From ba4b04869744c22bb49e9697abad047391f01ee1 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 20 Mar 2018 13:43:53 -0700
Subject: [PATCH 01/20] add initial implementation for server side SNI support

---
 .../Net/VirtualNetwork/VirtualNetwork.cs      |  35 ++-
 .../VirtualNetwork/VirtualNetworkStream.cs    |  10 +
 .../ref/System.Net.Security.cs                |   3 +
 .../PinvokeAnalyzerExceptionList.analyzerdata |   1 +
 .../src/System.Net.Security.csproj            |   1 +
 .../src/System/Net/Security/SNIHelper.cs      | 233 ++++++++++++++++++
 .../src/System/Net/Security/SecureChannel.cs  |  14 +-
 .../Net/Security/SslAuthenticationOptions.cs  |   2 +
 .../SslServerAuthenticationOptions.cs         |   3 +
 .../src/System/Net/Security/SslState.cs       |   7 +-
 .../src/System/Net/Security/SslStream.cs      |  17 ++
 .../Net/Security/SslStreamPal.Windows.cs      |   1 +
 .../tests/FunctionalTests/SslStreamSNITest.cs | 124 ++++++++++
 .../SslStreamStreamToStreamTest.cs            |   6 +-
 .../System.Net.Security.Tests.csproj          |   1 +
 15 files changed, 451 insertions(+), 7 deletions(-)
 create mode 100644 src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata
 create mode 100644 src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
 create mode 100644 src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs

diff --git a/src/Common/tests/System/Net/VirtualNetwork/VirtualNetwork.cs b/src/Common/tests/System/Net/VirtualNetwork/VirtualNetwork.cs
index b82c3946d9d5..e34ffd7f4b97 100644
--- a/src/Common/tests/System/Net/VirtualNetwork/VirtualNetwork.cs
+++ b/src/Common/tests/System/Net/VirtualNetwork/VirtualNetwork.cs
@@ -10,16 +10,29 @@ namespace System.Net.Test.Common
 {
     public class VirtualNetwork
     {
+        public class VirtualNetworkConnectionBroken : Exception
+        {
+            public VirtualNetworkConnectionBroken() : base("Connection broken") { }
+        }
+
         private readonly int WaitForReadDataTimeoutMilliseconds = 30 * 1000;
-        
+
         private readonly ConcurrentQueue<byte[]> _clientWriteQueue = new ConcurrentQueue<byte[]>();
         private readonly ConcurrentQueue<byte[]> _serverWriteQueue = new ConcurrentQueue<byte[]>();
 
         private readonly SemaphoreSlim _clientDataAvailable = new SemaphoreSlim(0);
         private readonly SemaphoreSlim _serverDataAvailable = new SemaphoreSlim(0);
 
+        public bool DisableConnectionBreaking { get; set; } = false;
+        private bool _connectionBroken = false;
+
         public void ReadFrame(bool server, out byte[] buffer)
         {
+            if (_connectionBroken)
+            {
+                throw new VirtualNetworkConnectionBroken();
+            }
+
             SemaphoreSlim semaphore;
             ConcurrentQueue<byte[]> packetQueue;
 
@@ -39,6 +52,11 @@ public void ReadFrame(bool server, out byte[] buffer)
                 throw new TimeoutException("VirtualNetwork: Timeout reading the next frame.");
             }
 
+            if (_connectionBroken)
+            {
+                throw new VirtualNetworkConnectionBroken();
+            }
+
             bool dequeueSucceeded = false;
             int remainingTries = 3;
             int backOffDelayMilliseconds = 2;
@@ -62,6 +80,11 @@ public void ReadFrame(bool server, out byte[] buffer)
 
         public void WriteFrame(bool server, byte[] buffer)
         {
+            if (_connectionBroken)
+            {
+                throw new VirtualNetworkConnectionBroken();
+            }
+
             SemaphoreSlim semaphore;
             ConcurrentQueue<byte[]> packetQueue;
 
@@ -82,5 +105,15 @@ public void WriteFrame(bool server, byte[] buffer)
             packetQueue.Enqueue(innerBuffer);
             semaphore.Release();
         }
+
+        public void BreakConnection()
+        {
+            if (!DisableConnectionBreaking)
+            {
+                _connectionBroken = true;
+                _serverDataAvailable.Release(1_000_000);
+                _clientDataAvailable.Release(1_000_000);
+            }
+        }
     }
 }
diff --git a/src/Common/tests/System/Net/VirtualNetwork/VirtualNetworkStream.cs b/src/Common/tests/System/Net/VirtualNetwork/VirtualNetworkStream.cs
index e04eb54ace7a..d019c101adb9 100644
--- a/src/Common/tests/System/Net/VirtualNetwork/VirtualNetworkStream.cs
+++ b/src/Common/tests/System/Net/VirtualNetwork/VirtualNetworkStream.cs
@@ -156,5 +156,15 @@ public override IAsyncResult BeginWrite(byte[] buffer, int offset, int count, As
 
         public override void EndWrite(IAsyncResult asyncResult) =>
             TaskToApm.End(asyncResult);
+
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                _network.BreakConnection();
+            }
+
+            base.Dispose(disposing);
+        }
     }
 }
diff --git a/src/System.Net.Security/ref/System.Net.Security.cs b/src/System.Net.Security/ref/System.Net.Security.cs
index fbe4022fbe01..785eadd9c235 100644
--- a/src/System.Net.Security/ref/System.Net.Security.cs
+++ b/src/System.Net.Security/ref/System.Net.Security.cs
@@ -32,6 +32,8 @@ public enum EncryptionPolicy
         RequireEncryption = 0,
     }
     public delegate System.Security.Cryptography.X509Certificates.X509Certificate LocalCertificateSelectionCallback(object sender, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection localCertificates, System.Security.Cryptography.X509Certificates.X509Certificate remoteCertificate, string[] acceptableIssuers);
+    public delegate System.Security.Cryptography.X509Certificates.X509Certificate ServerCertificateSelectionCallback(object sender, string hostName);
+
     public partial class NegotiateStream : AuthenticatedStream
     {
         public NegotiateStream(System.IO.Stream innerStream) : base(innerStream, false) { }
@@ -108,6 +110,7 @@ public class SslServerAuthenticationOptions
         public X509RevocationMode CertificateRevocationCheckMode { get { throw null;  } set { } }
         public List<SslApplicationProtocol> ApplicationProtocols { get { throw null; } set { } }
         public RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get { throw null;  } set { } }
+        public ServerCertificateSelectionCallback ServerCertificateSelectionCallback { get { throw null; } set { } }
         public EncryptionPolicy EncryptionPolicy { get { throw null;  } set { } }
     }
     public partial class SslClientAuthenticationOptions
diff --git a/src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata b/src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata
new file mode 100644
index 000000000000..623b2f899d99
--- /dev/null
+++ b/src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata
@@ -0,0 +1 @@
+schannel.dll!SslGetServerIdentity
diff --git a/src/System.Net.Security/src/System.Net.Security.csproj b/src/System.Net.Security/src/System.Net.Security.csproj
index 5600de569196..b0b447564dba 100644
--- a/src/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/System.Net.Security/src/System.Net.Security.csproj
@@ -23,6 +23,7 @@
     <Compile Include="System\Net\FixedSizeReader.cs" />
     <Compile Include="System\Net\HelperAsyncResults.cs" />
     <Compile Include="System\Net\Logging\NetEventSource.cs" />
+    <Compile Include="System\Net\Security\SNIHelper.cs" />
     <Compile Include="System\Net\Security\SslApplicationProtocol.cs" />
     <Compile Include="System\Net\Security\SslAuthenticationOptions.cs" />
     <Compile Include="System\Net\Security\SslClientAuthenticationOptions.cs" />
diff --git a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
new file mode 100644
index 000000000000..1969fb2c4c62
--- /dev/null
+++ b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
@@ -0,0 +1,233 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace System.Net.Security
+{
+    internal class SNIHelper
+    {
+        public static string GetServerName(byte[] clientHello)
+        {
+            return GetSniFromSslPlainText(clientHello);
+        }
+
+        // https://tools.ietf.org/html/rfc6101#section-5.2.1
+        // SSLPlainText structure:
+        //   - ContentType (1 byte) => 0x16 is handshake
+        //   - ProtocolVersion version (2 bytes)
+        //   - uint16 length
+        //   - opaque fragment[SSLPlaintext.length]
+        private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
+        {
+            // Is SSL 3 handshake? SSL 2 does not support extensions - skipping as well
+            if (sslPlainText.Length < 5 || sslPlainText[0] != 0x16)
+                return null;
+
+            ushort handshakeLength = ReadUint16(sslPlainText.Slice(3));
+            ReadOnlySpan<byte> sslHandshake = sslPlainText.Slice(5);
+
+            if (handshakeLength != sslHandshake.Length)
+                return null;
+
+            return GetSniFromSslHandshake(sslHandshake);
+        }
+
+        // https://tools.ietf.org/html/rfc6101#section-5.6
+        // Handshake structure:
+        //   - HandshakeType msg_type (1 bytes) => 0x01 is client_hello
+        //   - uint24 length
+        //   - <msg_type> body
+        private static string GetSniFromSslHandshake(ReadOnlySpan<byte> sslHandshake)
+        {
+            // If not client hello then skip
+            if (sslHandshake.Length < 4 || sslHandshake[0] != 0x01)
+                return null;
+
+            int clientHelloLength = ReadUint24(sslHandshake.Slice(1));
+            ReadOnlySpan<byte> clientHello = sslHandshake.Slice(4);
+
+            if (clientHello.Length != clientHelloLength)
+                return null;
+
+            return GetSniFromClientHello(clientHello);
+        }
+
+        // 5.6.1.2. https://tools.ietf.org/html/rfc6101#section-5.6.1 - describes basic structure
+        // 2.1. https://www.ietf.org/rfc/rfc3546.txt - describes extended structure
+        // ClientHello structure:
+        //   - ProtocolVersion client_version (2 bytes)
+        //   - Random random (32 bytes => 4 bytes GMT unix timestamp + 28 bytes of random bytes)
+        //   - SessionID session_id (opaque type of max size 32 => size fits in 1 byte)
+        //   - CipherSuite cipher_suites (opaque type of max size 2^16-1 => size fits in 2 bytes)
+        //   - CompressionMethod compression_methods (opaque type of max size 2^8-1 => size fits in 1 byte)
+        //   - Extension client_hello_extension_list (opaque type of max size 2^16-1 => size fits in 2 bytes)
+        private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
+        {
+            // Skip ProtocolVersion and Random
+            ReadOnlySpan<byte> p = SkipBytes(clientHello, 34);
+
+            // Skip SessionID
+            p = SkipOpaqueType1(p);
+
+            // Skip cipher suites
+            p = SkipOpaqueType2(p);
+
+            // Skip compression methods
+            p = SkipOpaqueType1(p);
+
+            // is invalid structure or no extensions?
+            if (p.IsEmpty)
+                return null;
+
+            ushort extensionListLength = ReadUint16(p);
+            p = SkipBytes(p, 2);
+
+            if (extensionListLength != p.Length)
+                return null;
+
+            while (!p.IsEmpty)
+            {
+                string sni = GetSniFromExtension(p, out p);
+                if (sni != null)
+                    return sni;
+            }
+
+            return null;
+        }
+
+        // 2.3. https://www.ietf.org/rfc/rfc3546.txt
+        // Extension structure:
+        //   - ExtensionType extension_type (2 bytes) => 0x00 is server_name
+        //   - opaque extension_data
+        private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out ReadOnlySpan<byte> remainingBytes)
+        {
+            if (extension.Length < 2)
+            {
+                remainingBytes = ReadOnlySpan<byte>.Empty;
+                return null;
+            }
+
+            ushort extensionType = ReadUint16(extension);
+            ReadOnlySpan<byte> extensionData = extension.Slice(2);
+
+            if (extensionType == 0x00)
+            {
+                return GetSniFromServerNameList(extensionData, out remainingBytes);
+            }
+            else
+            {
+                remainingBytes = SkipOpaqueType2(extensionData);
+                return null;
+            }
+        }
+
+        // 3.1. https://www.ietf.org/rfc/rfc3546.txt
+        // ServerNameList structure:
+        //   - ServerName server_name_list<1..2^16-1>
+        // ServerName structure:
+        //   - NameType name_type (1 byte) => 0x00 is host_name
+        //   - opaque HostName
+        // Per spec:
+        //   If the hostname labels contain only US-ASCII characters, then the
+        //   client MUST ensure that labels are separated only by the byte 0x2E,
+        //   representing the dot character U+002E (requirement 1 in section 3.1
+        //   of [IDNA] notwithstanding). If the server needs to match the HostName
+        //   against names that contain non-US-ASCII characters, it MUST perform
+        //   the conversion operation described in section 4 of [IDNA], treating
+        //   the HostName as a "query string" (i.e. the AllowUnassigned flag MUST
+        //   be set). Note that IDNA allows labels to be separated by any of the
+        //   Unicode characters U+002E, U+3002, U+FF0E, and U+FF61, therefore
+        //   servers MUST accept any of these characters as a label separator.  If
+        //   the server only needs to match the HostName against names containing
+        //   exclusively ASCII characters, it MUST compare ASCII names case-
+        //   insensitively.
+        private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameListExtension, out ReadOnlySpan<byte> remainingBytes)
+        {
+            if (serverNameListExtension.Length < 2)
+            {
+                remainingBytes = ReadOnlySpan<byte>.Empty;
+                return null;
+            }
+
+            ushort serverNameListLength = ReadUint16(serverNameListExtension);
+            ReadOnlySpan<byte> serverNameList = serverNameListExtension.Slice(2);
+
+            if (serverNameListLength > serverNameList.Length)
+            {
+                remainingBytes = ReadOnlySpan<byte>.Empty;
+                return null;
+            }
+
+            remainingBytes = serverNameList.Slice(serverNameListLength);
+            ReadOnlySpan<byte> serverName = serverNameList.Slice(0, serverNameListLength);
+
+            if (serverName.Length < 3)
+            {
+                return null;
+            }
+
+            // -1 for hostNameType
+            int hostNameStructLength = ReadUint16(serverName) - 1;
+            byte hostNameType = serverName[2];
+            ReadOnlySpan<byte> hostNameStruct = serverName.Slice(3);
+
+            if (hostNameStructLength != hostNameStruct.Length || hostNameType != 0x00)
+            {
+                return null;
+            }
+
+            ushort hostNameLength = ReadUint16(hostNameStruct);
+            ReadOnlySpan<byte> hostName = hostNameStruct.Slice(2);
+
+            return Encoding.UTF8.GetString(hostName);
+        }
+
+        private static ushort ReadUint16(ReadOnlySpan<byte> bytes)
+        {
+            return (ushort)((bytes[0] << 8) | bytes[1]);
+        }
+
+        private static int ReadUint24(ReadOnlySpan<byte> bytes)
+        {
+            return (bytes[0] << 16) | (bytes[1] << 8) | bytes[2];
+        }
+
+        private static ReadOnlySpan<byte> SkipBytes(ReadOnlySpan<byte> bytes, int numberOfBytesToSkip)
+        {
+            if (numberOfBytesToSkip < bytes.Length)
+                return bytes.Slice(numberOfBytesToSkip);
+            else
+                return ReadOnlySpan<byte>.Empty;
+        }
+
+        // Opaque type is of structure:
+        //   - length (minimum number of bytes to hold the max value)
+        //   - data (length bytes)
+        // We will only use opaque bytes which are of max size: 255 (length = 1) or 2^16-1 (length = 2).
+        // We will call them SkipOpaqueType`length`
+        private static ReadOnlySpan<byte> SkipOpaqueType1(ReadOnlySpan<byte> bytes)
+        {
+            if (bytes.Length < 1)
+                return ReadOnlySpan<byte>.Empty;
+
+            byte length = bytes[0];
+            int totalBytes = 1 + length;
+
+            return SkipBytes(bytes, totalBytes);
+        }
+
+        private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes)
+        {
+            if (bytes.Length < 2)
+                return ReadOnlySpan<byte>.Empty;
+
+            ushort length = ReadUint16(bytes);
+            int totalBytes = 2 + length;
+
+            return SkipBytes(bytes, totalBytes);
+        }
+    }
+}
diff --git a/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs b/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs
index b444eea3125b..78d8d82f4a34 100644
--- a/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs
@@ -624,7 +624,7 @@ private bool AcquireClientCredentials(ref byte[] thumbPrint)
         //
         // Acquire Server Side Certificate information and set it on the class.
         //
-        private bool AcquireServerCredentials(ref byte[] thumbPrint)
+        private bool AcquireServerCredentials(ref byte[] thumbPrint, byte[] clientHello)
         {
             if (NetEventSource.IsEnabled)
                 NetEventSource.Enter(this);
@@ -632,7 +632,14 @@ private bool AcquireServerCredentials(ref byte[] thumbPrint)
             X509Certificate localCertificate = null;
             bool cachedCred = false;
 
-            if (_sslAuthenticationOptions.CertSelectionDelegate != null)
+            if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null)
+            {
+                string serverIdentity = SNIHelper.GetServerName(clientHello);
+                localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(serverIdentity);
+
+            }
+            // This probably never gets called as this is a client options delegate
+            else if (_sslAuthenticationOptions.CertSelectionDelegate != null)
             {
                 X509CertificateCollection tempCollection = new X509CertificateCollection();
                 tempCollection.Add(_sslAuthenticationOptions.ServerCertificate);
@@ -744,7 +751,6 @@ private SecurityStatusPal GenerateToken(byte[] input, int offset, int count, ref
 #if TRACE_VERBOSE
             if (NetEventSource.IsEnabled) NetEventSource.Enter(this, $"_refreshCredentialNeeded = {_refreshCredentialNeeded}");
 #endif
-
             if (offset < 0 || offset > (input == null ? 0 : input.Length))
             {
                 NetEventSource.Fail(this, "Argument 'offset' out of range.");
@@ -786,7 +792,7 @@ private SecurityStatusPal GenerateToken(byte[] input, int offset, int count, ref
                     if (_refreshCredentialNeeded)
                     {
                         cachedCreds = _sslAuthenticationOptions.IsServer
-                                        ? AcquireServerCredentials(ref thumbPrint)
+                                        ? AcquireServerCredentials(ref thumbPrint, input)
                                         : AcquireClientCredentials(ref thumbPrint);
                     }
 
diff --git a/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs b/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs
index 609666aee497..1710fff4eb7f 100644
--- a/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs
@@ -49,6 +49,7 @@ internal SslAuthenticationOptions(SslServerAuthenticationOptions sslServerAuthen
             // Server specific options.
             CertificateRevocationCheckMode = sslServerAuthenticationOptions.CertificateRevocationCheckMode;
             ServerCertificate = sslServerAuthenticationOptions.ServerCertificate;
+            ServerCertSelectionDelegate = sslServerAuthenticationOptions._serverCertDelegate;
         }
 
         internal bool AllowRenegotiation { get; set; }
@@ -66,6 +67,7 @@ internal SslAuthenticationOptions(SslServerAuthenticationOptions sslServerAuthen
         internal bool CheckCertName { get; set; }
         internal RemoteCertValidationCallback CertValidationDelegate { get; set; }
         internal LocalCertSelectionCallback CertSelectionDelegate { get; set; }
+        internal ServerCertCallback ServerCertSelectionDelegate { get; set; }
     }
 }
 
diff --git a/src/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs b/src/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
index cf5b271a10b7..7e9420151b36 100644
--- a/src/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
@@ -16,6 +16,7 @@ public class SslServerAuthenticationOptions
         private bool _allowRenegotiation = true;
 
         internal RemoteCertValidationCallback _certValidationDelegate;
+        internal ServerCertCallback _serverCertDelegate;
 
         public bool AllowRenegotiation
         {
@@ -29,6 +30,8 @@ public bool AllowRenegotiation
 
         public RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
 
+        public ServerCertificateSelectionCallback ServerCertificateSelectionCallback { get; set; }
+
         public X509Certificate ServerCertificate { get; set; }
 
         public SslProtocols EnabledSslProtocols
diff --git a/src/System.Net.Security/src/System/Net/Security/SslState.cs b/src/System.Net.Security/src/System/Net/Security/SslState.cs
index 4fb420bd3347..05f437f46cc9 100644
--- a/src/System.Net.Security/src/System/Net/Security/SslState.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SslState.cs
@@ -133,11 +133,16 @@ internal void ValidateCreateContext(SslServerAuthenticationOptions sslServerAuth
                 throw new InvalidOperationException(SR.net_auth_client_server);
             }
 
-            if (sslServerAuthenticationOptions.ServerCertificate == null)
+            if (sslServerAuthenticationOptions.ServerCertificate == null && sslServerAuthenticationOptions._serverCertDelegate == null)
             {
                 throw new ArgumentNullException(nameof(sslServerAuthenticationOptions.ServerCertificate));
             }
 
+            if (sslServerAuthenticationOptions.ServerCertificate != null && sslServerAuthenticationOptions._serverCertDelegate != null)
+            {
+                throw new InvalidOperationException(SR.Format(SR.net_conflicting_options, nameof(ServerCertificateSelectionCallback)));
+            }
+
             _exception = null;
             try
             {
diff --git a/src/System.Net.Security/src/System/Net/Security/SslStream.cs b/src/System.Net.Security/src/System/Net/Security/SslStream.cs
index 71f9e0181bce..eb6563c0b19f 100644
--- a/src/System.Net.Security/src/System/Net/Security/SslStream.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SslStream.cs
@@ -31,9 +31,12 @@ public enum EncryptionPolicy
     // A user delegate used to select local SSL certificate.
     public delegate X509Certificate LocalCertificateSelectionCallback(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers);
 
+    public delegate X509Certificate ServerCertificateSelectionCallback(object sender, string hostName);
+
     // Internal versions of the above delegates.
     internal delegate bool RemoteCertValidationCallback(string host, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
     internal delegate X509Certificate LocalCertSelectionCallback(string targetHost, X509CertificateCollection localCertificates, X509Certificate2 remoteCertificate, string[] acceptableIssuers);
+    internal delegate X509Certificate ServerCertCallback(string hostName);
 
     public class SslStream : AuthenticatedStream
     {
@@ -42,6 +45,7 @@ public class SslStream : AuthenticatedStream
 
         internal RemoteCertificateValidationCallback _userCertificateValidationCallback;
         internal LocalCertificateSelectionCallback _userCertificateSelectionCallback;
+        internal ServerCertificateSelectionCallback _userServerCertificateSelectionCallback;
         internal RemoteCertValidationCallback _certValidationDelegate;
         internal LocalCertSelectionCallback _certSelectionDelegate;
         internal EncryptionPolicy _encryptionPolicy;
@@ -141,6 +145,17 @@ private X509Certificate UserCertSelectionCallbackWrapper(string targetHost, X509
             return _userCertificateSelectionCallback(this, targetHost, localCertificates, remoteCertificate, acceptableIssuers);
         }
 
+        private X509Certificate ServerCertSelectionCallbackWrapper(string targetHost)
+        {
+            return _userServerCertificateSelectionCallback(this, targetHost);
+        }
+
+        private void SetServerCertificateSelectionCallbackWrapper(SslServerAuthenticationOptions sslServerAuthenticationOptions)
+        {
+            _userServerCertificateSelectionCallback = sslServerAuthenticationOptions.ServerCertificateSelectionCallback;
+            sslServerAuthenticationOptions._serverCertDelegate = _userServerCertificateSelectionCallback == null ? null : new ServerCertCallback(ServerCertSelectionCallbackWrapper);
+        }
+
         //
         // Client side auth.
         //
@@ -236,6 +251,8 @@ private IAsyncResult BeginAuthenticateAsServer(SslServerAuthenticationOptions ss
             // Set the delegate on the options.
             sslServerAuthenticationOptions._certValidationDelegate = _certValidationDelegate;
 
+            SetServerCertificateSelectionCallbackWrapper(sslServerAuthenticationOptions);
+
             _sslState.ValidateCreateContext(sslServerAuthenticationOptions);
 
             LazyAsyncResult result = new LazyAsyncResult(_sslState, asyncState, asyncCallback);
diff --git a/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs b/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
index 399d1c37500f..dc7508affd0b 100644
--- a/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
@@ -10,6 +10,7 @@
 using System.Security.Authentication.ExtendedProtection;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
+using System.Text;
 using Microsoft.Win32.SafeHandles;
 
 namespace System.Net.Security
diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
new file mode 100644
index 000000000000..3f2b05cc4732
--- /dev/null
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
@@ -0,0 +1,124 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net.Sockets;
+using System.Net.Test.Common;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace System.Net.Security.Tests
+{
+    using Configuration = System.Net.Test.Common.Configuration;
+
+    public class SslStreamSNITest
+    {
+        private static IEnumerable<object[]> HostNameData()
+        {
+            yield return new object[] { "a" };
+            yield return new object[] { "test" };
+            yield return new object[] { new string('a', 100) };
+        }
+
+        [Theory]
+        [MemberData(nameof(HostNameData))]
+        public void SslStream_ClientSendsSNIServerReceives_Ok(string hostName)
+        {
+            X509Certificate serverCert = Configuration.Certificates.GetSelfSignedServerCertificate();
+
+            WithVirtualConnection((server, client) =>
+            {
+                Task clientJob = Task.Run(() => {
+                    client.AuthenticateAsClient(hostName);
+                });
+
+                SslServerAuthenticationOptions options = DefaultServerOptions();
+
+                int timesCallbackCalled = 0;
+                options.ServerCertificateSelectionCallback = (sender, actualHostName) =>
+                {
+                    timesCallbackCalled++;
+                    Assert.Equal(hostName, actualHostName);
+                    return serverCert;
+                };
+
+                var cts = new CancellationTokenSource();
+                server.AuthenticateAsServerAsync(options, cts.Token).Wait();
+
+                Assert.Equal(1, timesCallbackCalled);
+                clientJob.Wait();
+            },
+            (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
+                {
+                    Assert.Equal(serverCert, certificate);
+                    return true;
+                });
+        }
+
+        [Fact]
+        public void SslStream_UnknownHostName_Fails()
+        {
+            WithVirtualConnection((server, client) =>
+            {
+                Task clientJob = Task.Run(() => {
+                    Assert.Throws<VirtualNetwork.VirtualNetworkConnectionBroken>(()
+                        => client.AuthenticateAsClient("test"));
+                });
+
+                int timesCallbackCalled = 0;
+                SslServerAuthenticationOptions options = DefaultServerOptions();
+                options.ServerCertificateSelectionCallback = (sender, actualHostName) =>
+                {
+                    timesCallbackCalled++;
+                    return null;
+                };
+
+                var cts = new CancellationTokenSource();
+                Assert.ThrowsAsync<NotSupportedException>(async () => {
+                    await server.AuthenticateAsServerAsync(options, cts.Token);
+                }).Wait();
+
+                // to break connection so that client is not waiting
+                server.Dispose();
+
+                Assert.Equal(1, timesCallbackCalled);
+
+                clientJob.Wait();
+            },
+            (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
+            {
+                return true;
+            });
+        }
+
+        private static SslServerAuthenticationOptions DefaultServerOptions()
+        {
+            return new SslServerAuthenticationOptions()
+            {
+                ClientCertificateRequired = false,
+                EnabledSslProtocols = SslProtocols.Tls,
+                CertificateRevocationCheckMode = X509RevocationMode.NoCheck,
+            };
+        }
+
+        private void WithVirtualConnection(Action<SslStream, SslStream> serverClientConnection, RemoteCertificateValidationCallback clientCertValidate)
+        {
+            VirtualNetwork vn = new VirtualNetwork();
+            using (VirtualNetworkStream serverStream = new VirtualNetworkStream(vn, isServer: true),
+                                        clientStream = new VirtualNetworkStream(vn, isServer: false))
+            using (SslStream server = new SslStream(serverStream, leaveInnerStreamOpen: false),
+                             client = new SslStream(clientStream, leaveInnerStreamOpen: false, clientCertValidate))
+            {
+                serverClientConnection(server, client);
+            }
+        }
+    }
+}
diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamStreamToStreamTest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamStreamToStreamTest.cs
index ae608d302b0b..61da0d226e68 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SslStreamStreamToStreamTest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamStreamToStreamTest.cs
@@ -310,7 +310,11 @@ await serverSslStream.WriteAsync(new byte[] { 1 }, 0, 1)
         [Fact]
         public async Task SslStream_StreamToStream_Dispose_Throws()
         {
-            VirtualNetwork network = new VirtualNetwork();
+            VirtualNetwork network = new VirtualNetwork()
+            {
+                DisableConnectionBreaking = true
+            };
+
             using (var clientStream = new VirtualNetworkStream(network, isServer: false))
             using (var serverStream = new VirtualNetworkStream(network, isServer: true))
             using (var clientSslStream = new SslStream(clientStream, false, AllowAnyServerCertificate))
diff --git a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
index 8268fd077be5..f534789bc64e 100644
--- a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
+++ b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
@@ -36,6 +36,7 @@
     <Compile Include="ServerRequireEncryptionTest.cs" />
     <Compile Include="SslStreamStreamToStreamTest.cs" />
     <Compile Include="SslStreamNetworkStreamTest.cs" />
+    <Compile Include="SslStreamSNITest.cs" />
     <Compile Include="TransportContextTest.cs" />
     <!-- NegotiateStream Tests -->
     <Compile Include="NegotiateStreamStreamToStreamTest.cs" />

From baa3c5a4616e8cb18df36e2cf8dd67699e1c5ed6 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Mon, 26 Mar 2018 12:11:47 -0700
Subject: [PATCH 02/20] remove analyzerdata

---
 .../src/PinvokeAnalyzerExceptionList.analyzerdata                | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata

diff --git a/src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata b/src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata
deleted file mode 100644
index 623b2f899d99..000000000000
--- a/src/System.Net.Security/src/PinvokeAnalyzerExceptionList.analyzerdata
+++ /dev/null
@@ -1 +0,0 @@
-schannel.dll!SslGetServerIdentity

From d7d9c3c90834937301e063b36bbe33201bc18a24 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Mon, 26 Mar 2018 12:17:23 -0700
Subject: [PATCH 03/20] add braces around single line if statements and inline
 simple functions

---
 .../src/System/Net/Security/SNIHelper.cs      | 36 ++++++++++++++-----
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
index 1969fb2c4c62..868db38518a3 100644
--- a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
@@ -1,9 +1,9 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System.Runtime.CompilerServices;
 using System.Text;
-using System.Threading.Tasks;
 
 namespace System.Net.Security
 {
@@ -24,13 +24,17 @@ private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
         {
             // Is SSL 3 handshake? SSL 2 does not support extensions - skipping as well
             if (sslPlainText.Length < 5 || sslPlainText[0] != 0x16)
+            {
                 return null;
+            }
 
             ushort handshakeLength = ReadUint16(sslPlainText.Slice(3));
             ReadOnlySpan<byte> sslHandshake = sslPlainText.Slice(5);
 
             if (handshakeLength != sslHandshake.Length)
+            {
                 return null;
+            }
 
             return GetSniFromSslHandshake(sslHandshake);
         }
@@ -44,13 +48,17 @@ private static string GetSniFromSslHandshake(ReadOnlySpan<byte> sslHandshake)
         {
             // If not client hello then skip
             if (sslHandshake.Length < 4 || sslHandshake[0] != 0x01)
+            {
                 return null;
+            }
 
             int clientHelloLength = ReadUint24(sslHandshake.Slice(1));
             ReadOnlySpan<byte> clientHello = sslHandshake.Slice(4);
 
             if (clientHello.Length != clientHelloLength)
+            {
                 return null;
+            }
 
             return GetSniFromClientHello(clientHello);
         }
@@ -80,19 +88,25 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
 
             // is invalid structure or no extensions?
             if (p.IsEmpty)
+            {
                 return null;
+            }
 
             ushort extensionListLength = ReadUint16(p);
             p = SkipBytes(p, 2);
 
             if (extensionListLength != p.Length)
+            {
                 return null;
+            }
 
             while (!p.IsEmpty)
             {
                 string sni = GetSniFromExtension(p, out p);
                 if (sni != null)
+                {
                     return sni;
+                }
             }
 
             return null;
@@ -185,22 +199,22 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
             return Encoding.UTF8.GetString(hostName);
         }
 
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static ushort ReadUint16(ReadOnlySpan<byte> bytes)
         {
             return (ushort)((bytes[0] << 8) | bytes[1]);
         }
 
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static int ReadUint24(ReadOnlySpan<byte> bytes)
         {
             return (bytes[0] << 16) | (bytes[1] << 8) | bytes[2];
         }
 
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static ReadOnlySpan<byte> SkipBytes(ReadOnlySpan<byte> bytes, int numberOfBytesToSkip)
         {
-            if (numberOfBytesToSkip < bytes.Length)
-                return bytes.Slice(numberOfBytesToSkip);
-            else
-                return ReadOnlySpan<byte>.Empty;
+            return (numberOfBytesToSkip < bytes.Length) ? bytes.Slice(numberOfBytesToSkip) : ReadOnlySpan<byte>.Empty;
         }
 
         // Opaque type is of structure:
@@ -211,7 +225,9 @@ private static ReadOnlySpan<byte> SkipBytes(ReadOnlySpan<byte> bytes, int number
         private static ReadOnlySpan<byte> SkipOpaqueType1(ReadOnlySpan<byte> bytes)
         {
             if (bytes.Length < 1)
+            {
                 return ReadOnlySpan<byte>.Empty;
+            }
 
             byte length = bytes[0];
             int totalBytes = 1 + length;
@@ -222,7 +238,9 @@ private static ReadOnlySpan<byte> SkipOpaqueType1(ReadOnlySpan<byte> bytes)
         private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes)
         {
             if (bytes.Length < 2)
+            {
                 return ReadOnlySpan<byte>.Empty;
+            }
 
             ushort length = ReadUint16(bytes);
             int totalBytes = 2 + length;

From d056d547aca90655b02ee00e5e44540e25375127 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 13:28:47 -0700
Subject: [PATCH 04/20] fix deadlock on linux

---
 .../tests/FunctionalTests/SslStreamSNITest.cs | 23 +++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
index 3f2b05cc4732..5a2521d91eb8 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
@@ -25,7 +25,8 @@ private static IEnumerable<object[]> HostNameData()
         {
             yield return new object[] { "a" };
             yield return new object[] { "test" };
-            yield return new object[] { new string('a', 100) };
+            // max allowed hostname length is 63
+            yield return new object[] { new string('a', 63) };
         }
 
         [Theory]
@@ -82,9 +83,9 @@ public void SslStream_UnknownHostName_Fails()
                 };
 
                 var cts = new CancellationTokenSource();
-                Assert.ThrowsAsync<NotSupportedException>(async () => {
-                    await server.AuthenticateAsServerAsync(options, cts.Token);
-                }).Wait();
+                Assert.Throws<NotSupportedException>(WithAggregateExceptionUnwrapping(() =>
+                    server.AuthenticateAsServerAsync(options, cts.Token).Wait()
+                ));
 
                 // to break connection so that client is not waiting
                 server.Dispose();
@@ -99,6 +100,20 @@ public void SslStream_UnknownHostName_Fails()
             });
         }
 
+        private static Action WithAggregateExceptionUnwrapping(Action a)
+        {
+            return () => {
+                try
+                {
+                    a();
+                }
+                catch (AggregateException e)
+                {
+                    throw e.InnerException;
+                }
+            };
+        }
+
         private static SslServerAuthenticationOptions DefaultServerOptions()
         {
             return new SslServerAuthenticationOptions()

From 7d9395e5b7351e3e991af28744a904d60d1fde00 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 13:36:16 -0700
Subject: [PATCH 05/20] add test with special characters

---
 .../tests/FunctionalTests/SslStreamSNITest.cs                    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
index 5a2521d91eb8..c77b4e6015a4 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
@@ -27,6 +27,7 @@ private static IEnumerable<object[]> HostNameData()
             yield return new object[] { "test" };
             // max allowed hostname length is 63
             yield return new object[] { new string('a', 63) };
+            yield return new object[] { "\u017C\u00F3\u0142\u0107 g\u0119\u015Bl\u0105 ja\u017A\u0144. \u7EA2\u70E7. \u7167\u308A\u713C\u304D" };
         }
 
         [Theory]

From 7537db06387c7355282502313e2f8ac994e468c1 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 13:51:21 -0700
Subject: [PATCH 06/20] IDN decoding

---
 .../src/System/Net/Security/SNIHelper.cs      | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
index 868db38518a3..89cbbdbf96fe 100644
--- a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using System.Globalization;
 using System.Runtime.CompilerServices;
 using System.Text;
 
@@ -9,6 +10,8 @@ namespace System.Net.Security
 {
     internal class SNIHelper
     {
+        private static IdnMapping s_idnMapping = CreateIdnMapping();
+
         public static string GetServerName(byte[] clientHello)
         {
             return GetSniFromSslPlainText(clientHello);
@@ -196,7 +199,13 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
             ushort hostNameLength = ReadUint16(hostNameStruct);
             ReadOnlySpan<byte> hostName = hostNameStruct.Slice(2);
 
-            return Encoding.UTF8.GetString(hostName);
+            return DecodeString(hostName);
+        }
+
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        private static string DecodeString(ReadOnlySpan<byte> bytes)
+        {
+            return s_idnMapping.GetUnicode(Encoding.UTF8.GetString(bytes));
         }
 
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
@@ -247,5 +256,14 @@ private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes)
 
             return SkipBytes(bytes, totalBytes);
         }
+
+        private static IdnMapping CreateIdnMapping()
+        {
+            return new IdnMapping()
+            {
+                // Per spec "AllowUnassigned flag MUST be set". See comment above GetSniFromServerNameList for more details.
+                AllowUnassigned = true
+            };
+        }
     }
 }

From 1b8c11db4fad14392843b5566a14cbf6977b4ec6 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 14:21:38 -0700
Subject: [PATCH 07/20] idn unmapping (with fallback)

---
 .../src/System/Net/Security/SNIHelper.cs              | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
index 89cbbdbf96fe..6e4d2f3931ba 100644
--- a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
@@ -205,7 +205,16 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static string DecodeString(ReadOnlySpan<byte> bytes)
         {
-            return s_idnMapping.GetUnicode(Encoding.UTF8.GetString(bytes));
+            string idnEncodedString = Encoding.UTF8.GetString(bytes);
+            try
+            {
+                return s_idnMapping.GetUnicode(idnEncodedString);
+            }
+            catch (ArgumentException)
+            {
+                // client has not done IDN mapping
+                return idnEncodedString;
+            }
         }
 
         [MethodImpl(MethodImplOptions.AggressiveInlining)]

From df0bf87cb7c9d466307689a392b161192b27eb4f Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 14:38:03 -0700
Subject: [PATCH 08/20] apply feedback, fix netfx/uwp

---
 .../src/System/Net/Security/SNIHelper.cs      | 20 +++++++++----------
 .../src/System/Net/Security/SecureChannel.cs  |  6 +++++-
 .../Net/Security/SslStreamPal.Windows.cs      |  1 -
 .../tests/FunctionalTests/SslStreamSNITest.cs |  4 ++--
 .../System.Net.Security.Tests.csproj          |  4 ++--
 5 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
index 6e4d2f3931ba..e39c4782bae9 100644
--- a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
@@ -8,7 +8,7 @@
 
 namespace System.Net.Security
 {
-    internal class SNIHelper
+    internal class SniHelper
     {
         private static IdnMapping s_idnMapping = CreateIdnMapping();
 
@@ -31,7 +31,7 @@ private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
                 return null;
             }
 
-            ushort handshakeLength = ReadUint16(sslPlainText.Slice(3));
+            int handshakeLength = ReadUint16(sslPlainText.Slice(3));
             ReadOnlySpan<byte> sslHandshake = sslPlainText.Slice(5);
 
             if (handshakeLength != sslHandshake.Length)
@@ -95,7 +95,7 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
                 return null;
             }
 
-            ushort extensionListLength = ReadUint16(p);
+            int extensionListLength = ReadUint16(p);
             p = SkipBytes(p, 2);
 
             if (extensionListLength != p.Length)
@@ -127,7 +127,7 @@ private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out Read
                 return null;
             }
 
-            ushort extensionType = ReadUint16(extension);
+            int extensionType = ReadUint16(extension);
             ReadOnlySpan<byte> extensionData = extension.Slice(2);
 
             if (extensionType == 0x00)
@@ -169,7 +169,7 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
                 return null;
             }
 
-            ushort serverNameListLength = ReadUint16(serverNameListExtension);
+            int serverNameListLength = ReadUint16(serverNameListExtension);
             ReadOnlySpan<byte> serverNameList = serverNameListExtension.Slice(2);
 
             if (serverNameListLength > serverNameList.Length)
@@ -196,7 +196,7 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
                 return null;
             }
 
-            ushort hostNameLength = ReadUint16(hostNameStruct);
+            int hostNameLength = ReadUint16(hostNameStruct);
             ReadOnlySpan<byte> hostName = hostNameStruct.Slice(2);
 
             return DecodeString(hostName);
@@ -218,9 +218,9 @@ private static string DecodeString(ReadOnlySpan<byte> bytes)
         }
 
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
-        private static ushort ReadUint16(ReadOnlySpan<byte> bytes)
+        private static int ReadUint16(ReadOnlySpan<byte> bytes)
         {
-            return (ushort)((bytes[0] << 8) | bytes[1]);
+            return (bytes[0] << 8) | bytes[1];
         }
 
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
@@ -238,7 +238,7 @@ private static ReadOnlySpan<byte> SkipBytes(ReadOnlySpan<byte> bytes, int number
         // Opaque type is of structure:
         //   - length (minimum number of bytes to hold the max value)
         //   - data (length bytes)
-        // We will only use opaque bytes which are of max size: 255 (length = 1) or 2^16-1 (length = 2).
+        // We will only use opaque types which are of max size: 255 (length = 1) or 2^16-1 (length = 2).
         // We will call them SkipOpaqueType`length`
         private static ReadOnlySpan<byte> SkipOpaqueType1(ReadOnlySpan<byte> bytes)
         {
@@ -260,7 +260,7 @@ private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes)
                 return ReadOnlySpan<byte>.Empty;
             }
 
-            ushort length = ReadUint16(bytes);
+            int length = ReadUint16(bytes);
             int totalBytes = 2 + length;
 
             return SkipBytes(bytes, totalBytes);
diff --git a/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs b/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs
index 78d8d82f4a34..a9ddc3439d51 100644
--- a/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SecureChannel.cs
@@ -634,9 +634,13 @@ private bool AcquireServerCredentials(ref byte[] thumbPrint, byte[] clientHello)
 
             if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null)
             {
-                string serverIdentity = SNIHelper.GetServerName(clientHello);
+                string serverIdentity = SniHelper.GetServerName(clientHello);
                 localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(serverIdentity);
 
+                if (localCertificate == null)
+                {
+                    throw new AuthenticationException(SR.net_ssl_io_no_server_cert);
+                }
             }
             // This probably never gets called as this is a client options delegate
             else if (_sslAuthenticationOptions.CertSelectionDelegate != null)
diff --git a/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs b/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
index dc7508affd0b..399d1c37500f 100644
--- a/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
@@ -10,7 +10,6 @@
 using System.Security.Authentication.ExtendedProtection;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
-using System.Text;
 using Microsoft.Win32.SafeHandles;
 
 namespace System.Net.Security
diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
index c77b4e6015a4..8767edec077f 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
@@ -19,7 +19,7 @@ namespace System.Net.Security.Tests
 {
     using Configuration = System.Net.Test.Common.Configuration;
 
-    public class SslStreamSNITest
+    public class SslStreamSniTest
     {
         private static IEnumerable<object[]> HostNameData()
         {
@@ -66,7 +66,7 @@ public void SslStream_ClientSendsSNIServerReceives_Ok(string hostName)
         }
 
         [Fact]
-        public void SslStream_UnknownHostName_Fails()
+        public void SslStream_NoSniFromClient_CallbackReturnsNull()
         {
             WithVirtualConnection((server, client) =>
             {
diff --git a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
index f534789bc64e..7451024a8ab8 100644
--- a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
+++ b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
@@ -36,7 +36,6 @@
     <Compile Include="ServerRequireEncryptionTest.cs" />
     <Compile Include="SslStreamStreamToStreamTest.cs" />
     <Compile Include="SslStreamNetworkStreamTest.cs" />
-    <Compile Include="SslStreamSNITest.cs" />
     <Compile Include="TransportContextTest.cs" />
     <!-- NegotiateStream Tests -->
     <Compile Include="NegotiateStreamStreamToStreamTest.cs" />
@@ -95,6 +94,7 @@
     <Compile Include="SslStreamAlertsTest.cs" />
     <Compile Include="SslStreamAllowRenegotiationTests.cs" />
     <Compile Include="SslStreamAlpnTests.cs" />
+    <Compile Include="SslStreamSNITest.cs" />
     <Compile Include="SslStreamEKUTest.cs" />
     <Compile Include="SslStreamSchSendAuxRecordTest.cs" />
     <Compile Include="SslStreamCredentialCacheTest.cs" />
@@ -160,4 +160,4 @@
     <Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" />
   </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
-</Project>
\ No newline at end of file
+</Project>

From 353bf995dc1b46b01b7405ee117afeae0b09a8c0 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 14:41:32 -0700
Subject: [PATCH 09/20] rename the SNIHelper to SniHelper

---
 .../src/System/Net/Security/{SNIHelper.cs => SniHelper.cs}        | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/System.Net.Security/src/System/Net/Security/{SNIHelper.cs => SniHelper.cs} (100%)

diff --git a/src/System.Net.Security/src/System/Net/Security/SNIHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
similarity index 100%
rename from src/System.Net.Security/src/System/Net/Security/SNIHelper.cs
rename to src/System.Net.Security/src/System/Net/Security/SniHelper.cs

From 4b634607f940aeebd112e75cbfceaca3665367d0 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 14:43:19 -0700
Subject: [PATCH 10/20] rename test file as well (git does not like renames on
 windows)

---
 .../FunctionalTests/{SslStreamSNITest.cs => SslStreamSniTest.cs}  | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/System.Net.Security/tests/FunctionalTests/{SslStreamSNITest.cs => SslStreamSniTest.cs} (100%)

diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
similarity index 100%
rename from src/System.Net.Security/tests/FunctionalTests/SslStreamSNITest.cs
rename to src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs

From bd9287320fafdef8d0d53223e2bd764c92f64513 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 15:01:26 -0700
Subject: [PATCH 11/20] change file casing in csproj

---
 src/System.Net.Security/src/System.Net.Security.csproj        | 2 +-
 .../tests/FunctionalTests/System.Net.Security.Tests.csproj    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/System.Net.Security/src/System.Net.Security.csproj b/src/System.Net.Security/src/System.Net.Security.csproj
index b0b447564dba..e9a5737afe63 100644
--- a/src/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/System.Net.Security/src/System.Net.Security.csproj
@@ -23,7 +23,7 @@
     <Compile Include="System\Net\FixedSizeReader.cs" />
     <Compile Include="System\Net\HelperAsyncResults.cs" />
     <Compile Include="System\Net\Logging\NetEventSource.cs" />
-    <Compile Include="System\Net\Security\SNIHelper.cs" />
+    <Compile Include="System\Net\Security\SniHelper.cs" />
     <Compile Include="System\Net\Security\SslApplicationProtocol.cs" />
     <Compile Include="System\Net\Security\SslAuthenticationOptions.cs" />
     <Compile Include="System\Net\Security\SslClientAuthenticationOptions.cs" />
diff --git a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
index 7451024a8ab8..997ab74daafe 100644
--- a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
+++ b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
@@ -94,7 +94,7 @@
     <Compile Include="SslStreamAlertsTest.cs" />
     <Compile Include="SslStreamAllowRenegotiationTests.cs" />
     <Compile Include="SslStreamAlpnTests.cs" />
-    <Compile Include="SslStreamSNITest.cs" />
+    <Compile Include="SslStreamSniTest.cs" />
     <Compile Include="SslStreamEKUTest.cs" />
     <Compile Include="SslStreamSchSendAuxRecordTest.cs" />
     <Compile Include="SslStreamCredentialCacheTest.cs" />
@@ -160,4 +160,4 @@
     <Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" />
   </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
-</Project>
+</Project>
\ No newline at end of file

From 705e95f02d179cccc6a290e5cf9f05fbd9873ed3 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Tue, 27 Mar 2018 16:02:38 -0700
Subject: [PATCH 12/20] test should expect AuthenticationException

---
 .../tests/FunctionalTests/SslStreamSniTest.cs                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
index 8767edec077f..3f084b604939 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
@@ -84,7 +84,7 @@ public void SslStream_NoSniFromClient_CallbackReturnsNull()
                 };
 
                 var cts = new CancellationTokenSource();
-                Assert.Throws<NotSupportedException>(WithAggregateExceptionUnwrapping(() =>
+                Assert.Throws<AuthenticationException>(WithAggregateExceptionUnwrapping(() =>
                     server.AuthenticateAsServerAsync(options, cts.Token).Wait()
                 ));
 

From c2e31f923d4ab1eed34c2a697bd6507b1479d468 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Wed, 28 Mar 2018 14:44:32 -0700
Subject: [PATCH 13/20] add SniHelper tests

---
 .../src/System/Net/Security/SniHelper.cs      |   54 +-
 .../tests/FunctionalTests/SniHelperTest.cs    | 3541 +++++++++++++++++
 .../tests/FunctionalTests/SslStreamSniTest.cs |   23 +-
 .../System.Net.Security.Tests.csproj          |    4 +
 4 files changed, 3598 insertions(+), 24 deletions(-)
 create mode 100644 src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs

diff --git a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
index e39c4782bae9..ff0431a86600 100644
--- a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using System.Diagnostics;
 using System.Globalization;
 using System.Runtime.CompilerServices;
 using System.Text;
@@ -84,7 +85,7 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
             p = SkipOpaqueType1(p);
 
             // Skip cipher suites
-            p = SkipOpaqueType2(p);
+            p = SkipOpaqueType2(p, out _);
 
             // Skip compression methods
             p = SkipOpaqueType1(p);
@@ -103,27 +104,41 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
                 return null;
             }
 
+            string ret = null;
             while (!p.IsEmpty)
             {
-                string sni = GetSniFromExtension(p, out p);
+                bool invalid;
+                string sni = GetSniFromExtension(p, out p, out invalid);
+                if (invalid)
+                {
+                    return null;
+                }
+
+                if (ret != null && sni != null)
+                {
+                    Debug.Assert(false, "More than 1 name found.");
+                    return null;
+                }
+
                 if (sni != null)
                 {
-                    return sni;
+                    ret = sni;
                 }
             }
 
-            return null;
+            return ret;
         }
 
         // 2.3. https://www.ietf.org/rfc/rfc3546.txt
         // Extension structure:
         //   - ExtensionType extension_type (2 bytes) => 0x00 is server_name
         //   - opaque extension_data
-        private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out ReadOnlySpan<byte> remainingBytes)
+        private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out ReadOnlySpan<byte> remainingBytes, out bool invalid)
         {
             if (extension.Length < 2)
             {
                 remainingBytes = ReadOnlySpan<byte>.Empty;
+                invalid = true;
                 return null;
             }
 
@@ -132,11 +147,11 @@ private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out Read
 
             if (extensionType == 0x00)
             {
-                return GetSniFromServerNameList(extensionData, out remainingBytes);
+                return GetSniFromServerNameList(extensionData, out remainingBytes, out invalid);
             }
             else
             {
-                remainingBytes = SkipOpaqueType2(extensionData);
+                remainingBytes = SkipOpaqueType2(extensionData, out invalid);
                 return null;
             }
         }
@@ -161,11 +176,12 @@ private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out Read
         //   the server only needs to match the HostName against names containing
         //   exclusively ASCII characters, it MUST compare ASCII names case-
         //   insensitively.
-        private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameListExtension, out ReadOnlySpan<byte> remainingBytes)
+        private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameListExtension, out ReadOnlySpan<byte> remainingBytes, out bool invalid)
         {
             if (serverNameListExtension.Length < 2)
             {
                 remainingBytes = ReadOnlySpan<byte>.Empty;
+                invalid = true;
                 return null;
             }
 
@@ -175,6 +191,7 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
             if (serverNameListLength > serverNameList.Length)
             {
                 remainingBytes = ReadOnlySpan<byte>.Empty;
+                invalid = true;
                 return null;
             }
 
@@ -183,6 +200,7 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
 
             if (serverName.Length < 3)
             {
+                invalid = true;
                 return null;
             }
 
@@ -193,12 +211,19 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
 
             if (hostNameStructLength != hostNameStruct.Length || hostNameType != 0x00)
             {
+                invalid = true;
                 return null;
             }
 
             int hostNameLength = ReadUint16(hostNameStruct);
             ReadOnlySpan<byte> hostName = hostNameStruct.Slice(2);
+            if (hostNameLength != hostName.Length)
+            {
+                invalid = true;
+                return null;
+            }
 
+            invalid = false;
             return DecodeString(hostName);
         }
 
@@ -253,17 +278,26 @@ private static ReadOnlySpan<byte> SkipOpaqueType1(ReadOnlySpan<byte> bytes)
             return SkipBytes(bytes, totalBytes);
         }
 
-        private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes)
+        private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes, out bool invalid)
         {
             if (bytes.Length < 2)
             {
+                invalid = true;
                 return ReadOnlySpan<byte>.Empty;
             }
 
             int length = ReadUint16(bytes);
             int totalBytes = 2 + length;
 
-            return SkipBytes(bytes, totalBytes);
+            invalid = bytes.Length < totalBytes;
+            if (invalid)
+            {
+                return ReadOnlySpan<byte>.Empty;
+            }
+            else
+            {
+                return bytes.Slice(totalBytes);
+            }
         }
 
         private static IdnMapping CreateIdnMapping()
diff --git a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
new file mode 100644
index 000000000000..e47ac18578a9
--- /dev/null
+++ b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
@@ -0,0 +1,3541 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System.Collections.Generic;
+using Xunit;
+
+namespace System.Net.Security.Tests
+{
+    public class SniHelperTest
+    {
+        [Theory]
+        [MemberData(nameof(InvalidClientHelloData))]
+        public void SniHelper_InvalidData_Fails(int id, byte[] clientHello)
+        {
+            InvalidClientHello(clientHello, id, shouldPass: false);
+        }
+
+        [Fact]
+        public void SniHelper_ValidData_Ok()
+        {
+            InvalidClientHello(s_validClientHello, -1, shouldPass: true);
+        }
+
+        private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
+        {
+            string ret = SniHelper.GetServerName(clientHello);
+            if (shouldPass)
+                Assert.NotNull(ret);
+            else
+                Assert.Null(ret);
+        }
+
+
+        private static byte[] s_validClientHello = new byte[] {
+            // SslPlainText.(ContentType+ProtocolVersion)
+            0x16, 0x03, 0x03,
+            // SslPlainText.length
+            0x00, 0xFB,
+            // Handshake.msg_type (client hello)
+            0x01,
+            // Handshake.length
+            0x00, 0x00, 0xF7,
+            // ClientHello.client_version
+            0x03, 0x03,
+            // ClientHello.random
+            0xEB, 0xD8, 0xD1, 0x29, 0xAB,
+            0x41, 0x81, 0x55, 0x82, 0xB5,
+            0xD0, 0xDB, 0x46, 0xAC, 0xBB,
+            0x0C, 0xF9, 0x4F, 0x99, 0x4D,
+            0xB2, 0x1C, 0x62, 0x4D, 0xBA,
+            0xEE, 0xE7, 0x13, 0xF7, 0x21,
+            0xAD, 0xEB,
+            // ClientHello.SessionId
+            0x00,
+            // ClientHello.cipher_suites
+            0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+            0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+            0x00, 0x9F, 0x00, 0x9E, 0xC0,
+            0x24, 0xC0, 0x23, 0xC0, 0x28,
+            0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+            0x09, 0xC0, 0x14, 0xC0, 0x13,
+            0x00, 0x9D, 0x00, 0x9C, 0x00,
+            0x3D, 0x00, 0x3C, 0x00, 0x35,
+            0x00, 0x2F, 0x00, 0x0A,
+            // ClientHello.compression_methods
+            0x01, 0x01,
+            // ClientHello.extension_list_length
+            0x00, 0xA4,
+            // Extension.extension_type (server_name)
+            0x00, 0x00,
+            // ServerNameListExtension.length
+            0x00, 0x69,
+            // ServerName.length
+            0x00, 0x67,
+            // ServerName.type
+            0x00,
+            // HostName.length
+            0x00, 0x64,
+            // HostName.bytes
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61, 0x61, 0x61, 0x61,
+            // Extension.extension_type (00 0A)
+            0x00, 0x0A,
+            // Extension 0A
+            0x00, 0x08, 0x00, 0x06, 0x00,
+            0x1D, 0x00, 0x17, 0x00, 0x18,
+            // Extension.extension_type (00 0B)
+            0x00, 0x0B,
+            // Extension 0B
+            0x00, 0x02, 0x01, 0x00,
+            // Extension.extension_type (00 0D)
+            0x00, 0x0D,
+            // Extension 0D
+            0x00, 0x14, 0x00, 0x12, 0x04,
+            0x01, 0x05, 0x01, 0x02, 0x01,
+            0x04, 0x03, 0x05, 0x03, 0x02,
+            0x03, 0x02, 0x02, 0x06, 0x01,
+            0x06, 0x03,
+            // Extension.extension_type (00 23)
+            0x00, 0x23,
+            // Extension 00 23
+            0x00, 0x00,
+            // Extension.extension_type (00 17)
+            0x00, 0x17,
+            // Extension 17
+            0x00, 0x00,
+            // Extension.extension_type (FF 01)
+            0xFF, 0x01,
+            // Extension FF01
+            0x00, 0x01, 0x00
+        };
+
+        private static IEnumerable<object[]> InvalidClientHelloData()
+        {
+            // This test covers following test cases:
+            // - Length of structure off by 1 (search for "length off by 1")
+            // - Length of structure is max length (search for "max length")
+            // - Type is invalid or unknown (i.e. SslPlainText.ClientType is not 0x16 - search for "unknown")
+            // in each case sni will be null or will cause parsing error - we only expect some parsing errors,
+            // anything else is considered a bug
+            yield return new object[] {
+                1,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01 - length off by 1
+                    0x00, 0x02, 0x00
+                }
+            };
+
+            yield return new object[] {
+                2,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01 - max length
+                    0xFF, 0xFF, 0x00
+                }
+            };
+
+            yield return new object[] {
+                3,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17 - length off by 1
+                    0x00, 0x01,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                4,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17 - max length
+                    0xFF, 0xFF,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                5,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23 - length off by 1
+                    0x00, 0x01,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                6,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23 - max length
+                    0xFF, 0xFF,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                7,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D - length off by 1
+                    0x00, 0x15, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                8,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D - max length
+                    0xFF, 0xFF, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                9,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B - length off by 1
+                    0x00, 0x03, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                10,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B - max length
+                    0xFF, 0xFF, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                11,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A - length off by 1
+                    0x00, 0x09, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                12,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A - max length
+                    0xFF, 0xFF, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                13,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length - length off by 1
+                    0x00, 0x65,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                14,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length - max length
+                    0xFF, 0xFF,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                15,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type - unknown
+                    0x01,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                16,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length - length off by 1
+                    0x00, 0x68,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                17,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length - max length
+                    0xFF, 0xFF,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                18,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length - length off by 1
+                    0x00, 0x6A,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                19,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length - max length
+                    0xFF, 0xFF,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                20,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name) - unknown
+                    0x01, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                21,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length - length off by 1
+                    0x00, 0xA5,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                22,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length - max length
+                    0xFF, 0xFF,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                23,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods - length off by 1
+                    0x02, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                24,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods - max length
+                    0xFF, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                25,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites - length off by 1
+                    0x00, 0x2B, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                26,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites - max length
+                    0xFF, 0xFF, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                27,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId - length off by 1
+                    0x01,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                28,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId - max length
+                    0xFF,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                29,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length - length off by 1
+                    0x00, 0x00, 0xF8,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                30,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length - max length
+                    0xFF, 0xFF, 0xFF,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                31,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello) - unknown
+                    0x00,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                32,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length - length off by 1
+                    0x00, 0xFC,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                33,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion)
+                    0x16, 0x03, 0x03,
+                    // SslPlainText.length - max length
+                    0xFF, 0xFF,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+
+            yield return new object[] {
+                34,
+                new byte[] {
+                    // SslPlainText.(ContentType+ProtocolVersion) - unknown
+                    0x01, 0x03, 0x04,
+                    // SslPlainText.length
+                    0x00, 0xFB,
+                    // Handshake.msg_type (client hello)
+                    0x01,
+                    // Handshake.length
+                    0x00, 0x00, 0xF7,
+                    // ClientHello.client_version
+                    0x03, 0x03,
+                    // ClientHello.random
+                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
+                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
+                    0x02, 0x13, 0xBD, 0x93, 0xC9,
+                    0x91, 0xD8, 0x61, 0x21, 0xB7,
+                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
+                    0x15, 0xB8, 0x49, 0x51, 0x9C,
+                    0xA5, 0x6C,
+                    // ClientHello.SessionId
+                    0x00,
+                    // ClientHello.cipher_suites
+                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                    0x24, 0xC0, 0x23, 0xC0, 0x28,
+                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                    0x09, 0xC0, 0x14, 0xC0, 0x13,
+                    0x00, 0x9D, 0x00, 0x9C, 0x00,
+                    0x3D, 0x00, 0x3C, 0x00, 0x35,
+                    0x00, 0x2F, 0x00, 0x0A,
+                    // ClientHello.compression_methods
+                    0x01, 0x01,
+                    // ClientHello.extension_list_length
+                    0x00, 0xA4,
+                    // Extension.extension_type (server_name)
+                    0x00, 0x00,
+                    // ServerNameListExtension.length
+                    0x00, 0x69,
+                    // ServerName.length
+                    0x00, 0x67,
+                    // ServerName.type
+                    0x00,
+                    // HostName.length
+                    0x00, 0x64,
+                    // HostName.bytes
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    // Extension.extension_type (00 0A)
+                    0x00, 0x0A,
+                    // Extension 0A
+                    0x00, 0x08, 0x00, 0x06, 0x00,
+                    0x1D, 0x00, 0x17, 0x00, 0x18,
+                    // Extension.extension_type (00 0B)
+                    0x00, 0x0B,
+                    // Extension 0B
+                    0x00, 0x02, 0x01, 0x00,
+                    // Extension.extension_type (00 0D)
+                    0x00, 0x0D,
+                    // Extension 0D
+                    0x00, 0x14, 0x00, 0x12, 0x04,
+                    0x01, 0x05, 0x01, 0x02, 0x01,
+                    0x04, 0x03, 0x05, 0x03, 0x02,
+                    0x03, 0x02, 0x02, 0x06, 0x01,
+                    0x06, 0x03,
+                    // Extension.extension_type (00 23)
+                    0x00, 0x23,
+                    // Extension 00 23
+                    0x00, 0x00,
+                    // Extension.extension_type (00 17)
+                    0x00, 0x17,
+                    // Extension 17
+                    0x00, 0x00,
+                    // Extension.extension_type (FF 01)
+                    0xFF, 0x01,
+                    // Extension FF01
+                    0x00, 0x01, 0x00
+                }
+            };
+        }
+    }
+}
diff --git a/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs b/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
index 3f084b604939..55cf3e948330 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs
@@ -2,15 +2,10 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-using System;
 using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Net.Sockets;
 using System.Net.Test.Common;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
-using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Xunit;
@@ -21,15 +16,6 @@ namespace System.Net.Security.Tests
 
     public class SslStreamSniTest
     {
-        private static IEnumerable<object[]> HostNameData()
-        {
-            yield return new object[] { "a" };
-            yield return new object[] { "test" };
-            // max allowed hostname length is 63
-            yield return new object[] { new string('a', 63) };
-            yield return new object[] { "\u017C\u00F3\u0142\u0107 g\u0119\u015Bl\u0105 ja\u017A\u0144. \u7EA2\u70E7. \u7167\u308A\u713C\u304D" };
-        }
-
         [Theory]
         [MemberData(nameof(HostNameData))]
         public void SslStream_ClientSendsSNIServerReceives_Ok(string hostName)
@@ -136,5 +122,14 @@ private void WithVirtualConnection(Action<SslStream, SslStream> serverClientConn
                 serverClientConnection(server, client);
             }
         }
+
+        private static IEnumerable<object[]> HostNameData()
+        {
+            yield return new object[] { "a" };
+            yield return new object[] { "test" };
+            // max allowed hostname length is 63
+            yield return new object[] { new string('a', 63) };
+            yield return new object[] { "\u017C\u00F3\u0142\u0107 g\u0119\u015Bl\u0105 ja\u017A\u0144. \u7EA2\u70E7. \u7167\u308A\u713C\u304D" };
+        }
     }
 }
diff --git a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
index 997ab74daafe..750c22dbbfcc 100644
--- a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
+++ b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
@@ -22,8 +22,12 @@
   <ItemGroup>
     <Compile Include="NotifyReadVirtualNetworkStream.cs" />
     <Compile Include="DummyTcpServer.cs" />
+    <Compile Include="SniHelperTest.cs" />
     <Compile Include="TestConfiguration.cs" />
     <!-- SslStream Tests -->
+    <Compile Include="..\..\src\System\Net\Security\SniHelper.cs">
+      <Link>src\SniHelper.cs</Link>
+    </Compile>
     <Compile Include="CertificateChainValidation.cs" />
     <Compile Include="CertificateValidationClientServer.cs" />
     <Compile Include="CertificateValidationRemoteServer.cs" />

From 16015e0580f53b1b5befb07f32da714e74d7cac7 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Wed, 28 Mar 2018 17:32:37 -0700
Subject: [PATCH 14/20] apply review feedback

---
 .../src/System/Net/Security/SniHelper.cs      | 197 ++++++++++--------
 .../System.Net.Security.Tests.csproj          |  10 +-
 2 files changed, 116 insertions(+), 91 deletions(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
index ff0431a86600..849a3d2d6ee8 100644
--- a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
@@ -2,15 +2,18 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using System.Buffers.Binary;
 using System.Diagnostics;
 using System.Globalization;
-using System.Runtime.CompilerServices;
 using System.Text;
 
 namespace System.Net.Security
 {
     internal class SniHelper
     {
+        private const int ProtocolVersionSize = 2;
+        private const int UInt24Size = 3;
+        private const int RandomSize = 32;
         private static IdnMapping s_idnMapping = CreateIdnMapping();
 
         public static string GetServerName(byte[] clientHello)
@@ -18,22 +21,24 @@ public static string GetServerName(byte[] clientHello)
             return GetSniFromSslPlainText(clientHello);
         }
 
-        // https://tools.ietf.org/html/rfc6101#section-5.2.1
-        // SSLPlainText structure:
-        //   - ContentType (1 byte) => 0x16 is handshake
-        //   - ProtocolVersion version (2 bytes)
-        //   - uint16 length
-        //   - opaque fragment[SSLPlaintext.length]
         private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
         {
-            // Is SSL 3 handshake? SSL 2 does not support extensions - skipping as well
-            if (sslPlainText.Length < 5 || sslPlainText[0] != 0x16)
+            // https://tools.ietf.org/html/rfc6101#section-5.2.1
+            const int ContentTypeOffset = 0;
+            const int ProtocolVersionOffset = ContentTypeOffset + sizeof(ContentType);
+            const int LengthOffset = ProtocolVersionOffset + ProtocolVersionSize;
+            const int HandshakeOffset = LengthOffset + sizeof(ushort);
+
+            // SSL v2's ContentType has 0x80 bit set.
+            // We do not care about SSL v2 here because it does not support client hello extensions
+            if (sslPlainText.Length < HandshakeOffset || (ContentType)sslPlainText[ContentTypeOffset] != ContentType.Handshake)
             {
                 return null;
             }
 
-            int handshakeLength = ReadUint16(sslPlainText.Slice(3));
-            ReadOnlySpan<byte> sslHandshake = sslPlainText.Slice(5);
+            // Skip ContentType and ProtocolVersion
+            int handshakeLength = BinaryPrimitives.ReadUInt16BigEndian(sslPlainText.Slice(LengthOffset));
+            ReadOnlySpan<byte> sslHandshake = sslPlainText.Slice(HandshakeOffset);
 
             if (handshakeLength != sslHandshake.Length)
             {
@@ -43,21 +48,20 @@ private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
             return GetSniFromSslHandshake(sslHandshake);
         }
 
-        // https://tools.ietf.org/html/rfc6101#section-5.6
-        // Handshake structure:
-        //   - HandshakeType msg_type (1 bytes) => 0x01 is client_hello
-        //   - uint24 length
-        //   - <msg_type> body
         private static string GetSniFromSslHandshake(ReadOnlySpan<byte> sslHandshake)
         {
-            // If not client hello then skip
-            if (sslHandshake.Length < 4 || sslHandshake[0] != 0x01)
+            // https://tools.ietf.org/html/rfc6101#section-5.6
+            const int HandshakeTypeOffset = 0;
+            const int ClientHelloLengthOffset = HandshakeTypeOffset + sizeof(HandshakeType);
+            const int ClientHelloOffset = ClientHelloLengthOffset + UInt24Size;
+
+            if (sslHandshake.Length < ClientHelloOffset || (HandshakeType)sslHandshake[HandshakeTypeOffset] != HandshakeType.ClientHello)
             {
                 return null;
             }
 
-            int clientHelloLength = ReadUint24(sslHandshake.Slice(1));
-            ReadOnlySpan<byte> clientHello = sslHandshake.Slice(4);
+            int clientHelloLength = ReadUInt24BigEndian(sslHandshake.Slice(ClientHelloLengthOffset));
+            ReadOnlySpan<byte> clientHello = sslHandshake.Slice(ClientHelloOffset);
 
             if (clientHello.Length != clientHelloLength)
             {
@@ -67,27 +71,20 @@ private static string GetSniFromSslHandshake(ReadOnlySpan<byte> sslHandshake)
             return GetSniFromClientHello(clientHello);
         }
 
-        // 5.6.1.2. https://tools.ietf.org/html/rfc6101#section-5.6.1 - describes basic structure
-        // 2.1. https://www.ietf.org/rfc/rfc3546.txt - describes extended structure
-        // ClientHello structure:
-        //   - ProtocolVersion client_version (2 bytes)
-        //   - Random random (32 bytes => 4 bytes GMT unix timestamp + 28 bytes of random bytes)
-        //   - SessionID session_id (opaque type of max size 32 => size fits in 1 byte)
-        //   - CipherSuite cipher_suites (opaque type of max size 2^16-1 => size fits in 2 bytes)
-        //   - CompressionMethod compression_methods (opaque type of max size 2^8-1 => size fits in 1 byte)
-        //   - Extension client_hello_extension_list (opaque type of max size 2^16-1 => size fits in 2 bytes)
         private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
         {
-            // Skip ProtocolVersion and Random
-            ReadOnlySpan<byte> p = SkipBytes(clientHello, 34);
+            // Basic structure: https://tools.ietf.org/html/rfc6101#section-5.6.1.2
+            // Extended structure: https://tools.ietf.org/html/rfc3546#section-2.1
+
+            ReadOnlySpan<byte> p = SkipBytes(clientHello, ProtocolVersionSize + RandomSize);
 
-            // Skip SessionID
+            // Skip SessionID (max size 32 => size fits in 1 byte)
             p = SkipOpaqueType1(p);
 
-            // Skip cipher suites
+            // Skip cipher suites (max size 2^16-1 => size fits in 2 bytes)
             p = SkipOpaqueType2(p, out _);
 
-            // Skip compression methods
+            // Skip compression methods (max size 2^8-1 => size fits in 1 byte)
             p = SkipOpaqueType1(p);
 
             // is invalid structure or no extensions?
@@ -96,8 +93,9 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
                 return null;
             }
 
-            int extensionListLength = ReadUint16(p);
-            p = SkipBytes(p, 2);
+            // client_hello_extension_list (max size 2^16-1 => size fits in 2 bytes)
+            int extensionListLength = BinaryPrimitives.ReadUInt16BigEndian(p);
+            p = SkipBytes(p, sizeof(ushort));
 
             if (extensionListLength != p.Length)
             {
@@ -129,23 +127,22 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
             return ret;
         }
 
-        // 2.3. https://www.ietf.org/rfc/rfc3546.txt
-        // Extension structure:
-        //   - ExtensionType extension_type (2 bytes) => 0x00 is server_name
-        //   - opaque extension_data
         private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out ReadOnlySpan<byte> remainingBytes, out bool invalid)
         {
-            if (extension.Length < 2)
+            // https://tools.ietf.org/html/rfc3546#section-2.3
+            const int ExtensionDataOffset = sizeof(ExtensionType);
+
+            if (extension.Length < ExtensionDataOffset)
             {
                 remainingBytes = ReadOnlySpan<byte>.Empty;
                 invalid = true;
                 return null;
             }
 
-            int extensionType = ReadUint16(extension);
-            ReadOnlySpan<byte> extensionData = extension.Slice(2);
+            ExtensionType extensionType = (ExtensionType)BinaryPrimitives.ReadUInt16BigEndian(extension);
+            ReadOnlySpan<byte> extensionData = extension.Slice(ExtensionDataOffset);
 
-            if (extensionType == 0x00)
+            if (extensionType == ExtensionType.ServerName)
             {
                 return GetSniFromServerNameList(extensionData, out remainingBytes, out invalid);
             }
@@ -156,37 +153,20 @@ private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out Read
             }
         }
 
-        // 3.1. https://www.ietf.org/rfc/rfc3546.txt
-        // ServerNameList structure:
-        //   - ServerName server_name_list<1..2^16-1>
-        // ServerName structure:
-        //   - NameType name_type (1 byte) => 0x00 is host_name
-        //   - opaque HostName
-        // Per spec:
-        //   If the hostname labels contain only US-ASCII characters, then the
-        //   client MUST ensure that labels are separated only by the byte 0x2E,
-        //   representing the dot character U+002E (requirement 1 in section 3.1
-        //   of [IDNA] notwithstanding). If the server needs to match the HostName
-        //   against names that contain non-US-ASCII characters, it MUST perform
-        //   the conversion operation described in section 4 of [IDNA], treating
-        //   the HostName as a "query string" (i.e. the AllowUnassigned flag MUST
-        //   be set). Note that IDNA allows labels to be separated by any of the
-        //   Unicode characters U+002E, U+3002, U+FF0E, and U+FF61, therefore
-        //   servers MUST accept any of these characters as a label separator.  If
-        //   the server only needs to match the HostName against names containing
-        //   exclusively ASCII characters, it MUST compare ASCII names case-
-        //   insensitively.
         private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameListExtension, out ReadOnlySpan<byte> remainingBytes, out bool invalid)
         {
-            if (serverNameListExtension.Length < 2)
+            // https://tools.ietf.org/html/rfc3546#section-3.1
+            const int ServerNameListOffset = sizeof(ushort);
+
+            if (serverNameListExtension.Length < ServerNameListOffset)
             {
                 remainingBytes = ReadOnlySpan<byte>.Empty;
                 invalid = true;
                 return null;
             }
 
-            int serverNameListLength = ReadUint16(serverNameListExtension);
-            ReadOnlySpan<byte> serverNameList = serverNameListExtension.Slice(2);
+            int serverNameListLength = BinaryPrimitives.ReadUInt16BigEndian(serverNameListExtension);
+            ReadOnlySpan<byte> serverNameList = serverNameListExtension.Slice(ServerNameListOffset);
 
             if (serverNameListLength > serverNameList.Length)
             {
@@ -198,25 +178,43 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
             remainingBytes = serverNameList.Slice(serverNameListLength);
             ReadOnlySpan<byte> serverName = serverNameList.Slice(0, serverNameListLength);
 
-            if (serverName.Length < 3)
+            return GetSniFromServerName(serverName, out invalid);
+        }
+
+        private static string GetSniFromServerName(ReadOnlySpan<byte> serverName, out bool invalid)
+        {
+            // https://tools.ietf.org/html/rfc3546#section-3.1
+            const int ServerNameLengthOffset = 0;
+            const int NameTypeOffset = ServerNameLengthOffset + sizeof(ushort);
+            const int HostNameStructOffset = NameTypeOffset + sizeof(NameType);
+
+            if (serverName.Length < HostNameStructOffset)
             {
                 invalid = true;
                 return null;
             }
 
-            // -1 for hostNameType
-            int hostNameStructLength = ReadUint16(serverName) - 1;
-            byte hostNameType = serverName[2];
-            ReadOnlySpan<byte> hostNameStruct = serverName.Slice(3);
+            int hostNameStructLength = BinaryPrimitives.ReadUInt16BigEndian(serverName) - sizeof(NameType);
+            NameType nameType = (NameType)serverName[NameTypeOffset];
+            ReadOnlySpan<byte> hostNameStruct = serverName.Slice(HostNameStructOffset);
 
-            if (hostNameStructLength != hostNameStruct.Length || hostNameType != 0x00)
+            if (hostNameStructLength != hostNameStruct.Length || nameType != NameType.HostName)
             {
                 invalid = true;
                 return null;
             }
 
-            int hostNameLength = ReadUint16(hostNameStruct);
-            ReadOnlySpan<byte> hostName = hostNameStruct.Slice(2);
+            return GetSniFromHostNameStruct(hostNameStruct, out invalid);
+        }
+
+        private static string GetSniFromHostNameStruct(ReadOnlySpan<byte> hostNameStruct, out bool invalid)
+        {
+            // https://tools.ietf.org/html/rfc3546#section-3.1
+            const int HostNameLengthOffset = 0;
+            const int HostNameOffset = HostNameLengthOffset + sizeof(ushort);
+
+            int hostNameLength = BinaryPrimitives.ReadUInt16BigEndian(hostNameStruct);
+            ReadOnlySpan<byte> hostName = hostNameStruct.Slice(HostNameOffset);
             if (hostNameLength != hostName.Length)
             {
                 invalid = true;
@@ -227,9 +225,24 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
             return DecodeString(hostName);
         }
 
-        [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static string DecodeString(ReadOnlySpan<byte> bytes)
         {
+            // https://tools.ietf.org/html/rfc3546#section-3.1
+            // Per spec:
+            //   If the hostname labels contain only US-ASCII characters, then the
+            //   client MUST ensure that labels are separated only by the byte 0x2E,
+            //   representing the dot character U+002E (requirement 1 in section 3.1
+            //   of [IDNA] notwithstanding). If the server needs to match the HostName
+            //   against names that contain non-US-ASCII characters, it MUST perform
+            //   the conversion operation described in section 4 of [IDNA], treating
+            //   the HostName as a "query string" (i.e. the AllowUnassigned flag MUST
+            //   be set). Note that IDNA allows labels to be separated by any of the
+            //   Unicode characters U+002E, U+3002, U+FF0E, and U+FF61, therefore
+            //   servers MUST accept any of these characters as a label separator.  If
+            //   the server only needs to match the HostName against names containing
+            //   exclusively ASCII characters, it MUST compare ASCII names case-
+            //   insensitively.
+
             string idnEncodedString = Encoding.UTF8.GetString(bytes);
             try
             {
@@ -242,19 +255,11 @@ private static string DecodeString(ReadOnlySpan<byte> bytes)
             }
         }
 
-        [MethodImpl(MethodImplOptions.AggressiveInlining)]
-        private static int ReadUint16(ReadOnlySpan<byte> bytes)
-        {
-            return (bytes[0] << 8) | bytes[1];
-        }
-
-        [MethodImpl(MethodImplOptions.AggressiveInlining)]
-        private static int ReadUint24(ReadOnlySpan<byte> bytes)
+        private static int ReadUInt24BigEndian(ReadOnlySpan<byte> bytes)
         {
             return (bytes[0] << 16) | (bytes[1] << 8) | bytes[2];
         }
 
-        [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static ReadOnlySpan<byte> SkipBytes(ReadOnlySpan<byte> bytes, int numberOfBytesToSkip)
         {
             return (numberOfBytesToSkip < bytes.Length) ? bytes.Slice(numberOfBytesToSkip) : ReadOnlySpan<byte>.Empty;
@@ -286,7 +291,7 @@ private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes, out
                 return ReadOnlySpan<byte>.Empty;
             }
 
-            int length = ReadUint16(bytes);
+            int length = BinaryPrimitives.ReadUInt16BigEndian(bytes);
             int totalBytes = 2 + length;
 
             invalid = bytes.Length < totalBytes;
@@ -308,5 +313,25 @@ private static IdnMapping CreateIdnMapping()
                 AllowUnassigned = true
             };
         }
+
+        private enum ContentType : byte
+        {
+            Handshake = 0x16
+        }
+
+        private enum HandshakeType : byte
+        {
+            ClientHello = 0x01
+        }
+
+        private enum ExtensionType : ushort
+        {
+            ServerName = 0x00
+        }
+
+        private enum NameType : byte
+        {
+            HostName = 0x00
+        }
     }
 }
diff --git a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
index 750c22dbbfcc..c758241a3be2 100644
--- a/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
+++ b/src/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj
@@ -22,12 +22,8 @@
   <ItemGroup>
     <Compile Include="NotifyReadVirtualNetworkStream.cs" />
     <Compile Include="DummyTcpServer.cs" />
-    <Compile Include="SniHelperTest.cs" />
     <Compile Include="TestConfiguration.cs" />
     <!-- SslStream Tests -->
-    <Compile Include="..\..\src\System\Net\Security\SniHelper.cs">
-      <Link>src\SniHelper.cs</Link>
-    </Compile>
     <Compile Include="CertificateChainValidation.cs" />
     <Compile Include="CertificateValidationClientServer.cs" />
     <Compile Include="CertificateValidationRemoteServer.cs" />
@@ -94,6 +90,10 @@
   </ItemGroup>
   <ItemGroup Condition="'$(TargetGroup)'=='netcoreapp'">
     <!-- TODO #13070: Add net463 to the condition after the TFM gets updated to the actual .Net 4.7-->
+    <Compile Include="..\..\src\System\Net\Security\SniHelper.cs">
+      <Link>src\SniHelper.cs</Link>
+    </Compile>
+    <Compile Include="SniHelperTest.cs" />
     <Compile Include="SslAuthenticationOptionsTest.cs" />
     <Compile Include="SslStreamAlertsTest.cs" />
     <Compile Include="SslStreamAllowRenegotiationTests.cs" />
@@ -164,4 +164,4 @@
     <Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" />
   </ItemGroup>
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" />
-</Project>
\ No newline at end of file
+</Project>

From 2432662c0434b853b878b3f55a5647ff27a19543 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Wed, 28 Mar 2018 17:33:02 -0700
Subject: [PATCH 15/20] shorten SNI (limit is 63 bytes)

---
 .../tests/FunctionalTests/SniHelperTest.cs    | 1283 +++++++----------
 1 file changed, 484 insertions(+), 799 deletions(-)

diff --git a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
index e47ac18578a9..aa6a11cd1d5c 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
@@ -36,21 +36,21 @@ private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
             // SslPlainText.(ContentType+ProtocolVersion)
             0x16, 0x03, 0x03,
             // SslPlainText.length
-            0x00, 0xFB,
+            0x00, 0xCB,
             // Handshake.msg_type (client hello)
             0x01,
             // Handshake.length
-            0x00, 0x00, 0xF7,
+            0x00, 0x00, 0xC7,
             // ClientHello.client_version
             0x03, 0x03,
             // ClientHello.random
-            0xEB, 0xD8, 0xD1, 0x29, 0xAB,
-            0x41, 0x81, 0x55, 0x82, 0xB5,
-            0xD0, 0xDB, 0x46, 0xAC, 0xBB,
-            0x0C, 0xF9, 0x4F, 0x99, 0x4D,
-            0xB2, 0x1C, 0x62, 0x4D, 0xBA,
-            0xEE, 0xE7, 0x13, 0xF7, 0x21,
-            0xAD, 0xEB,
+            0x0C, 0x3C, 0x85, 0x78, 0xCA,
+            0x67, 0x70, 0xAA, 0x38, 0xCB,
+            0x28, 0xBC, 0xDC, 0x3E, 0x30,
+            0xBF, 0x11, 0x96, 0x95, 0x1A,
+            0xB9, 0xF0, 0x99, 0xA4, 0x91,
+            0x09, 0x13, 0xB4, 0x89, 0x94,
+            0x27, 0x2E,
             // ClientHello.SessionId
             0x00,
             // ClientHello.cipher_suites
@@ -66,17 +66,17 @@ private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
             // ClientHello.compression_methods
             0x01, 0x01,
             // ClientHello.extension_list_length
-            0x00, 0xA4,
+            0x00, 0x74,
             // Extension.extension_type (server_name)
             0x00, 0x00,
             // ServerNameListExtension.length
-            0x00, 0x69,
+            0x00, 0x39,
             // ServerName.length
-            0x00, 0x67,
+            0x00, 0x37,
             // ServerName.type
             0x00,
             // HostName.length
-            0x00, 0x64,
+            0x00, 0x34,
             // HostName.bytes
             0x61, 0x61, 0x61, 0x61, 0x61,
             0x61, 0x61, 0x61, 0x61, 0x61,
@@ -88,16 +88,7 @@ private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
             0x61, 0x61, 0x61, 0x61, 0x61,
             0x61, 0x61, 0x61, 0x61, 0x61,
             0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
-            0x61, 0x61, 0x61, 0x61, 0x61,
+            0x61, 0x61,
             // Extension.extension_type (00 0A)
             0x00, 0x0A,
             // Extension 0A
@@ -143,21 +134,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -173,17 +164,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -195,16 +186,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -243,21 +225,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -273,17 +255,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -295,16 +277,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -343,21 +316,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -373,17 +346,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -395,16 +368,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -443,21 +407,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -473,17 +437,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -495,16 +459,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -543,21 +498,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -573,17 +528,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -595,16 +550,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -643,21 +589,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -673,17 +619,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -695,16 +641,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -743,21 +680,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -773,17 +710,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -795,16 +732,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -843,21 +771,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -873,17 +801,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -895,16 +823,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -943,21 +862,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -973,17 +892,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -995,16 +914,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1043,21 +953,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1073,17 +983,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1095,16 +1005,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1143,21 +1044,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1173,17 +1074,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1195,16 +1096,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A - length off by 1
@@ -1243,21 +1135,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1273,17 +1165,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1295,16 +1187,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A - max length
@@ -1343,21 +1226,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1373,17 +1256,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length - length off by 1
-                    0x00, 0x65,
+                    0x00, 0x35,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1395,16 +1278,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1443,21 +1317,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1473,13 +1347,13 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length - max length
@@ -1495,16 +1369,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1543,21 +1408,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1573,17 +1438,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type - unknown
                     0x01,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1595,16 +1460,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1643,21 +1499,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1673,17 +1529,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length - length off by 1
-                    0x00, 0x68,
+                    0x00, 0x38,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1695,16 +1551,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1743,21 +1590,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1773,17 +1620,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length - max length
                     0xFF, 0xFF,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1795,16 +1642,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1843,21 +1681,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1873,17 +1711,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length - length off by 1
-                    0x00, 0x6A,
+                    0x00, 0x3A,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1895,16 +1733,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -1943,21 +1772,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -1973,17 +1802,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length - max length
                     0xFF, 0xFF,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -1995,16 +1824,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2043,21 +1863,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -2073,17 +1893,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name) - unknown
                     0x01, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2095,16 +1915,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2143,21 +1954,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -2173,17 +1984,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length - length off by 1
-                    0x00, 0xA5,
+                    0x00, 0x75,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2195,16 +2006,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2243,21 +2045,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -2277,13 +2079,13 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2295,16 +2097,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2343,21 +2136,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -2373,17 +2166,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods - length off by 1
                     0x02, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2395,16 +2188,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2443,21 +2227,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -2473,17 +2257,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods - max length
                     0xFF, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2495,16 +2279,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2543,21 +2318,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites - length off by 1
@@ -2573,17 +2348,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2595,16 +2370,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2643,21 +2409,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites - max length
@@ -2673,17 +2439,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2695,16 +2461,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2743,21 +2500,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId - length off by 1
                     0x01,
                     // ClientHello.cipher_suites
@@ -2773,17 +2530,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2795,16 +2552,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2843,21 +2591,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId - max length
                     0xFF,
                     // ClientHello.cipher_suites
@@ -2873,17 +2621,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2895,16 +2643,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -2943,21 +2682,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length - length off by 1
-                    0x00, 0x00, 0xF8,
+                    0x00, 0x00, 0xC8,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -2973,17 +2712,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -2995,16 +2734,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -3043,7 +2773,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length - max length
@@ -3051,13 +2781,13 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -3073,17 +2803,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -3095,16 +2825,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -3143,21 +2864,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello) - unknown
                     0x00,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -3173,17 +2894,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -3195,16 +2916,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -3243,21 +2955,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion)
                     0x16, 0x03, 0x03,
                     // SslPlainText.length - length off by 1
-                    0x00, 0xFC,
+                    0x00, 0xCC,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -3273,17 +2985,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -3295,16 +3007,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -3347,17 +3050,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -3373,17 +3076,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -3395,16 +3098,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A
@@ -3443,21 +3137,21 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // SslPlainText.(ContentType+ProtocolVersion) - unknown
                     0x01, 0x03, 0x04,
                     // SslPlainText.length
-                    0x00, 0xFB,
+                    0x00, 0xCB,
                     // Handshake.msg_type (client hello)
                     0x01,
                     // Handshake.length
-                    0x00, 0x00, 0xF7,
+                    0x00, 0x00, 0xC7,
                     // ClientHello.client_version
                     0x03, 0x03,
                     // ClientHello.random
-                    0xB7, 0xD2, 0xF8, 0x07, 0x8F,
-                    0x0D, 0xB1, 0xE3, 0x36, 0x63,
-                    0x02, 0x13, 0xBD, 0x93, 0xC9,
-                    0x91, 0xD8, 0x61, 0x21, 0xB7,
-                    0x54, 0x56, 0xFF, 0xFA, 0xB8,
-                    0x15, 0xB8, 0x49, 0x51, 0x9C,
-                    0xA5, 0x6C,
+                    0x14, 0x04, 0x4E, 0x13, 0x9F,
+                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
+                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
+                    0x06, 0x8C, 0x08, 0x00, 0x1A,
+                    0xE2, 0x78, 0xED, 0xA5, 0x79,
+                    0xC8, 0x81, 0x45, 0xF8, 0x99,
+                    0x44, 0x22,
                     // ClientHello.SessionId
                     0x00,
                     // ClientHello.cipher_suites
@@ -3473,17 +3167,17 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     // ClientHello.compression_methods
                     0x01, 0x01,
                     // ClientHello.extension_list_length
-                    0x00, 0xA4,
+                    0x00, 0x74,
                     // Extension.extension_type (server_name)
                     0x00, 0x00,
                     // ServerNameListExtension.length
-                    0x00, 0x69,
+                    0x00, 0x39,
                     // ServerName.length
-                    0x00, 0x67,
+                    0x00, 0x37,
                     // ServerName.type
                     0x00,
                     // HostName.length
-                    0x00, 0x64,
+                    0x00, 0x34,
                     // HostName.bytes
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
@@ -3495,16 +3189,7 @@ private static IEnumerable<object[]> InvalidClientHelloData()
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
                     0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
+                    0x61, 0x61,
                     // Extension.extension_type (00 0A)
                     0x00, 0x0A,
                     // Extension 0A

From 49f462e614b3b04838bf5336e557b729b56c5666 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Thu, 29 Mar 2018 10:37:43 -0700
Subject: [PATCH 16/20] replace remaining constants

---
 .../src/System/Net/Security/SniHelper.cs             | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
index 849a3d2d6ee8..a09d2185e2c6 100644
--- a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
@@ -272,27 +272,29 @@ private static ReadOnlySpan<byte> SkipBytes(ReadOnlySpan<byte> bytes, int number
         // We will call them SkipOpaqueType`length`
         private static ReadOnlySpan<byte> SkipOpaqueType1(ReadOnlySpan<byte> bytes)
         {
-            if (bytes.Length < 1)
+            const int OpaqueTypeLengthSize = sizeof(byte);
+            if (bytes.Length < OpaqueTypeLengthSize)
             {
                 return ReadOnlySpan<byte>.Empty;
             }
 
             byte length = bytes[0];
-            int totalBytes = 1 + length;
+            int totalBytes = OpaqueTypeLengthSize + length;
 
             return SkipBytes(bytes, totalBytes);
         }
 
         private static ReadOnlySpan<byte> SkipOpaqueType2(ReadOnlySpan<byte> bytes, out bool invalid)
         {
-            if (bytes.Length < 2)
+            const int OpaqueTypeLengthSize = sizeof(ushort);
+            if (bytes.Length < OpaqueTypeLengthSize)
             {
                 invalid = true;
                 return ReadOnlySpan<byte>.Empty;
             }
 
-            int length = BinaryPrimitives.ReadUInt16BigEndian(bytes);
-            int totalBytes = 2 + length;
+            ushort length = BinaryPrimitives.ReadUInt16BigEndian(bytes);
+            int totalBytes = OpaqueTypeLengthSize + length;
 
             invalid = bytes.Length < totalBytes;
             if (invalid)

From 3dda001a412c4b30391958f35ab20e39716ebbad Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Thu, 29 Mar 2018 10:38:34 -0700
Subject: [PATCH 17/20] test behavior on truncated client hello

---
 .../tests/FunctionalTests/SniHelperTest.cs    | 6000 ++++++++---------
 1 file changed, 2970 insertions(+), 3030 deletions(-)

diff --git a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
index aa6a11cd1d5c..ebc048d7db17 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
@@ -3,12 +3,19 @@
 // See the LICENSE file in the project root for more information.
 
 using System.Collections.Generic;
+using System.Linq;
 using Xunit;
 
 namespace System.Net.Security.Tests
 {
     public class SniHelperTest
     {
+        [Fact]
+        public void SniHelper_ValidData_Ok()
+        {
+            InvalidClientHello(s_validClientHello, -1, shouldPass: true);
+        }
+
         [Theory]
         [MemberData(nameof(InvalidClientHelloData))]
         public void SniHelper_InvalidData_Fails(int id, byte[] clientHello)
@@ -16,10 +23,11 @@ public void SniHelper_InvalidData_Fails(int id, byte[] clientHello)
             InvalidClientHello(clientHello, id, shouldPass: false);
         }
 
-        [Fact]
-        public void SniHelper_ValidData_Ok()
+        [Theory]
+        [MemberData(nameof(InvalidClientHelloDataTruncatedBytes))]
+        public void SniHelper_TruncatedData_Fails(int id, byte[] clientHello)
         {
-            InvalidClientHello(s_validClientHello, -1, shouldPass: true);
+            InvalidClientHello(clientHello, id, shouldPass: false);
         }
 
         private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
@@ -31,6 +39,40 @@ private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
                 Assert.Null(ret);
         }
 
+        private static IEnumerable<object[]> InvalidClientHelloData()
+        {
+            int id = 0;
+            foreach (byte[] invalidClientHello in InvalidClientHello())
+            {
+                id++;
+                yield return new object[] { id, invalidClientHello };
+            }
+        }
+
+        private static IEnumerable<object[]> InvalidClientHelloDataTruncatedBytes()
+        {
+            // converting to base64 first to remove duplicated test cases
+            var uniqueInvalidHellos = new HashSet<string>();
+            foreach (byte[] invalidClientHello in InvalidClientHello())
+            {
+                for (int i = 0; i < invalidClientHello.Length - 1; i++)
+                {
+                    uniqueInvalidHellos.Add(Convert.ToBase64String(invalidClientHello.Take(i).ToArray()));
+                }
+            }
+
+            for (int i = 0; i < s_validClientHello.Length - 1; i++)
+            {
+                uniqueInvalidHellos.Add(Convert.ToBase64String(s_validClientHello.Take(i).ToArray()));
+            }
+
+            int id = 0;
+            foreach (string invalidClientHello in uniqueInvalidHellos)
+            {
+                id++;
+                yield return new object[] { id, Convert.FromBase64String(invalidClientHello) };
+            }
+        }
 
         private static byte[] s_validClientHello = new byte[] {
             // SslPlainText.(ContentType+ProtocolVersion)
@@ -120,7 +162,7 @@ private void InvalidClientHello(byte[] clientHello, int id, bool shouldPass)
             0x00, 0x01, 0x00
         };
 
-        private static IEnumerable<object[]> InvalidClientHelloData()
+        private static IEnumerable<byte[]> InvalidClientHello()
         {
             // This test covers following test cases:
             // - Length of structure off by 1 (search for "length off by 1")
@@ -128,3098 +170,2996 @@ private static IEnumerable<object[]> InvalidClientHelloData()
             // - Type is invalid or unknown (i.e. SslPlainText.ClientType is not 0x16 - search for "unknown")
             // in each case sni will be null or will cause parsing error - we only expect some parsing errors,
             // anything else is considered a bug
-            yield return new object[] {
-                1,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01 - length off by 1
-                    0x00, 0x02, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01 - length off by 1
+                0x00, 0x02, 0x00
             };
 
-            yield return new object[] {
-                2,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01 - max length
-                    0xFF, 0xFF, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01 - max length
+                0xFF, 0xFF, 0x00
             };
 
-            yield return new object[] {
-                3,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17 - length off by 1
-                    0x00, 0x01,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17 - length off by 1
+                0x00, 0x01,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                4,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17 - max length
-                    0xFF, 0xFF,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17 - max length
+                0xFF, 0xFF,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                5,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23 - length off by 1
-                    0x00, 0x01,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23 - length off by 1
+                0x00, 0x01,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                6,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23 - max length
-                    0xFF, 0xFF,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23 - max length
+                0xFF, 0xFF,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                7,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D - length off by 1
-                    0x00, 0x15, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D - length off by 1
+                0x00, 0x15, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                8,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D - max length
-                    0xFF, 0xFF, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D - max length
+                0xFF, 0xFF, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                9,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B - length off by 1
-                    0x00, 0x03, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B - length off by 1
+                0x00, 0x03, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                10,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B - max length
-                    0xFF, 0xFF, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B - max length
+                0xFF, 0xFF, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                11,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A - length off by 1
-                    0x00, 0x09, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A - length off by 1
+                0x00, 0x09, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                12,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A - max length
-                    0xFF, 0xFF, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A - max length
+                0xFF, 0xFF, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                13,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length - length off by 1
-                    0x00, 0x35,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length - length off by 1
+                0x00, 0x35,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                14,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length - max length
-                    0xFF, 0xFF,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length - max length
+                0xFF, 0xFF,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                15,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type - unknown
-                    0x01,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type - unknown
+                0x01,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                16,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length - length off by 1
-                    0x00, 0x38,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length - length off by 1
+                0x00, 0x38,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                17,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length - max length
-                    0xFF, 0xFF,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length - max length
+                0xFF, 0xFF,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                18,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length - length off by 1
-                    0x00, 0x3A,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length - length off by 1
+                0x00, 0x3A,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                19,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length - max length
-                    0xFF, 0xFF,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length - max length
+                0xFF, 0xFF,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                20,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name) - unknown
-                    0x01, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name) - unknown
+                0x01, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                21,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length - length off by 1
-                    0x00, 0x75,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length - length off by 1
+                0x00, 0x75,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                22,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length - max length
-                    0xFF, 0xFF,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length - max length
+                0xFF, 0xFF,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                23,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods - length off by 1
-                    0x02, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods - length off by 1
+                0x02, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                24,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods - max length
-                    0xFF, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods - max length
+                0xFF, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                25,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites - length off by 1
-                    0x00, 0x2B, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites - length off by 1
+                0x00, 0x2B, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                26,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites - max length
-                    0xFF, 0xFF, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites - max length
+                0xFF, 0xFF, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                27,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId - length off by 1
-                    0x01,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId - length off by 1
+                0x01,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                28,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId - max length
-                    0xFF,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId - max length
+                0xFF,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                29,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length - length off by 1
-                    0x00, 0x00, 0xC8,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length - length off by 1
+                0x00, 0x00, 0xC8,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                30,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length - max length
-                    0xFF, 0xFF, 0xFF,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length - max length
+                0xFF, 0xFF, 0xFF,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                31,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello) - unknown
-                    0x00,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello) - unknown
+                0x00,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                32,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length - length off by 1
-                    0x00, 0xCC,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length - length off by 1
+                0x00, 0xCC,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                33,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion)
-                    0x16, 0x03, 0x03,
-                    // SslPlainText.length - max length
-                    0xFF, 0xFF,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length - max length
+                0xFF, 0xFF,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
 
-            yield return new object[] {
-                34,
-                new byte[] {
-                    // SslPlainText.(ContentType+ProtocolVersion) - unknown
-                    0x01, 0x03, 0x04,
-                    // SslPlainText.length
-                    0x00, 0xCB,
-                    // Handshake.msg_type (client hello)
-                    0x01,
-                    // Handshake.length
-                    0x00, 0x00, 0xC7,
-                    // ClientHello.client_version
-                    0x03, 0x03,
-                    // ClientHello.random
-                    0x14, 0x04, 0x4E, 0x13, 0x9F,
-                    0xAC, 0x4B, 0x43, 0x63, 0xB0,
-                    0x53, 0xE5, 0xB8, 0x95, 0xB2,
-                    0x06, 0x8C, 0x08, 0x00, 0x1A,
-                    0xE2, 0x78, 0xED, 0xA5, 0x79,
-                    0xC8, 0x81, 0x45, 0xF8, 0x99,
-                    0x44, 0x22,
-                    // ClientHello.SessionId
-                    0x00,
-                    // ClientHello.cipher_suites
-                    0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-                    0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-                    0x00, 0x9F, 0x00, 0x9E, 0xC0,
-                    0x24, 0xC0, 0x23, 0xC0, 0x28,
-                    0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-                    0x09, 0xC0, 0x14, 0xC0, 0x13,
-                    0x00, 0x9D, 0x00, 0x9C, 0x00,
-                    0x3D, 0x00, 0x3C, 0x00, 0x35,
-                    0x00, 0x2F, 0x00, 0x0A,
-                    // ClientHello.compression_methods
-                    0x01, 0x01,
-                    // ClientHello.extension_list_length
-                    0x00, 0x74,
-                    // Extension.extension_type (server_name)
-                    0x00, 0x00,
-                    // ServerNameListExtension.length
-                    0x00, 0x39,
-                    // ServerName.length
-                    0x00, 0x37,
-                    // ServerName.type
-                    0x00,
-                    // HostName.length
-                    0x00, 0x34,
-                    // HostName.bytes
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61, 0x61, 0x61, 0x61,
-                    0x61, 0x61,
-                    // Extension.extension_type (00 0A)
-                    0x00, 0x0A,
-                    // Extension 0A
-                    0x00, 0x08, 0x00, 0x06, 0x00,
-                    0x1D, 0x00, 0x17, 0x00, 0x18,
-                    // Extension.extension_type (00 0B)
-                    0x00, 0x0B,
-                    // Extension 0B
-                    0x00, 0x02, 0x01, 0x00,
-                    // Extension.extension_type (00 0D)
-                    0x00, 0x0D,
-                    // Extension 0D
-                    0x00, 0x14, 0x00, 0x12, 0x04,
-                    0x01, 0x05, 0x01, 0x02, 0x01,
-                    0x04, 0x03, 0x05, 0x03, 0x02,
-                    0x03, 0x02, 0x02, 0x06, 0x01,
-                    0x06, 0x03,
-                    // Extension.extension_type (00 23)
-                    0x00, 0x23,
-                    // Extension 00 23
-                    0x00, 0x00,
-                    // Extension.extension_type (00 17)
-                    0x00, 0x17,
-                    // Extension 17
-                    0x00, 0x00,
-                    // Extension.extension_type (FF 01)
-                    0xFF, 0x01,
-                    // Extension FF01
-                    0x00, 0x01, 0x00
-                }
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion) - unknown
+                0x01, 0x03, 0x04,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x58, 0xAA, 0x5F, 0xE7, 0x22,
+                0xCF, 0x9F, 0x59, 0x8A, 0xC5,
+                0x8B, 0x87, 0xC7, 0x62, 0x32,
+                0x98, 0xD4, 0xD8, 0xA2, 0xBE,
+                0x77, 0xCE, 0xA9, 0xCE, 0x42,
+                0x25, 0x5A, 0x8B, 0xEE, 0x16,
+                0x80, 0xF1,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
             };
         }
     }

From 40f8447924cbfbba74c4a266823aa60cbd70d562 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Thu, 29 Mar 2018 11:12:25 -0700
Subject: [PATCH 18/20] add structures descriptions

---
 .../src/System/Net/Security/SniHelper.cs      | 40 ++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
index a09d2185e2c6..ebf097c9db22 100644
--- a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
@@ -24,6 +24,12 @@ public static string GetServerName(byte[] clientHello)
         private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
         {
             // https://tools.ietf.org/html/rfc6101#section-5.2.1
+            // struct {
+            //     ContentType type; // enum with max value 255
+            //     ProtocolVersion version; // 2x uint8
+            //     uint16 length;
+            //     opaque fragment[SSLPlaintext.length];
+            // } SSLPlaintext;
             const int ContentTypeOffset = 0;
             const int ProtocolVersionOffset = ContentTypeOffset + sizeof(ContentType);
             const int LengthOffset = ProtocolVersionOffset + ProtocolVersionSize;
@@ -51,6 +57,15 @@ private static string GetSniFromSslPlainText(ReadOnlySpan<byte> sslPlainText)
         private static string GetSniFromSslHandshake(ReadOnlySpan<byte> sslHandshake)
         {
             // https://tools.ietf.org/html/rfc6101#section-5.6
+            // struct {
+            //     HandshakeType msg_type;    /* handshake type */
+            //     uint24 length;             /* bytes in message */
+            //     select (HandshakeType) {
+            //         ...
+            //         case client_hello: ClientHello;
+            //         ...
+            //     } body;
+            // } Handshake;
             const int HandshakeTypeOffset = 0;
             const int ClientHelloLengthOffset = HandshakeTypeOffset + sizeof(HandshakeType);
             const int ClientHelloOffset = ClientHelloLengthOffset + UInt24Size;
@@ -75,7 +90,14 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
         {
             // Basic structure: https://tools.ietf.org/html/rfc6101#section-5.6.1.2
             // Extended structure: https://tools.ietf.org/html/rfc3546#section-2.1
-
+            // struct {
+            //     ProtocolVersion client_version; // 2x uint8
+            //     Random random; // 32 bytes
+            //     SessionID session_id; // opaque type
+            //     CipherSuite cipher_suites<2..2^16-1>; // opaque type
+            //     CompressionMethod compression_methods<1..2^8-1>; // opaque type
+            //     Extension client_hello_extension_list<0..2^16-1>;
+            // } ClientHello;
             ReadOnlySpan<byte> p = SkipBytes(clientHello, ProtocolVersionSize + RandomSize);
 
             // Skip SessionID (max size 32 => size fits in 1 byte)
@@ -130,6 +152,10 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
         private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out ReadOnlySpan<byte> remainingBytes, out bool invalid)
         {
             // https://tools.ietf.org/html/rfc3546#section-2.3
+            // struct {
+            //     ExtensionType extension_type;
+            //     opaque extension_data<0..2^16-1>;
+            // } Extension;
             const int ExtensionDataOffset = sizeof(ExtensionType);
 
             if (extension.Length < ExtensionDataOffset)
@@ -156,6 +182,10 @@ private static string GetSniFromExtension(ReadOnlySpan<byte> extension, out Read
         private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameListExtension, out ReadOnlySpan<byte> remainingBytes, out bool invalid)
         {
             // https://tools.ietf.org/html/rfc3546#section-3.1
+            // struct {
+            //     ServerName server_name_list<1..2^16-1>
+            // } ServerNameList;
+            // ServerNameList is an opaque type (length of sufficient size for max data length is prepended)
             const int ServerNameListOffset = sizeof(ushort);
 
             if (serverNameListExtension.Length < ServerNameListOffset)
@@ -184,6 +214,13 @@ private static string GetSniFromServerNameList(ReadOnlySpan<byte> serverNameList
         private static string GetSniFromServerName(ReadOnlySpan<byte> serverName, out bool invalid)
         {
             // https://tools.ietf.org/html/rfc3546#section-3.1
+            // struct {
+            //     NameType name_type;
+            //     select (name_type) {
+            //         case host_name: HostName;
+            //     } name;
+            // } ServerName;
+            // ServerName is an opaque type (length of sufficient size for max data length is prepended)
             const int ServerNameLengthOffset = 0;
             const int NameTypeOffset = ServerNameLengthOffset + sizeof(ushort);
             const int HostNameStructOffset = NameTypeOffset + sizeof(NameType);
@@ -210,6 +247,7 @@ private static string GetSniFromServerName(ReadOnlySpan<byte> serverName, out bo
         private static string GetSniFromHostNameStruct(ReadOnlySpan<byte> hostNameStruct, out bool invalid)
         {
             // https://tools.ietf.org/html/rfc3546#section-3.1
+            // HostName is an opaque type (length of sufficient size for max data length is prepended)
             const int HostNameLengthOffset = 0;
             const int HostNameOffset = HostNameLengthOffset + sizeof(ushort);
 

From fe8c956f73348dfa796c9f6b1cebd344f21cd2c1 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Thu, 29 Mar 2018 16:28:49 -0700
Subject: [PATCH 19/20] apply review feedback

---
 .../src/System.Net.Security.csproj                |  1 +
 .../src/System/Net/Security/SniHelper.cs          | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/System.Net.Security/src/System.Net.Security.csproj b/src/System.Net.Security/src/System.Net.Security.csproj
index e9a5737afe63..b7d0616c1ecb 100644
--- a/src/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/System.Net.Security/src/System.Net.Security.csproj
@@ -419,6 +419,7 @@
     <Reference Include="System.Security.Cryptography.X509Certificates" />
     <Reference Include="System.Security.Principal" />
     <Reference Include="System.Security.Principal.Windows" />
+    <Reference Include="System.Text.Encoding.Extensions" />
     <Reference Include="System.Threading" />
     <Reference Include="System.Threading.Tasks" />
     <Reference Include="System.Threading.ThreadPool" />
diff --git a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
index ebf097c9db22..0e7c3635f5e6 100644
--- a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
@@ -3,7 +3,6 @@
 // See the LICENSE file in the project root for more information.
 
 using System.Buffers.Binary;
-using System.Diagnostics;
 using System.Globalization;
 using System.Text;
 
@@ -15,6 +14,7 @@ internal class SniHelper
         private const int UInt24Size = 3;
         private const int RandomSize = 32;
         private static IdnMapping s_idnMapping = CreateIdnMapping();
+        private static Encoding s_encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true);
 
         public static string GetServerName(byte[] clientHello)
         {
@@ -136,7 +136,6 @@ private static string GetSniFromClientHello(ReadOnlySpan<byte> clientHello)
 
                 if (ret != null && sni != null)
                 {
-                    Debug.Assert(false, "More than 1 name found.");
                     return null;
                 }
 
@@ -231,6 +230,7 @@ private static string GetSniFromServerName(ReadOnlySpan<byte> serverName, out bo
                 return null;
             }
 
+            // Following can underflow but it is ok due to equality check below
             int hostNameStructLength = BinaryPrimitives.ReadUInt16BigEndian(serverName) - sizeof(NameType);
             NameType nameType = (NameType)serverName[NameTypeOffset];
             ReadOnlySpan<byte> hostNameStruct = serverName.Slice(HostNameStructOffset);
@@ -281,7 +281,16 @@ private static string DecodeString(ReadOnlySpan<byte> bytes)
             //   exclusively ASCII characters, it MUST compare ASCII names case-
             //   insensitively.
 
-            string idnEncodedString = Encoding.UTF8.GetString(bytes);
+            string idnEncodedString;
+            try
+            {
+                idnEncodedString = s_encoding.GetString(bytes);
+            }
+            catch (DecoderFallbackException)
+            {
+                return null;
+            }
+
             try
             {
                 return s_idnMapping.GetUnicode(idnEncodedString);

From 3e69a17fb864c29e840d416dcfc51d4af03fd473 Mon Sep 17 00:00:00 2001
From: Krzysztof Wicher <kwicher@microsoft.com>
Date: Thu, 29 Mar 2018 16:49:32 -0700
Subject: [PATCH 20/20] get rid of the new dependency and add a test for
 invalid utf-8 bytes

---
 .../src/System.Net.Security.csproj            |  1 -
 .../src/System/Net/Security/SniHelper.cs      |  9 +-
 .../tests/FunctionalTests/SniHelperTest.cs    | 89 +++++++++++++++++++
 3 files changed, 96 insertions(+), 3 deletions(-)

diff --git a/src/System.Net.Security/src/System.Net.Security.csproj b/src/System.Net.Security/src/System.Net.Security.csproj
index b7d0616c1ecb..e9a5737afe63 100644
--- a/src/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/System.Net.Security/src/System.Net.Security.csproj
@@ -419,7 +419,6 @@
     <Reference Include="System.Security.Cryptography.X509Certificates" />
     <Reference Include="System.Security.Principal" />
     <Reference Include="System.Security.Principal.Windows" />
-    <Reference Include="System.Text.Encoding.Extensions" />
     <Reference Include="System.Threading" />
     <Reference Include="System.Threading.Tasks" />
     <Reference Include="System.Threading.ThreadPool" />
diff --git a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
index 0e7c3635f5e6..b1540f122b3c 100644
--- a/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
+++ b/src/System.Net.Security/src/System/Net/Security/SniHelper.cs
@@ -13,8 +13,8 @@ internal class SniHelper
         private const int ProtocolVersionSize = 2;
         private const int UInt24Size = 3;
         private const int RandomSize = 32;
-        private static IdnMapping s_idnMapping = CreateIdnMapping();
-        private static Encoding s_encoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false, throwOnInvalidBytes: true);
+        private readonly static IdnMapping s_idnMapping = CreateIdnMapping();
+        private readonly static Encoding s_encoding = CreateEncoding();
 
         public static string GetServerName(byte[] clientHello)
         {
@@ -363,6 +363,11 @@ private static IdnMapping CreateIdnMapping()
             };
         }
 
+        private static Encoding CreateEncoding()
+        {
+            return Encoding.GetEncoding("utf-8", new EncoderExceptionFallback(), new DecoderExceptionFallback());
+        }
+
         private enum ContentType : byte
         {
             Handshake = 0x16
diff --git a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
index ebc048d7db17..3dafcc083f16 100644
--- a/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
+++ b/src/System.Net.Security/tests/FunctionalTests/SniHelperTest.cs
@@ -168,6 +168,7 @@ private static IEnumerable<byte[]> InvalidClientHello()
             // - Length of structure off by 1 (search for "length off by 1")
             // - Length of structure is max length (search for "max length")
             // - Type is invalid or unknown (i.e. SslPlainText.ClientType is not 0x16 - search for "unknown")
+            // - Invalid utf-8 characters
             // in each case sni will be null or will cause parsing error - we only expect some parsing errors,
             // anything else is considered a bug
             yield return new byte[] {
@@ -3161,6 +3162,94 @@ private static IEnumerable<byte[]> InvalidClientHello()
                 // Extension FF01
                 0x00, 0x01, 0x00
             };
+
+            yield return new byte[] {
+                // SslPlainText.(ContentType+ProtocolVersion)
+                0x16, 0x03, 0x03,
+                // SslPlainText.length
+                0x00, 0xCB,
+                // Handshake.msg_type (client hello)
+                0x01,
+                // Handshake.length
+                0x00, 0x00, 0xC7,
+                // ClientHello.client_version
+                0x03, 0x03,
+                // ClientHello.random
+                0x0C, 0x3C, 0x85, 0x78, 0xCA,
+                0x67, 0x70, 0xAA, 0x38, 0xCB,
+                0x28, 0xBC, 0xDC, 0x3E, 0x30,
+                0xBF, 0x11, 0x96, 0x95, 0x1A,
+                0xB9, 0xF0, 0x99, 0xA4, 0x91,
+                0x09, 0x13, 0xB4, 0x89, 0x94,
+                0x27, 0x2E,
+                // ClientHello.SessionId
+                0x00,
+                // ClientHello.cipher_suites
+                0x00, 0x2A, 0xC0, 0x2C, 0xC0,
+                0x2B, 0xC0, 0x30, 0xC0, 0x2F,
+                0x00, 0x9F, 0x00, 0x9E, 0xC0,
+                0x24, 0xC0, 0x23, 0xC0, 0x28,
+                0xC0, 0x27, 0xC0, 0x0A, 0xC0,
+                0x09, 0xC0, 0x14, 0xC0, 0x13,
+                0x00, 0x9D, 0x00, 0x9C, 0x00,
+                0x3D, 0x00, 0x3C, 0x00, 0x35,
+                0x00, 0x2F, 0x00, 0x0A,
+                // ClientHello.compression_methods
+                0x01, 0x01,
+                // ClientHello.extension_list_length
+                0x00, 0x74,
+                // Extension.extension_type (server_name)
+                0x00, 0x00,
+                // ServerNameListExtension.length
+                0x00, 0x39,
+                // ServerName.length
+                0x00, 0x37,
+                // ServerName.type
+                0x00,
+                // HostName.length
+                0x00, 0x34,
+                // HostName.bytes
+                0x80, 0x80, 0x80, 0x80, 0x61, // 0x80 0x80 0x80 0x80 is a forbidden utf-8 sequence
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61, 0x61, 0x61, 0x61,
+                0x61, 0x61,
+                // Extension.extension_type (00 0A)
+                0x00, 0x0A,
+                // Extension 0A
+                0x00, 0x08, 0x00, 0x06, 0x00,
+                0x1D, 0x00, 0x17, 0x00, 0x18,
+                // Extension.extension_type (00 0B)
+                0x00, 0x0B,
+                // Extension 0B
+                0x00, 0x02, 0x01, 0x00,
+                // Extension.extension_type (00 0D)
+                0x00, 0x0D,
+                // Extension 0D
+                0x00, 0x14, 0x00, 0x12, 0x04,
+                0x01, 0x05, 0x01, 0x02, 0x01,
+                0x04, 0x03, 0x05, 0x03, 0x02,
+                0x03, 0x02, 0x02, 0x06, 0x01,
+                0x06, 0x03,
+                // Extension.extension_type (00 23)
+                0x00, 0x23,
+                // Extension 00 23
+                0x00, 0x00,
+                // Extension.extension_type (00 17)
+                0x00, 0x17,
+                // Extension 17
+                0x00, 0x00,
+                // Extension.extension_type (FF 01)
+                0xFF, 0x01,
+                // Extension FF01
+                0x00, 0x01, 0x00
+            };
         }
     }
 }