On Sun, Mar 19, 2023 at 12:30:22PM -0500, Mark Hack wrote:
> As Victor has pointed out, this is two fragments of
> 0x18 + 0x28 = 0x40 or 64 decimal which is indeed a multiple of 8.
More precisely, two application data SSL 3.0/TLS 1.[012] records, *each*
of which carries a payload that is a multiple of 8 bytes (24 and 40,
respectively). The sum of the two lengths is not by itself significant
in this context, but of course is then also a multiple of eight.
> > > 17 03 00 00 18
> > > ab d0 3c ae 20 f5 f8 ad dd 92 06 83 32 bd fa 6a
> > > 02 44 5d ec 7b 6d 0c 2b
> > > 17 03 00 00 28
> > > 66 45 37 06 e6 86 3e d2 cc 77 c1 0b 45 dd 96 0c
> > > c3 7c 23 8e ea 72 fa a6 f0 67 74 28 38 ae 37 23
> > > 92 b8 07 96 ce 0f d3 ea
--
Viktor.
