Gary said: >> The question is where to C2S and S2C come from. > Nope. Section 5.1, they come from RFC 5706 using the PRF() function. > The question is where the master key used by PRF() comes from. "Master key" is the wrong term. PRF uses the TLS session keying material. -- These are my opinions. I hate spam.