tttls1.3 0.2.1 → 0.2.2

data/spec/fixtures/rsa_rsa.crt

@@ -1,23 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIID0TCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
-LWNhMB4XDTE5MDUyMTE0MTAyM1oXDTI5MDUxODE0MTAyM1owFDESMBAGA1UEAwwJ
-bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy21id1l6
-qLzJ+f6GdBhFeJWZ2w2AQaWCVzUHnBbfd1myPpGRMoHZfpESaI6TIrj6uIWAFDOj
-EWTvmbfbxGZyElXvqRO6dipb5KBQGMHB+lgR53YxQp6D3DI7e58/YqKKnc2iwEaK
-f7ax75lJZIyWJXimw1Gi/kUr60POdsRH6DmTzcW1cui6FMnBRHXkeOwudzTKJAOl
-Zs4y9LuqkQbBN/mrgkraBu7XxmOhgWb+ejflzh98tLiCuNct/LIOPSwrVWDD1yE6
-uOnEYo0zXaAN5TgJZLEvlfr3nZ/zDg2ifv9IJJoEdF9xwwFGFt2vAsCcP8NPDYFJ
-QOUkEFPhHIfLgQIDAQABozAwLjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAUBgNV
-HREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAH8eKO0uRCh3GjDT
-SsVBC6KIkqGibW1vdSzSIm/mMfRzhc0L5FD8vv4+gqeUD0hQr461oE8syTy/MnMY
-cnj6W6G45pitF3PQUPxIUsAU0u/OcVkZpEy8B+uozm4Zem7KpRD7N18YUwJLT4Dd
-FHeOCHu41aKxIcu/nFmklYRFp4v9WPOZiIktgMtub7RAYkb0+SXY3pNyPsUK0NL8
-70yI0WaA5b2cxw0R3KUdwwyjuDctq+VYuLgAzeoWNmbhDBA2pIwsgndnUD9n0VWf
-JMYHNInyOiwkMTSVc0OI5nsYNs3sTX++rIIgsd0kA4T4hcfnx0fqiZCjUYRomXIR
-jDKOpDs8JVMFEiUS+uKAwHfEjBRM6IvrvhB+s1wNDyw1OafKATUmINRheKFMRg9s
-02Ihr2eYAIfYtwADV3NvjEReBBJOg0VHyG1lUQyhji0EQIsZB2qaeExxAmPHxLvn
-Au8qhHz8tKGQAsCzq41EAIJHOEXoP2+WzH/tOio7G7Pv3vrCpi/ALpkBbL7FL4l2
-FfDzYGTibmOsKkeDf+h58uVOYSEDJLsWcr+dkAtZNxE2X8PCYs0G3S07QBEldcjO
-a0S65vIALLJFGnLJw6bJd2xLNH1xRkMQK4n0UvzPP7Q8b1c7w+XsYs9WG1s2R8Lo
-GcVsYp2SnqonWcM6V2pXcKCIFY3K
+MIIC2TCCAcGgAwIBAgIJAM8aTIrMzHgzMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
+BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDEzODAyWhcNMjAwNTI0MDEzODAyWjAUMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDb9cGc2hOrLp3VWpxw8WgDqEL3LzZ5a6iYwibeR4AEB5FJLhS3Wvxa1xOS510C
+Kyfk/0znJvN9y+C8tFpB1BAN1OpPvaMPcYWx9CfEeoXaA5+QtU0MWJV7uYMtEUEx
+mEOvDKK1ZvHhw7xUzwcJTFRo6ZY6LqjiozlSPkTrVRIWoy7qEzXnOza36xX18xVt
+azvJBBudtTrjjBfQv2DJdF44icWqOBvAwg54BAbaH3bZ1WOg5oRnOPeVumYbPBsl
+dCDs67S1+RHKMEjRTk7gzuGog9lxJVMluU7iyreROD9+GvJEY3ra2KH96rtIgzo6
+KFHlC4Ih18zRfJZePgMGi5zVAgMBAAGjMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgWgMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAjDs
+4PgPL2Tn8+TxFWEPjh3VUB2kNyYK4LFA/ooN81pDLmm9/qc0FcUs16YQIqYdZICc
+vE83z3RlTmSjsynaRXxYh0VGVE2g2pWiPzEGTGE5HJy2JOtidMiacskmvetbTyYd
+TLdTEFiAlXF9e24OanglmFr9QnA/Z/zQkuIb4t7KN8Dufsi3ljkoJ+puuPxrEQj0
+4BfBo381jK5WULHJ2G9pz5pvy1GZLfj1tQyG2wkI/vV2tjFN+LLO7NCY3V6RjvEZ
+bH4ZdAQz9fbbp7eCXImP+OJYt97Q3RZFJjUWhmh4qFebelkeN3RnmWSFrgjh0O67
+pyNwVv0//MYIEhMUVQ==
 -----END CERTIFICATE-----

data/spec/fixtures/rsa_rsa.key

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAy21id1l6qLzJ+f6GdBhFeJWZ2w2AQaWCVzUHnBbfd1myPpGR
-MoHZfpESaI6TIrj6uIWAFDOjEWTvmbfbxGZyElXvqRO6dipb5KBQGMHB+lgR53Yx
-Qp6D3DI7e58/YqKKnc2iwEaKf7ax75lJZIyWJXimw1Gi/kUr60POdsRH6DmTzcW1
-cui6FMnBRHXkeOwudzTKJAOlZs4y9LuqkQbBN/mrgkraBu7XxmOhgWb+ejflzh98
-tLiCuNct/LIOPSwrVWDD1yE6uOnEYo0zXaAN5TgJZLEvlfr3nZ/zDg2ifv9IJJoE
-dF9xwwFGFt2vAsCcP8NPDYFJQOUkEFPhHIfLgQIDAQABAoIBACPC4fl7OG3ralJR
-ZU+JaMUO/5IbqH1h3Cz6fJD7EGPJ1+TZ8D2ByDtQw3yv+7ux6xl/Fon2necT6G8M
-fEzleY4xn0UI29GkFq11ZT9E6JXa36LiCzzb4vBVwFE2KI1tZ5LgMIk+nWBgPJ2T
-Q+yyLj7+G8rgUhgDDvp33BbS4JU5IVQptwdC198e0/ISwSKt04XCQ0zyq7rEvwNj
-0DV+rTPnpvpiguNvqva31BFZOmFD0DyIkacX/SXdpVv1I8RDduF2c5aLyAQMcIVR
-8AM2dXV6kuJHW0IugTw8ljea9ph0m3TGQrrT5dbIb1qWSwSGFIwMiRk9qaA5XXc3
-SdXdK8ECgYEA/L87aFb+i5EjB+uC/W9rEUc3jM6mu6AjxqLdYtZYCaMTc60z0OdA
-aU37sGf9pClSYB0zhrYQl4IzLcKbzb9ULy41H38NwVgi1h2AwPzHAoDdMou326DJ
-zwgYmRHAr8MG8cup2z6Ymn4K479RX9N2Si1H6yywJ1GHdJ/oUPtmqlkCgYEAzgum
-j6jLVkRlkpjzL8yIYCV72XiEHfCEp0oYVBldnqjmmTNtLXoxyfy11CRtHTMBh+fJ
-tx5qrJ9CI0FAw/XIoKbGNIgV/qi9DWIrU1r+ULLQYGT6icNsf+pkWC5yoRwc3pJR
-NUBiUt2hydf3jaC5BUD3CvUhryASst7Q6JtztWkCgYBmSZJmYMa1fzB5NRQXMy9W
-l8bggoWx61ZvPlxwcqTAibIGn7MXuW807u2McBmThXGkGk1PGIHQf03tGBRsCSGt
-0nqHW6kadWvr0ZbZA7QazEI5AZiQFxt1YSZrVGbx+vDljHIam9Owuo/3qebp7C+0
-R20SvUwxLWqvhUPE+mmLSQKBgG51tH+DoC7JUCK9OHJBlkLlFXZKs5lRXexJPq2n
-Q5dROP6coUUmIxcEEX5/YLespn9zdaJj/hA4+L3pt4zWcQ4fGlcDNbdmQqOwI0X2
-nCwrEKb8u4urZrlUsSLNE8rnRVrU2hBQSeXex2NsElys80OrxkTrkXlPGncmGJz6
-6ZcxAoGAbFH7tKXJyNRXYdW7hcElCVSsFS3gaSwoBXIvXNOVlYEx2T1TpRE4HESc
-a7PvXYr0UvkwHFk1Af0AX++/MlTWUWbftufMOcB55hI7Kf7OId+NTTtufY2sRTVt
-RKLyfV7mPPmJS4HqksGvueiX4rfl4N4/WRVVWyEgIyrXkYgMmQQ=
+MIIEpAIBAAKCAQEA2/XBnNoTqy6d1VqccPFoA6hC9y82eWuomMIm3keABAeRSS4U
+t1r8WtcTkuddAisn5P9M5ybzfcvgvLRaQdQQDdTqT72jD3GFsfQnxHqF2gOfkLVN
+DFiVe7mDLRFBMZhDrwyitWbx4cO8VM8HCUxUaOmWOi6o4qM5Uj5E61USFqMu6hM1
+5zs2t+sV9fMVbWs7yQQbnbU644wX0L9gyXReOInFqjgbwMIOeAQG2h922dVjoOaE
+Zzj3lbpmGzwbJXQg7Ou0tfkRyjBI0U5O4M7hqIPZcSVTJblO4sq3kTg/fhryRGN6
+2tih/eq7SIM6OihR5QuCIdfM0XyWXj4DBouc1QIDAQABAoIBAA6EEGvuhF/Gqsna
+ufpGJCwhnZG8fubScQTrwy7mHw+lBDSFIv7atU61ZOhL9npfKLnXE1cp3eXOX510
+dYRkn06aX4A1rp4lSsJsr3cq8sxpcs1U+am36t2IZ5zAx8GjH8xclBxOl+XjSfl6
+1CcL74Ig8DYUwDZ8uRqxW1EAgzoVGXTMjXqEtP+X3WcFP/XNdzGWeFheowk0iwOn
+DIM6tIELbExbSK8RxhTrKQKv+rTm373ntwSrtvDLlAz1kR9p0a6XeeAn3VVkVYaE
+cu6MRuA2b24EYcEDQgbU2KsUke2vZ1i5hl5ptuc8+iubXCj2SICilBeVQNXLIr2j
+sIzd8x0CgYEA+nH5IIt9pnlqRkFm8Y4bH4cvTk7xMWKj1tuRvP0Vdmw+KsqCxWNR
+w1KuUZ0tj6lzQez0o/jpFWqtxDTV5r3vj/6nrFcLXClENe65pQMByaduoKUGn6VK
+lE7xO0JMRRIqPwRH3vyazcUuVnFtPToBfV82fSvKt9R/xb7lTA8cWk8CgYEA4Naw
+LLwIaL8Drq8BCwJUIrSuZCKcS8542AA+Qz3ivTIMbZshiSE27cLTurFQhpjC7fu3
+V3DQWbQLk3wdg3wAVA7uADlqwCY9SdKo8HstUBaM/GVgPSfxEIRohSHN6KY5NP0r
+tAWKDEcvfuiiV+YFtwz1tXVZl0OpvRpRxzYHYZsCgYEAsziqkjqgYWiTv9D/zS7n
+hAlmtgBSJAg1vQUF5xupp0RQvKiNKponocJiUq9LMnqNq4jZjRoMGrJrxXQV+njD
+neUbsn3b+EjjskCzAz4Con858KYH9mj/1OAlS0XndKpKJyx2DkHwuf44ac3j4aPH
++yMOyEZ1XFYqVaWFS4eov4sCgYEAppvwaPXddWE2pVdhenr7RcyF/gX3s+UIf2eO
+u908C97ufroaG7fVMFLS+uEyPsssh5WjwtQCULaubVfntutIgwGdM+VYSZMMj4vf
+THS6m0Jarx2gNzFF3WuA2Ea4gtHKSo3guMHyDi8h7vUMd/4n9gFQgmq3PPQS7+J0
+/x32UkkCgYBboPnH4jVSqN0vfFtvsGhxXW4lxJQab6bMQ58DvhitKh8O1r+WCbCY
+ynhyc7ne7DCLfyH1Blv8jG+tjBNaDQgoGIuJ+Bpmwon0T2hUqCQbts12a3ZEffP9
+Wmk8MKKy7fu4RDFh0KHai1Fqa3AmVn8Jhq+kCGbueSOMkRwy0tCetg==
 -----END RSA PRIVATE KEY-----

data/spec/fixtures/rsa_rsassaPss.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAfGgAwIBAgIJAIRaPtlbsnO/MD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
+AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMBIxEDAOBgNV
+BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDE0MjM2WhcNMjkwNTIyMDE0MjM2WjAUMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDW7BNlVE8xg7M1VND+HwpmDF5v2F4GtKhD/c79Ge6bnXa1GPyvLV7FpVZdCtkz
+VfNF50urICV2TzlRzaTu4uoM9DeZRfmI/YIk9PSqLXiqmjpd382B5BD6EzDmHKNr
+6HrkcMHrMfsif7hJkCIofYh98Kh5L5c/kS6fzNXIbOeexq62cVB+835+xCXQHNGN
+iLijlmhi3sEbBoI+GF/aiYt+Nz0X6mfPjHdSoZrbY5biiBeYG91fw9nmli/eV3nV
+VMlOD3O+tDZo/A2QlZlG0UcIn4no0KFKCZNZm0H5jF9Q/S3o+HcjvWAtg7phk8qH
+OVlzrgaLH8RVERIUJHflSQOlAgMBAAGjMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgKEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDA9BgkqhkiG9w0BAQowMKANMAsGCWCG
+SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQEAayq/
+jL1hEkL+tguCdfn80mYQKxeteFstJt+cHKKrfpqPmxm/ponGsUK/64tziPIazWgI
+jkoNH9JZhZ+H4Gy3hcUr5emK+o2swqWT1xzT4/6QtCmtSJeXPD6Jap2v7HpG+xeM
+V3tIuSrIwv5Tg80p1waDWodlXJH1G1raXZ/wzBlx+QH7BRPuUrOMkYQlVPTvXfjD
+SRSz7zHe5o4zv5nQMU8qA4e7X8ZE8nFUjptSwg1nx1TSdGAMHiZG/QBAH3CKqQ4p
+jzJJS3cemsjrW7dq4TfeFGHWD1oE3/Q6LzvtLVIyRGU+GTjP3ltJ17KxSHraGg8V
+Na3zecUHuS+C02ovFw==
+-----END CERTIFICATE-----

data/spec/fixtures/rsa_rsassaPss.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1uwTZVRPMYOzNVTQ/h8KZgxeb9heBrSoQ/3O/Rnum512tRj8
+ry1exaVWXQrZM1XzRedLqyAldk85Uc2k7uLqDPQ3mUX5iP2CJPT0qi14qpo6Xd/N
+geQQ+hMw5hyja+h65HDB6zH7In+4SZAiKH2IffCoeS+XP5Eun8zVyGznnsautnFQ
+fvN+fsQl0BzRjYi4o5ZoYt7BGwaCPhhf2omLfjc9F+pnz4x3UqGa22OW4ogXmBvd
+X8PZ5pYv3ld51VTJTg9zvrQ2aPwNkJWZRtFHCJ+J6NChSgmTWZtB+YxfUP0t6Ph3
+I71gLYO6YZPKhzlZc64Gix/EVRESFCR35UkDpQIDAQABAoIBAQCh3+Nn8Y1IPOqw
+Y3aZwCVj4TMLyIphQJZvx22sYmi+GmZ7VhuTkXeNI8+dentHWBhH8UKj3C17I4aH
+n3z3VD92jEaIEhU1YcMxNLJGrsLwtAL8C4HMsEs9H1E4MB/CObK99lOIYvfE7y+N
+cJrZpls0iBtMU1T20tGsGGp4b9YwVhDx7TI7E8Gn/gCtc9aMfBTnCSTqlq6RaFoF
+hIYMczBW9mHB40PPbwBtNUyT7+xo1nkyTpI24iUR6UNOKyUVQXgZQ4IAclvvXFIe
+TBQfzi3O6LP+OY+jawkeZho+KvNds3jU/bDkHyHqimtVkkhZFwSe8yf+TDskdVgm
+LF4iJa+tAoGBAPjYmt2vT3ck/1rGJ7eq6VaJWic821h+LjwrGpBCVz9rqndZsREM
+Ww04Zs9aGUEVKXUB5ecSERWO2r+IITXw/QniZWxFTF+iVn+xjNcPBEUIW8/sZit7
+VA2fXppW80gzWCUbY5GAp1lP7HmCf5AYtSEAE2NR5pQdiRZmT6hCn1QXAoGBAN0Z
+zlDJpT0OT2NHoUfK4wvui8AC8MoBYEgeRiLHBFkJkZY1m1si1Y5H5sc+8eL0Cgf4
+JQASdXB+7alg4Lisr5injVz9tgEuMdSJSdV8ULCCMEidQU7JNpsqUlnURBmWFiT3
+o8BKp5cHw5DNaqHReqyP7BvyidUttgYV0EQsc++jAoGAKsf6X/Baxg37RJzaiS39
+7Z2xfRtuTllrE3cJmxF8tG+LH/ewhFDOeohezHkd7F16Ah6warhlbYJgwxrhMsfa
+iM9+Rk3nom1jV5KrtvFi94dHWYi3y/Po8GqctgYKzzfciIyb4pDutGEUM5Om4JwO
+z7yWmLWk4YPuZIZ0XWYOxEMCgYBS0Su6jw1ZxVZvNZFvtss82Ol3zqIqyEEsQkq7
+FBjI0RC7VvEOPgoH9V64Gxe3jvmC6qvRTxi2PpT+8M673dMYNwp4XoAiCQ+ZMKN7
+V8lRlDJJwL2JqUzO6hdWlm+7tcAtsKShjlUf+USDpK3gVvrAUFh8T2jZdPnNZbZR
+EuWKSQKBgAgDE7sgZZteyyZObaoVFgZIQtgAVR6VoWgrruMmBU4t01Axr5+wmtPU
+w7uutWkPemGf+MbfqjWyjdfR7gIlaPshmRLfcTcEtodUaMGO8PEbqOqENXRrhDag
+OMtrcu6HNKV0YwAjW+r37A4HVRYkzGkF3COnseUIH3sISHklade9
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/rsa_secp256r1.crt

@@ -1,19 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIIDBTCB7qADAgECAgEDMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB3Rlc3Qt
-Y2EwHhcNMTkwNTIxMjEzMTI0WhcNMjkwNTE4MjEzMTI0WjAUMRIwEAYDVQQDDAls
-b2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASCnjcLbROI51SD5Cqv
-k7vK5NqfuQY5jJEX9Zvhw0XBQfnpxkUkauFFF7YhWcKkCeMD7iOavg7SdbI8ZsfH
-hc1UozAwLjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIChDAUBgNVHREEDTALgglsb2Nh
-bGhvc3QwDQYJKoZIhvcNAQELBQADggIBAAAMIex6Q3Quh+ZeO1LeZKPPHrG1rp2C
-l9/YzeBfwPR7q8bS0g3TW9XJXsVPrgeQZU6WbsUin4B9ELSKEhpgDCPsAwXO5wIj
-a+J0NdB3rX4Dfx/i7Q+EH2fR2Ap7jp0w2xnS0J1dodxTHUip+/lSKMbe4M1Xl2ZC
-6niubXkNTrOH6nOJc46zF5IIEvSnQNRac2fuDNWQJQTN7ZVCgremx33VIcjp7HU5
-AEATvhEgV+wmmuG1ZH2PjlXkZSCMqUsdjtwwrtUOIfqm3AilrMP03XYwgHBhBuo/
-tzso80ZM5tdE2uBRdh8gUD7pZq+qt3uC1kHnOBq2LSrwBZCiD2v1v6eQxZACYSTR
-TYpDpknT6wwrRXfR2c23hwNgLVd+jZqaxB7NkuDNBACzpwPuYYtR5Au+LIQc2tSi
-dXbXXo/vlGsh5tGfg7mP3kmtgu7oXBPJwRUWmwPAqXTaqCUuCNpyiHzeKXNXB2ci
-gh1ss/dODO/wmJJI8GjsK/2iZ9Nsc26OwCQ98LWkfvQIePP6vP12AOfzsHO74zxA
-4rjUHpuENDp4HKrkxJ5B8O0xypychNrbe70PRV4bbyuqisMWm2kRRjIkkF83BCv4
-Up4rq2UgtC9kJQLufkrNfAaRnKGAf4Uox86Hwz9yBV486+SRTuUu2aJxZUFgnlRR
-dcfCc/o8347y
+MIICDTCB9qADAgECAgkA0i+ulU4TnLIwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AwwHdGVzdC1jYTAeFw0xOTA1MjUwMTQyMzZaFw0yOTA1MjIwMTQyMzZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKiwh2oW
+7PTxGbN5oO82jxEwQ1ZVweWviU4gwAnms8RVNTYBKj/ZCuuWCGtsB91zhzrOkATt
+mMTGrKHJzMGjP4ajMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgKEMBQGA1UdEQQN
+MAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAColT35sqr72ge00Sm9Ww
+YolLHhGcdCWXH0AnuxMUdMwUBx9tLd4CQUVSS2OYeiKigbYYgBcPelzo7Vka0mNy
+/mSYW1cCDe3Lh7qKyBbf4bGKviag2KZzpOHD858BzWmX40moSxzwhh4HJoy4OsGp
+QXheM3Zgv4CD4GleUerK1OsHoDnA8QLqZ0DPpCGUhb1Nfqce5+ecQHdELNqTt3hD
+m7z4hc06NYoel4HQTWRt1UXQivkkrFkOiuzT6DOYF5CMy5BwPKxMlCqiE5ObxwVl
+AAB9A6XGxeUa2ZJUdtAzESzm6Azy7evGh+3b/QO3rlcd7mMHHvNXl1EpX3upvhK9
+LA==
 -----END CERTIFICATE-----

data/spec/fixtures/rsa_secp256r1.key

@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIJed2ge/IS5cymZrs2yT94388aTvdzYj0A49VVCl3E2YoAoGCCqGSM49
-AwEHoUQDQgAEgp43C20TiOdUg+Qqr5O7yuTan7kGOYyRF/Wb4cNFwUH56cZFJGrh
-RRe2IVnCpAnjA+4jmr4O0nWyPGbHx4XNVA==
+MHcCAQEEIHf3C/ryQ5xIBbSj+OfwSLXGFEh9WT5HbklavzjJ2aD3oAoGCCqGSM49
+AwEHoUQDQgAEqLCHahbs9PEZs3mg7zaPETBDVlXB5a+JTiDACeazxFU1NgEqP9kK
+65YIa2wH3XOHOs6QBO2YxMasocnMwaM/hg==
 -----END EC PRIVATE KEY-----

data/spec/fixtures/rsa_secp384r1.crt

@@ -1,19 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIIDIzCCAQugAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
-LWNhMB4XDTE5MDUyMTIxMzE0MloXDTI5MDUxODIxMzE0MlowFDESMBAGA1UEAwwJ
-bG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3fbzFYYAPdEIi8wNtYfl
-cjl5C5ewTn9fxP4O4Nzn47Hp0YRYC8E5z/bC4FHyKAAVO9axNSeEbtRAHkIMvzve
-WlWB3Em5UxTmxNBcKwt1uY0HqIeQEO8fIjeYxrTslrfMozAwLjAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIChDAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL
-BQADggIBAJpz6zp4yCxAHho+rurIrj5JklOcRS44r4XGtBsHMkP7NwnX3xfSdqdx
-aePkH29DuPd8N849lhu5FXBraHU7xzj6PVp0WZ5krCaShDEMm/CLro5U1imqCRpN
-g/xNfWYi+hGFeknYJFwGyWIHRcnTL+QKrtmPuXkK3Q19WJvh960kqQ3DMBYGhlUL
-5E1bCKiAIiW+PP++AwQK5bzSKVTNB2tW7heznhU9lv3OOC3MuG/T48hbVaSSHV0X
-NNFo3U1pwvMg4/AHgvVvyT2HSuEtPgnSAC9FZ9YFprFfSk+evZoFPBQ/8BXamB2h
-t/MjpQGIo712plAbMyk+0rrAiAKey1P9AM6RkVHIeGETDu5lLCUDS9t6/mlAOtrt
-t4z5WOxqpXPLEJSLwuAIchDSHktUirBeALGkG8+ro7uwURRyrCYTNuD8lVM8Gwib
-9mlsuzUs8ZDPrUX4BXnGgv2fIC+yWAlur9lSQtwcWkGkWki1d4QdjwPjV9WZ+87D
-LiUSsMShWS5g1npyEuIje4SvsGN5RQWAk/sBG1i9EoGIWiUzwLlNR10UAmW9uuav
-wkSstdu3OwRkR7wi70wN2pC7/IT6/Wow2mfRs3OhCCeg0739GzyVYCiL/geWiFri
-nUMBYoULATkQeCw6iXyQR2697AISn3pUW1DXBfuTRaOOn7xyE2oQ
+MIICKzCCAROgAwIBAgIJAILLdBXeo7wWMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
+BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDE0MjM2WhcNMjkwNTIyMDE0MjM2WjAUMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARnaVUUcy6O
+TbFJyF9qTNhwH54qYGab+9hLTitZ1rDw6DL31aVmh1aOC9+Cn8yGESL26Pt7LfeU
+GnexSIT0+Igmim501WjfHa+KwpWPsRqiGnIKzXy6MVTbxJdTZvJ9agmjMDAuMAkG
+A1UdEwQCMAAwCwYDVR0PBAQDAgKEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkq
+hkiG9w0BAQsFAAOCAQEAUJ0Av0mdfaJHF09bc77cFBcokrfkXa9dR0SEjcGIzevk
+kf/dsErR9wHmDR6nmYW6dA41equDFNAEDCosRvAW0RIe4TegwSLmcnZr6w9+2gfU
+yXqvaEkJsks3COZeiH6Is0SXiC6IuL3w2Y+M9IptjgqYukFz15Bv434NYup+Zr9T
+Eq0dQp5p+pM/NNjRekEQOiJq4P+98D3bR689byDwkdlXkpUmvoYBXkoqqtXE22T0
+cAAAVA+qj8jGVg0HH/acnpXyWZuQaG3gpY9vkyskVcGc4Q8qN9U53IpyI8QMeRJy
+pGUnRLCltIIT0WyIVucvCzJ0v9M88yU8Qyx4Tm2fAg==
 -----END CERTIFICATE-----

data/spec/fixtures/rsa_secp384r1.key

@@ -1,6 +1,6 @@
 -----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDAqi/qJgcuxcTF8cNJvK+kNRvm4xnB0WFYETI3ZVFQbX1g46S40honE
-Vj+KoGtuN32gBwYFK4EEACKhZANiAATd9vMVhgA90QiLzA21h+VyOXkLl7BOf1/E
-/g7g3OfjsenRhFgLwTnP9sLgUfIoABU71rE1J4Ru1EAeQgy/O95aVYHcSblTFObE
-0FwrC3W5jQeoh5AQ7x8iN5jGtOyWt8w=
+MIGkAgEBBDCyZusDHIZWr1uWefvcMticNHQYSHJ456lB6z0qKQKy7HPA6k8Tp/9E
+bwyyJSS7/sCgBwYFK4EEACKhZANiAARnaVUUcy6OTbFJyF9qTNhwH54qYGab+9hL
+TitZ1rDw6DL31aVmh1aOC9+Cn8yGESL26Pt7LfeUGnexSIT0+Igmim501WjfHa+K
+wpWPsRqiGnIKzXy6MVTbxJdTZvJ9agk=
 -----END EC PRIVATE KEY-----

data/spec/fixtures/rsa_secp521r1.crt

@@ -1,20 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIIDSTCCATGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd0ZXN0
-LWNhMB4XDTE5MDUyMTIxMzIwMFoXDTI5MDUxODIxMzIwMFowFDESMBAGA1UEAwwJ
-bG9jYWxob3N0MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAjVT+nUIx3UB2eR9e
-sjC3+oloaJARVlcjJc2f/JzvOsitJbK2/EdVyvLxt3V485p7Ljh8My/lcN2ZU9/s
-6VOTfd0BWxmXsP7PfSig2sE1ELJcCdtAJlv8vrP4OW8BQInERfJ3Nf5WZIrahYVL
-PtAqvfkCnvVXuufeqFu3J1Yy9T/weo6jMDAuMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgKEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAgEAjhUX
-3YHkYs+FXZryP2iJ18QCKLUl5q3/kOOSbRyjPQTFWJa1AyyudFyLGi4JUK/0fRIm
-hq0Ns9h6yglVk0R7/X/rlbhF3c2kOl2ekhaJeo8RRHyuH1w49kTfXJYtNmTp+ZMB
-bQwAXlmmFOTArdf4j4nbVqB3fYIyGTWll7190eUu5c9gS6FYNnVniIQhTFINh5ZK
-pxW9w5CnUpVdRsCj1I/aFWGhDwCQap5ZDTD09HaV4xFuvnCWobSOaKfox2hmdwZk
-JvsGWpGwTIO9kitF1L9tc9mzJr6cc/64wIwMPkYrM68kUcZn/FBxN4SEZJ1Y6yFI
-wufeFP1rzVlD/9PZMDVN0Cpz1elmgo2kJSx+TxqF2LnymFfKxj4uo/aodU7MoQ5a
-6RRTxIC6SQmDLpwka7L30qvzLzB0u1FzdZPvxwH3+7eJOB9O231B+K+d+lN7uMaz
-DsDIOa/3rLCHIZW2q48n0Bkm5HT1ZtroHI9xQMvTF8oSFUUB5tqE+owwRN/fWuyd
-3GiNp8y3WpKRXvCDqaJ8BiQxjXBjrtMbBLC73lIuQqMQiPzAeeEFOIlvwQ2qKi/M
-pu88pahnI5th752GPv64zJsOQppe2wUuycMHgIIWX6RCgXbUod8rZOmeoYnkkjNZ
-rY8omp53evRvLdPE2uTEnv3y4NiEGI36Pqny30o=
+MIICUTCCATmgAwIBAgIJAKkpp78+S8JUMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
+BAMMB3Rlc3QtY2EwHhcNMTkwNTI1MDE0MjM2WhcNMjkwNTIyMDE0MjM2WjAUMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAA2hmEd
++V4JM974u/DSPW7uGafw5mF9XngzGU2HeIhY4vXDzt884Rt4kjpcAByAjxtbVhB9
+byPwc5FN6LrZiatB+gBDIija5Fq6d1gn3nXESirdZrMyLAlykXhS7nywOx0HDCYq
+2sD0lIMZXB04kFVC+XQsLqwA5J1k87oQ3EwEjwJVzKMwMC4wCQYDVR0TBAIwADAL
+BgNVHQ8EBAMCAoQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUA
+A4IBAQBOUnOHUsJPNO56nvFLbIn1COnyRPo3C1BpGpV9uk6mzGuQ0jvDUhN01A5m
+F/OZ4wmeOBRkzPgUbbcTeUVNtZX3V9Js6V9MFwNQjgLgYPC0soGJbexVWpg5ZEUu
+ishnmsllej4cMD3XNO1UFSUzjqE0OHIYzp38wIiI7Jx4nBnFTUw4EneACbj1ZCJM
+5BP8c6522FCYgsA+97itp7sSjCYqD6u4IIwi0GhcISrn2DPwAsWhAYf5AadL5+Di
+jaoKheW5xjs3jbK6w62yGkmaECKIq9kKv7d1rqdgn3FB4NP+KP6UPxPeFDaiqcr6
+f8K7pV48fGr0TNhPPWwGbZEejhHF
 -----END CERTIFICATE-----

data/spec/fixtures/rsa_secp521r1.key

@@ -1,7 +1,7 @@
 -----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBBJjLo07KrpdNcQAg2fEyPciF6nTVIhM3vbHH9t/ym+B9Q2nD0g+u
-NZIL0S6x0xLdxhT94MMa961PbtD2OSuPpVegBwYFK4EEACOhgYkDgYYABACNVP6d
-QjHdQHZ5H16yMLf6iWhokBFWVyMlzZ/8nO86yK0lsrb8R1XK8vG3dXjzmnsuOHwz
-L+Vw3ZlT3+zpU5N93QFbGZew/s99KKDawTUQslwJ20AmW/y+s/g5bwFAicRF8nc1
-/lZkitqFhUs+0Cq9+QKe9Ve6596oW7cnVjL1P/B6jg==
+MIHcAgEBBEIBpLFBw5Z/X6SoBwA8uOZczz8UB3uiQv2LpVhIp4GFOyRJKx5x3YL7
+jrx2zaaIdaGFi82tJ8UEAcdEknCXkWFhKfKgBwYFK4EEACOhgYkDgYYABAA2hmEd
++V4JM974u/DSPW7uGafw5mF9XngzGU2HeIhY4vXDzt884Rt4kjpcAByAjxtbVhB9
+byPwc5FN6LrZiatB+gBDIija5Fq6d1gn3nXESirdZrMyLAlykXhS7nywOx0HDCYq
+2sD0lIMZXB04kFVC+XQsLqwA5J1k87oQ3EwEjwJVzA==
 -----END EC PRIVATE KEY-----

data/spec/server_hello_spec.rb

@@ -32,6 +32,9 @@ RSpec.describe ServerHello do
       expect(message.cipher_suite).to eq CipherSuite::TLS_AES_256_GCM_SHA384
       expect(message.legacy_compression_method).to eq "\x00"
       expect(message.extensions).to be_empty
+      expect(message.hrr?).to be false
+      expect(message.appearable_extensions?).to be true
+      expect(message.negotiated_tls_1_3?).to be false
     end
 
     it 'should be serialized' do
@@ -57,6 +60,9 @@ RSpec.describe ServerHello do
       expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
       expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
       expect(message.legacy_compression_method).to eq "\x00"
+      expect(message.hrr?).to be false
+      expect(message.appearable_extensions?).to be true
+      expect(message.negotiated_tls_1_3?).to be true
     end
 
     it 'should generate valid serializable object' do
@@ -75,6 +81,8 @@ RSpec.describe ServerHello do
       expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
       expect(message.legacy_compression_method).to eq "\x00"
       expect(message.hrr?).to be true
+      expect(message.appearable_extensions?).to be true
+      expect(message.negotiated_tls_1_3?).to be true
     end
 
     it 'should generate valid serializable object' do
@@ -92,6 +100,9 @@ RSpec.describe ServerHello do
       expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
       expect(message.cipher_suite).to eq CipherSuite::TLS_AES_128_GCM_SHA256
       expect(message.legacy_compression_method).to eq "\x00"
+      expect(message.hrr?).to be false
+      expect(message.appearable_extensions?).to be true
+      expect(message.negotiated_tls_1_3?).to be true
     end
 
     it 'should generate valid serializable object' do
@@ -123,6 +134,8 @@ RSpec.describe ServerHello do
       expect(message.legacy_compression_method).to eq "\x00"
       expect(message.extensions).to be_empty
       expect(message.hrr?).to eq true
+      expect(message.appearable_extensions?).to be true
+      expect(message.negotiated_tls_1_3?).to be false
     end
 
     it 'should be serialized' do
@@ -137,4 +150,51 @@ RSpec.describe ServerHello do
                                       + Extensions.new.serialize
     end
   end
+
+  context 'server_hello with random[-8..] == downgrade protection ' \
+          'value(TLS 1.2)' do
+    let(:message) do
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      random = OpenSSL::Random.random_bytes(24) + \
+               ServerHello.const_get(:DOWNGRADE_PROTECTION_TLS_1_2)
+      sh.instance_variable_set(:@random, random)
+      sh
+    end
+
+    it 'should check downgrade protection value' do
+      expect(message.negotiated_tls_1_3?).to be true
+      expect(message.downgraded?).to be true
+    end
+  end
+
+  context 'server_hello with random[-8..] == downgrade protection ' \
+          'value(TLS 1.2)' do
+    let(:message) do
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      random = OpenSSL::Random.random_bytes(24) + \
+               ServerHello.const_get(:DOWNGRADE_PROTECTION_TLS_1_1)
+      sh.instance_variable_set(:@random, random)
+      sh
+    end
+
+    it 'should check downgrade protection value' do
+      expect(message.negotiated_tls_1_3?).to be true
+      expect(message.downgraded?).to be true
+    end
+  end
+
+  context 'server_hello with supported_versions not including "\x03\x04"' do
+    let(:message) do
+      sh = ServerHello.deserialize(TESTBINARY_SERVER_HELLO)
+      extensions = sh.instance_variable_get(:@extensions)
+      extensions[ExtensionType::SUPPORTED_VERSIONS] = nil
+      sh.instance_variable_set(:@extensions, extensions)
+      sh
+    end
+
+    it 'should check downgrade protection value' do
+      expect(message.negotiated_tls_1_3?).to be false
+      expect(message.downgraded?).to be false
+    end
+  end
 end

data/spec/server_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe Server do
                         + msg_len.to_uint16 \
                         + TESTBINARY_CLIENT_HELLO)
       server = Server.new(mock_socket)
-      server.send(:recv_client_hello)
+      server.send(:recv_client_hello, true)
     end
 
     it 'should receive ClientHello' do
@@ -31,45 +31,47 @@ RSpec.describe Server do
       )
     end
 
-    let(:record) do
-      mock_socket = SimpleStream.new
-      server = Server.new(mock_socket)
-      server.instance_variable_set(:@crt, crt)
-      transcript = Transcript.new
-      transcript[CH] = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      server.instance_variable_set(:@transcript, transcript)
-      cipher_suite = server.send(:select_cipher_suite)
-      server.instance_variable_set(:@cipher_suite, cipher_suite)
+    let(:ch) do
+      ch = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+
       # X25519 is unsupported so @named_group uses SECP256R1.
-      server.instance_variable_set(:@named_group, NamedGroup::SECP256R1)
-      signature_scheme = server.send(:select_signature_scheme)
-      server.instance_variable_set(:@signature_scheme, signature_scheme)
-      exs, _priv_key = server.send(:gen_sh_extensions)
-      server.send(:send_server_hello, exs)
-      Record.deserialize(mock_socket.read, Cryptograph::Passer.new)
+      key_share = KeyShare.new(
+        msg_type: HandshakeType::CLIENT_HELLO,
+        key_share_entry: [
+          KeyShareEntry.new(
+            group: NamedGroup::SECP256R1,
+            key_exchange: "\x04" + OpenSSL::Random.random_bytes(64)
+          )
+        ]
+      )
+      ch.extensions[ExtensionType::KEY_SHARE] = key_share
+      ch
     end
 
-    it 'should send ServerHello' do
-      expect(record.type).to eq ContentType::HANDSHAKE
+    let(:server) do
+      Server.new(nil)
+    end
 
-      message = record.messages.first
-      expect(message.msg_type).to eq HandshakeType::SERVER_HELLO
-      expect(message.legacy_version).to eq ProtocolVersion::TLS_1_2
-      expect(message.legacy_compression_method).to eq "\x00"
+    it 'should select parameters' do
+      expect(server.send(:select_cipher_suite, ch))
+        .to eq CipherSuite::TLS_AES_128_GCM_SHA256
+      expect(server.send(:select_named_group, ch)).to eq NamedGroup::SECP256R1
+      expect(server.send(:select_signature_scheme, ch, crt))
+        .to eq SignatureScheme::RSA_PSS_RSAE_SHA256
     end
   end
 
   context 'server' do
+    let(:ch) do
+      ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
+    end
+
     let(:server) do
-      server = Server.new(nil)
-      transcript = Transcript.new
-      transcript[CH] = ClientHello.deserialize(TESTBINARY_CLIENT_HELLO)
-      server.instance_variable_set(:@transcript, transcript)
-      server
+      Server.new(nil)
     end
 
     it 'should generate EncryptedExtensions' do
-      ee = server.send(:gen_encrypted_extensions)
+      ee = server.send(:gen_encrypted_extensions, ch)
       expect(ee).to be_a_kind_of(EncryptedExtensions)
       expect(ee.extensions).to include(ExtensionType::SERVER_NAME)
       expect(ee.extensions[ExtensionType::SERVER_NAME].server_name).to eq ''
@@ -82,17 +84,18 @@ RSpec.describe Server do
   end
 
   context 'server' do
-    let(:server) do
-      server = Server.new(nil)
-      crt = OpenSSL::X509::Certificate.new(
+    let(:crt) do
+      OpenSSL::X509::Certificate.new(
         File.read(__dir__ + '/fixtures/rsa_rsa.crt')
       )
-      server.instance_variable_set(:@crt, crt)
-      server
+    end
+
+    let(:server) do
+      Server.new(nil)
     end
 
     it 'should generate Certificate' do
-      ct = server.send(:gen_certificate)
+      ct = server.send(:gen_certificate, crt)
       expect(ct).to be_a_kind_of(Certificate)
 
       certificate_entry = ct.certificate_list.first
@@ -115,9 +118,7 @@ RSpec.describe Server do
       Certificate.deserialize(TESTBINARY_CERTIFICATE)
     end
 
-    let(:server) do
-      server = Server.new(nil)
-      server.instance_variable_set(:@key, key)
+    let(:transcript) do
       transcript = Transcript.new
       transcript.merge!(
         CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
@@ -125,16 +126,24 @@ RSpec.describe Server do
         EE => EncryptedExtensions.deserialize(TESTBINARY_ENCRYPTED_EXTENSIONS),
         CT => ct
       )
-      server.instance_variable_set(:@transcript, transcript)
-      server.instance_variable_set(:@cipher_suite,
-                                   CipherSuite::TLS_AES_128_GCM_SHA256)
-      server.instance_variable_set(:@signature_scheme,
-                                   SignatureScheme::RSA_PSS_RSAE_SHA256)
-      server
+    end
+
+    let(:cipher_suite) do
+      CipherSuite::TLS_AES_128_GCM_SHA256
+    end
+
+    let(:signature_scheme) do
+      SignatureScheme::RSA_PSS_RSAE_SHA256
+    end
+
+    let(:server) do
+      Server.new(nil)
     end
 
     it 'should generate CertificateVerify' do
-      cv = server.send(:gen_certificate_verify)
+      digest = CipherSuite.digest(cipher_suite)
+      hash = transcript.hash(digest, CT)
+      cv = server.send(:gen_certificate_verify, key, signature_scheme, hash)
       expect(cv).to be_a_kind_of(CertificateVerify)
 
       # used RSASSA-PSS signature_scheme, salt is a random sequence.
@@ -142,19 +151,23 @@ RSpec.describe Server do
       public_key = ct.certificate_list.first.cert_data.public_key
       signature_scheme = cv.signature_scheme
       signature = cv.signature
+      digest = CipherSuite.digest(cipher_suite)
       expect(server.send(:do_verified_certificate_verify?,
                          public_key: public_key,
                          signature_scheme: signature_scheme,
                          signature: signature,
                          context: 'TLS 1.3, server CertificateVerify',
-                         handshake_context_end: CT))
+                         hash: transcript.hash(digest, CT)))
         .to be true
     end
   end
 
   context 'server' do
-    let(:server) do
-      server = Server.new(nil)
+    let(:cipher_suite) do
+      CipherSuite::TLS_AES_128_GCM_SHA256
+    end
+
+    let(:transcript) do
       transcript = Transcript.new
       transcript.merge!(
         CH => ClientHello.deserialize(TESTBINARY_CLIENT_HELLO),
@@ -163,24 +176,30 @@ RSpec.describe Server do
         CT => Certificate.deserialize(TESTBINARY_CERTIFICATE),
         CV => CertificateVerify.deserialize(TESTBINARY_CERTIFICATE_VERIFY)
       )
-      server.instance_variable_set(:@transcript, transcript)
-      ks = KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
-                           cipher_suite: CipherSuite::TLS_AES_128_GCM_SHA256,
-                           transcript: transcript)
-      server.instance_variable_set(:@key_schedule, ks)
-      server.instance_variable_set(:@cipher_suite,
-                                   CipherSuite::TLS_AES_128_GCM_SHA256)
-      server
+      transcript
+    end
+
+    let(:key_schedule) do
+      KeySchedule.new(shared_secret: TESTBINARY_SHARED_SECRET,
+                      cipher_suite: cipher_suite,
+                      transcript: transcript)
+    end
+
+    let(:signature) do
+      server = Server.new(nil)
+      digest = CipherSuite.digest(cipher_suite)
+      server.send(:sign_finished,
+                  digest: digest,
+                  finished_key: key_schedule.server_finished_key,
+                  hash: transcript.hash(digest, CV))
     end
 
-    let(:verify_data) do
-      Finished.deserialize(TESTBINARY_SERVER_FINISHED).verify_data
+    let(:sf) do
+      Finished.deserialize(TESTBINARY_SERVER_FINISHED)
     end
 
     it 'should generate Finished' do
-      sf = server.send(:gen_finished)
-      expect(sf).to be_a_kind_of(Finished)
-      expect(sf.verify_data).to eq verify_data
+      expect(signature).to eq sf.verify_data
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tttls1.3
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - thekuwayama
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-23 00:00:00.000000000 Z
+date: 2019-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -71,6 +71,7 @@ files:
 - example/https_client.rb
 - example/https_client_using_0rtt.rb
 - example/https_client_using_hrr.rb
+- example/https_client_using_hrr_and_ticket.rb
 - example/https_client_using_ticket.rb
 - example/https_server.rb
 - interop/Dockerfile
@@ -143,6 +144,8 @@ files:
 - spec/fixtures/rsa_ca.key
 - spec/fixtures/rsa_rsa.crt
 - spec/fixtures/rsa_rsa.key
+- spec/fixtures/rsa_rsassaPss.crt
+- spec/fixtures/rsa_rsassaPss.key
 - spec/fixtures/rsa_secp256r1.crt
 - spec/fixtures/rsa_secp256r1.key
 - spec/fixtures/rsa_secp384r1.crt
@@ -214,6 +217,8 @@ test_files:
 - spec/fixtures/rsa_ca.key
 - spec/fixtures/rsa_rsa.crt
 - spec/fixtures/rsa_rsa.key
+- spec/fixtures/rsa_rsassaPss.crt
+- spec/fixtures/rsa_rsassaPss.key
 - spec/fixtures/rsa_secp256r1.crt
 - spec/fixtures/rsa_secp256r1.key
 - spec/fixtures/rsa_secp384r1.crt