The February 9th, 1995 version of the SSL document differs fromhttps://www.netscape.com in the following ways.=====The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key isKEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]notKEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]as specified in the documentation.=====From the section 2.6 Server Only Protocol MessagesIf the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero. This is not true for https://www.netscape.com. The CERTIFICATE-TYPEis returned as 1.=====I have not tested the following but it is reported by email@example.com.SSLref clients wait to recieve a server-verify before they send aclient-finished. Besides this not being evident from the examples in2.2.1, it makes more sense to always send all packets you can beforereading. SSLeay was waiting in the server to recieve a client-finishbefore sending the server-verify :-). I have changed SSLeay to send aserver-verify before trying to read the client-finished.