When I use IE to connect using SSL, the record containing the client_key_exchange looks like this: 16 03 00 00 84 10 00 00 80 6E 94 B2 25 ... Notice that the client_key_exchange message is 0x80 bytes long, and its entire contents consist of the encrypted PMS. When I use IE to connect to the same site using TLS, the record containing the client_key_exchange looks like this: 16 03 01 00 86 10 00 00 82 00 80 B4 D4 79 32 ... Notice that the client_key_exchange message is 0x82 bytes long, and its contents consist of a 2 byte length followed by the encrypted PMS. When looking at the SSL and TLS specifications, they use almost the exact same language when describing the client_key_exchange message, and whether the length should be included is not clear at all. Also, interestingly enough, many sites will accept the client_key_exchange message in either format, regardless of whether it is SSL or TLS. What is the correct behavior for clients and servers? Thanks Baber and Robert. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
