Hello All,
According to RFC 2246 or 4346, the Finished message should be
struct {
opaque verify_data[12];
} Finished;
verify_data
PRF(master_secret, finished_label, MD5(handshake_messages) +
SHA-1(handshake_messages)) [0..11];
In addition to this there are Handshake type (1 byte) and message length (3
bytes). Then the Finished message should be 16 bytes. However, OpenSSL s_server
and s_client are sending out 40-bytes or 48-bytes Finished messages. This
implies that the 16-byte data has been encrypted or undergoing some other
processing. Can anyone please let me know what is done here and what the
corresponding RFC reference is?
Thanks,
Xiaoyu
