Client Session Hash
I am trying to implement TLS1 using SCHANNEL, and I am having trouble with the Client Finish Message.
Question 1: What exactly is included in the 2 hashes (MD5/SHA1)? The info is fairly clear that record headers and Cipher Change messages are not included, but are the message headers themselves included?
Some sources state that the Session Hash is a 12 byte PRF, but when I examine the packets from an actual session, the message is 36 bytes for V3.1. Which one is correct? A 12 byte PRF is not working.