[release-branch.go1.11] crypto/tls: make ConnectionState.ExportKeyingMaterial a method

The unexported field is hidden from reflect based marshalers, which
would break otherwise. Also, make it return an error, as there are
multiple reasons it might fail.

Fixes #27131

Change-Id: I92adade2fe456103d2d5c0315629ca0256953764
Reviewed-on: https://go-review.googlesource.com/130535
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit 240cb4c75fbe969364edb1a7f7ebd2d827831d34)
Reviewed-on: https://go-review.googlesource.com/130655

13 files changed, 432 insertions, 24 deletions

diff --git a/api/go1.11.txt b/api/go1.11.txt
index 4c0bcc7479..863e1f1625 100644
--- a/api/go1.11.txt
+++ b/api/go1.11.txt
@@ -1,7 +1,7 @@
 pkg crypto/cipher, func NewGCMWithTagSize(Block, int) (AEAD, error)
 pkg crypto/rsa, method (*PrivateKey) Size() int
 pkg crypto/rsa, method (*PublicKey) Size() int
-pkg crypto/tls, type ConnectionState struct, ExportKeyingMaterial func(string, []uint8, int) ([]uint8, bool)
+pkg crypto/tls, method (*ConnectionState) ExportKeyingMaterial(string, []uint8, int) ([]uint8, error)
 pkg database/sql, method (IsolationLevel) String() string
 pkg database/sql, type DBStats struct, Idle int
 pkg database/sql, type DBStats struct, InUse int
diff --git a/doc/go1.11.html b/doc/go1.11.html
index fae1c5ff14..087dc72f8e 100644
--- a/doc/go1.11.html
+++ b/doc/go1.11.html
@@ -500,7 +500,8 @@ for k := range m {
   <dd>
     <p><!-- CL 85115 -->
       <a href="/pkg/crypto/tls/#ConnectionState"><code>ConnectionState</code></a>'s new
-      <code>ExportKeyingMaterial</code> field allows exporting keying material bound to the
+      <a href="/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial"><code>ExportKeyingMaterial</code></a>
+      method allows exporting keying material bound to the
       connection according to RFC 5705.
     </p>
 
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 729bce6d50..7b627fc025 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -164,11 +164,8 @@ type ConnectionState struct {
 	SignedCertificateTimestamps [][]byte              // SCTs from the server, if any
 	OCSPResponse                []byte                // stapled OCSP response from server, if any
 
-	// ExportKeyMaterial returns length bytes of exported key material as
-	// defined in https://tools.ietf.org/html/rfc5705. If context is nil, it is
-	// not used as part of the seed. If Config.Renegotiation was set to allow
-	// renegotiation, this function will always return nil, false.
-	ExportKeyingMaterial func(label string, context []byte, length int) ([]byte, bool)
+	// ekm is a closure exposed via ExportKeyingMaterial.
+	ekm func(label string, context []byte, length int) ([]byte, error)
 
 	// TLSUnique contains the "tls-unique" channel binding value (see RFC
 	// 5929, section 3). For resumed sessions this value will be nil
@@ -179,6 +176,14 @@ type ConnectionState struct {
 	TLSUnique []byte
 }
 
+// ExportKeyingMaterial returns length bytes of exported key material in a new
+// slice as defined in https://tools.ietf.org/html/rfc5705. If context is nil,
+// it is not used as part of the seed. If the connection was set to allow
+// renegotiation via Config.Renegotiation, this function will return an error.
+func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
+	return cs.ekm(label, context, length)
+}
+
 // ClientAuthType declares the policy the server will follow for
 // TLS Client Authentication.
 type ClientAuthType int
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index 2adb967537..6e27e695bd 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -56,7 +56,7 @@ type Conn struct {
 	// renegotiation is not supported in that case.)
 	secureRenegotiation bool
 	// ekm is a closure for exporting keying material.
-	ekm func(label string, context []byte, length int) ([]byte, bool)
+	ekm func(label string, context []byte, length int) ([]byte, error)
 
 	// clientFinishedIsFirst is true if the client sent the first Finished
 	// message during the most recent handshake. This is recorded because
@@ -1315,9 +1315,9 @@ func (c *Conn) ConnectionState() ConnectionState {
 			}
 		}
 		if c.config.Renegotiation != RenegotiateNever {
-			state.ExportKeyingMaterial = noExportedKeyingMaterial
+			state.ekm = noExportedKeyingMaterial
 		} else {
-			state.ExportKeyingMaterial = c.ekm
+			state.ekm = c.ekm
 		}
 	}
 
diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
index 79fb3421a8..1f1c93d102 100644
--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -979,6 +979,24 @@ func TestRenegotiateTwiceRejected(t *testing.T) {
 	runClientTestTLS12(t, test)
 }
 
+func TestHandshakeClientExportKeyingMaterial(t *testing.T) {
+	test := &clientTest{
+		name:    "ExportKeyingMaterial",
+		command: []string{"openssl", "s_server"},
+		config:  testConfig.Clone(),
+		validate: func(state ConnectionState) error {
+			if km, err := state.ExportKeyingMaterial("test", nil, 42); err != nil {
+				return fmt.Errorf("ExportKeyingMaterial failed: %v", err)
+			} else if len(km) != 42 {
+				return fmt.Errorf("Got %d bytes from ExportKeyingMaterial, wanted %d", len(km), 42)
+			}
+			return nil
+		},
+	}
+	runClientTestTLS10(t, test)
+	runClientTestTLS12(t, test)
+}
+
 var hostnameInSNITests = []struct {
 	in, out string
 }{
diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index 01d7b5ceec..c366f47b17 100644
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -998,6 +998,24 @@ func TestFallbackSCSV(t *testing.T) {
 	runServerTestTLS11(t, test)
 }
 
+func TestHandshakeServerExportKeyingMaterial(t *testing.T) {
+	test := &serverTest{
+		name:    "ExportKeyingMaterial",
+		command: []string{"openssl", "s_client"},
+		config:  testConfig.Clone(),
+		validate: func(state ConnectionState) error {
+			if km, err := state.ExportKeyingMaterial("test", nil, 42); err != nil {
+				return fmt.Errorf("ExportKeyingMaterial failed: %v", err)
+			} else if len(km) != 42 {
+				return fmt.Errorf("Got %d bytes from ExportKeyingMaterial, wanted %d", len(km), 42)
+			}
+			return nil
+		},
+	}
+	runServerTestTLS10(t, test)
+	runServerTestTLS12(t, test)
+}
+
 func benchmarkHandshakeServer(b *testing.B, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) {
 	config := testConfig.Clone()
 	config.CipherSuites = []uint16{cipherSuite}
diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go
index 98e9ab4292..a8cf21da15 100644
--- a/src/crypto/tls/prf.go
+++ b/src/crypto/tls/prf.go
@@ -347,20 +347,20 @@ func (h *finishedHash) discardHandshakeBuffer() {
 }
 
 // noExportedKeyingMaterial is used as a value of
-// ConnectionState.ExportKeyingMaterial when renegotation is enabled and thus
+// ConnectionState.ekm when renegotation is enabled and thus
 // we wish to fail all key-material export requests.
-func noExportedKeyingMaterial(label string, context []byte, length int) ([]byte, bool) {
-	return nil, false
+func noExportedKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
+	return nil, errors.New("crypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled")
 }
 
 // ekmFromMasterSecret generates exported keying material as defined in
 // https://tools.ietf.org/html/rfc5705.
-func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte) func(string, []byte, int) ([]byte, bool) {
-	return func(label string, context []byte, length int) ([]byte, bool) {
+func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte) func(string, []byte, int) ([]byte, error) {
+	return func(label string, context []byte, length int) ([]byte, error) {
 		switch label {
 		case "client finished", "server finished", "master secret", "key expansion":
 			// These values are reserved and may not be used.
-			return nil, false
+			return nil, fmt.Errorf("crypto/tls: reserved ExportKeyingMaterial label: %s", label)
 		}
 
 		seedLen := len(serverRandom) + len(clientRandom)
@@ -374,7 +374,7 @@ func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clien
 
 		if context != nil {
 			if len(context) >= 1<<16 {
-				return nil, false
+				return nil, fmt.Errorf("crypto/tls: ExportKeyingMaterial context too long")
 			}
 			seed = append(seed, byte(len(context)>>8), byte(len(context)))
 			seed = append(seed, context...)
@@ -382,6 +382,6 @@ func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clien
 
 		keyMaterial := make([]byte, length)
 		prfForVersion(version, suite)(keyMaterial, masterSecret, []byte(label), seed)
-		return keyMaterial, true
+		return keyMaterial, nil
 	}
 }
diff --git a/src/crypto/tls/prf_test.go b/src/crypto/tls/prf_test.go
index 80af32c6ce..f201253f72 100644
--- a/src/crypto/tls/prf_test.go
+++ b/src/crypto/tls/prf_test.go
@@ -70,14 +70,14 @@ func TestKeysFromPreMasterSecret(t *testing.T) {
 		}
 
 		ekm := ekmFromMasterSecret(test.version, test.suite, masterSecret, clientRandom, serverRandom)
-		contextKeyingMaterial, ok := ekm("label", []byte("context"), 32)
-		if !ok {
-			t.Fatalf("ekmFromMasterSecret failed")
+		contextKeyingMaterial, err := ekm("label", []byte("context"), 32)
+		if err != nil {
+			t.Fatalf("ekmFromMasterSecret failed: %v", err)
 		}
 
-		noContextKeyingMaterial, ok := ekm("label", nil, 32)
-		if !ok {
-			t.Fatalf("ekmFromMasterSecret failed")
+		noContextKeyingMaterial, err := ekm("label", nil, 32)
+		if err != nil {
+			t.Fatalf("ekmFromMasterSecret failed: %v", err)
 		}
 
 		if hex.EncodeToString(contextKeyingMaterial) != test.contextKeyingMaterial ||
diff --git a/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial b/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial
new file mode 100644
index 0000000000..571769e125
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial
@@ -0,0 +1,89 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 95 01 00 00  91 03 03 00 00 00 00 00  |................|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
+00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
+00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
+00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 3c 00 05  |.............<..|
+00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
+00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 12 00  |................|
+00000080  10 04 01 04 03 05 01 05  03 06 01 06 03 02 01 02  |................|
+00000090  03 ff 01 00 01 00 00 12  00 00                    |..........|
+>>> Flow 2 (server to client)
+00000000  16 03 01 00 59 02 00 00  55 03 01 67 4f 02 da 87  |....Y...U..gO...|
+00000010  52 30 9a f0 3b e0 63 42  bf 6c 18 58 00 06 70 cf  |R0..;.cB.l.X..p.|
+00000020  2a 27 5a 00 a7 57 49 fe  03 dd 3b 20 7c 2c 74 00  |*'Z..WI...; |,t.|
+00000030  6e b2 35 ca 1b b5 8c 46  f7 78 ab 11 92 43 8c f6  |n.5....F.x...C..|
+00000040  97 d3 b8 07 4c 9c 95 2b  08 fe e8 82 c0 13 00 00  |....L..+........|
+00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
+00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
+00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
+00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
+00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
+000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
+000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
+000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
+000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
+000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
+000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
+00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
+00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
+00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
+00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
+00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
+00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
+00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
+00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
+00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
+00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
+000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
+000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
+000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
+000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
+000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
+000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
+00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
+00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
+00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
+00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
+00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
+00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
+00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
+00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
+00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
+00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
+000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
+000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
+000002c0  aa 0c 00 00 a6 03 00 1d  20 a0 0e 1d 92 2d b0 a5  |........ ....-..|
+000002d0  f0 ab d5 79 a0 bb 12 ff  23 46 bc 27 0d 73 ff 3e  |...y....#F.'.s.>|
+000002e0  ad 06 d6 57 6b c2 11 76  2d 00 80 77 bf cd 2b cb  |...Wk..v-..w..+.|
+000002f0  66 c2 fa 30 ed b1 e7 44  79 1b 28 e6 89 62 17 07  |f..0...Dy.(..b..|
+00000300  82 c1 5f dc b2 20 4e 42  ed 54 d6 28 3a 2a e3 a3  |.._.. NB.T.(:*..|
+00000310  79 06 e3 08 3c c1 3e b9  c6 41 71 2f d0 29 82 36  |y...<.>..Aq/.).6|
+00000320  ef 8d 67 c8 77 d0 32 d3  33 5f 77 92 dd 98 bb 03  |..g.w.2.3_w.....|
+00000330  cc 0b a6 75 8f 4a 1d f5  6e 1b 06 5b 4a 8b 16 a4  |...u.J..n..[J...|
+00000340  c1 ce 11 9d 70 bc 62 7f  58 a5 86 76 91 3d 3a 04  |....p.b.X..v.=:.|
+00000350  93 92 89 42 9b a7 7d 9d  75 25 6d 98 f3 e6 68 7e  |...B..}.u%m...h~|
+00000360  a8 c6 b1 db a7 95 63 39  94 5a 05 16 03 01 00 04  |......c9.Z......|
+00000370  0e 00 00 00                                       |....|
+>>> Flow 3 (client to server)
+00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
+00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
+00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
+00000030  16 03 01 00 30 73 ad 46  66 66 e8 bd 44 e4 bf 71  |....0s.Fff..D..q|
+00000040  a2 d4 87 e2 4b a3 4a b2  a0 ca ed ac 61 8c 1e 7f  |....K.J.....a...|
+00000050  68 bf 6f 98 b1 fb 10 1a  5a e6 36 61 91 ac c4 55  |h.o.....Z.6a...U|
+00000060  a3 4d 69 66 6e                                    |.Mifn|
+>>> Flow 4 (server to client)
+00000000  14 03 01 00 01 01 16 03  01 00 30 57 aa 5c d5 dc  |..........0W.\..|
+00000010  83 4b 23 80 34 4e 36 e8  d6 f3 40 7e ae 12 44 a6  |.K#.4N6...@~..D.|
+00000020  c7 48 99 99 0a 85 3c 59  75 32 4e 88 3c 98 a0 23  |.H....<Yu2N.<..#|
+00000030  78 c8 a7 2b 43 25 6a ad  d1 78 54                 |x..+C%j..xT|
+>>> Flow 5 (client to server)
+00000000  17 03 01 00 20 e4 9c f4  fa 6b e8 85 87 6f 20 45  |.... ....k...o E|
+00000010  71 d3 e2 9e e3 14 2a 7c  64 e8 11 53 fd 93 c1 4a  |q.....*|d..S...J|
+00000020  1b 94 f8 48 78 17 03 01  00 20 b9 41 32 1d e8 70  |...Hx.... .A2..p|
+00000030  87 5f 2c c6 67 d1 77 3c  30 83 0c 66 35 eb 1d da  |._,.g.w<0..f5...|
+00000040  6e dd 30 ff 82 05 5f f1  cd e7 15 03 01 00 20 6c  |n.0..._....... l|
+00000050  47 82 5e 90 5b 84 15 78  05 bd 48 63 d5 46 2f 7e  |G.^.[..x..Hc.F/~|
+00000060  83 49 ce 3c 0f 04 92 52  5b e7 d5 cf 2c bf 65     |.I.<...R[...,.e|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial b/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial
new file mode 100644
index 0000000000..29964f0d40
--- /dev/null
+++ b/src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial
@@ -0,0 +1,84 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 95 01 00 00  91 03 03 00 00 00 00 00  |................|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
+00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
+00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
+00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 3c 00 05  |.............<..|
+00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
+00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 12 00  |................|
+00000080  10 04 01 04 03 05 01 05  03 06 01 06 03 02 01 02  |................|
+00000090  03 ff 01 00 01 00 00 12  00 00                    |..........|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 59 02 00 00  55 03 03 fc 37 e8 a4 e3  |....Y...U...7...|
+00000010  5d da a5 95 0b fb e0 c3  d9 78 8b 91 bd 5c 1c b1  |]........x...\..|
+00000020  c6 8d 69 62 f9 c6 0f 12  da 46 ba 20 34 a3 22 f2  |..ib.....F. 4.".|
+00000030  a9 f7 da 3a c4 5f 6f f7  4b be df 03 e5 b6 d0 ff  |...:._o.K.......|
+00000040  ca 54 68 59 57 53 63 a5  2f 91 1d 1e cc a8 00 00  |.ThYWSc./.......|
+00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
+00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
+00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
+00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
+00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
+000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
+000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
+000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
+000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
+000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
+000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
+00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
+00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
+00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
+00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
+00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
+00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
+00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
+00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
+00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
+00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
+000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
+000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
+000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
+000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
+000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
+000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
+00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
+00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
+00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
+00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
+00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
+00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
+00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
+00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
+00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
+00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
+000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
+000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 cc e9 71 f5 36 52 5a  |........ ..q.6RZ|
+000002d0  d8 19 ce e4 0d 41 8d a6  9b f3 19 56 8d 81 fe 84  |.....A.....V....|
+000002e0  71 2f d7 fb e7 86 23 4c  04 04 01 00 80 90 da 29  |q/....#L.......)|
+000002f0  79 18 70 e8 81 66 83 70  97 f1 d1 5f dc 1d a2 0a  |y.p..f.p..._....|
+00000300  94 d8 e8 b8 32 4f 03 34  0b af e8 2d 94 b2 eb 30  |....2O.4...-...0|
+00000310  57 b5 a5 92 9e 9a df a6  bc 3e 25 0e 18 cb ea 84  |W........>%.....|
+00000320  34 89 08 8a d4 be 16 a3  5d 3a 7d 32 10 9b 41 1c  |4.......]:}2..A.|
+00000330  2a 1e 05 68 5f fa d9 56  30 b6 44 08 b0 a5 25 5a  |*..h_..V0.D...%Z|
+00000340  c3 60 c0 9a 98 fd 48 5f  a4 18 d0 15 0f fb b3 ea  |.`....H_........|
+00000350  b9 c4 e3 c6 0c 27 51 64  01 de 65 78 c7 a0 57 df  |.....'Qd..ex..W.|
+00000360  9b de 2f 74 bc 72 e5 e0  57 7c 59 e6 ae 16 03 03  |../t.r..W|Y.....|
+00000370  00 04 0e 00 00 00                                 |......|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
+00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
+00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
+00000030  16 03 03 00 20 92 0a 4e  aa 2d b3 9b c8 b9 80 28  |.... ..N.-.....(|
+00000040  f3 22 e2 57 15 ff a1 9a  33 9b e8 4c 5c dc f4 29  |.".W....3..L\..)|
+00000050  7d 25 d7 df bc                                    |}%...|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 20 91 85 06 0e 00  |.......... .....|
+00000010  ad 96 2e 1c a5 4d f7 63  f9 84 1c 6e da 54 0b e0  |.....M.c...n.T..|
+00000020  44 37 6a 90 4c fd f5 e8  45 1d ce                 |D7j.L...E..|
+>>> Flow 5 (client to server)
+00000000  17 03 03 00 16 4c e8 8a  e0 a6 95 f3 df 37 8a 2d  |.....L.......7.-|
+00000010  4f 11 ce a6 53 16 2c b0  bb c5 7f 15 03 03 00 12  |O...S.,.........|
+00000020  4e 91 d8 67 c5 16 d2 4e  cc b8 0a 00 76 91 68 7a  |N..g...N....v.hz|
+00000030  85 2e                                             |..|
diff --git a/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial b/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial
new file mode 100644
index 0000000000..84e0e37005
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv10-ExportKeyingMaterial
@@ -0,0 +1,92 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 61 01 00 00  5d 03 01 f4 ec 99 73 ec  |....a...].....s.|
+00000010  36 30 c7 0b 26 33 a2 c4  26 8e 9f 04 f7 5b e7 4f  |60..&3..&....[.O|
+00000020  86 85 14 bf f7 49 96 a4  ae c9 1d 00 00 12 c0 0a  |.....I..........|
+00000030  c0 14 00 39 c0 09 c0 13  00 33 00 35 00 2f 00 ff  |...9.....3.5./..|
+00000040  01 00 00 22 00 0b 00 04  03 00 01 02 00 0a 00 0a  |..."............|
+00000050  00 08 00 1d 00 17 00 19  00 18 00 23 00 00 00 16  |...........#....|
+00000060  00 00 00 17 00 00                                 |......|
+>>> Flow 2 (server to client)
+00000000  16 03 01 00 35 02 00 00  31 03 01 00 00 00 00 00  |....5...1.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 14 00 00  |................|
+00000030  09 00 23 00 00 ff 01 00  01 00 16 03 01 02 59 0b  |..#...........Y.|
+00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
+00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
+00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
+00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
+00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
+00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
+000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
+000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
+000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
+000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
+000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
+000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
+00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
+00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
+00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
+00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
+00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
+00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
+00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
+00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
+00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
+00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
+000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
+000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
+000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
+000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
+000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
+000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
+00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
+00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
+00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
+00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
+00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
+00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
+00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
+00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
+00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 01 00 aa 0c 00 00  |.\!.;...........|
+000002a0  a6 03 00 1d 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |.... /.}.G.bC.(.|
+000002b0  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
+000002c0  5f 58 cb 3b 74 00 80 8e  fe 28 f2 06 d8 b9 d6 74  |_X.;t....(.....t|
+000002d0  72 34 dc fa 00 38 56 1a  fc a1 68 e8 ca 8f 7a 61  |r4...8V...h...za|
+000002e0  92 e2 2a 63 ce 4d 96 c6  bb 84 82 41 2d 97 35 13  |..*c.M.....A-.5.|
+000002f0  e1 ff 4c ec f2 e6 62 16  15 35 da 8a 57 55 cb 28  |..L...b..5..WU.(|
+00000300  26 35 e6 86 00 b0 92 44  b7 40 7b 6a c4 b0 b8 10  |&5.....D.@{j....|
+00000310  b7 16 97 a7 26 eb 1e 0b  99 b3 22 4a 6b 7f 0b 69  |....&....."Jk..i|
+00000320  0d 21 1e 33 6d fd 78 b5  62 68 53 db 62 69 ba b4  |.!.3m.x.bhS.bi..|
+00000330  bc 74 b3 d4 ce a2 41 d7  ba 62 aa cc b2 39 65 86  |.t....A..b...9e.|
+00000340  5f 00 68 e2 16 a5 13 16  03 01 00 04 0e 00 00 00  |_.h.............|
+>>> Flow 3 (client to server)
+00000000  16 03 01 00 25 10 00 00  21 20 81 08 e4 37 1d 03  |....%...! ...7..|
+00000010  87 5a 00 68 ae 49 76 08  4a e2 20 82 0b e5 7c 3e  |.Z.h.Iv.J. ...|>|
+00000020  90 49 9b c3 b9 c7 c9 3c  29 24 14 03 01 00 01 01  |.I.....<)$......|
+00000030  16 03 01 00 30 33 07 d5  08 ca ae f9 70 50 93 0a  |....03......pP..|
+00000040  55 2e e0 df 1d 88 ae 1e  06 17 47 64 a3 52 36 37  |U.........Gd.R67|
+00000050  d5 ca f1 b1 d2 76 7b f8  89 59 13 e9 ab b1 cb dc  |.....v{..Y......|
+00000060  1f a8 89 f4 2f                                    |..../|
+>>> Flow 4 (server to client)
+00000000  16 03 01 00 82 04 00 00  7e 00 00 00 00 00 78 50  |........~.....xP|
+00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
+00000030  6d ec a4 83 61 a4 a1 9c  14 de f8 59 c8 c7 f0 10  |m...a......Y....|
+00000040  08 fe c9 37 29 ed 47 05  d2 bd a8 4c 05 b9 8c f8  |...7).G....L....|
+00000050  b5 4d e4 a6 30 0f 49 4a  b1 73 1f 89 73 c8 bb 36  |.M..0.IJ.s..s..6|
+00000060  14 9d d2 95 70 33 94 fb  82 e6 fe 3e 64 8c 9d e8  |....p3.....>d...|
+00000070  e3 e5 93 3d fe 4e 23 a3  97 8a a3 91 80 c9 00 01  |...=.N#.........|
+00000080  a6 f0 47 cf 11 a6 90 14  03 01 00 01 01 16 03 01  |..G.............|
+00000090  00 30 1f 70 17 a1 30 82  5a 32 e7 aa a1 7f 1b f6  |.0.p..0.Z2......|
+000000a0  d8 aa 6a 51 64 1b 4a f1  94 12 08 2f 5d 95 fe 83  |..jQd.J..../]...|
+000000b0  52 c8 3b d4 58 73 50 19  b8 08 61 b3 3a 5d f6 d3  |R.;.XsP...a.:]..|
+000000c0  67 e6 17 03 01 00 20 bd  79 44 08 9d 86 cf 5e e9  |g..... .yD....^.|
+000000d0  e4 3c 80 ed b7 18 10 07  0f 42 85 ca a4 51 fd 9b  |.<.......B...Q..|
+000000e0  38 3e 04 7e 72 6e 80 17  03 01 00 30 2c 46 c2 71  |8>.~rn.....0,F.q|
+000000f0  4a 83 46 eb 63 87 f5 83  b4 72 70 4f a3 59 b3 ff  |J.F.c....rpO.Y..|
+00000100  3c 00 74 12 db 33 51 4c  7c e0 c1 27 44 20 68 25  |<.t..3QL|..'D h%|
+00000110  95 f1 37 2a 24 f1 85 a3  5a e4 50 fe 15 03 01 00  |..7*$...Z.P.....|
+00000120  20 72 01 cc 74 d5 b4 6b  05 ce de f0 b4 fe 4f 6b  | r..t..k......Ok|
+00000130  a8 8f ad 5a c2 7d 40 65  d6 a2 57 52 b8 8a c5 4f  |...Z.}@e..WR...O|
+00000140  d9                                                |.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial b/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
new file mode 100644
index 0000000000..6415c42928
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
@@ -0,0 +1,92 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 ab 01 00 00  a7 03 03 7a 49 9d 20 62  |...........zI. b|
+00000010  45 8d 0c 1e 8e eb b1 5e  73 62 6d 48 61 31 cb 1a  |E......^sbmHa1..|
+00000020  89 b2 68 1b 2c cb 35 87  2a 17 fb 00 00 38 c0 2c  |..h.,.5.*....8.,|
+00000030  c0 30 00 9f cc a9 cc a8  cc aa c0 2b c0 2f 00 9e  |.0.........+./..|
+00000040  c0 24 c0 28 00 6b c0 23  c0 27 00 67 c0 0a c0 14  |.$.(.k.#.'.g....|
+00000050  00 39 c0 09 c0 13 00 33  00 9d 00 9c 00 3d 00 3c  |.9.....3.....=.<|
+00000060  00 35 00 2f 00 ff 01 00  00 46 00 0b 00 04 03 00  |.5./.....F......|
+00000070  01 02 00 0a 00 0a 00 08  00 1d 00 17 00 19 00 18  |................|
+00000080  00 23 00 00 00 16 00 00  00 17 00 00 00 0d 00 20  |.#............. |
+00000090  00 1e 06 01 06 02 06 03  05 01 05 02 05 03 04 01  |................|
+000000a0  04 02 04 03 03 01 03 02  03 03 02 01 02 02 02 03  |................|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 30 00 00  |.............0..|
+00000030  09 00 23 00 00 ff 01 00  01 00 16 03 03 02 59 0b  |..#...........Y.|
+00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
+00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
+00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
+00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
+00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
+00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
+000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
+000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
+000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
+000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
+000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
+000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
+00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
+00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
+00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
+00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
+00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
+00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
+00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
+00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
+00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
+00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
+000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
+000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
+000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
+000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
+000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
+000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
+00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
+00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
+00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
+00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
+00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
+00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
+00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
+00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
+00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
+00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 ac 0c 00 00  |.\!.;...........|
+000002a0  a8 03 00 1d 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |.... /.}.G.bC.(.|
+000002b0  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
+000002c0  5f 58 cb 3b 74 06 01 00  80 7f ee dd 6b 38 23 29  |_X.;t.......k8#)|
+000002d0  56 ff d2 c2 08 86 52 b6  e3 8a d5 fe 47 79 5e ef  |V.....R.....Gy^.|
+000002e0  99 7a 0b d7 44 84 b9 2f  7a 2c 64 4f b3 7c aa 44  |.z..D../z,dO.|.D|
+000002f0  aa 38 5d 1b 69 16 9f f2  7d f8 24 43 47 ad 31 bc  |.8].i...}.$CG.1.|
+00000300  f5 3d b8 c8 33 6e 3f 6f  2b ea 19 a2 30 32 2b 2a  |.=..3n?o+...02+*|
+00000310  81 64 3c ee ed 78 4c fa  80 fd e7 5f ef 85 98 d4  |.d<..xL...._....|
+00000320  48 06 b8 f5 5e 1e e6 f3  42 a8 2f 99 5f ea b3 ba  |H...^...B./._...|
+00000330  8e a8 31 99 85 f2 46 11  a3 d2 c6 81 4b f1 22 7d  |..1...F.....K."}|
+00000340  d7 45 04 f1 a6 d6 7e 8f  9d 16 03 03 00 04 0e 00  |.E....~.........|
+00000350  00 00                                             |..|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 25 10 00 00  21 20 22 e7 e7 61 a9 27  |....%...! "..a.'|
+00000010  7b 93 d1 42 76 dd 16 32  e8 92 37 37 2f fd 0d 92  |{..Bv..2..77/...|
+00000020  1f 8e b7 c5 69 40 d3 1a  7d 06 14 03 03 00 01 01  |....i@..}.......|
+00000030  16 03 03 00 28 4e 7f b2  a2 20 5d cf a1 5a de 42  |....(N... ]..Z.B|
+00000040  c5 72 c3 ef c3 23 a7 2c  f3 5b 3d a4 81 21 ac db  |.r...#.,.[=..!..|
+00000050  44 1c f3 a1 83 aa a1 b7  85 9a c7 23 03           |D..........#.|
+>>> Flow 4 (server to client)
+00000000  16 03 03 00 82 04 00 00  7e 00 00 00 00 00 78 50  |........~.....xP|
+00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
+00000030  6f ec 80 83 61 3f 55 e3  9d ab 39 87 5b d0 ba 44  |o...a?U...9.[..D|
+00000040  07 91 a8 d0 37 8a 7e 51  0d 00 97 ec 1b 61 f3 3b  |....7.~Q.....a.;|
+00000050  9f 29 24 d5 98 f7 4d 3b  80 ef 2f 4d aa 02 98 93  |.)$...M;../M....|
+00000060  81 03 87 d8 06 33 94 f5  ed 5d cc 8f 57 97 70 26  |.....3...]..W.p&|
+00000070  00 dc 0d d2 96 16 a2 6d  fc be 8d 4b fa 5f b3 04  |.......m...K._..|
+00000080  ce bb 48 ee c0 75 23 14  03 03 00 01 01 16 03 03  |..H..u#.........|
+00000090  00 28 00 00 00 00 00 00  00 00 3a 69 e0 40 e2 d1  |.(........:i.@..|
+000000a0  a6 96 33 0f b3 58 5a dc  41 ea d1 80 44 66 9f 2e  |..3..XZ.A...Df..|
+000000b0  00 e4 9e 10 13 56 b4 1b  c9 42 17 03 03 00 25 00  |.....V...B....%.|
+000000c0  00 00 00 00 00 00 01 88  f3 d9 5b ed 6b 3c 70 0c  |..........[.k<p.|
+000000d0  df 36 9d 1c f6 f6 83 38  53 ad e2 06 47 3c e2 9f  |.6.....8S...G<..|
+000000e0  42 87 d7 8a 15 03 03 00  1a 00 00 00 00 00 00 00  |B...............|
+000000f0  02 df 4a 92 13 c4 e6 ac  76 25 c6 72 27 be d6 09  |..J.....v%.r'...|
+00000100  eb 90 ed                                          |...|
diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go
index 97934ccbf4..7542699bdc 100644
--- a/src/crypto/tls/tls_test.go
+++ b/src/crypto/tls/tls_test.go
@@ -7,6 +7,7 @@ package tls
 import (
 	"bytes"
 	"crypto/x509"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"internal/testenv"
@@ -907,3 +908,11 @@ func BenchmarkLatency(b *testing.B) {
 		}
 	}
 }
+
+func TestConnectionStateMarshal(t *testing.T) {
+	cs := &ConnectionState{}
+	_, err := json.Marshal(cs)
+	if err != nil {
+		t.Errorf("json.Marshal failed on ConnectionState: %v", err)
+	}
+}