I forgot to append this dump. I have tried to verify that the application does not send those 24 bytes by placing breakpoints on every call to SSL_write()
1 9 0.2855 (0.0000) C>SV3.0(1) ChangeCipherSpec 1 10 0.2855 (0.0000) C>SV3.0(64) Handshake Finished md5_hash[16]= 15 3b 46 16 dc d6 2d 50 36 b7 7e f4 c4 cd ab 57 sha_hash[20]= e8 17 13 cb 5b 89 be f8 ce a7 94 f8 73 03 81 ee 6e f8 15 cf 1 11 0.6284 (0.3428) S>CV3.0(1) ChangeCipherSpec 1 12 0.7388 (0.1104) S>CV3.0(64) Handshake Finished md5_hash[16]= 50 c0 35 e3 13 14 f3 1e 5b 14 c3 ef e7 f4 bc f5 sha_hash[20]= dd 07 2c 1d 18 6e 95 63 d4 ad f9 82 e7 f4 1c 5e 21 77 4a a8 1 13 0.7394 (0.0006) C>SV3.0(24) application_data --------------------------------------------------------------- --------------------------------------------------------------- 1 14 0.7394 (0.0000) C>SV3.0(168) application_data --------------------------------------------------------------- GET https://test.transunionnetaccess.com:3018/?PING HTTP/1.0 Connection: Keep-Alive User-Agent: Java SSL Client Connection: KeepAlive --------------------------------------------------------------- 1 0.8433 (0.1039) S>C TCP FIN 1 0.8439 (0.0005) C>S TCP FIN ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]