1*ebfedea0SLionel SambucThe February 9th, 1995 version of the SSL document differs from 2*ebfedea0SLionel Sambuchttps://www.netscape.com in the following ways. 3*ebfedea0SLionel Sambuc===== 4*ebfedea0SLionel SambucThe key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is 5*ebfedea0SLionel SambucKEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID] 6*ebfedea0SLionel Sambucnot 7*ebfedea0SLionel SambucKEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID] 8*ebfedea0SLionel Sambucas specified in the documentation. 9*ebfedea0SLionel Sambuc===== 10*ebfedea0SLionel SambucFrom the section 2.6 Server Only Protocol Messages 11*ebfedea0SLionel Sambuc 12*ebfedea0SLionel SambucIf the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE, 13*ebfedea0SLionel SambucCERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. 14*ebfedea0SLionel Sambuc 15*ebfedea0SLionel SambucThis is not true for https://www.netscape.com. The CERTIFICATE-TYPE 16*ebfedea0SLionel Sambucis returned as 1. 17*ebfedea0SLionel Sambuc===== 18*ebfedea0SLionel SambucI have not tested the following but it is reported by holtzman@mit.edu. 19*ebfedea0SLionel Sambuc 20*ebfedea0SLionel SambucSSLref clients wait to recieve a server-verify before they send a 21*ebfedea0SLionel Sambucclient-finished. Besides this not being evident from the examples in 22*ebfedea0SLionel Sambuc2.2.1, it makes more sense to always send all packets you can before 23*ebfedea0SLionel Sambucreading. SSLeay was waiting in the server to recieve a client-finish 24*ebfedea0SLionel Sambucbefore sending the server-verify :-). I have changed SSLeay to send a 25*ebfedea0SLionel Sambucserver-verify before trying to read the client-finished. 26*ebfedea0SLionel Sambuc 27