[release-branch.go1.12] crypto/tls: don't select RSA-PSS for client certificates in TLS 1.2

In https://golang.org/cl/160998, RSA-PSS was disabled for (most of) TLS 1.2. One place where we can't disable it is in a Client Hello which offers both TLS 1.2 and 1.3: RSA-PSS is required by TLS 1.3, so to offer TLS 1.3 we need to offer RSA-PSS, even if the server might select TLS 1.2. The good news is that we want to disable RSA-PSS mostly when we are the signing side, as that's where broken crypto.Signer implementations will bite us. So we can announce RSA-PSS in the Client Hello, tolerate the server picking TLS 1.2 and RSA-PSS for their signatures, but still not do RSA-PSS on our side if asked to provide a client certificate. Client-TLSv12-ClientCert-RSA-PSS-Disabled changed because it was indeed actually using RSA-PSS. Updates #30055 Change-Id: I5ecade744b666433b37847abf55e1f08089b21d4 Reviewed-on: https://go-review.googlesource.com/c/163039Reviewed-by: Andrew Bonventre <andybons@golang.org> Reviewed-by: Adam Langley <agl@golang.org>

[release-branch.go1.12] crypto/tls: don't select RSA-PSS for client certificates in TLS 1.2
In https://golang.org/cl/160998, RSA-PSS was disabled for (most of) TLS 1.2. One place where we can't disable it is in a Client Hello which offers both TLS 1.2 and 1.3: RSA-PSS is required by TLS 1.3, so to offer TLS 1.3 we need to offer RSA-PSS, even if the server might select TLS 1.2. The good news is that we want to disable RSA-PSS mostly when we are the signing side, as that's where broken crypto.Signer implementations will bite us. So we can announce RSA-PSS in the Client Hello, tolerate the server picking TLS 1.2 and RSA-PSS for their signatures, but still not do RSA-PSS on our side if asked to provide a client certificate. Client-TLSv12-ClientCert-RSA-PSS-Disabled changed because it was indeed actually using RSA-PSS. Updates #30055 Change-Id: I5ecade744b666433b37847abf55e1f08089b21d4 Reviewed-on: https://go-review.googlesource.com/c/163039Reviewed-by: Andrew Bonventre <andybons@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
320da8d1 · Filippo Valsorda · b840ae1e · 320da8d1 · 320da8d1 · 320da8d1
Commit 320da8d1 authored Feb 19, 2019 by Filippo Valsorda
4 changed files
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -573,7 +573,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 			return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey)
 		}

-		signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, hs.hello.supportedSignatureAlgorithms, c.vers)
+		signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, c.vers)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err

--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -873,10 +873,41 @@ func TestHandshakeClientCertPSSDisabled(t *testing.T) {
 	supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12

 	// Use t.Run to ensure the defer runs after all parallel tests end.
-	t.Run("", func(t *testing.T) {
+	t.Run("1024", func(t *testing.T) {
 		runClientTestTLS12(t, test)
 		runClientTestTLS13(t, test)
 	})
+
+	// Use a 512-bit key to check that the TLS 1.2 handshake is actually using
+	// PKCS#1 v1.5. PSS would be failing here.
+	cert, err := X509KeyPair([]byte(`-----BEGIN CERTIFICATE-----
+MIIBcTCCARugAwIBAgIQGjQnkCFlUqaFlt6ixyz/tDANBgkqhkiG9w0BAQsFADAS
+MRAwDgYDVQQKEwdBY21lIENvMB4XDTE5MDExODIzMjMyOFoXDTIwMDExODIzMjMy
+OFowEjEQMA4GA1UEChMHQWNtZSBDbzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDd
+ez1rFUDwax2HTxbcnFUP9AhcgEGMHVV2nn4VVEWFJB6I8C/Nkx0XyyQlrmFYBzEQ
+nIPhKls4T0hFoLvjJnXpAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
+DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUu
+Y29tMA0GCSqGSIb3DQEBCwUAA0EAxDuUS+BrrS3c+h+k+fQPOmOScy6yTX9mHw0Q
+KbucGamXYEy0URIwOdO0tQ3LHPc1YGvYSPwkDjkjqECs2Vm/AA==
+-----END CERTIFICATE-----`), []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T
+HRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/
+yt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z
+4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz
+nKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd
+hXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s
+T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
+-----END RSA PRIVATE KEY-----`))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	test.name = "ClientCert-RSA-PSS-Disabled-512"
+	config.Certificates = []Certificate{cert}
+
+	t.Run("512", func(t *testing.T) {
+		runClientTestTLS12(t, test)
+	})
 }

 func TestClientKeyUpdate(t *testing.T) {

--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled
@@ -16,11 +16,11 @@
 000000e0  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
 000000f0  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 33 ad 8d f8 90  |....Y...U..3....|
-00000010  d1 72 5d ef e8 94 0f d7  58 15 59 9f 0b f9 ec 73  |.r].....X.Y....s|
-00000020  99 53 f7 03 81 53 1a aa  05 f0 17 20 55 a1 9e 4e  |.S...S..... U..N|
-00000030  98 26 6b b8 d5 bc 2c 3e  ca f6 a0 d9 bb f2 3b dd  |.&k...,>......;.|
-00000040  be 99 f1 35 de 1c f6 51  5b 19 4f 55 c0 2f 00 00  |...5...Q[.OU./..|
+00000000  16 03 03 00 59 02 00 00  55 03 03 05 c1 62 2b 2f  |....Y...U....b+/|
+00000010  12 46 4d c5 47 61 bd 43  6d bb 3a 60 42 c1 cf da  |.FM.Ga.Cm.:`B...|
+00000020  47 96 0a 11 35 f0 71 d8  f6 39 69 20 0f 9c c1 3f  |G...5.q..9i ...?|
+00000030  9c 68 e7 86 13 7c 1f 83  6b 56 39 ee 0d c0 82 0b  |.h...|..kV9.....|
+00000040  24 1b 8a 39 a6 dc bf 57  79 27 02 e4 c0 2f 00 00  |$..9...Wy'.../..|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@@ -60,17 +60,17 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 2d c8 0c d2 27 fc f9  |........ -...'..|
-000002d0  79 71 c4 17 ea 45 ec 0b  dd 66 ce af ec 49 96 7d  |yq...E...f...I.}|
-000002e0  43 ff 88 68 b1 a8 bb e1  38 08 04 00 80 5a ab 5b  |C..h....8....Z.[|
-000002f0  e6 b3 32 e2 98 ae c3 ed  7c f9 90 c4 a4 ea dd 70  |..2.....|......p|
-00000300  fc a4 f8 ef d1 15 0d b7  ad b8 e3 1f 3e c0 e4 40  |............>..@|
-00000310  0d 7b 50 36 8f 88 cb 88  59 7c 20 63 d1 7f 36 9e  |.{P6....Y| c..6.|
-00000320  de a7 cb 6a 49 fd 65 32  36 0b 10 6a df 58 ef fd  |...jI.e26..j.X..|
-00000330  f6 fc e6 65 e7 81 0e 73  25 87 c7 89 dc ec ae 7c  |...e...s%......||
-00000340  e4 81 79 79 a2 b9 12 28  ab 3b d0 2e 5e 81 47 2a  |..yy...(.;..^.G*|
-00000350  79 1e 16 21 fa 64 78 24  33 24 f7 ac f1 11 a7 15  |y..!.dx$3$......|
-00000360  98 f6 24 52 14 7c 1f 28  0c 24 b1 a9 8a 16 03 03  |..$R.|.(.$......|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 94 54 54 4c 52 a7 a5  |........ .TTLR..|
+000002d0  c0 01 ed 59 bf 46 03 59  25 3b 57 f8 24 99 1b dc  |...Y.F.Y%;W.$...|
+000002e0  f6 f4 1d 42 0e 2e c3 7c  02 08 04 00 80 5a 42 35  |...B...|.....ZB5|
+000002f0  78 c8 a9 37 6f 61 a4 ef  3a a3 12 03 f7 ee 44 be  |x..7oa..:.....D.|
+00000300  8b c9 52 4f de db f5 1e  9c c8 33 32 3c 0a 9e d6  |..RO......32<...|
+00000310  32 bf 2e 12 f7 b0 9b 15  dc eb 24 6e d6 f2 ad 5d  |2.........$n...]|
+00000320  9e 77 c4 a7 7a a1 a0 13  0b 90 b4 aa 3e 51 a1 3d  |.w..z.......>Q.=|
+00000330  71 09 15 84 1c c5 98 bb  12 db 11 e2 4c 2c d1 a9  |q...........L,..|
+00000340  5a ed 8e fb c6 ae ec d5  6d ec d8 d8 2a a7 23 ae  |Z.......m...*.#.|
+00000350  d7 d2 03 d0 23 8a 21 ac  7e 56 b4 23 7f c6 2a 72  |....#.!.~V.#..*r|
+00000360  85 0b 6d 6c 9d 6f ad ee  15 20 d9 2b b9 16 03 03  |..ml.o... .+....|
 00000370  00 3a 0d 00 00 36 03 01  02 40 00 2e 04 03 05 03  |.:...6...@......|
 00000380  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000390  08 06 04 01 05 01 06 01  03 03 02 03 03 01 02 01  |................|
@@ -112,26 +112,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 8b ad 4b 9a 7a 53 b8  |...........K.zS.|
-00000240  6a 0a e7 71 6a 9b 8b 89  7d 3a 49 c9 af ce 3f e2  |j..qj...}:I...?.|
-00000250  3e cc 0b da 57 9b 8c 2f  58 0f a9 05 4d e9 de 83  |>...W../X...M...|
-00000260  60 e8 1c 77 ef 23 e4 aa  6b c3 15 64 98 f8 b1 72  |`..w.#..k..d...r|
-00000270  b2 8a 9e a3 19 3d 73 84  05 53 59 e1 bb e1 db 51  |.....=s..SY....Q|
-00000280  49 38 cf 8b ee 3c b6 05  0d ba 62 02 b3 36 dc c1  |I8...<....b..6..|
-00000290  e1 52 4d bd 6a c1 3e 55  ff 82 5f e3 7c 84 1c 65  |.RM.j.>U.._.|..e|
-000002a0  45 53 b9 c0 56 99 ac 56  d7 4a fa 72 3e 63 36 06  |ES..V..V.J.r>c6.|
-000002b0  d3 60 ef 34 05 3f 57 20  79 14 03 03 00 01 01 16  |.`.4.?W y.......|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 00 26 b7 73  |...(.........&.s|
-000002d0  b5 e9 b3 8a 63 00 9b 36  a0 cf 2a 60 0f 8a 59 75  |....c..6..*`..Yu|
-000002e0  08 71 97 dc 66 73 15 04  08 b4 d3 91              |.q..fs......|
+00000230  88 0f 00 00 84 04 01 00  80 61 11 ba 1a fe 08 7c  |.........a.....||
+00000240  40 68 88 01 a4 3a 46 bf  f6 e9 bb b6 08 92 20 f0  |@h...:F....... .|
+00000250  13 90 c2 4b 53 83 a1 12  c2 d5 8d e6 67 82 df 80  |...KS.......g...|
+00000260  85 a5 b4 e0 cf 1b d6 3a  46 1e 62 e5 7f 21 bc 91  |.......:F.b..!..|
+00000270  4a 8c c0 79 16 64 5f 7e  40 c5 fb 7a 52 5b bf db  |J..y.d_~@..zR[..|
+00000280  cc 31 f8 b8 37 ef df dc  5f 96 30 ad dd 0b 8a 87  |.1..7..._.0.....|
+00000290  af 4d c6 5c a5 5e d7 2e  fa c7 72 68 85 71 c3 0e  |.M.\.^....rh.q..|
+000002a0  1b 26 87 ff 46 47 4a 1b  ce b7 a5 aa 13 d2 5a e3  |.&..FGJ.......Z.|
+000002b0  36 02 35 df 68 d9 bf 3f  24 14 03 03 00 01 01 16  |6.5.h..?$.......|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 e3 8e cc e5  |...(............|
+000002d0  2e ab 40 fa 3d 47 c1 4f  3f de 97 a9 3d 96 73 ba  |..@.=G.O?...=.s.|
+000002e0  eb a0 ce 67 f6 d1 14 b8  7e cd 1f 85              |...g....~...|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 d2 b2 3f a8 43  |..........(..?.C|
-00000010  41 1a 85 20 9f ee 21 6a  c5 96 cf 7c 01 8e f6 3a  |A.. ..!j...|...:|
-00000020  e3 29 14 68 ea 74 a3 ef  85 04 78 33 db c7 d4 c9  |.).h.t....x3....|
-00000030  a2 fd 6a                                          |..j|
+00000000  14 03 03 00 01 01 16 03  03 00 28 6a 0a 74 70 75  |..........(j.tpu|
+00000010  0b 39 33 a5 15 0d 7c 7f  f8 13 de 0e 0a 8f 13 3b  |.93...|........;|
+00000020  62 4f 8a 0b bd 0a aa 9b  5a 52 d5 e6 9f e5 b9 3f  |bO......ZR.....?|
+00000030  bd d8 3b                                          |..;|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 c3 3b 68  |..............;h|
-00000010  b5 e9 4d 75 22 92 fb 19  85 88 38 97 12 3f ce ca  |..Mu".....8..?..|
-00000020  36 c0 d6 15 03 03 00 1a  00 00 00 00 00 00 00 02  |6...............|
-00000030  c1 a9 03 81 61 04 7c 86  24 e9 90 22 59 6f c7 bc  |....a.|.$.."Yo..|
-00000040  c2 a1                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 0e 4d 62  |..............Mb|
+00000010  d3 ac cd 11 15 6d 24 c7  00 fa f9 d2 91 ba eb 06  |.....m$.........|
+00000020  f2 44 f1 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.D..............|
+00000030  d1 5a 58 ba ae 65 15 67  79 1f 52 f1 1a da 50 99  |.ZX..e.gy.R...P.|
+00000040  e8 50                                             |.P|
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled-512
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled-512
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 f8 01 00 00  f4 03 03 00 00 00 00 00  |................|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
+00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
+00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
+00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
+00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000080  01 00 00 79 00 05 00 05  01 00 00 00 00 00 0a 00  |...y............|
+00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
+000000a0  00 00 0d 00 18 00 16 08  04 08 05 08 06 04 01 04  |................|
+000000b0  03 05 01 05 03 06 01 06  03 02 01 02 03 ff 01 00  |................|
+000000c0  01 00 00 12 00 00 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000d0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+000000e0  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+000000f0  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 59 02 00 00  55 03 03 68 11 23 f1 8d  |....Y...U..h.#..|
+00000010  2b a0 71 8f 6e ad 9f ae  43 58 c2 93 2e f5 01 3d  |+.q.n...CX.....=|
+00000020  15 b6 d6 0d f5 42 25 ca  b7 b4 96 20 00 c7 86 06  |.....B%.... ....|
+00000030  ed d1 23 99 dd e3 c4 f5  f9 31 42 51 a3 51 5a 40  |..#......1BQ.QZ@|
+00000040  11 f6 07 90 51 04 f8 a2  f6 66 c1 f7 c0 2f 00 00  |....Q....f.../..|
+00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
+00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
+00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
+00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
+00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
+000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
+000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
+000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
+000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
+000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
+000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
+00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
+00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
+00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
+00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
+00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
+00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
+00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
+00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
+00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
+00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
+000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
+000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
+000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
+000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
+000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
+000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
+00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
+00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
+00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
+00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
+00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
+00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
+00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
+00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
+00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
+00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
+000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
+000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 fe 68 1c bf 2b d7 75  |........ .h..+.u|
+000002d0  c2 dd 96 03 5d 77 61 c1  7d dd 6f bc ea 3c aa 27  |....]wa.}.o..<.'|
+000002e0  ba cf 93 e2 8b d8 66 a1  1c 08 04 00 80 5e 16 b9  |......f......^..|
+000002f0  53 17 7d 8d bb 46 4b 1f  37 be cd fe e1 45 c3 10  |S.}..FK.7....E..|
+00000300  68 54 e4 61 20 a5 a5 98  4b df a7 5d 41 4a aa f8  |hT.a ...K..]AJ..|
+00000310  0e 36 c2 02 a6 56 a9 f1  aa 76 86 fd a7 86 fb 06  |.6...V...v......|
+00000320  94 55 56 bd eb 57 10 9a  d5 ba 70 59 46 75 e3 b3  |.UV..W....pYFu..|
+00000330  29 14 c2 65 0e 5c a1 47  e6 bf 12 9d 31 8f 65 4d  |)..e.\.G....1.eM|
+00000340  af dc 1b 6e d2 de d7 fb  85 e7 5a 42 4f de bf d8  |...n......ZBO...|
+00000350  d5 d8 5c 95 71 27 e7 04  af 58 0a d8 77 fb 3d 22  |..\.q'...X..w.="|
+00000360  84 f6 f6 53 c0 79 7a 72  01 6e 5c e1 a8 16 03 03  |...S.yzr.n\.....|
+00000370  00 3a 0d 00 00 36 03 01  02 40 00 2e 04 03 05 03  |.:...6...@......|
+00000380  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
+00000390  08 06 04 01 05 01 06 01  03 03 02 03 03 01 02 01  |................|
+000003a0  03 02 02 02 04 02 05 02  06 02 00 00 16 03 03 00  |................|
+000003b0  04 0e 00 00 00                                    |.....|
+>>> Flow 3 (client to server)
+00000000  16 03 03 01 7f 0b 00 01  7b 00 01 78 00 01 75 30  |........{..x..u0|
+00000010  82 01 71 30 82 01 1b a0  03 02 01 02 02 10 1a 34  |..q0...........4|
+00000020  27 90 21 65 52 a6 85 96  de a2 c7 2c ff b4 30 0d  |'.!eR......,..0.|
+00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
+00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
+00000050  6f 30 1e 17 0d 31 39 30  31 31 38 32 33 32 33 32  |o0...19011823232|
+00000060  38 5a 17 0d 32 30 30 31  31 38 32 33 32 33 32 38  |8Z..200118232328|
+00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
+00000080  6d 65 20 43 6f 30 5c 30  0d 06 09 2a 86 48 86 f7  |me Co0\0...*.H..|
+00000090  0d 01 01 01 05 00 03 4b  00 30 48 02 41 00 dd 7b  |.......K.0H.A..{|
+000000a0  3d 6b 15 40 f0 6b 1d 87  4f 16 dc 9c 55 0f f4 08  |=k.@.k..O...U...|
+000000b0  5c 80 41 8c 1d 55 76 9e  7e 15 54 45 85 24 1e 88  |\.A..Uv.~.TE.$..|
+000000c0  f0 2f cd 93 1d 17 cb 24  25 ae 61 58 07 31 10 9c  |./.....$%.aX.1..|
+000000d0  83 e1 2a 5b 38 4f 48 45  a0 bb e3 26 75 e9 02 03  |..*[8OHE...&u...|
+000000e0  01 00 01 a3 4d 30 4b 30  0e 06 03 55 1d 0f 01 01  |....M0K0...U....|
+000000f0  ff 04 04 03 02 05 a0 30  13 06 03 55 1d 25 04 0c  |.......0...U.%..|
+00000100  30 0a 06 08 2b 06 01 05  05 07 03 01 30 0c 06 03  |0...+.......0...|
+00000110  55 1d 13 01 01 ff 04 02  30 00 30 16 06 03 55 1d  |U.......0.0...U.|
+00000120  11 04 0f 30 0d 82 0b 65  78 61 6d 70 6c 65 2e 63  |...0...example.c|
+00000130  6f 6d 30 0d 06 09 2a 86  48 86 f7 0d 01 01 0b 05  |om0...*.H.......|
+00000140  00 03 41 00 c4 3b 94 4b  e0 6b ad 2d dc fa 1f a4  |..A..;.K.k.-....|
+00000150  f9 f4 0f 3a 63 92 73 2e  b2 4d 7f 66 1f 0d 10 29  |...:c.s..M.f...)|
+00000160  bb 9c 19 a9 97 60 4c b4  51 12 30 39 d3 b4 b5 0d  |.....`L.Q.09....|
+00000170  cb 1c f7 35 60 6b d8 48  fc 24 0e 39 23 a8 40 ac  |...5`k.H.$.9#.@.|
+00000180  d9 59 bf 00 16 03 03 00  25 10 00 00 21 20 2f e5  |.Y......%...! /.|
+00000190  7d a3 47 cd 62 43 15 28  da ac 5f bb 29 07 30 ff  |}.G.bC.(.._.).0.|
+000001a0  f6 84 af c4 cf c2 ed 90  99 5f 58 cb 3b 74 16 03  |........._X.;t..|
+000001b0  03 00 48 0f 00 00 44 04  01 00 40 15 33 b2 27 d6  |..H...D...@.3.'.|
+000001c0  ad 7f 45 86 df a0 83 5e  7c fb a7 0e 04 8e 3c a1  |..E....^|.....<.|
+000001d0  5b 9a 8f 98 04 cf 66 bb  cf 6a d4 63 d7 ff b2 a4  |[.....f..j.c....|
+000001e0  f1 08 27 f7 53 1c ec 76  35 b1 09 93 91 db 63 e3  |..'.S..v5.....c.|
+000001f0  a6 2b e5 55 da 06 5b 2f  c7 8d c3 14 03 03 00 01  |.+.U..[/........|
+00000200  01 16 03 03 00 28 00 00  00 00 00 00 00 00 98 d8  |.....(..........|
+00000210  99 fa 5a fb 79 57 1f 02  4e 07 51 d6 c6 32 9c e8  |..Z.yW..N.Q..2..|
+00000220  54 50 6c f9 63 fb 38 e2  ef 88 4b 7e 8d 7a        |TPl.c.8...K~.z|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 28 4c 6b f0 26 84  |..........(Lk.&.|
+00000010  97 e6 54 cf 1f 25 1c 91  5d 10 63 22 66 73 d2 ce  |..T..%..].c"fs..|
+00000020  0d 7c 0b 3d 7d 31 3c 0b  6c be 30 72 9e 04 c0 fb  |.|.=}1<.l.0r....|
+00000030  73 88 75                                          |s.u|
+>>> Flow 5 (client to server)
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 2a b2 2d  |.............*.-|
+00000010  7f 6e 12 2d d7 63 05 e8  c4 fd 81 de b6 65 2f 2b  |.n.-.c.......e/+|
+00000020  00 0e 13 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  9c c0 ae 5a b4 5f b5 4f  cd 3f 27 78 f9 b3 b5 b5  |...Z._.O.?'x....|
+00000040  57 f2                                             |W.|