TLS_Dump

Opening a TLS connection

We are going to look in detail at the opening of a TLS connection, both to further our understanding of ways in which security can be provided, but also in order to see a fairly rich example of protocol encoding. We are not so much interested in learning the exact details but generally in understanding how protocol packets are constructed in general, which always involves thinking of how the originator of a packet formats it so that the destination can parse it.

Type-Length-Value (TLV) codings

It is very commong when coding for a protocol that fields of multiple type will need to be encoded, and those types may be defined specifically for the protocol. For these typically a byte (if there are no more than 255 types) will be used to indicate the type, then perhaps another byte or a short will be used to indicate the length of a data field associated with the type, followed immediately by as many bytes of data as the length field indicates. This type of construction is called a TLV encoding.

Using such a construction means that there can be multiple types contained within a data packet. It is also often the case that a collection of such fields is padded to fill its length out to an even number of words (or some other boundary), and the length of that padding need not be explicitly given since the receiver can figure out itself how much there must be (provided of course it knows where it was in relation to such a boundary when decoding began).

TLS record types

Once we have moved up the receiving stack to the TLS Provider level, the message that is output by TCP is interpreted as a set of TLS records. There are 4 types of such record:

Record Protocol
  • 1 8 Content Type
  • 1 8 major version
  • 1 8 minor version
  • 2 16 length
  • data field of length indicated
Version
  • 3 0 SSLv3
  • 3 1 TLS 1.0
  • 3 2 TLS 1.1
  • 3 3 TLS 1.2
ContentType
  • 20dec 14hex changeCipherSpec
  • 21dec 15hex Alert
  • 22dec 16hex HandShake
  • 23dec 17hex Application
ChangeCipherSpec Protocol
  • 1 8 14x
  • 1 8 major version
  • 1 8 minor version
  • 2 16 length
  • data field of length indicated
Alert Protocol
  • 1 8 15x
  • 1 8 major version
  • 1 8 minor version
  • 2 16 length
  • data field of length indicated

there is a long list of types of alert, representing faults that could be reported.

Handshake Protocol
  • 1 8 16x
  • 1 8 major version
  • 1 8 minor version
  • 2 16 length
  • data field of length indicated
MessageTypes
  • 0:Hello Request
  • 1:ClientHello
  • 2:ServerHello
  • 11:Certificate
  • 12:ServerKeyExchange
  • 13:CertificateRequest
  • 14:ServerHelloDone
  • 15:Certificate Verify
  • 16:ClientKeyExchange
  • 20: Finished
Application Protocol
  • 1 8 17x
  • 1 8 major version
  • 1 8 minor version
  • 2 16 length
  • data field of length indicated

Code links

https.stak-initial
https.hex-initial

Listings

https.stak-initial
Parse  of a tcpdump file with parameters:
  (Magic:a1b2c3d4 Major:2 Minor:4 timezone:0 Junk:0 SnapLen:65535 LinkType:1)

Capturing began at: Tue Feb 26 10:32:19 CST 2008

[0.00000.00000](0.00000.00000)   CAPTURE-00000 66/66
PROVIDER:ether USER:ip <14+52>
Available bytes:66
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+32>
Available bytes:52
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:32 tos:0 id:45567 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <32+0>
     src:59996 dst:443   S    s:0 l:0 a:0 w:49640 
Options of length 12:kind-2 MSS=1460:kind-1 NOP:kind-3 skipped length 3:kind-4 SACK
PROVIDER:raw:59996:443 USER:none <0+-1>


[0.00000.00200](0.00000.00200)   CAPTURE-00001 66/66
PROVIDER:ether USER:ip <14+52>
Available bytes:66
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+32>
Available bytes:52
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:32 tos:0 id:45568 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <32+0>
     src:61541 dst:443   S    s:0 l:0 a:0 w:49640 
Options of length 12:kind-2 MSS=1460:kind-1 NOP:kind-3 skipped length 3:kind-4 SACK
PROVIDER:raw:61541:443 USER:none <0+-1>


[0.00061.00814](0.00061.00614)   CAPTURE-00002 62/62
PROVIDER:ether USER:ip <14+48>
Available bytes:62
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+28>
Available bytes:48
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:28 tos:0 id:16377 ttl:52 protocol:6 CheckSum:3e46
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <28+0>
     src:443 dst:59996   SA   s:0 l:0 a:1 w:65535 
Options of length 8:kind-2 MSS=1460:kind-1 NOP:kind-3 skipped length 3
PROVIDER:raw:443:59996 USER:none <0+-1>

### End of TCP Connection

[0.00061.00860](0.00000.00046)   CAPTURE-00003 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+20>
Available bytes:40
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:20 tos:0 id:45569 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+0>
     src:59996 dst:443    A   s:1 l:0 a:1 w:49640 
PROVIDER:raw:59996:443 USER:none <0+-1>


[0.00062.00326](0.00000.00466)   CAPTURE-00004 246/246
PROVIDER:ether USER:ip <14+232>
Available bytes:246
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+212>
Available bytes:232
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:212 tos:0 id:45570 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+192>
     src:59996 dst:443 P  A   s:1 l:192 a:1 w:49640 P 
PROVIDER:raw:59996:443 USER:none <192+-1>
00000000   16 03 01 00 bb 01 00 00 b7 03 01 00 00 2e 90 47  ...............G
00000010   32 cc 2f 6b c2 b2 aa 65 c3 99 7c 45 0f 79 0e 41  2./k...e..|E.y.A
00000020   a8 01 f2 c9 88 15 f8 97 b9 45 65 00 00 38 c0 0a  .........Ee..8..
00000030   c0 14 00 39 00 38 c0 0f c0 05 00 35 c0 07 c0 09  ...9.8.....5....
00000040   c0 11 c0 13 00 33 00 32 c0 0c c0 0e c0 02 c0 04  .....3.2........
00000050   00 04 00 05 00 2f c0 08 c0 12 00 16 00 13 c0 0d  ...../..........
00000060   c0 03 fe ff 00 0a 01 00 00 56 00 00 00 14 00 12  .........V......
00000070   00 00 0f 61 70 69 2e 64 65 6c 2e 69 63 69 6f 2e  ...api.del.icio.
00000080   75 73 00 0a 00 34 00 32 00 01 00 02 00 03 00 04  us...4.2........
00000090   00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c  ................
000000a0   00 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14  ................
000000b0   00 15 00 16 00 17 00 18 00 19 00 0b 00 02 01 00  ................

[0.00069.00538](0.00007.00212)   CAPTURE-00005 62/62
PROVIDER:ether USER:ip <14+48>
Available bytes:62
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+28>
Available bytes:48
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:28 tos:0 id:16378 ttl:51 protocol:6 CheckSum:3f45
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <28+0>
     src:443 dst:61541   SA   s:0 l:0 a:1 w:65535 
Options of length 8:kind-2 MSS=1460:kind-1 NOP:kind-3 skipped length 3
PROVIDER:raw:443:61541 USER:none <0+-1>


[0.00069.00578](0.00000.00040)   CAPTURE-00006 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+20>
Available bytes:40
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:20 tos:0 id:45571 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+0>
     src:61541 dst:443    A   s:1 l:0 a:1 w:49640 
PROVIDER:raw:61541:443 USER:none <0+-1>


[0.00069.00927](0.00000.00349)   CAPTURE-00007 246/246
PROVIDER:ether USER:ip <14+232>
Available bytes:246
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+212>
Available bytes:232
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:212 tos:0 id:45572 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+192>
     src:61541 dst:443 P  A   s:1 l:192 a:1 w:49640 P 
PROVIDER:raw:61541:443 USER:none <192+-1>
00000000   16 03 01 00 bb 01 00 00 b7 03 01 00 00 2e 90 89  ................
00000010   93 fa ed 0e 10 f3 6d 7a e6 3a 84 14 5c e6 57 d2  ......mz.:..\.W.
00000020   1c b4 c7 71 97 cd ee d9 37 96 09 00 00 38 c0 0a  ...q....7....8..
00000030   c0 14 00 39 00 38 c0 0f c0 05 00 35 c0 07 c0 09  ...9.8.....5....
00000040   c0 11 c0 13 00 33 00 32 c0 0c c0 0e c0 02 c0 04  .....3.2........
00000050   00 04 00 05 00 2f c0 08 c0 12 00 16 00 13 c0 0d  ...../..........
00000060   c0 03 fe ff 00 0a 01 00 00 56 00 00 00 14 00 12  .........V......
00000070   00 00 0f 61 70 69 2e 64 65 6c 2e 69 63 69 6f 2e  ...api.del.icio.
00000080   75 73 00 0a 00 34 00 32 00 01 00 02 00 03 00 04  us...4.2........
00000090   00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c  ................
000000a0   00 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14  ................
000000b0   00 15 00 16 00 17 00 18 00 19 00 0b 00 02 01 00  ................

[0.00126.00777](0.00056.00850)   CAPTURE-00008 60/60
PROVIDER:ether USER:ip <14+46>
Available bytes:60
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+20>
Available bytes:46
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:20 tos:0 id:16439 ttl:52 protocol:6 CheckSum:3e10
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <20+0>
     src:443 dst:59996    A   s:1 l:0 a:193 w:65535 
PROVIDER:raw:443:59996 USER:none <6+-1>
00000000   00 00 00 00 00 00                                ......

[0.00129.00573](0.00002.00796)   CAPTURE-00009 878/878
PROVIDER:ether USER:ip <14+864>
Available bytes:878
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+844>
Available bytes:864
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:844 tos:0 id:16440 ttl:52 protocol:6 CheckSum:3ad7
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <20+824>
     src:443 dst:59996 P  A   s:1 l:824 a:193 w:65535 P 
PROVIDER:raw:443:59996 USER:none <824+-1>
00000000   16 03 01 00 2a 02 00 00 26 03 01 47 c4 3c bc 63  ....*...&..G.<.c
00000010   97 a2 43 2a 66 c0 97 d3 32 90 f5 b6 03 dd a6 22  ..C*f...2......"
00000020   a4 04 fc 94 ee 26 c0 35 5d 9b b2 00 00 35 00 16  .....&.5]....5..
00000030   03 01 02 fb 0b 00 02 f7 00 02 f4 00 02 f1 30 82  ..............0.
00000040   02 ed 30 82 02 56 a0 03 02 01 02 02 03 05 c9 2c  ..0..V.........,
00000050   30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30  0...*.H........0
00000060   4e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 10  N1.0...U....US1.
00000070   30 0e 06 03 55 04 0a 13 07 45 71 75 69 66 61 78  0...U....Equifax
00000080   31 2d 30 2b 06 03 55 04 0b 13 24 45 71 75 69 66  1-0+..U...$Equif
00000090   61 78 20 53 65 63 75 72 65 20 43 65 72 74 69 66  ax Secure Certif
000000a0   69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30  icate Authority0
000000b0   1e 17 0d 30 36 30 34 32 31 31 39 32 35 32 39 5a  ...060421192529Z
000000c0   17 0d 30 39 30 34 32 31 31 39 32 35 32 39 5a 30  ..090421192529Z0
000000d0   78 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13  x1.0...U....US1.
000000e0   30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72  0...U....Califor
000000f0   6e 69 61 31 14 30 12 06 03 55 04 07 13 0b 53 61  nia1.0...U....Sa
00000100   6e 74 61 20 43 6c 61 72 61 31 14 30 12 06 03 55  nta Clara1.0...U
00000110   04 0a 14 0b 59 61 68 6f 6f 21 20 49 6e 63 2e 31  ....Yahoo! Inc.1
00000120   0e 30 0c 06 03 55 04 0b 13 05 59 61 68 6f 6f 31  .0...U....Yahoo1
00000130   18 30 16 06 03 55 04 03 13 0f 61 70 69 2e 64 65  .0...U....api.de
00000140   6c 2e 69 63 69 6f 2e 75 73 30 81 9f 30 0d 06 09  l.icio.us0..0...
00000150   2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30  *.H............0
00000160   81 89 02 81 81 00 ba 15 94 2c e2 80 0a 4d 77 c6  .........,...Mw.
00000170   97 52 c5 77 11 69 3c f8 81 47 a3 06 2b 13 55 31  .R.w.i<..G..+.U1
00000180   4d 64 11 60 78 27 c5 ab 4c f3 61 51 0c d0 a9 49  Md.`x'..L.aQ...I
00000190   93 34 d2 86 f4 e9 a0 9b d2 97 cf a7 e7 a4 84 8c  .4..............
000001a0   bf 3f 0d 1f a5 3a b5 b2 cc fb 65 fa df ee b7 1e  .?...:....e.....
000001b0   9e 0b f4 4a 6e c6 c7 f9 76 35 c7 70 91 91 b5 42  ...Jn...v5.p...B
000001c0   3f ed 3b 90 7d 58 b9 d9 2b 0e 2e fb 82 7f d2 c5  ?.;.}X..+.......
000001d0   26 b1 d2 81 3d 71 a1 48 0f 2e 2c 48 94 d1 6b a2  &...=q.H..,H..k.
000001e0   75 c0 f6 ed 4b 03 02 03 01 00 01 a3 81 ae 30 81  u...K.........0.
000001f0   ab 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 04  .0...U..........
00000200   f0 30 1d 06 03 55 1d 0e 04 16 04 14 7c 10 db dd  .0...U......|...
00000210   65 e0 9a f0 15 5d 42 ff 90 86 1a 33 3d 63 33 11  e....]B....3=c3.
00000220   30 3a 06 03 55 1d 1f 04 33 30 31 30 2f a0 2d a0  0:..U...3010/.-.
00000230   2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 65  +.)http://crl.ge
00000240   6f 74 72 75 73 74 2e 63 6f 6d 2f 63 72 6c 73 2f  otrust.com/crls/
00000250   73 65 63 75 72 65 63 61 2e 63 72 6c 30 1f 06 03  secureca.crl0...
00000260   55 1d 23 04 18 30 16 80 14 48 e6 68 f9 2b d2 b2  U.#..0...H.h.+..
00000270   95 d7 47 d8 23 20 10 4f 33 98 90 9f d4 30 1d 06  ..G.# .O3....0..
00000280   03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07  .U.%..0...+.....
00000290   03 01 06 08 2b 06 01 05 05 07 03 02 30 0d 06 09  ....+.......0...
000002a0   2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 45  *.H............E
000002b0   0f 16 d6 19 94 16 05 26 6b cf d9 f2 af 36 a8 ed  .......&k....6..
000002c0   15 42 c6 34 72 e6 2a fd 47 1d f9 21 40 a3 25 10  .B.4r.*.G..!@.%.
000002d0   0a c3 ad 07 45 77 a2 fe 4c f2 53 52 1f 8d 35 d9  ....Ew..L.SR..5.
000002e0   b4 a7 77 05 c5 87 26 9d 6e d9 4d 33 60 54 2d c6  ..w...&.n.M3`T-.
000002f0   c6 85 f4 72 58 df ef 41 9a 12 d2 ff f5 64 c5 0f  ...rX..A.....d..
00000300   7d 31 85 9d 1c fd 8f 67 7a bf d9 e0 55 c4 b1 20  }1.....gz...U.. 
00000310   26 61 1d f1 3d 7f d8 4c 83 24 73 7d 5a f8 13 15  &a..=..L.$s}Z...
00000320   7b 6a 74 a2 8e 7d 78 cc a7 70 dd 1f 57 fb d3 16  {jt..}x..p..W...
00000330   03 01 00 04 0e 00 00 00                          ........

[0.00129.00595](0.00000.00022)   CAPTURE-00010 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+20>
Available bytes:40
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:20 tos:0 id:45573 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+0>
     src:59996 dst:443    A   s:193 l:0 a:825 w:49640 
PROVIDER:raw:59996:443 USER:none <0+-1>


[0.00132.00023](0.00002.00428)   CAPTURE-00011 252/252
PROVIDER:ether USER:ip <14+238>
Available bytes:252
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+218>
Available bytes:238
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:218 tos:0 id:45574 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+198>
     src:59996 dst:443 P  A   s:193 l:198 a:825 w:49640 P 
PROVIDER:raw:59996:443 USER:none <198+-1>
00000000   16 03 01 00 86 10 00 00 82 00 80 9a 5e 5d 5c f0  ............^]\.
00000010   f7 1b 90 44 c2 01 17 89 e0 82 44 1b 74 a9 b5 32  ...D......D.t..2
00000020   15 a1 27 ee ff 9a 77 8f c3 3e ac 1d 1a 7f b5 51  ..'...w..>.....Q
00000030   93 f7 a7 30 9e c7 71 4d af 54 10 d1 19 4c d7 35  ...0..qM.T...L.5
00000040   c7 f6 a8 d3 36 01 5d b3 eb 3b 88 38 2f 66 92 4e  ....6.]..;.8/f.N
00000050   cf bf 06 78 e1 67 fc 0a 4a 7a 49 68 ec e0 ba c8  ...x.g..JzIh....
00000060   83 a3 70 5f 74 52 34 fd b2 22 8c 29 47 88 ed 60  ..p_tR4..".)G..`
00000070   ea 2a bd 21 79 cc 1e 42 4e e2 20 24 a9 38 4f 35  .*.!y..BN. $.8O5
00000080   b1 30 e4 8d 82 5b 73 9b 08 c5 5d 14 03 01 00 01  .0...[s...].....
00000090   01 16 03 01 00 30 6a 01 a1 a6 11 fb 59 d0 12 b8  .....0j.....Y...
000000a0   b6 6d 8e 97 4f 26 44 db f5 a0 e0 2d 22 54 4a 39  .m..O&D....-"TJ9
000000b0   18 5b 96 ed 9d 84 1c 7e 72 2d d9 bd 68 38 03 45  .[.....~r-..h8.E
000000c0   5c 9a 2f 9c a3 7c                                \./..|

[0.00142.00347](0.00010.00324)   CAPTURE-00012 60/60
PROVIDER:ether USER:ip <14+46>
Available bytes:60
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+20>
Available bytes:46
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:20 tos:0 id:16441 ttl:51 protocol:6 CheckSum:3f0e
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <20+0>
     src:443 dst:61541    A   s:1 l:0 a:193 w:65535 
PROVIDER:raw:443:61541 USER:none <6+-1>
00000000   00 00 00 00 00 00                                ......

[0.00144.00613](0.00002.00266)   CAPTURE-00013 878/878
PROVIDER:ether USER:ip <14+864>
Available bytes:878
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+844>
Available bytes:864
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:844 tos:0 id:16442 ttl:51 protocol:6 CheckSum:3bd5
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <20+824>
     src:443 dst:61541 P  A   s:1 l:824 a:193 w:65535 P 
PROVIDER:raw:443:61541 USER:none <824+-1>
00000000   16 03 01 00 2a 02 00 00 26 03 01 47 c4 3c bc e7  ....*...&..G.<..
00000010   05 5c 9d b2 66 d9 37 ed 3b bc 32 3b b6 8c 1f 55  .\..f.7.;.2;...U
00000020   1d 14 9d 1a 49 45 e8 23 3a 00 47 00 00 35 00 16  ....IE.#:.G..5..
00000030   03 01 02 fb 0b 00 02 f7 00 02 f4 00 02 f1 30 82  ..............0.
00000040   02 ed 30 82 02 56 a0 03 02 01 02 02 03 05 c9 2c  ..0..V.........,
00000050   30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30  0...*.H........0
00000060   4e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 10  N1.0...U....US1.
00000070   30 0e 06 03 55 04 0a 13 07 45 71 75 69 66 61 78  0...U....Equifax
00000080   31 2d 30 2b 06 03 55 04 0b 13 24 45 71 75 69 66  1-0+..U...$Equif
00000090   61 78 20 53 65 63 75 72 65 20 43 65 72 74 69 66  ax Secure Certif
000000a0   69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30  icate Authority0
000000b0   1e 17 0d 30 36 30 34 32 31 31 39 32 35 32 39 5a  ...060421192529Z
000000c0   17 0d 30 39 30 34 32 31 31 39 32 35 32 39 5a 30  ..090421192529Z0
000000d0   78 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13  x1.0...U....US1.
000000e0   30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72  0...U....Califor
000000f0   6e 69 61 31 14 30 12 06 03 55 04 07 13 0b 53 61  nia1.0...U....Sa
00000100   6e 74 61 20 43 6c 61 72 61 31 14 30 12 06 03 55  nta Clara1.0...U
00000110   04 0a 14 0b 59 61 68 6f 6f 21 20 49 6e 63 2e 31  ....Yahoo! Inc.1
00000120   0e 30 0c 06 03 55 04 0b 13 05 59 61 68 6f 6f 31  .0...U....Yahoo1
00000130   18 30 16 06 03 55 04 03 13 0f 61 70 69 2e 64 65  .0...U....api.de
00000140   6c 2e 69 63 69 6f 2e 75 73 30 81 9f 30 0d 06 09  l.icio.us0..0...
00000150   2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30  *.H............0
00000160   81 89 02 81 81 00 ba 15 94 2c e2 80 0a 4d 77 c6  .........,...Mw.
00000170   97 52 c5 77 11 69 3c f8 81 47 a3 06 2b 13 55 31  .R.w.i<..G..+.U1
00000180   4d 64 11 60 78 27 c5 ab 4c f3 61 51 0c d0 a9 49  Md.`x'..L.aQ...I
00000190   93 34 d2 86 f4 e9 a0 9b d2 97 cf a7 e7 a4 84 8c  .4..............
000001a0   bf 3f 0d 1f a5 3a b5 b2 cc fb 65 fa df ee b7 1e  .?...:....e.....
000001b0   9e 0b f4 4a 6e c6 c7 f9 76 35 c7 70 91 91 b5 42  ...Jn...v5.p...B
000001c0   3f ed 3b 90 7d 58 b9 d9 2b 0e 2e fb 82 7f d2 c5  ?.;.}X..+.......
000001d0   26 b1 d2 81 3d 71 a1 48 0f 2e 2c 48 94 d1 6b a2  &...=q.H..,H..k.
000001e0   75 c0 f6 ed 4b 03 02 03 01 00 01 a3 81 ae 30 81  u...K.........0.
000001f0   ab 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 04  .0...U..........
00000200   f0 30 1d 06 03 55 1d 0e 04 16 04 14 7c 10 db dd  .0...U......|...
00000210   65 e0 9a f0 15 5d 42 ff 90 86 1a 33 3d 63 33 11  e....]B....3=c3.
00000220   30 3a 06 03 55 1d 1f 04 33 30 31 30 2f a0 2d a0  0:..U...3010/.-.
00000230   2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 65  +.)http://crl.ge
00000240   6f 74 72 75 73 74 2e 63 6f 6d 2f 63 72 6c 73 2f  otrust.com/crls/
00000250   73 65 63 75 72 65 63 61 2e 63 72 6c 30 1f 06 03  secureca.crl0...
00000260   55 1d 23 04 18 30 16 80 14 48 e6 68 f9 2b d2 b2  U.#..0...H.h.+..
00000270   95 d7 47 d8 23 20 10 4f 33 98 90 9f d4 30 1d 06  ..G.# .O3....0..
00000280   03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07  .U.%..0...+.....
00000290   03 01 06 08 2b 06 01 05 05 07 03 02 30 0d 06 09  ....+.......0...
000002a0   2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 45  *.H............E
000002b0   0f 16 d6 19 94 16 05 26 6b cf d9 f2 af 36 a8 ed  .......&k....6..
000002c0   15 42 c6 34 72 e6 2a fd 47 1d f9 21 40 a3 25 10  .B.4r.*.G..!@.%.
000002d0   0a c3 ad 07 45 77 a2 fe 4c f2 53 52 1f 8d 35 d9  ....Ew..L.SR..5.
000002e0   b4 a7 77 05 c5 87 26 9d 6e d9 4d 33 60 54 2d c6  ..w...&.n.M3`T-.
000002f0   c6 85 f4 72 58 df ef 41 9a 12 d2 ff f5 64 c5 0f  ...rX..A.....d..
00000300   7d 31 85 9d 1c fd 8f 67 7a bf d9 e0 55 c4 b1 20  }1.....gz...U.. 
00000310   26 61 1d f1 3d 7f d8 4c 83 24 73 7d 5a f8 13 15  &a..=..L.$s}Z...
00000320   7b 6a 74 a2 8e 7d 78 cc a7 70 dd 1f 57 fb d3 16  {jt..}x..p..W...
00000330   03 01 00 04 0e 00 00 00                          ........

[0.00144.00629](0.00000.00016)   CAPTURE-00014 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+20>
Available bytes:40
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:20 tos:0 id:45575 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+0>
     src:61541 dst:443    A   s:193 l:0 a:825 w:49640 
PROVIDER:raw:61541:443 USER:none <0+-1>


[0.00146.00778](0.00002.00149)   CAPTURE-00015 252/252
PROVIDER:ether USER:ip <14+238>
Available bytes:252
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+218>
Available bytes:238
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:218 tos:0 id:45576 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+198>
     src:61541 dst:443 P  A   s:193 l:198 a:825 w:49640 P 
PROVIDER:raw:61541:443 USER:none <198+-1>
00000000   16 03 01 00 86 10 00 00 82 00 80 52 59 dc a6 bc  ...........RY...
00000010   44 a1 c4 91 01 fb 1c e1 74 f9 fc c0 df b7 71 b7  D.......t.....q.
00000020   58 11 3f 76 19 be 2c 96 e5 8c 07 da 87 78 d6 fd  X.?v..,......x..
00000030   fa b5 93 34 1b 0f f8 a2 a1 f6 7d cb 71 be 9f 61  ...4......}.q..a
00000040   31 cd 5e 28 e7 25 d1 7f a7 4d 4b a4 92 68 7d 87  1.^(.%...MK..h}.
00000050   51 2c d8 9f a2 1e a6 51 e2 6a 7d d5 3d 29 7a 10  Q,.....Q.j}.=)z.
00000060   2a f8 50 97 32 5f 28 94 f7 db 6c a4 41 a2 05 21  *.P.2_(...l.A..!
00000070   cf 24 20 73 16 9d f8 50 78 e5 e1 f6 3e bb 4e 3e  .$ s...Px...>.N>
00000080   08 c1 d4 44 1c de 29 f6 08 c8 d8 14 03 01 00 01  ...D..).........
00000090   01 16 03 01 00 30 bc 61 16 10 5e e3 af 36 1c ca  .....0.a..^..6..
000000a0   6d d7 eb e2 00 65 a0 60 b9 b1 fc fd c5 af 6e 61  m....e.`......na
000000b0   a0 fe b7 c9 88 53 50 21 7f 04 66 67 db a6 7e 8f  .....SP!..fg..~.
000000c0   f5 77 22 df 58 52                                .w".XR

[0.00200.00526](0.00053.00748)   CAPTURE-00016 113/113
PROVIDER:ether USER:ip <14+99>
Available bytes:113
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+79>
Available bytes:99
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:79 tos:0 id:16516 ttl:52 protocol:6 CheckSum:3d88
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <20+59>
     src:443 dst:59996 P  A   s:825 l:59 a:391 w:65535 P 
PROVIDER:raw:443:59996 USER:none <59+-1>
00000000   14 03 01 00 01 01 16 03 01 00 30 b4 ba b3 20 62  ..........0... b
00000010   01 7b 56 03 24 63 38 3d f7 d6 9d bc a1 ac dc 77  .{V.$c8=.......w
00000020   20 8a 98 42 5b 94 6c ea 96 c3 0f cf ce 9e 63 84   ..B[.l.......c.
00000030   3e c9 fe 5b 8c 64 20 23 4c 72 28                 >..[.d #Lr(

[0.00200.00553](0.00000.00027)   CAPTURE-00017 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+20>
Available bytes:40
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:20 tos:0 id:45577 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+0>
     src:59996 dst:443    A   s:391 l:0 a:884 w:49640 
PROVIDER:raw:59996:443 USER:none <0+-1>


[0.00201.00010](0.00000.00457)   CAPTURE-00018 779/779
PROVIDER:ether USER:ip <14+765>
Available bytes:779
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+745>
Available bytes:765
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:745 tos:0 id:45578 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+725>
     src:59996 dst:443 P  A   s:391 l:725 a:884 w:49640 P 
PROVIDER:raw:59996:443 USER:none <725+-1>
00000000   17 03 01 02 d0 a2 87 2d f6 0f f1 b1 96 3c ac 1e  .......-.....<..
00000010   f1 99 92 ce ac 48 32 7d f1 8f bc 41 5f 2b ef af  .....H2}...A_+..
00000020   a1 29 bf 68 a1 c9 f3 c0 ed 27 49 07 f3 ce b9 81  .).h.....'I.....
00000030   c9 c5 26 ad 64 2a 14 20 02 26 6a b6 91 2b 99 8d  ..&.d*. .&j..+..
00000040   5d 7c 12 e7 35 82 39 16 25 f8 ef be 68 f1 0f 21  ]|..5.9.%...h..!
00000050   06 1f ec 51 2f fa 16 13 9b 3b 42 72 09 96 91 91  ...Q/....;Br....
00000060   71 ef f6 76 1f 8a fa e6 f8 61 94 66 8b c2 e2 65  q..v.....a.f...e
00000070   43 35 1a 65 d4 90 c3 d7 98 4c 3d 8b ca 13 df e4  C5.e.....L=.....
00000080   b0 81 22 fe d7 cb 96 f2 78 b0 f1 d3 8f a6 81 3c  ..".....x......<
00000090   6e b5 6c 5d a6 a4 45 73 1e 3b b9 41 45 e5 76 08  n.l]..Es.;.AE.v.
000000a0   ff a7 80 87 b6 63 95 96 f3 63 5a 50 4d a4 80 e8  .....c...cZPM...
000000b0   d1 1f 92 54 12 02 45 dd 9d 87 9f 4f ab e7 cf ce  ...T..E....O....
000000c0   d1 a8 26 2b 14 02 1b f7 2b f8 b9 8c d3 c3 fe d5  ..&+....+.......
000000d0   a9 e5 b3 0f 7b 71 d4 fb 7c d9 4a 3e ba 10 47 23  ....{q..|.J>..G#
000000e0   bf 2f 8a b8 19 86 0e 8a 1d ea 55 de 24 5c b9 c6  ./........U.$\..
000000f0   5f 8c d6 15 39 69 60 60 ae 24 12 9e d1 86 b6 09  _...9i``.$......
00000100   a0 6a 02 d0 8f af 68 0b f2 1e 04 cb d5 bd bd 18  .j....h.........
00000110   3e ef 9c a5 8c e4 21 6b 45 b5 6c 02 b3 d2 65 d3  >.....!kE.l...e.
00000120   a5 2a 02 3e f7 98 d9 66 66 7f 8c ea 56 6b c7 3b  .*.>...ff...Vk.;
00000130   b1 b7 c5 fd c8 67 58 d7 ae fb 99 0f 43 bc 25 36  .....gX.....C.%6
00000140   3c 8a a0 56 51 3e e1 e7 6a ab eb f6 bd cf f0 89  <..VQ>..j.......
00000150   82 d9 6a 48 4b 75 51 e1 6e 46 2a 67 f5 91 31 73  ..jHKuQ.nF*g..1s
00000160   09 5c fb 93 05 a0 d3 c9 2c 09 4c 99 a7 7c eb 08  .\......,.L..|..
00000170   51 ec e9 66 42 84 cc a4 e9 9c f0 fb f9 f8 29 54  Q..fB.........)T
00000180   43 39 23 ef 5c e5 ea 71 2f bf 9b 34 b2 69 e1 14  C9#.\..q/..4.i..
00000190   e8 f2 b6 c4 76 ff 66 79 02 17 30 f9 12 f4 b9 3b  ....v.fy..0....;
000001a0   9e 9b 16 14 45 e5 4e df 0e 54 37 31 1d b1 dd bf  ....E.N..T71....
000001b0   1d b1 00 da e2 fd ea ab a9 68 7a 1f 28 d2 56 0e  .........hz.(.V.
000001c0   08 b8 20 1e cb fd df 5b 72 7c 8e f9 e2 ed f7 57  .. ....[r|.....W
000001d0   50 f4 68 dd 58 1b 14 d5 60 97 f9 93 b3 18 31 27  P.h.X...`.....1'
000001e0   f7 ea 3d ca 8c f1 d7 f8 4b d0 37 bf ac 6c 11 c6  ..=.....K.7..l..
000001f0   2d a7 a4 53 ca a7 18 ab 4e 7b 2b e9 c2 12 05 23  -..S....N{+....#
00000200   56 1a 9e 97 b1 5f c3 ec 58 a1 1a cc 35 f1 1b c3  V...._..X...5...
00000210   db bb f9 3f 79 62 51 96 3c a2 45 7f 6e 73 3e 46  ...?ybQ.<.E.ns>F
00000220   06 16 17 6d 32 f1 be 7f 71 5b 52 67 e0 85 5b 9c  ...m2...q[Rg..[.
00000230   23 f8 4a 9a 96 82 c4 d5 96 8a a3 94 8c a9 fa f8  #.J.............
00000240   06 a2 0d 1e 08 97 06 4d 07 9b 64 b7 a6 03 3b 6e  .......M..d...;n
00000250   f0 45 2d 4a e0 50 ac 3e dc 14 ad 7b cd 4e ba b7  .E-J.P.>...{.N..
00000260   b9 d0 c6 1f a5 9a 5b ff c1 e1 1f 53 d7 82 41 2f  ......[....S..A/
00000270   a1 c9 aa 04 5a c1 1e a5 b6 0f 4f 25 a7 74 46 c8  ....Z.....O%.tF.
00000280   7f 30 91 22 63 76 8e e6 bf 4a 01 17 f5 3e 6c 8b  .0."cv...J...>l.
00000290   90 c6 eb 82 f7 6a 2a 10 7f a9 a0 68 88 b9 38 79  .....j*....h..8y
000002a0   9f ad e9 a7 bd 55 3c 19 57 a7 8c 5a 81 3c 67 d3  .....U<.W..Z.<g.
000002b0   2b 76 e9 69 b2 9e 1d c0 4f 18 51 67 e8 20 32 1c  +v.i....O.Qg. 2.
000002c0   7a 26 7a 44 f9 86 77 ef 3a 32 a2 42 cf b8 d9 58  z&zD..w.:2.B...X
000002d0   d9 30 ca 97 5d                                   .0..]

[0.00224.00358](0.00023.00348)   CAPTURE-00019 113/113
PROVIDER:ether USER:ip <14+99>
Available bytes:113
src:00-04-5a-d1-86-ad dst:00-14-4f-80-e5-b8 length: 2048
PROVIDER:ip:00045ad186ad:00144f80e5b8 USER:tcp <20+79>
Available bytes:99
4    src:206.190.56.28 dst:192.168.1.6   hlen:20 len:79 tos:0 id:16538 ttl:51 protocol:6 CheckSum:3e72
PROVIDER:tcp:cebe381c:c0a80106 USER:raw <20+59>
     src:443 dst:61541 P  A   s:825 l:59 a:391 w:65535 P 
PROVIDER:raw:443:61541 USER:none <59+-1>
00000000   14 03 01 00 01 01 16 03 01 00 30 7f 75 87 dd 6e  ..........0.u..n
00000010   36 f9 0f 2a 5b 65 aa 1a 6b 39 e6 49 6d 13 fb c7  6..*[e..k9.Im...
00000020   d6 44 d1 a4 76 90 33 fd f8 13 71 36 29 54 8e 23  .D..v.3...q6)T.#
00000030   71 93 9a ff 33 8f 1b 2a ac 39 59                 q...3..*.9Y

[0.00224.00385](0.00000.00027)   CAPTURE-00020 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+20>
Available bytes:40
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:20 tos:0 id:45579 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+0>
     src:61541 dst:443    A   s:391 l:0 a:884 w:49640 
PROVIDER:raw:61541:443 USER:none <0+-1>


[0.00224.00992](0.00000.00607)   CAPTURE-00021 763/763
PROVIDER:ether USER:ip <14+749>
Available bytes:763
src:00-14-4f-80-e5-b8 dst:00-04-5a-d1-86-ad length: 2048
PROVIDER:ip:00144f80e5b8:00045ad186ad USER:tcp <20+729>
Available bytes:749
4    src:192.168.1.6 dst:206.190.56.28   hlen:20 len:729 tos:0 id:45580 ttl:64 protocol:6 CheckSum:0000
PROVIDER:tcp:c0a80106:cebe381c USER:raw <20+709>
     src:61541 dst:443 P  A   s:391 l:709 a:884 w:49640 P 
PROVIDER:raw:61541:443 USER:none <709+-1>
00000000   17 03 01 02 c0 87 3a b0 b7 67 36 7a 84 4e 15 da  ......:..g6z.N..
00000010   76 a0 a2 b4 36 cf ce 15 9c b9 5f 5f e6 2d df 72  v...6.....__.-.r
00000020   7d 7f 0e 3a c5 c9 da 49 49 89 b5 ca dd fc 3f c0  }..:...II.....?.
00000030   ba d1 e4 53 0b c4 b9 95 da 0a 7d c3 49 00 70 94  ...S......}.I.p.
00000040   0a db 07 fa ca 22 42 0d 4c 14 18 3e a2 f4 55 d4  ....."B.L..>..U.
00000050   16 69 a7 79 16 20 62 cc 15 b9 62 04 61 d3 8e 59  .i.y. b...b.a..Y
00000060   dd 24 7a e3 51 73 5c 6c 44 7e bf 4a e2 03 cd 99  .$z.Qs\lD~.J....
00000070   06 e4 51 8b d4 ce 1b 7a c2 7e 79 88 9d 6c 0a 74  ..Q....z.~y..l.t
00000080   2e 08 d8 62 a7 c6 98 e6 92 44 a7 b3 d3 29 de 20  ...b.....D...). 
00000090   d6 c9 b5 65 83 7a 80 5b 6c 73 ed 09 bd 20 74 20  ...e.z.[ls... t 
000000a0   9f 10 5b c0 cd 78 38 2e 33 95 14 f5 2f 1e 1c bb  ..[..x8.3.../...
000000b0   2a 89 61 63 05 39 61 fb 6d 2d b5 4c 80 f6 13 7b  *.ac.9a.m-.L...{
000000c0   41 ee 51 9b f3 2d 5a dc be 99 5b ba 02 7b 78 b1  A.Q..-Z...[..{x.
000000d0   19 21 1a b3 26 d8 48 d2 06 9e 84 95 4d 8a fc 22  .!..&.H.....M.."
000000e0   ac 40 7f 6c be a1 55 86 55 dd ec 0a b0 ef e5 11  .@.l..U.U.......
000000f0   b2 a7 79 55 b0 fa 38 4b a0 39 91 bb a6 cb 25 a4  ..yU..8K.9....%.
00000100   2d 78 8f 36 7a 1f 77 dd 23 aa 92 c9 d6 2d 8b d4  -x.6z.w.#....-..
00000110   38 43 e8 fe 13 63 79 10 a0 35 60 3f f9 fe 07 83  8C...cy..5`?....
00000120   71 21 4a b1 57 dd 23 61 db e9 58 49 4c 47 0f 5a  q!J.W.#a..XILG.Z
00000130   1d e9 c8 2d f0 a2 d0 26 d0 f6 08 dc 6e f8 93 8a  ...-...&....n...
00000140   23 44 b7 fb d9 9e 93 3b 59 c1 0f 2f 19 7e bb c2  #D.....;Y../.~..
00000150   25 c3 34 fc 22 7a 14 19 f7 be 16 65 93 69 d9 48  %.4."z.....e.i.H
00000160   aa c2 bc f3 37 74 9a ae a8 88 20 16 f3 d8 c9 83  ....7t.... .....
00000170   6d f6 d7 fd b5 0b d2 c8 fa eb 5c 5e f4 71 2e 5c  m.........\^.q.\
00000180   21 1a 6e 4a 16 18 ec 45 0f 8e 83 51 a9 41 61 75  !.nJ...E...Q.Aau
00000190   22 04 41 1d 04 ba b3 0d 90 3f 27 2b 7a c0 e6 92  ".A......?'+z...
000001a0   05 89 e0 b3 c1 68 06 87 c5 82 6a 6a ff 47 5a 8b  .....h....jj.GZ.
000001b0   12 07 f7 bf 6e d0 12 f6 a9 33 bb 4a a3 cc 3c 4e  ....n....3.J..<N
000001c0   31 a9 f1 96 70 6b f6 d3 43 38 30 74 3d cb 8c cd  1...pk..C80t=...
000001d0   8f bc a5 57 31 5b 29 0d 65 d6 14 0f de 1f 93 d6  ...W1[).e.......
000001e0   49 7b ec a7 89 c4 84 6f 54 26 b9 57 4b 88 1e 2d  I{.....oT&.WK..-
000001f0   ab c7 0d 0a 5a 58 c4 66 57 6c 73 74 dd 87 12 23  ....ZX.fWlst...#
00000200   c2 9c 5e 6f a8 91 2a 28 e4 e0 a2 d4 9c 9a 53 89  ..^o..*(......S.
00000210   2e 67 76 59 28 9f e2 1d 3b e5 81 8d fe 48 79 94  .gvY(...;....Hy.
00000220   25 0c ae cb 0c d2 dd ab 8d b1 37 19 14 9f 2c a7  %.........7...,.
00000230   d7 ec 4a b1 37 05 a3 19 d2 2a 07 bb 72 f8 ec 61  ..J.7....*..r..a
00000240   4a db 71 5f 8c f6 c7 1a a7 a0 e7 7b 79 16 4c b5  J.q_.......{y.L.
00000250   ac 70 8c c9 05 39 b0 50 c0 30 b3 88 e9 46 a3 30  .p...9.P.0...F.0
00000260   25 63 36 c0 e9 78 8f 83 4f 20 47 9f 16 31 35 6e  %c6..x..O G..15n
00000270   af a9 93 a5 a7 37 22 54 42 3c c2 ea 32 db ed ea  .....7"TB<..2...
00000280   c7 1f 1f 07 11 a0 c0 f7 ab 47 ed 64 35 8e 11 10  .........G.d5...
00000290   e2 19 7a a2 8c 86 32 31 8c b6 2f 49 f9 7d 66 f4  ..z...21../I.}f.
000002a0   9e 2d c6 5c f5 9d 31 bc 3a 0d 6b 19 05 9c f8 64  .-.\..1.:.k....d
000002b0   e1 79 7b 58 2d a7 93 80 f7 e8 ce bd 24 cf 48 df  .y{X-.......$.H.
000002c0   ea 43 84 d3 eb                                   .C...
https.hex-initial
00000000   a1 b2 c3 d4 00 02 00 04 00 00 00 00 00 00 00 00  ................
00000010   00 00 ff ff 00 00 00 01

CAPTURE 00
00000018   47 c4 3f 13 00 05 61 91 00 00 00 42 00 00 00 42

00000028   00 00 00 42 00 00 00 42 00 04 5a d1 86 ad 00 14  ...B...B..Z.....
00000030   4f 80 e5 b8 08 00 45 00 00 34 b1 ff 40 00 40 06  O.....E..4..@.@.
00000040   00 00 c0 a8 01 06 ce be 38 1c ea 5c 01 bb c7 89  ........8..\....
00000050   74 50 00 00 00 00 80 02 c1 e8 00 00 00 00 02 04  tP..............
00000060   05 b4 01 03 03 00 01 01 04 02

CAPTURE 01
0000006a   47 c4 3f 13 00 05 62 59 00 00 00 42 00 00 00 42

0000007a   00 04 5a d1 86 ad
00000080   00 14 4f 80 e5 b8 08 00 45 00 00 34 b2 00 40 00  ..O.....E..4..@.
00000090   40 06 00 00 c0 a8 01 06 ce be 38 1c f0 65 01 bb  @.........8..e..
000000a0   c7 8b d8 ed 00 00 00 00 80 02 c1 e8 00 00 00 00  ................
000000b0   02 04 05 b4 01 03 03 00 01 01 04 02

CAPTURE 02
000000bc   47 c4 3f 13 00 06 53 07 00 00 00 3e 00 00 00 3e
000000cc   00 14 4f 80 
000000d0   e5 b8 00 04 5a d1 86 ad 08 00 45 00 00 30 3f f9  ....Z.....E..0?.
000000e0   40 00 34 06 3e 46 ce be 38 1c c0 a8 01 06 01 bb  @.4.>F..8.......
000000f0   ea 5c be 05 87 31 c7 89 74 51 70 12 ff ff 4e 5b  .\...1..tQp...N[
00000100   00 00 02 04 05 b4 01 03 03 01

### TCP Hanshake completed

CAPTURE 03
0000010b   47 c4 3f 13 00 06 53 35 00 00 00 36 00 00 00 36

00000119   00 04 5a d1 86 ad
00000120   00 14 4f 80 e5 b8 08 00 45 00 00 28 b2 01 40 00  ..O.....E..(..@.
00000130   40 06 00 00 c0 a8 01 06 ce be 38 1c ea 5c 01 bb  @.........8..\..
00000140   c7 89 74 51 be 05 87 32 50 10 c1 e8 00 00 00 00  ..tQ...2P.......

CAPTURE 04
00000150   47 c4 3f 13 00 06 55 07 00 00 00 f6 00 00 00 f6  G.?...U.........

00000160   00 04 5a d1 86 ad 00 14 4f 80 e5 b8 08 00 45 00  ..Z.....O.....E.
00000170   00 e8 b2 02 40 00 40 06 00 00 c0 a8 01 06 ce be  ....@.@.........
00000180   38 1c ea 5c 01 bb c7 89 74 51 be 05 87 32 50 18  8..\....tQ...2P.
00000190   c1 e8 00 00 00 00 

TLS HANDSHAKE
00000196   16 03 01 00 bb 01 00 00 b7 03  ................
000001a0   01 00 00 2e 90 47 32 cc 2f 6b c2 b2 aa 65 c3 99  .....G2./k...e..
000001b0   7c 45 0f 79 0e 41 a8 01 f2 c9 88 15 f8 97 b9 45  |E.y.A.........E
000001c0   65 00 00 38 c0 0a c0 14 00 39 00 38 c0 0f c0 05  e..8.....9.8....
000001d0   00 35 c0 07 c0 09 c0 11 c0 13 00 33 00 32 c0 0c  .5.........3.2..
000001e0   c0 0e c0 02 c0 04 00 04 00 05 00 2f c0 08 c0 12  .........../....
000001f0   00 16 00 13 c0 0d c0 03 fe ff 00 0a 01 00 00 56  ...............V
00000200   00 00 00 14 00 12 00 00 0f 61 70 69 2e 64 65 6c  .........api.del
00000210   2e 69 63 69 6f 2e 75 73 00 0a 00 34 00 32 00 01  .icio.us...4.2..
00000220   00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09  ................
00000230   00 0a 00 0b 00 0c 00 0d 00 0e 00 0f 00 10 00 11  ................
00000240   00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19  ................
00000250   00 0b 00 02 01 00

CAPTURE 05
### The server sent the SA again
00000256   47 c4 3f 13 00 06 71 33 00 00 00 3e 00 00 00 3e

00000266   00 14 4f 80 e5 b8 00 04 5a d1  .>...>..O.....Z.
00000270   86 ad 08 00 45 00 00 30 3f fa 40 00 33 06 3f 45
00000280   ce be 38 1c c0 a8 01 06 01 bb f0 65 68 8a 40 ec
00000290   c7 8b d8 ee 70 12 ff ff 7f 73 00 00 02 04 05 b4
000002a0   01 03 03 01 47 
CAPTURE 06
### The client acked the server SA again
000002a5   47 c4 3f 13 00 06 71 5b 00 00 00 36 00 00 00 36

000002b6   00 04 5a d1 86 ad 00 14 4f 80 e5 b8
000002c0   08 00 45 00 00 28 b2 03 40 00 40 06 00 00 c0 a8
000002d0   01 06 ce be 38 1c f0 65 01 bb c7 8b d8 ee 68 8a
000002e0   40 ed 50 10 c1 e8 00 00 00 00

CAPTURE 07 (duplicate of CAPTIRE 04)
000002eb   47 c4 3f 13 00 06 72 b8 00 00 00 f6 00 00 00 f6

000002fa   00 04 5a d1 86 ad 
00000300   00 14 4f 80 e5 b8 08 00 45 00 00 e8 b2 04 40 00
00000310   40 06 00 00 c0 a8 01 06 ce be 38 1c f0 65 01 bb
00000320   c7 8b d8 ee 68 8a 40 ed 50 18 c1 e8 00 00 00 00

00000330   16 03 01 00 bb 01 00 00 b7 03 01 00 00 2e 90 89
00000340   93 fa ed 0e 10 f3 6d 7a e6 3a 84 14 5c e6 57 d2
00000350   1c b4 c7 71 97 cd ee d9 37 96 09 00 00 38 c0 0a
00000360   c0 14 00 39 00 38 c0 0f c0 05 00 35 c0 07 c0 09
00000370   c0 11 c0 13 00 33 00 32 c0 0c c0 0e c0 02 c0 04
00000380   00 04 00 05 00 2f c0 08 c0 12 00 16 00 13 c0 0d
00000390   c0 03 fe ff 00 0a 01 00 00 56 00 00 00 14 00 12
000003a0   00 00 0f 61 70 69 2e 64 65 6c 2e 69 63 69 6f 2e
000003b0   75 73 00 0a 00 34 00 32 00 01 00 02 00 03 00 04
000003c0   00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c  ................
000003d0   00 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14
000003e0   00 15 00 16 00 17 00 18 00 19 00 0b 00 02 01 00

CAPTURE 08 (server)
000003f0   47 c4 3f 13 00 07 50 ca 00 00 00 3c 00 00 00 3c len 60

00000400   00 14 4f 80 e5 b8 00 04 5a d1 86 ad 08 00 45 00
00000410   00 28 40 37 40 00 34 06 3e 10 ce be 38 1c c0 a8
00000420   01 06 01 bb ea 5c be 05 87 32 c7 89 75 11 50 10
00000430   ff ff 79 60 00 00 00 00 00 00 00 00 

CAPTURE 09
0000043c   47 c4 3f 13 00 07 5b b6 00 00 03 6e 00 00 03 6e len 878

0000044c   00 14 4f 80
00000450   e5 b8 00 04 5a d1 86 ad 08 00 45 00 03 60 40 38
00000460   40 00 34 06 3a d7 ce be 38 1c c0 a8 01 06 01 bb
00000470   ea 5c be 05 87 32 c7 89 75 11 50 18 ff ff b3 03
00000480   00 00

HANDSHAKE
00000482   16 03 01 00 2a 02 00 00 26 03 01 47 c4 3c
00000490   bc 63 97 a2 43 2a 66 c0 97 d3 32 90 f5 b6 03 dd
000004a0   a6 22 a4 04 fc 94 ee 26 c0 35 5d 9b b2 00 00 35
000004b0   00 16 03 01 02 fb 0b 00 02 f7 00 02 f4 00 02 f1
000004c0   30 82 02 ed 30 82 02 56 a0 03 02 01 02 02 03 05
000004d0   c9 2c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05  .,0...*.H.......
000004e0   00 30 4e 31 0b 30 09 06 03 55 04 06 13 02 55 53  .0N1.0...U....US
000004f0   31 10 30 0e 06 03 55 04 0a 13 07 45 71 75 69 66  1.0...U....Equif
00000500   61 78 31 2d 30 2b 06 03 55 04 0b 13 24 45 71 75  ax1-0+..U...$Equ
00000510   69 66 61 78 20 53 65 63 75 72 65 20 43 65 72 74  ifax Secure Cert
00000520   69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74  ificate Authorit
00000530   79 30 1e 17 0d 30 36 30 34 32 31 31 39 32 35 32  y0...06042119252
00000540   39 5a 17 0d 30 39 30 34 32 31 31 39 32 35 32 39  9Z..090421192529
00000550   5a 30 78 31 0b 30 09 06 03 55 04 06 13 02 55 53  Z0x1.0...U....US
00000560   31 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66  1.0...U....Calif
00000570   6f 72 6e 69 61 31 14 30 12 06 03 55 04 07 13 0b  ornia1.0...U....
00000580   53 61 6e 74 61 20 43 6c 61 72 61 31 14 30 12 06  Santa Clara1.0..
00000590   03 55 04 0a 14 0b 59 61 68 6f 6f 21 20 49 6e 63  .U....Yahoo! Inc
000005a0   2e 31 0e 30 0c 06 03 55 04 0b 13 05 59 61 68 6f  .1.0...U....Yaho
000005b0   6f 31 18 30 16 06 03 55 04 03 13 0f 61 70 69 2e  o1.0...U....api.
000005c0   64 65 6c 2e 69 63 69 6f 2e 75 73 30 81 9f 30 0d  del.icio.us0..0.
000005d0   06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d  ..*.H...........
000005e0   00 30 81 89 02 81 81 00 ba 15 94 2c e2 80 0a 4d  .0.........,...M
000005f0   77 c6 97 52 c5 77 11 69 3c f8 81 47 a3 06 2b 13  w..R.w.i<..G..+.
00000600   55 31 4d 64 11 60 78 27 c5 ab 4c f3 61 51 0c d0  U1Md.`x'..L.aQ..
00000610   a9 49 93 34 d2 86 f4 e9 a0 9b d2 97 cf a7 e7 a4  .I.4............
00000620   84 8c bf 3f 0d 1f a5 3a b5 b2 cc fb 65 fa df ee  ...?...:....e...
00000630   b7 1e 9e 0b f4 4a 6e c6 c7 f9 76 35 c7 70 91 91  .....Jn...v5.p..
00000640   b5 42 3f ed 3b 90 7d 58 b9 d9 2b 0e 2e fb 82 7f  .B?.;.}X..+.....
00000650   d2 c5 26 b1 d2 81 3d 71 a1 48 0f 2e 2c 48 94 d1  ..&...=q.H..,H..
00000660   6b a2 75 c0 f6 ed 4b 03 02 03 01 00 01 a3 81 ae  k.u...K.........
00000670   30 81 ab 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03  0..0...U........
00000680   02 04 f0 30 1d 06 03 55 1d 0e 04 16 04 14 7c 10  ...0...U......|.
00000690   db dd 65 e0 9a f0 15 5d 42 ff 90 86 1a 33 3d 63  ..e....]B....3=c
000006a0   33 11 30 3a 06 03 55 1d 1f 04 33 30 31 30 2f a0  3.0:..U...3010/.
000006b0   2d a0 2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 2e  -.+.)http://crl.
000006c0   67 65 6f 74 72 75 73 74 2e 63 6f 6d 2f 63 72 6c  geotrust.com/crl
000006d0   73 2f 73 65 63 75 72 65 63 61 2e 63 72 6c 30 1f  s/secureca.crl0.
000006e0   06 03 55 1d 23 04 18 30 16 80 14 48 e6 68 f9 2b  ..U.#..0...H.h.+
000006f0   d2 b2 95 d7 47 d8 23 20 10 4f 33 98 90 9f d4 30  ....G.# .O3....0
00000700   1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05  ...U.%..0...+...
00000710   05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 0d  ......+.......0.
00000720   06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81  ..*.H...........
00000730   00 45 0f 16 d6 19 94 16 05 26 6b cf d9 f2 af 36  .E.......&k....6
00000740   a8 ed 15 42 c6 34 72 e6 2a fd 47 1d f9 21 40 a3  ...B.4r.*.G..!@.
00000750   25 10 0a c3 ad 07 45 77 a2 fe 4c f2 53 52 1f 8d  %.....Ew..L.SR..
00000760   35 d9 b4 a7 77 05 c5 87 26 9d 6e d9 4d 33 60 54  5...w...&.n.M3`T
00000770   2d c6 c6 85 f4 72 58 df ef 41 9a 12 d2 ff f5 64  -....rX..A.....d
00000780   c5 0f 7d 31 85 9d 1c fd 8f 67 7a bf d9 e0 55 c4  ..}1.....gz...U.
00000790   b1 20 26 61 1d f1 3d 7f d8 4c 83 24 73 7d 5a f8  . &a..=..L.$s}Z.
000007a0   13 15 7b 6a 74 a2 8e 7d 78 cc a7 70 dd 1f 57 fb  ..{jt..}x..p..W.
000007b0   d3 16 03 01 00 04 0e 00 00 00 47

CAPTURE 10
000007ba   47 c4 3f 13 00 07 5b cc 00 00 00 36 00 00 00 36 length 54

000007ca   00 04 5a d1 86 ad
000007d0   00 14 4f 80 e5 b8 08 00 45 00 00 28 b2 05 40 00
000007e0   40 06 00 00 c0 a8 01 06 ce be 38 1c ea 5c 01 bb
000007f0   c7 89 75 11 be 05 8a 6a 50 10 c1 e8 00 00 00 00

CAPTURE 11
00000800   47 c4 3f 13 00 07 65 48 00 00 00 fc 00 00 00 fc length 252

00000810   00 04 5a d1 86 ad 00 14 4f 80 e5 b8 08 00 45 00 
00000820   00 ee b2 06 40 00 40 06 00 00 c0 a8 01 06 ce be  ....@.@.........
00000830   38 1c ea 5c 01 bb c7 89 75 11 be 05 8a 6a 50 18  8..\....u....jP.
00000840   c1 e8 00 00 00 00 

HANDSHAKE
00000846   16 03 01 00 86 10 00 00 82 00  ................
00000850   80 9a 5e 5d 5c f0 f7 1b 90 44 c2 01 17 89 e0 82  ..^]\....D......
00000860   44 1b 74 a9 b5 32 15 a1 27 ee ff 9a 77 8f c3 3e  D.t..2..'...w..>
00000870   ac 1d 1a 7f b5 51 93 f7 a7 30 9e c7 71 4d af 54  .....Q...0..qM.T
00000880   10 d1 19 4c d7 35 c7 f6 a8 d3 36 01 5d b3 eb 3b  ...L.5....6.]..;
00000890   88 38 2f 66 92 4e cf bf 06 78 e1 67 fc 0a 4a 7a  .8/f.N...x.g..Jz
000008a0   49 68 ec e0 ba c8 83 a3 70 5f 74 52 34 fd b2 22  Ih......p_tR4.."
000008b0   8c 29 47 88 ed 60 ea 2a bd 21 79 cc 1e 42 4e e2  .)G..`.*.!y..BN.
000008c0   20 24 a9 38 4f 35 b1 30 e4 8d 82 5b 73 9b 08 c5   $.8O5.0...[s...
000008d0   5d 14 03 01 00 01 01 16 03 01 00 30 6a 01 a1 a6  ]..........0j...
000008e0   11 fb 59 d0 12 b8 b6 6d 8e 97 4f 26 44 db f5 a0  ..Y....m..O&D...
000008f0   e0 2d 22 54 4a 39 18 5b 96 ed 9d 84 1c 7e 72 2d  .-"TJ9.[.....~r-
00000900   d9 bd 68 38 03 45 5c 9a 2f 9c a3 7c 

CAPTURE 12
0000090c   47 c4 3f 13 00 07 8d 9c 00 00 00 3c 00 00 00 3c length 60

0000091c   00 14 4f 80 
00000920   e5 b8 00 04 5a d1 86 ad 08 00 45 00 00 28 40 39  ....Z.....E..(@9
00000930   40 00 33 06 3f 0e ce be 38 1c c0 a8 01 06 01 bb  @.3.?...8.......
00000940   f0 65 68 8a 40 ed c7 8b d9 ae 50 10 ff ff aa 78  .eh.@.....P....x
00000950   00 00 00 00 00 00 00 00

CAPTURE 13
00000958   47 c4 3f 13 00 07 96 76 00 00 03 6e 00 00 03 6e length 878

00000968   00 14 4f 80 e5 b8 00 04
00000970   5a d1 86 ad 08 00 45 00 03 60 40 3a 40 00 33 06  Z.....E..`@:@.3.
00000980   3b d5 ce be 38 1c c0 a8 01 06 01 bb f0 65 68 8a  ;...8........eh.
00000990   40 ed c7 8b d9 ae 50 18 ff ff fb 8a 00 00

HANDSHAKE
0000099e   16 03
000009a0   01 00 2a 02 00 00 26 03 01 47 c4 3c bc e7 05 5c  ..*...&..G.<...\
000009b0   9d b2 66 d9 37 ed 3b bc 32 3b b6 8c 1f 55 1d 14  ..f.7.;.2;...U..
000009c0   9d 1a 49 45 e8 23 3a 00 47 00 00 35 00 16 03 01  ..IE.#:.G..5....
000009d0   02 fb 0b 00 02 f7 00 02 f4 00 02 f1 30 82 02 ed  ............0...
000009e0   30 82 02 56 a0 03 02 01 02 02 03 05 c9 2c 30 0d  0..V.........,0.
000009f0   06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 4e 31  ..*.H........0N1
00000a00   0b 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e  .0...U....US1.0.
00000a10   06 03 55 04 0a 13 07 45 71 75 69 66 61 78 31 2d  ..U....Equifax1-
00000a20   30 2b 06 03 55 04 0b 13 24 45 71 75 69 66 61 78  0+..U...$Equifax
00000a30   20 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63   Secure Certific
00000a40   61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17  ate Authority0..
00000a50   0d 30 36 30 34 32 31 31 39 32 35 32 39 5a 17 0d  .060421192529Z..
00000a60   30 39 30 34 32 31 31 39 32 35 32 39 5a 30 78 31  090421192529Z0x1
00000a70   0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11  .0...U....US1.0.
00000a80   06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69  ..U....Californi
00000a90   61 31 14 30 12 06 03 55 04 07 13 0b 53 61 6e 74  a1.0...U....Sant
00000aa0   61 20 43 6c 61 72 61 31 14 30 12 06 03 55 04 0a  a Clara1.0...U..
00000ab0   14 0b 59 61 68 6f 6f 21 20 49 6e 63 2e 31 0e 30  ..Yahoo! Inc.1.0
00000ac0   0c 06 03 55 04 0b 13 05 59 61 68 6f 6f 31 18 30  ...U....Yahoo1.0
00000ad0   16 06 03 55 04 03 13 0f 61 70 69 2e 64 65 6c 2e  ...U....api.del.
00000ae0   69 63 69 6f 2e 75 73 30 81 9f 30 0d 06 09 2a 86  icio.us0..0...*.
00000af0   48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89  H............0..
00000b00   02 81 81 00 ba 15 94 2c e2 80 0a 4d 77 c6 97 52  .......,...Mw..R
00000b10   c5 77 11 69 3c f8 81 47 a3 06 2b 13 55 31 4d 64  .w.i<..G..+.U1Md
00000b20   11 60 78 27 c5 ab 4c f3 61 51 0c d0 a9 49 93 34  .`x'..L.aQ...I.4
00000b30   d2 86 f4 e9 a0 9b d2 97 cf a7 e7 a4 84 8c bf 3f  ...............?
00000b40   0d 1f a5 3a b5 b2 cc fb 65 fa df ee b7 1e 9e 0b  ...:....e.......
00000b50   f4 4a 6e c6 c7 f9 76 35 c7 70 91 91 b5 42 3f ed  .Jn...v5.p...B?.
00000b60   3b 90 7d 58 b9 d9 2b 0e 2e fb 82 7f d2 c5 26 b1  ;.}X..+.......&.
00000b70   d2 81 3d 71 a1 48 0f 2e 2c 48 94 d1 6b a2 75 c0  ..=q.H..,H..k.u.
00000b80   f6 ed 4b 03 02 03 01 00 01 a3 81 ae 30 81 ab 30  ..K.........0..0
00000b90   0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 04 f0 30  ...U...........0
00000ba0   1d 06 03 55 1d 0e 04 16 04 14 7c 10 db dd 65 e0  ...U......|...e.
00000bb0   9a f0 15 5d 42 ff 90 86 1a 33 3d 63 33 11 30 3a  ...]B....3=c3.0:
00000bc0   06 03 55 1d 1f 04 33 30 31 30 2f a0 2d a0 2b 86  ..U...3010/.-.+.
00000bd0   29 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 65 6f 74  )http://crl.geot
00000be0   72 75 73 74 2e 63 6f 6d 2f 63 72 6c 73 2f 73 65  rust.com/crls/se
00000bf0   63 75 72 65 63 61 2e 63 72 6c 30 1f 06 03 55 1d  cureca.crl0...U.
00000c00   23 04 18 30 16 80 14 48 e6 68 f9 2b d2 b2 95 d7  #..0...H.h.+....
00000c10   47 d8 23 20 10 4f 33 98 90 9f d4 30 1d 06 03 55  G.# .O3....0...U
00000c20   1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01  .%..0...+.......
00000c30   06 08 2b 06 01 05 05 07 03 02 30 0d 06 09 2a 86  ..+.......0...*.
00000c40   48 86 f7 0d 01 01 05 05 00 03 81 81 00 45 0f 16  H............E..
00000c50   d6 19 94 16 05 26 6b cf d9 f2 af 36 a8 ed 15 42  .....&k....6...B
00000c60   c6 34 72 e6 2a fd 47 1d f9 21 40 a3 25 10 0a c3  .4r.*.G..!@.%...
00000c70   ad 07 45 77 a2 fe 4c f2 53 52 1f 8d 35 d9 b4 a7  ..Ew..L.SR..5...
00000c80   77 05 c5 87 26 9d 6e d9 4d 33 60 54 2d c6 c6 85  w...&.n.M3`T-...
00000c90   f4 72 58 df ef 41 9a 12 d2 ff f5 64 c5 0f 7d 31  .rX..A.....d..}1
00000ca0   85 9d 1c fd 8f 67 7a bf d9 e0 55 c4 b1 20 26 61  .....gz...U.. &a
00000cb0   1d f1 3d 7f d8 4c 83 24 73 7d 5a f8 13 15 7b 6a  ..=..L.$s}Z...{j
00000cc0   74 a2 8e 7d 78 cc a7 70 dd 1f 57 fb d3 16 03 01  t..}x..p..W.....
00000cd0   00 04 0e 00 00 00 

CAPTURE 14
00000cd6   47 c4 3f 13 00 07 96 86 00 00 00 36 00 00 00 36 length 54

00000ce6   00 04 5a d1 86 ad 00 14 4f 80 
00000cf0   e5 b8 08 00 45 00 00 28 b2 07 40 00 40 06 00 00  ....E..(..@.@...
00000d00   c0 a8 01 06 ce be 38 1c f0 65 01 bb c7 8b d9 ae  ......8..e......
00000d10   68 8a 44 25 50 10 c1 e8 00 00 00 00 

CAPTURE 15
00000d1c   47 c4 3f 13 00 07 9e eb 00 00 00 fc 00 00 00 fc  length 252

00000d2c   00 04 5a d1  
00000d30   86 ad 00 14 4f 80 e5 b8 08 00 45 00 00 ee b2 08  ....O.....E.....
00000d40   40 00 40 06 00 00 c0 a8 01 06 ce be 38 1c f0 65  @.@.........8..e
00000d50   01 bb c7 8b d9 ae 68 8a 44 25 50 18 c1 e8 00 00  ......h.D%P.....
00000d60   00 00

HANDSHAKE
00000d62   16 03 01 00 86 10 00 00 82 00 80 52 59 dc  .............RY.
00000d70   a6 bc 44 a1 c4 91 01 fb 1c e1 74 f9 fc c0 df b7  ..D.......t.....
00000d80   71 b7 58 11 3f 76 19 be 2c 96 e5 8c 07 da 87 78  q.X.?v..,......x
00000d90   d6 fd fa b5 93 34 1b 0f f8 a2 a1 f6 7d cb 71 be  .....4......}.q.
00000da0   9f 61 31 cd 5e 28 e7 25 d1 7f a7 4d 4b a4 92 68  .a1.^(.%...MK..h
00000db0   7d 87 51 2c d8 9f a2 1e a6 51 e2 6a 7d d5 3d 29  }.Q,.....Q.j}.=)
00000dc0   7a 10 2a f8 50 97 32 5f 28 94 f7 db 6c a4 41 a2  z.*.P.2_(...l.A.
00000dd0   05 21 cf 24 20 73 16 9d f8 50 78 e5 e1 f6 3e bb  .!.$ s...Px...>.
00000de0   4e 3e 08 c1 d4 44 1c de 29 f6 08 c8 d8 14 03 01  N>...D..).......
00000df0   00 01 01 16 03 01 00 30 bc 61 16 10 5e e3 af 36  .......0.a..^..6
00000e00   1c ca 6d d7 eb e2 00 65 a0 60 b9 b1 fc fd c5 af  ..m....e.`......
00000e10   6e 61 a0 fe b7 c9 88 53 50 21 7f 04 66 67 db a6  na.....SP!..fg..
00000e20   7e 8f f5 77 22 df 58 52 47 c4 3f 13 00 08 70 df  ~..w".XRG.?...p.

CAPTURE 16
00000e28   47 c4 3f 13 00 08 70 df 00 00 00 71 00 00 00 71 length 113

00000e38   00 14 4f 80 e5 b8 00 04
00000e40   5a d1 86 ad 08 00 45 00 00 63 40 84 40 00 34 06  Z.....E..c@.@.4.
00000e50   3d 88 ce be 38 1c c0 a8 01 06 01 bb ea 5c be 05  =...8........\..
00000e60   8a 6a c7 89 75 d7 50 18 ff ff bc 56 00 00

changeCipherSpec - the client will change from now on
00000e6e   14 03
00000e70   01 00 01 01 16 03 01 00 30 b4 ba b3 20 62 01 7b  ........0... b.{
00000e80   56 03 24 63 38 3d f7 d6 9d bc a1 ac dc 77 20 8a  V.$c8=.......w .
00000e90   98 42 5b 94 6c ea 96 c3 0f cf ce 9e 63 84 3e c9  .B[.l.......c.>.
00000ea0   fe 5b 8c 64 20 23 4c 72 28

CAPTURE 17
00000ea9   47 c4 3f 13 00 08 70 fa 00 00 00 36 00 00 00 36 length 54

00000eb0   00 04 5a d1 86 ad 00 
00000ec0   14 4f 80 e5 b8 08 00 45 00 00 28 b2 09 40 00 40  .O.....E..(..@.@
00000ed0   06 00 00 c0 a8 01 06 ce be 38 1c ea 5c 01 bb c7  .........8..\...
00000ee0   89 75 d7 be 05 8a a5 50 10 c1 e8 00 00 00 00 47  .u.....P.......G

CAPTURE 18
00000eef   47 c4 3f 13 00 08 72 c3 00 00 03 0b 00 00 03 0b length 779

00000eff   00
00000f00   04 5a d1 86 ad 00 14 4f 80 e5 b8 08 00 45 00 02  .Z.....O.....E..
00000f10   fd b2 0a 40 00 40 06 00 00 c0 a8 01 06 ce be 38  ...@.@.........8
00000f20   1c ea 5c 01 bb c7 89 75 d7 be 05 8a a5 50 18 c1  ..\....u.....P..
00000f30   e8 00 00 00 00

Application (client sends its stuff - ciphered)
00000f35   17 03 01 02 d0 a2 87 2d f6 0f f1
00000f40   b1 96 3c ac 1e f1 99 92 ce ac 48 32 7d f1 8f bc  ..<.......H2}...
00000f50   41 5f 2b ef af a1 29 bf 68 a1 c9 f3 c0 ed 27 49  A_+...).h.....'I
00000f60   07 f3 ce b9 81 c9 c5 26 ad 64 2a 14 20 02 26 6a  .......&.d*. .&j
00000f70   b6 91 2b 99 8d 5d 7c 12 e7 35 82 39 16 25 f8 ef  ..+..]|..5.9.%..
00000f80   be 68 f1 0f 21 06 1f ec 51 2f fa 16 13 9b 3b 42  .h..!...Q/....;B
00000f90   72 09 96 91 91 71 ef f6 76 1f 8a fa e6 f8 61 94  r....q..v.....a.
00000fa0   66 8b c2 e2 65 43 35 1a 65 d4 90 c3 d7 98 4c 3d  f...eC5.e.....L=
00000fb0   8b ca 13 df e4 b0 81 22 fe d7 cb 96 f2 78 b0 f1  .......".....x..
00000fc0   d3 8f a6 81 3c 6e b5 6c 5d a6 a4 45 73 1e 3b b9  ....<n.l]..Es.;.
00000fd0   41 45 e5 76 08 ff a7 80 87 b6 63 95 96 f3 63 5a  AE.v......c...cZ
00000fe0   50 4d a4 80 e8 d1 1f 92 54 12 02 45 dd 9d 87 9f  PM......T..E....
00000ff0   4f ab e7 cf ce d1 a8 26 2b 14 02 1b f7 2b f8 b9  O......&+....+..
00001000   8c d3 c3 fe d5 a9 e5 b3 0f 7b 71 d4 fb 7c d9 4a  .........{q..|.J
00001010   3e ba 10 47 23 bf 2f 8a b8 19 86 0e 8a 1d ea 55  >..G#./........U
00001020   de 24 5c b9 c6 5f 8c d6 15 39 69 60 60 ae 24 12  .$\.._...9i``.$.
00001030   9e d1 86 b6 09 a0 6a 02 d0 8f af 68 0b f2 1e 04  ......j....h....
00001040   cb d5 bd bd 18 3e ef 9c a5 8c e4 21 6b 45 b5 6c  .....>.....!kE.l
00001050   02 b3 d2 65 d3 a5 2a 02 3e f7 98 d9 66 66 7f 8c  ...e..*.>...ff..
00001060   ea 56 6b c7 3b b1 b7 c5 fd c8 67 58 d7 ae fb 99  .Vk.;.....gX....
00001070   0f 43 bc 25 36 3c 8a a0 56 51 3e e1 e7 6a ab eb  .C.%6<..VQ>..j..
00001080   f6 bd cf f0 89 82 d9 6a 48 4b 75 51 e1 6e 46 2a  .......jHKuQ.nF*
00001090   67 f5 91 31 73 09 5c fb 93 05 a0 d3 c9 2c 09 4c  g..1s.\......,.L
000010a0   99 a7 7c eb 08 51 ec e9 66 42 84 cc a4 e9 9c f0  ..|..Q..fB......
000010b0   fb f9 f8 29 54 43 39 23 ef 5c e5 ea 71 2f bf 9b  ...)TC9#.\..q/..
000010c0   34 b2 69 e1 14 e8 f2 b6 c4 76 ff 66 79 02 17 30  4.i......v.fy..0
000010d0   f9 12 f4 b9 3b 9e 9b 16 14 45 e5 4e df 0e 54 37  ....;....E.N..T7
000010e0   31 1d b1 dd bf 1d b1 00 da e2 fd ea ab a9 68 7a  1.............hz
000010f0   1f 28 d2 56 0e 08 b8 20 1e cb fd df 5b 72 7c 8e  .(.V... ....[r|.
00001100   f9 e2 ed f7 57 50 f4 68 dd 58 1b 14 d5 60 97 f9  ....WP.h.X...`..
00001110   93 b3 18 31 27 f7 ea 3d ca 8c f1 d7 f8 4b d0 37  ...1'..=.....K.7
00001120   bf ac 6c 11 c6 2d a7 a4 53 ca a7 18 ab 4e 7b 2b  ..l..-..S....N{+
00001130   e9 c2 12 05 23 56 1a 9e 97 b1 5f c3 ec 58 a1 1a  ....#V...._..X..
00001140   cc 35 f1 1b c3 db bb f9 3f 79 62 51 96 3c a2 45  .5......?ybQ.<.E
00001150   7f 6e 73 3e 46 06 16 17 6d 32 f1 be 7f 71 5b 52  .ns>F...m2...q[R
00001160   67 e0 85 5b 9c 23 f8 4a 9a 96 82 c4 d5 96 8a a3  g..[.#.J........
00001170   94 8c a9 fa f8 06 a2 0d 1e 08 97 06 4d 07 9b 64  ............M..d
00001180   b7 a6 03 3b 6e f0 45 2d 4a e0 50 ac 3e dc 14 ad  ...;n.E-J.P.>...
00001190   7b cd 4e ba b7 b9 d0 c6 1f a5 9a 5b ff c1 e1 1f  {.N........[....
000011a0   53 d7 82 41 2f a1 c9 aa 04 5a c1 1e a5 b6 0f 4f  S..A/....Z.....O
000011b0   25 a7 74 46 c8 7f 30 91 22 63 76 8e e6 bf 4a 01  %.tF..0."cv...J.
000011c0   17 f5 3e 6c 8b 90 c6 eb 82 f7 6a 2a 10 7f a9 a0  ..>l......j*....
000011d0   68 88 b9 38 79 9f ad e9 a7 bd 55 3c 19 57 a7 8c  h..8y.....U<.W..
000011e0   5a 81 3c 67 d3 2b 76 e9 69 b2 9e 1d c0 4f 18 51  Z.<g.+v.i....O.Q
000011f0   67 e8 20 32 1c 7a 26 7a 44 f9 86 77 ef 3a 32 a2  g. 2.z&zD..w.:2.
00001200   42 cf b8 d9 58 d9 30 ca 97 5d

CAPTURE 19
0000120a   47 c4 3f 13 00 08 cd f7 00 00 00 71 00 00 00 71 length 113

0000121a   00 14 4f 80 e5 b8
00001220   00 04 5a d1 86 ad 08 00 45 00 00 63 40 9a 40 00  ..Z.....E..c@.@.
00001230   33 06 3e 72 ce be 38 1c c0 a8 01 06 01 bb f0 65  3.>r..8........e
00001240   68 8a 44 25 c7 8b da 74 50 18 ff ff 1b f9 00 00  h.D%...tP.......

CHANGECIPHERSPEC - the server sends it stuff - ciphered
00001250   14 03 01 00 01 01 16 03 01 00 30 7f 75 87 dd 6e  ..........0.u..n
00001260   36 f9 0f 2a 5b 65 aa 1a 6b 39 e6 49 6d 13 fb c7  6..*[e..k9.Im...
00001270   d6 44 d1 a4 76 90 33 fd f8 13 71 36 29 54 8e 23  .D..v.3...q6)T.#
00001280   71 93 9a ff 33 8f 1b 2a ac 39 59

CAPTURE 20 (the client is still sending stuff -ciphered)
0000128b   47 c4 3f 13 00 08 ce 12 00 00 00 36 00 00 00 36 length 54

0000129b   08 ce 12 00 00 00 36 00 00 00 36 00 04 5a d1 86  ......6...6..Z..
000012a0   ad 00 14 4f 80 e5 b8 08 00 45 00 00 28 b2 0b 40  ...O.....E..(..@
000012b0   00 40 06 00 00 c0 a8 01 06 ce be 38 1c f0 65 01  .@.........8..e.
000012c0   bb c7 8b da 74 68 8a 44 60 50 10 c1 e8 00 00 00  ....th.D`P......
000012d0   00

CAPTURE 21 The Server sends its stuff (ciphered)
000012d1   47 c4 3f 13 00 08 d0 71 00 00 02 fb 00 00 02 fb length 763

000012e1   00 04 5a d1 86 ad 00 14 4f 80 e5 b8 08 00 45
000012f0   00 02 ed b2 0c 40 00 40 06 00 00 c0 a8 01 06 ce 
00001300   be 38 1c f0 65 01 bb c7 8b da 74 68 8a 44 60 50 
00001310   18 c1 e8 00 00 00 00 

00001317   17 03 01 02 c0 87 3a b0 b7                      Application 
00001320   67 36 7a 84 4e 15 da 76 a0 a2 b4 36 cf ce 15 9c
00001330   b9 5f 5f e6 2d df 72 7d 7f 0e 3a c5 c9 da 49 49
00001340   89 b5 ca dd fc 3f c0 ba d1 e4 53 0b c4 b9 95 da
00001350   0a 7d c3 49 00 70 94 0a db 07 fa ca 22 42 0d 4c
00001360   14 18 3e a2 f4 55 d4 16 69 a7 79 16 20 62 cc 15
00001370   b9 62 04 61 d3 8e 59 dd 24 7a e3 51 73 5c 6c 44
00001380   7e bf 4a e2 03 cd 99 06 e4 51 8b d4 ce 1b 7a c2
00001390   7e 79 88 9d 6c 0a 74 2e 08 d8 62 a7 c6 98 e6 92
000013a0   44 a7 b3 d3 29 de 20 d6 c9 b5 65 83 7a 80 5b 6c
000013b0   73 ed 09 bd 20 74 20 9f 10 5b c0 cd 78 38 2e 33
000013c0   95 14 f5 2f 1e 1c bb 2a 89 61 63 05 39 61 fb 6d
000013d0   2d b5 4c 80 f6 13 7b 41 ee 51 9b f3 2d 5a dc be
000013e0   99 5b ba 02 7b 78 b1 19 21 1a b3 26 d8 48 d2 06
000013f0   9e 84 95 4d 8a fc 22 ac 40 7f 6c be a1 55 86 55
00001400   dd ec 0a b0 ef e5 11 b2 a7 79 55 b0 fa 38 4b a0
00001410   39 91 bb a6 cb 25 a4 2d 78 8f 36 7a 1f 77 dd 23
00001420   aa 92 c9 d6 2d 8b d4 38 43 e8 fe 13 63 79 10 a0
00001430   35 60 3f f9 fe 07 83 71 21 4a b1 57 dd 23 61 db
00001440   e9 58 49 4c 47 0f 5a 1d e9 c8 2d f0 a2 d0 26 d0
00001450   f6 08 dc 6e f8 93 8a 23 44 b7 fb d9 9e 93 3b 59