1The February 9th, 1995 version of the SSL document differs from 2https://www.netscape.com in the following ways. 3===== 4The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is 5KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID] 6not 7KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID] 8as specified in the documentation. 9===== 10From the section 2.6 Server Only Protocol Messages 11 12If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE, 13CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. 14 15This is not true for https://www.netscape.com. The CERTIFICATE-TYPE 16is returned as 1. 17===== 18I have not tested the following but it is reported by holtzman@mit.edu. 19 20SSLref clients wait to recieve a server-verify before they send a 21client-finished. Besides this not being evident from the examples in 222.2.1, it makes more sense to always send all packets you can before 23reading. SSLeay was waiting in the server to recieve a client-finish 24before sending the server-verify :-). I have changed SSLeay to send a 25server-verify before trying to read the client-finished. 26 27