b 3f 5f 51 eb  fb da 45 b2 ad d3 70 d4  |...K?_Q...E...p.|
-00000090  59 e5 ad 07 5a 02 2e f4  6b 01 7e 57 c5 b7 71 02  |Y...Z...k.~W..q.|
-000000a0  14 03 03 00 01 01 17 03  03 00 17 3c 06 c9 4d 5a  |...........<..MZ|
-000000b0  51 b5 51 d9 dc ae 31 6d  75 9b f8 6e c1 9f e1 48  |Q.Q...1mu..n...H|
-000000c0  d6 c4 17 03 03 02 6d 9c  e1 d2 b9 0e da 85 ab 4e  |......m........N|
-000000d0  48 10 60 40 e4 1e 47 22  6f 26 2c fc f8 39 70 0f  |H.`@..G"o&,..9p.|
-000000e0  34 c8 40 80 dd c4 2b 39  50 d2 9c 9c 13 88 61 9e  |4.@...+9P.....a.|
-000000f0  62 14 01 ac be 34 95 dd  46 b6 e9 13 36 8f 54 00  |b....4..F...6.T.|
-00000100  43 5f 34 61 88 df 09 85  c7 0f 36 f3 0d 22 ef 25  |C_4a......6..".%|
-00000110  71 01 a7 ba fa 8d 24 7d  03 34 cf 92 d4 37 be b3  |q.....$}.4...7..|
-00000120  8b 79 e4 12 6d 19 32 28  47 51 d4 ec 85 b9 e2 88  |.y..m.2(GQ......|
-00000130  60 54 9d b5 75 56 27 fe  db bb 2d c9 38 49 f9 dc  |`T..uV'...-.8I..|
-00000140  cf 3e 71 af 65 b7 c4 72  7a f9 69 d5 a3 d6 be aa  |.>q.e..rz.i.....|
-00000150  e9 79 fa ec e0 55 33 78  21 2f 2d 54 62 83 6c 77  |.y...U3x!/-Tb.lw|
-00000160  2d 1e c9 5a 97 b4 11 46  ca 0e ba 75 58 d4 c4 a0  |-..Z...F...uX...|
-00000170  49 d8 76 f1 f0 37 0c 30  c2 a8 86 78 a7 c5 24 00  |I.v..7.0...x..$.|
-00000180  6e bd 89 fb 6a e6 73 1e  11 b9 21 29 92 c2 fd 44  |n...j.s...!)...D|
-00000190  cd 84 25 e0 19 09 56 a8  65 73 01 f9 1d 26 ed 02  |..%...V.es...&..|
-000001a0  67 3c 8a 1d 53 d7 c2 ea  a4 0d dd 03 26 85 eb b8  |g<..S.......&...|
-000001b0  20 c9 06 64 76 24 9a 4a  96 44 48 78 2e 86 01 9c  | ..dv$.J.DHx....|
-000001c0  be a3 60 7e 6e 5b 56 30  c7 b4 2d ff 71 db 58 15  |..`~n[V0..-.q.X.|
-000001d0  86 22 84 fb 00 d3 96 1d  f5 5f e5 39 3a 51 cc 04  |."......._.9:Q..|
-000001e0  95 fd 49 f0 c2 cc 34 e1  0b 1d ba bb 62 f8 14 4d  |..I...4.....b..M|
-000001f0  aa 94 f0 09 b5 04 d3 b7  52 10 d2 ee 01 0c a0 68  |........R......h|
-00000200  62 83 4f 11 33 b9 1c b1  4e 23 09 e7 d1 c2 c9 a4  |b.O.3...N#......|
-00000210  de 63 c3 48 3f c7 51 9a  78 4c 2e e7 fa 2c bd 06  |.c.H?.Q.xL...,..|
-00000220  82 e8 2f 61 35 83 aa 92  8b de 76 fb 0b 5a a7 44  |../a5.....v..Z.D|
-00000230  07 6b 8f d9 de d6 dd 35  ec 08 44 31 97 15 9c 70  |.k.....5..D1...p|
-00000240  38 89 2d 06 5d 01 39 23  45 ce c1 98 ca 90 f6 4a  |8.-.].9#E......J|
-00000250  47 a2 d4 6a ea 9f bc 7e  ab 42 f5 b9 bd 54 44 0c  |G..j...~.B...TD.|
-00000260  b8 1c 34 10 53 80 ae fb  97 b5 64 75 2e c0 72 30  |..4.S.....du..r0|
-00000270  dc 4a 3d aa 73 25 42 be  18 da 7c ae 0b 31 b0 f9  |.J=.s%B...|..1..|
-00000280  55 d6 15 42 da bb e0 91  c9 ee bb b8 e3 6a ea f7  |U..B.........j..|
-00000290  bf ae 2d 29 c0 58 4f 61  0c 55 e5 07 78 aa d1 45  |..-).XOa.U..x..E|
-000002a0  76 8e e4 a9 d0 dd 49 29  7d f1 ab b8 82 39 31 23  |v.....I)}....91#|
-000002b0  4c d4 5f f4 18 e7 b0 70  5f 78 e3 22 65 3b 84 e7  |L._....p_x."e;..|
-000002c0  40 d7 cb b5 e3 8c 5d fa  77 cb 45 fa 57 c0 4c fd  |@.....].w.E.W.L.|
-000002d0  11 7c f1 80 fa 4c 51 d9  78 5d b6 cc 08 90 91 9a  |.|...LQ.x]......|
-000002e0  71 20 e3 50 ec 21 7e 0d  2d e5 97 12 4a 18 17 ab  |q .P.!~.-...J...|
-000002f0  a0 1f 74 75 71 6b 8b 81  ac 85 18 99 ad 75 88 4c  |..tuqk.......u.L|
-00000300  15 87 04 57 1e 78 10 13  4b 51 f2 e9 8a 76 17 77  |...W.x..KQ...v.w|
-00000310  32 92 6c 12 6c db 2e ef  c1 2d 18 64 e8 b1 62 79  |2.l.l....-.d..by|
-00000320  4c 8a d0 23 9a ac 14 ab  c3 9f d7 37 0c cb 57 29  |L..#.......7..W)|
-00000330  bd 89 d8 32 17 03 03 00  99 40 69 b7 6b 35 af 37  |...2.....@i.k5.7|
-00000340  fd 28 d7 52 34 fa 65 84  83 41 a8 cd d9 5d e7 68  |.(.R4.e..A...].h|
-00000350  41 9b 39 7c f8 ef cf d8  8d 50 b9 2a 11 13 df f2  |A.9|.....P.*....|
-00000360  3c b3 4c 4b 7d c5 a5 d6  cf f2 72 c8 ea 26 0b 90  |<.LK}.....r..&..|
-00000370  42 5e b3 44 da a6 7d 81  13 0f f6 eb 4d c4 98 65  |B^.D..}.....M..e|
-00000380  84 aa 47 bf ba b3 f5 57  3c 18 cd 8c b2 9d 3f eb  |..G....W<.....?.|
-00000390  0e 13 aa b2 ed 42 97 cd  3f f9 d0 b7 8c 1a 94 5c  |.....B..?......\|
-000003a0  63 c3 f8 45 be 91 61 c6  d9 01 bd 88 d7 fa 15 6d  |c..E..a........m|
-000003b0  8c 48 87 6a 10 eb 43 39  66 a2 a4 cd ef 15 db 4f  |.H.j..C9f......O|
-000003c0  0d da 85 48 81 af d1 60  4b bc b9 03 a9 c5 c0 7b  |...H...`K......{|
-000003d0  9a 60 17 03 03 00 35 9a  10 8d b7 6a 5c 8e 16 96  |.`....5....j\...|
-000003e0  0a d3 2d 81 4f 3c 47 f5  bc f8 cd 92 c0 17 07 89  |..-.O<G.........|
-000003f0  28 82 42 9f f2 b0 c5 99  4f a3 33 46 f8 ea 7a b7  |(.B.....O.3F..z.|
-00000400  9e e9 a0 d6 f2 45 7e 8b  f3 4d 80 d2              |.....E~..M..|
+00000060  f0 c5 09 c6 22 3f 23 06  65 c7 e2 1c f8 e7 c2 59  |...."?#.e......Y|
+00000070  a9 9f 00 3d 1a 48 fb b5  7f e4 ad 3d 4f 2d 91 d8  |...=.H.....=O-..|
+00000080  f4 2f d5 31 5c dc 2b 53  63 2b 25 1b 60 47 31 3a  |./.1\.+Sc+%.`G1:|
+00000090  30 72 d8 5d a4 60 9d 68  51 48 45 69 32 73 58 a5  |0r.].`.hQHEi2sX.|
+000000a0  14 03 03 00 01 01 17 03  03 00 17 e9 38 fa fe 25  |............8..%|
+000000b0  89 ba 85 3b 0e 66 1e 3f  b9 52 55 20 e0 3c 07 6f  |...;.f.?.RU .<.o|
+000000c0  2c 2f 17 03 03 02 6d cf  73 3f de 91 5b 86 ff 90  |,/....m.s?..[...|
+000000d0  ca a3 c9 ba e2 9e 56 53  fc 72 28 e5 98 1f 08 ca  |......VS.r(.....|
+000000e0  6d 0e 80 96 d2 45 74 33  3b 45 ee 2b ab 12 94 57  |m....Et3;E.+...W|
+000000f0  be 00 7e f6 14 93 64 62  7b 0d 81 0e 79 8b 63 49  |..~...db{...y.cI|
+00000100  36 8a 67 5c bb 33 72 fa  73 0d e1 ab 66 58 fa a3  |6.g\.3r.s...fX..|
+00000110  dd 66 c2 bb 0e 64 82 39  59 e1 a0 e1 5c 84 b1 b6  |.f...d.9Y...\...|
+00000120  0d 60 94 f2 ff 94 39 72  62 45 cd f6 d8 f3 33 b5  |.`....9rbE....3.|
+00000130  20 99 29 c8 d5 ba 8c 49  cb 29 54 e9 cf 7e 26 1f  | .)....I.)T..~&.|
+00000140  25 96 41 93 82 4c 38 15  0d 0c 6d 7f 89 51 7f 43  |%.A..L8...m..Q.C|
+00000150  9d 04 3a 1a 58 86 97 4e  0c 29 c0 2e f0 e7 78 42  |..:.X..N.)....xB|
+00000160  f0 b4 11 cb 50 ec 45 62  c5 0a 42 11 cc aa c4 d4  |....P.Eb..B.....|
+00000170  33 15 ee 43 e1 80 6f 46  16 ea 30 27 09 d1 34 e6  |3..C..oF..0'..4.|
+00000180  59 f7 b0 e0 6f ea 51 bd  02 79 17 06 3f 84 75 08  |Y...o.Q..y..?.u.|
+00000190  63 91 b3 58 d3 1c 61 47  bf d9 2a 9e 11 75 b2 5e  |c..X..aG..*..u.^|
+000001a0  7e 09 62 f2 3c ba 63 4b  2b 09 c4 90 b5 78 9a c4  |~.b.<.cK+....x..|
+000001b0  be 35 9b 7f e3 11 5a 82  d8 50 b3 67 20 7a 53 ec  |.5....Z..P.g zS.|
+000001c0  cb f9 1a b3 b3 b6 b6 39  1b f1 fe 7a 28 27 9c ed  |.......9...z('..|
+000001d0  25 35 f4 f1 21 11 eb 33  61 64 1d 54 eb ef c3 d0  |%5..!..3ad.T....|
+000001e0  2c 0d 76 0d 7e 90 3f 8d  a4 d0 b5 d9 27 49 c7 fc  |,.v.~.?.....'I..|
+000001f0  cc 59 8c c5 af 59 fc 09  98 63 9c fb 63 d8 09 6f  |.Y...Y...c..c..o|
+00000200  55 2d 1f d2 c7 83 5f 3d  ae 00 ef ca 27 03 9d b9  |U-...._=....'...|
+00000210  00 03 c5 c7 e5 2d 91 47  b0 6c 67 2a 09 3e bc 57  |.....-.G.lg*.>.W|
+00000220  a3 02 3f cf b2 88 d8 3d  25 c5 e1 0e 2b a2 b7 5f  |..?....=%...+.._|
+00000230  57 18 5c eb 8e ae 5f d6  5f 11 1b 5c 48 3b f5 84  |W.\..._._..\H;..|
+00000240  b0 6e 29 3e 58 71 36 6e  66 6e e0 d0 98 b0 1b 84  |.n)>Xq6nfn......|
+00000250  ca 8c 53 83 86 ca 26 7a  15 6b 6a 7c 61 91 55 45  |..S...&z.kj|a.UE|
+00000260  58 cb bd b2 df df 78 22  83 36 8e 4f b6 40 70 ea  |X.....x".6.O.@p.|
+00000270  d1 72 33 7d 85 00 01 48  f1 75 73 db b3 aa 1d da  |.r3}...H.us.....|
+00000280  78 c9 e3 37 7c 1c 52 74  62 6c f6 eb af af 0b 2d  |x..7|.Rtbl.....-|
+00000290  ef d4 85 3d 9f 48 de 5c  4a 6e 24 69 b9 7b 87 e7  |...=.H.\Jn$i.{..|
+000002a0  62 3c 26 67 8a 52 b2 73  66 90 56 07 6f ec 14 62  |b<&g.R.sf.V.o..b|
+000002b0  88 15 20 e6 27 59 d4 cf  0e f0 59 cd cb 8e bd e5  |.. .'Y....Y.....|
+000002c0  ca 10 39 40 54 a5 57 4e  99 70 93 b4 86 60 5f f1  |..9@T.WN.p...`_.|
+000002d0  70 f5 d7 21 ef f2 11 b2  da 7a 7f 27 a8 6b fe 7f  |p..!.....z.'.k..|
+000002e0  e4 eb 35 9c d5 24 ef 70  4b 3c ed bd 9b b9 b9 f3  |..5..$.pK<......|
+000002f0  50 a4 61 7f 24 d0 8c 7f  4f 48 09 4f 1e 26 fb 46  |P.a.$...OH.O.&.F|
+00000300  ec c2 84 12 a5 6a 5f 19  f0 03 cc 50 cc 07 26 23  |.....j_....P..&#|
+00000310  58 6e 68 d8 20 ae eb db  2f be a6 7b a8 ed 86 20  |Xnh. .../..{... |
+00000320  61 07 03 47 e5 19 9b a7  0d 27 e0 56 9f 2a d5 19  |a..G.....'.V.*..|
+00000330  e7 b3 39 07 17 03 03 00  99 3a 9b b2 61 6a 40 3a  |..9......:..aj@:|
+00000340  46 a8 0b 50 e3 95 d2 80  5f 5a 08 c3 54 2e 47 ac  |F..P...._Z..T.G.|
+00000350  f1 83 07 13 21 7f 5e 4e  1b 67 66 cc 38 a7 f3 91  |....!.^N.gf.8...|
+00000360  f0 5f ac 9a 39 55 de bf  02 30 2a 87 35 85 f8 1d  |._..9U...0*.5...|
+00000370  32 3a 8c f8 90 6a 22 21  b2 e8 87 5e 54 6a 45 de  |2:...j"!...^TjE.|
+00000380  74 ff 6d 37 00 92 07 6c  09 13 c1 5e 68 bc 28 80  |t.m7...l...^h.(.|
+00000390  d6 24 e5 32 fc 13 ee 68  68 91 9a e6 15 74 21 7d  |.$.2...hh....t!}|
+000003a0  2d b2 c8 f5 1d 05 69 5c  80 ee 8b 7c 3e 23 be 35  |-.....i\...|>#.5|
+000003b0  d4 54 3c 52 66 2a f1 12  98 5d 3a 3f 44 26 84 d8  |.T<Rf*...]:?D&..|
+000003c0  9a 06 04 c5 35 ec 95 fd  a5 9d b1 b3 ed 3b ff 4b  |....5........;.K|
+000003d0  12 65 17 03 03 00 35 cc  f6 8e 3c 7e 29 4c ad 30  |.e....5...<~)L.0|
+000003e0  1a b7 a2 b1 f0 82 bd 42  0e 7f d6 a2 3a c3 6e a0  |.......B....:.n.|
+000003f0  1b 7f cf fa e2 21 81 1a  7a 31 fa 90 37 3c 8a e5  |.....!..z1..7<..|
+00000400  02 a5 d9 88 f8 50 05 88  81 4f a5 65              |.....P...O.e|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 5e d8 a7 91 d2  |..........5^....|
-00000010  39 b1 74 e8 a4 a2 02 97  c9 23 be a2 40 f8 94 39  |9.t......#..@..9|
-00000020  4b e8 ed 35 6c 8e 23 ce  da 32 90 93 50 f6 80 75  |K..5l.#..2..P..u|
-00000030  43 91 9c 90 09 b5 bb 7d  ab 56 53 0c a8 95 a5 c3  |C......}.VS.....|
-00000040  17 03 03 00 17 7e 95 f6  cc 40 0f 64 9f 6b d6 63  |.....~...@.d.k.c|
-00000050  29 28 6d 21 12 c4 70 6f  dd 69 ad d1 17 03 03 00  |)(m!..po.i......|
-00000060  13 8a b3 a5 7b 42 fe 41  be 86 57 03 16 d4 f1 25  |....{B.A..W....%|
-00000070  95 8d 2b f7                                       |..+.|
+00000000  14 03 03 00 01 01 17 03  03 00 35 70 3d 2c 7e 6a  |..........5p=,~j|
+00000010  d9 c5 58 7b 1d b5 d8 af  9e ca b8 30 2a 9b c3 c8  |..X{.......0*...|
+00000020  fa 1c 76 f0 64 f8 4c 01  24 19 18 b2 2e 70 b9 e1  |..v.d.L.$....p..|
+00000030  d3 45 96 e7 08 7e 7b c8  7d 1a c8 b7 87 13 9d 1d  |.E...~{.}.......|
+00000040  17 03 03 00 17 3f 62 68  a3 27 6c c3 12 33 ed e6  |.....?bh.'l..3..|
+00000050  0e 87 e6 c4 3e 63 55 2a  15 11 aa 35 17 03 03 00  |....>cU*...5....|
+00000060  13 f8 81 0f 72 73 8b d0  14 af fe f2 9d b7 c7 fd  |....rs..........|
+00000070  16 17 b9 60                                       |...`|
diff --git a/testdata/Client-TLSv13-X25519-ECDHE b/testdata/Client-TLSv13-X25519-ECDHE
index c10e6c91..9e53626d 100644
--- a/testdata/Client-TLSv13-X25519-ECDHE
+++ b/testdata/Client-TLSv13-X25519-ECDHE
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 16 01 00 01  12 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 12 01 00 01  0e 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,86 +7,86 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 97 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 93 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
-000000a0  00 0a 00 04 00 02 00 1d  00 0d 00 1a 00 18 08 04  |................|
+000000a0  00 0a 00 04 00 02 00 1d  00 0d 00 16 00 14 08 04  |................|
 000000b0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
-000000c0  06 03 02 01 02 03 00 32  00 1a 00 18 08 04 04 03  |.......2........|
-000000d0  08 07 08 05 08 06 04 01  05 01 06 01 05 03 06 03  |................|
-000000e0  02 01 02 03 00 2b 00 09  08 03 04 03 03 03 02 03  |.....+..........|
-000000f0  01 00 33 00 26 00 24 00  1d 00 20 2f e5 7d a3 47  |..3.&.$... /.}.G|
-00000100  cd 62 43 15 28 da ac 5f  bb 29 07 30 ff f6 84 af  |.bC.(.._.).0....|
-00000110  c4 cf c2 ed 90 99 5f 58  cb 3b 74                 |......_X.;t|
+000000c0  06 03 00 32 00 1a 00 18  08 04 04 03 08 07 08 05  |...2............|
+000000d0  08 06 04 01 05 01 06 01  05 03 06 03 02 01 02 03  |................|
+000000e0  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 33 00  |.+............3.|
+000000f0  26 00 24 00 1d 00 20 2f  e5 7d a3 47 cd 62 43 15  |&.$... /.}.G.bC.|
+00000100  28 da ac 5f bb 29 07 30  ff f6 84 af c4 cf c2 ed  |(.._.).0........|
+00000110  90 99 5f 58 cb 3b 74                              |.._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 97 02 8a b6 20  |....z...v...... |
-00000010  f7 b6 e4 eb 5b eb f8 c0  ea 29 ad 6a cb 1a 0a d7  |....[....).j....|
-00000020  40 a5 e7 dd 1d 75 88 61  b4 92 2b 20 00 00 00 00  |@....u.a..+ ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 5a 42 7b 30 69  |....z...v..ZB{0i|
+00000010  87 6c 87 6a 9c c4 4f 41  b5 18 58 d5 7a 1d 7d da  |.l.j..OA..X.z.}.|
+00000020  92 29 4c dd 57 6b 4d 0c  f9 7c 74 20 00 00 00 00  |.)L.WkM..|t ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 b3  |..+.....3.$... .|
-00000060  73 c5 08 81 cd 33 2e 44  42 46 70 03 40 b1 cf 44  |s....3.DBFp.@..D|
-00000070  39 17 fa 84 e2 44 0e 37  f5 d1 3a a7 3c ca 5d 14  |9....D.7..:.<.].|
-00000080  03 03 00 01 01 17 03 03  00 17 29 94 4c 54 36 71  |..........).LT6q|
-00000090  24 9c 5c 24 f2 e7 85 50  b7 fd cb 8c db 28 14 f7  |$.\$...P.....(..|
-000000a0  f9 17 03 03 02 6d c7 4c  08 32 d5 0f 28 ec e9 4f  |.....m.L.2..(..O|
-000000b0  08 45 1d cb 93 c8 61 47  1d 6b c9 ef 33 25 e0 07  |.E....aG.k..3%..|
-000000c0  14 18 d9 ec 1b 6f 5a e1  d1 8c 9d ad 2d 46 0f b8  |.....oZ.....-F..|
-000000d0  c7 f7 0d f8 e7 86 3d 70  8d e1 ce 78 a0 3a cc 36  |......=p...x.:.6|
-000000e0  26 f0 e2 49 99 24 dd 61  c7 ae cd 10 4c 59 09 8a  |&..I.$.a....LY..|
-000000f0  43 26 35 2a b7 64 45 53  60 13 17 e6 7d 59 b7 4b  |C&5*.dES`...}Y.K|
-00000100  90 57 88 d9 21 8b d8 7d  bc 00 9e f7 bf 89 a9 d0  |.W..!..}........|
-00000110  5e 2d 17 2c cd ff cb cd  93 e8 a1 55 b7 11 fe b5  |^-.,.......U....|
-00000120  29 62 3f 6a 4c 41 ba 31  a9 ba 7a 54 7b 16 be 73  |)b?jLA.1..zT{..s|
-00000130  d4 17 35 e3 35 f2 41 a0  af d5 c7 b8 0b ea 79 bc  |..5.5.A.......y.|
-00000140  ff 2c 48 d4 2a 8b 86 e8  42 f5 75 50 31 09 4c f4  |.,H.*...B.uP1.L.|
-00000150  b8 c4 6c f4 24 9b 53 06  5c 2e c1 f0 37 22 51 9f  |..l.$.S.\...7"Q.|
-00000160  12 a1 4d 06 c8 0d 11 e4  5b 5d 72 ed f1 c2 8d 64  |..M.....[]r....d|
-00000170  74 63 0f 4e d3 9a 92 f6  68 47 36 53 5a 19 90 bc  |tc.N....hG6SZ...|
-00000180  7e de e9 05 73 5b 13 80  92 bb f4 ff 6d 4e e5 1c  |~...s[......mN..|
-00000190  40 b6 29 f3 34 0f 3c 7b  06 af 54 14 67 cb 43 43  |@.).4.<{..T.g.CC|
-000001a0  ad 30 68 a9 d1 09 29 43  02 01 ba 6e 87 e5 7a 75  |.0h...)C...n..zu|
-000001b0  67 53 54 cf bf 33 d9 f1  ca fa 63 cf 04 87 00 c6  |gST..3....c.....|
-000001c0  82 ab 0e a7 4e 8f 00 ad  0b 64 2e 87 3c 07 d7 a1  |....N....d..<...|
-000001d0  1d 4c 68 b5 78 e0 83 1f  5e d3 21 35 ed bb ca 8a  |.Lh.x...^.!5....|
-000001e0  91 cf 39 ec 74 c5 e4 51  2b 00 cf 3b 71 e1 ba af  |..9.t..Q+..;q...|
-000001f0  e6 c6 29 cc cf 8f a3 23  89 ae 3c 0f d0 47 e7 29  |..)....#..<..G.)|
-00000200  d4 11 7e 62 57 3a ee 7a  42 98 0d 53 1b 14 a7 45  |..~bW:.zB..S...E|
-00000210  12 15 8c 0b 9d 32 1d 9e  f3 a1 31 b5 34 c5 d8 03  |.....2....1.4...|
-00000220  69 df 1f ab a4 4e 01 d7  35 f7 3e 83 3d 7b 7e cc  |i....N..5.>.={~.|
-00000230  30 cd 8a 3b 9e 80 1b 5c  cc 48 2d 92 37 b8 5d 23  |0..;...\.H-.7.]#|
-00000240  8b 43 9e 1e 6d 60 04 7f  91 b1 7f 7d 4a ff 3f 5f  |.C..m`.....}J.?_|
-00000250  e8 e4 49 9e 48 04 69 20  5d e9 13 3a 61 23 fa 4e  |..I.H.i ]..:a#.N|
-00000260  31 f9 d6 3e cd fc 20 e2  14 d7 2d 47 63 7b e5 fd  |1..>.. ...-Gc{..|
-00000270  20 01 9c f4 b3 82 1f 56  60 f5 7c e2 2a 70 64 91  | ......V`.|.*pd.|
-00000280  75 75 68 fb 61 08 72 83  fc 4f a0 75 3a 2d ff f8  |uuh.a.r..O.u:-..|
-00000290  c9 1b 02 bf cf 84 fd 5e  ab dd 01 28 de d9 d8 1c  |.......^...(....|
-000002a0  78 7e a0 66 35 43 d5 54  08 66 41 74 df 43 b1 23  |x~.f5C.T.fAt.C.#|
-000002b0  f4 f1 3d 78 d0 d2 99 0d  99 c5 c1 f2 cf 86 74 29  |..=x..........t)|
-000002c0  10 31 10 4e 56 aa 90 0b  39 1f 7c 7d 6f f7 39 6b  |.1.NV...9.|}o.9k|
-000002d0  9b 4e 3c 3e 52 2f 7e 6f  6e 55 b5 64 58 08 7d dd  |.N<>R/~onU.dX.}.|
-000002e0  3b 79 08 b3 30 49 17 28  a0 6e 76 b3 38 54 56 19  |;y..0I.(.nv.8TV.|
-000002f0  f7 67 11 5f d5 54 c3 22  07 e8 83 c8 22 19 37 ab  |.g._.T."....".7.|
-00000300  8e 3a ed 07 47 02 b8 4f  03 6c ca e1 16 20 a0 b6  |.:..G..O.l... ..|
-00000310  43 d9 39 17 03 03 00 99  26 fb 79 ee 89 6d e8 ce  |C.9.....&.y..m..|
-00000320  89 95 ec 7d a2 19 ab 24  b7 b5 49 00 de ae a3 29  |...}...$..I....)|
-00000330  00 ce bf 8d 71 42 c2 dc  ae 65 ed 84 a3 af 1b d9  |....qB...e......|
-00000340  64 0a fa 49 b6 5e a9 64  bb 91 43 25 65 df 06 ee  |d..I.^.d..C%e...|
-00000350  90 a9 c9 48 99 c2 b6 0d  91 91 77 70 3b ca 58 a4  |...H......wp;.X.|
-00000360  c7 e8 fd 01 67 7c b3 ea  8e b9 9d c5 4c cf 55 67  |....g|......L.Ug|
-00000370  09 23 99 e7 2d ff 54 4b  e4 56 d5 24 72 a9 1b 03  |.#..-.TK.V.$r...|
-00000380  bc 4c d9 c8 37 f2 0b 62  88 4e 89 05 db 11 0f 3a  |.L..7..b.N.....:|
-00000390  9f 8b a7 4f a4 0a 89 d5  c8 df 11 06 af 73 71 38  |...O.........sq8|
-000003a0  bd 2f 97 15 24 b6 54 ca  bb 1c 3c e1 16 ad eb c6  |./..$.T...<.....|
-000003b0  64 17 03 03 00 35 b8 1c  a1 16 59 5c 46 6e 4c 3f  |d....5....Y\FnL?|
-000003c0  3c 79 d0 1f 4f 8a c8 49  49 6e 7e 53 de fb 43 99  |<y..O..IIn~S..C.|
-000003d0  c8 a8 3d ab 1e a4 05 de  34 0a 85 9e 9c 3e 33 2d  |..=.....4....>3-|
-000003e0  3b 78 12 70 cc 3e cf f6  36 47 23                 |;x.p.>..6G#|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 f5  |..+.....3.$... .|
+00000060  7b aa 52 58 70 5a dd 9b  db b3 b8 17 02 fc db e4  |{.RXpZ..........|
+00000070  b2 9d a2 e7 77 aa c1 d9  f9 a8 87 65 b8 c2 38 14  |....w......e..8.|
+00000080  03 03 00 01 01 17 03 03  00 17 cf 0f a3 89 ff 85  |................|
+00000090  ce 6f aa 9e 41 c6 cc e0  bb 9c dd f2 6c 2b f6 4f  |.o..A.......l+.O|
+000000a0  e5 17 03 03 02 6d eb 5d  f8 b5 8a 60 c3 af a8 03  |.....m.]...`....|
+000000b0  a7 55 8c 85 ee 94 9c 31  d5 2e de 80 71 70 c0 9d  |.U.....1....qp..|
+000000c0  9a b2 c6 fd 82 1f 72 09  3c eb 2d 38 3f 3a cd fd  |......r.<.-8?:..|
+000000d0  c2 6d b5 0a 30 20 4b 6c  64 26 e9 e2 f2 1f 27 da  |.m..0 Kld&....'.|
+000000e0  ed 81 98 fe 58 3e 27 f9  af 91 cf 90 b8 c2 a8 f0  |....X>'.........|
+000000f0  14 3c a1 5b 2e 60 55 34  73 f2 1d c2 24 df 09 55  |.<.[.`U4s...$..U|
+00000100  e5 5b b6 43 de d7 48 6b  cd 15 da 06 f1 b6 56 0b  |.[.C..Hk......V.|
+00000110  fb 7e 97 f4 40 2f 6b c9  5b 4d 0c 70 8d d5 1c 21  |.~..@/k.[M.p...!|
+00000120  d6 a2 4f ab e9 c7 cb 69  0e d0 86 d0 b8 1e c5 6b  |..O....i.......k|
+00000130  3d 2f 78 f7 ab fd db 06  5c 59 69 fe 74 69 2f c9  |=/x.....\Yi.ti/.|
+00000140  a0 36 e2 08 2e 42 23 05  da 89 33 e7 b5 c3 b2 5a  |.6...B#...3....Z|
+00000150  d4 7e 4c 99 1c 24 a8 62  9b 92 7d bb c0 e1 4a 90  |.~L..$.b..}...J.|
+00000160  72 83 4d b2 74 13 45 3f  ef 91 7c b0 c4 6b 4e f5  |r.M.t.E?..|..kN.|
+00000170  5c 3d 56 6f fe 96 63 c2  fe 2c 88 23 ab 92 08 bf  |\=Vo..c..,.#....|
+00000180  c5 08 25 81 a5 49 a6 5c  95 da 09 b2 c9 4b e0 f2  |..%..I.\.....K..|
+00000190  59 4e 5a 67 6b 71 c7 ba  69 ff a8 f5 6d 21 52 68  |YNZgkq..i...m!Rh|
+000001a0  05 d6 61 0e d6 67 d9 64  3d 26 a3 65 3c 55 11 42  |..a..g.d=&.e<U.B|
+000001b0  37 59 44 b8 a3 fa f0 58  95 a4 07 e2 d6 ee 7f 8a  |7YD....X........|
+000001c0  c8 b9 f5 ca 4c b1 58 67  a5 ce 1b e0 a2 ea 40 dd  |....L.Xg......@.|
+000001d0  e8 ca 26 59 24 61 2c c9  57 98 12 0c 57 c9 ed 17  |..&Y$a,.W...W...|
+000001e0  65 bb 08 59 8c 6f f6 52  4b 9b 83 e7 d2 b9 0f 71  |e..Y.o.RK......q|
+000001f0  a0 bd f9 5d a1 3c 35 87  18 de eb 0c a5 78 1c 64  |...].<5......x.d|
+00000200  98 0f 6c ad a4 2f b2 36  72 99 24 f2 dd 50 1b 5c  |..l../.6r.$..P.\|
+00000210  c5 54 f3 7b aa 89 2e 8b  1f 79 b6 70 ca cb 23 19  |.T.{.....y.p..#.|
+00000220  0c e8 6f 1b 05 3b 2b 48  26 51 15 5a 8b 66 86 5c  |..o..;+H&Q.Z.f.\|
+00000230  27 1a 11 0c 98 87 b0 ba  e3 24 4a b4 5b 01 17 e8  |'........$J.[...|
+00000240  43 ca 64 87 83 b1 28 33  09 e0 f7 66 7e f7 a1 d6  |C.d...(3...f~...|
+00000250  16 ee ab f4 3e cd 7d 14  b4 45 30 4c 2d 72 43 9f  |....>.}..E0L-rC.|
+00000260  4f a3 08 d2 7f 70 e9 31  7b c8 cd 77 fc 3e 82 70  |O....p.1{..w.>.p|
+00000270  48 ed 83 55 79 16 c1 8c  69 50 60 53 48 08 5b 66  |H..Uy...iP`SH.[f|
+00000280  fe 78 02 06 16 ba 02 90  85 11 7b 49 36 71 58 35  |.x........{I6qX5|
+00000290  46 7f fd 0f de dc 11 ae  3a bd df 79 93 f9 e3 8d  |F.......:..y....|
+000002a0  4c d8 c5 55 74 34 7f 01  dd 4d d5 ef ef 4e 3d d3  |L..Ut4...M...N=.|
+000002b0  31 94 3f 1c 9b 6c 44 d0  3b 73 d1 5f b4 b6 48 5d  |1.?..lD.;s._..H]|
+000002c0  16 ba 17 0b d0 f5 b4 16  18 1f 85 be dc f1 75 71  |..............uq|
+000002d0  17 f8 b0 8a f3 d2 80 24  d5 3b cd 58 f4 9b 03 e5  |.......$.;.X....|
+000002e0  64 c5 ae 5e 9a 25 d2 bb  a2 28 91 4b 2e 81 4d e4  |d..^.%...(.K..M.|
+000002f0  4e 25 57 12 fc 7a 87 36  66 0b 76 21 66 17 a0 e5  |N%W..z.6f.v!f...|
+00000300  0a f7 00 31 48 62 a9 70  f1 75 1b e0 78 c9 fa de  |...1Hb.p.u..x...|
+00000310  11 6f 3d 17 03 03 00 99  72 f9 ad 67 80 2a 9f 04  |.o=.....r..g.*..|
+00000320  a9 0a fb 6f 03 90 88 35  7f cb 97 5f 4e a2 1e a8  |...o...5..._N...|
+00000330  34 80 96 d1 60 b4 b4 12  ec c3 2b 15 c9 a0 f9 28  |4...`.....+....(|
+00000340  50 1c 53 1d fc 32 a2 c7  c0 03 58 1b 83 a6 ee 94  |P.S..2....X.....|
+00000350  2d 98 99 83 62 6a 52 a0  c5 42 94 4f 3a 26 2e 44  |-...bjR..B.O:&.D|
+00000360  7b 03 f5 2a 0e 9e 48 e4  2a 18 2e 9b 42 7f 34 d2  |{..*..H.*...B.4.|
+00000370  3c b2 92 52 cc 51 0e f0  fd c7 4d e6 d7 1b b2 44  |<..R.Q....M....D|
+00000380  99 48 e7 da 1e 43 37 d1  ac 80 c5 34 21 1b d8 0c  |.H...C7....4!...|
+00000390  9c 92 0d b4 27 b0 78 43  06 a2 90 42 c4 99 5e 5f  |....'.xC...B..^_|
+000003a0  a4 36 69 a5 a1 92 12 5e  51 47 7f ff 50 07 ac 8a  |.6i....^QG..P...|
+000003b0  35 17 03 03 00 35 86 65  34 2f d0 12 2a 0b 7c 50  |5....5.e4/..*.|P|
+000003c0  b4 c5 67 30 cc 4d cf 4f  f7 be a5 0d 2c b2 96 ae  |..g0.M.O....,...|
+000003d0  da 70 a3 74 c2 e7 9a 18  61 17 95 da 00 ac cc 89  |.p.t....a.......|
+000003e0  66 a1 e8 aa ca 8f 02 3c  b5 16 3d                 |f......<..=|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 59 5c b8 42 f1  |..........5Y\.B.|
-00000010  bb fc 65 3e 0a 8b 1c 70  be 4b 39 8c ae 0d 91 e1  |..e>...p.K9.....|
-00000020  82 b8 ad 51 1f f3 d4 06  13 33 96 71 27 96 1f f2  |...Q.....3.q'...|
-00000030  dd 6f ef 94 9b bb 56 bf  8a 59 2b 92 c9 01 b7 72  |.o....V..Y+....r|
-00000040  17 03 03 00 17 3a b4 c3  77 5b e6 98 a2 b4 3d f6  |.....:..w[....=.|
-00000050  83 fb f4 f5 6e f5 5f 5a  1e 5b 96 4c 17 03 03 00  |....n._Z.[.L....|
-00000060  13 3b 5f a0 57 f0 27 8d  dd 6a 36 fc 4c 33 86 f6  |.;_.W.'..j6.L3..|
-00000070  fe 8b 6f 5a                                       |..oZ|
+00000000  14 03 03 00 01 01 17 03  03 00 35 a0 a0 1c ae a9  |..........5.....|
+00000010  1a 1f 74 01 92 fe bf 91  c4 aa 8b f2 84 7e 39 c1  |..t..........~9.|
+00000020  cb f4 ae a8 76 0c de 9e  54 7f ca 4a a2 d3 07 ef  |....v...T..J....|
+00000030  8e ed 8a be 54 ad 76 fe  b6 62 24 4d a7 88 d5 7a  |....T.v..b$M...z|
+00000040  17 03 03 00 17 a2 d4 e7  78 ef 4a 2e 66 52 6f 2a  |........x.J.fRo*|
+00000050  e3 07 e0 9c fc 19 f6 f8  96 88 bb be 17 03 03 00  |................|
+00000060  13 43 01 14 16 42 27 8a  b9 a9 98 5f c7 06 4d 20  |.C...B'...._..M |
+00000070  8b c3 cb 33                                       |...3|
diff --git a/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
index 41ed6c4e..73d54e65 100644
--- a/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
+++ b/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 6d 01 00 00  69 03 03 5e 92 9d 30 27  |....m...i..^..0'|
-00000010  23 da fa a0 07 30 03 c8  bd 60 f2 db e9 5e b3 fc  |#....0...`...^..|
-00000020  65 d3 c5 e1 49 35 63 86  53 ec 87 00 00 04 00 2f  |e...I5c.S....../|
+00000000  16 03 01 00 6d 01 00 00  69 03 03 5e 1c 8d af f1  |....m...i..^....|
+00000010  4a ab 9d e1 c7 9c 85 c3  ab b8 84 84 ee 39 66 0b  |J............9f.|
+00000020  6d d7 b2 3b 7b bf 4e d1  90 a4 92 00 00 04 00 2f  |m..;{.N......../|
 00000030  00 ff 01 00 00 3c 00 16  00 00 00 17 00 00 00 0d  |.....<..........|
 00000040  00 30 00 2e 04 03 05 03  06 03 08 07 08 08 08 09  |.0..............|
 00000050  08 0a 08 0b 08 04 08 05  08 06 04 01 05 01 06 01  |................|
@@ -49,10 +49,10 @@
 00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
 00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
 00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 23 0d 00 00  |.\!.;.......#...|
-000002a0  1f 02 01 40 00 18 08 04  04 03 08 07 08 05 08 06  |...@............|
-000002b0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 00  |................|
-000002c0  16 03 03 00 04 0e 00 00  00                       |.........|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 1f 0d 00 00  |.\!.;...........|
+000002a0  1b 02 01 40 00 14 08 04  04 03 08 07 08 05 08 06  |...@............|
+000002b0  04 01 05 01 06 01 05 03  06 03 00 00 16 03 03 00  |................|
+000002c0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
 00000000  16 03 03 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
 00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
@@ -87,40 +87,40 @@
 000001e0  be e8 91 b3 da 1a f5 5d  a3 23 f5 26 8b 45 70 8d  |.......].#.&.Ep.|
 000001f0  65 62 9b 7e 01 99 3d 18  f6 10 9a 38 61 9b 2e 57  |eb.~..=....8a..W|
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
-00000210  03 03 00 86 10 00 00 82  00 80 02 50 e4 cc a3 ad  |...........P....|
-00000220  fb 33 24 a1 b3 0a 7c 0f  00 e6 1a 06 2b 9f 1e 1f  |.3$...|.....+...|
-00000230  cc b8 b2 80 90 e7 86 20  32 40 06 ac 1b b0 41 b7  |....... 2@....A.|
-00000240  0d 9c 4c 41 90 01 0b 7a  7e b2 b2 46 39 dc 51 25  |..LA...z~..F9.Q%|
-00000250  98 e0 b9 ec 36 fc 08 64  f0 51 2a 41 e1 e5 61 3d  |....6..d.Q*A..a=|
-00000260  fc 07 c1 9b 1f 6f 48 d4  1f 46 bf 14 e6 92 61 1a  |.....oH..F....a.|
-00000270  bd 5f 25 1f 5e b1 3c ac  c7 58 63 02 0d 3a e0 d6  |._%.^.<..Xc..:..|
-00000280  e9 39 fc ec 59 66 2e 91  b2 65 37 eb a8 b5 60 d9  |.9..Yf...e7...`.|
-00000290  49 05 9f 6f cc 71 79 bb  f7 68 16 03 03 00 93 0f  |I..o.qy..h......|
-000002a0  00 00 8f 04 03 00 8b 30  81 88 02 42 00 bd 6a 29  |.......0...B..j)|
-000002b0  21 06 1a e2 67 a1 7f 10  ab ca 3f 74 5a bc 2f 5d  |!...g.....?tZ./]|
-000002c0  53 d0 59 90 f2 d0 b4 2d  75 47 67 0b 67 55 b6 4f  |S.Y....-uGg.gU.O|
-000002d0  75 7d 32 d8 a7 25 c8 4c  90 0b 56 65 be 60 5d ee  |u}2..%.L..Ve.`].|
-000002e0  f7 b3 80 79 26 e5 25 1d  17 cc d8 36 fc 39 02 42  |...y&.%....6.9.B|
-000002f0  01 c3 32 d6 f2 59 9e 10  c8 bf 7f 74 27 a1 00 df  |..2..Y.....t'...|
-00000300  55 05 f0 b3 81 a1 6e 10  a6 fb 0b e4 1c 3f 62 02  |U.....n......?b.|
-00000310  c9 cc c2 4b 97 ad 0c 88  98 07 6c 98 6d db 9d 9f  |...K......l.m...|
-00000320  68 a0 56 ab 5f f9 a2 21  33 86 64 53 de 37 ff 68  |h.V._..!3.dS.7.h|
-00000330  04 9d 14 03 03 00 01 01  16 03 03 00 40 85 14 34  |............@..4|
-00000340  d6 74 a9 d0 0b e9 1f 34  a9 e9 6c cf 5a ac 88 22  |.t.....4..l.Z.."|
-00000350  51 4d ae 16 05 dd 9e c1  36 5e e3 cf b1 5a b5 48  |QM......6^...Z.H|
-00000360  6c 24 b1 d6 fb 7f 03 6a  98 41 90 de 6d c7 b2 49  |l$.....j.A..m..I|
-00000370  d9 a3 c7 45 ff 18 7c f7  a4 cf 05 59 87           |...E..|....Y.|
+00000210  03 03 00 86 10 00 00 82  00 80 b1 e6 1d 71 51 c1  |.............qQ.|
+00000220  3a bd 0a 32 95 14 0c 83  7a 2b ec 89 24 f2 29 d8  |:..2....z+..$.).|
+00000230  72 84 ae 13 33 90 58 93  b6 46 6c 54 11 54 5b d3  |r...3.X..FlT.T[.|
+00000240  59 da 02 4a de 2a 56 67  04 32 3b 44 6b ac 6d 6c  |Y..J.*Vg.2;Dk.ml|
+00000250  c5 de 9d b2 9e 7b ec 27  05 9d 47 6d a1 0b 50 71  |.....{.'..Gm..Pq|
+00000260  ea 19 cc 60 5e db 6c 2f  06 b7 6e ce 51 bf 93 a9  |...`^.l/..n.Q...|
+00000270  0e c7 85 c1 83 d2 ac fe  6a d2 a9 bd b3 54 4f 45  |........j....TOE|
+00000280  4b e4 40 68 fb 30 21 ec  1c fc 76 a6 db 8b e1 46  |K.@h.0!...v....F|
+00000290  8c 0c 56 1f c0 e5 9b 2c  54 eb 16 03 03 00 93 0f  |..V....,T.......|
+000002a0  00 00 8f 04 03 00 8b 30  81 88 02 42 01 11 9a de  |.......0...B....|
+000002b0  07 19 df 8b d0 56 e7 b5  b0 d2 d4 c1 32 58 93 88  |.....V......2X..|
+000002c0  ea a6 73 86 f9 e6 be b5  c5 1f d6 0d da 28 59 89  |..s..........(Y.|
+000002d0  21 73 fe e8 30 b9 f0 d1  01 d3 e0 54 79 a6 67 0d  |!s..0......Ty.g.|
+000002e0  84 88 94 2c b9 b6 0e 19  06 34 cc f1 5f 01 02 42  |...,.....4.._..B|
+000002f0  00 fe 02 83 e8 46 a8 5f  ef 5a f0 e1 6f 3f 73 b9  |.....F._.Z..o?s.|
+00000300  0f a1 64 db a7 c4 fb 1e  9f ac da 33 ac a2 7f ff  |..d........3....|
+00000310  64 c1 26 37 17 41 c0 5e  f4 37 5c 76 23 7d 92 3a  |d.&7.A.^.7\v#}.:|
+00000320  ea 35 7f 83 03 7b a4 65  44 5d fb 84 08 39 c7 90  |.5...{.eD]...9..|
+00000330  cc 4a 14 03 03 00 01 01  16 03 03 00 40 7b 06 98  |.J..........@{..|
+00000340  ff f7 d5 a1 68 60 23 25  bc df 12 27 7f 64 1e c8  |....h`#%...'.d..|
+00000350  bc 6d 26 28 29 d0 9f 56  6a f1 5b cd 4e 17 6c 32  |.m&()..Vj.[.N.l2|
+00000360  15 b9 7a 55 02 9b 66 1c  e3 97 40 26 69 7b e7 02  |..zU..f...@&i{..|
+00000370  b0 37 d1 ec ed 96 2e 92  5a 5f 90 c1 be           |.7......Z_...|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 63 1a 77 66 2a  |...........c.wf*|
-00000020  49 3a b2 17 83 74 e1 d9  70 96 de 01 84 09 f4 88  |I:...t..p.......|
-00000030  c3 e7 3b 65 11 6f 13 32  b8 b4 f4 41 ca 6a d6 d7  |..;e.o.2...A.j..|
-00000040  51 a3 a1 f0 2d 5b b4 55  29 f9 d3 17 03 03 00 40  |Q...-[.U)......@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 0f e2 df ef c7  |................|
+00000020  0e 11 83 70 ba a8 fa 90  e3 d5 df 76 dd 7a f1 63  |...p.......v.z.c|
+00000030  ca a3 12 c7 42 45 ae 1a  a3 0f 3b 4c 46 52 91 8e  |....BE....;LFR..|
+00000040  bf df 21 be cb ed 93 12  8a ba 88 17 03 03 00 40  |..!............@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  d7 30 0f 03 89 22 4c 19  5f 06 a7 4b 95 59 91 52  |.0..."L._..K.Y.R|
-00000070  2a 65 ab 99 cb 71 99 8b  13 82 44 92 6b ff 59 07  |*e...q....D.k.Y.|
-00000080  28 ca 01 68 ab ad ba ee  6c 6a 19 0b e5 6d 82 24  |(..h....lj...m.$|
+00000060  12 fd 68 02 2d 6e aa 2f  df e4 0b a1 2c 13 e1 23  |..h.-n./....,..#|
+00000070  f9 78 4b 18 a3 1f 28 78  4d f6 25 83 4c 0c 8c df  |.xK...(xM.%.L...|
+00000080  8b ed a9 b2 87 8c 95 e3  87 8e 71 ad d9 23 05 91  |..........q..#..|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 fc 07 f4  d4 bb 24 a3 f1 cf dc 3c  |..........$....<|
-000000b0  ac 14 63 50 32 34 fd 73  c0 eb f2 78 7b 3b ea 58  |..cP24.s...x{;.X|
-000000c0  cc 3e ff 7f e5                                    |.>...|
+000000a0  00 00 00 00 00 80 9a 8c  0e 27 b9 7a f9 61 a4 a6  |.........'.z.a..|
+000000b0  4e c9 24 02 ce 1c 93 5c  5a 7a c9 1e 5f b2 a1 9b  |N.$....\Zz.._...|
+000000c0  e3 0d 47 85 ab                                    |..G..|
diff --git a/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given b/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given
index f8cc9605..4ca8a034 100644
--- a/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given
+++ b/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 6d 01 00 00  69 03 03 8a fe ad ad 75  |....m...i......u|
-00000010  e4 8c bf bf b7 b6 66 14  92 eb 84 85 9c c8 a7 66  |......f........f|
-00000020  04 2a d0 63 5e a6 bf 85  e9 4f 49 00 00 04 00 2f  |.*.c^....OI..../|
+00000000  16 03 01 00 6d 01 00 00  69 03 03 73 b2 f2 a9 ed  |....m...i..s....|
+00000010  88 e0 79 65 b4 3b 58 0d  b2 d8 ab cf d7 12 12 c6  |..ye.;X.........|
+00000020  99 f9 36 75 d3 f8 3e 94  cf 39 25 00 00 04 00 2f  |..6u..>..9%..../|
 00000030  00 ff 01 00 00 3c 00 16  00 00 00 17 00 00 00 0d  |.....<..........|
 00000040  00 30 00 2e 04 03 05 03  06 03 08 07 08 08 08 09  |.0..............|
 00000050  08 0a 08 0b 08 04 08 05  08 06 04 01 05 01 06 01  |................|
@@ -49,10 +49,10 @@
 00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
 00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
 00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 23 0d 00 00  |.\!.;.......#...|
-000002a0  1f 02 01 40 00 18 08 04  04 03 08 07 08 05 08 06  |...@............|
-000002b0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 00  |................|
-000002c0  16 03 03 00 04 0e 00 00  00                       |.........|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 1f 0d 00 00  |.\!.;...........|
+000002a0  1b 02 01 40 00 14 08 04  04 03 08 07 08 05 08 06  |...@............|
+000002b0  04 01 05 01 06 01 05 03  06 03 00 00 16 03 03 00  |................|
+000002c0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 3c 0b 00 01  38 00 01 35 00 01 32 30  |....<...8..5..20|
 00000010  82 01 2e 30 81 e1 a0 03  02 01 02 02 10 17 d1 81  |...0............|
@@ -74,36 +74,36 @@
 00000110  8a 4e 34 40 39 d6 b3 10  dc 19 fe a0 22 71 b3 f5  |.N4@9......."q..|
 00000120  8f a1 58 0d cd f4 f1 85  24 bf e6 3d 14 df df ed  |..X.....$..=....|
 00000130  0e e1 17 d8 11 a2 60 d0  8a 37 23 2a c2 46 aa 3a  |......`..7#*.F.:|
-00000140  08 16 03 03 00 86 10 00  00 82 00 80 77 8b 9f 34  |............w..4|
-00000150  b4 db a7 0d 5b ed 1b 2f  4a 41 64 f5 ce 4a 00 7c  |....[../JAd..J.||
-00000160  91 32 b3 cf 61 18 41 04  ae fa 3b 14 de 19 0e 64  |.2..a.A...;....d|
-00000170  f9 ec 75 a6 48 7e 28 57  26 f5 1c 75 1d 42 73 fc  |..u.H~(W&..u.Bs.|
-00000180  11 51 2b ef e5 08 83 ac  17 ec 78 b8 5b 14 84 c9  |.Q+.......x.[...|
-00000190  bc 7f 22 fd 54 69 7a 82  36 c7 21 bc d6 04 c4 e7  |..".Tiz.6.!.....|
-000001a0  bc 48 c8 72 56 5d 1e 65  41 21 0a 26 85 a0 d8 c3  |.H.rV].eA!.&....|
-000001b0  50 f0 b6 07 25 ee 79 b8  f5 e6 17 85 d4 09 e7 d7  |P...%.y.........|
-000001c0  ab 8f 17 cb c2 13 a0 5a  50 cb e4 a7 16 03 03 00  |.......ZP.......|
-000001d0  48 0f 00 00 44 08 07 00  40 b7 24 50 46 db d4 8c  |H...D...@.$PF...|
-000001e0  68 17 f5 5e 79 a9 80 8c  40 23 92 33 4e 1e cc ee  |h..^y...@#.3N...|
-000001f0  d5 35 4d b8 2a 52 f0 7f  50 8e c6 d5 5f bc 08 35  |.5M.*R..P..._..5|
-00000200  a2 6d db cb 96 52 ec 92  c7 62 c7 59 ab d8 6f 9d  |.m...R...b.Y..o.|
-00000210  d7 46 35 71 28 41 89 59  02 14 03 03 00 01 01 16  |.F5q(A.Y........|
-00000220  03 03 00 40 3e 12 44 bc  c6 3d 88 71 ba d3 0c 26  |...@>.D..=.q...&|
-00000230  20 72 b0 7f 25 83 9f fd  77 c1 f5 1e 47 28 2e 60  | r..%...w...G(.`|
-00000240  53 e0 ac 52 e8 94 e4 87  90 3f af f3 a4 c0 d3 ba  |S..R.....?......|
-00000250  fe b7 06 54 f7 13 33 36  47 8f 5e 45 22 84 18 3a  |...T..36G.^E"..:|
-00000260  1f 14 21 85                                       |..!.|
+00000140  08 16 03 03 00 86 10 00  00 82 00 80 1c aa 0a c6  |................|
+00000150  76 22 2b bc 67 c7 db 5a  59 0c 2b 1d 1a 66 9b c5  |v"+.g..ZY.+..f..|
+00000160  55 ac 80 bf 23 11 68 96  82 df 44 cf bc 44 4f 54  |U...#.h...D..DOT|
+00000170  ce 0c 32 01 59 5e 3e a8  28 e1 33 7d 7d fb 2a 87  |..2.Y^>.(.3}}.*.|
+00000180  53 d1 32 25 b8 29 5a 5e  45 24 4d a8 47 58 bc 9c  |S.2%.)Z^E$M.GX..|
+00000190  6f f3 61 a9 ca e0 ad 32  88 04 1a da 83 ff fd 31  |o.a....2.......1|
+000001a0  84 65 9e 33 bb 79 d4 71  55 52 bc 57 fd 2e d5 98  |.e.3.y.qUR.W....|
+000001b0  46 b9 dc 74 58 7c c9 25  44 3c 07 97 5d bc 65 b5  |F..tX|.%D<..].e.|
+000001c0  b5 46 50 fa 52 f9 45 d7  0f f5 d2 4e 16 03 03 00  |.FP.R.E....N....|
+000001d0  48 0f 00 00 44 08 07 00  40 e2 1c ab 11 6c 52 e6  |H...D...@....lR.|
+000001e0  e8 7f 67 f0 6e 6a e4 a8  4f 25 89 31 d7 f8 dd 6f  |..g.nj..O%.1...o|
+000001f0  fd c7 84 e9 59 6b 77 b6  3b fb bc b3 d6 a7 96 4c  |....Ykw.;......L|
+00000200  2f 54 d2 cf 6b 06 5f a5  69 b6 85 0e a9 a2 90 aa  |/T..k._.i.......|
+00000210  c4 b2 89 17 b3 c7 b9 73  00 14 03 03 00 01 01 16  |.......s........|
+00000220  03 03 00 40 45 8d 48 5b  23 74 21 05 ae 22 ce c0  |...@E.H[#t!.."..|
+00000230  8a 05 9a 15 7e fb 61 73  dd 45 fd d0 97 a4 ca f5  |....~.as.E......|
+00000240  84 f0 01 c4 e4 44 78 c2  14 4f b6 27 0f e8 5a 9d  |.....Dx..O.'..Z.|
+00000250  69 7c 9b c4 c5 a3 4d 42  bf 2b 89 c6 a3 c2 ca 7a  |i|....MB.+.....z|
+00000260  d3 6c 5e 51                                       |.l^Q|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 d4 e6 b8 6f 53  |..............oS|
-00000020  6a d9 37 2b a4 95 9f 04  e5 99 2f f9 9a 16 fd a7  |j.7+....../.....|
-00000030  2d 39 d9 aa 7c 26 9e 44  4b 7f 8f d5 c6 24 4d ac  |-9..|&.DK....$M.|
-00000040  13 ca 8a 45 1e 66 dc 9a  bf 76 22 17 03 03 00 40  |...E.f...v"....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 d0 d7 ea c0 57  |...............W|
+00000020  b8 c4 0e ad 2b ba 7e f7  40 0e 92 42 0b c1 55 38  |....+.~.@..B..U8|
+00000030  89 ac d8 9f 46 96 89 c8  a0 06 e7 84 ac 42 6f a8  |....F........Bo.|
+00000040  e2 67 49 fe 5b 2f 66 3e  47 c3 14 17 03 03 00 40  |.gI.[/f>G......@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  3f 5c 60 f8 22 7b aa 82  38 c4 4a 2e 07 50 cb 6c  |?\`."{..8.J..P.l|
-00000070  3f 6f a9 39 bf 21 ce 7a  30 72 03 90 ec bc 9c 18  |?o.9.!.z0r......|
-00000080  1f a9 7f 82 3a d9 46 d9  d8 b8 77 65 e8 b3 e7 f5  |....:.F...we....|
+00000060  95 78 c4 75 cf 05 a9 ce  aa 85 0b 8e 4e fc 4b dc  |.x.u........N.K.|
+00000070  59 70 3e 68 85 68 97 9a  eb 22 22 3a 8c 61 91 a4  |Yp>h.h..."":.a..|
+00000080  89 06 bd 9e fc 8d 1d 4b  ed fe 4b d6 e7 0a 6e 2b  |.......K..K...n+|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 6d 29 d4  87 0a b4 1d b4 9d f4 12  |.....m).........|
-000000b0  bc 3d a3 1b 79 21 85 0d  e7 10 64 92 40 39 05 99  |.=..y!....d.@9..|
-000000c0  c8 a7 dd ef 0e                                    |.....|
+000000a0  00 00 00 00 00 92 d4 46  1f 6b d5 63 a7 95 0d c2  |.......F.k.c....|
+000000b0  2f a9 a2 5f 0d 70 8f a5  31 e3 5c 1d fa ac f6 2e  |/.._.p..1.\.....|
+000000c0  02 6d e8 9f 95                                    |.m...|
diff --git a/testdata/Server-TLSv12-ClientAuthRequestedAndGiven b/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
index cc6450a4..585e6af6 100644
--- a/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
+++ b/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 6d 01 00 00  69 03 03 e9 31 0f d0 25  |....m...i...1..%|
-00000010  ef 25 a7 1a 9b 8c 4b a3  ca 2b a6 54 89 1c e1 68  |.%....K..+.T...h|
-00000020  6f b2 b2 60 6f 8a dc 87  24 8c 7b 00 00 04 00 2f  |o..`o...$.{..../|
+00000000  16 03 01 00 6d 01 00 00  69 03 03 0e c0 95 b1 0b  |....m...i.......|
+00000010  7b b5 57 cc 04 e7 03 d0  66 8d ee 9d da 65 dc 74  |{.W.....f....e.t|
+00000020  0d de 11 47 38 cd 19 12  f4 06 17 00 00 04 00 2f  |...G8........../|
 00000030  00 ff 01 00 00 3c 00 16  00 00 00 17 00 00 00 0d  |.....<..........|
 00000040  00 30 00 2e 04 03 05 03  06 03 08 07 08 08 08 09  |.0..............|
 00000050  08 0a 08 0b 08 04 08 05  08 06 04 01 05 01 06 01  |................|
@@ -49,10 +49,10 @@
 00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
 00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
 00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 23 0d 00 00  |.\!.;.......#...|
-000002a0  1f 02 01 40 00 18 08 04  04 03 08 07 08 05 08 06  |...@............|
-000002b0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 00  |................|
-000002c0  16 03 03 00 04 0e 00 00  00                       |.........|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 1f 0d 00 00  |.\!.;...........|
+000002a0  1b 02 01 40 00 14 08 04  04 03 08 07 08 05 08 06  |...@............|
+000002b0  04 01 05 01 06 01 05 03  06 03 00 00 16 03 03 00  |................|
+000002c0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -86,40 +86,40 @@
 000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
 000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
 000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 03 00 86 10  00 00 82 00 80 29 51 da  |.5...........)Q.|
-00000210  8e 5c 3e fb 44 8a 0f 97  42 23 8b e2 73 cc e2 90  |.\>.D...B#..s...|
-00000220  11 c4 98 01 e9 60 96 9e  a9 96 30 c5 95 f8 56 0e  |.....`....0...V.|
-00000230  4a 2e 77 e7 7e 23 b7 49  31 c4 87 c5 69 c6 ca 6f  |J.w.~#.I1...i..o|
-00000240  ea 53 41 b4 2e 1e f6 0b  33 f5 e1 40 69 c0 91 6f  |.SA.....3..@i..o|
-00000250  88 c1 68 c8 18 99 6e fe  b3 5f 9b ee f1 4a 76 41  |..h...n.._...JvA|
-00000260  1f d1 05 f5 39 76 61 e6  a6 ea 75 0e 50 32 a1 19  |....9va...u.P2..|
-00000270  20 6a 4c 5d 62 6e 2a 6e  af f9 9c 38 b6 3a bc 86  | jL]bn*n...8.:..|
-00000280  eb ac 6d d3 b5 48 30 11  4d 98 2e 61 34 16 03 03  |..m..H0.M..a4...|
-00000290  00 88 0f 00 00 84 08 04  00 80 82 ed 3f da b5 50  |............?..P|
-000002a0  d2 50 51 14 cf ee f7 b9  7b a9 0c 77 2f 88 42 0a  |.PQ.....{..w/.B.|
-000002b0  34 a9 5d e7 32 26 3a 28  87 49 fb c4 83 31 68 c6  |4.].2&:(.I...1h.|
-000002c0  0d 32 d4 31 0a d1 d6 1e  6f 7f 89 93 bf b7 7c c7  |.2.1....o.....|.|
-000002d0  95 f8 c3 69 d8 58 4e e4  76 07 36 84 b7 c3 e7 22  |...i.XN.v.6...."|
-000002e0  01 4c 59 ae 89 95 bb e0  07 e0 31 6a e2 95 4c d4  |.LY.......1j..L.|
-000002f0  01 54 9d 27 82 60 31 13  39 07 47 c2 0c 08 5c d4  |.T.'.`1.9.G...\.|
-00000300  03 5a 6f d7 89 a0 67 5e  2d a0 11 03 bf 0e 35 d8  |.Zo...g^-.....5.|
-00000310  d0 78 2f 1e d8 15 47 ce  c9 d3 14 03 03 00 01 01  |.x/...G.........|
-00000320  16 03 03 00 40 d0 0a 0e  93 dd 9a 51 4f a9 7f 5f  |....@......QO.._|
-00000330  93 a6 60 a6 f2 10 f1 bd  bd ae 13 5d 11 b7 0d 1a  |..`........]....|
-00000340  3d 1e f3 0c b7 53 7c 10  ed fa 8c d7 3f 20 ec f2  |=....S|.....? ..|
-00000350  7d e9 15 87 3d d3 05 21  3a bc a5 54 fa 40 3b 53  |}...=..!:..T.@;S|
-00000360  41 7c ea c6 28                                    |A|..(|
+00000200  e5 35 16 03 03 00 86 10  00 00 82 00 80 cc d2 66  |.5.............f|
+00000210  37 df f1 5d cb 6f 1d 6b  64 ea 62 45 97 dd 47 f8  |7..].o.kd.bE..G.|
+00000220  e5 a0 f6 84 46 9b 6c 5b  c9 79 60 07 b0 d1 5a e6  |....F.l[.y`...Z.|
+00000230  5c 1a 43 b1 04 9f f2 3d  7a 09 da e0 45 ea 30 8a  |\.C....=z...E.0.|
+00000240  5c 08 07 67 17 2e 55 f5  0a 13 96 5c 92 e5 61 66  |\..g..U....\..af|
+00000250  92 fe c6 44 9c 4f 62 54  10 12 df f7 e4 11 74 f6  |...D.ObT......t.|
+00000260  35 81 bb 55 4f ce 43 dc  7f 4d bc 4f 8b 0c ef 13  |5..UO.C..M.O....|
+00000270  43 8a e5 80 dc 38 3e 8a  f5 7b 5c 5d 1c 76 10 06  |C....8>..{\].v..|
+00000280  3d c5 05 5b cb 9a 17 20  13 29 a5 36 5d 16 03 03  |=..[... .).6]...|
+00000290  00 88 0f 00 00 84 08 04  00 80 a7 7f 2c 3b d1 82  |............,;..|
+000002a0  8a 17 50 2a f6 c4 ac ce  47 1b 25 23 4b 0c d0 17  |..P*....G.%#K...|
+000002b0  89 18 98 a6 e4 b8 51 70  6a 59 72 1a aa 68 e8 25  |......QpjYr..h.%|
+000002c0  f5 4d 72 66 be bb 25 61  9b 36 e0 24 a5 34 e4 36  |.Mrf..%a.6.$.4.6|
+000002d0  23 0a 36 a8 81 f4 19 62  98 2b af 1b f5 c4 55 d2  |#.6....b.+....U.|
+000002e0  d5 65 58 b8 31 21 f4 fe  ce 44 cc ea 77 8e 1d f7  |.eX.1!...D..w...|
+000002f0  bc a4 4c e5 cc 90 10 f3  a0 8d 10 72 08 d4 50 1c  |..L........r..P.|
+00000300  88 82 a7 61 da cb 35 ba  26 3c 18 11 6c 14 d6 1a  |...a..5.&<..l...|
+00000310  7f 65 3d 2c 74 f0 92 a3  aa fd 14 03 03 00 01 01  |.e=,t...........|
+00000320  16 03 03 00 40 f3 3a f0  23 48 35 41 7f d0 ed 22  |....@.:.#H5A..."|
+00000330  5b 1a 47 71 60 08 b0 6b  cd 32 56 c0 d0 05 90 b3  |[.Gq`..k.2V.....|
+00000340  0b 35 3c 03 49 ec 06 5d  b4 ce 1d 10 4e bc 75 bf  |.5<.I..]....N.u.|
+00000350  23 3b f1 d6 8f f6 f0 70  b6 94 8f 51 fd 4f 47 0b  |#;.....p...Q.OG.|
+00000360  e1 c9 ad c8 14                                    |.....|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 a8 8e 30 08 f0  |.............0..|
-00000020  87 7b 13 31 99 6d 7e 9a  9b 03 d3 6f 84 d8 d9 31  |.{.1.m~....o...1|
-00000030  2b d2 aa d4 0e ae 6e 72  03 ac e7 7e 5c 22 cc ac  |+.....nr...~\"..|
-00000040  33 b5 df 04 b2 4a 2b 6f  bb a1 6f 17 03 03 00 40  |3....J+o..o....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 6e d3 79 f1 02  |...........n.y..|
+00000020  4d 8e ad 3b 33 5a 92 10  55 79 94 b7 43 ed 08 c1  |M..;3Z..Uy..C...|
+00000030  e1 5f 04 c6 01 82 ce 96  70 c7 97 8d cc 0a ca d3  |._......p.......|
+00000040  46 d4 2f 9f b8 78 57 27  ee 14 aa 17 03 03 00 40  |F./..xW'.......@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  50 9c 81 04 9b 1d 61 8a  30 9c 18 68 c7 e1 c9 f3  |P.....a.0..h....|
-00000070  70 f0 1b b6 4a dd fc c7  e3 e3 20 e2 4d 6f 9f bf  |p...J..... .Mo..|
-00000080  17 b0 5e 5b 45 73 29 1e  d4 30 b4 03 ca 8e 69 63  |..^[Es)..0....ic|
+00000060  ed 9f 38 f6 99 84 f5 cf  5e ee 27 64 f7 29 3c 18  |..8.....^.'d.)<.|
+00000070  a0 55 23 b7 db 4a 6d 2d  80 c9 75 a5 a3 1f 38 24  |.U#..Jm-..u...8$|
+00000080  0a 99 18 0d 0b 5d 7d 03  f7 8d d2 55 fd 98 7f 69  |.....]}....U...i|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 28 ca 6a  4c 1b 3c 11 61 ce b2 58  |.....(.jL.<.a..X|
-000000b0  94 e7 e4 7d c5 ce 51 03  c4 ae b5 4c 33 0b 3c 95  |...}..Q....L3.<.|
-000000c0  ec b1 65 ea da                                    |..e..|
+000000a0  00 00 00 00 00 aa 43 ca  95 7d 1a 47 d5 0b 0e c7  |......C..}.G....|
+000000b0  cc 61 3d 43 5b 69 05 a1  39 eb 03 52 41 05 54 e9  |.a=C[i..9..RA.T.|
+000000c0  5d b6 ca 56 2c                                    |]..V,|
diff --git a/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given b/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
index 875fe1be..10949e5e 100644
--- a/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
+++ b/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 6d 01 00 00  69 03 03 dc f3 c6 52 a4  |....m...i.....R.|
-00000010  9a 9c 53 e0 5a 3c cc 4c  4f 09 32 7f f1 7c 86 6b  |..S.Z<.LO.2..|.k|
-00000020  75 59 68 a5 81 72 45 46  fb 94 a8 00 00 04 00 2f  |uYh..rEF......./|
+00000000  16 03 01 00 6d 01 00 00  69 03 03 c2 c7 15 c0 0f  |....m...i.......|
+00000010  0d fc 44 60 25 22 6c 4a  ec f1 b0 66 5d c4 f3 bc  |..D`%"lJ...f]...|
+00000020  fe da b2 9a af 24 04 b7  bb 74 79 00 00 04 00 2f  |.....$...ty..../|
 00000030  00 ff 01 00 00 3c 00 16  00 00 00 17 00 00 00 0d  |.....<..........|
 00000040  00 30 00 2e 04 03 05 03  06 03 08 07 08 08 08 09  |.0..............|
 00000050  08 0a 08 0b 08 04 08 05  08 06 04 01 05 01 06 01  |................|
@@ -49,10 +49,10 @@
 00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
 00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
 00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 23 0d 00 00  |.\!.;.......#...|
-000002a0  1f 02 01 40 00 18 08 04  04 03 08 07 08 05 08 06  |...@............|
-000002b0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 00  |................|
-000002c0  16 03 03 00 04 0e 00 00  00                       |.........|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 1f 0d 00 00  |.\!.;...........|
+000002a0  1b 02 01 40 00 14 08 04  04 03 08 07 08 05 08 06  |...@............|
+000002b0  04 01 05 01 06 01 05 03  06 03 00 00 16 03 03 00  |................|
+000002c0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@@ -86,40 +86,40 @@
 000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
 000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
 000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 03 00 86 10  00 00 82 00 80 b5 77 6b  |.5............wk|
-00000210  fa 10 fb df 48 8f e7 51  b4 cb 14 c5 48 bd 63 d6  |....H..Q....H.c.|
-00000220  0e 19 d0 81 a8 5a d7 b5  43 84 35 85 37 b7 8d 2e  |.....Z..C.5.7...|
-00000230  c7 c8 70 4c f4 45 bf be  17 86 e7 40 1d 6f 88 2a  |..pL.E.....@.o.*|
-00000240  91 b5 aa aa 34 f7 9a f3  96 e4 dd 51 15 88 be f1  |....4......Q....|
-00000250  80 a9 6f 94 ed c7 5d 28  66 b4 37 e8 22 4f 42 c3  |..o...](f.7."OB.|
-00000260  b5 f0 2f dd 57 dc 8d e5  5a c0 9d fa ce 3c 7a 2d  |../.W...Z....<z-|
-00000270  1d 45 9b fc 7b ba e7 11  eb 16 ae 68 bd b4 94 14  |.E..{......h....|
-00000280  3a a2 4d 0d e0 cd 53 a9  f1 07 d6 4a 41 16 03 03  |:.M...S....JA...|
-00000290  00 88 0f 00 00 84 04 01  00 80 78 60 7e 91 f5 47  |..........x`~..G|
-000002a0  15 61 85 70 cf b3 16 6e  45 4c 8b 42 2a 66 7e b6  |.a.p...nEL.B*f~.|
-000002b0  76 4f 26 6b b5 d7 e1 68  c2 2e bf b9 71 f2 30 7f  |vO&k...h....q.0.|
-000002c0  e4 50 56 1e 0e 64 cf 05  5c 57 be 84 ce ac 8e 04  |.PV..d..\W......|
-000002d0  44 f8 c5 2a 55 ab c5 50  84 c4 b0 73 c7 73 46 80  |D..*U..P...s.sF.|
-000002e0  bd 33 0f bc 90 2f af 50  5a 21 a7 ec 01 6b f2 ae  |.3.../.PZ!...k..|
-000002f0  84 bf 08 cb 7b 3a ca cb  76 bb e3 d7 e1 8e ee e2  |....{:..v.......|
-00000300  88 25 b0 9b 68 74 ff 48  5f 48 e0 8e bd 04 d0 85  |.%..ht.H_H......|
-00000310  ea 58 93 0c c4 27 01 38  5b c5 14 03 03 00 01 01  |.X...'.8[.......|
-00000320  16 03 03 00 40 9a 93 f3  2f 40 10 df 03 f1 90 8f  |....@.../@......|
-00000330  41 4a 76 77 44 7c 00 13  c0 2b a2 86 b3 4e 09 93  |AJvwD|...+...N..|
-00000340  01 e4 3a d4 53 ae a1 4c  07 56 18 3c ec 7f 98 a6  |..:.S..L.V.<....|
-00000350  04 7b 15 23 e4 e1 75 15  ec 33 1d 09 04 e8 04 1a  |.{.#..u..3......|
-00000360  e1 51 0c 78 99                                    |.Q.x.|
+00000200  e5 35 16 03 03 00 86 10  00 00 82 00 80 40 fe b5  |.5...........@..|
+00000210  07 31 4a 29 12 9e 52 56  8b a7 7c 33 5e 8f 67 d4  |.1J)..RV..|3^.g.|
+00000220  c7 c3 82 e3 cf 62 11 12  dc 2a 03 4f 07 04 21 7e  |.....b...*.O..!~|
+00000230  70 72 fc 3a d3 4f 6e ed  92 f7 6d 92 a0 28 10 55  |pr.:.On...m..(.U|
+00000240  14 cb fa cb 19 06 9c e4  b1 6d 30 44 2a 74 6b 3a  |.........m0D*tk:|
+00000250  db d4 d6 be 20 25 b1 d4  73 9f 58 3d e7 18 6f 06  |.... %..s.X=..o.|
+00000260  54 b8 ce 9a 7d 92 76 c6  23 bc 19 ca 84 5e f2 18  |T...}.v.#....^..|
+00000270  0a cc b8 43 e1 ff 9e bc  61 64 e0 62 f0 6d 03 11  |...C....ad.b.m..|
+00000280  5f 65 fa 84 35 fe 81 ec  cb c9 1d 0a 48 16 03 03  |_e..5.......H...|
+00000290  00 88 0f 00 00 84 04 01  00 80 95 e5 ba e5 ef 6f  |...............o|
+000002a0  6d 68 2c c5 ee 96 7e 0d  4f 98 4a cb 31 8b 82 f7  |mh,...~.O.J.1...|
+000002b0  b3 2d 18 6e d8 f3 6f 19  5a 3f 3f 18 a3 53 6e e9  |.-.n..o.Z??..Sn.|
+000002c0  a0 3d 8a 78 02 a2 4a f3  a2 e6 f3 c2 83 63 e1 fd  |.=.x..J......c..|
+000002d0  4b 05 ce cf 0e a6 7e db  bb d1 95 5f 4e c9 91 83  |K.....~...._N...|
+000002e0  9c 3c da 85 6e 23 71 78  e1 dc b9 f9 5f 8d 6f e4  |.<..n#qx...._.o.|
+000002f0  76 cc bc a5 18 03 41 e7  44 dc f6 c0 7b ea 05 40  |v.....A.D...{..@|
+00000300  95 7b 54 62 75 ba a5 59  37 8c cf ea ad c6 7c d1  |.{Tbu..Y7.....|.|
+00000310  8a 8a 85 03 fc 46 f4 58  9e a9 14 03 03 00 01 01  |.....F.X........|
+00000320  16 03 03 00 40 e1 c1 7d  5b 18 51 c1 8f 98 70 14  |....@..}[.Q...p.|
+00000330  f1 c1 61 0b 13 1e f1 5f  d6 df 85 b9 a6 e0 f1 c8  |..a...._........|
+00000340  6e 47 eb 15 98 38 ba 2d  27 30 7e 29 8e db c6 4e  |nG...8.-'0~)...N|
+00000350  09 15 d8 5f 4a ef 14 95  5f 78 e3 02 c4 92 de 44  |..._J..._x.....D|
+00000360  bb cc 09 27 6f                                    |...'o|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 a2 b0 ad 7e 71  |..............~q|
-00000020  0c 2c db df 4c b1 4f 19  e6 00 4f 11 ff 5e 4a c5  |.,..L.O...O..^J.|
-00000030  c2 9d 8c 6c 03 50 12 3d  81 ec 44 5a 75 ba 2d 48  |...l.P.=..DZu.-H|
-00000040  7a 74 c3 a3 68 5a 26 ee  7e f5 a2 17 03 03 00 40  |zt..hZ&.~......@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 0c 22 6e 84 b2  |............"n..|
+00000020  a1 f9 18 62 3a 86 16 7e  e6 17 3b 8e e5 88 b8 8e  |...b:..~..;.....|
+00000030  3c c5 08 11 8e 0a df df  d4 69 bc 01 7d c8 63 33  |<........i..}.c3|
+00000040  b5 15 bf 03 5e df 50 29  c5 c4 c2 17 03 03 00 40  |....^.P).......@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  ad 1b 16 8e 39 99 64 7c  c5 49 24 83 c4 4e f6 86  |....9.d|.I$..N..|
-00000070  6b 5d 68 ae f4 0b 58 23  83 eb ab 01 52 4d 07 a1  |k]h...X#....RM..|
-00000080  59 00 e8 dc a5 a1 6f 76  e2 e9 f2 e1 21 58 6b a0  |Y.....ov....!Xk.|
+00000060  45 76 91 63 fa 48 9b c9  47 6a f6 7b fa 72 ab 78  |Ev.c.H..Gj.{.r.x|
+00000070  4f cb c4 bb 68 78 7c 71  13 f9 47 32 33 59 d4 16  |O...hx|q..G23Y..|
+00000080  83 fa 8e db 37 b6 cb d5  a1 1a e5 21 1b 50 a6 d3  |....7......!.P..|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 3c 6e a7  81 36 d0 8c 99 d8 f3 55  |.....<n..6.....U|
-000000b0  02 2e 1a 48 2d 5c 46 6e  ff f2 17 f2 d4 60 b5 9e  |...H-\Fn.....`..|
-000000c0  33 54 50 0d 6d                                    |3TP.m|
+000000a0  00 00 00 00 00 47 3b be  7e be 4e 24 16 45 85 27  |.....G;.~.N$.E.'|
+000000b0  0f 31 2a 5a ab 8b 83 61  bb e9 27 8d 12 dc 6f 6d  |.1*Z...a..'...om|
+000000c0  55 17 39 51 4c                                    |U.9QL|
diff --git a/testdata/Server-TLSv12-ClientAuthRequestedNotGiven b/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
index 7c2c59d3..60536873 100644
--- a/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
+++ b/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 6d 01 00 00  69 03 03 ac ea d9 49 98  |....m...i.....I.|
-00000010  9a 0c 7c 86 64 7c 73 72  6d 79 3f 7b e9 11 8b 1d  |..|.d|srmy?{....|
-00000020  79 95 f5 f5 23 9f b2 f1  9c f4 b5 00 00 04 00 2f  |y...#........../|
+00000000  16 03 01 00 6d 01 00 00  69 03 03 f2 1b 6e dc ce  |....m...i....n..|
+00000010  fe af a8 4b 44 88 5f ba  eb c5 d7 92 7e 69 d7 19  |...KD._.....~i..|
+00000020  b3 32 d3 99 e6 be 1f 4f  94 04 e6 00 00 04 00 2f  |.2.....O......./|
 00000030  00 ff 01 00 00 3c 00 16  00 00 00 17 00 00 00 0d  |.....<..........|
 00000040  00 30 00 2e 04 03 05 03  06 03 08 07 08 08 08 09  |.0..............|
 00000050  08 0a 08 0b 08 04 08 05  08 06 04 01 05 01 06 01  |................|
@@ -49,37 +49,37 @@
 00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
 00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
 00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 23 0d 00 00  |.\!.;.......#...|
-000002a0  1f 02 01 40 00 18 08 04  04 03 08 07 08 05 08 06  |...@............|
-000002b0  04 01 05 01 06 01 05 03  06 03 02 01 02 03 00 00  |................|
-000002c0  16 03 03 00 04 0e 00 00  00                       |.........|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 1f 0d 00 00  |.\!.;...........|
+000002a0  1b 02 01 40 00 14 08 04  04 03 08 07 08 05 08 06  |...@............|
+000002b0  04 01 05 01 06 01 05 03  06 03 00 00 16 03 03 00  |................|
+000002c0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 07 0b 00 00  03 00 00 00 16 03 03 00  |................|
-00000010  86 10 00 00 82 00 80 2e  37 44 fb d7 1d 2f 3d a5  |........7D.../=.|
-00000020  1b 43 cf f4 1c cf 9d 95  fa be 9f 9d 96 8a 27 5d  |.C............']|
-00000030  7b be 19 10 bd 5e 9a 3e  49 49 d2 af 85 07 70 f8  |{....^.>II....p.|
-00000040  c8 4f 69 02 ff 4e 9d ee  f4 0d 4d 54 a1 aa 61 a3  |.Oi..N....MT..a.|
-00000050  e0 cc db a7 2c 46 80 6e  eb 10 fb cd 2e 3b c5 50  |....,F.n.....;.P|
-00000060  2b a5 d9 a0 bf 01 d2 f8  d8 51 2b ad 40 6f c6 6f  |+........Q+.@o.o|
-00000070  0e 30 53 27 73 89 b7 1b  c1 28 ff ff 18 4c fa 6f  |.0S's....(...L.o|
-00000080  fa 5f 16 b3 38 36 9f f4  07 74 ca bb bb c2 3f aa  |._..86...t....?.|
-00000090  0d e7 42 24 fb f8 4c 14  03 03 00 01 01 16 03 03  |..B$..L.........|
-000000a0  00 40 19 02 9e 3a ce b9  38 40 ce d6 3b 87 b2 f6  |.@...:..8@..;...|
-000000b0  1b 7d ee 76 62 f8 6e 04  80 8f cb 1b f7 1e 1d a6  |.}.vb.n.........|
-000000c0  50 8a 59 b1 ad 7d c5 9d  2f 2d 14 56 2e e5 3b b3  |P.Y..}../-.V..;.|
-000000d0  db da 7e 37 10 97 71 91  d3 7b 93 f6 64 a4 d7 8b  |..~7..q..{..d...|
-000000e0  d2 f0                                             |..|
+00000010  86 10 00 00 82 00 80 36  1c ba 9d 08 27 52 8b f7  |.......6....'R..|
+00000020  24 d9 e6 18 d7 21 75 1d  76 e0 13 a0 35 d5 08 7d  |$....!u.v...5..}|
+00000030  c1 8e 3f b2 aa 10 b4 f9  d4 77 e6 cd b3 92 94 0e  |..?......w......|
+00000040  7a c9 0b 5f e2 34 88 ad  fc 02 1b 84 10 ff e8 2a  |z.._.4.........*|
+00000050  dd 2d 82 5c bb ca 15 f8  73 74 ad dd 9f 9d e7 38  |.-.\....st.....8|
+00000060  7c cd 74 8e 37 0f 87 62  cf 30 68 8a e2 15 9d d2  ||.t.7..b.0h.....|
+00000070  43 4b e3 29 69 e4 db 94  9b 5a 7c c6 9b e8 7d 26  |CK.)i....Z|...}&|
+00000080  4b a8 4a 28 c1 47 cf 15  7b 22 a2 1d 6b ac 16 e4  |K.J(.G..{"..k...|
+00000090  e1 62 6e be 9a 05 67 14  03 03 00 01 01 16 03 03  |.bn...g.........|
+000000a0  00 40 98 4e 3d 6c 72 d8  7f 81 b6 b8 ed 32 2e 98  |.@.N=lr......2..|
+000000b0  8d fc c1 1d 56 97 82 ef  3f 7c 86 79 e3 27 06 ed  |....V...?|.y.'..|
+000000c0  87 c4 28 2d 6b f1 b1 88  d0 67 34 64 ba e1 d9 34  |..(-k....g4d...4|
+000000d0  a4 2c ff e0 b2 38 21 5d  04 64 99 a4 34 62 aa 81  |.,...8!].d..4b..|
+000000e0  cf 21                                             |.!|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 46 c8 31 06 11  |...........F.1..|
-00000020  01 8e df b0 e7 cc 16 d3  97 2e a2 68 e7 a4 d1 0f  |...........h....|
-00000030  91 71 dd ba db 97 20 45  60 c2 47 c7 ee 56 c4 68  |.q.... E`.G..V.h|
-00000040  a4 b1 05 09 e2 68 4d 54  fa ff 01 17 03 03 00 40  |.....hMT.......@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 66 31 30 4e 0f  |...........f10N.|
+00000020  de bd de 72 65 0c 74 ab  64 d8 59 47 fc 6b ad d8  |...re.t.d.YG.k..|
+00000030  73 24 da 77 62 ba 0a 8c  69 d3 c4 6f 89 ef 5b 92  |s$.wb...i..o..[.|
+00000040  d3 ca 3b e8 67 2b 7c bf  39 7c 8b 17 03 03 00 40  |..;.g+|.9|.....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  79 bf ad 63 e3 11 2b d0  41 0e 24 85 92 c4 9b b5  |y..c..+.A.$.....|
-00000070  b2 d3 2e fc aa 46 84 85  a7 37 90 fc f0 2b 5a 7e  |.....F...7...+Z~|
-00000080  28 9f 2e 57 1d 8f c3 ca  eb 40 32 79 af 4b b8 28  |(..W.....@2y.K.(|
+00000060  5c a8 b1 1c 7e e1 76 b8  d0 0c 4d 3d 3f 36 a8 26  |\...~.v...M=?6.&|
+00000070  66 00 dd 47 3c ae 1c 8b  6f b0 6b 80 75 c4 0b 7e  |f..G<...o.k.u..~|
+00000080  ee fb 8c fe 2f 2f 65 1b  9b e1 72 a9 ac 8f cf da  |....//e...r.....|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 8b 6c 27  b8 ff f9 ea ca 68 75 54  |......l'.....huT|
-000000b0  bf bf a7 f4 b1 58 a5 b3  31 01 4d c7 85 58 31 d4  |.....X..1.M..X1.|
-000000c0  e7 da 7e 77 68                                    |..~wh|
+000000a0  00 00 00 00 00 9d 96 95  12 3b 42 41 a8 30 b2 8c  |.........;BA.0..|
+000000b0  3d 18 f6 27 b7 77 30 d9  29 0c 68 ec 2b 09 26 91  |=..'.w0.).h.+.&.|
+000000c0  23 0c e2 10 07                                    |#....|

From aff60d2da4c3a4f2ca86fc8e58aadf5e526ae4ff Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 17 May 2025 11:17:21 -0400
Subject: [PATCH 48/95] crypto/tls: use decode alert for handshake msg
 unmarshal err

Previously if instances of the handshakeMessage interface returned false
from unmarshal(), indicating an umarshalling error, the crypto/tls
package would emit an unexpected_message alert. This commit changes to
use a decode_error alert for this condition instead.

The usage-pattern of the handshakeMessage interface is that we switch on
the message type, invoke a specific concrete handshakeMessage type's
unmarshal function, and then return it to the caller on success. At this
point the caller looks at the message type and can determine if the
message was unexpected or not. If it was unexpected, the call-sites emit
the correct error for that case. Only the caller knows the current
protocol state and allowed message types, not the generic handshake
decoding logic.

With the above in mind, if we find that within the unmarshal logic for
a specific message type that the data we have in hand doesn't match the
protocol syntax we should emit a decode_error. An unexpected_message
error isn't appropriate because we don't yet know if the message is
unexpected or not, only that the message can't be decoded based on the
spec's syntax for the type the message claimed to be.

Notably one unit test, TestQUICPostHandshakeKeyUpdate, had to have its
test data adjusted because it was previously not testing the right
thing: it was double-encoding the type & length prefix data for a key
update message and expecting the QUIC logic to reject it as an
inappropriate post-handshake message. In reality it was being rejected
sooner as an invalid key update message from the double-encoding and
this was masked by the previous alert for this condition matching the
expected alert.

Finally, changing our alert allows enabling a handful of BoGo tests
related to duplicate extensions of the form
"DuplicateExtension[Server|Client]-TLS-[TLS1|TLS11|TLS12|TLS13]". One
test remains skipped (DuplicateExtensionClient-TLS-TLS13), as it
requires additional follow-up.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/673738
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 bogo_config.json         |  7 -------
 conn.go                  |  2 +-
 handshake_server_test.go |  2 +-
 quic_test.go             | 11 ++++++-----
 4 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index b88201a4..8276d08d 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -66,20 +66,13 @@
         "SupportTicketsWithSessionID": "We don't support session ID resumption",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
         "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
         "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
         "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
         "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
         "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
         "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
diff --git a/conn.go b/conn.go
index 141175c8..cd9b9778 100644
--- a/conn.go
+++ b/conn.go
@@ -1179,7 +1179,7 @@ func (c *Conn) unmarshalHandshakeMessage(data []byte, transcript transcriptHash)
 	data = append([]byte(nil), data...)
 
 	if !m.unmarshal(data) {
-		return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
+		return nil, c.in.setErrorLocked(c.sendAlert(alertDecodeError))
 	}
 
 	if transcript != nil {
diff --git a/handshake_server_test.go b/handshake_server_test.go
index c72974ef..a6d64a50 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -157,7 +157,7 @@ func TestRejectSNIWithTrailingDot(t *testing.T) {
 		vers:       VersionTLS12,
 		random:     make([]byte, 32),
 		serverName: "foo.com.",
-	}, "unexpected message")
+	}, "decoding message")
 }
 
 func TestDontSelectECDSAWithRSAKey(t *testing.T) {
diff --git a/quic_test.go b/quic_test.go
index ba75101d..51cd4ef7 100644
--- a/quic_test.go
+++ b/quic_test.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"errors"
 	"reflect"
+	"strings"
 	"testing"
 )
 
@@ -308,11 +309,11 @@ func TestQUICPostHandshakeKeyUpdate(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := cli.conn.HandleData(QUICEncryptionLevelApplication, append([]byte{
-		byte(typeKeyUpdate),
-		byte(0), byte(0), byte(len(keyUpdateBytes)),
-	}, keyUpdateBytes...)); !errors.Is(err, alertUnexpectedMessage) {
-		t.Fatalf("key update request: got error %v, want alertUnexpectedMessage", err)
+	expectedErr := "unexpected key update message"
+	if err = cli.conn.HandleData(QUICEncryptionLevelApplication, keyUpdateBytes); err == nil {
+		t.Fatalf("key update request: expected error from post-handshake key update, got nil")
+	} else if !strings.Contains(err.Error(), expectedErr) {
+		t.Fatalf("key update request: got error %v, expected substring %q", err, expectedErr)
 	}
 }
 

From 12ed2be75373c91d51a8bb672e47b1d0b0de20ae Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 17 May 2025 11:33:07 -0400
Subject: [PATCH 49/95] crypto/tls: reject duplicate TLS 1.3
 EncryptedExtensions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a TLS 1.3 client processes the server's encryptedExtensionsMsg it
should reject instances that contain duplicate extension types.

RFC 8446 §4.2 says:
  There MUST NOT be more than one extension of the same type in a given
  extension block.

This update matches enforcement done in the client hello unmarshalling,
but applied to the TLS 1.3 encrypted extensions message unmarshalling.

Making this change also allows enabling the
DuplicateExtensionClient-TLS-TLS13 BoGo test.

Updates #72006

Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5d2
Reviewed-on: https://go-review.googlesource.com/c/go/+/673757
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json      | 1 -
 handshake_messages.go | 6 ++++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/bogo_config.json b/bogo_config.json
index 8276d08d..1bc647ce 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -72,7 +72,6 @@
         "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
         "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
-        "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
         "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
         "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
diff --git a/handshake_messages.go b/handshake_messages.go
index 6c6141c4..ad3e5fa3 100644
--- a/handshake_messages.go
+++ b/handshake_messages.go
@@ -1056,6 +1056,7 @@ func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool {
 		return false
 	}
 
+	seenExts := make(map[uint16]bool)
 	for !extensions.Empty() {
 		var extension uint16
 		var extData cryptobyte.String
@@ -1064,6 +1065,11 @@ func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool {
 			return false
 		}
 
+		if seenExts[extension] {
+			return false
+		}
+		seenExts[extension] = true
+
 		switch extension {
 		case extensionALPN:
 			var protoList cryptobyte.String

From 0d0d00afdc35e4e81371fbb3bd279bd3f5737d32 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 21 May 2025 22:41:54 +0200
Subject: [PATCH 50/95] crypto/tls: signature_algorithms in CertificateRequest
 can't be empty

Change-Id: I6a6a4656ab97e1f247df35b2589cd73461b4ac76
Reviewed-on: https://go-review.googlesource.com/c/go/+/675917
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_messages.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handshake_messages.go b/handshake_messages.go
index ad3e5fa3..d9a475aa 100644
--- a/handshake_messages.go
+++ b/handshake_messages.go
@@ -1790,7 +1790,7 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool {
 		}
 		sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
 		data = data[2:]
-		if sigAndHashLen&1 != 0 {
+		if sigAndHashLen&1 != 0 || sigAndHashLen == 0 {
 			return false
 		}
 		if len(data) < int(sigAndHashLen) {

From a9f726fc9dddcf16c43c1e003ff429cb01edd822 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Fri, 23 May 2025 18:04:36 +0200
Subject: [PATCH 51/95] crypto/tls: enable signature algorithm BoGo tests (and
 fix two bugs)

The two bugs are very minor:

- We were trying to set the ConnectionState CurveID field even if the
  RSA key exchange was in use

- We were sending the wrong alert from TLS 1.2 clients if none of the
  certificate signature algorithms were supported

Change-Id: I6a6a46564f5a9f1a5d44e54fc59a650118ad67d5
Reviewed-on: https://go-review.googlesource.com/c/go/+/675918
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
---
 auth.go                   |  23 +++---
 bogo_config.json          |  34 ++++----
 bogo_shim_test.go         | 170 +++++++++++++++++++++++++++++++-------
 common.go                 |  65 +++++++++++----
 conn.go                   |   2 +
 defaults.go               |  42 ----------
 fips140_test.go           |   9 +-
 handshake_client.go       |  13 +--
 handshake_client_tls13.go |   1 +
 handshake_server.go       |   7 +-
 handshake_server_tls13.go |   1 +
 key_agreement.go          |  41 ++++-----
 12 files changed, 253 insertions(+), 155 deletions(-)

diff --git a/auth.go b/auth.go
index 2d059668..f5de7b30 100644
--- a/auth.go
+++ b/auth.go
@@ -149,20 +149,18 @@ func legacyTypeAndHashFromPublicKey(pub crypto.PublicKey) (sigType uint8, hash c
 var rsaSignatureSchemes = []struct {
 	scheme          SignatureScheme
 	minModulusBytes int
-	maxVersion      uint16
 }{
 	// RSA-PSS is used with PSSSaltLengthEqualsHash, and requires
 	//    emLen >= hLen + sLen + 2
-	{PSSWithSHA256, crypto.SHA256.Size()*2 + 2, VersionTLS13},
-	{PSSWithSHA384, crypto.SHA384.Size()*2 + 2, VersionTLS13},
-	{PSSWithSHA512, crypto.SHA512.Size()*2 + 2, VersionTLS13},
+	{PSSWithSHA256, crypto.SHA256.Size()*2 + 2},
+	{PSSWithSHA384, crypto.SHA384.Size()*2 + 2},
+	{PSSWithSHA512, crypto.SHA512.Size()*2 + 2},
 	// PKCS #1 v1.5 uses prefixes from hashPrefixes in crypto/rsa, and requires
 	//    emLen >= len(prefix) + hLen + 11
-	// TLS 1.3 dropped support for PKCS #1 v1.5 in favor of RSA-PSS.
-	{PKCS1WithSHA256, 19 + crypto.SHA256.Size() + 11, VersionTLS12},
-	{PKCS1WithSHA384, 19 + crypto.SHA384.Size() + 11, VersionTLS12},
-	{PKCS1WithSHA512, 19 + crypto.SHA512.Size() + 11, VersionTLS12},
-	{PKCS1WithSHA1, 15 + crypto.SHA1.Size() + 11, VersionTLS12},
+	{PKCS1WithSHA256, 19 + crypto.SHA256.Size() + 11},
+	{PKCS1WithSHA384, 19 + crypto.SHA384.Size() + 11},
+	{PKCS1WithSHA512, 19 + crypto.SHA512.Size() + 11},
+	{PKCS1WithSHA1, 15 + crypto.SHA1.Size() + 11},
 }
 
 // signatureSchemesForCertificate returns the list of supported SignatureSchemes
@@ -202,7 +200,7 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 		size := pub.Size()
 		sigAlgs = make([]SignatureScheme, 0, len(rsaSignatureSchemes))
 		for _, candidate := range rsaSignatureSchemes {
-			if size >= candidate.minModulusBytes && version <= candidate.maxVersion {
+			if size >= candidate.minModulusBytes {
 				sigAlgs = append(sigAlgs, candidate.scheme)
 			}
 		}
@@ -219,10 +217,9 @@ func signatureSchemesForCertificate(version uint16, cert *Certificate) []Signatu
 	}
 
 	// Filter out any unsupported signature algorithms, for example due to
-	// FIPS 140-3 policy, tlssha1=0, or any downstream changes to defaults.go.
-	supportedAlgs := supportedSignatureAlgorithms(version)
+	// FIPS 140-3 policy, tlssha1=0, or protocol version.
 	sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
-		return !isSupportedSignatureAlgorithm(sigAlg, supportedAlgs)
+		return isDisabledSignatureAlgorithm(version, sigAlg, false)
 	})
 
 	return sigAlgs
diff --git a/bogo_config.json b/bogo_config.json
index 1bc647ce..9e3990ec 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -20,8 +20,6 @@
         "TLS-ECH-Client-Reject-NoChannelID-TLS13": "We don't support sending channel ID",
         "TLS-ECH-Client-Reject-NoChannelID-TLS12": "We don't support sending channel ID",
 
-        "ServerAuth-SHA1-Fallback*": "We don't ever support SHA-1 in TLS 1.2, so we fail if there are no signature_algorithms",
-
         "TLS-ECH-Client-GREASE-IgnoreHRRExtension": "We don't support ECH GREASE because we don't fallback to plaintext",
         "TLS-ECH-Client-NoSupportedConfigs-GREASE": "We don't support ECH GREASE because we don't fallback to plaintext",
         "TLS-ECH-Client-GREASEExtensions": "We don't support ECH GREASE because we don't fallback to plaintext",
@@ -40,7 +38,19 @@
         "PostQuantumNotEnabledByDefaultInClients": "We do enable it by default!",
         "*-Kyber-TLS13": "We don't support Kyber, only ML-KEM (BoGo bug ignoring AllCurves?)",
 
-        "*-SignDefault-*": "TODO, partially it encodes BoringSSL defaults, partially we might be missing some implicit behavior of a missing flag",
+        "*-RSA_PKCS1_SHA256_LEGACY-TLS13": "We don't support the legacy PKCS#1 v1.5 codepoint for TLS 1.3",
+        "*-Verify-RSA_PKCS1_SHA256_LEGACY-TLS12": "Likewise, we don't know how to handle it in TLS 1.2, so we send the wrong alert",
+        "*-VerifyDefault-*": "Our signature algorithms are not configurable, so there is no difference between default and supported",
+        "Ed25519DefaultDisable-*": "We support Ed25519 by default",
+        "NoCommonSignatureAlgorithms-TLS12-Fallback": "We don't support the legacy RSA exchange (without tlsrsakex=1)",
+
+        "*_SHA1-TLS12": "We don't support SHA-1 in TLS 1.2 (without tlssha1=1)",
+        "Agree-Digest-SHA1": "We don't support SHA-1 in TLS 1.2 (without tlssha1=1)",
+        "ServerAuth-SHA1-Fallback*": "We don't support SHA-1 in TLS 1.2 (without tlssha1=1), so we fail if there are no signature_algorithms",
+
+        "Agree-Digest-SHA256": "We select signature algorithms in peer preference order. We should consider changing this.",
+        "ECDSACurveMismatch-Verify-TLS13": "We don't enforce the curve when verifying. This is a bug. We need to fix this.",
+        "*-Verify-ECDSA_P224_SHA256-TLS13": "Side effect of the bug above. BoGo sends a P-256 sigAlg with a P-224 key, and we allow it.",
 
         "V2ClientHello-*": "We don't support SSLv2",
         "SendV2ClientHello*": "We don't support SSLv2",
@@ -62,8 +72,10 @@
         "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
         "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
-        "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "SupportTicketsWithSessionID": "We don't support session ID resumption",
+        "ResumeTLS12SessionID-TLS13": "We don't support session ID resumption",
+
+        "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
         "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
         "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
@@ -88,19 +100,6 @@
         "Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
         "Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
         "Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
-        "Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
-        "Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
-        "Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
-        "Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
-        "Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
-        "Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
-        "ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
-        "ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
-        "ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
-        "ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
-        "Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
-        "Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
-        "NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
         "UnknownExtension-Client": "TODO: first pass, this should be fixed",
         "UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
         "UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
@@ -153,7 +152,6 @@
         "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
         "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
         "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
-        "ResumeTLS12SessionID-TLS13": "We don't support session ID resumption",
         "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
         "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
         "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index fff27697..2e88d539 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -35,8 +35,10 @@ var (
 
 	isHandshakerSupported = flag.Bool("is-handshaker-supported", false, "")
 
-	keyfile  = flag.String("key-file", "", "")
-	certfile = flag.String("cert-file", "", "")
+	keyfile      = flag.String("key-file", "", "")
+	certfile     = flag.String("cert-file", "", "")
+	ocspResponse = flagBase64("ocsp-response", "")
+	signingPrefs = flagIntSlice("signing-prefs", "")
 
 	trustCert = flag.String("trust-cert", "", "")
 
@@ -55,13 +57,17 @@ var (
 
 	resumeCount = flag.Int("resume-count", 0, "")
 
-	curves        = flagStringSlice("curves", "")
+	curves        = flagIntSlice("curves", "")
 	expectedCurve = flag.String("expect-curve-id", "", "")
 
+	verifyPrefs        = flagIntSlice("verify-prefs", "")
+	expectedSigAlg     = flag.String("expect-peer-signature-algorithm", "", "")
+	expectedPeerSigAlg = flagIntSlice("expect-peer-verify-pref", "")
+
 	shimID = flag.Uint64("shim-id", 0, "")
 	_      = flag.Bool("ipv6", false, "")
 
-	echConfigListB64           = flag.String("ech-config-list", "", "")
+	echConfigList              = flagBase64("ech-config-list", "")
 	expectECHAccepted          = flag.Bool("expect-ech-accept", false, "")
 	expectHRR                  = flag.Bool("expect-hrr", false, "")
 	expectNoHRR                = flag.Bool("expect-no-hrr", false, "")
@@ -71,7 +77,7 @@ var (
 	_                          = flag.Bool("expect-no-ech-name-override", false, "")
 	_                          = flag.String("expect-ech-name-override", "", "")
 	_                          = flag.Bool("reverify-on-resume", false, "")
-	onResumeECHConfigListB64   = flag.String("on-resume-ech-config-list", "", "")
+	onResumeECHConfigList      = flagBase64("on-resume-ech-config-list", "")
 	_                          = flag.Bool("on-resume-expect-reject-early-data", false, "")
 	onResumeExpectECHAccepted  = flag.Bool("on-resume-expect-ech-accept", false, "")
 	_                          = flag.Bool("on-resume-expect-no-ech-name-override", false, "")
@@ -105,7 +111,7 @@ var (
 type stringSlice []string
 
 func flagStringSlice(name, usage string) *stringSlice {
-	f := &stringSlice{}
+	f := new(stringSlice)
 	flag.Var(f, name, usage)
 	return f
 }
@@ -119,12 +125,59 @@ func (saf *stringSlice) Set(s string) error {
 	return nil
 }
 
+type intSlice []int64
+
+func flagIntSlice(name, usage string) *intSlice {
+	f := new(intSlice)
+	flag.Var(f, name, usage)
+	return f
+}
+
+func (sf *intSlice) String() string {
+	return strings.Join(strings.Split(fmt.Sprint(*sf), " "), ",")
+}
+
+func (sf *intSlice) Set(s string) error {
+	i, err := strconv.ParseInt(s, 10, 64)
+	if err != nil {
+		return err
+	}
+	*sf = append(*sf, i)
+	return nil
+}
+
+type base64Flag []byte
+
+func flagBase64(name, usage string) *base64Flag {
+	f := new(base64Flag)
+	flag.Var(f, name, usage)
+	return f
+}
+
+func (f *base64Flag) String() string {
+	return base64.StdEncoding.EncodeToString(*f)
+}
+
+func (f *base64Flag) Set(s string) error {
+	if *f != nil {
+		return fmt.Errorf("multiple base64 values not supported")
+	}
+	b, err := base64.StdEncoding.DecodeString(s)
+	if err != nil {
+		return err
+	}
+	*f = b
+	return nil
+}
+
 func bogoShim() {
 	if *isHandshakerSupported {
 		fmt.Println("No")
 		return
 	}
 
+	fmt.Printf("BoGo shim flags: %q", os.Args[1:])
+
 	// Test with both the default and insecure cipher suites.
 	var ciphersuites []uint16
 	for _, s := range append(CipherSuites(), InsecureCipherSuites()...) {
@@ -218,7 +271,39 @@ func bogoShim() {
 		if err != nil {
 			log.Fatalf("load key-file err: %s", err)
 		}
-		cfg.Certificates = []Certificate{pair}
+		for _, id := range *signingPrefs {
+			pair.SupportedSignatureAlgorithms = append(pair.SupportedSignatureAlgorithms, SignatureScheme(id))
+		}
+		pair.OCSPStaple = *ocspResponse
+		// Use Get[Client]Certificate to force the use of the certificate, which
+		// more closely matches the BoGo expectations (e.g. handshake failure if
+		// no client certificates are compatible).
+		cfg.GetCertificate = func(chi *ClientHelloInfo) (*Certificate, error) {
+			if *expectedPeerSigAlg != nil {
+				if len(chi.SignatureSchemes) != len(*expectedPeerSigAlg) {
+					return nil, fmt.Errorf("unexpected signature algorithms: got %s, want %v", chi.SignatureSchemes, *expectedPeerSigAlg)
+				}
+				for i := range *expectedPeerSigAlg {
+					if chi.SignatureSchemes[i] != SignatureScheme((*expectedPeerSigAlg)[i]) {
+						return nil, fmt.Errorf("unexpected signature algorithms: got %s, want %v", chi.SignatureSchemes, *expectedPeerSigAlg)
+					}
+				}
+			}
+			return &pair, nil
+		}
+		cfg.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) {
+			if *expectedPeerSigAlg != nil {
+				if len(cri.SignatureSchemes) != len(*expectedPeerSigAlg) {
+					return nil, fmt.Errorf("unexpected signature algorithms: got %s, want %v", cri.SignatureSchemes, *expectedPeerSigAlg)
+				}
+				for i := range *expectedPeerSigAlg {
+					if cri.SignatureSchemes[i] != SignatureScheme((*expectedPeerSigAlg)[i]) {
+						return nil, fmt.Errorf("unexpected signature algorithms: got %s, want %v", cri.SignatureSchemes, *expectedPeerSigAlg)
+					}
+				}
+			}
+			return &pair, nil
+		}
 	}
 	if *trustCert != "" {
 		pool := x509.NewCertPool()
@@ -242,26 +327,24 @@ func bogoShim() {
 		cfg.ClientAuth = VerifyClientCertIfGiven
 	}
 
-	if *echConfigListB64 != "" {
-		echConfigList, err := base64.StdEncoding.DecodeString(*echConfigListB64)
-		if err != nil {
-			log.Fatalf("parse ech-config-list err: %s", err)
-		}
-		cfg.EncryptedClientHelloConfigList = echConfigList
+	if *echConfigList != nil {
+		cfg.EncryptedClientHelloConfigList = *echConfigList
 		cfg.MinVersion = VersionTLS13
 	}
 
-	if len(*curves) != 0 {
-		for _, curveStr := range *curves {
-			id, err := strconv.Atoi(curveStr)
-			if err != nil {
-				log.Fatalf("failed to parse curve id %q: %s", curveStr, err)
-			}
+	if *curves != nil {
+		for _, id := range *curves {
 			cfg.CurvePreferences = append(cfg.CurvePreferences, CurveID(id))
 		}
 	}
 
-	if len(*echServerConfig) != 0 {
+	if *verifyPrefs != nil {
+		for _, id := range *verifyPrefs {
+			testingOnlySupportedSignatureAlgorithms = append(testingOnlySupportedSignatureAlgorithms, SignatureScheme(id))
+		}
+	}
+
+	if *echServerConfig != nil {
 		if len(*echServerConfig) != len(*echServerKey) || len(*echServerConfig) != len(*echServerRetryConfig) {
 			log.Fatal("-ech-server-config, -ech-server-key, and -ech-is-retry-config mismatch")
 		}
@@ -285,12 +368,8 @@ func bogoShim() {
 	}
 
 	for i := 0; i < *resumeCount+1; i++ {
-		if i > 0 && (*onResumeECHConfigListB64 != "") {
-			echConfigList, err := base64.StdEncoding.DecodeString(*onResumeECHConfigListB64)
-			if err != nil {
-				log.Fatalf("parse ech-config-list err: %s", err)
-			}
-			cfg.EncryptedClientHelloConfigList = echConfigList
+		if i > 0 && *onResumeECHConfigList != nil {
+			cfg.EncryptedClientHelloConfigList = *onResumeECHConfigList
 		}
 
 		conn, err := net.Dial("tcp", net.JoinHostPort("localhost", *port))
@@ -343,7 +422,7 @@ func bogoShim() {
 		if err != io.EOF {
 			retryErr, ok := err.(*ECHRejectionError)
 			if !ok {
-				log.Fatalf("unexpected error type returned: %v", err)
+				log.Fatal(err)
 			}
 			if *expectNoECHRetryConfigs && len(retryErr.RetryConfigList) > 0 {
 				log.Fatalf("expected no ECH retry configs, got some")
@@ -408,10 +487,21 @@ func bogoShim() {
 			if err != nil {
 				log.Fatalf("failed to parse -expect-curve-id: %s", err)
 			}
-			if tlsConn.curveID != CurveID(expectedCurveID) {
+			if cs.CurveID != CurveID(expectedCurveID) {
 				log.Fatalf("unexpected curve id: want %d, got %d", expectedCurveID, tlsConn.curveID)
 			}
 		}
+
+		// TODO: implement testingOnlyPeerSignatureAlgorithm on resumption.
+		if *expectedSigAlg != "" && !cs.DidResume {
+			expectedSigAlgID, err := strconv.Atoi(*expectedSigAlg)
+			if err != nil {
+				log.Fatalf("failed to parse -expect-peer-signature-algorithm: %s", err)
+			}
+			if cs.testingOnlyPeerSignatureAlgorithm != SignatureScheme(expectedSigAlgID) {
+				log.Fatalf("unexpected peer signature algorithm: want %s, got %s", SignatureScheme(expectedSigAlgID), cs.testingOnlyPeerSignatureAlgorithm)
+			}
+		}
 	}
 }
 
@@ -491,20 +581,36 @@ func TestBogoSuite(t *testing.T) {
 	assertResults := map[string]string{
 		"CurveTest-Client-MLKEM-TLS13": "PASS",
 		"CurveTest-Server-MLKEM-TLS13": "PASS",
+
+		// Various signature algorithm tests checking that we enforce our
+		// preferences on the peer.
+		"ClientAuth-Enforced":                    "PASS",
+		"ServerAuth-Enforced":                    "PASS",
+		"ClientAuth-Enforced-TLS13":              "PASS",
+		"ServerAuth-Enforced-TLS13":              "PASS",
+		"VerifyPreferences-Advertised":           "PASS",
+		"VerifyPreferences-Enforced":             "PASS",
+		"Client-TLS12-NoSign-RSA_PKCS1_MD5_SHA1": "PASS",
+		"Server-TLS12-NoSign-RSA_PKCS1_MD5_SHA1": "PASS",
+		"Client-TLS13-NoSign-RSA_PKCS1_MD5_SHA1": "PASS",
+		"Server-TLS13-NoSign-RSA_PKCS1_MD5_SHA1": "PASS",
 	}
 
 	for name, result := range results.Tests {
 		// This is not really the intended way to do this... but... it works?
 		t.Run(name, func(t *testing.T) {
 			if result.Actual == "FAIL" && result.IsUnexpected {
-				t.Fatal(result.Error)
+				t.Fail()
+			}
+			if result.Error != "" {
+				t.Log(result.Error)
 			}
-			if expectedResult, ok := assertResults[name]; ok && expectedResult != result.Actual {
-				t.Fatalf("unexpected result: got %s, want %s", result.Actual, assertResults[name])
+			if exp, ok := assertResults[name]; ok && exp != result.Actual {
+				t.Errorf("unexpected result: got %s, want %s", result.Actual, exp)
 			}
 			delete(assertResults, name)
 			if result.Actual == "SKIP" {
-				t.Skip()
+				t.SkipNow()
 			}
 		})
 	}
diff --git a/common.go b/common.go
index 6a1c53fe..6fe6f34c 100644
--- a/common.go
+++ b/common.go
@@ -309,6 +309,10 @@ type ConnectionState struct {
 
 	// testingOnlyDidHRR is true if a HelloRetryRequest was sent/received.
 	testingOnlyDidHRR bool
+
+	// testingOnlyPeerSignatureAlgorithm is the signature algorithm used by the
+	// peer to sign the handshake. It is not set for resumed connections.
+	testingOnlyPeerSignatureAlgorithm SignatureScheme
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
@@ -1684,35 +1688,62 @@ func unexpectedMessageError(wanted, got any) error {
 	return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted)
 }
 
+var testingOnlySupportedSignatureAlgorithms []SignatureScheme
+
 // supportedSignatureAlgorithms returns the supported signature algorithms for
 // the given minimum TLS version, to advertise in ClientHello and
 // CertificateRequest messages.
 func supportedSignatureAlgorithms(minVers uint16) []SignatureScheme {
 	sigAlgs := defaultSupportedSignatureAlgorithms()
-	if fips140tls.Required() {
-		sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
-			return !slices.Contains(allowedSignatureAlgorithmsFIPS, s)
-		})
+	if testingOnlySupportedSignatureAlgorithms != nil {
+		sigAlgs = slices.Clone(testingOnlySupportedSignatureAlgorithms)
 	}
-	if minVers > VersionTLS12 {
-		sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
-			sigType, sigHash, _ := typeAndHashFromSignatureScheme(s)
-			return sigType == signaturePKCS1v15 || sigHash == crypto.SHA1
-		})
+	return slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
+		return isDisabledSignatureAlgorithm(minVers, s, false)
+	})
+}
+
+var tlssha1 = godebug.New("tlssha1")
+
+func isDisabledSignatureAlgorithm(version uint16, s SignatureScheme, isCert bool) bool {
+	if fips140tls.Required() && !slices.Contains(allowedSignatureAlgorithmsFIPS, s) {
+		return true
+	}
+
+	// For the _cert extension we include all algorithms, including SHA-1 and
+	// PKCS#1 v1.5, because it's more likely that something on our side will be
+	// willing to accept a *-with-SHA1 certificate (e.g. with a custom
+	// VerifyConnection or by a direct match with the CertPool), than that the
+	// peer would have a better certificate but is just choosing not to send it.
+	// crypto/x509 will refuse to verify important SHA-1 signatures anyway.
+	if isCert {
+		return false
 	}
-	return sigAlgs
+
+	// TLS 1.3 removed support for PKCS#1 v1.5 and SHA-1 signatures,
+	// and Go 1.25 removed support for SHA-1 signatures in TLS 1.2.
+	if version > VersionTLS12 {
+		sigType, sigHash, _ := typeAndHashFromSignatureScheme(s)
+		if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
+			return true
+		}
+	} else if tlssha1.Value() != "1" {
+		_, sigHash, _ := typeAndHashFromSignatureScheme(s)
+		if sigHash == crypto.SHA1 {
+			return true
+		}
+	}
+
+	return false
 }
 
 // supportedSignatureAlgorithmsCert returns the supported algorithms for
 // signatures in certificates.
 func supportedSignatureAlgorithmsCert() []SignatureScheme {
-	sigAlgs := defaultSupportedSignatureAlgorithmsCert()
-	if fips140tls.Required() {
-		sigAlgs = slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
-			return !slices.Contains(allowedSignatureAlgorithmsFIPS, s)
-		})
-	}
-	return sigAlgs
+	sigAlgs := defaultSupportedSignatureAlgorithms()
+	return slices.DeleteFunc(sigAlgs, func(s SignatureScheme) bool {
+		return isDisabledSignatureAlgorithm(0, s, true)
+	})
 }
 
 func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlgorithms []SignatureScheme) bool {
diff --git a/conn.go b/conn.go
index cd9b9778..b36fcaa6 100644
--- a/conn.go
+++ b/conn.go
@@ -51,6 +51,7 @@ type Conn struct {
 	didHRR           bool // whether a HelloRetryRequest was sent/received
 	cipherSuite      uint16
 	curveID          CurveID
+	peerSigAlg       SignatureScheme
 	ocspResponse     []byte   // stapled OCSP response
 	scts             [][]byte // signed certificate timestamps from server
 	peerCertificates []*x509.Certificate
@@ -1630,6 +1631,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	state.NegotiatedProtocol = c.clientProtocol
 	state.DidResume = c.didResume
 	state.testingOnlyDidHRR = c.didHRR
+	state.testingOnlyPeerSignatureAlgorithm = c.peerSigAlg
 	state.CurveID = c.curveID
 	state.NegotiatedProtocolIsMutual = true
 	state.ServerName = c.serverName
diff --git a/defaults.go b/defaults.go
index 3aa1bc2e..489a2750 100644
--- a/defaults.go
+++ b/defaults.go
@@ -24,53 +24,11 @@ func defaultCurvePreferences() []CurveID {
 	return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}
 }
 
-var tlssha1 = godebug.New("tlssha1")
-
 // defaultSupportedSignatureAlgorithms returns the signature and hash algorithms that
 // the code advertises and supports in a TLS 1.2+ ClientHello and in a TLS 1.2+
 // CertificateRequest. The two fields are merged to match with TLS 1.3.
 // Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
 func defaultSupportedSignatureAlgorithms() []SignatureScheme {
-	if tlssha1.Value() == "1" {
-		return []SignatureScheme{
-			PSSWithSHA256,
-			ECDSAWithP256AndSHA256,
-			Ed25519,
-			PSSWithSHA384,
-			PSSWithSHA512,
-			PKCS1WithSHA256,
-			PKCS1WithSHA384,
-			PKCS1WithSHA512,
-			ECDSAWithP384AndSHA384,
-			ECDSAWithP521AndSHA512,
-			PKCS1WithSHA1,
-			ECDSAWithSHA1,
-		}
-	}
-	return []SignatureScheme{
-		PSSWithSHA256,
-		ECDSAWithP256AndSHA256,
-		Ed25519,
-		PSSWithSHA384,
-		PSSWithSHA512,
-		PKCS1WithSHA256,
-		PKCS1WithSHA384,
-		PKCS1WithSHA512,
-		ECDSAWithP384AndSHA384,
-		ECDSAWithP521AndSHA512,
-	}
-}
-
-// defaultSupportedSignatureAlgorithmsCert returns the signature algorithms that
-// the code advertises as supported for signatures in certificates.
-//
-// We include all algorithms, including SHA-1 and PKCS#1 v1.5, because it's more
-// likely that something on our side will be willing to accept a *-with-SHA1
-// certificate (e.g. with a custom VerifyConnection or by a direct match with
-// the CertPool), than that the peer would have a better certificate but is just
-// choosing not to send it. crypto/x509 will refuse to verify important SHA-1
-// signatures anyway.
-func defaultSupportedSignatureAlgorithmsCert() []SignatureScheme {
 	return []SignatureScheme{
 		PSSWithSHA256,
 		ECDSAWithP256AndSHA256,
diff --git a/fips140_test.go b/fips140_test.go
index 46d30768..d3fa61dc 100644
--- a/fips140_test.go
+++ b/fips140_test.go
@@ -18,6 +18,7 @@ import (
 	"internal/testenv"
 	"math/big"
 	"net"
+	"os"
 	"runtime"
 	"strings"
 	"testing"
@@ -262,15 +263,19 @@ func fipsHandshake(t *testing.T, clientConfig, serverConfig *Config) (clientErr,
 
 func TestFIPSServerSignatureAndHash(t *testing.T) {
 	defer func() {
-		testingOnlyForceClientHelloSignatureAlgorithms = nil
+		testingOnlySupportedSignatureAlgorithms = nil
 	}()
+	defer func(godebug string) {
+		os.Setenv("GODEBUG", godebug)
+	}(os.Getenv("GODEBUG"))
+	os.Setenv("GODEBUG", "tlssha1=1")
 
 	for _, sigHash := range defaultSupportedSignatureAlgorithms() {
 		t.Run(fmt.Sprintf("%v", sigHash), func(t *testing.T) {
 			serverConfig := testConfig.Clone()
 			serverConfig.Certificates = make([]Certificate, 1)
 
-			testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash}
+			testingOnlySupportedSignatureAlgorithms = []SignatureScheme{sigHash}
 
 			sigType, _, _ := typeAndHashFromSignatureScheme(sigHash)
 			switch sigType {
diff --git a/handshake_client.go b/handshake_client.go
index 2d3a2ef2..90c5bdac 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -20,7 +20,6 @@ import (
 	"errors"
 	"fmt"
 	"hash"
-	"internal/byteorder"
 	"internal/godebug"
 	"io"
 	"net"
@@ -42,8 +41,6 @@ type clientHandshakeState struct {
 	ticket       []byte        // a fresh ticket received during this handshake
 }
 
-var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme
-
 func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echClientContext, error) {
 	config := c.config
 	if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
@@ -126,9 +123,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms(minVersion)
 		hello.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithmsCert()
 	}
-	if testingOnlyForceClientHelloSignatureAlgorithms != nil {
-		hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
-	}
 
 	var keyShareKeys *keySharePrivateKeys
 	if maxVersion >= VersionTLS13 {
@@ -732,8 +726,9 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 			c.sendAlert(alertIllegalParameter)
 			return err
 		}
-		if len(skx.key) >= 3 && skx.key[0] == 3 /* named curve */ {
-			c.curveID = CurveID(byteorder.BEUint16(skx.key[1:]))
+		if keyAgreement, ok := keyAgreement.(*ecdheKeyAgreement); ok {
+			c.curveID = keyAgreement.curveID
+			c.peerSigAlg = keyAgreement.signatureAlgorithm
 		}
 
 		msg, err = c.readHandshake(&hs.finishedHash)
@@ -819,7 +814,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 		if c.vers >= VersionTLS12 {
 			signatureAlgorithm, err := selectSignatureScheme(c.vers, chainToSend, certReq.supportedSignatureAlgorithms)
 			if err != nil {
-				c.sendAlert(alertIllegalParameter)
+				c.sendAlert(alertHandshakeFailure)
 				return err
 			}
 			sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index bf3cab97..4f496690 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -694,6 +694,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 		c.sendAlert(alertDecryptError)
 		return errors.New("tls: invalid signature by the server certificate: " + err.Error())
 	}
+	c.peerSigAlg = certVerify.signatureAlgorithm
 
 	if err := transcriptMsg(certVerify, hs.transcript); err != nil {
 		return err
diff --git a/handshake_server.go b/handshake_server.go
index 6848407e..8240e6af 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -16,7 +16,6 @@ import (
 	"errors"
 	"fmt"
 	"hash"
-	"internal/byteorder"
 	"io"
 	"time"
 )
@@ -632,8 +631,9 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		return err
 	}
 	if skx != nil {
-		if len(skx.key) >= 3 && skx.key[0] == 3 /* named curve */ {
-			c.curveID = CurveID(byteorder.BEUint16(skx.key[1:]))
+		if keyAgreement, ok := keyAgreement.(*ecdheKeyAgreement); ok {
+			c.curveID = keyAgreement.curveID
+			c.peerSigAlg = keyAgreement.signatureAlgorithm
 		}
 		if _, err := hs.c.writeHandshakeRecord(skx, &hs.finishedHash); err != nil {
 			return err
@@ -789,6 +789,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 			c.sendAlert(alertDecryptError)
 			return errors.New("tls: invalid signature by the client certificate: " + err.Error())
 		}
+		c.peerSigAlg = certVerify.signatureAlgorithm
 
 		if err := transcriptMsg(certVerify, &hs.finishedHash); err != nil {
 			return err
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 090ff67f..dbd6ff2c 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -1115,6 +1115,7 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
 			c.sendAlert(alertDecryptError)
 			return errors.New("tls: invalid signature by the client certificate: " + err.Error())
 		}
+		c.peerSigAlg = certVerify.signatureAlgorithm
 
 		if err := transcriptMsg(certVerify, hs.transcript); err != nil {
 			return err
diff --git a/key_agreement.go b/key_agreement.go
index 3daa1aa4..88116f94 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -165,25 +165,29 @@ type ecdheKeyAgreement struct {
 	// and returned in generateClientKeyExchange.
 	ckx             *clientKeyExchangeMsg
 	preMasterSecret []byte
+
+	// curveID and signatureAlgorithm are set by processServerKeyExchange and
+	// generateServerKeyExchange.
+	curveID            CurveID
+	signatureAlgorithm SignatureScheme
 }
 
 func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
-	var curveID CurveID
 	for _, c := range clientHello.supportedCurves {
 		if config.supportsCurve(ka.version, c) {
-			curveID = c
+			ka.curveID = c
 			break
 		}
 	}
 
-	if curveID == 0 {
+	if ka.curveID == 0 {
 		return nil, errors.New("tls: no supported elliptic curves offered")
 	}
-	if _, ok := curveForCurveID(curveID); !ok {
+	if _, ok := curveForCurveID(ka.curveID); !ok {
 		return nil, errors.New("tls: CurvePreferences includes unsupported curve")
 	}
 
-	key, err := generateECDHEKey(config.rand(), curveID)
+	key, err := generateECDHEKey(config.rand(), ka.curveID)
 	if err != nil {
 		return nil, err
 	}
@@ -193,8 +197,8 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 	ecdhePublic := key.PublicKey().Bytes()
 	serverECDHEParams := make([]byte, 1+2+1+len(ecdhePublic))
 	serverECDHEParams[0] = 3 // named curve
-	serverECDHEParams[1] = byte(curveID >> 8)
-	serverECDHEParams[2] = byte(curveID)
+	serverECDHEParams[1] = byte(ka.curveID >> 8)
+	serverECDHEParams[2] = byte(ka.curveID)
 	serverECDHEParams[3] = byte(len(ecdhePublic))
 	copy(serverECDHEParams[4:], ecdhePublic)
 
@@ -203,15 +207,14 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 		return nil, fmt.Errorf("tls: certificate private key of type %T does not implement crypto.Signer", cert.PrivateKey)
 	}
 
-	var signatureAlgorithm SignatureScheme
 	var sigType uint8
 	var sigHash crypto.Hash
 	if ka.version >= VersionTLS12 {
-		signatureAlgorithm, err = selectSignatureScheme(ka.version, cert, clientHello.supportedSignatureAlgorithms)
+		ka.signatureAlgorithm, err = selectSignatureScheme(ka.version, cert, clientHello.supportedSignatureAlgorithms)
 		if err != nil {
 			return nil, err
 		}
-		sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
+		sigType, sigHash, err = typeAndHashFromSignatureScheme(ka.signatureAlgorithm)
 		if err != nil {
 			return nil, err
 		}
@@ -249,8 +252,8 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 	copy(skx.key, serverECDHEParams)
 	k := skx.key[len(serverECDHEParams):]
 	if ka.version >= VersionTLS12 {
-		k[0] = byte(signatureAlgorithm >> 8)
-		k[1] = byte(signatureAlgorithm)
+		k[0] = byte(ka.signatureAlgorithm >> 8)
+		k[1] = byte(ka.signatureAlgorithm)
 		k = k[2:]
 	}
 	k[0] = byte(len(sig) >> 8)
@@ -284,7 +287,7 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 	if skx.key[0] != 3 { // named curve
 		return errors.New("tls: server selected unsupported curve")
 	}
-	curveID := CurveID(skx.key[1])<<8 | CurveID(skx.key[2])
+	ka.curveID = CurveID(skx.key[1])<<8 | CurveID(skx.key[2])
 
 	publicLen := int(skx.key[3])
 	if publicLen+4 > len(skx.key) {
@@ -298,15 +301,15 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 		return errServerKeyExchange
 	}
 
-	if !slices.Contains(clientHello.supportedCurves, curveID) {
+	if !slices.Contains(clientHello.supportedCurves, ka.curveID) {
 		return errors.New("tls: server selected unoffered curve")
 	}
 
-	if _, ok := curveForCurveID(curveID); !ok {
+	if _, ok := curveForCurveID(ka.curveID); !ok {
 		return errors.New("tls: server selected unsupported curve")
 	}
 
-	key, err := generateECDHEKey(config.rand(), curveID)
+	key, err := generateECDHEKey(config.rand(), ka.curveID)
 	if err != nil {
 		return err
 	}
@@ -330,16 +333,16 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 	var sigType uint8
 	var sigHash crypto.Hash
 	if ka.version >= VersionTLS12 {
-		signatureAlgorithm := SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
+		ka.signatureAlgorithm = SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
 		sig = sig[2:]
 		if len(sig) < 2 {
 			return errServerKeyExchange
 		}
 
-		if !isSupportedSignatureAlgorithm(signatureAlgorithm, clientHello.supportedSignatureAlgorithms) {
+		if !isSupportedSignatureAlgorithm(ka.signatureAlgorithm, clientHello.supportedSignatureAlgorithms) {
 			return errors.New("tls: certificate used with invalid signature algorithm")
 		}
-		sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
+		sigType, sigHash, err = typeAndHashFromSignatureScheme(ka.signatureAlgorithm)
 		if err != nil {
 			return err
 		}

From 406431869efc1e7cbeb6d2e3c574e0bf343f299b Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 23 Jun 2025 15:48:57 -0400
Subject: [PATCH 52/95] crypto/tls: update bogo version

This commit updates the pinned revision of BoringSSL that's used for the
BoGo integration test.

Doing this requires a few categories of config changes:

* ignoring a few new tests for features crypto/tls doesn't implement
* ignoring a few new tests that require further
  investigation/classification, or that already have an associated
  tracking issue
* updating the error map syntax to accommodate the upstream change that
  allows a one-to-many mapping

One code change is required in the shim test process to adjust how we
tear down a connection after an error to account for an upstream change
in the test runner.

Previously, for error conditions we would immediately close the
connection when exiting the shim process. We instead need to do this in
a multi-step process:

1. Flush any pending TLS writes to surface any alerts the error
   condition may have generated.
2. Close the write side of the TCP connection to signal we're not
   writing anymore.
3. Read and discard any pending data from the peer.
4. Close the read side of the TCP connection to fully close the socket.

Without doing this unpredictable timing factors may result in spurious
test failures where:

1. The runner sends us data that produces an error.
2. We send an alert, and immediately tear down the connection.
3. The runner tries to perform a write, and hits an error because the
   pipe is closed.
4. The runner fails the test with the pipe write error, before it reads
   from the connection to see the expected alert.

With the new code we instead swallow the unrelated writes and the runner
sees our alert after its ignored write when it tries to read from the
conn. The alert is the expected test outcome, and so the test passes.

This was previously not an issue because the runner was discarding the
write errors.

Updates #72006

Change-Id: Ib72a1c5e693aac92144696c8bae888d5f3f6c32f
Reviewed-on: https://go-review.googlesource.com/c/go/+/683456
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 bogo_config.json  | 14 ++++++++++++--
 bogo_shim_test.go | 33 ++++++++++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index 9e3990ec..b269d4b6 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -74,6 +74,9 @@
         "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
         "SupportTicketsWithSessionID": "We don't support session ID resumption",
         "ResumeTLS12SessionID-TLS13": "We don't support session ID resumption",
+        "TrustAnchors-*": "We don't support draft-beck-tls-trust-anchor-ids",
+        "PAKE-Extension-*": "We don't support PAKE",
+        "*TicketFlags": "We don't support draft-ietf-tls-tlsflags",
 
         "CheckLeafCurve": "TODO: first pass, this should be fixed",
         "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
@@ -206,7 +209,14 @@
         "EarlyData-Server-BadFinished-TLS13": "TODO: first pass, this should be fixed",
         "EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
         "EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
-        "Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed"
+
+        "ServerNameExtensionServer-TLS-*": "https://github.com/golang/go/issues/74282",
+
+        "Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed",
+        "GarbageCertificate-Server-TLS13": "TODO: 2025/06 BoGo update, should be fixed",
+        "WrongMessageType-TLS13-ClientCertificate-TLS": "TODO: 2025/06  BoGo update, should be fixed",
+        "KeyUpdate-Requested": "TODO: 2025/06  BoGo update, should be fixed",
+        "AppDataBeforeTLS13KeyChange-*": "TODO: 2025/06  BoGo update, should be fixed"
     },
     "AllCurves": [
         23,
@@ -216,6 +226,6 @@
         4588
     ],
     "ErrorMap": {
-        ":ECH_REJECTED:": "tls: server rejected ECH"
+        ":ECH_REJECTED:": ["tls: server rejected ECH"]
     }
 }
diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 2e88d539..7cab568d 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -420,6 +420,12 @@ func bogoShim() {
 			}
 		}
 		if err != io.EOF {
+			// Flush the TLS conn and then perform a graceful shutdown of the
+			// TCP connection to avoid the runner side hitting an unexpected
+			// write error before it has processed the alert we may have
+			// generated for the error condition.
+			orderlyShutdown(tlsConn)
+
 			retryErr, ok := err.(*ECHRejectionError)
 			if !ok {
 				log.Fatal(err)
@@ -505,6 +511,31 @@ func bogoShim() {
 	}
 }
 
+// If the test case produces an error, we don't want to immediately close the
+// TCP connection after generating an alert. The runner side may try to write
+// additional data to the connection before it reads the alert. If the conn
+// has already been torn down, then these writes will produce an unexpected
+// broken pipe err and fail the test.
+func orderlyShutdown(tlsConn *Conn) {
+	// Flush any pending alert data
+	tlsConn.flush()
+
+	netConn := tlsConn.NetConn()
+	tcpConn := netConn.(*net.TCPConn)
+	tcpConn.CloseWrite()
+
+	// Read and discard any data that was sent by the peer.
+	buf := make([]byte, maxPlaintext)
+	for {
+		n, err := tcpConn.Read(buf)
+		if n == 0 || err != nil {
+			break
+		}
+	}
+
+	tcpConn.CloseRead()
+}
+
 func TestBogoSuite(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping in short mode")
@@ -526,7 +557,7 @@ func TestBogoSuite(t *testing.T) {
 	if *bogoLocalDir != "" {
 		bogoDir = *bogoLocalDir
 	} else {
-		const boringsslModVer = "v0.0.0-20241120195446-5cce3fbd23e1"
+		const boringsslModVer = "v0.0.0-20250620172916-f51d8b099832"
 		bogoDir = cryptotest.FetchModule(t, "boringssl.googlesource.com/boringssl.git", boringsslModVer)
 	}
 

From 87a83d243646693112b4ef1fd662321f844cba2d Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Fri, 23 May 2025 20:28:36 +0200
Subject: [PATCH 53/95] crypto/tls: ensure the ECDSA curve matches the
 signature algorithm

Change-Id: I6a6a4656c1b47ba6bd652d4da18922cb6b80a8ab
Reviewed-on: https://go-review.googlesource.com/c/go/+/675836
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 auth.go                   | 59 +++++++++++++++++----------------------
 bogo_config.json          |  2 --
 handshake_client_tls13.go |  3 +-
 handshake_server_tls13.go |  3 +-
 4 files changed, 29 insertions(+), 38 deletions(-)

diff --git a/auth.go b/auth.go
index f5de7b30..7169e471 100644
--- a/auth.go
+++ b/auth.go
@@ -163,73 +163,64 @@ var rsaSignatureSchemes = []struct {
 	{PKCS1WithSHA1, 15 + crypto.SHA1.Size() + 11},
 }
 
-// signatureSchemesForCertificate returns the list of supported SignatureSchemes
-// for a given certificate, based on the public key and the protocol version,
-// and optionally filtered by its explicit SupportedSignatureAlgorithms.
-func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme {
-	priv, ok := cert.PrivateKey.(crypto.Signer)
-	if !ok {
-		return nil
-	}
-
-	var sigAlgs []SignatureScheme
-	switch pub := priv.Public().(type) {
+func signatureSchemesForPublicKey(version uint16, pub crypto.PublicKey) []SignatureScheme {
+	switch pub := pub.(type) {
 	case *ecdsa.PublicKey:
-		if version != VersionTLS13 {
+		if version < VersionTLS13 {
 			// In TLS 1.2 and earlier, ECDSA algorithms are not
 			// constrained to a single curve.
-			sigAlgs = []SignatureScheme{
+			return []SignatureScheme{
 				ECDSAWithP256AndSHA256,
 				ECDSAWithP384AndSHA384,
 				ECDSAWithP521AndSHA512,
 				ECDSAWithSHA1,
 			}
-			break
 		}
 		switch pub.Curve {
 		case elliptic.P256():
-			sigAlgs = []SignatureScheme{ECDSAWithP256AndSHA256}
+			return []SignatureScheme{ECDSAWithP256AndSHA256}
 		case elliptic.P384():
-			sigAlgs = []SignatureScheme{ECDSAWithP384AndSHA384}
+			return []SignatureScheme{ECDSAWithP384AndSHA384}
 		case elliptic.P521():
-			sigAlgs = []SignatureScheme{ECDSAWithP521AndSHA512}
+			return []SignatureScheme{ECDSAWithP521AndSHA512}
 		default:
 			return nil
 		}
 	case *rsa.PublicKey:
 		size := pub.Size()
-		sigAlgs = make([]SignatureScheme, 0, len(rsaSignatureSchemes))
+		sigAlgs := make([]SignatureScheme, 0, len(rsaSignatureSchemes))
 		for _, candidate := range rsaSignatureSchemes {
 			if size >= candidate.minModulusBytes {
 				sigAlgs = append(sigAlgs, candidate.scheme)
 			}
 		}
+		return sigAlgs
 	case ed25519.PublicKey:
-		sigAlgs = []SignatureScheme{Ed25519}
+		return []SignatureScheme{Ed25519}
 	default:
 		return nil
 	}
-
-	if cert.SupportedSignatureAlgorithms != nil {
-		sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
-			return !isSupportedSignatureAlgorithm(sigAlg, cert.SupportedSignatureAlgorithms)
-		})
-	}
-
-	// Filter out any unsupported signature algorithms, for example due to
-	// FIPS 140-3 policy, tlssha1=0, or protocol version.
-	sigAlgs = slices.DeleteFunc(sigAlgs, func(sigAlg SignatureScheme) bool {
-		return isDisabledSignatureAlgorithm(version, sigAlg, false)
-	})
-
-	return sigAlgs
 }
 
 // selectSignatureScheme picks a SignatureScheme from the peer's preference list
 // that works with the selected certificate. It's only called for protocol
 // versions that support signature algorithms, so TLS 1.2 and 1.3.
 func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureScheme) (SignatureScheme, error) {
-	supportedAlgs := signatureSchemesForCertificate(vers, c)
+	priv, ok := c.PrivateKey.(crypto.Signer)
+	if !ok {
+		return 0, unsupportedCertificateError(c)
+	}
+	supportedAlgs := signatureSchemesForPublicKey(vers, priv.Public())
+	if c.SupportedSignatureAlgorithms != nil {
+		supportedAlgs = slices.DeleteFunc(supportedAlgs, func(sigAlg SignatureScheme) bool {
+			return !isSupportedSignatureAlgorithm(sigAlg, c.SupportedSignatureAlgorithms)
+		})
+	}
+	// Filter out any unsupported signature algorithms, for example due to
+	// FIPS 140-3 policy, tlssha1=0, or protocol version.
+	supportedAlgs = slices.DeleteFunc(supportedAlgs, func(sigAlg SignatureScheme) bool {
+		return isDisabledSignatureAlgorithm(vers, sigAlg, false)
+	})
 	if len(supportedAlgs) == 0 {
 		return 0, unsupportedCertificateError(c)
 	}
diff --git a/bogo_config.json b/bogo_config.json
index b269d4b6..cf316718 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -49,8 +49,6 @@
         "ServerAuth-SHA1-Fallback*": "We don't support SHA-1 in TLS 1.2 (without tlssha1=1), so we fail if there are no signature_algorithms",
 
         "Agree-Digest-SHA256": "We select signature algorithms in peer preference order. We should consider changing this.",
-        "ECDSACurveMismatch-Verify-TLS13": "We don't enforce the curve when verifying. This is a bug. We need to fix this.",
-        "*-Verify-ECDSA_P224_SHA256-TLS13": "Side effect of the bug above. BoGo sends a P-256 sigAlg with a P-224 key, and we allow it.",
 
         "V2ClientHello-*": "We don't support SSLv2",
         "SendV2ClientHello*": "We don't support SSLv2",
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 4f496690..7018bb23 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -677,7 +677,8 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 	// See RFC 8446, Section 4.4.3.
 	// We don't use hs.hello.supportedSignatureAlgorithms because it might
 	// include PKCS#1 v1.5 and SHA-1 if the ClientHello also supported TLS 1.2.
-	if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms(c.vers)) {
+	if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms(c.vers)) ||
+		!isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, signatureSchemesForPublicKey(c.vers, c.peerCertificates[0].PublicKey)) {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: certificate used with invalid signature algorithm")
 	}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index dbd6ff2c..a52bc76a 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -1098,7 +1098,8 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
 		// See RFC 8446, Section 4.4.3.
 		// We don't use certReq.supportedSignatureAlgorithms because it would
 		// require keeping the certificateRequestMsgTLS13 around in the hs.
-		if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms(c.vers)) {
+		if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms(c.vers)) ||
+			!isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, signatureSchemesForPublicKey(c.vers, c.peerCertificates[0].PublicKey)) {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: client certificate used with invalid signature algorithm")
 		}

From 5a54793897801e9133824eb18a4b9d95a2109e69 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Sat, 28 Jun 2025 14:29:48 -0400
Subject: [PATCH 54/95] crypto/tls: empty server_name conf. ext. from server

When a TLS server uses the information from the server_name extension in
a client hello, and the connection isn't resuming, it should return an
empty server_name extension in its server hello (or encrypted extensions
for TLS 1.3).

For TLS <1.3 we we do this in doFullHandshake(), by setting the
pre-existing serverHelloMsg.serverNameAck bool. We know that the
connection isn't resuming based on the context where this function is
called.

For TLS 1.3, a new encryptedExtensionsMsg.serverNameAck bool is added,
and populated as appropriate in sendServerParameters() based on whether
the conn was resumed or not. The encryptedExtensionsMsg marshalling is
updated to emit the encrypted extension based on that field.

These changes allow enabling the ServerNameExtensionServer-* bogo tests
that verify both the presence and absence of the server_name extension
based on the relevant specifications.

Resolves #74282
Updates #72006

Change-Id: I703bc2ec916b50906bdece7b7483a7faed7aa8e4
Reviewed-on: https://go-review.googlesource.com/c/go/+/684795
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
---
 bogo_config.json                              |   2 -
 handshake_messages.go                         |  10 ++
 handshake_server.go                           |   4 +
 handshake_server_tls13.go                     |   4 +
 testdata/Server-TLSv12-SNI                    | 136 +++++++++---------
 testdata/Server-TLSv12-SNI-GetCertificate     | 136 +++++++++---------
 .../Server-TLSv12-SNI-GetCertificateNotFound  | 136 +++++++++---------
 7 files changed, 222 insertions(+), 206 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index cf316718..ed3fc6ec 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -208,8 +208,6 @@
         "EarlyData-UnexpectedHandshake-Server-TLS13": "TODO: first pass, this should be fixed",
         "EarlyData-CipherMismatch-Client-TLS13": "TODO: first pass, this should be fixed",
 
-        "ServerNameExtensionServer-TLS-*": "https://github.com/golang/go/issues/74282",
-
         "Resume-Server-UnofferedCipher-TLS13": "TODO: first pass, this should be fixed",
         "GarbageCertificate-Server-TLS13": "TODO: 2025/06 BoGo update, should be fixed",
         "WrongMessageType-TLS13-ClientCertificate-TLS": "TODO: 2025/06  BoGo update, should be fixed",
diff --git a/handshake_messages.go b/handshake_messages.go
index d9a475aa..aa0b7db7 100644
--- a/handshake_messages.go
+++ b/handshake_messages.go
@@ -1005,6 +1005,7 @@ type encryptedExtensionsMsg struct {
 	quicTransportParameters []byte
 	earlyData               bool
 	echRetryConfigs         []byte
+	serverNameAck           bool
 }
 
 func (m *encryptedExtensionsMsg) marshal() ([]byte, error) {
@@ -1040,6 +1041,10 @@ func (m *encryptedExtensionsMsg) marshal() ([]byte, error) {
 					b.AddBytes(m.echRetryConfigs)
 				})
 			}
+			if m.serverNameAck {
+				b.AddUint16(extensionServerName)
+				b.AddUint16(0) // empty extension_data
+			}
 		})
 	})
 
@@ -1095,6 +1100,11 @@ func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool {
 			if !extData.CopyBytes(m.echRetryConfigs) {
 				return false
 			}
+		case extensionServerName:
+			if len(extData) != 0 {
+				return false
+			}
+			m.serverNameAck = true
 		default:
 			// Ignore unknown extensions.
 			continue
diff --git a/handshake_server.go b/handshake_server.go
index 8240e6af..1e0b5f06 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -594,6 +594,10 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 		hs.hello.ocspStapling = true
 	}
 
+	if hs.clientHello.serverName != "" {
+		hs.hello.serverNameAck = true
+	}
+
 	hs.hello.ticketSupported = hs.clientHello.ticketSupported && !c.config.SessionTicketsDisabled
 	hs.hello.cipherSuite = hs.suite.id
 
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index a52bc76a..501bdeb6 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -802,6 +802,10 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
 		encryptedExtensions.earlyData = hs.earlyData
 	}
 
+	if !hs.c.didResume && hs.clientHello.serverName != "" {
+		encryptedExtensions.serverNameAck = true
+	}
+
 	// If client sent ECH extension, but we didn't accept it,
 	// send retry configs, if available.
 	echKeys := hs.c.config.EncryptedClientHelloKeys
diff --git a/testdata/Server-TLSv12-SNI b/testdata/Server-TLSv12-SNI
index c3dc1b6e..b7889def 100644
--- a/testdata/Server-TLSv12-SNI
+++ b/testdata/Server-TLSv12-SNI
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 81 01 00 00  7d 03 03 cc a1 7b c4 56  |........}....{.V|
-00000010  9f 65 31 01 b0 23 09 18  10 50 7c 1e 14 7b b5 dd  |.e1..#...P|..{..|
-00000020  d4 70 07 3e 0b 19 19 31  6b f7 4d 00 00 04 00 2f  |.p.>...1k.M..../|
+00000000  16 03 01 00 81 01 00 00  7d 03 03 5b 8e 50 b3 0e  |........}..[.P..|
+00000010  1f d7 4f a4 0f 53 de 37  1a c6 86 2f 01 c0 0b 15  |..O..S.7.../....|
+00000020  cf a9 f4 f5 30 c0 aa 7e  cc 5b 4e 00 00 04 00 2f  |....0..~.[N..../|
 00000030  00 ff 01 00 00 50 00 00  00 10 00 0e 00 00 0b 73  |.....P.........s|
 00000040  6e 69 74 65 73 74 2e 63  6f 6d 00 16 00 00 00 17  |nitest.com......|
 00000050  00 00 00 0d 00 30 00 2e  04 03 05 03 06 03 08 07  |.....0..........|
@@ -9,75 +9,75 @@
 00000070  05 01 06 01 03 03 02 03  03 01 02 01 03 02 02 02  |................|
 00000080  04 02 05 02 06 02                                 |......|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
+00000000  16 03 03 00 39 02 00 00  35 03 03 00 00 00 00 00  |....9...5.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 00 2f 00 00  |...DOWNGRD.../..|
-00000030  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
-00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
-00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
-00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
-00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
-00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
-00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
-000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
-000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
-000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
-000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
-000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
-000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
-00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
-00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
-00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
-00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
-00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
-00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
-00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
-00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
-00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
-00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
-000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
-000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
-000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
-000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
-000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
-000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
-00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
-00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
-00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
-00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
-00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
-00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
-00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
-00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
-00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 04 0e 00 00  |.\!.;...........|
-000002a0  00                                                |.|
+00000030  0d ff 01 00 01 00 00 17  00 00 00 00 00 00 16 03  |................|
+00000040  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
+00000050  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
+00000060  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
+00000070  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
+00000080  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
+00000090  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
+000000a0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
+000000b0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
+000000c0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
+000000d0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
+000000e0  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
+000000f0  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
+00000100  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
+00000110  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
+00000120  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
+00000130  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
+00000140  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
+00000150  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
+00000160  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
+00000170  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
+00000180  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
+00000190  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
+000001a0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
+000001b0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
+000001c0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
+000001d0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
+000001e0  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
+000001f0  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
+00000200  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
+00000210  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
+00000220  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
+00000230  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
+00000240  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
+00000250  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
+00000260  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
+00000270  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
+00000280  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
+00000290  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
+000002a0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 04 36 4c 25 96  |............6L%.|
-00000010  b0 1a 33 80 88 98 4f 2a  c8 93 24 81 0a 78 6c 85  |..3...O*..$..xl.|
-00000020  06 4d f1 cf 25 18 e0 f0  61 50 c5 45 c1 24 1b b3  |.M..%...aP.E.$..|
-00000030  d6 3c d3 49 a6 40 81 2c  bb ef 49 76 c0 10 4c ad  |.<.I.@.,..Iv..L.|
-00000040  2e 7d 4d f4 0b 96 bc 1c  eb 3d 1d 7d 18 25 34 14  |.}M......=.}.%4.|
-00000050  ed 76 f2 a1 17 aa 87 1b  ef ff 11 93 a7 44 0c 33  |.v...........D.3|
-00000060  86 27 38 3d 5d 3f bb f1  8d a9 f5 44 28 d1 28 41  |.'8=]?.....D(.(A|
-00000070  bb b7 9a fb 83 81 91 92  4e 7d 71 55 43 ed 42 12  |........N}qUC.B.|
-00000080  86 5f de 02 13 1f c4 63  08 87 db 14 03 03 00 01  |._.....c........|
-00000090  01 16 03 03 00 40 32 01  5f a2 e1 08 cf 6b ce 11  |.....@2._....k..|
-000000a0  db 82 94 c5 f1 12 9a ac  68 dc f9 c8 2c 00 a5 dd  |........h...,...|
-000000b0  6b 49 c8 8b b7 9f e3 90  27 a5 c2 45 fc 75 e5 ac  |kI......'..E.u..|
-000000c0  77 0c 80 bd 43 41 d4 00  c0 fb 8d 08 a6 f4 f7 63  |w...CA.........c|
-000000d0  07 01 09 06 e5 fc                                 |......|
+00000000  16 03 03 00 86 10 00 00  82 00 80 25 3d 8b d1 c0  |...........%=...|
+00000010  ef 86 34 20 a5 4b 4b 94  d9 c8 04 ff 02 13 24 57  |..4 .KK.......$W|
+00000020  21 7f f1 c1 06 0b ea 1f  b1 06 e8 fa 9b 5c 34 96  |!............\4.|
+00000030  23 2a 4b ef cb d7 47 75  05 74 f3 7f ed fb 28 6a  |#*K...Gu.t....(j|
+00000040  cd b8 16 12 96 4b b7 cf  0c c3 b0 93 c3 ea b0 78  |.....K.........x|
+00000050  65 93 9d 6d a9 d5 b7 ed  be 8b 3a f6 12 bb 5d ae  |e..m......:...].|
+00000060  2b 17 2f 62 ca 21 68 7d  12 52 e3 2c cc 32 4b 94  |+./b.!h}.R.,.2K.|
+00000070  4b 1d 73 9a 2e 60 60 da  e6 32 dd d3 4d 39 69 c8  |K.s..``..2..M9i.|
+00000080  b7 9d 8a 1d d8 57 90 13  4c 2a a9 14 03 03 00 01  |.....W..L*......|
+00000090  01 16 03 03 00 40 c4 71  f6 06 63 08 15 02 63 0a  |.....@.q..c...c.|
+000000a0  59 40 55 52 28 17 3f 16  c8 48 93 af 80 87 e6 a8  |Y@UR(.?..H......|
+000000b0  37 a4 4f 20 f0 37 88 5b  55 f3 32 60 c7 c4 1d ce  |7.O .7.[U.2`....|
+000000c0  b2 b8 d1 2d 8b fb a6 87  39 c8 75 31 22 77 33 82  |...-....9.u1"w3.|
+000000d0  64 0f f2 10 9d ee                                 |d.....|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 6d 31 fe 01 3d  |...........m1..=|
-00000020  2a c3 97 67 9f 08 f8 c9  ce 57 5c 4a e6 da 17 f2  |*..g.....W\J....|
-00000030  f8 47 2b d9 9d 7e af 59  b8 a9 23 9d 7e d5 ed 77  |.G+..~.Y..#.~..w|
-00000040  3b cd d4 b7 76 5b 6f 6d  09 bd 0c 17 03 03 00 40  |;...v[om.......@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 f2 12 bf 38 31  |..............81|
+00000020  ee c9 9a 6a 8d fb 1c 53  41 f1 06 3a 44 9c 31 31  |...j...SA..:D.11|
+00000030  25 7b 28 08 f5 3a 85 84  f1 83 61 9b 8c e3 cf 79  |%{(..:....a....y|
+00000040  3a c2 ce e2 9c b8 52 ca  4f 5c b1 17 03 03 00 40  |:.....R.O\.....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  d2 8c 47 46 36 47 fa d8  f8 1c b4 fc f6 fd fb 4b  |..GF6G.........K|
-00000070  79 e1 a3 39 df ac 6c 94  61 dd 20 1a e7 c0 4c 9c  |y..9..l.a. ...L.|
-00000080  45 69 69 cf 73 cb b1 6c  fc 71 49 de 41 ca 4d 4f  |Eii.s..l.qI.A.MO|
+00000060  56 57 a0 ee c3 3e 4a 13  70 d5 05 2a 7d ed 49 81  |VW...>J.p..*}.I.|
+00000070  52 37 e0 dc bd d0 e3 de  f8 8e 18 a2 8b f8 62 71  |R7............bq|
+00000080  7f a9 35 50 91 81 6f 33  63 e3 c5 ec cf fa 1b 05  |..5P..o3c.......|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 d1 66 64  ce 59 eb 23 13 e9 92 28  |......fd.Y.#...(|
-000000b0  a4 2a 7a b0 e1 79 ce 92  34 77 6e b3 8d d3 bb e6  |.*z..y..4wn.....|
-000000c0  ad 90 e8 a2 1a                                    |.....|
+000000a0  00 00 00 00 00 e5 05 33  38 e8 33 35 a3 f0 aa f8  |.......38.35....|
+000000b0  8c b7 c5 2b 8c d0 9e 40  57 c5 c9 52 61 ae 5e c7  |...+...@W..Ra.^.|
+000000c0  50 f1 5a 28 50                                    |P.Z(P|
diff --git a/testdata/Server-TLSv12-SNI-GetCertificate b/testdata/Server-TLSv12-SNI-GetCertificate
index 474ab1ab..b7756a3d 100644
--- a/testdata/Server-TLSv12-SNI-GetCertificate
+++ b/testdata/Server-TLSv12-SNI-GetCertificate
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 81 01 00 00  7d 03 03 02 34 82 a7 1a  |........}...4...|
-00000010  fe 81 b0 1c 2e df cc 04  2d f7 22 39 34 95 c7 c1  |........-."94...|
-00000020  b2 92 a2 d2 aa ca 57 0f  9c be b4 00 00 04 00 2f  |......W......../|
+00000000  16 03 01 00 81 01 00 00  7d 03 03 37 94 a0 f3 65  |........}..7...e|
+00000010  7b 07 88 ab 9f 29 dd 9a  56 a8 27 84 75 29 4f 24  |{....)..V.'.u)O$|
+00000020  ce a2 ef 9b 34 ff 69 06  4c c8 e5 00 00 04 00 2f  |....4.i.L....../|
 00000030  00 ff 01 00 00 50 00 00  00 10 00 0e 00 00 0b 73  |.....P.........s|
 00000040  6e 69 74 65 73 74 2e 63  6f 6d 00 16 00 00 00 17  |nitest.com......|
 00000050  00 00 00 0d 00 30 00 2e  04 03 05 03 06 03 08 07  |.....0..........|
@@ -9,75 +9,75 @@
 00000070  05 01 06 01 03 03 02 03  03 01 02 01 03 02 02 02  |................|
 00000080  04 02 05 02 06 02                                 |......|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
+00000000  16 03 03 00 39 02 00 00  35 03 03 00 00 00 00 00  |....9...5.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 00 2f 00 00  |...DOWNGRD.../..|
-00000030  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
-00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
-00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
-00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
-00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
-00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
-00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
-000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
-000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
-000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
-000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
-000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
-000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
-00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
-00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
-00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
-00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
-00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
-00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
-00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
-00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
-00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
-00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
-000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
-000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
-000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
-000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
-000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
-000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
-00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
-00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
-00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
-00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
-00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
-00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
-00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
-00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
-00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 04 0e 00 00  |.\!.;...........|
-000002a0  00                                                |.|
+00000030  0d ff 01 00 01 00 00 17  00 00 00 00 00 00 16 03  |................|
+00000040  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
+00000050  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
+00000060  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
+00000070  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
+00000080  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
+00000090  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
+000000a0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
+000000b0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
+000000c0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
+000000d0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
+000000e0  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
+000000f0  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
+00000100  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
+00000110  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
+00000120  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
+00000130  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
+00000140  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
+00000150  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
+00000160  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
+00000170  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
+00000180  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
+00000190  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
+000001a0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
+000001b0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
+000001c0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
+000001d0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
+000001e0  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
+000001f0  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
+00000200  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
+00000210  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
+00000220  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
+00000230  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
+00000240  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
+00000250  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
+00000260  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
+00000270  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
+00000280  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
+00000290  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
+000002a0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 d9 90 3c 11 be  |.............<..|
-00000010  f3 48 de f0 8f 9e 12 ca  e0 ab 86 e0 7e e7 8b ea  |.H..........~...|
-00000020  1a 76 3e 65 8d 7a d6 1c  72 2a f7 1e aa 0a 12 8f  |.v>e.z..r*......|
-00000030  54 ac 33 95 9d 00 a9 a6  94 54 7b 6a d9 e3 f4 67  |T.3......T{j...g|
-00000040  a6 d3 b1 c1 5d 86 51 aa  63 67 6b 6e cb 3b 5e 59  |....].Q.cgkn.;^Y|
-00000050  02 c2 57 fd 37 39 1b 73  9a 61 b0 78 de e8 cc f8  |..W.79.s.a.x....|
-00000060  b3 01 11 e5 e9 31 85 4d  fe 60 d4 12 70 71 64 45  |.....1.M.`..pqdE|
-00000070  e8 7d fb be 5b 82 c0 c4  e1 57 09 2c f2 d7 a3 79  |.}..[....W.,...y|
-00000080  1c 40 08 e1 e6 cd e2 3e  e7 55 da 14 03 03 00 01  |.@.....>.U......|
-00000090  01 16 03 03 00 40 29 9e  b7 cf 5e 7c e9 40 91 5f  |.....@)...^|.@._|
-000000a0  b6 12 d4 42 ec 6a bc 03  d9 fa e4 d8 bf c7 2c c5  |...B.j........,.|
-000000b0  52 74 17 77 b1 aa 13 87  f0 81 da 0d ca 7f d9 ca  |Rt.w............|
-000000c0  18 46 55 62 3f 90 21 60  fa 85 8c 80 6b 23 45 e7  |.FUb?.!`....k#E.|
-000000d0  0b 6e 8c e2 c3 f6                                 |.n....|
+00000000  16 03 03 00 86 10 00 00  82 00 80 1f fb a2 ec cf  |................|
+00000010  39 a3 cd db ee 86 8e 22  91 e1 47 5b ac 3b c0 f6  |9......"..G[.;..|
+00000020  37 0f d0 b6 19 c5 a4 4c  1a 8f 8b 67 8a 20 0e 06  |7......L...g. ..|
+00000030  6a 25 d9 13 58 37 cb dc  9b 3a 0f 9d 12 02 45 3f  |j%..X7...:....E?|
+00000040  2d 51 f5 cd 9f 45 be 5e  f9 af 13 53 c2 15 a6 ca  |-Q...E.^...S....|
+00000050  8a cb 27 e0 d1 23 7a 19  06 26 d6 86 de 76 e7 9c  |..'..#z..&...v..|
+00000060  eb f8 15 1d 85 3f be 38  c4 bc 48 c3 74 d4 10 9b  |.....?.8..H.t...|
+00000070  9e 97 4c 1c 56 18 9d 65  1c be 33 3c 4c 90 e0 e4  |..L.V..e..3<L...|
+00000080  28 7e d3 ed 2e 88 0c df  0e 2d d9 14 03 03 00 01  |(~.......-......|
+00000090  01 16 03 03 00 40 d6 d8  b3 f2 b8 46 5f 86 69 fa  |.....@.....F_.i.|
+000000a0  66 1a c5 d8 d8 28 35 54  dd c9 1a b6 25 3e dc 5d  |f....(5T....%>.]|
+000000b0  3e c1 c2 0c c5 20 eb 76  e1 14 16 95 9c 56 10 67  |>.... .v.....V.g|
+000000c0  02 61 2f a6 af 01 b3 64  73 4a 80 53 4a 94 b3 a0  |.a/....dsJ.SJ...|
+000000d0  ee b5 95 b6 6a 20                                 |....j |
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 ee 8d 0f cd 15  |................|
-00000020  db b4 cd 25 27 b6 7e 9b  82 91 2f 01 e1 4f f9 0c  |...%'.~.../..O..|
-00000030  68 4c bf 26 2b 4b 49 f5  0a 67 8a 4f 12 35 37 75  |hL.&+KI..g.O.57u|
-00000040  16 fe cc 26 35 66 60 8c  ed 42 40 17 03 03 00 40  |...&5f`..B@....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 0e 0d f6 1c 84  |................|
+00000020  d7 1a 4b 45 a1 9b e1 22  78 31 89 0c 4d f3 5b b8  |..KE..."x1..M.[.|
+00000030  41 22 4f b2 aa 99 9e 5c  7c ff 2d ca db 32 01 eb  |A"O....\|.-..2..|
+00000040  55 2a f4 66 58 4a c2 fd  9f e5 7e 17 03 03 00 40  |U*.fXJ....~....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  f5 7a ee 53 aa 85 bb 81  c4 57 68 12 f1 40 4c 20  |.z.S.....Wh..@L |
-00000070  2a ff fc 6c dd 73 65 fc  41 e6 5b 96 6b 35 2f 8a  |*..l.se.A.[.k5/.|
-00000080  62 49 4a da f4 df 93 a0  ab e1 12 4d 8d 34 2c 6a  |bIJ........M.4,j|
+00000060  6c e0 c3 a0 c9 bd 12 83  58 56 e7 f4 cf 31 8f 1d  |l.......XV...1..|
+00000070  02 17 ce 2b 24 1c 2f 04  11 cc b2 15 38 62 d2 7d  |...+$./.....8b.}|
+00000080  1b 75 bc 20 a6 3a 65 48  2e 47 14 17 19 51 aa 71  |.u. .:eH.G...Q.q|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 1c 08 e5  52 29 79 d6 15 07 10 44  |........R)y....D|
-000000b0  95 07 07 cb 3b 2b 37 2f  e3 dc 17 f9 27 b6 5d 44  |....;+7/....'.]D|
-000000c0  d0 30 4b 2e 21                                    |.0K.!|
+000000a0  00 00 00 00 00 34 81 ed  3f e0 b9 5d 01 6e d7 e8  |.....4..?..].n..|
+000000b0  45 9f 2c 93 27 28 11 34  b4 a9 32 d5 97 9f ea 05  |E.,.'(.4..2.....|
+000000c0  39 90 90 dc e5                                    |9....|
diff --git a/testdata/Server-TLSv12-SNI-GetCertificateNotFound b/testdata/Server-TLSv12-SNI-GetCertificateNotFound
index 0c06ce98..975b9fbe 100644
--- a/testdata/Server-TLSv12-SNI-GetCertificateNotFound
+++ b/testdata/Server-TLSv12-SNI-GetCertificateNotFound
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 81 01 00 00  7d 03 03 77 e7 c3 97 fa  |........}..w....|
-00000010  59 80 de d1 f5 9f ce e5  a5 38 60 2c 30 b2 64 5b  |Y........8`,0.d[|
-00000020  6c 0a 56 49 1d 6f 19 57  5a ac 05 00 00 04 00 2f  |l.VI.o.WZ....../|
+00000000  16 03 01 00 81 01 00 00  7d 03 03 7a 13 72 a9 8d  |........}..z.r..|
+00000010  6d 7e 8e 9c ba c1 9d 5c  09 87 9e 2f 7b e1 ba 39  |m~.....\.../{..9|
+00000020  f8 ee fd 1c a7 08 61 73  b9 d7 be 00 00 04 00 2f  |......as......./|
 00000030  00 ff 01 00 00 50 00 00  00 10 00 0e 00 00 0b 73  |.....P.........s|
 00000040  6e 69 74 65 73 74 2e 63  6f 6d 00 16 00 00 00 17  |nitest.com......|
 00000050  00 00 00 0d 00 30 00 2e  04 03 05 03 06 03 08 07  |.....0..........|
@@ -9,75 +9,75 @@
 00000070  05 01 06 01 03 03 02 03  03 01 02 01 03 02 02 02  |................|
 00000080  04 02 05 02 06 02                                 |......|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
+00000000  16 03 03 00 39 02 00 00  35 03 03 00 00 00 00 00  |....9...5.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 00 2f 00 00  |...DOWNGRD.../..|
-00000030  09 ff 01 00 01 00 00 17  00 00 16 03 03 02 59 0b  |..............Y.|
-00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
-00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
-00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
-00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
-00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
-00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
-000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
-000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
-000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
-000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
-000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
-000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
-00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
-00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
-00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
-00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
-00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
-00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
-00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
-00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
-00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
-00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
-000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
-000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
-000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
-000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
-000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
-000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
-00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
-00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
-00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
-00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
-00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
-00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
-00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
-00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
-00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 04 0e 00 00  |.\!.;...........|
-000002a0  00                                                |.|
+00000030  0d ff 01 00 01 00 00 17  00 00 00 00 00 00 16 03  |................|
+00000040  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
+00000050  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
+00000060  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
+00000070  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
+00000080  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
+00000090  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
+000000a0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
+000000b0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
+000000c0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
+000000d0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
+000000e0  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
+000000f0  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
+00000100  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
+00000110  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
+00000120  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
+00000130  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
+00000140  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
+00000150  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
+00000160  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
+00000170  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
+00000180  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
+00000190  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
+000001a0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
+000001b0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
+000001c0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
+000001d0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
+000001e0  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
+000001f0  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
+00000200  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
+00000210  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
+00000220  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
+00000230  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
+00000240  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
+00000250  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
+00000260  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
+00000270  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
+00000280  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
+00000290  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
+000002a0  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 67 0c a0 f8 da  |...........g....|
-00000010  2e d9 9e 9d ef c8 9b 77  f5 fe 25 32 74 49 1d a7  |.......w..%2tI..|
-00000020  7d 69 37 2a 94 07 5a 15  e8 f1 1d 36 25 ae 32 e4  |}i7*..Z....6%.2.|
-00000030  9c f5 35 fb 54 81 f2 19  4f 8d 6b 64 1a b2 a2 2e  |..5.T...O.kd....|
-00000040  c4 cb 5b 73 9d 46 97 01  33 d3 b8 a9 18 39 2c ad  |..[s.F..3....9,.|
-00000050  f2 eb 6b 02 38 44 f8 cf  ae ac a6 e6 54 92 29 ae  |..k.8D......T.).|
-00000060  a6 8a 4e 82 99 f3 77 8c  b6 3a a1 5c 4f 25 3b 7f  |..N...w..:.\O%;.|
-00000070  39 2f cd 51 dc e3 fc 7c  5a 5a 33 e4 af 43 d0 d3  |9/.Q...|ZZ3..C..|
-00000080  eb 3b 86 71 af 92 53 6e  02 b9 59 14 03 03 00 01  |.;.q..Sn..Y.....|
-00000090  01 16 03 03 00 40 8b e4  6f d3 88 e7 6a e9 aa f2  |.....@..o...j...|
-000000a0  4f 67 69 80 bc f1 78 ca  a9 f9 29 ce 44 93 81 46  |Ogi...x...).D..F|
-000000b0  0e 18 d1 2a 14 8b 3b b5  15 e4 b5 2a bb 88 d4 80  |...*..;....*....|
-000000c0  7b 2f 03 c7 83 7c 61 24  29 fe dd bc 49 8a b1 88  |{/...|a$)...I...|
-000000d0  41 ac 8a 12 f8 d6                                 |A.....|
+00000000  16 03 03 00 86 10 00 00  82 00 80 6a be 75 35 e3  |...........j.u5.|
+00000010  38 f9 8e b5 c3 64 bb 5f  95 95 5e 2c 6a 61 84 8d  |8....d._..^,ja..|
+00000020  aa 41 88 de 30 55 ba ae  38 48 e5 d9 19 fa ad 09  |.A..0U..8H......|
+00000030  94 16 93 df 08 4a a6 0b  0b 53 2a 2a 37 65 cb ed  |.....J...S**7e..|
+00000040  2c 07 6b 7d 99 6e 14 1d  9b de 60 e8 25 da 0d c5  |,.k}.n....`.%...|
+00000050  73 e5 a9 87 25 ce c7 8f  68 88 c5 68 14 ee ac 91  |s...%...h..h....|
+00000060  ab 44 fe 31 e0 b5 e1 cd  9b 56 b7 0a 5a d6 b3 54  |.D.1.....V..Z..T|
+00000070  9c aa 30 17 ea e2 8c b5  61 89 a7 b1 96 d6 25 0f  |..0.....a.....%.|
+00000080  30 91 ba 95 2e a8 c0 53  ad 18 e4 14 03 03 00 01  |0......S........|
+00000090  01 16 03 03 00 40 b1 5f  16 fb 6e 9d 3b 05 20 be  |.....@._..n.;. .|
+000000a0  19 0e 6d 74 c1 4a aa 00  db af 58 92 4a 83 f3 23  |..mt.J....X.J..#|
+000000b0  e2 6c 0f f2 00 08 0f fd  f4 f8 71 b3 c3 8e 8c 57  |.l........q....W|
+000000c0  db 98 ff d6 7c f9 26 0b  13 8c 83 36 32 9a 5a 58  |....|.&....62.ZX|
+000000d0  0a 41 7d 3f 30 c0                                 |.A}?0.|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 e7 d3 34 46 88  |.............4F.|
-00000020  0e 7f ae 5b d6 e5 70 d2  7d 99 25 1b 27 89 8a a4  |...[..p.}.%.'...|
-00000030  02 03 01 a4 e1 d6 72 af  c3 5a 55 f7 56 69 60 91  |......r..ZU.Vi`.|
-00000040  49 29 68 36 99 e5 09 ac  7a e3 4f 17 03 03 00 40  |I)h6....z.O....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 88 5b 28 f3 14  |............[(..|
+00000020  18 d4 cd f1 1b b8 4b 47  50 0c 76 07 8a f9 ad 9d  |......KGP.v.....|
+00000030  ba 87 e7 69 cf 47 d7 79  2f 45 55 74 e8 2a 8f d3  |...i.G.y/EUt.*..|
+00000040  02 10 ee d8 80 a0 36 9a  5b 70 4d 17 03 03 00 40  |......6.[pM....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  71 d0 36 7d 2c 3b 40 e3  a9 3f c1 d0 5e 3a ee d2  |q.6},;@..?..^:..|
-00000070  4d 0d b7 f4 83 3e 75 e0  ed 8a fc b2 9b ed 98 a8  |M....>u.........|
-00000080  ec 49 65 83 53 e0 79 52  03 2b 78 8a 64 3e 4c 5e  |.Ie.S.yR.+x.d>L^|
+00000060  43 e0 95 80 4c ce 68 fb  8c ad a8 77 99 d7 53 7f  |C...L.h....w..S.|
+00000070  b7 bf 03 59 23 f1 b4 3c  d8 db 38 f4 b5 9b f5 3f  |...Y#..<..8....?|
+00000080  12 b6 f3 2a f5 f8 66 57  0c 03 7b 00 16 01 8a 70  |...*..fW..{....p|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 76 38 c3  3d 86 d8 58 f2 16 48 94  |.....v8.=..X..H.|
-000000b0  46 65 ea 80 46 74 fe 66  7c 72 99 30 b3 05 08 14  |Fe..Ft.f|r.0....|
-000000c0  19 e3 ee 6f cf                                    |...o.|
+000000a0  00 00 00 00 00 3a fa 64  7c f3 25 08 c6 06 fb 02  |.....:.d|.%.....|
+000000b0  ce a0 97 81 c9 ea 53 fc  cf 39 b9 8a f7 0c df 2f  |......S..9...../|
+000000c0  5f 56 62 78 86                                    |_Vbx.|

From 1cd2e41087089ebb8525df0ec21521d4c943e9dd Mon Sep 17 00:00:00 2001
From: qmuntal <quimmuntal@gmail.com>
Date: Mon, 21 Jul 2025 09:34:13 +0200
Subject: [PATCH 55/95] crypto/tls: use standard chacha20-poly1305 cipher suite
 names

The different chacha20-poly1305 cipher suites were renamed to
include the _SHA256 suffix, which is the canonical naming convention.

The occurrences of the old names were still not updated, which can lead
to confusion when searching for the canonical names in the codebase.

Change-Id: I4f90e9cbedc3552c3481c8b0c616b6f915ddd345
Reviewed-on: https://go-review.googlesource.com/c/go/+/689135
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 cipher_suites.go         |  8 ++++----
 handshake_client_test.go |  4 ++--
 handshake_server_test.go | 44 ++++++++++++++++++++--------------------
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/cipher_suites.go b/cipher_suites.go
index 2a96fa69..6ed63ccc 100644
--- a/cipher_suites.go
+++ b/cipher_suites.go
@@ -149,8 +149,8 @@ type cipherSuite struct {
 }
 
 var cipherSuites = []*cipherSuite{ // TODO: replace with a map, since the order doesn't matter.
-	{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
-	{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
+	{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
+	{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
 	{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM},
 	{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteTLS12, nil, nil, aeadAESGCM},
 	{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
@@ -284,7 +284,7 @@ var cipherSuitesPreferenceOrder = []uint16{
 	// AEADs w/ ECDHE
 	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 
 	// CBC w/ ECDHE
 	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@@ -313,7 +313,7 @@ var cipherSuitesPreferenceOrder = []uint16{
 
 var cipherSuitesPreferenceOrderNoAES = []uint16{
 	// ChaCha20Poly1305
-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 
 	// AES-GCM w/ ECDHE
 	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
diff --git a/handshake_client_test.go b/handshake_client_test.go
index 6118711a..9c94016f 100644
--- a/handshake_client_test.go
+++ b/handshake_client_test.go
@@ -638,7 +638,7 @@ func TestHandshakeClientHelloRetryRequest(t *testing.T) {
 
 func TestHandshakeClientECDHERSAChaCha20(t *testing.T) {
 	config := testConfig.Clone()
-	config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305}
+	config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}
 
 	test := &clientTest{
 		name:   "ECDHE-RSA-CHACHA20-POLY1305",
@@ -651,7 +651,7 @@ func TestHandshakeClientECDHERSAChaCha20(t *testing.T) {
 
 func TestHandshakeClientECDHEECDSAChaCha20(t *testing.T) {
 	config := testConfig.Clone()
-	config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305}
+	config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}
 
 	test := &clientTest{
 		name:   "ECDHE-ECDSA-CHACHA20-POLY1305",
diff --git a/handshake_server_test.go b/handshake_server_test.go
index a6d64a50..4df3f5a7 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -1379,31 +1379,31 @@ func BenchmarkHandshakeServer(b *testing.B) {
 	})
 	b.Run("ECDHE-P256-RSA", func(b *testing.B) {
 		b.Run("TLSv13", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				CurveP256, testRSACertificate, testRSAPrivateKey)
 		})
 		b.Run("TLSv12", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				CurveP256, testRSACertificate, testRSAPrivateKey)
 		})
 	})
 	b.Run("ECDHE-P256-ECDSA-P256", func(b *testing.B) {
 		b.Run("TLSv13", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 				CurveP256, testP256Certificate, testP256PrivateKey)
 		})
 		b.Run("TLSv12", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 				CurveP256, testP256Certificate, testP256PrivateKey)
 		})
 	})
 	b.Run("ECDHE-X25519-ECDSA-P256", func(b *testing.B) {
 		b.Run("TLSv13", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 				X25519, testP256Certificate, testP256PrivateKey)
 		})
 		b.Run("TLSv12", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 				X25519, testP256Certificate, testP256PrivateKey)
 		})
 	})
@@ -1412,11 +1412,11 @@ func BenchmarkHandshakeServer(b *testing.B) {
 			b.Fatal("test ECDSA key doesn't use curve P-521")
 		}
 		b.Run("TLSv13", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 				CurveP521, testECDSACertificate, testECDSAPrivateKey)
 		})
 		b.Run("TLSv12", func(b *testing.B) {
-			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			benchmarkHandshakeServer(b, VersionTLS12, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 				CurveP521, testECDSACertificate, testECDSAPrivateKey)
 		})
 	})
@@ -1792,28 +1792,28 @@ func TestAESCipherReordering(t *testing.T) {
 		{
 			name: "server has hardware AES, client doesn't (pick ChaCha)",
 			clientCiphers: []uint16{
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
 			serverHasAESGCM: true,
-			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 		},
 		{
 			name: "client prefers AES-GCM, server doesn't have hardware AES (pick ChaCha)",
 			clientCiphers: []uint16{
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
 			serverHasAESGCM: false,
-			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 		},
 		{
 			name: "client prefers AES-GCM, server has hardware AES (pick AES-GCM)",
 			clientCiphers: []uint16{
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
 			serverHasAESGCM: true,
@@ -1824,7 +1824,7 @@ func TestAESCipherReordering(t *testing.T) {
 			clientCiphers: []uint16{
 				0x0A0A, // GREASE value
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
 			serverHasAESGCM: true,
@@ -1845,27 +1845,27 @@ func TestAESCipherReordering(t *testing.T) {
 			clientCiphers: []uint16{
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 			},
 			serverHasAESGCM: false,
-			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 		},
 		{
 			name: "client prefers AES-GCM over ChaCha and sends GREASE, server doesn't have hardware AES (pick ChaCha)",
 			clientCiphers: []uint16{
 				0x0A0A, // GREASE value
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
 			serverHasAESGCM: false,
-			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			expectedCipher:  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 		},
 		{
 			name: "client supports multiple AES-GCM, server doesn't have hardware AES and doesn't support ChaCha (AES-GCM)",
 			clientCiphers: []uint16{
 				TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 			},
 			serverHasAESGCM: false,
@@ -1879,14 +1879,14 @@ func TestAESCipherReordering(t *testing.T) {
 			name: "client prefers AES-GCM, server has hardware but doesn't support AES (pick ChaCha)",
 			clientCiphers: []uint16{
 				TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 				TLS_RSA_WITH_AES_128_CBC_SHA,
 			},
 			serverHasAESGCM: true,
 			serverCiphers: []uint16{
-				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 			},
-			expectedCipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			expectedCipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 		},
 	}
 

From ab8a9f15728c8e4eadaffcf3b716e41533135c01 Mon Sep 17 00:00:00 2001
From: "Audi P. R. Putra" <doelaudi@gmail.com>
Date: Sat, 16 Sep 2023 01:23:51 +0700
Subject: [PATCH 56/95] crypto/tls: check if quic conn can send session ticket

On SendSessionTicket, returns nil if SessionTicketsDisabled is disabled in config.

Fixes #62032

Change-Id: Id0c89e2e6fb0805bbf108bb0cafdabdfbaf3897f
Reviewed-on: https://go-review.googlesource.com/c/go/+/528755
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
---
 quic.go      |  3 +++
 quic_test.go | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/quic.go b/quic.go
index ba8a235d..ed70100d 100644
--- a/quic.go
+++ b/quic.go
@@ -302,6 +302,9 @@ type QUICSessionTicketOptions struct {
 // Currently, it can only be called once.
 func (q *QUICConn) SendSessionTicket(opts QUICSessionTicketOptions) error {
 	c := q.conn
+	if c.config.SessionTicketsDisabled {
+		return nil
+	}
 	if !c.isHandshakeComplete.Load() {
 		return quicError(errors.New("tls: SendSessionTicket called before handshake completed"))
 	}
diff --git a/quic_test.go b/quic_test.go
index 51cd4ef7..f6e8c55d 100644
--- a/quic_test.go
+++ b/quic_test.go
@@ -231,6 +231,18 @@ func TestQUICSessionResumption(t *testing.T) {
 	if !cli2.conn.ConnectionState().DidResume {
 		t.Errorf("second connection did not use session resumption")
 	}
+
+	clientConfig.TLSConfig.SessionTicketsDisabled = true
+	cli3 := newTestQUICClient(t, clientConfig)
+	cli3.conn.SetTransportParameters(nil)
+	srv3 := newTestQUICServer(t, serverConfig)
+	srv3.conn.SetTransportParameters(nil)
+	if err := runTestQUICConnection(context.Background(), cli3, srv3, nil); err != nil {
+		t.Fatalf("error during third connection handshake: %v", err)
+	}
+	if cli3.conn.ConnectionState().DidResume {
+		t.Errorf("third connection unexpectedly used session resumption")
+	}
 }
 
 func TestQUICFragmentaryData(t *testing.T) {

From 5c4870e56a7e4b7195fea0e907ff11abf60de0bc Mon Sep 17 00:00:00 2001
From: guoguangwu <guoguangwug@gmail.com>
Date: Thu, 21 Aug 2025 01:40:55 +0000
Subject: [PATCH 57/95] crypto/tls: fix quic comment typo

Change-Id: Ibd6b8d10ecac3cdea33de1218d516b7425443313
GitHub-Last-Rev: 3d5568ba087be71f21cf816c5edd9b8b8c629865
GitHub-Pull-Request: golang/go#75092
Reviewed-on: https://go-review.googlesource.com/c/go/+/697575
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
---
 quic.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/quic.go b/quic.go
index ed70100d..3be479eb 100644
--- a/quic.go
+++ b/quic.go
@@ -221,7 +221,7 @@ func (q *QUICConn) NextEvent() QUICEvent {
 	qs := q.conn.quic
 	if last := qs.nextEvent - 1; last >= 0 && len(qs.events[last].Data) > 0 {
 		// Write over some of the previous event's data,
-		// to catch callers erroniously retaining it.
+		// to catch callers erroneously retaining it.
 		qs.events[last].Data[0] = 0
 	}
 	if qs.nextEvent >= len(qs.events) && qs.waitingForDrain {

From 41b12600ccb516f829d1b4ed75ebe99d402a1fd9 Mon Sep 17 00:00:00 2001
From: qmuntal <quimmuntal@gmail.com>
Date: Fri, 20 Jun 2025 14:28:56 +0200
Subject: [PATCH 58/95] crypto/tls: use hash.Cloner

A hash object needs to be cloned when doing certain steps in a
TLS 1.3 server handshake. It is more efficient to use the
hash.Cloner interface to clone a hash than to encode and decode
the hash object using the binary encoding interfaces.

We still need to support the binary encoding path in case the
hash objects come from the fips140 v1.0.0 module, given that
this module doesn't support the hash.Cloner interface.

Change-Id: I8425e14e481dcefafc9aa1e5bfd63b61c22675ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/682597
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_server_tls13.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 501bdeb6..dbbdb5d6 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -468,10 +468,17 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 	return nil
 }
 
-// cloneHash uses the encoding.BinaryMarshaler and encoding.BinaryUnmarshaler
+// cloneHash uses [hash.Cloner] to clone in. If [hash.Cloner]
+// is not implemented or not supported, then it falls back to the
+// [encoding.BinaryMarshaler] and [encoding.BinaryUnmarshaler]
 // interfaces implemented by standard library hashes to clone the state of in
 // to a new instance of h. It returns nil if the operation fails.
 func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash {
+	if cloner, ok := in.(hash.Cloner); ok {
+		if out, err := cloner.Clone(); err == nil {
+			return out
+		}
+	}
 	// Recreate the interface to avoid importing encoding.
 	type binaryMarshaler interface {
 		MarshalBinary() (data []byte, err error)

From 9f685493653fec6ccfeedc8a1441ac6895ac1eb0 Mon Sep 17 00:00:00 2001
From: database64128 <free122448@hotmail.com>
Date: Fri, 29 Aug 2025 17:52:54 +0800
Subject: [PATCH 59/95] crypto/tls: use context.AfterFunc in handshakeContext

This saves a goroutine when ctx can be canceled but is not canceled
during the handshakeContext call.

Use ctx consistently, because in this path (c.quic == nil) handshakeCtx
will only be canceled when ctx is canceled.

Change-Id: I7f4565119f30d589dce026b0d7ef3c324220525a
Reviewed-on: https://go-review.googlesource.com/c/go/+/699895
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 conn.go | 28 +++++++---------------------
 1 file changed, 7 insertions(+), 21 deletions(-)

diff --git a/conn.go b/conn.go
index b36fcaa6..d4d68c07 100644
--- a/conn.go
+++ b/conn.go
@@ -1524,7 +1524,7 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
 	}
 
 	handshakeCtx, cancel := context.WithCancel(ctx)
-	// Note: defer this before starting the "interrupter" goroutine
+	// Note: defer this before calling context.AfterFunc
 	// so that we can tell the difference between the input being canceled and
 	// this cancellation. In the former case, we need to close the connection.
 	defer cancel()
@@ -1533,28 +1533,14 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
 		c.quic.cancelc = handshakeCtx.Done()
 		c.quic.cancel = cancel
 	} else if ctx.Done() != nil {
-		// Start the "interrupter" goroutine, if this context might be canceled.
-		// (The background context cannot).
-		//
-		// The interrupter goroutine waits for the input context to be done and
-		// closes the connection if this happens before the function returns.
-		done := make(chan struct{})
-		interruptRes := make(chan error, 1)
+		// Close the connection if ctx is canceled before the function returns.
+		stop := context.AfterFunc(ctx, func() {
+			_ = c.conn.Close()
+		})
 		defer func() {
-			close(done)
-			if ctxErr := <-interruptRes; ctxErr != nil {
+			if !stop() {
 				// Return context error to user.
-				ret = ctxErr
-			}
-		}()
-		go func() {
-			select {
-			case <-handshakeCtx.Done():
-				// Close the connection, discarding the error
-				_ = c.conn.Close()
-				interruptRes <- handshakeCtx.Err()
-			case <-done:
-				interruptRes <- nil
+				ret = ctx.Err()
 			}
 		}()
 	}

From 2b90a7018b2604089cdfc0655ae60f52a6aa13f3 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Wed, 17 Sep 2025 17:57:27 -0700
Subject: [PATCH 60/95] crypto: use clear built-in

Replace for loops with clear built-in, available since Go 1.21.

Change-Id: I16a2691a68042e9c5cd9bc4197690fa541a081eb
Reviewed-on: https://go-review.googlesource.com/c/go/+/704877
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 conn.go                  | 8 ++------
 handshake_server_test.go | 4 +---
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/conn.go b/conn.go
index d4d68c07..09dc9ea9 100644
--- a/conn.go
+++ b/conn.go
@@ -220,9 +220,7 @@ func (hc *halfConn) changeCipherSpec() error {
 	hc.mac = hc.nextMac
 	hc.nextCipher = nil
 	hc.nextMac = nil
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
+	clear(hc.seq[:])
 	return nil
 }
 
@@ -231,9 +229,7 @@ func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, level QUICEncrypti
 	hc.level = level
 	key, iv := suite.trafficKey(secret)
 	hc.cipher = suite.aead(key, iv)
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
+	clear(hc.seq[:])
 }
 
 // incSeq increments the sequence number.
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 4df3f5a7..941f2a33 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -1590,9 +1590,7 @@ var getConfigForClientTests = []struct {
 		},
 		func(clientHello *ClientHelloInfo) (*Config, error) {
 			config := testConfig.Clone()
-			for i := range config.SessionTicketKey {
-				config.SessionTicketKey[i] = 0
-			}
+			clear(config.SessionTicketKey[:])
 			config.sessionTicketKeys = nil
 			return config, nil
 		},

From 4ed945213dc5aa3db0054f321f9a2cfc04064c9e Mon Sep 17 00:00:00 2001
From: AN Long <aisk1988@gmail.com>
Date: Thu, 25 Sep 2025 23:38:19 +0900
Subject: [PATCH 61/95] all:  fix typos

Change-Id: I290812905b6b5c52f289f7f8524f93aef19e6efe
Reviewed-on: https://go-review.googlesource.com/c/go/+/706775
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
---
 handshake_server_tls13.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index dbbdb5d6..c5b0552c 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -35,7 +35,7 @@ type echServerContext struct {
 	configID    uint8
 	ciphersuite echCipher
 	transcript  hash.Hash
-	// inner indicates that the initial client_hello we recieved contained an
+	// inner indicates that the initial client_hello we received contained an
 	// encrypted_client_hello extension that indicated it was an "inner" hello.
 	// We don't do any additional processing of the hello in this case, so all
 	// fields above are unset.

From dbcf3690ee77b57d3e74837c389b96dd1bb28ffc Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 29 Sep 2025 10:11:56 -0700
Subject: [PATCH 62/95] crypto/tls: quote protocols in ALPN error message

Quote the protocols sent by the client when returning the ALPN
negotiation error message.

Fixes CVE-2025-58189
Fixes #75652

Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330
Reviewed-on: https://go-review.googlesource.com/c/go/+/707776
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
TryBot-Bypass: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---
 handshake_server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handshake_server.go b/handshake_server.go
index 1e0b5f06..088c66fa 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -357,7 +357,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro
 	if http11fallback {
 		return "", nil
 	}
-	return "", fmt.Errorf("tls: client requested unsupported application protocols (%s)", clientProtos)
+	return "", fmt.Errorf("tls: client requested unsupported application protocols (%q)", clientProtos)
 }
 
 // supportsECDHE returns whether ECDHE key exchanges can be used with this

From f87d949a5d7800667dbe8ae4c4b9ff2f66ae740a Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 29 Sep 2025 14:31:38 -0400
Subject: [PATCH 63/95] crypto/tls: rm marshalEncryptedClientHelloConfigList
 dead code

This package internal function has no call sites.

Change-Id: I262058199fd2f387ef3b5e21099421720cc5413e
Reviewed-on: https://go-review.googlesource.com/c/go/+/707815
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 ech.go | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/ech.go b/ech.go
index 76727a89..d3472d8d 100644
--- a/ech.go
+++ b/ech.go
@@ -568,16 +568,6 @@ func parseECHExt(ext []byte) (echType echExtType, cs echCipher, configID uint8,
 	return echType, cs, configID, bytes.Clone(encap), bytes.Clone(payload), nil
 }
 
-func marshalEncryptedClientHelloConfigList(configs []EncryptedClientHelloKey) ([]byte, error) {
-	builder := cryptobyte.NewBuilder(nil)
-	builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) {
-		for _, c := range configs {
-			builder.AddBytes(c.Config)
-		}
-	})
-	return builder.Bytes()
-}
-
 func (c *Conn) processECHClientHello(outer *clientHelloMsg, echKeys []EncryptedClientHelloKey) (*clientHelloMsg, *echServerContext, error) {
 	echType, echCiphersuite, configID, encap, payload, err := parseECHExt(outer.encryptedClientHello)
 	if err != nil {

From 1aff74d9b3b4ccb6508a74d4a85e7d84980f64b3 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 30 Jun 2025 12:45:36 -0400
Subject: [PATCH 64/95] crypto/tls: add flag to render HTML BoGo report

Updates the BoGo test runner to add a `-bogo-html-report` flag. When
provided, an HTML report is written to the flag argument path. The
report shows the fail/pass/skip status of run tests and allows
sorting/searching the output.

Change-Id: I8c704a51fbb03500f4134ebfaba06248baa3ca2f
Reviewed-on: https://go-review.googlesource.com/c/go/+/684955
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Commit-Queue: Carlos Amedee <carlos@golang.org>
---
 bogo_shim_test.go | 152 +++++++++++++++++++++++++++++++++++++++++++++-
 handshake_test.go |   1 +
 2 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 7cab568d..f3f19b34 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -13,6 +13,7 @@ import (
 	"encoding/pem"
 	"flag"
 	"fmt"
+	"html/template"
 	"internal/byteorder"
 	"internal/testenv"
 	"io"
@@ -25,10 +26,13 @@ import (
 	"strconv"
 	"strings"
 	"testing"
+	"time"
 
 	"golang.org/x/crypto/cryptobyte"
 )
 
+const boringsslModVer = "v0.0.0-20250620172916-f51d8b099832"
+
 var (
 	port   = flag.String("port", "", "")
 	server = flag.Bool("server", false, "")
@@ -557,7 +561,6 @@ func TestBogoSuite(t *testing.T) {
 	if *bogoLocalDir != "" {
 		bogoDir = *bogoLocalDir
 	} else {
-		const boringsslModVer = "v0.0.0-20250620172916-f51d8b099832"
 		bogoDir = cryptotest.FetchModule(t, "boringssl.googlesource.com/boringssl.git", boringsslModVer)
 	}
 
@@ -606,6 +609,12 @@ func TestBogoSuite(t *testing.T) {
 		t.Fatalf("failed to parse results JSON: %s", err)
 	}
 
+	if *bogoReport != "" {
+		if err := generateReport(results, *bogoReport); err != nil {
+			t.Fatalf("failed to generate report: %v", err)
+		}
+	}
+
 	// assertResults contains test results we want to make sure
 	// are present in the output. They are only checked if -bogo-filter
 	// was not passed.
@@ -655,6 +664,23 @@ func TestBogoSuite(t *testing.T) {
 	}
 }
 
+func generateReport(results bogoResults, outPath string) error {
+	data := reportData{
+		Results:   results,
+		Timestamp: time.Unix(int64(results.SecondsSinceEpoch), 0).Format("2006-01-02 15:04:05"),
+		Revision:  boringsslModVer,
+	}
+
+	tmpl := template.Must(template.New("report").Parse(reportTemplate))
+	file, err := os.Create(outPath)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	return tmpl.Execute(file, data)
+}
+
 // bogoResults is a copy of boringssl.googlesource.com/boringssl/testresults.Results
 type bogoResults struct {
 	Version           int            `json:"version"`
@@ -669,3 +695,127 @@ type bogoResults struct {
 		Error        string `json:"error,omitempty"`
 	} `json:"tests"`
 }
+
+type reportData struct {
+	Results     bogoResults
+	SkipReasons map[string]string
+	Timestamp   string
+	Revision    string
+}
+
+const reportTemplate = `
+<!DOCTYPE html>
+<html>
+<head>
+    <title>BoGo Results Report</title>
+    <style>
+        body { font-family: monospace; margin: 20px; }
+        .summary { background: #f5f5f5; padding: 10px; margin-bottom: 20px; }
+        .controls { margin-bottom: 10px; }
+        .controls input, select { margin-right: 10px; }
+        table { width: 100%; border-collapse: collapse; table-layout: fixed; }
+        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; vertical-align: top; }
+        th { background-color: #f2f2f2; cursor: pointer; }
+        .name-col { width: 30%; }
+        .status-col { width: 8%; }
+        .actual-col { width: 8%; }
+        .expected-col { width: 8%; }
+        .error-col { width: 26%; }
+        .PASS { background-color: #d4edda; }
+        .FAIL { background-color: #f8d7da; }
+        .SKIP { background-color: #fff3cd; }
+        .error {
+            font-family: monospace;
+            font-size: 0.9em;
+            color: #721c24;
+            white-space: pre-wrap;
+            word-break: break-word;
+        }
+    </style>
+</head>
+<body>
+<h1>BoGo Results Report</h1>
+
+<div class="summary">
+    <strong>Generated:</strong> {{.Timestamp}} | <strong>BoGo Revision:</strong> {{.Revision}}<br>
+    {{range $status, $count := .Results.NumFailuresByType}}
+    <strong>{{$status}}:</strong> {{$count}} |
+    {{end}}
+</div>
+
+<div class="controls">
+    <input type="text" id="search" placeholder="Search tests..." onkeyup="filterTests()">
+    <select id="statusFilter" onchange="filterTests()">
+        <option value="">All</option>
+        <option value="FAIL">Failed</option>
+        <option value="PASS">Passed</option>
+        <option value="SKIP">Skipped</option>
+    </select>
+</div>
+
+<table id="resultsTable">
+    <thead>
+    <tr>
+        <th class="name-col" onclick="sortBy('name')">Test Name</th>
+        <th class="status-col" onclick="sortBy('status')">Status</th>
+        <th class="actual-col" onclick="sortBy('actual')">Actual</th>
+        <th class="expected-col" onclick="sortBy('expected')">Expected</th>
+        <th class="error-col">Error</th>
+    </tr>
+    </thead>
+    <tbody>
+    {{range $name, $test := .Results.Tests}}
+    <tr class="{{$test.Actual}}" data-name="{{$name}}" data-status="{{$test.Actual}}">
+        <td>{{$name}}</td>
+        <td>{{$test.Actual}}</td>
+        <td>{{$test.Actual}}</td>
+        <td>{{$test.Expected}}</td>
+        <td class="error">{{$test.Error}}</td>
+    </tr>
+    {{end}}
+    </tbody>
+</table>
+
+<script>
+    function filterTests() {
+        const search = document.getElementById('search').value.toLowerCase();
+        const status = document.getElementById('statusFilter').value;
+        const rows = document.querySelectorAll('#resultsTable tbody tr');
+
+        rows.forEach(row => {
+            const name = row.dataset.name.toLowerCase();
+            const rowStatus = row.dataset.status;
+            const matchesSearch = name.includes(search);
+            const matchesStatus = !status || rowStatus === status;
+
+            row.style.display = matchesSearch && matchesStatus ? '' : 'none';
+        });
+    }
+
+    function sortBy(column) {
+        const tbody = document.querySelector('#resultsTable tbody');
+        const rows = Array.from(tbody.querySelectorAll('tr'));
+
+        rows.sort((a, b) => {
+            if (column === 'status') {
+                const statusOrder = {'FAIL': 0, 'PASS': 1, 'SKIP': 2};
+                const aStatus = a.dataset.status;
+                const bStatus = b.dataset.status;
+                if (aStatus !== bStatus) {
+                    return statusOrder[aStatus] - statusOrder[bStatus];
+                }
+                return a.dataset.name.localeCompare(b.dataset.name);
+            } else {
+                return a.dataset.name.localeCompare(b.dataset.name);
+            }
+        });
+
+        rows.forEach(row => tbody.appendChild(row));
+        filterTests();
+    }
+
+    sortBy("status");
+</script>
+</body>
+</html>
+`
diff --git a/handshake_test.go b/handshake_test.go
index ea8ac6fc..13f1bb1d 100644
--- a/handshake_test.go
+++ b/handshake_test.go
@@ -47,6 +47,7 @@ var (
 	bogoMode     = flag.Bool("bogo-mode", false, "Enabled bogo shim mode, ignore everything else")
 	bogoFilter   = flag.String("bogo-filter", "", "BoGo test filter")
 	bogoLocalDir = flag.String("bogo-local-dir", "", "Local BoGo to use, instead of fetching from source")
+	bogoReport   = flag.String("bogo-html-report", "", "File path to render an HTML report with BoGo results")
 )
 
 func runTestAndUpdateIfNeeded(t *testing.T, name string, run func(t *testing.T, update bool), wait bool) {

From b43bbcd1b196a634206027e2d11de4ddce59abf0 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 11 Jul 2025 10:42:22 -0400
Subject: [PATCH 65/95] crypto/tls: streamline BoGo testing w/ -bogo-local-dir

If -bogo-local-dir is provided but doesn't exist, populate it with a git
checkout of the BoringSSL repo at the correct SHA.

Without any -bogo-local-dir argument the BoGo TLS handshake test will
fetch the BoringSSL source at a specific SHA as a Go module in a r/o
module directory. When debugging, or extending BoGo coverage, it's
preferable to have a mutable local copy of BoGo that the test will
use.

The pre-existing -bogo-local-dir flag offered a way to use a checkout of
BoGo but it relied on the user fetching the correct repo & revision
manually ahead of time. This commit extends the test to automatically
invoke `git` to clone the repo into the provided local dir at the
correct SHA based on the boringsslModVer const if the local dir doesn't
exist.

This leaves the user ready to make changes in local BoGo dir to aid
debugging, or to upstream as CRs to BoringSSL, and prevents using an
incorrect SHA by mistake.

Updates #72006

Change-Id: I0451a3d35203878cdf02a7587e138c3cd60d15a9
Reviewed-on: https://go-review.googlesource.com/c/go/+/687475
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
---
 bogo_shim_test.go | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 handshake_test.go |  5 +++--
 2 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index f3f19b34..8f171d92 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -11,6 +11,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
+	"errors"
 	"flag"
 	"fmt"
 	"html/template"
@@ -541,6 +542,7 @@ func orderlyShutdown(tlsConn *Conn) {
 }
 
 func TestBogoSuite(t *testing.T) {
+	testenv.MustHaveGoBuild(t)
 	if testing.Short() {
 		t.Skip("skipping in short mode")
 	}
@@ -559,6 +561,7 @@ func TestBogoSuite(t *testing.T) {
 
 	var bogoDir string
 	if *bogoLocalDir != "" {
+		ensureLocalBogo(t, *bogoLocalDir)
 		bogoDir = *bogoLocalDir
 	} else {
 		bogoDir = cryptotest.FetchModule(t, "boringssl.googlesource.com/boringssl.git", boringsslModVer)
@@ -664,6 +667,49 @@ func TestBogoSuite(t *testing.T) {
 	}
 }
 
+// ensureLocalBogo fetches BoringSSL to localBogoDir at the correct revision
+// (from boringsslModVer) if localBogoDir doesn't already exist.
+//
+// If localBogoDir does exist, ensureLocalBogo fails the test if it isn't
+// a directory.
+func ensureLocalBogo(t *testing.T, localBogoDir string) {
+	t.Helper()
+
+	if stat, err := os.Stat(localBogoDir); err == nil {
+		if !stat.IsDir() {
+			t.Fatalf("local bogo dir (%q) exists but is not a directory", localBogoDir)
+		}
+
+		t.Logf("using local bogo checkout from %q", localBogoDir)
+		return
+	} else if !errors.Is(err, os.ErrNotExist) {
+		t.Fatalf("failed to stat local bogo dir (%q): %v", localBogoDir, err)
+	}
+
+	testenv.MustHaveExecPath(t, "git")
+
+	idx := strings.LastIndex(boringsslModVer, "-")
+	if idx == -1 || idx == len(boringsslModVer)-1 {
+		t.Fatalf("invalid boringsslModVer format: %q", boringsslModVer)
+	}
+	commitSHA := boringsslModVer[idx+1:]
+
+	t.Logf("cloning boringssl@%s to %q", commitSHA, localBogoDir)
+	cloneCmd := testenv.Command(t, "git", "clone", "--no-checkout", "https://boringssl.googlesource.com/boringssl", localBogoDir)
+	if err := cloneCmd.Run(); err != nil {
+		t.Fatalf("git clone failed: %v", err)
+	}
+
+	checkoutCmd := testenv.Command(t, "git", "checkout", commitSHA)
+	checkoutCmd.Dir = localBogoDir
+	if err := checkoutCmd.Run(); err != nil {
+		t.Fatalf("git checkout failed: %v", err)
+	}
+
+	t.Logf("using fresh local bogo checkout from %q", localBogoDir)
+	return
+}
+
 func generateReport(results bogoResults, outPath string) error {
 	data := reportData{
 		Results:   results,
diff --git a/handshake_test.go b/handshake_test.go
index 13f1bb1d..3e2c5663 100644
--- a/handshake_test.go
+++ b/handshake_test.go
@@ -46,8 +46,9 @@ var (
 	keyFile      = flag.String("keylog", "", "destination file for KeyLogWriter")
 	bogoMode     = flag.Bool("bogo-mode", false, "Enabled bogo shim mode, ignore everything else")
 	bogoFilter   = flag.String("bogo-filter", "", "BoGo test filter")
-	bogoLocalDir = flag.String("bogo-local-dir", "", "Local BoGo to use, instead of fetching from source")
-	bogoReport   = flag.String("bogo-html-report", "", "File path to render an HTML report with BoGo results")
+	bogoLocalDir = flag.String("bogo-local-dir", "",
+		"If not-present, checkout BoGo into this dir, or otherwise use it as a pre-existing checkout")
+	bogoReport = flag.String("bogo-html-report", "", "File path to render an HTML report with BoGo results")
 )
 
 func runTestAndUpdateIfNeeded(t *testing.T, name string, run func(t *testing.T, update bool), wait bool) {

From 24ab43a6d162aceda261bf1848fbbdb720685006 Mon Sep 17 00:00:00 2001
From: Julien Cretel <jub0bsinthecloud@gmail.com>
Date: Wed, 1 Oct 2025 20:08:18 +0000
Subject: [PATCH 66/95] all: replace calls to errors.As with errors.AsType

This change replaces most occurrences (in code as well as in comments) of
errors.As with errors.AsType. It leaves the errors package and vendored
code untouched.

Change-Id: I3bde73f318a0b408bdb8f5a251494af15a13118a
GitHub-Last-Rev: 8aaaa36a5a12d2a6a90c6d51680464e1a3115139
GitHub-Pull-Request: golang/go#75698
Reviewed-on: https://go-review.googlesource.com/c/go/+/708495
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 conn.go                  | 4 ++--
 handshake_server.go      | 5 ++---
 handshake_server_test.go | 3 +--
 quic.go                  | 7 +++----
 quic_test.go             | 3 +--
 5 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/conn.go b/conn.go
index 09dc9ea9..2de120a1 100644
--- a/conn.go
+++ b/conn.go
@@ -1578,9 +1578,9 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
 			// the handshake (RFC 9001, Section 5.7).
 			c.quicSetReadSecret(QUICEncryptionLevelApplication, c.cipherSuite, c.in.trafficSecret)
 		} else {
-			var a alert
 			c.out.Lock()
-			if !errors.As(c.out.err, &a) {
+			a, ok := errors.AsType[alert](c.out.err)
+			if !ok {
 				a = alertInternalError
 			}
 			c.out.Unlock()
diff --git a/handshake_server.go b/handshake_server.go
index 088c66fa..a2cf176a 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -965,10 +965,9 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 
 		chains, err := certs[0].Verify(opts)
 		if err != nil {
-			var errCertificateInvalid x509.CertificateInvalidError
-			if errors.As(err, &x509.UnknownAuthorityError{}) {
+			if _, ok := errors.AsType[x509.UnknownAuthorityError](err); ok {
 				c.sendAlert(alertUnknownCA)
-			} else if errors.As(err, &errCertificateInvalid) && errCertificateInvalid.Reason == x509.Expired {
+			} else if errCertificateInvalid, ok := errors.AsType[x509.CertificateInvalidError](err); ok && errCertificateInvalid.Reason == x509.Expired {
 				c.sendAlert(alertCertificateExpired)
 			} else {
 				c.sendAlert(alertBadCertificate)
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 941f2a33..43183db2 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -403,8 +403,7 @@ func TestAlertForwarding(t *testing.T) {
 
 	err := Server(s, testConfig).Handshake()
 	s.Close()
-	var opErr *net.OpError
-	if !errors.As(err, &opErr) || opErr.Err != error(alertUnknownCA) {
+	if opErr, ok := errors.AsType[*net.OpError](err); !ok || opErr.Err != error(alertUnknownCA) {
 		t.Errorf("Got error: %s; expected: %s", err, error(alertUnknownCA))
 	}
 }
diff --git a/quic.go b/quic.go
index 3be479eb..2ba2242b 100644
--- a/quic.go
+++ b/quic.go
@@ -362,12 +362,11 @@ func quicError(err error) error {
 	if err == nil {
 		return nil
 	}
-	var ae AlertError
-	if errors.As(err, &ae) {
+	if _, ok := errors.AsType[AlertError](err); ok {
 		return err
 	}
-	var a alert
-	if !errors.As(err, &a) {
+	a, ok := errors.AsType[alert](err)
+	if !ok {
 		a = alertInternalError
 	}
 	// Return an error wrapping the original error and an AlertError.
diff --git a/quic_test.go b/quic_test.go
index f6e8c55d..5f4b2b77 100644
--- a/quic_test.go
+++ b/quic_test.go
@@ -368,8 +368,7 @@ func TestQUICHandshakeError(t *testing.T) {
 	if !errors.Is(err, AlertError(alertBadCertificate)) {
 		t.Errorf("connection handshake terminated with error %q, want alertBadCertificate", err)
 	}
-	var e *CertificateVerificationError
-	if !errors.As(err, &e) {
+	if _, ok := errors.AsType[*CertificateVerificationError](err); !ok {
 		t.Errorf("connection handshake terminated with error %q, want CertificateVerificationError", err)
 	}
 }

From f7604eee31e56ccda30045db756d2705edfd60f6 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Tue, 14 Oct 2025 11:40:26 +0200
Subject: [PATCH 67/95] all: remove unnecessary loop variable copies in tests

Copying the loop variable is no longer necessary since Go 1.22.

Change-Id: Iebb21dac44a20ec200567f1d786f105a4ee4999d
Reviewed-on: https://go-review.googlesource.com/c/go/+/711640
Reviewed-by: Florian Lehner <lehner.florian86@gmail.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_client_test.go | 1 -
 tls_test.go              | 1 -
 2 files changed, 2 deletions(-)

diff --git a/handshake_client_test.go b/handshake_client_test.go
index 9c94016f..6020c0f0 100644
--- a/handshake_client_test.go
+++ b/handshake_client_test.go
@@ -2693,7 +2693,6 @@ func TestTLS13OnlyClientHelloCipherSuite(t *testing.T) {
 		},
 	}
 	for _, tt := range tls13Tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			testTLS13OnlyClientHelloCipherSuite(t, tt.ciphers)
diff --git a/tls_test.go b/tls_test.go
index bfcc62cc..6539009d 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -1880,7 +1880,6 @@ func testVerifyCertificates(t *testing.T, version uint16) {
 	rootCAs.AddCert(issuer)
 
 	for _, test := range tests {
-		test := test
 		t.Run(test.name, func(t *testing.T) {
 			t.Parallel()
 

From 2a4cbf126f13cc93332eb5415ef8a4566f0146ea Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 3 Nov 2025 13:00:37 -0500
Subject: [PATCH 68/95] crypto/tls: add BetterTLS test coverage

This commit adds test coverage of path building and name constraint
verification using the suite of test data provided by Netflix's
BetterTLS project.

Since the uncompressed raw JSON test data exported by BetterTLS for
external test integrations is ~31MB we use a similar approach to the
BoGo and ACVP test integrations and fetch the BetterTLS Go module, and
run its export tool on-the-fly to generate the test data in a tempdir.

As expected, all tests pass currently and this coverage is mainly
helpful in catching regressions, especially with tricky/cursed name
constraints.

Change-Id: I23d7c24232e314aece86bcbfd133b7f02c9e71b5
Reviewed-on: https://go-review.googlesource.com/c/go/+/717420
TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 bettertls_test.go | 230 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 230 insertions(+)
 create mode 100644 bettertls_test.go

diff --git a/bettertls_test.go b/bettertls_test.go
new file mode 100644
index 00000000..d1b06109
--- /dev/null
+++ b/bettertls_test.go
@@ -0,0 +1,230 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This test uses Netflix's BetterTLS test suite to test the crypto/x509
+// path building and name constraint validation.
+//
+// The test data in JSON form is around 31MB, so we fetch the BetterTLS
+// go module and use it to generate the JSON data on-the-fly in a tmp dir.
+//
+// For more information, see:
+// https://github.com/netflix/bettertls
+// https://netflixtechblog.com/bettertls-c9915cd255c0
+
+package tls_test
+
+import (
+	"crypto/internal/cryptotest"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"internal/testenv"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+// TestBetterTLS runs the "pathbuilding" and "nameconstraints" suites of
+// BetterTLS.
+//
+// The test cases in the pathbuilding suite are designed to test edge-cases
+// for path building and validation. In particular, the ["chain of pain"][0]
+// scenario where a validator treats path building as an operation with
+// a single possible outcome, instead of many.
+//
+// The test cases in the nameconstraints suite are designed to test edge-cases
+// for name constraint parsing and validation.
+//
+// [0]: https://medium.com/@sleevi_/path-building-vs-path-verifying-the-chain-of-pain-9fbab861d7d6
+func TestBetterTLS(t *testing.T) {
+	testenv.SkipIfShortAndSlow(t)
+
+	data, roots := testData(t)
+
+	for _, suite := range []string{"pathbuilding", "nameconstraints"} {
+		t.Run(suite, func(t *testing.T) {
+			runTestSuite(t, suite, &data, roots)
+		})
+	}
+}
+
+func runTestSuite(t *testing.T, suiteName string, data *betterTLS, roots *x509.CertPool) {
+	suite, exists := data.Suites[suiteName]
+	if !exists {
+		t.Fatalf("missing %s suite", suiteName)
+	}
+
+	t.Logf(
+		"running %s test suite with %d test cases",
+		suiteName, len(suite.TestCases))
+
+	for _, tc := range suite.TestCases {
+		t.Logf("testing %s test case %d", suiteName, tc.ID)
+
+		certsDER, err := tc.Certs()
+		if err != nil {
+			t.Fatalf(
+				"failed to decode certificates for test case %d: %v",
+				tc.ID, err)
+		}
+
+		if len(certsDER) == 0 {
+			t.Fatalf("test case %d has no certificates", tc.ID)
+		}
+
+		eeCert, err := x509.ParseCertificate(certsDER[0])
+		if err != nil {
+			// Several constraint test cases contain invalid end-entity
+			// certificate extensions that we reject ahead of verification
+			// time. We consider this a pass and skip further processing.
+			//
+			// For example, a SAN with a uniformResourceIdentifier general name
+			// containing the value `"http://foo.bar, DNS:test.localhost"`, or
+			// an iPAddress general name of the wrong length.
+			if suiteName == "nameconstraints" && tc.Expected == expectedReject {
+				t.Logf(
+					"skipping expected reject test case %d "+
+						"- end entity certificate parse error: %v",
+					tc.ID, err)
+				continue
+			}
+			t.Fatalf(
+				"failed to parse end entity certificate for test case %d: %v",
+				tc.ID, err)
+		}
+
+		intermediates := x509.NewCertPool()
+		for i, certDER := range certsDER[1:] {
+			cert, err := x509.ParseCertificate(certDER)
+			if err != nil {
+				t.Fatalf(
+					"failed to parse intermediate certificate %d for test case %d: %v",
+					i+1, tc.ID, err)
+			}
+			intermediates.AddCert(cert)
+		}
+
+		_, err = eeCert.Verify(x509.VerifyOptions{
+			Roots:         roots,
+			Intermediates: intermediates,
+			DNSName:       tc.Hostname,
+			KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		})
+
+		switch tc.Expected {
+		case expectedAccept:
+			if err != nil {
+				t.Errorf(
+					"test case %d failed: expected success, got error: %v",
+					tc.ID, err)
+			}
+		case expectedReject:
+			if err == nil {
+				t.Errorf(
+					"test case %d failed: expected failure, but verification succeeded",
+					tc.ID)
+			}
+		default:
+			t.Fatalf(
+				"test case %d failed: unknown expected result: %s",
+				tc.ID, tc.Expected)
+		}
+	}
+}
+
+func testData(t *testing.T) (betterTLS, *x509.CertPool) {
+	const (
+		bettertlsModule  = "github.com/Netflix/bettertls"
+		bettertlsVersion = "v0.0.0-20250909192348-e1e99e353074"
+	)
+
+	bettertlsDir := cryptotest.FetchModule(t, bettertlsModule, bettertlsVersion)
+
+	tempDir := t.TempDir()
+	testsJSONPath := filepath.Join(tempDir, "tests.json")
+
+	cmd := testenv.Command(t, testenv.GoToolPath(t),
+		"run", "./test-suites/cmd/bettertls",
+		"export-tests",
+		"--out", testsJSONPath)
+	cmd.Dir = bettertlsDir
+
+	t.Log("running bettertls export-tests command")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf(
+			"failed to run bettertls export-tests: %v\nOutput: %s",
+			err, output)
+	}
+
+	jsonData, err := os.ReadFile(testsJSONPath)
+	if err != nil {
+		t.Fatalf("failed to read exported tests.json: %v", err)
+	}
+
+	t.Logf("successfully loaded tests.json at %s", testsJSONPath)
+
+	var data betterTLS
+	if err := json.Unmarshal(jsonData, &data); err != nil {
+		t.Fatalf("failed to unmarshal JSON data: %v", err)
+	}
+
+	t.Logf("testing betterTLS revision: %s", data.Revision)
+	t.Logf("number of test suites: %d", len(data.Suites))
+
+	rootDER, err := data.RootCert()
+	if err != nil {
+		t.Fatalf("failed to decode trust root: %v", err)
+	}
+
+	rootCert, err := x509.ParseCertificate(rootDER)
+	if err != nil {
+		t.Fatalf("failed to parse trust root certificate: %v", err)
+	}
+
+	roots := x509.NewCertPool()
+	roots.AddCert(rootCert)
+
+	return data, roots
+}
+
+type betterTLS struct {
+	Revision string                    `json:"betterTlsRevision"`
+	Root     string                    `json:"trustRoot"`
+	Suites   map[string]betterTLSSuite `json:"suites"`
+}
+
+func (b *betterTLS) RootCert() ([]byte, error) {
+	return base64.StdEncoding.DecodeString(b.Root)
+}
+
+type betterTLSSuite struct {
+	TestCases []betterTLSTest `json:"testCases"`
+}
+
+type betterTLSTest struct {
+	ID           uint32         `json:"id"`
+	Certificates []string       `json:"certificates"`
+	Hostname     string         `json:"hostname"`
+	Expected     expectedResult `json:"expected"`
+}
+
+func (test *betterTLSTest) Certs() ([][]byte, error) {
+	certs := make([][]byte, len(test.Certificates))
+	for i, cert := range test.Certificates {
+		decoded, err := base64.StdEncoding.DecodeString(cert)
+		if err != nil {
+			return nil, err
+		}
+		certs[i] = decoded
+	}
+	return certs, nil
+}
+
+type expectedResult string
+
+const (
+	expectedAccept expectedResult = "ACCEPT"
+	expectedReject expectedResult = "REJECT"
+)

From f7bfc400b871cb6297fe63e3d7f872901073b723 Mon Sep 17 00:00:00 2001
From: Alan Donovan <adonovan@google.com>
Date: Tue, 11 Nov 2025 14:48:22 -0500
Subject: [PATCH 69/95] std,cmd: go fix -any std cmd

This change mechanically replaces all occurrences of interface{}
by 'any' (where deemed safe by the 'any' modernizer) throughout
std and cmd, minus their vendor trees.

Since this fix is relatively numerous, it gets its own CL.

Also, 'go generate go/types'.

Change-Id: I14a6b52856c3291c1d27935409bca8d5fd4242a2
Reviewed-on: https://go-review.googlesource.com/c/go/+/719702
Commit-Queue: Alan Donovan <adonovan@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Alan Donovan <adonovan@google.com>
---
 fips140_test.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fips140_test.go b/fips140_test.go
index d3fa61dc..291a19f4 100644
--- a/fips140_test.go
+++ b/fips140_test.go
@@ -404,7 +404,7 @@ func TestFIPSCertAlgs(t *testing.T) {
 	L2_I := fipsCert(t, "L2_I", fipsRSAKey(t, 1024), I_R1, fipsCertLeaf)
 
 	// client verifying server cert
-	testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
+	testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key any, list [][]byte, ok bool) {
 		clientConfig := testConfig.Clone()
 		clientConfig.RootCAs = pool
 		clientConfig.InsecureSkipVerify = false
@@ -432,7 +432,7 @@ func TestFIPSCertAlgs(t *testing.T) {
 	}
 
 	// server verifying client cert
-	testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
+	testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key any, list [][]byte, ok bool) {
 		clientConfig := testConfig.Clone()
 		clientConfig.ServerName = "example.com"
 		clientConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
@@ -574,11 +574,11 @@ type fipsCertificate struct {
 	parentOrg string
 	der       []byte
 	cert      *x509.Certificate
-	key       interface{}
+	key       any
 	fipsOK    bool
 }
 
-func fipsCert(t *testing.T, name string, key interface{}, parent *fipsCertificate, mode int) *fipsCertificate {
+func fipsCert(t *testing.T, name string, key any, parent *fipsCertificate, mode int) *fipsCertificate {
 	org := name
 	parentOrg := ""
 	if i := strings.Index(org, "_"); i >= 0 {
@@ -605,7 +605,7 @@ func fipsCert(t *testing.T, name string, key interface{}, parent *fipsCertificat
 	}
 
 	var pcert *x509.Certificate
-	var pkey interface{}
+	var pkey any
 	if parent != nil {
 		pcert = parent.cert
 		pkey = parent.key
@@ -614,7 +614,7 @@ func fipsCert(t *testing.T, name string, key interface{}, parent *fipsCertificat
 		pkey = key
 	}
 
-	var pub interface{}
+	var pub any
 	var desc string
 	switch k := key.(type) {
 	case *rsa.PrivateKey:

From 90795e197da12d0ef651d4d5fb7bc23ad3be732a Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Sun, 9 Nov 2025 11:50:42 -0800
Subject: [PATCH 70/95] crypto/x509: move BetterTLS suite from crypto/tls

Move the BetterTLS test suite from crypto/tls to crypto/x509. Despite
the name, the test suites we care about are actually related to X.509
path building and name constraint checking. As such it makes more sense
to include these in the crypto/x509 package, so we are more likely to
catch breaking behaviors during local testing.

Change-Id: I5237903dcc9d9f60d6c7070db3c996ceb643b04c
Reviewed-on: https://go-review.googlesource.com/c/go/+/719120
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
---
 bettertls_test.go | 230 ----------------------------------------------
 1 file changed, 230 deletions(-)
 delete mode 100644 bettertls_test.go

diff --git a/bettertls_test.go b/bettertls_test.go
deleted file mode 100644
index d1b06109..00000000
--- a/bettertls_test.go
+++ /dev/null
@@ -1,230 +0,0 @@
-// Copyright 2025 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This test uses Netflix's BetterTLS test suite to test the crypto/x509
-// path building and name constraint validation.
-//
-// The test data in JSON form is around 31MB, so we fetch the BetterTLS
-// go module and use it to generate the JSON data on-the-fly in a tmp dir.
-//
-// For more information, see:
-// https://github.com/netflix/bettertls
-// https://netflixtechblog.com/bettertls-c9915cd255c0
-
-package tls_test
-
-import (
-	"crypto/internal/cryptotest"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"internal/testenv"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-// TestBetterTLS runs the "pathbuilding" and "nameconstraints" suites of
-// BetterTLS.
-//
-// The test cases in the pathbuilding suite are designed to test edge-cases
-// for path building and validation. In particular, the ["chain of pain"][0]
-// scenario where a validator treats path building as an operation with
-// a single possible outcome, instead of many.
-//
-// The test cases in the nameconstraints suite are designed to test edge-cases
-// for name constraint parsing and validation.
-//
-// [0]: https://medium.com/@sleevi_/path-building-vs-path-verifying-the-chain-of-pain-9fbab861d7d6
-func TestBetterTLS(t *testing.T) {
-	testenv.SkipIfShortAndSlow(t)
-
-	data, roots := testData(t)
-
-	for _, suite := range []string{"pathbuilding", "nameconstraints"} {
-		t.Run(suite, func(t *testing.T) {
-			runTestSuite(t, suite, &data, roots)
-		})
-	}
-}
-
-func runTestSuite(t *testing.T, suiteName string, data *betterTLS, roots *x509.CertPool) {
-	suite, exists := data.Suites[suiteName]
-	if !exists {
-		t.Fatalf("missing %s suite", suiteName)
-	}
-
-	t.Logf(
-		"running %s test suite with %d test cases",
-		suiteName, len(suite.TestCases))
-
-	for _, tc := range suite.TestCases {
-		t.Logf("testing %s test case %d", suiteName, tc.ID)
-
-		certsDER, err := tc.Certs()
-		if err != nil {
-			t.Fatalf(
-				"failed to decode certificates for test case %d: %v",
-				tc.ID, err)
-		}
-
-		if len(certsDER) == 0 {
-			t.Fatalf("test case %d has no certificates", tc.ID)
-		}
-
-		eeCert, err := x509.ParseCertificate(certsDER[0])
-		if err != nil {
-			// Several constraint test cases contain invalid end-entity
-			// certificate extensions that we reject ahead of verification
-			// time. We consider this a pass and skip further processing.
-			//
-			// For example, a SAN with a uniformResourceIdentifier general name
-			// containing the value `"http://foo.bar, DNS:test.localhost"`, or
-			// an iPAddress general name of the wrong length.
-			if suiteName == "nameconstraints" && tc.Expected == expectedReject {
-				t.Logf(
-					"skipping expected reject test case %d "+
-						"- end entity certificate parse error: %v",
-					tc.ID, err)
-				continue
-			}
-			t.Fatalf(
-				"failed to parse end entity certificate for test case %d: %v",
-				tc.ID, err)
-		}
-
-		intermediates := x509.NewCertPool()
-		for i, certDER := range certsDER[1:] {
-			cert, err := x509.ParseCertificate(certDER)
-			if err != nil {
-				t.Fatalf(
-					"failed to parse intermediate certificate %d for test case %d: %v",
-					i+1, tc.ID, err)
-			}
-			intermediates.AddCert(cert)
-		}
-
-		_, err = eeCert.Verify(x509.VerifyOptions{
-			Roots:         roots,
-			Intermediates: intermediates,
-			DNSName:       tc.Hostname,
-			KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		})
-
-		switch tc.Expected {
-		case expectedAccept:
-			if err != nil {
-				t.Errorf(
-					"test case %d failed: expected success, got error: %v",
-					tc.ID, err)
-			}
-		case expectedReject:
-			if err == nil {
-				t.Errorf(
-					"test case %d failed: expected failure, but verification succeeded",
-					tc.ID)
-			}
-		default:
-			t.Fatalf(
-				"test case %d failed: unknown expected result: %s",
-				tc.ID, tc.Expected)
-		}
-	}
-}
-
-func testData(t *testing.T) (betterTLS, *x509.CertPool) {
-	const (
-		bettertlsModule  = "github.com/Netflix/bettertls"
-		bettertlsVersion = "v0.0.0-20250909192348-e1e99e353074"
-	)
-
-	bettertlsDir := cryptotest.FetchModule(t, bettertlsModule, bettertlsVersion)
-
-	tempDir := t.TempDir()
-	testsJSONPath := filepath.Join(tempDir, "tests.json")
-
-	cmd := testenv.Command(t, testenv.GoToolPath(t),
-		"run", "./test-suites/cmd/bettertls",
-		"export-tests",
-		"--out", testsJSONPath)
-	cmd.Dir = bettertlsDir
-
-	t.Log("running bettertls export-tests command")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		t.Fatalf(
-			"failed to run bettertls export-tests: %v\nOutput: %s",
-			err, output)
-	}
-
-	jsonData, err := os.ReadFile(testsJSONPath)
-	if err != nil {
-		t.Fatalf("failed to read exported tests.json: %v", err)
-	}
-
-	t.Logf("successfully loaded tests.json at %s", testsJSONPath)
-
-	var data betterTLS
-	if err := json.Unmarshal(jsonData, &data); err != nil {
-		t.Fatalf("failed to unmarshal JSON data: %v", err)
-	}
-
-	t.Logf("testing betterTLS revision: %s", data.Revision)
-	t.Logf("number of test suites: %d", len(data.Suites))
-
-	rootDER, err := data.RootCert()
-	if err != nil {
-		t.Fatalf("failed to decode trust root: %v", err)
-	}
-
-	rootCert, err := x509.ParseCertificate(rootDER)
-	if err != nil {
-		t.Fatalf("failed to parse trust root certificate: %v", err)
-	}
-
-	roots := x509.NewCertPool()
-	roots.AddCert(rootCert)
-
-	return data, roots
-}
-
-type betterTLS struct {
-	Revision string                    `json:"betterTlsRevision"`
-	Root     string                    `json:"trustRoot"`
-	Suites   map[string]betterTLSSuite `json:"suites"`
-}
-
-func (b *betterTLS) RootCert() ([]byte, error) {
-	return base64.StdEncoding.DecodeString(b.Root)
-}
-
-type betterTLSSuite struct {
-	TestCases []betterTLSTest `json:"testCases"`
-}
-
-type betterTLSTest struct {
-	ID           uint32         `json:"id"`
-	Certificates []string       `json:"certificates"`
-	Hostname     string         `json:"hostname"`
-	Expected     expectedResult `json:"expected"`
-}
-
-func (test *betterTLSTest) Certs() ([][]byte, error) {
-	certs := make([][]byte, len(test.Certificates))
-	for i, cert := range test.Certificates {
-		decoded, err := base64.StdEncoding.DecodeString(cert)
-		if err != nil {
-			return nil, err
-		}
-		certs[i] = decoded
-	}
-	return certs, nil
-}
-
-type expectedResult string
-
-const (
-	expectedAccept expectedResult = "ACCEPT"
-	expectedReject expectedResult = "REJECT"
-)

From 0ae5aead04d5247516b722ad3f001cfb75a59a37 Mon Sep 17 00:00:00 2001
From: Alan Donovan <adonovan@google.com>
Date: Fri, 14 Nov 2025 14:59:36 -0500
Subject: [PATCH 71/95] std: fix printf("%q", int) mistakes

For #72850

Change-Id: I07e64f05c82a34b1dadb9a72e16f5045e68cbd24
Reviewed-on: https://go-review.googlesource.com/c/go/+/720642
Auto-Submit: Alan Donovan <adonovan@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_shim_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 8f171d92..02a943c1 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -461,7 +461,7 @@ func bogoShim() {
 			}
 
 			if *expectVersion != 0 && cs.Version != uint16(*expectVersion) {
-				log.Fatalf("expected ssl version %q, got %q", uint16(*expectVersion), cs.Version)
+				log.Fatalf("expected ssl version %d, got %d", *expectVersion, cs.Version)
 			}
 			if *declineALPN && cs.NegotiatedProtocol != "" {
 				log.Fatal("unexpected ALPN protocol")

From 6eacc6b2c7bab58ed3ed96f183f9f1bb608e5d17 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Sat, 8 Nov 2025 11:22:59 -0800
Subject: [PATCH 72/95] crypto/tls: add QUICErrorEvent

Add a new QUICEvent type for reporting errors.
This provides a way to report errors that don't occur as a result of
QUICConn.Start, QUICConn.HandleData, or QUICConn.SendSessionTicket.

Fixes #75108

Change-Id: I941371a21f26b940e75287a66d7e0211fc0baab1
Reviewed-on: https://go-review.googlesource.com/c/go/+/719040
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 quic.go      | 19 +++++++++++++++++++
 quic_test.go | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)

diff --git a/quic.go b/quic.go
index 2ba2242b..b3f95dbb 100644
--- a/quic.go
+++ b/quic.go
@@ -117,6 +117,11 @@ const (
 	// The application may modify the [SessionState] before storing it.
 	// This event only occurs on client connections.
 	QUICStoreSession
+
+	// QUICErrorEvent indicates that a fatal error has occurred.
+	// The handshake cannot proceed and the connection must be closed.
+	// QUICEvent.Err is set.
+	QUICErrorEvent
 )
 
 // A QUICEvent is an event occurring on a QUIC connection.
@@ -138,6 +143,10 @@ type QUICEvent struct {
 
 	// Set for QUICResumeSession and QUICStoreSession.
 	SessionState *SessionState
+
+	// Set for QUICErrorEvent.
+	// The error will wrap AlertError.
+	Err error
 }
 
 type quicState struct {
@@ -157,6 +166,7 @@ type quicState struct {
 	cancel   context.CancelFunc
 
 	waitingForDrain bool
+	errorReturned   bool
 
 	// readbuf is shared between HandleData and the handshake goroutine.
 	// HandshakeCryptoData passes ownership to the handshake goroutine by
@@ -229,6 +239,15 @@ func (q *QUICConn) NextEvent() QUICEvent {
 		<-qs.signalc
 		<-qs.blockedc
 	}
+	if err := q.conn.handshakeErr; err != nil {
+		if qs.errorReturned {
+			return QUICEvent{Kind: QUICNoEvent}
+		}
+		qs.errorReturned = true
+		qs.events = nil
+		qs.nextEvent = 0
+		return QUICEvent{Kind: QUICErrorEvent, Err: q.conn.handshakeErr}
+	}
 	if qs.nextEvent >= len(qs.events) {
 		qs.events = qs.events[:0]
 		qs.nextEvent = 0
diff --git a/quic_test.go b/quic_test.go
index 5f4b2b77..bd0eaa4d 100644
--- a/quic_test.go
+++ b/quic_test.go
@@ -8,6 +8,7 @@ import (
 	"bytes"
 	"context"
 	"errors"
+	"fmt"
 	"reflect"
 	"strings"
 	"testing"
@@ -21,6 +22,7 @@ type testQUICConn struct {
 	ticketOpts        QUICSessionTicketOptions
 	onResumeSession   func(*SessionState)
 	gotParams         []byte
+	gotError          error
 	earlyDataRejected bool
 	complete          bool
 }
@@ -109,6 +111,9 @@ func runTestQUICConnection(ctx context.Context, cli, srv *testQUICConn, onEvent
 		if onEvent != nil && onEvent(e, a, b) {
 			continue
 		}
+		if a.gotError != nil && e.Kind != QUICNoEvent {
+			return fmt.Errorf("unexpected event %v after QUICErrorEvent", e.Kind)
+		}
 		switch e.Kind {
 		case QUICNoEvent:
 			idleCount++
@@ -152,6 +157,11 @@ func runTestQUICConnection(ctx context.Context, cli, srv *testQUICConn, onEvent
 			}
 		case QUICRejectedEarlyData:
 			a.earlyDataRejected = true
+		case QUICErrorEvent:
+			if e.Err == nil {
+				return errors.New("unexpected QUICErrorEvent with no Err")
+			}
+			a.gotError = e.Err
 		}
 		if e.Kind != QUICNoEvent {
 			idleCount = 0
@@ -371,6 +381,45 @@ func TestQUICHandshakeError(t *testing.T) {
 	if _, ok := errors.AsType[*CertificateVerificationError](err); !ok {
 		t.Errorf("connection handshake terminated with error %q, want CertificateVerificationError", err)
 	}
+
+	ev := cli.conn.NextEvent()
+	if ev.Kind != QUICErrorEvent {
+		t.Errorf("client.NextEvent: no QUICErrorEvent, want one")
+	}
+	if ev.Err != err {
+		t.Errorf("client.NextEvent: want same error returned by Start, got %v", ev.Err)
+	}
+}
+
+// Test that we can report an error produced by the GetEncryptedClientHelloKeys function.
+func TestQUICECHKeyError(t *testing.T) {
+	getECHKeysError := errors.New("error returned by GetEncryptedClientHelloKeys")
+	config := &QUICConfig{TLSConfig: testConfig.Clone()}
+	config.TLSConfig.MinVersion = VersionTLS13
+	config.TLSConfig.NextProtos = []string{"h3"}
+	config.TLSConfig.GetEncryptedClientHelloKeys = func(*ClientHelloInfo) ([]EncryptedClientHelloKey, error) {
+		return nil, getECHKeysError
+	}
+	cli := newTestQUICClient(t, config)
+	cli.conn.SetTransportParameters(nil)
+	srv := newTestQUICServer(t, config)
+
+	if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != errTransportParametersRequired {
+		t.Fatalf("handshake with no client parameters: %v; want errTransportParametersRequired", err)
+	}
+	srv.conn.SetTransportParameters(nil)
+	if err := runTestQUICConnection(context.Background(), cli, srv, nil); err == nil {
+		t.Fatalf("handshake with GetEncryptedClientHelloKeys errors: nil, want error")
+	}
+	if srv.gotError == nil {
+		t.Fatalf("after GetEncryptedClientHelloKeys error, server did not see QUICErrorEvent")
+	}
+	if _, ok := errors.AsType[AlertError](srv.gotError); !ok {
+		t.Errorf("connection handshake terminated with error %T, want AlertError", srv.gotError)
+	}
+	if !errors.Is(srv.gotError, getECHKeysError) {
+		t.Errorf("connection handshake terminated with error %v, want error returned by GetEncryptedClientHelloKeys", srv.gotError)
+	}
 }
 
 // Test that QUICConn.ConnectionState can be used during the handshake,

From a4264a9c5ba92b584c54a2e4baee9ec530de79b5 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 6 Sep 2025 21:37:09 +0200
Subject: [PATCH 73/95] crypto/internal/hpke: modularize API and support more
 ciphersuites

Updates #75300

Change-Id: I6a6a6964de449b36bc6f5594e08c3c47a0a2f17f
Reviewed-on: https://go-review.googlesource.com/c/go/+/701435
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
---
 common.go           | 28 ++++++++++++----
 ech.go              | 81 +++++++++++++++++----------------------------
 ech_test.go         |  2 +-
 handshake_client.go | 15 ++-------
 tls_test.go         |  9 ++---
 5 files changed, 60 insertions(+), 75 deletions(-)

diff --git a/common.go b/common.go
index 6fe6f34c..c8e65e4d 100644
--- a/common.go
+++ b/common.go
@@ -889,13 +889,29 @@ type Config struct {
 // with a specific ECH config known to a client.
 type EncryptedClientHelloKey struct {
 	// Config should be a marshalled ECHConfig associated with PrivateKey. This
-	// must match the config provided to clients byte-for-byte. The config
-	// should only specify the DHKEM(X25519, HKDF-SHA256) KEM ID (0x0020), the
-	// HKDF-SHA256 KDF ID (0x0001), and a subset of the following AEAD IDs:
-	// AES-128-GCM (0x0001), AES-256-GCM (0x0002), ChaCha20Poly1305 (0x0003).
+	// must match the config provided to clients byte-for-byte. The config must
+	// use as KEM one of
+	//
+	//   - DHKEM(P-256, HKDF-SHA256) (0x0010)
+	//   - DHKEM(P-384, HKDF-SHA384) (0x0011)
+	//   - DHKEM(P-521, HKDF-SHA512) (0x0012)
+	//   - DHKEM(X25519, HKDF-SHA256) (0x0020)
+	//
+	// and as KDF one of
+	//
+	//   - HKDF-SHA256 (0x0001)
+	//   - HKDF-SHA384 (0x0002)
+	//   - HKDF-SHA512 (0x0003)
+	//
+	// and as AEAD one of
+	//
+	//   - AES-128-GCM (0x0001)
+	//   - AES-256-GCM (0x0002)
+	//   - ChaCha20Poly1305 (0x0003)
+	//
 	Config []byte
-	// PrivateKey should be a marshalled private key. Currently, we expect
-	// this to be the output of [ecdh.PrivateKey.Bytes].
+	// PrivateKey should be a marshalled private key, in the format expected by
+	// HPKE's DeserializePrivateKey (see RFC 9180), for the KEM used in Config.
 	PrivateKey []byte
 	// SendAsRetry indicates if Config should be sent as part of the list of
 	// retry configs when ECH is requested by the client but rejected by the
diff --git a/ech.go b/ech.go
index d3472d8d..c56642f7 100644
--- a/ech.go
+++ b/ech.go
@@ -9,24 +9,11 @@ import (
 	"crypto/internal/hpke"
 	"errors"
 	"fmt"
-	"slices"
 	"strings"
 
 	"golang.org/x/crypto/cryptobyte"
 )
 
-// sortedSupportedAEADs is just a sorted version of hpke.SupportedAEADS.
-// We need this so that when we insert them into ECHConfigs the ordering
-// is stable.
-var sortedSupportedAEADs []uint16
-
-func init() {
-	for aeadID := range hpke.SupportedAEADs {
-		sortedSupportedAEADs = append(sortedSupportedAEADs, aeadID)
-	}
-	slices.Sort(sortedSupportedAEADs)
-}
-
 type echCipher struct {
 	KDFID  uint16
 	AEADID uint16
@@ -162,25 +149,8 @@ func parseECHConfigList(data []byte) ([]echConfig, error) {
 	return configs, nil
 }
 
-func pickECHConfig(list []echConfig) *echConfig {
+func pickECHConfig(list []echConfig) (*echConfig, hpke.KEMSender, hpke.KDF, hpke.AEAD) {
 	for _, ec := range list {
-		if _, ok := hpke.SupportedKEMs[ec.KemID]; !ok {
-			continue
-		}
-		var validSCS bool
-		for _, cs := range ec.SymmetricCipherSuite {
-			if _, ok := hpke.SupportedAEADs[cs.AEADID]; !ok {
-				continue
-			}
-			if _, ok := hpke.SupportedKDFs[cs.KDFID]; !ok {
-				continue
-			}
-			validSCS = true
-			break
-		}
-		if !validSCS {
-			continue
-		}
 		if !validDNSName(string(ec.PublicName)) {
 			continue
 		}
@@ -196,25 +166,26 @@ func pickECHConfig(list []echConfig) *echConfig {
 		if unsupportedExt {
 			continue
 		}
-		return &ec
-	}
-	return nil
-}
-
-func pickECHCipherSuite(suites []echCipher) (echCipher, error) {
-	for _, s := range suites {
-		// NOTE: all of the supported AEADs and KDFs are fine, rather than
-		// imposing some sort of preference here, we just pick the first valid
-		// suite.
-		if _, ok := hpke.SupportedAEADs[s.AEADID]; !ok {
+		s, err := hpke.NewKEMSender(ec.KemID, ec.PublicKey)
+		if err != nil {
 			continue
 		}
-		if _, ok := hpke.SupportedKDFs[s.KDFID]; !ok {
-			continue
+		for _, cs := range ec.SymmetricCipherSuite {
+			// All of the supported AEADs and KDFs are fine, rather than
+			// imposing some sort of preference here, we just pick the first
+			// valid suite.
+			kdf, err := hpke.NewKDF(cs.KDFID)
+			if err != nil {
+				continue
+			}
+			aead, err := hpke.NewAEAD(cs.AEADID)
+			if err != nil {
+				continue
+			}
+			return &ec, s, kdf, aead
 		}
-		return s, nil
 	}
-	return echCipher{}, errors.New("tls: no supported symmetric ciphersuites for ECH")
+	return nil, nil, nil, nil
 }
 
 func encodeInnerClientHello(inner *clientHelloMsg, maxNameLength int) ([]byte, error) {
@@ -592,18 +563,28 @@ func (c *Conn) processECHClientHello(outer *clientHelloMsg, echKeys []EncryptedC
 		skip, config, err := parseECHConfig(echKey.Config)
 		if err != nil || skip {
 			c.sendAlert(alertInternalError)
-			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKeys Config: %s", err)
+			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKey Config: %s", err)
 		}
 		if skip {
 			continue
 		}
-		echPriv, err := hpke.ParseHPKEPrivateKey(config.KemID, echKey.PrivateKey)
+		echPriv, err := hpke.NewKEMRecipient(config.KemID, echKey.PrivateKey)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKey PrivateKey: %s", err)
+		}
+		kdf, err := hpke.NewKDF(echCiphersuite.KDFID)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKey Config KDF: %s", err)
+		}
+		aead, err := hpke.NewAEAD(echCiphersuite.AEADID)
 		if err != nil {
 			c.sendAlert(alertInternalError)
-			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKeys PrivateKey: %s", err)
+			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKey Config AEAD: %s", err)
 		}
 		info := append([]byte("tls ech\x00"), echKey.Config...)
-		hpkeContext, err := hpke.SetupRecipient(hpke.DHKEM_X25519_HKDF_SHA256, echCiphersuite.KDFID, echCiphersuite.AEADID, echPriv, info, encap)
+		hpkeContext, err := hpke.NewRecipient(encap, echPriv, kdf, aead, info)
 		if err != nil {
 			// attempt next trial decryption
 			continue
diff --git a/ech_test.go b/ech_test.go
index 96312a44..5adbb029 100644
--- a/ech_test.go
+++ b/ech_test.go
@@ -41,7 +41,7 @@ func TestSkipBadConfigs(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	config := pickECHConfig(configs)
+	config, _, _, _ := pickECHConfig(configs)
 	if config != nil {
 		t.Fatal("pickECHConfig picked an invalid config")
 	}
diff --git a/handshake_client.go b/handshake_client.go
index 90c5bdac..533b8ba3 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -205,11 +205,11 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 		if err != nil {
 			return nil, nil, nil, err
 		}
-		echConfig := pickECHConfig(echConfigs)
+		echConfig, echPK, kdf, aead := pickECHConfig(echConfigs)
 		if echConfig == nil {
 			return nil, nil, nil, errors.New("tls: EncryptedClientHelloConfigList contains no valid configs")
 		}
-		ech = &echClientContext{config: echConfig}
+		ech = &echClientContext{config: echConfig, kdfID: kdf.ID(), aeadID: aead.ID()}
 		hello.encryptedClientHello = []byte{1} // indicate inner hello
 		// We need to explicitly set these 1.2 fields to nil, as we do not
 		// marshal them when encoding the inner hello, otherwise transcripts
@@ -219,17 +219,8 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 		hello.secureRenegotiationSupported = false
 		hello.extendedMasterSecret = false
 
-		echPK, err := hpke.ParseHPKEPublicKey(ech.config.KemID, ech.config.PublicKey)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		suite, err := pickECHCipherSuite(ech.config.SymmetricCipherSuite)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		ech.kdfID, ech.aeadID = suite.KDFID, suite.AEADID
 		info := append([]byte("tls ech\x00"), ech.config.raw...)
-		ech.encapsulatedKey, ech.hpkeContext, err = hpke.SetupSender(ech.config.KemID, suite.KDFID, suite.AEADID, echPK, info)
+		ech.encapsulatedKey, ech.hpkeContext, err = hpke.NewSender(echPK, kdf, aead, info)
 		if err != nil {
 			return nil, nil, nil, err
 		}
diff --git a/tls_test.go b/tls_test.go
index 6539009d..93ec8643 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -11,7 +11,6 @@ import (
 	"crypto/ecdh"
 	"crypto/ecdsa"
 	"crypto/elliptic"
-	"crypto/internal/hpke"
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
 	"crypto/x509"
@@ -2249,15 +2248,13 @@ func TestECH(t *testing.T) {
 		builder.AddUint16(extensionEncryptedClientHello)
 		builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) {
 			builder.AddUint8(id)
-			builder.AddUint16(hpke.DHKEM_X25519_HKDF_SHA256) // The only DHKEM we support
+			builder.AddUint16(0x0020 /* DHKEM(X25519, HKDF-SHA256) */)
 			builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) {
 				builder.AddBytes(pubKey)
 			})
 			builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) {
-				for _, aeadID := range sortedSupportedAEADs {
-					builder.AddUint16(hpke.KDF_HKDF_SHA256) // The only KDF we support
-					builder.AddUint16(aeadID)
-				}
+				builder.AddUint16(0x0001 /* HKDF-SHA256 */)
+				builder.AddUint16(0x0001 /* AES-128-GCM */)
 			})
 			builder.AddUint8(maxNameLen)
 			builder.AddUint8LengthPrefixed(func(builder *cryptobyte.Builder) {

From 38240ffc4cc83c469780a04c5382111871b70ee6 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 11 Nov 2025 13:10:17 +0100
Subject: [PATCH 74/95] crypto/internal/hpke: separate KEM and
 PublicKey/PrivateKey interfaces

Updates #75300

Change-Id: I87ed26e8f57180d741408bdbda1696d46a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/719560
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
---
 ech.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/ech.go b/ech.go
index c56642f7..fb02197e 100644
--- a/ech.go
+++ b/ech.go
@@ -149,7 +149,7 @@ func parseECHConfigList(data []byte) ([]echConfig, error) {
 	return configs, nil
 }
 
-func pickECHConfig(list []echConfig) (*echConfig, hpke.KEMSender, hpke.KDF, hpke.AEAD) {
+func pickECHConfig(list []echConfig) (*echConfig, hpke.PublicKey, hpke.KDF, hpke.AEAD) {
 	for _, ec := range list {
 		if !validDNSName(string(ec.PublicName)) {
 			continue
@@ -166,10 +166,16 @@ func pickECHConfig(list []echConfig) (*echConfig, hpke.KEMSender, hpke.KDF, hpke
 		if unsupportedExt {
 			continue
 		}
-		s, err := hpke.NewKEMSender(ec.KemID, ec.PublicKey)
+		kem, err := hpke.NewKEM(ec.KemID)
 		if err != nil {
 			continue
 		}
+		pub, err := kem.NewPublicKey(ec.PublicKey)
+		if err != nil {
+			// This is an error in the config, but killing the connection feels
+			// excessive.
+			continue
+		}
 		for _, cs := range ec.SymmetricCipherSuite {
 			// All of the supported AEADs and KDFs are fine, rather than
 			// imposing some sort of preference here, we just pick the first
@@ -182,7 +188,7 @@ func pickECHConfig(list []echConfig) (*echConfig, hpke.KEMSender, hpke.KDF, hpke
 			if err != nil {
 				continue
 			}
-			return &ec, s, kdf, aead
+			return &ec, pub, kdf, aead
 		}
 	}
 	return nil, nil, nil, nil
@@ -568,7 +574,12 @@ func (c *Conn) processECHClientHello(outer *clientHelloMsg, echKeys []EncryptedC
 		if skip {
 			continue
 		}
-		echPriv, err := hpke.NewKEMRecipient(config.KemID, echKey.PrivateKey)
+		kem, err := hpke.NewKEM(config.KemID)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKey Config KEM: %s", err)
+		}
+		echPriv, err := kem.NewPrivateKey(echKey.PrivateKey)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return nil, nil, fmt.Errorf("tls: invalid EncryptedClientHelloKey PrivateKey: %s", err)

From 3dac251a322513e4ccdcdfa6e36b04315c4c3824 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Sun, 16 Nov 2025 16:09:16 -0800
Subject: [PATCH 75/95] crypto/tls: use inner hello for earlyData when using
 QUIC and ECH

I don't think we have good QUIC ECH tests. BoGo has some for this, but
I'm not sure how easy it would be to enable those for QUIC.

Fixes #76283

Change-Id: I0ffa535fd89a624b7f9bfd73441ce2a1683e0549
Reviewed-on: https://go-review.googlesource.com/c/go/+/720920
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
---
 handshake_client.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/handshake_client.go b/handshake_client.go
index 533b8ba3..47cf8832 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -308,7 +308,11 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 	if hello.earlyData {
 		suite := cipherSuiteTLS13ByID(session.cipherSuite)
 		transcript := suite.hash.New()
-		if err := transcriptMsg(hello, transcript); err != nil {
+		transcriptHello := hello
+		if ech != nil {
+			transcriptHello = ech.innerHello
+		}
+		if err := transcriptMsg(transcriptHello, transcript); err != nil {
 			return err
 		}
 		earlyTrafficSecret := earlySecret.ClientEarlyTrafficSecret(transcript)

From f0cba601c4b9d5c16228f7da472e759579901cc0 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 3 Nov 2025 14:47:42 -0500
Subject: [PATCH 76/95] crypto/tls: expose HelloRetryRequest state

This commit adds fields to the ClientHelloInfo and ConnectionState
structures to represent hello retry request state information.

ClientHelloInfo gains a new HelloRetryRequest bool field that indicates
if the client hello was sent in response to a TLS 1.3 hello retry
request message previously emitted by the server.

ConnectionState gains a new HelloRetryRequest bool field that indicates
(depending on the connection role) whether the client received a TLS 1.3
hello retry request message from the server, or whether the server sent
such a message to a client.

Fixes #74425

Change-Id: Ic1a5290b8a4ba1568da1d2c2cf9f148150955fa5
Reviewed-on: https://go-review.googlesource.com/c/go/+/717440
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
---
 bogo_shim_test.go        |  4 ++--
 common.go                | 11 ++++++++---
 conn.go                  |  2 +-
 handshake_client_test.go |  2 +-
 handshake_server.go      |  1 +
 handshake_server_test.go | 41 +++++++++++++++++++++++++++++++++++++---
 tls_test.go              |  8 ++++----
 7 files changed, 55 insertions(+), 14 deletions(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 02a943c1..a14386a6 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -476,11 +476,11 @@ func bogoShim() {
 				log.Fatal("did not expect ECH, but it was accepted")
 			}
 
-			if *expectHRR && !cs.testingOnlyDidHRR {
+			if *expectHRR && !cs.HelloRetryRequest {
 				log.Fatal("expected HRR but did not do it")
 			}
 
-			if *expectNoHRR && cs.testingOnlyDidHRR {
+			if *expectNoHRR && cs.HelloRetryRequest {
 				log.Fatal("expected no HRR but did do it")
 			}
 
diff --git a/common.go b/common.go
index c8e65e4d..d809624b 100644
--- a/common.go
+++ b/common.go
@@ -304,12 +304,13 @@ type ConnectionState struct {
 	// client side.
 	ECHAccepted bool
 
+	// HelloRetryRequest indicates whether we sent a HelloRetryRequest if we
+	// are a server, or if we received a HelloRetryRequest if we are a client.
+	HelloRetryRequest bool
+
 	// ekm is a closure exposed via ExportKeyingMaterial.
 	ekm func(label string, context []byte, length int) ([]byte, error)
 
-	// testingOnlyDidHRR is true if a HelloRetryRequest was sent/received.
-	testingOnlyDidHRR bool
-
 	// testingOnlyPeerSignatureAlgorithm is the signature algorithm used by the
 	// peer to sign the handshake. It is not set for resumed connections.
 	testingOnlyPeerSignatureAlgorithm SignatureScheme
@@ -469,6 +470,10 @@ type ClientHelloInfo struct {
 	// connection to fail.
 	Conn net.Conn
 
+	// HelloRetryRequest indicates whether the ClientHello was sent in response
+	// to a HelloRetryRequest message.
+	HelloRetryRequest bool
+
 	// config is embedded by the GetCertificate or GetConfigForClient caller,
 	// for use with SupportsCertificate.
 	config *Config
diff --git a/conn.go b/conn.go
index 2de120a1..c04c7a50 100644
--- a/conn.go
+++ b/conn.go
@@ -1612,7 +1612,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	state.Version = c.vers
 	state.NegotiatedProtocol = c.clientProtocol
 	state.DidResume = c.didResume
-	state.testingOnlyDidHRR = c.didHRR
+	state.HelloRetryRequest = c.didHRR
 	state.testingOnlyPeerSignatureAlgorithm = c.peerSigAlg
 	state.CurveID = c.curveID
 	state.NegotiatedProtocolIsMutual = true
diff --git a/handshake_client_test.go b/handshake_client_test.go
index 6020c0f0..e7de0b59 100644
--- a/handshake_client_test.go
+++ b/handshake_client_test.go
@@ -626,7 +626,7 @@ func TestHandshakeClientHelloRetryRequest(t *testing.T) {
 		args:   []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"},
 		config: config,
 		validate: func(cs ConnectionState) error {
-			if !cs.testingOnlyDidHRR {
+			if !cs.HelloRetryRequest {
 				return errors.New("expected HelloRetryRequest")
 			}
 			return nil
diff --git a/handshake_server.go b/handshake_server.go
index a2cf176a..2d3efffc 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -1021,6 +1021,7 @@ func clientHelloInfo(ctx context.Context, c *Conn, clientHello *clientHelloMsg)
 		SupportedVersions: supportedVersions,
 		Extensions:        clientHello.extensions,
 		Conn:              c.conn,
+		HelloRetryRequest: c.didHRR,
 		config:            c.config,
 		ctx:               ctx,
 	}
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 43183db2..7e35c252 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -905,14 +905,30 @@ func TestHandshakeServerHelloRetryRequest(t *testing.T) {
 	config := testConfig.Clone()
 	config.CurvePreferences = []CurveID{CurveP256}
 
+	var clientHelloInfoHRR bool
+	var getCertificateCalled bool
+	eeCert := config.Certificates[0]
+	config.Certificates = nil
+	config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
+		getCertificateCalled = true
+		clientHelloInfoHRR = clientHello.HelloRetryRequest
+		return &eeCert, nil
+	}
+
 	test := &serverTest{
 		name:    "HelloRetryRequest",
 		command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-curves", "X25519:P-256"},
 		config:  config,
 		validate: func(cs ConnectionState) error {
-			if !cs.testingOnlyDidHRR {
+			if !cs.HelloRetryRequest {
 				return errors.New("expected HelloRetryRequest")
 			}
+			if !getCertificateCalled {
+				return errors.New("expected GetCertificate to be called")
+			}
+			if !clientHelloInfoHRR {
+				return errors.New("expected ClientHelloInfo.HelloRetryRequest to be true")
+			}
 			return nil
 		},
 	}
@@ -920,19 +936,38 @@ func TestHandshakeServerHelloRetryRequest(t *testing.T) {
 }
 
 // TestHandshakeServerKeySharePreference checks that we prefer a key share even
-// if it's later in the CurvePreferences order.
+// if it's later in the CurvePreferences order, and that the client hello HRR
+// field is correctly represented.
 func TestHandshakeServerKeySharePreference(t *testing.T) {
 	config := testConfig.Clone()
 	config.CurvePreferences = []CurveID{X25519, CurveP256}
 
+	// We also use this test as a convenient place to assert the ClientHelloInfo
+	// HelloRetryRequest field is _not_ set for a non-HRR hello.
+	var clientHelloInfoHRR bool
+	var getCertificateCalled bool
+	eeCert := config.Certificates[0]
+	config.Certificates = nil
+	config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
+		getCertificateCalled = true
+		clientHelloInfoHRR = clientHello.HelloRetryRequest
+		return &eeCert, nil
+	}
+
 	test := &serverTest{
 		name:    "KeySharePreference",
 		command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256", "-curves", "P-256:X25519"},
 		config:  config,
 		validate: func(cs ConnectionState) error {
-			if cs.testingOnlyDidHRR {
+			if cs.HelloRetryRequest {
 				return errors.New("unexpected HelloRetryRequest")
 			}
+			if !getCertificateCalled {
+				return errors.New("expected GetCertificate to be called")
+			}
+			if clientHelloInfoHRR {
+				return errors.New("expected ClientHelloInfo.HelloRetryRequest to be false")
+			}
 			return nil
 		},
 	}
diff --git a/tls_test.go b/tls_test.go
index 93ec8643..6905f539 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -2090,17 +2090,17 @@ func TestHandshakeMLKEM(t *testing.T) {
 				}
 			}
 			if test.expectHRR {
-				if !ss.testingOnlyDidHRR {
+				if !ss.HelloRetryRequest {
 					t.Error("server did not use HRR")
 				}
-				if !cs.testingOnlyDidHRR {
+				if !cs.HelloRetryRequest {
 					t.Error("client did not use HRR")
 				}
 			} else {
-				if ss.testingOnlyDidHRR {
+				if ss.HelloRetryRequest {
 					t.Error("server used HRR")
 				}
-				if cs.testingOnlyDidHRR {
+				if cs.HelloRetryRequest {
 					t.Error("client used HRR")
 				}
 			}

From dabb9c304fa607ce5bec0e16f88df70e99a44266 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 24 Nov 2025 20:46:14 +0100
Subject: [PATCH 77/95] crypto/ecdsa: clean up ECDSA parsing and serialization
 paths

Check for invalid encodings and keys more systematically in
ParseRawPrivateKey/PrivateKey.Bytes,
ParseUncompressedPublicKey/PublicKey.Bytes, and
fips140/ecdsa.NewPrivateKey/NewPublicKey.

Also, use these functions throughout the codebase.

This should not change any observable behavior, because there were
multiple layers of checks and every path would hit at least one.

Change-Id: I6a6a46566c95de871a5a37996835a0e51495f1d8
Reviewed-on: https://go-review.googlesource.com/c/go/+/724000
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 tls.go | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tls.go b/tls.go
index a0fd8e83..69f09687 100644
--- a/tls.go
+++ b/tls.go
@@ -24,7 +24,6 @@ package tls
 // https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 
 import (
-	"bytes"
 	"context"
 	"crypto"
 	"crypto/ecdsa"
@@ -335,7 +334,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 		if !ok {
 			return fail(errors.New("tls: private key type does not match public key type"))
 		}
-		if pub.N.Cmp(priv.N) != 0 {
+		if !priv.PublicKey.Equal(pub) {
 			return fail(errors.New("tls: private key does not match public key"))
 		}
 	case *ecdsa.PublicKey:
@@ -343,7 +342,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 		if !ok {
 			return fail(errors.New("tls: private key type does not match public key type"))
 		}
-		if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
+		if !priv.PublicKey.Equal(pub) {
 			return fail(errors.New("tls: private key does not match public key"))
 		}
 	case ed25519.PublicKey:
@@ -351,7 +350,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 		if !ok {
 			return fail(errors.New("tls: private key type does not match public key type"))
 		}
-		if !bytes.Equal(priv.Public().(ed25519.PublicKey), pub) {
+		if !priv.Public().(ed25519.PublicKey).Equal(pub) {
 			return fail(errors.New("tls: private key does not match public key"))
 		}
 	default:

From eb2a2c5b950d797da991b5eb3809c9336dffbfc9 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sat, 22 Nov 2025 23:03:14 +0100
Subject: [PATCH 78/95] crypto/hpke: expose crypto/internal/hpke

Fixes #75300

Change-Id: I6a83e0d040dba3366819d2afff704f886a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/723560
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 ech.go                    | 2 +-
 handshake_client.go       | 2 +-
 handshake_server_tls13.go | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ech.go b/ech.go
index fb02197e..adeff9e0 100644
--- a/ech.go
+++ b/ech.go
@@ -6,7 +6,7 @@ package tls
 
 import (
 	"bytes"
-	"crypto/internal/hpke"
+	"crypto/hpke"
 	"errors"
 	"fmt"
 	"strings"
diff --git a/handshake_client.go b/handshake_client.go
index 47cf8832..c739544d 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -10,9 +10,9 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/hpke"
 	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
-	"crypto/internal/hpke"
 	"crypto/rsa"
 	"crypto/subtle"
 	"crypto/tls/internal/fips140tls"
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index c5b0552c..c227371a 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -10,9 +10,9 @@ import (
 	"crypto"
 	"crypto/hkdf"
 	"crypto/hmac"
+	"crypto/hpke"
 	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
-	"crypto/internal/hpke"
 	"crypto/rsa"
 	"crypto/tls/internal/fips140tls"
 	"errors"

From 5afee90bc7c3934656be68f34dd79b0ffbb1db57 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 19 Nov 2025 17:32:42 +0100
Subject: [PATCH 79/95] crypto/tls: add SecP256r1/SecP384r1MLKEM1024 hybrid
 post-quantum key exchanges

Fixes #71206

Change-Id: If3cf75261c56828b87ae6805bd2913f56a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/722140
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 bogo_config.json          |   4 +-
 common.go                 |  31 ++++--
 common_string.go          |  10 +-
 defaults.go               |  14 ++-
 defaults_fips140.go       |   2 +
 fips140_test.go           |  10 +-
 handshake_client.go       |  51 +++-------
 handshake_client_tls13.go |  43 ++------
 handshake_server_tls13.go |  46 +--------
 key_agreement.go          |  32 +++++-
 key_schedule.go           | 206 ++++++++++++++++++++++++++++++++++----
 tls_test.go               | 139 ++++++++++++++++---------
 12 files changed, 390 insertions(+), 198 deletions(-)

diff --git a/bogo_config.json b/bogo_config.json
index ed3fc6ec..a4664d6e 100644
--- a/bogo_config.json
+++ b/bogo_config.json
@@ -219,7 +219,9 @@
         24,
         25,
         29,
-        4588
+        4587,
+        4588,
+        4589
     ],
     "ErrorMap": {
         ":ECH_REJECTED:": ["tls: server rejected ECH"]
diff --git a/common.go b/common.go
index d809624b..993cfaf7 100644
--- a/common.go
+++ b/common.go
@@ -145,19 +145,31 @@ const (
 type CurveID uint16
 
 const (
-	CurveP256      CurveID = 23
-	CurveP384      CurveID = 24
-	CurveP521      CurveID = 25
-	X25519         CurveID = 29
-	X25519MLKEM768 CurveID = 4588
+	CurveP256          CurveID = 23
+	CurveP384          CurveID = 24
+	CurveP521          CurveID = 25
+	X25519             CurveID = 29
+	X25519MLKEM768     CurveID = 4588
+	SecP256r1MLKEM768  CurveID = 4587
+	SecP384r1MLKEM1024 CurveID = 4589
 )
 
 func isTLS13OnlyKeyExchange(curve CurveID) bool {
-	return curve == X25519MLKEM768
+	switch curve {
+	case X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024:
+		return true
+	default:
+		return false
+	}
 }
 
 func isPQKeyExchange(curve CurveID) bool {
-	return curve == X25519MLKEM768
+	switch curve {
+	case X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024:
+		return true
+	default:
+		return false
+	}
 }
 
 // TLS 1.3 Key Share. See RFC 8446, Section 4.2.8.
@@ -787,6 +799,11 @@ type Config struct {
 	// From Go 1.24, the default includes the [X25519MLKEM768] hybrid
 	// post-quantum key exchange. To disable it, set CurvePreferences explicitly
 	// or use the GODEBUG=tlsmlkem=0 environment variable.
+	//
+	// From Go 1.26, the default includes the [SecP256r1MLKEM768] and
+	// [SecP256r1MLKEM768] hybrid post-quantum key exchanges, too. To disable
+	// them, set CurvePreferences explicitly or use either the
+	// GODEBUG=tlsmlkem=0 or the GODEBUG=tlssecpmlkem=0 environment variable.
 	CurvePreferences []CurveID
 
 	// DynamicRecordSizingDisabled disables adaptive sizing of TLS records.
diff --git a/common_string.go b/common_string.go
index e15dd488..1e868e71 100644
--- a/common_string.go
+++ b/common_string.go
@@ -72,16 +72,19 @@ func _() {
 	_ = x[CurveP521-25]
 	_ = x[X25519-29]
 	_ = x[X25519MLKEM768-4588]
+	_ = x[SecP256r1MLKEM768-4587]
+	_ = x[SecP384r1MLKEM1024-4589]
 }
 
 const (
 	_CurveID_name_0 = "CurveP256CurveP384CurveP521"
 	_CurveID_name_1 = "X25519"
-	_CurveID_name_2 = "X25519MLKEM768"
+	_CurveID_name_2 = "SecP256r1MLKEM768X25519MLKEM768SecP384r1MLKEM1024"
 )
 
 var (
 	_CurveID_index_0 = [...]uint8{0, 9, 18, 27}
+	_CurveID_index_2 = [...]uint8{0, 17, 31, 49}
 )
 
 func (i CurveID) String() string {
@@ -91,8 +94,9 @@ func (i CurveID) String() string {
 		return _CurveID_name_0[_CurveID_index_0[i]:_CurveID_index_0[i+1]]
 	case i == 29:
 		return _CurveID_name_1
-	case i == 4588:
-		return _CurveID_name_2
+	case 4587 <= i && i <= 4589:
+		i -= 4587
+		return _CurveID_name_2[_CurveID_index_2[i]:_CurveID_index_2[i+1]]
 	default:
 		return "CurveID(" + strconv.FormatInt(int64(i), 10) + ")"
 	}
diff --git a/defaults.go b/defaults.go
index 489a2750..8de8d7e0 100644
--- a/defaults.go
+++ b/defaults.go
@@ -14,14 +14,24 @@ import (
 // them to apply local policies.
 
 var tlsmlkem = godebug.New("tlsmlkem")
+var tlssecpmlkem = godebug.New("tlssecpmlkem")
 
 // defaultCurvePreferences is the default set of supported key exchanges, as
 // well as the preference order.
 func defaultCurvePreferences() []CurveID {
-	if tlsmlkem.Value() == "0" {
+	switch {
+	// tlsmlkem=0 restores the pre-Go 1.24 default.
+	case tlsmlkem.Value() == "0":
 		return []CurveID{X25519, CurveP256, CurveP384, CurveP521}
+	// tlssecpmlkem=0 restores the pre-Go 1.26 default.
+	case tlssecpmlkem.Value() == "0":
+		return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}
+	default:
+		return []CurveID{
+			X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024,
+			X25519, CurveP256, CurveP384, CurveP521,
+		}
 	}
-	return []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521}
 }
 
 // defaultSupportedSignatureAlgorithms returns the signature and hash algorithms that
diff --git a/defaults_fips140.go b/defaults_fips140.go
index 00176795..19132607 100644
--- a/defaults_fips140.go
+++ b/defaults_fips140.go
@@ -32,6 +32,8 @@ var (
 	}
 	allowedCurvePreferencesFIPS = []CurveID{
 		X25519MLKEM768,
+		SecP256r1MLKEM768,
+		SecP384r1MLKEM1024,
 		CurveP256,
 		CurveP384,
 		CurveP521,
diff --git a/fips140_test.go b/fips140_test.go
index 291a19f4..96273c0f 100644
--- a/fips140_test.go
+++ b/fips140_test.go
@@ -43,11 +43,15 @@ func isTLS13CipherSuite(id uint16) bool {
 }
 
 func generateKeyShare(group CurveID) keyShare {
-	key, err := generateECDHEKey(rand.Reader, group)
+	ke, err := keyExchangeForCurveID(group)
 	if err != nil {
 		panic(err)
 	}
-	return keyShare{group: group, data: key.PublicKey().Bytes()}
+	_, shares, err := ke.keyShares(rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+	return shares[0]
 }
 
 func TestFIPSServerProtocolVersion(t *testing.T) {
@@ -132,7 +136,7 @@ func isFIPSCurve(id CurveID) bool {
 	switch id {
 	case CurveP256, CurveP384, CurveP521:
 		return true
-	case X25519MLKEM768:
+	case X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024:
 		// Only for the native module.
 		return !boring.Enabled
 	case X25519:
diff --git a/handshake_client.go b/handshake_client.go
index c739544d..e1ddcb3f 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -11,7 +11,6 @@ import (
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/hpke"
-	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
 	"crypto/rsa"
 	"crypto/subtle"
@@ -142,43 +141,21 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCli
 		if len(hello.supportedCurves) == 0 {
 			return nil, nil, nil, errors.New("tls: no supported elliptic curves for ECDHE")
 		}
+		// Since the order is fixed, the first one is always the one to send a
+		// key share for. All the PQ hybrids sort first, and produce a fallback
+		// ECDH share.
 		curveID := hello.supportedCurves[0]
-		keyShareKeys = &keySharePrivateKeys{curveID: curveID}
-		// Note that if X25519MLKEM768 is supported, it will be first because
-		// the preference order is fixed.
-		if curveID == X25519MLKEM768 {
-			keyShareKeys.ecdhe, err = generateECDHEKey(config.rand(), X25519)
-			if err != nil {
-				return nil, nil, nil, err
-			}
-			seed := make([]byte, mlkem.SeedSize)
-			if _, err := io.ReadFull(config.rand(), seed); err != nil {
-				return nil, nil, nil, err
-			}
-			keyShareKeys.mlkem, err = mlkem.NewDecapsulationKey768(seed)
-			if err != nil {
-				return nil, nil, nil, err
-			}
-			mlkemEncapsulationKey := keyShareKeys.mlkem.EncapsulationKey().Bytes()
-			x25519EphemeralKey := keyShareKeys.ecdhe.PublicKey().Bytes()
-			hello.keyShares = []keyShare{
-				{group: X25519MLKEM768, data: append(mlkemEncapsulationKey, x25519EphemeralKey...)},
-			}
-			// If both X25519MLKEM768 and X25519 are supported, we send both key
-			// shares (as a fallback) and we reuse the same X25519 ephemeral
-			// key, as allowed by draft-ietf-tls-hybrid-design-09, Section 3.2.
-			if slices.Contains(hello.supportedCurves, X25519) {
-				hello.keyShares = append(hello.keyShares, keyShare{group: X25519, data: x25519EphemeralKey})
-			}
-		} else {
-			if _, ok := curveForCurveID(curveID); !ok {
-				return nil, nil, nil, errors.New("tls: CurvePreferences includes unsupported curve")
-			}
-			keyShareKeys.ecdhe, err = generateECDHEKey(config.rand(), curveID)
-			if err != nil {
-				return nil, nil, nil, err
-			}
-			hello.keyShares = []keyShare{{group: curveID, data: keyShareKeys.ecdhe.PublicKey().Bytes()}}
+		ke, err := keyExchangeForCurveID(curveID)
+		if err != nil {
+			return nil, nil, nil, errors.New("tls: CurvePreferences includes unsupported curve")
+		}
+		keyShareKeys, hello.keyShares, err = ke.keyShares(config.rand())
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		// Only send the fallback ECDH share if the corresponding CurveID is enabled.
+		if len(hello.keyShares) == 2 && !slices.Contains(hello.supportedCurves, hello.keyShares[1].group) {
+			hello.keyShares = hello.keyShares[:1]
 		}
 	}
 
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 7018bb23..2912d97f 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -10,7 +10,6 @@ import (
 	"crypto"
 	"crypto/hkdf"
 	"crypto/hmac"
-	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
 	"crypto/rsa"
 	"crypto/subtle"
@@ -320,22 +319,18 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: server sent an unnecessary HelloRetryRequest key_share")
 		}
-		// Note: we don't support selecting X25519MLKEM768 in a HRR, because it
-		// is currently first in preference order, so if it's enabled we'll
-		// always send a key share for it.
-		//
-		// This will have to change once we support multiple hybrid KEMs.
-		if _, ok := curveForCurveID(curveID); !ok {
+		ke, err := keyExchangeForCurveID(curveID)
+		if err != nil {
 			c.sendAlert(alertInternalError)
 			return errors.New("tls: CurvePreferences includes unsupported curve")
 		}
-		key, err := generateECDHEKey(c.config.rand(), curveID)
+		hs.keyShareKeys, hello.keyShares, err = ke.keyShares(c.config.rand())
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err
 		}
-		hs.keyShareKeys = &keySharePrivateKeys{curveID: curveID, ecdhe: key}
-		hello.keyShares = []keyShare{{group: curveID, data: key.PublicKey().Bytes()}}
+		// Do not send the fallback ECDH key share in a HRR response.
+		hello.keyShares = hello.keyShares[:1]
 	}
 
 	if len(hello.pskIdentities) > 0 {
@@ -475,36 +470,16 @@ func (hs *clientHandshakeStateTLS13) processServerHello() error {
 func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
 	c := hs.c
 
-	ecdhePeerData := hs.serverHello.serverShare.data
-	if hs.serverHello.serverShare.group == X25519MLKEM768 {
-		if len(ecdhePeerData) != mlkem.CiphertextSize768+x25519PublicKeySize {
-			c.sendAlert(alertIllegalParameter)
-			return errors.New("tls: invalid server X25519MLKEM768 key share")
-		}
-		ecdhePeerData = hs.serverHello.serverShare.data[mlkem.CiphertextSize768:]
-	}
-	peerKey, err := hs.keyShareKeys.ecdhe.Curve().NewPublicKey(ecdhePeerData)
+	ke, err := keyExchangeForCurveID(hs.serverHello.serverShare.group)
 	if err != nil {
-		c.sendAlert(alertIllegalParameter)
-		return errors.New("tls: invalid server key share")
+		c.sendAlert(alertInternalError)
+		return err
 	}
-	sharedKey, err := hs.keyShareKeys.ecdhe.ECDH(peerKey)
+	sharedKey, err := ke.clientSharedSecret(hs.keyShareKeys, hs.serverHello.serverShare.data)
 	if err != nil {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: invalid server key share")
 	}
-	if hs.serverHello.serverShare.group == X25519MLKEM768 {
-		if hs.keyShareKeys.mlkem == nil {
-			return c.sendAlert(alertInternalError)
-		}
-		ciphertext := hs.serverHello.serverShare.data[:mlkem.CiphertextSize768]
-		mlkemShared, err := hs.keyShareKeys.mlkem.Decapsulate(ciphertext)
-		if err != nil {
-			c.sendAlert(alertIllegalParameter)
-			return errors.New("tls: invalid X25519MLKEM768 server key share")
-		}
-		sharedKey = append(mlkemShared, sharedKey...)
-	}
 	c.curveID = hs.serverHello.serverShare.group
 
 	earlySecret := hs.earlySecret
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index c227371a..11823079 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -11,7 +11,6 @@ import (
 	"crypto/hkdf"
 	"crypto/hmac"
 	"crypto/hpke"
-	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
 	"crypto/rsa"
 	"crypto/tls/internal/fips140tls"
@@ -246,55 +245,16 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
 	}
 	c.curveID = selectedGroup
 
-	ecdhGroup := selectedGroup
-	ecdhData := clientKeyShare.data
-	if selectedGroup == X25519MLKEM768 {
-		ecdhGroup = X25519
-		if len(ecdhData) != mlkem.EncapsulationKeySize768+x25519PublicKeySize {
-			c.sendAlert(alertIllegalParameter)
-			return errors.New("tls: invalid X25519MLKEM768 client key share")
-		}
-		ecdhData = ecdhData[mlkem.EncapsulationKeySize768:]
-	}
-	if _, ok := curveForCurveID(ecdhGroup); !ok {
-		c.sendAlert(alertInternalError)
-		return errors.New("tls: CurvePreferences includes unsupported curve")
-	}
-	key, err := generateECDHEKey(c.config.rand(), ecdhGroup)
+	ke, err := keyExchangeForCurveID(selectedGroup)
 	if err != nil {
 		c.sendAlert(alertInternalError)
-		return err
-	}
-	hs.hello.serverShare = keyShare{group: selectedGroup, data: key.PublicKey().Bytes()}
-	peerKey, err := key.Curve().NewPublicKey(ecdhData)
-	if err != nil {
-		c.sendAlert(alertIllegalParameter)
-		return errors.New("tls: invalid client key share")
+		return errors.New("tls: CurvePreferences includes unsupported curve")
 	}
-	hs.sharedKey, err = key.ECDH(peerKey)
+	hs.sharedKey, hs.hello.serverShare, err = ke.serverSharedSecret(c.config.rand(), clientKeyShare.data)
 	if err != nil {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: invalid client key share")
 	}
-	if selectedGroup == X25519MLKEM768 {
-		k, err := mlkem.NewEncapsulationKey768(clientKeyShare.data[:mlkem.EncapsulationKeySize768])
-		if err != nil {
-			c.sendAlert(alertIllegalParameter)
-			return errors.New("tls: invalid X25519MLKEM768 client key share")
-		}
-		mlkemSharedSecret, ciphertext := k.Encapsulate()
-		// draft-kwiatkowski-tls-ecdhe-mlkem-02, Section 3.1.3: "For
-		// X25519MLKEM768, the shared secret is the concatenation of the ML-KEM
-		// shared secret and the X25519 shared secret. The shared secret is 64
-		// bytes (32 bytes for each part)."
-		hs.sharedKey = append(mlkemSharedSecret, hs.sharedKey...)
-		// draft-kwiatkowski-tls-ecdhe-mlkem-02, Section 3.1.2: "When the
-		// X25519MLKEM768 group is negotiated, the server's key exchange value
-		// is the concatenation of an ML-KEM ciphertext returned from
-		// encapsulation to the client's encapsulation key, and the server's
-		// ephemeral X25519 share."
-		hs.hello.serverShare.data = append(ciphertext, hs.hello.serverShare.data...)
-	}
 
 	selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil)
 	if err != nil {
diff --git a/key_agreement.go b/key_agreement.go
index 88116f94..26f7bd2c 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -159,17 +159,17 @@ func hashForServerKeyExchange(sigType uint8, hashFunc crypto.Hash, version uint1
 type ecdheKeyAgreement struct {
 	version uint16
 	isRSA   bool
-	key     *ecdh.PrivateKey
 
 	// ckx and preMasterSecret are generated in processServerKeyExchange
 	// and returned in generateClientKeyExchange.
 	ckx             *clientKeyExchangeMsg
 	preMasterSecret []byte
 
-	// curveID and signatureAlgorithm are set by processServerKeyExchange and
-	// generateServerKeyExchange.
+	// curveID, signatureAlgorithm, and key are set by processServerKeyExchange
+	// and generateServerKeyExchange.
 	curveID            CurveID
 	signatureAlgorithm SignatureScheme
+	key                *ecdh.PrivateKey
 }
 
 func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
@@ -380,3 +380,29 @@ func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHel
 
 	return ka.preMasterSecret, ka.ckx, nil
 }
+
+// generateECDHEKey returns a PrivateKey that implements Diffie-Hellman
+// according to RFC 8446, Section 4.2.8.2.
+func generateECDHEKey(rand io.Reader, curveID CurveID) (*ecdh.PrivateKey, error) {
+	curve, ok := curveForCurveID(curveID)
+	if !ok {
+		return nil, errors.New("tls: internal error: unsupported curve")
+	}
+
+	return curve.GenerateKey(rand)
+}
+
+func curveForCurveID(id CurveID) (ecdh.Curve, bool) {
+	switch id {
+	case X25519:
+		return ecdh.X25519(), true
+	case CurveP256:
+		return ecdh.P256(), true
+	case CurveP384:
+		return ecdh.P384(), true
+	case CurveP521:
+		return ecdh.P521(), true
+	default:
+		return nil, false
+	}
+}
diff --git a/key_schedule.go b/key_schedule.go
index 1426a276..bfa22449 100644
--- a/key_schedule.go
+++ b/key_schedule.go
@@ -5,10 +5,11 @@
 package tls
 
 import (
+	"crypto"
 	"crypto/ecdh"
 	"crypto/hmac"
-	"crypto/internal/fips140/mlkem"
 	"crypto/internal/fips140/tls13"
+	"crypto/mlkem"
 	"errors"
 	"hash"
 	"io"
@@ -50,35 +51,202 @@ func (c *cipherSuiteTLS13) exportKeyingMaterial(s *tls13.MasterSecret, transcrip
 }
 
 type keySharePrivateKeys struct {
-	curveID CurveID
-	ecdhe   *ecdh.PrivateKey
-	mlkem   *mlkem.DecapsulationKey768
+	ecdhe *ecdh.PrivateKey
+	mlkem crypto.Decapsulator
 }
 
-const x25519PublicKeySize = 32
+// A keyExchange implements a TLS 1.3 KEM.
+type keyExchange interface {
+	// keyShares generates one or two key shares.
+	//
+	// The first one will match the id, the second (if present) reuses the
+	// traditional component of the requested hybrid, as allowed by
+	// draft-ietf-tls-hybrid-design-09, Section 3.2.
+	keyShares(rand io.Reader) (*keySharePrivateKeys, []keyShare, error)
 
-// generateECDHEKey returns a PrivateKey that implements Diffie-Hellman
-// according to RFC 8446, Section 4.2.8.2.
-func generateECDHEKey(rand io.Reader, curveID CurveID) (*ecdh.PrivateKey, error) {
-	curve, ok := curveForCurveID(curveID)
-	if !ok {
-		return nil, errors.New("tls: internal error: unsupported curve")
-	}
+	// serverSharedSecret computes the shared secret and the server's key share.
+	serverSharedSecret(rand io.Reader, clientKeyShare []byte) ([]byte, keyShare, error)
 
-	return curve.GenerateKey(rand)
+	// clientSharedSecret computes the shared secret given the server's key
+	// share and the keys generated by keyShares.
+	clientSharedSecret(priv *keySharePrivateKeys, serverKeyShare []byte) ([]byte, error)
 }
 
-func curveForCurveID(id CurveID) (ecdh.Curve, bool) {
+func keyExchangeForCurveID(id CurveID) (keyExchange, error) {
+	newMLKEMPrivateKey768 := func(b []byte) (crypto.Decapsulator, error) {
+		return mlkem.NewDecapsulationKey768(b)
+	}
+	newMLKEMPrivateKey1024 := func(b []byte) (crypto.Decapsulator, error) {
+		return mlkem.NewDecapsulationKey1024(b)
+	}
+	newMLKEMPublicKey768 := func(b []byte) (crypto.Encapsulator, error) {
+		return mlkem.NewEncapsulationKey768(b)
+	}
+	newMLKEMPublicKey1024 := func(b []byte) (crypto.Encapsulator, error) {
+		return mlkem.NewEncapsulationKey1024(b)
+	}
 	switch id {
 	case X25519:
-		return ecdh.X25519(), true
+		return &ecdhKeyExchange{id, ecdh.X25519()}, nil
 	case CurveP256:
-		return ecdh.P256(), true
+		return &ecdhKeyExchange{id, ecdh.P256()}, nil
 	case CurveP384:
-		return ecdh.P384(), true
+		return &ecdhKeyExchange{id, ecdh.P384()}, nil
 	case CurveP521:
-		return ecdh.P521(), true
+		return &ecdhKeyExchange{id, ecdh.P521()}, nil
+	case X25519MLKEM768:
+		return &hybridKeyExchange{id, ecdhKeyExchange{X25519, ecdh.X25519()},
+			32, mlkem.EncapsulationKeySize768, mlkem.CiphertextSize768,
+			newMLKEMPrivateKey768, newMLKEMPublicKey768}, nil
+	case SecP256r1MLKEM768:
+		return &hybridKeyExchange{id, ecdhKeyExchange{CurveP256, ecdh.P256()},
+			65, mlkem.EncapsulationKeySize768, mlkem.CiphertextSize768,
+			newMLKEMPrivateKey768, newMLKEMPublicKey768}, nil
+	case SecP384r1MLKEM1024:
+		return &hybridKeyExchange{id, ecdhKeyExchange{CurveP384, ecdh.P384()},
+			97, mlkem.EncapsulationKeySize1024, mlkem.CiphertextSize1024,
+			newMLKEMPrivateKey1024, newMLKEMPublicKey1024}, nil
 	default:
-		return nil, false
+		return nil, errors.New("tls: unsupported key exchange")
+	}
+}
+
+type ecdhKeyExchange struct {
+	id    CurveID
+	curve ecdh.Curve
+}
+
+func (ke *ecdhKeyExchange) keyShares(rand io.Reader) (*keySharePrivateKeys, []keyShare, error) {
+	priv, err := ke.curve.GenerateKey(rand)
+	if err != nil {
+		return nil, nil, err
+	}
+	return &keySharePrivateKeys{ecdhe: priv}, []keyShare{{ke.id, priv.PublicKey().Bytes()}}, nil
+}
+
+func (ke *ecdhKeyExchange) serverSharedSecret(rand io.Reader, clientKeyShare []byte) ([]byte, keyShare, error) {
+	key, err := ke.curve.GenerateKey(rand)
+	if err != nil {
+		return nil, keyShare{}, err
+	}
+	peerKey, err := ke.curve.NewPublicKey(clientKeyShare)
+	if err != nil {
+		return nil, keyShare{}, err
+	}
+	sharedKey, err := key.ECDH(peerKey)
+	if err != nil {
+		return nil, keyShare{}, err
+	}
+	return sharedKey, keyShare{ke.id, key.PublicKey().Bytes()}, nil
+}
+
+func (ke *ecdhKeyExchange) clientSharedSecret(priv *keySharePrivateKeys, serverKeyShare []byte) ([]byte, error) {
+	peerKey, err := ke.curve.NewPublicKey(serverKeyShare)
+	if err != nil {
+		return nil, err
+	}
+	sharedKey, err := priv.ecdhe.ECDH(peerKey)
+	if err != nil {
+		return nil, err
+	}
+	return sharedKey, nil
+}
+
+type hybridKeyExchange struct {
+	id   CurveID
+	ecdh ecdhKeyExchange
+
+	ecdhElementSize     int
+	mlkemPublicKeySize  int
+	mlkemCiphertextSize int
+
+	newMLKEMPrivateKey func([]byte) (crypto.Decapsulator, error)
+	newMLKEMPublicKey  func([]byte) (crypto.Encapsulator, error)
+}
+
+func (ke *hybridKeyExchange) keyShares(rand io.Reader) (*keySharePrivateKeys, []keyShare, error) {
+	priv, ecdhShares, err := ke.ecdh.keyShares(rand)
+	if err != nil {
+		return nil, nil, err
+	}
+	seed := make([]byte, mlkem.SeedSize)
+	if _, err := io.ReadFull(rand, seed); err != nil {
+		return nil, nil, err
+	}
+	priv.mlkem, err = ke.newMLKEMPrivateKey(seed)
+	if err != nil {
+		return nil, nil, err
+	}
+	var shareData []byte
+	// For X25519MLKEM768, the ML-KEM-768 encapsulation key comes first.
+	// For SecP256r1MLKEM768 and SecP384r1MLKEM1024, the ECDH share comes first.
+	// See draft-ietf-tls-ecdhe-mlkem-02, Section 4.1.
+	if ke.id == X25519MLKEM768 {
+		shareData = append(priv.mlkem.Encapsulator().Bytes(), ecdhShares[0].data...)
+	} else {
+		shareData = append(ecdhShares[0].data, priv.mlkem.Encapsulator().Bytes()...)
+	}
+	return priv, []keyShare{{ke.id, shareData}, ecdhShares[0]}, nil
+}
+
+func (ke *hybridKeyExchange) serverSharedSecret(rand io.Reader, clientKeyShare []byte) ([]byte, keyShare, error) {
+	if len(clientKeyShare) != ke.ecdhElementSize+ke.mlkemPublicKeySize {
+		return nil, keyShare{}, errors.New("tls: invalid client key share length for hybrid key exchange")
+	}
+	var ecdhShareData, mlkemShareData []byte
+	if ke.id == X25519MLKEM768 {
+		mlkemShareData = clientKeyShare[:ke.mlkemPublicKeySize]
+		ecdhShareData = clientKeyShare[ke.mlkemPublicKeySize:]
+	} else {
+		ecdhShareData = clientKeyShare[:ke.ecdhElementSize]
+		mlkemShareData = clientKeyShare[ke.ecdhElementSize:]
+	}
+	ecdhSharedSecret, ks, err := ke.ecdh.serverSharedSecret(rand, ecdhShareData)
+	if err != nil {
+		return nil, keyShare{}, err
+	}
+	mlkemPeerKey, err := ke.newMLKEMPublicKey(mlkemShareData)
+	if err != nil {
+		return nil, keyShare{}, err
+	}
+	mlkemSharedSecret, mlkemKeyShare := mlkemPeerKey.Encapsulate()
+	var sharedKey []byte
+	if ke.id == X25519MLKEM768 {
+		sharedKey = append(mlkemSharedSecret, ecdhSharedSecret...)
+		ks.data = append(mlkemKeyShare, ks.data...)
+	} else {
+		sharedKey = append(ecdhSharedSecret, mlkemSharedSecret...)
+		ks.data = append(ks.data, mlkemKeyShare...)
+	}
+	ks.group = ke.id
+	return sharedKey, ks, nil
+}
+
+func (ke *hybridKeyExchange) clientSharedSecret(priv *keySharePrivateKeys, serverKeyShare []byte) ([]byte, error) {
+	if len(serverKeyShare) != ke.ecdhElementSize+ke.mlkemCiphertextSize {
+		return nil, errors.New("tls: invalid server key share length for hybrid key exchange")
+	}
+	var ecdhShareData, mlkemShareData []byte
+	if ke.id == X25519MLKEM768 {
+		mlkemShareData = serverKeyShare[:ke.mlkemCiphertextSize]
+		ecdhShareData = serverKeyShare[ke.mlkemCiphertextSize:]
+	} else {
+		ecdhShareData = serverKeyShare[:ke.ecdhElementSize]
+		mlkemShareData = serverKeyShare[ke.ecdhElementSize:]
+	}
+	ecdhSharedSecret, err := ke.ecdh.clientSharedSecret(priv, ecdhShareData)
+	if err != nil {
+		return nil, err
+	}
+	mlkemSharedSecret, err := priv.mlkem.Decapsulate(mlkemShareData)
+	if err != nil {
+		return nil, err
+	}
+	var sharedKey []byte
+	if ke.id == X25519MLKEM768 {
+		sharedKey = append(mlkemSharedSecret, ecdhSharedSecret...)
+	} else {
+		sharedKey = append(ecdhSharedSecret, mlkemSharedSecret...)
 	}
+	return sharedKey, nil
 }
diff --git a/tls_test.go b/tls_test.go
index 6905f539..af2828fd 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -11,6 +11,7 @@ import (
 	"crypto/ecdh"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/internal/boring"
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
 	"crypto/x509"
@@ -1964,84 +1965,134 @@ func testVerifyCertificates(t *testing.T, version uint16) {
 }
 
 func TestHandshakeMLKEM(t *testing.T) {
-	skipFIPS(t) // No X25519MLKEM768 in FIPS
+	if boring.Enabled && fips140tls.Required() {
+		t.Skip("ML-KEM not supported in BoringCrypto FIPS mode")
+	}
+	defaultWithPQ := []CurveID{X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024,
+		X25519, CurveP256, CurveP384, CurveP521}
+	defaultWithoutPQ := []CurveID{X25519, CurveP256, CurveP384, CurveP521}
 	var tests = []struct {
-		name                string
-		clientConfig        func(*Config)
-		serverConfig        func(*Config)
-		preparation         func(*testing.T)
-		expectClientSupport bool
-		expectMLKEM         bool
-		expectHRR           bool
+		name           string
+		clientConfig   func(*Config)
+		serverConfig   func(*Config)
+		preparation    func(*testing.T)
+		expectClient   []CurveID
+		expectSelected CurveID
+		expectHRR      bool
 	}{
 		{
-			name:                "Default",
-			expectClientSupport: true,
-			expectMLKEM:         true,
-			expectHRR:           false,
+			name:           "Default",
+			expectClient:   defaultWithPQ,
+			expectSelected: X25519MLKEM768,
 		},
 		{
 			name: "ClientCurvePreferences",
 			clientConfig: func(config *Config) {
 				config.CurvePreferences = []CurveID{X25519}
 			},
-			expectClientSupport: false,
+			expectClient:   []CurveID{X25519},
+			expectSelected: X25519,
 		},
 		{
 			name: "ServerCurvePreferencesX25519",
 			serverConfig: func(config *Config) {
 				config.CurvePreferences = []CurveID{X25519}
 			},
-			expectClientSupport: true,
-			expectMLKEM:         false,
-			expectHRR:           false,
+			expectClient:   defaultWithPQ,
+			expectSelected: X25519,
 		},
 		{
 			name: "ServerCurvePreferencesHRR",
 			serverConfig: func(config *Config) {
 				config.CurvePreferences = []CurveID{CurveP256}
 			},
-			expectClientSupport: true,
-			expectMLKEM:         false,
-			expectHRR:           true,
+			expectClient:   defaultWithPQ,
+			expectSelected: CurveP256,
+			expectHRR:      true,
+		},
+		{
+			name: "SecP256r1MLKEM768-Only",
+			clientConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{SecP256r1MLKEM768}
+			},
+			expectClient:   []CurveID{SecP256r1MLKEM768},
+			expectSelected: SecP256r1MLKEM768,
+		},
+		{
+			name: "SecP256r1MLKEM768-HRR",
+			serverConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{SecP256r1MLKEM768, CurveP256}
+			},
+			expectClient:   defaultWithPQ,
+			expectSelected: SecP256r1MLKEM768,
+			expectHRR:      true,
+		},
+		{
+			name: "SecP384r1MLKEM1024",
+			clientConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{SecP384r1MLKEM1024, CurveP384}
+			},
+			expectClient:   []CurveID{SecP384r1MLKEM1024, CurveP384},
+			expectSelected: SecP384r1MLKEM1024,
+		},
+		{
+			name: "CurveP256NoHRR",
+			clientConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{SecP256r1MLKEM768, CurveP256}
+			},
+			serverConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{CurveP256}
+			},
+			expectClient:   []CurveID{SecP256r1MLKEM768, CurveP256},
+			expectSelected: CurveP256,
 		},
 		{
 			name: "ClientMLKEMOnly",
 			clientConfig: func(config *Config) {
 				config.CurvePreferences = []CurveID{X25519MLKEM768}
 			},
-			expectClientSupport: true,
-			expectMLKEM:         true,
+			expectClient:   []CurveID{X25519MLKEM768},
+			expectSelected: X25519MLKEM768,
 		},
 		{
 			name: "ClientSortedCurvePreferences",
 			clientConfig: func(config *Config) {
 				config.CurvePreferences = []CurveID{CurveP256, X25519MLKEM768}
 			},
-			expectClientSupport: true,
-			expectMLKEM:         true,
+			expectClient:   []CurveID{X25519MLKEM768, CurveP256},
+			expectSelected: X25519MLKEM768,
 		},
 		{
 			name: "ClientTLSv12",
 			clientConfig: func(config *Config) {
 				config.MaxVersion = VersionTLS12
 			},
-			expectClientSupport: false,
+			expectClient:   defaultWithoutPQ,
+			expectSelected: X25519,
 		},
 		{
 			name: "ServerTLSv12",
 			serverConfig: func(config *Config) {
 				config.MaxVersion = VersionTLS12
 			},
-			expectClientSupport: true,
-			expectMLKEM:         false,
+			expectClient:   defaultWithPQ,
+			expectSelected: X25519,
 		},
 		{
-			name: "GODEBUG",
+			name: "GODEBUG tlsmlkem=0",
 			preparation: func(t *testing.T) {
 				t.Setenv("GODEBUG", "tlsmlkem=0")
 			},
-			expectClientSupport: false,
+			expectClient:   defaultWithoutPQ,
+			expectSelected: X25519,
+		},
+		{
+			name: "GODEBUG tlssecpmlkem=0",
+			preparation: func(t *testing.T) {
+				t.Setenv("GODEBUG", "tlssecpmlkem=0")
+			},
+			expectClient:   []CurveID{X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521},
+			expectSelected: X25519MLKEM768,
 		},
 	}
 
@@ -2049,6 +2100,9 @@ func TestHandshakeMLKEM(t *testing.T) {
 	baseConfig.CurvePreferences = nil
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
+			if fips140tls.Required() && test.expectSelected == X25519 {
+				t.Skip("X25519 not supported in FIPS mode")
+			}
 			if test.preparation != nil {
 				test.preparation(t)
 			} else {
@@ -2059,10 +2113,12 @@ func TestHandshakeMLKEM(t *testing.T) {
 				test.serverConfig(serverConfig)
 			}
 			serverConfig.GetConfigForClient = func(hello *ClientHelloInfo) (*Config, error) {
-				if !test.expectClientSupport && slices.Contains(hello.SupportedCurves, X25519MLKEM768) {
-					return nil, errors.New("client supports X25519MLKEM768")
-				} else if test.expectClientSupport && !slices.Contains(hello.SupportedCurves, X25519MLKEM768) {
-					return nil, errors.New("client does not support X25519MLKEM768")
+				expectClient := slices.Clone(test.expectClient)
+				expectClient = slices.DeleteFunc(expectClient, func(c CurveID) bool {
+					return fips140tls.Required() && c == X25519
+				})
+				if !slices.Equal(hello.SupportedCurves, expectClient) {
+					t.Errorf("got client curves %v, expected %v", hello.SupportedCurves, expectClient)
 				}
 				return nil, nil
 			}
@@ -2074,20 +2130,11 @@ func TestHandshakeMLKEM(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			if test.expectMLKEM {
-				if ss.CurveID != X25519MLKEM768 {
-					t.Errorf("got CurveID %v (server), expected %v", ss.CurveID, X25519MLKEM768)
-				}
-				if cs.CurveID != X25519MLKEM768 {
-					t.Errorf("got CurveID %v (client), expected %v", cs.CurveID, X25519MLKEM768)
-				}
-			} else {
-				if ss.CurveID == X25519MLKEM768 {
-					t.Errorf("got CurveID %v (server), expected not X25519MLKEM768", ss.CurveID)
-				}
-				if cs.CurveID == X25519MLKEM768 {
-					t.Errorf("got CurveID %v (client), expected not X25519MLKEM768", cs.CurveID)
-				}
+			if ss.CurveID != test.expectSelected {
+				t.Errorf("server selected curve %v, expected %v", ss.CurveID, test.expectSelected)
+			}
+			if cs.CurveID != test.expectSelected {
+				t.Errorf("client selected curve %v, expected %v", cs.CurveID, test.expectSelected)
 			}
 			if test.expectHRR {
 				if !ss.HelloRetryRequest {

From 8d0df07d7747f71fae2588b83d13da0c1b6168b4 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 26 Nov 2025 21:11:35 +0100
Subject: [PATCH 80/95] crypto/tls: support crypto.MessageSigner private keys

Fixes #75656

Change-Id: I6bc71c80973765ef995d17b1450ea2026a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/724820
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
---
 auth.go                   |  58 +++++++++++++++------
 common.go                 |   7 ++-
 handshake_client.go       |  36 +++++++------
 handshake_client_tls13.go |   6 +--
 handshake_server.go       |  18 +++++--
 handshake_server_tls13.go |   6 +--
 key_agreement.go          | 107 ++++++++++++++++++--------------------
 prf.go                    |  20 ++-----
 tls_test.go               |  71 +++++++++++++++++++++++++
 9 files changed, 212 insertions(+), 117 deletions(-)

diff --git a/auth.go b/auth.go
index 7169e471..1b26dd50 100644
--- a/auth.go
+++ b/auth.go
@@ -18,9 +18,13 @@ import (
 	"slices"
 )
 
-// verifyHandshakeSignature verifies a signature against pre-hashed
-// (if required) handshake contents.
+// verifyHandshakeSignature verifies a signature against unhashed handshake contents.
 func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc crypto.Hash, signed, sig []byte) error {
+	if hashFunc != directSigning {
+		h := hashFunc.New()
+		h.Write(signed)
+		signed = h.Sum(nil)
+	}
 	switch sigType {
 	case signatureECDSA:
 		pubKey, ok := pubkey.(*ecdsa.PublicKey)
@@ -61,6 +65,32 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 	return nil
 }
 
+// verifyLegacyHandshakeSignature verifies a TLS 1.0 and 1.1 signature against
+// pre-hashed handshake contents.
+func verifyLegacyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc crypto.Hash, hashed, sig []byte) error {
+	switch sigType {
+	case signatureECDSA:
+		pubKey, ok := pubkey.(*ecdsa.PublicKey)
+		if !ok {
+			return fmt.Errorf("expected an ECDSA public key, got %T", pubkey)
+		}
+		if !ecdsa.VerifyASN1(pubKey, hashed, sig) {
+			return errors.New("ECDSA verification failure")
+		}
+	case signaturePKCS1v15:
+		pubKey, ok := pubkey.(*rsa.PublicKey)
+		if !ok {
+			return fmt.Errorf("expected an RSA public key, got %T", pubkey)
+		}
+		if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, hashed, sig); err != nil {
+			return err
+		}
+	default:
+		return errors.New("internal error: unknown signature type")
+	}
+	return nil
+}
+
 const (
 	serverSignatureContext = "TLS 1.3, server CertificateVerify\x00"
 	clientSignatureContext = "TLS 1.3, client CertificateVerify\x00"
@@ -77,21 +107,15 @@ var signaturePadding = []byte{
 	0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
 }
 
-// signedMessage returns the pre-hashed (if necessary) message to be signed by
-// certificate keys in TLS 1.3. See RFC 8446, Section 4.4.3.
-func signedMessage(sigHash crypto.Hash, context string, transcript hash.Hash) []byte {
-	if sigHash == directSigning {
-		b := &bytes.Buffer{}
-		b.Write(signaturePadding)
-		io.WriteString(b, context)
-		b.Write(transcript.Sum(nil))
-		return b.Bytes()
-	}
-	h := sigHash.New()
-	h.Write(signaturePadding)
-	io.WriteString(h, context)
-	h.Write(transcript.Sum(nil))
-	return h.Sum(nil)
+// signedMessage returns the (unhashed) message to be signed by certificate keys
+// in TLS 1.3. See RFC 8446, Section 4.4.3.
+func signedMessage(context string, transcript hash.Hash) []byte {
+	const maxSize = 64 /* signaturePadding */ + len(serverSignatureContext) + 512/8 /* SHA-512 */
+	b := bytes.NewBuffer(make([]byte, 0, maxSize))
+	b.Write(signaturePadding)
+	io.WriteString(b, context)
+	b.Write(transcript.Sum(nil))
+	return b.Bytes()
 }
 
 // typeAndHashFromSignatureScheme returns the corresponding signature type and
diff --git a/common.go b/common.go
index 993cfaf7..099a11ca 100644
--- a/common.go
+++ b/common.go
@@ -1597,9 +1597,14 @@ var writerMutex sync.Mutex
 type Certificate struct {
 	Certificate [][]byte
 	// PrivateKey contains the private key corresponding to the public key in
-	// Leaf. This must implement crypto.Signer with an RSA, ECDSA or Ed25519 PublicKey.
+	// Leaf. This must implement [crypto.Signer] with an RSA, ECDSA or Ed25519
+	// PublicKey.
+	//
 	// For a server up to TLS 1.2, it can also implement crypto.Decrypter with
 	// an RSA PublicKey.
+	//
+	// If it implements [crypto.MessageSigner], SignMessage will be used instead
+	// of Sign for TLS 1.2 and later.
 	PrivateKey crypto.PrivateKey
 	// SupportedSignatureAlgorithms is an optional list restricting what
 	// signature algorithms the PrivateKey can be used for.
diff --git a/handshake_client.go b/handshake_client.go
index e1ddcb3f..c2b1b703 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -781,15 +781,13 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 			return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey)
 		}
 
-		var sigType uint8
-		var sigHash crypto.Hash
 		if c.vers >= VersionTLS12 {
 			signatureAlgorithm, err := selectSignatureScheme(c.vers, chainToSend, certReq.supportedSignatureAlgorithms)
 			if err != nil {
 				c.sendAlert(alertHandshakeFailure)
 				return err
 			}
-			sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
+			sigType, sigHash, err := typeAndHashFromSignatureScheme(signatureAlgorithm)
 			if err != nil {
 				return c.sendAlert(alertInternalError)
 			}
@@ -799,23 +797,31 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 				tlssha1.Value() // ensure godebug is initialized
 				tlssha1.IncNonDefault()
 			}
+			if hs.finishedHash.buffer == nil {
+				c.sendAlert(alertInternalError)
+				return errors.New("tls: internal error: did not keep handshake transcript for TLS 1.2")
+			}
+			signOpts := crypto.SignerOpts(sigHash)
+			if sigType == signatureRSAPSS {
+				signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
+			}
+			certVerify.signature, err = crypto.SignMessage(key, c.config.rand(), hs.finishedHash.buffer, signOpts)
+			if err != nil {
+				c.sendAlert(alertInternalError)
+				return err
+			}
 		} else {
-			sigType, sigHash, err = legacyTypeAndHashFromPublicKey(key.Public())
+			sigType, sigHash, err := legacyTypeAndHashFromPublicKey(key.Public())
 			if err != nil {
 				c.sendAlert(alertIllegalParameter)
 				return err
 			}
-		}
-
-		signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash)
-		signOpts := crypto.SignerOpts(sigHash)
-		if sigType == signatureRSAPSS {
-			signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
-		}
-		certVerify.signature, err = key.Sign(c.config.rand(), signed, signOpts)
-		if err != nil {
-			c.sendAlert(alertInternalError)
-			return err
+			signed := hs.finishedHash.hashForClientCertificate(sigType)
+			certVerify.signature, err = key.Sign(c.config.rand(), signed, sigHash)
+			if err != nil {
+				c.sendAlert(alertInternalError)
+				return err
+			}
 		}
 
 		if _, err := hs.c.writeHandshakeRecord(certVerify, &hs.finishedHash); err != nil {
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 2912d97f..e696bd3a 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -664,7 +664,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 	if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
 		return c.sendAlert(alertInternalError)
 	}
-	signed := signedMessage(sigHash, serverSignatureContext, hs.transcript)
+	signed := signedMessage(serverSignatureContext, hs.transcript)
 	if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
 		sigHash, signed, certVerify.signature); err != nil {
 		c.sendAlert(alertDecryptError)
@@ -783,12 +783,12 @@ func (hs *clientHandshakeStateTLS13) sendClientCertificate() error {
 		return c.sendAlert(alertInternalError)
 	}
 
-	signed := signedMessage(sigHash, clientSignatureContext, hs.transcript)
+	signed := signedMessage(clientSignatureContext, hs.transcript)
 	signOpts := crypto.SignerOpts(sigHash)
 	if sigType == signatureRSAPSS {
 		signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
 	}
-	sig, err := cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts)
+	sig, err := crypto.SignMessage(cert.PrivateKey.(crypto.Signer), c.config.rand(), signed, signOpts)
 	if err != nil {
 		c.sendAlert(alertInternalError)
 		return errors.New("tls: failed to sign handshake: " + err.Error())
diff --git a/handshake_server.go b/handshake_server.go
index 2d3efffc..efdaeae6 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -780,19 +780,27 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 				tlssha1.Value() // ensure godebug is initialized
 				tlssha1.IncNonDefault()
 			}
+			if hs.finishedHash.buffer == nil {
+				c.sendAlert(alertInternalError)
+				return errors.New("tls: internal error: did not keep handshake transcript for TLS 1.2")
+			}
+			if err := verifyHandshakeSignature(sigType, pub, sigHash, hs.finishedHash.buffer, certVerify.signature); err != nil {
+				c.sendAlert(alertDecryptError)
+				return errors.New("tls: invalid signature by the client certificate: " + err.Error())
+			}
 		} else {
 			sigType, sigHash, err = legacyTypeAndHashFromPublicKey(pub)
 			if err != nil {
 				c.sendAlert(alertIllegalParameter)
 				return err
 			}
+			signed := hs.finishedHash.hashForClientCertificate(sigType)
+			if err := verifyLegacyHandshakeSignature(sigType, pub, sigHash, signed, certVerify.signature); err != nil {
+				c.sendAlert(alertDecryptError)
+				return errors.New("tls: invalid signature by the client certificate: " + err.Error())
+			}
 		}
 
-		signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash)
-		if err := verifyHandshakeSignature(sigType, pub, sigHash, signed, certVerify.signature); err != nil {
-			c.sendAlert(alertDecryptError)
-			return errors.New("tls: invalid signature by the client certificate: " + err.Error())
-		}
 		c.peerSigAlg = certVerify.signatureAlgorithm
 
 		if err := transcriptMsg(certVerify, &hs.finishedHash); err != nil {
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 11823079..3bed1359 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -845,12 +845,12 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
 		return c.sendAlert(alertInternalError)
 	}
 
-	signed := signedMessage(sigHash, serverSignatureContext, hs.transcript)
+	signed := signedMessage(serverSignatureContext, hs.transcript)
 	signOpts := crypto.SignerOpts(sigHash)
 	if sigType == signatureRSAPSS {
 		signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
 	}
-	sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts)
+	sig, err := crypto.SignMessage(hs.cert.PrivateKey.(crypto.Signer), c.config.rand(), signed, signOpts)
 	if err != nil {
 		public := hs.cert.PrivateKey.(crypto.Signer).Public()
 		if rsaKey, ok := public.(*rsa.PublicKey); ok && sigType == signatureRSAPSS &&
@@ -1081,7 +1081,7 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
 		if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
 			return c.sendAlert(alertInternalError)
 		}
-		signed := signedMessage(sigHash, clientSignatureContext, hs.transcript)
+		signed := signedMessage(clientSignatureContext, hs.transcript)
 		if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
 			sigHash, signed, certVerify.signature); err != nil {
 			c.sendAlert(alertDecryptError)
diff --git a/key_agreement.go b/key_agreement.go
index 26f7bd2c..ad2be5dd 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -127,25 +127,8 @@ func md5SHA1Hash(slices [][]byte) []byte {
 }
 
 // hashForServerKeyExchange hashes the given slices and returns their digest
-// using the given hash function (for TLS 1.2) or using a default based on
-// the sigType (for earlier TLS versions). For Ed25519 signatures, which don't
-// do pre-hashing, it returns the concatenation of the slices.
-func hashForServerKeyExchange(sigType uint8, hashFunc crypto.Hash, version uint16, slices ...[]byte) []byte {
-	if sigType == signatureEd25519 {
-		var signed []byte
-		for _, slice := range slices {
-			signed = append(signed, slice...)
-		}
-		return signed
-	}
-	if version >= VersionTLS12 {
-		h := hashFunc.New()
-		for _, slice := range slices {
-			h.Write(slice)
-		}
-		digest := h.Sum(nil)
-		return digest
-	}
+// using a hash based on the sigType. It can only be used for TLS 1.0 and 1.1.
+func hashForServerKeyExchange(sigType uint8, slices ...[]byte) []byte {
 	if sigType == signatureECDSA {
 		return sha1Hash(slices)
 	}
@@ -207,14 +190,13 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 		return nil, fmt.Errorf("tls: certificate private key of type %T does not implement crypto.Signer", cert.PrivateKey)
 	}
 
-	var sigType uint8
-	var sigHash crypto.Hash
+	var sig []byte
 	if ka.version >= VersionTLS12 {
 		ka.signatureAlgorithm, err = selectSignatureScheme(ka.version, cert, clientHello.supportedSignatureAlgorithms)
 		if err != nil {
 			return nil, err
 		}
-		sigType, sigHash, err = typeAndHashFromSignatureScheme(ka.signatureAlgorithm)
+		sigType, sigHash, err := typeAndHashFromSignatureScheme(ka.signatureAlgorithm)
 		if err != nil {
 			return nil, err
 		}
@@ -222,25 +204,31 @@ func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Cer
 			tlssha1.Value() // ensure godebug is initialized
 			tlssha1.IncNonDefault()
 		}
+		signed := slices.Concat(clientHello.random, hello.random, serverECDHEParams)
+		if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA {
+			return nil, errors.New("tls: certificate cannot be used with the selected cipher suite")
+		}
+		signOpts := crypto.SignerOpts(sigHash)
+		if sigType == signatureRSAPSS {
+			signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
+		}
+		sig, err = crypto.SignMessage(priv, config.rand(), signed, signOpts)
+		if err != nil {
+			return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error())
+		}
 	} else {
-		sigType, sigHash, err = legacyTypeAndHashFromPublicKey(priv.Public())
+		sigType, sigHash, err := legacyTypeAndHashFromPublicKey(priv.Public())
 		if err != nil {
 			return nil, err
 		}
-	}
-	if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA {
-		return nil, errors.New("tls: certificate cannot be used with the selected cipher suite")
-	}
-
-	signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, hello.random, serverECDHEParams)
-
-	signOpts := crypto.SignerOpts(sigHash)
-	if sigType == signatureRSAPSS {
-		signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
-	}
-	sig, err := priv.Sign(config.rand(), signed, signOpts)
-	if err != nil {
-		return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error())
+		signed := hashForServerKeyExchange(sigType, clientHello.random, hello.random, serverECDHEParams)
+		if (sigType == signaturePKCS1v15) != ka.isRSA {
+			return nil, errors.New("tls: certificate cannot be used with the selected cipher suite")
+		}
+		sig, err = priv.Sign(config.rand(), signed, sigHash)
+		if err != nil {
+			return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error())
+		}
 	}
 
 	skx := new(serverKeyExchangeMsg)
@@ -300,6 +288,18 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 	if len(sig) < 2 {
 		return errServerKeyExchange
 	}
+	if ka.version >= VersionTLS12 {
+		ka.signatureAlgorithm = SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
+		sig = sig[2:]
+		if len(sig) < 2 {
+			return errServerKeyExchange
+		}
+	}
+	sigLen := int(sig[0])<<8 | int(sig[1])
+	if sigLen+2 != len(sig) {
+		return errServerKeyExchange
+	}
+	sig = sig[2:]
 
 	if !slices.Contains(clientHello.supportedCurves, ka.curveID) {
 		return errors.New("tls: server selected unoffered curve")
@@ -333,12 +333,6 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 	var sigType uint8
 	var sigHash crypto.Hash
 	if ka.version >= VersionTLS12 {
-		ka.signatureAlgorithm = SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
-		sig = sig[2:]
-		if len(sig) < 2 {
-			return errServerKeyExchange
-		}
-
 		if !isSupportedSignatureAlgorithm(ka.signatureAlgorithm, clientHello.supportedSignatureAlgorithms) {
 			return errors.New("tls: certificate used with invalid signature algorithm")
 		}
@@ -350,26 +344,27 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
 			tlssha1.Value() // ensure godebug is initialized
 			tlssha1.IncNonDefault()
 		}
+		if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA {
+			return errServerKeyExchange
+		}
+		signed := slices.Concat(clientHello.random, serverHello.random, serverECDHEParams)
+		if err := verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); err != nil {
+			return errors.New("tls: invalid signature by the server certificate: " + err.Error())
+		}
 	} else {
 		sigType, sigHash, err = legacyTypeAndHashFromPublicKey(cert.PublicKey)
 		if err != nil {
 			return err
 		}
+		if (sigType == signaturePKCS1v15) != ka.isRSA {
+			return errServerKeyExchange
+		}
+		signed := hashForServerKeyExchange(sigType, clientHello.random, serverHello.random, serverECDHEParams)
+		if err := verifyLegacyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); err != nil {
+			return errors.New("tls: invalid signature by the server certificate: " + err.Error())
+		}
 	}
-	if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA {
-		return errServerKeyExchange
-	}
-
-	sigLen := int(sig[0])<<8 | int(sig[1])
-	if sigLen+2 != len(sig) {
-		return errServerKeyExchange
-	}
-	sig = sig[2:]
 
-	signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams)
-	if err := verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); err != nil {
-		return errors.New("tls: invalid signature by the server certificate: " + err.Error())
-	}
 	return nil
 }
 
diff --git a/prf.go b/prf.go
index e7369542..19f80ac2 100644
--- a/prf.go
+++ b/prf.go
@@ -221,23 +221,9 @@ func (h finishedHash) serverSum(masterSecret []byte) []byte {
 	return h.prf(masterSecret, serverFinishedLabel, h.Sum(), finishedVerifyLength)
 }
 
-// hashForClientCertificate returns the handshake messages so far, pre-hashed if
-// necessary, suitable for signing by a TLS client certificate.
-func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash) []byte {
-	if (h.version >= VersionTLS12 || sigType == signatureEd25519) && h.buffer == nil {
-		panic("tls: handshake hash for a client certificate requested after discarding the handshake buffer")
-	}
-
-	if sigType == signatureEd25519 {
-		return h.buffer
-	}
-
-	if h.version >= VersionTLS12 {
-		hash := hashAlg.New()
-		hash.Write(h.buffer)
-		return hash.Sum(nil)
-	}
-
+// hashForClientCertificate returns the handshake messages so far, pre-hashed,
+// suitable for signing by a TLS 1.0 and 1.1 client certificate.
+func (h finishedHash) hashForClientCertificate(sigType uint8) []byte {
 	if sigType == signatureECDSA {
 		return h.server.Sum(nil)
 	}
diff --git a/tls_test.go b/tls_test.go
index af2828fd..39ebb9d2 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -2390,3 +2390,74 @@ func TestECH(t *testing.T) {
 
 	check()
 }
+
+func TestMessageSigner(t *testing.T) {
+	t.Run("TLSv10", func(t *testing.T) { testMessageSigner(t, VersionTLS10) })
+	t.Run("TLSv12", func(t *testing.T) { testMessageSigner(t, VersionTLS12) })
+	t.Run("TLSv13", func(t *testing.T) { testMessageSigner(t, VersionTLS13) })
+}
+
+func testMessageSigner(t *testing.T, version uint16) {
+	clientConfig, serverConfig := testConfig.Clone(), testConfig.Clone()
+	serverConfig.ClientAuth = RequireAnyClientCert
+	clientConfig.MinVersion = version
+	clientConfig.MaxVersion = version
+	serverConfig.MinVersion = version
+	serverConfig.MaxVersion = version
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{testRSACertificate},
+		PrivateKey:  messageOnlySigner{testRSAPrivateKey},
+	}}
+	serverConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{testRSACertificate},
+		PrivateKey:  messageOnlySigner{testRSAPrivateKey},
+	}}
+
+	_, _, err := testHandshake(t, clientConfig, serverConfig)
+	if version < VersionTLS12 {
+		if err == nil {
+			t.Fatal("expected failure for TLS 1.0/1.1")
+		}
+	} else {
+		if err != nil {
+			t.Fatalf("unexpected failure: %s", err)
+		}
+	}
+
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{testECDSACertificate},
+		PrivateKey:  messageOnlySigner{testECDSAPrivateKey},
+	}}
+	serverConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{testECDSACertificate},
+		PrivateKey:  messageOnlySigner{testECDSAPrivateKey},
+	}}
+
+	_, _, err = testHandshake(t, clientConfig, serverConfig)
+	if version < VersionTLS12 {
+		if err == nil {
+			t.Fatal("expected failure for TLS 1.0/1.1")
+		}
+	} else {
+		if err != nil {
+			t.Fatalf("unexpected failure: %s", err)
+		}
+	}
+}
+
+type messageOnlySigner struct{ crypto.Signer }
+
+func (s messageOnlySigner) Public() crypto.PublicKey {
+	return s.Signer.Public()
+}
+
+func (s messageOnlySigner) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+	return nil, errors.New("messageOnlySigner: Sign called")
+}
+
+func (s messageOnlySigner) SignMessage(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+	h := opts.HashFunc().New()
+	h.Write(msg)
+	digest := h.Sum(nil)
+	return s.Signer.Sign(rand, digest, opts)
+}

From de648139eba245b7c87adb2a5b641756e3fb1289 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 15 Sep 2025 18:58:04 +0200
Subject: [PATCH 81/95] crypto,testing/cryptotest: ignore random io.Reader
 params, add SetGlobalRandom

First, we centralize all random bytes generation through drbg.Read. The
rest of the FIPS 140-3 module can't use external functions anyway, so
drbg.Read needs to have all the logic.

Then, make sure that the crypto/... tree uses drbg.Read (or the new
crypto/internal/rand.Reader wrapper) instead of crypto/rand, so it is
unaffected by applications setting crypto/rand.Reader.

Next, pass all unspecified random io.Reader parameters through the new
crypto/internal/rand.CustomReader, which just redirects to drbg.Read
unless GODEBUG=cryptocustomrand=1 is set. Move all the calls to
MaybeReadByte there, since it's only needed for these custom Readers.

Finally, add testing/cryptotest.SetGlobalRandom which sets
crypto/rand.Reader to a locked deterministic source and overrides
drbg.Read. This way SetGlobalRandom should affect all cryptographic
randomness in the standard library.

Fixes #70942

Co-authored-by: qiulaidongfeng <2645477756@qq.com>
Change-Id: I6a6a69641311d9fac318abcc6d79677f0e406100
Reviewed-on: https://go-review.googlesource.com/c/go/+/724480
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_test.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/handshake_test.go b/handshake_test.go
index 3e2c5663..6e15459a 100644
--- a/handshake_test.go
+++ b/handshake_test.go
@@ -448,6 +448,10 @@ func runMain(m *testing.M) int {
 		os.Exit(1)
 	}
 
+	// TODO(filippo): deprecate Config.Rand, and regenerate handshake recordings
+	// to use cryptotest.SetGlobalRandom instead.
+	os.Setenv("GODEBUG", "cryptocustomrand=1,"+os.Getenv("GODEBUG"))
+
 	testConfig = &Config{
 		Time:               func() time.Time { return time.Unix(0, 0) },
 		Rand:               zeroSource{},

From a3557b1a93f600754b30d8c8317f30d5df446b9b Mon Sep 17 00:00:00 2001
From: cuishuang <imcusg@gmail.com>
Date: Thu, 4 Dec 2025 11:39:53 +0800
Subject: [PATCH 82/95] all: fix some comment issues

Change-Id: I5dec35b1432705b3a52859c38e758220282226af
Reviewed-on: https://go-review.googlesource.com/c/go/+/726700
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---
 ticket.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ticket.go b/ticket.go
index c56898c6..11f7efde 100644
--- a/ticket.go
+++ b/ticket.go
@@ -81,7 +81,7 @@ type SessionState struct {
 	version     uint16
 	isClient    bool
 	cipherSuite uint16
-	// createdAt is the generation time of the secret on the sever (which for
+	// createdAt is the generation time of the secret on the server (which for
 	// TLS 1.0–1.2 might be earlier than the current session) and the time at
 	// which the ticket was received on the client.
 	createdAt        uint64 // seconds since UNIX epoch

From 07eb9d4d677790bf32ffe811f7f8ca21cf3a313c Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 9 Dec 2025 14:46:57 +0100
Subject: [PATCH 83/95] crypto: clean up subprocess-spawning tests

Consistently use testenv.Command and testenv.Executable, avoid redundant
testenv.Must, use testenv.CleanCmdEnv where the output is parsed, always
log the output with a preceding newline, invoke tests with -v, and
always use cmd.Environ() to preserve existing env.

Change-Id: I647ff1a8b7d162e5e8df9424030fac446a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728641
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---
 bogo_shim_test.go |  6 +-----
 link_test.go      | 13 +++++--------
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index a14386a6..1b5fc49c 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -542,7 +542,6 @@ func orderlyShutdown(tlsConn *Conn) {
 }
 
 func TestBogoSuite(t *testing.T) {
-	testenv.MustHaveGoBuild(t)
 	if testing.Short() {
 		t.Skip("skipping in short mode")
 	}
@@ -589,10 +588,8 @@ func TestBogoSuite(t *testing.T) {
 	}
 
 	cmd := testenv.Command(t, testenv.GoToolPath(t), args...)
-	out := &strings.Builder{}
-	cmd.Stderr = out
 	cmd.Dir = filepath.Join(bogoDir, "ssl/test/runner")
-	err = cmd.Run()
+	out, err := cmd.CombinedOutput()
 	// NOTE: we don't immediately check the error, because the failure could be either because
 	// the runner failed for some unexpected reason, or because a test case failed, and we
 	// cannot easily differentiate these cases. We check if the JSON results file was written,
@@ -707,7 +704,6 @@ func ensureLocalBogo(t *testing.T, localBogoDir string) {
 	}
 
 	t.Logf("using fresh local bogo checkout from %q", localBogoDir)
-	return
 }
 
 func generateReport(results bogoResults, outPath string) error {
diff --git a/link_test.go b/link_test.go
index 454d370c..cc681d1d 100644
--- a/link_test.go
+++ b/link_test.go
@@ -8,7 +8,6 @@ import (
 	"bytes"
 	"internal/testenv"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"testing"
 )
@@ -19,8 +18,6 @@ func TestLinkerGC(t *testing.T) {
 		t.Skip("skipping in short mode")
 	}
 	t.Parallel()
-	goBin := testenv.GoToolPath(t)
-	testenv.MustHaveGoBuild(t)
 
 	tests := []struct {
 		name    string
@@ -80,17 +77,17 @@ func main() { tls.Dial("", "", nil) }
 				t.Fatal(err)
 			}
 			os.Remove(exeFile)
-			cmd := exec.Command(goBin, "build", "-o", "x.exe", "x.go")
+			cmd := testenv.Command(t, testenv.GoToolPath(t), "build", "-o", "x.exe", "x.go")
 			cmd.Dir = tmpDir
 			if out, err := cmd.CombinedOutput(); err != nil {
-				t.Fatalf("compile: %v, %s", err, out)
+				t.Fatalf("compile: %v\n%s", err, out)
 			}
 
-			cmd = exec.Command(goBin, "tool", "nm", "x.exe")
+			cmd = testenv.Command(t, testenv.GoToolPath(t), "tool", "nm", "x.exe")
 			cmd.Dir = tmpDir
-			nm, err := cmd.CombinedOutput()
+			nm, err := testenv.CleanCmdEnv(cmd).CombinedOutput()
 			if err != nil {
-				t.Fatalf("nm: %v, %s", err, nm)
+				t.Fatalf("nm: %v\n%s", err, nm)
 			}
 			for _, sym := range tt.want {
 				if !bytes.Contains(nm, []byte(sym)) {

From 590d34ef29803954eb7c2ce169880ac04c35b4f2 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 24 Nov 2025 14:03:10 -0800
Subject: [PATCH 84/95] crypto/tls: reject trailing messages after
 client/server hello

For TLS 1.3, after procesesing the server/client hello, if there isn't a
CCS message, reject the trailing messages which were appended to the
hello messages. This prevents an on-path attacker from injecting
plaintext messages into the handshake.

Additionally, check that we don't have any buffered messages before we
switch the read traffic secret regardless, since any buffered messages
would have been under an old key which is no longer appropriate.

We also invert the ordering of setting the read/write secrets so that if
we fail when changing the read secret we send the alert using the
correct write secret.

Fixes #76443
Fixes CVE-2025-61730

Change-Id: If6ba8ad16f48d5cd5db5574824062ad4244a5b52
Reviewed-on: https://go-review.googlesource.com/c/go/+/724120
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Coia Prant <coiaprant@gmail.com>
---
 conn.go                   |  39 +++++++++--
 handshake_client_tls13.go |  22 +++---
 handshake_server_tls13.go |  37 ++++++----
 handshake_test.go         | 140 ++++++++++++++++++++++++++++++++++++++
 quic.go                   |  11 ++-
 5 files changed, 218 insertions(+), 31 deletions(-)

diff --git a/conn.go b/conn.go
index c04c7a50..a840125a 100644
--- a/conn.go
+++ b/conn.go
@@ -224,6 +224,9 @@ func (hc *halfConn) changeCipherSpec() error {
 	return nil
 }
 
+// setTrafficSecret sets the traffic secret for the given encryption level. setTrafficSecret
+// should not be called directly, but rather through the Conn setWriteTrafficSecret and
+// setReadTrafficSecret wrapper methods.
 func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) {
 	hc.trafficSecret = secret
 	hc.level = level
@@ -1339,9 +1342,6 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error {
 		return c.in.setErrorLocked(c.sendAlert(alertInternalError))
 	}
 
-	newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret)
-	c.in.setTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret)
-
 	if keyUpdate.updateRequested {
 		c.out.Lock()
 		defer c.out.Unlock()
@@ -1359,7 +1359,12 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error {
 		}
 
 		newSecret := cipherSuite.nextTrafficSecret(c.out.trafficSecret)
-		c.out.setTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret)
+		c.setWriteTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret)
+	}
+
+	newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret)
+	if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret); err != nil {
+		return err
 	}
 
 	return nil
@@ -1576,7 +1581,9 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
 			// Provide the 1-RTT read secret now that the handshake is complete.
 			// The QUIC layer MUST NOT decrypt 1-RTT packets prior to completing
 			// the handshake (RFC 9001, Section 5.7).
-			c.quicSetReadSecret(QUICEncryptionLevelApplication, c.cipherSuite, c.in.trafficSecret)
+			if err := c.quicSetReadSecret(QUICEncryptionLevelApplication, c.cipherSuite, c.in.trafficSecret); err != nil {
+				return err
+			}
 		} else {
 			c.out.Lock()
 			a, ok := errors.AsType[alert](c.out.err)
@@ -1672,3 +1679,25 @@ func (c *Conn) VerifyHostname(host string) error {
 	}
 	return c.peerCertificates[0].VerifyHostname(host)
 }
+
+// setReadTrafficSecret sets the read traffic secret for the given encryption level. If
+// being called at the same time as setWriteTrafficSecret, the caller must ensure the call
+// to setWriteTrafficSecret happens first so any alerts are sent at the write level.
+func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) error {
+	// Ensure that there are no buffered handshake messages before changing the
+	// read keys, since that can cause messages to be parsed that were encrypted
+	// using old keys which are no longer appropriate.
+	if c.hand.Len() != 0 {
+		c.sendAlert(alertUnexpectedMessage)
+		return errors.New("tls: handshake buffer not empty before setting read traffic secret")
+	}
+	c.in.setTrafficSecret(suite, level, secret)
+	return nil
+}
+
+// setWriteTrafficSecret sets the write traffic secret for the given encryption level. If
+// being called at the same time as setReadTrafficSecret, the caller must ensure the call
+// to setWriteTrafficSecret happens first so any alerts are sent at the write level.
+func (c *Conn) setWriteTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) {
+	c.out.setTrafficSecret(suite, level, secret)
+}
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index e696bd3a..77a24b4a 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -490,16 +490,17 @@ func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
 	handshakeSecret := earlySecret.HandshakeSecret(sharedKey)
 
 	clientSecret := handshakeSecret.ClientHandshakeTrafficSecret(hs.transcript)
-	c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret)
+	c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret)
 	serverSecret := handshakeSecret.ServerHandshakeTrafficSecret(hs.transcript)
-	c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret)
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret); err != nil {
+		return err
+	}
 
 	if c.quic != nil {
-		if c.hand.Len() != 0 {
-			c.sendAlert(alertUnexpectedMessage)
-		}
 		c.quicSetWriteSecret(QUICEncryptionLevelHandshake, hs.suite.id, clientSecret)
-		c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, serverSecret)
+		if err := c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, serverSecret); err != nil {
+			return err
+		}
 	}
 
 	err = c.config.writeKeyLog(keyLogLabelClientHandshake, hs.hello.random, clientSecret)
@@ -710,7 +711,9 @@ func (hs *clientHandshakeStateTLS13) readServerFinished() error {
 
 	hs.trafficSecret = hs.masterSecret.ClientApplicationTrafficSecret(hs.transcript)
 	serverSecret := hs.masterSecret.ServerApplicationTrafficSecret(hs.transcript)
-	c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret)
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret); err != nil {
+		return err
+	}
 
 	err = c.config.writeKeyLog(keyLogLabelClientTraffic, hs.hello.random, hs.trafficSecret)
 	if err != nil {
@@ -813,16 +816,13 @@ func (hs *clientHandshakeStateTLS13) sendClientFinished() error {
 		return err
 	}
 
-	c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret)
+	c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret)
 
 	if !c.config.SessionTicketsDisabled && c.config.ClientSessionCache != nil {
 		c.resumptionSecret = hs.masterSecret.ResumptionMasterSecret(hs.transcript)
 	}
 
 	if c.quic != nil {
-		if c.hand.Len() != 0 {
-			c.sendAlert(alertUnexpectedMessage)
-		}
 		c.quicSetWriteSecret(QUICEncryptionLevelApplication, hs.suite.id, hs.trafficSecret)
 	}
 
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 3bed1359..b066924e 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -410,7 +410,9 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 				return err
 			}
 			earlyTrafficSecret := hs.earlySecret.ClientEarlyTrafficSecret(transcript)
-			c.quicSetReadSecret(QUICEncryptionLevelEarly, hs.suite.id, earlyTrafficSecret)
+			if err := c.quicSetReadSecret(QUICEncryptionLevelEarly, hs.suite.id, earlyTrafficSecret); err != nil {
+				return err
+			}
 		}
 
 		c.didResume = true
@@ -514,6 +516,14 @@ func (hs *serverHandshakeStateTLS13) sendDummyChangeCipherSpec() error {
 func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) (*keyShare, error) {
 	c := hs.c
 
+	// Make sure the client didn't send extra handshake messages alongside
+	// their initial client_hello. If they sent two client_hello messages,
+	// we will consume the second before they respond to the server_hello.
+	if c.hand.Len() != 0 {
+		c.sendAlert(alertUnexpectedMessage)
+		return nil, errors.New("tls: handshake buffer not empty before HelloRetryRequest")
+	}
+
 	// The first ClientHello gets double-hashed into the transcript upon a
 	// HelloRetryRequest. See RFC 8446, Section 4.4.1.
 	if err := transcriptMsg(hs.clientHello, hs.transcript); err != nil {
@@ -733,17 +743,18 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
 	}
 	hs.handshakeSecret = earlySecret.HandshakeSecret(hs.sharedKey)
 
-	clientSecret := hs.handshakeSecret.ClientHandshakeTrafficSecret(hs.transcript)
-	c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret)
 	serverSecret := hs.handshakeSecret.ServerHandshakeTrafficSecret(hs.transcript)
-	c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret)
+	c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret)
+	clientSecret := hs.handshakeSecret.ClientHandshakeTrafficSecret(hs.transcript)
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret); err != nil {
+		return err
+	}
 
 	if c.quic != nil {
-		if c.hand.Len() != 0 {
-			c.sendAlert(alertUnexpectedMessage)
-		}
 		c.quicSetWriteSecret(QUICEncryptionLevelHandshake, hs.suite.id, serverSecret)
-		c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, clientSecret)
+		if err := c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, clientSecret); err != nil {
+			return err
+		}
 	}
 
 	err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.clientHello.random, clientSecret)
@@ -887,13 +898,9 @@ func (hs *serverHandshakeStateTLS13) sendServerFinished() error {
 
 	hs.trafficSecret = hs.masterSecret.ClientApplicationTrafficSecret(hs.transcript)
 	serverSecret := hs.masterSecret.ServerApplicationTrafficSecret(hs.transcript)
-	c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret)
+	c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret)
 
 	if c.quic != nil {
-		if c.hand.Len() != 0 {
-			// TODO: Handle this in setTrafficSecret?
-			c.sendAlert(alertUnexpectedMessage)
-		}
 		c.quicSetWriteSecret(QUICEncryptionLevelApplication, hs.suite.id, serverSecret)
 	}
 
@@ -1123,7 +1130,9 @@ func (hs *serverHandshakeStateTLS13) readClientFinished() error {
 		return errors.New("tls: invalid client finished hash")
 	}
 
-	c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret)
+	if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret); err != nil {
+		return err
+	}
 
 	return nil
 }
diff --git a/handshake_test.go b/handshake_test.go
index 6e15459a..9cea8182 100644
--- a/handshake_test.go
+++ b/handshake_test.go
@@ -7,6 +7,7 @@ package tls
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"crypto/ed25519"
 	"crypto/x509"
 	"encoding/hex"
@@ -638,3 +639,142 @@ var clientEd25519KeyPEM = testingKey(`
 -----BEGIN TESTING KEY-----
 MC4CAQAwBQYDK2VwBCIEINifzf07d9qx3d44e0FSbV4mC/xQxT644RRbpgNpin7I
 -----END TESTING KEY-----`)
+
+func TestServerHelloTrailingMessage(t *testing.T) {
+	// In TLS 1.3 the change cipher spec message is optional. If a CCS message
+	// is not sent, after reading the ServerHello, the read traffic secret is
+	// set, and all following messages must be encrypted. If the server sends
+	// additional unencrypted messages in a record with the ServerHello, the
+	// client must either fail or ignore the additional messages.
+
+	c, s := localPipe(t)
+	go func() {
+		ctx := context.Background()
+		srv := Server(s, testConfig)
+		clientHello, _, err := srv.readClientHello(ctx)
+		if err != nil {
+			testFatal(t, err)
+		}
+
+		hs := serverHandshakeStateTLS13{
+			c:           srv,
+			ctx:         ctx,
+			clientHello: clientHello,
+		}
+		if err := hs.processClientHello(); err != nil {
+			testFatal(t, err)
+		}
+		if err := transcriptMsg(hs.clientHello, hs.transcript); err != nil {
+			testFatal(t, err)
+		}
+
+		record, err := concatHandshakeMessages(hs.hello, &encryptedExtensionsMsg{alpnProtocol: "h2"})
+		if err != nil {
+			testFatal(t, err)
+		}
+
+		if _, err := s.Write(record); err != nil {
+			testFatal(t, err)
+		}
+		srv.Close()
+	}()
+
+	cli := Client(c, testConfig)
+	expectedErr := "tls: handshake buffer not empty before setting read traffic secret"
+	if err := cli.Handshake(); err == nil {
+		t.Fatal("expected error from incomplete handshake, got nil")
+	} else if err.Error() != expectedErr {
+		t.Fatalf("expected error %q, got %q", expectedErr, err.Error())
+	}
+}
+
+func TestClientHelloTrailingMessage(t *testing.T) {
+	// Same as TestServerHelloTrailingMessage but for the client side.
+
+	c, s := localPipe(t)
+	go func() {
+		cli := Client(c, testConfig)
+
+		hello, _, _, err := cli.makeClientHello()
+		if err != nil {
+			testFatal(t, err)
+		}
+
+		record, err := concatHandshakeMessages(hello, &certificateMsgTLS13{})
+		if err != nil {
+			testFatal(t, err)
+		}
+
+		if _, err := c.Write(record); err != nil {
+			testFatal(t, err)
+		}
+		cli.Close()
+	}()
+
+	srv := Server(s, testConfig)
+	expectedErr := "tls: handshake buffer not empty before setting read traffic secret"
+	if err := srv.Handshake(); err == nil {
+		t.Fatal("expected error from incomplete handshake, got nil")
+	} else if err.Error() != expectedErr {
+		t.Fatalf("expected error %q, got %q", expectedErr, err.Error())
+	}
+}
+
+func TestDoubleClientHelloHRR(t *testing.T) {
+	// If a client sends two ClientHello messages in a single record, and the
+	// server sends a HRR after reading the first ClientHello, the server must
+	// either fail or ignore the trailing ClientHello.
+
+	c, s := localPipe(t)
+
+	go func() {
+		cli := Client(c, testConfig)
+
+		hello, _, _, err := cli.makeClientHello()
+		if err != nil {
+			testFatal(t, err)
+		}
+		hello.keyShares = nil
+
+		record, err := concatHandshakeMessages(hello, hello)
+		if err != nil {
+			testFatal(t, err)
+		}
+
+		if _, err := c.Write(record); err != nil {
+			testFatal(t, err)
+		}
+		cli.Close()
+	}()
+
+	srv := Server(s, testConfig)
+	expectedErr := "tls: handshake buffer not empty before HelloRetryRequest"
+	if err := srv.Handshake(); err == nil {
+		t.Fatal("expected error from incomplete handshake, got nil")
+	} else if err.Error() != expectedErr {
+		t.Fatalf("expected error %q, got %q", expectedErr, err.Error())
+	}
+}
+
+// concatHandshakeMessages marshals and concatenates the given handshake
+// messages into a single record.
+func concatHandshakeMessages(msgs ...handshakeMessage) ([]byte, error) {
+	var marshalled []byte
+	for _, msg := range msgs {
+		data, err := msg.marshal()
+		if err != nil {
+			return nil, err
+		}
+		marshalled = append(marshalled, data...)
+	}
+	m := len(marshalled)
+	outBuf := make([]byte, recordHeaderLen)
+	outBuf[0] = byte(recordTypeHandshake)
+	vers := VersionTLS12
+	outBuf[1] = byte(vers >> 8)
+	outBuf[2] = byte(vers)
+	outBuf[3] = byte(m >> 8)
+	outBuf[4] = byte(m)
+	outBuf = append(outBuf, marshalled...)
+	return outBuf, nil
+}
diff --git a/quic.go b/quic.go
index b3f95dbb..76b7eb2c 100644
--- a/quic.go
+++ b/quic.go
@@ -402,13 +402,22 @@ func (c *Conn) quicReadHandshakeBytes(n int) error {
 	return nil
 }
 
-func (c *Conn) quicSetReadSecret(level QUICEncryptionLevel, suite uint16, secret []byte) {
+func (c *Conn) quicSetReadSecret(level QUICEncryptionLevel, suite uint16, secret []byte) error {
+	// Ensure that there are no buffered handshake messages before changing the
+	// read keys, since that can cause messages to be parsed that were encrypted
+	// using old keys which are no longer appropriate.
+	// TODO(roland): we should merge this check with the similar one in setReadTrafficSecret.
+	if c.hand.Len() != 0 {
+		c.sendAlert(alertUnexpectedMessage)
+		return errors.New("tls: handshake buffer not empty before setting read traffic secret")
+	}
 	c.quic.events = append(c.quic.events, QUICEvent{
 		Kind:  QUICSetReadSecret,
 		Level: level,
 		Suite: suite,
 		Data:  secret,
 	})
+	return nil
 }
 
 func (c *Conn) quicSetWriteSecret(level QUICEncryptionLevel, suite uint16, secret []byte) {

From 9eb9ef0a6da96d2e7601ca9d486ad93d50734b5a Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Fri, 9 Jan 2026 19:01:50 +0100
Subject: [PATCH 85/95] crypto: use testenv.Executable(t) instead of os.Args[0]
 in tests

Change-Id: Ib0ec1f05e51a4295a9369d6e8c6b61976a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/735260
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 bogo_shim_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bogo_shim_test.go b/bogo_shim_test.go
index 1b5fc49c..ccac47c2 100644
--- a/bogo_shim_test.go
+++ b/bogo_shim_test.go
@@ -577,7 +577,7 @@ func TestBogoSuite(t *testing.T) {
 		"test",
 		".",
 		fmt.Sprintf("-shim-config=%s", filepath.Join(cwd, "bogo_config.json")),
-		fmt.Sprintf("-shim-path=%s", os.Args[0]),
+		fmt.Sprintf("-shim-path=%s", testenv.Executable(t)),
 		"-shim-extra-flags=-bogo-mode",
 		"-allow-unimplemented",
 		"-loose-errors", // TODO(roland): this should be removed eventually

From 3c43796adc01fd07dad8e1815d5fab5e3188bcbc Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <bracewell@google.com>
Date: Tue, 6 Jan 2026 14:36:01 -0800
Subject: [PATCH 86/95] [release-branch.go1.26] crypto/tls: don't copy
 auto-rotated session ticket keys in Config.Clone

Once a tls.Config is used, it is not safe to mutate. We provide the
Clone method in order to allow users to copy and modify a Config that
is in use.

If Config.SessionTicketKey is not populated, and if
Config.SetSessionTicketKeys has not been called, we automatically
populate and rotate session ticket keys. Clone was previously copying
these keys into the new Config, meaning that two Configs could share
the same auto-rotated session ticket keys. This could allow sessions to
be resumed across different Configs, which may have completely different
configurations.

This change updates Clone to not copy the auto-rotated session ticket
keys.

Additionally, when resuming a session, check that not just that the leaf
certificate is unexpired, but that the entire certificate chain is still
unexpired.

Fixes #77113
Fixes CVE-2025-68121

Change-Id: I011df7329de83068d11b3f0c793763692d018a98
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3300
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3340
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736704
TryBot-Bypass: Michael Pratt <mpratt@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
---
 common.go                 |   7 ++-
 handshake_server.go       |   9 +++-
 handshake_server_test.go  | 101 ++++++++++++++++++++++++++++++++++++++
 handshake_server_tls13.go |  10 +++-
 tls_test.go               |  11 ++++-
 5 files changed, 132 insertions(+), 6 deletions(-)

diff --git a/common.go b/common.go
index 099a11ca..093869ac 100644
--- a/common.go
+++ b/common.go
@@ -980,6 +980,10 @@ const maxSessionTicketLifetime = 7 * 24 * time.Hour
 
 // Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a [Config] that is
 // being used concurrently by a TLS client or server.
+//
+// If Config.SessionTicketKey is unpopulated, and Config.SetSessionTicketKeys has not been
+// called, the clone will not share the same auto-rotated session ticket keys as the original
+// Config in order to prevent sessions from being resumed across Configs.
 func (c *Config) Clone() *Config {
 	if c == nil {
 		return nil
@@ -1020,7 +1024,8 @@ func (c *Config) Clone() *Config {
 		EncryptedClientHelloRejectionVerify: c.EncryptedClientHelloRejectionVerify,
 		EncryptedClientHelloKeys:            c.EncryptedClientHelloKeys,
 		sessionTicketKeys:                   c.sessionTicketKeys,
-		autoSessionTicketKeys:               c.autoSessionTicketKeys,
+		// We explicitly do not copy autoSessionTicketKeys, so that Configs do
+		// not share the same auto-rotated keys.
 	}
 }
 
diff --git a/handshake_server.go b/handshake_server.go
index efdaeae6..06675a8c 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -520,8 +520,13 @@ func (hs *serverHandshakeState) checkForResumption() error {
 	if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
 		return nil
 	}
-	if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
-		return nil
+	if sessionHasClientCerts {
+		now := c.config.time()
+		for _, c := range sessionState.peerCertificates {
+			if now.After(c.NotAfter) {
+				return nil
+			}
+		}
 	}
 	if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
 		len(sessionState.verifiedChains) == 0 {
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 7e35c252..41ae8705 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -13,6 +13,7 @@ import (
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -2153,3 +2154,103 @@ func TestHandshakeContextHierarchy(t *testing.T) {
 		t.Errorf("Unexpected client error: %v", err)
 	}
 }
+
+func TestHandshakeChainExpiryResumptionTLS12(t *testing.T) {
+	t.Run("TLS1.2", func(t *testing.T) {
+		testHandshakeChainExpiryResumption(t, VersionTLS12)
+	})
+	t.Run("TLS1.3", func(t *testing.T) {
+		testHandshakeChainExpiryResumption(t, VersionTLS13)
+	})
+}
+
+func testHandshakeChainExpiryResumption(t *testing.T, version uint16) {
+	now := time.Now()
+	createChain := func(leafNotAfter, rootNotAfter time.Time) (certDER []byte, root *x509.Certificate) {
+		tmpl := &x509.Certificate{
+			Subject:               pkix.Name{CommonName: "root"},
+			NotBefore:             rootNotAfter.Add(-time.Hour * 24),
+			NotAfter:              rootNotAfter,
+			IsCA:                  true,
+			BasicConstraintsValid: true,
+		}
+		rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+		root, err = x509.ParseCertificate(rootDER)
+		if err != nil {
+			t.Fatalf("ParseCertificate: %v", err)
+		}
+
+		tmpl = &x509.Certificate{
+			Subject:   pkix.Name{},
+			DNSNames:  []string{"expired-resume.example.com"},
+			NotBefore: leafNotAfter.Add(-time.Hour * 24),
+			NotAfter:  leafNotAfter,
+			KeyUsage:  x509.KeyUsageDigitalSignature,
+		}
+		certDER, err = x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+
+		return certDER, root
+	}
+
+	initialLeafDER, initialRoot := createChain(now.Add(time.Hour), now.Add(2*time.Hour))
+
+	serverConfig := testConfig.Clone()
+	serverConfig.MaxVersion = version
+	serverConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{initialLeafDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	serverConfig.ClientCAs = x509.NewCertPool()
+	serverConfig.ClientCAs.AddCert(initialRoot)
+	serverConfig.ClientAuth = RequireAndVerifyClientCert
+	serverConfig.Time = func() time.Time {
+		return now
+	}
+
+	clientConfig := testConfig.Clone()
+	clientConfig.MaxVersion = version
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{initialLeafDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	clientConfig.RootCAs = x509.NewCertPool()
+	clientConfig.RootCAs.AddCert(initialRoot)
+	clientConfig.ServerName = "expired-resume.example.com"
+	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
+
+	testResume := func(t *testing.T, sc, cc *Config, expectResume bool) {
+		t.Helper()
+		ss, cs, err := testHandshake(t, cc, sc)
+		if err != nil {
+			t.Fatalf("handshake: %v", err)
+		}
+		if cs.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+		if ss.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+	}
+
+	testResume(t, serverConfig, clientConfig, false)
+	testResume(t, serverConfig, clientConfig, true)
+
+	freshLeafDER, freshRoot := createChain(now.Add(2*time.Hour), now.Add(3*time.Hour))
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{freshLeafDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	serverConfig.Time = func() time.Time {
+		return now.Add(1*time.Hour + 30*time.Minute)
+	}
+	serverConfig.ClientCAs = x509.NewCertPool()
+	serverConfig.ClientCAs.AddCert(freshRoot)
+
+	testResume(t, serverConfig, clientConfig, false)
+}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index b066924e..0033164f 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -314,6 +314,7 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 		return nil
 	}
 
+pskIdentityLoop:
 	for i, identity := range hs.clientHello.pskIdentities {
 		if i >= maxClientPSKIdentities {
 			break
@@ -366,8 +367,13 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 		if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
 			continue
 		}
-		if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
-			continue
+		if sessionHasClientCerts {
+			now := c.config.time()
+			for _, c := range sessionState.peerCertificates {
+				if now.After(c.NotAfter) {
+					continue pskIdentityLoop
+				}
+			}
 		}
 		if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
 			len(sessionState.verifiedChains) == 0 {
diff --git a/tls_test.go b/tls_test.go
index 39ebb9d2..48428e4c 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -935,8 +935,8 @@ func TestCloneNonFuncFields(t *testing.T) {
 		}
 	}
 	// Set the unexported fields related to session ticket keys, which are copied with Clone().
-	c1.autoSessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)}
 	c1.sessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)}
+	// We explicitly don't copy autoSessionTicketKeys in Clone, so don't set it.
 
 	c2 := c1.Clone()
 	if !reflect.DeepEqual(&c1, c2) {
@@ -2461,3 +2461,12 @@ func (s messageOnlySigner) SignMessage(rand io.Reader, msg []byte, opts crypto.S
 	digest := h.Sum(nil)
 	return s.Signer.Sign(rand, digest, opts)
 }
+
+func TestConfigCloneAutoSessionTicketKeys(t *testing.T) {
+	orig := &Config{}
+	orig.ticketKeys(nil)
+	clone := orig.Clone()
+	if slices.Equal(orig.autoSessionTicketKeys, clone.autoSessionTicketKeys) {
+		t.Fatal("autoSessionTicketKeys slice copied in Clone")
+	}
+}

From 8175d2a585361a05d2d2f350cd01f56196cdf660 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <bracewell@google.com>
Date: Tue, 6 Jan 2026 14:36:01 -0800
Subject: [PATCH 87/95] crypto/tls: don't copy auto-rotated session ticket keys
 in Config.Clone

Once a tls.Config is used, it is not safe to mutate. We provide the
Clone method in order to allow users to copy and modify a Config that
is in use.

If Config.SessionTicketKey is not populated, and if
Config.SetSessionTicketKeys has not been called, we automatically
populate and rotate session ticket keys. Clone was previously copying
these keys into the new Config, meaning that two Configs could share
the same auto-rotated session ticket keys. This could allow sessions to
be resumed across different Configs, which may have completely different
configurations.

This change updates Clone to not copy the auto-rotated session ticket
keys.

Additionally, when resuming a session, check that not just that the leaf
certificate is unexpired, but that the entire certificate chain is still
unexpired.

Fixes #77113
Fixes CVE-2025-68121

Change-Id: I011df7329de83068d11b3f0c793763692d018a98
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3300
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736709
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 common.go                 |   7 ++-
 handshake_server.go       |   9 +++-
 handshake_server_test.go  | 101 ++++++++++++++++++++++++++++++++++++++
 handshake_server_tls13.go |  10 +++-
 tls_test.go               |  11 ++++-
 5 files changed, 132 insertions(+), 6 deletions(-)

diff --git a/common.go b/common.go
index 099a11ca..093869ac 100644
--- a/common.go
+++ b/common.go
@@ -980,6 +980,10 @@ const maxSessionTicketLifetime = 7 * 24 * time.Hour
 
 // Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a [Config] that is
 // being used concurrently by a TLS client or server.
+//
+// If Config.SessionTicketKey is unpopulated, and Config.SetSessionTicketKeys has not been
+// called, the clone will not share the same auto-rotated session ticket keys as the original
+// Config in order to prevent sessions from being resumed across Configs.
 func (c *Config) Clone() *Config {
 	if c == nil {
 		return nil
@@ -1020,7 +1024,8 @@ func (c *Config) Clone() *Config {
 		EncryptedClientHelloRejectionVerify: c.EncryptedClientHelloRejectionVerify,
 		EncryptedClientHelloKeys:            c.EncryptedClientHelloKeys,
 		sessionTicketKeys:                   c.sessionTicketKeys,
-		autoSessionTicketKeys:               c.autoSessionTicketKeys,
+		// We explicitly do not copy autoSessionTicketKeys, so that Configs do
+		// not share the same auto-rotated keys.
 	}
 }
 
diff --git a/handshake_server.go b/handshake_server.go
index efdaeae6..06675a8c 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -520,8 +520,13 @@ func (hs *serverHandshakeState) checkForResumption() error {
 	if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
 		return nil
 	}
-	if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
-		return nil
+	if sessionHasClientCerts {
+		now := c.config.time()
+		for _, c := range sessionState.peerCertificates {
+			if now.After(c.NotAfter) {
+				return nil
+			}
+		}
 	}
 	if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
 		len(sessionState.verifiedChains) == 0 {
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 7e35c252..41ae8705 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -13,6 +13,7 @@ import (
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -2153,3 +2154,103 @@ func TestHandshakeContextHierarchy(t *testing.T) {
 		t.Errorf("Unexpected client error: %v", err)
 	}
 }
+
+func TestHandshakeChainExpiryResumptionTLS12(t *testing.T) {
+	t.Run("TLS1.2", func(t *testing.T) {
+		testHandshakeChainExpiryResumption(t, VersionTLS12)
+	})
+	t.Run("TLS1.3", func(t *testing.T) {
+		testHandshakeChainExpiryResumption(t, VersionTLS13)
+	})
+}
+
+func testHandshakeChainExpiryResumption(t *testing.T, version uint16) {
+	now := time.Now()
+	createChain := func(leafNotAfter, rootNotAfter time.Time) (certDER []byte, root *x509.Certificate) {
+		tmpl := &x509.Certificate{
+			Subject:               pkix.Name{CommonName: "root"},
+			NotBefore:             rootNotAfter.Add(-time.Hour * 24),
+			NotAfter:              rootNotAfter,
+			IsCA:                  true,
+			BasicConstraintsValid: true,
+		}
+		rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+		root, err = x509.ParseCertificate(rootDER)
+		if err != nil {
+			t.Fatalf("ParseCertificate: %v", err)
+		}
+
+		tmpl = &x509.Certificate{
+			Subject:   pkix.Name{},
+			DNSNames:  []string{"expired-resume.example.com"},
+			NotBefore: leafNotAfter.Add(-time.Hour * 24),
+			NotAfter:  leafNotAfter,
+			KeyUsage:  x509.KeyUsageDigitalSignature,
+		}
+		certDER, err = x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+
+		return certDER, root
+	}
+
+	initialLeafDER, initialRoot := createChain(now.Add(time.Hour), now.Add(2*time.Hour))
+
+	serverConfig := testConfig.Clone()
+	serverConfig.MaxVersion = version
+	serverConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{initialLeafDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	serverConfig.ClientCAs = x509.NewCertPool()
+	serverConfig.ClientCAs.AddCert(initialRoot)
+	serverConfig.ClientAuth = RequireAndVerifyClientCert
+	serverConfig.Time = func() time.Time {
+		return now
+	}
+
+	clientConfig := testConfig.Clone()
+	clientConfig.MaxVersion = version
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{initialLeafDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	clientConfig.RootCAs = x509.NewCertPool()
+	clientConfig.RootCAs.AddCert(initialRoot)
+	clientConfig.ServerName = "expired-resume.example.com"
+	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
+
+	testResume := func(t *testing.T, sc, cc *Config, expectResume bool) {
+		t.Helper()
+		ss, cs, err := testHandshake(t, cc, sc)
+		if err != nil {
+			t.Fatalf("handshake: %v", err)
+		}
+		if cs.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+		if ss.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+	}
+
+	testResume(t, serverConfig, clientConfig, false)
+	testResume(t, serverConfig, clientConfig, true)
+
+	freshLeafDER, freshRoot := createChain(now.Add(2*time.Hour), now.Add(3*time.Hour))
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{freshLeafDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	serverConfig.Time = func() time.Time {
+		return now.Add(1*time.Hour + 30*time.Minute)
+	}
+	serverConfig.ClientCAs = x509.NewCertPool()
+	serverConfig.ClientCAs.AddCert(freshRoot)
+
+	testResume(t, serverConfig, clientConfig, false)
+}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index b066924e..0033164f 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -314,6 +314,7 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 		return nil
 	}
 
+pskIdentityLoop:
 	for i, identity := range hs.clientHello.pskIdentities {
 		if i >= maxClientPSKIdentities {
 			break
@@ -366,8 +367,13 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 		if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
 			continue
 		}
-		if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
-			continue
+		if sessionHasClientCerts {
+			now := c.config.time()
+			for _, c := range sessionState.peerCertificates {
+				if now.After(c.NotAfter) {
+					continue pskIdentityLoop
+				}
+			}
 		}
 		if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
 			len(sessionState.verifiedChains) == 0 {
diff --git a/tls_test.go b/tls_test.go
index 39ebb9d2..48428e4c 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -935,8 +935,8 @@ func TestCloneNonFuncFields(t *testing.T) {
 		}
 	}
 	// Set the unexported fields related to session ticket keys, which are copied with Clone().
-	c1.autoSessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)}
 	c1.sessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)}
+	// We explicitly don't copy autoSessionTicketKeys in Clone, so don't set it.
 
 	c2 := c1.Clone()
 	if !reflect.DeepEqual(&c1, c2) {
@@ -2461,3 +2461,12 @@ func (s messageOnlySigner) SignMessage(rand io.Reader, msg []byte, opts crypto.S
 	digest := h.Sum(nil)
 	return s.Signer.Sign(rand, digest, opts)
 }
+
+func TestConfigCloneAutoSessionTicketKeys(t *testing.T) {
+	orig := &Config{}
+	orig.ticketKeys(nil)
+	clone := orig.Clone()
+	if slices.Equal(orig.autoSessionTicketKeys, clone.autoSessionTicketKeys) {
+		t.Fatal("autoSessionTicketKeys slice copied in Clone")
+	}
+}

From 0e3bd90bb3d84daf1da8af9dcb07f3a2f81b1630 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 26 Jan 2026 10:49:30 -0800
Subject: [PATCH 88/95] [release-branch.go1.26] Revert "crypto/tls: don't copy
 auto-rotated session ticket keys in Config.Clone"

This reverts CL 736709 (commit bba24719a4cad5cc8d771fc9cfff5a38019d554a).

Updates #77113
Updates #77357
Updates CVE-2025-68121

Change-Id: I0261cb75e9adf9d0ac9890dc91ae8476b8988ba0
Reviewed-on: https://go-review.googlesource.com/c/go/+/739320
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/740002
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
---
 common.go                 |   7 +--
 handshake_server.go       |   9 +---
 handshake_server_test.go  | 101 --------------------------------------
 handshake_server_tls13.go |  10 +---
 tls_test.go               |  11 +----
 5 files changed, 6 insertions(+), 132 deletions(-)

diff --git a/common.go b/common.go
index 093869ac..099a11ca 100644
--- a/common.go
+++ b/common.go
@@ -980,10 +980,6 @@ const maxSessionTicketLifetime = 7 * 24 * time.Hour
 
 // Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a [Config] that is
 // being used concurrently by a TLS client or server.
-//
-// If Config.SessionTicketKey is unpopulated, and Config.SetSessionTicketKeys has not been
-// called, the clone will not share the same auto-rotated session ticket keys as the original
-// Config in order to prevent sessions from being resumed across Configs.
 func (c *Config) Clone() *Config {
 	if c == nil {
 		return nil
@@ -1024,8 +1020,7 @@ func (c *Config) Clone() *Config {
 		EncryptedClientHelloRejectionVerify: c.EncryptedClientHelloRejectionVerify,
 		EncryptedClientHelloKeys:            c.EncryptedClientHelloKeys,
 		sessionTicketKeys:                   c.sessionTicketKeys,
-		// We explicitly do not copy autoSessionTicketKeys, so that Configs do
-		// not share the same auto-rotated keys.
+		autoSessionTicketKeys:               c.autoSessionTicketKeys,
 	}
 }
 
diff --git a/handshake_server.go b/handshake_server.go
index 06675a8c..efdaeae6 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -520,13 +520,8 @@ func (hs *serverHandshakeState) checkForResumption() error {
 	if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
 		return nil
 	}
-	if sessionHasClientCerts {
-		now := c.config.time()
-		for _, c := range sessionState.peerCertificates {
-			if now.After(c.NotAfter) {
-				return nil
-			}
-		}
+	if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
+		return nil
 	}
 	if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
 		len(sessionState.verifiedChains) == 0 {
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 41ae8705..7e35c252 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -13,7 +13,6 @@ import (
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -2154,103 +2153,3 @@ func TestHandshakeContextHierarchy(t *testing.T) {
 		t.Errorf("Unexpected client error: %v", err)
 	}
 }
-
-func TestHandshakeChainExpiryResumptionTLS12(t *testing.T) {
-	t.Run("TLS1.2", func(t *testing.T) {
-		testHandshakeChainExpiryResumption(t, VersionTLS12)
-	})
-	t.Run("TLS1.3", func(t *testing.T) {
-		testHandshakeChainExpiryResumption(t, VersionTLS13)
-	})
-}
-
-func testHandshakeChainExpiryResumption(t *testing.T, version uint16) {
-	now := time.Now()
-	createChain := func(leafNotAfter, rootNotAfter time.Time) (certDER []byte, root *x509.Certificate) {
-		tmpl := &x509.Certificate{
-			Subject:               pkix.Name{CommonName: "root"},
-			NotBefore:             rootNotAfter.Add(-time.Hour * 24),
-			NotAfter:              rootNotAfter,
-			IsCA:                  true,
-			BasicConstraintsValid: true,
-		}
-		rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
-		if err != nil {
-			t.Fatalf("CreateCertificate: %v", err)
-		}
-		root, err = x509.ParseCertificate(rootDER)
-		if err != nil {
-			t.Fatalf("ParseCertificate: %v", err)
-		}
-
-		tmpl = &x509.Certificate{
-			Subject:   pkix.Name{},
-			DNSNames:  []string{"expired-resume.example.com"},
-			NotBefore: leafNotAfter.Add(-time.Hour * 24),
-			NotAfter:  leafNotAfter,
-			KeyUsage:  x509.KeyUsageDigitalSignature,
-		}
-		certDER, err = x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
-		if err != nil {
-			t.Fatalf("CreateCertificate: %v", err)
-		}
-
-		return certDER, root
-	}
-
-	initialLeafDER, initialRoot := createChain(now.Add(time.Hour), now.Add(2*time.Hour))
-
-	serverConfig := testConfig.Clone()
-	serverConfig.MaxVersion = version
-	serverConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{initialLeafDER},
-		PrivateKey:  testECDSAPrivateKey,
-	}}
-	serverConfig.ClientCAs = x509.NewCertPool()
-	serverConfig.ClientCAs.AddCert(initialRoot)
-	serverConfig.ClientAuth = RequireAndVerifyClientCert
-	serverConfig.Time = func() time.Time {
-		return now
-	}
-
-	clientConfig := testConfig.Clone()
-	clientConfig.MaxVersion = version
-	clientConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{initialLeafDER},
-		PrivateKey:  testECDSAPrivateKey,
-	}}
-	clientConfig.RootCAs = x509.NewCertPool()
-	clientConfig.RootCAs.AddCert(initialRoot)
-	clientConfig.ServerName = "expired-resume.example.com"
-	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
-
-	testResume := func(t *testing.T, sc, cc *Config, expectResume bool) {
-		t.Helper()
-		ss, cs, err := testHandshake(t, cc, sc)
-		if err != nil {
-			t.Fatalf("handshake: %v", err)
-		}
-		if cs.DidResume != expectResume {
-			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
-		}
-		if ss.DidResume != expectResume {
-			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
-		}
-	}
-
-	testResume(t, serverConfig, clientConfig, false)
-	testResume(t, serverConfig, clientConfig, true)
-
-	freshLeafDER, freshRoot := createChain(now.Add(2*time.Hour), now.Add(3*time.Hour))
-	clientConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{freshLeafDER},
-		PrivateKey:  testECDSAPrivateKey,
-	}}
-	serverConfig.Time = func() time.Time {
-		return now.Add(1*time.Hour + 30*time.Minute)
-	}
-	serverConfig.ClientCAs = x509.NewCertPool()
-	serverConfig.ClientCAs.AddCert(freshRoot)
-
-	testResume(t, serverConfig, clientConfig, false)
-}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 0033164f..b066924e 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -314,7 +314,6 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 		return nil
 	}
 
-pskIdentityLoop:
 	for i, identity := range hs.clientHello.pskIdentities {
 		if i >= maxClientPSKIdentities {
 			break
@@ -367,13 +366,8 @@ pskIdentityLoop:
 		if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
 			continue
 		}
-		if sessionHasClientCerts {
-			now := c.config.time()
-			for _, c := range sessionState.peerCertificates {
-				if now.After(c.NotAfter) {
-					continue pskIdentityLoop
-				}
-			}
+		if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
+			continue
 		}
 		if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
 			len(sessionState.verifiedChains) == 0 {
diff --git a/tls_test.go b/tls_test.go
index 48428e4c..39ebb9d2 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -935,8 +935,8 @@ func TestCloneNonFuncFields(t *testing.T) {
 		}
 	}
 	// Set the unexported fields related to session ticket keys, which are copied with Clone().
+	c1.autoSessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)}
 	c1.sessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)}
-	// We explicitly don't copy autoSessionTicketKeys in Clone, so don't set it.
 
 	c2 := c1.Clone()
 	if !reflect.DeepEqual(&c1, c2) {
@@ -2461,12 +2461,3 @@ func (s messageOnlySigner) SignMessage(rand io.Reader, msg []byte, opts crypto.S
 	digest := h.Sum(nil)
 	return s.Signer.Sign(rand, digest, opts)
 }
-
-func TestConfigCloneAutoSessionTicketKeys(t *testing.T) {
-	orig := &Config{}
-	orig.ticketKeys(nil)
-	clone := orig.Clone()
-	if slices.Equal(orig.autoSessionTicketKeys, clone.autoSessionTicketKeys) {
-		t.Fatal("autoSessionTicketKeys slice copied in Clone")
-	}
-}

From 6d0798027a7eb84e991ecf04c7070c1c259c9136 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 26 Jan 2026 10:55:32 -0800
Subject: [PATCH 89/95] [release-branch.go1.26] crypto/tls: add verifiedChains
 expiration checking during resumption

When resuming a session, check that the verifiedChains contain at least
one chain that is still valid at the time of resumption. If not, trigger
a new handshake.

Updates #77113
Updates #77357
Updates CVE-2025-68121

Change-Id: I14f585c43da17802513cbdd5b10c552d7a38b34e
Reviewed-on: https://go-review.googlesource.com/c/go/+/739321
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/740003
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
---
 common.go                 |  13 ++++
 handshake_client.go       |  10 +++-
 handshake_server.go       |   2 +-
 handshake_server_test.go  | 122 ++++++++++++++++++++++++++++++++++++++
 handshake_server_tls13.go |   2 +-
 5 files changed, 144 insertions(+), 5 deletions(-)

diff --git a/common.go b/common.go
index 099a11ca..65cff5f5 100644
--- a/common.go
+++ b/common.go
@@ -1846,3 +1846,16 @@ func fipsAllowChain(chain []*x509.Certificate) bool {
 
 	return true
 }
+
+// anyUnexpiredChain reports if at least one of verifiedChains is still
+// unexpired. If verifiedChains is empty, it returns false.
+func anyUnexpiredChain(verifiedChains [][]*x509.Certificate, now time.Time) bool {
+	for _, chain := range verifiedChains {
+		if len(chain) != 0 && !slices.ContainsFunc(chain, func(cert *x509.Certificate) bool {
+			return now.Before(cert.NotBefore) || now.After(cert.NotAfter) // cert is expired
+		}) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/handshake_client.go b/handshake_client.go
index c2b1b703..d1ad9d58 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -397,9 +397,6 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
 		return nil, nil, nil, nil
 	}
 
-	// Check that the cached server certificate is not expired, and that it's
-	// valid for the ServerName. This should be ensured by the cache key, but
-	// protect the application from a faulty ClientSessionCache implementation.
 	if c.config.time().After(session.peerCertificates[0].NotAfter) {
 		// Expired certificate, delete the entry.
 		c.config.ClientSessionCache.Put(cacheKey, nil)
@@ -411,6 +408,13 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
 			return nil, nil, nil, nil
 		}
 		if err := session.peerCertificates[0].VerifyHostname(c.config.ServerName); err != nil {
+			// This should be ensured by the cache key, but protect the
+			// application from a faulty ClientSessionCache implementation.
+			return nil, nil, nil, nil
+		}
+		if !anyUnexpiredChain(session.verifiedChains, c.config.time()) {
+			// No valid chains, delete the entry.
+			c.config.ClientSessionCache.Put(cacheKey, nil)
 			return nil, nil, nil, nil
 		}
 	}
diff --git a/handshake_server.go b/handshake_server.go
index efdaeae6..64053e1a 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -524,7 +524,7 @@ func (hs *serverHandshakeState) checkForResumption() error {
 		return nil
 	}
 	if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
-		len(sessionState.verifiedChains) == 0 {
+		!anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) {
 		return nil
 	}
 
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 7e35c252..8325c9fa 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -13,6 +13,7 @@ import (
 	"crypto/rand"
 	"crypto/tls/internal/fips140tls"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -2153,3 +2154,124 @@ func TestHandshakeContextHierarchy(t *testing.T) {
 		t.Errorf("Unexpected client error: %v", err)
 	}
 }
+
+func TestHandshakeChainExpiryResumption(t *testing.T) {
+	t.Run("TLS1.2", func(t *testing.T) {
+		testHandshakeChainExpiryResumption(t, VersionTLS12)
+	})
+	t.Run("TLS1.3", func(t *testing.T) {
+		testHandshakeChainExpiryResumption(t, VersionTLS13)
+	})
+}
+
+func testHandshakeChainExpiryResumption(t *testing.T, version uint16) {
+	now := time.Now()
+
+	createChain := func(leafNotAfter, rootNotAfter time.Time) (leafDER, expiredLeafDER []byte, root *x509.Certificate) {
+		tmpl := &x509.Certificate{
+			Subject:               pkix.Name{CommonName: "root"},
+			NotBefore:             rootNotAfter.Add(-time.Hour * 24),
+			NotAfter:              rootNotAfter,
+			IsCA:                  true,
+			BasicConstraintsValid: true,
+		}
+		rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+		root, err = x509.ParseCertificate(rootDER)
+		if err != nil {
+			t.Fatalf("ParseCertificate: %v", err)
+		}
+
+		tmpl = &x509.Certificate{
+			Subject:   pkix.Name{},
+			DNSNames:  []string{"expired-resume.example.com"},
+			NotBefore: leafNotAfter.Add(-time.Hour * 24),
+			NotAfter:  leafNotAfter,
+			KeyUsage:  x509.KeyUsageDigitalSignature,
+		}
+		leafCertDER, err := x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+		tmpl.NotBefore, tmpl.NotAfter = leafNotAfter.Add(-time.Hour*24*365), leafNotAfter.Add(-time.Hour*24*364)
+		expiredLeafDERCertDER, err := x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+		if err != nil {
+			t.Fatalf("CreateCertificate: %v", err)
+		}
+
+		return leafCertDER, expiredLeafDERCertDER, root
+	}
+	testExpiration := func(name string, leafNotAfter, rootNotAfter time.Time) {
+		t.Run(name, func(t *testing.T) {
+			initialLeafDER, expiredLeafDER, initialRoot := createChain(leafNotAfter, rootNotAfter)
+
+			serverConfig := testConfig.Clone()
+			serverConfig.MaxVersion = version
+			serverConfig.Certificates = []Certificate{{
+				Certificate: [][]byte{initialLeafDER, expiredLeafDER},
+				PrivateKey:  testECDSAPrivateKey,
+			}}
+			serverConfig.ClientCAs = x509.NewCertPool()
+			serverConfig.ClientCAs.AddCert(initialRoot)
+			serverConfig.ClientAuth = RequireAndVerifyClientCert
+			serverConfig.Time = func() time.Time {
+				return now
+			}
+			serverConfig.InsecureSkipVerify = false
+			serverConfig.ServerName = "expired-resume.example.com"
+
+			clientConfig := testConfig.Clone()
+			clientConfig.MaxVersion = version
+			clientConfig.Certificates = []Certificate{{
+				Certificate: [][]byte{initialLeafDER, expiredLeafDER},
+				PrivateKey:  testECDSAPrivateKey,
+			}}
+			clientConfig.RootCAs = x509.NewCertPool()
+			clientConfig.RootCAs.AddCert(initialRoot)
+			clientConfig.ServerName = "expired-resume.example.com"
+			clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
+			clientConfig.InsecureSkipVerify = false
+			clientConfig.ServerName = "expired-resume.example.com"
+			clientConfig.Time = func() time.Time {
+				return now
+			}
+
+			testResume := func(t *testing.T, sc, cc *Config, expectResume bool) {
+				t.Helper()
+				ss, cs, err := testHandshake(t, cc, sc)
+				if err != nil {
+					t.Fatalf("handshake: %v", err)
+				}
+				if cs.DidResume != expectResume {
+					t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+				}
+				if ss.DidResume != expectResume {
+					t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+				}
+			}
+
+			testResume(t, serverConfig, clientConfig, false)
+			testResume(t, serverConfig, clientConfig, true)
+
+			expiredNow := time.Unix(0, min(leafNotAfter.UnixNano(), rootNotAfter.UnixNano())).Add(time.Minute)
+
+			freshLeafDER, expiredLeafDER, freshRoot := createChain(expiredNow.Add(time.Hour), expiredNow.Add(time.Hour))
+			clientConfig.Certificates = []Certificate{{
+				Certificate: [][]byte{freshLeafDER, expiredLeafDER},
+				PrivateKey:  testECDSAPrivateKey,
+			}}
+			serverConfig.Time = func() time.Time {
+				return expiredNow
+			}
+			serverConfig.ClientCAs = x509.NewCertPool()
+			serverConfig.ClientCAs.AddCert(freshRoot)
+
+			testResume(t, serverConfig, clientConfig, false)
+		})
+	}
+
+	testExpiration("LeafExpiresBeforeRoot", now.Add(2*time.Hour), now.Add(3*time.Hour))
+	testExpiration("LeafExpiresAfterRoot", now.Add(2*time.Hour), now.Add(time.Hour))
+}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index b066924e..11dbaa9f 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -370,7 +370,7 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 			continue
 		}
 		if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
-			len(sessionState.verifiedChains) == 0 {
+			!anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) {
 			continue
 		}
 

From 1dcb0331e22ac26608def8b452dc9d04c2cd95a6 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 26 Jan 2026 11:18:45 -0800
Subject: [PATCH 90/95] [release-branch.go1.26] crypto/tls: check
 verifiedChains roots when resuming sessions

When resuming TLS sessions, on the server and client verify that the
chains stored in the session state (verifiedChains) are still acceptable
with regards to the Config by checking for the inclusion of the root in
either ClientCAs (server) or RootCAs (client). This prevents resuming
a session with a certificate chain that would be rejected during a full
handshake due to an untrusted root.

Updates #77113
Updates #77357
Updates CVE-2025-68121

Change-Id: I11fe00909ef1961c24ecf80bf5b97f7b1121d359
Reviewed-on: https://go-review.googlesource.com/c/go/+/737700
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/740004
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
---
 common.go                 |  25 ++++-
 handshake_client.go       |   7 +-
 handshake_server.go       |   7 +-
 handshake_server_test.go  | 214 ++++++++++++++++++++++++++++++++++++++
 handshake_server_tls13.go |   8 +-
 5 files changed, 253 insertions(+), 8 deletions(-)

diff --git a/common.go b/common.go
index 65cff5f5..dfd24d70 100644
--- a/common.go
+++ b/common.go
@@ -1847,13 +1847,28 @@ func fipsAllowChain(chain []*x509.Certificate) bool {
 	return true
 }
 
-// anyUnexpiredChain reports if at least one of verifiedChains is still
-// unexpired. If verifiedChains is empty, it returns false.
-func anyUnexpiredChain(verifiedChains [][]*x509.Certificate, now time.Time) bool {
+// anyValidVerifiedChain reports if at least one of the chains in verifiedChains
+// is valid, as indicated by none of the certificates being expired and the root
+// being in opts.Roots (or in the system root pool if opts.Roots is nil). If
+// verifiedChains is empty, it returns false.
+func anyValidVerifiedChain(verifiedChains [][]*x509.Certificate, opts x509.VerifyOptions) bool {
 	for _, chain := range verifiedChains {
-		if len(chain) != 0 && !slices.ContainsFunc(chain, func(cert *x509.Certificate) bool {
-			return now.Before(cert.NotBefore) || now.After(cert.NotAfter) // cert is expired
+		if len(chain) == 0 {
+			continue
+		}
+		if slices.ContainsFunc(chain, func(cert *x509.Certificate) bool {
+			return opts.CurrentTime.Before(cert.NotBefore) || opts.CurrentTime.After(cert.NotAfter)
 		}) {
+			continue
+		}
+		// Since we already validated the chain, we only care that it is
+		// rooted in a CA in CAs, or in the system pool. On platforms where
+		// we control chain validation (e.g. not Windows or macOS) this is a
+		// simple lookup in the CertPool internal hash map. On other
+		// platforms, this may be more expensive, depending on how they
+		// implement verification of just root certificates.
+		root := chain[len(chain)-1]
+		if _, err := root.Verify(opts); err == nil {
 			return true
 		}
 	}
diff --git a/handshake_client.go b/handshake_client.go
index d1ad9d58..7d4bd5bc 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -412,7 +412,12 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (
 			// application from a faulty ClientSessionCache implementation.
 			return nil, nil, nil, nil
 		}
-		if !anyUnexpiredChain(session.verifiedChains, c.config.time()) {
+		opts := x509.VerifyOptions{
+			CurrentTime: c.config.time(),
+			Roots:       c.config.RootCAs,
+			KeyUsages:   []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		}
+		if !anyValidVerifiedChain(session.verifiedChains, opts) {
 			// No valid chains, delete the entry.
 			c.config.ClientSessionCache.Put(cacheKey, nil)
 			return nil, nil, nil, nil
diff --git a/handshake_server.go b/handshake_server.go
index 64053e1a..34dfb13b 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -523,8 +523,13 @@ func (hs *serverHandshakeState) checkForResumption() error {
 	if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
 		return nil
 	}
+	opts := x509.VerifyOptions{
+		CurrentTime: c.config.time(),
+		Roots:       c.config.ClientCAs,
+		KeyUsages:   []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+	}
 	if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
-		!anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) {
+		!anyValidVerifiedChain(sessionState.verifiedChains, opts) {
 		return nil
 	}
 
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 8325c9fa..cbcf0129 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -2275,3 +2275,217 @@ func testHandshakeChainExpiryResumption(t *testing.T, version uint16) {
 	testExpiration("LeafExpiresBeforeRoot", now.Add(2*time.Hour), now.Add(3*time.Hour))
 	testExpiration("LeafExpiresAfterRoot", now.Add(2*time.Hour), now.Add(time.Hour))
 }
+
+func TestHandshakeGetConfigForClientDifferentClientCAs(t *testing.T) {
+	t.Run("TLS1.2", func(t *testing.T) {
+		testHandshakeGetConfigForClientDifferentClientCAs(t, VersionTLS12)
+	})
+	t.Run("TLS1.3", func(t *testing.T) {
+		testHandshakeGetConfigForClientDifferentClientCAs(t, VersionTLS13)
+	})
+}
+
+func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uint16) {
+	now := time.Now()
+	tmpl := &x509.Certificate{
+		Subject:               pkix.Name{CommonName: "root"},
+		NotBefore:             now.Add(-time.Hour * 24),
+		NotAfter:              now.Add(time.Hour * 24),
+		IsCA:                  true,
+		BasicConstraintsValid: true,
+	}
+	rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	rootA, err := x509.ParseCertificate(rootDER)
+	if err != nil {
+		t.Fatalf("ParseCertificate: %v", err)
+	}
+	rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	rootB, err := x509.ParseCertificate(rootDER)
+	if err != nil {
+		t.Fatalf("ParseCertificate: %v", err)
+	}
+
+	tmpl = &x509.Certificate{
+		Subject:   pkix.Name{},
+		DNSNames:  []string{"example.com"},
+		NotBefore: now.Add(-time.Hour * 24),
+		NotAfter:  now.Add(time.Hour * 24),
+		KeyUsage:  x509.KeyUsageDigitalSignature,
+	}
+	certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+
+	serverConfig := testConfig.Clone()
+	serverConfig.MaxVersion = version
+	serverConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{certDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	serverConfig.Time = func() time.Time {
+		return now
+	}
+	serverConfig.ClientCAs = x509.NewCertPool()
+	serverConfig.ClientCAs.AddCert(rootA)
+	serverConfig.ClientAuth = RequireAndVerifyClientCert
+	switchConfig := false
+	serverConfig.GetConfigForClient = func(clientHello *ClientHelloInfo) (*Config, error) {
+		if !switchConfig {
+			return nil, nil
+		}
+		cfg := serverConfig.Clone()
+		cfg.ClientCAs = x509.NewCertPool()
+		cfg.ClientCAs.AddCert(rootB)
+		return cfg, nil
+	}
+	serverConfig.InsecureSkipVerify = false
+	serverConfig.ServerName = "example.com"
+
+	clientConfig := testConfig.Clone()
+	clientConfig.MaxVersion = version
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{certDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
+	clientConfig.RootCAs = x509.NewCertPool()
+	clientConfig.RootCAs.AddCert(rootA)
+	clientConfig.Time = func() time.Time {
+		return now
+	}
+	clientConfig.InsecureSkipVerify = false
+	clientConfig.ServerName = "example.com"
+
+	testResume := func(t *testing.T, sc, cc *Config, expectResume bool) {
+		t.Helper()
+		ss, cs, err := testHandshake(t, cc, sc)
+		if err != nil {
+			t.Fatalf("handshake: %v", err)
+		}
+		if cs.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+		if ss.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+	}
+
+	testResume(t, serverConfig, clientConfig, false)
+	testResume(t, serverConfig, clientConfig, true)
+
+	// Cause GetConfigForClient to return a config cloned from the base config,
+	// but with a different ClientCAs pool. This should cause resumption to fail.
+	switchConfig = true
+
+	testResume(t, serverConfig, clientConfig, false)
+	testResume(t, serverConfig, clientConfig, true)
+}
+
+func TestHandshakeChangeRootCAsResumption(t *testing.T) {
+	t.Run("TLS1.2", func(t *testing.T) {
+		testHandshakeChangeRootCAsResumption(t, VersionTLS12)
+	})
+	t.Run("TLS1.3", func(t *testing.T) {
+		testHandshakeChangeRootCAsResumption(t, VersionTLS13)
+	})
+}
+
+func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) {
+	now := time.Now()
+	tmpl := &x509.Certificate{
+		Subject:               pkix.Name{CommonName: "root"},
+		NotBefore:             now.Add(-time.Hour * 24),
+		NotAfter:              now.Add(time.Hour * 24),
+		IsCA:                  true,
+		BasicConstraintsValid: true,
+	}
+	rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	rootA, err := x509.ParseCertificate(rootDER)
+	if err != nil {
+		t.Fatalf("ParseCertificate: %v", err)
+	}
+	rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	rootB, err := x509.ParseCertificate(rootDER)
+	if err != nil {
+		t.Fatalf("ParseCertificate: %v", err)
+	}
+
+	tmpl = &x509.Certificate{
+		Subject:   pkix.Name{},
+		DNSNames:  []string{"example.com"},
+		NotBefore: now.Add(-time.Hour * 24),
+		NotAfter:  now.Add(time.Hour * 24),
+		KeyUsage:  x509.KeyUsageDigitalSignature,
+	}
+	certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+
+	serverConfig := testConfig.Clone()
+	serverConfig.MaxVersion = version
+	serverConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{certDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	serverConfig.Time = func() time.Time {
+		return now
+	}
+	serverConfig.ClientCAs = x509.NewCertPool()
+	serverConfig.ClientCAs.AddCert(rootA)
+	serverConfig.ClientAuth = RequireAndVerifyClientCert
+	serverConfig.InsecureSkipVerify = false
+	serverConfig.ServerName = "example.com"
+
+	clientConfig := testConfig.Clone()
+	clientConfig.MaxVersion = version
+	clientConfig.Certificates = []Certificate{{
+		Certificate: [][]byte{certDER},
+		PrivateKey:  testECDSAPrivateKey,
+	}}
+	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
+	clientConfig.RootCAs = x509.NewCertPool()
+	clientConfig.RootCAs.AddCert(rootA)
+	clientConfig.Time = func() time.Time {
+		return now
+	}
+	clientConfig.InsecureSkipVerify = false
+	clientConfig.ServerName = "example.com"
+
+	testResume := func(t *testing.T, sc, cc *Config, expectResume bool) {
+		t.Helper()
+		ss, cs, err := testHandshake(t, cc, sc)
+		if err != nil {
+			t.Fatalf("handshake: %v", err)
+		}
+		if cs.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+		if ss.DidResume != expectResume {
+			t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume)
+		}
+	}
+
+	testResume(t, serverConfig, clientConfig, false)
+	testResume(t, serverConfig, clientConfig, true)
+
+	clientConfig = clientConfig.Clone()
+	clientConfig.RootCAs = x509.NewCertPool()
+	clientConfig.RootCAs.AddCert(rootB)
+
+	testResume(t, serverConfig, clientConfig, false)
+	testResume(t, serverConfig, clientConfig, true)
+}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index 11dbaa9f..bce94ed2 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -14,6 +14,7 @@ import (
 	"crypto/internal/fips140/tls13"
 	"crypto/rsa"
 	"crypto/tls/internal/fips140tls"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"hash"
@@ -369,8 +370,13 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
 		if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
 			continue
 		}
+		opts := x509.VerifyOptions{
+			CurrentTime: c.config.time(),
+			Roots:       c.config.ClientCAs,
+			KeyUsages:   []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
+		}
 		if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
-			!anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) {
+			!anyValidVerifiedChain(sessionState.verifiedChains, opts) {
 			continue
 		}
 

From 2cf02ea60a408820b6a867c64b6d77227447f344 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Fri, 30 Jan 2026 18:07:23 +0100
Subject: [PATCH 91/95] [release-branch.go1.26] crypto/tls: revalidate whole
 chain on resumption on Windows and macOS

TestHandshakeChangeRootCAsResumption and TestHandshakeGetConfigForClientDifferentClientCAs
changed because previously rootA and rootB shared Subject and SPKI,
which made the new full-chain revalidation check succeed, as the
same leaf would verify against both roots.

Updates #77376
Fixes #77426

Cq-Include-Trybots: luci.golang.try:go1.26-darwin-arm64-longtest
Change-Id: I60bed694bdc621c9e83f1bd8a8224c016a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/741361
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
(cherry picked from commit b691a2edc7f5863f61a07c4a4f087eef1a15a704)
Reviewed-on: https://go-review.googlesource.com/c/go/+/741680
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
---
 common.go                | 31 ++++++++++++++++++++++---------
 handshake_server_test.go | 28 ++++++++++++++++++++--------
 tls_test.go              | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 17 deletions(-)

diff --git a/common.go b/common.go
index dfd24d70..85a2a9e8 100644
--- a/common.go
+++ b/common.go
@@ -22,6 +22,7 @@ import (
 	"internal/godebug"
 	"io"
 	"net"
+	"runtime"
 	"slices"
 	"strings"
 	"sync"
@@ -1861,15 +1862,27 @@ func anyValidVerifiedChain(verifiedChains [][]*x509.Certificate, opts x509.Verif
 		}) {
 			continue
 		}
-		// Since we already validated the chain, we only care that it is
-		// rooted in a CA in CAs, or in the system pool. On platforms where
-		// we control chain validation (e.g. not Windows or macOS) this is a
-		// simple lookup in the CertPool internal hash map. On other
-		// platforms, this may be more expensive, depending on how they
-		// implement verification of just root certificates.
-		root := chain[len(chain)-1]
-		if _, err := root.Verify(opts); err == nil {
-			return true
+		// Since we already validated the chain, we only care that it is rooted
+		// in a CA in opts.Roots. On platforms where we control chain validation
+		// (e.g. not Windows or macOS) this is a simple lookup in the CertPool
+		// internal hash map, which we can simulate by running Verify on the
+		// root. On other platforms, we have to do full verification again,
+		// because EKU handling might differ. We will want to replace this with
+		// CertPool.Contains if/once that is available. See go.dev/issue/77376.
+		if runtime.GOOS == "windows" || runtime.GOOS == "darwin" || runtime.GOOS == "ios" {
+			opts.Intermediates = x509.NewCertPool()
+			for _, cert := range chain[1:max(1, len(chain)-1)] {
+				opts.Intermediates.AddCert(cert)
+			}
+			leaf := chain[0]
+			if _, err := leaf.Verify(opts); err == nil {
+				return true
+			}
+		} else {
+			root := chain[len(chain)-1]
+			if _, err := root.Verify(opts); err == nil {
+				return true
+			}
 		}
 	}
 	return false
diff --git a/handshake_server_test.go b/handshake_server_test.go
index cbcf0129..736bb831 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -2302,7 +2302,7 @@ func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uin
 	if err != nil {
 		t.Fatalf("ParseCertificate: %v", err)
 	}
-	rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testRSA2048PrivateKey.PublicKey, testRSA2048PrivateKey)
 	if err != nil {
 		t.Fatalf("CreateCertificate: %v", err)
 	}
@@ -2318,7 +2318,11 @@ func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uin
 		NotAfter:  now.Add(time.Hour * 24),
 		KeyUsage:  x509.KeyUsageDigitalSignature,
 	}
-	certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	certA, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	certB, err := x509.CreateCertificate(rand.Reader, tmpl, rootB, &testECDSAPrivateKey.PublicKey, testRSA2048PrivateKey)
 	if err != nil {
 		t.Fatalf("CreateCertificate: %v", err)
 	}
@@ -2326,7 +2330,7 @@ func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uin
 	serverConfig := testConfig.Clone()
 	serverConfig.MaxVersion = version
 	serverConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{certDER},
+		Certificate: [][]byte{certA},
 		PrivateKey:  testECDSAPrivateKey,
 	}}
 	serverConfig.Time = func() time.Time {
@@ -2351,7 +2355,7 @@ func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uin
 	clientConfig := testConfig.Clone()
 	clientConfig.MaxVersion = version
 	clientConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{certDER},
+		Certificate: [][]byte{certA},
 		PrivateKey:  testECDSAPrivateKey,
 	}}
 	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
@@ -2380,6 +2384,8 @@ func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uin
 	testResume(t, serverConfig, clientConfig, false)
 	testResume(t, serverConfig, clientConfig, true)
 
+	clientConfig.Certificates[0].Certificate = [][]byte{certB}
+
 	// Cause GetConfigForClient to return a config cloned from the base config,
 	// but with a different ClientCAs pool. This should cause resumption to fail.
 	switchConfig = true
@@ -2414,7 +2420,7 @@ func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) {
 	if err != nil {
 		t.Fatalf("ParseCertificate: %v", err)
 	}
-	rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testRSA2048PrivateKey.PublicKey, testRSA2048PrivateKey)
 	if err != nil {
 		t.Fatalf("CreateCertificate: %v", err)
 	}
@@ -2430,7 +2436,11 @@ func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) {
 		NotAfter:  now.Add(time.Hour * 24),
 		KeyUsage:  x509.KeyUsageDigitalSignature,
 	}
-	certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	certA, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey)
+	if err != nil {
+		t.Fatalf("CreateCertificate: %v", err)
+	}
+	certB, err := x509.CreateCertificate(rand.Reader, tmpl, rootB, &testECDSAPrivateKey.PublicKey, testRSA2048PrivateKey)
 	if err != nil {
 		t.Fatalf("CreateCertificate: %v", err)
 	}
@@ -2438,7 +2448,7 @@ func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) {
 	serverConfig := testConfig.Clone()
 	serverConfig.MaxVersion = version
 	serverConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{certDER},
+		Certificate: [][]byte{certA},
 		PrivateKey:  testECDSAPrivateKey,
 	}}
 	serverConfig.Time = func() time.Time {
@@ -2453,7 +2463,7 @@ func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) {
 	clientConfig := testConfig.Clone()
 	clientConfig.MaxVersion = version
 	clientConfig.Certificates = []Certificate{{
-		Certificate: [][]byte{certDER},
+		Certificate: [][]byte{certA},
 		PrivateKey:  testECDSAPrivateKey,
 	}}
 	clientConfig.ClientSessionCache = NewLRUClientSessionCache(32)
@@ -2486,6 +2496,8 @@ func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) {
 	clientConfig.RootCAs = x509.NewCertPool()
 	clientConfig.RootCAs.AddCert(rootB)
 
+	serverConfig.Certificates[0].Certificate = [][]byte{certB}
+
 	testResume(t, serverConfig, clientConfig, false)
 	testResume(t, serverConfig, clientConfig, true)
 }
diff --git a/tls_test.go b/tls_test.go
index 39ebb9d2..4513008a 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -572,6 +572,41 @@ func TestVerifyHostname(t *testing.T) {
 	}
 }
 
+func TestRealResumption(t *testing.T) {
+	testenv.MustHaveExternalNetwork(t)
+
+	config := &Config{
+		ServerName:         "yahoo.com",
+		ClientSessionCache: NewLRUClientSessionCache(0),
+	}
+
+	for range 10 {
+		conn, err := Dial("tcp", "yahoo.com:443", config)
+		if err != nil {
+			t.Log("Dial error:", err)
+			continue
+		}
+		// Do a read to consume the NewSessionTicket messages.
+		fmt.Fprintf(conn, "GET / HTTP/1.1\r\nHost: yahoo.com\r\nConnection: close\r\n\r\n")
+		conn.Read(make([]byte, 4096))
+		conn.Close()
+
+		conn, err = Dial("tcp", "yahoo.com:443", config)
+		if err != nil {
+			t.Log("second Dial error:", err)
+			continue
+		}
+		state := conn.ConnectionState()
+		conn.Close()
+
+		if state.DidResume {
+			return
+		}
+	}
+
+	t.Fatal("no connection used session resumption")
+}
+
 func TestConnCloseBreakingWrite(t *testing.T) {
 	ln := newLocalListener(t)
 	defer ln.Close()

From fd5128b529d4447e5d593082238fc2e20e67171a Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Thu, 29 Jan 2026 11:32:25 +0100
Subject: [PATCH 92/95] [release-branch.go1.26] crypto/tls: document resumption
 behavior across Configs

Updates #77113
Updates #77217
Updates CVE-2025-68121

Change-Id: Ia47904a9ed001275aad0243a6a0ce57e6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/740240
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
(cherry picked from commit 1c9abbdc8e9032cd613bd147c78b166ebacc8a2e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/741181
Auto-Submit: Michael Pratt <mpratt@google.com>
---
 common.go | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/common.go b/common.go
index 85a2a9e8..f6926f1a 100644
--- a/common.go
+++ b/common.go
@@ -633,10 +633,13 @@ type Config struct {
 	// If GetConfigForClient is nil, the Config passed to Server() will be
 	// used for all connections.
 	//
-	// If SessionTicketKey was explicitly set on the returned Config, or if
-	// SetSessionTicketKeys was called on the returned Config, those keys will
+	// If SessionTicketKey is explicitly set on the returned Config, or if
+	// SetSessionTicketKeys is called on the returned Config, those keys will
 	// be used. Otherwise, the original Config keys will be used (and possibly
-	// rotated if they are automatically managed).
+	// rotated if they are automatically managed). WARNING: this allows session
+	// resumtion of connections originally established with the parent (or a
+	// sibling) Config, which may bypass the [Config.VerifyPeerCertificate]
+	// value of the returned Config.
 	GetConfigForClient func(*ClientHelloInfo) (*Config, error)
 
 	// VerifyPeerCertificate, if not nil, is called after normal
@@ -654,8 +657,10 @@ type Config struct {
 	// rawCerts may be empty on the server if ClientAuth is RequestClientCert or
 	// VerifyClientCertIfGiven.
 	//
-	// This callback is not invoked on resumed connections, as certificates are
-	// not re-verified on resumption.
+	// This callback is not invoked on resumed connections. WARNING: this
+	// includes connections resumed across Configs returned by [Config.Clone] or
+	// [Config.GetConfigForClient] and their parents. If that is not intended,
+	// use [Config.VerifyConnection] instead, or set [Config.SessionTicketsDisabled].
 	//
 	// verifiedChains and its contents should not be modified.
 	VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
@@ -979,8 +984,15 @@ func (c *Config) ticketKeyFromBytes(b [32]byte) (key ticketKey) {
 // ticket, and the lifetime we set for all tickets we send.
 const maxSessionTicketLifetime = 7 * 24 * time.Hour
 
-// Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a [Config] that is
-// being used concurrently by a TLS client or server.
+// Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a
+// [Config] that is being used concurrently by a TLS client or server.
+//
+// The returned Config can share session ticket keys with the original Config,
+// which means connections could be resumed across the two Configs. WARNING:
+// [Config.VerifyPeerCertificate] does not get called on resumed connections,
+// including connections that were originally established on the parent Config.
+// If that is not intended, use [Config.VerifyConnection] instead, or set
+// [Config.SessionTicketsDisabled].
 func (c *Config) Clone() *Config {
 	if c == nil {
 		return nil

From 1c3a4d196a83f8a03bd8d93ef087b09f65c1def3 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Thu, 5 Feb 2026 15:56:13 -0800
Subject: [PATCH 93/95] [release-branch.go1.26] crypto/tls: avoid data race
 when canceling a QUICConn's Context

Methods on QUICConn are synchronous:
The connection state is expected to change only in reaction
to a user calling a QUICConn method, and the state change
should finish completely before the method returns.

The connection context provided to QUICConn.Start violates
this model, because canceling the context causes an
asynchronous state change.

Prior to CL 719040, this caused no problems because canceling
the context did not cause any user-visible state changes.
In particular, canceling the context did not cause any new
events to be immediately returned by QUICConn.NextEvent.

CL 719040 introduced a new error event. Now, canceling a
QUICConn's context causes a new connection event to be
generated.

Receiving this event causes a data race visible to the
race detector, but the core problem is not the data race
itself: It's that an asynchronous event (canceling the
connection context) causes an change to the connection
events.

Fix this race by reworking the handling of QUICConn
context cancellation a bit. We no longer react to
cancellation while control of the connection lies
with the user. We only process cancellation as
part of a user call, such as QUICConn.Close
or QUICConn.HandleData.

Fixes #77274

Change-Id: If2e0f73618c4852114e0931b6bd0cb0b6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/742561
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
(cherry picked from commit d4febb45179fa99ee1d5783bcb693ed7ba14115c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/742761
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 conn.go      |  2 +-
 quic.go      | 21 +++++++++------------
 quic_test.go | 19 +++++++++++++++++++
 3 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/conn.go b/conn.go
index a840125a..9c662ef8 100644
--- a/conn.go
+++ b/conn.go
@@ -1531,7 +1531,7 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
 	defer cancel()
 
 	if c.quic != nil {
-		c.quic.cancelc = handshakeCtx.Done()
+		c.quic.ctx = handshakeCtx
 		c.quic.cancel = cancel
 	} else if ctx.Done() != nil {
 		// Close the connection if ctx is canceled before the function returns.
diff --git a/quic.go b/quic.go
index 76b7eb2c..c7d8508a 100644
--- a/quic.go
+++ b/quic.go
@@ -162,7 +162,7 @@ type quicState struct {
 	started  bool
 	signalc  chan struct{}   // handshake data is available to be read
 	blockedc chan struct{}   // handshake is waiting for data, closed when done
-	cancelc  <-chan struct{} // handshake has been canceled
+	ctx      context.Context // handshake context
 	cancel   context.CancelFunc
 
 	waitingForDrain bool
@@ -261,10 +261,11 @@ func (q *QUICConn) NextEvent() QUICEvent {
 
 // Close closes the connection and stops any in-progress handshake.
 func (q *QUICConn) Close() error {
-	if q.conn.quic.cancel == nil {
+	if q.conn.quic.ctx == nil {
 		return nil // never started
 	}
 	q.conn.quic.cancel()
+	<-q.conn.quic.signalc
 	for range q.conn.quic.blockedc {
 		// Wait for the handshake goroutine to return.
 	}
@@ -511,20 +512,16 @@ func (c *Conn) quicWaitForSignal() error {
 	// Send on blockedc to notify the QUICConn that the handshake is blocked.
 	// Exported methods of QUICConn wait for the handshake to become blocked
 	// before returning to the user.
-	select {
-	case c.quic.blockedc <- struct{}{}:
-	case <-c.quic.cancelc:
-		return c.sendAlertLocked(alertCloseNotify)
-	}
+	c.quic.blockedc <- struct{}{}
 	// The QUICConn reads from signalc to notify us that the handshake may
 	// be able to proceed. (The QUICConn reads, because we close signalc to
 	// indicate that the handshake has completed.)
-	select {
-	case c.quic.signalc <- struct{}{}:
-		c.hand.Write(c.quic.readbuf)
-		c.quic.readbuf = nil
-	case <-c.quic.cancelc:
+	c.quic.signalc <- struct{}{}
+	if c.quic.ctx.Err() != nil {
+		// The connection has been canceled.
 		return c.sendAlertLocked(alertCloseNotify)
 	}
+	c.hand.Write(c.quic.readbuf)
+	c.quic.readbuf = nil
 	return nil
 }
diff --git a/quic_test.go b/quic_test.go
index bd0eaa4d..0cf8b337 100644
--- a/quic_test.go
+++ b/quic_test.go
@@ -11,6 +11,7 @@ import (
 	"fmt"
 	"reflect"
 	"strings"
+	"sync"
 	"testing"
 )
 
@@ -480,6 +481,24 @@ func TestQUICStartContextPropagation(t *testing.T) {
 	}
 }
 
+func TestQUICContextCancelation(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	config := &QUICConfig{TLSConfig: testConfig.Clone()}
+	config.TLSConfig.MinVersion = VersionTLS13
+	cli := newTestQUICClient(t, config)
+	cli.conn.SetTransportParameters(nil)
+	srv := newTestQUICServer(t, config)
+	srv.conn.SetTransportParameters(nil)
+	// Verify that canceling the connection context concurrently does not cause any races.
+	// See https://go.dev/issue/77274.
+	var wg sync.WaitGroup
+	wg.Go(func() {
+		_ = runTestQUICConnection(ctx, cli, srv, nil)
+	})
+	wg.Go(cancel)
+	wg.Wait()
+}
+
 func TestQUICDelayedTransportParameters(t *testing.T) {
 	clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
 	clientConfig.TLSConfig.MinVersion = VersionTLS13

From 9104d1f33902b6bd4bc09eba58ea9ae1166f16b1 Mon Sep 17 00:00:00 2001
From: Mingye Chen <mingye.chen@colorado.edu>
Date: Sun, 1 Mar 2026 18:47:51 -0700
Subject: [PATCH 94/95] fix: remove tests with tlssha1=1

---
 auth_test.go | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/auth_test.go b/auth_test.go
index d597df2b..0886d062 100644
--- a/auth_test.go
+++ b/auth_test.go
@@ -42,23 +42,17 @@ func TestSignatureSelection(t *testing.T) {
 		expectedHash    crypto.Hash
 	}{
 		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, "", PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
-		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, "tlssha1=1", PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
 		{rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, "", PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
 		{rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, "", PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
 		{pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, "", PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
 		{rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, "", PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
 		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PSSWithSHA384}, VersionTLS13, "", PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
 		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1, ECDSAWithP256AndSHA256}, VersionTLS12, "", ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
-		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, "tlssha1=1", ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
 		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, "", ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
 		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, "", ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
 		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, "", Ed25519, signatureEd25519, directSigning},
 		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, "", Ed25519, signatureEd25519, directSigning},
 
-		// TLS 1.2 without signature_algorithms extension
-		{rsaCert, nil, VersionTLS12, "tlssha1=1", PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
-		{ecdsaCert, nil, VersionTLS12, "tlssha1=1", ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
-
 		// TLS 1.2 does not restrict the ECDSA curve (our ecdsaCert is P-256)
 		{ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, "", ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384},
 	}

From 98f1bbc64c300c3b90c49ef7f54411e520fdfac7 Mon Sep 17 00:00:00 2001
From: Mingye Chen <mingye.chen@colorado.edu>
Date: Wed, 11 Mar 2026 16:53:11 -0600
Subject: [PATCH 95/95] fix: ech broken after sync

---
 ech.go                |   3 +
 handshake_client.go   |   3 +
 key_schedule.go       |  38 ++++++++++--
 u_clone.go            | 137 ++++++++++++++++++++++++++++++++++++++++++
 u_conn.go             |   1 +
 u_handshake_client.go |   9 ++-
 u_parrots.go          |   7 +--
 u_parrots_test.go     | 132 ++++++++++++++++++++++++++++++++++++++++
 8 files changed, 317 insertions(+), 13 deletions(-)
 create mode 100644 u_clone.go

diff --git a/ech.go b/ech.go
index 3177e6d2..faea7512 100644
--- a/ech.go
+++ b/ech.go
@@ -429,6 +429,9 @@ func computeAndUpdateOuterECHExtension(outer, inner *clientHelloMsg, ech *echCli
 	if err != nil {
 		return err
 	}
+	//[uTLS] SECTION START
+	ech.encodedInner = bytes.Clone(encodedInner)
+	//[uTLS] SECTION END
 	// NOTE: the tag lengths for all of the supported AEADs are the same (16
 	// bytes), so we have hardcoded it here. If we add support for another AEAD
 	// with a different tag length, we will need to change this.
diff --git a/handshake_client.go b/handshake_client.go
index 0f4850f9..391e0a63 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -214,6 +214,9 @@ type echClientContext struct {
 	config          *echConfig
 	hpkeContext     *hpke.Sender
 	encapsulatedKey []byte
+	//[uTLS] SECTION START
+	encodedInner []byte
+	//[uTLS] SECTION END
 	innerHello      *clientHelloMsg
 	innerTranscript hash.Hash
 	kdfID           uint16
diff --git a/key_schedule.go b/key_schedule.go
index c355457a..96563695 100644
--- a/key_schedule.go
+++ b/key_schedule.go
@@ -109,12 +109,12 @@ func keyExchangeForCurveID(id CurveID) (keyExchange, error) {
 		return &hybridKeyExchange{id, ecdhKeyExchange{CurveP384, ecdh.P384()},
 			97, mlkem.EncapsulationKeySize1024, mlkem.CiphertextSize1024,
 			newMLKEMPrivateKey1024, newMLKEMPublicKey1024}, nil
-	// [uTLS] SECTION BEGIN
+	//[uTLS] SECTION START
 	case X25519Kyber768Draft00:
 		return &hybridKeyExchange{id, ecdhKeyExchange{X25519, ecdh.X25519()},
 			32, mlkem.EncapsulationKeySize768, mlkem.CiphertextSize768,
 			newMLKEMPrivateKey768, newMLKEMPublicKey768}, nil
-	// [uTLS] SECTION END
+	//[uTLS] SECTION END
 	default:
 		return nil, errors.New("tls: unsupported key exchange")
 	}
@@ -150,11 +150,29 @@ func (ke *ecdhKeyExchange) serverSharedSecret(rand io.Reader, clientKeyShare []b
 }
 
 func (ke *ecdhKeyExchange) clientSharedSecret(priv *keySharePrivateKeys, serverKeyShare []byte) ([]byte, error) {
+	//[uTLS] SECTION START
+	return ke.clientSharedSecretChooseEcdhe(priv, serverKeyShare, false)
+}
+
+func (ke *ecdhKeyExchange) clientSharedSecretChooseEcdhe(priv *keySharePrivateKeys, serverKeyShare []byte, useSeperateEcdhe bool) ([]byte, error) {
+	//[uTLS] SECTION END
 	peerKey, err := ke.curve.NewPublicKey(serverKeyShare)
 	if err != nil {
 		return nil, err
 	}
-	sharedKey, err := priv.ecdhe.ECDH(peerKey)
+	//[uTLS] SECTION START
+	ecdhe := priv.ecdhe
+	if useSeperateEcdhe {
+		if priv.mlkemEcdhe == nil {
+			return nil, errors.New("tls: missing separate hybrid ECDHE private key")
+		}
+		ecdhe = priv.mlkemEcdhe
+	}
+	if ecdhe == nil {
+		return nil, errors.New("tls: missing ECDHE private key")
+	}
+	sharedKey, err := ecdhe.ECDH(peerKey)
+	//[uTLS] SECTION END
 	if err != nil {
 		return nil, err
 	}
@@ -219,6 +237,11 @@ func (ke *hybridKeyExchange) serverSharedSecret(rand io.Reader, clientKeyShare [
 		return nil, keyShare{}, err
 	}
 	mlkemSharedSecret, mlkemKeyShare := mlkemPeerKey.Encapsulate()
+	//[uTLS] SECTION START
+	if ke.id == X25519Kyber768Draft00 {
+		mlkemSharedSecret = kyberSharedSecret(mlkemKeyShare, mlkemSharedSecret)
+	}
+	//[uTLS] SECTION END
 	var sharedKey []byte
 	if ke.id == X25519MLKEM768 {
 		sharedKey = append(mlkemSharedSecret, ecdhSharedSecret...)
@@ -243,16 +266,19 @@ func (ke *hybridKeyExchange) clientSharedSecret(priv *keySharePrivateKeys, serve
 		ecdhShareData = serverKeyShare[:ke.ecdhElementSize]
 		mlkemShareData = serverKeyShare[ke.ecdhElementSize:]
 	}
-	ecdhSharedSecret, err := ke.ecdh.clientSharedSecret(priv, ecdhShareData)
+	//[uTLS] SECTION START
+	useSeperateEcdhe := ke.id == X25519Kyber768Draft00 || priv.mlkemEcdhe != nil
+	ecdhSharedSecret, err := ke.ecdh.clientSharedSecretChooseEcdhe(priv, ecdhShareData, useSeperateEcdhe)
+	//[uTLS] SECTION END
 	if err != nil {
 		return nil, err
 	}
 	mlkemSharedSecret, err := priv.mlkem.Decapsulate(mlkemShareData)
-	// [uTLS] SECTION BEGIN
+	//[uTLS] SECTION START
 	if ke.id == X25519Kyber768Draft00 {
 		mlkemSharedSecret = kyberSharedSecret(mlkemShareData, mlkemSharedSecret)
 	}
-	// [uTLS] SECTION END
+	//[uTLS] SECTION END
 	if err != nil {
 		return nil, err
 	}
diff --git a/u_clone.go b/u_clone.go
new file mode 100644
index 00000000..cc7082a0
--- /dev/null
+++ b/u_clone.go
@@ -0,0 +1,137 @@
+package tls
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// clone returns a deep copy of the ClientHelloSpec and its extension state.
+// Function values are reused as-is.
+func (chs *ClientHelloSpec) clone() *ClientHelloSpec {
+	if chs == nil {
+		return nil
+	}
+
+	cloned := deepCloneValue(reflect.ValueOf(chs), make(map[deepCloneVisit]reflect.Value))
+	return cloned.Interface().(*ClientHelloSpec)
+}
+
+type deepCloneVisit struct {
+	ptr uintptr
+	typ reflect.Type
+}
+
+func deepCloneValue(v reflect.Value, seen map[deepCloneVisit]reflect.Value) reflect.Value {
+	if !v.IsValid() {
+		return v
+	}
+	v = addressableValue(v)
+
+	if cloned, ok := seenValue(v, seen); ok {
+		return cloned
+	}
+
+	switch v.Kind() {
+	case reflect.Pointer:
+		if v.IsNil() {
+			return reflect.Zero(v.Type())
+		}
+
+		cloned := reflect.New(v.Type().Elem())
+		recordClone(v, cloned, seen)
+		cloned.Elem().Set(deepCloneValue(v.Elem(), seen))
+		return cloned
+	case reflect.Interface:
+		if v.IsNil() {
+			return reflect.Zero(v.Type())
+		}
+
+		clonedValue := deepCloneValue(v.Elem(), seen)
+		cloned := reflect.New(v.Type()).Elem()
+		cloned.Set(clonedValue)
+		return cloned
+	case reflect.Struct:
+		cloned := reflect.New(v.Type()).Elem()
+		for i := 0; i < v.NumField(); i++ {
+			addressableValue(cloned.Field(i)).Set(deepCloneValue(v.Field(i), seen))
+		}
+		return cloned
+	case reflect.Slice:
+		if v.IsNil() {
+			return reflect.Zero(v.Type())
+		}
+
+		cloned := reflect.MakeSlice(v.Type(), v.Len(), v.Cap())
+		recordClone(v, cloned, seen)
+		for i := 0; i < v.Len(); i++ {
+			cloned.Index(i).Set(deepCloneValue(v.Index(i), seen))
+		}
+		return cloned
+	case reflect.Array:
+		cloned := reflect.New(v.Type()).Elem()
+		for i := 0; i < v.Len(); i++ {
+			addressableValue(cloned.Index(i)).Set(deepCloneValue(v.Index(i), seen))
+		}
+		return cloned
+	case reflect.Map:
+		if v.IsNil() {
+			return reflect.Zero(v.Type())
+		}
+
+		cloned := reflect.MakeMapWithSize(v.Type(), v.Len())
+		recordClone(v, cloned, seen)
+		iter := v.MapRange()
+		for iter.Next() {
+			cloned.SetMapIndex(deepCloneValue(iter.Key(), seen), deepCloneValue(iter.Value(), seen))
+		}
+		return cloned
+	default:
+		return v
+	}
+}
+
+func seenValue(v reflect.Value, seen map[deepCloneVisit]reflect.Value) (reflect.Value, bool) {
+	visit, ok := deepCloneVisitFor(v)
+	if !ok {
+		return reflect.Value{}, false
+	}
+
+	cloned, ok := seen[visit]
+	return cloned, ok
+}
+
+func recordClone(v reflect.Value, cloned reflect.Value, seen map[deepCloneVisit]reflect.Value) {
+	visit, ok := deepCloneVisitFor(v)
+	if !ok {
+		return
+	}
+	seen[visit] = cloned
+}
+
+func deepCloneVisitFor(v reflect.Value) (deepCloneVisit, bool) {
+	if !v.IsValid() {
+		return deepCloneVisit{}, false
+	}
+
+	switch v.Kind() {
+	case reflect.Pointer, reflect.Map:
+		if v.IsNil() {
+			return deepCloneVisit{}, false
+		}
+		return deepCloneVisit{ptr: v.Pointer(), typ: v.Type()}, true
+	case reflect.Slice:
+		if v.IsNil() || v.Pointer() == 0 {
+			return deepCloneVisit{}, false
+		}
+		return deepCloneVisit{ptr: v.Pointer(), typ: v.Type()}, true
+	default:
+		return deepCloneVisit{}, false
+	}
+}
+
+func addressableValue(v reflect.Value) reflect.Value {
+	if !v.IsValid() || v.CanSet() || !v.CanAddr() {
+		return v
+	}
+	return reflect.NewAt(v.Type(), unsafe.Pointer(v.UnsafeAddr())).Elem()
+}
diff --git a/u_conn.go b/u_conn.go
index d4f796b5..d8456769 100644
--- a/u_conn.go
+++ b/u_conn.go
@@ -503,6 +503,7 @@ func (uconn *UConn) computeAndUpdateOuterECHExtension(inner *clientHelloMsg, ech
 	if err != nil {
 		return err
 	}
+	ech.encodedInner = bytes.Clone(encodedInner)
 
 	encryptedLen := len(encodedInner) + 16
 	outerECHExt, err := generateOuterECHExt(ech.config.ConfigID, ech.kdfID, ech.aeadID, encapKey, make([]byte, encryptedLen))
diff --git a/u_handshake_client.go b/u_handshake_client.go
index 395e014b..27ce4854 100644
--- a/u_handshake_client.go
+++ b/u_handshake_client.go
@@ -559,9 +559,12 @@ func (c *UConn) clientHandshake(ctx context.Context) (err error) {
 func (c *UConn) echTranscriptMsg(outer *clientHelloMsg, echCtx *echClientContext) (err error) {
 	// Recreate the inner ClientHello from its compressed form using server's decodeInnerClientHello function.
 	// See https://github.com/refraction-networking/utls/blob/e430876b1d82fdf582efc57f3992d448e7ab3d8a/ech.go#L276-L283
-	encodedInner, err := encodeInnerClientHelloReorderOuterExts(echCtx.innerHello, int(echCtx.config.MaxNameLength), c.extensionsList())
-	if err != nil {
-		return err
+	encodedInner := echCtx.encodedInner
+	if encodedInner == nil {
+		encodedInner, err = encodeInnerClientHelloReorderOuterExts(echCtx.innerHello, int(echCtx.config.MaxNameLength), c.extensionsList())
+		if err != nil {
+			return err
+		}
 	}
 
 	decodedInner, err := decodeInnerClientHello(outer, encodedInner)
diff --git a/u_parrots.go b/u_parrots.go
index 3b088d5d..95c06545 100644
--- a/u_parrots.go
+++ b/u_parrots.go
@@ -3005,10 +3005,10 @@ func (uconn *UConn) applyPresetByID(id ClientHelloID) (err error) {
 }
 
 // ApplyPreset should only be used in conjunction with HelloCustom to apply custom specs.
-// Fields of TLSExtensions that are slices/pointers are shared across different connections with
-// same ClientHelloSpec. It is advised to use different specs and avoid any shared state.
+// The provided ClientHelloSpec is cloned before per-connection handshake state is applied.
 func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error {
 	var err error
+	p = p.clone()
 
 	err = uconn.SetTLSVers(p.TLSVersMin, p.TLSVersMax, p.Extensions)
 	if err != nil {
@@ -3082,8 +3082,7 @@ func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error {
 		uconn.HandshakeState.Hello.SessionId = sessionID[:]
 	}
 
-	uconn.Extensions = make([]TLSExtension, len(p.Extensions))
-	copy(uconn.Extensions, p.Extensions)
+	uconn.Extensions = p.Extensions
 
 	// Check whether NPN extension actually exists
 	var haveNPN bool
diff --git a/u_parrots_test.go b/u_parrots_test.go
index a5305e38..c600cd3a 100644
--- a/u_parrots_test.go
+++ b/u_parrots_test.go
@@ -2,6 +2,7 @@ package tls
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"net"
 	"testing"
 )
@@ -154,3 +155,134 @@ func TestHybridClassicalKeySharesAreIndependentByDefault(t *testing.T) {
 		t.Fatal("expected independent keyshares by default: hybrid/classical ECDHE private keys should differ")
 	}
 }
+
+func TestClientHelloSpecCloneDeepCopy(t *testing.T) {
+	cachedLength := 17
+	spec := &ClientHelloSpec{
+		CipherSuites:       []uint16{TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384},
+		CompressionMethods: []uint8{compressionNone},
+		TLSVersMin:         VersionTLS12,
+		TLSVersMax:         VersionTLS13,
+		GetSessionID:       sha256.Sum256,
+		Extensions: []TLSExtension{
+			&KeyShareExtension{
+				KeyShares: []KeyShare{
+					{Group: X25519, Data: []byte{1, 2, 3}},
+				},
+			},
+			&GREASEEncryptedClientHelloExtension{
+				CandidateCipherSuites: []HPKESymmetricCipherSuite{{KdfId: 1, AeadId: 2}},
+				CandidateConfigIds:    []uint8{3},
+				EncapsulatedKey:       []byte{4, 5},
+				CandidatePayloadLens:  []uint16{6},
+				payload:               []byte{7, 8},
+			},
+			&UtlsPreSharedKeyExtension{
+				PreSharedKeyCommon: PreSharedKeyCommon{
+					EarlySecret: []byte{9},
+					BinderKey:   []byte{10},
+					Identities: []PskIdentity{{
+						Label:               []byte{11, 12},
+						ObfuscatedTicketAge: 13,
+					}},
+					Binders: [][]byte{{14, 15}},
+				},
+				cachedLength: &cachedLength,
+				OmitEmptyPsk: true,
+			},
+		},
+	}
+
+	cloned := spec.clone()
+	if cloned == spec {
+		t.Fatal("expected Clone to allocate a new ClientHelloSpec")
+	}
+
+	cloned.CipherSuites[0] = TLS_CHACHA20_POLY1305_SHA256
+	if spec.CipherSuites[0] == TLS_CHACHA20_POLY1305_SHA256 {
+		t.Fatal("expected CipherSuites to be deep copied")
+	}
+
+	clonedKeyShare := cloned.Extensions[0].(*KeyShareExtension)
+	originalKeyShare := spec.Extensions[0].(*KeyShareExtension)
+	if clonedKeyShare == originalKeyShare {
+		t.Fatal("expected KeyShareExtension to be deep copied")
+	}
+	clonedKeyShare.KeyShares[0].Data[0] = 99
+	if originalKeyShare.KeyShares[0].Data[0] == 99 {
+		t.Fatal("expected KeyShareExtension key data to be deep copied")
+	}
+
+	clonedECH := cloned.Extensions[1].(*GREASEEncryptedClientHelloExtension)
+	originalECH := spec.Extensions[1].(*GREASEEncryptedClientHelloExtension)
+	if clonedECH == originalECH {
+		t.Fatal("expected GREASEEncryptedClientHelloExtension to be deep copied")
+	}
+	clonedECH.EncapsulatedKey[0] = 88
+	clonedECH.payload[0] = 77
+	if originalECH.EncapsulatedKey[0] == 88 || originalECH.payload[0] == 77 {
+		t.Fatal("expected GREASE ECH extension buffers to be deep copied")
+	}
+
+	clonedPSK := cloned.Extensions[2].(*UtlsPreSharedKeyExtension)
+	originalPSK := spec.Extensions[2].(*UtlsPreSharedKeyExtension)
+	if clonedPSK == originalPSK {
+		t.Fatal("expected UtlsPreSharedKeyExtension to be deep copied")
+	}
+	if clonedPSK.cachedLength == originalPSK.cachedLength {
+		t.Fatal("expected UtlsPreSharedKeyExtension cachedLength to be deep copied")
+	}
+	clonedPSK.Identities[0].Label[0] = 66
+	clonedPSK.Binders[0][0] = 55
+	*clonedPSK.cachedLength = 44
+	if originalPSK.Identities[0].Label[0] == 66 || originalPSK.Binders[0][0] == 55 || *originalPSK.cachedLength == 44 {
+		t.Fatal("expected UtlsPreSharedKeyExtension nested state to be deep copied")
+	}
+
+	if cloned.GetSessionID == nil {
+		t.Fatal("expected GetSessionID function to be preserved")
+	}
+}
+
+func TestApplyPresetDoesNotMutateOriginalSpec(t *testing.T) {
+	spec := ClientHelloSpec{
+		TLSVersMin: VersionTLS12,
+		TLSVersMax: VersionTLS13,
+		CipherSuites: []uint16{
+			TLS_AES_128_GCM_SHA256,
+		},
+		CompressionMethods: []uint8{compressionNone},
+		Extensions: []TLSExtension{
+			&SupportedCurvesExtension{
+				Curves: []CurveID{
+					X25519MLKEM768,
+					X25519,
+				},
+			},
+			&KeyShareExtension{
+				KeyShares: []KeyShare{
+					{Group: X25519MLKEM768},
+					{Group: X25519},
+				},
+			},
+			&SupportedVersionsExtension{
+				Versions: []uint16{
+					VersionTLS13,
+					VersionTLS12,
+				},
+			},
+		},
+	}
+
+	uconn := newTestUConnWithIncrementingRand()
+	if err := uconn.ApplyPreset(&spec); err != nil {
+		t.Fatalf("unexpected error applying spec: %v", err)
+	}
+
+	keyShareExt := findKeyShareExtension(t, spec.Extensions)
+	for _, keyShare := range keyShareExt.KeyShares {
+		if len(keyShare.Data) != 0 {
+			t.Fatal("expected ApplyPreset to leave the original ClientHelloSpec unchanged")
+		}
+	}
+}