I'm using TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite. I tracked all handshake messages and successfully can decrypt the Client Finished message(I verified with wireshark). When I try to calculate the Finished message my self, I can't get the same result as in the Finished message I just tracked. I collected all messages (in my case Client_Hello, Server_Hello, Certificate, Server_Done, Client_Key_Exchange) and then use the following PRF(master_secret, finished_label, Hash(handshake_messages)) finished_label = "client finished" When doing Hash(handshake_messages) I'm using the master_secret and SAH384 Also when collecting the data I'm taking only the message data (No TLS record - The first 5 bytes). What am I doing wrong? asked 20 Oct '16, 00:02  Gil Fefer |
One Answer:
I just solved it. The following is wrong: When doing Hash(handshake_messages) I'm using the master_secret and SAH384 What should be done is digest using SHA384 and not Hash with the master_secret. answered 20 Oct '16, 00:21 Gil Fefer |
I converted your comment to an answer and accepted it so that it will not be listed as an unanswered question anymore... Please read the FAQ for details.