Hi All, ClientFinished message has 2 hashes (md5 and sha1) of "All Handshake Messages" till that but not including ClientFinished message itself. In a Handshake message, i notice that there are two sections:
1. Record Layer Header (16 03 00...) 2. Handshake Protocol (<handshake type>, <length of handshake message> <ssl version> <handshake message>) In the RFC for ssl v3, i notice that we should not use the record layer headers in calculating ClientFinished message Hashes. So should i take the second one mentioned above (with Handshake Type, Length, SSL Version and the message) or should i consider only the Handshake Message (the last part of 2. above)? Thanks a lot and Regards, Suchindra Chandrahas ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]