diff --git a/firewall/inspection/tls/const.go b/firewall/inspection/tls/const.go
deleted file mode 100644
index 07657014..00000000
--- a/firewall/inspection/tls/const.go
+++ /dev/null
@@ -1,364 +0,0 @@
-package tls
-
-var (
-
-	// source: https://www.iana.org/assignments/tls-parameters/tls-parameters.txt
-	cipherSuiteNames = map[uint16]string{
-		0x0000: "TLS_NULL_WITH_NULL_NULL",
-		0x0001: "TLS_RSA_WITH_NULL_MD5",
-		0x0002: "TLS_RSA_WITH_NULL_SHA",
-		0x0003: "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
-		0x0004: "TLS_RSA_WITH_RC4_128_MD5",
-		0x0005: "TLS_RSA_WITH_RC4_128_SHA",
-		0x0006: "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
-		0x0007: "TLS_RSA_WITH_IDEA_CBC_SHA",
-		0x0008: "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
-		0x0009: "TLS_RSA_WITH_DES_CBC_SHA",
-		0x000A: "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
-		0x000B: "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
-		0x000C: "TLS_DH_DSS_WITH_DES_CBC_SHA",
-		0x000D: "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
-		0x000E: "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
-		0x000F: "TLS_DH_RSA_WITH_DES_CBC_SHA",
-		0x0010: "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
-		0x0011: "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-		0x0012: "TLS_DHE_DSS_WITH_DES_CBC_SHA",
-		0x0013: "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
-		0x0014: "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-		0x0015: "TLS_DHE_RSA_WITH_DES_CBC_SHA",
-		0x0016: "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-		0x0017: "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
-		0x0018: "TLS_DH_anon_WITH_RC4_128_MD5",
-		0x0019: "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
-		0x001A: "TLS_DH_anon_WITH_DES_CBC_SHA",
-		0x001B: "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
-		0x001E: "TLS_KRB5_WITH_DES_CBC_SHA",
-		0x001F: "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
-		0x0020: "TLS_KRB5_WITH_RC4_128_SHA",
-		0x0021: "TLS_KRB5_WITH_IDEA_CBC_SHA",
-		0x0022: "TLS_KRB5_WITH_DES_CBC_MD5",
-		0x0023: "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
-		0x0024: "TLS_KRB5_WITH_RC4_128_MD5",
-		0x0025: "TLS_KRB5_WITH_IDEA_CBC_MD5",
-		0x0026: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
-		0x0027: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
-		0x0028: "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
-		0x0029: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
-		0x002A: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
-		0x002B: "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
-		0x002C: "TLS_PSK_WITH_NULL_SHA",
-		0x002D: "TLS_DHE_PSK_WITH_NULL_SHA",
-		0x002E: "TLS_RSA_PSK_WITH_NULL_SHA",
-		0x002F: "TLS_RSA_WITH_AES_128_CBC_SHA",
-		0x0030: "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
-		0x0031: "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
-		0x0032: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-		0x0033: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-		0x0034: "TLS_DH_anon_WITH_AES_128_CBC_SHA",
-		0x0035: "TLS_RSA_WITH_AES_256_CBC_SHA",
-		0x0036: "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
-		0x0037: "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
-		0x0038: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
-		0x0039: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-		0x003A: "TLS_DH_anon_WITH_AES_256_CBC_SHA",
-		0x003B: "TLS_RSA_WITH_NULL_SHA256",
-		0x003C: "TLS_RSA_WITH_AES_128_CBC_SHA256",
-		0x003D: "TLS_RSA_WITH_AES_256_CBC_SHA256",
-		0x003E: "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
-		0x003F: "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
-		0x0040: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
-		0x0041: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
-		0x0042: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
-		0x0043: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
-		0x0044: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
-		0x0045: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
-		0x0046: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
-		0x0067: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
-		0x0068: "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
-		0x0069: "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
-		0x006A: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
-		0x006B: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
-		0x006C: "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
-		0x006D: "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
-		0x0084: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
-		0x0085: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
-		0x0086: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
-		0x0087: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
-		0x0088: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
-		0x0089: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
-		0x008A: "TLS_PSK_WITH_RC4_128_SHA",
-		0x008B: "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
-		0x008C: "TLS_PSK_WITH_AES_128_CBC_SHA",
-		0x008D: "TLS_PSK_WITH_AES_256_CBC_SHA",
-		0x008E: "TLS_DHE_PSK_WITH_RC4_128_SHA",
-		0x008F: "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
-		0x0090: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
-		0x0091: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
-		0x0092: "TLS_RSA_PSK_WITH_RC4_128_SHA",
-		0x0093: "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
-		0x0094: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
-		0x0095: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
-		0x0096: "TLS_RSA_WITH_SEED_CBC_SHA",
-		0x0097: "TLS_DH_DSS_WITH_SEED_CBC_SHA",
-		0x0098: "TLS_DH_RSA_WITH_SEED_CBC_SHA",
-		0x0099: "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
-		0x009A: "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
-		0x009B: "TLS_DH_anon_WITH_SEED_CBC_SHA",
-		0x009C: "TLS_RSA_WITH_AES_128_GCM_SHA256",
-		0x009D: "TLS_RSA_WITH_AES_256_GCM_SHA384",
-		0x009E: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-		0x009F: "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-		0x00A0: "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
-		0x00A1: "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
-		0x00A2: "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
-		0x00A3: "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
-		0x00A4: "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
-		0x00A5: "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
-		0x00A6: "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
-		0x00A7: "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
-		0x00A8: "TLS_PSK_WITH_AES_128_GCM_SHA256",
-		0x00A9: "TLS_PSK_WITH_AES_256_GCM_SHA384",
-		0x00AA: "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
-		0x00AB: "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
-		0x00AC: "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
-		0x00AD: "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
-		0x00AE: "TLS_PSK_WITH_AES_128_CBC_SHA256",
-		0x00AF: "TLS_PSK_WITH_AES_256_CBC_SHA384",
-		0x00B0: "TLS_PSK_WITH_NULL_SHA256",
-		0x00B1: "TLS_PSK_WITH_NULL_SHA384",
-		0x00B2: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
-		0x00B3: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
-		0x00B4: "TLS_DHE_PSK_WITH_NULL_SHA256",
-		0x00B5: "TLS_DHE_PSK_WITH_NULL_SHA384",
-		0x00B6: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
-		0x00B7: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
-		0x00B8: "TLS_RSA_PSK_WITH_NULL_SHA256",
-		0x00B9: "TLS_RSA_PSK_WITH_NULL_SHA384",
-		0x00BA: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0x00BB: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
-		0x00BC: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0x00BD: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
-		0x00BE: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0x00BF: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
-		0x00C0: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
-		0x00C1: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
-		0x00C2: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
-		0x00C3: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
-		0x00C4: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
-		0x00C5: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
-		0x00FF: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
-		0x5600: "TLS_FALLBACK_SCSV",
-		0xC001: "TLS_ECDH_ECDSA_WITH_NULL_SHA",
-		0xC002: "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-		0xC003: "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
-		0xC004: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-		0xC005: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
-		0xC006: "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
-		0xC007: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-		0xC008: "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
-		0xC009: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-		0xC00A: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-		0xC00B: "TLS_ECDH_RSA_WITH_NULL_SHA",
-		0xC00C: "TLS_ECDH_RSA_WITH_RC4_128_SHA",
-		0xC00D: "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
-		0xC00E: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
-		0xC00F: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-		0xC010: "TLS_ECDHE_RSA_WITH_NULL_SHA",
-		0xC011: "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-		0xC012: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
-		0xC013: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-		0xC014: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-		0xC015: "TLS_ECDH_anon_WITH_NULL_SHA",
-		0xC016: "TLS_ECDH_anon_WITH_RC4_128_SHA",
-		0xC017: "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-		0xC018: "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
-		0xC019: "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
-		0xC01A: "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
-		0xC01B: "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
-		0xC01C: "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
-		0xC01D: "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
-		0xC01E: "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
-		0xC01F: "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
-		0xC020: "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
-		0xC021: "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
-		0xC022: "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
-		0xC023: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-		0xC024: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-		0xC025: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
-		0xC026: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
-		0xC027: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-		0xC028: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-		0xC029: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
-		0xC02A: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
-		0xC02B: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-		0xC02C: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-		0xC02D: "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
-		0xC02E: "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
-		0xC02F: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-		0xC030: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-		0xC031: "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
-		0xC032: "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
-		0xC033: "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
-		0xC034: "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
-		0xC035: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
-		0xC036: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
-		0xC037: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
-		0xC038: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
-		0xC039: "TLS_ECDHE_PSK_WITH_NULL_SHA",
-		0xC03A: "TLS_ECDHE_PSK_WITH_NULL_SHA256",
-		0xC03B: "TLS_ECDHE_PSK_WITH_NULL_SHA384",
-		0xC03C: "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
-		0xC03D: "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
-		0xC03E: "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
-		0xC03F: "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
-		0xC040: "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
-		0xC041: "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
-		0xC042: "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
-		0xC043: "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
-		0xC044: "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
-		0xC045: "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
-		0xC046: "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
-		0xC047: "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
-		0xC048: "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
-		0xC049: "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
-		0xC04A: "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
-		0xC04B: "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
-		0xC04C: "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
-		0xC04D: "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
-		0xC04E: "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
-		0xC04F: "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
-		0xC050: "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
-		0xC051: "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
-		0xC052: "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
-		0xC053: "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
-		0xC054: "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
-		0xC055: "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
-		0xC056: "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",
-		0xC057: "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",
-		0xC058: "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
-		0xC059: "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
-		0xC05A: "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
-		0xC05B: "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
-		0xC05C: "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
-		0xC05D: "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
-		0xC05E: "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
-		0xC05F: "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
-		0xC060: "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
-		0xC061: "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
-		0xC062: "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
-		0xC063: "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
-		0xC064: "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
-		0xC065: "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
-		0xC066: "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
-		0xC067: "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
-		0xC068: "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
-		0xC069: "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
-		0xC06A: "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
-		0xC06B: "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
-		0xC06C: "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
-		0xC06D: "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
-		0xC06E: "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
-		0xC06F: "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
-		0xC070: "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
-		0xC071: "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
-		0xC072: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC073: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC074: "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC075: "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC076: "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC077: "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC078: "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC079: "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC07A: "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC07B: "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC07C: "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC07D: "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC07E: "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC07F: "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC080: "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC081: "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC082: "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC083: "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC084: "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC085: "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC086: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC087: "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC088: "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC089: "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC08A: "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC08B: "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC08C: "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC08D: "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC08E: "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC08F: "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC090: "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC091: "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC092: "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
-		0xC093: "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
-		0xC094: "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC095: "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC096: "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC097: "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC098: "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC099: "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC09A: "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
-		0xC09B: "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
-		0xC09C: "TLS_RSA_WITH_AES_128_CCM",
-		0xC09D: "TLS_RSA_WITH_AES_256_CCM",
-		0xC09E: "TLS_DHE_RSA_WITH_AES_128_CCM",
-		0xC09F: "TLS_DHE_RSA_WITH_AES_256_CCM",
-		0xC0A0: "TLS_RSA_WITH_AES_128_CCM_8",
-		0xC0A1: "TLS_RSA_WITH_AES_256_CCM_8",
-		0xC0A2: "TLS_DHE_RSA_WITH_AES_128_CCM_8",
-		0xC0A3: "TLS_DHE_RSA_WITH_AES_256_CCM_8",
-		0xC0A4: "TLS_PSK_WITH_AES_128_CCM",
-		0xC0A5: "TLS_PSK_WITH_AES_256_CCM",
-		0xC0A6: "TLS_DHE_PSK_WITH_AES_128_CCM",
-		0xC0A7: "TLS_DHE_PSK_WITH_AES_256_CCM",
-		0xC0A8: "TLS_PSK_WITH_AES_128_CCM_8",
-		0xC0A9: "TLS_PSK_WITH_AES_256_CCM_8",
-		0xC0AA: "TLS_PSK_DHE_WITH_AES_128_CCM_8",
-		0xC0AB: "TLS_PSK_DHE_WITH_AES_256_CCM_8",
-		0xC0AC: "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
-		0xC0AD: "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
-		0xC0AE: "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
-		0xC0AF: "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
-		0xCCA8: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-		0xCCA9: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-		0xCCAA: "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-		0xCCAB: "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
-		0xCCAC: "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
-		0xCCAD: "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
-		0xCCAE: "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
-	}
-
-	tlsVersionNames = map[uint16]string{
-		0x0300: "SSLv3.0",
-		0x0301: "TLSv1.0",
-		0x0302: "TLSv1.1",
-		0x0303: "TLSv1.2",
-	}
-
-	tlsRecordTypeNames = map[uint8]string{
-		20: "ChangeCipherSpec",
-		21: "Alert",
-		22: "Handshake",
-		23: "ApplicationData",
-	}
-
-	tlsHandshakeTypeNames = map[uint8]string{
-		0:  "HelloRequest",
-		1:  "ClientHello",
-		2:  "ServerHello",
-		4:  "NewSessionTicket",
-		11: "Certificate",
-		12: "ServerKeyExchange",
-		13: "CertificateRequest",
-		14: "ServerHelloDone",
-		15: "CertificateVerify",
-		16: "ClientKeyExchange",
-		20: "Finished",
-		22: "CertificateStatus",
-		76: "NextProtocol",
-	}
-)
diff --git a/firewall/inspection/tls/tls.go b/firewall/inspection/tls/tls.go
deleted file mode 100644
index e6222ca5..00000000
--- a/firewall/inspection/tls/tls.go
+++ /dev/null
@@ -1,431 +0,0 @@
-package tls
-
-import (
-	"crypto/x509"
-	"fmt"
-	"runtime"
-	"strings"
-
-	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
-	"github.com/google/gopacket/tcpassembly"
-
-	"github.com/safing/portbase/log"
-	"github.com/safing/portmaster/firewall/inspection"
-	"github.com/safing/portmaster/firewall/inspection/tls/tlslib"
-	"github.com/safing/portmaster/firewall/inspection/tls/verify"
-	"github.com/safing/portmaster/network"
-	"github.com/safing/portmaster/network/netutils"
-	"github.com/safing/portmaster/network/packet"
-)
-
-// TODO:
-// - delete insecure cipher suites from clienthello as of level (-> configuration)
-// - reject connection if serverhello initiates insecure cipher suite (-> configuration)
-// - reject TLS without SNI as of level (-> configuration)
-
-var (
-	tlsInspectorIndex int
-	assemblerManager  *netutils.SimpleStreamAssemblerManager
-	assembler         *tcpassembly.Assembler
-)
-
-const (
-	statusWaitForMore uint8 = iota
-	statusNotTLS
-	statusProtocolViolation
-	statusInvalidCertificate
-	statusVerified
-)
-
-func init() {
-	tlsInspectorIndex = inspection.RegisterInspector("TLS", inspector, network.ACCEPT)
-
-	assemblerManager = new(netutils.SimpleStreamAssemblerManager)
-	streamPool := tcpassembly.NewStreamPool(assemblerManager)
-	assembler = tcpassembly.NewAssembler(streamPool)
-}
-
-type TLSInspection struct {
-	AssemblerI             *netutils.SimpleStreamAssembler
-	AssemblerO             *netutils.SimpleStreamAssembler
-	PacketsSeen            uint
-	ServerName             string
-	Resuming               bool
-	WaitingForVerification bool
-	verification           chan bool
-	SecurityLevel          int8
-	EnforceCT              bool
-	EnforceRevocation      bool
-	DenyInsecureTLS        bool
-	DenyTLSWithoutSNI      bool
-}
-
-func inspector(pkt packet.Packet, link *network.Link) uint8 {
-
-	// obviously, only inspect TCP
-	if pkt.GetIPHeader().Protocol != packet.TCP {
-		return inspection.STOP_INSPECTING
-	}
-
-	// only check outgoing
-	if link.Connection().Direction == network.Inbound {
-		return inspection.STOP_INSPECTING
-	}
-
-	// get or create link-specific inspection data
-	var tlsInspection *TLSInspection
-	inspectorData, ok := link.InspectorData[uint8(tlsInspectorIndex)]
-	if ok {
-		tlsInspection, ok = inspectorData.(*TLSInspection)
-	}
-	if !ok {
-		tlsInspection = new(TLSInspection)
-		link.InspectorData[uint8(tlsInspectorIndex)] = tlsInspection
-
-		// load config for link
-		tlsInspection.SecurityLevel = link.Connection().Process().Profile.SecurityLevel
-		config.Changed()
-		config.RLock()
-		tlsInspection.EnforceCT = config.EnforceCT.IsSetWithLevel(tlsInspection.SecurityLevel)
-		tlsInspection.EnforceRevocation = config.EnforceRevocation.IsSetWithLevel(tlsInspection.SecurityLevel)
-		tlsInspection.DenyInsecureTLS = config.DenyInsecureTLS.IsSetWithLevel(tlsInspection.SecurityLevel)
-		tlsInspection.DenyTLSWithoutSNI = config.DenyTLSWithoutSNI.IsSetWithLevel(tlsInspection.SecurityLevel)
-		config.RUnlock()
-
-	}
-
-	if tlsInspection.WaitingForVerification {
-		select {
-		case verified := <-tlsInspection.verification:
-			if verified {
-				return inspection.STOP_INSPECTING
-			}
-			return inspection.BLOCK_LINK
-		default:
-			return inspection.DO_NOTHING
-		}
-	}
-
-	var err error
-	var parser *gopacket.DecodingLayerParser
-	var decoded []gopacket.LayerType
-
-	// TODO: pool allocated space for reuse -> performance!
-	var ip4 layers.IPv4
-	var ip6 layers.IPv6
-	var tcp layers.TCP
-
-	var payload gopacket.Payload
-
-	switch pkt.IPVersion() {
-	case packet.IPv4:
-		parser = gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &ip4, &tcp, &payload)
-		err = parser.DecodeLayers(*pkt.GetPayload(), &decoded)
-	case packet.IPv6:
-		parser = gopacket.NewDecodingLayerParser(layers.LayerTypeIPv6, &ip6, &tcp, &payload)
-		err = parser.DecodeLayers(*pkt.GetPayload(), &decoded)
-	default:
-		log.Warningf("TLS inspector: %s: not IPv4 or IPv6", pkt.IPVersion().String())
-		return inspection.DO_NOTHING
-	}
-
-	if err != nil {
-		log.Warningf("TLS inspector: %s: failed to parse packet: %s", pkt, err)
-		return inspection.DO_NOTHING
-	}
-
-	// Stop after 10 packets
-	tlsInspection.PacketsSeen += 1
-	if tlsInspection.PacketsSeen > 20 {
-		if tlsInspection.Resuming {
-			log.Debugf("TLS inspector: resumed TLS session: %s", link.String())
-		} else {
-			log.Debugf("TLS inspector: not TLS: %s", link.String())
-		}
-		return inspection.STOP_INSPECTING
-	}
-
-	// TCP Stream building
-
-	var streamAssembler *netutils.SimpleStreamAssembler
-	inbound := pkt.IsInbound()
-
-	// load assembler
-	if inbound {
-		streamAssembler = tlsInspection.AssemblerI
-	} else {
-		streamAssembler = tlsInspection.AssemblerO
-	}
-
-	// BUG:
-	// 	panic: runtime error: index out of range
-	//
-	// goroutine 1120 [running]:
-	// safing/vendor/github.com/google/gopacket/tcpassembly.(*Assembler).sendToConnection(0xc4200d2e40, 0xc42172f140)
-	// 	/home/dr/.go/src/safing/vendor/github.com/google/gopacket/tcpassembly/assembly.go:631 +0xc2
-	// safing/vendor/github.com/google/gopacket/tcpassembly.(*Assembler).AssembleWithTimestamp(0xc4200d2e40, 0x1, 0x4, 0x4, 0x97fa8c0, 0x0, 0x559063c1, 0x0, 0xc42126ec80, 0xed0c9eb39, ...)
-	// 	/home/dr/.go/src/safing/vendor/github.com/google/gopacket/tcpassembly/assembly.go:605 +0x3d8
-	// safing/vendor/github.com/google/gopacket/tcpassembly.(*Assembler).Assemble(0xc4200d2e40, 0x1, 0x4, 0x4, 0x97fa8c0, 0x0, 0x559063c1, 0x0, 0xc42126ec80)
-	// 	/home/dr/.go/src/safing/vendor/github.com/google/gopacket/tcpassembly/assembly.go:518 +0x82
-	// safing/firewall/inspection/tls.inspector(0xec5f00, 0xc421b88780, 0xc422c20f30, 0xc423d75380)
-	// 	/home/dr/.go/src/safing/firewall/inspection/tls/tls.go:122 +0x414
-	// safing/firewall/inspection.RunInspectors(0xec5f00, 0xc421b88780, 0xc422c20f30, 0xc421545fb8)
-	// 	/home/dr/.go/src/safing/firewall/inspection/inspection.go:62 +0xfe
-	// safing/firewall.inspectThenVerdict(0xec5f00, 0xc421b88780, 0xc422c20f30)
-	// 	/home/dr/.go/src/safing/firewall/firewall.go:144 +0x43
-	// safing/network.(*Link).packetHandler(0xc422c20f30)
-	// 	/home/dr/.go/src/safing/network/link.go:109 +0x89
-	// created by safing/network.(*Link).SetFirewallHandler
-	// 	/home/dr/.go/src/safing/network/link.go:61 +0xdd
-
-	// assemble and save assembler if first time
-	if streamAssembler != nil {
-		if pkt.IPVersion() == packet.IPv4 {
-			assembler.Assemble(ip4.NetworkFlow(), &tcp)
-			// FIXME: panic: runtime error: index out of range
-			//
-			// goroutine 772 [running]:
-			// safing/vendor/github.com/google/gopacket/tcpassembly.(*Assembler).sendToConnection(0xc4200eed80, 0xc4222b1fa0)
-			// 	/home/dr/.go/src/safing/vendor/github.com/google/gopacket/tcpassembly/assembly.go:631 +0xc2
-			// safing/vendor/github.com/google/gopacket/tcpassembly.(*Assembler).AssembleWithTimestamp(0xc4200eed80, 0x1, 0x4, 0x4, 0x97fa8c0, 0x0, 0x8e17d9ac, 0x0, 0xc42175a8c0, 0xed0e03a0a, ...)
-			// 	/home/dr/.go/src/safing/vendor/github.com/google/gopacket/tcpassembly/assembly.go:605 +0x3d8
-			// safing/vendor/github.com/google/gopacket/tcpassembly.(*Assembler).Assemble(0xc4200eed80, 0x1, 0x4, 0x4, 0x97fa8c0, 0x0, 0x8e17d9ac, 0x0, 0xc42175a8c0)
-			// 	/home/dr/.go/src/safing/vendor/github.com/google/gopacket/tcpassembly/assembly.go:518 +0x82
-			// safing/firewall/inspection/tls.inspector(0xed40c0, 0xc421cce780, 0xc4229e42d0, 0xc42155f6c0)
-			// 	/home/dr/.go/src/safing/firewall/inspection/tls/tls.go:143 +0x414
-			// safing/firewall/inspection.RunInspectors(0xed40c0, 0xc421cce780, 0xc4229e42d0, 0xc421d19fb8)
-			// 	/home/dr/.go/src/safing/firewall/inspection/inspection.go:62 +0xfe
-			// safing/firewall.inspectThenVerdict(0xed40c0, 0xc421cce780, 0xc4229e42d0)
-			// 	/home/dr/.go/src/safing/firewall/firewall.go:149 +0x43
-			// safing/network.(*Link).packetHandler(0xc4229e42d0)
-			// 	/home/dr/.go/src/safing/network/link.go:110 +0x8c
-			// created by safing/network.(*Link).SetFirewallHandler
-			// 	/home/dr/.go/src/safing/network/link.go:61 +0xe7
-		} else {
-			assembler.Assemble(ip6.NetworkFlow(), &tcp)
-		}
-	} else {
-		assemblerManager.InitLock.Lock()
-		if pkt.IPVersion() == packet.IPv4 {
-			assembler.Assemble(ip4.NetworkFlow(), &tcp)
-		} else {
-			assembler.Assemble(ip6.NetworkFlow(), &tcp)
-		}
-		if inbound {
-			streamAssembler = assemblerManager.GetLastAssembler()
-			tlsInspection.AssemblerI = streamAssembler
-		} else {
-			streamAssembler = assemblerManager.GetLastAssembler()
-			tlsInspection.AssemblerO = streamAssembler
-		}
-		assemblerManager.InitLock.Unlock()
-	}
-
-	if streamAssembler == nil {
-		return inspection.DO_NOTHING
-	}
-
-	for {
-
-		// check if we have a possible tls message header
-		if len(streamAssembler.Cumulated) < 5 {
-			return inspection.DO_NOTHING
-		}
-
-		// get tls message length
-		tlsMessageLen := int(streamAssembler.Cumulated[3])*256 + int(streamAssembler.Cumulated[4]) + 5
-
-		// check if we have full tls message
-		if len(streamAssembler.Cumulated) < tlsMessageLen {
-			return inspection.DO_NOTHING
-		}
-
-		action := processMessage(tlsInspection, streamAssembler.Cumulated[:tlsMessageLen], pkt, link)
-		// BUG: slice bounds out of range
-		if tlsMessageLen == len(streamAssembler.Cumulated) {
-			streamAssembler.Cumulated = make([]byte, 0, 0)
-		} else if tlsMessageLen < len(streamAssembler.Cumulated) {
-			streamAssembler.Cumulated = streamAssembler.Cumulated[tlsMessageLen:]
-		} else {
-			log.Warningf("TLS inspector: processed more than available, resetting buffer")
-			streamAssembler.Cumulated = make([]byte, 0, 0)
-		}
-
-		if action != inspection.DO_NOTHING {
-			return action
-		}
-
-	}
-
-}
-
-func processMessage(tlsInspection *TLSInspection, data []byte, pkt packet.Packet, link *network.Link) (action uint8) {
-
-	// we are only interested in handshake messages
-	if data[0] != uint8(tlslib.RecordTypeHandshake) {
-		// log.Tracef("TLS inspector: %s: got %s", pkt, tlsRecordType)
-		return inspection.DO_NOTHING
-	}
-
-	// TODO: handle tls session resumption: session tickets / session id
-	_, ok := tlsHandshakeTypeNames[data[5]]
-	if !ok {
-		// tlsHandshakeType = "UNKNOWN"
-		log.Tracef("TLS inspector: %s: UNKNOWN handshake %d:", pkt, data[5])
-	}
-	// log.Tracef("TLS inspector: %s: got %s", pkt, tlsHandshakeType)
-
-	if pkt.IsOutbound() {
-		switch data[5] {
-
-		// ClientHello
-		case tlslib.TypeClientHello:
-			var msg tlslib.ClientHelloMsg
-			if msg.Unmarshal(data[5:]) {
-				// log.Tracef("TLS inspector: %s: ClientHello: %s", pkt, msg.ServerName)
-
-				if tlsInspection.DenyTLSWithoutSNI && msg.ServerName == "" {
-					log.Infof("TLS inspector: %s does not use SNI, blocking", link)
-					link.AddReason(fmt.Sprintf("TLS does not use SNI"))
-					return inspection.BLOCK_LINK
-				}
-
-				if tlsInspection.DenyInsecureTLS && msg.Vers < 0x0301 {
-					log.Infof("TLS inspector: %s uses version prior TLS1.0, blocking", link)
-					link.AddReason(fmt.Sprintf("TLS uses version prior to TLS1.0"))
-					return inspection.BLOCK_LINK
-				}
-
-				tlsInspection.ServerName = msg.ServerName
-				if len(msg.SessionId) > 0 || len(msg.SessionTicket) > 0 {
-					tlsInspection.Resuming = true
-				}
-
-				return
-			}
-			log.Warningf("TLS inspector: %s: failed to parse ClientHello", pkt)
-
-		}
-	} else {
-		switch data[5] {
-
-		// ServerHello
-		case tlslib.TypeServerHello:
-			var msg tlslib.ServerHelloMsg
-			if msg.Unmarshal(data[5:]) {
-
-				if tlsInspection.DenyInsecureTLS {
-					cs, ok := cipherSuiteNames[msg.CipherSuite]
-					if !ok {
-						log.Infof("TLS inspector: %s uses unknown cipher suite, blocking", link)
-						link.AddReason(fmt.Sprintf("TLS uses unknown cipher suite"))
-						return inspection.BLOCK_LINK
-					}
-
-					// We think matching this way is more secure, as it leaves less possibility for bugs, makes the code more readable, and easier to verify.
-					switch {
-					case strings.HasSuffix(cs, "MD5"):
-					case strings.HasSuffix(cs, "SHA"):
-					case strings.Contains(cs, "NULL"):
-					case strings.Contains(cs, "RC4"):
-					case strings.Contains(cs, "DES"):
-					case strings.Contains(cs, "IDEA"):
-					case strings.Contains(cs, "anon"):
-					default:
-						return
-					}
-
-					log.Infof("TLS inspector: %s uses insecure cipher suite, blocking", link)
-					link.AddReason(fmt.Sprintf("TLS uses insecure cipher suite"))
-					return inspection.BLOCK_LINK
-				}
-
-				return
-
-			}
-			log.Warningf("TLS inspector: %s: failed to parse server hello", pkt)
-
-		// Certificate from server
-		case tlslib.TypeCertificate:
-			var msg tlslib.CertificateMsg
-			if msg.Unmarshal(data[5:]) {
-
-				// parse certificates
-				certs := make([]*x509.Certificate, len(msg.Certificates))
-				for key, bytes := range msg.Certificates {
-					cert, err := x509.ParseCertificate(bytes)
-					if err != nil {
-						if tlsInspection.EnforceRevocation {
-							log.Infof("TLS inspector: %s: failed to parse cert, denying")
-							link.AddReason("failed to parse TLS certificates")
-							return inspection.BLOCK_LINK
-						}
-						return inspection.STOP_INSPECTING
-					}
-					certs[key] = cert
-				}
-
-				// always check signatures
-				if tlsInspection.ServerName == "" && len(certs[0].DNSNames) > 0 {
-					// ignore missing SNI, as we already checked for that earlier
-					tlsInspection.ServerName = certs[0].DNSNames[0]
-				}
-				verifiedChain, err := verify.CheckSignatures(tlsInspection.ServerName, certs)
-				if err != nil {
-					log.Infof("TLS inspector: certificate invalid: %s, denying", err)
-					link.AddReason(fmt.Sprintf("certificate invalid: %s", err))
-					return inspection.BLOCK_LINK
-				}
-
-				// always check if we already know of cert revocation
-				ok, _ := verify.CheckKnownRevocation(verifiedChain)
-				if !ok {
-					log.Infof("TLS inspector: certificate is revoked, denying", err)
-					link.AddReason("certificate is revoked")
-					return inspection.BLOCK_LINK
-				}
-
-				// check recocation, either now or later
-				if tlsInspection.EnforceRevocation {
-					ok, err := verify.CheckRecovation(verifiedChain)
-					if !ok {
-						log.Infof("TLS inspector: %s: failed to check revocation: %s", link, err)
-						link.AddReason(fmt.Sprintf("failed to check revocation: %s", err))
-						return inspection.BLOCK_LINK
-					}
-					if err != nil {
-						log.Infof("TLS inspector: %s: softfailed to check revocation: %s", link, err)
-						return inspection.STOP_INSPECTING
-					}
-					log.Infof("TLS inspector: %s: verified certificate", link)
-					return inspection.STOP_INSPECTING
-				} else {
-					tlsInspection.verification = make(chan bool, 1)
-					tlsInspection.WaitingForVerification = true
-					go func() {
-						runtime.Gosched()
-						ok, err := verify.CheckRecovation(verifiedChain)
-						if !ok {
-							log.Infof("TLS inspector (delayed): %s: failed to check revocation: %s", link, err)
-							// TODO: think about locking Reason, right now
-							link.AddReason(fmt.Sprintf("failed to check revocation: %s", err))
-						} else if err != nil {
-							log.Infof("TLS inspector (delayed): %s: softfailed to check revocation: %s", link, err)
-						} else {
-							log.Infof("TLS inspector (delayed): %s: verified certificate", link)
-						}
-						tlsInspection.verification <- ok
-					}()
-					return inspection.DO_NOTHING
-				}
-
-			}
-			log.Warningf("TLS inspector: %s: failed to parse server cert msg", link)
-
-		}
-	}
-
-	return
-
-}
diff --git a/firewall/inspection/tls/tls_test.go b/firewall/inspection/tls/tls_test.go
deleted file mode 100644
index 79ec4be4..00000000
--- a/firewall/inspection/tls/tls_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package tls
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/safing/portmaster/firewall/inspection/tls/tlslib"
-)
-
-var clientHelloSample = []byte{
-	// 0x16, 0x03, 0x01, 0x01, 0x01,
-	0x01, 0x00, 0x00, 0xfd, 0x03, 0x03, 0x58, 0xf3, 0xbf, 0x00, 0xa1, 0x23, 0xff, 0x99, 0xca, 0x9a, 0x3c, 0x16, 0xe3, 0x34, 0xc6, 0xc1, 0xe6, 0xf0, 0xe5, 0x84, 0xff, 0x87, 0x8a, 0x88, 0x04, 0x17, 0xf2, 0xa2, 0xc2, 0x2c, 0x4a, 0x32, 0x00, 0x00, 0x6c, 0xc0, 0x2b, 0xc0, 0x2c, 0xc0, 0x86, 0xc0, 0x87, 0xc0, 0x09, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x24, 0xc0, 0x72, 0xc0, 0x73, 0xc0, 0xac, 0xc0, 0xad, 0xc0, 0x08, 0xc0, 0x2f, 0xc0, 0x30, 0xc0, 0x8a, 0xc0, 0x8b, 0xc0, 0x13, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x28, 0xc0, 0x76, 0xc0, 0x77, 0xc0, 0x12, 0x00, 0x9c, 0x00, 0x9d, 0xc0, 0x7a, 0xc0, 0x7b, 0x00, 0x2f, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x41, 0x00, 0xba, 0x00, 0x84, 0x00, 0xc0, 0xc0, 0x9c, 0xc0, 0x9d, 0x00, 0x0a, 0x00, 0x9e, 0x00, 0x9f, 0xc0, 0x7c, 0xc0, 0x7d, 0x00, 0x33, 0x00, 0x67, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x45, 0x00, 0xbe, 0x00, 0x88, 0x00, 0xc4, 0xc0, 0x9e, 0xc0, 0x9f, 0x00, 0x16, 0x01, 0x00, 0x00, 0x68, 0x00, 0x17, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06, 0x6f, 0x72, 0x66, 0x2e, 0x61, 0x74, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x15, 0x00, 0x13, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x16, 0x00, 0x14, 0x04, 0x01, 0x04, 0x03, 0x05, 0x01, 0x05, 0x03, 0x06, 0x01, 0x06, 0x03, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
-}
-
-func TestClientHelloParsing(t *testing.T) {
-	var msg tlslib.ClientHelloMsg
-	if msg.Unmarshal(clientHelloSample) {
-		fmt.Printf("ClientHello: %v", msg)
-	} else {
-		t.Error("Could not parse ClientHello")
-	}
-}
diff --git a/firewall/inspection/tls/tlslib/alert.go b/firewall/inspection/tls/tlslib/alert.go
deleted file mode 100644
index 603787c8..00000000
--- a/firewall/inspection/tls/tlslib/alert.go
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import "strconv"
-
-type alert uint8
-
-const (
-	// alert level
-	alertLevelWarning = 1
-	alertLevelError   = 2
-)
-
-const (
-	alertCloseNotify            alert = 0
-	alertUnexpectedMessage      alert = 10
-	alertBadRecordMAC           alert = 20
-	alertDecryptionFailed       alert = 21
-	alertRecordOverflow         alert = 22
-	alertDecompressionFailure   alert = 30
-	alertHandshakeFailure       alert = 40
-	alertBadCertificate         alert = 42
-	alertUnsupportedCertificate alert = 43
-	alertCertificateRevoked     alert = 44
-	alertCertificateExpired     alert = 45
-	alertCertificateUnknown     alert = 46
-	alertIllegalParameter       alert = 47
-	alertUnknownCA              alert = 48
-	alertAccessDenied           alert = 49
-	alertDecodeError            alert = 50
-	alertDecryptError           alert = 51
-	alertProtocolVersion        alert = 70
-	alertInsufficientSecurity   alert = 71
-	alertInternalError          alert = 80
-	alertInappropriateFallback  alert = 86
-	alertUserCanceled           alert = 90
-	alertNoRenegotiation        alert = 100
-	alertNoApplicationProtocol  alert = 120
-)
-
-var alertText = map[alert]string{
-	alertCloseNotify:            "close notify",
-	alertUnexpectedMessage:      "unexpected message",
-	alertBadRecordMAC:           "bad record MAC",
-	alertDecryptionFailed:       "decryption failed",
-	alertRecordOverflow:         "record overflow",
-	alertDecompressionFailure:   "decompression failure",
-	alertHandshakeFailure:       "handshake failure",
-	alertBadCertificate:         "bad certificate",
-	alertUnsupportedCertificate: "unsupported certificate",
-	alertCertificateRevoked:     "revoked certificate",
-	alertCertificateExpired:     "expired certificate",
-	alertCertificateUnknown:     "unknown certificate",
-	alertIllegalParameter:       "illegal parameter",
-	alertUnknownCA:              "unknown certificate authority",
-	alertAccessDenied:           "access denied",
-	alertDecodeError:            "error decoding message",
-	alertDecryptError:           "error decrypting message",
-	alertProtocolVersion:        "protocol version not supported",
-	alertInsufficientSecurity:   "insufficient security level",
-	alertInternalError:          "internal error",
-	alertInappropriateFallback:  "inappropriate fallback",
-	alertUserCanceled:           "user canceled",
-	alertNoRenegotiation:        "no renegotiation",
-	alertNoApplicationProtocol:  "no application protocol",
-}
-
-func (e alert) String() string {
-	s, ok := alertText[e]
-	if ok {
-		return "tls: " + s
-	}
-	return "tls: alert(" + strconv.Itoa(int(e)) + ")"
-}
-
-func (e alert) Error() string {
-	return e.String()
-}
diff --git a/firewall/inspection/tls/tlslib/cipher_suites.go b/firewall/inspection/tls/tlslib/cipher_suites.go
deleted file mode 100644
index d0f1bf35..00000000
--- a/firewall/inspection/tls/tlslib/cipher_suites.go
+++ /dev/null
@@ -1,396 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/des"
-	"crypto/hmac"
-	"crypto/rc4"
-	"crypto/sha1"
-	"crypto/sha256"
-	"crypto/x509"
-	"hash"
-
-	"golang.org/x/crypto/chacha20poly1305"
-)
-
-// a keyAgreement implements the client and server side of a TLS key agreement
-// protocol by generating and processing key exchange messages.
-type keyAgreement interface {
-	// On the server side, the first two methods are called in order.
-
-	// In the case that the key agreement protocol doesn't use a
-	// ServerKeyExchange message, generateServerKeyExchange can return nil,
-	// nil.
-	generateServerKeyExchange(*Config, *Certificate, *ClientHelloMsg, *ServerHelloMsg) (*ServerKeyExchangeMsg, error)
-	processClientKeyExchange(*Config, *Certificate, *ClientKeyExchangeMsg, uint16) ([]byte, error)
-
-	// On the client side, the next two methods are called in order.
-
-	// This method may not be called if the server doesn't send a
-	// ServerKeyExchange message.
-	processServerKeyExchange(*Config, *ClientHelloMsg, *ServerHelloMsg, *x509.Certificate, *ServerKeyExchangeMsg) error
-	generateClientKeyExchange(*Config, *ClientHelloMsg, *x509.Certificate) ([]byte, *ClientKeyExchangeMsg, error)
-}
-
-const (
-	// suiteECDH indicates that the cipher suite involves elliptic curve
-	// Diffie-Hellman. This means that it should only be selected when the
-	// client indicates that it supports ECC with a curve and point format
-	// that we're happy with.
-	suiteECDHE = 1 << iota
-	// suiteECDSA indicates that the cipher suite involves an ECDSA
-	// signature and therefore may only be selected when the server's
-	// certificate is ECDSA. If this is not set then the cipher suite is
-	// RSA based.
-	suiteECDSA
-	// suiteTLS12 indicates that the cipher suite should only be advertised
-	// and accepted when using TLS 1.2.
-	suiteTLS12
-	// suiteSHA384 indicates that the cipher suite uses SHA384 as the
-	// handshake hash.
-	suiteSHA384
-	// suiteDefaultOff indicates that this cipher suite is not included by
-	// default.
-	suiteDefaultOff
-)
-
-// A cipherSuite is a specific combination of key agreement, cipher and MAC
-// function. All cipher suites currently assume RSA key agreement.
-type cipherSuite struct {
-	id uint16
-	// the lengths, in bytes, of the key material needed for each component.
-	keyLen int
-	macLen int
-	ivLen  int
-	ka     func(version uint16) keyAgreement
-	// flags is a bitmask of the suite* values, above.
-	flags  int
-	cipher func(key, iv []byte, isRead bool) interface{}
-	mac    func(version uint16, macKey []byte) macFunction
-	aead   func(key, fixedNonce []byte) cipher.AEAD
-}
-
-var cipherSuites = []*cipherSuite{
-	// Ciphersuite order is chosen so that ECDHE comes before plain RSA and
-	// AEADs are the top preference.
-	{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
-	{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadChaCha20Poly1305},
-	{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM},
-	{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM},
-	{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
-	{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
-	{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
-	{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
-	{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
-	{TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
-	{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
-	{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
-	{TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM},
-	{TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
-	{TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
-	{TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
-	{TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
-	{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil},
-	{TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil},
-
-	// RC4-based cipher suites are disabled by default.
-	{TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil},
-	{TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil},
-	{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil},
-}
-
-func cipherRC4(key, iv []byte, isRead bool) interface{} {
-	cipher, _ := rc4.NewCipher(key)
-	return cipher
-}
-
-func cipher3DES(key, iv []byte, isRead bool) interface{} {
-	block, _ := des.NewTripleDESCipher(key)
-	if isRead {
-		return cipher.NewCBCDecrypter(block, iv)
-	}
-	return cipher.NewCBCEncrypter(block, iv)
-}
-
-func cipherAES(key, iv []byte, isRead bool) interface{} {
-	block, _ := aes.NewCipher(key)
-	if isRead {
-		return cipher.NewCBCDecrypter(block, iv)
-	}
-	return cipher.NewCBCEncrypter(block, iv)
-}
-
-// macSHA1 returns a macFunction for the given protocol version.
-func macSHA1(version uint16, key []byte) macFunction {
-	if version == VersionSSL30 {
-		mac := ssl30MAC{
-			h:   sha1.New(),
-			key: make([]byte, len(key)),
-		}
-		copy(mac.key, key)
-		return mac
-	}
-	return tls10MAC{hmac.New(newConstantTimeHash(sha1.New), key)}
-}
-
-// macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2
-// so the given version is ignored.
-func macSHA256(version uint16, key []byte) macFunction {
-	return tls10MAC{hmac.New(sha256.New, key)}
-}
-
-type macFunction interface {
-	Size() int
-	MAC(digestBuf, seq, header, data, extra []byte) []byte
-}
-
-type aead interface {
-	cipher.AEAD
-
-	// explicitIVLen returns the number of bytes used by the explicit nonce
-	// that is included in the record. This is eight for older AEADs and
-	// zero for modern ones.
-	explicitNonceLen() int
-}
-
-// fixedNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to
-// each call.
-type fixedNonceAEAD struct {
-	// nonce contains the fixed part of the nonce in the first four bytes.
-	nonce [12]byte
-	aead  cipher.AEAD
-}
-
-func (f *fixedNonceAEAD) NonceSize() int        { return 8 }
-func (f *fixedNonceAEAD) Overhead() int         { return f.aead.Overhead() }
-func (f *fixedNonceAEAD) explicitNonceLen() int { return 8 }
-
-func (f *fixedNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte {
-	copy(f.nonce[4:], nonce)
-	return f.aead.Seal(out, f.nonce[:], plaintext, additionalData)
-}
-
-func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) {
-	copy(f.nonce[4:], nonce)
-	return f.aead.Open(out, f.nonce[:], plaintext, additionalData)
-}
-
-// xoredNonceAEAD wraps an AEAD by XORing in a fixed pattern to the nonce
-// before each call.
-type xorNonceAEAD struct {
-	nonceMask [12]byte
-	aead      cipher.AEAD
-}
-
-func (f *xorNonceAEAD) NonceSize() int        { return 8 }
-func (f *xorNonceAEAD) Overhead() int         { return f.aead.Overhead() }
-func (f *xorNonceAEAD) explicitNonceLen() int { return 0 }
-
-func (f *xorNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte {
-	for i, b := range nonce {
-		f.nonceMask[4+i] ^= b
-	}
-	result := f.aead.Seal(out, f.nonceMask[:], plaintext, additionalData)
-	for i, b := range nonce {
-		f.nonceMask[4+i] ^= b
-	}
-
-	return result
-}
-
-func (f *xorNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) {
-	for i, b := range nonce {
-		f.nonceMask[4+i] ^= b
-	}
-	result, err := f.aead.Open(out, f.nonceMask[:], plaintext, additionalData)
-	for i, b := range nonce {
-		f.nonceMask[4+i] ^= b
-	}
-
-	return result, err
-}
-
-func aeadAESGCM(key, fixedNonce []byte) cipher.AEAD {
-	aes, err := aes.NewCipher(key)
-	if err != nil {
-		panic(err)
-	}
-	aead, err := cipher.NewGCM(aes)
-	if err != nil {
-		panic(err)
-	}
-
-	ret := &fixedNonceAEAD{aead: aead}
-	copy(ret.nonce[:], fixedNonce)
-	return ret
-}
-
-func aeadChaCha20Poly1305(key, fixedNonce []byte) cipher.AEAD {
-	aead, err := chacha20poly1305.New(key)
-	if err != nil {
-		panic(err)
-	}
-
-	ret := &xorNonceAEAD{aead: aead}
-	copy(ret.nonceMask[:], fixedNonce)
-	return ret
-}
-
-// ssl30MAC implements the SSLv3 MAC function, as defined in
-// www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 5.2.3.1
-type ssl30MAC struct {
-	h   hash.Hash
-	key []byte
-}
-
-func (s ssl30MAC) Size() int {
-	return s.h.Size()
-}
-
-var ssl30Pad1 = [48]byte{0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36}
-
-var ssl30Pad2 = [48]byte{0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c}
-
-// MAC does not offer constant timing guarantees for SSL v3.0, since it's deemed
-// useless considering the similar, protocol-level POODLE vulnerability.
-func (s ssl30MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte {
-	padLength := 48
-	if s.h.Size() == 20 {
-		padLength = 40
-	}
-
-	s.h.Reset()
-	s.h.Write(s.key)
-	s.h.Write(ssl30Pad1[:padLength])
-	s.h.Write(seq)
-	s.h.Write(header[:1])
-	s.h.Write(header[3:5])
-	s.h.Write(data)
-	digestBuf = s.h.Sum(digestBuf[:0])
-
-	s.h.Reset()
-	s.h.Write(s.key)
-	s.h.Write(ssl30Pad2[:padLength])
-	s.h.Write(digestBuf)
-	return s.h.Sum(digestBuf[:0])
-}
-
-type constantTimeHash interface {
-	hash.Hash
-	ConstantTimeSum(b []byte) []byte
-}
-
-// cthWrapper wraps any hash.Hash that implements ConstantTimeSum, and replaces
-// with that all calls to Sum. It's used to obtain a ConstantTimeSum-based HMAC.
-type cthWrapper struct {
-	h constantTimeHash
-}
-
-func (c *cthWrapper) Size() int                   { return c.h.Size() }
-func (c *cthWrapper) BlockSize() int              { return c.h.BlockSize() }
-func (c *cthWrapper) Reset()                      { c.h.Reset() }
-func (c *cthWrapper) Write(p []byte) (int, error) { return c.h.Write(p) }
-func (c *cthWrapper) Sum(b []byte) []byte         { return c.h.ConstantTimeSum(b) }
-
-func newConstantTimeHash(h func() hash.Hash) func() hash.Hash {
-	return func() hash.Hash {
-		return &cthWrapper{h().(constantTimeHash)}
-	}
-}
-
-// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3.
-type tls10MAC struct {
-	h hash.Hash
-}
-
-func (s tls10MAC) Size() int {
-	return s.h.Size()
-}
-
-// MAC is guaranteed to take constant time, as long as
-// len(seq)+len(header)+len(data)+len(extra) is constant. extra is not fed into
-// the MAC, but is only provided to make the timing profile constant.
-func (s tls10MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte {
-	s.h.Reset()
-	s.h.Write(seq)
-	s.h.Write(header)
-	s.h.Write(data)
-	res := s.h.Sum(digestBuf[:0])
-	if extra != nil {
-		s.h.Write(extra)
-	}
-	return res
-}
-
-func rsaKA(version uint16) keyAgreement {
-	return rsaKeyAgreement{}
-}
-
-func ecdheECDSAKA(version uint16) keyAgreement {
-	return &ecdheKeyAgreement{
-		sigType: signatureECDSA,
-		version: version,
-	}
-}
-
-func ecdheRSAKA(version uint16) keyAgreement {
-	return &ecdheKeyAgreement{
-		sigType: signatureRSA,
-		version: version,
-	}
-}
-
-// mutualCipherSuite returns a cipherSuite given a list of supported
-// ciphersuites and the id requested by the peer.
-func mutualCipherSuite(have []uint16, want uint16) *cipherSuite {
-	for _, id := range have {
-		if id == want {
-			for _, suite := range cipherSuites {
-				if suite.id == want {
-					return suite
-				}
-			}
-			return nil
-		}
-	}
-	return nil
-}
-
-// A list of cipher suite IDs that are, or have been, implemented by this
-// package.
-//
-// Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
-const (
-	TLS_RSA_WITH_RC4_128_SHA                uint16 = 0x0005
-	TLS_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0x000a
-	TLS_RSA_WITH_AES_128_CBC_SHA            uint16 = 0x002f
-	TLS_RSA_WITH_AES_256_CBC_SHA            uint16 = 0x0035
-	TLS_RSA_WITH_AES_128_CBC_SHA256         uint16 = 0x003c
-	TLS_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0x009c
-	TLS_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0x009d
-	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        uint16 = 0xc007
-	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    uint16 = 0xc009
-	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    uint16 = 0xc00a
-	TLS_ECDHE_RSA_WITH_RC4_128_SHA          uint16 = 0xc011
-	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     uint16 = 0xc012
-	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0xc013
-	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0xc014
-	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023
-	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   uint16 = 0xc027
-	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   uint16 = 0xc02f
-	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
-	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   uint16 = 0xc030
-	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
-	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    uint16 = 0xcca8
-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305  uint16 = 0xcca9
-
-	// TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
-	// that the client is doing version fallback. See
-	// https://tools.ietf.org/html/rfc7507.
-	TLS_FALLBACK_SCSV uint16 = 0x5600
-)
diff --git a/firewall/inspection/tls/tlslib/common.go b/firewall/inspection/tls/tlslib/common.go
deleted file mode 100644
index 13ecef99..00000000
--- a/firewall/inspection/tls/tlslib/common.go
+++ /dev/null
@@ -1,965 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"container/list"
-	"crypto"
-	"crypto/rand"
-	"crypto/sha512"
-	"crypto/x509"
-	"errors"
-	"fmt"
-	"io"
-	"math/big"
-	"net"
-	"strings"
-	"sync"
-	"time"
-)
-
-const (
-	VersionSSL30 = 0x0300
-	VersionTLS10 = 0x0301
-	VersionTLS11 = 0x0302
-	VersionTLS12 = 0x0303
-)
-
-const (
-	maxPlaintext    = 16384        // maximum plaintext payload length
-	maxCiphertext   = 16384 + 2048 // maximum ciphertext payload length
-	recordHeaderLen = 5            // record header length
-	maxHandshake    = 65536        // maximum handshake we support (protocol max is 16 MB)
-
-	minVersion = VersionTLS10
-	maxVersion = VersionTLS12
-)
-
-// TLS record types.
-type recordType uint8
-
-const (
-	RecordTypeChangeCipherSpec recordType = 20
-	RecordTypeAlert            recordType = 21
-	RecordTypeHandshake        recordType = 22
-	RecordTypeApplicationData  recordType = 23
-)
-
-// TLS handshake message types.
-const (
-	TypeHelloRequest       uint8 = 0
-	TypeClientHello        uint8 = 1
-	TypeServerHello        uint8 = 2
-	TypeNewSessionTicket   uint8 = 4
-	TypeCertificate        uint8 = 11
-	TypeServerKeyExchange  uint8 = 12
-	TypeCertificateRequest uint8 = 13
-	TypeServerHelloDone    uint8 = 14
-	TypeCertificateVerify  uint8 = 15
-	TypeClientKeyExchange  uint8 = 16
-	TypeFinished           uint8 = 20
-	TypeCertificateStatus  uint8 = 22
-	TypeNextProtocol       uint8 = 67 // Not IANA assigned
-)
-
-// TLS compression types.
-const (
-	compressionNone uint8 = 0
-)
-
-// TLS extension numbers
-const (
-	extensionServerName          uint16 = 0
-	extensionStatusRequest       uint16 = 5
-	extensionSupportedCurves     uint16 = 10
-	extensionSupportedPoints     uint16 = 11
-	extensionSignatureAlgorithms uint16 = 13
-	extensionALPN                uint16 = 16
-	extensionSCT                 uint16 = 18 // https://tools.ietf.org/html/rfc6962#section-6
-	extensionSessionTicket       uint16 = 35
-	extensionNextProtoNeg        uint16 = 13172 // not IANA assigned
-	extensionRenegotiationInfo   uint16 = 0xff01
-)
-
-// TLS signaling cipher suite values
-const (
-	scsvRenegotiation uint16 = 0x00ff
-)
-
-// CurveID is the type of a TLS identifier for an elliptic curve. See
-// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
-type CurveID uint16
-
-const (
-	CurveP256 CurveID = 23
-	CurveP384 CurveID = 24
-	CurveP521 CurveID = 25
-	X25519    CurveID = 29
-)
-
-// TLS Elliptic Curve Point Formats
-// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
-const (
-	pointFormatUncompressed uint8 = 0
-)
-
-// TLS CertificateStatusType (RFC 3546)
-const (
-	statusTypeOCSP uint8 = 1
-)
-
-// Certificate types (for certificateRequestMsg)
-const (
-	certTypeRSASign    = 1 // A certificate containing an RSA key
-	certTypeDSSSign    = 2 // A certificate containing a DSA key
-	certTypeRSAFixedDH = 3 // A certificate containing a static DH key
-	certTypeDSSFixedDH = 4 // A certificate containing a static DH key
-
-	// See RFC 4492 sections 3 and 5.5.
-	certTypeECDSASign      = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
-	certTypeRSAFixedECDH   = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
-	certTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
-
-	// Rest of these are reserved by the TLS spec
-)
-
-// Hash functions for TLS 1.2 (See RFC 5246, section A.4.1)
-const (
-	hashSHA1   uint8 = 2
-	hashSHA256 uint8 = 4
-	hashSHA384 uint8 = 5
-)
-
-// Signature algorithms for TLS 1.2 (See RFC 5246, section A.4.1)
-const (
-	signatureRSA   uint8 = 1
-	signatureECDSA uint8 = 3
-)
-
-// signatureAndHash mirrors the TLS 1.2, SignatureAndHashAlgorithm struct. See
-// RFC 5246, section A.4.1.
-type signatureAndHash struct {
-	hash, signature uint8
-}
-
-// supportedSignatureAlgorithms contains the signature and hash algorithms that
-// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2
-// CertificateRequest.
-var supportedSignatureAlgorithms = []signatureAndHash{
-	{hashSHA256, signatureRSA},
-	{hashSHA256, signatureECDSA},
-	{hashSHA384, signatureRSA},
-	{hashSHA384, signatureECDSA},
-	{hashSHA1, signatureRSA},
-	{hashSHA1, signatureECDSA},
-}
-
-// ConnectionState records basic TLS details about the connection.
-type ConnectionState struct {
-	Version                     uint16                // TLS version used by the connection (e.g. VersionTLS12)
-	HandshakeComplete           bool                  // TLS handshake is complete
-	DidResume                   bool                  // connection resumes a previous TLS connection
-	CipherSuite                 uint16                // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
-	NegotiatedProtocol          string                // negotiated next protocol (not guaranteed to be from Config.NextProtos)
-	NegotiatedProtocolIsMutual  bool                  // negotiated protocol was advertised by server (client side only)
-	ServerName                  string                // server name requested by client, if any (server side only)
-	PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
-	VerifiedChains              [][]*x509.Certificate // verified chains built from PeerCertificates
-	SignedCertificateTimestamps [][]byte              // SCTs from the server, if any
-	OCSPResponse                []byte                // stapled OCSP response from server, if any
-
-	// TLSUnique contains the "tls-unique" channel binding value (see RFC
-	// 5929, section 3). For resumed sessions this value will be nil
-	// because resumption does not include enough context (see
-	// https://mitls.org/pages/attacks/3SHAKE#channelbindings). This will
-	// change in future versions of Go once the TLS master-secret fix has
-	// been standardized and implemented.
-	TLSUnique []byte
-}
-
-// ClientAuthType declares the policy the server will follow for
-// TLS Client Authentication.
-type ClientAuthType int
-
-const (
-	NoClientCert ClientAuthType = iota
-	RequestClientCert
-	RequireAnyClientCert
-	VerifyClientCertIfGiven
-	RequireAndVerifyClientCert
-)
-
-// ClientSessionState contains the state needed by clients to resume TLS
-// sessions.
-type ClientSessionState struct {
-	sessionTicket      []uint8               // Encrypted ticket used for session resumption with server
-	vers               uint16                // SSL/TLS version negotiated for the session
-	cipherSuite        uint16                // Ciphersuite negotiated for the session
-	masterSecret       []byte                // MasterSecret generated by client on a full handshake
-	serverCertificates []*x509.Certificate   // Certificate chain presented by the server
-	verifiedChains     [][]*x509.Certificate // Certificate chains we built for verification
-}
-
-// ClientSessionCache is a cache of ClientSessionState objects that can be used
-// by a client to resume a TLS session with a given server. ClientSessionCache
-// implementations should expect to be called concurrently from different
-// goroutines. Only ticket-based resumption is supported, not SessionID-based
-// resumption.
-type ClientSessionCache interface {
-	// Get searches for a ClientSessionState associated with the given key.
-	// On return, ok is true if one was found.
-	Get(sessionKey string) (session *ClientSessionState, ok bool)
-
-	// Put adds the ClientSessionState to the cache with the given key.
-	Put(sessionKey string, cs *ClientSessionState)
-}
-
-// SignatureScheme identifies a signature algorithm supported by TLS. See
-// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3.
-type SignatureScheme uint16
-
-const (
-	PKCS1WithSHA1   SignatureScheme = 0x0201
-	PKCS1WithSHA256 SignatureScheme = 0x0401
-	PKCS1WithSHA384 SignatureScheme = 0x0501
-	PKCS1WithSHA512 SignatureScheme = 0x0601
-
-	PSSWithSHA256 SignatureScheme = 0x0804
-	PSSWithSHA384 SignatureScheme = 0x0805
-	PSSWithSHA512 SignatureScheme = 0x0806
-
-	ECDSAWithP256AndSHA256 SignatureScheme = 0x0403
-	ECDSAWithP384AndSHA384 SignatureScheme = 0x0503
-	ECDSAWithP521AndSHA512 SignatureScheme = 0x0603
-)
-
-// ClientHelloInfo contains information from a ClientHello message in order to
-// guide certificate selection in the GetCertificate callback.
-type ClientHelloInfo struct {
-	// CipherSuites lists the CipherSuites supported by the client (e.g.
-	// TLS_RSA_WITH_RC4_128_SHA).
-	CipherSuites []uint16
-
-	// ServerName indicates the name of the server requested by the client
-	// in order to support virtual hosting. ServerName is only set if the
-	// client is using SNI (see
-	// http://tools.ietf.org/html/rfc4366#section-3.1).
-	ServerName string
-
-	// SupportedCurves lists the elliptic curves supported by the client.
-	// SupportedCurves is set only if the Supported Elliptic Curves
-	// Extension is being used (see
-	// http://tools.ietf.org/html/rfc4492#section-5.1.1).
-	SupportedCurves []CurveID
-
-	// SupportedPoints lists the point formats supported by the client.
-	// SupportedPoints is set only if the Supported Point Formats Extension
-	// is being used (see
-	// http://tools.ietf.org/html/rfc4492#section-5.1.2).
-	SupportedPoints []uint8
-
-	// SignatureSchemes lists the signature and hash schemes that the client
-	// is willing to verify. SignatureSchemes is set only if the Signature
-	// Algorithms Extension is being used (see
-	// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1).
-	SignatureSchemes []SignatureScheme
-
-	// SupportedProtos lists the application protocols supported by the client.
-	// SupportedProtos is set only if the Application-Layer Protocol
-	// Negotiation Extension is being used (see
-	// https://tools.ietf.org/html/rfc7301#section-3.1).
-	//
-	// Servers can select a protocol by setting Config.NextProtos in a
-	// GetConfigForClient return value.
-	SupportedProtos []string
-
-	// SupportedVersions lists the TLS versions supported by the client.
-	// For TLS versions less than 1.3, this is extrapolated from the max
-	// version advertised by the client, so values other than the greatest
-	// might be rejected if used.
-	SupportedVersions []uint16
-
-	// Conn is the underlying net.Conn for the connection. Do not read
-	// from, or write to, this connection; that will cause the TLS
-	// connection to fail.
-	Conn net.Conn
-}
-
-// CertificateRequestInfo contains information from a server's
-// CertificateRequest message, which is used to demand a certificate and proof
-// of control from a client.
-type CertificateRequestInfo struct {
-	// AcceptableCAs contains zero or more, DER-encoded, X.501
-	// Distinguished Names. These are the names of root or intermediate CAs
-	// that the server wishes the returned certificate to be signed by. An
-	// empty slice indicates that the server has no preference.
-	AcceptableCAs [][]byte
-
-	// SignatureSchemes lists the signature schemes that the server is
-	// willing to verify.
-	SignatureSchemes []SignatureScheme
-}
-
-// RenegotiationSupport enumerates the different levels of support for TLS
-// renegotiation. TLS renegotiation is the act of performing subsequent
-// handshakes on a connection after the first. This significantly complicates
-// the state machine and has been the source of numerous, subtle security
-// issues. Initiating a renegotiation is not supported, but support for
-// accepting renegotiation requests may be enabled.
-//
-// Even when enabled, the server may not change its identity between handshakes
-// (i.e. the leaf certificate must be the same). Additionally, concurrent
-// handshake and application data flow is not permitted so renegotiation can
-// only be used with protocols that synchronise with the renegotiation, such as
-// HTTPS.
-type RenegotiationSupport int
-
-const (
-	// RenegotiateNever disables renegotiation.
-	RenegotiateNever RenegotiationSupport = iota
-
-	// RenegotiateOnceAsClient allows a remote server to request
-	// renegotiation once per connection.
-	RenegotiateOnceAsClient
-
-	// RenegotiateFreelyAsClient allows a remote server to repeatedly
-	// request renegotiation.
-	RenegotiateFreelyAsClient
-)
-
-// A Config structure is used to configure a TLS client or server.
-// After one has been passed to a TLS function it must not be
-// modified. A Config may be reused; the tls package will also not
-// modify it.
-type Config struct {
-	// Rand provides the source of entropy for nonces and RSA blinding.
-	// If Rand is nil, TLS uses the cryptographic random reader in package
-	// crypto/rand.
-	// The Reader must be safe for use by multiple goroutines.
-	Rand io.Reader
-
-	// Time returns the current time as the number of seconds since the epoch.
-	// If Time is nil, TLS uses time.Now.
-	Time func() time.Time
-
-	// Certificates contains one or more certificate chains to present to
-	// the other side of the connection. Server configurations must include
-	// at least one certificate or else set GetCertificate. Clients doing
-	// client-authentication may set either Certificates or
-	// GetClientCertificate.
-	Certificates []Certificate
-
-	// NameToCertificate maps from a certificate name to an element of
-	// Certificates. Note that a certificate name can be of the form
-	// '*.example.com' and so doesn't have to be a domain name as such.
-	// See Config.BuildNameToCertificate
-	// The nil value causes the first element of Certificates to be used
-	// for all connections.
-	NameToCertificate map[string]*Certificate
-
-	// GetCertificate returns a Certificate based on the given
-	// ClientHelloInfo. It will only be called if the client supplies SNI
-	// information or if Certificates is empty.
-	//
-	// If GetCertificate is nil or returns nil, then the certificate is
-	// retrieved from NameToCertificate. If NameToCertificate is nil, the
-	// first element of Certificates will be used.
-	GetCertificate func(*ClientHelloInfo) (*Certificate, error)
-
-	// GetClientCertificate, if not nil, is called when a server requests a
-	// certificate from a client. If set, the contents of Certificates will
-	// be ignored.
-	//
-	// If GetClientCertificate returns an error, the handshake will be
-	// aborted and that error will be returned. Otherwise
-	// GetClientCertificate must return a non-nil Certificate. If
-	// Certificate.Certificate is empty then no certificate will be sent to
-	// the server. If this is unacceptable to the server then it may abort
-	// the handshake.
-	//
-	// GetClientCertificate may be called multiple times for the same
-	// connection if renegotiation occurs or if TLS 1.3 is in use.
-	GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error)
-
-	// GetConfigForClient, if not nil, is called after a ClientHello is
-	// received from a client. It may return a non-nil Config in order to
-	// change the Config that will be used to handle this connection. If
-	// the returned Config is nil, the original Config will be used. The
-	// Config returned by this callback may not be subsequently modified.
-	//
-	// If GetConfigForClient is nil, the Config passed to Server() will be
-	// used for all connections.
-	//
-	// Uniquely for the fields in the returned Config, session ticket keys
-	// will be duplicated from the original Config if not set.
-	// Specifically, if SetSessionTicketKeys was called on the original
-	// config but not on the returned config then the ticket keys from the
-	// original config will be copied into the new config before use.
-	// Otherwise, if SessionTicketKey was set in the original config but
-	// not in the returned config then it will be copied into the returned
-	// config before use. If neither of those cases applies then the key
-	// material from the returned config will be used for session tickets.
-	GetConfigForClient func(*ClientHelloInfo) (*Config, error)
-
-	// VerifyPeerCertificate, if not nil, is called after normal
-	// certificate verification by either a TLS client or server. It
-	// receives the raw ASN.1 certificates provided by the peer and also
-	// any verified chains that normal processing found. If it returns a
-	// non-nil error, the handshake is aborted and that error results.
-	//
-	// If normal verification fails then the handshake will abort before
-	// considering this callback. If normal verification is disabled by
-	// setting InsecureSkipVerify then this callback will be considered but
-	// the verifiedChains argument will always be nil.
-	VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
-
-	// RootCAs defines the set of root certificate authorities
-	// that clients use when verifying server certificates.
-	// If RootCAs is nil, TLS uses the host's root CA set.
-	RootCAs *x509.CertPool
-
-	// NextProtos is a list of supported, application level protocols.
-	NextProtos []string
-
-	// ServerName is used to verify the hostname on the returned
-	// certificates unless InsecureSkipVerify is given. It is also included
-	// in the client's handshake to support virtual hosting unless it is
-	// an IP address.
-	ServerName string
-
-	// ClientAuth determines the server's policy for
-	// TLS Client Authentication. The default is NoClientCert.
-	ClientAuth ClientAuthType
-
-	// ClientCAs defines the set of root certificate authorities
-	// that servers use if required to verify a client certificate
-	// by the policy in ClientAuth.
-	ClientCAs *x509.CertPool
-
-	// InsecureSkipVerify controls whether a client verifies the
-	// server's certificate chain and host name.
-	// If InsecureSkipVerify is true, TLS accepts any certificate
-	// presented by the server and any host name in that certificate.
-	// In this mode, TLS is susceptible to man-in-the-middle attacks.
-	// This should be used only for testing.
-	InsecureSkipVerify bool
-
-	// CipherSuites is a list of supported cipher suites. If CipherSuites
-	// is nil, TLS uses a list of suites supported by the implementation.
-	CipherSuites []uint16
-
-	// PreferServerCipherSuites controls whether the server selects the
-	// client's most preferred ciphersuite, or the server's most preferred
-	// ciphersuite. If true then the server's preference, as expressed in
-	// the order of elements in CipherSuites, is used.
-	PreferServerCipherSuites bool
-
-	// SessionTicketsDisabled may be set to true to disable session ticket
-	// (resumption) support.
-	SessionTicketsDisabled bool
-
-	// SessionTicketKey is used by TLS servers to provide session
-	// resumption. See RFC 5077. If zero, it will be filled with
-	// random data before the first server handshake.
-	//
-	// If multiple servers are terminating connections for the same host
-	// they should all have the same SessionTicketKey. If the
-	// SessionTicketKey leaks, previously recorded and future TLS
-	// connections using that key are compromised.
-	SessionTicketKey [32]byte
-
-	// SessionCache is a cache of ClientSessionState entries for TLS session
-	// resumption.
-	ClientSessionCache ClientSessionCache
-
-	// MinVersion contains the minimum SSL/TLS version that is acceptable.
-	// If zero, then TLS 1.0 is taken as the minimum.
-	MinVersion uint16
-
-	// MaxVersion contains the maximum SSL/TLS version that is acceptable.
-	// If zero, then the maximum version supported by this package is used,
-	// which is currently TLS 1.2.
-	MaxVersion uint16
-
-	// CurvePreferences contains the elliptic curves that will be used in
-	// an ECDHE handshake, in preference order. If empty, the default will
-	// be used.
-	CurvePreferences []CurveID
-
-	// DynamicRecordSizingDisabled disables adaptive sizing of TLS records.
-	// When true, the largest possible TLS record size is always used. When
-	// false, the size of TLS records may be adjusted in an attempt to
-	// improve latency.
-	DynamicRecordSizingDisabled bool
-
-	// Renegotiation controls what types of renegotiation are supported.
-	// The default, none, is correct for the vast majority of applications.
-	Renegotiation RenegotiationSupport
-
-	// KeyLogWriter optionally specifies a destination for TLS master secrets
-	// in NSS key log format that can be used to allow external programs
-	// such as Wireshark to decrypt TLS connections.
-	// See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
-	// Use of KeyLogWriter compromises security and should only be
-	// used for debugging.
-	KeyLogWriter io.Writer
-
-	serverInitOnce sync.Once // guards calling (*Config).serverInit
-
-	// mutex protects sessionTicketKeys and originalConfig.
-	mutex sync.RWMutex
-	// sessionTicketKeys contains zero or more ticket keys. If the length
-	// is zero, SessionTicketsDisabled must be true. The first key is used
-	// for new tickets and any subsequent keys can be used to decrypt old
-	// tickets.
-	sessionTicketKeys []ticketKey
-	// originalConfig is set to the Config that was passed to Server if
-	// this Config is returned by a GetConfigForClient callback. It's used
-	// by serverInit in order to copy session ticket keys if needed.
-	originalConfig *Config
-}
-
-// ticketKeyNameLen is the number of bytes of identifier that is prepended to
-// an encrypted session ticket in order to identify the key used to encrypt it.
-const ticketKeyNameLen = 16
-
-// ticketKey is the internal representation of a session ticket key.
-type ticketKey struct {
-	// keyName is an opaque byte string that serves to identify the session
-	// ticket key. It's exposed as plaintext in every session ticket.
-	keyName [ticketKeyNameLen]byte
-	aesKey  [16]byte
-	hmacKey [16]byte
-}
-
-// ticketKeyFromBytes converts from the external representation of a session
-// ticket key to a ticketKey. Externally, session ticket keys are 32 random
-// bytes and this function expands that into sufficient name and key material.
-func ticketKeyFromBytes(b [32]byte) (key ticketKey) {
-	hashed := sha512.Sum512(b[:])
-	copy(key.keyName[:], hashed[:ticketKeyNameLen])
-	copy(key.aesKey[:], hashed[ticketKeyNameLen:ticketKeyNameLen+16])
-	copy(key.hmacKey[:], hashed[ticketKeyNameLen+16:ticketKeyNameLen+32])
-	return key
-}
-
-// Clone returns a shallow clone of c. It is safe to clone a Config that is
-// being used concurrently by a TLS client or server.
-func (c *Config) Clone() *Config {
-	// Running serverInit ensures that it's safe to read
-	// SessionTicketsDisabled.
-	c.serverInitOnce.Do(c.serverInit)
-
-	var sessionTicketKeys []ticketKey
-	c.mutex.RLock()
-	sessionTicketKeys = c.sessionTicketKeys
-	c.mutex.RUnlock()
-
-	return &Config{
-		Rand:                        c.Rand,
-		Time:                        c.Time,
-		Certificates:                c.Certificates,
-		NameToCertificate:           c.NameToCertificate,
-		GetCertificate:              c.GetCertificate,
-		GetClientCertificate:        c.GetClientCertificate,
-		GetConfigForClient:          c.GetConfigForClient,
-		VerifyPeerCertificate:       c.VerifyPeerCertificate,
-		RootCAs:                     c.RootCAs,
-		NextProtos:                  c.NextProtos,
-		ServerName:                  c.ServerName,
-		ClientAuth:                  c.ClientAuth,
-		ClientCAs:                   c.ClientCAs,
-		InsecureSkipVerify:          c.InsecureSkipVerify,
-		CipherSuites:                c.CipherSuites,
-		PreferServerCipherSuites:    c.PreferServerCipherSuites,
-		SessionTicketsDisabled:      c.SessionTicketsDisabled,
-		SessionTicketKey:            c.SessionTicketKey,
-		ClientSessionCache:          c.ClientSessionCache,
-		MinVersion:                  c.MinVersion,
-		MaxVersion:                  c.MaxVersion,
-		CurvePreferences:            c.CurvePreferences,
-		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
-		Renegotiation:               c.Renegotiation,
-		KeyLogWriter:                c.KeyLogWriter,
-		sessionTicketKeys:           sessionTicketKeys,
-		// originalConfig is deliberately not duplicated.
-	}
-}
-
-func (c *Config) serverInit() {
-	if c.SessionTicketsDisabled || len(c.ticketKeys()) != 0 {
-		return
-	}
-
-	var originalConfig *Config
-	c.mutex.Lock()
-	originalConfig, c.originalConfig = c.originalConfig, nil
-	c.mutex.Unlock()
-
-	alreadySet := false
-	for _, b := range c.SessionTicketKey {
-		if b != 0 {
-			alreadySet = true
-			break
-		}
-	}
-
-	if !alreadySet {
-		if originalConfig != nil {
-			copy(c.SessionTicketKey[:], originalConfig.SessionTicketKey[:])
-		} else if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil {
-			c.SessionTicketsDisabled = true
-			return
-		}
-	}
-
-	if originalConfig != nil {
-		originalConfig.mutex.RLock()
-		c.sessionTicketKeys = originalConfig.sessionTicketKeys
-		originalConfig.mutex.RUnlock()
-	} else {
-		c.sessionTicketKeys = []ticketKey{ticketKeyFromBytes(c.SessionTicketKey)}
-	}
-}
-
-func (c *Config) ticketKeys() []ticketKey {
-	c.mutex.RLock()
-	// c.sessionTicketKeys is constant once created. SetSessionTicketKeys
-	// will only update it by replacing it with a new value.
-	ret := c.sessionTicketKeys
-	c.mutex.RUnlock()
-	return ret
-}
-
-// SetSessionTicketKeys updates the session ticket keys for a server. The first
-// key will be used when creating new tickets, while all keys can be used for
-// decrypting tickets. It is safe to call this function while the server is
-// running in order to rotate the session ticket keys. The function will panic
-// if keys is empty.
-func (c *Config) SetSessionTicketKeys(keys [][32]byte) {
-	if len(keys) == 0 {
-		panic("tls: keys must have at least one key")
-	}
-
-	newKeys := make([]ticketKey, len(keys))
-	for i, bytes := range keys {
-		newKeys[i] = ticketKeyFromBytes(bytes)
-	}
-
-	c.mutex.Lock()
-	c.sessionTicketKeys = newKeys
-	c.mutex.Unlock()
-}
-
-func (c *Config) rand() io.Reader {
-	r := c.Rand
-	if r == nil {
-		return rand.Reader
-	}
-	return r
-}
-
-func (c *Config) time() time.Time {
-	t := c.Time
-	if t == nil {
-		t = time.Now
-	}
-	return t()
-}
-
-func (c *Config) cipherSuites() []uint16 {
-	s := c.CipherSuites
-	if s == nil {
-		s = defaultCipherSuites()
-	}
-	return s
-}
-
-func (c *Config) minVersion() uint16 {
-	if c == nil || c.MinVersion == 0 {
-		return minVersion
-	}
-	return c.MinVersion
-}
-
-func (c *Config) maxVersion() uint16 {
-	if c == nil || c.MaxVersion == 0 {
-		return maxVersion
-	}
-	return c.MaxVersion
-}
-
-var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521}
-
-func (c *Config) curvePreferences() []CurveID {
-	if c == nil || len(c.CurvePreferences) == 0 {
-		return defaultCurvePreferences
-	}
-	return c.CurvePreferences
-}
-
-// mutualVersion returns the protocol version to use given the advertised
-// version of the peer.
-func (c *Config) mutualVersion(vers uint16) (uint16, bool) {
-	minVersion := c.minVersion()
-	maxVersion := c.maxVersion()
-
-	if vers < minVersion {
-		return 0, false
-	}
-	if vers > maxVersion {
-		vers = maxVersion
-	}
-	return vers, true
-}
-
-// getCertificate returns the best certificate for the given ClientHelloInfo,
-// defaulting to the first element of c.Certificates.
-func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) {
-	if c.GetCertificate != nil &&
-		(len(c.Certificates) == 0 || len(clientHello.ServerName) > 0) {
-		cert, err := c.GetCertificate(clientHello)
-		if cert != nil || err != nil {
-			return cert, err
-		}
-	}
-
-	if len(c.Certificates) == 0 {
-		return nil, errors.New("tls: no certificates configured")
-	}
-
-	if len(c.Certificates) == 1 || c.NameToCertificate == nil {
-		// There's only one choice, so no point doing any work.
-		return &c.Certificates[0], nil
-	}
-
-	name := strings.ToLower(clientHello.ServerName)
-	for len(name) > 0 && name[len(name)-1] == '.' {
-		name = name[:len(name)-1]
-	}
-
-	if cert, ok := c.NameToCertificate[name]; ok {
-		return cert, nil
-	}
-
-	// try replacing labels in the name with wildcards until we get a
-	// match.
-	labels := strings.Split(name, ".")
-	for i := range labels {
-		labels[i] = "*"
-		candidate := strings.Join(labels, ".")
-		if cert, ok := c.NameToCertificate[candidate]; ok {
-			return cert, nil
-		}
-	}
-
-	// If nothing matches, return the first certificate.
-	return &c.Certificates[0], nil
-}
-
-// BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate
-// from the CommonName and SubjectAlternateName fields of each of the leaf
-// certificates.
-func (c *Config) BuildNameToCertificate() {
-	c.NameToCertificate = make(map[string]*Certificate)
-	for i := range c.Certificates {
-		cert := &c.Certificates[i]
-		x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
-		if err != nil {
-			continue
-		}
-		if len(x509Cert.Subject.CommonName) > 0 {
-			c.NameToCertificate[x509Cert.Subject.CommonName] = cert
-		}
-		for _, san := range x509Cert.DNSNames {
-			c.NameToCertificate[san] = cert
-		}
-	}
-}
-
-// writeKeyLog logs client random and master secret if logging was enabled by
-// setting c.KeyLogWriter.
-func (c *Config) writeKeyLog(clientRandom, masterSecret []byte) error {
-	if c.KeyLogWriter == nil {
-		return nil
-	}
-
-	logLine := []byte(fmt.Sprintf("CLIENT_RANDOM %x %x\n", clientRandom, masterSecret))
-
-	writerMutex.Lock()
-	_, err := c.KeyLogWriter.Write(logLine)
-	writerMutex.Unlock()
-
-	return err
-}
-
-// writerMutex protects all KeyLogWriters globally. It is rarely enabled,
-// and is only for debugging, so a global mutex saves space.
-var writerMutex sync.Mutex
-
-// A Certificate is a chain of one or more certificates, leaf first.
-type Certificate struct {
-	Certificate [][]byte
-	// PrivateKey contains the private key corresponding to the public key
-	// in Leaf. For a server, this must implement crypto.Signer and/or
-	// crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client
-	// (performing client authentication), this must be a crypto.Signer
-	// with an RSA or ECDSA PublicKey.
-	PrivateKey crypto.PrivateKey
-	// OCSPStaple contains an optional OCSP response which will be served
-	// to clients that request it.
-	OCSPStaple []byte
-	// SignedCertificateTimestamps contains an optional list of Signed
-	// Certificate Timestamps which will be served to clients that request it.
-	SignedCertificateTimestamps [][]byte
-	// Leaf is the parsed form of the leaf certificate, which may be
-	// initialized using x509.ParseCertificate to reduce per-handshake
-	// processing for TLS clients doing client authentication. If nil, the
-	// leaf certificate will be parsed as needed.
-	Leaf *x509.Certificate
-}
-
-type handshakeMessage interface {
-	marshal() []byte
-	Unmarshal([]byte) bool
-}
-
-// lruSessionCache is a ClientSessionCache implementation that uses an LRU
-// caching strategy.
-type lruSessionCache struct {
-	sync.Mutex
-
-	m        map[string]*list.Element
-	q        *list.List
-	capacity int
-}
-
-type lruSessionCacheEntry struct {
-	sessionKey string
-	state      *ClientSessionState
-}
-
-// NewLRUClientSessionCache returns a ClientSessionCache with the given
-// capacity that uses an LRU strategy. If capacity is < 1, a default capacity
-// is used instead.
-func NewLRUClientSessionCache(capacity int) ClientSessionCache {
-	const defaultSessionCacheCapacity = 64
-
-	if capacity < 1 {
-		capacity = defaultSessionCacheCapacity
-	}
-	return &lruSessionCache{
-		m:        make(map[string]*list.Element),
-		q:        list.New(),
-		capacity: capacity,
-	}
-}
-
-// Put adds the provided (sessionKey, cs) pair to the cache.
-func (c *lruSessionCache) Put(sessionKey string, cs *ClientSessionState) {
-	c.Lock()
-	defer c.Unlock()
-
-	if elem, ok := c.m[sessionKey]; ok {
-		entry := elem.Value.(*lruSessionCacheEntry)
-		entry.state = cs
-		c.q.MoveToFront(elem)
-		return
-	}
-
-	if c.q.Len() < c.capacity {
-		entry := &lruSessionCacheEntry{sessionKey, cs}
-		c.m[sessionKey] = c.q.PushFront(entry)
-		return
-	}
-
-	elem := c.q.Back()
-	entry := elem.Value.(*lruSessionCacheEntry)
-	delete(c.m, entry.sessionKey)
-	entry.sessionKey = sessionKey
-	entry.state = cs
-	c.q.MoveToFront(elem)
-	c.m[sessionKey] = elem
-}
-
-// Get returns the ClientSessionState value associated with a given key. It
-// returns (nil, false) if no value is found.
-func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) {
-	c.Lock()
-	defer c.Unlock()
-
-	if elem, ok := c.m[sessionKey]; ok {
-		c.q.MoveToFront(elem)
-		return elem.Value.(*lruSessionCacheEntry).state, true
-	}
-	return nil, false
-}
-
-// TODO(jsing): Make these available to both crypto/x509 and crypto/tls.
-type dsaSignature struct {
-	R, S *big.Int
-}
-
-type ecdsaSignature dsaSignature
-
-var emptyConfig Config
-
-func defaultConfig() *Config {
-	return &emptyConfig
-}
-
-var (
-	once                   sync.Once
-	varDefaultCipherSuites []uint16
-)
-
-func defaultCipherSuites() []uint16 {
-	once.Do(initDefaultCipherSuites)
-	return varDefaultCipherSuites
-}
-
-func initDefaultCipherSuites() {
-	var topCipherSuites []uint16
-
-	// Without AES-GCM hardware, we put the ChaCha20-Poly1305
-	// cipher suites first.
-	topCipherSuites = []uint16{
-		TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	}
-
-	varDefaultCipherSuites = make([]uint16, 0, len(cipherSuites))
-	varDefaultCipherSuites = append(varDefaultCipherSuites, topCipherSuites...)
-
-NextCipherSuite:
-	for _, suite := range cipherSuites {
-		if suite.flags&suiteDefaultOff != 0 {
-			continue
-		}
-		for _, existing := range varDefaultCipherSuites {
-			if existing == suite.id {
-				continue NextCipherSuite
-			}
-		}
-		varDefaultCipherSuites = append(varDefaultCipherSuites, suite.id)
-	}
-}
-
-func unexpectedMessageError(wanted, got interface{}) error {
-	return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted)
-}
-
-func isSupportedSignatureAndHash(sigHash signatureAndHash, sigHashes []signatureAndHash) bool {
-	for _, s := range sigHashes {
-		if s == sigHash {
-			return true
-		}
-	}
-	return false
-}
diff --git a/firewall/inspection/tls/tlslib/conn.go b/firewall/inspection/tls/tlslib/conn.go
deleted file mode 100644
index 35db7bd8..00000000
--- a/firewall/inspection/tls/tlslib/conn.go
+++ /dev/null
@@ -1,1387 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// TLS low level connection and record layer
-
-package tlslib
-
-import (
-	"bytes"
-	"crypto/cipher"
-	"crypto/subtle"
-	"crypto/x509"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"sync"
-	"sync/atomic"
-	"time"
-)
-
-// A Conn represents a secured connection.
-// It implements the net.Conn interface.
-type Conn struct {
-	// constant
-	conn     net.Conn
-	isClient bool
-
-	// constant after handshake; protected by handshakeMutex
-	handshakeMutex sync.Mutex // handshakeMutex < in.Mutex, out.Mutex, errMutex
-	// handshakeCond, if not nil, indicates that a goroutine is committed
-	// to running the handshake for this Conn. Other goroutines that need
-	// to wait for the handshake can wait on this, under handshakeMutex.
-	handshakeCond *sync.Cond
-	handshakeErr  error   // error resulting from handshake
-	vers          uint16  // TLS version
-	haveVers      bool    // version has been negotiated
-	config        *Config // configuration passed to constructor
-	// handshakeComplete is true if the connection is currently transferring
-	// application data (i.e. is not currently processing a handshake).
-	handshakeComplete bool
-	// handshakes counts the number of handshakes performed on the
-	// connection so far. If renegotiation is disabled then this is either
-	// zero or one.
-	handshakes       int
-	didResume        bool // whether this connection was a session resumption
-	cipherSuite      uint16
-	ocspResponse     []byte   // stapled OCSP response
-	scts             [][]byte // signed certificate timestamps from server
-	peerCertificates []*x509.Certificate
-	// verifiedChains contains the certificate chains that we built, as
-	// opposed to the ones presented by the server.
-	verifiedChains [][]*x509.Certificate
-	// ServerName contains the server name indicated by the client, if any.
-	ServerName string
-	// secureRenegotiation is true if the server echoed the secure
-	// renegotiation extension. (This is meaningless as a server because
-	// renegotiation is not supported in that case.)
-	secureRenegotiation bool
-
-	// clientFinishedIsFirst is true if the client sent the first Finished
-	// message during the most recent handshake. This is recorded because
-	// the first transmitted Finished message is the tls-unique
-	// channel-binding value.
-	clientFinishedIsFirst bool
-
-	// closeNotifyErr is any error from sending the alertCloseNotify record.
-	closeNotifyErr error
-	// closeNotifySent is true if the Conn attempted to send an
-	// alertCloseNotify record.
-	closeNotifySent bool
-
-	// clientFinished and serverFinished contain the Finished message sent
-	// by the client or server in the most recent handshake. This is
-	// retained to support the renegotiation extension and tls-unique
-	// channel-binding.
-	clientFinished [12]byte
-	serverFinished [12]byte
-
-	clientProtocol         string
-	clientProtocolFallback bool
-
-	// input/output
-	in, out   halfConn     // in.Mutex < out.Mutex
-	rawInput  *block       // raw input, right off the wire
-	input     *block       // application data waiting to be read
-	hand      bytes.Buffer // handshake data waiting to be read
-	buffering bool         // whether records are buffered in sendBuf
-	sendBuf   []byte       // a buffer of records waiting to be sent
-
-	// bytesSent counts the bytes of application data sent.
-	// packetsSent counts packets.
-	bytesSent   int64
-	packetsSent int64
-
-	// activeCall is an atomic int32; the low bit is whether Close has
-	// been called. the rest of the bits are the number of goroutines
-	// in Conn.Write.
-	activeCall int32
-
-	tmp [16]byte
-}
-
-// Access to net.Conn methods.
-// Cannot just embed net.Conn because that would
-// export the struct field too.
-
-// LocalAddr returns the local network address.
-func (c *Conn) LocalAddr() net.Addr {
-	return c.conn.LocalAddr()
-}
-
-// RemoteAddr returns the remote network address.
-func (c *Conn) RemoteAddr() net.Addr {
-	return c.conn.RemoteAddr()
-}
-
-// SetDeadline sets the read and write deadlines associated with the connection.
-// A zero value for t means Read and Write will not time out.
-// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
-func (c *Conn) SetDeadline(t time.Time) error {
-	return c.conn.SetDeadline(t)
-}
-
-// SetReadDeadline sets the read deadline on the underlying connection.
-// A zero value for t means Read will not time out.
-func (c *Conn) SetReadDeadline(t time.Time) error {
-	return c.conn.SetReadDeadline(t)
-}
-
-// SetWriteDeadline sets the write deadline on the underlying connection.
-// A zero value for t means Write will not time out.
-// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
-func (c *Conn) SetWriteDeadline(t time.Time) error {
-	return c.conn.SetWriteDeadline(t)
-}
-
-// A halfConn represents one direction of the record layer
-// connection, either sending or receiving.
-type halfConn struct {
-	sync.Mutex
-
-	err            error       // first permanent error
-	version        uint16      // protocol version
-	cipher         interface{} // cipher algorithm
-	mac            macFunction
-	seq            [8]byte  // 64-bit sequence number
-	bfree          *block   // list of free blocks
-	additionalData [13]byte // to avoid allocs; interface method args escape
-
-	nextCipher interface{} // next encryption state
-	nextMac    macFunction // next MAC algorithm
-
-	// used to save allocating a new buffer for each MAC.
-	inDigestBuf, outDigestBuf []byte
-}
-
-func (hc *halfConn) setErrorLocked(err error) error {
-	hc.err = err
-	return err
-}
-
-// prepareCipherSpec sets the encryption and MAC states
-// that a subsequent changeCipherSpec will use.
-func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction) {
-	hc.version = version
-	hc.nextCipher = cipher
-	hc.nextMac = mac
-}
-
-// changeCipherSpec changes the encryption and MAC states
-// to the ones previously passed to prepareCipherSpec.
-func (hc *halfConn) changeCipherSpec() error {
-	if hc.nextCipher == nil {
-		return alertInternalError
-	}
-	hc.cipher = hc.nextCipher
-	hc.mac = hc.nextMac
-	hc.nextCipher = nil
-	hc.nextMac = nil
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
-	return nil
-}
-
-// incSeq increments the sequence number.
-func (hc *halfConn) incSeq() {
-	for i := 7; i >= 0; i-- {
-		hc.seq[i]++
-		if hc.seq[i] != 0 {
-			return
-		}
-	}
-
-	// Not allowed to let sequence number wrap.
-	// Instead, must renegotiate before it does.
-	// Not likely enough to bother.
-	panic("TLS: sequence number wraparound")
-}
-
-// extractPadding returns, in constant time, the length of the padding to remove
-// from the end of payload. It also returns a byte which is equal to 255 if the
-// padding was valid and 0 otherwise. See RFC 2246, section 6.2.3.2
-func extractPadding(payload []byte) (toRemove int, good byte) {
-	if len(payload) < 1 {
-		return 0, 0
-	}
-
-	paddingLen := payload[len(payload)-1]
-	t := uint(len(payload)-1) - uint(paddingLen)
-	// if len(payload) >= (paddingLen - 1) then the MSB of t is zero
-	good = byte(int32(^t) >> 31)
-
-	toCheck := 255 // the maximum possible padding length
-	// The length of the padded data is public, so we can use an if here
-	if toCheck+1 > len(payload) {
-		toCheck = len(payload) - 1
-	}
-
-	for i := 0; i < toCheck; i++ {
-		t := uint(paddingLen) - uint(i)
-		// if i <= paddingLen then the MSB of t is zero
-		mask := byte(int32(^t) >> 31)
-		b := payload[len(payload)-1-i]
-		good &^= mask&paddingLen ^ mask&b
-	}
-
-	// We AND together the bits of good and replicate the result across
-	// all the bits.
-	good &= good << 4
-	good &= good << 2
-	good &= good << 1
-	good = uint8(int8(good) >> 7)
-
-	toRemove = int(paddingLen) + 1
-	return
-}
-
-// extractPaddingSSL30 is a replacement for extractPadding in the case that the
-// protocol version is SSLv3. In this version, the contents of the padding
-// are random and cannot be checked.
-func extractPaddingSSL30(payload []byte) (toRemove int, good byte) {
-	if len(payload) < 1 {
-		return 0, 0
-	}
-
-	paddingLen := int(payload[len(payload)-1]) + 1
-	if paddingLen > len(payload) {
-		return 0, 0
-	}
-
-	return paddingLen, 255
-}
-
-func roundUp(a, b int) int {
-	return a + (b-a%b)%b
-}
-
-// cbcMode is an interface for block ciphers using cipher block chaining.
-type cbcMode interface {
-	cipher.BlockMode
-	SetIV([]byte)
-}
-
-// decrypt checks and strips the mac and decrypts the data in b. Returns a
-// success boolean, the number of bytes to skip from the start of the record in
-// order to get the application payload, and an optional alert value.
-func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, alertValue alert) {
-	// pull out payload
-	payload := b.data[recordHeaderLen:]
-
-	macSize := 0
-	if hc.mac != nil {
-		macSize = hc.mac.Size()
-	}
-
-	paddingGood := byte(255)
-	paddingLen := 0
-	explicitIVLen := 0
-
-	// decrypt
-	if hc.cipher != nil {
-		switch c := hc.cipher.(type) {
-		case cipher.Stream:
-			c.XORKeyStream(payload, payload)
-		case aead:
-			explicitIVLen = c.explicitNonceLen()
-			if len(payload) < explicitIVLen {
-				return false, 0, alertBadRecordMAC
-			}
-			nonce := payload[:explicitIVLen]
-			payload = payload[explicitIVLen:]
-
-			if len(nonce) == 0 {
-				nonce = hc.seq[:]
-			}
-
-			copy(hc.additionalData[:], hc.seq[:])
-			copy(hc.additionalData[8:], b.data[:3])
-			n := len(payload) - c.Overhead()
-			hc.additionalData[11] = byte(n >> 8)
-			hc.additionalData[12] = byte(n)
-			var err error
-			payload, err = c.Open(payload[:0], nonce, payload, hc.additionalData[:])
-			if err != nil {
-				return false, 0, alertBadRecordMAC
-			}
-			b.resize(recordHeaderLen + explicitIVLen + len(payload))
-		case cbcMode:
-			blockSize := c.BlockSize()
-			if hc.version >= VersionTLS11 {
-				explicitIVLen = blockSize
-			}
-
-			if len(payload)%blockSize != 0 || len(payload) < roundUp(explicitIVLen+macSize+1, blockSize) {
-				return false, 0, alertBadRecordMAC
-			}
-
-			if explicitIVLen > 0 {
-				c.SetIV(payload[:explicitIVLen])
-				payload = payload[explicitIVLen:]
-			}
-			c.CryptBlocks(payload, payload)
-			if hc.version == VersionSSL30 {
-				paddingLen, paddingGood = extractPaddingSSL30(payload)
-			} else {
-				paddingLen, paddingGood = extractPadding(payload)
-
-				// To protect against CBC padding oracles like Lucky13, the data
-				// past paddingLen (which is secret) is passed to the MAC
-				// function as extra data, to be fed into the HMAC after
-				// computing the digest. This makes the MAC constant time as
-				// long as the digest computation is constant time and does not
-				// affect the subsequent write.
-			}
-		default:
-			panic("unknown cipher type")
-		}
-	}
-
-	// check, strip mac
-	if hc.mac != nil {
-		if len(payload) < macSize {
-			return false, 0, alertBadRecordMAC
-		}
-
-		// strip mac off payload, b.data
-		n := len(payload) - macSize - paddingLen
-		n = subtle.ConstantTimeSelect(int(uint32(n)>>31), 0, n) // if n < 0 { n = 0 }
-		b.data[3] = byte(n >> 8)
-		b.data[4] = byte(n)
-		remoteMAC := payload[n : n+macSize]
-		localMAC := hc.mac.MAC(hc.inDigestBuf, hc.seq[0:], b.data[:recordHeaderLen], payload[:n], payload[n+macSize:])
-
-		if subtle.ConstantTimeCompare(localMAC, remoteMAC) != 1 || paddingGood != 255 {
-			return false, 0, alertBadRecordMAC
-		}
-		hc.inDigestBuf = localMAC
-
-		b.resize(recordHeaderLen + explicitIVLen + n)
-	}
-	hc.incSeq()
-
-	return true, recordHeaderLen + explicitIVLen, 0
-}
-
-// padToBlockSize calculates the needed padding block, if any, for a payload.
-// On exit, prefix aliases payload and extends to the end of the last full
-// block of payload. finalBlock is a fresh slice which contains the contents of
-// any suffix of payload as well as the needed padding to make finalBlock a
-// full block.
-func padToBlockSize(payload []byte, blockSize int) (prefix, finalBlock []byte) {
-	overrun := len(payload) % blockSize
-	paddingLen := blockSize - overrun
-	prefix = payload[:len(payload)-overrun]
-	finalBlock = make([]byte, blockSize)
-	copy(finalBlock, payload[len(payload)-overrun:])
-	for i := overrun; i < blockSize; i++ {
-		finalBlock[i] = byte(paddingLen - 1)
-	}
-	return
-}
-
-// encrypt encrypts and macs the data in b.
-func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
-	// mac
-	if hc.mac != nil {
-		mac := hc.mac.MAC(hc.outDigestBuf, hc.seq[0:], b.data[:recordHeaderLen], b.data[recordHeaderLen+explicitIVLen:], nil)
-
-		n := len(b.data)
-		b.resize(n + len(mac))
-		copy(b.data[n:], mac)
-		hc.outDigestBuf = mac
-	}
-
-	payload := b.data[recordHeaderLen:]
-
-	// encrypt
-	if hc.cipher != nil {
-		switch c := hc.cipher.(type) {
-		case cipher.Stream:
-			c.XORKeyStream(payload, payload)
-		case aead:
-			payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
-			b.resize(len(b.data) + c.Overhead())
-			nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
-			if len(nonce) == 0 {
-				nonce = hc.seq[:]
-			}
-			payload := b.data[recordHeaderLen+explicitIVLen:]
-			payload = payload[:payloadLen]
-
-			copy(hc.additionalData[:], hc.seq[:])
-			copy(hc.additionalData[8:], b.data[:3])
-			hc.additionalData[11] = byte(payloadLen >> 8)
-			hc.additionalData[12] = byte(payloadLen)
-
-			c.Seal(payload[:0], nonce, payload, hc.additionalData[:])
-		case cbcMode:
-			blockSize := c.BlockSize()
-			if explicitIVLen > 0 {
-				c.SetIV(payload[:explicitIVLen])
-				payload = payload[explicitIVLen:]
-			}
-			prefix, finalBlock := padToBlockSize(payload, blockSize)
-			b.resize(recordHeaderLen + explicitIVLen + len(prefix) + len(finalBlock))
-			c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen:], prefix)
-			c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen+len(prefix):], finalBlock)
-		default:
-			panic("unknown cipher type")
-		}
-	}
-
-	// update length to include MAC and any block padding needed.
-	n := len(b.data) - recordHeaderLen
-	b.data[3] = byte(n >> 8)
-	b.data[4] = byte(n)
-	hc.incSeq()
-
-	return true, 0
-}
-
-// A block is a simple data buffer.
-type block struct {
-	data []byte
-	off  int // index for Read
-	link *block
-}
-
-// resize resizes block to be n bytes, growing if necessary.
-func (b *block) resize(n int) {
-	if n > cap(b.data) {
-		b.reserve(n)
-	}
-	b.data = b.data[0:n]
-}
-
-// reserve makes sure that block contains a capacity of at least n bytes.
-func (b *block) reserve(n int) {
-	if cap(b.data) >= n {
-		return
-	}
-	m := cap(b.data)
-	if m == 0 {
-		m = 1024
-	}
-	for m < n {
-		m *= 2
-	}
-	data := make([]byte, len(b.data), m)
-	copy(data, b.data)
-	b.data = data
-}
-
-// readFromUntil reads from r into b until b contains at least n bytes
-// or else returns an error.
-func (b *block) readFromUntil(r io.Reader, n int) error {
-	// quick case
-	if len(b.data) >= n {
-		return nil
-	}
-
-	// read until have enough.
-	b.reserve(n)
-	for {
-		m, err := r.Read(b.data[len(b.data):cap(b.data)])
-		b.data = b.data[0 : len(b.data)+m]
-		if len(b.data) >= n {
-			// TODO(bradfitz,agl): slightly suspicious
-			// that we're throwing away r.Read's err here.
-			break
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (b *block) Read(p []byte) (n int, err error) {
-	n = copy(p, b.data[b.off:])
-	b.off += n
-	return
-}
-
-// newBlock allocates a new block, from hc's free list if possible.
-func (hc *halfConn) newBlock() *block {
-	b := hc.bfree
-	if b == nil {
-		return new(block)
-	}
-	hc.bfree = b.link
-	b.link = nil
-	b.resize(0)
-	return b
-}
-
-// freeBlock returns a block to hc's free list.
-// The protocol is such that each side only has a block or two on
-// its free list at a time, so there's no need to worry about
-// trimming the list, etc.
-func (hc *halfConn) freeBlock(b *block) {
-	b.link = hc.bfree
-	hc.bfree = b
-}
-
-// splitBlock splits a block after the first n bytes,
-// returning a block with those n bytes and a
-// block with the remainder.  the latter may be nil.
-func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) {
-	if len(b.data) <= n {
-		return b, nil
-	}
-	bb := hc.newBlock()
-	bb.resize(len(b.data) - n)
-	copy(bb.data, b.data[n:])
-	b.data = b.data[0:n]
-	return b, bb
-}
-
-// RecordHeaderError results when a TLS record header is invalid.
-type RecordHeaderError struct {
-	// Msg contains a human readable string that describes the error.
-	Msg string
-	// RecordHeader contains the five bytes of TLS record header that
-	// triggered the error.
-	RecordHeader [5]byte
-}
-
-func (e RecordHeaderError) Error() string { return "tls: " + e.Msg }
-
-func (c *Conn) newRecordHeaderError(msg string) (err RecordHeaderError) {
-	err.Msg = msg
-	copy(err.RecordHeader[:], c.rawInput.data)
-	return err
-}
-
-// readRecord reads the next TLS record from the connection
-// and updates the record layer state.
-// c.in.Mutex <= L; c.input == nil.
-func (c *Conn) readRecord(want recordType) error {
-	// Caller must be in sync with connection:
-	// handshake data if handshake not yet completed,
-	// else application data.
-	switch want {
-	default:
-		c.sendAlert(alertInternalError)
-		return c.in.setErrorLocked(errors.New("tls: unknown record type requested"))
-	case RecordTypeHandshake, RecordTypeChangeCipherSpec:
-		if c.handshakeComplete {
-			c.sendAlert(alertInternalError)
-			return c.in.setErrorLocked(errors.New("tls: handshake or ChangeCipherSpec requested while not in handshake"))
-		}
-	case RecordTypeApplicationData:
-		if !c.handshakeComplete {
-			c.sendAlert(alertInternalError)
-			return c.in.setErrorLocked(errors.New("tls: application data record requested while in handshake"))
-		}
-	}
-
-Again:
-	if c.rawInput == nil {
-		c.rawInput = c.in.newBlock()
-	}
-	b := c.rawInput
-
-	// Read header, payload.
-	if err := b.readFromUntil(c.conn, recordHeaderLen); err != nil {
-		// RFC suggests that EOF without an alertCloseNotify is
-		// an error, but popular web sites seem to do this,
-		// so we can't make it an error.
-		// if err == io.EOF {
-		// 	err = io.ErrUnexpectedEOF
-		// }
-		if e, ok := err.(net.Error); !ok || !e.Temporary() {
-			c.in.setErrorLocked(err)
-		}
-		return err
-	}
-	typ := recordType(b.data[0])
-
-	// No valid TLS record has a type of 0x80, however SSLv2 handshakes
-	// start with a uint16 length where the MSB is set and the first record
-	// is always < 256 bytes long. Therefore typ == 0x80 strongly suggests
-	// an SSLv2 client.
-	if want == RecordTypeHandshake && typ == 0x80 {
-		c.sendAlert(alertProtocolVersion)
-		return c.in.setErrorLocked(c.newRecordHeaderError("unsupported SSLv2 handshake received"))
-	}
-
-	vers := uint16(b.data[1])<<8 | uint16(b.data[2])
-	n := int(b.data[3])<<8 | int(b.data[4])
-	if c.haveVers && vers != c.vers {
-		c.sendAlert(alertProtocolVersion)
-		msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers)
-		return c.in.setErrorLocked(c.newRecordHeaderError(msg))
-	}
-	if n > maxCiphertext {
-		c.sendAlert(alertRecordOverflow)
-		msg := fmt.Sprintf("oversized record received with length %d", n)
-		return c.in.setErrorLocked(c.newRecordHeaderError(msg))
-	}
-	if !c.haveVers {
-		// First message, be extra suspicious: this might not be a TLS
-		// client. Bail out before reading a full 'body', if possible.
-		// The current max version is 3.3 so if the version is >= 16.0,
-		// it's probably not real.
-		if (typ != RecordTypeAlert && typ != want) || vers >= 0x1000 {
-			c.sendAlert(alertUnexpectedMessage)
-			return c.in.setErrorLocked(c.newRecordHeaderError("first record does not look like a TLS handshake"))
-		}
-	}
-	if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil {
-		if err == io.EOF {
-			err = io.ErrUnexpectedEOF
-		}
-		if e, ok := err.(net.Error); !ok || !e.Temporary() {
-			c.in.setErrorLocked(err)
-		}
-		return err
-	}
-
-	// Process message.
-	b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
-	ok, off, alertValue := c.in.decrypt(b)
-	if !ok {
-		c.in.freeBlock(b)
-		return c.in.setErrorLocked(c.sendAlert(alertValue))
-	}
-	b.off = off
-	data := b.data[b.off:]
-	if len(data) > maxPlaintext {
-		err := c.sendAlert(alertRecordOverflow)
-		c.in.freeBlock(b)
-		return c.in.setErrorLocked(err)
-	}
-
-	switch typ {
-	default:
-		c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-
-	case RecordTypeAlert:
-		if len(data) != 2 {
-			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-			break
-		}
-		if alert(data[1]) == alertCloseNotify {
-			c.in.setErrorLocked(io.EOF)
-			break
-		}
-		switch data[0] {
-		case alertLevelWarning:
-			// drop on the floor
-			c.in.freeBlock(b)
-			goto Again
-		case alertLevelError:
-			c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])})
-		default:
-			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-		}
-
-	case RecordTypeChangeCipherSpec:
-		if typ != want || len(data) != 1 || data[0] != 1 {
-			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-			break
-		}
-		err := c.in.changeCipherSpec()
-		if err != nil {
-			c.in.setErrorLocked(c.sendAlert(err.(alert)))
-		}
-
-	case RecordTypeApplicationData:
-		if typ != want {
-			c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-			break
-		}
-		c.input = b
-		b = nil
-
-	case RecordTypeHandshake:
-		// TODO(rsc): Should at least pick off connection close.
-		if typ != want && !(c.isClient && c.config.Renegotiation != RenegotiateNever) {
-			return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation))
-		}
-		c.hand.Write(data)
-	}
-
-	if b != nil {
-		c.in.freeBlock(b)
-	}
-	return c.in.err
-}
-
-// sendAlert sends a TLS alert message.
-// c.out.Mutex <= L.
-func (c *Conn) sendAlertLocked(err alert) error {
-	switch err {
-	case alertNoRenegotiation, alertCloseNotify:
-		c.tmp[0] = alertLevelWarning
-	default:
-		c.tmp[0] = alertLevelError
-	}
-	c.tmp[1] = byte(err)
-
-	_, writeErr := c.writeRecordLocked(RecordTypeAlert, c.tmp[0:2])
-	if err == alertCloseNotify {
-		// closeNotify is a special case in that it isn't an error.
-		return writeErr
-	}
-
-	return c.out.setErrorLocked(&net.OpError{Op: "local error", Err: err})
-}
-
-// sendAlert sends a TLS alert message.
-// L < c.out.Mutex.
-func (c *Conn) sendAlert(err alert) error {
-	c.out.Lock()
-	defer c.out.Unlock()
-	return c.sendAlertLocked(err)
-}
-
-const (
-	// tcpMSSEstimate is a conservative estimate of the TCP maximum segment
-	// size (MSS). A constant is used, rather than querying the kernel for
-	// the actual MSS, to avoid complexity. The value here is the IPv6
-	// minimum MTU (1280 bytes) minus the overhead of an IPv6 header (40
-	// bytes) and a TCP header with timestamps (32 bytes).
-	tcpMSSEstimate = 1208
-
-	// recordSizeBoostThreshold is the number of bytes of application data
-	// sent after which the TLS record size will be increased to the
-	// maximum.
-	recordSizeBoostThreshold = 128 * 1024
-)
-
-// maxPayloadSizeForWrite returns the maximum TLS payload size to use for the
-// next application data record. There is the following trade-off:
-//
-//   - For latency-sensitive applications, such as web browsing, each TLS
-//     record should fit in one TCP segment.
-//   - For throughput-sensitive applications, such as large file transfers,
-//     larger TLS records better amortize framing and encryption overheads.
-//
-// A simple heuristic that works well in practice is to use small records for
-// the first 1MB of data, then use larger records for subsequent data, and
-// reset back to smaller records after the connection becomes idle. See "High
-// Performance Web Networking", Chapter 4, or:
-// https://www.igvita.com/2013/10/24/optimizing-tls-record-size-and-buffering-latency/
-//
-// In the interests of simplicity and determinism, this code does not attempt
-// to reset the record size once the connection is idle, however.
-//
-// c.out.Mutex <= L.
-func (c *Conn) maxPayloadSizeForWrite(typ recordType, explicitIVLen int) int {
-	if c.config.DynamicRecordSizingDisabled || typ != RecordTypeApplicationData {
-		return maxPlaintext
-	}
-
-	if c.bytesSent >= recordSizeBoostThreshold {
-		return maxPlaintext
-	}
-
-	// Subtract TLS overheads to get the maximum payload size.
-	macSize := 0
-	if c.out.mac != nil {
-		macSize = c.out.mac.Size()
-	}
-
-	payloadBytes := tcpMSSEstimate - recordHeaderLen - explicitIVLen
-	if c.out.cipher != nil {
-		switch ciph := c.out.cipher.(type) {
-		case cipher.Stream:
-			payloadBytes -= macSize
-		case cipher.AEAD:
-			payloadBytes -= ciph.Overhead()
-		case cbcMode:
-			blockSize := ciph.BlockSize()
-			// The payload must fit in a multiple of blockSize, with
-			// room for at least one padding byte.
-			payloadBytes = (payloadBytes & ^(blockSize - 1)) - 1
-			// The MAC is appended before padding so affects the
-			// payload size directly.
-			payloadBytes -= macSize
-		default:
-			panic("unknown cipher type")
-		}
-	}
-
-	// Allow packet growth in arithmetic progression up to max.
-	pkt := c.packetsSent
-	c.packetsSent++
-	if pkt > 1000 {
-		return maxPlaintext // avoid overflow in multiply below
-	}
-
-	n := payloadBytes * int(pkt+1)
-	if n > maxPlaintext {
-		n = maxPlaintext
-	}
-	return n
-}
-
-// c.out.Mutex <= L.
-func (c *Conn) write(data []byte) (int, error) {
-	if c.buffering {
-		c.sendBuf = append(c.sendBuf, data...)
-		return len(data), nil
-	}
-
-	n, err := c.conn.Write(data)
-	c.bytesSent += int64(n)
-	return n, err
-}
-
-func (c *Conn) flush() (int, error) {
-	if len(c.sendBuf) == 0 {
-		return 0, nil
-	}
-
-	n, err := c.conn.Write(c.sendBuf)
-	c.bytesSent += int64(n)
-	c.sendBuf = nil
-	c.buffering = false
-	return n, err
-}
-
-// writeRecordLocked writes a TLS record with the given type and payload to the
-// connection and updates the record layer state.
-// c.out.Mutex <= L.
-func (c *Conn) writeRecordLocked(typ recordType, data []byte) (int, error) {
-	b := c.out.newBlock()
-	defer c.out.freeBlock(b)
-
-	var n int
-	for len(data) > 0 {
-		explicitIVLen := 0
-		explicitIVIsSeq := false
-
-		var cbc cbcMode
-		if c.out.version >= VersionTLS11 {
-			var ok bool
-			if cbc, ok = c.out.cipher.(cbcMode); ok {
-				explicitIVLen = cbc.BlockSize()
-			}
-		}
-		if explicitIVLen == 0 {
-			if c, ok := c.out.cipher.(aead); ok {
-				explicitIVLen = c.explicitNonceLen()
-
-				// The AES-GCM construction in TLS has an
-				// explicit nonce so that the nonce can be
-				// random. However, the nonce is only 8 bytes
-				// which is too small for a secure, random
-				// nonce. Therefore we use the sequence number
-				// as the nonce.
-				explicitIVIsSeq = explicitIVLen > 0
-			}
-		}
-		m := len(data)
-		if maxPayload := c.maxPayloadSizeForWrite(typ, explicitIVLen); m > maxPayload {
-			m = maxPayload
-		}
-		b.resize(recordHeaderLen + explicitIVLen + m)
-		b.data[0] = byte(typ)
-		vers := c.vers
-		if vers == 0 {
-			// Some TLS servers fail if the record version is
-			// greater than TLS 1.0 for the initial ClientHello.
-			vers = VersionTLS10
-		}
-		b.data[1] = byte(vers >> 8)
-		b.data[2] = byte(vers)
-		b.data[3] = byte(m >> 8)
-		b.data[4] = byte(m)
-		if explicitIVLen > 0 {
-			explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
-			if explicitIVIsSeq {
-				copy(explicitIV, c.out.seq[:])
-			} else {
-				if _, err := io.ReadFull(c.config.rand(), explicitIV); err != nil {
-					return n, err
-				}
-			}
-		}
-		copy(b.data[recordHeaderLen+explicitIVLen:], data)
-		c.out.encrypt(b, explicitIVLen)
-		if _, err := c.write(b.data); err != nil {
-			return n, err
-		}
-		n += m
-		data = data[m:]
-	}
-
-	if typ == RecordTypeChangeCipherSpec {
-		if err := c.out.changeCipherSpec(); err != nil {
-			return n, c.sendAlertLocked(err.(alert))
-		}
-	}
-
-	return n, nil
-}
-
-// writeRecord writes a TLS record with the given type and payload to the
-// connection and updates the record layer state.
-// L < c.out.Mutex.
-func (c *Conn) writeRecord(typ recordType, data []byte) (int, error) {
-	c.out.Lock()
-	defer c.out.Unlock()
-
-	return c.writeRecordLocked(typ, data)
-}
-
-// readHandshake reads the next handshake message from
-// the record layer.
-// c.in.Mutex < L; c.out.Mutex < L.
-func (c *Conn) readHandshake() (interface{}, error) {
-	for c.hand.Len() < 4 {
-		if err := c.in.err; err != nil {
-			return nil, err
-		}
-		if err := c.readRecord(RecordTypeHandshake); err != nil {
-			return nil, err
-		}
-	}
-
-	data := c.hand.Bytes()
-	n := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
-	if n > maxHandshake {
-		c.sendAlertLocked(alertInternalError)
-		return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake))
-	}
-	for c.hand.Len() < 4+n {
-		if err := c.in.err; err != nil {
-			return nil, err
-		}
-		if err := c.readRecord(RecordTypeHandshake); err != nil {
-			return nil, err
-		}
-	}
-	data = c.hand.Next(4 + n)
-	var m handshakeMessage
-	switch data[0] {
-	case TypeHelloRequest:
-		m = new(HelloRequestMsg)
-	case TypeClientHello:
-		m = new(ClientHelloMsg)
-	case TypeServerHello:
-		m = new(ServerHelloMsg)
-	case TypeNewSessionTicket:
-		m = new(NewSessionTicketMsg)
-	case TypeCertificate:
-		m = new(CertificateMsg)
-	case TypeCertificateRequest:
-		m = &CertificateRequestMsg{
-			HasSignatureAndHash: c.vers >= VersionTLS12,
-		}
-	case TypeCertificateStatus:
-		m = new(CertificateStatusMsg)
-	case TypeServerKeyExchange:
-		m = new(ServerKeyExchangeMsg)
-	case TypeServerHelloDone:
-		m = new(ServerHelloDoneMsg)
-	case TypeClientKeyExchange:
-		m = new(ClientKeyExchangeMsg)
-	case TypeCertificateVerify:
-		m = &CertificateVerifyMsg{
-			HasSignatureAndHash: c.vers >= VersionTLS12,
-		}
-	case TypeNextProtocol:
-		m = new(NextProtoMsg)
-	case TypeFinished:
-		m = new(FinishedMsg)
-	default:
-		return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-	}
-
-	// The handshake message Unmarshalers
-	// expect to be able to keep references to data,
-	// so pass in a fresh copy that won't be overwritten.
-	data = append([]byte(nil), data...)
-
-	if !m.Unmarshal(data) {
-		return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
-	}
-	return m, nil
-}
-
-var (
-	errClosed   = errors.New("tls: use of closed connection")
-	errShutdown = errors.New("tls: protocol is shutdown")
-)
-
-// Write writes data to the connection.
-func (c *Conn) Write(b []byte) (int, error) {
-	// interlock with Close below
-	for {
-		x := atomic.LoadInt32(&c.activeCall)
-		if x&1 != 0 {
-			return 0, errClosed
-		}
-		if atomic.CompareAndSwapInt32(&c.activeCall, x, x+2) {
-			defer atomic.AddInt32(&c.activeCall, -2)
-			break
-		}
-	}
-
-	if err := c.Handshake(); err != nil {
-		return 0, err
-	}
-
-	c.out.Lock()
-	defer c.out.Unlock()
-
-	if err := c.out.err; err != nil {
-		return 0, err
-	}
-
-	if !c.handshakeComplete {
-		return 0, alertInternalError
-	}
-
-	if c.closeNotifySent {
-		return 0, errShutdown
-	}
-
-	// SSL 3.0 and TLS 1.0 are susceptible to a chosen-plaintext
-	// attack when using block mode ciphers due to predictable IVs.
-	// This can be prevented by splitting each Application Data
-	// record into two records, effectively randomizing the IV.
-	//
-	// http://www.openssl.org/~bodo/tls-cbc.txt
-	// https://bugzilla.mozilla.org/show_bug.cgi?id=665814
-	// http://www.imperialviolet.org/2012/01/15/beastfollowup.html
-
-	var m int
-	if len(b) > 1 && c.vers <= VersionTLS10 {
-		if _, ok := c.out.cipher.(cipher.BlockMode); ok {
-			n, err := c.writeRecordLocked(RecordTypeApplicationData, b[:1])
-			if err != nil {
-				return n, c.out.setErrorLocked(err)
-			}
-			m, b = 1, b[1:]
-		}
-	}
-
-	n, err := c.writeRecordLocked(RecordTypeApplicationData, b)
-	return n + m, c.out.setErrorLocked(err)
-}
-
-// handleRenegotiation processes a HelloRequest handshake message.
-// c.in.Mutex <= L
-func (c *Conn) handleRenegotiation() error {
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-
-	_, ok := msg.(*HelloRequestMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return alertUnexpectedMessage
-	}
-
-	if !c.isClient {
-		return c.sendAlert(alertNoRenegotiation)
-	}
-
-	switch c.config.Renegotiation {
-	case RenegotiateNever:
-		return c.sendAlert(alertNoRenegotiation)
-	case RenegotiateOnceAsClient:
-		if c.handshakes > 1 {
-			return c.sendAlert(alertNoRenegotiation)
-		}
-	case RenegotiateFreelyAsClient:
-		// Ok.
-	default:
-		c.sendAlert(alertInternalError)
-		return errors.New("tls: unknown Renegotiation value")
-	}
-
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-
-	c.handshakeComplete = false
-	if c.handshakeErr = c.clientHandshake(); c.handshakeErr == nil {
-		c.handshakes++
-	}
-	return c.handshakeErr
-}
-
-// Read can be made to time out and return a net.Error with Timeout() == true
-// after a fixed time limit; see SetDeadline and SetReadDeadline.
-func (c *Conn) Read(b []byte) (n int, err error) {
-	if err = c.Handshake(); err != nil {
-		return
-	}
-	if len(b) == 0 {
-		// Put this after Handshake, in case people were calling
-		// Read(nil) for the side effect of the Handshake.
-		return
-	}
-
-	c.in.Lock()
-	defer c.in.Unlock()
-
-	// Some OpenSSL servers send empty records in order to randomize the
-	// CBC IV. So this loop ignores a limited number of empty records.
-	const maxConsecutiveEmptyRecords = 100
-	for emptyRecordCount := 0; emptyRecordCount <= maxConsecutiveEmptyRecords; emptyRecordCount++ {
-		for c.input == nil && c.in.err == nil {
-			if err := c.readRecord(RecordTypeApplicationData); err != nil {
-				// Soft error, like EAGAIN
-				return 0, err
-			}
-			if c.hand.Len() > 0 {
-				// We received handshake bytes, indicating the
-				// start of a renegotiation.
-				if err := c.handleRenegotiation(); err != nil {
-					return 0, err
-				}
-			}
-		}
-		if err := c.in.err; err != nil {
-			return 0, err
-		}
-
-		n, err = c.input.Read(b)
-		if c.input.off >= len(c.input.data) {
-			c.in.freeBlock(c.input)
-			c.input = nil
-		}
-
-		// If a close-notify alert is waiting, read it so that
-		// we can return (n, EOF) instead of (n, nil), to signal
-		// to the HTTP response reading goroutine that the
-		// connection is now closed. This eliminates a race
-		// where the HTTP response reading goroutine would
-		// otherwise not observe the EOF until its next read,
-		// by which time a client goroutine might have already
-		// tried to reuse the HTTP connection for a new
-		// request.
-		// See https://codereview.appspot.com/76400046
-		// and https://golang.org/issue/3514
-		if ri := c.rawInput; ri != nil &&
-			n != 0 && err == nil &&
-			c.input == nil && len(ri.data) > 0 && recordType(ri.data[0]) == RecordTypeAlert {
-			if recErr := c.readRecord(RecordTypeApplicationData); recErr != nil {
-				err = recErr // will be io.EOF on closeNotify
-			}
-		}
-
-		if n != 0 || err != nil {
-			return n, err
-		}
-	}
-
-	return 0, io.ErrNoProgress
-}
-
-// Close closes the connection.
-func (c *Conn) Close() error {
-	// Interlock with Conn.Write above.
-	var x int32
-	for {
-		x = atomic.LoadInt32(&c.activeCall)
-		if x&1 != 0 {
-			return errClosed
-		}
-		if atomic.CompareAndSwapInt32(&c.activeCall, x, x|1) {
-			break
-		}
-	}
-	if x != 0 {
-		// io.Writer and io.Closer should not be used concurrently.
-		// If Close is called while a Write is currently in-flight,
-		// interpret that as a sign that this Close is really just
-		// being used to break the Write and/or clean up resources and
-		// avoid sending the alertCloseNotify, which may block
-		// waiting on handshakeMutex or the c.out mutex.
-		return c.conn.Close()
-	}
-
-	var alertErr error
-
-	c.handshakeMutex.Lock()
-	if c.handshakeComplete {
-		alertErr = c.closeNotify()
-	}
-	c.handshakeMutex.Unlock()
-
-	if err := c.conn.Close(); err != nil {
-		return err
-	}
-	return alertErr
-}
-
-var errEarlyCloseWrite = errors.New("tls: CloseWrite called before handshake complete")
-
-// CloseWrite shuts down the writing side of the connection. It should only be
-// called once the handshake has completed and does not call CloseWrite on the
-// underlying connection. Most callers should just use Close.
-func (c *Conn) CloseWrite() error {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-	if !c.handshakeComplete {
-		return errEarlyCloseWrite
-	}
-
-	return c.closeNotify()
-}
-
-func (c *Conn) closeNotify() error {
-	c.out.Lock()
-	defer c.out.Unlock()
-
-	if !c.closeNotifySent {
-		c.closeNotifyErr = c.sendAlertLocked(alertCloseNotify)
-		c.closeNotifySent = true
-	}
-	return c.closeNotifyErr
-}
-
-// Handshake runs the client or server handshake
-// protocol if it has not yet been run.
-// Most uses of this package need not call Handshake
-// explicitly: the first Read or Write will call it automatically.
-func (c *Conn) Handshake() error {
-	// c.handshakeErr and c.handshakeComplete are protected by
-	// c.handshakeMutex. In order to perform a handshake, we need to lock
-	// c.in also and c.handshakeMutex must be locked after c.in.
-	//
-	// However, if a Read() operation is hanging then it'll be holding the
-	// lock on c.in and so taking it here would cause all operations that
-	// need to check whether a handshake is pending (such as Write) to
-	// block.
-	//
-	// Thus we first take c.handshakeMutex to check whether a handshake is
-	// needed.
-	//
-	// If so then, previously, this code would unlock handshakeMutex and
-	// then lock c.in and handshakeMutex in the correct order to run the
-	// handshake. The problem was that it was possible for a Read to
-	// complete the handshake once handshakeMutex was unlocked and then
-	// keep c.in while waiting for network data. Thus a concurrent
-	// operation could be blocked on c.in.
-	//
-	// Thus handshakeCond is used to signal that a goroutine is committed
-	// to running the handshake and other goroutines can wait on it if they
-	// need. handshakeCond is protected by handshakeMutex.
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-
-	for {
-		if err := c.handshakeErr; err != nil {
-			return err
-		}
-		if c.handshakeComplete {
-			return nil
-		}
-		if c.handshakeCond == nil {
-			break
-		}
-
-		c.handshakeCond.Wait()
-	}
-
-	// Set handshakeCond to indicate that this goroutine is committing to
-	// running the handshake.
-	c.handshakeCond = sync.NewCond(&c.handshakeMutex)
-	c.handshakeMutex.Unlock()
-
-	c.in.Lock()
-	defer c.in.Unlock()
-
-	c.handshakeMutex.Lock()
-
-	// The handshake cannot have completed when handshakeMutex was unlocked
-	// because this goroutine set handshakeCond.
-	if c.handshakeErr != nil || c.handshakeComplete {
-		panic("handshake should not have been able to complete after handshakeCond was set")
-	}
-
-	if c.isClient {
-		c.handshakeErr = c.clientHandshake()
-	} else {
-		c.handshakeErr = c.serverHandshake()
-	}
-	if c.handshakeErr == nil {
-		c.handshakes++
-	} else {
-		// If an error occurred during the hadshake try to flush the
-		// alert that might be left in the buffer.
-		c.flush()
-	}
-
-	if c.handshakeErr == nil && !c.handshakeComplete {
-		panic("handshake should have had a result.")
-	}
-
-	// Wake any other goroutines that are waiting for this handshake to
-	// complete.
-	c.handshakeCond.Broadcast()
-	c.handshakeCond = nil
-
-	return c.handshakeErr
-}
-
-// ConnectionState returns basic TLS details about the connection.
-func (c *Conn) ConnectionState() ConnectionState {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-
-	var state ConnectionState
-	state.HandshakeComplete = c.handshakeComplete
-	state.ServerName = c.ServerName
-
-	if c.handshakeComplete {
-		state.Version = c.vers
-		state.NegotiatedProtocol = c.clientProtocol
-		state.DidResume = c.didResume
-		state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback
-		state.CipherSuite = c.cipherSuite
-		state.PeerCertificates = c.peerCertificates
-		state.VerifiedChains = c.verifiedChains
-		state.SignedCertificateTimestamps = c.scts
-		state.OCSPResponse = c.ocspResponse
-		if !c.didResume {
-			if c.clientFinishedIsFirst {
-				state.TLSUnique = c.clientFinished[:]
-			} else {
-				state.TLSUnique = c.serverFinished[:]
-			}
-		}
-	}
-
-	return state
-}
-
-// OCSPResponse returns the stapled OCSP response from the TLS server, if
-// any. (Only valid for client connections.)
-func (c *Conn) OCSPResponse() []byte {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-
-	return c.ocspResponse
-}
-
-// VerifyHostname checks that the peer certificate chain is valid for
-// connecting to host. If so, it returns nil; if not, it returns an error
-// describing the problem.
-func (c *Conn) VerifyHostname(host string) error {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-	if !c.isClient {
-		return errors.New("tls: VerifyHostname called on TLS server connection")
-	}
-	if !c.handshakeComplete {
-		return errors.New("tls: handshake has not yet been performed")
-	}
-	if len(c.verifiedChains) == 0 {
-		return errors.New("tls: handshake did not verify certificate chain")
-	}
-	return c.peerCertificates[0].VerifyHostname(host)
-}
diff --git a/firewall/inspection/tls/tlslib/example_test.go b/firewall/inspection/tls/tlslib/example_test.go
deleted file mode 100644
index 7c67124a..00000000
--- a/firewall/inspection/tls/tlslib/example_test.go
+++ /dev/null
@@ -1,115 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib_test
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"log"
-	"net/http"
-	"net/http/httptest"
-	"os"
-)
-
-// zeroSource is an io.Reader that returns an unlimited number of zero bytes.
-type zeroSource struct{}
-
-func (zeroSource) Read(b []byte) (n int, err error) {
-	for i := range b {
-		b[i] = 0
-	}
-
-	return len(b), nil
-}
-
-func ExampleDial() {
-	// Connecting with a custom root-certificate set.
-
-	const rootPEM = `
------BEGIN CERTIFICATE-----
-MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
-EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
-bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
-VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
-h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
-ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
-EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
-DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
-qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
-VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
-K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
-KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
-ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
-BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
-/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
-zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
-HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
-WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
-yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
------END CERTIFICATE-----`
-
-	// First, create the set of root certificates. For this example we only
-	// have one. It's also possible to omit this in order to use the
-	// default root set of the current operating system.
-	roots := x509.NewCertPool()
-	ok := roots.AppendCertsFromPEM([]byte(rootPEM))
-	if !ok {
-		panic("failed to parse root certificate")
-	}
-
-	conn, err := tls.Dial("tcp", "mail.google.com:443", &tls.Config{
-		RootCAs: roots,
-	})
-	if err != nil {
-		panic("failed to connect: " + err.Error())
-	}
-	conn.Close()
-}
-
-func ExampleConfig_keyLogWriter() {
-	// Debugging TLS applications by decrypting a network traffic capture.
-
-	// WARNING: Use of KeyLogWriter compromises security and should only be
-	// used for debugging.
-
-	// Dummy test HTTP server for the example with insecure random so output is
-	// reproducible.
-	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
-	server.TLS = &tls.Config{
-		Rand: zeroSource{}, // for example only; don't do this.
-	}
-	server.StartTLS()
-	defer server.Close()
-
-	// Typically the log would go to an open file:
-	// w, err := os.OpenFile("tls-secrets.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	w := os.Stdout
-
-	client := &http.Client{
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				KeyLogWriter: w,
-
-				Rand:               zeroSource{}, // for reproducible output; don't do this.
-				InsecureSkipVerify: true,         // test server certificate is not trusted.
-			},
-		},
-	}
-	resp, err := client.Get(server.URL)
-	if err != nil {
-		log.Fatalf("Failed to get URL: %v", err)
-	}
-	resp.Body.Close()
-
-	// The resulting file can be used with Wireshark to decrypt the TLS
-	// connection by setting (Pre)-Master-Secret log filename in SSL Protocol
-	// preferences.
-
-	// Output:
-	// CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80
-}
diff --git a/firewall/inspection/tls/tlslib/generate_cert.go b/firewall/inspection/tls/tlslib/generate_cert.go
deleted file mode 100644
index 8ee2b592..00000000
--- a/firewall/inspection/tls/tlslib/generate_cert.go
+++ /dev/null
@@ -1,161 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build ignore
-
-// Generate a self-signed X.509 certificate for a TLS server. Outputs to
-// 'cert.pem' and 'key.pem' and will overwrite existing files.
-
-package main
-
-import (
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
-	"flag"
-	"fmt"
-	"log"
-	"math/big"
-	"net"
-	"os"
-	"strings"
-	"time"
-)
-
-var (
-	host       = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for")
-	validFrom  = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011")
-	validFor   = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for")
-	isCA       = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
-	rsaBits    = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
-	ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521")
-)
-
-func publicKey(priv interface{}) interface{} {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &k.PublicKey
-	case *ecdsa.PrivateKey:
-		return &k.PublicKey
-	default:
-		return nil
-	}
-}
-
-func pemBlockForKey(priv interface{}) *pem.Block {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
-	case *ecdsa.PrivateKey:
-		b, err := x509.MarshalECPrivateKey(k)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err)
-			os.Exit(2)
-		}
-		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
-	default:
-		return nil
-	}
-}
-
-func main() {
-	flag.Parse()
-
-	if len(*host) == 0 {
-		log.Fatalf("Missing required --host parameter")
-	}
-
-	var priv interface{}
-	var err error
-	switch *ecdsaCurve {
-	case "":
-		priv, err = rsa.GenerateKey(rand.Reader, *rsaBits)
-	case "P224":
-		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
-	case "P256":
-		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	case "P384":
-		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
-	case "P521":
-		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
-	default:
-		fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", *ecdsaCurve)
-		os.Exit(1)
-	}
-	if err != nil {
-		log.Fatalf("failed to generate private key: %s", err)
-	}
-
-	var notBefore time.Time
-	if len(*validFrom) == 0 {
-		notBefore = time.Now()
-	} else {
-		notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err)
-			os.Exit(1)
-		}
-	}
-
-	notAfter := notBefore.Add(*validFor)
-
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
-	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
-	if err != nil {
-		log.Fatalf("failed to generate serial number: %s", err)
-	}
-
-	template := x509.Certificate{
-		SerialNumber: serialNumber,
-		Subject: pkix.Name{
-			Organization: []string{"Acme Co"},
-		},
-		NotBefore: notBefore,
-		NotAfter:  notAfter,
-
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-
-	hosts := strings.Split(*host, ",")
-	for _, h := range hosts {
-		if ip := net.ParseIP(h); ip != nil {
-			template.IPAddresses = append(template.IPAddresses, ip)
-		} else {
-			template.DNSNames = append(template.DNSNames, h)
-		}
-	}
-
-	if *isCA {
-		template.IsCA = true
-		template.KeyUsage |= x509.KeyUsageCertSign
-	}
-
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
-	if err != nil {
-		log.Fatalf("Failed to create certificate: %s", err)
-	}
-
-	certOut, err := os.Create("cert.pem")
-	if err != nil {
-		log.Fatalf("failed to open cert.pem for writing: %s", err)
-	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
-	log.Print("written cert.pem\n")
-
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		log.Print("failed to open key.pem for writing:", err)
-		return
-	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
-	log.Print("written key.pem\n")
-}
diff --git a/firewall/inspection/tls/tlslib/handshake_client.go b/firewall/inspection/tls/tlslib/handshake_client.go
deleted file mode 100644
index 050a2a28..00000000
--- a/firewall/inspection/tls/tlslib/handshake_client.go
+++ /dev/null
@@ -1,822 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"crypto/subtle"
-	"crypto/x509"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"strconv"
-	"strings"
-)
-
-type clientHandshakeState struct {
-	c            *Conn
-	serverHello  *ServerHelloMsg
-	hello        *ClientHelloMsg
-	suite        *cipherSuite
-	finishedHash finishedHash
-	masterSecret []byte
-	session      *ClientSessionState
-}
-
-// c.out.Mutex <= L; c.handshakeMutex <= L.
-func (c *Conn) clientHandshake() error {
-	if c.config == nil {
-		c.config = defaultConfig()
-	}
-
-	// This may be a renegotiation handshake, in which case some fields
-	// need to be reset.
-	c.didResume = false
-
-	if len(c.config.ServerName) == 0 && !c.config.InsecureSkipVerify {
-		return errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
-	}
-
-	nextProtosLength := 0
-	for _, proto := range c.config.NextProtos {
-		if l := len(proto); l == 0 || l > 255 {
-			return errors.New("tls: invalid NextProtos value")
-		} else {
-			nextProtosLength += 1 + l
-		}
-	}
-	if nextProtosLength > 0xffff {
-		return errors.New("tls: NextProtos values too large")
-	}
-
-	hello := &ClientHelloMsg{
-		Vers:                         c.config.maxVersion(),
-		CompressionMethods:           []uint8{compressionNone},
-		Random:                       make([]byte, 32),
-		OcspStapling:                 true,
-		Scts:                         true,
-		ServerName:                   hostnameInSNI(c.config.ServerName),
-		SupportedCurves:              c.config.curvePreferences(),
-		SupportedPoints:              []uint8{pointFormatUncompressed},
-		NextProtoNeg:                 len(c.config.NextProtos) > 0,
-		SecureRenegotiationSupported: true,
-		AlpnProtocols:                c.config.NextProtos,
-	}
-
-	if c.handshakes > 0 {
-		hello.SecureRenegotiation = c.clientFinished[:]
-	}
-
-	possibleCipherSuites := c.config.cipherSuites()
-	hello.CipherSuites = make([]uint16, 0, len(possibleCipherSuites))
-
-NextCipherSuite:
-	for _, suiteId := range possibleCipherSuites {
-		for _, suite := range cipherSuites {
-			if suite.id != suiteId {
-				continue
-			}
-			// Don't advertise TLS 1.2-only cipher suites unless
-			// we're attempting TLS 1.2.
-			if hello.Vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 {
-				continue
-			}
-			hello.CipherSuites = append(hello.CipherSuites, suiteId)
-			continue NextCipherSuite
-		}
-	}
-
-	_, err := io.ReadFull(c.config.rand(), hello.Random)
-	if err != nil {
-		c.sendAlert(alertInternalError)
-		return errors.New("tls: short read from Rand: " + err.Error())
-	}
-
-	if hello.Vers >= VersionTLS12 {
-		hello.SignatureAndHashes = supportedSignatureAlgorithms
-	}
-
-	var session *ClientSessionState
-	var cacheKey string
-	sessionCache := c.config.ClientSessionCache
-	if c.config.SessionTicketsDisabled {
-		sessionCache = nil
-	}
-
-	if sessionCache != nil {
-		hello.TicketSupported = true
-	}
-
-	// Session resumption is not allowed if renegotiating because
-	// renegotiation is primarily used to allow a client to send a client
-	// certificate, which would be skipped if session resumption occurred.
-	if sessionCache != nil && c.handshakes == 0 {
-		// Try to resume a previously negotiated TLS session, if
-		// available.
-		cacheKey = clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
-		candidateSession, ok := sessionCache.Get(cacheKey)
-		if ok {
-			// Check that the ciphersuite/version used for the
-			// previous session are still valid.
-			cipherSuiteOk := false
-			for _, id := range hello.CipherSuites {
-				if id == candidateSession.cipherSuite {
-					cipherSuiteOk = true
-					break
-				}
-			}
-
-			versOk := candidateSession.vers >= c.config.minVersion() &&
-				candidateSession.vers <= c.config.maxVersion()
-			if versOk && cipherSuiteOk {
-				session = candidateSession
-			}
-		}
-	}
-
-	if session != nil {
-		hello.SessionTicket = session.sessionTicket
-		// A random session ID is used to detect when the
-		// server accepted the ticket and is resuming a session
-		// (see RFC 5077).
-		hello.SessionId = make([]byte, 16)
-		if _, err := io.ReadFull(c.config.rand(), hello.SessionId); err != nil {
-			c.sendAlert(alertInternalError)
-			return errors.New("tls: short read from Rand: " + err.Error())
-		}
-	}
-
-	if _, err := c.writeRecord(RecordTypeHandshake, hello.marshal()); err != nil {
-		return err
-	}
-
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-	serverHello, ok := msg.(*ServerHelloMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(serverHello, msg)
-	}
-
-	vers, ok := c.config.mutualVersion(serverHello.Vers)
-	if !ok || vers < VersionTLS10 {
-		// TLS 1.0 is the minimum version supported as a client.
-		c.sendAlert(alertProtocolVersion)
-		return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.Vers)
-	}
-	c.vers = vers
-	c.haveVers = true
-
-	suite := mutualCipherSuite(hello.CipherSuites, serverHello.CipherSuite)
-	if suite == nil {
-		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: server chose an unconfigured cipher suite")
-	}
-
-	hs := &clientHandshakeState{
-		c:            c,
-		serverHello:  serverHello,
-		hello:        hello,
-		suite:        suite,
-		finishedHash: newFinishedHash(c.vers, suite),
-		session:      session,
-	}
-
-	isResume, err := hs.processServerHello()
-	if err != nil {
-		return err
-	}
-
-	// No signatures of the handshake are needed in a resumption.
-	// Otherwise, in a full handshake, if we don't have any certificates
-	// configured then we will never send a CertificateVerify message and
-	// thus no signatures are needed in that case either.
-	if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) {
-		hs.finishedHash.discardHandshakeBuffer()
-	}
-
-	hs.finishedHash.Write(hs.hello.marshal())
-	hs.finishedHash.Write(hs.serverHello.marshal())
-
-	c.buffering = true
-	if isResume {
-		if err := hs.establishKeys(); err != nil {
-			return err
-		}
-		if err := hs.readSessionTicket(); err != nil {
-			return err
-		}
-		if err := hs.readFinished(c.serverFinished[:]); err != nil {
-			return err
-		}
-		c.clientFinishedIsFirst = false
-		if err := hs.sendFinished(c.clientFinished[:]); err != nil {
-			return err
-		}
-		if _, err := c.flush(); err != nil {
-			return err
-		}
-	} else {
-		if err := hs.doFullHandshake(); err != nil {
-			return err
-		}
-		if err := hs.establishKeys(); err != nil {
-			return err
-		}
-		if err := hs.sendFinished(c.clientFinished[:]); err != nil {
-			return err
-		}
-		if _, err := c.flush(); err != nil {
-			return err
-		}
-		c.clientFinishedIsFirst = true
-		if err := hs.readSessionTicket(); err != nil {
-			return err
-		}
-		if err := hs.readFinished(c.serverFinished[:]); err != nil {
-			return err
-		}
-	}
-
-	if sessionCache != nil && hs.session != nil && session != hs.session {
-		sessionCache.Put(cacheKey, hs.session)
-	}
-
-	c.didResume = isResume
-	c.handshakeComplete = true
-	c.cipherSuite = suite.id
-	return nil
-}
-
-func (hs *clientHandshakeState) doFullHandshake() error {
-	c := hs.c
-
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-	certMsg, ok := msg.(*CertificateMsg)
-	if !ok || len(certMsg.Certificates) == 0 {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(certMsg, msg)
-	}
-	hs.finishedHash.Write(certMsg.marshal())
-
-	if c.handshakes == 0 {
-		// If this is the first handshake on a connection, process and
-		// (optionally) verify the server's certificates.
-		certs := make([]*x509.Certificate, len(certMsg.Certificates))
-		for i, asn1Data := range certMsg.Certificates {
-			cert, err := x509.ParseCertificate(asn1Data)
-			if err != nil {
-				c.sendAlert(alertBadCertificate)
-				return errors.New("tls: failed to parse certificate from server: " + err.Error())
-			}
-			certs[i] = cert
-		}
-
-		if !c.config.InsecureSkipVerify {
-			opts := x509.VerifyOptions{
-				Roots:         c.config.RootCAs,
-				CurrentTime:   c.config.time(),
-				DNSName:       c.config.ServerName,
-				Intermediates: x509.NewCertPool(),
-			}
-
-			for i, cert := range certs {
-				if i == 0 {
-					continue
-				}
-				opts.Intermediates.AddCert(cert)
-			}
-			c.verifiedChains, err = certs[0].Verify(opts)
-			if err != nil {
-				c.sendAlert(alertBadCertificate)
-				return err
-			}
-		}
-
-		if c.config.VerifyPeerCertificate != nil {
-			if err := c.config.VerifyPeerCertificate(certMsg.Certificates, c.verifiedChains); err != nil {
-				c.sendAlert(alertBadCertificate)
-				return err
-			}
-		}
-
-		switch certs[0].PublicKey.(type) {
-		case *rsa.PublicKey, *ecdsa.PublicKey:
-			break
-		default:
-			c.sendAlert(alertUnsupportedCertificate)
-			return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", certs[0].PublicKey)
-		}
-
-		c.peerCertificates = certs
-	} else {
-		// This is a renegotiation handshake. We require that the
-		// server's identity (i.e. leaf certificate) is unchanged and
-		// thus any previous trust decision is still valid.
-		//
-		// See https://mitls.org/pages/attacks/3SHAKE for the
-		// motivation behind this requirement.
-		if !bytes.Equal(c.peerCertificates[0].Raw, certMsg.Certificates[0]) {
-			c.sendAlert(alertBadCertificate)
-			return errors.New("tls: server's identity changed during renegotiation")
-		}
-	}
-
-	if hs.serverHello.OcspStapling {
-		msg, err = c.readHandshake()
-		if err != nil {
-			return err
-		}
-		cs, ok := msg.(*CertificateStatusMsg)
-		if !ok {
-			c.sendAlert(alertUnexpectedMessage)
-			return unexpectedMessageError(cs, msg)
-		}
-		hs.finishedHash.Write(cs.marshal())
-
-		if cs.StatusType == statusTypeOCSP {
-			c.ocspResponse = cs.Response
-		}
-	}
-
-	msg, err = c.readHandshake()
-	if err != nil {
-		return err
-	}
-
-	keyAgreement := hs.suite.ka(c.vers)
-
-	skx, ok := msg.(*ServerKeyExchangeMsg)
-	if ok {
-		hs.finishedHash.Write(skx.marshal())
-		err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, c.peerCertificates[0], skx)
-		if err != nil {
-			c.sendAlert(alertUnexpectedMessage)
-			return err
-		}
-
-		msg, err = c.readHandshake()
-		if err != nil {
-			return err
-		}
-	}
-
-	var chainToSend *Certificate
-	var certRequested bool
-	certReq, ok := msg.(*CertificateRequestMsg)
-	if ok {
-		certRequested = true
-		hs.finishedHash.Write(certReq.marshal())
-
-		if chainToSend, err = hs.getCertificate(certReq); err != nil {
-			c.sendAlert(alertInternalError)
-			return err
-		}
-
-		msg, err = c.readHandshake()
-		if err != nil {
-			return err
-		}
-	}
-
-	shd, ok := msg.(*ServerHelloDoneMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(shd, msg)
-	}
-	hs.finishedHash.Write(shd.marshal())
-
-	// If the server requested a certificate then we have to send a
-	// Certificate message, even if it's empty because we don't have a
-	// certificate to send.
-	if certRequested {
-		certMsg = new(CertificateMsg)
-		certMsg.Certificates = chainToSend.Certificate
-		hs.finishedHash.Write(certMsg.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, certMsg.marshal()); err != nil {
-			return err
-		}
-	}
-
-	preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0])
-	if err != nil {
-		c.sendAlert(alertInternalError)
-		return err
-	}
-	if ckx != nil {
-		hs.finishedHash.Write(ckx.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, ckx.marshal()); err != nil {
-			return err
-		}
-	}
-
-	if chainToSend != nil && len(chainToSend.Certificate) > 0 {
-		certVerify := &CertificateVerifyMsg{
-			HasSignatureAndHash: c.vers >= VersionTLS12,
-		}
-
-		key, ok := chainToSend.PrivateKey.(crypto.Signer)
-		if !ok {
-			c.sendAlert(alertInternalError)
-			return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey)
-		}
-
-		var signatureType uint8
-		switch key.Public().(type) {
-		case *ecdsa.PublicKey:
-			signatureType = signatureECDSA
-		case *rsa.PublicKey:
-			signatureType = signatureRSA
-		default:
-			c.sendAlert(alertInternalError)
-			return fmt.Errorf("tls: failed to sign handshake with client certificate: unknown client certificate key type: %T", key)
-		}
-
-		certVerify.SignatureAndHash, err = hs.finishedHash.selectClientCertSignatureAlgorithm(certReq.SignatureAndHashes, signatureType)
-		if err != nil {
-			c.sendAlert(alertInternalError)
-			return err
-		}
-		digest, hashFunc, err := hs.finishedHash.hashForClientCertificate(certVerify.SignatureAndHash, hs.masterSecret)
-		if err != nil {
-			c.sendAlert(alertInternalError)
-			return err
-		}
-		certVerify.Signature, err = key.Sign(c.config.rand(), digest, hashFunc)
-		if err != nil {
-			c.sendAlert(alertInternalError)
-			return err
-		}
-
-		hs.finishedHash.Write(certVerify.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, certVerify.marshal()); err != nil {
-			return err
-		}
-	}
-
-	hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.Random, hs.serverHello.Random)
-	if err := c.config.writeKeyLog(hs.hello.Random, hs.masterSecret); err != nil {
-		c.sendAlert(alertInternalError)
-		return errors.New("tls: failed to write to key log: " + err.Error())
-	}
-
-	hs.finishedHash.discardHandshakeBuffer()
-
-	return nil
-}
-
-func (hs *clientHandshakeState) establishKeys() error {
-	c := hs.c
-
-	clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV :=
-		keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.Random, hs.serverHello.Random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen)
-	var clientCipher, serverCipher interface{}
-	var clientHash, serverHash macFunction
-	if hs.suite.cipher != nil {
-		clientCipher = hs.suite.cipher(clientKey, clientIV, false /* not for reading */)
-		clientHash = hs.suite.mac(c.vers, clientMAC)
-		serverCipher = hs.suite.cipher(serverKey, serverIV, true /* for reading */)
-		serverHash = hs.suite.mac(c.vers, serverMAC)
-	} else {
-		clientCipher = hs.suite.aead(clientKey, clientIV)
-		serverCipher = hs.suite.aead(serverKey, serverIV)
-	}
-
-	c.in.prepareCipherSpec(c.vers, serverCipher, serverHash)
-	c.out.prepareCipherSpec(c.vers, clientCipher, clientHash)
-	return nil
-}
-
-func (hs *clientHandshakeState) serverResumedSession() bool {
-	// If the server responded with the same sessionId then it means the
-	// sessionTicket is being used to resume a TLS session.
-	return hs.session != nil && hs.hello.SessionId != nil &&
-		bytes.Equal(hs.serverHello.SessionId, hs.hello.SessionId)
-}
-
-func (hs *clientHandshakeState) processServerHello() (bool, error) {
-	c := hs.c
-
-	if hs.serverHello.CompressionMethod != compressionNone {
-		c.sendAlert(alertUnexpectedMessage)
-		return false, errors.New("tls: server selected unsupported compression format")
-	}
-
-	if c.handshakes == 0 && hs.serverHello.SecureRenegotiationSupported {
-		c.secureRenegotiation = true
-		if len(hs.serverHello.SecureRenegotiation) != 0 {
-			c.sendAlert(alertHandshakeFailure)
-			return false, errors.New("tls: initial handshake had non-empty renegotiation extension")
-		}
-	}
-
-	if c.handshakes > 0 && c.secureRenegotiation {
-		var expectedSecureRenegotiation [24]byte
-		copy(expectedSecureRenegotiation[:], c.clientFinished[:])
-		copy(expectedSecureRenegotiation[12:], c.serverFinished[:])
-		if !bytes.Equal(hs.serverHello.SecureRenegotiation, expectedSecureRenegotiation[:]) {
-			c.sendAlert(alertHandshakeFailure)
-			return false, errors.New("tls: incorrect renegotiation extension contents")
-		}
-	}
-
-	clientDidNPN := hs.hello.NextProtoNeg
-	clientDidALPN := len(hs.hello.AlpnProtocols) > 0
-	serverHasNPN := hs.serverHello.NextProtoNeg
-	serverHasALPN := len(hs.serverHello.AlpnProtocol) > 0
-
-	if !clientDidNPN && serverHasNPN {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: server advertised unrequested NPN extension")
-	}
-
-	if !clientDidALPN && serverHasALPN {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: server advertised unrequested ALPN extension")
-	}
-
-	if serverHasNPN && serverHasALPN {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: server advertised both NPN and ALPN extensions")
-	}
-
-	if serverHasALPN {
-		c.clientProtocol = hs.serverHello.AlpnProtocol
-		c.clientProtocolFallback = false
-	}
-	c.scts = hs.serverHello.Scts
-
-	if !hs.serverResumedSession() {
-		return false, nil
-	}
-
-	if hs.session.vers != c.vers {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: server resumed a session with a different version")
-	}
-
-	if hs.session.cipherSuite != hs.suite.id {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: server resumed a session with a different cipher suite")
-	}
-
-	// Restore masterSecret and peerCerts from previous state
-	hs.masterSecret = hs.session.masterSecret
-	c.peerCertificates = hs.session.serverCertificates
-	c.verifiedChains = hs.session.verifiedChains
-	return true, nil
-}
-
-func (hs *clientHandshakeState) readFinished(out []byte) error {
-	c := hs.c
-
-	c.readRecord(RecordTypeChangeCipherSpec)
-	if c.in.err != nil {
-		return c.in.err
-	}
-
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-	serverFinished, ok := msg.(*FinishedMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(serverFinished, msg)
-	}
-
-	verify := hs.finishedHash.serverSum(hs.masterSecret)
-	if len(verify) != len(serverFinished.VerifyData) ||
-		subtle.ConstantTimeCompare(verify, serverFinished.VerifyData) != 1 {
-		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: server's Finished message was incorrect")
-	}
-	hs.finishedHash.Write(serverFinished.marshal())
-	copy(out, verify)
-	return nil
-}
-
-func (hs *clientHandshakeState) readSessionTicket() error {
-	if !hs.serverHello.TicketSupported {
-		return nil
-	}
-
-	c := hs.c
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-	sessionTicketMsg, ok := msg.(*NewSessionTicketMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(sessionTicketMsg, msg)
-	}
-	hs.finishedHash.Write(sessionTicketMsg.marshal())
-
-	hs.session = &ClientSessionState{
-		sessionTicket:      sessionTicketMsg.Ticket,
-		vers:               c.vers,
-		cipherSuite:        hs.suite.id,
-		masterSecret:       hs.masterSecret,
-		serverCertificates: c.peerCertificates,
-		verifiedChains:     c.verifiedChains,
-	}
-
-	return nil
-}
-
-func (hs *clientHandshakeState) sendFinished(out []byte) error {
-	c := hs.c
-
-	if _, err := c.writeRecord(RecordTypeChangeCipherSpec, []byte{1}); err != nil {
-		return err
-	}
-	if hs.serverHello.NextProtoNeg {
-		nextProto := new(NextProtoMsg)
-		proto, fallback := mutualProtocol(c.config.NextProtos, hs.serverHello.NextProtos)
-		nextProto.Proto = proto
-		c.clientProtocol = proto
-		c.clientProtocolFallback = fallback
-
-		hs.finishedHash.Write(nextProto.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, nextProto.marshal()); err != nil {
-			return err
-		}
-	}
-
-	finished := new(FinishedMsg)
-	finished.VerifyData = hs.finishedHash.clientSum(hs.masterSecret)
-	hs.finishedHash.Write(finished.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, finished.marshal()); err != nil {
-		return err
-	}
-	copy(out, finished.VerifyData)
-	return nil
-}
-
-// tls11SignatureSchemes contains the signature schemes that we synthesise for
-// a TLS <= 1.1 connection, based on the supported certificate types.
-var tls11SignatureSchemes = []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512, PKCS1WithSHA1}
-
-const (
-	// tls11SignatureSchemesNumECDSA is the number of initial elements of
-	// tls11SignatureSchemes that use ECDSA.
-	tls11SignatureSchemesNumECDSA = 3
-	// tls11SignatureSchemesNumRSA is the number of trailing elements of
-	// tls11SignatureSchemes that use RSA.
-	tls11SignatureSchemesNumRSA = 4
-)
-
-func (hs *clientHandshakeState) getCertificate(certReq *CertificateRequestMsg) (*Certificate, error) {
-	c := hs.c
-
-	var rsaAvail, ecdsaAvail bool
-	for _, certType := range certReq.CertificateTypes {
-		switch certType {
-		case certTypeRSASign:
-			rsaAvail = true
-		case certTypeECDSASign:
-			ecdsaAvail = true
-		}
-	}
-
-	if c.config.GetClientCertificate != nil {
-		var signatureSchemes []SignatureScheme
-
-		if !certReq.HasSignatureAndHash {
-			// Prior to TLS 1.2, the signature schemes were not
-			// included in the certificate request message. In this
-			// case we use a plausible list based on the acceptable
-			// certificate types.
-			signatureSchemes = tls11SignatureSchemes
-			if !ecdsaAvail {
-				signatureSchemes = signatureSchemes[tls11SignatureSchemesNumECDSA:]
-			}
-			if !rsaAvail {
-				signatureSchemes = signatureSchemes[:len(signatureSchemes)-tls11SignatureSchemesNumRSA]
-			}
-		} else {
-			signatureSchemes = make([]SignatureScheme, 0, len(certReq.SignatureAndHashes))
-			for _, sah := range certReq.SignatureAndHashes {
-				signatureSchemes = append(signatureSchemes, SignatureScheme(sah.hash)<<8+SignatureScheme(sah.signature))
-			}
-		}
-
-		return c.config.GetClientCertificate(&CertificateRequestInfo{
-			AcceptableCAs:    certReq.CertificateAuthorities,
-			SignatureSchemes: signatureSchemes,
-		})
-	}
-
-	// RFC 4346 on the certificateAuthorities field: A list of the
-	// distinguished names of acceptable certificate authorities.
-	// These distinguished names may specify a desired
-	// distinguished name for a root CA or for a subordinate CA;
-	// thus, this message can be used to describe both known roots
-	// and a desired authorization space. If the
-	// certificate_authorities list is empty then the client MAY
-	// send any certificate of the appropriate
-	// ClientCertificateType, unless there is some external
-	// arrangement to the contrary.
-
-	// We need to search our list of client certs for one
-	// where SignatureAlgorithm is acceptable to the server and the
-	// Issuer is in certReq.CertificateAuthorities
-findCert:
-	for i, chain := range c.config.Certificates {
-		if !rsaAvail && !ecdsaAvail {
-			continue
-		}
-
-		for j, cert := range chain.Certificate {
-			x509Cert := chain.Leaf
-			// parse the certificate if this isn't the leaf
-			// node, or if chain.Leaf was nil
-			if j != 0 || x509Cert == nil {
-				var err error
-				if x509Cert, err = x509.ParseCertificate(cert); err != nil {
-					c.sendAlert(alertInternalError)
-					return nil, errors.New("tls: failed to parse client certificate #" + strconv.Itoa(i) + ": " + err.Error())
-				}
-			}
-
-			switch {
-			case rsaAvail && x509Cert.PublicKeyAlgorithm == x509.RSA:
-			case ecdsaAvail && x509Cert.PublicKeyAlgorithm == x509.ECDSA:
-			default:
-				continue findCert
-			}
-
-			if len(certReq.CertificateAuthorities) == 0 {
-				// they gave us an empty list, so just take the
-				// first cert from c.config.Certificates
-				return &chain, nil
-			}
-
-			for _, ca := range certReq.CertificateAuthorities {
-				if bytes.Equal(x509Cert.RawIssuer, ca) {
-					return &chain, nil
-				}
-			}
-		}
-	}
-
-	// No acceptable certificate found. Don't send a certificate.
-	return new(Certificate), nil
-}
-
-// clientSessionCacheKey returns a key used to cache sessionTickets that could
-// be used to resume previously negotiated TLS sessions with a server.
-func clientSessionCacheKey(serverAddr net.Addr, config *Config) string {
-	if len(config.ServerName) > 0 {
-		return config.ServerName
-	}
-	return serverAddr.String()
-}
-
-// mutualProtocol finds the mutual Next Protocol Negotiation or ALPN protocol
-// given list of possible protocols and a list of the preference order. The
-// first list must not be empty. It returns the resulting protocol and flag
-// indicating if the fallback case was reached.
-func mutualProtocol(protos, preferenceProtos []string) (string, bool) {
-	for _, s := range preferenceProtos {
-		for _, c := range protos {
-			if s == c {
-				return s, false
-			}
-		}
-	}
-
-	return protos[0], true
-}
-
-// hostnameInSNI converts name into an approriate hostname for SNI.
-// Literal IP addresses and absolute FQDNs are not permitted as SNI values.
-// See https://tools.ietf.org/html/rfc6066#section-3.
-func hostnameInSNI(name string) string {
-	host := name
-	if len(host) > 0 && host[0] == '[' && host[len(host)-1] == ']' {
-		host = host[1 : len(host)-1]
-	}
-	if i := strings.LastIndex(host, "%"); i > 0 {
-		host = host[:i]
-	}
-	if net.ParseIP(host) != nil {
-		return ""
-	}
-	for len(name) > 0 && name[len(name)-1] == '.' {
-		name = name[:len(name)-1]
-	}
-	return name
-}
diff --git a/firewall/inspection/tls/tlslib/handshake_messages.go b/firewall/inspection/tls/tlslib/handshake_messages.go
deleted file mode 100644
index 893d9d35..00000000
--- a/firewall/inspection/tls/tlslib/handshake_messages.go
+++ /dev/null
@@ -1,1568 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"bytes"
-	"strings"
-)
-
-type ClientHelloMsg struct {
-	Raw                          []byte
-	Vers                         uint16
-	Random                       []byte
-	SessionId                    []byte
-	CipherSuites                 []uint16
-	CompressionMethods           []uint8
-	NextProtoNeg                 bool
-	ServerName                   string
-	OcspStapling                 bool
-	Scts                         bool
-	SupportedCurves              []CurveID
-	SupportedPoints              []uint8
-	TicketSupported              bool
-	SessionTicket                []uint8
-	SignatureAndHashes           []signatureAndHash
-	SecureRenegotiation          []byte
-	SecureRenegotiationSupported bool
-	AlpnProtocols                []string
-}
-
-func (m *ClientHelloMsg) equal(i interface{}) bool {
-	m1, ok := i.(*ClientHelloMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		m.Vers == m1.Vers &&
-		bytes.Equal(m.Random, m1.Random) &&
-		bytes.Equal(m.SessionId, m1.SessionId) &&
-		eqUint16s(m.CipherSuites, m1.CipherSuites) &&
-		bytes.Equal(m.CompressionMethods, m1.CompressionMethods) &&
-		m.NextProtoNeg == m1.NextProtoNeg &&
-		m.ServerName == m1.ServerName &&
-		m.OcspStapling == m1.OcspStapling &&
-		m.Scts == m1.Scts &&
-		eqCurveIDs(m.SupportedCurves, m1.SupportedCurves) &&
-		bytes.Equal(m.SupportedPoints, m1.SupportedPoints) &&
-		m.TicketSupported == m1.TicketSupported &&
-		bytes.Equal(m.SessionTicket, m1.SessionTicket) &&
-		eqSignatureAndHashes(m.SignatureAndHashes, m1.SignatureAndHashes) &&
-		m.SecureRenegotiationSupported == m1.SecureRenegotiationSupported &&
-		bytes.Equal(m.SecureRenegotiation, m1.SecureRenegotiation) &&
-		eqStrings(m.AlpnProtocols, m1.AlpnProtocols)
-}
-
-func (m *ClientHelloMsg) marshal() []byte {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	length := 2 + 32 + 1 + len(m.SessionId) + 2 + len(m.CipherSuites)*2 + 1 + len(m.CompressionMethods)
-	numExtensions := 0
-	extensionsLength := 0
-	if m.NextProtoNeg {
-		numExtensions++
-	}
-	if m.OcspStapling {
-		extensionsLength += 1 + 2 + 2
-		numExtensions++
-	}
-	if len(m.ServerName) > 0 {
-		extensionsLength += 5 + len(m.ServerName)
-		numExtensions++
-	}
-	if len(m.SupportedCurves) > 0 {
-		extensionsLength += 2 + 2*len(m.SupportedCurves)
-		numExtensions++
-	}
-	if len(m.SupportedPoints) > 0 {
-		extensionsLength += 1 + len(m.SupportedPoints)
-		numExtensions++
-	}
-	if m.TicketSupported {
-		extensionsLength += len(m.SessionTicket)
-		numExtensions++
-	}
-	if len(m.SignatureAndHashes) > 0 {
-		extensionsLength += 2 + 2*len(m.SignatureAndHashes)
-		numExtensions++
-	}
-	if m.SecureRenegotiationSupported {
-		extensionsLength += 1 + len(m.SecureRenegotiation)
-		numExtensions++
-	}
-	if len(m.AlpnProtocols) > 0 {
-		extensionsLength += 2
-		for _, s := range m.AlpnProtocols {
-			if l := len(s); l == 0 || l > 255 {
-				panic("invalid ALPN protocol")
-			}
-			extensionsLength++
-			extensionsLength += len(s)
-		}
-		numExtensions++
-	}
-	if m.Scts {
-		numExtensions++
-	}
-	if numExtensions > 0 {
-		extensionsLength += 4 * numExtensions
-		length += 2 + extensionsLength
-	}
-
-	x := make([]byte, 4+length)
-	x[0] = TypeClientHello
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-	x[4] = uint8(m.Vers >> 8)
-	x[5] = uint8(m.Vers)
-	copy(x[6:38], m.Random)
-	x[38] = uint8(len(m.SessionId))
-	copy(x[39:39+len(m.SessionId)], m.SessionId)
-	y := x[39+len(m.SessionId):]
-	y[0] = uint8(len(m.CipherSuites) >> 7)
-	y[1] = uint8(len(m.CipherSuites) << 1)
-	for i, suite := range m.CipherSuites {
-		y[2+i*2] = uint8(suite >> 8)
-		y[3+i*2] = uint8(suite)
-	}
-	z := y[2+len(m.CipherSuites)*2:]
-	z[0] = uint8(len(m.CompressionMethods))
-	copy(z[1:], m.CompressionMethods)
-
-	z = z[1+len(m.CompressionMethods):]
-	if numExtensions > 0 {
-		z[0] = byte(extensionsLength >> 8)
-		z[1] = byte(extensionsLength)
-		z = z[2:]
-	}
-	if m.NextProtoNeg {
-		z[0] = byte(extensionNextProtoNeg >> 8)
-		z[1] = byte(extensionNextProtoNeg & 0xff)
-		// The length is always 0
-		z = z[4:]
-	}
-	if len(m.ServerName) > 0 {
-		z[0] = byte(extensionServerName >> 8)
-		z[1] = byte(extensionServerName & 0xff)
-		l := len(m.ServerName) + 5
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		z = z[4:]
-
-		// RFC 3546, section 3.1
-		//
-		// struct {
-		//     NameType name_type;
-		//     select (name_type) {
-		//         case host_name: HostName;
-		//     } name;
-		// } ServerName;
-		//
-		// enum {
-		//     host_name(0), (255)
-		// } NameType;
-		//
-		// opaque HostName<1..2^16-1>;
-		//
-		// struct {
-		//     ServerName server_name_list<1..2^16-1>
-		// } ServerNameList;
-
-		z[0] = byte((len(m.ServerName) + 3) >> 8)
-		z[1] = byte(len(m.ServerName) + 3)
-		z[3] = byte(len(m.ServerName) >> 8)
-		z[4] = byte(len(m.ServerName))
-		copy(z[5:], []byte(m.ServerName))
-		z = z[l:]
-	}
-	if m.OcspStapling {
-		// RFC 4366, section 3.6
-		z[0] = byte(extensionStatusRequest >> 8)
-		z[1] = byte(extensionStatusRequest)
-		z[2] = 0
-		z[3] = 5
-		z[4] = 1 // OCSP type
-		// Two zero valued uint16s for the two lengths.
-		z = z[9:]
-	}
-	if len(m.SupportedCurves) > 0 {
-		// http://tools.ietf.org/html/rfc4492#section-5.5.1
-		z[0] = byte(extensionSupportedCurves >> 8)
-		z[1] = byte(extensionSupportedCurves)
-		l := 2 + 2*len(m.SupportedCurves)
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		l -= 2
-		z[4] = byte(l >> 8)
-		z[5] = byte(l)
-		z = z[6:]
-		for _, curve := range m.SupportedCurves {
-			z[0] = byte(curve >> 8)
-			z[1] = byte(curve)
-			z = z[2:]
-		}
-	}
-	if len(m.SupportedPoints) > 0 {
-		// http://tools.ietf.org/html/rfc4492#section-5.5.2
-		z[0] = byte(extensionSupportedPoints >> 8)
-		z[1] = byte(extensionSupportedPoints)
-		l := 1 + len(m.SupportedPoints)
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		l--
-		z[4] = byte(l)
-		z = z[5:]
-		for _, pointFormat := range m.SupportedPoints {
-			z[0] = pointFormat
-			z = z[1:]
-		}
-	}
-	if m.TicketSupported {
-		// http://tools.ietf.org/html/rfc5077#section-3.2
-		z[0] = byte(extensionSessionTicket >> 8)
-		z[1] = byte(extensionSessionTicket)
-		l := len(m.SessionTicket)
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		z = z[4:]
-		copy(z, m.SessionTicket)
-		z = z[len(m.SessionTicket):]
-	}
-	if len(m.SignatureAndHashes) > 0 {
-		// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-		z[0] = byte(extensionSignatureAlgorithms >> 8)
-		z[1] = byte(extensionSignatureAlgorithms)
-		l := 2 + 2*len(m.SignatureAndHashes)
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		z = z[4:]
-
-		l -= 2
-		z[0] = byte(l >> 8)
-		z[1] = byte(l)
-		z = z[2:]
-		for _, sigAndHash := range m.SignatureAndHashes {
-			z[0] = sigAndHash.hash
-			z[1] = sigAndHash.signature
-			z = z[2:]
-		}
-	}
-	if m.SecureRenegotiationSupported {
-		z[0] = byte(extensionRenegotiationInfo >> 8)
-		z[1] = byte(extensionRenegotiationInfo & 0xff)
-		z[2] = 0
-		z[3] = byte(len(m.SecureRenegotiation) + 1)
-		z[4] = byte(len(m.SecureRenegotiation))
-		z = z[5:]
-		copy(z, m.SecureRenegotiation)
-		z = z[len(m.SecureRenegotiation):]
-	}
-	if len(m.AlpnProtocols) > 0 {
-		z[0] = byte(extensionALPN >> 8)
-		z[1] = byte(extensionALPN & 0xff)
-		lengths := z[2:]
-		z = z[6:]
-
-		stringsLength := 0
-		for _, s := range m.AlpnProtocols {
-			l := len(s)
-			z[0] = byte(l)
-			copy(z[1:], s)
-			z = z[1+l:]
-			stringsLength += 1 + l
-		}
-
-		lengths[2] = byte(stringsLength >> 8)
-		lengths[3] = byte(stringsLength)
-		stringsLength += 2
-		lengths[0] = byte(stringsLength >> 8)
-		lengths[1] = byte(stringsLength)
-	}
-	if m.Scts {
-		// https://tools.ietf.org/html/rfc6962#section-3.3.1
-		z[0] = byte(extensionSCT >> 8)
-		z[1] = byte(extensionSCT)
-		// zero uint16 for the zero-length extension_data
-		z = z[4:]
-	}
-
-	m.Raw = x
-
-	return x
-}
-
-func (m *ClientHelloMsg) Unmarshal(data []byte) bool {
-	if len(data) < 42 {
-		return false
-	}
-	m.Raw = data
-	m.Vers = uint16(data[4])<<8 | uint16(data[5])
-	m.Random = data[6:38]
-	sessionIdLen := int(data[38])
-	if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
-		return false
-	}
-	m.SessionId = data[39 : 39+sessionIdLen]
-	data = data[39+sessionIdLen:]
-	if len(data) < 2 {
-		return false
-	}
-	// cipherSuiteLen is the number of bytes of cipher suite numbers. Since
-	// they are uint16s, the number must be even.
-	cipherSuiteLen := int(data[0])<<8 | int(data[1])
-	if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
-		return false
-	}
-	numCipherSuites := cipherSuiteLen / 2
-	m.CipherSuites = make([]uint16, numCipherSuites)
-	for i := 0; i < numCipherSuites; i++ {
-		m.CipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
-		if m.CipherSuites[i] == scsvRenegotiation {
-			m.SecureRenegotiationSupported = true
-		}
-	}
-	data = data[2+cipherSuiteLen:]
-	if len(data) < 1 {
-		return false
-	}
-	compressionMethodsLen := int(data[0])
-	if len(data) < 1+compressionMethodsLen {
-		return false
-	}
-	m.CompressionMethods = data[1 : 1+compressionMethodsLen]
-
-	data = data[1+compressionMethodsLen:]
-
-	m.NextProtoNeg = false
-	m.ServerName = ""
-	m.OcspStapling = false
-	m.TicketSupported = false
-	m.SessionTicket = nil
-	m.SignatureAndHashes = nil
-	m.AlpnProtocols = nil
-	m.Scts = false
-
-	if len(data) == 0 {
-		// ClientHello is optionally followed by extension data
-		return true
-	}
-	if len(data) < 2 {
-		return false
-	}
-
-	extensionsLength := int(data[0])<<8 | int(data[1])
-	data = data[2:]
-	if extensionsLength != len(data) {
-		return false
-	}
-
-	for len(data) != 0 {
-		if len(data) < 4 {
-			return false
-		}
-		extension := uint16(data[0])<<8 | uint16(data[1])
-		length := int(data[2])<<8 | int(data[3])
-		data = data[4:]
-		if len(data) < length {
-			return false
-		}
-
-		switch extension {
-		case extensionServerName:
-			d := data[:length]
-			if len(d) < 2 {
-				return false
-			}
-			namesLen := int(d[0])<<8 | int(d[1])
-			d = d[2:]
-			if len(d) != namesLen {
-				return false
-			}
-			for len(d) > 0 {
-				if len(d) < 3 {
-					return false
-				}
-				nameType := d[0]
-				nameLen := int(d[1])<<8 | int(d[2])
-				d = d[3:]
-				if len(d) < nameLen {
-					return false
-				}
-				if nameType == 0 {
-					m.ServerName = string(d[:nameLen])
-					// An SNI value may not include a
-					// trailing dot. See
-					// https://tools.ietf.org/html/rfc6066#section-3.
-					if strings.HasSuffix(m.ServerName, ".") {
-						return false
-					}
-					break
-				}
-				d = d[nameLen:]
-			}
-		case extensionNextProtoNeg:
-			if length > 0 {
-				return false
-			}
-			m.NextProtoNeg = true
-		case extensionStatusRequest:
-			m.OcspStapling = length > 0 && data[0] == statusTypeOCSP
-		case extensionSupportedCurves:
-			// http://tools.ietf.org/html/rfc4492#section-5.5.1
-			if length < 2 {
-				return false
-			}
-			l := int(data[0])<<8 | int(data[1])
-			if l%2 == 1 || length != l+2 {
-				return false
-			}
-			numCurves := l / 2
-			m.SupportedCurves = make([]CurveID, numCurves)
-			d := data[2:]
-			for i := 0; i < numCurves; i++ {
-				m.SupportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
-				d = d[2:]
-			}
-		case extensionSupportedPoints:
-			// http://tools.ietf.org/html/rfc4492#section-5.5.2
-			if length < 1 {
-				return false
-			}
-			l := int(data[0])
-			if length != l+1 {
-				return false
-			}
-			m.SupportedPoints = make([]uint8, l)
-			copy(m.SupportedPoints, data[1:])
-		case extensionSessionTicket:
-			// http://tools.ietf.org/html/rfc5077#section-3.2
-			m.TicketSupported = true
-			m.SessionTicket = data[:length]
-		case extensionSignatureAlgorithms:
-			// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-			if length < 2 || length&1 != 0 {
-				return false
-			}
-			l := int(data[0])<<8 | int(data[1])
-			if l != length-2 {
-				return false
-			}
-			n := l / 2
-			d := data[2:]
-			m.SignatureAndHashes = make([]signatureAndHash, n)
-			for i := range m.SignatureAndHashes {
-				m.SignatureAndHashes[i].hash = d[0]
-				m.SignatureAndHashes[i].signature = d[1]
-				d = d[2:]
-			}
-		case extensionRenegotiationInfo:
-			if length == 0 {
-				return false
-			}
-			d := data[:length]
-			l := int(d[0])
-			d = d[1:]
-			if l != len(d) {
-				return false
-			}
-
-			m.SecureRenegotiation = d
-			m.SecureRenegotiationSupported = true
-		case extensionALPN:
-			if length < 2 {
-				return false
-			}
-			l := int(data[0])<<8 | int(data[1])
-			if l != length-2 {
-				return false
-			}
-			d := data[2:length]
-			for len(d) != 0 {
-				stringLen := int(d[0])
-				d = d[1:]
-				if stringLen == 0 || stringLen > len(d) {
-					return false
-				}
-				m.AlpnProtocols = append(m.AlpnProtocols, string(d[:stringLen]))
-				d = d[stringLen:]
-			}
-		case extensionSCT:
-			m.Scts = true
-			if length != 0 {
-				return false
-			}
-		}
-		data = data[length:]
-	}
-
-	return true
-}
-
-type ServerHelloMsg struct {
-	Raw                          []byte
-	Vers                         uint16
-	Random                       []byte
-	SessionId                    []byte
-	CipherSuite                  uint16
-	CompressionMethod            uint8
-	NextProtoNeg                 bool
-	NextProtos                   []string
-	OcspStapling                 bool
-	Scts                         [][]byte
-	TicketSupported              bool
-	SecureRenegotiation          []byte
-	SecureRenegotiationSupported bool
-	AlpnProtocol                 string
-}
-
-func (m *ServerHelloMsg) equal(i interface{}) bool {
-	m1, ok := i.(*ServerHelloMsg)
-	if !ok {
-		return false
-	}
-
-	if len(m.Scts) != len(m1.Scts) {
-		return false
-	}
-	for i, sct := range m.Scts {
-		if !bytes.Equal(sct, m1.Scts[i]) {
-			return false
-		}
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		m.Vers == m1.Vers &&
-		bytes.Equal(m.Random, m1.Random) &&
-		bytes.Equal(m.SessionId, m1.SessionId) &&
-		m.CipherSuite == m1.CipherSuite &&
-		m.CompressionMethod == m1.CompressionMethod &&
-		m.NextProtoNeg == m1.NextProtoNeg &&
-		eqStrings(m.NextProtos, m1.NextProtos) &&
-		m.OcspStapling == m1.OcspStapling &&
-		m.TicketSupported == m1.TicketSupported &&
-		m.SecureRenegotiationSupported == m1.SecureRenegotiationSupported &&
-		bytes.Equal(m.SecureRenegotiation, m1.SecureRenegotiation) &&
-		m.AlpnProtocol == m1.AlpnProtocol
-}
-
-func (m *ServerHelloMsg) marshal() []byte {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	length := 38 + len(m.SessionId)
-	numExtensions := 0
-	extensionsLength := 0
-
-	nextProtoLen := 0
-	if m.NextProtoNeg {
-		numExtensions++
-		for _, v := range m.NextProtos {
-			nextProtoLen += len(v)
-		}
-		nextProtoLen += len(m.NextProtos)
-		extensionsLength += nextProtoLen
-	}
-	if m.OcspStapling {
-		numExtensions++
-	}
-	if m.TicketSupported {
-		numExtensions++
-	}
-	if m.SecureRenegotiationSupported {
-		extensionsLength += 1 + len(m.SecureRenegotiation)
-		numExtensions++
-	}
-	if alpnLen := len(m.AlpnProtocol); alpnLen > 0 {
-		if alpnLen >= 256 {
-			panic("invalid ALPN protocol")
-		}
-		extensionsLength += 2 + 1 + alpnLen
-		numExtensions++
-	}
-	sctLen := 0
-	if len(m.Scts) > 0 {
-		for _, sct := range m.Scts {
-			sctLen += len(sct) + 2
-		}
-		extensionsLength += 2 + sctLen
-		numExtensions++
-	}
-
-	if numExtensions > 0 {
-		extensionsLength += 4 * numExtensions
-		length += 2 + extensionsLength
-	}
-
-	x := make([]byte, 4+length)
-	x[0] = TypeServerHello
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-	x[4] = uint8(m.Vers >> 8)
-	x[5] = uint8(m.Vers)
-	copy(x[6:38], m.Random)
-	x[38] = uint8(len(m.SessionId))
-	copy(x[39:39+len(m.SessionId)], m.SessionId)
-	z := x[39+len(m.SessionId):]
-	z[0] = uint8(m.CipherSuite >> 8)
-	z[1] = uint8(m.CipherSuite)
-	z[2] = m.CompressionMethod
-
-	z = z[3:]
-	if numExtensions > 0 {
-		z[0] = byte(extensionsLength >> 8)
-		z[1] = byte(extensionsLength)
-		z = z[2:]
-	}
-	if m.NextProtoNeg {
-		z[0] = byte(extensionNextProtoNeg >> 8)
-		z[1] = byte(extensionNextProtoNeg & 0xff)
-		z[2] = byte(nextProtoLen >> 8)
-		z[3] = byte(nextProtoLen)
-		z = z[4:]
-
-		for _, v := range m.NextProtos {
-			l := len(v)
-			if l > 255 {
-				l = 255
-			}
-			z[0] = byte(l)
-			copy(z[1:], []byte(v[0:l]))
-			z = z[1+l:]
-		}
-	}
-	if m.OcspStapling {
-		z[0] = byte(extensionStatusRequest >> 8)
-		z[1] = byte(extensionStatusRequest)
-		z = z[4:]
-	}
-	if m.TicketSupported {
-		z[0] = byte(extensionSessionTicket >> 8)
-		z[1] = byte(extensionSessionTicket)
-		z = z[4:]
-	}
-	if m.SecureRenegotiationSupported {
-		z[0] = byte(extensionRenegotiationInfo >> 8)
-		z[1] = byte(extensionRenegotiationInfo & 0xff)
-		z[2] = 0
-		z[3] = byte(len(m.SecureRenegotiation) + 1)
-		z[4] = byte(len(m.SecureRenegotiation))
-		z = z[5:]
-		copy(z, m.SecureRenegotiation)
-		z = z[len(m.SecureRenegotiation):]
-	}
-	if alpnLen := len(m.AlpnProtocol); alpnLen > 0 {
-		z[0] = byte(extensionALPN >> 8)
-		z[1] = byte(extensionALPN & 0xff)
-		l := 2 + 1 + alpnLen
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		l -= 2
-		z[4] = byte(l >> 8)
-		z[5] = byte(l)
-		l -= 1
-		z[6] = byte(l)
-		copy(z[7:], []byte(m.AlpnProtocol))
-		z = z[7+alpnLen:]
-	}
-	if sctLen > 0 {
-		z[0] = byte(extensionSCT >> 8)
-		z[1] = byte(extensionSCT)
-		l := sctLen + 2
-		z[2] = byte(l >> 8)
-		z[3] = byte(l)
-		z[4] = byte(sctLen >> 8)
-		z[5] = byte(sctLen)
-
-		z = z[6:]
-		for _, sct := range m.Scts {
-			z[0] = byte(len(sct) >> 8)
-			z[1] = byte(len(sct))
-			copy(z[2:], sct)
-			z = z[len(sct)+2:]
-		}
-	}
-
-	m.Raw = x
-
-	return x
-}
-
-func (m *ServerHelloMsg) Unmarshal(data []byte) bool {
-	if len(data) < 42 {
-		return false
-	}
-	m.Raw = data
-	m.Vers = uint16(data[4])<<8 | uint16(data[5])
-	m.Random = data[6:38]
-	sessionIdLen := int(data[38])
-	if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
-		return false
-	}
-	m.SessionId = data[39 : 39+sessionIdLen]
-	data = data[39+sessionIdLen:]
-	if len(data) < 3 {
-		return false
-	}
-	m.CipherSuite = uint16(data[0])<<8 | uint16(data[1])
-	m.CompressionMethod = data[2]
-	data = data[3:]
-
-	m.NextProtoNeg = false
-	m.NextProtos = nil
-	m.OcspStapling = false
-	m.Scts = nil
-	m.TicketSupported = false
-	m.AlpnProtocol = ""
-
-	if len(data) == 0 {
-		// ServerHello is optionally followed by extension data
-		return true
-	}
-	if len(data) < 2 {
-		return false
-	}
-
-	extensionsLength := int(data[0])<<8 | int(data[1])
-	data = data[2:]
-	if len(data) != extensionsLength {
-		return false
-	}
-
-	for len(data) != 0 {
-		if len(data) < 4 {
-			return false
-		}
-		extension := uint16(data[0])<<8 | uint16(data[1])
-		length := int(data[2])<<8 | int(data[3])
-		data = data[4:]
-		if len(data) < length {
-			return false
-		}
-
-		switch extension {
-		case extensionNextProtoNeg:
-			m.NextProtoNeg = true
-			d := data[:length]
-			for len(d) > 0 {
-				l := int(d[0])
-				d = d[1:]
-				if l == 0 || l > len(d) {
-					return false
-				}
-				m.NextProtos = append(m.NextProtos, string(d[:l]))
-				d = d[l:]
-			}
-		case extensionStatusRequest:
-			if length > 0 {
-				return false
-			}
-			m.OcspStapling = true
-		case extensionSessionTicket:
-			if length > 0 {
-				return false
-			}
-			m.TicketSupported = true
-		case extensionRenegotiationInfo:
-			if length == 0 {
-				return false
-			}
-			d := data[:length]
-			l := int(d[0])
-			d = d[1:]
-			if l != len(d) {
-				return false
-			}
-
-			m.SecureRenegotiation = d
-			m.SecureRenegotiationSupported = true
-		case extensionALPN:
-			d := data[:length]
-			if len(d) < 3 {
-				return false
-			}
-			l := int(d[0])<<8 | int(d[1])
-			if l != len(d)-2 {
-				return false
-			}
-			d = d[2:]
-			l = int(d[0])
-			if l != len(d)-1 {
-				return false
-			}
-			d = d[1:]
-			if len(d) == 0 {
-				// ALPN protocols must not be empty.
-				return false
-			}
-			m.AlpnProtocol = string(d)
-		case extensionSCT:
-			d := data[:length]
-
-			if len(d) < 2 {
-				return false
-			}
-			l := int(d[0])<<8 | int(d[1])
-			d = d[2:]
-			if len(d) != l || l == 0 {
-				return false
-			}
-
-			m.Scts = make([][]byte, 0, 3)
-			for len(d) != 0 {
-				if len(d) < 2 {
-					return false
-				}
-				sctLen := int(d[0])<<8 | int(d[1])
-				d = d[2:]
-				if sctLen == 0 || len(d) < sctLen {
-					return false
-				}
-				m.Scts = append(m.Scts, d[:sctLen])
-				d = d[sctLen:]
-			}
-		}
-		data = data[length:]
-	}
-
-	return true
-}
-
-type CertificateMsg struct {
-	Raw          []byte
-	Certificates [][]byte
-}
-
-func (m *CertificateMsg) equal(i interface{}) bool {
-	m1, ok := i.(*CertificateMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		eqByteSlices(m.Certificates, m1.Certificates)
-}
-
-func (m *CertificateMsg) marshal() (x []byte) {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	var i int
-	for _, slice := range m.Certificates {
-		i += len(slice)
-	}
-
-	length := 3 + 3*len(m.Certificates) + i
-	x = make([]byte, 4+length)
-	x[0] = TypeCertificate
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-
-	certificateOctets := length - 3
-	x[4] = uint8(certificateOctets >> 16)
-	x[5] = uint8(certificateOctets >> 8)
-	x[6] = uint8(certificateOctets)
-
-	y := x[7:]
-	for _, slice := range m.Certificates {
-		y[0] = uint8(len(slice) >> 16)
-		y[1] = uint8(len(slice) >> 8)
-		y[2] = uint8(len(slice))
-		copy(y[3:], slice)
-		y = y[3+len(slice):]
-	}
-
-	m.Raw = x
-	return
-}
-
-func (m *CertificateMsg) Unmarshal(data []byte) bool {
-	if len(data) < 7 {
-		return false
-	}
-
-	m.Raw = data
-	certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
-	if uint32(len(data)) != certsLen+7 {
-		return false
-	}
-
-	numCerts := 0
-	d := data[7:]
-	for certsLen > 0 {
-		if len(d) < 4 {
-			return false
-		}
-		certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
-		if uint32(len(d)) < 3+certLen {
-			return false
-		}
-		d = d[3+certLen:]
-		certsLen -= 3 + certLen
-		numCerts++
-	}
-
-	m.Certificates = make([][]byte, numCerts)
-	d = data[7:]
-	for i := 0; i < numCerts; i++ {
-		certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
-		m.Certificates[i] = d[3 : 3+certLen]
-		d = d[3+certLen:]
-	}
-
-	return true
-}
-
-type ServerKeyExchangeMsg struct {
-	Raw []byte
-	Key []byte
-}
-
-func (m *ServerKeyExchangeMsg) equal(i interface{}) bool {
-	m1, ok := i.(*ServerKeyExchangeMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		bytes.Equal(m.Key, m1.Key)
-}
-
-func (m *ServerKeyExchangeMsg) marshal() []byte {
-	if m.Raw != nil {
-		return m.Raw
-	}
-	length := len(m.Key)
-	x := make([]byte, length+4)
-	x[0] = TypeServerKeyExchange
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-	copy(x[4:], m.Key)
-
-	m.Raw = x
-	return x
-}
-
-func (m *ServerKeyExchangeMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-	if len(data) < 4 {
-		return false
-	}
-	m.Key = data[4:]
-	return true
-}
-
-type CertificateStatusMsg struct {
-	Raw        []byte
-	StatusType uint8
-	Response   []byte
-}
-
-func (m *CertificateStatusMsg) equal(i interface{}) bool {
-	m1, ok := i.(*CertificateStatusMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		m.StatusType == m1.StatusType &&
-		bytes.Equal(m.Response, m1.Response)
-}
-
-func (m *CertificateStatusMsg) marshal() []byte {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	var x []byte
-	if m.StatusType == statusTypeOCSP {
-		x = make([]byte, 4+4+len(m.Response))
-		x[0] = TypeCertificateStatus
-		l := len(m.Response) + 4
-		x[1] = byte(l >> 16)
-		x[2] = byte(l >> 8)
-		x[3] = byte(l)
-		x[4] = statusTypeOCSP
-
-		l -= 4
-		x[5] = byte(l >> 16)
-		x[6] = byte(l >> 8)
-		x[7] = byte(l)
-		copy(x[8:], m.Response)
-	} else {
-		x = []byte{TypeCertificateStatus, 0, 0, 1, m.StatusType}
-	}
-
-	m.Raw = x
-	return x
-}
-
-func (m *CertificateStatusMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-	if len(data) < 5 {
-		return false
-	}
-	m.StatusType = data[4]
-
-	m.Response = nil
-	if m.StatusType == statusTypeOCSP {
-		if len(data) < 8 {
-			return false
-		}
-		respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
-		if uint32(len(data)) != 4+4+respLen {
-			return false
-		}
-		m.Response = data[8:]
-	}
-	return true
-}
-
-type ServerHelloDoneMsg struct{}
-
-func (m *ServerHelloDoneMsg) equal(i interface{}) bool {
-	_, ok := i.(*ServerHelloDoneMsg)
-	return ok
-}
-
-func (m *ServerHelloDoneMsg) marshal() []byte {
-	x := make([]byte, 4)
-	x[0] = TypeServerHelloDone
-	return x
-}
-
-func (m *ServerHelloDoneMsg) Unmarshal(data []byte) bool {
-	return len(data) == 4
-}
-
-type ClientKeyExchangeMsg struct {
-	Raw        []byte
-	Ciphertext []byte
-}
-
-func (m *ClientKeyExchangeMsg) equal(i interface{}) bool {
-	m1, ok := i.(*ClientKeyExchangeMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		bytes.Equal(m.Ciphertext, m1.Ciphertext)
-}
-
-func (m *ClientKeyExchangeMsg) marshal() []byte {
-	if m.Raw != nil {
-		return m.Raw
-	}
-	length := len(m.Ciphertext)
-	x := make([]byte, length+4)
-	x[0] = TypeClientKeyExchange
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-	copy(x[4:], m.Ciphertext)
-
-	m.Raw = x
-	return x
-}
-
-func (m *ClientKeyExchangeMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-	if len(data) < 4 {
-		return false
-	}
-	l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
-	if l != len(data)-4 {
-		return false
-	}
-	m.Ciphertext = data[4:]
-	return true
-}
-
-type FinishedMsg struct {
-	Raw        []byte
-	VerifyData []byte
-}
-
-func (m *FinishedMsg) equal(i interface{}) bool {
-	m1, ok := i.(*FinishedMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		bytes.Equal(m.VerifyData, m1.VerifyData)
-}
-
-func (m *FinishedMsg) marshal() (x []byte) {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	x = make([]byte, 4+len(m.VerifyData))
-	x[0] = TypeFinished
-	x[3] = byte(len(m.VerifyData))
-	copy(x[4:], m.VerifyData)
-	m.Raw = x
-	return
-}
-
-func (m *FinishedMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-	if len(data) < 4 {
-		return false
-	}
-	m.VerifyData = data[4:]
-	return true
-}
-
-type NextProtoMsg struct {
-	Raw   []byte
-	Proto string
-}
-
-func (m *NextProtoMsg) equal(i interface{}) bool {
-	m1, ok := i.(*NextProtoMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		m.Proto == m1.Proto
-}
-
-func (m *NextProtoMsg) marshal() []byte {
-	if m.Raw != nil {
-		return m.Raw
-	}
-	l := len(m.Proto)
-	if l > 255 {
-		l = 255
-	}
-
-	padding := 32 - (l+2)%32
-	length := l + padding + 2
-	x := make([]byte, length+4)
-	x[0] = TypeNextProtocol
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-
-	y := x[4:]
-	y[0] = byte(l)
-	copy(y[1:], []byte(m.Proto[0:l]))
-	y = y[1+l:]
-	y[0] = byte(padding)
-
-	m.Raw = x
-
-	return x
-}
-
-func (m *NextProtoMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-
-	if len(data) < 5 {
-		return false
-	}
-	data = data[4:]
-	protoLen := int(data[0])
-	data = data[1:]
-	if len(data) < protoLen {
-		return false
-	}
-	m.Proto = string(data[0:protoLen])
-	data = data[protoLen:]
-
-	if len(data) < 1 {
-		return false
-	}
-	paddingLen := int(data[0])
-	data = data[1:]
-	if len(data) != paddingLen {
-		return false
-	}
-
-	return true
-}
-
-type CertificateRequestMsg struct {
-	Raw []byte
-	// hasSignatureAndHash indicates whether this message includes a list
-	// of signature and hash functions. This change was introduced with TLS
-	// 1.2.
-	HasSignatureAndHash bool
-
-	CertificateTypes       []byte
-	SignatureAndHashes     []signatureAndHash
-	CertificateAuthorities [][]byte
-}
-
-func (m *CertificateRequestMsg) equal(i interface{}) bool {
-	m1, ok := i.(*CertificateRequestMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		bytes.Equal(m.CertificateTypes, m1.CertificateTypes) &&
-		eqByteSlices(m.CertificateAuthorities, m1.CertificateAuthorities) &&
-		eqSignatureAndHashes(m.SignatureAndHashes, m1.SignatureAndHashes)
-}
-
-func (m *CertificateRequestMsg) marshal() (x []byte) {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	// See http://tools.ietf.org/html/rfc4346#section-7.4.4
-	length := 1 + len(m.CertificateTypes) + 2
-	casLength := 0
-	for _, ca := range m.CertificateAuthorities {
-		casLength += 2 + len(ca)
-	}
-	length += casLength
-
-	if m.HasSignatureAndHash {
-		length += 2 + 2*len(m.SignatureAndHashes)
-	}
-
-	x = make([]byte, 4+length)
-	x[0] = TypeCertificateRequest
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-
-	x[4] = uint8(len(m.CertificateTypes))
-
-	copy(x[5:], m.CertificateTypes)
-	y := x[5+len(m.CertificateTypes):]
-
-	if m.HasSignatureAndHash {
-		n := len(m.SignatureAndHashes) * 2
-		y[0] = uint8(n >> 8)
-		y[1] = uint8(n)
-		y = y[2:]
-		for _, sigAndHash := range m.SignatureAndHashes {
-			y[0] = sigAndHash.hash
-			y[1] = sigAndHash.signature
-			y = y[2:]
-		}
-	}
-
-	y[0] = uint8(casLength >> 8)
-	y[1] = uint8(casLength)
-	y = y[2:]
-	for _, ca := range m.CertificateAuthorities {
-		y[0] = uint8(len(ca) >> 8)
-		y[1] = uint8(len(ca))
-		y = y[2:]
-		copy(y, ca)
-		y = y[len(ca):]
-	}
-
-	m.Raw = x
-	return
-}
-
-func (m *CertificateRequestMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-
-	if len(data) < 5 {
-		return false
-	}
-
-	length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
-	if uint32(len(data))-4 != length {
-		return false
-	}
-
-	numCertTypes := int(data[4])
-	data = data[5:]
-	if numCertTypes == 0 || len(data) <= numCertTypes {
-		return false
-	}
-
-	m.CertificateTypes = make([]byte, numCertTypes)
-	if copy(m.CertificateTypes, data) != numCertTypes {
-		return false
-	}
-
-	data = data[numCertTypes:]
-
-	if m.HasSignatureAndHash {
-		if len(data) < 2 {
-			return false
-		}
-		sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
-		data = data[2:]
-		if sigAndHashLen&1 != 0 {
-			return false
-		}
-		if len(data) < int(sigAndHashLen) {
-			return false
-		}
-		numSigAndHash := sigAndHashLen / 2
-		m.SignatureAndHashes = make([]signatureAndHash, numSigAndHash)
-		for i := range m.SignatureAndHashes {
-			m.SignatureAndHashes[i].hash = data[0]
-			m.SignatureAndHashes[i].signature = data[1]
-			data = data[2:]
-		}
-	}
-
-	if len(data) < 2 {
-		return false
-	}
-	casLength := uint16(data[0])<<8 | uint16(data[1])
-	data = data[2:]
-	if len(data) < int(casLength) {
-		return false
-	}
-	cas := make([]byte, casLength)
-	copy(cas, data)
-	data = data[casLength:]
-
-	m.CertificateAuthorities = nil
-	for len(cas) > 0 {
-		if len(cas) < 2 {
-			return false
-		}
-		caLen := uint16(cas[0])<<8 | uint16(cas[1])
-		cas = cas[2:]
-
-		if len(cas) < int(caLen) {
-			return false
-		}
-
-		m.CertificateAuthorities = append(m.CertificateAuthorities, cas[:caLen])
-		cas = cas[caLen:]
-	}
-
-	return len(data) == 0
-}
-
-type CertificateVerifyMsg struct {
-	Raw                 []byte
-	HasSignatureAndHash bool
-	SignatureAndHash    signatureAndHash
-	Signature           []byte
-}
-
-func (m *CertificateVerifyMsg) equal(i interface{}) bool {
-	m1, ok := i.(*CertificateVerifyMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		m.HasSignatureAndHash == m1.HasSignatureAndHash &&
-		m.SignatureAndHash.hash == m1.SignatureAndHash.hash &&
-		m.SignatureAndHash.signature == m1.SignatureAndHash.signature &&
-		bytes.Equal(m.Signature, m1.Signature)
-}
-
-func (m *CertificateVerifyMsg) marshal() (x []byte) {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	// See http://tools.ietf.org/html/rfc4346#section-7.4.8
-	siglength := len(m.Signature)
-	length := 2 + siglength
-	if m.HasSignatureAndHash {
-		length += 2
-	}
-	x = make([]byte, 4+length)
-	x[0] = TypeCertificateVerify
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-	y := x[4:]
-	if m.HasSignatureAndHash {
-		y[0] = m.SignatureAndHash.hash
-		y[1] = m.SignatureAndHash.signature
-		y = y[2:]
-	}
-	y[0] = uint8(siglength >> 8)
-	y[1] = uint8(siglength)
-	copy(y[2:], m.Signature)
-
-	m.Raw = x
-
-	return
-}
-
-func (m *CertificateVerifyMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-
-	if len(data) < 6 {
-		return false
-	}
-
-	length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
-	if uint32(len(data))-4 != length {
-		return false
-	}
-
-	data = data[4:]
-	if m.HasSignatureAndHash {
-		m.SignatureAndHash.hash = data[0]
-		m.SignatureAndHash.signature = data[1]
-		data = data[2:]
-	}
-
-	if len(data) < 2 {
-		return false
-	}
-	siglength := int(data[0])<<8 + int(data[1])
-	data = data[2:]
-	if len(data) != siglength {
-		return false
-	}
-
-	m.Signature = data
-
-	return true
-}
-
-type NewSessionTicketMsg struct {
-	Raw    []byte
-	Ticket []byte
-}
-
-func (m *NewSessionTicketMsg) equal(i interface{}) bool {
-	m1, ok := i.(*NewSessionTicketMsg)
-	if !ok {
-		return false
-	}
-
-	return bytes.Equal(m.Raw, m1.Raw) &&
-		bytes.Equal(m.Ticket, m1.Ticket)
-}
-
-func (m *NewSessionTicketMsg) marshal() (x []byte) {
-	if m.Raw != nil {
-		return m.Raw
-	}
-
-	// See http://tools.ietf.org/html/rfc5077#section-3.3
-	ticketLen := len(m.Ticket)
-	length := 2 + 4 + ticketLen
-	x = make([]byte, 4+length)
-	x[0] = TypeNewSessionTicket
-	x[1] = uint8(length >> 16)
-	x[2] = uint8(length >> 8)
-	x[3] = uint8(length)
-	x[8] = uint8(ticketLen >> 8)
-	x[9] = uint8(ticketLen)
-	copy(x[10:], m.Ticket)
-
-	m.Raw = x
-
-	return
-}
-
-func (m *NewSessionTicketMsg) Unmarshal(data []byte) bool {
-	m.Raw = data
-
-	if len(data) < 10 {
-		return false
-	}
-
-	length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
-	if uint32(len(data))-4 != length {
-		return false
-	}
-
-	ticketLen := int(data[8])<<8 + int(data[9])
-	if len(data)-10 != ticketLen {
-		return false
-	}
-
-	m.Ticket = data[10:]
-
-	return true
-}
-
-type HelloRequestMsg struct {
-}
-
-func (*HelloRequestMsg) marshal() []byte {
-	return []byte{TypeHelloRequest, 0, 0, 0}
-}
-
-func (*HelloRequestMsg) Unmarshal(data []byte) bool {
-	return len(data) == 4
-}
-
-func eqUint16s(x, y []uint16) bool {
-	if len(x) != len(y) {
-		return false
-	}
-	for i, v := range x {
-		if y[i] != v {
-			return false
-		}
-	}
-	return true
-}
-
-func eqCurveIDs(x, y []CurveID) bool {
-	if len(x) != len(y) {
-		return false
-	}
-	for i, v := range x {
-		if y[i] != v {
-			return false
-		}
-	}
-	return true
-}
-
-func eqStrings(x, y []string) bool {
-	if len(x) != len(y) {
-		return false
-	}
-	for i, v := range x {
-		if y[i] != v {
-			return false
-		}
-	}
-	return true
-}
-
-func eqByteSlices(x, y [][]byte) bool {
-	if len(x) != len(y) {
-		return false
-	}
-	for i, v := range x {
-		if !bytes.Equal(v, y[i]) {
-			return false
-		}
-	}
-	return true
-}
-
-func eqSignatureAndHashes(x, y []signatureAndHash) bool {
-	if len(x) != len(y) {
-		return false
-	}
-	for i, v := range x {
-		v2 := y[i]
-		if v.hash != v2.hash || v.signature != v2.signature {
-			return false
-		}
-	}
-	return true
-}
diff --git a/firewall/inspection/tls/tlslib/handshake_server.go b/firewall/inspection/tls/tlslib/handshake_server.go
deleted file mode 100644
index 98e6ba0d..00000000
--- a/firewall/inspection/tls/tlslib/handshake_server.go
+++ /dev/null
@@ -1,842 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"crypto/subtle"
-	"crypto/x509"
-	"encoding/asn1"
-	"errors"
-	"fmt"
-	"io"
-)
-
-// serverHandshakeState contains details of a server handshake in progress.
-// It's discarded once the handshake has completed.
-type serverHandshakeState struct {
-	c                     *Conn
-	clientHello           *ClientHelloMsg
-	hello                 *ServerHelloMsg
-	suite                 *cipherSuite
-	ellipticOk            bool
-	ecdsaOk               bool
-	rsaDecryptOk          bool
-	rsaSignOk             bool
-	sessionState          *sessionState
-	finishedHash          finishedHash
-	masterSecret          []byte
-	certsFromClient       [][]byte
-	cert                  *Certificate
-	cachedClientHelloInfo *ClientHelloInfo
-}
-
-// serverHandshake performs a TLS handshake as a server.
-// c.out.Mutex <= L; c.handshakeMutex <= L.
-func (c *Conn) serverHandshake() error {
-	// If this is the first server handshake, we generate a random key to
-	// encrypt the tickets with.
-	c.config.serverInitOnce.Do(c.config.serverInit)
-
-	hs := serverHandshakeState{
-		c: c,
-	}
-	isResume, err := hs.readClientHello()
-	if err != nil {
-		return err
-	}
-
-	// For an overview of TLS handshaking, see https://tools.ietf.org/html/rfc5246#section-7.3
-	c.buffering = true
-	if isResume {
-		// The client has included a session ticket and so we do an abbreviated handshake.
-		if err := hs.doResumeHandshake(); err != nil {
-			return err
-		}
-		if err := hs.establishKeys(); err != nil {
-			return err
-		}
-		// ticketSupported is set in a resumption handshake if the
-		// ticket from the client was encrypted with an old session
-		// ticket key and thus a refreshed ticket should be sent.
-		if hs.hello.TicketSupported {
-			if err := hs.sendSessionTicket(); err != nil {
-				return err
-			}
-		}
-		if err := hs.sendFinished(c.serverFinished[:]); err != nil {
-			return err
-		}
-		if _, err := c.flush(); err != nil {
-			return err
-		}
-		c.clientFinishedIsFirst = false
-		if err := hs.readFinished(nil); err != nil {
-			return err
-		}
-		c.didResume = true
-	} else {
-		// The client didn't include a session ticket, or it wasn't
-		// valid so we do a full handshake.
-		if err := hs.doFullHandshake(); err != nil {
-			return err
-		}
-		if err := hs.establishKeys(); err != nil {
-			return err
-		}
-		if err := hs.readFinished(c.clientFinished[:]); err != nil {
-			return err
-		}
-		c.clientFinishedIsFirst = true
-		c.buffering = true
-		if err := hs.sendSessionTicket(); err != nil {
-			return err
-		}
-		if err := hs.sendFinished(nil); err != nil {
-			return err
-		}
-		if _, err := c.flush(); err != nil {
-			return err
-		}
-	}
-	c.handshakeComplete = true
-
-	return nil
-}
-
-// readClientHello reads a ClientHello message from the client and decides
-// whether we will perform session resumption.
-func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
-	c := hs.c
-
-	msg, err := c.readHandshake()
-	if err != nil {
-		return false, err
-	}
-	var ok bool
-	hs.clientHello, ok = msg.(*ClientHelloMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return false, unexpectedMessageError(hs.clientHello, msg)
-	}
-
-	if c.config.GetConfigForClient != nil {
-		if newConfig, err := c.config.GetConfigForClient(hs.clientHelloInfo()); err != nil {
-			c.sendAlert(alertInternalError)
-			return false, err
-		} else if newConfig != nil {
-			newConfig.mutex.Lock()
-			newConfig.originalConfig = c.config
-			newConfig.mutex.Unlock()
-
-			newConfig.serverInitOnce.Do(newConfig.serverInit)
-			c.config = newConfig
-		}
-	}
-
-	c.vers, ok = c.config.mutualVersion(hs.clientHello.Vers)
-	if !ok {
-		c.sendAlert(alertProtocolVersion)
-		return false, fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", hs.clientHello.Vers)
-	}
-	c.haveVers = true
-
-	hs.hello = new(ServerHelloMsg)
-
-	supportedCurve := false
-	preferredCurves := c.config.curvePreferences()
-Curves:
-	for _, curve := range hs.clientHello.SupportedCurves {
-		for _, supported := range preferredCurves {
-			if supported == curve {
-				supportedCurve = true
-				break Curves
-			}
-		}
-	}
-
-	supportedPointFormat := false
-	for _, pointFormat := range hs.clientHello.SupportedPoints {
-		if pointFormat == pointFormatUncompressed {
-			supportedPointFormat = true
-			break
-		}
-	}
-	hs.ellipticOk = supportedCurve && supportedPointFormat
-
-	foundCompression := false
-	// We only support null compression, so check that the client offered it.
-	for _, compression := range hs.clientHello.CompressionMethods {
-		if compression == compressionNone {
-			foundCompression = true
-			break
-		}
-	}
-
-	if !foundCompression {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: client does not support uncompressed connections")
-	}
-
-	hs.hello.Vers = c.vers
-	hs.hello.Random = make([]byte, 32)
-	_, err = io.ReadFull(c.config.rand(), hs.hello.Random)
-	if err != nil {
-		c.sendAlert(alertInternalError)
-		return false, err
-	}
-
-	if len(hs.clientHello.SecureRenegotiation) != 0 {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: initial handshake had non-empty renegotiation extension")
-	}
-
-	hs.hello.SecureRenegotiationSupported = hs.clientHello.SecureRenegotiationSupported
-	hs.hello.CompressionMethod = compressionNone
-	if len(hs.clientHello.ServerName) > 0 {
-		c.ServerName = hs.clientHello.ServerName
-	}
-
-	if len(hs.clientHello.AlpnProtocols) > 0 {
-		if selectedProto, fallback := mutualProtocol(hs.clientHello.AlpnProtocols, c.config.NextProtos); !fallback {
-			hs.hello.AlpnProtocol = selectedProto
-			c.clientProtocol = selectedProto
-		}
-	} else {
-		// Although sending an empty NPN extension is reasonable, Firefox has
-		// had a bug around this. Best to send nothing at all if
-		// c.config.NextProtos is empty. See
-		// https://golang.org/issue/5445.
-		if hs.clientHello.NextProtoNeg && len(c.config.NextProtos) > 0 {
-			hs.hello.NextProtoNeg = true
-			hs.hello.NextProtos = c.config.NextProtos
-		}
-	}
-
-	hs.cert, err = c.config.getCertificate(hs.clientHelloInfo())
-	if err != nil {
-		c.sendAlert(alertInternalError)
-		return false, err
-	}
-	if hs.clientHello.Scts {
-		hs.hello.Scts = hs.cert.SignedCertificateTimestamps
-	}
-
-	if priv, ok := hs.cert.PrivateKey.(crypto.Signer); ok {
-		switch priv.Public().(type) {
-		case *ecdsa.PublicKey:
-			hs.ecdsaOk = true
-		case *rsa.PublicKey:
-			hs.rsaSignOk = true
-		default:
-			c.sendAlert(alertInternalError)
-			return false, fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public())
-		}
-	}
-	if priv, ok := hs.cert.PrivateKey.(crypto.Decrypter); ok {
-		switch priv.Public().(type) {
-		case *rsa.PublicKey:
-			hs.rsaDecryptOk = true
-		default:
-			c.sendAlert(alertInternalError)
-			return false, fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public())
-		}
-	}
-
-	if hs.checkForResumption() {
-		return true, nil
-	}
-
-	var preferenceList, supportedList []uint16
-	if c.config.PreferServerCipherSuites {
-		preferenceList = c.config.cipherSuites()
-		supportedList = hs.clientHello.CipherSuites
-	} else {
-		preferenceList = hs.clientHello.CipherSuites
-		supportedList = c.config.cipherSuites()
-	}
-
-	for _, id := range preferenceList {
-		if hs.setCipherSuite(id, supportedList, c.vers) {
-			break
-		}
-	}
-
-	if hs.suite == nil {
-		c.sendAlert(alertHandshakeFailure)
-		return false, errors.New("tls: no cipher suite supported by both client and server")
-	}
-
-	// See https://tools.ietf.org/html/rfc7507.
-	for _, id := range hs.clientHello.CipherSuites {
-		if id == TLS_FALLBACK_SCSV {
-			// The client is doing a fallback connection.
-			if hs.clientHello.Vers < c.config.maxVersion() {
-				c.sendAlert(alertInappropriateFallback)
-				return false, errors.New("tls: client using inappropriate protocol fallback")
-			}
-			break
-		}
-	}
-
-	return false, nil
-}
-
-// checkForResumption reports whether we should perform resumption on this connection.
-func (hs *serverHandshakeState) checkForResumption() bool {
-	c := hs.c
-
-	if c.config.SessionTicketsDisabled {
-		return false
-	}
-
-	var ok bool
-	var sessionTicket = append([]uint8{}, hs.clientHello.SessionTicket...)
-	if hs.sessionState, ok = c.decryptTicket(sessionTicket); !ok {
-		return false
-	}
-
-	// Never resume a session for a different TLS version.
-	if c.vers != hs.sessionState.vers {
-		return false
-	}
-
-	cipherSuiteOk := false
-	// Check that the client is still offering the ciphersuite in the session.
-	for _, id := range hs.clientHello.CipherSuites {
-		if id == hs.sessionState.cipherSuite {
-			cipherSuiteOk = true
-			break
-		}
-	}
-	if !cipherSuiteOk {
-		return false
-	}
-
-	// Check that we also support the ciphersuite from the session.
-	if !hs.setCipherSuite(hs.sessionState.cipherSuite, c.config.cipherSuites(), hs.sessionState.vers) {
-		return false
-	}
-
-	sessionHasClientCerts := len(hs.sessionState.certificates) != 0
-	needClientCerts := c.config.ClientAuth == RequireAnyClientCert || c.config.ClientAuth == RequireAndVerifyClientCert
-	if needClientCerts && !sessionHasClientCerts {
-		return false
-	}
-	if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
-		return false
-	}
-
-	return true
-}
-
-func (hs *serverHandshakeState) doResumeHandshake() error {
-	c := hs.c
-
-	hs.hello.CipherSuite = hs.suite.id
-	// We echo the client's session ID in the ServerHello to let it know
-	// that we're doing a resumption.
-	hs.hello.SessionId = hs.clientHello.SessionId
-	hs.hello.TicketSupported = hs.sessionState.usedOldKey
-	hs.finishedHash = newFinishedHash(c.vers, hs.suite)
-	hs.finishedHash.discardHandshakeBuffer()
-	hs.finishedHash.Write(hs.clientHello.marshal())
-	hs.finishedHash.Write(hs.hello.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, hs.hello.marshal()); err != nil {
-		return err
-	}
-
-	if len(hs.sessionState.certificates) > 0 {
-		if _, err := hs.processCertsFromClient(hs.sessionState.certificates); err != nil {
-			return err
-		}
-	}
-
-	hs.masterSecret = hs.sessionState.masterSecret
-
-	return nil
-}
-
-func (hs *serverHandshakeState) doFullHandshake() error {
-	c := hs.c
-
-	if hs.clientHello.OcspStapling && len(hs.cert.OCSPStaple) > 0 {
-		hs.hello.OcspStapling = true
-	}
-
-	hs.hello.TicketSupported = hs.clientHello.TicketSupported && !c.config.SessionTicketsDisabled
-	hs.hello.CipherSuite = hs.suite.id
-
-	hs.finishedHash = newFinishedHash(hs.c.vers, hs.suite)
-	if c.config.ClientAuth == NoClientCert {
-		// No need to keep a full record of the handshake if client
-		// certificates won't be used.
-		hs.finishedHash.discardHandshakeBuffer()
-	}
-	hs.finishedHash.Write(hs.clientHello.marshal())
-	hs.finishedHash.Write(hs.hello.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, hs.hello.marshal()); err != nil {
-		return err
-	}
-
-	certMsg := new(CertificateMsg)
-	certMsg.Certificates = hs.cert.Certificate
-	hs.finishedHash.Write(certMsg.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, certMsg.marshal()); err != nil {
-		return err
-	}
-
-	if hs.hello.OcspStapling {
-		certStatus := new(CertificateStatusMsg)
-		certStatus.StatusType = statusTypeOCSP
-		certStatus.Response = hs.cert.OCSPStaple
-		hs.finishedHash.Write(certStatus.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, certStatus.marshal()); err != nil {
-			return err
-		}
-	}
-
-	keyAgreement := hs.suite.ka(c.vers)
-	skx, err := keyAgreement.generateServerKeyExchange(c.config, hs.cert, hs.clientHello, hs.hello)
-	if err != nil {
-		c.sendAlert(alertHandshakeFailure)
-		return err
-	}
-	if skx != nil {
-		hs.finishedHash.Write(skx.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, skx.marshal()); err != nil {
-			return err
-		}
-	}
-
-	if c.config.ClientAuth >= RequestClientCert {
-		// Request a client certificate
-		certReq := new(CertificateRequestMsg)
-		certReq.CertificateTypes = []byte{
-			byte(certTypeRSASign),
-			byte(certTypeECDSASign),
-		}
-		if c.vers >= VersionTLS12 {
-			certReq.HasSignatureAndHash = true
-			certReq.SignatureAndHashes = supportedSignatureAlgorithms
-		}
-
-		// An empty list of certificateAuthorities signals to
-		// the client that it may send any certificate in response
-		// to our request. When we know the CAs we trust, then
-		// we can send them down, so that the client can choose
-		// an appropriate certificate to give to us.
-		if c.config.ClientCAs != nil {
-			certReq.CertificateAuthorities = c.config.ClientCAs.Subjects()
-		}
-		hs.finishedHash.Write(certReq.marshal())
-		if _, err := c.writeRecord(RecordTypeHandshake, certReq.marshal()); err != nil {
-			return err
-		}
-	}
-
-	helloDone := new(ServerHelloDoneMsg)
-	hs.finishedHash.Write(helloDone.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, helloDone.marshal()); err != nil {
-		return err
-	}
-
-	if _, err := c.flush(); err != nil {
-		return err
-	}
-
-	var pub crypto.PublicKey // public key for client auth, if any
-
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-
-	var ok bool
-	// If we requested a client certificate, then the client must send a
-	// certificate message, even if it's empty.
-	if c.config.ClientAuth >= RequestClientCert {
-		if certMsg, ok = msg.(*CertificateMsg); !ok {
-			c.sendAlert(alertUnexpectedMessage)
-			return unexpectedMessageError(certMsg, msg)
-		}
-		hs.finishedHash.Write(certMsg.marshal())
-
-		if len(certMsg.Certificates) == 0 {
-			// The client didn't actually send a certificate
-			switch c.config.ClientAuth {
-			case RequireAnyClientCert, RequireAndVerifyClientCert:
-				c.sendAlert(alertBadCertificate)
-				return errors.New("tls: client didn't provide a certificate")
-			}
-		}
-
-		pub, err = hs.processCertsFromClient(certMsg.Certificates)
-		if err != nil {
-			return err
-		}
-
-		msg, err = c.readHandshake()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Get client key exchange
-	ckx, ok := msg.(*ClientKeyExchangeMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(ckx, msg)
-	}
-	hs.finishedHash.Write(ckx.marshal())
-
-	preMasterSecret, err := keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx, c.vers)
-	if err != nil {
-		c.sendAlert(alertHandshakeFailure)
-		return err
-	}
-	hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.Random, hs.hello.Random)
-	if err := c.config.writeKeyLog(hs.clientHello.Random, hs.masterSecret); err != nil {
-		c.sendAlert(alertInternalError)
-		return err
-	}
-
-	// If we received a client cert in response to our certificate request message,
-	// the client will send us a certificateVerifyMsg immediately after the
-	// clientKeyExchangeMsg. This message is a digest of all preceding
-	// handshake-layer messages that is signed using the private key corresponding
-	// to the client's certificate. This allows us to verify that the client is in
-	// possession of the private key of the certificate.
-	if len(c.peerCertificates) > 0 {
-		msg, err = c.readHandshake()
-		if err != nil {
-			return err
-		}
-		certVerify, ok := msg.(*CertificateVerifyMsg)
-		if !ok {
-			c.sendAlert(alertUnexpectedMessage)
-			return unexpectedMessageError(certVerify, msg)
-		}
-
-		// Determine the signature type.
-		var signatureAndHash signatureAndHash
-		if certVerify.HasSignatureAndHash {
-			signatureAndHash = certVerify.SignatureAndHash
-			if !isSupportedSignatureAndHash(signatureAndHash, supportedSignatureAlgorithms) {
-				return errors.New("tls: unsupported hash function for client certificate")
-			}
-		} else {
-			// Before TLS 1.2 the signature algorithm was implicit
-			// from the key type, and only one hash per signature
-			// algorithm was possible. Leave the hash as zero.
-			switch pub.(type) {
-			case *ecdsa.PublicKey:
-				signatureAndHash.signature = signatureECDSA
-			case *rsa.PublicKey:
-				signatureAndHash.signature = signatureRSA
-			}
-		}
-
-		switch key := pub.(type) {
-		case *ecdsa.PublicKey:
-			if signatureAndHash.signature != signatureECDSA {
-				err = errors.New("tls: bad signature type for client's ECDSA certificate")
-				break
-			}
-			ecdsaSig := new(ecdsaSignature)
-			if _, err = asn1.Unmarshal(certVerify.Signature, ecdsaSig); err != nil {
-				break
-			}
-			if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-				err = errors.New("tls: ECDSA signature contained zero or negative values")
-				break
-			}
-			var digest []byte
-			if digest, _, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret); err != nil {
-				break
-			}
-			if !ecdsa.Verify(key, digest, ecdsaSig.R, ecdsaSig.S) {
-				err = errors.New("tls: ECDSA verification failure")
-			}
-		case *rsa.PublicKey:
-			if signatureAndHash.signature != signatureRSA {
-				err = errors.New("tls: bad signature type for client's RSA certificate")
-				break
-			}
-			var digest []byte
-			var hashFunc crypto.Hash
-			if digest, hashFunc, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret); err != nil {
-				break
-			}
-			err = rsa.VerifyPKCS1v15(key, hashFunc, digest, certVerify.Signature)
-		}
-		if err != nil {
-			c.sendAlert(alertBadCertificate)
-			return errors.New("tls: could not validate signature of connection nonces: " + err.Error())
-		}
-
-		hs.finishedHash.Write(certVerify.marshal())
-	}
-
-	hs.finishedHash.discardHandshakeBuffer()
-
-	return nil
-}
-
-func (hs *serverHandshakeState) establishKeys() error {
-	c := hs.c
-
-	clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV :=
-		keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.Random, hs.hello.Random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen)
-
-	var clientCipher, serverCipher interface{}
-	var clientHash, serverHash macFunction
-
-	if hs.suite.aead == nil {
-		clientCipher = hs.suite.cipher(clientKey, clientIV, true /* for reading */)
-		clientHash = hs.suite.mac(c.vers, clientMAC)
-		serverCipher = hs.suite.cipher(serverKey, serverIV, false /* not for reading */)
-		serverHash = hs.suite.mac(c.vers, serverMAC)
-	} else {
-		clientCipher = hs.suite.aead(clientKey, clientIV)
-		serverCipher = hs.suite.aead(serverKey, serverIV)
-	}
-
-	c.in.prepareCipherSpec(c.vers, clientCipher, clientHash)
-	c.out.prepareCipherSpec(c.vers, serverCipher, serverHash)
-
-	return nil
-}
-
-func (hs *serverHandshakeState) readFinished(out []byte) error {
-	c := hs.c
-
-	c.readRecord(RecordTypeChangeCipherSpec)
-	if c.in.err != nil {
-		return c.in.err
-	}
-
-	if hs.hello.NextProtoNeg {
-		msg, err := c.readHandshake()
-		if err != nil {
-			return err
-		}
-		nextProto, ok := msg.(*NextProtoMsg)
-		if !ok {
-			c.sendAlert(alertUnexpectedMessage)
-			return unexpectedMessageError(nextProto, msg)
-		}
-		hs.finishedHash.Write(nextProto.marshal())
-		c.clientProtocol = nextProto.Proto
-	}
-
-	msg, err := c.readHandshake()
-	if err != nil {
-		return err
-	}
-	clientFinished, ok := msg.(*FinishedMsg)
-	if !ok {
-		c.sendAlert(alertUnexpectedMessage)
-		return unexpectedMessageError(clientFinished, msg)
-	}
-
-	verify := hs.finishedHash.clientSum(hs.masterSecret)
-	if len(verify) != len(clientFinished.VerifyData) ||
-		subtle.ConstantTimeCompare(verify, clientFinished.VerifyData) != 1 {
-		c.sendAlert(alertHandshakeFailure)
-		return errors.New("tls: client's Finished message is incorrect")
-	}
-
-	hs.finishedHash.Write(clientFinished.marshal())
-	copy(out, verify)
-	return nil
-}
-
-func (hs *serverHandshakeState) sendSessionTicket() error {
-	if !hs.hello.TicketSupported {
-		return nil
-	}
-
-	c := hs.c
-	m := new(NewSessionTicketMsg)
-
-	var err error
-	state := sessionState{
-		vers:         c.vers,
-		cipherSuite:  hs.suite.id,
-		masterSecret: hs.masterSecret,
-		certificates: hs.certsFromClient,
-	}
-	m.Ticket, err = c.encryptTicket(&state)
-	if err != nil {
-		return err
-	}
-
-	hs.finishedHash.Write(m.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, m.marshal()); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (hs *serverHandshakeState) sendFinished(out []byte) error {
-	c := hs.c
-
-	if _, err := c.writeRecord(RecordTypeChangeCipherSpec, []byte{1}); err != nil {
-		return err
-	}
-
-	finished := new(FinishedMsg)
-	finished.VerifyData = hs.finishedHash.serverSum(hs.masterSecret)
-	hs.finishedHash.Write(finished.marshal())
-	if _, err := c.writeRecord(RecordTypeHandshake, finished.marshal()); err != nil {
-		return err
-	}
-
-	c.cipherSuite = hs.suite.id
-	copy(out, finished.VerifyData)
-
-	return nil
-}
-
-// processCertsFromClient takes a chain of client certificates either from a
-// Certificates message or from a sessionState and verifies them. It returns
-// the public key of the leaf certificate.
-func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (crypto.PublicKey, error) {
-	c := hs.c
-
-	hs.certsFromClient = certificates
-	certs := make([]*x509.Certificate, len(certificates))
-	var err error
-	for i, asn1Data := range certificates {
-		if certs[i], err = x509.ParseCertificate(asn1Data); err != nil {
-			c.sendAlert(alertBadCertificate)
-			return nil, errors.New("tls: failed to parse client certificate: " + err.Error())
-		}
-	}
-
-	if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
-		opts := x509.VerifyOptions{
-			Roots:         c.config.ClientCAs,
-			CurrentTime:   c.config.time(),
-			Intermediates: x509.NewCertPool(),
-			KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
-		}
-
-		for _, cert := range certs[1:] {
-			opts.Intermediates.AddCert(cert)
-		}
-
-		chains, err := certs[0].Verify(opts)
-		if err != nil {
-			c.sendAlert(alertBadCertificate)
-			return nil, errors.New("tls: failed to verify client's certificate: " + err.Error())
-		}
-
-		c.verifiedChains = chains
-	}
-
-	if c.config.VerifyPeerCertificate != nil {
-		if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil {
-			c.sendAlert(alertBadCertificate)
-			return nil, err
-		}
-	}
-
-	if len(certs) == 0 {
-		return nil, nil
-	}
-
-	var pub crypto.PublicKey
-	switch key := certs[0].PublicKey.(type) {
-	case *ecdsa.PublicKey, *rsa.PublicKey:
-		pub = key
-	default:
-		c.sendAlert(alertUnsupportedCertificate)
-		return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
-	}
-	c.peerCertificates = certs
-	return pub, nil
-}
-
-// setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState
-// suite if that cipher suite is acceptable to use.
-// It returns a bool indicating if the suite was set.
-func (hs *serverHandshakeState) setCipherSuite(id uint16, supportedCipherSuites []uint16, version uint16) bool {
-	for _, supported := range supportedCipherSuites {
-		if id == supported {
-			var candidate *cipherSuite
-
-			for _, s := range cipherSuites {
-				if s.id == id {
-					candidate = s
-					break
-				}
-			}
-			if candidate == nil {
-				continue
-			}
-			// Don't select a ciphersuite which we can't
-			// support for this client.
-			if candidate.flags&suiteECDHE != 0 {
-				if !hs.ellipticOk {
-					continue
-				}
-				if candidate.flags&suiteECDSA != 0 {
-					if !hs.ecdsaOk {
-						continue
-					}
-				} else if !hs.rsaSignOk {
-					continue
-				}
-			} else if !hs.rsaDecryptOk {
-				continue
-			}
-			if version < VersionTLS12 && candidate.flags&suiteTLS12 != 0 {
-				continue
-			}
-			hs.suite = candidate
-			return true
-		}
-	}
-	return false
-}
-
-// suppVersArray is the backing array of ClientHelloInfo.SupportedVersions
-var suppVersArray = [...]uint16{VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30}
-
-func (hs *serverHandshakeState) clientHelloInfo() *ClientHelloInfo {
-	if hs.cachedClientHelloInfo != nil {
-		return hs.cachedClientHelloInfo
-	}
-
-	var supportedVersions []uint16
-	if hs.clientHello.Vers > VersionTLS12 {
-		supportedVersions = suppVersArray[:]
-	} else if hs.clientHello.Vers >= VersionSSL30 {
-		supportedVersions = suppVersArray[VersionTLS12-hs.clientHello.Vers:]
-	}
-
-	signatureSchemes := make([]SignatureScheme, 0, len(hs.clientHello.SignatureAndHashes))
-	for _, sah := range hs.clientHello.SignatureAndHashes {
-		signatureSchemes = append(signatureSchemes, SignatureScheme(sah.hash)<<8+SignatureScheme(sah.signature))
-	}
-
-	hs.cachedClientHelloInfo = &ClientHelloInfo{
-		CipherSuites:      hs.clientHello.CipherSuites,
-		ServerName:        hs.clientHello.ServerName,
-		SupportedCurves:   hs.clientHello.SupportedCurves,
-		SupportedPoints:   hs.clientHello.SupportedPoints,
-		SignatureSchemes:  signatureSchemes,
-		SupportedProtos:   hs.clientHello.AlpnProtocols,
-		SupportedVersions: supportedVersions,
-		Conn:              hs.c.conn,
-	}
-
-	return hs.cachedClientHelloInfo
-}
diff --git a/firewall/inspection/tls/tlslib/key_agreement.go b/firewall/inspection/tls/tlslib/key_agreement.go
deleted file mode 100644
index 2f785b4a..00000000
--- a/firewall/inspection/tls/tlslib/key_agreement.go
+++ /dev/null
@@ -1,473 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/md5"
-	"crypto/rsa"
-	"crypto/sha1"
-	"crypto/x509"
-	"encoding/asn1"
-	"errors"
-	"io"
-	"math/big"
-
-	"golang.org/x/crypto/curve25519"
-)
-
-var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message")
-var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message")
-
-// rsaKeyAgreement implements the standard TLS key agreement where the client
-// encrypts the pre-master secret to the server's public key.
-type rsaKeyAgreement struct{}
-
-func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *ClientHelloMsg, hello *ServerHelloMsg) (*ServerKeyExchangeMsg, error) {
-	return nil, nil
-}
-
-func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *ClientKeyExchangeMsg, version uint16) ([]byte, error) {
-	if len(ckx.Ciphertext) < 2 {
-		return nil, errClientKeyExchange
-	}
-
-	ciphertext := ckx.Ciphertext
-	if version != VersionSSL30 {
-		ciphertextLen := int(ckx.Ciphertext[0])<<8 | int(ckx.Ciphertext[1])
-		if ciphertextLen != len(ckx.Ciphertext)-2 {
-			return nil, errClientKeyExchange
-		}
-		ciphertext = ckx.Ciphertext[2:]
-	}
-	priv, ok := cert.PrivateKey.(crypto.Decrypter)
-	if !ok {
-		return nil, errors.New("tls: certificate private key does not implement crypto.Decrypter")
-	}
-	// Perform constant time RSA PKCS#1 v1.5 decryption
-	preMasterSecret, err := priv.Decrypt(config.rand(), ciphertext, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: 48})
-	if err != nil {
-		return nil, err
-	}
-	// We don't check the version number in the premaster secret. For one,
-	// by checking it, we would leak information about the validity of the
-	// encrypted pre-master secret. Secondly, it provides only a small
-	// benefit against a downgrade attack and some implementations send the
-	// wrong version anyway. See the discussion at the end of section
-	// 7.4.7.1 of RFC 4346.
-	return preMasterSecret, nil
-}
-
-func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *ClientHelloMsg, serverHello *ServerHelloMsg, cert *x509.Certificate, skx *ServerKeyExchangeMsg) error {
-	return errors.New("tls: unexpected ServerKeyExchange")
-}
-
-func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *ClientHelloMsg, cert *x509.Certificate) ([]byte, *ClientKeyExchangeMsg, error) {
-	preMasterSecret := make([]byte, 48)
-	preMasterSecret[0] = byte(clientHello.Vers >> 8)
-	preMasterSecret[1] = byte(clientHello.Vers)
-	_, err := io.ReadFull(config.rand(), preMasterSecret[2:])
-	if err != nil {
-		return nil, nil, err
-	}
-
-	encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret)
-	if err != nil {
-		return nil, nil, err
-	}
-	ckx := new(ClientKeyExchangeMsg)
-	ckx.Ciphertext = make([]byte, len(encrypted)+2)
-	ckx.Ciphertext[0] = byte(len(encrypted) >> 8)
-	ckx.Ciphertext[1] = byte(len(encrypted))
-	copy(ckx.Ciphertext[2:], encrypted)
-	return preMasterSecret, ckx, nil
-}
-
-// sha1Hash calculates a SHA1 hash over the given byte slices.
-func sha1Hash(slices [][]byte) []byte {
-	hsha1 := sha1.New()
-	for _, slice := range slices {
-		hsha1.Write(slice)
-	}
-	return hsha1.Sum(nil)
-}
-
-// md5SHA1Hash implements TLS 1.0's hybrid hash function which consists of the
-// concatenation of an MD5 and SHA1 hash.
-func md5SHA1Hash(slices [][]byte) []byte {
-	md5sha1 := make([]byte, md5.Size+sha1.Size)
-	hmd5 := md5.New()
-	for _, slice := range slices {
-		hmd5.Write(slice)
-	}
-	copy(md5sha1, hmd5.Sum(nil))
-	copy(md5sha1[md5.Size:], sha1Hash(slices))
-	return md5sha1
-}
-
-// hashForServerKeyExchange hashes the given slices and returns their digest
-// and the identifier of the hash function used. The sigAndHash argument is
-// only used for >= TLS 1.2 and precisely identifies the hash function to use.
-func hashForServerKeyExchange(sigAndHash signatureAndHash, version uint16, slices ...[]byte) ([]byte, crypto.Hash, error) {
-	if version >= VersionTLS12 {
-		if !isSupportedSignatureAndHash(sigAndHash, supportedSignatureAlgorithms) {
-			return nil, crypto.Hash(0), errors.New("tls: unsupported hash function used by peer")
-		}
-		hashFunc, err := lookupTLSHash(sigAndHash.hash)
-		if err != nil {
-			return nil, crypto.Hash(0), err
-		}
-		h := hashFunc.New()
-		for _, slice := range slices {
-			h.Write(slice)
-		}
-		digest := h.Sum(nil)
-		return digest, hashFunc, nil
-	}
-	if sigAndHash.signature == signatureECDSA {
-		return sha1Hash(slices), crypto.SHA1, nil
-	}
-	return md5SHA1Hash(slices), crypto.MD5SHA1, nil
-}
-
-// pickTLS12HashForSignature returns a TLS 1.2 hash identifier for signing a
-// ServerKeyExchange given the signature type being used and the client's
-// advertised list of supported signature and hash combinations.
-func pickTLS12HashForSignature(sigType uint8, clientList []signatureAndHash) (uint8, error) {
-	if len(clientList) == 0 {
-		// If the client didn't specify any signature_algorithms
-		// extension then we can assume that it supports SHA1. See
-		// http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-		return hashSHA1, nil
-	}
-
-	for _, sigAndHash := range clientList {
-		if sigAndHash.signature != sigType {
-			continue
-		}
-		if isSupportedSignatureAndHash(sigAndHash, supportedSignatureAlgorithms) {
-			return sigAndHash.hash, nil
-		}
-	}
-
-	return 0, errors.New("tls: client doesn't support any common hash functions")
-}
-
-func curveForCurveID(id CurveID) (elliptic.Curve, bool) {
-	switch id {
-	case CurveP256:
-		return elliptic.P256(), true
-	case CurveP384:
-		return elliptic.P384(), true
-	case CurveP521:
-		return elliptic.P521(), true
-	default:
-		return nil, false
-	}
-
-}
-
-// ecdheRSAKeyAgreement implements a TLS key agreement where the server
-// generates a ephemeral EC public/private key pair and signs it. The
-// pre-master secret is then calculated using ECDH. The signature may
-// either be ECDSA or RSA.
-type ecdheKeyAgreement struct {
-	version    uint16
-	sigType    uint8
-	privateKey []byte
-	curveid    CurveID
-
-	// publicKey is used to store the peer's public value when X25519 is
-	// being used.
-	publicKey []byte
-	// x and y are used to store the peer's public value when one of the
-	// NIST curves is being used.
-	x, y *big.Int
-}
-
-func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *ClientHelloMsg, hello *ServerHelloMsg) (*ServerKeyExchangeMsg, error) {
-	preferredCurves := config.curvePreferences()
-
-NextCandidate:
-	for _, candidate := range preferredCurves {
-		for _, c := range clientHello.SupportedCurves {
-			if candidate == c {
-				ka.curveid = c
-				break NextCandidate
-			}
-		}
-	}
-
-	if ka.curveid == 0 {
-		return nil, errors.New("tls: no supported elliptic curves offered")
-	}
-
-	var ecdhePublic []byte
-
-	if ka.curveid == X25519 {
-		var scalar, public [32]byte
-		if _, err := io.ReadFull(config.rand(), scalar[:]); err != nil {
-			return nil, err
-		}
-
-		curve25519.ScalarBaseMult(&public, &scalar)
-		ka.privateKey = scalar[:]
-		ecdhePublic = public[:]
-	} else {
-		curve, ok := curveForCurveID(ka.curveid)
-		if !ok {
-			return nil, errors.New("tls: preferredCurves includes unsupported curve")
-		}
-
-		var x, y *big.Int
-		var err error
-		ka.privateKey, x, y, err = elliptic.GenerateKey(curve, config.rand())
-		if err != nil {
-			return nil, err
-		}
-		ecdhePublic = elliptic.Marshal(curve, x, y)
-	}
-
-	// http://tools.ietf.org/html/rfc4492#section-5.4
-	serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic))
-	serverECDHParams[0] = 3 // named curve
-	serverECDHParams[1] = byte(ka.curveid >> 8)
-	serverECDHParams[2] = byte(ka.curveid)
-	serverECDHParams[3] = byte(len(ecdhePublic))
-	copy(serverECDHParams[4:], ecdhePublic)
-
-	sigAndHash := signatureAndHash{signature: ka.sigType}
-
-	if ka.version >= VersionTLS12 {
-		var err error
-		if sigAndHash.hash, err = pickTLS12HashForSignature(ka.sigType, clientHello.SignatureAndHashes); err != nil {
-			return nil, err
-		}
-	}
-
-	digest, hashFunc, err := hashForServerKeyExchange(sigAndHash, ka.version, clientHello.Random, hello.Random, serverECDHParams)
-	if err != nil {
-		return nil, err
-	}
-
-	priv, ok := cert.PrivateKey.(crypto.Signer)
-	if !ok {
-		return nil, errors.New("tls: certificate private key does not implement crypto.Signer")
-	}
-	var sig []byte
-	switch ka.sigType {
-	case signatureECDSA:
-		_, ok := priv.Public().(*ecdsa.PublicKey)
-		if !ok {
-			return nil, errors.New("tls: ECDHE ECDSA requires an ECDSA server key")
-		}
-	case signatureRSA:
-		_, ok := priv.Public().(*rsa.PublicKey)
-		if !ok {
-			return nil, errors.New("tls: ECDHE RSA requires a RSA server key")
-		}
-	default:
-		return nil, errors.New("tls: unknown ECDHE signature algorithm")
-	}
-	sig, err = priv.Sign(config.rand(), digest, hashFunc)
-	if err != nil {
-		return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error())
-	}
-
-	skx := new(ServerKeyExchangeMsg)
-	sigAndHashLen := 0
-	if ka.version >= VersionTLS12 {
-		sigAndHashLen = 2
-	}
-	skx.Key = make([]byte, len(serverECDHParams)+sigAndHashLen+2+len(sig))
-	copy(skx.Key, serverECDHParams)
-	k := skx.Key[len(serverECDHParams):]
-	if ka.version >= VersionTLS12 {
-		k[0] = sigAndHash.hash
-		k[1] = sigAndHash.signature
-		k = k[2:]
-	}
-	k[0] = byte(len(sig) >> 8)
-	k[1] = byte(len(sig))
-	copy(k[2:], sig)
-
-	return skx, nil
-}
-
-func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *ClientKeyExchangeMsg, version uint16) ([]byte, error) {
-	if len(ckx.Ciphertext) == 0 || int(ckx.Ciphertext[0]) != len(ckx.Ciphertext)-1 {
-		return nil, errClientKeyExchange
-	}
-
-	if ka.curveid == X25519 {
-		if len(ckx.Ciphertext) != 1+32 {
-			return nil, errClientKeyExchange
-		}
-
-		var theirPublic, sharedKey, scalar [32]byte
-		copy(theirPublic[:], ckx.Ciphertext[1:])
-		copy(scalar[:], ka.privateKey)
-		curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic)
-		return sharedKey[:], nil
-	}
-
-	curve, ok := curveForCurveID(ka.curveid)
-	if !ok {
-		panic("internal error")
-	}
-	x, y := elliptic.Unmarshal(curve, ckx.Ciphertext[1:])
-	if x == nil {
-		return nil, errClientKeyExchange
-	}
-	if !curve.IsOnCurve(x, y) {
-		return nil, errClientKeyExchange
-	}
-	x, _ = curve.ScalarMult(x, y, ka.privateKey)
-	preMasterSecret := make([]byte, (curve.Params().BitSize+7)>>3)
-	xBytes := x.Bytes()
-	copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
-
-	return preMasterSecret, nil
-}
-
-func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *ClientHelloMsg, serverHello *ServerHelloMsg, cert *x509.Certificate, skx *ServerKeyExchangeMsg) error {
-	if len(skx.Key) < 4 {
-		return errServerKeyExchange
-	}
-	if skx.Key[0] != 3 { // named curve
-		return errors.New("tls: server selected unsupported curve")
-	}
-	ka.curveid = CurveID(skx.Key[1])<<8 | CurveID(skx.Key[2])
-
-	publicLen := int(skx.Key[3])
-	if publicLen+4 > len(skx.Key) {
-		return errServerKeyExchange
-	}
-	serverECDHParams := skx.Key[:4+publicLen]
-	publicKey := serverECDHParams[4:]
-
-	sig := skx.Key[4+publicLen:]
-	if len(sig) < 2 {
-		return errServerKeyExchange
-	}
-
-	if ka.curveid == X25519 {
-		if len(publicKey) != 32 {
-			return errors.New("tls: bad X25519 public value")
-		}
-		ka.publicKey = publicKey
-	} else {
-		curve, ok := curveForCurveID(ka.curveid)
-		if !ok {
-			return errors.New("tls: server selected unsupported curve")
-		}
-
-		ka.x, ka.y = elliptic.Unmarshal(curve, publicKey)
-		if ka.x == nil {
-			return errServerKeyExchange
-		}
-		if !curve.IsOnCurve(ka.x, ka.y) {
-			return errServerKeyExchange
-		}
-	}
-
-	sigAndHash := signatureAndHash{signature: ka.sigType}
-	if ka.version >= VersionTLS12 {
-		// handle SignatureAndHashAlgorithm
-		sigAndHash = signatureAndHash{hash: sig[0], signature: sig[1]}
-		if sigAndHash.signature != ka.sigType {
-			return errServerKeyExchange
-		}
-		sig = sig[2:]
-		if len(sig) < 2 {
-			return errServerKeyExchange
-		}
-	}
-	sigLen := int(sig[0])<<8 | int(sig[1])
-	if sigLen+2 != len(sig) {
-		return errServerKeyExchange
-	}
-	sig = sig[2:]
-
-	digest, hashFunc, err := hashForServerKeyExchange(sigAndHash, ka.version, clientHello.Random, serverHello.Random, serverECDHParams)
-	if err != nil {
-		return err
-	}
-	switch ka.sigType {
-	case signatureECDSA:
-		pubKey, ok := cert.PublicKey.(*ecdsa.PublicKey)
-		if !ok {
-			return errors.New("tls: ECDHE ECDSA requires a ECDSA server public key")
-		}
-		ecdsaSig := new(ecdsaSignature)
-		if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil {
-			return err
-		}
-		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-			return errors.New("tls: ECDSA signature contained zero or negative values")
-		}
-		if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) {
-			return errors.New("tls: ECDSA verification failure")
-		}
-	case signatureRSA:
-		pubKey, ok := cert.PublicKey.(*rsa.PublicKey)
-		if !ok {
-			return errors.New("tls: ECDHE RSA requires a RSA server public key")
-		}
-		if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil {
-			return err
-		}
-	default:
-		return errors.New("tls: unknown ECDHE signature algorithm")
-	}
-
-	return nil
-}
-
-func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *ClientHelloMsg, cert *x509.Certificate) ([]byte, *ClientKeyExchangeMsg, error) {
-	if ka.curveid == 0 {
-		return nil, nil, errors.New("tls: missing ServerKeyExchange message")
-	}
-
-	var serialized, preMasterSecret []byte
-
-	if ka.curveid == X25519 {
-		var ourPublic, theirPublic, sharedKey, scalar [32]byte
-
-		if _, err := io.ReadFull(config.rand(), scalar[:]); err != nil {
-			return nil, nil, err
-		}
-
-		copy(theirPublic[:], ka.publicKey)
-		curve25519.ScalarBaseMult(&ourPublic, &scalar)
-		curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic)
-		serialized = ourPublic[:]
-		preMasterSecret = sharedKey[:]
-	} else {
-		curve, ok := curveForCurveID(ka.curveid)
-		if !ok {
-			panic("internal error")
-		}
-		priv, mx, my, err := elliptic.GenerateKey(curve, config.rand())
-		if err != nil {
-			return nil, nil, err
-		}
-		x, _ := curve.ScalarMult(ka.x, ka.y, priv)
-		preMasterSecret = make([]byte, (curve.Params().BitSize+7)>>3)
-		xBytes := x.Bytes()
-		copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
-
-		serialized = elliptic.Marshal(curve, mx, my)
-	}
-
-	ckx := new(ClientKeyExchangeMsg)
-	ckx.Ciphertext = make([]byte, 1+len(serialized))
-	ckx.Ciphertext[0] = byte(len(serialized))
-	copy(ckx.Ciphertext[1:], serialized)
-
-	return preMasterSecret, ckx, nil
-}
diff --git a/firewall/inspection/tls/tlslib/prf.go b/firewall/inspection/tls/tlslib/prf.go
deleted file mode 100644
index 493cd560..00000000
--- a/firewall/inspection/tls/tlslib/prf.go
+++ /dev/null
@@ -1,368 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"crypto"
-	"crypto/hmac"
-	"crypto/md5"
-	"crypto/sha1"
-	"crypto/sha256"
-	"crypto/sha512"
-	"errors"
-	"hash"
-)
-
-// Split a premaster secret in two as specified in RFC 4346, section 5.
-func splitPreMasterSecret(secret []byte) (s1, s2 []byte) {
-	s1 = secret[0 : (len(secret)+1)/2]
-	s2 = secret[len(secret)/2:]
-	return
-}
-
-// pHash implements the P_hash function, as defined in RFC 4346, section 5.
-func pHash(result, secret, seed []byte, hash func() hash.Hash) {
-	h := hmac.New(hash, secret)
-	h.Write(seed)
-	a := h.Sum(nil)
-
-	j := 0
-	for j < len(result) {
-		h.Reset()
-		h.Write(a)
-		h.Write(seed)
-		b := h.Sum(nil)
-		todo := len(b)
-		if j+todo > len(result) {
-			todo = len(result) - j
-		}
-		copy(result[j:j+todo], b)
-		j += todo
-
-		h.Reset()
-		h.Write(a)
-		a = h.Sum(nil)
-	}
-}
-
-// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5.
-func prf10(result, secret, label, seed []byte) {
-	hashSHA1 := sha1.New
-	hashMD5 := md5.New
-
-	labelAndSeed := make([]byte, len(label)+len(seed))
-	copy(labelAndSeed, label)
-	copy(labelAndSeed[len(label):], seed)
-
-	s1, s2 := splitPreMasterSecret(secret)
-	pHash(result, s1, labelAndSeed, hashMD5)
-	result2 := make([]byte, len(result))
-	pHash(result2, s2, labelAndSeed, hashSHA1)
-
-	for i, b := range result2 {
-		result[i] ^= b
-	}
-}
-
-// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, section 5.
-func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) {
-	return func(result, secret, label, seed []byte) {
-		labelAndSeed := make([]byte, len(label)+len(seed))
-		copy(labelAndSeed, label)
-		copy(labelAndSeed[len(label):], seed)
-
-		pHash(result, secret, labelAndSeed, hashFunc)
-	}
-}
-
-// prf30 implements the SSL 3.0 pseudo-random function, as defined in
-// www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 6.
-func prf30(result, secret, label, seed []byte) {
-	hashSHA1 := sha1.New()
-	hashMD5 := md5.New()
-
-	done := 0
-	i := 0
-	// RFC 5246 section 6.3 says that the largest PRF output needed is 128
-	// bytes. Since no more ciphersuites will be added to SSLv3, this will
-	// remain true. Each iteration gives us 16 bytes so 10 iterations will
-	// be sufficient.
-	var b [11]byte
-	for done < len(result) {
-		for j := 0; j <= i; j++ {
-			b[j] = 'A' + byte(i)
-		}
-
-		hashSHA1.Reset()
-		hashSHA1.Write(b[:i+1])
-		hashSHA1.Write(secret)
-		hashSHA1.Write(seed)
-		digest := hashSHA1.Sum(nil)
-
-		hashMD5.Reset()
-		hashMD5.Write(secret)
-		hashMD5.Write(digest)
-
-		done += copy(result[done:], hashMD5.Sum(nil))
-		i++
-	}
-}
-
-const (
-	tlsRandomLength      = 32 // Length of a random nonce in TLS 1.1.
-	masterSecretLength   = 48 // Length of a master secret in TLS 1.1.
-	finishedVerifyLength = 12 // Length of verify_data in a Finished message.
-)
-
-var masterSecretLabel = []byte("master secret")
-var keyExpansionLabel = []byte("key expansion")
-var clientFinishedLabel = []byte("client finished")
-var serverFinishedLabel = []byte("server finished")
-
-func prfAndHashForVersion(version uint16, suite *cipherSuite) (func(result, secret, label, seed []byte), crypto.Hash) {
-	switch version {
-	case VersionSSL30:
-		return prf30, crypto.Hash(0)
-	case VersionTLS10, VersionTLS11:
-		return prf10, crypto.Hash(0)
-	case VersionTLS12:
-		if suite.flags&suiteSHA384 != 0 {
-			return prf12(sha512.New384), crypto.SHA384
-		}
-		return prf12(sha256.New), crypto.SHA256
-	default:
-		panic("unknown version")
-	}
-}
-
-func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) {
-	prf, _ := prfAndHashForVersion(version, suite)
-	return prf
-}
-
-// masterFromPreMasterSecret generates the master secret from the pre-master
-// secret. See http://tools.ietf.org/html/rfc5246#section-8.1
-func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte {
-	seed := make([]byte, 0, len(clientRandom)+len(serverRandom))
-	seed = append(seed, clientRandom...)
-	seed = append(seed, serverRandom...)
-
-	masterSecret := make([]byte, masterSecretLength)
-	prfForVersion(version, suite)(masterSecret, preMasterSecret, masterSecretLabel, seed)
-	return masterSecret
-}
-
-// keysFromMasterSecret generates the connection keys from the master
-// secret, given the lengths of the MAC key, cipher key and IV, as defined in
-// RFC 2246, section 6.3.
-func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) {
-	seed := make([]byte, 0, len(serverRandom)+len(clientRandom))
-	seed = append(seed, serverRandom...)
-	seed = append(seed, clientRandom...)
-
-	n := 2*macLen + 2*keyLen + 2*ivLen
-	keyMaterial := make([]byte, n)
-	prfForVersion(version, suite)(keyMaterial, masterSecret, keyExpansionLabel, seed)
-	clientMAC = keyMaterial[:macLen]
-	keyMaterial = keyMaterial[macLen:]
-	serverMAC = keyMaterial[:macLen]
-	keyMaterial = keyMaterial[macLen:]
-	clientKey = keyMaterial[:keyLen]
-	keyMaterial = keyMaterial[keyLen:]
-	serverKey = keyMaterial[:keyLen]
-	keyMaterial = keyMaterial[keyLen:]
-	clientIV = keyMaterial[:ivLen]
-	keyMaterial = keyMaterial[ivLen:]
-	serverIV = keyMaterial[:ivLen]
-	return
-}
-
-// lookupTLSHash looks up the corresponding crypto.Hash for a given
-// TLS hash identifier.
-func lookupTLSHash(hash uint8) (crypto.Hash, error) {
-	switch hash {
-	case hashSHA1:
-		return crypto.SHA1, nil
-	case hashSHA256:
-		return crypto.SHA256, nil
-	case hashSHA384:
-		return crypto.SHA384, nil
-	default:
-		return 0, errors.New("tls: unsupported hash algorithm")
-	}
-}
-
-func newFinishedHash(version uint16, cipherSuite *cipherSuite) finishedHash {
-	var buffer []byte
-	if version == VersionSSL30 || version >= VersionTLS12 {
-		buffer = []byte{}
-	}
-
-	prf, hash := prfAndHashForVersion(version, cipherSuite)
-	if hash != 0 {
-		return finishedHash{hash.New(), hash.New(), nil, nil, buffer, version, prf}
-	}
-
-	return finishedHash{sha1.New(), sha1.New(), md5.New(), md5.New(), buffer, version, prf}
-}
-
-// A finishedHash calculates the hash of a set of handshake messages suitable
-// for including in a Finished message.
-type finishedHash struct {
-	client hash.Hash
-	server hash.Hash
-
-	// Prior to TLS 1.2, an additional MD5 hash is required.
-	clientMD5 hash.Hash
-	serverMD5 hash.Hash
-
-	// In TLS 1.2, a full buffer is sadly required.
-	buffer []byte
-
-	version uint16
-	prf     func(result, secret, label, seed []byte)
-}
-
-func (h *finishedHash) Write(msg []byte) (n int, err error) {
-	h.client.Write(msg)
-	h.server.Write(msg)
-
-	if h.version < VersionTLS12 {
-		h.clientMD5.Write(msg)
-		h.serverMD5.Write(msg)
-	}
-
-	if h.buffer != nil {
-		h.buffer = append(h.buffer, msg...)
-	}
-
-	return len(msg), nil
-}
-
-func (h finishedHash) Sum() []byte {
-	if h.version >= VersionTLS12 {
-		return h.client.Sum(nil)
-	}
-
-	out := make([]byte, 0, md5.Size+sha1.Size)
-	out = h.clientMD5.Sum(out)
-	return h.client.Sum(out)
-}
-
-// finishedSum30 calculates the contents of the verify_data member of a SSLv3
-// Finished message given the MD5 and SHA1 hashes of a set of handshake
-// messages.
-func finishedSum30(md5, sha1 hash.Hash, masterSecret []byte, magic []byte) []byte {
-	md5.Write(magic)
-	md5.Write(masterSecret)
-	md5.Write(ssl30Pad1[:])
-	md5Digest := md5.Sum(nil)
-
-	md5.Reset()
-	md5.Write(masterSecret)
-	md5.Write(ssl30Pad2[:])
-	md5.Write(md5Digest)
-	md5Digest = md5.Sum(nil)
-
-	sha1.Write(magic)
-	sha1.Write(masterSecret)
-	sha1.Write(ssl30Pad1[:40])
-	sha1Digest := sha1.Sum(nil)
-
-	sha1.Reset()
-	sha1.Write(masterSecret)
-	sha1.Write(ssl30Pad2[:40])
-	sha1.Write(sha1Digest)
-	sha1Digest = sha1.Sum(nil)
-
-	ret := make([]byte, len(md5Digest)+len(sha1Digest))
-	copy(ret, md5Digest)
-	copy(ret[len(md5Digest):], sha1Digest)
-	return ret
-}
-
-var ssl3ClientFinishedMagic = [4]byte{0x43, 0x4c, 0x4e, 0x54}
-var ssl3ServerFinishedMagic = [4]byte{0x53, 0x52, 0x56, 0x52}
-
-// clientSum returns the contents of the verify_data member of a client's
-// Finished message.
-func (h finishedHash) clientSum(masterSecret []byte) []byte {
-	if h.version == VersionSSL30 {
-		return finishedSum30(h.clientMD5, h.client, masterSecret, ssl3ClientFinishedMagic[:])
-	}
-
-	out := make([]byte, finishedVerifyLength)
-	h.prf(out, masterSecret, clientFinishedLabel, h.Sum())
-	return out
-}
-
-// serverSum returns the contents of the verify_data member of a server's
-// Finished message.
-func (h finishedHash) serverSum(masterSecret []byte) []byte {
-	if h.version == VersionSSL30 {
-		return finishedSum30(h.serverMD5, h.server, masterSecret, ssl3ServerFinishedMagic[:])
-	}
-
-	out := make([]byte, finishedVerifyLength)
-	h.prf(out, masterSecret, serverFinishedLabel, h.Sum())
-	return out
-}
-
-// selectClientCertSignatureAlgorithm returns a signatureAndHash to sign a
-// client's CertificateVerify with, or an error if none can be found.
-func (h finishedHash) selectClientCertSignatureAlgorithm(serverList []signatureAndHash, sigType uint8) (signatureAndHash, error) {
-	if h.version < VersionTLS12 {
-		// Nothing to negotiate before TLS 1.2.
-		return signatureAndHash{signature: sigType}, nil
-	}
-
-	for _, v := range serverList {
-		if v.signature == sigType && isSupportedSignatureAndHash(v, supportedSignatureAlgorithms) {
-			return v, nil
-		}
-	}
-	return signatureAndHash{}, errors.New("tls: no supported signature algorithm found for signing client certificate")
-}
-
-// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash
-// id suitable for signing by a TLS client certificate.
-func (h finishedHash) hashForClientCertificate(signatureAndHash signatureAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) {
-	if (h.version == VersionSSL30 || h.version >= VersionTLS12) && h.buffer == nil {
-		panic("a handshake hash for a client-certificate was requested after discarding the handshake buffer")
-	}
-
-	if h.version == VersionSSL30 {
-		if signatureAndHash.signature != signatureRSA {
-			return nil, 0, errors.New("tls: unsupported signature type for client certificate")
-		}
-
-		md5Hash := md5.New()
-		md5Hash.Write(h.buffer)
-		sha1Hash := sha1.New()
-		sha1Hash.Write(h.buffer)
-		return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil
-	}
-	if h.version >= VersionTLS12 {
-		hashAlg, err := lookupTLSHash(signatureAndHash.hash)
-		if err != nil {
-			return nil, 0, err
-		}
-		hash := hashAlg.New()
-		hash.Write(h.buffer)
-		return hash.Sum(nil), hashAlg, nil
-	}
-
-	if signatureAndHash.signature == signatureECDSA {
-		return h.server.Sum(nil), crypto.SHA1, nil
-	}
-
-	return h.Sum(), crypto.MD5SHA1, nil
-}
-
-// discardHandshakeBuffer is called when there is no more need to
-// buffer the entirety of the handshake messages.
-func (h *finishedHash) discardHandshakeBuffer() {
-	h.buffer = nil
-}
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
deleted file mode 100644
index 099cef4b..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA
+++ /dev/null
@@ -1,128 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 4f 5d 09 43 37  |....Y...U..O].C7|
-00000010  70 c6 d9 8b 07 ca 1a f0  fb a7 05 51 53 67 7a 7e  |p..........QSgz~|
-00000020  c9 c6 68 10 10 2a 69 bd  47 db 8e 20 f2 13 5b 26  |..h..*i.G.. ..[&|
-00000030  e6 8e 19 b0 bc b5 ee 1f  ca 44 5d 32 11 37 b0 78  |.........D]2.7.x|
-00000040  49 16 6e c2 44 86 52 3f  9f 05 15 aa c0 09 00 00  |I.n.D.R?........|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  01 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 01 00 b5 0c 00  00 b1 03 00 1d 20 56 b4  |*............ V.|
-00000280  39 d4 8f 18 79 87 89 d0  04 ee 12 54 20 2b be c1  |9...y......T +..|
-00000290  94 99 40 a2 73 df 1e 92  66 0b d1 f1 d6 38 00 8b  |..@.s...f....8..|
-000002a0  30 81 88 02 42 01 38 12  59 bd ea 44 59 f4 6f a9  |0...B.8.Y..DY.o.|
-000002b0  8e 9e a0 85 b5 b3 55 3e  76 49 b7 75 98 6e 81 30  |......U>vI.u.n.0|
-000002c0  c4 73 bd 54 78 39 f7 e2  22 49 4c 93 0d c1 26 89  |.s.Tx9.."IL...&.|
-000002d0  08 b9 9c 8b 86 3e 81 2c  a5 50 7c e9 88 ec c0 ad  |.....>.,.P|.....|
-000002e0  9e e0 40 ac 4e 0a fd 02  42 01 2e 0d 37 73 6a 0d  |..@.N...B...7sj.|
-000002f0  a4 60 08 a0 2b 32 0f 87  8d f8 9b c7 68 cf 50 79  |.`..+2......h.Py|
-00000300  73 f7 cf 93 aa 75 57 20  58 3d 13 c0 f3 66 7d 59  |s....uW X=...f}Y|
-00000310  15 73 d4 29 03 34 df 33  00 c0 b5 71 bc 2a 90 ef  |.s.).4.3...q.*..|
-00000320  3c 02 5e ea 9d 29 93 1c  18 db 04 16 03 01 00 0a  |<.^..)..........|
-00000330  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
-00000340  00 00 00                                          |...|
->>> Flow 3 (client to server)
-00000000  16 03 01 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
-00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
-00000020  d9 17 30 09 06 07 2a 86  48 ce 3d 04 01 30 45 31  |..0...*.H.=..0E1|
-00000030  0b 30 09 06 03 55 04 06  13 02 41 55 31 13 30 11  |.0...U....AU1.0.|
-00000040  06 03 55 04 08 13 0a 53  6f 6d 65 2d 53 74 61 74  |..U....Some-Stat|
-00000050  65 31 21 30 1f 06 03 55  04 0a 13 18 49 6e 74 65  |e1!0...U....Inte|
-00000060  72 6e 65 74 20 57 69 64  67 69 74 73 20 50 74 79  |rnet Widgits Pty|
-00000070  20 4c 74 64 30 1e 17 0d  31 32 31 31 31 34 31 33  | Ltd0...12111413|
-00000080  32 35 35 33 5a 17 0d 32  32 31 31 31 32 31 33 32  |2553Z..221112132|
-00000090  35 35 33 5a 30 41 31 0b  30 09 06 03 55 04 06 13  |553Z0A1.0...U...|
-000000a0  02 41 55 31 0c 30 0a 06  03 55 04 08 13 03 4e 53  |.AU1.0...U....NS|
-000000b0  57 31 10 30 0e 06 03 55  04 07 13 07 50 79 72 6d  |W1.0...U....Pyrm|
-000000c0  6f 6e 74 31 12 30 10 06  03 55 04 03 13 09 4a 6f  |ont1.0...U....Jo|
-000000d0  65 6c 20 53 69 6e 67 30  81 9b 30 10 06 07 2a 86  |el Sing0..0...*.|
-000000e0  48 ce 3d 02 01 06 05 2b  81 04 00 23 03 81 86 00  |H.=....+...#....|
-000000f0  04 00 95 8c 91 75 14 c0  5e c4 57 b4 d4 c3 6f 8d  |.....u..^.W...o.|
-00000100  ae 68 1e dd 6f ce 86 e1  7e 6e b2 48 3e 81 e5 4e  |.h..o...~n.H>..N|
-00000110  e2 c6 88 4b 64 dc f5 30  bb d3 ff 65 cc 5b f4 dd  |...Kd..0...e.[..|
-00000120  b5 6a 3e 3e d0 1d de 47  c3 76 ad 19 f6 45 2c 8c  |.j>>...G.v...E,.|
-00000130  bc d8 1d 01 4c 1f 70 90  46 76 48 8b 8f 83 cc 4a  |....L.p.FvH....J|
-00000140  5c 8f 40 76 da e0 89 ec  1d 2b c4 4e 30 76 28 41  |\.@v.....+.N0v(A|
-00000150  b2 62 a8 fb 5b f1 f9 4e  7a 8d bd 09 b8 ae ea 8b  |.b..[..Nz.......|
-00000160  18 27 4f 2e 70 fe 13 96  ba c3 d3 40 16 cd 65 4e  |.'O.p......@..eN|
-00000170  ac 11 1e e6 f1 30 09 06  07 2a 86 48 ce 3d 04 01  |.....0...*.H.=..|
-00000180  03 81 8c 00 30 81 88 02  42 00 e0 14 c4 60 60 0b  |....0...B....``.|
-00000190  72 68 b0 32 5d 61 4a 02  74 5c c2 81 b9 16 a8 3f  |rh.2]aJ.t\.....?|
-000001a0  29 c8 36 c7 81 ff 6c b6  5b d9 70 f1 38 3b 50 48  |).6...l.[.p.8;PH|
-000001b0  28 94 cb 09 1a 52 f1 5d  ee 8d f2 b9 f0 f0 da d9  |(....R.]........|
-000001c0  15 3a f9 bd 03 7a 87 a2  23 35 ec 02 42 01 a3 d4  |.:...z..#5..B...|
-000001d0  8a 78 35 1c 4a 9a 23 d2  0a be 2b 10 31 9d 9c 5f  |.x5.J.#...+.1.._|
-000001e0  be e8 91 b3 da 1a f5 5d  a3 23 f5 26 8b 45 70 8d  |.......].#.&.Ep.|
-000001f0  65 62 9b 7e 01 99 3d 18  f6 10 9a 38 61 9b 2e 57  |eb.~..=....8a..W|
-00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
-00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
-00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 91 0f 00  |...._X.;t.......|
-00000240  00 8d 00 8b 30 81 88 02  42 01 53 2c a8 59 57 d2  |....0...B.S,.YW.|
-00000250  fc 0b 12 27 6f 9a f7 4e  a0 dd 2c af 1b 4c 81 0b  |...'o..N..,..L..|
-00000260  97 79 7e 6f dd a1 cf cb  e2 14 4d af 76 99 d8 06  |.y~o......M.v...|
-00000270  4f 8d 4f 86 d3 25 04 ea  80 02 ae 25 10 9d 2d 59  |O.O..%.....%..-Y|
-00000280  11 39 65 6b 83 d0 16 7d  bf a8 a4 02 42 01 f2 16  |.9ek...}....B...|
-00000290  6c f1 e6 3b b1 af fb 3f  99 f0 8a e3 c8 62 ba 71  |l..;...?.....b.q|
-000002a0  12 a1 2c 1e 15 74 d5 98  b5 ae 9f 50 a2 15 9b 73  |..,..t.....P...s|
-000002b0  9a 5f 2c 90 d4 9d 20 6f  35 b6 32 3e f4 b7 dd 50  |._,... o5.2>...P|
-000002c0  64 42 e3 4e 51 f3 11 4b  b4 9e a3 92 a2 10 59 14  |dB.NQ..K......Y.|
-000002d0  03 01 00 01 01 16 03 01  00 30 78 8c 7c 31 ce 16  |.........0x.|1..|
-000002e0  8f 1f 2a b9 ee cb 72 7f  1e 59 5b ad c2 58 32 77  |..*...r..Y[..X2w|
-000002f0  fa 46 83 b9 67 0c 5f 41  25 6a 38 ec 20 d2 80 e6  |.F..g._A%j8. ...|
-00000300  be 85 ce 94 b1 89 5f 8d  17 9b                    |......_...|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 95 d6 f2 a2 75  |..........0....u|
-00000010  0e f8 c7 7c f9 1d 65 b4  82 08 c9 62 aa 93 24 8f  |...|..e....b..$.|
-00000020  4d 11 c7 b0 17 04 f1 0a  8b be 64 06 f9 07 20 0b  |M.........d... .|
-00000030  f0 3b 92 db 62 ba 63 91  a1 58 fe                 |.;..b.c..X.|
->>> Flow 5 (client to server)
-00000000  17 03 01 00 20 3e a4 b5  b5 2f 4f c8 e0 08 cf 8a  |.... >.../O.....|
-00000010  9c f6 69 94 a9 91 0f 5d  c5 06 ee 71 e2 42 11 b4  |..i....]...q.B..|
-00000020  a8 17 54 19 3d 17 03 01  00 20 ce d2 8d 8a 78 e4  |..T.=.... ....x.|
-00000030  15 a4 ab 83 0d 9c fa 47  1c 8f 2d 87 a8 55 65 9d  |.......G..-..Ue.|
-00000040  7f 03 75 11 62 83 0b 44  0b f1 15 03 01 00 20 eb  |..u.b..D...... .|
-00000050  1a 46 95 1e 1b 10 b7 25  a8 c4 5b db 8b 3c 61 c9  |.F.....%..[..<a.|
-00000060  25 38 27 1e 69 11 18 16  0a 25 44 ad 9f 52 64     |%8'.i....%D..Rd|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
deleted file mode 100644
index 7e9c2724..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-ECDSA-RSA
+++ /dev/null
@@ -1,132 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 32 7c 5c ac bd  |....Y...U..2|\..|
-00000010  77 70 c2 f8 f0 20 37 e4  e8 45 db be 97 22 e4 f3  |wp... 7..E..."..|
-00000020  24 1c c1 29 8f 02 e1 bc  ba 4a 1e 20 81 6f b5 12  |$..).....J. .o..|
-00000030  c0 9d 9e de 2f b6 04 b2  74 34 da 2b 04 55 2c 4f  |..../...t4.+.U,O|
-00000040  dd 01 8a 30 d9 67 45 9f  f1 31 f1 78 c0 13 00 00  |...0.gE..1.x....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 2f f7 3b 44 1a 47 85  |........ /.;D.G.|
-000002d0  d7 db 40 28 4e 6a f1 2f  1e b5 cc b0 58 0d 92 93  |..@(Nj./....X...|
-000002e0  30 41 65 08 05 f7 51 23  57 00 80 87 0d c3 22 ff  |0Ae...Q#W.....".|
-000002f0  aa d1 3f 55 09 cf 98 dc  91 f8 d0 63 58 da dc 52  |..?U.......cX..R|
-00000300  03 f0 06 a6 4e 7e 5b 96  a1 3b d7 8e 1e 68 50 ef  |....N~[..;...hP.|
-00000310  59 3f 78 06 eb 9a 33 c5  01 3c e0 fb c6 f1 b6 bc  |Y?x...3..<......|
-00000320  5a bc 95 e8 43 d9 ab 36  05 26 13 c5 a6 68 9b e2  |Z...C..6.&...h..|
-00000330  b1 42 6e 89 60 5c b3 91  02 c5 8b ab 53 d1 d9 79  |.Bn.`\......S..y|
-00000340  d0 37 b5 5e 2c 16 72 29  f8 9c d0 4a 46 87 46 f4  |.7.^,.r)...JF.F.|
-00000350  01 2b e8 6a 4f 59 d1 2d  3d de 4b 3b 0e c7 cd 42  |.+.jOY.-=.K;...B|
-00000360  ae d2 94 e9 a6 6b 65 ad  3f 77 57 16 03 01 00 0a  |.....ke.?wW.....|
-00000370  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
-00000380  00 00 00                                          |...|
->>> Flow 3 (client to server)
-00000000  16 03 01 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
-00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
-00000020  d9 17 30 09 06 07 2a 86  48 ce 3d 04 01 30 45 31  |..0...*.H.=..0E1|
-00000030  0b 30 09 06 03 55 04 06  13 02 41 55 31 13 30 11  |.0...U....AU1.0.|
-00000040  06 03 55 04 08 13 0a 53  6f 6d 65 2d 53 74 61 74  |..U....Some-Stat|
-00000050  65 31 21 30 1f 06 03 55  04 0a 13 18 49 6e 74 65  |e1!0...U....Inte|
-00000060  72 6e 65 74 20 57 69 64  67 69 74 73 20 50 74 79  |rnet Widgits Pty|
-00000070  20 4c 74 64 30 1e 17 0d  31 32 31 31 31 34 31 33  | Ltd0...12111413|
-00000080  32 35 35 33 5a 17 0d 32  32 31 31 31 32 31 33 32  |2553Z..221112132|
-00000090  35 35 33 5a 30 41 31 0b  30 09 06 03 55 04 06 13  |553Z0A1.0...U...|
-000000a0  02 41 55 31 0c 30 0a 06  03 55 04 08 13 03 4e 53  |.AU1.0...U....NS|
-000000b0  57 31 10 30 0e 06 03 55  04 07 13 07 50 79 72 6d  |W1.0...U....Pyrm|
-000000c0  6f 6e 74 31 12 30 10 06  03 55 04 03 13 09 4a 6f  |ont1.0...U....Jo|
-000000d0  65 6c 20 53 69 6e 67 30  81 9b 30 10 06 07 2a 86  |el Sing0..0...*.|
-000000e0  48 ce 3d 02 01 06 05 2b  81 04 00 23 03 81 86 00  |H.=....+...#....|
-000000f0  04 00 95 8c 91 75 14 c0  5e c4 57 b4 d4 c3 6f 8d  |.....u..^.W...o.|
-00000100  ae 68 1e dd 6f ce 86 e1  7e 6e b2 48 3e 81 e5 4e  |.h..o...~n.H>..N|
-00000110  e2 c6 88 4b 64 dc f5 30  bb d3 ff 65 cc 5b f4 dd  |...Kd..0...e.[..|
-00000120  b5 6a 3e 3e d0 1d de 47  c3 76 ad 19 f6 45 2c 8c  |.j>>...G.v...E,.|
-00000130  bc d8 1d 01 4c 1f 70 90  46 76 48 8b 8f 83 cc 4a  |....L.p.FvH....J|
-00000140  5c 8f 40 76 da e0 89 ec  1d 2b c4 4e 30 76 28 41  |\.@v.....+.N0v(A|
-00000150  b2 62 a8 fb 5b f1 f9 4e  7a 8d bd 09 b8 ae ea 8b  |.b..[..Nz.......|
-00000160  18 27 4f 2e 70 fe 13 96  ba c3 d3 40 16 cd 65 4e  |.'O.p......@..eN|
-00000170  ac 11 1e e6 f1 30 09 06  07 2a 86 48 ce 3d 04 01  |.....0...*.H.=..|
-00000180  03 81 8c 00 30 81 88 02  42 00 e0 14 c4 60 60 0b  |....0...B....``.|
-00000190  72 68 b0 32 5d 61 4a 02  74 5c c2 81 b9 16 a8 3f  |rh.2]aJ.t\.....?|
-000001a0  29 c8 36 c7 81 ff 6c b6  5b d9 70 f1 38 3b 50 48  |).6...l.[.p.8;PH|
-000001b0  28 94 cb 09 1a 52 f1 5d  ee 8d f2 b9 f0 f0 da d9  |(....R.]........|
-000001c0  15 3a f9 bd 03 7a 87 a2  23 35 ec 02 42 01 a3 d4  |.:...z..#5..B...|
-000001d0  8a 78 35 1c 4a 9a 23 d2  0a be 2b 10 31 9d 9c 5f  |.x5.J.#...+.1.._|
-000001e0  be e8 91 b3 da 1a f5 5d  a3 23 f5 26 8b 45 70 8d  |.......].#.&.Ep.|
-000001f0  65 62 9b 7e 01 99 3d 18  f6 10 9a 38 61 9b 2e 57  |eb.~..=....8a..W|
-00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
-00000210  03 01 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
-00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 01 00 91 0f 00  |...._X.;t.......|
-00000240  00 8d 00 8b 30 81 88 02  42 01 b3 df 59 06 71 e6  |....0...B...Y.q.|
-00000250  74 c9 9d d5 2c b0 a7 f8  1e ac bc f3 5a e2 ed 0b  |t...,.......Z...|
-00000260  f2 e9 37 82 c6 fe 7c 23  b9 63 6e 88 1d 63 31 ad  |..7...|#.cn..c1.|
-00000270  d3 29 48 eb f3 5d 52 f5  76 ab fc 16 9e 09 4f 49  |.)H..]R.v.....OI|
-00000280  cf b4 03 6a ed db e5 13  ea 67 74 02 42 01 8e 2f  |...j.....gt.B../|
-00000290  b8 12 38 c9 a6 8c 77 40  85 89 ef d8 ac 08 00 c0  |..8...w@........|
-000002a0  ee 70 68 a6 88 1f d1 67  0d 1b 7b 1f be e0 a7 b9  |.ph....g..{.....|
-000002b0  c3 7d ff 6a 39 3c b9 aa  f6 78 ac 9a ca 67 55 0c  |.}.j9<...x...gU.|
-000002c0  38 23 cc ab 18 c0 b9 ea  9c 84 61 32 0a 0d f3 14  |8#........a2....|
-000002d0  03 01 00 01 01 16 03 01  00 30 73 12 76 94 30 37  |.........0s.v.07|
-000002e0  e5 e3 30 59 88 2f 5f e9  f2 7b 3d 02 88 65 09 14  |..0Y./_..{=..e..|
-000002f0  68 23 02 d0 ae e5 7f 7f  8d 95 3b 1c 75 f5 1f 24  |h#........;.u..$|
-00000300  43 60 29 bb 0e 69 88 36  a9 68                    |C`)..i.6.h|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 a0 5f 7f 59 e0  |..........0._.Y.|
-00000010  b1 7e ed ad de 6a 47 94  21 e5 1b 77 a7 d0 88 fd  |.~...jG.!..w....|
-00000020  9e 4e 48 87 1d cf 40 e4  b9 38 a3 2e e4 00 c3 94  |.NH...@..8......|
-00000030  95 20 1c 97 d2 a9 3a 11  86 30 5f                 |. ....:..0_|
->>> Flow 5 (client to server)
-00000000  17 03 01 00 20 ca 4c f5  cb 81 66 2f 97 e3 5d 8b  |.... .L...f/..].|
-00000010  dd 7d dd fa fe 8c 98 45  3f 3d 16 17 98 4d b5 15  |.}.....E?=...M..|
-00000020  6c 91 8a 79 7a 17 03 01  00 20 96 ec 30 cb d3 78  |l..yz.... ..0..x|
-00000030  b9 0a a1 ab fd 12 25 d5  82 7b 7a 3c 17 56 7b b7  |......%..{z<.V{.|
-00000040  c4 6e ea a2 5b d7 6b b6  22 a9 15 03 01 00 20 ba  |.n..[.k."..... .|
-00000050  ff fe 2b 60 83 34 ad 45  75 15 d5 95 b3 27 92 46  |..+`.4.Eu....'.F|
-00000060  47 ae f1 d4 a4 9d 63 ef  db d9 b5 37 0f f1 74     |G.....c....7..t|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
deleted file mode 100644
index 67772e17..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-RSA-ECDSA
+++ /dev/null
@@ -1,127 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 ed 13 de 15 cc  |....Y...U.......|
-00000010  90 4f f3 72 5a d4 7a 01  26 fa 7a ae 38 92 a0 d6  |.O.rZ.z.&.z.8...|
-00000020  70 4a 20 f6 7e 11 f7 ac  e6 94 87 20 9f 37 0f 8f  |pJ .~...... .7..|
-00000030  55 a6 6a 97 b8 0f 56 aa  2d 69 c5 79 01 d5 c0 01  |U.j...V.-i.y....|
-00000040  2c 2b 0e 16 d8 79 a3 f3  44 99 7c 01 c0 09 00 00  |,+...y..D.|.....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  01 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 01 00 b4 0c 00  00 b0 03 00 1d 20 ca e8  |*............ ..|
-00000280  ef 79 56 cd aa eb 12 8f  e1 89 d1 3c 63 1f c8 54  |.yV........<c..T|
-00000290  5f 4e cf 6b 72 7d 1c bb  f6 80 ae 17 33 69 00 8a  |_N.kr}......3i..|
-000002a0  30 81 87 02 42 01 d1 45  df fc 46 21 5b 9b 49 f0  |0...B..E..F![.I.|
-000002b0  3c f2 16 65 1e 33 90 d8  be 1d 65 12 2f 46 93 5b  |<..e.3....e./F.[|
-000002c0  e2 14 67 b8 67 9b c1 10  31 a1 96 b8 86 c3 8b 26  |..g.g...1......&|
-000002d0  3f da 5e 86 e7 b1 f9 3f  f1 04 57 ed e6 6f a5 86  |?.^....?..W..o..|
-000002e0  f7 58 38 6e 0d ae 42 02  41 05 1b 07 9b 4c 4d 39  |.X8n..B.A....LM9|
-000002f0  2d 0c 4e d7 94 d6 86 c9  6c b9 4d 54 a2 56 87 12  |-.N.....l.MT.V..|
-00000300  08 ec 4e f1 a4 19 5e 52  69 ed 9f 6c 59 5f 31 0f  |..N...^Ri..lY_1.|
-00000310  8d 33 1f a7 42 e5 56 9d  54 f4 18 9b 33 31 97 b9  |.3..B.V.T...31..|
-00000320  57 55 c9 9f ea 7d f2 9e  24 e0 16 03 01 00 0a 0d  |WU...}..$.......|
-00000330  00 00 06 03 01 02 40 00  00 16 03 01 00 04 0e 00  |......@.........|
-00000340  00 00                                             |..|
->>> Flow 3 (client to server)
-00000000  16 03 01 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
-00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
-00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
-00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
-00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
-00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
-00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
-00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
-00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
-00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
-000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
-000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
-000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
-000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
-000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
-000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
-00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
-00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
-00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
-00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
-00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
-00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
-00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
-00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
-00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
-00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
-000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
-000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
-000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
-000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
-000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
-000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
-00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
-00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 8f  6f 77 5d d5 99 28 0c 7a  |........ow]..(.z|
-00000240  36 f2 50 ec 9a e6 eb 88  ac 45 f7 9b 6f 98 84 ba  |6.P......E..o...|
-00000250  fb 3c b8 d6 54 61 b8 87  25 50 3c 31 5a d2 c1 54  |.<..Ta..%P<1Z..T|
-00000260  e8 ed c3 93 cc 98 b1 c3  d4 84 11 d8 a0 c7 ae 67  |...............g|
-00000270  67 35 6a 0f 93 18 bb 18  52 f8 25 88 1f d2 19 4d  |g5j.....R.%....M|
-00000280  3b 4c f2 0f f7 06 68 57  cf 45 20 e0 57 75 37 e9  |;L....hW.E .Wu7.|
-00000290  cd 86 1f e5 d2 90 1e cf  3a 18 fd 45 bc a1 84 63  |........:..E...c|
-000002a0  36 d8 ac 6b 09 41 da 0a  87 7f ab ce 8e 49 e6 c8  |6..k.A.......I..|
-000002b0  bf fb 2c 3b 7b e9 ae 14  03 01 00 01 01 16 03 01  |..,;{...........|
-000002c0  00 30 7d 65 9c c1 25 e4  85 d7 39 d4 67 cf eb f1  |.0}e..%...9.g...|
-000002d0  b7 c2 4d e6 5d bd 13 74  55 22 f0 8a 7e a6 a2 eb  |..M.]..tU"..~...|
-000002e0  93 cc b7 fa 86 b1 b5 e0  a3 ef ee 56 f0 cd f7 a5  |...........V....|
-000002f0  d8 9e                                             |..|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 ff 13 14 c5 ad  |..........0.....|
-00000010  88 ec a1 cf cc 0d 3f 7b  ec 50 4a 25 69 1f 18 dc  |......?{.PJ%i...|
-00000020  b1 99 1f 3b 78 60 e0 83  c0 cd 9a b3 0d 59 0b f8  |...;x`.......Y..|
-00000030  8a b7 7c 2c b4 2c e4 d0  49 82 82                 |..|,.,..I..|
->>> Flow 5 (client to server)
-00000000  17 03 01 00 20 51 91 74  f6 31 07 15 6b 9e 0b 28  |.... Q.t.1..k..(|
-00000010  02 b8 ec 9d c6 e3 15 24  d3 ea 4b 27 d0 fa 9f c2  |.......$..K'....|
-00000020  c4 8d 37 b3 d9 17 03 01  00 20 7d 97 75 fe de 3f  |..7...... }.u..?|
-00000030  ae ab e6 a8 1d 76 1c 06  9c 02 61 cc f5 1d fe c8  |.....v....a.....|
-00000040  a2 dc ae 97 7f 1c 05 19  e5 14 15 03 01 00 20 4a  |.............. J|
-00000050  bc 45 97 6b 09 8e 47 5f  d5 a0 97 78 79 67 09 8d  |.E.k..G_...xyg..|
-00000060  d3 80 38 58 5c cc ae 8e  d4 67 1d 93 2b 20 79     |..8X\....g..+ y|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-RSA-RSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-RSA-RSA
deleted file mode 100644
index e585894d..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ClientCert-RSA-RSA
+++ /dev/null
@@ -1,131 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 61 6b 2e 41 7f  |....Y...U..ak.A.|
-00000010  af 26 6f a2 8b 63 ee e4  b1 76 19 3a 6d a3 c2 30  |.&o..c...v.:m..0|
-00000020  37 e8 47 c2 90 10 7e e8  c5 b2 eb 20 00 1c 8f 70  |7.G...~.... ...p|
-00000030  0d 15 4a c7 7d ab ca 79  a7 d8 c2 01 62 6e 6f aa  |..J.}..y....bno.|
-00000040  df a2 1c 8f 7c 27 d9 e6  fe e9 c8 ab c0 13 00 00  |....|'..........|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 29 0b ca 37 f3 a1 52  |........ )..7..R|
-000002d0  49 1c 84 9a e4 74 6b 4b  2d 1f e6 e9 83 1d 5d 59  |I....tkK-.....]Y|
-000002e0  5a 2f 09 9f bc a4 30 af  71 00 80 d9 bb 6d 09 a7  |Z/....0.q....m..|
-000002f0  ab 47 6f e8 a6 1a da fb  66 7d a5 f0 c9 c3 24 4c  |.Go.....f}....$L|
-00000300  99 56 c6 29 71 27 08 0b  c1 60 44 cc 6d 42 1b 5e  |.V.)q'...`D.mB.^|
-00000310  cd 9f 82 24 38 23 ec d9  fa 32 49 2f 16 5d d2 9d  |...$8#...2I/.]..|
-00000320  e9 13 4e 66 3d f8 bf 30  2e 8c eb 35 4c e8 81 86  |..Nf=..0...5L...|
-00000330  c0 de c7 0d a9 60 7e 7c  4a c4 1d a0 89 70 de 82  |.....`~|J....p..|
-00000340  1b 37 a0 ea 7f 20 a5 fe  d4 20 1d 6f 1a 84 dd a4  |.7... ... .o....|
-00000350  13 46 18 c6 31 14 81 4b  a4 bb 43 5c c4 49 1c 5a  |.F..1..K..C\.I.Z|
-00000360  8d 12 57 e0 1d 9a b6 cd  f1 39 ff 16 03 01 00 0a  |..W......9......|
-00000370  0d 00 00 06 03 01 02 40  00 00 16 03 01 00 04 0e  |.......@........|
-00000380  00 00 00                                          |...|
->>> Flow 3 (client to server)
-00000000  16 03 01 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
-00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
-00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
-00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
-00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
-00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
-00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
-00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
-00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
-00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
-000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
-000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
-000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
-000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
-000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
-000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
-00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
-00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
-00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
-00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
-00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
-00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
-00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
-00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
-00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
-00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
-000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
-000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
-000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
-000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
-000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
-000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 01 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
-00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
-00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 01 00  |......._X.;t....|
-00000230  86 0f 00 00 82 00 80 12  76 af 25 e4 e7 ff d6 e4  |........v.%.....|
-00000240  27 58 31 0f 6b 1e 84 13  2f d0 60 80 18 c3 f8 c1  |'X1.k.../.`.....|
-00000250  f8 04 39 d4 07 05 d3 96  e2 b2 10 de 1f 68 88 67  |..9..........h.g|
-00000260  1d dd 0a 11 52 9d 16 0e  af 07 de cb f1 7c f4 b4  |....R........|..|
-00000270  5d 0f 4f 43 5b 3c 25 07  32 13 f2 ab 9b 2d d0 a8  |].OC[<%.2....-..|
-00000280  28 90 cb 04 48 c3 43 bd  2b b4 ef b9 7b cd bd d5  |(...H.C.+...{...|
-00000290  bc d1 cc 00 17 46 fa 9b  1f 44 58 b7 6c de 1b 7a  |.....F...DX.l..z|
-000002a0  e0 d7 12 38 a3 09 f8 7a  9b 26 0b ee 37 bc 79 1b  |...8...z.&..7.y.|
-000002b0  51 9f 9a 1f f9 a9 51 14  03 01 00 01 01 16 03 01  |Q.....Q.........|
-000002c0  00 30 97 df fb 79 78 a8  27 fd 2b 68 6b ec 4d 29  |.0...yx.'.+hk.M)|
-000002d0  a1 02 59 ae 18 0b 46 62  af 61 53 2f 95 50 f2 ac  |..Y...Fb.aS/.P..|
-000002e0  c8 c3 5e 78 ca b0 e2 5d  ff d7 1b 9b 00 30 f6 da  |..^x...].....0..|
-000002f0  d7 91                                             |..|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 f9 e9 d7 8c 4a  |..........0....J|
-00000010  6b f4 c9 88 d6 98 70 53  13 fc 51 9c 81 14 cf 71  |k.....pS..Q....q|
-00000020  d9 30 7a d9 2c 34 96 00  a4 a0 2b 1e 7d ff d0 f2  |.0z.,4....+.}...|
-00000030  b7 81 ed 86 c5 e1 09 16  82 47 20                 |.........G |
->>> Flow 5 (client to server)
-00000000  17 03 01 00 20 db b5 66  4e fb b1 47 8a 8e 6b a8  |.... ..fN..G..k.|
-00000010  03 53 1a 51 22 8e 47 a3  3a 74 ed a4 6a aa 79 fd  |.S.Q".G.:t..j.y.|
-00000020  55 0f ac 35 a9 17 03 01  00 20 3e 0b 39 f5 5a 03  |U..5..... >.9.Z.|
-00000030  43 d9 e2 7d 1c dc 3b 42  82 2a 2d d4 04 0a 76 97  |C..}..;B.*-...v.|
-00000040  70 ed ee 99 58 15 40 c1  3a d5 15 03 01 00 20 bf  |p...X.@.:..... .|
-00000050  ea e8 93 67 a4 91 1a b5  f5 03 a5 94 50 95 41 16  |...g........P.A.|
-00000060  b0 2a 74 d9 32 65 94 35  45 b9 0f 2e 80 87 fd     |.*t.2e.5E......|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ECDHE-ECDSA-AES b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ECDHE-ECDSA-AES
deleted file mode 100644
index 529b7cef..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ECDHE-ECDSA-AES
+++ /dev/null
@@ -1,85 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 b0 ec 4b 2e 9e  |....Y...U....K..|
-00000010  19 7d 7b 7e 7c 52 8a d2  2e 8a 97 05 8a c6 ae aa  |.}{~|R..........|
-00000020  c5 62 bd 6f bd 7e fe 6b  c6 9f d4 20 74 db 02 b1  |.b.o.~.k... t...|
-00000030  65 88 41 bb 9a 55 22 f3  01 c4 5c ca 39 86 b1 77  |e.A..U"...\.9..w|
-00000040  c4 b3 45 16 eb 55 d8 15  b8 4d ac 12 c0 09 00 00  |..E..U...M......|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  01 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 01 00 b5 0c 00  00 b1 03 00 1d 20 7d 74  |*............ }t|
-00000280  bf aa a8 b6 c0 1f 78 0c  1a ee c5 b7 56 ff 5c aa  |......x.....V.\.|
-00000290  f4 e3 a5 0c f7 64 31 eb  85 8a c9 bd 05 1b 00 8b  |.....d1.........|
-000002a0  30 81 88 02 42 00 f8 5d  e5 bf 2e 70 79 f4 36 90  |0...B..]...py.6.|
-000002b0  fc 6e 9a cc f1 c4 01 50  8c b9 92 4e bd e0 82 2d  |.n.....P...N...-|
-000002c0  1b ab 30 71 d1 db 76 af  50 75 08 fb cb 50 5b 00  |..0q..v.Pu...P[.|
-000002d0  49 72 f5 d7 d9 44 48 94  ac 1d 8d 2e 50 90 ad a3  |Ir...DH.....P...|
-000002e0  42 2b 5f 57 48 5e 9e 02  42 00 bb 0b 9a d7 25 53  |B+_WH^..B.....%S|
-000002f0  04 5c 58 01 07 8e 3d ee  f5 4f 0b 80 bd 02 07 3e  |.\X...=..O.....>|
-00000300  ff b9 01 ac 7a 49 be 94  fa cf 58 5c 59 91 b5 5d  |....zI....X\Y..]|
-00000310  cc 61 b9 e3 2f 53 7d 3c  3f 41 c5 31 1a 90 fc fa  |.a../S}<?A.1....|
-00000320  f7 0b eb e9 01 17 ab 23  ab 28 63 16 03 01 00 04  |.......#.(c.....|
-00000330  0e 00 00 00                                       |....|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 f5 d0 86  ef 96 7e b9 94 cc 19 62  |....0.....~....b|
-00000040  cc 3a 14 f1 74 a2 0d c8  b9 4c 5d 8a c5 80 60 23  |.:..t....L]...`#|
-00000050  d5 f5 04 06 16 e2 69 ca  4d 99 1b a0 b5 3b 7d 62  |......i.M....;}b|
-00000060  51 62 ee d9 60                                    |Qb..`|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 4d f9 c2 63 4f  |..........0M..cO|
-00000010  98 1b 02 ce df ca d1 15  a2 4f 6f 4c 2c b8 1a 88  |.........OoL,...|
-00000020  11 c9 b3 45 e6 1d cf e8  6b dd 8c 89 c6 1d 0b 66  |...E....k......f|
-00000030  82 d5 1d c6 55 14 1c 56  59 3e 69                 |....U..VY>i|
->>> Flow 5 (client to server)
-00000000  17 03 01 00 20 12 be 42  b4 31 07 55 8e f9 a1 64  |.... ..B.1.U...d|
-00000010  96 70 46 68 3e fd 4e 4f  9c af b3 11 de fc 80 f1  |.pFh>.NO........|
-00000020  c8 11 84 ba ae 17 03 01  00 20 2f f9 ec dd 50 97  |......... /...P.|
-00000030  1e a4 f1 66 fe 28 e3 c1  51 8d c0 f6 c3 d8 b3 ad  |...f.(..Q.......|
-00000040  7d dc a5 98 87 90 34 71  b4 73 15 03 01 00 20 d1  |}.....4q.s.... .|
-00000050  6f 91 91 01 68 c4 11 6a  e5 a2 ed 20 3f 3a 3d b7  |o...h..j... ?:=.|
-00000060  d9 7f c3 b3 29 c3 df 3e  17 69 76 9f 04 f8 58     |....)..>.iv...X|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ECDHE-RSA-AES b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ECDHE-RSA-AES
deleted file mode 100644
index 78947ace..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-ECDHE-RSA-AES
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 59 02 00 00  55 03 01 45 04 14 a2 70  |....Y...U..E...p|
-00000010  3e 1e d9 2c d4 bd f3 e8  9c f3 e0 08 d8 0f 7f 82  |>..,............|
-00000020  2b 07 a0 bd 47 56 a0 e1  06 0d 36 20 fc 0f 5b 85  |+...GV....6 ..[.|
-00000030  8e 17 20 f1 f6 1e 80 c3  79 1a e1 86 c3 ed e9 24  |.. .....y......$|
-00000040  6d bb 24 3c 0c 8d 2c 79  f2 03 27 b0 c0 13 00 00  |m.$<..,y..'.....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  01 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 01 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 85 05 5f e3 a2 b2 12  |........ .._....|
-000002d0  c8 82 53 2b c2 38 e1 a8  08 87 a7 d5 b3 98 6f 81  |..S+.8........o.|
-000002e0  ce 81 6b 78 3e 3a b7 1d  71 00 80 43 81 fb 47 5e  |..kx>:..q..C..G^|
-000002f0  08 16 39 35 d3 c2 f3 ea  bb 2c 7d bc 01 9b 35 5d  |..95.....,}...5]|
-00000300  63 7e c3 38 f3 04 96 eb  d7 3f d1 df 71 97 ec 22  |c~.8.....?..q.."|
-00000310  1b 4a 89 14 4d e5 44 08  87 52 69 ea 28 f8 6a ea  |.J..M.D..Ri.(.j.|
-00000320  3e ff 17 de 4d 20 95 e3  6e 3f af 05 20 9b a3 ac  |>...M ..n?.. ...|
-00000330  70 1b 1c bf f9 52 d6 11  6d d9 85 90 08 4d 64 1f  |p....R..m....Md.|
-00000340  c5 35 34 37 11 b8 44 a3  ef 93 a6 b6 87 58 0b c4  |.547..D......X..|
-00000350  8e 94 d8 67 4d 09 7a 2a  aa 95 db e6 af 29 21 a2  |...gM.z*.....)!.|
-00000360  ee c3 90 ef c6 53 46 12  fb 87 06 16 03 01 00 04  |.....SF.........|
-00000370  0e 00 00 00                                       |....|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 01 00 01 01  |....._X.;t......|
-00000030  16 03 01 00 30 50 f5 a9  34 25 ed a2 fb c8 7f 35  |....0P..4%.....5|
-00000040  08 57 59 da 54 c1 8d 92  ec 23 73 af f3 92 8d 19  |.WY.T....#s.....|
-00000050  03 ce ab 5b eb dc 5b 81  3f 51 a1 20 31 3f 33 da  |...[..[.?Q. 1?3.|
-00000060  27 c5 c3 9c fd                                    |'....|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 b1 61 9b 63 4e  |..........0.a.cN|
-00000010  43 96 80 49 ac 2d 93 7d  b9 f2 bb 81 79 5e 94 bf  |C..I.-.}....y^..|
-00000020  06 d0 a6 14 46 91 cd 90  b0 8a 85 ee fe 41 a7 4d  |....F........A.M|
-00000030  97 d7 4d 40 5e f4 5b bd  d3 0c db                 |..M@^.[....|
->>> Flow 5 (client to server)
-00000000  17 03 01 00 20 49 21 bc  a5 4c 96 41 3f 22 87 0a  |.... I!..L.A?"..|
-00000010  c0 4e 0e 54 cb c2 27 8a  4f b0 37 fb b4 1f c1 4e  |.N.T..'.O.7....N|
-00000020  77 e1 09 57 23 17 03 01  00 20 f0 f0 3b 78 a8 ae  |w..W#.... ..;x..|
-00000030  ef b1 e0 f4 29 0f 90 4a  0f e5 48 34 84 5e 4f d8  |....)..J..H4.^O.|
-00000040  53 46 f8 29 64 2b 8e 87  79 0a 15 03 01 00 20 71  |SF.)d+..y..... q|
-00000050  32 6c 08 2a f7 18 c8 d5  48 a8 c7 d1 68 7a 65 ec  |2l.*....H...hze.|
-00000060  3e fa 4b fe ff 76 1a 57  64 22 61 27 a0 5d b6     |>.K..v.Wd"a'.].|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-RSA-RC4
deleted file mode 100644
index 7ecfbde8..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv10-RSA-RC4
+++ /dev/null
@@ -1,78 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 51 02 00 00  4d 03 01 4c 98 ce a5 80  |....Q...M..L....|
-00000010  84 dc d3 70 de 75 bf 26  5c 15 8b b7 2c 78 30 a7  |...p.u.&\...,x0.|
-00000020  65 1a 0c f7 1a e5 51 91  7c cb ca 20 83 2c 90 3b  |e.....Q.|.. .,.;|
-00000030  cf dd 4e 51 8b 27 98 95  aa d9 1d da 4d 3d e1 18  |..NQ.'......M=..|
-00000040  f5 58 fd 85 c5 ed c9 5f  12 2f 4b b3 00 05 00 00  |.X....._./K.....|
-00000050  05 ff 01 00 01 00 16 03  01 02 59 0b 00 02 55 00  |..........Y...U.|
-00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000080  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000090  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-000000a0  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-000000b0  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000c0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000d0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000e0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000f0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-00000100  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-00000110  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000120  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000130  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000140  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000150  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000160  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000170  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000180  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000190  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-000001a0  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-000001b0  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001c0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001d0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001e0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001f0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-00000200  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-00000210  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000220  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000230  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000240  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000250  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000260  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000270  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000280  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000290  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-000002a0  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-000002b0  3b e9 fa e7 16 03 01 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 86 10 00 00  82 00 80 b9 65 8d bf a7  |............e...|
-00000010  c8 4b 79 ce 6f cb 8b 13  1c ac b9 7d 66 5e e9 ba  |.Ky.o......}f^..|
-00000020  1d 71 4e a9 e9 34 ae f6  64 65 90 3b d8 16 52 a2  |.qN..4..de.;..R.|
-00000030  6f f4 cb 8a 13 74 a2 ee  b7 27 69 b4 41 c0 90 68  |o....t...'i.A..h|
-00000040  bc 02 69 e1 c6 48 4f 39  36 30 25 ca 4c 17 ce 83  |..i..HO960%.L...|
-00000050  9e 08 56 e3 05 49 93 9e  2e c4 fb e6 c8 01 f1 0f  |..V..I..........|
-00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
-00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
-00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 01 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 01 00 24 0e 4d  ff 2c 39 80 ba a5 96 18  |.....$.M.,9.....|
-000000a0  56 15 94 9f e2 1e 7d 13  62 51 d5 e1 05 f8 d8 b3  |V.....}.bQ......|
-000000b0  bd 77 58 38 95 b4 7d 37  66 8a                    |.wX8..}7f.|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 24 dc 6f da 57 0d  |..........$.o.W.|
-00000010  f8 b8 aa d5 e5 0a 2e 81  ed 2a b7 f8 0e 2a f1 05  |.........*...*..|
-00000020  76 8d 4f b0 0e db 16 c5  d7 c8 5e f9 fb 9e e0     |v.O.......^....|
->>> Flow 5 (client to server)
-00000000  17 03 01 00 1a 47 97 4d  e6 59 d4 2f bb 60 56 69  |.....G.M.Y./.`Vi|
-00000010  d8 bc 8d 91 44 7c cd 85  7e c5 18 5f 57 8e 08 15  |....D|..~.._W...|
-00000020  03 01 00 16 f7 79 56 72  e6 77 8d af 94 55 d7 0e  |.....yVr.w...U..|
-00000030  96 c8 3b 35 52 ea f7 e7  b8 d6                    |..;5R.....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-ECDHE-ECDSA-AES b/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-ECDHE-ECDSA-AES
deleted file mode 100644
index 5232ad57..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-ECDHE-ECDSA-AES
+++ /dev/null
@@ -1,87 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 02 00 59 02 00 00  55 03 02 30 f8 f6 b2 af  |....Y...U..0....|
-00000010  99 b0 e0 f6 9a eb 47 6f  2f ad 2f 45 18 56 b3 dd  |......Go/./E.V..|
-00000020  b6 b9 20 fb af 97 43 1f  0e 51 c0 20 fe 6c 12 64  |.. ...C..Q. .l.d|
-00000030  8e cc a4 24 d6 e6 80 cf  f2 9e 74 3f a7 1e 8b da  |...$......t?....|
-00000040  0e 3c 58 74 f4 8f be 1f  60 86 57 c6 c0 09 00 00  |.<Xt....`.W.....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  02 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 02 00 b3 0c 00  00 af 03 00 1d 20 4b 2d  |*............ K-|
-00000280  60 48 54 b4 48 42 10 de  e1 98 f0 fb 73 d9 49 16  |`HT.HB......s.I.|
-00000290  3e a2 11 b3 84 50 de 26  00 09 d8 36 34 04 00 89  |>....P.&...64...|
-000002a0  30 81 86 02 41 24 90 6f  3e 1a 2c a5 7f 08 dc b2  |0...A$.o>.,.....|
-000002b0  d3 46 27 5e cb 1f 2a 6d  92 ba 1b fe e3 c5 64 79  |.F'^..*m......dy|
-000002c0  31 50 8c 43 4b b1 ee 0d  6f 53 ad 6f e9 db 86 e7  |1P.CK...oS.o....|
-000002d0  1f e3 77 f1 8d a8 ab 81  2a d6 fa e7 98 d5 bc 0d  |..w.....*.......|
-000002e0  ec af ea 84 c4 f8 02 41  6a d2 66 32 e1 d7 46 1a  |.......Aj.f2..F.|
-000002f0  95 5a 91 c3 76 82 20 c2  a3 a2 32 f5 fd eb a2 0e  |.Z..v. ...2.....|
-00000300  0f d8 a9 31 7a ef a8 05  6c 5d bf 27 d0 2d 94 ca  |...1z...l].'.-..|
-00000310  fb d6 62 7a 1c 6a 46 20  fe ed a6 60 a3 db b1 bd  |..bz.jF ...`....|
-00000320  11 82 05 c3 db 0c 4a 2d  6c 16 03 02 00 04 0e 00  |......J-l.......|
-00000330  00 00                                             |..|
->>> Flow 3 (client to server)
-00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
-00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 22 71 28  3d 07 73 61 5e 84 72 36  |....."q(=.sa^.r6|
-00000050  c0 87 37 4a 5b c2 d9 40  96 a2 01 20 b2 04 23 2f  |..7J[..@... ..#/|
-00000060  c1 6f 1e 7c a1 77 20 0f  87 46 98 a2 5c aa 35 37  |.o.|.w ..F..\.57|
-00000070  37 87 5a 75 33                                    |7.Zu3|
->>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 21 b5 1f 8d 4b  |..........@!...K|
-00000010  1c a7 28 4e 73 3e d7 c5  75 6e eb e4 b3 95 02 4e  |..(Ns>..un.....N|
-00000020  a3 47 03 44 97 69 c9 89  f5 ac e2 29 5e 22 e7 2c  |.G.D.i.....)^".,|
-00000030  a2 2d e3 ac 64 45 ae 9d  07 9e fe f8 c6 85 47 4d  |.-..dE........GM|
-00000040  59 be 72 8d e6 50 da c7  83 91 14                 |Y.r..P.....|
->>> Flow 5 (client to server)
-00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 57 45 25  4c 1b 90 d3 28 e1 69 43  |.....WE%L...(.iC|
-00000020  c5 28 d9 d5 15 35 cf 41  bb 38 f2 12 c6 18 a5 a2  |.(...5.A.8......|
-00000030  f5 e4 64 1d 59 15 03 02  00 30 00 00 00 00 00 00  |..d.Y....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 35 06 5f e3 ff e7  |..........5._...|
-00000050  f0 f1 0c d5 b1 59 42 80  19 8d 67 1b 18 18 5c 18  |.....YB...g...\.|
-00000060  42 38 67 85 c3 ab e2 dc  60 d4                    |B8g.....`.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-ECDHE-RSA-AES b/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-ECDHE-RSA-AES
deleted file mode 100644
index 48ff7bce..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-ECDHE-RSA-AES
+++ /dev/null
@@ -1,91 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 02 00 59 02 00 00  55 03 02 10 ca d9 1b 83  |....Y...U.......|
-00000010  59 c8 a5 a5 6a 89 65 6e  1c 0a 49 98 69 05 49 27  |Y...j.en..I.i.I'|
-00000020  96 72 74 5f 6e 5b 66 26  3b fd f8 20 23 b5 d6 c5  |.rt_n[f&;.. #...|
-00000030  09 f1 66 02 27 5c 5a 15  17 83 c5 11 a4 32 cf d8  |..f.'\Z......2..|
-00000040  1e a0 e7 93 83 35 6e aa  61 ae 97 77 c0 13 00 00  |.....5n.a..w....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  02 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 02 00  |.=.`.\!.;.......|
-000002c0  aa 0c 00 00 a6 03 00 1d  20 97 a4 91 6b cd ca 44  |........ ...k..D|
-000002d0  7e ac fd a5 b1 c0 ce 88  07 f3 a2 d9 93 2b a8 d9  |~............+..|
-000002e0  0b 65 0b 47 c0 2e 4f 3b  26 00 80 00 18 01 a1 29  |.e.G..O;&......)|
-000002f0  0b 84 c9 09 5e 8c 58 5f  62 b6 22 8b 94 6e 72 26  |....^.X_b."..nr&|
-00000300  44 27 32 b9 22 12 67 58  34 a1 ce 6f 87 19 a0 5c  |D'2.".gX4..o...\|
-00000310  5d 58 dc 91 fb c7 e6 31  33 76 6d 1f 8e 4f 46 55  |]X.....13vm..OFU|
-00000320  f1 08 57 9b bb fe 8d c7  6c 0b cd 8b ad b7 51 28  |..W.....l.....Q(|
-00000330  f8 5b 75 97 fe a0 d4 a1  2e 9a d3 d5 45 62 f8 19  |.[u.........Eb..|
-00000340  f6 73 d0 f6 6d e8 43 49  a2 f5 71 66 c5 29 1a 99  |.s..m.CI..qf.)..|
-00000350  e6 c0 cc f9 a5 cd a5 b7  58 08 4d cc 17 46 91 4c  |........X.M..F.L|
-00000360  29 99 b4 05 78 af e7 b0  d1 2d 38 16 03 02 00 04  |)...x....-8.....|
-00000370  0e 00 00 00                                       |....|
->>> Flow 3 (client to server)
-00000000  16 03 02 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 02 00 01 01  |....._X.;t......|
-00000030  16 03 02 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 f2 fb 8f  ab ae 46 f2 6a 18 1b 77  |..........F.j..w|
-00000050  f3 ce 0c b6 83 9c d6 34  54 82 76 db 5c 79 5d cf  |.......4T.v.\y].|
-00000060  24 f3 26 6d 9d f0 af d3  fc e0 96 69 0a 04 f7 ba  |$.&m.......i....|
-00000070  78 54 af 37 a5                                    |xT.7.|
->>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 40 e7 d9 0e af 0c  |..........@.....|
-00000010  06 55 85 ab b0 0a 5e d9  11 81 7a 53 c0 f6 3f 84  |.U....^...zS..?.|
-00000020  06 7d 9c 20 05 e9 0d 1d  df 9b 48 11 d9 df 0c e6  |.}. ......H.....|
-00000030  6b c2 a8 8f f4 d9 e8 8e  f6 1a 3e db 7c e5 97 ac  |k.........>.|...|
-00000040  5d 63 08 b2 3a 54 91 62  fc 2e a5                 |]c..:T.b...|
->>> Flow 5 (client to server)
-00000000  17 03 02 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 3f ef e9  bc 10 07 75 99 67 8f 99  |.....?.....u.g..|
-00000020  bb c0 15 94 86 a2 80 cc  15 97 54 f8 4e 1a d1 9a  |..........T.N...|
-00000030  33 80 aa da ec 15 03 02  00 30 00 00 00 00 00 00  |3........0......|
-00000040  00 00 00 00 00 00 00 00  00 00 6f 78 7b d2 80 62  |..........ox{..b|
-00000050  5c cf 34 d6 5a 72 d8 63  95 24 c6 ff 69 d0 6d 90  |\.4.Zr.c.$..i.m.|
-00000060  8d a2 9f 37 e8 7b b1 d4  68 04                    |...7.{..h.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-RSA-RC4
deleted file mode 100644
index 2e9c49e2..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv11-RSA-RC4
+++ /dev/null
@@ -1,78 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 02 00 51 02 00 00  4d 03 02 36 8f 18 79 0f  |....Q...M..6..y.|
-00000010  99 6b 3d 1d f4 19 aa ff  79 7c 50 15 52 db 9d c5  |.k=.....y|P.R...|
-00000020  62 40 2d 5b de 45 0c 66  b1 cb be 20 9e 00 c3 00  |b@-[.E.f... ....|
-00000030  22 2f b5 c6 79 c1 f7 72  8f 4b 94 f4 ac fe a9 53  |"/..y..r.K.....S|
-00000040  97 4e fb 00 df 34 b6 24  8f ff 89 db 00 05 00 00  |.N...4.$........|
-00000050  05 ff 01 00 01 00 16 03  02 02 59 0b 00 02 55 00  |..........Y...U.|
-00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000080  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000090  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-000000a0  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-000000b0  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000c0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000d0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000e0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000f0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-00000100  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-00000110  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000120  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000130  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000140  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000150  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000160  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000170  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000180  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000190  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-000001a0  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-000001b0  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001c0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001d0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001e0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001f0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-00000200  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-00000210  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000220  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000230  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000240  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000250  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000260  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000270  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000280  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000290  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-000002a0  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-000002b0  3b e9 fa e7 16 03 02 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 02 00 86 10 00 00  82 00 80 b9 65 8d bf a7  |............e...|
-00000010  c8 4b 79 ce 6f cb 8b 13  1c ac b9 7d 66 5e e9 ba  |.Ky.o......}f^..|
-00000020  1d 71 4e a9 e9 34 ae f6  64 65 90 3b d8 16 52 a2  |.qN..4..de.;..R.|
-00000030  6f f4 cb 8a 13 74 a2 ee  b7 27 69 b4 41 c0 90 68  |o....t...'i.A..h|
-00000040  bc 02 69 e1 c6 48 4f 39  36 30 25 ca 4c 17 ce 83  |..i..HO960%.L...|
-00000050  9e 08 56 e3 05 49 93 9e  2e c4 fb e6 c8 01 f1 0f  |..V..I..........|
-00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
-00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
-00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 02 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 02 00 24 92 fa  9a bb 9b a3 39 3f 6b 0c  |.....$......9?k.|
-000000a0  70 b5 48 4a fc cf 79 86  c7 90 e8 db ca 6a ff 95  |p.HJ..y......j..|
-000000b0  11 9b 65 b2 07 61 00 a8  dc 14                    |..e..a....|
->>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 24 47 d5 78 31 32  |..........$G.x12|
-00000010  db db 2b f4 2f e6 a4 fa  fa 04 31 ba c0 bc 86 38  |..+./.....1....8|
-00000020  29 70 53 c6 8c 28 e5 75  90 ed 0f 4f 3e cb 06     |)pS..(.u...O>..|
->>> Flow 5 (client to server)
-00000000  17 03 02 00 1a f3 e7 6c  01 c5 70 c6 69 dd 4f 40  |.......l..p.i.O@|
-00000010  38 c1 b2 d2 28 69 2f 99  b1 bd 71 d0 c2 00 08 15  |8...(i/...q.....|
-00000020  03 02 00 16 4c 44 14 02  8e 46 f8 84 40 f1 3d 6d  |....LD...F..@.=m|
-00000030  f2 01 f6 9d 7a 0b 18 ee  9d 41                    |....z....A|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES128-GCM-SHA256 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES128-GCM-SHA256
deleted file mode 100644
index c20dcc65..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES128-GCM-SHA256
+++ /dev/null
@@ -1,80 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 51 02 00 00  4d 03 03 65 9c b1 7a 5c  |....Q...M..e..z\|
-00000010  84 e5 a5 12 ba 54 1f 4c  ec 95 0b 8f ea 5c cc 3b  |.....T.L.....\.;|
-00000020  de b8 18 23 8e c4 95 59  d7 7f 8f 20 36 fe ec 27  |...#...Y... 6..'|
-00000030  10 85 43 fb 9c 68 3f 69  d0 08 a6 57 10 a6 29 a4  |..C..h?i...W..).|
-00000040  f6 0c 2e 05 6e 0d e5 44  61 e1 2e 07 00 9c 00 00  |....n..Da.......|
-00000050  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000080  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000090  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-000000a0  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-000000b0  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000c0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000d0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000e0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000f0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-00000100  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-00000110  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000120  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000130  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000140  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000150  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000160  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000170  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000180  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000190  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-000001a0  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-000001b0  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001c0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001d0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001e0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001f0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-00000200  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-00000210  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000220  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000230  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000240  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000250  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000260  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000270  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000280  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000290  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-000002a0  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-000002b0  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 b9 65 8d bf a7  |............e...|
-00000010  c8 4b 79 ce 6f cb 8b 13  1c ac b9 7d 66 5e e9 ba  |.Ky.o......}f^..|
-00000020  1d 71 4e a9 e9 34 ae f6  64 65 90 3b d8 16 52 a2  |.qN..4..de.;..R.|
-00000030  6f f4 cb 8a 13 74 a2 ee  b7 27 69 b4 41 c0 90 68  |o....t...'i.A..h|
-00000040  bc 02 69 e1 c6 48 4f 39  36 30 25 ca 4c 17 ce 83  |..i..HO960%.L...|
-00000050  9e 08 56 e3 05 49 93 9e  2e c4 fb e6 c8 01 f1 0f  |..V..I..........|
-00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
-00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
-00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 97 f1  |.....(..........|
-000000a0  fe 34 f7 de 76 9b 56 27  e6 9f 36 48 30 a6 de 78  |.4..v.V'..6H0..x|
-000000b0  10 6a ef bf 92 8a 6e 99  21 2f 1b 7b 48 80        |.j....n.!/.{H.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 23 9d a2 ae a1  |..........(#....|
-00000010  7d dd 92 1f 42 18 68 f6  fb 31 56 7b e4 58 a4 e9  |}...B.h..1V{.X..|
-00000020  c2 1c e7 67 1b 40 b1 b9  63 9d 05 fb c7 44 9e f6  |...g.@..c....D..|
-00000030  7a 14 bb                                          |z..|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 d7 31 70  |..............1p|
-00000010  c8 11 3f bd 83 fc 6e f8  3b e0 ee 45 c5 1a c8 41  |..?...n.;..E...A|
-00000020  80 22 d4 15 03 03 00 1a  00 00 00 00 00 00 00 02  |."..............|
-00000030  7a fe 3a 11 7c c0 26 30  55 24 85 0b 43 cb 7c ac  |z.:.|.&0U$..C.|.|
-00000040  ef 2c                                             |.,|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES128-SHA256 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES128-SHA256
deleted file mode 100644
index 774481e8..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES128-SHA256
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 51 02 00 00  4d 03 03 26 31 ba 4a 56  |....Q...M..&1.JV|
-00000010  16 83 15 47 b9 c4 7e 10  ca 92 31 4d 77 af cc cd  |...G..~...1Mw...|
-00000020  70 f4 cc 82 6e b9 ac 1b  0d 17 25 20 e9 08 ec 95  |p...n.....% ....|
-00000030  ea 84 a4 bd 8f 9d 8e d3  58 a7 5e 72 42 e4 19 8f  |........X.^rB...|
-00000040  46 c3 d9 be 16 3c d4 53  5a 02 8f a1 00 3c 00 00  |F....<.SZ....<..|
-00000050  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000080  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000090  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-000000a0  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-000000b0  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000c0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000d0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000e0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000f0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-00000100  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-00000110  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000120  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000130  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000140  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000150  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000160  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000170  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000180  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000190  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-000001a0  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-000001b0  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001c0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001d0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001e0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001f0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-00000200  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-00000210  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000220  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000230  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000240  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000250  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000260  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000270  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000280  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000290  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-000002a0  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-000002b0  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 b9 65 8d bf a7  |............e...|
-00000010  c8 4b 79 ce 6f cb 8b 13  1c ac b9 7d 66 5e e9 ba  |.Ky.o......}f^..|
-00000020  1d 71 4e a9 e9 34 ae f6  64 65 90 3b d8 16 52 a2  |.qN..4..de.;..R.|
-00000030  6f f4 cb 8a 13 74 a2 ee  b7 27 69 b4 41 c0 90 68  |o....t...'i.A..h|
-00000040  bc 02 69 e1 c6 48 4f 39  36 30 25 ca 4c 17 ce 83  |..i..HO960%.L...|
-00000050  9e 08 56 e3 05 49 93 9e  2e c4 fb e6 c8 01 f1 0f  |..V..I..........|
-00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
-00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
-00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 50 00 00  00 00 00 00 00 00 00 00  |.....P..........|
-000000a0  00 00 00 00 00 00 46 91  40 e2 65 40 fe 42 c3 34  |......F.@.e@.B.4|
-000000b0  98 65 89 d0 96 7e 7b 67  8e c4 d5 e6 37 f5 96 04  |.e...~{g....7...|
-000000c0  b7 c8 63 83 76 5c ca 9d  89 18 d4 97 8b 3f f6 75  |..c.v\.......?.u|
-000000d0  1d 51 0b b9 90 1c 85 8f  83 20 9e 9a 21 d9 db 14  |.Q....... ..!...|
-000000e0  1e 02 d4 ab aa c4                                 |......|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 6d 34 72 de 79  |..........Pm4r.y|
-00000010  ad 96 d0 92 5f d7 01 de  90 f4 5d 0f de 02 ae 19  |...._.....].....|
-00000020  61 a3 ee 29 ab 18 f1 09  2e 5b bc e0 73 9a 68 19  |a..).....[..s.h.|
-00000030  17 dd c8 d9 63 b4 28 c8  da 1a 81 40 ca d3 5a 99  |....c.(....@..Z.|
-00000040  17 67 fe e9 dd 1a 52 c4  6e 70 0a 0e cf e8 c0 f8  |.g....R.np......|
-00000050  6c 1f ee d2 70 97 dc ee  b8 95 35                 |l...p.....5|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 ee 03 cc  04 97 17 f0 04 85 02 b7  |................|
-00000020  5c 24 ca 9f c2 25 e0 76  f4 72 e5 71 2b ac f4 a5  |\$...%.v.r.q+...|
-00000030  c4 62 08 9a da b7 ab 30  2f 34 b0 70 20 a3 b9 b3  |.b.....0/4.p ...|
-00000040  df 90 9b 01 0b 15 03 03  00 40 00 00 00 00 00 00  |.........@......|
-00000050  00 00 00 00 00 00 00 00  00 00 3b ca fc 0e 08 f2  |..........;.....|
-00000060  c8 b7 22 61 43 24 b3 54  1b ca 58 c6 bd 27 f3 3d  |.."aC$.T..X..'.=|
-00000070  ac a0 d8 fe 0e b5 15 7c  1f 98 32 f0 6b 28 bc 61  |.......|..2.k(.a|
-00000080  6c c7 ba 66 54 19 92 a9  6f 43                    |l..fT...oC|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES256-GCM-SHA384 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES256-GCM-SHA384
deleted file mode 100644
index 6d267463..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-AES256-GCM-SHA384
+++ /dev/null
@@ -1,80 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 51 02 00 00  4d 03 03 98 b0 4a 9a c8  |....Q...M....J..|
-00000010  8f f9 1f f9 70 03 d9 1a  ee 7c 29 30 6a 71 7c 6c  |....p....|)0jq|l|
-00000020  ea 2c de 84 f9 ee 4d 2c  d7 58 12 20 a4 e2 1b f3  |.,....M,.X. ....|
-00000030  42 b8 9a 0b 71 8c 27 57  61 98 c5 c5 1b 04 01 5b  |B...q.'Wa......[|
-00000040  a0 bc 88 64 d9 ce 5a a1  b2 7b 6c 4e 00 9d 00 00  |...d..Z..{lN....|
-00000050  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000080  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000090  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-000000a0  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-000000b0  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000c0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000d0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000e0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000f0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-00000100  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-00000110  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000120  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000130  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000140  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000150  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000160  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000170  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000180  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000190  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-000001a0  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-000001b0  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001c0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001d0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001e0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001f0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-00000200  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-00000210  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000220  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000230  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000240  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000250  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000260  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000270  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000280  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000290  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-000002a0  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-000002b0  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 b9 65 8d bf a7  |............e...|
-00000010  c8 4b 79 ce 6f cb 8b 13  1c ac b9 7d 66 5e e9 ba  |.Ky.o......}f^..|
-00000020  1d 71 4e a9 e9 34 ae f6  64 65 90 3b d8 16 52 a2  |.qN..4..de.;..R.|
-00000030  6f f4 cb 8a 13 74 a2 ee  b7 27 69 b4 41 c0 90 68  |o....t...'i.A..h|
-00000040  bc 02 69 e1 c6 48 4f 39  36 30 25 ca 4c 17 ce 83  |..i..HO960%.L...|
-00000050  9e 08 56 e3 05 49 93 9e  2e c4 fb e6 c8 01 f1 0f  |..V..I..........|
-00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
-00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
-00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 28 00 00  00 00 00 00 00 00 57 97  |.....(........W.|
-000000a0  64 ef 80 07 b0 31 02 c8  2a a2 b7 1f d6 a3 7c 7a  |d....1..*.....|z|
-000000b0  e9 c4 e1 55 9f 0a ef 0d  8f 0a 57 13 f5 a4        |...U......W...|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 42 49 9c 67 4f  |..........(BI.gO|
-00000010  36 75 b8 34 0e ee 00 98  1a ba 52 d5 96 7b 91 d7  |6u.4......R..{..|
-00000020  ba ec e4 5e 2e 42 e3 72  a0 ea 60 24 31 30 3d a2  |...^.B.r..`$10=.|
-00000030  c5 6c 8f                                          |.l.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 42 9f da  |.............B..|
-00000010  a1 e6 98 48 a8 6c 78 a0  f7 fd e7 0f bc df 97 ef  |...H.lx.........|
-00000020  b8 62 4c 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.bL.............|
-00000030  99 ac 35 a4 d9 1f 58 26  51 c6 6a b9 1f 53 ec 19  |..5...X&Q.j..S..|
-00000040  90 78                                             |.x|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ALPN b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ALPN
deleted file mode 100644
index 9f90ff26..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ALPN
+++ /dev/null
@@ -1,86 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 a9 01 00 00  a5 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 50 33 74  |.............P3t|
-00000060  00 00 00 05 00 05 01 00  00 00 00 00 0a 00 0a 00  |................|
-00000070  08 00 1d 00 17 00 18 00  19 00 0b 00 02 01 00 00  |................|
-00000080  0d 00 0e 00 0c 04 01 04  03 05 01 05 03 02 01 02  |................|
-00000090  03 ff 01 00 01 00 00 10  00 10 00 0e 06 70 72 6f  |.............pro|
-000000a0  74 6f 32 06 70 72 6f 74  6f 31 00 12 00 00        |to2.proto1....|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 66 02 00 00  62 03 03 8d 70 c6 03 ad  |....f...b...p...|
-00000010  2f 20 b3 c2 ab e0 fc 80  74 c4 23 9e 82 65 61 a1  |/ ......t.#..ea.|
-00000020  26 97 14 a0 9b 9c d5 e0  92 43 ee 20 ec 84 cf 78  |&........C. ...x|
-00000030  44 16 7d f3 ad 94 a9 f8  c3 e0 c6 e1 b6 c5 e3 3d  |D.}............=|
-00000040  77 ea 76 1d 58 cc 94 3a  ad 1a 1a 6c cc a8 00 00  |w.v.X..:...l....|
-00000050  1a ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 10  |................|
-00000060  00 09 00 07 06 70 72 6f  74 6f 31 16 03 03 02 59  |.....proto1....Y|
-00000070  0b 00 02 55 00 02 52 00  02 4f 30 82 02 4b 30 82  |...U..R..O0..K0.|
-00000080  01 b4 a0 03 02 01 02 02  09 00 e8 f0 9d 3f e2 5b  |.............?.[|
-00000090  ea a6 30 0d 06 09 2a 86  48 86 f7 0d 01 01 0b 05  |..0...*.H.......|
-000000a0  00 30 1f 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |.0.1.0...U....Go|
-000000b0  31 10 30 0e 06 03 55 04  03 13 07 47 6f 20 52 6f  |1.0...U....Go Ro|
-000000c0  6f 74 30 1e 17 0d 31 36  30 31 30 31 30 30 30 30  |ot0...1601010000|
-000000d0  30 30 5a 17 0d 32 35 30  31 30 31 30 30 30 30 30  |00Z..25010100000|
-000000e0  30 5a 30 1a 31 0b 30 09  06 03 55 04 0a 13 02 47  |0Z0.1.0...U....G|
-000000f0  6f 31 0b 30 09 06 03 55  04 03 13 02 47 6f 30 81  |o1.0...U....Go0.|
-00000100  9f 30 0d 06 09 2a 86 48  86 f7 0d 01 01 01 05 00  |.0...*.H........|
-00000110  03 81 8d 00 30 81 89 02  81 81 00 db 46 7d 93 2e  |....0.......F}..|
-00000120  12 27 06 48 bc 06 28 21  ab 7e c4 b6 a2 5d fe 1e  |.'.H..(!.~...]..|
-00000130  52 45 88 7a 36 47 a5 08  0d 92 42 5b c2 81 c0 be  |RE.z6G....B[....|
-00000140  97 79 98 40 fb 4f 6d 14  fd 2b 13 8b c2 a5 2e 67  |.y.@.Om..+.....g|
-00000150  d8 d4 09 9e d6 22 38 b7  4a 0b 74 73 2b c2 34 f1  |....."8.J.ts+.4.|
-00000160  d1 93 e5 96 d9 74 7b f3  58 9f 6c 61 3c c0 b0 41  |.....t{.X.la<..A|
-00000170  d4 d9 2b 2b 24 23 77 5b  1c 3b bd 75 5d ce 20 54  |..++$#w[.;.u]. T|
-00000180  cf a1 63 87 1d 1e 24 c4  f3 1d 1a 50 8b aa b6 14  |..c...$....P....|
-00000190  43 ed 97 a7 75 62 f4 14  c8 52 d7 02 03 01 00 01  |C...ub...R......|
-000001a0  a3 81 93 30 81 90 30 0e  06 03 55 1d 0f 01 01 ff  |...0..0...U.....|
-000001b0  04 04 03 02 05 a0 30 1d  06 03 55 1d 25 04 16 30  |......0...U.%..0|
-000001c0  14 06 08 2b 06 01 05 05  07 03 01 06 08 2b 06 01  |...+.........+..|
-000001d0  05 05 07 03 02 30 0c 06  03 55 1d 13 01 01 ff 04  |.....0...U......|
-000001e0  02 30 00 30 19 06 03 55  1d 0e 04 12 04 10 9f 91  |.0.0...U........|
-000001f0  16 1f 43 43 3e 49 a6 de  6d b6 80 d7 9f 60 30 1b  |..CC>I..m....`0.|
-00000200  06 03 55 1d 23 04 14 30  12 80 10 48 13 49 4d 13  |..U.#..0...H.IM.|
-00000210  7e 16 31 bb a3 01 d5 ac  ab 6e 7b 30 19 06 03 55  |~.1......n{0...U|
-00000220  1d 11 04 12 30 10 82 0e  65 78 61 6d 70 6c 65 2e  |....0...example.|
-00000230  67 6f 6c 61 6e 67 30 0d  06 09 2a 86 48 86 f7 0d  |golang0...*.H...|
-00000240  01 01 0b 05 00 03 81 81  00 9d 30 cc 40 2b 5b 50  |..........0.@+[P|
-00000250  a0 61 cb ba e5 53 58 e1  ed 83 28 a9 58 1a a9 38  |.a...SX...(.X..8|
-00000260  a4 95 a1 ac 31 5a 1a 84  66 3d 43 d3 2d d9 0b f2  |....1Z..f=C.-...|
-00000270  97 df d3 20 64 38 92 24  3a 00 bc cf 9c 7d b7 40  |... d8.$:....}.@|
-00000280  20 01 5f aa d3 16 61 09  a2 76 fd 13 c3 cc e1 0c  | ._...a..v......|
-00000290  5c ee b1 87 82 f1 6c 04  ed 73 bb b3 43 77 8d 0c  |\.....l..s..Cw..|
-000002a0  1c f1 0f a1 d8 40 83 61  c9 4c 72 2b 9d ae db 46  |.....@.a.Lr+...F|
-000002b0  06 06 4d f4 c1 b3 3e c0  d1 bd 42 d4 db fe 3d 13  |..M...>...B...=.|
-000002c0  60 84 5c 21 d3 3b e9 fa  e7 16 03 03 00 ac 0c 00  |`.\!.;..........|
-000002d0  00 a8 03 00 1d 20 84 de  31 92 b6 a5 d8 a4 88 a2  |..... ..1.......|
-000002e0  54 67 e6 61 40 f2 5a 87  0f ce 15 b1 d6 af f3 5d  |Tg.a@.Z........]|
-000002f0  99 71 d6 04 f5 52 04 01  00 80 a8 1d 8b 8c e9 a3  |.q...R..........|
-00000300  af 2d 31 e4 0f f0 26 74  c2 e5 1b ae ac 47 9c 6e  |.-1...&t.....G.n|
-00000310  6c 5f 45 7d b1 b3 2a af  36 68 42 13 95 0d 33 1c  |l_E}..*.6hB...3.|
-00000320  8d 6c 72 48 4a 94 f0 fb  82 20 cc 76 21 7f 62 e7  |.lrHJ.... .v!.b.|
-00000330  23 a3 c8 4e 3a ce f1 5c  c3 60 73 26 59 4c 94 f3  |#..N:..\.`s&YL..|
-00000340  07 36 f6 a0 b3 60 03 d5  72 1e bf c8 d9 1d 61 01  |.6...`..r.....a.|
-00000350  9a 18 57 a3 b4 de 36 1f  e1 7d dc 69 c0 fb c0 71  |..W...6..}.i...q|
-00000360  45 1f 73 0d 50 69 d3 18  97 23 60 1c 5a 9a 93 b4  |E.s.Pi...#`.Z...|
-00000370  67 cc e5 80 3b 25 d0 6c  50 c8 16 03 03 00 04 0e  |g...;%.lP.......|
-00000380  00 00 00                                          |...|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 5c c5 3e  7a 14 97 1b 55 88 25 08  |.... \.>z...U.%.|
-00000040  ad 86 48 ac f0 43 8c 17  5b 58 93 6c 7a 95 69 a8  |..H..C..[X.lz.i.|
-00000050  ad 0c b3 61 4d                                    |...aM|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 dd 1b 80 da d9  |.......... .....|
-00000010  73 da 7d 15 9b 92 82 01  a7 8f fe 4a 75 97 8f f4  |s.}........Ju...|
-00000020  64 1b bf cf c3 40 78 f2  52 f5 7a                 |d....@x.R.z|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 4e fa 7c  37 80 48 19 a6 03 25 7c  |.....N.|7.H...%||
-00000010  65 56 43 af 9a e8 e2 aa  e5 79 98 15 03 03 00 12  |eVC......y......|
-00000020  f9 b7 01 e8 2e 85 33 89  60 44 84 93 26 4c ec ac  |......3.`D..&L..|
-00000030  2e 6f                                             |.o|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ALPN-NoMatch b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ALPN-NoMatch
deleted file mode 100644
index 62e7d11b..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ALPN-NoMatch
+++ /dev/null
@@ -1,91 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 9c 01 00 00  98 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 28 c0 2f  |.............(./|
-00000030  c0 2b c0 30 c0 2c c0 27  c0 13 c0 23 c0 09 c0 14  |.+.0.,.'...#....|
-00000040  c0 0a 00 9c 00 9d 00 3c  00 2f 00 35 c0 12 00 0a  |.......<./.5....|
-00000050  00 05 c0 11 c0 07 01 00  00 47 33 74 00 00 00 05  |.........G3t....|
-00000060  00 05 01 00 00 00 00 00  0a 00 08 00 06 00 17 00  |................|
-00000070  18 00 19 00 0b 00 02 01  00 00 0d 00 0e 00 0c 04  |................|
-00000080  01 04 03 05 01 05 03 02  01 02 03 ff 01 00 01 00  |................|
-00000090  00 10 00 09 00 07 06 70  72 6f 74 6f 33 00 12 00  |.......proto3...|
-000000a0  00                                                |.|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 36 0e 9f 51 42  |....Y...U..6..QB|
-00000010  82 65 fa b5 17 7a 86 d6  40 33 a9 67 d3 3d aa 2f  |.e...z..@3.g.=./|
-00000020  89 a0 39 82 af 16 30 8e  64 80 d4 20 23 a6 d0 12  |..9...0.d.. #...|
-00000030  ff 8c fc b4 b5 47 ec 10  fe ba 73 fb 0f ab e8 1c  |.....G....s.....|
-00000040  15 c1 fb 11 c1 b2 e1 8a  f7 5d 5b ad c0 2f 00 00  |.........][../..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  cd 0c 00 00 c9 03 00 17  41 04 11 b4 a9 10 7e 5c  |........A.....~\|
-000002d0  41 5e 39 12 15 a3 ed 5b  3e 5d 68 c8 ad 48 39 ef  |A^9....[>]h..H9.|
-000002e0  09 8b b1 a7 bf db 5f 54  49 cd d5 de 4d b3 47 4c  |......_TI...M.GL|
-000002f0  18 02 84 7c ec 75 4e d0  3e 8a d1 6c 80 83 98 64  |...|.uN.>..l...d|
-00000300  4a 81 bc 8f 84 c7 e5 b4  2d fa 04 01 00 80 72 ee  |J.......-.....r.|
-00000310  41 38 f2 b8 a1 56 81 d8  04 78 75 05 f4 78 5f f2  |A8...V...xu..x_.|
-00000320  2b 5d a2 46 23 9d 48 c8  63 a9 1d de a8 78 6e 99  |+].F#.H.c....xn.|
-00000330  cd 59 6b 19 20 f5 b1 11  e1 f8 1c 5b 40 c3 b8 cd  |.Yk. ......[@...|
-00000340  66 a3 98 37 c5 c2 5c b7  d6 cc 61 b4 5e 97 fa dd  |f..7..\...a.^...|
-00000350  b7 85 5d b6 34 8c 39 4a  60 5a 03 20 47 7f e3 65  |..].4.9J`Z. G..e|
-00000360  01 18 00 2c c3 eb be d4  aa 58 57 a9 5e 69 fb 3c  |...,.....XW.^i.<|
-00000370  fa c6 28 1a 5c f7 00 d5  21 e5 c1 30 db 84 38 c3  |..(.\...!..0..8.|
-00000380  08 aa 08 5f c9 fd a0 b7  8e d0 66 77 bf 13 16 03  |..._......fw....|
-00000390  03 00 04 0e 00 00 00                              |.......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 46 10 00 00  42 41 04 1e 18 37 ef 0d  |....F...BA...7..|
-00000010  19 51 88 35 75 71 b5 e5  54 5b 12 2e 8f 09 67 fd  |.Q.5uq..T[....g.|
-00000020  a7 24 20 3e b2 56 1c ce  97 28 5e f8 2b 2d 4f 9e  |.$ >.V...(^.+-O.|
-00000030  f1 07 9f 6c 4b 5b 83 56  e2 32 42 e9 58 b6 d7 49  |...lK[.V.2B.X..I|
-00000040  a6 b5 68 1a 41 03 56 6b  dc 5a 89 14 03 03 00 01  |..h.A.Vk.Z......|
-00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 4f 7e  |.....(........O~|
-00000060  9a 3a cc 74 a4 91 77 01  0b 0e 28 0a c5 bd 55 b7  |.:.t..w...(...U.|
-00000070  9a 4c 40 4e e9 c9 46 d5  5f c5 e1 77 c3 f2        |.L@N..F._..w..|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 62 4b 13 ef 22  |..........(bK.."|
-00000010  f9 a8 8d ec 42 3a 36 80  5d a8 5b e9 60 d1 ba 65  |....B:6.].[.`..e|
-00000020  2b d8 37 64 e5 12 b2 ef  84 75 87 0c 0f 3d 35 6e  |+.7d.....u...=5n|
-00000030  59 7c 51                                          |Y|Q|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 5f cd 4d  |............._.M|
-00000010  7b a7 c0 f9 6c 1f 80 93  cf 55 3b 12 c7 21 12 86  |{...l....U;..!..|
-00000020  f6 b1 52 15 03 03 00 1a  00 00 00 00 00 00 00 02  |..R.............|
-00000030  fd 31 a4 4b d1 e9 f0 e0  18 b5 96 28 f7 b4 0c 29  |.1.K.......(...)|
-00000040  8c 0c                                             |..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
deleted file mode 100644
index 336e10da..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA
+++ /dev/null
@@ -1,132 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 cf 28 2c 3e 4f  |....Y...U...(,>O|
-00000010  da 6b ae 24 74 a9 91 c3  c5 55 4b ab ec 07 f8 cd  |.k.$t....UK.....|
-00000020  65 f8 fe 08 f6 9a 23 da  99 6c 5d 20 af 4a 1e 32  |e.....#..l] .J.2|
-00000030  7b bd 3c 0b b1 14 66 a3  b7 2f a4 2a c3 43 c4 e0  |{.<...f../.*.C..|
-00000040  c2 ad 78 b1 28 ab 51 06  1b 87 d2 75 c0 09 00 00  |..x.(.Q....u....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b7 0c 00  00 b3 03 00 1d 20 18 6f  |*............ .o|
-00000280  77 a5 2b 27 2c 52 fc 6c  8a 34 41 1c a8 c6 4f 90  |w.+',R.l.4A...O.|
-00000290  a9 4b b7 e0 39 8b b1 f5  a6 15 4b 94 e8 2c 04 03  |.K..9.....K..,..|
-000002a0  00 8b 30 81 88 02 42 00  dc 3a 14 a2 38 32 c1 40  |..0...B..:..82.@|
-000002b0  98 83 17 94 e9 2a 0d 95  c3 59 d6 76 94 c2 3e a0  |.....*...Y.v..>.|
-000002c0  f7 e0 5d 64 47 5a d1 d9  ed d2 1c 6b 13 3e e7 83  |..]dGZ.....k.>..|
-000002d0  6e bb 53 33 03 7d 69 c6  8f 9d 98 d7 96 9c 73 e3  |n.S3.}i.......s.|
-000002e0  12 bd 69 1f b1 d3 f4 25  d7 02 42 01 11 6d c8 53  |..i....%..B..m.S|
-000002f0  9b bf f4 db ff 8a 00 82  93 f7 b5 bf c9 bb cd ec  |................|
-00000300  64 f8 d9 6d 36 0d f8 db  ce 9d 65 a0 5e 5a e0 13  |d..m6.....e.^Z..|
-00000310  ec 08 73 2c 3f 8c c6 5b  08 cc 0f 4a 7d 6b 5e 89  |..s,?..[...J}k^.|
-00000320  bf 4a 4e db 51 5a 9f 51  3e 9d 9a c5 84 16 03 03  |.JN.QZ.Q>.......|
-00000330  00 2a 0d 00 00 26 03 01  02 40 00 1e 06 01 06 02  |.*...&...@......|
-00000340  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000350  03 02 03 03 02 01 02 02  02 03 00 00 16 03 03 00  |................|
-00000360  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
-00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
-00000020  d9 17 30 09 06 07 2a 86  48 ce 3d 04 01 30 45 31  |..0...*.H.=..0E1|
-00000030  0b 30 09 06 03 55 04 06  13 02 41 55 31 13 30 11  |.0...U....AU1.0.|
-00000040  06 03 55 04 08 13 0a 53  6f 6d 65 2d 53 74 61 74  |..U....Some-Stat|
-00000050  65 31 21 30 1f 06 03 55  04 0a 13 18 49 6e 74 65  |e1!0...U....Inte|
-00000060  72 6e 65 74 20 57 69 64  67 69 74 73 20 50 74 79  |rnet Widgits Pty|
-00000070  20 4c 74 64 30 1e 17 0d  31 32 31 31 31 34 31 33  | Ltd0...12111413|
-00000080  32 35 35 33 5a 17 0d 32  32 31 31 31 32 31 33 32  |2553Z..221112132|
-00000090  35 35 33 5a 30 41 31 0b  30 09 06 03 55 04 06 13  |553Z0A1.0...U...|
-000000a0  02 41 55 31 0c 30 0a 06  03 55 04 08 13 03 4e 53  |.AU1.0...U....NS|
-000000b0  57 31 10 30 0e 06 03 55  04 07 13 07 50 79 72 6d  |W1.0...U....Pyrm|
-000000c0  6f 6e 74 31 12 30 10 06  03 55 04 03 13 09 4a 6f  |ont1.0...U....Jo|
-000000d0  65 6c 20 53 69 6e 67 30  81 9b 30 10 06 07 2a 86  |el Sing0..0...*.|
-000000e0  48 ce 3d 02 01 06 05 2b  81 04 00 23 03 81 86 00  |H.=....+...#....|
-000000f0  04 00 95 8c 91 75 14 c0  5e c4 57 b4 d4 c3 6f 8d  |.....u..^.W...o.|
-00000100  ae 68 1e dd 6f ce 86 e1  7e 6e b2 48 3e 81 e5 4e  |.h..o...~n.H>..N|
-00000110  e2 c6 88 4b 64 dc f5 30  bb d3 ff 65 cc 5b f4 dd  |...Kd..0...e.[..|
-00000120  b5 6a 3e 3e d0 1d de 47  c3 76 ad 19 f6 45 2c 8c  |.j>>...G.v...E,.|
-00000130  bc d8 1d 01 4c 1f 70 90  46 76 48 8b 8f 83 cc 4a  |....L.p.FvH....J|
-00000140  5c 8f 40 76 da e0 89 ec  1d 2b c4 4e 30 76 28 41  |\.@v.....+.N0v(A|
-00000150  b2 62 a8 fb 5b f1 f9 4e  7a 8d bd 09 b8 ae ea 8b  |.b..[..Nz.......|
-00000160  18 27 4f 2e 70 fe 13 96  ba c3 d3 40 16 cd 65 4e  |.'O.p......@..eN|
-00000170  ac 11 1e e6 f1 30 09 06  07 2a 86 48 ce 3d 04 01  |.....0...*.H.=..|
-00000180  03 81 8c 00 30 81 88 02  42 00 e0 14 c4 60 60 0b  |....0...B....``.|
-00000190  72 68 b0 32 5d 61 4a 02  74 5c c2 81 b9 16 a8 3f  |rh.2]aJ.t\.....?|
-000001a0  29 c8 36 c7 81 ff 6c b6  5b d9 70 f1 38 3b 50 48  |).6...l.[.p.8;PH|
-000001b0  28 94 cb 09 1a 52 f1 5d  ee 8d f2 b9 f0 f0 da d9  |(....R.]........|
-000001c0  15 3a f9 bd 03 7a 87 a2  23 35 ec 02 42 01 a3 d4  |.:...z..#5..B...|
-000001d0  8a 78 35 1c 4a 9a 23 d2  0a be 2b 10 31 9d 9c 5f  |.x5.J.#...+.1.._|
-000001e0  be e8 91 b3 da 1a f5 5d  a3 23 f5 26 8b 45 70 8d  |.......].#.&.Ep.|
-000001f0  65 62 9b 7e 01 99 3d 18  f6 10 9a 38 61 9b 2e 57  |eb.~..=....8a..W|
-00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
-00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
-00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 93 0f 00  |...._X.;t.......|
-00000240  00 8f 05 03 00 8b 30 81  88 02 42 01 32 6d 32 38  |......0...B.2m28|
-00000250  d6 bd 1b b6 c5 80 f2 ea  60 b8 bf 3f b6 76 68 1b  |........`..?.vh.|
-00000260  66 fb 5d 69 0b 25 09 7f  2d 73 ad 7e cd 98 cb b5  |f.]i.%..-s.~....|
-00000270  93 4e 4f 1c 4e 3f a1 39  cf a0 70 a6 3d 29 36 27  |.NO.N?.9..p.=)6'|
-00000280  51 e0 55 95 11 df 00 88  6c 38 d6 de 36 02 42 01  |Q.U.....l8..6.B.|
-00000290  67 50 81 90 a7 ae b5 e2  34 75 81 41 c2 71 8d 0c  |gP......4u.A.q..|
-000002a0  9a 20 e7 33 af 0e 61 48  85 51 a1 f7 90 17 d1 ad  |. .3..aH.Q......|
-000002b0  b3 e1 cf 3e 12 fc ce 39  16 a8 78 3b 69 0d 79 76  |...>...9..x;i.yv|
-000002c0  03 17 75 c2 a0 63 5e dc  0a a7 c9 aa 15 2a 83 65  |..u..c^......*.e|
-000002d0  df 14 03 03 00 01 01 16  03 03 00 40 00 00 00 00  |...........@....|
-000002e0  00 00 00 00 00 00 00 00  00 00 00 00 27 da 48 f6  |............'.H.|
-000002f0  d3 00 98 b9 a6 b7 41 0b  eb e6 d1 d7 82 9a 0c 59  |......A........Y|
-00000300  8a 42 1c 99 59 af da a7  5b 88 ab b6 7d 01 bc 0f  |.B..Y...[...}...|
-00000310  45 08 c4 05 0d 2a 4a 83  bf eb b1 b6              |E....*J.....|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 73 7c e6 43 b9  |..........@s|.C.|
-00000010  47 85 1c 50 f1 cb a1 29  79 02 dd 13 85 2a d9 a2  |G..P...)y....*..|
-00000020  07 50 e4 80 c4 7e 66 ee  f2 1a 21 1d cd e4 ff 4a  |.P...~f...!....J|
-00000030  a4 61 9d b4 a1 26 88 72  20 2b 06 77 c3 8b 3b 21  |.a...&.r +.w..;!|
-00000040  53 33 02 3d a2 06 77 3b  a5 a6 0b                 |S3.=..w;...|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 1a 45 68  03 9b f0 42 e4 21 5e d8  |......Eh...B.!^.|
-00000020  98 d6 46 67 2b 93 80 92  1f 91 60 a3 05 04 1c a0  |..Fg+.....`.....|
-00000030  1b a9 ce 45 03 15 03 03  00 30 00 00 00 00 00 00  |...E.....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 6b 23 42 c8 5c 29  |..........k#B.\)|
-00000050  f5 1f 7c d5 80 c4 9f 6f  12 77 95 71 8f 82 f9 63  |..|....o.w.q...c|
-00000060  07 2c 6d ed 6d c6 4f 90  50 a3                    |.,m.m.O.P.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
deleted file mode 100644
index fb6c940a..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
+++ /dev/null
@@ -1,132 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 2e d2 1c 3f f8  |....Y...U.....?.|
-00000010  3a dc be 78 0b fa 03 00  e0 9a b9 62 34 45 f8 34  |:..x.......b4E.4|
-00000020  54 21 4c c0 76 a6 e1 5a  a1 67 c2 20 1b 98 25 34  |T!L.v..Z.g. ..%4|
-00000030  79 ac 59 b5 39 c8 93 10  a9 ea 9d 25 3d 2c d8 69  |y.Y.9......%=,.i|
-00000040  da d8 33 75 ef 44 4c 76  92 2b 3b b4 c0 2f 00 00  |..3u.DLv.+;../..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 06 be 1b 0b d8 95 59  |........ ......Y|
-000002d0  b2 13 1c 4a 06 b8 36 3e  4f 98 3f 81 11 3e 7d 21  |...J..6>O.?..>}!|
-000002e0  fa d9 f0 db 1b 41 4a d0  14 04 01 00 80 ca 57 f5  |.....AJ.......W.|
-000002f0  e7 b6 72 7e 3f b0 67 f2  a2 d0 84 d5 7f 7d 83 ff  |..r~?.g......}..|
-00000300  92 73 4f 19 f7 94 b6 d7  95 f4 1b 56 2a fc fa 24  |.sO........V*..$|
-00000310  3e fe 00 65 52 76 c8 30  8a bf ae fe b5 c9 f2 47  |>..eRv.0.......G|
-00000320  0a 71 ad c1 6a 61 8c b5  ab 59 09 12 92 b2 b4 ad  |.q..ja...Y......|
-00000330  cb cc ac c4 30 e9 a4 8a  82 4e 2e d6 1d 16 46 dd  |....0....N....F.|
-00000340  60 37 50 b8 ae 83 c1 e6  1d ba 8c c7 18 f7 5e d7  |`7P...........^.|
-00000350  23 e5 8a 14 ba e4 8e a1  77 8a b6 41 03 61 8a 25  |#.......w..A.a.%|
-00000360  8a 27 f8 cb 2e 4a e0 07  aa bf 03 32 98 16 03 03  |.'...J.....2....|
-00000370  00 2a 0d 00 00 26 03 01  02 40 00 1e 06 01 06 02  |.*...&...@......|
-00000380  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000390  03 02 03 03 02 01 02 02  02 03 00 00 16 03 03 00  |................|
-000003a0  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
-00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
-00000020  d9 17 30 09 06 07 2a 86  48 ce 3d 04 01 30 45 31  |..0...*.H.=..0E1|
-00000030  0b 30 09 06 03 55 04 06  13 02 41 55 31 13 30 11  |.0...U....AU1.0.|
-00000040  06 03 55 04 08 13 0a 53  6f 6d 65 2d 53 74 61 74  |..U....Some-Stat|
-00000050  65 31 21 30 1f 06 03 55  04 0a 13 18 49 6e 74 65  |e1!0...U....Inte|
-00000060  72 6e 65 74 20 57 69 64  67 69 74 73 20 50 74 79  |rnet Widgits Pty|
-00000070  20 4c 74 64 30 1e 17 0d  31 32 31 31 31 34 31 33  | Ltd0...12111413|
-00000080  32 35 35 33 5a 17 0d 32  32 31 31 31 32 31 33 32  |2553Z..221112132|
-00000090  35 35 33 5a 30 41 31 0b  30 09 06 03 55 04 06 13  |553Z0A1.0...U...|
-000000a0  02 41 55 31 0c 30 0a 06  03 55 04 08 13 03 4e 53  |.AU1.0...U....NS|
-000000b0  57 31 10 30 0e 06 03 55  04 07 13 07 50 79 72 6d  |W1.0...U....Pyrm|
-000000c0  6f 6e 74 31 12 30 10 06  03 55 04 03 13 09 4a 6f  |ont1.0...U....Jo|
-000000d0  65 6c 20 53 69 6e 67 30  81 9b 30 10 06 07 2a 86  |el Sing0..0...*.|
-000000e0  48 ce 3d 02 01 06 05 2b  81 04 00 23 03 81 86 00  |H.=....+...#....|
-000000f0  04 00 95 8c 91 75 14 c0  5e c4 57 b4 d4 c3 6f 8d  |.....u..^.W...o.|
-00000100  ae 68 1e dd 6f ce 86 e1  7e 6e b2 48 3e 81 e5 4e  |.h..o...~n.H>..N|
-00000110  e2 c6 88 4b 64 dc f5 30  bb d3 ff 65 cc 5b f4 dd  |...Kd..0...e.[..|
-00000120  b5 6a 3e 3e d0 1d de 47  c3 76 ad 19 f6 45 2c 8c  |.j>>...G.v...E,.|
-00000130  bc d8 1d 01 4c 1f 70 90  46 76 48 8b 8f 83 cc 4a  |....L.p.FvH....J|
-00000140  5c 8f 40 76 da e0 89 ec  1d 2b c4 4e 30 76 28 41  |\.@v.....+.N0v(A|
-00000150  b2 62 a8 fb 5b f1 f9 4e  7a 8d bd 09 b8 ae ea 8b  |.b..[..Nz.......|
-00000160  18 27 4f 2e 70 fe 13 96  ba c3 d3 40 16 cd 65 4e  |.'O.p......@..eN|
-00000170  ac 11 1e e6 f1 30 09 06  07 2a 86 48 ce 3d 04 01  |.....0...*.H.=..|
-00000180  03 81 8c 00 30 81 88 02  42 00 e0 14 c4 60 60 0b  |....0...B....``.|
-00000190  72 68 b0 32 5d 61 4a 02  74 5c c2 81 b9 16 a8 3f  |rh.2]aJ.t\.....?|
-000001a0  29 c8 36 c7 81 ff 6c b6  5b d9 70 f1 38 3b 50 48  |).6...l.[.p.8;PH|
-000001b0  28 94 cb 09 1a 52 f1 5d  ee 8d f2 b9 f0 f0 da d9  |(....R.]........|
-000001c0  15 3a f9 bd 03 7a 87 a2  23 35 ec 02 42 01 a3 d4  |.:...z..#5..B...|
-000001d0  8a 78 35 1c 4a 9a 23 d2  0a be 2b 10 31 9d 9c 5f  |.x5.J.#...+.1.._|
-000001e0  be e8 91 b3 da 1a f5 5d  a3 23 f5 26 8b 45 70 8d  |.......].#.&.Ep.|
-000001f0  65 62 9b 7e 01 99 3d 18  f6 10 9a 38 61 9b 2e 57  |eb.~..=....8a..W|
-00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
-00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
-00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 92 0f 00  |...._X.;t.......|
-00000240  00 8e 05 03 00 8a 30 81  87 02 41 19 c6 1e f0 f4  |......0...A.....|
-00000250  ca 79 d7 8c 36 0f 56 9a  9d 07 55 31 fe 63 f1 ec  |.y..6.V...U1.c..|
-00000260  20 80 6f 12 ed 7f bb c0  87 0a 0d 68 81 89 bd 8b  | .o........h....|
-00000270  19 04 5e c0 19 8a d2 0f  6d 71 83 59 ee a7 be be  |..^.....mq.Y....|
-00000280  1d bb 2f 12 53 9b ca 58  0e a6 8d ae 02 42 00 d0  |../.S..X.....B..|
-00000290  4c 69 75 30 86 d1 da 73  1b 8e 3e e1 82 9b f3 58  |Liu0...s..>....X|
-000002a0  8f 6d 0a 10 86 72 5f 90  17 d1 ac 34 8a b5 60 d0  |.m...r_....4..`.|
-000002b0  b8 54 0f 05 7f cd 6a c0  62 b5 04 d9 3a 98 95 b6  |.T....j.b...:...|
-000002c0  b3 00 1d 94 6e 79 35 57  d2 78 a4 7a 4a 45 89 d1  |....ny5W.x.zJE..|
-000002d0  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-000002e0  00 00 00 cf b5 3c cf 0a  b7 6b 51 cb fe 06 4c df  |.....<...kQ...L.|
-000002f0  2c 79 a6 5e a8 75 8b 4c  44 7b ae ff 64 d7 67 dc  |,y.^.u.LD{..d.g.|
-00000300  af ef 54                                          |..T|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 1c 12 5e 29 ba  |..........(..^).|
-00000010  34 b3 d8 ae f7 2a 83 0d  3e 21 ec 91 c9 fa 7f d1  |4....*..>!......|
-00000020  42 7e 8d d9 e5 ed 4e f9  ae 95 66 27 85 cc 44 2d  |B~....N...f'..D-|
-00000030  cd a3 26                                          |..&|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 8b 4c 36  |..............L6|
-00000010  6f b8 69 16 0a 40 67 05  5e a8 e6 48 cc ad 7b 29  |o.i..@g.^..H..{)|
-00000020  95 3d 02 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.=..............|
-00000030  58 e3 b5 8e 30 e7 5d 02  cd e5 c0 11 95 3a ef a9  |X...0.]......:..|
-00000040  d7 86                                             |..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
deleted file mode 100644
index 17fc8f8e..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
+++ /dev/null
@@ -1,130 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 31 df 35 e4 36  |....Y...U..1.5.6|
-00000010  c5 f1 b4 9f e7 5d fa e1  e0 23 04 54 bd 2b fb ab  |.....]...#.T.+..|
-00000020  a2 37 8f 35 eb 79 47 e6  f8 2b cb 20 ba d8 db 26  |.7.5.yG..+. ...&|
-00000030  ce 6b 4a e9 1e 0c 46 9f  4d 85 cb d7 b0 e2 3d 20  |.kJ...F.M.....= |
-00000040  58 43 83 37 e1 53 ac 3b  d9 b3 fd 0a c0 30 00 00  |XC.7.S.;.....0..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 9a 18 f9 2e 33 f7 bb  |........ ....3..|
-000002d0  ca 60 0b 51 ad 5c 01 e2  61 82 0b 3f 09 8f 78 9d  |.`.Q.\..a..?..x.|
-000002e0  3b 11 8b e0 4a 35 2e d5  54 04 01 00 80 90 94 0e  |;...J5..T.......|
-000002f0  bf 3a b7 95 d3 58 cc 65  c3 79 5e 1e bb d9 21 56  |.:...X.e.y^...!V|
-00000300  06 93 6c 2b 6e 26 55 ee  26 c3 02 44 7e db 35 9b  |..l+n&U.&..D~.5.|
-00000310  d4 d4 1a a0 65 35 41 a4  6c ce de 1f 94 ff b4 1b  |....e5A.l.......|
-00000320  1e 9c 28 0b 4c 8d 55 d0  d8 be f1 df e0 d1 1a b5  |..(.L.U.........|
-00000330  c8 be 2c 5a 2c c3 3f ea  4f e6 d5 b4 6b e1 ff eb  |..,Z,.?.O...k...|
-00000340  f3 f3 40 54 d5 62 1f a0  fc b2 34 66 ee c5 27 a6  |..@T.b....4f..'.|
-00000350  2b 2a b9 5d 3f 36 28 eb  39 99 25 e5 04 d2 18 13  |+*.]?6(.9.%.....|
-00000360  3c 23 93 d0 04 37 85 b0  4d 6e 9b 32 9a 16 03 03  |<#...7..Mn.2....|
-00000370  00 2a 0d 00 00 26 03 01  02 40 00 1e 06 01 06 02  |.*...&...@......|
-00000380  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000390  03 02 03 03 02 01 02 02  02 03 00 00 16 03 03 00  |................|
-000003a0  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
-00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
-00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
-00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
-00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
-00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
-00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
-00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
-00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
-00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
-000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
-000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
-000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
-000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
-000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
-000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
-00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
-00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
-00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
-00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
-00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
-00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
-00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
-00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
-00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
-00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
-000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
-000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
-000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
-000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
-000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
-000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
-00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
-00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 05 01 00  80 ad f7 ff a0 cb d0 6e  |...............n|
-00000240  8f 19 0c 40 2a 1f bb dd  11 52 81 84 f1 7b 3f cf  |...@*....R...{?.|
-00000250  75 72 83 a4 4c 0a 9c 70  95 98 d5 51 a2 28 0c 8c  |ur..L..p...Q.(..|
-00000260  20 08 d7 2a a5 3e 0c cf  6c a2 1d 32 bd cc a1 b4  | ..*.>..l..2....|
-00000270  61 e0 6d 9a 61 16 03 5c  7a b8 fa 15 ea cd e4 de  |a.m.a..\z.......|
-00000280  d6 16 93 b2 e0 d2 55 b9  03 e0 67 04 27 64 8c e2  |......U...g.'d..|
-00000290  01 ee 8f f7 59 3e 12 16  51 f2 07 20 fe 03 e2 3e  |....Y>..Q.. ...>|
-000002a0  09 1f 96 24 c5 73 0e 69  ac 57 ff 43 2b 6a c6 20  |...$.s.i.W.C+j. |
-000002b0  2f e4 ef 7e bc b3 38 57  06 14 03 03 00 01 01 16  |/..~..8W........|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 fd 71 f5 ca  |...(.........q..|
-000002d0  91 26 67 54 a5 e6 f3 06  c8 40 24 9d a9 bd b1 9a  |.&gT.....@$.....|
-000002e0  63 c4 c2 53 56 ba af c0  16 bc 06 5c              |c..SV......\|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 92 8f bd c5 97  |..........(.....|
-00000010  94 76 70 f4 0a f9 9a 79  69 31 27 0e c0 c5 0b 3c  |.vp....yi1'....<|
-00000020  9f 4f c2 2f cb 6c 56 62  80 3b e5 72 6a 05 9e 4b  |.O./.lVb.;.rj..K|
-00000030  34 b9 66                                          |4.f|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 43 fb 43  |.............C.C|
-00000010  3d 96 63 dd 25 94 9d 7a  fb 9e 15 6f 62 5e ed 34  |=.c.%..z...ob^.4|
-00000020  19 89 b8 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  53 c2 2d 6c b7 91 6c 62  84 09 a2 1c 9b 3d 9e 89  |S.-l..lb.....=..|
-00000040  6a 3d                                             |j=|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
deleted file mode 100644
index 1ff91986..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
+++ /dev/null
@@ -1,131 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 84 4b ff a4 2a  |....Y...U...K..*|
-00000010  a4 76 c0 26 f6 05 72 94  01 15 44 f2 c6 7d b0 4b  |.v.&..r...D..}.K|
-00000020  1b fa da 51 54 45 78 66  e6 0a dd 20 17 df d2 0c  |...QTExf... ....|
-00000030  2f d6 55 b9 ae 82 ce 2f  2f 07 67 54 5e 02 bd 2f  |/.U....//.gT^../|
-00000040  48 f6 fb 3d 9c fa 4f a8  66 15 08 da c0 09 00 00  |H..=..O.f.......|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b7 0c 00  00 b3 03 00 1d 20 5d 4e  |*............ ]N|
-00000280  0c 9e ad 7b f1 48 0c db  03 96 26 2e 16 87 2c e2  |...{.H....&...,.|
-00000290  ce a2 47 5a 57 30 e8 e1  7e b2 53 5b c6 7b 04 03  |..GZW0..~.S[.{..|
-000002a0  00 8b 30 81 88 02 42 00  e8 8e 68 a8 e3 b5 b4 fe  |..0...B...h.....|
-000002b0  b9 91 aa 4f 96 3d 97 8d  b2 ef 23 a4 3d 16 db 2b  |...O.=....#.=..+|
-000002c0  50 6d 52 cd a5 e7 79 ae  65 10 d6 36 e0 ba c3 6b  |PmR...y.e..6...k|
-000002d0  53 61 14 bb 05 47 5a df  26 2f cb 3a 95 c6 6b dc  |Sa...GZ.&/.:..k.|
-000002e0  88 fd 2e 22 b5 ef ff 31  0e 02 42 01 be ce 6e 53  |..."...1..B...nS|
-000002f0  42 43 1c 1c d8 83 7f 45  c4 16 ee d2 7b 66 a0 f4  |BC.....E....{f..|
-00000300  f3 14 da 5c 14 e8 fc bc  86 7d 18 43 b9 7b 90 8c  |...\.....}.C.{..|
-00000310  af f1 05 95 c6 53 0b 0b  0d 10 a1 e9 bb 89 35 c2  |.....S........5.|
-00000320  b2 e1 d7 dd 99 7c bf 85  19 3c 4e 8e 8f 16 03 03  |.....|...<N.....|
-00000330  00 2a 0d 00 00 26 03 01  02 40 00 1e 06 01 06 02  |.*...&...@......|
-00000340  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000350  03 02 03 03 02 01 02 02  02 03 00 00 16 03 03 00  |................|
-00000360  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
-00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
-00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
-00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
-00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
-00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
-00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
-00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
-00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
-00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
-000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
-000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
-000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
-000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
-000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
-000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
-00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
-00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
-00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
-00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
-00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
-00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
-00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
-00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
-00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
-00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
-000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
-000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
-000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
-000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
-000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
-000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
-00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
-00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 05 01 00  80 98 58 a8 77 3d db 0b  |..........X.w=..|
-00000240  04 36 78 51 8b 23 48 fc  70 2b c9 94 1f ee 32 ae  |.6xQ.#H.p+....2.|
-00000250  41 c0 42 20 19 51 67 e7  fa c0 fd 15 a1 5f 55 4f  |A.B .Qg......_UO|
-00000260  aa be 29 77 f5 47 71 b9  6c 51 89 18 df 25 98 fd  |..)w.Gq.lQ...%..|
-00000270  c8 6e ae e3 fd 99 63 ca  2c d2 fb ca bc 57 b7 7f  |.n....c.,....W..|
-00000280  a2 90 a6 6f b7 2e b7 2a  52 29 e6 75 57 86 cc b1  |...o...*R).uW...|
-00000290  d8 6c f3 4e 49 ab 4b 66  0a 72 aa ec c2 f7 6e 57  |.l.NI.Kf.r....nW|
-000002a0  15 26 79 1a a4 24 c2 ba  76 9e dd b9 f9 d4 da 1b  |.&y..$..v.......|
-000002b0  c9 29 66 eb 64 1b 68 66  66 14 03 03 00 01 01 16  |.)f.d.hff.......|
-000002c0  03 03 00 40 00 00 00 00  00 00 00 00 00 00 00 00  |...@............|
-000002d0  00 00 00 00 70 2b 69 27  05 9a 96 e6 e8 52 ea 0f  |....p+i'.....R..|
-000002e0  3a d6 40 b5 e2 89 5b bf  aa 95 6c c1 7d 53 09 89  |:.@...[...l.}S..|
-000002f0  23 38 6b 83 85 84 fa f4  2e fb cd b3 57 4e 79 8a  |#8k.........WNy.|
-00000300  92 74 03 22                                       |.t."|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 8f 91 f1 f5 6b  |..........@....k|
-00000010  cc 52 9d db 35 1f db b4  64 fe 33 a5 83 08 24 2f  |.R..5...d.3...$/|
-00000020  57 18 0e 60 4e 18 54 bb  80 31 37 fe 26 14 b8 c8  |W..`N.T..17.&...|
-00000030  dd c4 8c 07 42 0b 80 0b  41 82 40 f6 9b b8 60 4f  |....B...A.@...`O|
-00000040  cb 7b 43 ea 1a 6e 31 8d  9f 82 f7                 |.{C..n1....|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 70 e7 c8  03 9c e2 58 73 68 ab 9b  |.....p.....Xsh..|
-00000020  5c bf 32 57 f8 f1 13 97  02 59 de 99 d3 3e 16 3d  |\.2W.....Y...>.=|
-00000030  87 11 d4 b4 63 15 03 03  00 30 00 00 00 00 00 00  |....c....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 9b 99 45 f3 0d f1  |............E...|
-00000050  c5 36 07 8c 81 94 b7 0a  dc 7c ee 0c 22 1b 36 fd  |.6.......|..".6.|
-00000060  d4 fc 7d f1 98 8b 87 be  5f c6                    |..}....._.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-RSA b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-RSA
deleted file mode 100644
index 76f0c251..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ /dev/null
@@ -1,130 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 92 93 45 4c f9  |....Y...U....EL.|
-00000010  93 bf ee 78 58 e0 42 b6  df 32 c2 63 6d ec 89 66  |...xX.B..2.cm..f|
-00000020  5a 11 7c 0d 31 2f b5 90  22 ab 3d 20 65 f3 40 c4  |Z.|.1/..".= e.@.|
-00000030  f8 31 fa 80 f3 fb a7 f6  9e dc 0c 94 67 48 d9 2b  |.1..........gH.+|
-00000040  cb 94 82 5f 4e 8b 41 5e  c6 63 27 da c0 2f 00 00  |..._N.A^.c'../..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 66 49 44 2b 04 fe f5  |........ fID+...|
-000002d0  41 68 60 09 81 0e 24 c4  46 68 33 87 41 dd 48 69  |Ah`...$.Fh3.A.Hi|
-000002e0  4c be c8 22 2d 4e ff 80  20 04 01 00 80 30 85 40  |L.."-N.. ....0.@|
-000002f0  30 56 d5 1d 41 14 9d e8  27 39 a2 18 d5 eb 92 27  |0V..A...'9.....'|
-00000300  63 4b 05 85 1a 9e 5f 60  2c 80 a3 20 9f 9c 57 29  |cK...._`,.. ..W)|
-00000310  ba 5f ac 0a aa 89 98 fc  ca 8e 37 6b 44 bc 0f 33  |._........7kD..3|
-00000320  5d 47 91 46 55 d4 f9 4f  76 73 51 c4 f6 a9 90 e4  |]G.FU..OvsQ.....|
-00000330  95 10 92 94 f1 33 11 3d  83 0a eb 5d ff e6 9d 9c  |.....3.=...]....|
-00000340  19 ec e1 65 11 ad d7 7b  6a a4 f9 d8 b6 0c 53 8a  |...e...{j.....S.|
-00000350  16 d5 1f a7 0b 80 6f c5  d8 6a 57 11 2f b1 84 65  |......o..jW./..e|
-00000360  24 8a 02 de aa 10 40 bd  9b 68 a2 b7 b6 16 03 03  |$.....@..h......|
-00000370  00 2a 0d 00 00 26 03 01  02 40 00 1e 06 01 06 02  |.*...&...@......|
-00000380  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000390  03 02 03 03 02 01 02 02  02 03 00 00 16 03 03 00  |................|
-000003a0  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
-00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
-00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
-00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
-00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
-00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
-00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
-00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
-00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
-00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
-000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
-000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
-000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
-000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
-000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
-000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
-00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
-00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
-00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
-00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
-00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
-00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
-00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
-00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
-00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
-00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
-000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
-000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
-000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
-000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
-000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
-000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
-00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
-00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 05 01 00  80 05 9b 97 90 30 0b 21  |.............0.!|
-00000240  ed 52 16 19 e0 54 7d 59  42 17 94 81 9b 2c b6 5b  |.R...T}YB....,.[|
-00000250  7f 7c 8e a5 bf 27 a9 25  14 74 f0 37 fa 6e 2b 84  |.|...'.%.t.7.n+.|
-00000260  80 a4 cd ae a6 8a 1b 62  2d 5e 03 ff 70 55 d7 99  |.......b-^..pU..|
-00000270  68 3c b3 0e 03 41 ae af  c6 3e 09 d4 16 8e 06 71  |h<...A...>.....q|
-00000280  14 f8 90 97 cd f6 eb 7d  90 3c d1 f3 95 db 35 3c  |.......}.<....5<|
-00000290  c9 7d dc 30 55 e1 a0 66  8e 26 20 4f 43 89 08 6f  |.}.0U..f.& OC..o|
-000002a0  95 58 42 ae e8 6c b6 77  45 c6 8c c7 ad e5 ed ff  |.XB..l.wE.......|
-000002b0  09 6f 2e 7e b0 e4 5c f2  db 14 03 03 00 01 01 16  |.o.~..\.........|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 c0 2c cc 32  |...(.........,.2|
-000002d0  78 5e 6c 3e e9 a3 83 65  b4 bb 4e 79 b2 04 08 30  |x^l>...e..Ny...0|
-000002e0  09 e9 04 99 70 48 44 95  26 b0 37 c9              |....pHD.&.7.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 5f 80 e2 f1 78  |..........(_...x|
-00000010  0f cb 58 5c 3c 50 4c 1e  33 8a 1f b7 89 92 37 11  |..X\<PL.3.....7.|
-00000020  a3 8a 76 39 4a 3d b0 1f  a3 e9 ba 52 f8 2b e5 a3  |..v9J=.....R.+..|
-00000030  59 7c ac                                          |Y|.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 75 dc 54  |.............u.T|
-00000010  d9 c5 b1 c2 c9 64 9a ea  20 e5 76 61 6c 05 af 33  |.....d.. .val..3|
-00000020  6b bc d7 15 03 03 00 1a  00 00 00 00 00 00 00 02  |k...............|
-00000030  24 6b 03 76 d3 da d0 ee  a6 32 c3 58 a1 5e a5 21  |$k.v.....2.X.^.!|
-00000040  b8 3a                                             |.:|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES
deleted file mode 100644
index 5d795e79..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES
+++ /dev/null
@@ -1,87 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 c3 2f 08 30 ba  |....Y...U.../.0.|
-00000010  5d 9e 55 ef 23 f9 8a 0d  2f b4 25 02 5f c0 d2 c2  |].U.#.../.%._...|
-00000020  50 7c da db a4 ee 7c 18  df af aa 20 f3 a5 02 de  |P|....|.... ....|
-00000030  54 9f ce b9 6d 69 66 5d  57 76 ff 18 91 d3 93 ab  |T...mif]Wv......|
-00000040  39 13 29 4c b9 a7 3c db  7f 4d 97 fc c0 09 00 00  |9.)L..<..M......|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b6 0c 00  00 b2 03 00 1d 20 46 07  |*............ F.|
-00000280  78 fd 3b 0c e0 2c 96 f8  44 b9 e9 06 e9 66 17 35  |x.;..,..D....f.5|
-00000290  c0 92 87 51 f6 e3 d7 f5  09 50 56 c6 e9 3b 04 03  |...Q.....PV..;..|
-000002a0  00 8a 30 81 87 02 41 5d  88 4b fe eb 45 ee 5e 9f  |..0...A].K..E.^.|
-000002b0  ec 20 90 1f 41 aa 47 87  f7 ae 46 71 dc 55 8b 2c  |. ..A.G...Fq.U.,|
-000002c0  ce 70 5f ad 3e fa 3c c3  cb 77 d2 69 67 25 27 08  |.p_.>.<..w.ig%'.|
-000002d0  23 de 52 3c 0e 6c ca 8f  86 8f 61 cd 5b cf d8 42  |#.R<.l....a.[..B|
-000002e0  aa 5a 95 aa 4b d4 d9 f3  02 42 01 81 78 53 9c bd  |.Z..K....B..xS..|
-000002f0  af 7e d9 be 26 07 24 11  ca 4b 1d dd 2b 49 ec 35  |.~..&.$..K..+I.5|
-00000300  25 8d 58 87 ad 80 4f 90  c7 f8 a4 b9 c2 75 b5 12  |%.X...O......u..|
-00000310  a7 2c 49 82 76 e8 ce c4  a7 23 68 75 fc 88 82 13  |.,I.v....#hu....|
-00000320  27 55 a7 50 3c d6 d0 ae  e3 88 94 b4 16 03 03 00  |'U.P<...........|
-00000330  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 04 f4 cc  a8 9f 48 44 ca 19 e6 4c  |..........HD...L|
-00000050  3d 51 f2 29 40 0b 70 06  09 f0 69 5c 51 78 51 1e  |=Q.)@.p...i\QxQ.|
-00000060  2b d1 47 22 8d d6 fb f5  41 bd e4 fd 3d f4 1b 48  |+.G"....A...=..H|
-00000070  44 96 2d 97 b9                                    |D.-..|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 f1 a2 70 ba 50  |..........@..p.P|
-00000010  9d 7a 9f 8f c6 fb 7e 83  75 bd 94 cf e6 c1 4a f0  |.z....~.u.....J.|
-00000020  e6 54 e9 2c 30 23 a2 5c  c2 09 32 d4 06 f7 54 e7  |.T.,0#.\..2...T.|
-00000030  ab 27 a6 66 ab 86 e6 2c  20 12 cf 61 4d ef 12 20  |.'.f..., ..aM.. |
-00000040  ba b6 42 39 b7 76 b9 1b  fc f4 44                 |..B9.v....D|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 0b 5b d0  ab 14 3f ae 1f 4b 12 25  |......[...?..K.%|
-00000020  05 2a 67 11 0c 17 42 1b  b6 d2 af 16 40 26 fd 7b  |.*g...B.....@&.{|
-00000030  d7 57 10 2a f8 15 03 03  00 30 00 00 00 00 00 00  |.W.*.....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 83 54 64 d6 31 32  |...........Td.12|
-00000050  55 62 32 49 b9 54 7b e3  34 02 1c 75 e3 1b 5a 41  |Ub2I.T{.4..u..ZA|
-00000060  a2 cd 47 26 f0 ed c2 d5  41 34                    |..G&....A4|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
deleted file mode 100644
index 28a9ef7c..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
+++ /dev/null
@@ -1,82 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 72 81 c3 91 37  |....Y...U..r...7|
-00000010  54 37 fb 0f 2b 16 3b 7b  bc a6 d9 2e e2 83 23 83  |T7..+.;{......#.|
-00000020  b3 67 cf 36 dc 65 8d a6  3d cb 72 20 ac b9 b9 48  |.g.6.e..=.r ...H|
-00000030  30 9d fe 67 09 39 f5 47  d2 9a c8 3e 22 02 50 5e  |0..g.9.G...>".P^|
-00000040  fd 02 c9 ff c1 84 2e 2e  ab 78 ef c6 c0 2b 00 00  |.........x...+..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b6 0c 00  00 b2 03 00 1d 20 b7 1c  |*............ ..|
-00000280  2f 05 5e c8 ae 68 6b 54  c5 88 19 cf 7c 04 b2 ed  |/.^..hkT....|...|
-00000290  8d 5a e9 7e 6b 50 8a ee  12 66 2d 6f e4 7a 04 03  |.Z.~kP...f-o.z..|
-000002a0  00 8a 30 81 87 02 42 01  8d 7e 23 bc d7 a7 ad 73  |..0...B..~#....s|
-000002b0  5f 45 9e 04 da 6e c0 34  a8 09 59 e3 bc ab 80 e1  |_E...n.4..Y.....|
-000002c0  d4 84 79 7d de 90 c1 f2  ea 95 ed fc 7e d3 f0 31  |..y}........~..1|
-000002d0  4c 9b da 82 a0 97 ed e6  c9 f2 b9 2a 0a 1e 0a 2c  |L..........*...,|
-000002e0  7f 1d 62 ea 11 a9 77 5e  2f 02 41 09 88 2b eb 84  |..b...w^/.A..+..|
-000002f0  4f 62 9a c9 8a 0b a2 c6  88 0e 3e d9 29 f0 2b ba  |Ob........>.).+.|
-00000300  08 40 b0 9c 17 70 d9 84  1e d3 39 ad 70 fc df 63  |.@...p....9.p..c|
-00000310  a0 f6 69 3c 19 ce 0b a5  95 d2 6a b1 46 b1 e5 ba  |..i<......j.F...|
-00000320  fd d2 67 4b 76 e3 eb b9  21 d0 7c 85 16 03 03 00  |..gKv...!.|.....|
-00000330  04 0e 00 00 00                                    |.....|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 32 49 7e  |....(........2I~|
-00000040  8f d6 2e 81 d7 03 a6 61  a3 04 98 81 95 84 58 d1  |.......a......X.|
-00000050  a2 33 fe 4a 5d cd 96 76  64 1e 1a 62 03           |.3.J]..vd..b.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 28 14 2d ae 7c  |..........((.-.||
-00000010  b8 7d dc 27 b2 18 39 57  c8 be 5c 3d a3 ab fa 5a  |.}.'..9W..\=...Z|
-00000020  3d 55 1b 3d 31 77 95 af  42 86 af 2b e7 5a 98 40  |=U.=1w..B..+.Z.@|
-00000030  18 77 d1                                          |.w.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 30 50 2f  |.............0P/|
-00000010  36 4a 7c ee e6 f0 b9 b8  bf 4d e3 63 4d 5e 58 08  |6J|......M.cM^X.|
-00000020  ac ac 82 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  80 e2 42 ca 91 65 04 4e  ca a8 6f 81 7c 30 c0 1f  |..B..e.N..o.|0..|
-00000040  aa 7b                                             |.{|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
deleted file mode 100644
index 831fa210..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256
+++ /dev/null
@@ -1,91 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 be c0 b6 d7 fe  |....Y...U.......|
-00000010  43 9d 21 1f 89 27 bd db  0a 9a 5a 44 dd 79 d1 f2  |C.!..'....ZD.y..|
-00000020  18 9a 2a 04 8c eb e6 a9  93 ef ee 20 35 48 44 08  |..*........ 5HD.|
-00000030  8c 7a 3e f6 0f d7 5f 33  54 60 0b c9 65 4e 17 8d  |.z>..._3T`..eN..|
-00000040  d2 69 b7 20 0b c5 ba 9a  d4 b7 40 39 c0 23 00 00  |.i. ......@9.#..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b7 0c 00  00 b3 03 00 1d 20 0e 53  |*............ .S|
-00000280  82 54 1a ba f8 a4 52 1d  6d b8 70 18 41 e8 67 f9  |.T....R.m.p.A.g.|
-00000290  38 1e fb fa b8 89 2d d6  4d 1b ae 67 fe 75 04 03  |8.....-.M..g.u..|
-000002a0  00 8b 30 81 88 02 42 01  68 0e d4 92 a6 1a d9 66  |..0...B.h......f|
-000002b0  ff 0e ca 4c 32 b8 78 d3  52 d1 ad a2 32 83 f0 3c  |...L2.x.R...2..<|
-000002c0  43 e0 7e 92 94 e9 c6 99  00 d9 f7 06 c0 2c 72 c0  |C.~..........,r.|
-000002d0  9b f7 c0 ec 1f 23 8f b5  e5 74 9d ff 89 17 12 b4  |.....#...t......|
-000002e0  f1 f5 25 f7 2e 0d 78 f6  1c 02 42 01 fc da dd c8  |..%...x...B.....|
-000002f0  65 30 67 a3 ff 42 e3 37  19 ba 7c 04 6b a1 b3 97  |e0g..B.7..|.k...|
-00000300  b0 ca 8c 2d fc b0 40 1c  a1 d8 c9 64 fe df 48 3b  |...-..@....d..H;|
-00000310  07 57 1f 81 a2 3e a4 84  96 00 fb 55 29 1c 94 9d  |.W...>.....U)...|
-00000320  f9 0d a4 71 4f 5f fd c3  22 e2 88 07 21 16 03 03  |...qO_.."...!...|
-00000330  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 50 00 00 00  00 00 00 00 00 00 00 00  |....P...........|
-00000040  00 00 00 00 00 7c e9 97  4b 98 8a 4c 59 95 3e 31  |.....|..K..LY.>1|
-00000050  c4 b6 e2 79 10 de bc 8e  aa 1e 52 07 b2 e1 52 bc  |...y......R...R.|
-00000060  3b da 8d 5f 12 6a 18 d1  0a 5d 93 1c ad bb f9 b7  |;.._.j...]......|
-00000070  6b 58 49 39 ea 3a 9e 20  47 69 43 b4 b4 d8 16 d0  |kXI9.:. GiC.....|
-00000080  f0 9d 36 74 04                                    |..6t.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 60 d5 ac 39 b6  |..........P`..9.|
-00000010  58 50 03 90 9f c9 78 f1  45 43 b1 34 bd c8 29 65  |XP....x.EC.4..)e|
-00000020  54 38 7a 88 46 15 e8 a4  fb 9d 80 4e d6 45 e1 8d  |T8z.F......N.E..|
-00000030  27 d6 09 66 1d ee 46 6d  dd 8e 89 34 0f 4a fb fd  |'..f..Fm...4.J..|
-00000040  bc 85 08 07 f0 5b 1c 24  e2 11 1b e2 a4 94 f5 80  |.....[.$........|
-00000050  fa 47 f4 62 0e b9 1c 31  cb 7b bf                 |.G.b...1.{.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 37 b7 23  a2 06 97 f3 60 9a f0 7e  |.....7.#....`..~|
-00000020  b7 11 6d 0d 66 0e db 38  1a eb cd 72 80 c8 54 ef  |..m.f..8...r..T.|
-00000030  cf 90 6d 22 68 41 63 03  46 b9 28 4f 2f d6 fe fa  |..m"hAc.F.(O/...|
-00000040  b2 91 07 36 71 15 03 03  00 40 00 00 00 00 00 00  |...6q....@......|
-00000050  00 00 00 00 00 00 00 00  00 00 ca 17 d9 fd 1a 0e  |................|
-00000060  21 db a4 92 dc 92 e8 89  9d 14 6b 8a d3 ee a7 95  |!.........k.....|
-00000070  c0 91 8d 3c af 5a 48 d5  c6 2f 66 b8 b8 d4 ce f9  |...<.ZH../f.....|
-00000080  59 e5 e0 e2 df e5 7e ea  94 03                    |Y.....~...|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
deleted file mode 100644
index c22edd05..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384
+++ /dev/null
@@ -1,82 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 e6 0e 27 a7 58  |....Y...U....'.X|
-00000010  1d a3 1d 1d 21 64 31 f6  1e bc 28 b4 46 7e 26 be  |....!d1...(.F~&.|
-00000020  de 0a 65 eb f0 18 dc 7f  3e 1b 55 20 fe 66 50 20  |..e.....>.U .fP |
-00000030  f0 f0 48 a8 db 0a ff ee  60 ea 3d 7f 07 5e b9 65  |..H.....`.=..^.e|
-00000040  c3 e4 2a 19 9c bd 57 36  ca e3 a7 2d c0 2c 00 00  |..*...W6...-.,..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b7 0c 00  00 b3 03 00 1d 20 17 21  |*............ .!|
-00000280  a9 b8 65 8b aa 41 d2 d1  45 45 e5 ce 39 60 54 b6  |..e..A..EE..9`T.|
-00000290  43 9f c4 19 a4 aa ec 71  08 b0 d1 22 f7 46 04 03  |C......q...".F..|
-000002a0  00 8b 30 81 88 02 42 00  8b a5 d9 d3 8f a1 72 48  |..0...B.......rH|
-000002b0  06 42 25 c3 f6 c8 46 8d  88 30 36 7d d8 18 a9 cc  |.B%...F..06}....|
-000002c0  de e4 c8 3f e9 d2 f0 88  18 cc c6 fb 14 e0 05 b1  |...?............|
-000002d0  ec 50 3d 57 b4 e9 83 57  55 4b 0d 2c 89 69 ff b1  |.P=W...WUK.,.i..|
-000002e0  58 0b 01 89 48 97 ee 88  7e 02 42 01 e1 6f 9c 36  |X...H...~.B..o.6|
-000002f0  6a 6c 86 24 d6 b3 45 f1  6c 03 d8 fd da d8 cc 52  |jl.$..E.l......R|
-00000300  04 41 7a c5 f9 b5 91 a5  6c d8 5a 03 ad de e3 da  |.Az.....l.Z.....|
-00000310  de f8 db b0 bc 75 38 03  ab 84 ac 3f b2 c2 7e 6d  |.....u8....?..~m|
-00000320  a7 2e c0 d9 bd 85 e2 7b  36 11 2b 12 14 16 03 03  |.......{6.+.....|
-00000330  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 4b a3 cc  |....(........K..|
-00000040  a1 5b 04 d4 1e 6c 2c 26  56 23 62 50 bc d6 90 0b  |.[...l,&V#bP....|
-00000050  67 41 d9 7c 79 a5 53 54  73 0a 93 e2 73           |gA.|y.STs...s|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 e3 19 7b 8c 8a  |..........(..{..|
-00000010  52 35 82 cc 70 50 83 22  88 8b 0a 54 bc eb ff 57  |R5..pP."...T...W|
-00000020  2c df 0d 50 d6 21 2f d2  d9 e8 15 27 b9 d7 01 a3  |,..P.!/....'....|
-00000030  f2 62 0b                                          |.b.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 cc cf 92  |................|
-00000010  4d 25 58 96 1d dc df fb  d9 1f a5 49 87 45 dd 73  |M%X........I.E.s|
-00000020  1a 17 ae 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  fb b5 c5 e4 aa ea e7 7e  ff dd f7 11 63 c0 e4 a3  |.......~....c...|
-00000040  86 fc                                             |..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
deleted file mode 100644
index 61e66572..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305
+++ /dev/null
@@ -1,77 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 67 01 00 00  63 03 03 00 00 00 00 00  |....g...c.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 02 cc a9  |................|
-00000030  01 00 00 38 00 05 00 05  01 00 00 00 00 00 0a 00  |...8............|
-00000040  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
-00000050  00 00 0d 00 0e 00 0c 04  01 04 03 05 01 05 03 02  |................|
-00000060  01 02 03 ff 01 00 01 00  00 12 00 00              |............|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 d6 47 27 38 fc  |....Y...U...G'8.|
-00000010  16 92 2c 1f a6 53 a9 31  85 65 a7 83 0a 8f cb 4d  |..,..S.1.e.....M|
-00000020  7d 5b df c1 2e b9 b1 08  e3 b9 96 20 16 0c e5 07  |}[......... ....|
-00000030  27 cc 4f 7d 11 ef 1a 14  c6 42 bf e9 c1 b7 a5 89  |'.O}.....B......|
-00000040  ca 2b 4c 30 4f c7 c8 10  13 b0 b1 6b cc a9 00 00  |.+L0O......k....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
-00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
-00000080  30 09 06 07 2a 86 48 ce  3d 04 01 30 45 31 0b 30  |0...*.H.=..0E1.0|
-00000090  09 06 03 55 04 06 13 02  41 55 31 13 30 11 06 03  |...U....AU1.0...|
-000000a0  55 04 08 13 0a 53 6f 6d  65 2d 53 74 61 74 65 31  |U....Some-State1|
-000000b0  21 30 1f 06 03 55 04 0a  13 18 49 6e 74 65 72 6e  |!0...U....Intern|
-000000c0  65 74 20 57 69 64 67 69  74 73 20 50 74 79 20 4c  |et Widgits Pty L|
-000000d0  74 64 30 1e 17 0d 31 32  31 31 32 32 31 35 30 36  |td0...1211221506|
-000000e0  33 32 5a 17 0d 32 32 31  31 32 30 31 35 30 36 33  |32Z..22112015063|
-000000f0  32 5a 30 45 31 0b 30 09  06 03 55 04 06 13 02 41  |2Z0E1.0...U....A|
-00000100  55 31 13 30 11 06 03 55  04 08 13 0a 53 6f 6d 65  |U1.0...U....Some|
-00000110  2d 53 74 61 74 65 31 21  30 1f 06 03 55 04 0a 13  |-State1!0...U...|
-00000120  18 49 6e 74 65 72 6e 65  74 20 57 69 64 67 69 74  |.Internet Widgit|
-00000130  73 20 50 74 79 20 4c 74  64 30 81 9b 30 10 06 07  |s Pty Ltd0..0...|
-00000140  2a 86 48 ce 3d 02 01 06  05 2b 81 04 00 23 03 81  |*.H.=....+...#..|
-00000150  86 00 04 00 c4 a1 ed be  98 f9 0b 48 73 36 7e c3  |...........Hs6~.|
-00000160  16 56 11 22 f2 3d 53 c3  3b 4d 21 3d cd 6b 75 e6  |.V.".=S.;M!=.ku.|
-00000170  f6 b0 dc 9a df 26 c1 bc  b2 87 f0 72 32 7c b3 64  |.....&.....r2|.d|
-00000180  2f 1c 90 bc ea 68 23 10  7e fe e3 25 c0 48 3a 69  |/....h#.~..%.H:i|
-00000190  e0 28 6d d3 37 00 ef 04  62 dd 0d a0 9c 70 62 83  |.(m.7...b....pb.|
-000001a0  d8 81 d3 64 31 aa 9e 97  31 bd 96 b0 68 c0 9b 23  |...d1...1...h..#|
-000001b0  de 76 64 3f 1a 5c 7f e9  12 0e 58 58 b6 5f 70 dd  |.vd?.\....XX._p.|
-000001c0  9b d8 ea d5 d7 f5 d5 cc  b9 b6 9f 30 66 5b 66 9a  |...........0f[f.|
-000001d0  20 e2 27 e5 bf fe 3b 30  09 06 07 2a 86 48 ce 3d  | .'...;0...*.H.=|
-000001e0  04 01 03 81 8c 00 30 81  88 02 42 01 88 a2 4f eb  |......0...B...O.|
-000001f0  e2 45 c5 48 7d 1b ac f5  ed 98 9d ae 47 70 c0 5e  |.E.H}.......Gp.^|
-00000200  1b b6 2f bd f1 b6 4d b7  61 40 d3 11 a2 ce ee 0b  |../...M.a@......|
-00000210  7e 92 7e ff 76 9d c3 3b  7e a5 3f ce fa 10 e2 59  |~.~.v..;~.?....Y|
-00000220  ec 47 2d 7c ac da 4e 97  0e 15 a0 6f d0 02 42 01  |.G-|..N....o..B.|
-00000230  4d fc be 67 13 9c 2d 05  0e bd 3f a3 8c 25 c1 33  |M..g..-...?..%.3|
-00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
-00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
-00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b7 0c 00  00 b3 03 00 1d 20 69 78  |*............ ix|
-00000280  7b e5 14 95 c8 d1 3c 7e  c2 d7 38 33 c3 9f 8f dc  |{.....<~..83....|
-00000290  25 8d 89 8a 99 a4 e4 8b  40 17 fc 80 43 67 04 03  |%.......@...Cg..|
-000002a0  00 8b 30 81 88 02 42 01  32 a8 dd d9 ec 11 d2 f2  |..0...B.2.......|
-000002b0  6d 86 da 31 00 8c bf ed  81 1d 8c c8 23 87 98 f7  |m..1........#...|
-000002c0  25 0c 1b 3d 9f 07 80 11  bc 07 b1 15 5f 3a 81 0e  |%..=........_:..|
-000002d0  59 04 e8 09 be ea 21 97  34 a9 8a 2f ef 3a 47 ad  |Y.....!.4../.:G.|
-000002e0  3b f9 9d f3 b8 b8 9a 93  03 02 42 01 bc 88 6b 99  |;.........B...k.|
-000002f0  d7 7a df de 5a 75 53 b0  3c 4c 1d 8b 15 c5 a7 9d  |.z..ZuS.<L......|
-00000300  3d 00 c0 f7 19 47 88 30  00 29 24 80 23 45 88 2e  |=....G.0.)$.#E..|
-00000310  11 60 3e 4b 6a 41 ad dc  3d 7d 3f 59 a0 0e fd d6  |.`>KjA..=}?Y....|
-00000320  f7 c7 7f 63 49 2f e4 4e  d9 8f 2d e5 98 16 03 03  |...cI/.N..-.....|
-00000330  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 7c 89 36  36 77 8c 09 31 e4 48 01  |.... |.66w..1.H.|
-00000040  6f 08 27 a8 bb 1b 1c a6  0c 09 ec 0b f6 a3 be bd  |o.'.............|
-00000050  76 70 fb f8 e5                                    |vp...|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 a0 db 6c df b1  |.......... ..l..|
-00000010  87 77 78 ad 22 b2 98 77  e8 57 aa 13 a8 98 35 63  |.wx."..w.W....5c|
-00000020  00 c5 13 b9 88 5d ca bf  bc c5 c3                 |.....].....|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 16 00 c8  c6 25 ae 11 9d a5 10 75  |.........%.....u|
-00000010  e4 4c e3 69 12 2b d9 9e  8e 40 88 15 03 03 00 12  |.L.i.+...@......|
-00000020  cf ab ac d4 c4 8e 9c 92  c4 2f 1f c6 96 0b 36 c9  |........./....6.|
-00000030  f5 22                                             |."|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-AES b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-AES
deleted file mode 100644
index 45728cfb..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-AES
+++ /dev/null
@@ -1,91 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 2f 51 e0 81 eb  |....Y...U../Q...|
-00000010  d2 db 4f 22 fa 11 d2 56  f3 06 d6 a0 97 d2 f3 74  |..O"...V.......t|
-00000020  fc a9 a7 73 ba a8 ee f2  05 89 15 20 0f 96 70 60  |...s....... ..p`|
-00000030  6f 78 aa 56 fa 92 5e e3  bc e7 f0 40 00 48 8b 84  |ox.V..^....@.H..|
-00000040  57 b8 49 e9 f9 00 99 ff  73 29 f6 e7 c0 13 00 00  |W.I.....s)......|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 48 77 87 3e 04 c9 14  |........ Hw.>...|
-000002d0  56 9d 1b 41 4b d0 eb 65  8d 56 56 97 fd 73 97 cd  |V..AK..e.VV..s..|
-000002e0  c6 88 8f 8e 79 99 09 65  53 04 01 00 80 98 c2 ff  |....y..eS.......|
-000002f0  49 aa 41 ce 0e 7b 03 99  39 c0 b5 ac 72 16 1c 5e  |I.A..{..9...r..^|
-00000300  a0 92 f1 07 0c 93 dc f6  25 2b 5c be e3 65 41 a9  |........%+\..eA.|
-00000310  1e 57 6d 9f 28 50 ca 87  2f c7 b0 15 2e 15 d2 cc  |.Wm.(P../.......|
-00000320  4d 0e 42 4c 0a 01 4d 1b  9c d1 17 e7 22 9a 6a a9  |M.BL..M.....".j.|
-00000330  27 0b 7a a7 32 e3 c7 5a  d1 7f f2 1c 45 61 91 a8  |'.z.2..Z....Ea..|
-00000340  e0 e0 49 de b7 2f a6 89  63 94 ed 0e 63 15 6b 4f  |..I../..c...c.kO|
-00000350  fb 62 c4 35 cb 98 89 c2  d1 bc f6 e2 2d 8f 9f 72  |.b.5........-..r|
-00000360  56 79 50 5f cd 73 00 f1  65 bf a4 3f 87 16 03 03  |VyP_.s..e..?....|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000040  00 00 00 00 00 93 4b 37  8d 57 43 52 77 56 d2 af  |......K7.WCRwV..|
-00000050  7c 56 d0 bf 1e 7b 29 55  3e b7 d0 1c 02 2e 0d de  ||V...{)U>.......|
-00000060  09 66 f2 98 21 57 ab d2  d2 4a 73 c1 c5 fe f1 b8  |.f..!W...Js.....|
-00000070  95 d3 fc 70 ce                                    |...p.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 b3 e1 81 3e 0a  |..........@...>.|
-00000010  f8 f3 c6 05 c1 09 f5 73  01 eb 18 1a 05 fa 2f 9b  |.......s....../.|
-00000020  b2 bc c7 44 23 38 ed b9  99 a0 56 7d 8b e4 a5 4b  |...D#8....V}...K|
-00000030  f1 89 45 bc 95 ea 06 a8  48 de 07 bf d5 cb 53 bc  |..E.....H.....S.|
-00000040  50 fa 25 fb d5 79 17 ec  4d be 3d                 |P.%..y..M.=|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 3e 90 61  a4 f1 53 ac 7b b2 9f 4e  |.....>.a..S.{..N|
-00000020  2c 16 5a 77 8b da 5d 68  5c 8b a8 6d 44 52 f3 ad  |,.Zw..]h\..mDR..|
-00000030  8e ba c8 89 2f 15 03 03  00 30 00 00 00 00 00 00  |..../....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 e5 01 5d ef 4c 0c  |............].L.|
-00000050  07 8f 21 99 60 83 ee 36  13 8e 25 15 32 85 a5 96  |..!.`..6..%.2...|
-00000060  36 90 60 49 4f c7 54 99  dd 76                    |6.`IO.T..v|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
deleted file mode 100644
index 6b02249f..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256
+++ /dev/null
@@ -1,95 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 ab d3 05 5e d0  |....Y...U.....^.|
-00000010  80 0b 87 e9 43 26 e2 c9  28 04 3f eb 68 05 54 3d  |....C&..(.?.h.T=|
-00000020  9b 28 d0 4e d4 d9 25 e5  b0 27 2b 20 89 27 da d5  |.(.N..%..'+ .'..|
-00000030  3d 19 38 63 01 34 f6 43  1b a9 f7 09 12 7d 27 e1  |=.8c.4.C.....}'.|
-00000040  f6 23 b8 39 24 8b 1e c7  a3 2f 07 16 c0 27 00 00  |.#.9$..../...'..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 ec 71 cc fb 07 bd 0f  |........ .q.....|
-000002d0  6b e0 e1 27 7f 62 59 06  09 3c 09 bc b1 c9 09 93  |k..'.bY..<......|
-000002e0  e9 b0 a4 5b f3 be 14 d1  3c 04 01 00 80 a9 c7 98  |...[....<.......|
-000002f0  ea ac 6a 9b 49 7c 72 45  4d 5c c8 4c d6 56 64 1b  |..j.I|rEM\.L.Vd.|
-00000300  44 7f 13 4f 2a ed e9 6b  c7 c0 a2 25 3b 7a 99 f4  |D..O*..k...%;z..|
-00000310  93 84 35 78 72 21 ca f6  29 1b 60 d7 f6 bd 31 5b  |..5xr!..).`...1[|
-00000320  7a fb 57 20 30 cc e6 90  07 b2 0e 08 82 86 56 a7  |z.W 0.........V.|
-00000330  55 00 fd f4 ce f4 b1 74  27 e9 0a 28 1c bc 56 47  |U......t'..(..VG|
-00000340  f7 18 3e 9e 9c 45 2d 1d  82 a8 66 51 27 25 be ec  |..>..E-...fQ'%..|
-00000350  cd 9e 83 89 7e e0 e3 0f  3b 7b 32 f2 26 7b 30 c8  |....~...;{2.&{0.|
-00000360  c1 e3 7b 4c f4 14 d5 51  ea b7 45 7a 59 16 03 03  |..{L...Q..EzY...|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 50 00 00 00  00 00 00 00 00 00 00 00  |....P...........|
-00000040  00 00 00 00 00 76 d8 c4  58 a1 94 11 ab 19 4c 7b  |.....v..X.....L{|
-00000050  7c 34 d1 b6 8b 7f a2 96  41 e6 e9 98 d8 55 62 2b  ||4......A....Ub+|
-00000060  56 54 2a 65 25 f0 fa 15  ac cb b7 cc 3b 59 8b 99  |VT*e%.......;Y..|
-00000070  e9 be 9e fe 56 97 07 ae  39 38 a7 f4 f0 d0 e9 f5  |....V...98......|
-00000080  33 de 20 a6 04                                    |3. ..|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 50 8c 0f 2a be cd  |..........P..*..|
-00000010  30 f7 46 cf 58 5b 38 88  86 5e d1 33 b1 61 d6 95  |0.F.X[8..^.3.a..|
-00000020  13 c7 e7 f2 fb bc 37 e5  a3 db ac a7 74 49 00 89  |......7.....tI..|
-00000030  db 94 25 aa 00 b6 b2 34  0a dd 97 bf fa cf 33 6e  |..%....4......3n|
-00000040  6e f7 ab bf 70 a6 85 91  9b 4f f2 86 15 83 60 0d  |n...p....O....`.|
-00000050  79 9e 11 51 17 a6 6f 06  2f 98 bc                 |y..Q..o./..|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 c3 c9 23  7b bd 57 1a 29 5f ac f6  |.......#{.W.)_..|
-00000020  8d bb 90 bb 48 8a 9a 75  65 3b 5b 52 c0 ee 0e 24  |....H..ue;[R...$|
-00000030  43 f6 62 1f 1e 51 36 4e  3e a3 e4 96 d8 2b d8 a7  |C.b..Q6N>....+..|
-00000040  d0 18 97 d7 1e 15 03 03  00 40 00 00 00 00 00 00  |.........@......|
-00000050  00 00 00 00 00 00 00 00  00 00 c0 c8 9f 7d df b1  |.............}..|
-00000060  78 72 b5 3d 0d 3e d9 88  38 c2 42 eb 2b 4d e0 b3  |xr.=.>..8.B.+M..|
-00000070  d7 69 19 31 57 16 7c 0a  bb 24 5b 9c 9b c2 4b b9  |.i.1W.|..$[...K.|
-00000080  55 ef ad 2c c1 eb 9b 59  06 5a                    |U..,...Y.Z|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
deleted file mode 100644
index 64f999a0..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305
+++ /dev/null
@@ -1,81 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 67 01 00 00  63 03 03 00 00 00 00 00  |....g...c.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 02 cc a8  |................|
-00000030  01 00 00 38 00 05 00 05  01 00 00 00 00 00 0a 00  |...8............|
-00000040  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
-00000050  00 00 0d 00 0e 00 0c 04  01 04 03 05 01 05 03 02  |................|
-00000060  01 02 03 ff 01 00 01 00  00 12 00 00              |............|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 45 f5 61 06 a8  |....Y...U..E.a..|
-00000010  4e ce c0 32 d6 af fb 12  5e c8 6c 06 ac c9 d7 e4  |N..2....^.l.....|
-00000020  02 49 09 b9 42 ee ae fa  e4 52 18 20 12 3a 53 7d  |.I..B....R. .:S}|
-00000030  11 cf 13 13 a3 f8 42 c3  98 bb bc a6 10 3e f4 13  |......B......>..|
-00000040  a5 a2 fd ef aa b3 01 3c  cb 8a 3a 2c cc a8 00 00  |.......<..:,....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 57 53 06 53 e5 14 06  |........ WS.S...|
-000002d0  df 26 9d 3a 06 dc a9 d5  49 d3 3f 5f 7b c2 ab 77  |.&.:....I.?_{..w|
-000002e0  fd a1 fe 28 dc 54 36 06  22 04 01 00 80 da 23 f5  |...(.T6.".....#.|
-000002f0  19 de e8 d2 a9 79 b8 37  3d c0 8c ae f6 7c d5 d9  |.....y.7=....|..|
-00000300  87 ab 6b 3f 76 7c 5f 94  be 11 55 a3 78 66 1e e3  |..k?v|_...U.xf..|
-00000310  f3 11 3d 1a f7 02 26 a4  a6 cd 7c fe 87 0d 68 a1  |..=...&...|...h.|
-00000320  50 e8 7e 94 41 bd 5b 74  d0 6d 3b 6c ef ee 88 2d  |P.~.A.[t.m;l...-|
-00000330  60 0a a9 53 cf 1f f4 03  a3 54 e5 91 36 50 62 54  |`..S.....T..6PbT|
-00000340  5f e6 e5 36 63 58 ba 7b  bb 3a 79 59 58 08 a8 f2  |_..6cX.{.:yYX...|
-00000350  f5 1e 35 f8 f5 0f 7f 19  e7 7f 5f 56 e2 50 6d 8c  |..5......._V.Pm.|
-00000360  da 45 70 60 0d 58 32 94  e7 a0 f7 da 93 16 03 03  |.Ep`.X2.........|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 9d 2f a6  b7 21 56 ad 38 a8 31 20  |.... ./..!V.8.1 |
-00000040  0b 2e dc 3f 8a 34 64 de  81 0e d3 a5 b1 c1 fc 05  |...?.4d.........|
-00000050  18 d9 3e 77 35                                    |..>w5|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 a8 82 60 8a ef  |.......... ..`..|
-00000010  31 55 42 e9 1d 33 0e d8  a9 b1 43 85 1c 04 7b 20  |1UB..3....C...{ |
-00000020  81 df 03 e9 fd c0 f7 32  b9 b3 31                 |.......2..1|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 ef 72 f7  1b 26 1a 47 99 f9 4c e7  |......r..&.G..L.|
-00000010  be 8e ab c5 8e ea 8c c6  60 6c 10 15 03 03 00 12  |........`l......|
-00000020  2c f4 39 e3 3a 74 a4 3c  72 63 77 e8 82 cf a9 e2  |,.9.:t.<rcw.....|
-00000030  2b 04                                             |+.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RSA-RC4
deleted file mode 100644
index 74282d4b..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RSA-RC4
+++ /dev/null
@@ -1,78 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 51 02 00 00  4d 03 03 ac bf 85 b8 5f  |....Q...M......_|
-00000010  56 44 a0 c5 3b 20 77 71  af de 34 bc 79 a0 a4 a7  |VD..; wq..4.y...|
-00000020  fa 2e cf b5 ee c5 a7 a2  5e 11 48 20 05 89 5e a6  |........^.H ..^.|
-00000030  cd ad 91 e4 be c3 c3 6c  6a 0e 1d ab 27 03 5e 0f  |.......lj...'.^.|
-00000040  05 9d ef b0 63 8d 2d b6  29 08 66 e3 00 05 00 00  |....c.-.).f.....|
-00000050  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000080  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000090  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-000000a0  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-000000b0  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000c0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000d0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000e0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000f0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-00000100  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-00000110  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000120  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000130  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000140  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000150  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000160  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000170  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000180  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000190  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-000001a0  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-000001b0  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001c0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001d0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001e0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001f0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-00000200  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-00000210  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000220  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000230  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000240  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000250  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000260  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000270  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000280  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000290  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-000002a0  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-000002b0  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 b9 65 8d bf a7  |............e...|
-00000010  c8 4b 79 ce 6f cb 8b 13  1c ac b9 7d 66 5e e9 ba  |.Ky.o......}f^..|
-00000020  1d 71 4e a9 e9 34 ae f6  64 65 90 3b d8 16 52 a2  |.qN..4..de.;..R.|
-00000030  6f f4 cb 8a 13 74 a2 ee  b7 27 69 b4 41 c0 90 68  |o....t...'i.A..h|
-00000040  bc 02 69 e1 c6 48 4f 39  36 30 25 ca 4c 17 ce 83  |..i..HO960%.L...|
-00000050  9e 08 56 e3 05 49 93 9e  2e c4 fb e6 c8 01 f1 0f  |..V..I..........|
-00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
-00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
-00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 24 e1 ef  77 60 cf 7a 44 79 74 59  |.....$..w`.zDytY|
-000000a0  ff 81 72 b9 b5 f5 97 af  60 59 78 f5 01 49 2d bb  |..r.....`Yx..I-.|
-000000b0  4a ec 98 1f f5 31 f4 00  a2 f3                    |J....1....|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 24 52 fd a3 51 aa  |..........$R..Q.|
-00000010  ee 9d 4d be 8c 08 32 f6  f7 4a a5 26 26 6c b2 5a  |..M...2..J.&&l.Z|
-00000020  49 7f 31 7d 44 b1 83 67  19 4a e3 07 7d 59 34     |I.1}D..g.J..}Y4|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1a 61 73 4d  86 b2 a1 36 b2 3e b0 1d  |.....asM...6.>..|
-00000010  6a b9 8a 8b 00 e0 3a d9  7e 23 c7 83 72 97 28 15  |j.....:.~#..r.(.|
-00000020  03 03 00 16 4a 8a 04 00  0a b2 75 80 20 ad 76 2a  |....J.....u. .v*|
-00000030  88 16 56 e6 4a a5 c0 ea  c7 0c                    |..V.J.....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateOnce b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateOnce
deleted file mode 100644
index 8a9ac360..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateOnce
+++ /dev/null
@@ -1,231 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 16 d2 11 2e d6  |....Y...U.......|
-00000010  62 0c 5e 5c 9b 1f d2 31  87 b3 43 3e cd 47 4f f1  |b.^\...1..C>.GO.|
-00000020  0b a9 d1 4f f1 2a 42 5d  35 e0 ce 20 f2 f3 45 4b  |...O.*B]5.. ..EK|
-00000030  98 2f 80 06 49 9a c3 4f  3f 70 0d e5 9a 2a 2e ff  |./..I..O?p...*..|
-00000040  34 1b 0e 30 2c 85 52 e1  84 8c 3c dc cc a8 00 00  |4..0,.R...<.....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 63 85 d4 43 2a d6 9f  |........ c..C*..|
-000002d0  2f 1f 0c 73 fe dc 96 1e  51 50 a5 0d 5e fd b0 5b  |/..s....QP..^..[|
-000002e0  a5 88 2a cd 1e bf c1 ec  4d 04 01 00 80 90 fc 48  |..*.....M......H|
-000002f0  53 eb 1b bc ec 39 be ae  60 4d c9 d1 49 eb 97 cf  |S....9..`M..I...|
-00000300  94 53 75 30 84 35 ff 0c  f6 ad 9f 24 98 70 2b d3  |.Su0.5.....$.p+.|
-00000310  45 0a 7f 25 ca a3 eb 37  5a a5 97 f1 78 8b b6 02  |E..%...7Z...x...|
-00000320  92 f9 12 9e 90 52 36 0e  40 15 76 de 37 02 c5 22  |.....R6.@.v.7.."|
-00000330  44 8f a4 fc f9 ac 88 88  ad 0c 9b f6 0e d6 9f f3  |D...............|
-00000340  68 cb f1 41 dd 2d c2 71  b6 43 36 12 d2 35 1c 9a  |h..A.-.q.C6..5..|
-00000350  a9 72 ea af a9 9e 77 19  16 86 be 3e ec 5f 5a 53  |.r....w....>._ZS|
-00000360  f8 38 27 7f 08 2a ae 68  e0 17 31 df 9b 16 03 03  |.8'..*.h..1.....|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 b1 f2 9a  ca 02 d3 ac 26 f5 32 03  |.... .......&.2.|
-00000040  4c b6 de cb f2 a3 11 19  eb c3 e0 e9 3b 8e 99 7d  |L...........;..}|
-00000050  c2 f3 d0 6d 4d                                    |...mM|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 c5 d4 b1 e2 0f  |.......... .....|
-00000010  37 ad d5 c1 1a 6c 7f da  5f 25 e3 bd 20 1d 6e 58  |7....l.._%.. .nX|
-00000020  27 7a 07 55 76 11 76 72  1b 28 9e                 |'z.Uv.vr.(.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 3d 89 e4  a6 38 75 31 c2 08 3d 86  |.....=...8u1..=.|
-00000010  45 ed 8d c4 49 c4 da 54  3b 8f e3                 |E...I..T;..|
->>> Flow 6 (server to client)
-00000000  16 03 03 00 14 aa 85 e4  64 46 2f 8e dc 89 3e ef  |........dF/...>.|
-00000010  6d 9e 1a af 53 3b a0 81  c2                       |m...S;...|
->>> Flow 7 (client to server)
-00000000  16 03 03 00 ad c3 12 d1  1a b2 88 da c1 0b 5a 32  |..............Z2|
-00000010  cf 05 35 53 ce 5d d8 42  cd 99 7e e7 9f 62 b8 35  |..5S.].B..~..b.5|
-00000020  9e f5 b5 a6 15 fd 82 26  9b 6a fe 3b 8e c0 43 27  |.......&.j.;..C'|
-00000030  1c 56 37 d1 6f d9 2c a6  a8 e8 b4 50 64 80 ae 5c  |.V7.o.,....Pd..\|
-00000040  ed eb a6 58 58 52 cf 32  de 1d be 80 69 63 38 a6  |...XXR.2....ic8.|
-00000050  12 4e 11 9b 50 aa 4b 10  f7 ad 6f 5b 08 c6 cc bd  |.N..P.K...o[....|
-00000060  94 42 64 90 c7 33 58 65  18 c5 a7 66 ce dd 83 8b  |.Bd..3Xe...f....|
-00000070  b0 15 8a 61 26 c7 eb 15  4b 6c 0b 15 45 33 2a 01  |...a&...Kl..E3*.|
-00000080  ea 13 5a 20 52 16 15 a0  70 8f 86 dc 28 50 bb e4  |..Z R...p...(P..|
-00000090  9d 01 f4 c9 7f 27 5a 54  3f 42 34 c9 5c 04 3f a3  |.....'ZT?B4.\.?.|
-000000a0  6a 5c a1 3f 03 7c fc 57  94 9b 3e 76 65 bf 78 40  |j\.?.|.W..>ve.x@|
-000000b0  b1 4f                                             |.O|
->>> Flow 8 (server to client)
-00000000  16 03 03 00 81 33 ef 78  c8 2d 94 4b e3 b8 ea eb  |.....3.x.-.K....|
-00000010  67 1e 6c 10 98 25 5f df  ce 46 4c 13 77 ec d1 b1  |g.l..%_..FL.w...|
-00000020  e9 e2 c9 b0 de 9c ce 40  d0 d9 6f a5 fb a6 69 1f  |.......@..o...i.|
-00000030  9f 53 68 6c ab f8 f0 10  4a c9 43 f0 ad 61 59 01  |.Shl....J.C..aY.|
-00000040  b2 90 97 9e cf 62 64 a5  46 b2 27 2f 1e b8 33 24  |.....bd.F.'/..3$|
-00000050  ed 7e 6b 5a dd 45 4d 00  61 a3 7e 22 5e bc 02 af  |.~kZ.EM.a.~"^...|
-00000060  5a a0 73 fb c5 1c 0f 11  f6 70 5f cc 9e 1c fa 3c  |Z.s......p_....<|
-00000070  13 0d 8b 03 4c 3b d5 5a  02 7b 95 64 ae cb 2f 50  |....L;.Z.{.d../P|
-00000080  e7 e1 32 13 72 96 16 03  03 02 69 f0 60 6a b8 fb  |..2.r.....i.`j..|
-00000090  50 6e f9 f2 65 d0 73 90  f7 55 0d bc 3a 66 72 32  |Pn..e.s..U..:fr2|
-000000a0  b7 32 ad 1d de 18 04 90  55 70 2d b8 c9 3f 4b 2f  |.2......Up-..?K/|
-000000b0  37 98 1c 4e c1 78 c1 ed  1f e2 bf 50 78 40 04 10  |7..N.x.....Px@..|
-000000c0  b8 55 48 29 26 b0 a4 4d  ea aa 45 65 b4 21 93 ed  |.UH)&..M..Ee.!..|
-000000d0  49 4c 1d d9 77 33 38 2e  14 92 b4 e3 06 ce fe 51  |IL..w38........Q|
-000000e0  6a 19 1c aa e9 a6 7d fa  45 86 66 1a 6e bb 01 01  |j.....}.E.f.n...|
-000000f0  82 86 89 86 81 ce 0a 93  1a b2 f1 90 71 7a 43 fa  |............qzC.|
-00000100  b1 03 24 75 a1 48 f8 ee  a0 b4 c0 18 ff 81 95 2a  |..$u.H.........*|
-00000110  aa 74 87 39 da 23 ba ab  33 6b 63 ee df 2b f1 d1  |.t.9.#..3kc..+..|
-00000120  1a 9a 4a 0d ef de 68 13  28 81 49 d5 c6 08 57 a9  |..J...h.(.I...W.|
-00000130  d7 5e 56 a4 ec 81 42 de  28 39 51 7d 3a 66 cf a7  |.^V...B.(9Q}:f..|
-00000140  f7 81 7a b2 a7 09 b3 24  a6 b0 a5 cc 96 24 30 b2  |..z....$.....$0.|
-00000150  5b 94 1b ef 70 dd 7f bc  63 2f 7b bc 80 70 9e 9f  |[...p...c/{..p..|
-00000160  01 c9 20 ab 35 53 7c 3b  d6 70 d9 1d 9a f6 e8 76  |.. .5S|;.p.....v|
-00000170  f5 46 f8 b1 10 46 a9 eb  da 7b 80 cc 74 18 f9 30  |.F...F...{..t..0|
-00000180  56 1a cb 4e 60 2a b3 9f  35 fe a9 b8 b8 76 02 a7  |V..N`*..5....v..|
-00000190  4e f9 43 c9 52 70 6a fd  9c 3e dd c4 3f 28 08 19  |N.C.Rpj..>..?(..|
-000001a0  28 ed f9 44 e3 d1 b9 53  7e b7 cd 1b e9 11 c8 9f  |(..D...S~.......|
-000001b0  35 ed ab e3 5e 26 e8 49  7a 13 5c 20 9a b7 a0 95  |5...^&.Iz.\ ....|
-000001c0  60 0f 54 68 5c a8 c9 1d  37 0b 9f f6 61 3b fe 4c  |`.Th\...7...a;.L|
-000001d0  dc 4f 11 98 0c 7a b7 32  0b 50 e2 cd a7 59 bf 05  |.O...z.2.P...Y..|
-000001e0  a2 8a 51 33 23 ab 99 49  23 97 42 3b 0f 1c 39 b1  |..Q3#..I#.B;..9.|
-000001f0  43 c4 01 aa f9 f8 54 d7  2c b4 ef 33 f3 05 13 d0  |C.....T.,..3....|
-00000200  8d 81 06 23 d3 38 cb 3a  6b 37 f0 4d 1f be ed 0c  |...#.8.:k7.M....|
-00000210  b7 58 00 3a bd 74 02 a4  f4 b4 fc fd b8 fa 89 15  |.X.:.t..........|
-00000220  01 46 49 52 47 f1 4c 94  ee de 00 a1 25 aa b4 9b  |.FIRG.L.....%...|
-00000230  f6 b4 23 a1 0d fd 00 5a  de 45 38 ee 69 17 6f c3  |..#....Z.E8.i.o.|
-00000240  0b ed c5 3b b1 7d b1 2c  a4 8f ed 30 44 9a 0b 51  |...;.}.,...0D..Q|
-00000250  34 12 cc 6a 09 e4 74 ec  11 94 4b ba ce 72 93 64  |4..j..t...K..r.d|
-00000260  07 c8 ff 78 6e 1a bd 5e  26 15 a7 e8 72 90 71 a9  |...xn..^&...r.q.|
-00000270  0a bb cf 25 40 1d 20 a7  d7 b3 46 4b 53 6c c2 50  |...%@. ...FKSl.P|
-00000280  c7 7b 58 e1 3c df 6d db  28 71 15 f9 84 b7 ad b0  |.{X.<.m.(q......|
-00000290  9f e9 7a 08 5d 85 7a dd  bc c0 62 2e 6a d0 63 6a  |..z.].z...b.j.cj|
-000002a0  e2 46 6b 80 68 cf e5 a7  9e 60 42 8a 17 54 9c ec  |.Fk.h....`B..T..|
-000002b0  80 9b 81 80 7e 6f 33 8c  d1 be 95 30 f2 a9 19 f8  |....~o3....0....|
-000002c0  36 2c 8e 89 c2 5a b4 04  2e 12 05 21 3b 4f 42 26  |6,...Z.....!;OB&|
-000002d0  d1 98 11 f4 17 c2 a3 06  54 37 31 8e ca 9b 07 62  |........T71....b|
-000002e0  79 95 b8 fd 49 aa 60 5b  03 7d 60 50 b6 2f 3b 0a  |y...I.`[.}`P./;.|
-000002f0  5d c2 9f 92 16 03 03 00  bc ba f6 73 85 34 20 c4  |]..........s.4 .|
-00000300  b3 a4 15 01 fe 37 b3 b4  57 a5 b5 26 0c 64 2b 3e  |.....7..W..&.d+>|
-00000310  07 d3 e4 59 a8 64 3f fd  15 24 24 70 61 77 9b 96  |...Y.d?..$$paw..|
-00000320  c6 4b 79 2e a8 a7 c4 ac  5e cd 6e 8f 30 e5 3f f8  |.Ky.....^.n.0.?.|
-00000330  08 22 cb de 5f 8c b8 dc  07 4b 79 ec 41 41 20 20  |.".._....Ky.AA  |
-00000340  02 f6 4e 98 a3 5e 38 e2  5a d9 4a 2d 2e 3b 29 13  |..N..^8.Z.J-.;).|
-00000350  26 dc 4e eb a5 5e a3 b6  6f 16 75 b3 9e 63 4e 8e  |&.N..^..o.u..cN.|
-00000360  00 c1 46 30 fc 25 f9 05  86 ed 00 87 f2 6b 5c 18  |..F0.%.......k\.|
-00000370  69 e5 5c 32 9e 15 d2 47  9e 0e d8 c1 7a 9d 45 7a  |i.\2...G....z.Ez|
-00000380  76 4a ef 8d b5 60 7d 4d  fa 99 8f c5 58 18 ad a2  |vJ...`}M....X...|
-00000390  93 c1 36 85 39 73 e1 7b  46 be 69 de 88 fa 68 8e  |..6.9s.{F.i...h.|
-000003a0  be d1 48 bc 7b 29 2a 21  ba 60 60 58 51 c2 03 66  |..H.{)*!.``XQ..f|
-000003b0  51 9a 4e 70 06 16 03 03  00 3a c5 ed 8d 5d b9 c0  |Q.Np.....:...]..|
-000003c0  a2 07 15 c3 ef 76 ff fb  ca f6 b6 4b ab a5 7a 80  |.....v.....K..z.|
-000003d0  a9 2e 43 d0 d2 f1 d9 96  61 ff 43 59 3d d1 82 57  |..C.....a.CY=..W|
-000003e0  68 d7 c8 3a 5f 86 4a 2e  00 8f 3d 0e 73 49 c6 4a  |h..:_.J...=.sI.J|
-000003f0  81 4e ec e2 16 03 03 00  14 d5 5f c3 d2 9c 13 36  |.N........_....6|
-00000400  cb 22 23 3d e4 03 5b b9  26 66 cf 79 7c           |."#=..[.&f.y||
->>> Flow 9 (client to server)
-00000000  16 03 03 02 69 15 0b 29  0e 27 a9 4b 52 4d 0a 77  |....i..).'.KRM.w|
-00000010  b8 3a 40 95 84 a7 7a 8d  b1 6b 90 61 94 3a e4 06  |.:@...z..k.a.:..|
-00000020  20 6f 88 40 8a 8c c2 4e  dc 3a 01 39 c2 11 5a 9b  | o.@...N.:.9..Z.|
-00000030  28 92 bc 72 04 a3 60 c3  42 c0 b8 dd f3 41 40 be  |(..r..`.B....A@.|
-00000040  6d 51 5b b8 db 75 63 3d  4f 2a cf f5 04 3d 53 be  |mQ[..uc=O*...=S.|
-00000050  47 f1 ae be 0a 97 5d 2c  df 55 5d dd 9a f6 0e 40  |G.....],.U]....@|
-00000060  59 02 91 d8 55 c9 3b e6  84 9c 8d 40 af 29 77 59  |Y...U.;....@.)wY|
-00000070  15 0c 83 dd ec c7 e2 16  85 d8 6e e7 4e c5 a5 b1  |..........n.N...|
-00000080  8b 4b 46 3e 62 7c ff 27  1b 37 b7 5c 05 32 30 fb  |.KF>b|.'.7.\.20.|
-00000090  c1 cc 1d 13 1f 09 db 57  6a 70 2b 9f a7 25 9b 75  |.......Wjp+..%.u|
-000000a0  d3 62 20 45 d1 2f 28 c0  d7 84 d6 2e b3 6d 4a c3  |.b E./(......mJ.|
-000000b0  46 0d 92 32 87 65 dd b8  98 68 1a 52 0a df be b3  |F..2.e...h.R....|
-000000c0  09 bc 63 bb a3 da f7 52  5a 81 53 9a e0 ff bb 06  |..c....RZ.S.....|
-000000d0  7f 81 f8 ea 02 bb 3b 96  7b 0f 84 a5 4d 17 3a 2a  |......;.{...M.:*|
-000000e0  20 e9 21 70 b2 ab 8a 55  31 4b 1b 60 52 7f a8 39  | .!p...U1K.`R..9|
-000000f0  5a 0f 0b 00 4e eb 01 0c  a6 d8 f0 30 2b a3 6f 7b  |Z...N......0+.o{|
-00000100  99 82 90 9e 4c c8 03 1c  0e 85 55 bc 2d 42 28 66  |....L.....U.-B(f|
-00000110  35 c3 1e 08 70 d0 45 05  5b 2e 00 fc 9a f1 44 0e  |5...p.E.[.....D.|
-00000120  cb 91 ce b8 0f 2a 9f 5a  18 a8 ca 38 ff 2a ab 11  |.....*.Z...8.*..|
-00000130  57 a5 03 2f 3e 92 21 77  df dc 85 e7 fd d4 7e d0  |W../>.!w......~.|
-00000140  d9 6e ef 99 66 5d a8 f5  9a d3 c3 0f 0c 98 cd fe  |.n..f]..........|
-00000150  5a 46 79 77 c9 28 fb 5e  3e c0 d5 b3 db 98 79 9d  |ZFyw.(.^>.....y.|
-00000160  d4 20 a5 ad 25 d8 3b 39  35 60 fd 21 e0 eb 86 be  |. ..%.;95`.!....|
-00000170  8f 65 72 a2 d3 91 4c 25  70 31 b1 02 29 17 da e0  |.er...L%p1..)...|
-00000180  9f 7d 4e 5f 1a 7b 93 09  4c 84 5b 40 f8 3c 98 36  |.}N_.{..L.[@.<.6|
-00000190  9b 14 43 db 43 11 0a e2  9a 8b 73 96 a3 7b 4d 67  |..C.C.....s..{Mg|
-000001a0  d7 35 a6 85 40 6d 45 0e  9d 47 43 96 b8 64 d4 d7  |.5..@mE..GC..d..|
-000001b0  d1 28 c8 32 7e ab d5 11  ad b4 a7 9c c9 ab c5 96  |.(.2~...........|
-000001c0  72 69 1a db 42 06 8e 03  d0 70 f9 7a 75 56 53 49  |ri..B....p.zuVSI|
-000001d0  29 e1 60 16 86 99 da 9e  d6 c3 95 94 e3 e4 6c 9c  |).`...........l.|
-000001e0  4f d0 5d e7 a6 23 e1 49  a5 b8 3d 41 a4 e0 8c a2  |O.]..#.I..=A....|
-000001f0  f8 35 40 4d 12 f1 0b 70  06 f5 b5 29 f8 5d 74 73  |.5@M...p...).]ts|
-00000200  32 35 11 7f 50 a3 22 5b  d6 db a5 a8 9f ca db 47  |25..P."[.......G|
-00000210  b9 a8 c7 fc 16 40 ae 94  6e 6c 40 30 7a d6 9c 89  |.....@..nl@0z...|
-00000220  d7 e9 1b 6b 26 72 1f d7  c9 bc ce 6f 84 03 3d 65  |...k&r.....o..=e|
-00000230  34 f9 7b 32 54 e4 b4 72  8c e1 31 9e e5 13 50 2f  |4.{2T..r..1...P/|
-00000240  ea 16 27 15 cb ec 0f 1b  21 aa dd cb 25 74 b9 4d  |..'.....!...%t.M|
-00000250  36 c0 0d fe a4 99 2f 86  50 52 d0 83 e2 3f fa e7  |6...../.PR...?..|
-00000260  2d 24 b6 7a ca 7f 69 3e  7d 0b 61 df 29 3b 16 03  |-$.z..i>}.a.);..|
-00000270  03 00 35 8e 89 3d 7b 39  aa d2 21 01 6a 3d fe 4f  |..5..={9..!.j=.O|
-00000280  e2 d9 e6 6d 5d 1e d3 a5  1d 3f f8 8e fb 97 3d 06  |...m]....?....=.|
-00000290  9b 68 67 45 15 3b a1 e8  e8 39 77 1a 41 77 2b c5  |.hgE.;...9w.Aw+.|
-000002a0  8c fe bd 28 7a 85 eb 7a  16 03 03 00 98 f0 ed 3c  |...(z..z.......<|
-000002b0  37 3f 34 3b 35 e4 15 a8  f3 b4 b6 76 49 65 e8 26  |7?4;5......vIe.&|
-000002c0  93 4b cc b1 31 7a 4c e7  7d 80 63 60 65 9a ff 11  |.K..1zL.}.c`e...|
-000002d0  a8 c5 c4 4e c2 7a ca 95  cb 08 21 77 42 ce 70 1e  |...N.z....!wB.p.|
-000002e0  bf d9 b5 6d de dc 03 67  2e 11 b5 47 c1 c0 74 6b  |...m...g...G..tk|
-000002f0  b4 9d c4 de 8c d4 80 e4  99 92 31 68 09 85 00 34  |..........1h...4|
-00000300  43 cc 06 09 bc a8 6e 83  a0 fa df 6e a0 04 e9 37  |C.....n....n...7|
-00000310  b3 05 69 b9 f1 85 7f 48  27 73 d0 64 2c 33 48 1f  |..i....H's.d,3H.|
-00000320  f9 7c 0a 21 1f cb 0f 4c  c2 28 b0 3b 8c 9b 23 21  |.|.!...L.(.;..#!|
-00000330  f4 8c 69 b2 1d 55 35 20  b9 92 09 36 01 aa e1 e3  |..i..U5 ...6....|
-00000340  ee b7 3d 83 7b 14 03 03  00 11 40 bb bb 2e 3d 48  |..=.{.....@...=H|
-00000350  9f fa c6 0c d8 4f 45 cb  11 b3 a5 16 03 03 00 20  |.....OE........ |
-00000360  39 b7 46 30 00 68 12 c5  f5 d7 a0 85 7f ce 49 70  |9.F0.h........Ip|
-00000370  05 83 64 26 7a 0c 43 fb  a9 4d bb 61 3a c3 8a 91  |..d&z.C..M.a:...|
->>> Flow 10 (server to client)
-00000000  14 03 03 00 11 d1 d7 7e  3c 5f 01 cb f8 eb af d5  |.......~<_......|
-00000010  ba 09 32 68 4b cf 16 03  03 00 20 02 f1 23 45 32  |..2hK..... ..#E2|
-00000020  60 9b 49 db 2f 3a cb 5c  e4 f3 64 b1 cb ca 09 b0  |`.I./:.\..d.....|
-00000030  b3 34 a3 75 7d a5 a0 80  44 fd b7 17 03 03 00 19  |.4.u}...D.......|
-00000040  d7 c3 c4 33 e6 f2 73 d2  2c 0b 7e 0e 40 d3 8b f6  |...3..s.,.~.@...|
-00000050  47 57 13 88 be 4b 12 43  57                       |GW...K.CW|
->>> Flow 11 (client to server)
-00000000  15 03 03 00 12 3a 90 85  e8 ce 53 d1 2a 3b d6 9a  |.....:....S.*;..|
-00000010  f3 61 c1 72 81 c0 03                              |.a.r...|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateTwice b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateTwice
deleted file mode 100644
index c2f4e4ac..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateTwice
+++ /dev/null
@@ -1,376 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 30 5b 03 80 cf  |....Y...U..0[...|
-00000010  ad 5e 69 9b da 4a de 2f  07 f3 6c 42 d7 50 99 10  |.^i..J./..lB.P..|
-00000020  80 15 dc dd d2 ef 3d 20  b9 eb bd 20 51 63 fd 9d  |......= ... Qc..|
-00000030  3d b7 3e ea 4e 18 45 90  40 50 f2 f3 2b b8 00 42  |=.>.N.E.@P..+..B|
-00000040  bf 77 ae d1 ff 29 2d ca  d8 c2 4e c7 cc a8 00 00  |.w...)-...N.....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 6b cd 37 6d a7 76 7a  |........ k.7m.vz|
-000002d0  04 0e 8c 93 db b0 62 67  14 65 26 5e 91 b3 8d 66  |......bg.e&^...f|
-000002e0  20 40 31 c1 84 3c ef d8  67 04 01 00 80 ce 3a f2  | @1..<..g.....:.|
-000002f0  16 01 b2 8a cd d6 1c b3  c4 46 a5 e8 1f 17 85 d9  |.........F......|
-00000300  5b 97 fb dd 43 65 52 82  e3 49 99 e8 49 d9 09 13  |[...CeR..I..I...|
-00000310  05 73 19 d0 d9 66 54 03  de 4b fa 43 2d f1 f8 98  |.s...fT..K.C-...|
-00000320  79 21 3b fa a9 ea 29 78  fa 87 59 8e 9b 2f f2 99  |y!;...)x..Y../..|
-00000330  14 85 21 9c 7e 59 5b 4b  2f e3 33 c4 7c 2c ac 35  |..!.~Y[K/.3.|,.5|
-00000340  4f 68 c8 a3 0b f5 43 7e  72 9a e6 4f 9c 10 4d 4a  |Oh....C~r..O..MJ|
-00000350  d4 b5 84 62 61 4e f4 0f  3f a5 b5 23 89 d9 33 e2  |...baN..?..#..3.|
-00000360  06 22 02 c5 fe db 27 fb  40 87 8c e7 6e 16 03 03  |."....'.@...n...|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 5a b9 f7  81 81 7f 65 84 c9 87 40  |.... Z.....e...@|
-00000040  a4 66 07 85 38 3b 85 8d  ff c4 7e b7 f6 16 1d c1  |.f..8;....~.....|
-00000050  36 4f 53 1a bb                                    |6OS..|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 ff b2 f4 3b af  |.......... ...;.|
-00000010  ba 44 66 0b f9 31 09 18  df 9d d0 04 82 38 11 dd  |.Df..1.......8..|
-00000020  a7 ee 83 ef 03 51 21 08  f9 c4 8a                 |.....Q!....|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 b6 45 4e  35 df 21 f4 c7 24 ba e6  |......EN5.!..$..|
-00000010  18 65 1c 75 ba 72 5d 5b  4a fd 78                 |.e.u.r][J.x|
->>> Flow 6 (server to client)
-00000000  16 03 03 00 14 1a ec 37  ab 36 23 80 76 1c 0b d0  |.......7.6#.v...|
-00000010  54 9a 8f 7e 7a c0 bd 09  9a                       |T..~z....|
->>> Flow 7 (client to server)
-00000000  16 03 03 00 ad 7a d4 bf  4d bf 48 0a 0f 2c d1 38  |.....z..M.H..,.8|
-00000010  9f 20 f7 c7 36 27 82 d9  5e f4 21 44 0e 75 46 ca  |. ..6'..^.!D.uF.|
-00000020  67 f8 87 6c 4f 1e c7 1e  5f 8d f2 88 58 1b 92 12  |g..lO..._...X...|
-00000030  e0 f6 d5 5c d7 4b 21 b9  8c 93 a8 bc a4 e6 e5 cb  |...\.K!.........|
-00000040  d0 33 eb d5 10 ad 53 50  58 e0 94 f0 b8 52 20 8c  |.3....SPX....R .|
-00000050  c2 69 7a c3 43 73 3f 2e  4a 42 2c c1 8d c1 ff 1e  |.iz.Cs?.JB,.....|
-00000060  57 ba 7d 99 9c a2 10 99  19 d6 72 38 96 ba 2b ff  |W.}.......r8..+.|
-00000070  7b a8 42 c0 c0 c4 d4 50  20 39 39 b8 18 23 a1 d3  |{.B....P 99..#..|
-00000080  38 d3 9d 41 81 c2 4b ba  4c 28 c0 14 22 71 df d9  |8..A..K.L(.."q..|
-00000090  e1 57 fc 9c 4f 0e 28 9a  13 c6 a1 e2 de f0 81 3b  |.W..O.(........;|
-000000a0  5f c1 7b 61 f5 fc 74 93  f1 06 7d 9b 67 56 45 a4  |_.{a..t...}.gVE.|
-000000b0  f8 83                                             |..|
->>> Flow 8 (server to client)
-00000000  16 03 03 00 81 ec 0e 7c  60 5b ed 0f 29 e6 cd 3a  |.......|`[..)..:|
-00000010  ca ff f7 68 3e 22 30 cf  43 b2 29 71 ca 3a 06 db  |...h>"0.C.)q.:..|
-00000020  e0 df bc 87 51 62 df 37  37 7a 9d b4 2d 35 ab bb  |....Qb.77z..-5..|
-00000030  d2 ed d1 50 e7 61 a4 27  18 43 23 74 4b 1d 14 46  |...P.a.'.C#tK..F|
-00000040  80 5c 10 99 10 47 b2 51  92 11 1f aa f1 5a c3 cf  |.\...G.Q.....Z..|
-00000050  f5 30 69 96 26 f6 0e 7c  e9 e1 7c 4b d5 2f 46 1c  |.0i.&..|..|K./F.|
-00000060  7d 18 a5 20 f1 ff 40 9e  c7 d5 d4 54 33 c4 99 9c  |}.. ..@....T3...|
-00000070  26 95 d9 ca 82 fc e7 27  37 fc 33 9f f8 c7 cb 0a  |&......'7.3.....|
-00000080  9d 4e bc 66 ca fc 16 03  03 02 69 ab be 55 39 99  |.N.f......i..U9.|
-00000090  ac 66 a6 86 03 51 70 d8  fa 7d e7 89 09 fc eb b5  |.f...Qp..}......|
-000000a0  25 f6 95 0c 40 3d b8 ea  b6 78 41 db a4 f3 92 83  |%...@=...xA.....|
-000000b0  00 c8 8d 1f 19 0c ec ec  e5 60 07 d9 31 2d 3b 91  |.........`..1-;.|
-000000c0  ba ad b3 c1 fb b5 57 52  73 37 43 89 22 e0 45 7c  |......WRs7C.".E||
-000000d0  b0 da 1f 69 76 d3 af fc  ba f0 98 ec d2 7f be f0  |...iv...........|
-000000e0  a4 76 f0 d9 30 1b 78 22  bb 43 fd 45 64 07 e4 64  |.v..0.x".C.Ed..d|
-000000f0  c5 74 2f ed ba 23 8d 3a  5a ff 7f 35 de 25 53 0d  |.t/..#.:Z..5.%S.|
-00000100  ac ae 5b da b1 7d 86 fe  da c8 9e 79 58 6c 4c 9c  |..[..}.....yXlL.|
-00000110  6d f9 e9 1d 31 ff aa fb  8e 2e 98 f4 3a 67 33 9b  |m...1.......:g3.|
-00000120  a3 63 5e fc 74 f5 c5 28  76 30 e6 22 8a 85 79 56  |.c^.t..(v0."..yV|
-00000130  4e cf 94 38 92 61 09 22  00 95 d4 16 b4 e0 80 05  |N..8.a."........|
-00000140  28 35 30 6f 56 7d f8 b9  ed 49 72 b0 9f 47 9f 07  |(50oV}...Ir..G..|
-00000150  7f 1d b9 3b 6d ce c9 09  72 2f 65 b0 88 b4 ec 24  |...;m...r/e....$|
-00000160  29 8d 57 93 a7 51 85 32  26 4c 31 21 24 b1 ab 97  |).W..Q.2&L1!$...|
-00000170  c6 3c 38 44 d4 8f d0 3b  ea 62 39 48 90 ca c4 5c  |.<8D...;.b9H...\|
-00000180  9c 72 08 a4 3f d0 1e 3e  9f 23 02 0e 94 b4 14 cc  |.r..?..>.#......|
-00000190  96 bc 23 22 2f af c5 ed  81 da 49 ca 26 f4 55 6a  |..#"/.....I.&.Uj|
-000001a0  b3 24 3f 13 a5 f7 d6 82  70 04 37 63 dc 92 63 0f  |.$?.....p.7c..c.|
-000001b0  3d f7 4e 42 7c 5a 42 df  53 17 48 25 cb da 31 e1  |=.NB|ZB.S.H%..1.|
-000001c0  67 a7 22 8c ca db 2d 33  49 86 62 b5 ba 38 53 4c  |g."...-3I.b..8SL|
-000001d0  12 f3 c3 f6 b6 01 53 b1  11 43 e1 e8 ba 3f 68 7a  |......S..C...?hz|
-000001e0  9c 10 09 82 d1 90 cd 9e  52 2e 29 15 0b 13 c3 e3  |........R.).....|
-000001f0  34 ef 76 8a 0d f9 f6 17  76 57 c2 55 cb 7d 45 e0  |4.v.....vW.U.}E.|
-00000200  d5 e6 53 93 75 57 c2 ab  26 5a 13 02 05 7a 60 2b  |..S.uW..&Z...z`+|
-00000210  b6 92 1a 88 0c 34 59 81  40 42 70 d5 4e 7b d3 14  |.....4Y.@Bp.N{..|
-00000220  3c e6 70 81 90 ff 53 79  c5 f3 7c d9 02 6f 35 6b  |<.p...Sy..|..o5k|
-00000230  d4 81 ff 32 a2 71 28 a0  4b 22 75 9f 3b 50 c8 03  |...2.q(.K"u.;P..|
-00000240  22 e7 4f 1f c5 c5 99 67  f3 2c 97 5e 43 89 84 39  |".O....g.,.^C..9|
-00000250  04 c9 4c 1e e0 da 39 8f  78 8f 95 3a 64 74 d3 63  |..L...9.x..:dt.c|
-00000260  13 d4 14 9d 98 6c bb 27  81 1e 12 88 8c d4 11 1c  |.....l.'........|
-00000270  4a 71 2f 10 dc 5b 9a 8e  70 e6 bf 0b a2 50 4c d1  |Jq/..[..p....PL.|
-00000280  c4 29 b7 85 9e 0f 86 33  7c 38 e4 ae d4 53 5e 81  |.).....3|8...S^.|
-00000290  95 cf 6c 1a 15 7d af 20  53 21 f4 84 5c 46 5f 10  |..l..}. S!..\F_.|
-000002a0  1f 68 7d 9a 20 0d a8 1f  90 2f ae b8 c0 57 e0 4b  |.h}. ..../...W.K|
-000002b0  ad ec 9d ae 51 52 78 5d  3f bb de 54 54 d4 18 ff  |....QRx]?..TT...|
-000002c0  e6 b4 c9 52 f8 66 63 e3  bf 7a f3 5e c6 3f d9 27  |...R.fc..z.^.?.'|
-000002d0  71 07 e7 69 6d cb 60 24  55 4e f9 34 e7 5f a3 37  |q..im.`$UN.4._.7|
-000002e0  76 90 ec b5 eb ff 49 38  15 71 23 fd 77 30 80 c8  |v.....I8.q#.w0..|
-000002f0  ca 0e 38 3c 16 03 03 00  bc 89 27 c8 13 dd 05 8b  |..8<......'.....|
-00000300  46 97 5f 19 76 db 29 8d  b1 24 52 fe 7a 2e 2c 4d  |F._.v.)..$R.z.,M|
-00000310  e2 f9 59 89 48 82 f5 d7  87 af 99 4b 98 c5 7c 1d  |..Y.H......K..|.|
-00000320  1a e1 4d fd 0c 37 d0 d3  d8 e2 f8 0f 04 d5 15 21  |..M..7.........!|
-00000330  60 09 47 0c d6 bf 09 bf  55 c1 ae 33 11 35 94 29  |`.G.....U..3.5.)|
-00000340  80 96 3a 53 ae a8 29 c4  84 37 e2 80 f9 da 79 18  |..:S..)..7....y.|
-00000350  77 50 26 32 bf f6 b2 6d  3a 73 25 e7 cd 34 6d ea  |wP&2...m:s%..4m.|
-00000360  a0 92 40 7e f8 eb d0 82  06 b3 a1 f5 1c 8e b2 ef  |..@~............|
-00000370  b2 4f 0c bb 04 1b c7 cf  bc dd 42 19 00 3e 45 93  |.O........B..>E.|
-00000380  e6 72 57 ed eb d9 1d b3  71 b7 fe 84 03 57 e4 9c  |.rW.....q....W..|
-00000390  71 78 35 39 63 b1 cf 36  b9 5a d6 95 13 ee 4d 2f  |qx59c..6.Z....M/|
-000003a0  22 ef ed 2e fc 69 7c 12  c2 0e 32 ed 05 17 42 5c  |"....i|...2...B\|
-000003b0  a7 62 ab 6b 46 16 03 03  00 3a b9 af 3d 25 e4 6a  |.b.kF....:..=%.j|
-000003c0  a9 b5 b4 00 79 21 aa 3c  f3 56 50 bd 32 a4 a8 ab  |....y!.<.VP.2...|
-000003d0  8a 60 77 5d b7 3e 89 d3  60 a2 b8 5c a8 99 27 bb  |.`w].>..`..\..'.|
-000003e0  0e dd 93 af 3e 2b 66 8e  56 19 03 29 44 6a 63 a1  |....>+f.V..)Djc.|
-000003f0  c7 17 f3 1e 16 03 03 00  14 1c bd e4 7b c3 88 d9  |............{...|
-00000400  be ba c3 c3 fb b7 07 9d  f1 58 3e b0 61           |.........X>.a|
->>> Flow 9 (client to server)
-00000000  16 03 03 02 69 d3 b2 83  ca 08 61 36 6f fa 66 de  |....i.....a6o.f.|
-00000010  5c 42 5f 35 17 f4 4c b3  5e 17 94 07 c5 2a 89 90  |\B_5..L.^....*..|
-00000020  b8 31 50 af 55 91 b1 28  bc 00 00 da 57 85 cc d5  |.1P.U..(....W...|
-00000030  a5 a7 ec ba 52 d5 1f ab  b5 4f a3 53 9c af 59 20  |....R....O.S..Y |
-00000040  be 13 f6 c5 70 b0 cc f7  59 69 d1 db 80 7f 60 29  |....p...Yi....`)|
-00000050  e1 e8 7a 1e 97 a6 e1 a2  11 70 4f b4 7b 53 7c 9a  |..z......pO.{S|.|
-00000060  dd fa 58 5d 12 a4 fb 3e  46 dd d3 4d ac e3 b6 73  |..X]...>F..M...s|
-00000070  05 42 03 f3 37 79 a0 10  34 ef 01 6f c6 27 52 4b  |.B..7y..4..o.'RK|
-00000080  75 4c b2 86 1b d6 ca 13  b4 31 41 db 93 2f a3 35  |uL.......1A../.5|
-00000090  e1 e9 bc 65 85 c8 1a e2  7b 6e 36 49 e8 ed 04 a9  |...e....{n6I....|
-000000a0  cb a9 70 32 c0 4d e5 f5  94 d8 af 7d 41 b6 dc e5  |..p2.M.....}A...|
-000000b0  fc ff db 9f 91 50 df c6  b2 4a 0c bb 86 4e 50 a5  |.....P...J...NP.|
-000000c0  2a 3b 69 e2 3d fa 10 eb  cc 48 21 9d 98 78 02 0b  |*;i.=....H!..x..|
-000000d0  e7 4d 83 63 9e e5 ad 2c  7b 46 d1 09 28 35 07 6c  |.M.c...,{F..(5.l|
-000000e0  12 c9 ae f0 4c 7c 00 aa  54 ba 7b e8 42 be e0 18  |....L|..T.{.B...|
-000000f0  f4 df a0 9d eb 8f a2 3a  d0 00 b6 e0 eb 90 65 38  |.......:......e8|
-00000100  b2 cc 21 87 57 b7 50 07  41 e2 5a 9b c8 2b ae 64  |..!.W.P.A.Z..+.d|
-00000110  55 6a d7 b5 0d 5d f0 ac  da 0b f0 80 75 8d 6a 0a  |Uj...]......u.j.|
-00000120  5b c5 2a 20 f2 ab 75 76  a3 33 f1 43 24 06 45 75  |[.* ..uv.3.C$.Eu|
-00000130  63 58 60 57 ca 7f d2 8f  e8 a5 b8 e3 72 37 39 bd  |cX`W........r79.|
-00000140  9c dd 10 b0 f8 b5 e8 46  4a 39 ac 94 69 08 51 29  |.......FJ9..i.Q)|
-00000150  27 2d 28 0f 15 8a 91 00  3b cc 99 77 ea 82 0d e1  |'-(.....;..w....|
-00000160  66 ed 34 da 6e 88 47 e5  f4 1b 28 28 cd 38 9f e5  |f.4.n.G...((.8..|
-00000170  1c 26 67 3d 83 d0 b1 88  a3 08 9c 2e 08 a5 b7 af  |.&g=............|
-00000180  15 28 d5 1e aa c9 58 17  48 85 f7 13 17 6f 55 c3  |.(....X.H....oU.|
-00000190  dc 9d 2e 7e 67 45 7a cb  80 a7 e5 77 86 96 36 4d  |...~gEz....w..6M|
-000001a0  f7 df 27 7d f4 5d 53 9b  be e6 b2 b9 44 b9 86 e9  |..'}.]S.....D...|
-000001b0  8f 33 26 4e 20 97 e4 34  66 58 6d d5 28 be e8 84  |.3&N ..4fXm.(...|
-000001c0  de 2f 19 f2 46 52 80 84  e9 ef 0e 6c 55 5c 43 8c  |./..FR.....lU\C.|
-000001d0  51 19 8b 22 30 b7 b3 eb  9f ed 35 a1 fe 09 aa 6a  |Q.."0.....5....j|
-000001e0  f8 b6 37 7e 20 4c e5 76  ae 10 4c dd 67 7c 07 e2  |..7~ L.v..L.g|..|
-000001f0  0c dc 78 77 a1 8e c1 d1  aa fa d3 36 8b 9c 74 ed  |..xw.......6..t.|
-00000200  e2 fe 84 98 40 95 f2 1a  a6 fd 77 cf 47 d3 c3 d6  |....@.....w.G...|
-00000210  bc 38 45 a9 94 63 13 52  2d 7b 3f 3d 06 1e 0a 31  |.8E..c.R-{?=...1|
-00000220  cb 98 1d 18 fa a7 86 21  65 c7 58 dd 78 13 2d 4d  |.......!e.X.x.-M|
-00000230  76 57 9d 65 15 a3 2d be  7f c9 58 78 b7 89 3c d6  |vW.e..-...Xx..<.|
-00000240  dc 7e 5b c5 1b 93 78 04  7b ca ef 61 77 6c 27 6b  |.~[...x.{..awl'k|
-00000250  a5 30 67 43 64 a7 30 f0  dd 5c 63 92 76 9a e3 a2  |.0gCd.0..\c.v...|
-00000260  31 12 49 8e c4 7e 80 ce  1e ce 94 66 2f 6f 16 03  |1.I..~.....f/o..|
-00000270  03 00 35 39 86 a0 5a 88  07 66 5f 43 59 ed fb b5  |..59..Z..f_CY...|
-00000280  0c 0b ee ff 76 62 28 ea  62 7e 53 72 3d d9 26 9f  |....vb(.b~Sr=.&.|
-00000290  06 64 99 83 a5 3c 59 45  84 4d 79 86 1d b4 21 14  |.d...<YE.My...!.|
-000002a0  29 df f1 99 aa 6a 64 91  16 03 03 00 98 22 32 c2  |)....jd......"2.|
-000002b0  63 2c 82 b9 47 02 65 97  6b 14 fc 35 b8 20 ce 3c  |c,..G.e.k..5. .<|
-000002c0  1b 16 fd 51 55 e8 31 b5  58 e6 64 a8 2b b0 f2 ab  |...QU.1.X.d.+...|
-000002d0  31 7a cd 3e 32 43 64 eb  08 b0 52 d4 81 56 e3 04  |1z.>2Cd...R..V..|
-000002e0  4e d2 1a b8 f6 ae 64 d2  c0 05 9b 18 84 71 a7 ad  |N.....d......q..|
-000002f0  ea 49 f6 b5 ae 91 ad 66  6f cb fa 56 de 1e 40 22  |.I.....fo..V..@"|
-00000300  7f d3 44 c4 a7 bf b1 7b  61 e3 09 1f fe 3b 4b 7b  |..D....{a....;K{|
-00000310  5a 3f ae 4e c4 5c a8 ac  a4 c2 fc 0e 1f 12 4f 9b  |Z?.N.\........O.|
-00000320  f9 e0 a2 89 ab a0 bb e8  f9 97 5a 7c 8d e8 58 87  |..........Z|..X.|
-00000330  3f 4c 1c f3 ff 6e b9 a0  e6 f7 e4 c2 43 cc af 9e  |?L...n......C...|
-00000340  06 3a 1c ee ef 14 03 03  00 11 8b 6d c3 12 83 c4  |.:.........m....|
-00000350  2f e7 67 81 db 18 9a 33  e6 fa 82 16 03 03 00 20  |/.g....3....... |
-00000360  ef c9 6f 3f b7 9d 9d 2d  a0 05 b6 fd 74 8e ff de  |..o?...-....t...|
-00000370  cc 4b ca 4c 5b 4d 61 30  76 b5 f3 7a d1 46 d6 6a  |.K.L[Ma0v..z.F.j|
->>> Flow 10 (server to client)
-00000000  14 03 03 00 11 2e d9 0e  1b 6b 4b 9a 60 96 e9 38  |.........kK.`..8|
-00000010  35 a3 72 3d c4 5b 16 03  03 00 20 62 1f 2b 02 e8  |5.r=.[.... b.+..|
-00000020  22 0a 89 a2 f6 60 8a da  f2 09 52 5a 92 12 a8 f6  |"....`....RZ....|
-00000030  c3 ee 25 17 6b 91 25 3e  2b 75 ba 17 03 03 00 19  |..%.k.%>+u......|
-00000040  b9 4e 6b c3 74 30 39 f9  3f a2 aa af 80 49 6b 8a  |.Nk.t09.?....Ik.|
-00000050  f2 a1 9b f5 c7 34 f7 1b  2f 16 03 03 00 14 2d 25  |.....4../.....-%|
-00000060  74 c2 c7 80 a8 5f 65 ff  65 b0 c2 50 c8 bc fe 8c  |t...._e.e..P....|
-00000070  d4 9e                                             |..|
->>> Flow 11 (client to server)
-00000000  16 03 03 00 ad d0 25 9a  38 60 d3 94 8e b8 23 45  |......%.8`....#E|
-00000010  44 67 95 20 79 1a 27 5f  cf bb dc 72 8c 95 2a 02  |Dg. y.'_...r..*.|
-00000020  1d d9 80 c6 61 12 c2 5c  ae d5 62 a9 aa b0 4a d0  |....a..\..b...J.|
-00000030  13 ad 6d ae df c9 63 e2  6b 27 bb ca 88 c3 dc 8b  |..m...c.k'......|
-00000040  e9 bc 0b fb 32 d6 0f 99  b6 d1 03 7e c9 8d 72 ee  |....2......~..r.|
-00000050  09 7b 82 f1 79 11 a7 23  43 8b 77 b8 a9 bd 9e 67  |.{..y..#C.w....g|
-00000060  43 03 79 88 34 ab c2 6b  d1 2a cf c7 c9 b6 14 ee  |C.y.4..k.*......|
-00000070  ee 32 01 10 fb 85 dc 5a  04 cf 9a ea 8d 8c fc f8  |.2.....Z........|
-00000080  b3 b2 49 c0 93 37 93 09  24 1c 26 97 43 5f dd 09  |..I..7..$.&.C_..|
-00000090  7a 0d c0 6c bd 17 df 78  37 3d 23 6b 9d 27 d2 f7  |z..l...x7=#k.'..|
-000000a0  1c 2e 82 5c ba 95 1c 0f  b3 40 af 9f 2f 5e 42 40  |...\.....@../^B@|
-000000b0  cc b9                                             |..|
->>> Flow 12 (server to client)
-00000000  16 03 03 00 81 39 20 22  4a e1 4e 21 2e 78 35 50  |.....9 "J.N!.x5P|
-00000010  8a d4 c4 c6 a9 20 74 8e  10 4b fd 31 4c ba c4 7f  |..... t..K.1L...|
-00000020  14 91 ab 4b 7a b2 7a 86  56 cc 61 ed 12 63 4a d5  |...Kz.z.V.a..cJ.|
-00000030  b5 c9 48 6e ae 10 71 fc  30 f5 e5 36 8b e2 7d 9d  |..Hn..q.0..6..}.|
-00000040  93 e2 34 cd 8e a0 72 c4  19 9b 62 eb 9b c4 5e c3  |..4...r...b...^.|
-00000050  df 22 d4 16 4d 88 b1 d5  e5 74 ac 9d 38 40 7d 1f  |."..M....t..8@}.|
-00000060  40 bd 86 e5 fc 19 88 bb  67 cf 3f 22 0f 39 1f 8f  |@.......g.?".9..|
-00000070  40 5c ee 29 48 00 c1 bf  6a f1 85 51 03 c0 e8 7a  |@\.)H...j..Q...z|
-00000080  2e f4 2a f9 b6 fb 16 03  03 02 69 59 b1 5a b9 98  |..*.......iY.Z..|
-00000090  86 77 af 76 a7 4c 69 0d  83 79 3c 9a b9 3c dd 49  |.w.v.Li..y<..<.I|
-000000a0  f2 0f ef d2 38 ac 31 b0  9b 5d 57 ed a7 ca f9 79  |....8.1..]W....y|
-000000b0  7c ef 58 f7 ca 7e 0c 60  1c 53 09 c5 06 dd b8 31  ||.X..~.`.S.....1|
-000000c0  09 88 af 50 9f c2 2a 2c  24 89 9e 57 ae c8 e6 49  |...P..*,$..W...I|
-000000d0  f4 6f 46 e9 dd 38 f1 52  e9 06 50 38 69 b3 e1 69  |.oF..8.R..P8i..i|
-000000e0  f5 33 28 54 39 43 05 b9  04 04 c2 d9 3d 34 da 48  |.3(T9C......=4.H|
-000000f0  99 7e 8a b2 59 d1 d3 20  da 34 c8 ab 91 f7 66 69  |.~..Y.. .4....fi|
-00000100  3a 4f fc 6d ee e6 ef f5  c0 b0 08 bf 59 c0 f8 e5  |:O.m........Y...|
-00000110  dc c6 dc c6 49 a7 d5 3c  22 0f e3 9f 39 0b 2a 09  |....I..<"...9.*.|
-00000120  7a 56 f8 90 33 05 06 09  21 6f 6a 53 0d 89 63 2a  |zV..3...!ojS..c*|
-00000130  76 28 19 33 73 e5 a0 2a  fa d2 82 bf 4c 43 84 f9  |v(.3s..*....LC..|
-00000140  e1 bb 7f 31 62 04 c5 26  ed 16 40 f5 6a 04 e0 c5  |...1b..&..@.j...|
-00000150  4e fe bd e3 4c 57 e2 61  41 2f 9a 95 7f 8a e1 34  |N...LW.aA/.....4|
-00000160  64 f4 fc ce 13 e5 0c 68  c1 e5 29 df e7 b1 56 0b  |d......h..)...V.|
-00000170  42 6b fc d6 5d 63 0b 3c  0c ca ce 38 11 50 f2 64  |Bk..]c.<...8.P.d|
-00000180  1a 6e 16 da 3e 69 cf 82  ba a0 03 0f 9d 72 ed 10  |.n..>i.......r..|
-00000190  78 b2 54 c0 be 9c 16 fa  15 4b 88 db dd 85 dd 08  |x.T......K......|
-000001a0  bd f4 50 a0 50 01 77 7a  cf 20 c1 3e 50 55 5f bd  |..P.P.wz. .>PU_.|
-000001b0  4a ba b4 d5 6d 51 38 b2  6d 4f fc b5 af b9 92 ff  |J...mQ8.mO......|
-000001c0  c4 44 f1 0e db 4d 71 09  15 b3 c3 37 47 57 03 35  |.D...Mq....7GW.5|
-000001d0  95 de da 33 31 8c 60 bc  8a 97 2d f8 27 9b 4e dc  |...31.`...-.'.N.|
-000001e0  2a 6d aa 3e 4d eb 8f 97  b8 fa d4 ef f6 27 d9 da  |*m.>M........'..|
-000001f0  a6 fe 38 91 4b 96 ff 75  4b 71 52 9f 37 e4 d9 85  |..8.K..uKqR.7...|
-00000200  a8 d8 ac 21 e9 b2 c0 4f  c0 c0 e3 3a 9f ab e0 93  |...!...O...:....|
-00000210  dc 03 18 30 92 55 33 67  58 f3 47 f3 0a 95 bc 33  |...0.U3gX.G....3|
-00000220  70 73 e1 5b 9d 63 cf f7  c7 9b da 9e 5d 2e 7a 66  |ps.[.c......].zf|
-00000230  03 b1 b8 5c fa b9 f4 fb  4e 0b 38 9a 97 f0 c9 e5  |...\....N.8.....|
-00000240  ce 18 33 ea 66 1c 59 cd  41 3e af 71 7c bf 00 a0  |..3.f.Y.A>.q|...|
-00000250  d9 ee 20 d7 80 a9 5d 55  b8 f8 92 7b 7e 4f bc 66  |.. ...]U...{~O.f|
-00000260  92 98 6a c6 15 5b e3 1d  59 14 d9 d0 5a 30 c0 4d  |..j..[..Y...Z0.M|
-00000270  37 f5 d9 40 a4 f9 f4 ad  b6 cf 55 98 03 1e e7 13  |7..@......U.....|
-00000280  5a 23 49 69 36 fa ae 9d  c2 cb 90 16 cc 36 f4 41  |Z#Ii6........6.A|
-00000290  3a c7 56 9f 05 23 be 1d  3f 8f 90 41 09 6b 88 9a  |:.V..#..?..A.k..|
-000002a0  70 91 76 e1 6d f0 5c 86  de 77 a4 83 c7 d5 3c c4  |p.v.m.\..w....<.|
-000002b0  67 ff b1 a2 e2 f5 61 4f  3b 4d 38 5d c9 c2 8c 97  |g.....aO;M8]....|
-000002c0  e2 a7 c0 72 3b 5e 4c d9  0f 18 a8 b9 77 8d 31 8f  |...r;^L.....w.1.|
-000002d0  d9 73 ac 33 a6 7a b5 bd  5e 58 b4 51 22 be d8 d4  |.s.3.z..^X.Q"...|
-000002e0  f5 e1 bc 37 80 d3 cf 3b  58 be 3e ce 33 83 1c 46  |...7...;X.>.3..F|
-000002f0  8b f3 f3 56 16 03 03 00  bc 30 f0 e1 0b eb 80 fe  |...V.....0......|
-00000300  5f fb 94 c9 5a 04 08 82  0f 0b b5 9b f7 f6 f6 d3  |_...Z...........|
-00000310  7e 68 e7 e5 2e cf a0 56  e6 b7 70 0a 63 5e 53 42  |~h.....V..p.c^SB|
-00000320  7f 27 ec 82 a0 5d e3 e8  77 27 40 3c 6d 47 ce dd  |.'...]..w'@<mG..|
-00000330  89 6e ac 0c 48 ab 25 d1  8e 4e 4e b8 99 69 a5 94  |.n..H.%..NN..i..|
-00000340  8d 19 ab f9 82 6b 28 e3  b8 5f f7 75 a8 dd 1f b5  |.....k(.._.u....|
-00000350  0a ff d1 72 4f 82 9b 9e  8e b3 3f f9 73 d6 cd ea  |...rO.....?.s...|
-00000360  c8 5b 51 4e 7f 16 a5 4b  81 5e 9a d7 a3 f2 64 35  |.[QN...K.^....d5|
-00000370  fd 2e dc 11 07 10 04 63  80 77 eb 0d d2 ba 9f 7c  |.......c.w.....||
-00000380  ad 66 eb 0a 2e f7 f2 3d  d3 a4 04 7b 83 8f 84 94  |.f.....=...{....|
-00000390  93 8e 8c 74 2a b0 3a 3e  e1 33 92 f9 59 e5 0a 56  |...t*.:>.3..Y..V|
-000003a0  95 3a 8b dc 1f 24 6c 08  07 c0 f1 20 6d 96 43 71  |.:...$l.... m.Cq|
-000003b0  bf c6 92 81 e3 16 03 03  00 3a 91 c1 13 a0 26 c9  |.........:....&.|
-000003c0  12 6a 09 23 5b 8b e8 da  10 cc 4d 00 ed 9e a6 09  |.j.#[.....M.....|
-000003d0  d8 d4 c0 b7 f0 cd 5f 7a  6e 4d 31 21 f6 6a 22 e7  |......_znM1!.j".|
-000003e0  6e 25 11 94 4a f2 b1 f1  b2 c9 30 4b e4 cd f3 f5  |n%..J.....0K....|
-000003f0  ce 86 e7 5d 16 03 03 00  14 20 c5 91 f0 6e 21 b8  |...]..... ...n!.|
-00000400  e8 a1 bb cf 62 ed 4b 5a  fa 19 40 ea 54           |....b.KZ..@.T|
->>> Flow 13 (client to server)
-00000000  16 03 03 02 69 1a b5 80  9c c6 42 be a6 d9 d1 c8  |....i.....B.....|
-00000010  0b 2c f7 f8 2a 1a 02 f6  db 48 8b 5c 45 fc 28 41  |.,..*....H.\E.(A|
-00000020  a4 db 35 fb a7 a9 72 07  19 86 9e e9 dc 53 48 fb  |..5...r......SH.|
-00000030  97 94 f3 a0 0d 8d 46 69  cf eb d9 ea de 21 a3 f4  |......Fi.....!..|
-00000040  b9 94 4f 8f 09 c3 de 66  fa 20 83 34 fc 50 ae c6  |..O....f. .4.P..|
-00000050  13 f6 7c c5 80 45 17 51  af a9 da bd 24 dd f6 15  |..|..E.Q....$...|
-00000060  8e c4 b4 e6 10 54 85 23  9d fe 72 b1 4c 2f ab ec  |.....T.#..r.L/..|
-00000070  78 9a 06 60 03 96 f7 d0  af dd 94 26 c9 67 1d e5  |x..`.......&.g..|
-00000080  9f 87 22 c4 11 82 f1 4c  f5 68 a7 fd d8 f3 dc ac  |.."....L.h......|
-00000090  35 90 6b c2 97 1c 78 54  d9 b2 3c d8 9d 13 66 42  |5.k...xT..<...fB|
-000000a0  6e 3b 1b 8f 32 4e 8f b5  a0 60 6e e4 35 fd d5 b4  |n;..2N...`n.5...|
-000000b0  f8 fb a6 a9 c7 b7 31 39  8e 90 0c 42 bc 1a 4f 67  |......19...B..Og|
-000000c0  fa b3 10 a8 45 01 88 8a  dd 41 43 c6 6c 41 9d 28  |....E....AC.lA.(|
-000000d0  bd 4c 43 85 4c 3b 7c 03  c4 55 70 f1 49 a0 d6 52  |.LC.L;|..Up.I..R|
-000000e0  5c 49 3e 2b d7 e8 a9 75  5e 92 bf f3 4c 1c c3 7e  |\I>+...u^...L..~|
-000000f0  69 ca 52 25 07 bb 54 e0  58 2d 28 ba 50 30 81 e8  |i.R%..T.X-(.P0..|
-00000100  93 0d 9d 78 3d c0 f1 c3  34 72 29 f1 da 60 de 84  |...x=...4r)..`..|
-00000110  aa fc d3 0f 2b 1e 1a 9c  7c af 6f 6a 4c cc 88 36  |....+...|.ojL..6|
-00000120  03 03 34 79 f9 89 6d 41  bb 19 61 6a 60 75 d7 0f  |..4y..mA..aj`u..|
-00000130  dc 22 7a e4 36 91 32 2b  99 24 36 19 4b 4c c4 ae  |."z.6.2+.$6.KL..|
-00000140  4f 98 6d f0 97 ce bc b4  ee 97 30 97 0b 54 8c 14  |O.m.......0..T..|
-00000150  8f d5 9d 44 ae 0a a6 07  9f 39 f6 66 80 cb fa 27  |...D.....9.f...'|
-00000160  bb 2f 26 bb c3 1a a4 9b  a0 d3 e8 75 13 49 da 0a  |./&........u.I..|
-00000170  8f cc e8 15 77 f8 05 c2  17 a0 ff e7 2a 59 bc c8  |....w.......*Y..|
-00000180  67 b5 7e b8 78 1e 32 81  22 3e 57 28 ee 51 96 b7  |g.~.x.2.">W(.Q..|
-00000190  0e dc 3f d1 00 16 a5 eb  01 cb c3 e3 5b 01 ad a9  |..?.........[...|
-000001a0  d5 1b ac 9b e2 0d 9a 6f  7a 2f f1 7d 05 57 6d 2d  |.......oz/.}.Wm-|
-000001b0  9d 35 68 88 e7 c5 e0 fb  9d 87 a7 ef 71 d8 47 b8  |.5h.........q.G.|
-000001c0  19 8e 87 d8 b1 36 0f 52  ab 98 8b 97 43 53 86 be  |.....6.R....CS..|
-000001d0  9d 86 2a cd 7c b0 46 c4  48 89 5b 6c 1e 93 9e a2  |..*.|.F.H.[l....|
-000001e0  15 af 60 8f 84 75 99 97  53 11 23 f9 0d ba 78 12  |..`..u..S.#...x.|
-000001f0  9b a9 04 91 d0 3a b3 4d  7b 67 a0 fa 78 5c 19 d6  |.....:.M{g..x\..|
-00000200  88 d2 21 f6 8d e4 91 d1  76 95 67 9d 4e 3b a1 d2  |..!.....v.g.N;..|
-00000210  61 c3 d2 a6 53 fd 82 93  20 7e f6 07 a0 49 3a ea  |a...S... ~...I:.|
-00000220  bc 73 03 0b f2 df 51 ac  35 d8 e4 35 9d 13 56 b5  |.s....Q.5..5..V.|
-00000230  be fc 7c 36 8b 37 a0 71  57 62 bd 89 38 18 90 1e  |..|6.7.qWb..8...|
-00000240  7a 1f b3 8f 73 55 32 94  5a 3a 31 91 b3 95 bd 61  |z...sU2.Z:1....a|
-00000250  ea 93 9d f0 38 33 fb 5b  28 3d a7 29 a4 91 de 85  |....83.[(=.)....|
-00000260  9c 16 63 10 81 c6 e0 11  92 3d 53 db 69 95 16 03  |..c......=S.i...|
-00000270  03 00 35 f7 3a b7 d1 20  aa f7 ed b1 c7 46 52 cb  |..5.:.. .....FR.|
-00000280  6e dd e2 f4 ae 83 20 cd  6c 59 b5 26 f9 81 7e 6c  |n..... .lY.&..~l|
-00000290  ed e9 0b 2a f1 3a dc f8  d6 ed e5 6d 89 14 3d 79  |...*.:.....m..=y|
-000002a0  e7 c8 af 89 30 eb 98 3d  16 03 03 00 98 a0 59 2f  |....0..=......Y/|
-000002b0  cd d9 f6 63 e3 53 47 77  e5 c4 fc 2e 12 d7 24 8a  |...c.SGw......$.|
-000002c0  4c c7 d8 c9 77 4f bc 3c  af 93 6f 57 3d 6f 5d 1c  |L...wO.<..oW=o].|
-000002d0  6a 5a 2c 42 1c e0 92 d5  5e 34 c8 a5 9e 11 21 16  |jZ,B....^4....!.|
-000002e0  01 1a 08 af 4e f6 a1 e3  19 a6 81 41 3d 7a f3 d1  |....N......A=z..|
-000002f0  e0 9e 55 90 42 4b d9 5c  46 b7 eb c8 fb 83 1c 97  |..U.BK.\F.......|
-00000300  9e d9 74 bb 7f 2f 4d 61  89 46 db 32 da 1a 76 95  |..t../Ma.F.2..v.|
-00000310  88 f8 ca 62 14 88 dc 97  b8 58 82 74 16 78 be c5  |...b.....X.t.x..|
-00000320  f9 78 a4 88 c1 d4 6b 36  6e 54 60 a5 21 30 47 07  |.x....k6nT`.!0G.|
-00000330  e8 2d 22 ce a5 17 fb 43  10 9d 74 c9 64 a3 db ac  |.-"....C..t.d...|
-00000340  d9 24 7a a7 5d 14 03 03  00 11 68 20 87 e9 9b 91  |.$z.].....h ....|
-00000350  81 67 2b 31 c4 47 e8 9b  2e 7c c4 16 03 03 00 20  |.g+1.G...|..... |
-00000360  ef 6f 3d 0f 23 fa 77 8c  a9 46 d9 0d b0 d9 f8 16  |.o=.#.w..F......|
-00000370  62 e2 07 21 ec b6 a7 78  ce a6 ea b3 68 c1 c7 af  |b..!...x....h...|
->>> Flow 14 (server to client)
-00000000  14 03 03 00 11 bb 45 96  9e 08 cb e4 24 c2 e3 71  |......E.....$..q|
-00000010  40 d1 ef a1 5e 2f 16 03  03 00 20 1b 3f 69 fb ae  |@...^/.... .?i..|
-00000020  cd 98 15 59 16 14 cf a5  16 af 36 6d 6d 3a 49 06  |...Y......6mm:I.|
-00000030  a6 f9 cf 53 ea 9a b7 3b  48 d2 e3 17 03 03 00 19  |...S...;H.......|
-00000040  72 2c 82 a0 8c 6c 8b c3  78 e4 41 1b ff ba 92 6d  |r,...l..x.A....m|
-00000050  3c 4d 9c c3 95 e3 27 b9  82                       |<M....'..|
->>> Flow 15 (client to server)
-00000000  15 03 03 00 12 3d f9 72  53 84 b5 a4 ec 27 39 cc  |.....=.rS....'9.|
-00000010  72 29 c0 e6 37 7b 0f                              |r)..7{.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateTwiceRejected b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateTwiceRejected
deleted file mode 100644
index 737ccc61..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiateTwiceRejected
+++ /dev/null
@@ -1,234 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 75 f6 1b 17 2f  |....Y...U..u.../|
-00000010  e0 d4 19 06 0d 93 90 51  46 d9 c3 a0 cd 45 6c 85  |.......QF....El.|
-00000020  94 87 01 21 3e 92 62 1d  e7 d1 39 20 07 26 a1 5b  |...!>.b...9 .&.[|
-00000030  d2 4a 61 40 ba 58 c0 23  0c 3f c3 08 5d 28 04 94  |.Ja@.X.#.?..](..|
-00000040  a9 34 37 28 64 75 6f 9c  ae fa 1f 24 cc a8 00 00  |.47(duo....$....|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 84 74 e5 bc 24 39 39  |........ .t..$99|
-000002d0  e0 6e 35 fb 34 87 76 0d  78 89 35 5c 85 e7 92 da  |.n5.4.v.x.5\....|
-000002e0  e1 39 f4 b2 e7 ec d5 cd  58 04 01 00 80 cf 3a 57  |.9......X.....:W|
-000002f0  6a 8b b7 72 d8 a2 6b 47  87 77 8b 7a bf 63 6c e8  |j..r..kG.w.z.cl.|
-00000300  d4 20 6a 6a 9c 62 b6 ef  4b 9f a7 89 8c a6 fd 02  |. jj.b..K.......|
-00000310  92 2f 8d 07 44 09 f6 d9  03 99 39 49 1d 8d 1b 7f  |./..D.....9I....|
-00000320  eb eb 4b a6 fb 9f 83 3b  3d d3 61 3e e4 d3 22 24  |..K....;=.a>.."$|
-00000330  c1 44 76 e8 75 c7 aa 31  96 e3 50 bb 76 3e 87 02  |.Dv.u..1..P.v>..|
-00000340  b9 1d 82 dd 55 ee 05 b9  b5 1e 65 90 2c 50 c9 87  |....U.....e.,P..|
-00000350  49 dd 35 c8 84 67 6e 52  3a 3b ec 3c 63 f4 0f 95  |I.5..gnR:;.<c...|
-00000360  87 05 8e ec bd d7 97 9f  9a 14 78 d7 97 16 03 03  |..........x.....|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 3e a2 12  3b a4 83 4a c2 0e 93 d5  |.... >..;..J....|
-00000040  98 d5 2e 11 9e 60 60 23  78 5a 63 49 f1 7a ee c4  |.....``#xZcI.z..|
-00000050  47 00 6c 4e fb                                    |G.lN.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 6d 78 5b 5f 1b  |.......... mx[_.|
-00000010  2c 05 ba 92 46 e2 f0 04  48 fa a1 da be 93 ed fd  |,...F...H.......|
-00000020  f5 f8 b8 dd 00 60 09 a6  36 3c c4                 |.....`..6<.|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 a4 db 13  bc c1 6e 06 9e 6d 1a c9  |..........n..m..|
-00000010  85 a7 e9 28 b8 27 74 19  8f 1a bc                 |...(.'t....|
->>> Flow 6 (server to client)
-00000000  16 03 03 00 14 fa a3 77  3c 76 11 5d be 12 4f 6a  |.......w<v.]..Oj|
-00000010  f7 0d 26 73 ab 7c bd 4b  19                       |..&s.|.K.|
->>> Flow 7 (client to server)
-00000000  16 03 03 00 ad 59 80 a4  91 95 56 2a 01 ee 04 84  |.....Y....V*....|
-00000010  f9 d2 dd a5 2c a6 46 a8  69 a3 c7 47 7e eb 54 da  |....,.F.i..G~.T.|
-00000020  ec cc 9d aa e1 0a b1 7c  e9 cf 9f c9 c8 12 62 35  |.......|......b5|
-00000030  d2 4a eb 28 0d 9b aa a4  d5 79 66 f7 72 4c 26 10  |.J.(.....yf.rL&.|
-00000040  b6 71 db 4a 68 8b 47 f9  47 e3 6d a6 4e 99 d5 0b  |.q.Jh.G.G.m.N...|
-00000050  27 b2 2c 23 9b 58 60 8a  37 a1 8e 26 09 26 2a 46  |'.,#.X`.7..&.&*F|
-00000060  e6 24 7f 9b cb 6b d1 9d  b1 c0 48 c9 50 8b ab 06  |.$...k....H.P...|
-00000070  05 57 ef 1a e0 bd ce db  ca 3d e1 59 df 24 4c 02  |.W.......=.Y.$L.|
-00000080  bf 1b 9e 48 52 42 6c dd  8f fa 82 68 56 52 a6 be  |...HRBl....hVR..|
-00000090  d0 93 cb 43 74 e1 2f 86  cc e1 4c fa ba fc 1d f0  |...Ct./...L.....|
-000000a0  d5 20 3a 79 b3 b8 b7 24  b5 cf 4c dd a5 d0 4d 18  |. :y...$..L...M.|
-000000b0  15 55                                             |.U|
->>> Flow 8 (server to client)
-00000000  16 03 03 00 81 10 b8 d9  9a 82 21 14 86 6d ef e4  |..........!..m..|
-00000010  b6 bc 10 84 80 a6 72 7b  dc 24 ba e1 e5 d2 bb d2  |......r{.$......|
-00000020  9f 09 d3 d7 37 20 ec 7d  bd 13 e0 bd 40 44 8a 6e  |....7 .}....@D.n|
-00000030  7f f6 d5 42 03 4b 00 b5  87 99 ac 6d 11 03 38 46  |...B.K.....m..8F|
-00000040  33 71 c4 10 ce da 36 d6  c1 41 9f 96 8e eb 4b 99  |3q....6..A....K.|
-00000050  24 07 8c 6b 88 2c f1 dd  31 35 ba 43 0f 60 bf b0  |$..k.,..15.C.`..|
-00000060  74 77 a9 d4 a7 65 f6 68  e2 70 4a 7e fe db ab 13  |tw...e.h.pJ~....|
-00000070  7f 51 c3 0f b4 93 42 12  d6 29 5d 44 5c df 17 6e  |.Q....B..)]D\..n|
-00000080  73 1d b8 95 fc 8b 16 03  03 02 69 64 5d 4f b4 3a  |s.........id]O.:|
-00000090  23 98 07 51 63 18 09 07  9a 8c dd 8e 51 a8 ca 23  |#..Qc.......Q..#|
-000000a0  37 21 f4 d5 e0 8f 03 1c  6f 6d c4 60 dd 99 8f 4b  |7!......om.`...K|
-000000b0  4c 11 f7 78 f8 aa f6 29  87 cf 4d ba 89 87 2a c9  |L..x...)..M...*.|
-000000c0  48 66 48 d3 a6 19 8a 84  f6 db 17 b4 59 5b e4 8e  |HfH.........Y[..|
-000000d0  8e ef fc 32 10 aa 0d 57  47 68 82 07 72 95 03 f6  |...2...WGh..r...|
-000000e0  e5 c1 c3 01 00 f9 85 4f  0f 85 37 73 f7 c5 af a2  |.......O..7s....|
-000000f0  37 96 ba 06 49 6a 2d a2  23 39 2e 9b f1 fc 01 de  |7...Ij-.#9......|
-00000100  53 75 ee 34 ae 27 ea 49  6a d8 d0 cd 9b e8 60 b7  |Su.4.'.Ij.....`.|
-00000110  f6 b1 8e 26 ec 6c 36 87  d6 70 49 07 e0 96 2a bd  |...&.l6..pI...*.|
-00000120  45 a3 b1 f5 dc b0 a3 4f  dc d8 c3 fd 4f fb 98 13  |E......O....O...|
-00000130  67 55 99 39 b5 16 19 72  9d f1 5a cf 6e 53 d9 03  |gU.9...r..Z.nS..|
-00000140  05 f5 81 07 a1 38 a1 e5  4c 76 51 1a ae f6 4b f6  |.....8..LvQ...K.|
-00000150  b2 a7 84 1e 2a 31 b0 b8  9f 41 e8 e5 32 18 44 4c  |....*1...A..2.DL|
-00000160  0b fb e3 d9 4c dd 45 c5  c4 c4 57 bf f7 5a dc f6  |....L.E...W..Z..|
-00000170  73 98 d4 ea 2f c0 cb 35  97 c1 45 94 37 87 d3 8c  |s.../..5..E.7...|
-00000180  65 3f ee a8 67 a6 00 80  92 02 76 e8 0a 04 ce 7a  |e?..g.....v....z|
-00000190  79 4f cd 70 1a 31 5a 03  83 01 de 1f 4a 46 39 4e  |yO.p.1Z.....JF9N|
-000001a0  d0 80 6e 67 d7 e6 fc ba  74 4b 57 d2 3c 19 7b 03  |..ng....tKW.<.{.|
-000001b0  ab 9a e2 f7 db 58 c2 b7  58 96 55 88 e6 e2 e2 f8  |.....X..X.U.....|
-000001c0  ab e9 b0 12 ef ff e6 53  7b 4e 01 2f 65 0d 05 f0  |.......S{N./e...|
-000001d0  95 9f 46 d2 ae e7 33 5c  37 56 ab 67 95 87 81 59  |..F...3\7V.g...Y|
-000001e0  f2 35 76 78 ed 13 63 a3  58 52 af 46 e6 aa c3 99  |.5vx..c.XR.F....|
-000001f0  37 9d 10 25 cc 7f 7e 63  e1 96 6d 7a 8e ac 9e 00  |7..%..~c..mz....|
-00000200  d1 0e 7a 48 b6 82 77 6a  a0 17 d1 77 70 f8 40 4a  |..zH..wj...wp.@J|
-00000210  c4 90 da b0 3f 25 68 f5  9f dd 5e ec 95 02 19 53  |....?%h...^....S|
-00000220  08 6a 13 11 88 9e 2b 25  b8 28 cd 58 36 d7 d3 95  |.j....+%.(.X6...|
-00000230  f5 91 63 92 ff 3b d2 4f  75 ae 47 6c 64 8a a4 76  |..c..;.Ou.Gld..v|
-00000240  48 96 a7 35 d6 35 22 96  4d 4f ee 45 fb 88 52 68  |H..5.5".MO.E..Rh|
-00000250  4e 38 93 e8 08 6a e6 f3  00 a7 f7 b0 0b 68 41 ab  |N8...j.......hA.|
-00000260  9b 3a 92 2b fd b2 71 14  77 91 48 e7 70 62 b5 b0  |.:.+..q.w.H.pb..|
-00000270  45 90 35 d2 b3 22 f5 70  6c 62 7f 55 6b 56 42 f8  |E.5..".plb.UkVB.|
-00000280  6c 87 a7 60 45 37 f0 41  41 ec 73 f5 f1 d9 d2 84  |l..`E7.AA.s.....|
-00000290  bd 88 bc 9b 43 ec 8b b3  c4 3a 59 2c 30 61 30 98  |....C....:Y,0a0.|
-000002a0  78 d3 e7 85 dd 7e 80 b8  fb b3 bf 7e 11 79 e8 20  |x....~.....~.y. |
-000002b0  aa b8 81 94 10 5c f8 ba  70 4c 1e 7c 35 8f 48 30  |.....\..pL.|5.H0|
-000002c0  17 38 d6 1c 91 ed 00 2c  f7 af 29 d3 cb 9b ab 6b  |.8.....,..)....k|
-000002d0  b3 fa 6e 1a 9b a8 cf 08  8e 03 a5 f7 76 17 74 3a  |..n.........v.t:|
-000002e0  9e 36 ae 19 fd 2c 44 14  f3 2b 1d 01 db e1 96 22  |.6...,D..+....."|
-000002f0  25 14 5b d8 16 03 03 00  bc bb 8c bb cf f9 d7 76  |%.[............v|
-00000300  7a a7 d6 e0 29 cb 45 21  8d 57 0b 81 0c e0 96 05  |z...).E!.W......|
-00000310  c7 96 67 43 0f 41 11 e9  c2 07 2d 62 17 b4 64 01  |..gC.A....-b..d.|
-00000320  c5 75 79 dc 9c 36 3f ea  42 ea 09 a7 bc 0f 6b b1  |.uy..6?.B.....k.|
-00000330  b4 4d ae 38 0a ca 51 d0  97 46 b6 55 12 7c 24 28  |.M.8..Q..F.U.|$(|
-00000340  77 16 64 42 53 70 c4 52  ed e5 aa 20 3a 00 7e d0  |w.dBSp.R... :.~.|
-00000350  9e 99 e4 56 5f ef 30 56  00 8b e7 31 6d 66 6d dc  |...V_.0V...1mfm.|
-00000360  58 8a b0 60 6f 16 a7 b0  14 a5 9d 3d 38 94 6e 16  |X..`o......=8.n.|
-00000370  a3 22 76 e9 59 d8 90 cd  32 83 bb 8c c5 23 cb c2  |."v.Y...2....#..|
-00000380  c5 03 02 de 13 97 ac 4e  99 9f 4d 6d aa ed 72 b7  |.......N..Mm..r.|
-00000390  76 db 8b c9 31 17 b9 1c  4a fa 87 2c 6b dc 07 82  |v...1...J..,k...|
-000003a0  a2 39 e0 09 32 a2 8e 1c  6e 68 e1 14 ba ab 3a d4  |.9..2...nh....:.|
-000003b0  1e 4f f4 39 c7 16 03 03  00 3a cf b2 61 5f 7e ef  |.O.9.....:..a_~.|
-000003c0  04 51 64 f6 3d b3 54 44  bd 8a d0 87 48 64 76 a6  |.Qd.=.TD....Hdv.|
-000003d0  0d bc 7f b7 99 d4 67 8b  cd e3 c4 5d df c5 c8 fc  |......g....]....|
-000003e0  be d1 c4 03 6d 61 2d 10  58 b1 7a 7c 9e 1c 6b 16  |....ma-.X.z|..k.|
-000003f0  ff 31 a8 87 16 03 03 00  14 85 99 57 4b a1 19 33  |.1.........WK..3|
-00000400  bd 9a 86 ed be 5d 24 f0  02 9d ca 1e 26           |.....]$.....&|
->>> Flow 9 (client to server)
-00000000  16 03 03 02 69 8c c7 01  da 38 a5 36 3d 2c 21 1c  |....i....8.6=,!.|
-00000010  64 1b b8 e7 c2 cd 17 06  b6 51 0e e6 d9 d9 18 c5  |d........Q......|
-00000020  a9 c9 ac 5d 2d 23 f8 15  92 b2 e1 62 6e d7 8d 58  |...]-#.....bn..X|
-00000030  5b d9 b8 26 e5 ec 0f 61  15 3e 12 70 89 0d 3f 4e  |[..&...a.>.p..?N|
-00000040  e3 2e 18 42 7c c7 59 7b  e1 48 d9 a8 cf b1 cd 38  |...B|.Y{.H.....8|
-00000050  17 90 97 89 2e 4f 4b df  58 b0 9f 4e 95 d2 e9 70  |.....OK.X..N...p|
-00000060  6d 0b 82 af b7 05 be 11  26 d8 f9 89 e6 d6 44 f5  |m.......&.....D.|
-00000070  db 7c 8c 91 61 78 dc 68  98 9b 10 17 5b 85 42 93  |.|..ax.h....[.B.|
-00000080  31 a2 16 97 72 c5 f2 d0  81 76 a6 9b b7 9c 14 ab  |1...r....v......|
-00000090  a7 bf 19 f7 34 e3 8f 3f  a5 aa 23 c8 49 07 1b 6f  |....4..?..#.I..o|
-000000a0  e5 5d 65 66 a1 dc d2 e7  bb c2 4b 9e a7 9a dc d6  |.]ef......K.....|
-000000b0  72 42 d3 71 d3 51 a4 3a  82 f7 cd 2a 15 34 da 6d  |rB.q.Q.:...*.4.m|
-000000c0  44 3a a9 7d 6e 4c ce a5  ba 6b 5b 3b 88 8c e1 29  |D:.}nL...k[;...)|
-000000d0  ee a8 17 1b 02 36 8f 68  c9 9e e6 f1 bf e3 e3 e0  |.....6.h........|
-000000e0  cd 6d 7f ff c2 4d 3f 88  c7 9b 75 20 e5 cd fa fa  |.m...M?...u ....|
-000000f0  a0 d7 10 6a c1 00 73 f9  df bd 22 60 8c 82 71 e6  |...j..s..."`..q.|
-00000100  56 aa 90 bf c7 a8 82 51  e7 23 42 ec 99 f5 b9 aa  |V......Q.#B.....|
-00000110  3c cc c6 32 11 29 1f a6  ae 89 03 04 e8 de 9f f4  |<..2.)..........|
-00000120  bd 87 ae af 91 ee a2 f3  e2 6d 7b 87 ad 67 16 2d  |.........m{..g.-|
-00000130  ad 92 34 38 52 ed 7c 38  92 45 16 26 9f 65 d2 67  |..48R.|8.E.&.e.g|
-00000140  3e 33 a1 bd b2 f6 d3 c8  76 96 52 11 0d 8d ac a6  |>3......v.R.....|
-00000150  27 10 6a 43 63 5f 82 41  e7 fe 91 24 68 70 bd 2c  |'.jCc_.A...$hp.,|
-00000160  35 fd 0e 49 ec 3a dd f3  c0 af 5c f4 61 9a 2a 00  |5..I.:....\.a.*.|
-00000170  59 b5 28 24 f0 cf d3 25  bc 77 65 74 04 ee 4b 5e  |Y.($...%.wet..K^|
-00000180  2b 9f 1d 27 e2 dd 1a ed  ab e5 ff d6 1a 55 d7 4d  |+..'.........U.M|
-00000190  5c da 14 96 21 43 f6 c3  2d 78 e5 75 60 69 26 ce  |\...!C..-x.u`i&.|
-000001a0  7a 66 5e 42 91 0e ef 41  c2 c4 e6 15 8a 9a 17 a1  |zf^B...A........|
-000001b0  d9 23 2c cc c7 81 00 71  b0 52 ec 4e ea eb f9 75  |.#,....q.R.N...u|
-000001c0  2e 87 16 b4 ba 25 8c 09  f1 23 f9 ee ea db 0e b5  |.....%...#......|
-000001d0  d0 dd 47 9b b6 06 a3 f3  5e 0d 34 5a ba 76 cd 0a  |..G.....^.4Z.v..|
-000001e0  b1 9f 8a 99 aa d3 02 2e  b6 04 7b c5 d3 2f dc d7  |..........{../..|
-000001f0  68 af 6b 88 90 0a 94 a4  29 65 0b ba b3 da f2 cd  |h.k.....)e......|
-00000200  51 93 4f ea b4 f8 54 c7  28 e3 2d 63 d0 62 54 d9  |Q.O...T.(.-c.bT.|
-00000210  27 a0 85 57 7b a2 f2 f5  a5 25 83 1b e2 36 15 06  |'..W{....%...6..|
-00000220  41 ae e1 f9 ca a5 c6 59  2d da 4a ed 10 7b 80 01  |A......Y-.J..{..|
-00000230  06 39 f2 a8 4b 22 37 4d  aa 84 79 85 71 29 1b 4e  |.9..K"7M..y.q).N|
-00000240  c3 79 af 13 f5 4e 3c 6d  fa 8c d7 55 13 2b 48 3d  |.y...N<m...U.+H=|
-00000250  9a 79 e2 b4 3f 59 f8 f9  6c d2 39 51 e0 6e c2 c3  |.y..?Y..l.9Q.n..|
-00000260  09 06 d4 e0 4f 76 a6 54  b8 9d ef 30 ba 80 16 03  |....Ov.T...0....|
-00000270  03 00 35 df a1 cc 0f 77  42 24 fe 38 ac ec 25 cf  |..5....wB$.8..%.|
-00000280  13 85 03 87 73 b4 c0 d9  97 d0 a8 8e 12 f4 13 61  |....s..........a|
-00000290  42 40 03 a6 b6 6c d3 dd  d9 92 f0 e9 bc bc a7 22  |B@...l........."|
-000002a0  64 cf 4b 00 97 71 ac 3b  16 03 03 00 98 f7 61 85  |d.K..q.;......a.|
-000002b0  47 fc 23 b5 34 4b 1f 10  c7 12 51 07 a2 40 40 48  |G.#.4K....Q..@@H|
-000002c0  1c 79 52 3a a7 9d ca 45  62 a2 53 71 bd 23 0a 77  |.yR:...Eb.Sq.#.w|
-000002d0  0b 7f 8c ff f2 51 da 91  07 d7 67 71 bb ec 02 8d  |.....Q....gq....|
-000002e0  3f 79 dc d9 af f4 4c 78  3e ac 8d 30 ed eb c9 19  |?y....Lx>..0....|
-000002f0  96 89 a7 0f 7c fb 96 18  84 86 e7 bd e2 35 31 0c  |....|........51.|
-00000300  7a 51 d7 94 6b 61 62 7a  6a d8 56 62 e6 cf bf 60  |zQ..kabzj.Vb...`|
-00000310  df 7a c5 ce d3 87 ea 2f  5a ad 90 d4 39 f7 47 8e  |.z...../Z...9.G.|
-00000320  8b d3 6b 8e e0 3f 2f 59  71 e4 e6 bf 3f 4a 29 a8  |..k..?/Yq...?J).|
-00000330  60 df 1b 5c 2d 21 ab 0a  a5 9f 5a a2 a3 d6 08 3c  |`..\-!....Z....<|
-00000340  4a 4b f9 d6 a0 14 03 03  00 11 44 a4 62 7e c1 4a  |JK........D.b~.J|
-00000350  4e 56 dd 08 65 b2 ab 12  cd fa 8d 16 03 03 00 20  |NV..e.......... |
-00000360  b4 52 5a e8 33 b6 23 b1  b4 e6 59 da b0 84 52 94  |.RZ.3.#...Y...R.|
-00000370  70 de dc 02 f6 41 e3 27  7c 27 56 6a 7c 92 e3 48  |p....A.'|'Vj|..H|
->>> Flow 10 (server to client)
-00000000  14 03 03 00 11 c7 92 b3  aa a0 91 21 4f 42 96 0c  |...........!OB..|
-00000010  3a 92 c3 53 55 d1 16 03  03 00 20 4b da e5 1c 08  |:..SU..... K....|
-00000020  ce a7 33 f1 a6 c7 47 52  19 68 b4 f5 1d 66 a7 38  |..3...GR.h...f.8|
-00000030  97 45 43 9f ca b5 db 2c  14 fc f4 17 03 03 00 19  |.EC....,........|
-00000040  28 f4 bb bf c1 5a 2d 1e  b8 fc c7 fc 55 16 e9 cc  |(....Z-.....U...|
-00000050  43 a3 63 58 7e 2c 60 77  23 16 03 03 00 14 2c e6  |C.cX~,`w#.....,.|
-00000060  25 0a b7 26 7b 13 55 62  f1 fe 6e fe 0e 57 53 57  |%..&{.Ub..n..WSW|
-00000070  19 1b                                             |..|
->>> Flow 11 (client to server)
-00000000  15 03 03 00 12 dd 2b 00  09 fd 8c 7d 21 3d 7c 06  |......+....}!=|.|
-00000010  93 ca c9 21 b2 3e 20 15  03 03 00 12 90 32 4b 3b  |...!.> ......2K;|
-00000020  33 4d fd 69 55 81 aa 42  16 ae 47 b9 4c 06        |3M.iU..B..G.L.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiationRejected b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiationRejected
deleted file mode 100644
index cb964324..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-RenegotiationRejected
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 91 a6 bc 02 ab  |....Y...U.......|
-00000010  19 62 2c de 45 57 ba 71  c0 b0 4d 78 5e f4 c2 b9  |.b,.EW.q..Mx^...|
-00000020  81 ba 8b d6 b1 9b c8 fb  0c 7c 40 20 dc 66 80 5b  |.........|@ .f.[|
-00000030  20 3c 60 65 7f 9e 0c 67  a8 f3 22 c9 c5 48 80 fa  | <`e...g.."..H..|
-00000040  02 a1 1a 48 6d 1c 46 07  db 6c 8e 85 cc a8 00 00  |...Hm.F..l......|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 f5 fd 54 ea 3e bb 70  |........ ..T.>.p|
-000002d0  fb 8e fb e4 8a 25 1f 9d  3d 9a fb fb 9d ff d1 52  |.....%..=......R|
-000002e0  81 9d b0 ea a1 e6 b0 87  2f 04 01 00 80 77 54 16  |......../....wT.|
-000002f0  98 5d 22 c4 7f 9b 2a 44  dd e4 0d 78 c2 60 6a ad  |.]"...*D...x.`j.|
-00000300  91 9d d9 ed 93 0b 4e b4  c6 26 f1 94 6d e0 cc f4  |......N..&..m...|
-00000310  8d fa 9c ec 70 f5 5b ac  80 d7 5e 4f 49 04 bc 24  |....p.[...^OI..$|
-00000320  8e 0a 7d 44 e1 7e 47 1e  a8 68 d1 fe 6f 41 0d 4a  |..}D.~G..h..oA.J|
-00000330  e5 5b f6 f6 a3 af 76 21  56 1a 25 d2 03 3c f4 dd  |.[....v!V.%..<..|
-00000340  0c 13 ce 56 8a 61 6f 5b  8c a1 04 43 82 87 64 20  |...V.ao[...C..d |
-00000350  4a 3b ec 90 d7 59 aa ca  08 3a 39 57 f1 56 57 6a  |J;...Y...:9W.VWj|
-00000360  18 c9 14 7f e3 8d 83 0f  e2 0b 4d 24 01 16 03 03  |..........M$....|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 6b ce 5c  2f df 85 e7 5e fa 51 48  |.... k.\/...^.QH|
-00000040  f9 31 a5 02 64 c7 1e b1  2e f2 6b 86 30 43 23 91  |.1..d.....k.0C#.|
-00000050  76 6b 40 74 2b                                    |vk@t+|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 e7 1e 88 10 2d  |.......... ....-|
-00000010  dc 35 6d 2b 4a 91 39 5d  5c 46 ed 2e 45 6f 41 38  |.5m+J.9]\F..EoA8|
-00000020  66 0f 15 58 f8 af d8 a6  6c 99 61                 |f..X....l.a|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 ab 2a df  2f 3c 07 6a 24 98 55 0b  |......*./<.j$.U.|
-00000010  67 20 2d 92 cd 9a 44 74  da fd 6a                 |g -...Dt..j|
->>> Flow 6 (server to client)
-00000000  16 03 03 00 14 d6 fb e7  9a 76 2a 6f e1 e9 33 1a  |.........v*o..3.|
-00000010  77 07 fd 7f 98 af 1e 04  43                       |w.......C|
->>> Flow 7 (client to server)
-00000000  15 03 03 00 12 7e e3 20  96 03 31 8c 6a 31 f8 62  |.....~. ..1.j1.b|
-00000010  02 a7 a4 ce 77 83 c1 15  03 03 00 12 b9 91 75 45  |....w.........uE|
-00000020  a5 4a f9 c6 6d b2 5c c3  0a 1a 26 63 00 04        |.J..m.\...&c..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-SCT b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-SCT
deleted file mode 100644
index a0f6a090..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-SCT
+++ /dev/null
@@ -1,107 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
-00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 01 c6 02 00 01  c2 03 03 08 db 5c c4 da  |.............\..|
-00000010  fe 2c a2 21 0d c4 9e c4  14 b9 e3 15 d7 c5 2c 84  |.,.!..........,.|
-00000020  f2 b8 0e 32 67 9e 72 08  9c 17 6b 20 86 09 60 52  |...2g.r...k ..`R|
-00000030  9d 53 ba c8 8a c3 1a 11  c0 e5 c6 a0 59 49 ed cb  |.S..........YI..|
-00000040  e0 6f 0a 56 e9 4f bf 02  2f 23 10 b8 cc a8 00 01  |.o.V.O../#......|
-00000050  7a ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 12  |z...............|
-00000060  01 69 01 67 00 75 00 a4  b9 09 90 b4 18 58 14 87  |.i.g.u.......X..|
-00000070  bb 13 a2 cc 67 70 0a 3c  35 98 04 f9 1b df b8 e3  |....gp.<5.......|
-00000080  77 cd 0e c8 0d dc 10 00  00 01 47 97 99 ee 16 00  |w.........G.....|
-00000090  00 04 03 00 46 30 44 02  20 1c 4b 82 5d 95 6e 67  |....F0D. .K.].ng|
-000000a0  5b db 04 95 4b f6 ce f4  32 3e 86 7a 7a 32 ab 18  |[...K...2>.zz2..|
-000000b0  60 74 de 08 da 05 91 4c  2f 02 20 73 54 1b 6e 7f  |`t.....L/. sT.n.|
-000000c0  a1 b0 7d 11 bc e6 f3 85  2f 97 66 1a f7 8a e4 10  |..}...../.f.....|
-000000d0  25 8f 12 f4 6f 39 0f d2  9e 18 f0 00 76 00 68 f6  |%...o9......v.h.|
-000000e0  98 f8 1f 64 82 be 3a 8c  ee b9 28 1d 4c fc 71 51  |...d..:...(.L.qQ|
-000000f0  5d 67 93 d4 44 d1 0a 67  ac bb 4f 4f fb c4 00 00  |]g..D..g..OO....|
-00000100  01 47 97 e1 b5 70 00 00  04 03 00 47 30 45 02 20  |.G...p.....G0E. |
-00000110  32 21 14 38 06 d8 72 2e  00 30 64 1a e2 e8 6d 4e  |2!.8..r..0d...mN|
-00000120  5a e1 d9 42 1e 82 4b 96  25 89 d5 26 13 d3 9c fa  |Z..B..K.%..&....|
-00000130  02 21 00 8f 12 28 64 51  4f 44 d5 8c 18 62 23 b2  |.!...(dQOD...b#.|
-00000140  43 93 33 05 f3 43 55 a1  d9 ee cd c5 71 35 91 dd  |C.3..CU.....q5..|
-00000150  49 d1 0b 00 76 00 ee 4b  bd b7 75 ce 60 ba e1 42  |I...v..K..u.`..B|
-00000160  69 1f ab e1 9e 66 a3 0f  7e 5f b0 72 d8 83 00 c4  |i....f..~_.r....|
-00000170  7b 89 7a a8 fd cb 00 00  01 48 5c 64 8a 87 00 00  |{.z......H\d....|
-00000180  04 03 00 47 30 45 02 20  29 89 d6 b0 53 d3 d2 e9  |...G0E. )...S...|
-00000190  91 bc f1 b5 40 be 1e 2e  e7 5c b4 74 27 ed 8f 9b  |....@....\.t'...|
-000001a0  02 e9 fa c2 4c ba a2 be  02 21 00 af 43 64 52 71  |....L....!..CdRq|
-000001b0  15 29 58 40 91 c7 08 16  96 03 a8 73 a5 65 a0 6c  |.)X@.......s.e.l|
-000001c0  b8 48 56 5a b6 29 83 64  6d 2a 9d 16 03 03 02 59  |.HVZ.).dm*.....Y|
-000001d0  0b 00 02 55 00 02 52 00  02 4f 30 82 02 4b 30 82  |...U..R..O0..K0.|
-000001e0  01 b4 a0 03 02 01 02 02  09 00 e8 f0 9d 3f e2 5b  |.............?.[|
-000001f0  ea a6 30 0d 06 09 2a 86  48 86 f7 0d 01 01 0b 05  |..0...*.H.......|
-00000200  00 30 1f 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |.0.1.0...U....Go|
-00000210  31 10 30 0e 06 03 55 04  03 13 07 47 6f 20 52 6f  |1.0...U....Go Ro|
-00000220  6f 74 30 1e 17 0d 31 36  30 31 30 31 30 30 30 30  |ot0...1601010000|
-00000230  30 30 5a 17 0d 32 35 30  31 30 31 30 30 30 30 30  |00Z..25010100000|
-00000240  30 5a 30 1a 31 0b 30 09  06 03 55 04 0a 13 02 47  |0Z0.1.0...U....G|
-00000250  6f 31 0b 30 09 06 03 55  04 03 13 02 47 6f 30 81  |o1.0...U....Go0.|
-00000260  9f 30 0d 06 09 2a 86 48  86 f7 0d 01 01 01 05 00  |.0...*.H........|
-00000270  03 81 8d 00 30 81 89 02  81 81 00 db 46 7d 93 2e  |....0.......F}..|
-00000280  12 27 06 48 bc 06 28 21  ab 7e c4 b6 a2 5d fe 1e  |.'.H..(!.~...]..|
-00000290  52 45 88 7a 36 47 a5 08  0d 92 42 5b c2 81 c0 be  |RE.z6G....B[....|
-000002a0  97 79 98 40 fb 4f 6d 14  fd 2b 13 8b c2 a5 2e 67  |.y.@.Om..+.....g|
-000002b0  d8 d4 09 9e d6 22 38 b7  4a 0b 74 73 2b c2 34 f1  |....."8.J.ts+.4.|
-000002c0  d1 93 e5 96 d9 74 7b f3  58 9f 6c 61 3c c0 b0 41  |.....t{.X.la<..A|
-000002d0  d4 d9 2b 2b 24 23 77 5b  1c 3b bd 75 5d ce 20 54  |..++$#w[.;.u]. T|
-000002e0  cf a1 63 87 1d 1e 24 c4  f3 1d 1a 50 8b aa b6 14  |..c...$....P....|
-000002f0  43 ed 97 a7 75 62 f4 14  c8 52 d7 02 03 01 00 01  |C...ub...R......|
-00000300  a3 81 93 30 81 90 30 0e  06 03 55 1d 0f 01 01 ff  |...0..0...U.....|
-00000310  04 04 03 02 05 a0 30 1d  06 03 55 1d 25 04 16 30  |......0...U.%..0|
-00000320  14 06 08 2b 06 01 05 05  07 03 01 06 08 2b 06 01  |...+.........+..|
-00000330  05 05 07 03 02 30 0c 06  03 55 1d 13 01 01 ff 04  |.....0...U......|
-00000340  02 30 00 30 19 06 03 55  1d 0e 04 12 04 10 9f 91  |.0.0...U........|
-00000350  16 1f 43 43 3e 49 a6 de  6d b6 80 d7 9f 60 30 1b  |..CC>I..m....`0.|
-00000360  06 03 55 1d 23 04 14 30  12 80 10 48 13 49 4d 13  |..U.#..0...H.IM.|
-00000370  7e 16 31 bb a3 01 d5 ac  ab 6e 7b 30 19 06 03 55  |~.1......n{0...U|
-00000380  1d 11 04 12 30 10 82 0e  65 78 61 6d 70 6c 65 2e  |....0...example.|
-00000390  67 6f 6c 61 6e 67 30 0d  06 09 2a 86 48 86 f7 0d  |golang0...*.H...|
-000003a0  01 01 0b 05 00 03 81 81  00 9d 30 cc 40 2b 5b 50  |..........0.@+[P|
-000003b0  a0 61 cb ba e5 53 58 e1  ed 83 28 a9 58 1a a9 38  |.a...SX...(.X..8|
-000003c0  a4 95 a1 ac 31 5a 1a 84  66 3d 43 d3 2d d9 0b f2  |....1Z..f=C.-...|
-000003d0  97 df d3 20 64 38 92 24  3a 00 bc cf 9c 7d b7 40  |... d8.$:....}.@|
-000003e0  20 01 5f aa d3 16 61 09  a2 76 fd 13 c3 cc e1 0c  | ._...a..v......|
-000003f0  5c ee b1 87 82 f1 6c 04  ed 73 bb b3 43 77 8d 0c  |\.....l..s..Cw..|
-00000400  1c f1 0f a1 d8 40 83 61  c9 4c 72 2b 9d ae db 46  |.....@.a.Lr+...F|
-00000410  06 06 4d f4 c1 b3 3e c0  d1 bd 42 d4 db fe 3d 13  |..M...>...B...=.|
-00000420  60 84 5c 21 d3 3b e9 fa  e7 16 03 03 00 ac 0c 00  |`.\!.;..........|
-00000430  00 a8 03 00 1d 20 27 94  d8 62 00 f3 3f 21 e6 e1  |..... '..b..?!..|
-00000440  0f 1f 2d 9b 37 4d cf 72  34 48 72 2e 85 46 dd b6  |..-.7M.r4Hr..F..|
-00000450  32 23 64 b3 4b 63 04 01  00 80 82 34 e5 7f 70 51  |2#d.Kc.....4..pQ|
-00000460  42 3b ab 51 61 73 1f 2c  64 04 1d 66 96 ff f9 95  |B;.Qas.,d..f....|
-00000470  86 09 a8 75 11 16 34 05  17 fb 96 9c fb 78 40 4c  |...u..4......x@L|
-00000480  10 5b ee 0d 31 a0 77 32  a8 0f 19 ef a4 30 cd 08  |.[..1.w2.....0..|
-00000490  cb f5 ec 36 fa 24 0a ca  0b d8 16 02 d1 34 86 a7  |...6.$.......4..|
-000004a0  f8 e3 cb e6 62 1c cd 40  d6 4f 0c 2f 5b 66 12 6f  |....b..@.O./[f.o|
-000004b0  8a 2f c4 ef ac 46 86 44  90 e0 65 38 94 4d 5e df  |./...F.D..e8.M^.|
-000004c0  51 a3 40 6e 64 b6 00 6b  88 97 7b 43 78 d9 df 70  |Q.@nd..k..{Cx..p|
-000004d0  fe 66 66 56 82 14 ed ab  08 cd 16 03 03 00 04 0e  |.ffV............|
-000004e0  00 00 00                                          |...|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 7a 58 e1  33 d4 ce ca 57 ef ea b9  |.... zX.3...W...|
-00000040  9d f2 4d ec ce 86 4b e9  c2 b5 64 dd 0f 32 f0 66  |..M...K...d..2.f|
-00000050  65 42 74 d8 59                                    |eBt.Y|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 27 df 9b 14 a1  |.......... '....|
-00000010  cd a5 83 5b 6b 30 60 a3  ae 8d 64 56 fe 8e 87 a2  |...[k0`...dV....|
-00000020  ff 1b 54 72 c8 7c b2 85  9d 8a de                 |..Tr.|.....|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 16 c7 bf a9  7a 72 07 27 88 9a ec 1b  |........zr.'....|
-00000010  d3 44 f2 20 88 e4 c2 8b  61 86 5c 15 03 03 00 12  |.D. ....a.\.....|
-00000020  35 ab f5 f6 92 f9 db 23  bf f1 8e e8 65 62 cf 48  |5......#....eb.H|
-00000030  91 9d                                             |..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM b/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM
deleted file mode 100644
index 90541fd1..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM
+++ /dev/null
@@ -1,85 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 8b 01 00 00  87 03 03 00 00 00 00 00  |................|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
-00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 32 00 05  |.............2..|
-00000060  00 05 01 00 00 00 00 00  0a 00 04 00 02 00 1d 00  |................|
-00000070  0b 00 02 01 00 00 0d 00  0e 00 0c 04 01 04 03 05  |................|
-00000080  01 05 03 02 01 02 03 ff  01 00 01 00 00 12 00 00  |................|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 07 42 b0 44 05  |....Y...U...B.D.|
-00000010  b1 6d 3c f0 60 fe 6a f2  1f 8f 1d 88 de 4b 6a 1b  |.m<.`.j......Kj.|
-00000020  4f 72 60 4d 42 a5 f7 77  eb 86 c2 20 99 35 47 07  |Or`MB..w... .5G.|
-00000030  64 60 32 52 2e 1d 54 d5  b7 e2 26 85 72 c1 ec 8d  |d`2R..T...&.r...|
-00000040  fb 59 86 91 46 7d ad 16  bd b7 38 94 c0 2f 00 00  |.Y..F}....8../..|
-00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
-00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
-00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
-00000080  3f e2 5b ea a6 30 0d 06  09 2a 86 48 86 f7 0d 01  |?.[..0...*.H....|
-00000090  01 0b 05 00 30 1f 31 0b  30 09 06 03 55 04 0a 13  |....0.1.0...U...|
-000000a0  02 47 6f 31 10 30 0e 06  03 55 04 03 13 07 47 6f  |.Go1.0...U....Go|
-000000b0  20 52 6f 6f 74 30 1e 17  0d 31 36 30 31 30 31 30  | Root0...1601010|
-000000c0  30 30 30 30 30 5a 17 0d  32 35 30 31 30 31 30 30  |00000Z..25010100|
-000000d0  30 30 30 30 5a 30 1a 31  0b 30 09 06 03 55 04 0a  |0000Z0.1.0...U..|
-000000e0  13 02 47 6f 31 0b 30 09  06 03 55 04 03 13 02 47  |..Go1.0...U....G|
-000000f0  6f 30 81 9f 30 0d 06 09  2a 86 48 86 f7 0d 01 01  |o0..0...*.H.....|
-00000100  01 05 00 03 81 8d 00 30  81 89 02 81 81 00 db 46  |.......0.......F|
-00000110  7d 93 2e 12 27 06 48 bc  06 28 21 ab 7e c4 b6 a2  |}...'.H..(!.~...|
-00000120  5d fe 1e 52 45 88 7a 36  47 a5 08 0d 92 42 5b c2  |]..RE.z6G....B[.|
-00000130  81 c0 be 97 79 98 40 fb  4f 6d 14 fd 2b 13 8b c2  |....y.@.Om..+...|
-00000140  a5 2e 67 d8 d4 09 9e d6  22 38 b7 4a 0b 74 73 2b  |..g....."8.J.ts+|
-00000150  c2 34 f1 d1 93 e5 96 d9  74 7b f3 58 9f 6c 61 3c  |.4......t{.X.la<|
-00000160  c0 b0 41 d4 d9 2b 2b 24  23 77 5b 1c 3b bd 75 5d  |..A..++$#w[.;.u]|
-00000170  ce 20 54 cf a1 63 87 1d  1e 24 c4 f3 1d 1a 50 8b  |. T..c...$....P.|
-00000180  aa b6 14 43 ed 97 a7 75  62 f4 14 c8 52 d7 02 03  |...C...ub...R...|
-00000190  01 00 01 a3 81 93 30 81  90 30 0e 06 03 55 1d 0f  |......0..0...U..|
-000001a0  01 01 ff 04 04 03 02 05  a0 30 1d 06 03 55 1d 25  |.........0...U.%|
-000001b0  04 16 30 14 06 08 2b 06  01 05 05 07 03 01 06 08  |..0...+.........|
-000001c0  2b 06 01 05 05 07 03 02  30 0c 06 03 55 1d 13 01  |+.......0...U...|
-000001d0  01 ff 04 02 30 00 30 19  06 03 55 1d 0e 04 12 04  |....0.0...U.....|
-000001e0  10 9f 91 16 1f 43 43 3e  49 a6 de 6d b6 80 d7 9f  |.....CC>I..m....|
-000001f0  60 30 1b 06 03 55 1d 23  04 14 30 12 80 10 48 13  |`0...U.#..0...H.|
-00000200  49 4d 13 7e 16 31 bb a3  01 d5 ac ab 6e 7b 30 19  |IM.~.1......n{0.|
-00000210  06 03 55 1d 11 04 12 30  10 82 0e 65 78 61 6d 70  |..U....0...examp|
-00000220  6c 65 2e 67 6f 6c 61 6e  67 30 0d 06 09 2a 86 48  |le.golang0...*.H|
-00000230  86 f7 0d 01 01 0b 05 00  03 81 81 00 9d 30 cc 40  |.............0.@|
-00000240  2b 5b 50 a0 61 cb ba e5  53 58 e1 ed 83 28 a9 58  |+[P.a...SX...(.X|
-00000250  1a a9 38 a4 95 a1 ac 31  5a 1a 84 66 3d 43 d3 2d  |..8....1Z..f=C.-|
-00000260  d9 0b f2 97 df d3 20 64  38 92 24 3a 00 bc cf 9c  |...... d8.$:....|
-00000270  7d b7 40 20 01 5f aa d3  16 61 09 a2 76 fd 13 c3  |}.@ ._...a..v...|
-00000280  cc e1 0c 5c ee b1 87 82  f1 6c 04 ed 73 bb b3 43  |...\.....l..s..C|
-00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
-000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
-000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 cc f6 2e 98 6c e0 8b  |........ ....l..|
-000002d0  15 17 63 6f 97 5e 37 6a  a7 3c 4b f2 d4 91 e0 87  |..co.^7j.<K.....|
-000002e0  53 1d d3 9e f3 43 a9 21  40 04 01 00 80 3c 35 db  |S....C.!@....<5.|
-000002f0  b1 ef 58 96 b4 3f eb 6b  d5 0d b7 ab cd 51 8d 57  |..X..?.k.....Q.W|
-00000300  2b fe 3a 7f 72 42 a0 a7  7d 1d db c1 6c cd df de  |+.:.rB..}...l...|
-00000310  7f 98 69 b0 0b c1 56 07  34 51 79 dc 1a 52 d1 11  |..i...V.4Qy..R..|
-00000320  ea b4 dd 0f 9d 9a 8c a3  4f 23 da 0e aa dc 2a e1  |........O#....*.|
-00000330  16 51 a4 33 e2 4f f8 34  2d b0 ba f5 f5 ed 3e 24  |.Q.3.O.4-.....>$|
-00000340  04 f0 b9 ab 81 b8 4e 39  88 8f b7 46 2c 60 b8 5c  |......N9...F,`.\|
-00000350  6f 4d d4 5d 7a 04 f7 1d  82 98 a2 b1 f9 7e f0 1f  |oM.]z........~..|
-00000360  cf a5 e5 28 25 d4 3d b0  32 ea eb 21 c6 16 03 03  |...(%.=.2..!....|
-00000370  00 04 0e 00 00 00                                 |......|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
-00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
-00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 75 70 c8  |....(........up.|
-00000040  c5 ef ae 60 b5 8d ba 98  1a 7d 8d c3 e4 32 fc 33  |...`.....}...2.3|
-00000050  5e 15 cc e2 d7 5d d5 76  52 1a fe ac 1e           |^....].vR....|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 7f 2b fe 0d 9f  |..........(.+...|
-00000010  93 07 fd ee 48 76 09 fb  8d 4c dd 7b b5 b5 26 36  |....Hv...L.{..&6|
-00000020  3e 05 e1 1b a7 dc 0b 4a  c0 69 a8 22 33 0b 17 fc  |>......J.i."3...|
-00000030  6f ab b8                                          |o..|
->>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 49 61 5c  |.............Ia\|
-00000010  db f2 e5 63 23 3a f1 dd  12 3e 61 ed d9 4b 5f b5  |...c#:...>a..K_.|
-00000020  d3 f7 38 15 03 03 00 1a  00 00 00 00 00 00 00 02  |..8.............|
-00000030  af 09 a7 f1 e1 d9 1f 54  d1 35 19 16 b7 23 ce 4e  |.......T.5...#.N|
-00000040  3a b1                                             |:.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-3DES b/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-3DES
deleted file mode 100644
index 11a8a1c8..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-3DES
+++ /dev/null
@@ -1,76 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 00 00 2f 01 00 00  2b 03 00 47 b4 bd 36 64  |..../...+..G..6d|
-00000010  0a 7d 37 1d 99 ac fd 1c  7a 3f d5 0f 9d 90 e3 59  |.}7.....z?.....Y|
-00000020  64 e4 fb 59 3a 4a 5f 53  d2 af 88 00 00 04 00 0a  |d..Y:J_S........|
-00000030  00 ff 01 00                                       |....|
->>> Flow 2 (server to client)
-00000000  16 03 00 00 31 02 00 00  2d 03 00 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 0a 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  00 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 00 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 00 00 84 10 00 00  80 43 4d 76 6b 7f b3 e6  |.........CMvk...|
-00000010  82 18 f9 8a a5 cd 45 ab  8f 1a 1d d4 9a 0a 1d 50  |......E........P|
-00000020  96 f2 08 14 a7 6b e3 ef  d1 31 6b 18 d2 f5 ee e3  |.....k...1k.....|
-00000030  cd df 67 23 3d ec 70 09  07 df 32 c2 cd 60 6c 2b  |..g#=.p...2..`l+|
-00000040  7f 04 cd b3 77 87 78 e5  90 60 41 0c fc 22 1a 3a  |....w.x..`A..".:|
-00000050  82 29 28 92 9c f8 33 3a  72 ee 08 58 55 d5 ea 9c  |.)(...3:r..XU...|
-00000060  37 96 a4 92 75 e0 29 8a  18 ad 5a c1 1f 4c aa c7  |7...u.)...Z..L..|
-00000070  49 89 6e ff 29 32 a3 c8  51 e8 50 3f 41 10 36 27  |I.n.)2..Q.P?A.6'|
-00000080  0b 60 a2 96 4b 82 a9 c6  52 14 03 00 00 01 01 16  |.`..K...R.......|
-00000090  03 00 00 40 b3 59 d0 de  d1 47 8e 9e 1a 27 16 41  |...@.Y...G...'.A|
-000000a0  f7 38 4e 91 12 a0 71 89  1c 68 29 dc 60 7e 2c 39  |.8N...q..h).`~,9|
-000000b0  45 cb e6 98 8d 43 5e 76  34 ca 5b 86 24 9d 77 0a  |E....C^v4.[.$.w.|
-000000c0  90 60 19 75 67 74 3d 95  1d e7 82 ee a8 9f 3a 60  |.`.ugt=.......:`|
-000000d0  8e ac 28 74                                       |..(t|
->>> Flow 4 (server to client)
-00000000  14 03 00 00 01 01 16 03  00 00 40 e8 3e 89 b5 10  |..........@.>...|
-00000010  e4 c9 eb f7 3f 83 e5 6a  7c 04 fd e6 96 69 25 fb  |....?..j|....i%.|
-00000020  0b 0b 0e f7 13 4e 99 45  d2 0e 13 22 6b d1 0e 32  |.....N.E..."k..2|
-00000030  30 b5 c4 a2 03 cf 22 59  68 5c cc 63 96 f5 01 f3  |0....."Yh\.c....|
-00000040  2c b3 b5 13 e1 9d 19 45  c0 4f 28 17 03 00 00 18  |,......E.O(.....|
-00000050  2e cb 8c b3 d4 d5 c2 18  fd 6e dc 72 7b b3 4b b8  |.........n.r{.K.|
-00000060  10 56 0a 01 af 55 e8 5a  17 03 00 00 28 3f df 74  |.V...U.Z....(?.t|
-00000070  2f b9 5b a4 43 ec 24 68  ad ff 6c 52 b5 6a 91 0c  |/.[.C.$h..lR.j..|
-00000080  be 3b 25 c9 e4 40 59 66  17 cb f0 e7 6b 6e cd 43  |.;%..@Yf....kn.C|
-00000090  ac be b7 62 d0 15 03 00  00 18 43 4d 3c fd 83 6e  |...b......CM<..n|
-000000a0  e0 3f ae 40 0c 8a a1 08  d2 74 e2 60 7b d0 97 d5  |.?.@.....t.`{...|
-000000b0  e8 a5                                             |..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-AES b/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-AES
deleted file mode 100644
index 771373c2..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-AES
+++ /dev/null
@@ -1,77 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 00 00 2f 01 00 00  2b 03 00 26 1e 06 cd 27  |..../...+..&...'|
-00000010  f5 2a b4 8d 00 07 47 16  02 23 aa 5e 92 02 95 4a  |.*....G..#.^...J|
-00000020  1a 0b a8 51 8a 6f 4a 31  3c e9 a2 00 00 04 00 2f  |...Q.oJ1<....../|
-00000030  00 ff 01 00                                       |....|
->>> Flow 2 (server to client)
-00000000  16 03 00 00 31 02 00 00  2d 03 00 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  00 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 00 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 00 00 84 10 00 00  80 66 67 59 2f 21 b9 e3  |.........fgY/!..|
-00000010  0d a9 78 0c 6b fc dc 6f  69 4e f9 00 8b 40 a2 0f  |..x.k..oiN...@..|
-00000020  5a d8 8c d2 59 ab 33 78  f6 42 2f fa cf d6 48 7a  |Z...Y.3x.B/...Hz|
-00000030  59 30 94 1c 10 49 30 69  4a 6c a2 e5 ce 59 6d e3  |Y0...I0iJl...Ym.|
-00000040  49 0c a7 0a ab 17 8b c6  48 82 71 44 d5 7d 80 e5  |I.......H.qD.}..|
-00000050  6d 45 6c 10 12 01 85 71  ee dc c5 e3 19 41 ed 22  |mEl....q.....A."|
-00000060  11 5c c4 25 c6 90 ad c8  4c 48 45 8d ad 6c f4 ef  |.\.%....LHE..l..|
-00000070  fb b4 2b 53 90 cc 78 b0  9e 22 e7 2c 1a 64 0e 8b  |..+S..x..".,.d..|
-00000080  d8 57 54 74 c5 33 20 3f  42 14 03 00 00 01 01 16  |.WTt.3 ?B.......|
-00000090  03 00 00 40 18 b6 0a d4  9e 4d fa 8a 67 ce 8e d5  |...@.....M..g...|
-000000a0  51 31 75 65 f1 ff 54 a2  1b 80 c5 c3 a0 fc d2 78  |Q1ue..T........x|
-000000b0  0b 99 3b 65 6c 1d 52 6d  a9 9f 64 13 97 d5 2e b1  |..;el.Rm..d.....|
-000000c0  76 0b a0 fb f6 16 f7 72  28 a5 8a 11 a7 46 d5 59  |v......r(....F.Y|
-000000d0  e1 f4 f3 6f                                       |...o|
->>> Flow 4 (server to client)
-00000000  14 03 00 00 01 01 16 03  00 00 40 6c 5b 64 b5 f9  |..........@l[d..|
-00000010  76 cc 7e 51 72 46 ab 21  17 b3 fb 2b 48 c5 5a 9f  |v.~QrF.!...+H.Z.|
-00000020  e6 35 14 ff df c7 a7 4b  5e 5a 9b 82 57 b5 bf 4d  |.5.....K^Z..W..M|
-00000030  5f 7c a5 be 67 96 71 3a  63 ad 76 86 66 06 e9 a2  |_|..g.q:c.v.f...|
-00000040  35 39 6f 79 13 21 4b 19  c1 83 0e 17 03 00 00 20  |59oy.!K........ |
-00000050  1a 80 c5 d1 8b 33 79 89  39 fc 11 44 80 33 1a f7  |.....3y.9..D.3..|
-00000060  9f 63 96 5d c9 1a d4 56  2a ee 68 24 68 83 5d ca  |.c.]...V*.h$h.].|
-00000070  17 03 00 00 30 7c d4 88  17 d0 10 66 6a b3 61 ed  |....0|.....fj.a.|
-00000080  0a b5 72 55 ca fb c4 ec  e2 f2 e2 bf 67 dd 3d c9  |..rU........g.=.|
-00000090  01 3b 50 5c 35 ce 28 2d  e6 9c 1f 5c 70 14 46 2a  |.;P\5.(-...\p.F*|
-000000a0  d8 9e ef 6a 66 15 03 00  00 20 c7 af e1 86 10 30  |...jf.... .....0|
-000000b0  41 73 88 b2 86 02 a8 60  38 61 92 32 11 22 2d 47  |As.....`8a.2."-G|
-000000c0  76 fe 22 9c 76 c2 00 ee  e9 03                    |v.".v.....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-RC4
deleted file mode 100644
index f5674ccd..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-SSLv3-RSA-RC4
+++ /dev/null
@@ -1,72 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 00 00 2f 01 00 00  2b 03 00 3f cc 8d 3f f0  |..../...+..?..?.|
-00000010  c9 36 6f 43 43 c1 46 45  cd bf e5 ba 02 e6 55 2c  |.6oCC.FE......U,|
-00000020  3a 24 4a db cb a8 f2 1d  26 3e ef 00 00 04 00 05  |:$J.....&>......|
-00000030  00 ff 01 00                                       |....|
->>> Flow 2 (server to client)
-00000000  16 03 00 00 31 02 00 00  2d 03 00 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 05 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  00 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 00 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 00 00 84 10 00 00  80 13 5d 75 f0 6d 24 54  |..........]u.m$T|
-00000010  f5 a1 f0 13 86 61 ce ea  66 86 06 eb c8 27 78 9f  |.....a..f....'x.|
-00000020  10 0d ef 94 3f 1b fb 8c  11 14 67 2a 0e 2a 1b cf  |....?.....g*.*..|
-00000030  ae 5a cb ac b8 b2 ea a8  70 85 ee fd 88 a9 61 a4  |.Z......p.....a.|
-00000040  75 66 86 a5 88 96 a0 0d  6f 77 fe 63 5e 88 60 4d  |uf......ow.c^.`M|
-00000050  f6 b7 93 28 99 72 e8 60  ed 64 9a 3f e6 12 ea ee  |...(.r.`.d.?....|
-00000060  83 58 d4 0c 19 e0 2b ce  b0 b4 fa 73 9f 78 d9 09  |.X....+....s.x..|
-00000070  8c 17 b8 f5 04 e1 de c4  fe a9 1a aa ba 0d be f3  |................|
-00000080  c8 e1 e4 e8 cc 39 4c f0  b9 14 03 00 00 01 01 16  |.....9L.........|
-00000090  03 00 00 3c 1b 70 07 7f  ad 8f a7 78 fd e8 eb b2  |...<.p.....x....|
-000000a0  9a 54 86 a2 dd bc fa b6  0a 52 48 24 79 6a 04 f6  |.T.......RH$yj..|
-000000b0  28 80 1f b7 b1 c6 4e 07  a3 52 60 5a 5a 81 14 11  |(.....N..R`ZZ...|
-000000c0  d2 ee 33 71 e7 d3 ba 3e  4b 31 81 f2 f0 49 ee e4  |..3q...>K1...I..|
->>> Flow 4 (server to client)
-00000000  14 03 00 00 01 01 16 03  00 00 3c 47 20 7c b9 0d  |..........<G |..|
-00000010  f8 59 c0 79 25 ae 8a f3  f5 7d 0c f5 62 d4 a5 5b  |.Y.y%....}..b..[|
-00000020  f6 08 36 cc 99 21 ac 80  04 48 49 2c 04 7c 87 08  |..6..!...HI,.|..|
-00000030  d3 10 43 a9 6a ec 99 96  99 0a fa cb db 95 6f fe  |..C.j.........o.|
-00000040  b1 75 77 1e b7 a9 9d 17  03 00 00 21 1a 2f bc 70  |.uw........!./.p|
-00000050  2c 00 6b 55 e1 e5 81 17  1c b7 a1 11 d7 21 c1 2f  |,.kU.........!./|
-00000060  3e 95 f8 48 74 a4 97 0a  9d a2 0b bc d4 15 03 00  |>..Ht...........|
-00000070  00 16 67 0d 6d 69 53 87  92 23 21 51 72 f6 31 73  |..g.miS..#!Qr.1s|
-00000080  db bd 3c e6 f4 12 4c 69                           |..<...Li|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-ECDHE-ECDSA-AES
deleted file mode 100644
index 3e170818..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-ECDHE-ECDSA-AES
+++ /dev/null
@@ -1,78 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 4f 01 00 00  4b 03 01 f1 86 d0 c8 69  |....O...K......i|
-00000010  46 0b 0b 89 08 c0 82 c0  f7 f1 9a b6 d2 2b e1 46  |F............+.F|
-00000020  e6 e1 44 65 de 39 0a 68  a8 d5 1c 00 00 04 c0 0a  |..De.9.h........|
-00000030  00 ff 01 00 00 1e 00 0b  00 04 03 00 01 02 00 0a  |................|
-00000040  00 0a 00 08 00 1d 00 17  00 19 00 18 00 16 00 00  |................|
-00000050  00 17 00 00                                       |....|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 31 02 00 00  2d 03 01 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 0a 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  01 02 0e 0b 00 02 0a 00  |................|
-00000040  02 07 00 02 04 30 82 02  00 30 82 01 62 02 09 00  |.....0...0..b...|
-00000050  b8 bf 2d 47 a0 d2 eb f4  30 09 06 07 2a 86 48 ce  |..-G....0...*.H.|
-00000060  3d 04 01 30 45 31 0b 30  09 06 03 55 04 06 13 02  |=..0E1.0...U....|
-00000070  41 55 31 13 30 11 06 03  55 04 08 13 0a 53 6f 6d  |AU1.0...U....Som|
-00000080  65 2d 53 74 61 74 65 31  21 30 1f 06 03 55 04 0a  |e-State1!0...U..|
-00000090  13 18 49 6e 74 65 72 6e  65 74 20 57 69 64 67 69  |..Internet Widgi|
-000000a0  74 73 20 50 74 79 20 4c  74 64 30 1e 17 0d 31 32  |ts Pty Ltd0...12|
-000000b0  31 31 32 32 31 35 30 36  33 32 5a 17 0d 32 32 31  |1122150632Z..221|
-000000c0  31 32 30 31 35 30 36 33  32 5a 30 45 31 0b 30 09  |120150632Z0E1.0.|
-000000d0  06 03 55 04 06 13 02 41  55 31 13 30 11 06 03 55  |..U....AU1.0...U|
-000000e0  04 08 13 0a 53 6f 6d 65  2d 53 74 61 74 65 31 21  |....Some-State1!|
-000000f0  30 1f 06 03 55 04 0a 13  18 49 6e 74 65 72 6e 65  |0...U....Interne|
-00000100  74 20 57 69 64 67 69 74  73 20 50 74 79 20 4c 74  |t Widgits Pty Lt|
-00000110  64 30 81 9b 30 10 06 07  2a 86 48 ce 3d 02 01 06  |d0..0...*.H.=...|
-00000120  05 2b 81 04 00 23 03 81  86 00 04 00 c4 a1 ed be  |.+...#..........|
-00000130  98 f9 0b 48 73 36 7e c3  16 56 11 22 f2 3d 53 c3  |...Hs6~..V.".=S.|
-00000140  3b 4d 21 3d cd 6b 75 e6  f6 b0 dc 9a df 26 c1 bc  |;M!=.ku......&..|
-00000150  b2 87 f0 72 32 7c b3 64  2f 1c 90 bc ea 68 23 10  |...r2|.d/....h#.|
-00000160  7e fe e3 25 c0 48 3a 69  e0 28 6d d3 37 00 ef 04  |~..%.H:i.(m.7...|
-00000170  62 dd 0d a0 9c 70 62 83  d8 81 d3 64 31 aa 9e 97  |b....pb....d1...|
-00000180  31 bd 96 b0 68 c0 9b 23  de 76 64 3f 1a 5c 7f e9  |1...h..#.vd?.\..|
-00000190  12 0e 58 58 b6 5f 70 dd  9b d8 ea d5 d7 f5 d5 cc  |..XX._p.........|
-000001a0  b9 b6 9f 30 66 5b 66 9a  20 e2 27 e5 bf fe 3b 30  |...0f[f. .'...;0|
-000001b0  09 06 07 2a 86 48 ce 3d  04 01 03 81 8c 00 30 81  |...*.H.=......0.|
-000001c0  88 02 42 01 88 a2 4f eb  e2 45 c5 48 7d 1b ac f5  |..B...O..E.H}...|
-000001d0  ed 98 9d ae 47 70 c0 5e  1b b6 2f bd f1 b6 4d b7  |....Gp.^../...M.|
-000001e0  61 40 d3 11 a2 ce ee 0b  7e 92 7e ff 76 9d c3 3b  |a@......~.~.v..;|
-000001f0  7e a5 3f ce fa 10 e2 59  ec 47 2d 7c ac da 4e 97  |~.?....Y.G-|..N.|
-00000200  0e 15 a0 6f d0 02 42 01  4d fc be 67 13 9c 2d 05  |...o..B.M..g..-.|
-00000210  0e bd 3f a3 8c 25 c1 33  13 83 0d 94 06 bb d4 37  |..?..%.3.......7|
-00000220  7a f6 ec 7a c9 86 2e dd  d7 11 69 7f 85 7c 56 de  |z..z......i..|V.|
-00000230  fb 31 78 2b e4 c7 78 0d  ae cb be 9e 4e 36 24 31  |.1x+..x.....N6$1|
-00000240  7b 6a 0f 39 95 12 07 8f  2a 16 03 01 00 b5 0c 00  |{j.9....*.......|
-00000250  00 b1 03 00 1d 20 2f e5  7d a3 47 cd 62 43 15 28  |..... /.}.G.bC.(|
-00000260  da ac 5f bb 29 07 30 ff  f6 84 af c4 cf c2 ed 90  |.._.).0.........|
-00000270  99 5f 58 cb 3b 74 00 8b  30 81 88 02 42 00 ad 93  |._X.;t..0...B...|
-00000280  e2 c2 3d 7e 95 63 17 5d  45 cf cd 27 af d2 db b3  |..=~.c.]E..'....|
-00000290  d0 bc 13 1e 6f 0a 61 3a  fb 3c b3 03 61 2c 36 ae  |....o.a:.<..a,6.|
-000002a0  4f be 27 e9 43 3c cf 57  9b 82 5e 7d 54 36 ed 7e  |O.'.C<.W..^}T6.~|
-000002b0  0b 34 68 26 90 00 20 02  0f c1 18 bc 79 1b 90 02  |.4h&.. .....y...|
-000002c0  42 01 6b 66 9d 56 48 8e  5e 38 93 48 03 6b b9 d7  |B.kf.VH.^8.H.k..|
-000002d0  bd 14 a0 3e 8a 27 81 7f  fe 4d e5 8a 12 4d 95 16  |...>.'...M...M..|
-000002e0  ef c7 8d 60 07 1d 22 f8  5d 72 0d cc be c3 51 69  |...`..".]r....Qi|
-000002f0  7a 04 e3 84 e5 ba dd 04  1d d4 4c 6f 9f 6b 12 e0  |z.........Lo.k..|
-00000300  2f 83 3c 16 03 01 00 04  0e 00 00 00              |/.<.........|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 25 10 00 00  21 20 18 40 ea d1 e1 17  |....%...! .@....|
-00000010  b6 a2 a5 db 20 13 70 81  90 fc ac e8 96 7c b1 e1  |.... .p......|..|
-00000020  ff 6f 57 1f c1 64 72 94  f7 05 14 03 01 00 01 01  |.oW..dr.........|
-00000030  16 03 01 00 30 05 33 48  f0 2a 3a df df 1d c4 3d  |....0.3H.*:....=|
-00000040  87 ea 9d 04 04 eb 84 bf  a0 ed bc 56 2f ab 36 52  |...........V/.6R|
-00000050  d5 b2 2c 6f 8c 58 49 51  33 d5 fc df 5d 09 df e9  |..,o.XIQ3...]...|
-00000060  be 20 30 9a 37                                    |. 0.7|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 8c b6 5b 83 03  |..........0..[..|
-00000010  c0 d8 83 f7 1d 24 2e ec  39 68 00 91 73 d2 5a 15  |.....$..9h..s.Z.|
-00000020  3f 83 aa e3 6d fd cc 31  58 90 e9 a9 e3 e4 78 5d  |?...m..1X.....x]|
-00000030  ce 8e b3 ba cd 71 aa a2  fd f4 7c 17 03 01 00 20  |.....q....|.... |
-00000040  62 98 34 9d 01 13 13 2d  1b 27 3a 4f 10 28 48 d6  |b.4....-.':O.(H.|
-00000050  32 8c 99 2a c8 64 14 6e  dc f5 7c 6d 16 59 45 8e  |2..*.d.n..|m.YE.|
-00000060  17 03 01 00 30 1e ed f9  40 ad 5c 5d f6 94 c9 fd  |....0...@.\]....|
-00000070  a1 ac fc 00 7b 48 9a 59  6d f5 b7 06 a4 66 25 04  |....{H.Ym....f%.|
-00000080  61 33 08 f3 66 86 21 00  fb f3 03 78 83 4c b6 c8  |a3..f.!....x.L..|
-00000090  9d 5e ea f5 7e 15 03 01  00 20 98 d8 f6 2a 79 60  |.^..~.... ...*y`|
-000000a0  8d fb c9 45 2f 27 59 17  a9 79 eb e7 b9 46 f1 57  |...E/'Y..y...F.W|
-000000b0  a6 fa ea e1 d0 23 8c 03  4f 72                    |.....#..Or|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-3DES b/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-3DES
deleted file mode 100644
index 9590b0da..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-3DES
+++ /dev/null
@@ -1,72 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 39 01 00 00  35 03 01 58 71 a3 0c c4  |....9...5..Xq...|
-00000010  b6 b0 33 0a 66 3c eb c6  f4 d9 0e 99 75 d4 9e b6  |..3.f<......u...|
-00000020  03 b4 ae ae ad bc a8 ab  64 a0 27 00 00 04 00 0a  |........d.'.....|
-00000030  00 ff 01 00 00 08 00 16  00 00 00 17 00 00        |..............|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 31 02 00 00  2d 03 01 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 0a 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  01 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 01 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 86 10 00 00  82 00 80 ab 50 cd 04 9e  |............P...|
-00000010  db 19 e4 18 26 ff 59 41  20 02 a5 a2 20 a3 1c 44  |....&.YA ... ..D|
-00000020  02 bc 9a 1c d9 d7 5d 5b  55 fc 2a 4d 2b 03 22 b1  |......][U.*M+.".|
-00000030  de 96 10 84 6f e3 f2 22  2d 6f cb 29 07 43 a6 6e  |....o.."-o.).C.n|
-00000040  ce 23 64 f7 72 2b dc 9b  c0 6f 7f bd 8e cf e2 7f  |.#d.r+...o......|
-00000050  75 12 24 72 23 6b 26 08  69 76 17 c0 21 91 c0 7d  |u.$r#k&.iv..!..}|
-00000060  8c 8f 20 83 08 02 0d 73  27 23 91 35 5f 3f e6 56  |.. ....s'#.5_?.V|
-00000070  1d 69 d3 1d 3b 0e fa 60  86 8b 40 ad c0 48 59 60  |.i..;..`..@..HY`|
-00000080  45 eb b0 77 2c 91 94 75  fd 6a d3 14 03 01 00 01  |E..w,..u.j......|
-00000090  01 16 03 01 00 28 8b 25  c1 8f 25 32 b5 cb 74 6d  |.....(.%..%2..tm|
-000000a0  08 67 59 a3 ae ae 16 f9  fa 03 f6 54 42 f4 56 3f  |.gY........TB.V?|
-000000b0  c4 12 66 f3 1a b0 48 95  24 79 fe 41 a5 d1        |..f...H.$y.A..|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 28 ff 69 ed 0f 20  |..........(.i.. |
-00000010  ff e1 42 78 b9 bc a8 61  48 82 08 a0 01 a5 98 91  |..Bx...aH.......|
-00000020  3e 39 d4 6d 17 38 a2 04  18 ed 90 3c f0 cf 6a 9a  |>9.m.8.....<..j.|
-00000030  ea c5 45 17 03 01 00 18  b5 76 2c 0e f1 34 51 e5  |..E......v,..4Q.|
-00000040  f5 38 d3 9f c9 c5 d5 19  35 c3 2e ec 18 df 8e c8  |.8......5.......|
-00000050  17 03 01 00 28 47 6f e9  c0 fa b3 21 ec 6c 16 e7  |....(Go....!.l..|
-00000060  71 a8 09 15 17 86 68 1c  cf fa ea 37 68 d3 33 ef  |q.....h....7h.3.|
-00000070  4a b1 95 46 5b 16 d7 95  f8 13 65 2f 93 15 03 01  |J..F[.....e/....|
-00000080  00 18 1b 0c 09 81 ff fc  6d 82 84 ab 83 98 fc 72  |........m......r|
-00000090  f5 4a a0 eb 08 96 79 01  76 26                    |.J....y.v&|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-AES b/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-AES
deleted file mode 100644
index c1750292..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-AES
+++ /dev/null
@@ -1,75 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 39 01 00 00  35 03 01 82 f3 04 d5 71  |....9...5......q|
-00000010  d8 65 69 36 46 cb 45 77  b2 ef 00 75 98 e4 16 d2  |.ei6F.Ew...u....|
-00000020  70 f7 3c 97 84 49 ef da  5d cd 64 00 00 04 00 2f  |p.<..I..].d..../|
-00000030  00 ff 01 00 00 08 00 16  00 00 00 17 00 00        |..............|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 31 02 00 00  2d 03 01 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  01 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 01 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 86 10 00 00  82 00 80 9c a1 18 77 22  |..............w"|
-00000010  f5 a1 cf 4d cc df 27 7c  c5 7e 98 24 24 be 2f b2  |...M..'|.~.$$./.|
-00000020  1d d7 b8 2f fe 90 73 d0  fc f6 88 3c 91 a4 bc dc  |.../..s....<....|
-00000030  b9 0b 48 0d 55 e5 9f c1  8a 6c 1c 7d 4d a9 12 d5  |..H.U....l.}M...|
-00000040  87 4b 9a 77 74 3d 33 8c  c7 17 fb 32 09 df 86 f1  |.K.wt=3....2....|
-00000050  93 cc 17 f9 08 bd bc 0e  38 df 9d 82 ad cc 70 0c  |........8.....p.|
-00000060  f5 8b 8d 99 e8 5f 3e e5  a6 c7 c2 6a 67 02 90 82  |....._>....jg...|
-00000070  28 9a 72 e1 3e 77 51 10  84 29 21 09 56 36 f2 6a  |(.r.>wQ..)!.V6.j|
-00000080  1d 15 08 7b 44 41 43 59  55 8d 52 14 03 01 00 01  |...{DACYU.R.....|
-00000090  01 16 03 01 00 30 06 5b  20 42 7e 7b 1f 4b 7c 36  |.....0.[ B~{.K|6|
-000000a0  99 bb c6 b4 ea a1 19 3e  02 0c 3b 3a 38 be 80 11  |.......>..;:8...|
-000000b0  29 72 a8 12 92 ad 24 9d  bf 01 3e ef 9a f1 db 33  |)r....$...>....3|
-000000c0  3e c1 dc d2 51 b1                                 |>...Q.|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 30 2e d5 04 91 6d  |..........0....m|
-00000010  32 12 8b 41 4a 46 2c f3  7f d4 16 0a 21 c2 ac 88  |2..AJF,.....!...|
-00000020  09 a0 b5 0d 65 4e 44 e1  92 5a ae b8 3f 61 1f 35  |....eND..Z..?a.5|
-00000030  ab 3a fe bd f8 3c 2c 42  dd 68 0f 17 03 01 00 20  |.:...<,B.h..... |
-00000040  6e d4 08 98 bf b7 18 84  ee 68 f8 17 88 c5 13 7a  |n........h.....z|
-00000050  73 e0 c6 ca 0d 21 4d 6b  44 dc 94 36 6c e4 a0 2f  |s....!MkD..6l../|
-00000060  17 03 01 00 30 a0 45 d0  88 5d 96 48 26 46 37 33  |....0.E..].H&F73|
-00000070  f6 48 f3 38 2e 38 d7 b6  ef d5 25 bf f3 1b b6 78  |.H.8.8....%....x|
-00000080  32 a7 9c fe be 55 35 f2  07 5b b7 14 87 89 80 f2  |2....U5..[......|
-00000090  cc d5 cb c8 57 15 03 01  00 20 80 2a 8e 6c b8 5a  |....W.... .*.l.Z|
-000000a0  41 b4 ae 56 ca 3f 8b a2  e1 ea a0 55 64 b5 60 44  |A..V.?.....Ud.`D|
-000000b0  8f de 33 c6 37 f7 df b5  d9 c3                    |..3.7.....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-RC4
deleted file mode 100644
index 3d788c35..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv10-RSA-RC4
+++ /dev/null
@@ -1,69 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 39 01 00 00  35 03 01 71 34 00 f7 c4  |....9...5..q4...|
-00000010  e6 94 b4 ca f2 af d5 0a  82 ce d4 f6 b7 4a a7 d1  |.............J..|
-00000020  1a 88 65 b2 3c b2 6c ec  f7 eb 4a 00 00 04 00 05  |..e.<.l...J.....|
-00000030  00 ff 01 00 00 08 00 16  00 00 00 17 00 00        |..............|
->>> Flow 2 (server to client)
-00000000  16 03 01 00 31 02 00 00  2d 03 01 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 05 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  01 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 01 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 01 00 86 10 00 00  82 00 80 a5 75 5a 20 2c  |............uZ ,|
-00000010  31 f7 61 dc 73 c7 f6 4c  06 d2 b9 c0 e8 5f cc 0c  |1.a.s..L....._..|
-00000020  51 70 0a 30 b2 8a bb 3b  4c 37 f6 d3 38 da 13 48  |Qp.0...;L7..8..H|
-00000030  90 4f fe 41 ec 53 3c fb  07 26 77 68 07 a0 fb 71  |.O.A.S<..&wh...q|
-00000040  b6 cc 3c cd b4 64 03 08  3a 76 97 6e 6c f1 b4 a9  |..<..d..:v.nl...|
-00000050  af f4 e0 ce bf 36 b9 8e  37 12 de 5b ac 24 06 63  |.....6..7..[.$.c|
-00000060  e2 fb 13 33 be 3b 8d 93  e3 10 95 29 21 b2 22 77  |...3.;.....)!."w|
-00000070  cb 95 b2 13 b3 76 47 98  13 1b a8 cc 50 47 ed 50  |.....vG.....PG.P|
-00000080  f0 cc ca 5a c6 a0 1e c9  9c 97 58 14 03 01 00 01  |...Z......X.....|
-00000090  01 16 03 01 00 24 e7 fd  a2 7e fd 6f 53 da 29 68  |.....$...~.oS.)h|
-000000a0  c3 49 2e e9 69 a1 94 b9  e4 a0 cb a2 94 14 a6 42  |.I..i..........B|
-000000b0  df 75 1e da 95 e5 60 e3  35 f1                    |.u....`.5.|
->>> Flow 4 (server to client)
-00000000  14 03 01 00 01 01 16 03  01 00 24 44 a6 c8 7b 5f  |..........$D..{_|
-00000010  b9 4e c2 62 2d e0 c3 9f  76 0f b3 e5 f5 07 b7 c0  |.N.b-...v.......|
-00000020  93 cd 1f 32 3c 0a 7a 83  57 4a 24 59 ac 95 f9 17  |...2<.z.WJ$Y....|
-00000030  03 01 00 21 6f 02 76 2e  70 82 a0 6c 11 ce 3c b8  |...!o.v.p..l..<.|
-00000040  dd d3 9e 2a ee ce d7 7f  63 1a 5b 35 d0 46 68 7d  |...*....c.[5.Fh}|
-00000050  21 6e 5b 64 fc 15 03 01  00 16 81 56 32 7d 51 e4  |!n[d.......V2}Q.|
-00000060  08 53 85 45 65 c3 87 ac  b0 58 70 4f 6f f7 64 4e  |.S.Ee....XpOo.dN|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv11-FallbackSCSV b/firewall/inspection/tls/tlslib/testdata/Server-TLSv11-FallbackSCSV
deleted file mode 100644
index 209e6216..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv11-FallbackSCSV
+++ /dev/null
@@ -1,10 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 63 01 00 00  5f 03 02 6e 78 cc 6a ea  |....c..._..nx.j.|
-00000010  13 aa a8 20 76 7d 32 ca  c7 3f be 88 36 ae fb c3  |... v}2..?..6...|
-00000020  ca 95 35 70 54 20 3b 18  3b ba 82 00 00 14 c0 0a  |..5pT ;.;.......|
-00000030  c0 14 00 39 c0 09 c0 13  00 33 00 35 00 2f 00 ff  |...9.....3.5./..|
-00000040  56 00 01 00 00 22 00 0b  00 04 03 00 01 02 00 0a  |V...."..........|
-00000050  00 0a 00 08 00 1d 00 17  00 19 00 18 00 23 00 00  |.............#..|
-00000060  00 16 00 00 00 17 00 00                           |........|
->>> Flow 2 (server to client)
-00000000  15 03 02 00 02 02 56                              |......V|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv11-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Server-TLSv11-RSA-RC4
deleted file mode 100644
index 18debc47..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv11-RSA-RC4
+++ /dev/null
@@ -1,69 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 39 01 00 00  35 03 02 15 67 73 bf 3f  |....9...5...gs.?|
-00000010  6f 15 30 c2 34 2e c6 1b  23 3a 42 45 4d d9 87 a2  |o.0.4...#:BEM...|
-00000020  e7 b8 de 1c b8 2b cc 21  7a 0b a1 00 00 04 00 05  |.....+.!z.......|
-00000030  00 ff 01 00 00 08 00 16  00 00 00 17 00 00        |..............|
->>> Flow 2 (server to client)
-00000000  16 03 02 00 31 02 00 00  2d 03 02 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 05 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  02 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 02 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 02 00 86 10 00 00  82 00 80 75 8e 85 93 be  |...........u....|
-00000010  53 df e0 4f 65 92 ed 3d  58 34 f8 06 fd 36 e4 5a  |S..Oe..=X4...6.Z|
-00000020  f7 7a 59 88 f6 ac bd de  21 ed c4 04 0d 35 19 cd  |.zY.....!....5..|
-00000030  ff 3b 9f c4 bc 93 4f 21  2a 36 a3 99 a4 6f eb 1e  |.;....O!*6...o..|
-00000040  7b b4 a8 a7 6d 69 a5 93  b6 e3 d2 2d be 7a c8 f3  |{...mi.....-.z..|
-00000050  9f 25 9e f9 51 75 d9 4f  05 41 0e 17 56 31 4e 3f  |.%..Qu.O.A..V1N?|
-00000060  c0 15 d8 c4 29 4d e5 92  f9 ed 50 b6 88 f1 41 ea  |....)M....P...A.|
-00000070  cb 5a 8c 50 12 78 16 e7  21 b6 11 ca 2c 49 cf b6  |.Z.P.x..!...,I..|
-00000080  d2 1a 16 28 f7 08 b5 c9  61 e0 18 14 03 02 00 01  |...(....a.......|
-00000090  01 16 03 02 00 24 a1 cf  1b 5d dc 4c 9c 2c d7 39  |.....$...].L.,.9|
-000000a0  af 13 e9 04 48 c0 2a aa  6f 3a 9c fb 9e 0a 25 55  |....H.*.o:....%U|
-000000b0  7e 82 3d 1b 78 d1 e3 e0  f5 30                    |~.=.x....0|
->>> Flow 4 (server to client)
-00000000  14 03 02 00 01 01 16 03  02 00 24 7b 68 71 56 0f  |..........${hqV.|
-00000010  a5 46 1c 13 34 81 b5 b6  ba 29 fb 41 46 dc fe 78  |.F..4....).AF..x|
-00000020  cc 0b 2d 75 bd fe c1 55  45 b1 fc 04 28 5e b1 17  |..-u...UE...(^..|
-00000030  03 02 00 21 0b fa a9 2f  9e 82 5b 77 30 c2 27 88  |...!.../..[w0.'.|
-00000040  f5 f3 50 47 7b 62 4c 7a  d4 07 71 74 46 da 24 de  |..PG{bLz..qtF.$.|
-00000050  bf 3f 56 a7 9b 15 03 02  00 16 85 26 8a 89 33 21  |.?V........&..3!|
-00000060  36 ce 69 83 84 50 fc 8f  99 b3 43 ad 6b 14 1e b2  |6.i..P....C.k...|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ALPN b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ALPN
deleted file mode 100644
index 3e90ebd9..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ALPN
+++ /dev/null
@@ -1,94 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 bf 01 00 00  bb 03 03 18 c9 32 10 f3  |.............2..|
-00000010  be ff a8 60 c5 2a 03 cb  25 8a b3 54 8d 70 27 90  |...`.*..%..T.p'.|
-00000020  74 1e 15 3e 61 48 9b be  f0 77 1f 00 00 38 c0 2c  |t..>aH...w...8.,|
-00000030  c0 30 00 9f cc a9 cc a8  cc aa c0 2b c0 2f 00 9e  |.0.........+./..|
-00000040  c0 24 c0 28 00 6b c0 23  c0 27 00 67 c0 0a c0 14  |.$.(.k.#.'.g....|
-00000050  00 39 c0 09 c0 13 00 33  00 9d 00 9c 00 3d 00 3c  |.9.....3.....=.<|
-00000060  00 35 00 2f 00 ff 01 00  00 5a 00 0b 00 04 03 00  |.5./.....Z......|
-00000070  01 02 00 0a 00 0a 00 08  00 1d 00 17 00 19 00 18  |................|
-00000080  00 23 00 00 00 0d 00 20  00 1e 06 01 06 02 06 03  |.#..... ........|
-00000090  05 01 05 02 05 03 04 01  04 02 04 03 03 01 03 02  |................|
-000000a0  03 03 02 01 02 02 02 03  00 10 00 10 00 0e 06 70  |...............p|
-000000b0  72 6f 74 6f 32 06 70 72  6f 74 6f 31 00 16 00 00  |roto2.proto1....|
-000000c0  00 17 00 00                                       |....|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 42 02 00 00  3e 03 03 00 00 00 00 00  |....B...>.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 30 00 00  |.............0..|
-00000030  16 00 23 00 00 ff 01 00  01 00 00 10 00 09 00 07  |..#.............|
-00000040  06 70 72 6f 74 6f 31 16  03 03 02 59 0b 00 02 55  |.proto1....Y...U|
-00000050  00 02 52 00 02 4f 30 82  02 4b 30 82 01 b4 a0 03  |..R..O0..K0.....|
-00000060  02 01 02 02 09 00 e8 f0  9d 3f e2 5b ea a6 30 0d  |.........?.[..0.|
-00000070  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 1f 31  |..*.H........0.1|
-00000080  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 10 30 0e  |.0...U....Go1.0.|
-00000090  06 03 55 04 03 13 07 47  6f 20 52 6f 6f 74 30 1e  |..U....Go Root0.|
-000000a0  17 0d 31 36 30 31 30 31  30 30 30 30 30 30 5a 17  |..160101000000Z.|
-000000b0  0d 32 35 30 31 30 31 30  30 30 30 30 30 5a 30 1a  |.250101000000Z0.|
-000000c0  31 0b 30 09 06 03 55 04  0a 13 02 47 6f 31 0b 30  |1.0...U....Go1.0|
-000000d0  09 06 03 55 04 03 13 02  47 6f 30 81 9f 30 0d 06  |...U....Go0..0..|
-000000e0  09 2a 86 48 86 f7 0d 01  01 01 05 00 03 81 8d 00  |.*.H............|
-000000f0  30 81 89 02 81 81 00 db  46 7d 93 2e 12 27 06 48  |0.......F}...'.H|
-00000100  bc 06 28 21 ab 7e c4 b6  a2 5d fe 1e 52 45 88 7a  |..(!.~...]..RE.z|
-00000110  36 47 a5 08 0d 92 42 5b  c2 81 c0 be 97 79 98 40  |6G....B[.....y.@|
-00000120  fb 4f 6d 14 fd 2b 13 8b  c2 a5 2e 67 d8 d4 09 9e  |.Om..+.....g....|
-00000130  d6 22 38 b7 4a 0b 74 73  2b c2 34 f1 d1 93 e5 96  |."8.J.ts+.4.....|
-00000140  d9 74 7b f3 58 9f 6c 61  3c c0 b0 41 d4 d9 2b 2b  |.t{.X.la<..A..++|
-00000150  24 23 77 5b 1c 3b bd 75  5d ce 20 54 cf a1 63 87  |$#w[.;.u]. T..c.|
-00000160  1d 1e 24 c4 f3 1d 1a 50  8b aa b6 14 43 ed 97 a7  |..$....P....C...|
-00000170  75 62 f4 14 c8 52 d7 02  03 01 00 01 a3 81 93 30  |ub...R.........0|
-00000180  81 90 30 0e 06 03 55 1d  0f 01 01 ff 04 04 03 02  |..0...U.........|
-00000190  05 a0 30 1d 06 03 55 1d  25 04 16 30 14 06 08 2b  |..0...U.%..0...+|
-000001a0  06 01 05 05 07 03 01 06  08 2b 06 01 05 05 07 03  |.........+......|
-000001b0  02 30 0c 06 03 55 1d 13  01 01 ff 04 02 30 00 30  |.0...U.......0.0|
-000001c0  19 06 03 55 1d 0e 04 12  04 10 9f 91 16 1f 43 43  |...U..........CC|
-000001d0  3e 49 a6 de 6d b6 80 d7  9f 60 30 1b 06 03 55 1d  |>I..m....`0...U.|
-000001e0  23 04 14 30 12 80 10 48  13 49 4d 13 7e 16 31 bb  |#..0...H.IM.~.1.|
-000001f0  a3 01 d5 ac ab 6e 7b 30  19 06 03 55 1d 11 04 12  |.....n{0...U....|
-00000200  30 10 82 0e 65 78 61 6d  70 6c 65 2e 67 6f 6c 61  |0...example.gola|
-00000210  6e 67 30 0d 06 09 2a 86  48 86 f7 0d 01 01 0b 05  |ng0...*.H.......|
-00000220  00 03 81 81 00 9d 30 cc  40 2b 5b 50 a0 61 cb ba  |......0.@+[P.a..|
-00000230  e5 53 58 e1 ed 83 28 a9  58 1a a9 38 a4 95 a1 ac  |.SX...(.X..8....|
-00000240  31 5a 1a 84 66 3d 43 d3  2d d9 0b f2 97 df d3 20  |1Z..f=C.-...... |
-00000250  64 38 92 24 3a 00 bc cf  9c 7d b7 40 20 01 5f aa  |d8.$:....}.@ ._.|
-00000260  d3 16 61 09 a2 76 fd 13  c3 cc e1 0c 5c ee b1 87  |..a..v......\...|
-00000270  82 f1 6c 04 ed 73 bb b3  43 77 8d 0c 1c f1 0f a1  |..l..s..Cw......|
-00000280  d8 40 83 61 c9 4c 72 2b  9d ae db 46 06 06 4d f4  |.@.a.Lr+...F..M.|
-00000290  c1 b3 3e c0 d1 bd 42 d4  db fe 3d 13 60 84 5c 21  |..>...B...=.`.\!|
-000002a0  d3 3b e9 fa e7 16 03 03  00 ac 0c 00 00 a8 03 00  |.;..............|
-000002b0  1d 20 2f e5 7d a3 47 cd  62 43 15 28 da ac 5f bb  |. /.}.G.bC.(.._.|
-000002c0  29 07 30 ff f6 84 af c4  cf c2 ed 90 99 5f 58 cb  |).0.........._X.|
-000002d0  3b 74 05 01 00 80 2e c1  51 a1 e8 92 a6 bb ad 1e  |;t......Q.......|
-000002e0  4d f1 22 c5 e7 10 e6 31  1d 78 61 8a 22 a3 93 84  |M."....1.xa."...|
-000002f0  58 d6 5a c6 94 d0 da 6c  6a 35 d1 31 ea 1b 7e 55  |X.Z....lj5.1..~U|
-00000300  d6 35 a3 b7 42 e4 04 f8  31 15 15 88 5f 91 a8 7e  |.5..B...1..._..~|
-00000310  3e 73 52 8f 32 50 2e ad  95 44 83 b6 88 d6 18 99  |>sR.2P...D......|
-00000320  cf 86 57 97 c0 b2 a0 91  ee a7 ac f8 38 4b 1c 8e  |..W.........8K..|
-00000330  a4 58 59 4a f6 fc 88 a4  02 ed c8 04 1a 8b 7b 9e  |.XYJ..........{.|
-00000340  83 91 72 ca 1e 1c e0 76  58 73 89 3a 7d 12 c5 ef  |..r....vXs.:}...|
-00000350  f8 f7 45 dc ca c4 16 03  03 00 04 0e 00 00 00     |..E............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 be 4e 0d d5 31 aa  |....%...! .N..1.|
-00000010  27 13 df 73 d3 8d 17 8c  b3 5f 44 61 7b 01 b6 99  |'..s....._Da{...|
-00000020  7b ba b3 5d bf d4 be 3c  87 26 14 03 03 00 01 01  |{..]...<.&......|
-00000030  16 03 03 00 28 9c 86 e0  30 d4 a5 ec 0c 9e a6 08  |....(...0.......|
-00000040  ce 8a 7a ff ef be 52 0c  56 86 62 de 49 09 a1 18  |..z...R.V.b.I...|
-00000050  aa 62 e5 e3 d3 2e 4a 24  c9 ef 44 c9 67           |.b....J$..D.g|
->>> Flow 4 (server to client)
-00000000  16 03 03 00 82 04 00 00  7e 00 00 00 00 00 78 50  |........~.....xP|
-00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000030  6f ec 80 83 61 da 3d a1  df 0d 11 25 4b 66 55 09  |o...a.=....%KfU.|
-00000040  af 7a c1 82 b9 ea 2f 9f  5c f4 0a 62 15 62 c2 32  |.z..../.\..b.b.2|
-00000050  c6 37 51 5b bb 19 14 f8  73 f8 fb 82 00 ef 19 21  |.7Q[....s......!|
-00000060  e2 52 7d ab 0a 33 94 df  78 54 ba 6c 5e 94 eb 16  |.R}..3..xT.l^...|
-00000070  ad 85 01 ca d5 98 8f 8e  b7 04 7e 9a 3c 35 c0 e5  |..........~.<5..|
-00000080  8f cf 27 6d b4 12 c2 14  03 03 00 01 01 16 03 03  |..'m............|
-00000090  00 28 00 00 00 00 00 00  00 00 75 da b5 10 2e 7c  |.(........u....||
-000000a0  39 ec 3d 98 12 fb 5d 15  81 79 f3 c7 b1 e4 e0 54  |9.=...]..y.....T|
-000000b0  ed 27 6e bc c3 81 a0 74  7e 38 17 03 03 00 25 00  |.'n....t~8....%.|
-000000c0  00 00 00 00 00 00 01 bf  81 cc 93 49 4f b2 59 8b  |...........IO.Y.|
-000000d0  53 4a 61 96 04 00 4b ac  34 d5 bd 5a 94 44 18 5b  |SJa...K.4..Z.D.[|
-000000e0  7d 81 dc 05 15 03 03 00  1a 00 00 00 00 00 00 00  |}...............|
-000000f0  02 bd 32 d5 cf 4d 13 61  6a 77 8b 3e 51 b3 13 84  |..2..M.ajw.>Q...|
-00000100  e6 1a 23                                          |..#|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ALPN-NoMatch b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ALPN-NoMatch
deleted file mode 100644
index d40300e8..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ALPN-NoMatch
+++ /dev/null
@@ -1,94 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 bf 01 00 00  bb 03 03 82 57 14 fc ab  |............W...|
-00000010  56 21 ff 72 39 72 3f fe  f1 9b 0f 22 00 ff ef 44  |V!.r9r?...."...D|
-00000020  da db e0 83 d2 c0 a7 1c  fb f0 6c 00 00 38 c0 2c  |..........l..8.,|
-00000030  c0 30 00 9f cc a9 cc a8  cc aa c0 2b c0 2f 00 9e  |.0.........+./..|
-00000040  c0 24 c0 28 00 6b c0 23  c0 27 00 67 c0 0a c0 14  |.$.(.k.#.'.g....|
-00000050  00 39 c0 09 c0 13 00 33  00 9d 00 9c 00 3d 00 3c  |.9.....3.....=.<|
-00000060  00 35 00 2f 00 ff 01 00  00 5a 00 0b 00 04 03 00  |.5./.....Z......|
-00000070  01 02 00 0a 00 0a 00 08  00 1d 00 17 00 19 00 18  |................|
-00000080  00 23 00 00 00 0d 00 20  00 1e 06 01 06 02 06 03  |.#..... ........|
-00000090  05 01 05 02 05 03 04 01  04 02 04 03 03 01 03 02  |................|
-000000a0  03 03 02 01 02 02 02 03  00 10 00 10 00 0e 06 70  |...............p|
-000000b0  72 6f 74 6f 32 06 70 72  6f 74 6f 31 00 16 00 00  |roto2.proto1....|
-000000c0  00 17 00 00                                       |....|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 30 00 00  |.............0..|
-00000030  09 00 23 00 00 ff 01 00  01 00 16 03 03 02 59 0b  |..#...........Y.|
-00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
-00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
-00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
-00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
-00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
-00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
-000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
-000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
-000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
-000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
-000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
-000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
-00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
-00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
-00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
-00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
-00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
-00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
-00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
-00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
-00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
-00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
-000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
-000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
-000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
-000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
-000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
-000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
-00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
-00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
-00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
-00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
-00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
-00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
-00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
-00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
-00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 ac 0c 00 00  |.\!.;...........|
-000002a0  a8 03 00 1d 20 2f e5 7d  a3 47 cd 62 43 15 28 da  |.... /.}.G.bC.(.|
-000002b0  ac 5f bb 29 07 30 ff f6  84 af c4 cf c2 ed 90 99  |._.).0..........|
-000002c0  5f 58 cb 3b 74 05 01 00  80 bf 6d 57 f5 0c 78 c4  |_X.;t.....mW..x.|
-000002d0  77 48 0e 60 67 7a 3a 1b  3e 9e d2 88 a4 89 07 ef  |wH.`gz:.>.......|
-000002e0  d1 45 1a 66 7e 8c ec cb  da 71 ea ec ba ed 81 9e  |.E.f~....q......|
-000002f0  21 4d 2e ba d4 8f c2 0a  67 ea 3a a1 d1 67 09 66  |!M......g.:..g.f|
-00000300  dc a8 ad 16 a2 23 2a db  4f 31 65 b1 54 13 73 d1  |.....#*.O1e.T.s.|
-00000310  f6 7b 75 d9 f1 07 19 b8  67 21 87 d2 3b cf a5 6c  |.{u.....g!..;..l|
-00000320  61 8e af ed 60 7f f2 56  9f 0d 0f 19 88 98 30 3a  |a...`..V......0:|
-00000330  61 8c 21 e7 8b 5d ab 6f  cf 93 73 33 63 cd 50 bb  |a.!..].o..s3c.P.|
-00000340  dd 0e ab 4f 6a fb a3 f9  68 16 03 03 00 04 0e 00  |...Oj...h.......|
-00000350  00 00                                             |..|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 05 0c 3b 8b 22 36  |....%...! ..;."6|
-00000010  61 79 58 28 b0 82 65 44  39 67 93 c5 2c 3b d1 40  |ayX(..eD9g..,;.@|
-00000020  88 af 9f 38 c1 fa e0 81  a0 19 14 03 03 00 01 01  |...8............|
-00000030  16 03 03 00 28 87 2e d2  c2 ce 65 6d e8 d9 da a0  |....(.....em....|
-00000040  9d dc f5 51 b0 84 88 8d  c6 a3 0a 5d 08 10 ca c6  |...Q.......]....|
-00000050  e3 83 0c 0a cb 6d ec 09  b8 9f a5 45 99           |.....m.....E.|
->>> Flow 4 (server to client)
-00000000  16 03 03 00 82 04 00 00  7e 00 00 00 00 00 78 50  |........~.....xP|
-00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000030  6f ec 80 83 61 34 53 e2  a4 e2 ff 73 4f 1b 15 8f  |o...a4S....sO...|
-00000040  3b 43 47 ac 20 c6 2d 5e  52 7a 61 6f af 40 c3 5a  |;CG. .-^Rzao.@.Z|
-00000050  cb 3f 7d 10 a9 90 ca cf  8d c4 c4 d4 a3 b8 1d 62  |.?}............b|
-00000060  7d a9 68 32 01 33 94 65  8b 67 73 aa 51 d4 08 1d  |}.h2.3.e.gs.Q...|
-00000070  ce 76 6b ef 3d e6 ce d3  42 fe 24 cf f3 82 5b 17  |.vk.=...B.$...[.|
-00000080  5c 03 e9 50 94 8e 8b 14  03 03 00 01 01 16 03 03  |\..P............|
-00000090  00 28 00 00 00 00 00 00  00 00 c2 7c e6 69 c9 ec  |.(.........|.i..|
-000000a0  b5 55 57 34 8e 86 38 e6  28 85 b0 c8 2e c8 0f a6  |.UW4..8.(.......|
-000000b0  a9 07 f4 91 47 46 dd fe  c8 57 17 03 03 00 25 00  |....GF...W....%.|
-000000c0  00 00 00 00 00 00 01 39  9a a2 da d8 3d 7f 25 0e  |.......9....=.%.|
-000000d0  83 a8 cd 57 d8 a4 7e 9f  e1 e2 fe 3f 5a ed b9 99  |...W..~....?Z...|
-000000e0  b6 4d 97 3a 15 03 03 00  1a 00 00 00 00 00 00 00  |.M.:............|
-000000f0  02 d5 2a aa 1e 7a 60 b8  79 56 c6 56 75 11 b7 4c  |..*..z`.yV.Vu..L|
-00000100  83 19 9c                                          |...|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA
deleted file mode 100644
index e2864070..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA
+++ /dev/null
@@ -1,85 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 a7 01 00 00  a3 03 03 27 01 f3 21 98  |...........'..!.|
-00000010  ff 55 7f 78 32 44 b7 9d  88 6b 82 43 26 52 00 74  |.U.x2D...k.C&R.t|
-00000020  fb 05 ca be 23 1f d0 18  1f 74 c2 00 00 38 c0 2c  |....#....t...8.,|
-00000030  c0 30 00 9f cc a9 cc a8  cc aa c0 2b c0 2f 00 9e  |.0.........+./..|
-00000040  c0 24 c0 28 00 6b c0 23  c0 27 00 67 c0 0a c0 14  |.$.(.k.#.'.g....|
-00000050  00 39 c0 09 c0 13 00 33  00 9d 00 9c 00 3d 00 3c  |.9.....3.....=.<|
-00000060  00 35 00 2f 00 ff 01 00  00 42 00 0b 00 04 03 00  |.5./.....B......|
-00000070  01 02 00 0a 00 0a 00 08  00 1d 00 17 00 19 00 18  |................|
-00000080  00 0d 00 20 00 1e 06 01  06 02 06 03 05 01 05 02  |... ............|
-00000090  05 03 04 01 04 02 04 03  03 01 03 02 03 03 02 01  |................|
-000000a0  02 02 02 03 00 16 00 00  00 17 00 00              |............|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 0a 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  03 02 0e 0b 00 02 0a 00  |................|
-00000040  02 07 00 02 04 30 82 02  00 30 82 01 62 02 09 00  |.....0...0..b...|
-00000050  b8 bf 2d 47 a0 d2 eb f4  30 09 06 07 2a 86 48 ce  |..-G....0...*.H.|
-00000060  3d 04 01 30 45 31 0b 30  09 06 03 55 04 06 13 02  |=..0E1.0...U....|
-00000070  41 55 31 13 30 11 06 03  55 04 08 13 0a 53 6f 6d  |AU1.0...U....Som|
-00000080  65 2d 53 74 61 74 65 31  21 30 1f 06 03 55 04 0a  |e-State1!0...U..|
-00000090  13 18 49 6e 74 65 72 6e  65 74 20 57 69 64 67 69  |..Internet Widgi|
-000000a0  74 73 20 50 74 79 20 4c  74 64 30 1e 17 0d 31 32  |ts Pty Ltd0...12|
-000000b0  31 31 32 32 31 35 30 36  33 32 5a 17 0d 32 32 31  |1122150632Z..221|
-000000c0  31 32 30 31 35 30 36 33  32 5a 30 45 31 0b 30 09  |120150632Z0E1.0.|
-000000d0  06 03 55 04 06 13 02 41  55 31 13 30 11 06 03 55  |..U....AU1.0...U|
-000000e0  04 08 13 0a 53 6f 6d 65  2d 53 74 61 74 65 31 21  |....Some-State1!|
-000000f0  30 1f 06 03 55 04 0a 13  18 49 6e 74 65 72 6e 65  |0...U....Interne|
-00000100  74 20 57 69 64 67 69 74  73 20 50 74 79 20 4c 74  |t Widgits Pty Lt|
-00000110  64 30 81 9b 30 10 06 07  2a 86 48 ce 3d 02 01 06  |d0..0...*.H.=...|
-00000120  05 2b 81 04 00 23 03 81  86 00 04 00 c4 a1 ed be  |.+...#..........|
-00000130  98 f9 0b 48 73 36 7e c3  16 56 11 22 f2 3d 53 c3  |...Hs6~..V.".=S.|
-00000140  3b 4d 21 3d cd 6b 75 e6  f6 b0 dc 9a df 26 c1 bc  |;M!=.ku......&..|
-00000150  b2 87 f0 72 32 7c b3 64  2f 1c 90 bc ea 68 23 10  |...r2|.d/....h#.|
-00000160  7e fe e3 25 c0 48 3a 69  e0 28 6d d3 37 00 ef 04  |~..%.H:i.(m.7...|
-00000170  62 dd 0d a0 9c 70 62 83  d8 81 d3 64 31 aa 9e 97  |b....pb....d1...|
-00000180  31 bd 96 b0 68 c0 9b 23  de 76 64 3f 1a 5c 7f e9  |1...h..#.vd?.\..|
-00000190  12 0e 58 58 b6 5f 70 dd  9b d8 ea d5 d7 f5 d5 cc  |..XX._p.........|
-000001a0  b9 b6 9f 30 66 5b 66 9a  20 e2 27 e5 bf fe 3b 30  |...0f[f. .'...;0|
-000001b0  09 06 07 2a 86 48 ce 3d  04 01 03 81 8c 00 30 81  |...*.H.=......0.|
-000001c0  88 02 42 01 88 a2 4f eb  e2 45 c5 48 7d 1b ac f5  |..B...O..E.H}...|
-000001d0  ed 98 9d ae 47 70 c0 5e  1b b6 2f bd f1 b6 4d b7  |....Gp.^../...M.|
-000001e0  61 40 d3 11 a2 ce ee 0b  7e 92 7e ff 76 9d c3 3b  |a@......~.~.v..;|
-000001f0  7e a5 3f ce fa 10 e2 59  ec 47 2d 7c ac da 4e 97  |~.?....Y.G-|..N.|
-00000200  0e 15 a0 6f d0 02 42 01  4d fc be 67 13 9c 2d 05  |...o..B.M..g..-.|
-00000210  0e bd 3f a3 8c 25 c1 33  13 83 0d 94 06 bb d4 37  |..?..%.3.......7|
-00000220  7a f6 ec 7a c9 86 2e dd  d7 11 69 7f 85 7c 56 de  |z..z......i..|V.|
-00000230  fb 31 78 2b e4 c7 78 0d  ae cb be 9e 4e 36 24 31  |.1x+..x.....N6$1|
-00000240  7b 6a 0f 39 95 12 07 8f  2a 16 03 03 00 b7 0c 00  |{j.9....*.......|
-00000250  00 b3 03 00 1d 20 2f e5  7d a3 47 cd 62 43 15 28  |..... /.}.G.bC.(|
-00000260  da ac 5f bb 29 07 30 ff  f6 84 af c4 cf c2 ed 90  |.._.).0.........|
-00000270  99 5f 58 cb 3b 74 05 03  00 8b 30 81 88 02 42 01  |._X.;t....0...B.|
-00000280  4f 30 aa d0 4d e5 61 db  ba fc 95 15 52 ef 2a 41  |O0..M.a.....R.*A|
-00000290  b4 d6 59 ac 39 61 b6 38  08 1e 87 b3 ca 9b 49 d3  |..Y.9a.8......I.|
-000002a0  95 5a c5 29 84 cd 10 73  4a cc 09 df 1a b0 54 6d  |.Z.)...sJ.....Tm|
-000002b0  b8 61 28 80 2e ec cf 95  9d 6f c3 d9 ed 80 53 63  |.a(......o....Sc|
-000002c0  d9 02 42 00 af 71 2f 91  80 ff a1 79 82 c7 d9 79  |..B..q/....y...y|
-000002d0  fa 12 a9 88 7b 93 47 be  6a dc 80 42 17 9d 85 7a  |....{.G.j..B...z|
-000002e0  b8 1b fe 85 7f 5c 10 9c  9e 0e e1 71 a7 b0 12 02  |.....\.....q....|
-000002f0  e2 a4 79 c4 8d d8 02 09  01 9c 6f 7a 27 7c 1f f4  |..y.......oz'|..|
-00000300  38 46 59 46 94 16 03 03  00 04 0e 00 00 00        |8FYF..........|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 8c 80 e4 c7 bd d7  |....%...! ......|
-00000010  ea ea 42 f7 53 24 50 28  6a e9 f3 ff 4f 4a 28 22  |..B.S$P(j...OJ("|
-00000020  a2 95 09 fc f0 d9 3e fc  cc 6e 14 03 03 00 01 01  |......>..n......|
-00000030  16 03 03 00 40 79 56 60  f5 45 e7 48 9e 97 1d 49  |....@yV`.E.H...I|
-00000040  de 59 dd b0 f0 0a d2 cc  10 f0 98 3c c2 d5 67 d6  |.Y.........<..g.|
-00000050  2c 18 2b 21 ae a3 2f ea  2d 0b ff fd e6 c2 73 25  |,.+!../.-.....s%|
-00000060  1c 01 3e 94 3a cc 1d 58  6b fb 7f 85 e4 50 ec 10  |..>.:..Xk....P..|
-00000070  b9 d7 71 cb be                                    |..q..|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 83 5c 5c e3 c0  |............\\..|
-00000020  20 56 8c 92 4b 75 f0 30  bd 67 74 52 f1 af 9c 14  | V..Ku.0.gtR....|
-00000030  29 1e e4 b2 5b c0 2c e6  48 6f 94 42 7b 21 92 96  |)...[.,.Ho.B{!..|
-00000040  0a 83 ce 1c 91 36 95 8c  14 38 57 17 03 03 00 40  |.....6...8W....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  73 a4 40 cf ad 86 cc 05  9e 47 5f 83 50 ae 68 d5  |s.@......G_.P.h.|
-00000070  d1 6a a9 8c ba 74 fe c0  cc 4a 1a e3 b0 14 0d 31  |.j...t...J.....1|
-00000080  9f 06 54 e3 95 3a 89 6d  34 54 0c e4 b4 34 38 21  |..T..:.m4T...48!|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 e6 dd b2  11 ab a7 34 61 00 d4 09  |...........4a...|
-000000b0  bc ea c1 5f c4 e2 52 60  63 96 f0 fd 44 4e f9 0e  |..._..R`c...DN..|
-000000c0  af 32 99 e4 12                                    |.2...|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
deleted file mode 100644
index 1f9fbc1a..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 a7 01 00 00  a3 03 03 1d 39 c9 33 73  |............9.3s|
-00000010  c2 b9 71 d8 66 23 63 a7  5c 9e 50 b6 3e a5 f9 bb  |..q.f#c.\.P.>...|
-00000020  34 1b 71 e1 09 4f ae d5  53 8a e8 00 00 38 c0 2c  |4.q..O..S....8.,|
-00000030  c0 30 00 9f cc a9 cc a8  cc aa c0 2b c0 2f 00 9e  |.0.........+./..|
-00000040  c0 24 c0 28 00 6b c0 23  c0 27 00 67 c0 0a c0 14  |.$.(.k.#.'.g....|
-00000050  00 39 c0 09 c0 13 00 33  00 9d 00 9c 00 3d 00 3c  |.9.....3.....=.<|
-00000060  00 35 00 2f 00 ff 01 00  00 42 00 0b 00 04 03 00  |.5./.....B......|
-00000070  01 02 00 0a 00 0a 00 08  00 1d 00 17 00 19 00 18  |................|
-00000080  00 0d 00 20 00 1e 06 01  06 02 06 03 05 01 05 02  |... ............|
-00000090  05 03 04 01 04 02 04 03  03 01 03 02 03 03 02 01  |................|
-000000a0  02 02 02 03 00 16 00 00  00 17 00 00              |............|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 14 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
-000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 05 01 00 80 06 d4 bd  e4 7b 10 77 89 d7 d4 d6  |t........{.w....|
-000002d0  4e f6 3e 46 49 db ee 5c  4e bc ee fe cb 8b a6 9b  |N.>FI..\N.......|
-000002e0  5c f6 99 fb 31 96 60 a8  23 09 f6 31 65 53 f0 6e  |\...1.`.#..1eS.n|
-000002f0  07 5c 32 f9 59 5d 8b c0  b4 74 c8 01 85 8a b7 19  |.\2.Y]...t......|
-00000300  ab 19 08 68 6a e8 2f 81  bd 04 9b 38 ab d9 27 66  |...hj./....8..'f|
-00000310  d7 a5 3f 75 9c 4f 81 5b  9e 69 10 20 2b f2 1d a2  |..?u.O.[.i. +...|
-00000320  8f fc 7f ba ee 5b 76 8b  19 3f 46 60 01 25 99 72  |.....[v..?F`.%.r|
-00000330  78 24 02 8e 28 d5 24 f1  2e 6b 70 53 75 ec e2 8d  |x$..(.$..kpSu...|
-00000340  76 ab e0 8e e8 16 03 03  00 04 0e 00 00 00        |v.............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 21 75 22 84 bc b7  |....%...! !u"...|
-00000010  82 b3 03 d2 42 ff b6 ce  76 26 88 bf 8f 72 fc dd  |....B...v&...r..|
-00000020  63 9b f1 4c 22 6d 12 cc  d3 57 14 03 03 00 01 01  |c..L"m...W......|
-00000030  16 03 03 00 40 20 2b 26  bd 60 1b 27 a1 32 cb ab  |....@ +&.`.'.2..|
-00000040  30 83 9c 47 59 7d f5 bb  d9 45 8a d9 3e 29 86 4d  |0..GY}...E..>).M|
-00000050  54 86 48 38 25 d9 b9 af  36 7c 7a f0 ae f6 b6 4e  |T.H8%...6|z....N|
-00000060  a1 76 93 91 26 f3 c9 49  b5 6d 49 cf 22 97 bf c7  |.v..&..I.mI."...|
-00000070  db 44 c8 7a e3                                    |.D.z.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 43 7c 61 f2 30  |...........C|a.0|
-00000020  c6 4a c2 76 da 7d 84 c6  ed 5d ee 2e 9c 33 e4 3b  |.J.v.}...]...3.;|
-00000030  e3 a1 ea ee 44 02 4b f7  90 f6 0c 8b 45 d7 26 2e  |....D.K.....E.&.|
-00000040  4a 37 43 1d 93 44 79 e6  5d c5 8c 17 03 03 00 40  |J7C..Dy.]......@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  b2 e4 62 17 e2 d4 d8 73  2b ea 77 39 78 51 1a 86  |..b....s+.w9xQ..|
-00000070  64 54 1f 36 9a cc a1 c0  d2 6d df b7 8a 2e 68 b0  |dT.6.....m....h.|
-00000080  79 9a 9f a1 15 b1 78 fa  db 2e 5a 43 0d fe 45 71  |y.....x...ZC..Eq|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 04 8c d0  bf 15 9f b4 55 22 b8 8e  |............U"..|
-000000b0  a5 a7 df ed bd b2 ab 88  71 38 bd b2 5d b4 5e 8e  |........q8..].^.|
-000000c0  54 fc e4 63 5a                                    |T..cZ|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
deleted file mode 100644
index 7a950db0..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
+++ /dev/null
@@ -1,124 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 8e 50 ff 02 c4  |....]...Y...P...|
-00000010  3b 5e dd ee 59 d1 3a e1  db f1 30 f4 bb a7 8a 8c  |;^..Y.:...0.....|
-00000020  b2 d2 1a fd f8 a4 c9 e4  5f 41 e1 00 00 04 00 2f  |........_A...../|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  17 0d 00 00 13 02 01 40  |;..............@|
-000002a0  00 0c 04 01 04 03 05 01  05 03 02 01 02 03 00 00  |................|
-000002b0  16 03 03 00 04 0e 00 00  00                       |.........|
->>> Flow 3 (client to server)
-00000000  16 03 03 02 0a 0b 00 02  06 00 02 03 00 02 00 30  |...............0|
-00000010  82 01 fc 30 82 01 5e 02  09 00 9a 30 84 6c 26 35  |...0..^....0.l&5|
-00000020  d9 17 30 09 06 07 2a 86  48 ce 3d 04 01 30 45 31  |..0...*.H.=..0E1|
-00000030  0b 30 09 06 03 55 04 06  13 02 41 55 31 13 30 11  |.0...U....AU1.0.|
-00000040  06 03 55 04 08 13 0a 53  6f 6d 65 2d 53 74 61 74  |..U....Some-Stat|
-00000050  65 31 21 30 1f 06 03 55  04 0a 13 18 49 6e 74 65  |e1!0...U....Inte|
-00000060  72 6e 65 74 20 57 69 64  67 69 74 73 20 50 74 79  |rnet Widgits Pty|
-00000070  20 4c 74 64 30 1e 17 0d  31 32 31 31 31 34 31 33  | Ltd0...12111413|
-00000080  32 35 35 33 5a 17 0d 32  32 31 31 31 32 31 33 32  |2553Z..221112132|
-00000090  35 35 33 5a 30 41 31 0b  30 09 06 03 55 04 06 13  |553Z0A1.0...U...|
-000000a0  02 41 55 31 0c 30 0a 06  03 55 04 08 13 03 4e 53  |.AU1.0...U....NS|
-000000b0  57 31 10 30 0e 06 03 55  04 07 13 07 50 79 72 6d  |W1.0...U....Pyrm|
-000000c0  6f 6e 74 31 12 30 10 06  03 55 04 03 13 09 4a 6f  |ont1.0...U....Jo|
-000000d0  65 6c 20 53 69 6e 67 30  81 9b 30 10 06 07 2a 86  |el Sing0..0...*.|
-000000e0  48 ce 3d 02 01 06 05 2b  81 04 00 23 03 81 86 00  |H.=....+...#....|
-000000f0  04 00 95 8c 91 75 14 c0  5e c4 57 b4 d4 c3 6f 8d  |.....u..^.W...o.|
-00000100  ae 68 1e dd 6f ce 86 e1  7e 6e b2 48 3e 81 e5 4e  |.h..o...~n.H>..N|
-00000110  e2 c6 88 4b 64 dc f5 30  bb d3 ff 65 cc 5b f4 dd  |...Kd..0...e.[..|
-00000120  b5 6a 3e 3e d0 1d de 47  c3 76 ad 19 f6 45 2c 8c  |.j>>...G.v...E,.|
-00000130  bc d8 1d 01 4c 1f 70 90  46 76 48 8b 8f 83 cc 4a  |....L.p.FvH....J|
-00000140  5c 8f 40 76 da e0 89 ec  1d 2b c4 4e 30 76 28 41  |\.@v.....+.N0v(A|
-00000150  b2 62 a8 fb 5b f1 f9 4e  7a 8d bd 09 b8 ae ea 8b  |.b..[..Nz.......|
-00000160  18 27 4f 2e 70 fe 13 96  ba c3 d3 40 16 cd 65 4e  |.'O.p......@..eN|
-00000170  ac 11 1e e6 f1 30 09 06  07 2a 86 48 ce 3d 04 01  |.....0...*.H.=..|
-00000180  03 81 8c 00 30 81 88 02  42 00 e0 14 c4 60 60 0b  |....0...B....``.|
-00000190  72 68 b0 32 5d 61 4a 02  74 5c c2 81 b9 16 a8 3f  |rh.2]aJ.t\.....?|
-000001a0  29 c8 36 c7 81 ff 6c b6  5b d9 70 f1 38 3b 50 48  |).6...l.[.p.8;PH|
-000001b0  28 94 cb 09 1a 52 f1 5d  ee 8d f2 b9 f0 f0 da d9  |(....R.]........|
-000001c0  15 3a f9 bd 03 7a 87 a2  23 35 ec 02 42 01 a3 d4  |.:...z..#5..B...|
-000001d0  8a 78 35 1c 4a 9a 23 d2  0a be 2b 10 31 9d 9c 5f  |.x5.J.#...+.1.._|
-000001e0  be e8 91 b3 da 1a f5 5d  a3 23 f5 26 8b 45 70 8d  |.......].#.&.Ep.|
-000001f0  65 62 9b 7e 01 99 3d 18  f6 10 9a 38 61 9b 2e 57  |eb.~..=....8a..W|
-00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
-00000210  03 03 00 86 10 00 00 82  00 80 2b 80 6e 49 b8 ec  |..........+.nI..|
-00000220  12 7a 7c f3 2a d3 7e 16  a0 39 e5 77 61 7a 56 15  |.z|.*.~..9.wazV.|
-00000230  97 c6 64 63 13 cf 09 d0  1b f5 b6 78 1d cb 86 4f  |..dc.......x...O|
-00000240  14 84 c9 e6 5d 3c 6b 61  5e 46 83 7e ef 1d 74 d4  |....]<ka^F.~..t.|
-00000250  3b 8c 78 be 26 92 24 04  b4 6f 21 88 03 8d 92 a8  |;.x.&.$..o!.....|
-00000260  60 c6 08 b5 75 5d 2f 2c  71 60 5f 54 27 a0 fa 83  |`...u]/,q`_T'...|
-00000270  4d 39 1e 22 1e 1e 60 92  51 ac 2d 35 c7 cf fc 5e  |M9."..`.Q.-5...^|
-00000280  db e3 60 37 6b 4e 7c d8  04 f3 09 54 de 38 af 57  |..`7kN|....T.8.W|
-00000290  20 d0 f5 08 5a a8 6f 65  03 55 16 03 03 00 93 0f  | ...Z.oe.U......|
-000002a0  00 00 8f 04 03 00 8b 30  81 88 02 42 00 97 84 ac  |.......0...B....|
-000002b0  cf 9b df b0 3a c8 9d a6  da 8c 11 87 35 2a d7 d0  |....:.......5*..|
-000002c0  15 df e1 02 ca 85 3f 1c  a5 21 17 8c 8a 73 1b 76  |......?..!...s.v|
-000002d0  8d 0f af 26 ea b5 7f 87  a6 b6 c8 61 32 27 fc f4  |...&.......a2'..|
-000002e0  b7 c5 c3 2c 53 61 59 5a  5d 12 c6 dd 9e 54 02 42  |...,SaYZ]....T.B|
-000002f0  01 04 3f 82 bb a4 5c ea  ea c9 9c 2a 75 96 c2 88  |..?...\....*u...|
-00000300  5a ae f8 2e 29 01 cf 7b  a4 20 83 df ec c8 9d 37  |Z...)..{. .....7|
-00000310  0c 33 fb 20 73 51 47 6d  81 d0 75 b1 19 ed 02 00  |.3. sQGm..u.....|
-00000320  b8 40 67 75 b9 72 63 9c  1e e1 c9 44 93 d6 ec e7  |.@gu.rc....D....|
-00000330  16 5c 14 03 03 00 01 01  16 03 03 00 40 43 51 cf  |.\..........@CQ.|
-00000340  07 b2 de 6e 40 10 eb dd  3f 84 6a 54 a3 7f b2 48  |...n@...?.jT...H|
-00000350  b3 aa 3c d4 e7 69 32 7c  77 ba e9 0b 99 b3 c9 e8  |..<..i2|w.......|
-00000360  c5 53 29 9a 6b 82 ee 7d  5e a9 ae 63 fa a9 af 21  |.S).k..}^..c...!|
-00000370  f2 04 b1 a1 bf f1 10 4c  65 6c 49 34 a0           |.......LelI4.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 93 a2 18 a9 e2  |................|
-00000020  51 be f7 bd c0 05 64 51  0a 17 9d 58 11 d1 a6 b9  |Q.....dQ...X....|
-00000030  6d 1e 42 16 e4 bc bf 09  f2 b9 29 20 74 8a cd 8a  |m.B.......) t...|
-00000040  b6 31 04 64 fb 5b 1f 83  c3 19 78 17 03 03 00 40  |.1.d.[....x....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  ee c4 d0 5d 69 37 2b fc  dc 9c f1 77 df 44 6f da  |...]i7+....w.Do.|
-00000070  4e 22 05 05 3a 6c 32 a8  6c c2 fb ce ca a7 1b 54  |N"..:l2.l......T|
-00000080  2a 25 ae cf 77 e4 47 21  33 b6 29 54 62 00 dd 30  |*%..w.G!3.)Tb..0|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 cf e1 fd  e3 5f d3 19 cd 05 70 79  |........._....py|
-000000b0  be 16 a5 26 18 f1 92 bc  73 bd 6f 4d 33 3d 6f 8a  |...&....s.oM3=o.|
-000000c0  13 51 7c 57 c7                                    |.Q|W.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedAndGiven b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
deleted file mode 100644
index c81acc89..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
+++ /dev/null
@@ -1,123 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 f3 3a db 98 ff  |....]...Y...:...|
-00000010  29 a2 30 75 53 87 b3 5f  00 b5 9f 77 4d 88 38 ea  |).0uS.._...wM.8.|
-00000020  e9 87 f4 a4 e4 da dd 73  00 47 d1 00 00 04 00 2f  |.......s.G...../|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  17 0d 00 00 13 02 01 40  |;..............@|
-000002a0  00 0c 04 01 04 03 05 01  05 03 02 01 02 03 00 00  |................|
-000002b0  16 03 03 00 04 0e 00 00  00                       |.........|
->>> Flow 3 (client to server)
-00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
-00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
-00000020  c1 89 65 83 55 6f dc 0b  c9 b9 93 9f e9 bc 30 0d  |..e.Uo........0.|
-00000030  06 09 2a 86 48 86 f7 0d  01 01 0b 05 00 30 12 31  |..*.H........0.1|
-00000040  10 30 0e 06 03 55 04 0a  13 07 41 63 6d 65 20 43  |.0...U....Acme C|
-00000050  6f 30 1e 17 0d 31 36 30  38 31 37 32 31 35 32 33  |o0...16081721523|
-00000060  31 5a 17 0d 31 37 30 38  31 37 32 31 35 32 33 31  |1Z..170817215231|
-00000070  5a 30 12 31 10 30 0e 06  03 55 04 0a 13 07 41 63  |Z0.1.0...U....Ac|
-00000080  6d 65 20 43 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |me Co0..0...*.H.|
-00000090  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
-000000a0  81 00 ba 6f aa 86 bd cf  bf 9f f2 ef 5c 94 60 78  |...o........\.`x|
-000000b0  6f e8 13 f2 d1 96 6f cd  d9 32 6e 22 37 ce 41 f9  |o.....o..2n"7.A.|
-000000c0  ca 5d 29 ac e1 27 da 61  a2 ee 81 cb 10 c7 df 34  |.])..'.a.......4|
-000000d0  58 95 86 e9 3d 19 e6 5c  27 73 60 c8 8d 78 02 f4  |X...=..\'s`..x..|
-000000e0  1d a4 98 09 a3 19 70 69  3c 25 62 66 2a ab 22 23  |......pi<%bf*."#|
-000000f0  c5 7b 85 38 4f 2e 09 73  32 a7 bd 3e 9b ad ca 84  |.{.8O..s2..>....|
-00000100  07 e6 0f 3a ff 77 c5 9d  41 85 00 8a b6 9b ee b0  |...:.w..A.......|
-00000110  a4 3f 2d 4c 4c e6 42 3e  bb 51 c8 dd 48 54 f4 0c  |.?-LL.B>.Q..HT..|
-00000120  8e 47 02 03 01 00 01 a3  46 30 44 30 0e 06 03 55  |.G......F0D0...U|
-00000130  1d 0f 01 01 ff 04 04 03  02 05 a0 30 13 06 03 55  |...........0...U|
-00000140  1d 25 04 0c 30 0a 06 08  2b 06 01 05 05 07 03 01  |.%..0...+.......|
-00000150  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 0f  |0...U.......0.0.|
-00000160  06 03 55 1d 11 04 08 30  06 87 04 7f 00 00 01 30  |..U....0.......0|
-00000170  0d 06 09 2a 86 48 86 f7  0d 01 01 0b 05 00 03 81  |...*.H..........|
-00000180  81 00 46 ab 44 a2 fb 28  54 f8 5a 67 f8 62 94 f1  |..F.D..(T.Zg.b..|
-00000190  9a b2 18 9e f2 b1 de 1d  7e 6f 76 95 a9 ba e7 5d  |........~ov....]|
-000001a0  a8 16 6c 9c f7 09 d3 37  e4 4b 2b 36 7c 01 ad 41  |..l....7.K+6|..A|
-000001b0  d2 32 d8 c3 d2 93 f9 10  6b 8e 95 b9 2c 17 8a a3  |.2......k...,...|
-000001c0  44 48 bc 59 13 83 16 04  88 a4 81 5c 25 0d 98 0c  |DH.Y.......\%...|
-000001d0  ac 11 b1 28 56 be 1d cd  61 62 84 09 bf d6 80 c6  |...(V...ab......|
-000001e0  45 8d 82 2c b4 d8 83 9b  db c9 22 b7 2a 12 11 7b  |E..,......".*..{|
-000001f0  fa 02 3b c1 c9 ff ea c9  9d a8 49 d3 95 d7 d5 0e  |..;.......I.....|
-00000200  e5 35 16 03 03 00 86 10  00 00 82 00 80 47 31 82  |.5...........G1.|
-00000210  ae c1 d2 74 3f a4 74 5a  57 16 ae e2 d0 46 72 53  |...t?.tZW....FrS|
-00000220  e1 5e 6a e8 e4 d5 8c 84  2b d9 82 c1 4a da 9e 1d  |.^j.....+...J...|
-00000230  a0 da 60 08 0d 35 0c 55  6d 6a 68 04 09 ee 94 39  |..`..5.Umjh....9|
-00000240  c7 a3 49 7f 2c ee 6a cf  09 01 bd 08 d3 59 0a bd  |..I.,.j......Y..|
-00000250  7f 6c d3 26 eb be 7b fd  9b 17 fd e2 6e 82 d1 c7  |.l.&..{.....n...|
-00000260  dd c3 64 8c 87 f0 41 f2  71 75 f1 0a 01 26 5b 97  |..d...A.qu...&[.|
-00000270  94 ba ac 50 df 19 32 39  80 ae 14 ea 4a d2 e5 9f  |...P..29....J...|
-00000280  5d 07 9f 2d 89 ac 83 33  40 aa 8e cc 2c 16 03 03  |]..-...3@...,...|
-00000290  00 88 0f 00 00 84 04 01  00 80 7d 37 8b 6f be e9  |..........}7.o..|
-000002a0  e7 fa 4c 28 cf 16 0d 28  40 e9 f2 9a 11 22 fc 8a  |..L(...(@...."..|
-000002b0  2c 52 f7 36 af 1a cf d7  8a f8 17 19 9f ed 9d 1d  |,R.6............|
-000002c0  43 f9 e2 fb 0f dd ca d6  1d 4c 03 4e 25 8d 5c 4c  |C........L.N%.\L|
-000002d0  95 98 02 db cf ea 44 2a  ad 36 74 e3 08 07 e3 9a  |......D*.6t.....|
-000002e0  50 6c dc 46 a1 f5 84 9b  65 7f 48 94 b5 de cc a9  |Pl.F....e.H.....|
-000002f0  cf ee 0e 31 f2 f8 6f 8f  19 4b 29 14 b4 32 1d 21  |...1..o..K)..2.!|
-00000300  02 d2 da 64 68 e8 a1 72  cc ee 64 48 d8 74 e5 64  |...dh..r..dH.t.d|
-00000310  90 b3 50 cc 3e 25 0e b1  88 53 14 03 03 00 01 01  |..P.>%...S......|
-00000320  16 03 03 00 40 6a 61 6b  3e ea 63 2c b8 26 95 e2  |....@jak>.c,.&..|
-00000330  5f 83 e3 c3 cd c3 b7 a8  0b 76 81 8a 5b 46 ff 41  |_........v..[F.A|
-00000340  c2 02 eb 21 85 31 b9 ba  2e 30 e7 6e 8d 1c 49 15  |...!.1...0.n..I.|
-00000350  af a0 a7 67 62 b7 42 8c  fa a8 04 8c 23 7a 3d 39  |...gb.B.....#z=9|
-00000360  74 18 70 2b 99                                    |t.p+.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 a6 5b 7c b0 91  |............[|..|
-00000020  53 f6 d5 e4 34 71 4f 64  2a 03 9d 75 62 d9 8d a8  |S...4qOd*..ub...|
-00000030  39 7b e1 d8 31 80 26 db  14 f3 3a 52 66 7d 12 31  |9{..1.&...:Rf}.1|
-00000040  29 14 7f a1 39 b6 1c e0  c9 55 6e 17 03 03 00 40  |)...9....Un....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  5e 00 64 9b 25 cd 74 94  b7 65 6e 83 8e 5b 68 e8  |^.d.%.t..en..[h.|
-00000070  59 4c f0 31 8b f2 0c 59  2a ff 11 8e 43 d4 73 fd  |YL.1...Y*...C.s.|
-00000080  b3 2a 76 59 25 52 32 76  bd 2e 1d 4d 0a 53 d7 c2  |.*vY%R2v...M.S..|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 23 96 6e  7d 41 bb 51 4f 40 52 07  |.....#.n}A.QO@R.|
-000000b0  90 cc 6c bd c0 bb 99 d4  8a 91 7b 8a f3 24 ef 71  |..l.......{..$.q|
-000000c0  20 d4 98 b0 14                                    | ....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedNotGiven b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
deleted file mode 100644
index 091de908..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
+++ /dev/null
@@ -1,83 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 41 24 db 27 37  |....]...Y..A$.'7|
-00000010  2e 1e a8 61 b7 7f 08 f1  83 84 fb d5 a2 96 e0 53  |...a...........S|
-00000020  1a 2b cd 8e 50 38 7b a5  64 d8 92 00 00 04 00 2f  |.+..P8{.d....../|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  17 0d 00 00 13 02 01 40  |;..............@|
-000002a0  00 0c 04 01 04 03 05 01  05 03 02 01 02 03 00 00  |................|
-000002b0  16 03 03 00 04 0e 00 00  00                       |.........|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 07 0b 00 00  03 00 00 00 16 03 03 00  |................|
-00000010  86 10 00 00 82 00 80 61  2e 6b ad 77 48 8d 2f 0e  |.......a.k.wH./.|
-00000020  e6 27 64 fd 95 22 72 68  80 8e 2b 0e b2 0f cc be  |.'d.."rh..+.....|
-00000030  19 31 93 1d d3 0a fb 00  da 50 26 66 17 59 6b e9  |.1.......P&f.Yk.|
-00000040  7e 16 4e 24 ba 68 0a 0c  69 2f 03 74 34 50 12 85  |~.N$.h..i/.t4P..|
-00000050  4a f0 6c 52 d4 dd 13 18  c7 a4 9d ea f0 c6 94 d9  |J.lR............|
-00000060  ae fe 19 6c 83 dd ed 38  e3 d2 21 18 e6 76 11 e7  |...l...8..!..v..|
-00000070  62 13 8b 56 65 e0 f6 61  d9 db 7c 7b 5b 57 13 3d  |b..Ve..a..|{[W.=|
-00000080  58 64 67 8d 9f 3f 6a a0  70 c5 c6 d0 db eb 17 3f  |Xdg..?j.p......?|
-00000090  6c 58 d7 c3 ba ec 4c 14  03 03 00 01 01 16 03 03  |lX....L.........|
-000000a0  00 40 6e 24 1b a4 b3 e7  d4 c2 7e cb bd 82 2d 4c  |.@n$......~...-L|
-000000b0  a8 f1 5e 81 c8 61 a6 2c  6a e3 6d 30 7f fa c7 f3  |..^..a.,j.m0....|
-000000c0  f6 b1 b1 4f 0b 23 9a fd  66 81 48 97 4b 0f 88 07  |...O.#..f.H.K...|
-000000d0  37 7b 97 b0 62 6c 2a e1  47 65 e9 f9 cd c1 79 99  |7{..bl*.Ge....y.|
-000000e0  6d 84                                             |m.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 40 c6 62 4e 26  |...........@.bN&|
-00000020  e7 32 09 ba d6 3b 71 79  8e 75 ee fb af 09 db c5  |.2...;qy.u......|
-00000030  a5 8b cd 1f 90 f3 65 86  4a b4 b1 9a e8 1e 80 f6  |......e.J.......|
-00000040  ad db bd c2 9f ec 98 42  0b 37 30 17 03 03 00 40  |.......B.70....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  a9 74 3c 13 87 f4 cf 77  be 07 c2 a1 e0 47 4e 52  |.t<....w.....GNR|
-00000070  c2 86 da 08 c2 93 21 80  4c 19 51 cc 0d 76 49 75  |......!.L.Q..vIu|
-00000080  0b 48 3d e0 e2 01 93 4b  f1 73 91 17 aa 00 b5 71  |.H=....K.s.....q|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 1f 2f 2d  d7 39 06 c4 59 49 80 66  |....../-.9..YI.f|
-000000b0  6c 35 2e a7 45 ee 0a 05  4b 1e 7f 78 5d cd 24 2c  |l5..E...K..x].$,|
-000000c0  0a 3e 55 1c 7d                                    |.>U.}|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ECDHE-ECDSA-AES
deleted file mode 100644
index b412980e..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ECDHE-ECDSA-AES
+++ /dev/null
@@ -1,82 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 73 01 00 00  6f 03 03 f0 4f 82 cc 2a  |....s...o...O..*|
-00000010  27 0b 7f 2e e4 af 6d ba  4e fe 61 99 fc 0a 44 ee  |'.....m.N.a...D.|
-00000020  c0 4e 7b 3a 7c f0 6d 12  b7 7d 9e 00 00 04 c0 0a  |.N{:|.m..}......|
-00000030  00 ff 01 00 00 42 00 0b  00 04 03 00 01 02 00 0a  |.....B..........|
-00000040  00 0a 00 08 00 1d 00 17  00 19 00 18 00 0d 00 20  |............... |
-00000050  00 1e 06 01 06 02 06 03  05 01 05 02 05 03 04 01  |................|
-00000060  04 02 04 03 03 01 03 02  03 03 02 01 02 02 02 03  |................|
-00000070  00 16 00 00 00 17 00 00                           |........|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 0a 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  03 02 0e 0b 00 02 0a 00  |................|
-00000040  02 07 00 02 04 30 82 02  00 30 82 01 62 02 09 00  |.....0...0..b...|
-00000050  b8 bf 2d 47 a0 d2 eb f4  30 09 06 07 2a 86 48 ce  |..-G....0...*.H.|
-00000060  3d 04 01 30 45 31 0b 30  09 06 03 55 04 06 13 02  |=..0E1.0...U....|
-00000070  41 55 31 13 30 11 06 03  55 04 08 13 0a 53 6f 6d  |AU1.0...U....Som|
-00000080  65 2d 53 74 61 74 65 31  21 30 1f 06 03 55 04 0a  |e-State1!0...U..|
-00000090  13 18 49 6e 74 65 72 6e  65 74 20 57 69 64 67 69  |..Internet Widgi|
-000000a0  74 73 20 50 74 79 20 4c  74 64 30 1e 17 0d 31 32  |ts Pty Ltd0...12|
-000000b0  31 31 32 32 31 35 30 36  33 32 5a 17 0d 32 32 31  |1122150632Z..221|
-000000c0  31 32 30 31 35 30 36 33  32 5a 30 45 31 0b 30 09  |120150632Z0E1.0.|
-000000d0  06 03 55 04 06 13 02 41  55 31 13 30 11 06 03 55  |..U....AU1.0...U|
-000000e0  04 08 13 0a 53 6f 6d 65  2d 53 74 61 74 65 31 21  |....Some-State1!|
-000000f0  30 1f 06 03 55 04 0a 13  18 49 6e 74 65 72 6e 65  |0...U....Interne|
-00000100  74 20 57 69 64 67 69 74  73 20 50 74 79 20 4c 74  |t Widgits Pty Lt|
-00000110  64 30 81 9b 30 10 06 07  2a 86 48 ce 3d 02 01 06  |d0..0...*.H.=...|
-00000120  05 2b 81 04 00 23 03 81  86 00 04 00 c4 a1 ed be  |.+...#..........|
-00000130  98 f9 0b 48 73 36 7e c3  16 56 11 22 f2 3d 53 c3  |...Hs6~..V.".=S.|
-00000140  3b 4d 21 3d cd 6b 75 e6  f6 b0 dc 9a df 26 c1 bc  |;M!=.ku......&..|
-00000150  b2 87 f0 72 32 7c b3 64  2f 1c 90 bc ea 68 23 10  |...r2|.d/....h#.|
-00000160  7e fe e3 25 c0 48 3a 69  e0 28 6d d3 37 00 ef 04  |~..%.H:i.(m.7...|
-00000170  62 dd 0d a0 9c 70 62 83  d8 81 d3 64 31 aa 9e 97  |b....pb....d1...|
-00000180  31 bd 96 b0 68 c0 9b 23  de 76 64 3f 1a 5c 7f e9  |1...h..#.vd?.\..|
-00000190  12 0e 58 58 b6 5f 70 dd  9b d8 ea d5 d7 f5 d5 cc  |..XX._p.........|
-000001a0  b9 b6 9f 30 66 5b 66 9a  20 e2 27 e5 bf fe 3b 30  |...0f[f. .'...;0|
-000001b0  09 06 07 2a 86 48 ce 3d  04 01 03 81 8c 00 30 81  |...*.H.=......0.|
-000001c0  88 02 42 01 88 a2 4f eb  e2 45 c5 48 7d 1b ac f5  |..B...O..E.H}...|
-000001d0  ed 98 9d ae 47 70 c0 5e  1b b6 2f bd f1 b6 4d b7  |....Gp.^../...M.|
-000001e0  61 40 d3 11 a2 ce ee 0b  7e 92 7e ff 76 9d c3 3b  |a@......~.~.v..;|
-000001f0  7e a5 3f ce fa 10 e2 59  ec 47 2d 7c ac da 4e 97  |~.?....Y.G-|..N.|
-00000200  0e 15 a0 6f d0 02 42 01  4d fc be 67 13 9c 2d 05  |...o..B.M..g..-.|
-00000210  0e bd 3f a3 8c 25 c1 33  13 83 0d 94 06 bb d4 37  |..?..%.3.......7|
-00000220  7a f6 ec 7a c9 86 2e dd  d7 11 69 7f 85 7c 56 de  |z..z......i..|V.|
-00000230  fb 31 78 2b e4 c7 78 0d  ae cb be 9e 4e 36 24 31  |.1x+..x.....N6$1|
-00000240  7b 6a 0f 39 95 12 07 8f  2a 16 03 03 00 b7 0c 00  |{j.9....*.......|
-00000250  00 b3 03 00 1d 20 2f e5  7d a3 47 cd 62 43 15 28  |..... /.}.G.bC.(|
-00000260  da ac 5f bb 29 07 30 ff  f6 84 af c4 cf c2 ed 90  |.._.).0.........|
-00000270  99 5f 58 cb 3b 74 05 03  00 8b 30 81 88 02 42 01  |._X.;t....0...B.|
-00000280  2d d4 82 80 01 6b e6 8c  6a 2a b3 09 1b 0d 86 e6  |-....k..j*......|
-00000290  62 92 85 46 d9 e3 b2 e9  f1 5e 77 c2 27 fd 2b 68  |b..F.....^w.'.+h|
-000002a0  6a e1 3d e2 42 d2 86 96  42 b1 3b 50 7b e2 2c 34  |j.=.B...B.;P{.,4|
-000002b0  d3 e7 f6 14 89 48 eb 5c  9a 98 98 ab f3 db 85 06  |.....H.\........|
-000002c0  cb 02 42 00 df 42 94 63  a5 ff 43 a5 20 5d 83 09  |..B..B.c..C. ]..|
-000002d0  88 7d 10 ff ec 32 33 28  1d 43 b2 d2 bf 39 0c 63  |.}...23(.C...9.c|
-000002e0  9a c0 f8 0e 9f 71 a7 9a  5d 27 1a 5c f2 36 80 b3  |.....q..]'.\.6..|
-000002f0  71 0f d3 c0 fd 0d 5d 02  90 c4 9d 90 db 74 ad f6  |q.....]......t..|
-00000300  22 8f 6b 9d 55 16 03 03  00 04 0e 00 00 00        |".k.U.........|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 af 52 73 d4 46 4d  |....%...! .Rs.FM|
-00000010  bc 0e dd 56 1f 7f 72 ce  6c 99 b9 64 53 7d 53 8d  |...V..r.l..dS}S.|
-00000020  0c a4 75 8c 83 3b 4b 76  2d 4f 14 03 03 00 01 01  |..u..;Kv-O......|
-00000030  16 03 03 00 40 a0 ef 9f  54 a8 ab 7c 5b 4a a1 b2  |....@...T..|[J..|
-00000040  5d 5b 6a d7 a7 32 35 46  58 d0 ba 38 6f 94 6e 9a  |][j..25FX..8o.n.|
-00000050  41 16 82 ed 4d 39 c4 ff  06 bf 2c 67 47 70 56 4e  |A...M9....,gGpVN|
-00000060  c5 ac 7f a0 5d d9 89 82  7a d9 36 07 55 b3 20 f4  |....]...z.6.U. .|
-00000070  b2 73 cf c3 7d                                    |.s..}|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 73 5f db 9e 08  |...........s_...|
-00000020  10 38 3b c0 95 6b dd fc  16 b2 d1 db 63 13 ca d5  |.8;..k......c...|
-00000030  b5 be 5a 1d 74 b5 75 f3  a2 63 59 be a7 d0 ab 0d  |..Z.t.u..cY.....|
-00000040  d3 43 83 8a 1d 59 ed fd  ea f0 b9 17 03 03 00 40  |.C...Y.........@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  cf 20 4f 4f bf c4 00 05  1e ca 7f 6f 69 77 e9 52  |. OO.......oiw.R|
-00000070  14 61 02 6d f1 c0 ad 7c  1a 34 cf b2 7a 58 4a 70  |.a.m...|.4..zXJp|
-00000080  11 36 5f e9 21 62 cb eb  8f e7 11 04 bf 66 03 69  |.6_.!b.......f.i|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 f5 35 92  09 6c 45 c0 27 95 98 a9  |......5..lE.'...|
-000000b0  86 56 53 1f a8 01 d5 0b  79 0e 91 15 3b 9a 07 21  |.VS.....y...;..!|
-000000c0  cb ce f0 2b 6a                                    |...+j|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-IssueTicket b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-IssueTicket
deleted file mode 100644
index feced4bb..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-IssueTicket
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 61 01 00 00  5d 03 03 b1 be 1f 18 b6  |....a...].......|
-00000010  a2 5d 4f 2f a0 e5 3b c4  4a 2d 76 bd 98 92 32 85  |.]O/..;.J-v...2.|
-00000020  9d 6b 9e 10 4b fc 03 7b  fb bc e4 00 00 04 00 2f  |.k..K..{......./|
-00000030  00 ff 01 00 00 30 00 23  00 00 00 0d 00 20 00 1e  |.....0.#..... ..|
-00000040  06 01 06 02 06 03 05 01  05 02 05 03 04 01 04 02  |................|
-00000050  04 03 03 01 03 02 03 03  02 01 02 02 02 03 00 16  |................|
-00000060  00 00 00 17 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  09 00 23 00 00 ff 01 00  01 00 16 03 03 02 59 0b  |..#...........Y.|
-00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
-00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
-00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
-00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
-00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
-00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
-000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
-000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
-000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
-000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
-000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
-000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
-00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
-00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
-00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
-00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
-00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
-00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
-00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
-00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
-00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
-00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
-000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
-000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
-000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
-000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
-000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
-000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
-00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
-00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
-00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
-00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
-00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
-00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
-00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
-00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
-00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 04 0e 00 00  |.\!.;...........|
-000002a0  00                                                |.|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 8f f0 5a 2f 01  |.............Z/.|
-00000010  99 79 e6 f2 a0 31 a4 02  d8 c0 1e 70 e8 67 58 bd  |.y...1.....p.gX.|
-00000020  a0 2a 37 3a 3c 2d 45 53  e7 d2 7d 94 16 ea 10 5c  |.*7:<-ES..}....\|
-00000030  07 91 36 87 ab f6 d1 7a  c7 40 a7 7f 23 1b ef 33  |..6....z.@..#..3|
-00000040  80 ea 7d 75 d3 62 de 7d  d2 6b cf 90 54 0f e7 02  |..}u.b.}.k..T...|
-00000050  03 85 ef 38 f4 e9 88 8f  e4 7c 8c ac 95 e6 88 f4  |...8.....|......|
-00000060  05 f7 c7 89 4a 64 de 34  5f 09 c2 84 19 36 c1 42  |....Jd.4_....6.B|
-00000070  ea 03 69 38 7e 32 10 8a  b5 cf c7 2f 8e c6 5f 29  |..i8~2...../.._)|
-00000080  4e 8a 8e d4 17 6c 9c 18  7b ea df 14 03 03 00 01  |N....l..{.......|
-00000090  01 16 03 03 00 40 5f 50  47 5a 97 52 9d 11 b5 db  |.....@_PGZ.R....|
-000000a0  ab 7b b9 e3 74 52 c5 cd  f4 73 18 cf 12 c4 fe 07  |.{..tR...s......|
-000000b0  88 5f a9 18 7a 12 23 67  ec 72 07 9f 19 b5 bf 52  |._..z.#g.r.....R|
-000000c0  2f dd 26 66 25 98 8c 5a  07 0f 26 c1 b0 38 6c 01  |/.&f%..Z..&..8l.|
-000000d0  e4 f4 ee dd b3 72                                 |.....r|
->>> Flow 4 (server to client)
-00000000  16 03 03 00 82 04 00 00  7e 00 00 00 00 00 78 50  |........~.....xP|
-00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000030  6f 2c 9f 83 61 0b b1 b7  9e 10 2d 0c 56 e8 70 66  |o,..a.....-.V.pf|
-00000040  ad de b1 15 74 2f 8b 08  8c 96 bb 4b 1b 4e dd 81  |....t/.....K.N..|
-00000050  0e bf 84 4d 43 8f c0 7e  a0 7f be c0 59 bf 83 26  |...MC..~....Y..&|
-00000060  0f a2 22 52 2c 33 94 5a  77 54 f3 b5 f2 22 51 d5  |.."R,3.ZwT..."Q.|
-00000070  24 c2 60 c3 2e 0f 9c 5e  33 3b e8 7c 52 2a 76 08  |$.`....^3;.|R*v.|
-00000080  58 ac 47 98 bc 36 b6 14  03 03 00 01 01 16 03 03  |X.G..6..........|
-00000090  00 40 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |.@..............|
-000000a0  00 00 31 fa c3 6c 95 c0  86 a5 55 30 41 c3 2d 6b  |..1..l....U0A.-k|
-000000b0  a5 00 0b af 33 63 de 80  01 3d 7a 38 8e a7 f4 b1  |....3c...=z8....|
-000000c0  2d bb e3 1d 1a b4 61 18  b5 d9 d1 7f d1 9a e7 e8  |-.....a.........|
-000000d0  49 ee 17 03 03 00 40 00  00 00 00 00 00 00 00 00  |I.....@.........|
-000000e0  00 00 00 00 00 00 00 a6  d5 e4 a8 9b d3 7d 72 1c  |.............}r.|
-000000f0  ff 14 03 68 34 c9 ca 0d  2e 80 a1 09 f7 92 f6 86  |...h4...........|
-00000100  44 22 e8 1c ea e9 dd cc  a7 92 9a 72 ec 22 5b 82  |D".........r."[.|
-00000110  7b 43 02 f7 fa 59 7b 15  03 03 00 30 00 00 00 00  |{C...Y{....0....|
-00000120  00 00 00 00 00 00 00 00  00 00 00 00 5f ab 03 1d  |............_...|
-00000130  08 72 07 6d 78 66 5b 18  ec 3a b7 ea 75 96 ce 95  |.r.mxf[..:..u...|
-00000140  0c c9 6f 86 91 14 30 d6  2e 5d b1 b4              |..o...0..]..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-IssueTicketPreDisable b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-IssueTicketPreDisable
deleted file mode 100644
index 467e3324..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-IssueTicketPreDisable
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 61 01 00 00  5d 03 03 91 2f b7 db 1e  |....a...].../...|
-00000010  41 ac c6 17 1d 0f 0c 8e  86 15 e0 de e9 c8 6b f5  |A.............k.|
-00000020  69 c7 bf ad ff 63 58 2b  b1 79 a6 00 00 04 00 2f  |i....cX+.y...../|
-00000030  00 ff 01 00 00 30 00 23  00 00 00 0d 00 20 00 1e  |.....0.#..... ..|
-00000040  06 01 06 02 06 03 05 01  05 02 05 03 04 01 04 02  |................|
-00000050  04 03 03 01 03 02 03 03  02 01 02 02 02 03 00 16  |................|
-00000060  00 00 00 17 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 35 02 00 00  31 03 03 00 00 00 00 00  |....5...1.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  09 00 23 00 00 ff 01 00  01 00 16 03 03 02 59 0b  |..#...........Y.|
-00000040  00 02 55 00 02 52 00 02  4f 30 82 02 4b 30 82 01  |..U..R..O0..K0..|
-00000050  b4 a0 03 02 01 02 02 09  00 e8 f0 9d 3f e2 5b ea  |............?.[.|
-00000060  a6 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |.0...*.H........|
-00000070  30 1f 31 0b 30 09 06 03  55 04 0a 13 02 47 6f 31  |0.1.0...U....Go1|
-00000080  10 30 0e 06 03 55 04 03  13 07 47 6f 20 52 6f 6f  |.0...U....Go Roo|
-00000090  74 30 1e 17 0d 31 36 30  31 30 31 30 30 30 30 30  |t0...16010100000|
-000000a0  30 5a 17 0d 32 35 30 31  30 31 30 30 30 30 30 30  |0Z..250101000000|
-000000b0  5a 30 1a 31 0b 30 09 06  03 55 04 0a 13 02 47 6f  |Z0.1.0...U....Go|
-000000c0  31 0b 30 09 06 03 55 04  03 13 02 47 6f 30 81 9f  |1.0...U....Go0..|
-000000d0  30 0d 06 09 2a 86 48 86  f7 0d 01 01 01 05 00 03  |0...*.H.........|
-000000e0  81 8d 00 30 81 89 02 81  81 00 db 46 7d 93 2e 12  |...0.......F}...|
-000000f0  27 06 48 bc 06 28 21 ab  7e c4 b6 a2 5d fe 1e 52  |'.H..(!.~...]..R|
-00000100  45 88 7a 36 47 a5 08 0d  92 42 5b c2 81 c0 be 97  |E.z6G....B[.....|
-00000110  79 98 40 fb 4f 6d 14 fd  2b 13 8b c2 a5 2e 67 d8  |y.@.Om..+.....g.|
-00000120  d4 09 9e d6 22 38 b7 4a  0b 74 73 2b c2 34 f1 d1  |...."8.J.ts+.4..|
-00000130  93 e5 96 d9 74 7b f3 58  9f 6c 61 3c c0 b0 41 d4  |....t{.X.la<..A.|
-00000140  d9 2b 2b 24 23 77 5b 1c  3b bd 75 5d ce 20 54 cf  |.++$#w[.;.u]. T.|
-00000150  a1 63 87 1d 1e 24 c4 f3  1d 1a 50 8b aa b6 14 43  |.c...$....P....C|
-00000160  ed 97 a7 75 62 f4 14 c8  52 d7 02 03 01 00 01 a3  |...ub...R.......|
-00000170  81 93 30 81 90 30 0e 06  03 55 1d 0f 01 01 ff 04  |..0..0...U......|
-00000180  04 03 02 05 a0 30 1d 06  03 55 1d 25 04 16 30 14  |.....0...U.%..0.|
-00000190  06 08 2b 06 01 05 05 07  03 01 06 08 2b 06 01 05  |..+.........+...|
-000001a0  05 07 03 02 30 0c 06 03  55 1d 13 01 01 ff 04 02  |....0...U.......|
-000001b0  30 00 30 19 06 03 55 1d  0e 04 12 04 10 9f 91 16  |0.0...U.........|
-000001c0  1f 43 43 3e 49 a6 de 6d  b6 80 d7 9f 60 30 1b 06  |.CC>I..m....`0..|
-000001d0  03 55 1d 23 04 14 30 12  80 10 48 13 49 4d 13 7e  |.U.#..0...H.IM.~|
-000001e0  16 31 bb a3 01 d5 ac ab  6e 7b 30 19 06 03 55 1d  |.1......n{0...U.|
-000001f0  11 04 12 30 10 82 0e 65  78 61 6d 70 6c 65 2e 67  |...0...example.g|
-00000200  6f 6c 61 6e 67 30 0d 06  09 2a 86 48 86 f7 0d 01  |olang0...*.H....|
-00000210  01 0b 05 00 03 81 81 00  9d 30 cc 40 2b 5b 50 a0  |.........0.@+[P.|
-00000220  61 cb ba e5 53 58 e1 ed  83 28 a9 58 1a a9 38 a4  |a...SX...(.X..8.|
-00000230  95 a1 ac 31 5a 1a 84 66  3d 43 d3 2d d9 0b f2 97  |...1Z..f=C.-....|
-00000240  df d3 20 64 38 92 24 3a  00 bc cf 9c 7d b7 40 20  |.. d8.$:....}.@ |
-00000250  01 5f aa d3 16 61 09 a2  76 fd 13 c3 cc e1 0c 5c  |._...a..v......\|
-00000260  ee b1 87 82 f1 6c 04 ed  73 bb b3 43 77 8d 0c 1c  |.....l..s..Cw...|
-00000270  f1 0f a1 d8 40 83 61 c9  4c 72 2b 9d ae db 46 06  |....@.a.Lr+...F.|
-00000280  06 4d f4 c1 b3 3e c0 d1  bd 42 d4 db fe 3d 13 60  |.M...>...B...=.`|
-00000290  84 5c 21 d3 3b e9 fa e7  16 03 03 00 04 0e 00 00  |.\!.;...........|
-000002a0  00                                                |.|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 c5 0c 17 b1 b2  |................|
-00000010  65 0b b7 7b 45 6f cb 7d  b4 9c 5c 82 3a 1a 75 11  |e..{Eo.}..\.:.u.|
-00000020  22 6f 41 3a 81 e2 81 2e  74 f8 70 61 fd e1 7c ce  |"oA:....t.pa..|.|
-00000030  bf 06 d7 29 77 07 b3 9d  cc 33 25 53 17 12 43 ae  |...)w....3%S..C.|
-00000040  4f df ad a4 3e 49 6e 97  50 b6 23 d0 fa 3d a6 bc  |O...>In.P.#..=..|
-00000050  38 d8 5f 2b 45 a7 d0 aa  cd b1 39 03 8f 62 9e 46  |8._+E.....9..b.F|
-00000060  50 d4 83 1d b8 76 41 29  d4 40 9a 65 41 8d 1c f0  |P....vA).@.eA...|
-00000070  d4 4d 88 d2 5e 42 ec c8  86 d6 fd df 65 d8 f1 82  |.M..^B......e...|
-00000080  8f 6a 80 31 1a 0e fc 13  2b 90 a8 14 03 03 00 01  |.j.1....+.......|
-00000090  01 16 03 03 00 40 50 ad  ed 91 c4 6a ed f8 aa 06  |.....@P....j....|
-000000a0  9e 13 03 38 bf 83 ef 4b  8e d5 89 d4 a3 f8 d9 8d  |...8...K........|
-000000b0  bb 88 72 a6 16 f6 5d d5  ca 55 bb e4 76 47 08 35  |..r...]..U..vG.5|
-000000c0  b9 fb 92 a4 0a b9 36 d7  62 44 81 e8 cf db ad 9a  |......6.bD......|
-000000d0  6d 72 c0 af 70 bd                                 |mr..p.|
->>> Flow 4 (server to client)
-00000000  16 03 03 00 82 04 00 00  7e 00 00 00 00 00 78 50  |........~.....xP|
-00000010  46 ad c1 db a8 38 86 7b  2b bb fd d0 c3 42 3e 00  |F....8.{+....B>.|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 94  |................|
-00000030  6f 2c 9f 83 61 2e fe 48  fe f6 bb 98 a0 6f b0 be  |o,..a..H.....o..|
-00000040  9e 86 d7 b2 f2 67 c7 44  c7 3d e4 2b de d0 f4 d2  |.....g.D.=.+....|
-00000050  17 51 84 8e 7a a7 80 c4  65 14 f7 49 09 68 15 56  |.Q..z...e..I.h.V|
-00000060  68 32 41 d1 6f 33 94 a1  3a c9 37 20 5d e6 b0 6f  |h2A.o3..:.7 ]..o|
-00000070  37 0a 10 e3 28 e1 34 b6  6d e6 7a 44 24 7f 2f cf  |7...(.4.m.zD$./.|
-00000080  1b ae dd 4c d0 11 75 14  03 03 00 01 01 16 03 03  |...L..u.........|
-00000090  00 40 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |.@..............|
-000000a0  00 00 7e 4a 31 e8 7d c6  eb 34 56 3b 62 0c 11 a2  |..~J1.}..4V;b...|
-000000b0  f0 bd 9b 9a 4c c9 39 2d  ed 21 dd 0c 72 3a 92 e1  |....L.9-.!..r:..|
-000000c0  0f b3 7f 71 c5 cf 2a 6f  68 bc 8e 84 7e d5 10 2e  |...q..*oh...~...|
-000000d0  c3 d4 17 03 03 00 40 00  00 00 00 00 00 00 00 00  |......@.........|
-000000e0  00 00 00 00 00 00 00 43  76 cc 74 b3 1c 89 c0 6b  |.......Cv.t....k|
-000000f0  96 f7 2c 84 c1 0a 6e d6  7f b4 76 76 2c 2f 74 6a  |..,...n...vv,/tj|
-00000100  c7 4e 18 69 1c 97 cd ca  f2 7a 33 01 3e 6f bb 54  |.N.i.....z3.>o.T|
-00000110  49 4e 8e 1d f4 13 74 15  03 03 00 30 00 00 00 00  |IN....t....0....|
-00000120  00 00 00 00 00 00 00 00  00 00 00 00 2d 70 b1 13  |............-p..|
-00000130  a9 e3 72 ca 05 8e 8d b7  f4 97 de 58 46 aa 2a 9c  |..r........XF.*.|
-00000140  2f 8c 3e 59 7b 64 e5 51  61 7f a6 39              |/.>Y{d.Qa..9|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-3DES b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-3DES
deleted file mode 100644
index af50381a..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-3DES
+++ /dev/null
@@ -1,76 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 0c fb 72 82 e5  |....]...Y....r..|
-00000010  9a 04 90 c8 0d 73 25 9a  3f 88 e3 48 71 a2 33 3e  |.....s%.?..Hq.3>|
-00000020  90 32 74 bc 12 38 d6 3a  d3 11 1d 00 00 04 00 0a  |.2t..8.:........|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 0a 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 04 90 54 41 b9  |.............TA.|
-00000010  22 12 39 d9 1d 0b b8 6c  d4 b3 8a ec 78 42 80 a5  |".9....l....xB..|
-00000020  03 c9 2a 9e 95 6f a0 28  3a 5c e9 59 28 ba 49 9b  |..*..o.(:\.Y(.I.|
-00000030  37 63 61 3f c4 ac ba 55  6b 85 a5 27 ed 37 b9 25  |7ca?...Uk..'.7.%|
-00000040  04 cf 84 ad 43 6b ab 13  fa 72 29 b8 01 d9 aa 0c  |....Ck...r).....|
-00000050  be b1 9a c4 5a 05 3d 2d  71 b4 72 f5 3a 77 fb 6b  |....Z.=-q.r.:w.k|
-00000060  45 b0 5b 00 f8 1e f9 70  7f a4 64 c9 1e 35 56 0b  |E.[....p..d..5V.|
-00000070  68 07 4c 04 95 f4 ca b1  0a b3 25 2b 93 2d be 80  |h.L.......%+.-..|
-00000080  76 15 75 07 23 ee 25 f3  1b a8 2f 14 03 03 00 01  |v.u.#.%.../.....|
-00000090  01 16 03 03 00 30 e5 cd  56 75 e6 a4 58 e5 33 cc  |.....0..Vu..X.3.|
-000000a0  95 23 e0 7f 01 f2 45 21  bb 7d 7c 17 1f 59 7c f9  |.#....E!.}|..Y|.|
-000000b0  38 05 a3 95 4d 9b f2 3f  9d 84 2c 31 15 8b 4d d4  |8...M..?..,1..M.|
-000000c0  17 3c 62 2b f6 71                                 |.<b+.q|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 30 00 00 00 00 00  |..........0.....|
-00000010  00 00 00 b3 85 c2 1b ac  9e c2 01 f7 0f 76 6d 09  |.............vm.|
-00000020  5c 4f 9f a6 89 1b 56 e3  05 0b 7e 0d 9d 6b 36 35  |\O....V...~..k65|
-00000030  49 99 aa 4c 14 3b 69 2a  87 71 7d 17 03 03 00 30  |I..L.;i*.q}....0|
-00000040  00 00 00 00 00 00 00 00  15 65 d4 be e5 1b c9 29  |.........e.....)|
-00000050  e9 3a c4 22 72 f8 0c 40  c7 f5 45 a1 a3 c8 a8 64  |.:."r..@..E....d|
-00000060  22 4c 6c 79 3f 32 66 d4  05 09 a8 d4 d8 a8 f3 c7  |"Lly?2f.........|
-00000070  15 03 03 00 20 00 00 00  00 00 00 00 00 fc 8d c6  |.... ...........|
-00000080  3d b1 c4 9f 30 26 e3 b9  46 8f ce 9f 7e 5b 1e a3  |=...0&..F...~[..|
-00000090  d0 98 64 3c 0d                                    |..d<.|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES
deleted file mode 100644
index 813f7489..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES
+++ /dev/null
@@ -1,80 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 7a e5 86 e2 0a  |....]...Y..z....|
-00000010  53 e7 ba 32 d1 57 47 ed  45 29 1b 33 2c 58 33 8f  |S..2.WG.E).3,X3.|
-00000020  36 2c 50 6f f9 c7 3b 12  40 23 e2 00 00 04 00 2f  |6,Po..;.@#...../|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 8f 13 d1 23 1b  |..............#.|
-00000010  8d 28 c7 a3 97 66 9f 8a  c1 13 a1 c9 3b 25 93 7a  |.(...f......;%.z|
-00000020  ea 54 58 fc 57 41 ca 92  77 99 13 01 61 e4 73 90  |.TX.WA..w...a.s.|
-00000030  c7 f1 2b 5e 5e 79 cf 69  7d 6b 3f 6e 5f 2e b0 f5  |..+^^y.i}k?n_...|
-00000040  f7 53 2b 46 15 92 6c 20  95 6b 44 6a 0a 3d 0b 56  |.S+F..l .kDj.=.V|
-00000050  66 53 ff 55 ec 38 10 cf  76 2c 0e ab 45 7a 02 6a  |fS.U.8..v,..Ez.j|
-00000060  75 07 11 80 6c d0 57 79  ed d6 4b b8 a0 04 91 a0  |u...l.Wy..K.....|
-00000070  d4 4b 76 38 9c b3 a6 2e  0c 3e 63 a8 18 15 c9 ab  |.Kv8.....>c.....|
-00000080  54 69 cd e5 6f 3c 56 a6  5f a7 e0 14 03 03 00 01  |Ti..o<V._.......|
-00000090  01 16 03 03 00 40 06 07  16 b4 7f fa 1a 8f 9b 1a  |.....@..........|
-000000a0  a3 23 ba 5f ce ff 0a 70  b1 11 2b 84 77 7a 78 1a  |.#._...p..+.wzx.|
-000000b0  6c 32 93 6c 31 e8 e5 26  12 97 14 33 a9 77 71 19  |l2.l1..&...3.wq.|
-000000c0  0b 20 5d 8f 3c 71 0d a4  b9 94 aa ff 42 8e d3 2d  |. ].<q......B..-|
-000000d0  7e 57 3b 35 41 cc                                 |~W;5A.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 51 27 cd 07 6e  |...........Q'..n|
-00000020  72 c8 17 ba e7 62 7c d0  49 55 e7 e6 c5 2c 93 39  |r....b|.IU...,.9|
-00000030  55 02 f5 fa 9a 7a 6f c5  79 6f ff 0f 4b b9 3d ad  |U....zo.yo..K.=.|
-00000040  23 c7 53 ad 13 2d d6 da  83 d0 67 17 03 03 00 40  |#.S..-....g....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  f5 09 3b 69 c2 1f f8 03  78 1b 13 57 ca 92 96 eb  |..;i....x..W....|
-00000070  f8 71 30 09 5a 68 01 47  96 b1 5b 7d b7 57 5e 70  |.q0.Zh.G..[}.W^p|
-00000080  00 77 bb 55 32 7b d9 a5  f7 e2 a8 6d 4b d6 be c6  |.w.U2{.....mK...|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 58 1e a0  14 82 8d e4 c5 92 35 79  |.....X........5y|
-000000b0  3b 5e 3a fe 97 18 db 27  19 7e b5 14 8c 01 fb 6a  |;^:....'.~.....j|
-000000c0  e4 26 96 e6 de                                    |.&...|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES-GCM b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES-GCM
deleted file mode 100644
index 4e52915a..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES-GCM
+++ /dev/null
@@ -1,79 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 73 01 00 00  6f 03 03 4e 1a d7 67 e4  |....s...o..N..g.|
-00000010  d1 11 85 bc 62 59 da 8f  ea d0 a0 2b 9b d3 47 aa  |....bY.....+..G.|
-00000020  d0 39 6f 3f 42 dc 7c 16  bb 25 ef 00 00 04 c0 2f  |.9o?B.|..%...../|
-00000030  00 ff 01 00 00 42 00 0b  00 04 03 00 01 02 00 0a  |.....B..........|
-00000040  00 0a 00 08 00 1d 00 17  00 19 00 18 00 0d 00 20  |............... |
-00000050  00 1e 06 01 06 02 06 03  05 01 05 02 05 03 04 01  |................|
-00000060  04 02 04 03 03 01 03 02  03 03 02 01 02 02 02 03  |................|
-00000070  00 16 00 00 00 17 00 00                           |........|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
-000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 05 01 00 80 b2 49 30  60 b7 0c 48 cb 9f 1c 75  |t.....I0`..H...u|
-000002d0  a6 b0 b0 7b 5e e6 f9 bc  5a 49 d4 51 e2 76 4c 01  |...{^...ZI.Q.vL.|
-000002e0  55 bd 37 cf 86 75 4f 33  9b fd 3c fc bb da 81 a9  |U.7..uO3..<.....|
-000002f0  26 7b 82 31 c5 51 0f d4  e8 fa a3 16 45 19 c8 40  |&{.1.Q......E..@|
-00000300  23 fa 32 bc 05 36 fb a7  a2 d9 6f e7 bc b8 27 0b  |#.2..6....o...'.|
-00000310  2a 9e 7b 95 fd b4 c0 2e  f0 73 fe fb a2 ea 20 a2  |*.{......s.... .|
-00000320  73 73 96 c8 bc 82 58 09  84 fc f4 09 2a c8 68 cb  |ss....X.....*.h.|
-00000330  66 b0 de 2c 78 7a d4 ec  06 f1 1c 52 03 5a 69 24  |f..,xz.....R.Zi$|
-00000340  c4 e6 bb 68 f4 16 03 03  00 04 0e 00 00 00        |...h..........|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 41 d4 8d 53 2e 47  |....%...! A..S.G|
-00000010  b8 35 ba 86 3c 41 07 2e  c1 a0 9d c2 e9 11 d8 20  |.5..<A......... |
-00000020  a1 fa 0a ff 28 64 5b af  c3 67 14 03 03 00 01 01  |....(d[..g......|
-00000030  16 03 03 00 28 78 fd 19  36 4d a7 ca ab ba 06 6b  |....(x..6M.....k|
-00000040  3f a5 79 17 2f 2b ec f6  19 db 17 1a 52 ea 72 0b  |?.y./+......R.r.|
-00000050  01 af 56 8b 14 8f 8a 04  f3 ff ea fe 33           |..V.........3|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-00000010  00 00 00 ec 99 e0 9a 83  28 94 e6 72 4f be 28 24  |........(..rO.($|
-00000020  64 bd 9d 86 79 cc ab 05  15 39 06 6e da 0c b8 4e  |d...y....9.n...N|
-00000030  6c a9 f3 17 03 03 00 25  00 00 00 00 00 00 00 01  |l......%........|
-00000040  9a d7 b0 54 dd 3c ae 8e  3f 1f 41 68 a5 01 a0 da  |...T.<..?.Ah....|
-00000050  e8 8e 90 55 1a 11 f0 70  8d a3 af a4 29 15 03 03  |...U...p....)...|
-00000060  00 1a 00 00 00 00 00 00  00 02 a8 96 cb 16 d7 b1  |................|
-00000070  41 7e bc 0e 01 8f cc 47  40 e5 c7 2a              |A~.....G@..*|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
deleted file mode 100644
index 36be9da0..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
+++ /dev/null
@@ -1,79 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 73 01 00 00  6f 03 03 b7 d2 dc fe 53  |....s...o......S|
-00000010  d6 13 08 19 be 30 22 17  db a7 06 9b 62 82 14 38  |.....0".....b..8|
-00000020  2e 68 70 08 02 7d 22 64  13 75 f5 00 00 04 c0 30  |.hp..}"d.u.....0|
-00000030  00 ff 01 00 00 42 00 0b  00 04 03 00 01 02 00 0a  |.....B..........|
-00000040  00 0a 00 08 00 1d 00 17  00 19 00 18 00 0d 00 20  |............... |
-00000050  00 1e 06 01 06 02 06 03  05 01 05 02 05 03 04 01  |................|
-00000060  04 02 04 03 03 01 03 02  03 03 02 01 02 02 02 03  |................|
-00000070  00 16 00 00 00 17 00 00                           |........|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 30 00 00  |.............0..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
-000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 05 01 00 80 b8 c4 6a  be 2a dd 47 03 7b 84 72  |t......j.*.G.{.r|
-000002d0  0b a4 c0 a7 2e b5 a4 be  c7 6a 2a 8b d0 23 6f b5  |.........j*..#o.|
-000002e0  bc 0e ba 3c f5 9d a3 90  b0 af 80 11 bd 22 b5 7b  |...<.........".{|
-000002f0  3c 53 f8 54 d0 b4 b0 53  28 75 0d 15 58 88 c2 90  |<S.T...S(u..X...|
-00000300  69 ea e0 08 aa 07 93 15  ae ed e5 a8 3d 2d 9c 62  |i...........=-.b|
-00000310  1d 40 26 7d 0e d3 23 52  71 71 ff ea 18 f9 0a eb  |.@&}..#Rqq......|
-00000320  78 8a 8f 9e 12 8c 0b 33  a8 ee 42 76 16 29 58 ec  |x......3..Bv.)X.|
-00000330  ea 6d 22 48 0d d0 68 c3  97 8d e9 ec cd 10 f6 47  |.m"H..h........G|
-00000340  c9 9d 42 12 54 16 03 03  00 04 0e 00 00 00        |..B.T.........|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 20 df 4a b8 02 4f  |....%...!  .J..O|
-00000010  31 db 22 90 59 57 20 23  e1 72 8d 28 60 b3 f2 77  |1.".YW #.r.(`..w|
-00000020  db 3a ce 64 5a a5 63 94  be 09 14 03 03 00 01 01  |.:.dZ.c.........|
-00000030  16 03 03 00 28 de 72 f3  c3 b2 aa b4 9b b7 fe 35  |....(.r........5|
-00000040  3b 25 af 74 47 d3 49 39  07 d9 70 37 30 d0 b7 47  |;%.tG.I9..p70..G|
-00000050  bf ad 97 08 44 59 a7 3c  12 f2 4a 2d 7c           |....DY.<..J-||
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-00000010  00 00 00 16 18 e1 e8 d4  c0 d1 19 3a 50 10 85 fc  |...........:P...|
-00000020  fc 3e 27 54 e4 57 b6 e7  c4 25 d5 4e 10 ad 0f ff  |.>'T.W...%.N....|
-00000030  ad 45 8c 17 03 03 00 25  00 00 00 00 00 00 00 01  |.E.....%........|
-00000040  50 b8 af 5f a2 3e 0f f7  f0 81 1f 32 69 39 2f f2  |P.._.>.....2i9/.|
-00000050  47 28 80 fb d0 46 d4 b7  a2 ba e3 71 ea 15 03 03  |G(...F.....q....|
-00000060  00 1a 00 00 00 00 00 00  00 02 c4 64 7a 81 b3 3a  |...........dz..:|
-00000070  2c 71 35 ec f7 0c 52 36  20 2c eb fe              |,q5...R6 ,..|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-RC4 b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-RC4
deleted file mode 100644
index e49d1bcb..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-RSA-RC4
+++ /dev/null
@@ -1,72 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 55 3e 1a 3f cc  |....]...Y..U>.?.|
-00000010  14 18 07 db 5e 97 15 33  62 9d de 56 7b ea 52 bf  |....^..3b..V{.R.|
-00000020  a3 ce c2 75 3f 52 0a 2f  3e 99 07 00 00 04 00 05  |...u?R./>.......|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 05 00 00  |................|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 a7 55 0a e7 33  |............U..3|
-00000010  8e be 5a 3a b4 f4 06 6e  fc 0e 42 6e f3 0c 01 5a  |..Z:...n..Bn...Z|
-00000020  65 73 36 bd cd be 0f 65  2f d2 88 1a f0 5e f8 07  |es6....e/....^..|
-00000030  c1 fe 5f 5f d6 f5 fa 79  24 44 0d 33 4f e6 74 88  |..__...y$D.3O.t.|
-00000040  86 f1 76 84 29 b4 f2 ae  eb 9b 00 a2 6a e4 97 58  |..v.).......j..X|
-00000050  8b 2e 04 8f 8f 5e fe b4  9d 38 1d 8d 40 a4 9b a2  |.....^...8..@...|
-00000060  17 50 8a e5 39 c9 e9 41  3e 0d 9c 42 2c 7a 88 bf  |.P..9..A>..B,z..|
-00000070  f7 09 4e 27 0b fe cc 53  13 07 d5 7e 0e e6 02 3c  |..N'...S...~...<|
-00000080  8a 3f f9 03 df b6 65 a0  77 ee 50 14 03 03 00 01  |.?....e.w.P.....|
-00000090  01 16 03 03 00 24 5f 41  3e 38 05 08 74 62 5b 4e  |.....$_A>8..tb[N|
-000000a0  94 55 98 74 5c 65 1a 4c  49 08 1d 77 d7 f0 12 47  |.U.t\e.LI..w...G|
-000000b0  d2 ef a6 31 5c 36 03 b5  b5 9d                    |...1\6....|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 24 6f 68 a2 c0 4d  |..........$oh..M|
-00000010  f4 cb c0 e5 8b 19 f9 2e  46 c3 3b 92 eb a9 42 8b  |........F.;...B.|
-00000020  03 4a e2 62 9d f1 c0 39  b1 63 61 08 15 b0 ca 17  |.J.b...9.ca.....|
-00000030  03 03 00 21 50 9e 16 ce  7e af 8f 43 d1 1c 30 37  |...!P...~..C..07|
-00000040  85 e9 68 3a 9c 7e 26 90  dc 14 b1 ec 91 20 2b 4a  |..h:.~&...... +J|
-00000050  24 b4 fa b1 50 15 03 03  00 16 59 74 08 41 73 01  |$...P.....Yt.As.|
-00000060  22 19 0b 35 6b 4d ee d2  15 50 42 de cc cf cc 09  |"..5kM...PB.....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-Resume b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-Resume
deleted file mode 100644
index 366ca8f7..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-Resume
+++ /dev/null
@@ -1,41 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 f9 01 00 00  f5 03 03 23 77 58 99 0e  |...........#wX..|
-00000010  44 ed 63 44 e4 e4 eb d1  83 c3 9c d0 24 12 a3 b9  |D.cD........$...|
-00000020  55 6b 4d da bf 84 9d 35  de 43 a0 20 7b 93 cb d3  |UkM....5.C. {...|
-00000030  c5 ce 5e d5 aa 48 91 a4  b2 c2 d7 72 09 0d 21 78  |..^..H.....r..!x|
-00000040  f0 ac 7a ed 9a a9 ad dd  51 8b b2 1c 00 04 00 2f  |..z.....Q....../|
-00000050  00 ff 01 00 00 a8 00 23  00 78 50 46 ad c1 db a8  |.......#.xPF....|
-00000060  38 86 7b 2b bb fd d0 c3  42 3e 00 00 00 00 00 00  |8.{+....B>......|
-00000070  00 00 00 00 00 00 00 00  00 00 94 6f 2c 9f 83 61  |...........o,..a|
-00000080  0b b1 b7 9e 10 2d 0c 56  e8 70 66 ad de b1 15 74  |.....-.V.pf....t|
-00000090  2f 8b 08 8c 96 bb 4b 1b  4e dd 81 0e bf 84 4d 43  |/.....K.N.....MC|
-000000a0  8f c0 7e a0 7f be c0 59  bf 83 26 0f a2 22 52 2c  |..~....Y..&.."R,|
-000000b0  33 94 5a 77 54 f3 b5 f2  22 51 d5 24 c2 60 c3 2e  |3.ZwT..."Q.$.`..|
-000000c0  0f 9c 5e 33 3b e8 7c 52  2a 76 08 58 ac 47 98 bc  |..^3;.|R*v.X.G..|
-000000d0  36 b6 00 0d 00 20 00 1e  06 01 06 02 06 03 05 01  |6.... ..........|
-000000e0  05 02 05 03 04 01 04 02  04 03 03 01 03 02 03 03  |................|
-000000f0  02 01 02 02 02 03 00 16  00 00 00 17 00 00        |..............|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 51 02 00 00  4d 03 03 00 00 00 00 00  |....Q...M.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 20 7b 93 cb d3  |........... {...|
-00000030  c5 ce 5e d5 aa 48 91 a4  b2 c2 d7 72 09 0d 21 78  |..^..H.....r..!x|
-00000040  f0 ac 7a ed 9a a9 ad dd  51 8b b2 1c 00 2f 00 00  |..z.....Q..../..|
-00000050  05 ff 01 00 01 00 14 03  03 00 01 01 16 03 03 00  |................|
-00000060  40 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
-00000070  00 ac d9 95 88 c6 37 e8  3c 24 d8 d9 15 46 25 c6  |......7.<$...F%.|
-00000080  32 0c 75 80 11 3d 89 53  1c 7a b1 78 6a c1 1a d7  |2.u..=.S.z.xj...|
-00000090  91 6e c2 55 99 84 11 43  cd 62 99 3b 28 1b 2e 08  |.n.U...C.b.;(...|
-000000a0  a8                                                |.|
->>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 16 03  03 00 40 67 fd 43 2a 0b  |..........@g.C*.|
-00000010  14 6b 89 53 84 a8 04 62  d6 30 af 68 eb 8e 2a de  |.k.S...b.0.h..*.|
-00000020  67 c9 40 af 8b ac dd 29  a4 20 e4 da b0 dd c3 05  |g.@....). ......|
-00000030  82 83 8f 75 77 db 6c fe  e7 20 54 e3 eb 51 31 68  |...uw.l.. T..Q1h|
-00000040  da 11 a3 6d a1 34 d9 f5  d1 ef c9                 |...m.4.....|
->>> Flow 4 (server to client)
-00000000  17 03 03 00 40 00 00 00  00 00 00 00 00 00 00 00  |....@...........|
-00000010  00 00 00 00 00 ee e2 75  6f 78 b0 88 1a 8b 9b 91  |.......uox......|
-00000020  c9 8c 3b ae a5 93 71 12  55 66 f8 09 a5 1f 4b 1b  |..;...q.Uf....K.|
-00000030  c2 fe 65 8b 3d d9 dc fa  af dc 29 1b 83 da e0 6a  |..e.=.....)....j|
-00000040  4b cd d0 dc 27                                    |K...'|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ResumeDisabled b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ResumeDisabled
deleted file mode 100644
index 34748371..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-ResumeDisabled
+++ /dev/null
@@ -1,89 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 f9 01 00 00  f5 03 03 e8 59 b4 a7 b2  |............Y...|
-00000010  77 86 57 47 0d d7 7b 2b  c1 a2 04 fd 8d 4d e4 f5  |w.WG..{+.....M..|
-00000020  be e2 65 8e 28 9a fe c3  19 fc 43 20 40 38 fb 60  |..e.(.....C @8.`|
-00000030  f8 2f 36 f4 85 1d ee f1  53 f2 90 cf 3c 58 36 cd  |./6.....S...<X6.|
-00000040  bd 22 b4 0c 92 a9 17 56  f9 b4 dd 9b 00 04 00 2f  |.".....V......./|
-00000050  00 ff 01 00 00 a8 00 23  00 78 50 46 ad c1 db a8  |.......#.xPF....|
-00000060  38 86 7b 2b bb fd d0 c3  42 3e 00 00 00 00 00 00  |8.{+....B>......|
-00000070  00 00 00 00 00 00 00 00  00 00 94 6f 2c 9f 83 61  |...........o,..a|
-00000080  2e fe 48 fe f6 bb 98 a0  6f b0 be 9e 86 d7 b2 f2  |..H.....o.......|
-00000090  67 c7 44 c7 3d e4 2b de  d0 f4 d2 17 51 84 8e 7a  |g.D.=.+.....Q..z|
-000000a0  a7 80 c4 65 14 f7 49 09  68 15 56 68 32 41 d1 6f  |...e..I.h.Vh2A.o|
-000000b0  33 94 a1 3a c9 37 20 5d  e6 b0 6f 37 0a 10 e3 28  |3..:.7 ]..o7...(|
-000000c0  e1 34 b6 6d e6 7a 44 24  7f 2f cf 1b ae dd 4c d0  |.4.m.zD$./....L.|
-000000d0  11 75 00 0d 00 20 00 1e  06 01 06 02 06 03 05 01  |.u... ..........|
-000000e0  05 02 05 03 04 01 04 02  04 03 03 01 03 02 03 03  |................|
-000000f0  02 01 02 02 02 03 00 16  00 00 00 17 00 00        |..............|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 5e 04 66 f2 27  |...........^.f.'|
-00000010  99 3b f8 15 9f b8 4a ab  8c 32 10 0d 5b c9 5b 0b  |.;....J..2..[.[.|
-00000020  04 69 dc 2b 9e bb 28 38  b6 a0 0f 32 ae 8c 96 64  |.i.+..(8...2...d|
-00000030  63 97 6b b6 63 94 45 84  03 28 d1 d8 85 2f a7 bb  |c.k.c.E..(.../..|
-00000040  be ca 3e f5 30 27 e1 fd  e5 cc bc b5 61 3d 26 8d  |..>.0'......a=&.|
-00000050  0e 93 dd 78 07 5c fe 1b  a9 57 c7 ce e6 df eb 28  |...x.\...W.....(|
-00000060  74 ce 12 f3 df 3f c0 9e  54 b6 e0 b0 ea f7 08 c6  |t....?..T.......|
-00000070  e1 9b cb e7 e9 41 b0 b4  68 2f f2 9b 1a 0a e3 17  |.....A..h/......|
-00000080  df d7 18 ff 95 ca 36 07  32 ff f9 14 03 03 00 01  |......6.2.......|
-00000090  01 16 03 03 00 40 cb c3  74 05 82 ab 93 07 a2 8b  |.....@..t.......|
-000000a0  24 27 c0 21 3e d1 15 12  9a 85 20 5b f5 7e 7e 0a  |$'.!>..... [.~~.|
-000000b0  a0 8e b2 de aa 25 2a b3  3d 12 1b 01 45 ec 36 53  |.....%*.=...E.6S|
-000000c0  32 1d 81 c7 1d a6 96 c2  a9 2e af fa 90 6e 76 bb  |2............nv.|
-000000d0  a2 bc 43 91 c9 ca                                 |..C...|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 7f 39 4c 83 d4  |............9L..|
-00000020  ca a2 7a a8 eb 3e 45 18  6e 33 3d 6f eb 2d 4f 72  |..z..>E.n3=o.-Or|
-00000030  35 ee c3 f8 22 fd 39 28  47 23 55 16 6c 47 80 b7  |5...".9(G#U.lG..|
-00000040  65 31 15 f6 89 79 96 bd  6a df 1d 17 03 03 00 40  |e1...y..j......@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  0c ea 0d 87 9a 24 d5 cc  26 9a a2 32 df 04 24 7d  |.....$..&..2..$}|
-00000070  45 ed 35 4e 5b a0 57 c1  c7 f1 0f 8b b0 f9 49 85  |E.5N[.W.......I.|
-00000080  d6 e6 36 26 d5 f3 e4 00  76 d0 d6 20 be b3 31 e5  |..6&....v.. ..1.|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 6c 51 e9  c2 e8 4f 43 e2 ce 01 9d  |.....lQ...OC....|
-000000b0  d9 6f d7 c7 bf 16 d9 28  ca 8a ea 5e d5 84 ba 55  |.o.....(...^...U|
-000000c0  b7 23 9d 79 28                                    |.#.y(|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI
deleted file mode 100644
index 852cc63d..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI
+++ /dev/null
@@ -1,81 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 71 01 00 00  6d 03 03 35 8f 03 0b f4  |....q...m..5....|
-00000010  81 dd d7 ec 8b cc 85 bd  07 5b 83 16 cc 6e b2 67  |.........[...n.g|
-00000020  fd 33 69 81 14 9a 14 9d  37 43 5a 00 00 04 00 2f  |.3i.....7CZ..../|
-00000030  00 ff 01 00 00 40 00 00  00 10 00 0e 00 00 0b 73  |.....@.........s|
-00000040  6e 69 74 65 73 74 2e 63  6f 6d 00 0d 00 20 00 1e  |nitest.com... ..|
-00000050  06 01 06 02 06 03 05 01  05 02 05 03 04 01 04 02  |................|
-00000060  04 03 03 01 03 02 03 03  02 01 02 02 02 03 00 16  |................|
-00000070  00 00 00 17 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 4c 15 46 23 91  |...........L.F#.|
-00000010  a0 d8 6c 45 f0 49 7e 70  84 9f bf 53 3d 68 2c cc  |..lE.I~p...S=h,.|
-00000020  20 3f 28 bd cf e6 6e fd  e6 90 ff 87 14 82 65 00  | ?(...n.......e.|
-00000030  d6 b6 ef 5a 0c d6 30 76  88 d2 37 33 39 de 00 b4  |...Z..0v..739...|
-00000040  ec dd 30 3b f6 88 ff 4c  b2 98 75 77 fd c3 61 38  |..0;...L..uw..a8|
-00000050  2d 00 f7 14 d8 a4 37 22  c0 db 8a bd 12 0b b8 cc  |-.....7"........|
-00000060  37 82 78 d3 0e f2 0b 9b  51 c5 26 c5 e2 ce 3e 0e  |7.x.....Q.&...>.|
-00000070  04 34 39 83 a8 f5 65 ff  40 d9 9b 4a 11 6b b3 d2  |.49...e.@..J.k..|
-00000080  f7 02 78 a9 7c f4 69 56  3a a4 98 14 03 03 00 01  |..x.|.iV:.......|
-00000090  01 16 03 03 00 40 d6 90  b3 07 d1 a1 c1 12 35 07  |.....@........5.|
-000000a0  4e c0 df 4b 17 cc fa 49  47 c9 22 c3 6f 70 fa ee  |N..K...IG.".op..|
-000000b0  cf b3 61 d6 06 54 cd ce  c2 15 17 8a a0 f6 5c 43  |..a..T........\C|
-000000c0  7c 92 ce 89 d4 96 53 d0  c7 e6 9a 24 bc 5a 83 e5  ||.....S....$.Z..|
-000000d0  9c 65 72 e7 80 a4                                 |.er...|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 a0 61 69 4c 9d  |............aiL.|
-00000020  68 f3 f8 f6 a0 ef 1b f4  a2 f5 83 fa 03 87 ad 67  |h..............g|
-00000030  7e 9f df c6 ce 9f 69 ce  22 fc de 91 0d 18 00 fb  |~.....i.".......|
-00000040  c1 5d a1 2d bb 89 29 4f  f6 de 57 17 03 03 00 40  |.].-..)O..W....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  bb 54 f4 80 69 1d 3b 9c  e7 9c 1a fb 4e 3d c1 02  |.T..i.;.....N=..|
-00000070  d3 05 86 35 47 61 59 aa  45 54 ae a2 59 4c 75 8c  |...5GaY.ET..YLu.|
-00000080  8d a9 7d 7f a0 4b d9 65  7a 53 ef 7e ed a3 fa 9e  |..}..K.ezS.~....|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 cc fd 0f  cb 74 a5 36 ce c1 cd 54  |.........t.6...T|
-000000b0  6f 66 81 c0 ab ff 72 ea  f3 1f a6 b7 ef 46 45 68  |of....r......FEh|
-000000c0  9b 0b 7f 4f 46                                    |...OF|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI-GetCertificate b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI-GetCertificate
deleted file mode 100644
index b35cd8de..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI-GetCertificate
+++ /dev/null
@@ -1,81 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 71 01 00 00  6d 03 03 31 c7 3f 2b 99  |....q...m..1.?+.|
-00000010  95 d8 d5 b7 91 ab 95 c6  09 35 0c 2b bd b6 94 1e  |.........5.+....|
-00000020  64 4a 2d b6 43 23 a0 01  e7 93 22 00 00 04 00 2f  |dJ-.C#...."..../|
-00000030  00 ff 01 00 00 40 00 00  00 10 00 0e 00 00 0b 73  |.....@.........s|
-00000040  6e 69 74 65 73 74 2e 63  6f 6d 00 0d 00 20 00 1e  |nitest.com... ..|
-00000050  06 01 06 02 06 03 05 01  05 02 05 03 04 01 04 02  |................|
-00000060  04 03 03 01 03 02 03 03  02 01 02 02 02 03 00 16  |................|
-00000070  00 00 00 17 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 c9 3a 9d ea e3  |............:...|
-00000010  19 f1 07 77 61 ef 5a aa  ed 0f 26 b4 7a 45 db 05  |...wa.Z...&.zE..|
-00000020  bd 51 77 f5 ee 7b c1 83  9c 95 49 7b 70 5e 5b fe  |.Qw..{....I{p^[.|
-00000030  25 d2 3d 64 74 b8 a4 97  fd cb b9 75 7b 8f b0 59  |%.=dt......u{..Y|
-00000040  30 bf b3 41 ce 54 83 0a  ca 29 49 5a fe 29 4c 53  |0..A.T...)IZ.)LS|
-00000050  fb d6 6e 46 d9 f7 31 17  d6 ee f9 ac 41 82 22 11  |..nF..1.....A.".|
-00000060  a7 34 07 41 50 43 2f 83  f6 1f c6 c0 9d 4a 67 5a  |.4.APC/......JgZ|
-00000070  af 44 59 c0 00 33 be 24  f7 0a a4 fe 76 6b 03 05  |.DY..3.$....vk..|
-00000080  2e ec 4d 49 db 6e e5 0a  5f af 09 14 03 03 00 01  |..MI.n.._.......|
-00000090  01 16 03 03 00 40 ad 89  4d 25 a2 ce 98 8c cf b6  |.....@..M%......|
-000000a0  f5 f4 76 6b e7 71 66 4a  f9 a7 67 fb 1d 6c a7 83  |..vk.qfJ..g..l..|
-000000b0  3b 1d 6a af 65 f2 c1 1d  97 03 5b c2 34 ee 3b 8e  |;.j.e.....[.4.;.|
-000000c0  cc bd 8f 3a b8 9b 4f 90  3f de 1e 97 1e 8e 61 37  |...:..O.?.....a7|
-000000d0  2d 30 35 84 3b 26                                 |-05.;&|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 fe 23 de 33 4b  |............#.3K|
-00000020  55 f2 8e 73 09 ba ae f1  12 bd f7 15 75 90 8f 19  |U..s........u...|
-00000030  1b 19 b6 3f 2c 19 47 87  a9 43 d5 1e 85 fb 0c 90  |...?,.G..C......|
-00000040  c8 18 72 8f 08 6f 48 43  3c 5c 5a 17 03 03 00 40  |..r..oHC<\Z....@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  4d 44 d7 eb a3 94 00 74  90 9d c0 bd 8e 11 eb b6  |MD.....t........|
-00000070  93 43 c6 14 0d ba c2 aa  f0 f5 2d 85 9a 7c 27 44  |.C........-..|'D|
-00000080  fc d8 46 76 b2 21 4f 70  1a 9a df 9e 3a 8f a3 58  |..Fv.!Op....:..X|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 91 0f c3  2a 98 79 57 39 3c 68 98  |........*.yW9<h.|
-000000b0  df 36 12 de e5 15 ee cb  80 ce 33 d9 20 95 33 38  |.6........3. .38|
-000000c0  8b d8 ed 8f 9b                                    |.....|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI-GetCertificateNotFound b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI-GetCertificateNotFound
deleted file mode 100644
index 8ba207b2..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-SNI-GetCertificateNotFound
+++ /dev/null
@@ -1,81 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 71 01 00 00  6d 03 03 f8 16 6b 20 c3  |....q...m....k .|
-00000010  a4 cf fc ca 04 47 7a f9  cc d9 cf 4a 15 ff 6e 82  |.....Gz....J..n.|
-00000020  14 6a 91 91 7f f1 f4 42  e6 7c d4 00 00 04 00 2f  |.j.....B.|...../|
-00000030  00 ff 01 00 00 40 00 00  00 10 00 0e 00 00 0b 73  |.....@.........s|
-00000040  6e 69 74 65 73 74 2e 63  6f 6d 00 0d 00 20 00 1e  |nitest.com... ..|
-00000050  06 01 06 02 06 03 05 01  05 02 05 03 04 01 04 02  |................|
-00000060  04 03 03 01 03 02 03 03  02 01 02 02 02 03 00 16  |................|
-00000070  00 00 00 17 00 00                                 |......|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  04 0e 00 00 00           |;............|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 86 10 00 00  82 00 80 80 e8 00 cc 09  |................|
-00000010  fc 87 20 9f 2a 38 33 6f  cb 61 71 86 6d 55 6a 87  |.. .*83o.aq.mUj.|
-00000020  e0 22 78 62 4e 3b 98 5c  87 fd 3b 1c 73 d3 77 7e  |."xbN;.\..;.s.w~|
-00000030  a4 c3 6f d4 6d 82 65 40  0e 70 2f 24 e9 7d ff 49  |..o.m.e@.p/$.}.I|
-00000040  c7 bd 45 44 af ae a5 7a  06 06 5e 1e ce 31 73 4b  |..ED...z..^..1sK|
-00000050  4a 38 f0 11 ba 32 58 ab  a5 94 12 13 30 83 95 85  |J8...2X.....0...|
-00000060  f5 7e 8d a7 cc 6d 19 14  f9 b0 dc 64 e5 4d b1 7d  |.~...m.....d.M.}|
-00000070  e6 95 d4 4a 7f 85 11 5b  a7 c9 32 84 c2 ec 2e c3  |...J...[..2.....|
-00000080  40 fe 5c e2 cf 5b 96 8a  72 9f 9f 14 03 03 00 01  |@.\..[..r.......|
-00000090  01 16 03 03 00 40 a8 d2  5b 24 28 2b 86 1e c1 2e  |.....@..[$(+....|
-000000a0  6f da 7a ac 6b bf 02 ea  10 5d 9c 71 fb 19 eb 17  |o.z.k....].q....|
-000000b0  19 b2 07 7c b9 df d0 6d  9f 80 cf 37 a0 2a 18 c9  |...|...m...7.*..|
-000000c0  e9 b5 9f 94 42 6a 6b 33  55 fb 6d 94 3b 79 ed 26  |....Bjk3U.m.;y.&|
-000000d0  5c 5a 7f 68 2c d8                                 |\Z.h,.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 18 e9 b5 96 14  |................|
-00000020  38 98 d4 23 cd e5 32 0e  09 ae b3 3b 90 a4 4d c2  |8..#..2....;..M.|
-00000030  e5 a8 df 72 e8 97 0b 67  cb 87 f4 d0 3e 52 ca d1  |...r...g....>R..|
-00000040  28 94 ed 88 6c cb 62 53  b2 a1 04 17 03 03 00 40  |(...l.bS.......@|
-00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  0e e3 b0 da 4b 19 ca 29  7b 1d c8 e3 0d d7 f2 97  |....K..){.......|
-00000070  b0 0b 6e f0 d2 4b f0 c4  ca 87 75 3c ae 66 e1 b3  |..n..K....u<.f..|
-00000080  06 e3 e6 90 54 fd 31 f7  5d 3b 6f de 0f d5 e4 09  |....T.1.];o.....|
-00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 ee a1 b0  94 b5 86 71 73 66 14 ac  |...........qsf..|
-000000b0  5c 4e 1b 67 27 af db b6  e3 44 15 38 b1 f5 e0 13  |\N.g'....D.8....|
-000000c0  a5 e1 82 c0 6a                                    |....j|
diff --git a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM b/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM
deleted file mode 100644
index 89587e9b..00000000
--- a/firewall/inspection/tls/tlslib/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM
+++ /dev/null
@@ -1,79 +0,0 @@
->>> Flow 1 (client to server)
-00000000  16 03 01 00 73 01 00 00  6f 03 03 33 6d f4 4a 4b  |....s...o..3m.JK|
-00000010  48 35 ef 62 e9 bd 66 90  7e 73 62 bf 93 51 3d 90  |H5.b..f.~sb..Q=.|
-00000020  9e f1 17 ae bd 24 28 54  44 50 8e 00 00 04 c0 2f  |.....$(TDP...../|
-00000030  00 ff 01 00 00 42 00 0b  00 04 03 00 01 02 00 0a  |.....B..........|
-00000040  00 0a 00 08 00 1d 00 17  00 19 00 18 00 0d 00 20  |............... |
-00000050  00 1e 06 01 06 02 06 03  05 01 05 02 05 03 04 01  |................|
-00000060  04 02 04 03 03 01 03 02  03 03 02 01 02 02 02 03  |................|
-00000070  00 16 00 00 00 17 00 00                           |........|
->>> Flow 2 (server to client)
-00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
-00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 2f 00 00  |............./..|
-00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
-00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
-00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
-00000060  09 2a 86 48 86 f7 0d 01  01 0b 05 00 30 1f 31 0b  |.*.H........0.1.|
-00000070  30 09 06 03 55 04 0a 13  02 47 6f 31 10 30 0e 06  |0...U....Go1.0..|
-00000080  03 55 04 03 13 07 47 6f  20 52 6f 6f 74 30 1e 17  |.U....Go Root0..|
-00000090  0d 31 36 30 31 30 31 30  30 30 30 30 30 5a 17 0d  |.160101000000Z..|
-000000a0  32 35 30 31 30 31 30 30  30 30 30 30 5a 30 1a 31  |250101000000Z0.1|
-000000b0  0b 30 09 06 03 55 04 0a  13 02 47 6f 31 0b 30 09  |.0...U....Go1.0.|
-000000c0  06 03 55 04 03 13 02 47  6f 30 81 9f 30 0d 06 09  |..U....Go0..0...|
-000000d0  2a 86 48 86 f7 0d 01 01  01 05 00 03 81 8d 00 30  |*.H............0|
-000000e0  81 89 02 81 81 00 db 46  7d 93 2e 12 27 06 48 bc  |.......F}...'.H.|
-000000f0  06 28 21 ab 7e c4 b6 a2  5d fe 1e 52 45 88 7a 36  |.(!.~...]..RE.z6|
-00000100  47 a5 08 0d 92 42 5b c2  81 c0 be 97 79 98 40 fb  |G....B[.....y.@.|
-00000110  4f 6d 14 fd 2b 13 8b c2  a5 2e 67 d8 d4 09 9e d6  |Om..+.....g.....|
-00000120  22 38 b7 4a 0b 74 73 2b  c2 34 f1 d1 93 e5 96 d9  |"8.J.ts+.4......|
-00000130  74 7b f3 58 9f 6c 61 3c  c0 b0 41 d4 d9 2b 2b 24  |t{.X.la<..A..++$|
-00000140  23 77 5b 1c 3b bd 75 5d  ce 20 54 cf a1 63 87 1d  |#w[.;.u]. T..c..|
-00000150  1e 24 c4 f3 1d 1a 50 8b  aa b6 14 43 ed 97 a7 75  |.$....P....C...u|
-00000160  62 f4 14 c8 52 d7 02 03  01 00 01 a3 81 93 30 81  |b...R.........0.|
-00000170  90 30 0e 06 03 55 1d 0f  01 01 ff 04 04 03 02 05  |.0...U..........|
-00000180  a0 30 1d 06 03 55 1d 25  04 16 30 14 06 08 2b 06  |.0...U.%..0...+.|
-00000190  01 05 05 07 03 01 06 08  2b 06 01 05 05 07 03 02  |........+.......|
-000001a0  30 0c 06 03 55 1d 13 01  01 ff 04 02 30 00 30 19  |0...U.......0.0.|
-000001b0  06 03 55 1d 0e 04 12 04  10 9f 91 16 1f 43 43 3e  |..U..........CC>|
-000001c0  49 a6 de 6d b6 80 d7 9f  60 30 1b 06 03 55 1d 23  |I..m....`0...U.#|
-000001d0  04 14 30 12 80 10 48 13  49 4d 13 7e 16 31 bb a3  |..0...H.IM.~.1..|
-000001e0  01 d5 ac ab 6e 7b 30 19  06 03 55 1d 11 04 12 30  |....n{0...U....0|
-000001f0  10 82 0e 65 78 61 6d 70  6c 65 2e 67 6f 6c 61 6e  |...example.golan|
-00000200  67 30 0d 06 09 2a 86 48  86 f7 0d 01 01 0b 05 00  |g0...*.H........|
-00000210  03 81 81 00 9d 30 cc 40  2b 5b 50 a0 61 cb ba e5  |.....0.@+[P.a...|
-00000220  53 58 e1 ed 83 28 a9 58  1a a9 38 a4 95 a1 ac 31  |SX...(.X..8....1|
-00000230  5a 1a 84 66 3d 43 d3 2d  d9 0b f2 97 df d3 20 64  |Z..f=C.-...... d|
-00000240  38 92 24 3a 00 bc cf 9c  7d b7 40 20 01 5f aa d3  |8.$:....}.@ ._..|
-00000250  16 61 09 a2 76 fd 13 c3  cc e1 0c 5c ee b1 87 82  |.a..v......\....|
-00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
-00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
-00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
-000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 05 01 00 80 61 aa 96  74 97 9f 2a 81 df 73 4d  |t....a..t..*..sM|
-000002d0  58 fb 8b 34 d9 51 02 1d  30 45 98 11 fa 20 cc 48  |X..4.Q..0E... .H|
-000002e0  18 8d 92 4a bc bf 34 c2  52 cc 7b 7d 93 32 f9 98  |...J..4.R.{}.2..|
-000002f0  eb d0 6d 58 4c 24 71 f1  78 cc ee 4d f8 26 26 d3  |..mXL$q.x..M.&&.|
-00000300  b0 1c 46 67 ff 75 fc b5  b3 75 31 f3 9d d6 51 07  |..Fg.u...u1...Q.|
-00000310  7a c1 2f 52 3f 88 23 f2  90 74 d0 77 6d 2b c7 31  |z./R?.#..t.wm+.1|
-00000320  3d 81 a8 b9 84 a6 8f 96  25 91 e8 31 3b e9 20 b8  |=.......%..1;. .|
-00000330  c4 11 68 da 58 0a ee 79  de fe 32 29 d6 24 b0 56  |..h.X..y..2).$.V|
-00000340  ab e8 b5 57 fc 16 03 03  00 04 0e 00 00 00        |...W..........|
->>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 eb 0e 38 40 3f 32  |....%...! ..8@?2|
-00000010  a4 95 fb c4 de e5 82 9a  4b 46 37 de 29 e5 6b e6  |........KF7.).k.|
-00000020  44 bf f0 af 0c 62 19 bd  5c 0e 14 03 03 00 01 01  |D....b..\.......|
-00000030  16 03 03 00 28 67 ad 91  f6 8d 8a 39 f7 f2 a6 42  |....(g.....9...B|
-00000040  f2 8c 2f 1d b3 1d dd f1  88 65 7e 66 d2 d9 70 09  |../......e~f..p.|
-00000050  4e 12 90 0d 0b d5 a5 a6  20 bc 32 63 05           |N....... .2c.|
->>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-00000010  00 00 00 56 b1 b8 16 9a  27 c6 ee d4 7f b7 68 83  |...V....'.....h.|
-00000020  43 3b 04 92 ec cc c7 db  82 f8 7d 04 64 1d 55 cf  |C;........}.d.U.|
-00000030  02 69 ac 17 03 03 00 25  00 00 00 00 00 00 00 01  |.i.....%........|
-00000040  d6 69 51 5d 3b 00 93 c2  a6 19 97 7d bf a9 d9 96  |.iQ];......}....|
-00000050  43 1d ae 32 c3 52 1a f0  18 ba 10 4c e0 15 03 03  |C..2.R.....L....|
-00000060  00 1a 00 00 00 00 00 00  00 02 1e 8a 5e 37 c0 b1  |............^7..|
-00000070  0d 1e c9 6a 90 23 d6 4c  5c 47 5b bf              |...j.#.L\G[.|
diff --git a/firewall/inspection/tls/tlslib/ticket.go b/firewall/inspection/tls/tlslib/ticket.go
deleted file mode 100644
index 7ea46946..00000000
--- a/firewall/inspection/tls/tlslib/ticket.go
+++ /dev/null
@@ -1,200 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tlslib
-
-import (
-	"bytes"
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/hmac"
-	"crypto/sha256"
-	"crypto/subtle"
-	"errors"
-	"io"
-)
-
-// sessionState contains the information that is serialized into a session
-// ticket in order to later resume a connection.
-type sessionState struct {
-	vers         uint16
-	cipherSuite  uint16
-	masterSecret []byte
-	certificates [][]byte
-	// usedOldKey is true if the ticket from which this session came from
-	// was encrypted with an older key and thus should be refreshed.
-	usedOldKey bool
-}
-
-func (s *sessionState) equal(i interface{}) bool {
-	s1, ok := i.(*sessionState)
-	if !ok {
-		return false
-	}
-
-	if s.vers != s1.vers ||
-		s.cipherSuite != s1.cipherSuite ||
-		!bytes.Equal(s.masterSecret, s1.masterSecret) {
-		return false
-	}
-
-	if len(s.certificates) != len(s1.certificates) {
-		return false
-	}
-
-	for i := range s.certificates {
-		if !bytes.Equal(s.certificates[i], s1.certificates[i]) {
-			return false
-		}
-	}
-
-	return true
-}
-
-func (s *sessionState) marshal() []byte {
-	length := 2 + 2 + 2 + len(s.masterSecret) + 2
-	for _, cert := range s.certificates {
-		length += 4 + len(cert)
-	}
-
-	ret := make([]byte, length)
-	x := ret
-	x[0] = byte(s.vers >> 8)
-	x[1] = byte(s.vers)
-	x[2] = byte(s.cipherSuite >> 8)
-	x[3] = byte(s.cipherSuite)
-	x[4] = byte(len(s.masterSecret) >> 8)
-	x[5] = byte(len(s.masterSecret))
-	x = x[6:]
-	copy(x, s.masterSecret)
-	x = x[len(s.masterSecret):]
-
-	x[0] = byte(len(s.certificates) >> 8)
-	x[1] = byte(len(s.certificates))
-	x = x[2:]
-
-	for _, cert := range s.certificates {
-		x[0] = byte(len(cert) >> 24)
-		x[1] = byte(len(cert) >> 16)
-		x[2] = byte(len(cert) >> 8)
-		x[3] = byte(len(cert))
-		copy(x[4:], cert)
-		x = x[4+len(cert):]
-	}
-
-	return ret
-}
-
-func (s *sessionState) Unmarshal(data []byte) bool {
-	if len(data) < 8 {
-		return false
-	}
-
-	s.vers = uint16(data[0])<<8 | uint16(data[1])
-	s.cipherSuite = uint16(data[2])<<8 | uint16(data[3])
-	masterSecretLen := int(data[4])<<8 | int(data[5])
-	data = data[6:]
-	if len(data) < masterSecretLen {
-		return false
-	}
-
-	s.masterSecret = data[:masterSecretLen]
-	data = data[masterSecretLen:]
-
-	if len(data) < 2 {
-		return false
-	}
-
-	numCerts := int(data[0])<<8 | int(data[1])
-	data = data[2:]
-
-	s.certificates = make([][]byte, numCerts)
-	for i := range s.certificates {
-		if len(data) < 4 {
-			return false
-		}
-		certLen := int(data[0])<<24 | int(data[1])<<16 | int(data[2])<<8 | int(data[3])
-		data = data[4:]
-		if certLen < 0 {
-			return false
-		}
-		if len(data) < certLen {
-			return false
-		}
-		s.certificates[i] = data[:certLen]
-		data = data[certLen:]
-	}
-
-	return len(data) == 0
-}
-
-func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {
-	serialized := state.marshal()
-	encrypted := make([]byte, ticketKeyNameLen+aes.BlockSize+len(serialized)+sha256.Size)
-	keyName := encrypted[:ticketKeyNameLen]
-	iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize]
-	macBytes := encrypted[len(encrypted)-sha256.Size:]
-
-	if _, err := io.ReadFull(c.config.rand(), iv); err != nil {
-		return nil, err
-	}
-	key := c.config.ticketKeys()[0]
-	copy(keyName, key.keyName[:])
-	block, err := aes.NewCipher(key.aesKey[:])
-	if err != nil {
-		return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error())
-	}
-	cipher.NewCTR(block, iv).XORKeyStream(encrypted[ticketKeyNameLen+aes.BlockSize:], serialized)
-
-	mac := hmac.New(sha256.New, key.hmacKey[:])
-	mac.Write(encrypted[:len(encrypted)-sha256.Size])
-	mac.Sum(macBytes[:0])
-
-	return encrypted, nil
-}
-
-func (c *Conn) decryptTicket(encrypted []byte) (*sessionState, bool) {
-	if c.config.SessionTicketsDisabled ||
-		len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
-		return nil, false
-	}
-
-	keyName := encrypted[:ticketKeyNameLen]
-	iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize]
-	macBytes := encrypted[len(encrypted)-sha256.Size:]
-
-	keys := c.config.ticketKeys()
-	keyIndex := -1
-	for i, candidateKey := range keys {
-		if bytes.Equal(keyName, candidateKey.keyName[:]) {
-			keyIndex = i
-			break
-		}
-	}
-
-	if keyIndex == -1 {
-		return nil, false
-	}
-	key := &keys[keyIndex]
-
-	mac := hmac.New(sha256.New, key.hmacKey[:])
-	mac.Write(encrypted[:len(encrypted)-sha256.Size])
-	expected := mac.Sum(nil)
-
-	if subtle.ConstantTimeCompare(macBytes, expected) != 1 {
-		return nil, false
-	}
-
-	block, err := aes.NewCipher(key.aesKey[:])
-	if err != nil {
-		return nil, false
-	}
-	ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size]
-	plaintext := ciphertext
-	cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext)
-
-	state := &sessionState{usedOldKey: keyIndex > 0}
-	ok := state.Unmarshal(plaintext)
-	return state, ok
-}
diff --git a/firewall/inspection/tls/tlslib/tls.go b/firewall/inspection/tls/tlslib/tls.go
deleted file mode 100644
index 0e94c922..00000000
--- a/firewall/inspection/tls/tlslib/tls.go
+++ /dev/null
@@ -1,297 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package tls partially implements TLS 1.2, as specified in RFC 5246.
-package tlslib
-
-// BUG(agl): The crypto/tls package only implements some countermeasures
-// against Lucky13 attacks on CBC-mode encryption, and only on SHA1
-// variants. See http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and
-// https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"strings"
-	"time"
-)
-
-// Server returns a new TLS server side connection
-// using conn as the underlying transport.
-// The configuration config must be non-nil and must include
-// at least one certificate or else set GetCertificate.
-func Server(conn net.Conn, config *Config) *Conn {
-	return &Conn{conn: conn, config: config}
-}
-
-// Client returns a new TLS client side connection
-// using conn as the underlying transport.
-// The config cannot be nil: users must set either ServerName or
-// InsecureSkipVerify in the config.
-func Client(conn net.Conn, config *Config) *Conn {
-	return &Conn{conn: conn, config: config, isClient: true}
-}
-
-// A listener implements a network listener (net.Listener) for TLS connections.
-type listener struct {
-	net.Listener
-	config *Config
-}
-
-// Accept waits for and returns the next incoming TLS connection.
-// The returned connection is of type *Conn.
-func (l *listener) Accept() (net.Conn, error) {
-	c, err := l.Listener.Accept()
-	if err != nil {
-		return nil, err
-	}
-	return Server(c, l.config), nil
-}
-
-// NewListener creates a Listener which accepts connections from an inner
-// Listener and wraps each connection with Server.
-// The configuration config must be non-nil and must include
-// at least one certificate or else set GetCertificate.
-func NewListener(inner net.Listener, config *Config) net.Listener {
-	l := new(listener)
-	l.Listener = inner
-	l.config = config
-	return l
-}
-
-// Listen creates a TLS listener accepting connections on the
-// given network address using net.Listen.
-// The configuration config must be non-nil and must include
-// at least one certificate or else set GetCertificate.
-func Listen(network, laddr string, config *Config) (net.Listener, error) {
-	if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) {
-		return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config")
-	}
-	l, err := net.Listen(network, laddr)
-	if err != nil {
-		return nil, err
-	}
-	return NewListener(l, config), nil
-}
-
-type timeoutError struct{}
-
-func (timeoutError) Error() string   { return "tls: DialWithDialer timed out" }
-func (timeoutError) Timeout() bool   { return true }
-func (timeoutError) Temporary() bool { return true }
-
-// DialWithDialer connects to the given network address using dialer.Dial and
-// then initiates a TLS handshake, returning the resulting TLS connection. Any
-// timeout or deadline given in the dialer apply to connection and TLS
-// handshake as a whole.
-//
-// DialWithDialer interprets a nil configuration as equivalent to the zero
-// configuration; see the documentation of Config for the defaults.
-func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) {
-	// We want the Timeout and Deadline values from dialer to cover the
-	// whole process: TCP connection and TLS handshake. This means that we
-	// also need to start our own timers now.
-	timeout := dialer.Timeout
-
-	if !dialer.Deadline.IsZero() {
-		deadlineTimeout := time.Until(dialer.Deadline)
-		if timeout == 0 || deadlineTimeout < timeout {
-			timeout = deadlineTimeout
-		}
-	}
-
-	var errChannel chan error
-
-	if timeout != 0 {
-		errChannel = make(chan error, 2)
-		time.AfterFunc(timeout, func() {
-			errChannel <- timeoutError{}
-		})
-	}
-
-	rawConn, err := dialer.Dial(network, addr)
-	if err != nil {
-		return nil, err
-	}
-
-	colonPos := strings.LastIndex(addr, ":")
-	if colonPos == -1 {
-		colonPos = len(addr)
-	}
-	hostname := addr[:colonPos]
-
-	if config == nil {
-		config = defaultConfig()
-	}
-	// If no ServerName is set, infer the ServerName
-	// from the hostname we're connecting to.
-	if config.ServerName == "" {
-		// Make a copy to avoid polluting argument or default.
-		c := config.Clone()
-		c.ServerName = hostname
-		config = c
-	}
-
-	conn := Client(rawConn, config)
-
-	if timeout == 0 {
-		err = conn.Handshake()
-	} else {
-		go func() {
-			errChannel <- conn.Handshake()
-		}()
-
-		err = <-errChannel
-	}
-
-	if err != nil {
-		rawConn.Close()
-		return nil, err
-	}
-
-	return conn, nil
-}
-
-// Dial connects to the given network address using net.Dial
-// and then initiates a TLS handshake, returning the resulting
-// TLS connection.
-// Dial interprets a nil configuration as equivalent to
-// the zero configuration; see the documentation of Config
-// for the defaults.
-func Dial(network, addr string, config *Config) (*Conn, error) {
-	return DialWithDialer(new(net.Dialer), network, addr, config)
-}
-
-// LoadX509KeyPair reads and parses a public/private key pair from a pair
-// of files. The files must contain PEM encoded data. The certificate file
-// may contain intermediate certificates following the leaf certificate to
-// form a certificate chain. On successful return, Certificate.Leaf will
-// be nil because the parsed form of the certificate is not retained.
-func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) {
-	certPEMBlock, err := ioutil.ReadFile(certFile)
-	if err != nil {
-		return Certificate{}, err
-	}
-	keyPEMBlock, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		return Certificate{}, err
-	}
-	return X509KeyPair(certPEMBlock, keyPEMBlock)
-}
-
-// X509KeyPair parses a public/private key pair from a pair of
-// PEM encoded data. On successful return, Certificate.Leaf will be nil because
-// the parsed form of the certificate is not retained.
-func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
-	fail := func(err error) (Certificate, error) { return Certificate{}, err }
-
-	var cert Certificate
-	var skippedBlockTypes []string
-	for {
-		var certDERBlock *pem.Block
-		certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
-		if certDERBlock == nil {
-			break
-		}
-		if certDERBlock.Type == "CERTIFICATE" {
-			cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
-		} else {
-			skippedBlockTypes = append(skippedBlockTypes, certDERBlock.Type)
-		}
-	}
-
-	if len(cert.Certificate) == 0 {
-		if len(skippedBlockTypes) == 0 {
-			return fail(errors.New("tls: failed to find any PEM data in certificate input"))
-		}
-		if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
-			return fail(errors.New("tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
-		}
-		return fail(fmt.Errorf("tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
-	}
-
-	skippedBlockTypes = skippedBlockTypes[:0]
-	var keyDERBlock *pem.Block
-	for {
-		keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock)
-		if keyDERBlock == nil {
-			if len(skippedBlockTypes) == 0 {
-				return fail(errors.New("tls: failed to find any PEM data in key input"))
-			}
-			if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
-				return fail(errors.New("tls: found a certificate rather than a key in the PEM for the private key"))
-			}
-			return fail(fmt.Errorf("tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
-		}
-		if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
-			break
-		}
-		skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type)
-	}
-
-	var err error
-	cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
-	if err != nil {
-		return fail(err)
-	}
-
-	// We don't need to parse the public key for TLS, but we so do anyway
-	// to check that it looks sane and matches the private key.
-	x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
-	if err != nil {
-		return fail(err)
-	}
-
-	switch pub := x509Cert.PublicKey.(type) {
-	case *rsa.PublicKey:
-		priv, ok := cert.PrivateKey.(*rsa.PrivateKey)
-		if !ok {
-			return fail(errors.New("tls: private key type does not match public key type"))
-		}
-		if pub.N.Cmp(priv.N) != 0 {
-			return fail(errors.New("tls: private key does not match public key"))
-		}
-	case *ecdsa.PublicKey:
-		priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
-		if !ok {
-			return fail(errors.New("tls: private key type does not match public key type"))
-		}
-		if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
-			return fail(errors.New("tls: private key does not match public key"))
-		}
-	default:
-		return fail(errors.New("tls: unknown public key algorithm"))
-	}
-
-	return cert, nil
-}
-
-// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
-// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
-// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
-func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
-	if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
-		return key, nil
-	}
-	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
-		switch key := key.(type) {
-		case *rsa.PrivateKey, *ecdsa.PrivateKey:
-			return key, nil
-		default:
-			return nil, errors.New("tls: found unknown private key type in PKCS#8 wrapping")
-		}
-	}
-	if key, err := x509.ParseECPrivateKey(der); err == nil {
-		return key, nil
-	}
-
-	return nil, errors.New("tls: failed to parse private key")
-}
diff --git a/firewall/inspection/tls/verify/FORKED b/firewall/inspection/tls/verify/FORKED
deleted file mode 100644
index 601572b7..00000000
--- a/firewall/inspection/tls/verify/FORKED
+++ /dev/null
@@ -1,12 +0,0 @@
-from: https://github.com/cloudflare/cfssl
-commit: https://github.com/cloudflare/cfssl/commit/851e4b77bb0e13a97e7d836a2f069d17ed5478c1
-license: BSD 2-clause "Simplified" License
-original files imported:
-  - revoke/revoke.go sha256:95e3b14c1dc3d99a37f3da914c0137df80145e82295a817acf7382f9ce4bcc7e
-  - helpers/helpers.go sha256:f2642d23b3f48a9dd7d0a72d3538f95aeadbc652df30fe2f52e4e9207e256e07
-
-from: https://github.com/golang/go
-commit: https://github.com/golang/go/commit/220e0e0f7383a79fda0ba61bd1bf2076f5f74d72
-license: BSD 3-clause "New" or "Revised" License
-original files imported:
-  - src/crypto/x509/verify.go sha256:8d31581662e28a35af65166a98e8dadd60de750a83bfa7e25efad2500832b8ed
diff --git a/firewall/inspection/tls/verify/cert.go b/firewall/inspection/tls/verify/cert.go
deleted file mode 100644
index 03d59b3a..00000000
--- a/firewall/inspection/tls/verify/cert.go
+++ /dev/null
@@ -1,264 +0,0 @@
-package verify
-
-import (
-	"bytes"
-	"crypto/x509"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"math/big"
-	"net/http"
-	"strings"
-
-	"github.com/cloudflare/cfssl/crypto/pkcs7"
-
-	"github.com/safing/portbase/crypto/hash"
-	"github.com/safing/portbase/database"
-	"github.com/safing/portbase/database/record"
-)
-
-// Cert saves a certificate.
-type Cert struct {
-	record.Record
-
-	cert *x509.Certificate
-	Raw  []byte
-
-	RevokedWithCRL    bool `*:",omitempty"`
-	RevokedWithOneCRL bool `*:",omitempty"`
-	RevokedWithCRLSet bool `*:",omitempty"`
-	RevokedWithOCSP   bool `*:",omitempty"`
-
-	OCSPFailed     bool
-	NextOCSPUpdate int64
-
-	LastSeen int64
-	Expires  int64
-}
-
-var certModel *Cert // only use this as parameter for database.EnsureModel-like functions
-
-func init() {
-	database.RegisterModel(certModel, func() database.Model { return new(Cert) })
-}
-
-// ensureParsed ensures that the certificate is parsed and available in the cert attribute
-func (m *Cert) ensureParsed() error {
-	if m.cert != nil {
-		if len(m.Raw) == 0 {
-			return errors.New("certificate data not saved")
-		}
-		var err error
-		m.cert, err = x509.ParseCertificate(m.Raw)
-		if err != nil {
-			return fmt.Errorf("could not parse certificate: %s", err)
-		}
-	}
-	return nil
-}
-
-// GetCertificate returns the underlying x509.Certificate
-func (m *Cert) GetCertificate() (*x509.Certificate, error) {
-	if err := m.ensureParsed(); err != nil {
-		return nil, err
-	}
-	return m.cert, nil
-}
-
-// IsRevoked returns if the certificate has been revoked.
-func (m *Cert) IsRevoked(hardFail bool) bool {
-	if m.RevokedWithCRL || m.RevokedWithOneCRL || m.RevokedWithCRLSet || m.RevokedWithOCSP {
-		return true
-	}
-	if hardFail && m.OCSPFailed {
-		return true
-	}
-	return false
-}
-
-// RevocationStatus returns the status of the certificate in form of a string to be appended to something like "The certificate is ".
-func (m *Cert) RevocationStatus(hardFail bool) string {
-	if !m.IsRevoked(hardFail) {
-		return "not revoked"
-	}
-	var revokedBy []string
-	if m.RevokedWithCRL {
-		revokedBy = append(revokedBy, "CRL")
-	}
-	if m.RevokedWithOneCRL {
-		revokedBy = append(revokedBy, "OneCRL")
-	}
-	if m.RevokedWithCRLSet {
-		revokedBy = append(revokedBy, "CRLSet")
-	}
-	if m.RevokedWithOCSP {
-		revokedBy = append(revokedBy, "OCSP")
-	}
-	if len(revokedBy) > 0 {
-		return fmt.Sprintf("revoked by %s", strings.Join(revokedBy, ", "))
-	}
-	return fmt.Sprintf("possibly revoked (OCSP failed) - hardfailing as requested.")
-}
-
-// CreateWithUrl saves Cert in the default namespace using the certificate URL as the key.
-func (m *Cert) CreateWithUrl(url string) error {
-	return m.CreateObject(&database.CertCache, fmt.Sprintf("U%x", url), m)
-}
-
-// CreateWithSPKI saves Cert in the default namespace using the certificate SPKI as the key.
-func (m *Cert) CreateWithSPKI(spki []byte) error {
-	return m.CreateObject(&database.CertCache, fmt.Sprintf("K%x", hash.Sum(spki, hash.SHA2_256).Safe64()), m)
-}
-
-// CreateRevokedCert creates a new Cert in its CA's namespace with its Serial Number
-func (m *Cert) CreateRevokedCert(caID string, serialNumber *big.Int) error {
-	namespace := database.CARevocationInfoCache.ChildString(fmt.Sprintf("CARevocationInfo:%s", caID))
-	return m.CreateInNamespace(&namespace, fmt.Sprintf("S%x", serialNumber))
-}
-
-// CreateInNamespace saves Cert with the provided name in the provided namespace.
-func (m *Cert) CreateInNamespace(namespace string, name string) error {
-	return m.CreateObject(namespace, name, m)
-}
-
-// Save saves Cert.
-func (m *Cert) Save() error {
-	return m.SaveObject(m)
-}
-
-// GetCertWithURL fetches Cert from the default namespace using the certificate URL as the key.
-func GetCertWithURL(url string) (*Cert, error) {
-	return GetCertFromNamespace(&database.CertCache, fmt.Sprintf("U%x", url))
-}
-
-// GetCertWithSPKI fetches Cert from the default namespace using the certificate SPKI as the key.
-func GetCertWithSPKI(spki []byte) (*Cert, error) {
-	return GetCertFromNamespace(&database.CertCache, fmt.Sprintf("K%x", hash.Sum(spki, hash.SHA2_256).Safe64()))
-}
-
-// GetCertFromNamespace gets Cert with the provided name from the provided namespace.
-func GetCertFromNamespace(namespace string, name string) (*Cert, error) {
-	object, err := database.GetAndEnsureModel(namespace, name, certModel)
-	if err != nil {
-		return nil, err
-	}
-	model, ok := object.(*Cert)
-	if !ok {
-		return nil, database.NewMismatchError(object, certModel)
-	}
-	return model, nil
-}
-
-// GetRevokedCert gets Cert from its CA's namespace with its Serial Number
-func GetRevokedCert(caID string, serialNumber *big.Int) (*Cert, error) {
-	namespace := database.CARevocationInfoCache.ChildString(fmt.Sprintf("CARevocationInfo:%s", caID))
-	return GetCertFromNamespace(&namespace, fmt.Sprintf("S%x", serialNumber))
-}
-
-func GetOrFetchCert(urls []string) (*x509.Certificate, error) {
-	// TODO: handle root CAs
-	for _, url := range urls {
-		cert, err := GetCertWithURL(url)
-		if err != nil {
-			continue
-		}
-		certificate, err := x509.ParseCertificate(cert.Raw)
-		if err == nil {
-			return certificate, nil
-		}
-	}
-	return ImportCert(urls)
-}
-
-func GetOrFetchIssuer(cert *x509.Certificate) (*x509.Certificate, error) {
-	if len(cert.IssuingCertificateURL) == 0 {
-		return nil, errors.New("no issuing certificate URLs")
-	}
-	return GetOrFetchCert(cert.IssuingCertificateURL)
-}
-
-func ImportCert(urls []string) (*x509.Certificate, error) {
-	var err error
-	for _, url := range urls {
-
-		var resp *http.Response
-		resp, err = http.Get(url)
-		if err != nil {
-			err = fmt.Errorf("could not fetch certificate from %s: %s", url, err)
-			continue
-		}
-
-		var data []byte
-		data, err = ioutil.ReadAll(resp.Body)
-		if err != nil {
-			err = fmt.Errorf("could not read certificate from %s: %s", url, err)
-			continue
-		}
-		resp.Body.Close()
-
-		var cert *x509.Certificate
-		cert, err = x509.ParseCertificate(data)
-		if err != nil {
-			cert, err = ParsePEMCertificate(data)
-		}
-		if err != nil {
-			err = fmt.Errorf("could not parse certificate from %s: %s", url, err)
-			continue
-		}
-
-		// verify
-
-		_, err = cert.Verify(x509.VerifyOptions{})
-		// chains, err = cert.Verify(x509.VerifyOptions{})
-		if err != nil {
-			err = fmt.Errorf("failed to verify certificate from %s: %s", url, err)
-		}
-
-		// check revocation
-
-		// save
-
-		return cert, nil
-
-	}
-
-	return nil, fmt.Errorf("no or only failing Certs available, last error: %s", err)
-
-}
-
-// ParsePEMCertificate parses and returns a PEM-encoded certificate,
-// can handle PEM encoded PKCS #7 structures.
-func ParsePEMCertificate(certPEM []byte) (*x509.Certificate, error) {
-
-	block, _ := pem.Decode(bytes.TrimSpace(certPEM))
-	if block == nil {
-		return nil, errors.New("decoding failed")
-	}
-
-	// if len(rest) > 0 {
-	//   return nil, errors.New("decoding failed: the PEM data should contain only one object")
-	// }
-
-	cert, err := x509.ParseCertificate(block.Bytes)
-	if err == nil {
-		return cert, nil
-	}
-
-	pkcs7data, err := pkcs7.ParsePKCS7(block.Bytes)
-	if err != nil {
-		return nil, fmt.Errorf("parsing failed: %s", err)
-	}
-	if pkcs7data.ContentInfo != "SignedData" {
-		return nil, errors.New("parsing failed: only PKCS #7 Signed Data Content Info supported for certificate parsing")
-	}
-	certs := pkcs7data.Content.SignedData.Certificates
-	if certs == nil {
-		return nil, errors.New("PKCS #7 structure contains no certificates")
-	}
-	// if len(certs) > 1 {
-	//   return nil, errors.New("decoding failed: the PKCS7 object in the PEM data should contain only one certificate"))
-	// }
-	return certs[0], nil
-
-}
diff --git a/firewall/inspection/tls/verify/cert_test.go b/firewall/inspection/tls/verify/cert_test.go
deleted file mode 100644
index d9ebe1fd..00000000
--- a/firewall/inspection/tls/verify/cert_test.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package verify
-
-import (
-	"crypto/x509"
-	"fmt"
-	"testing"
-)
-
-// func TestCertFetching(t *testing.T) {
-//
-// 	cert, err := GetOrFetchCert([]string{"http://cert.int-x3.letsencrypt.org/"})
-// 	if err != nil {
-// 		t.Errorf("failed to GetOrFetchCert: %s", err)
-// 	}
-// 	fmt.Printf("%v\n", cert)
-//
-// 	GetOrFetchCert([]string{"http://cert.int-x3.letsencrypt.org/"})
-// 	if err != nil {
-// 		t.Errorf("failed to GetOrFetchCert: %s", err)
-// 	}
-// 	fmt.Printf("%v\n", cert)
-//
-// }
-
-func TestMissingChain(t *testing.T) {
-
-	certPEM := []byte(`-----BEGIN CERTIFICATE-----
-MIIEuzCCA6OgAwIBAgIQRMpyC8ARigQMjp7ywd0HOzANBgkqhkiG9w0BAQsFADBD
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0
-aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNjAxMTkwMDAwMDBaFw0xODAxMTgyMzU5
-NTlaMHQxCzAJBgNVBAYTAkRFMRYwFAYDVQQIDA1OaWVkZXJzYWNoc2VuMREwDwYD
-VQQHDAhIYW5ub3ZlcjEjMCEGA1UECgwaSGVpc2UgTWVkaWVuIEdtYkggJiBDby4g
-S0cxFTATBgNVBAMMDHd3dy5oZWlzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAL+S5DqFzKXKpDuPKxSkhG/2ap4kFxBXv0u7gmAE30Cya16RASHt
-oSZCjHPE2yyGhLaLTjnf6kC4AgJ4eQtStPb0Oc7NodEbeFYzn6ei1OyXmYD4V7kL
-HYwjGIE3TZch4scb6peuNexYotHLB032KL/csScfdtDSpYg6ZEJ7kYI2MSqP4ogo
-BbakfgVjCdTwi4PWfmRO080t6MUEfJbfqojxcVxO70femsvmteU5/7IaXXNCnnoF
-KWl/G2WgmD8eBu2+HY9ojRrG5DrbKcz6XcNJCz88khQ+x/1EPsEEWjHiADfvl3HH
-uWmFf0BBoB3V3oL+v4i1zu2ffZH6UdlekxMCAwEAAaOCAXgwggF0MCEGA1UdEQQa
-MBiCDHd3dy5oZWlzZS5kZYIIaGVpc2UuZGUwCQYDVR0TBAIwADBuBgNVHSAEZzBl
-MGMGBmeBDAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29t
-L2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9z
-aXRvcnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4BGDgw4XB6BeAR
-dqPOvZAUMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcu
-Y3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRL
-MEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYIKwYBBQUHMAKG
-Gmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAy
-dryRQkVsQIxrhyGlAdGVR9ygOwtJBUq0najtb0+/HNEysN0QZjguNKDlzmHm1pAI
-gYR5hTlQH93XqL4d1+UVRL61hiKJja0EEkHnDEtde9eRsyvVfBHRrUF/qV6ar3yG
-0NHQdlZSIGpztKap4Za6RKxwgZid+LC1k67a4envcSPxHnREtR23mDIpe6u0NoQA
-VhUDXwbAUHO2A/6dKvhQVlPsZES56hg0uPrA6ODCxHQeRId2mn+/HY2VnDkwfJRZ
-NwVkZSvy4/Mi4cZYkkcW3Z9gePYDiNGe1wBr4/H3ffK63ek6W7Uy3ju2TpMiOyIB
-gQDY9b+bJOhhWfRQhONh
------END CERTIFICATE-----`)
-
-	cert, err := ParsePEMCertificate(certPEM)
-	if err != nil {
-		t.Errorf("failed to parse cert: %s", err)
-		return
-	}
-
-	_, err = cert.Verify(x509.VerifyOptions{})
-	// chains, err = cert.Verify(x509.VerifyOptions{})
-	if err != nil {
-		err = fmt.Errorf("failed to verify certificate: %s", err)
-	}
-
-}
diff --git a/firewall/inspection/tls/verify/crl.go b/firewall/inspection/tls/verify/crl.go
deleted file mode 100644
index ba02484d..00000000
--- a/firewall/inspection/tls/verify/crl.go
+++ /dev/null
@@ -1,245 +0,0 @@
-package verify
-
-import (
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"math/big"
-	"net/http"
-	"sort"
-	"sync"
-	"time"
-
-	"github.com/safing/portbase/crypto/hash"
-	"github.com/safing/portbase/database"
-	"github.com/safing/portbase/database/record"
-	"github.com/safing/portbase/log"
-)
-
-// CARevocationInfo saves Information on revokation of Certificates of a Certificate Authority.
-type CARevocationInfo struct {
-	record.Record
-
-	CRLDistributionPoints []string
-	OCSPServers           []string
-	CertificateURLs       []string
-
-	LastCRLUpdate int64
-	NextCRLUpdate int64
-
-	cert *x509.Certificate
-	Raw  []byte
-
-	Expires int64
-}
-
-var (
-	dupCrlReqMap  = make(map[string]*sync.Mutex)
-	dupCrlReqLock sync.Mutex
-)
-
-// Create saves CARevocationInfo with the provided name in the default namespace.
-func (m *CARevocationInfo) Create(name string) error {
-	return m.CreateObject(&database.CARevocationInfoCache, name, m)
-}
-
-// CreateInNamespace saves CARevocationInfo with the provided name in the provided namespace.
-func (m *CARevocationInfo) CreateInNamespace(namespace string, name string) error {
-	return m.CreateObject(namespace, name, m)
-}
-
-// Save saves CARevocationInfo.
-func (m *CARevocationInfo) Save() error {
-	return m.SaveObject(m)
-}
-
-func (m *CARevocationInfo) GetRevokedCert(serialNumber *big.Int) (*Cert, error) {
-	return GetCertFromNamespace(m.GetKey(), fmt.Sprintf("S%x", serialNumber))
-}
-
-func (m *CARevocationInfo) CreateRevokedCert(cert *Cert, serialNumber *big.Int) error {
-	return cert.CreateInNamespace(m.GetKey(), fmt.Sprintf("S%x", serialNumber))
-}
-
-// GetCARevocationInfo fetches CARevocationInfo with the provided name from the default namespace.
-func GetCARevocationInfo(name string) (*CARevocationInfo, error) {
-	return GetCARevocationInfoFromNamespace(&database.CARevocationInfoCache, name)
-}
-
-// GetCARevocationInfoFromNamespace fetches CARevocationInfo with the provided name from the provided namespace.
-func GetCARevocationInfoFromNamespace(namespace string, name string) (*CARevocationInfo, error) {
-	object, err := database.GetAndEnsureModel(namespace, name, caRevocationInfoModel)
-	if err != nil {
-		return nil, err
-	}
-	model, ok := object.(*CARevocationInfo)
-	if !ok {
-		return nil, database.NewMismatchError(object, caRevocationInfoModel)
-	}
-	return model, nil
-}
-
-// ensureCertParsed ensures that the certificate is parsed and available in the cert attribute
-func (m *CARevocationInfo) ensureCertParsed() error {
-	if m.cert != nil {
-		if len(m.Raw) == 0 {
-			return errors.New("certificate data not saved")
-		}
-		var err error
-		m.cert, err = x509.ParseCertificate(m.Raw)
-		if err != nil {
-			return fmt.Errorf("could not parse certificate: %s", err)
-		}
-	}
-	return nil
-}
-
-// UpdateCRLDistributionPoints updates the CRL Distribution Points with new urls
-func (m *CARevocationInfo) UpdateCRLDistributionPoints(newCRLDistributionPoints []string) {
-	var found bool
-	sort.Reverse(sort.StringSlice(newCRLDistributionPoints))
-	for _, newEntry := range newCRLDistributionPoints {
-		found = false
-		for _, entry := range m.CRLDistributionPoints {
-			if newEntry == entry {
-				found = true
-				break
-			}
-		}
-		if !found {
-			m.CRLDistributionPoints = append([]string{newEntry}, m.CRLDistributionPoints...)
-		}
-	}
-}
-
-// UpdateCRL fetches and imports the CRL belonging to a CA, if expired.
-func UpdateCRL(caInfo *CARevocationInfo, ca *x509.Certificate, caID string) error {
-	var err error
-
-	// ensure we have caInfo
-	if caInfo == nil {
-		if ca == nil && caID == "" {
-			return errors.New("verify: UpdateCRL must be called with at least one of: caInfo *CARevocationInfo, ca *x509.Certificate, caID string")
-		}
-		if caID == "" {
-			caID = hash.Sum(ca.RawSubjectPublicKeyInfo, hash.SHA2_256).Safe64()
-		}
-		caInfo, err = GetCARevocationInfo(caID)
-		if err != nil {
-			return fmt.Errorf("verify: could not get CARevocationInfo for caID %s: %s", caID, err)
-		}
-	}
-
-	// don't update if we still have a valid record
-	if caInfo.NextCRLUpdate > time.Now().Unix() {
-		return nil
-	}
-
-	// dedup requests
-	dupCrlReqLock.Lock()
-	mutex, requestActive := dupCrlReqMap[caID]
-	if !requestActive {
-		mutex = new(sync.Mutex)
-		mutex.Lock()
-		dupCrlReqMap[caID] = mutex
-		dupCrlReqLock.Unlock()
-	} else {
-		dupCrlReqLock.Unlock()
-		log.Tracef("verify: waiting for duplicate CRL import for CA %s to complete", caID)
-		mutex.Lock()
-		// only wait until duplicate request is finished, then return
-		mutex.Unlock()
-		return nil
-	}
-	defer func() {
-		dupCrlReqLock.Lock()
-		delete(dupCrlReqMap, caID)
-		dupCrlReqLock.Unlock()
-		mutex.Unlock()
-	}()
-
-	// fetch and import CRL
-	for _, url := range caInfo.CRLDistributionPoints {
-
-		// fetch CRL
-		crl, err := fetchCRL(url)
-		if err != nil {
-			log.Warningf("verify: failed to import CRL from %s: %s", url, err)
-			continue
-		}
-
-		// check CRL signature
-		// TODO: how is revokation checked when verifying CRL signature?
-		err = ca.CheckCRLSignature(crl)
-		if err != nil {
-			log.Warningf("verify: failed to import CRL from %s: %s", url, err)
-			continue
-		}
-
-		log.Infof("verify: importing verified CRL for CA %s from %s", caID, url)
-
-		// save to DB
-		newExpiry := crl.TBSCertList.NextUpdate.Add(720 * time.Hour).Unix()
-		caInfo.LastCRLUpdate = time.Now().Unix()
-		caInfo.NextCRLUpdate = newExpiry
-		for _, entry := range crl.TBSCertList.RevokedCertificates {
-
-			// log.Tracef("verify: importing %d", entry.SerialNumber)
-
-			// fetch or create rCert
-			rCert, err := caInfo.GetRevokedCert(entry.SerialNumber)
-			if err != nil {
-				rCert = new(Cert)
-			}
-
-			// update expiry
-			rCert.RevokedWithCRL = true
-			if newExpiry > rCert.Expires {
-				rCert.Expires = newExpiry
-			}
-
-			// save
-			if rCert.GetKey() == nil {
-				caInfo.CreateRevokedCert(rCert, entry.SerialNumber)
-			} else {
-				rCert.Save()
-			}
-		}
-
-		log.Tracef("verify: import from %s finished.", url)
-		caInfo.Save()
-
-		return nil
-	}
-
-	return fmt.Errorf("verify: no or only failing CRLs available for CA %s", caID)
-}
-
-func fetchCRL(url string) (*pkix.CertificateList, error) {
-
-	client := &http.Client{
-		Timeout: 1 * time.Minute,
-	}
-	resp, err := client.Get(url)
-
-	if err != nil {
-		return nil, fmt.Errorf("failed to retrieve CRL: %s", err)
-	} else if resp.StatusCode >= 300 {
-		return nil, fmt.Errorf("failed to retrieve CRL: non-200 status code: %d", resp.StatusCode)
-	}
-
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read CRL: %s", err)
-	}
-	resp.Body.Close()
-
-	crl, err := x509.ParseCRL(body)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse CRL: %s", err)
-	}
-
-	return crl, nil
-}
diff --git a/firewall/inspection/tls/verify/ocsp.go b/firewall/inspection/tls/verify/ocsp.go
deleted file mode 100644
index bb21c03d..00000000
--- a/firewall/inspection/tls/verify/ocsp.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package verify
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/x509"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"sync"
-	"time"
-
-	"golang.org/x/crypto/ocsp"
-
-	"github.com/safing/portbase/crypto/hash"
-	"github.com/safing/portbase/log"
-)
-
-var (
-	ocspOpts = ocsp.RequestOptions{
-		Hash: crypto.SHA1,
-	}
-
-	dupOcspReqMap  = make(map[string]*sync.Mutex)
-	dupOcspReqLock sync.Mutex
-)
-
-func UpdateOCSP(rCert *Cert, cert, ca *x509.Certificate, caID string) (*Cert, error) {
-
-	if rCert.NextOCSPUpdate > time.Now().Unix() {
-		return rCert, nil
-	}
-
-	var err error
-
-	// get CA if necessary
-	if ca == nil {
-		ca, err = GetOrFetchIssuer(cert)
-		if err != nil {
-			return rCert, err
-		}
-	}
-	if caID == "" {
-		caID = hash.Sum(ca.RawSubjectPublicKeyInfo, hash.SHA2_256).Safe64()
-	}
-
-	// dedup requests
-	dupOcspReqLock.Lock()
-	mutex, requestActive := dupOcspReqMap[rCert.FmtKey()]
-	if !requestActive {
-		mutex = new(sync.Mutex)
-		mutex.Lock()
-		dupOcspReqMap[rCert.FmtKey()] = mutex
-		dupOcspReqLock.Unlock()
-	} else {
-		dupOcspReqLock.Unlock()
-		log.Tracef("waiting for duplicate OCSP request for %s to complete", rCert.FmtKey())
-		mutex.Lock()
-		// only wait until duplicate request is finished, then return
-		mutex.Unlock()
-		// refetch rCert
-		rCert, err = GetRevokedCert(caID, cert.SerialNumber)
-		if err != nil {
-			return nil, fmt.Errorf("failed to refetch rCert %s: %s", rCert.FmtKey(), err)
-		}
-		return rCert, nil
-	}
-	defer func() {
-		dupOcspReqLock.Lock()
-		delete(dupOcspReqMap, rCert.FmtKey())
-		dupOcspReqLock.Unlock()
-		mutex.Unlock()
-	}()
-
-	// create request
-	ocspRequest, err := ocsp.CreateRequest(cert, ca, &ocspOpts)
-	if err != nil {
-		return rCert, err
-	}
-
-	// fetch
-	var resp *ocsp.Response
-	for _, url := range cert.OCSPServer {
-		resp, err = fetchOCSP(url, ocspRequest, cert, ca)
-		if err != nil {
-			continue
-		}
-
-		rCert.NextOCSPUpdate = resp.NextUpdate.Unix()
-		if rCert.NextOCSPUpdate > rCert.Expires {
-			rCert.Expires = rCert.NextOCSPUpdate
-		}
-		rCert.RevokedWithOCSP = resp.Status != ocsp.Good
-		rCert.OCSPFailed = false
-		rCert.Save()
-		return rCert, nil
-	}
-
-	rCert.NextOCSPUpdate = time.Now().Add(120 * time.Second).Unix()
-	rCert.OCSPFailed = true
-	rCert.Save()
-	return rCert, fmt.Errorf("all OCSP servers failed, last error: %s", err)
-}
-
-// fetchOCSP attempts to request an OCSP response from the
-// server. The error only indicates a failure to *fetch* the
-// certificate, and *does not* mean the certificate is valid.
-func fetchOCSP(server string, req []byte, cert, ca *x509.Certificate) (*ocsp.Response, error) {
-
-	var resp *http.Response
-	var err error
-	if len(req) > 256 {
-		buf := bytes.NewBuffer(req)
-		resp, err = http.Post(server, "application/ocsp-request", buf)
-	} else {
-		reqURL := server + "/" + base64.StdEncoding.EncodeToString(req)
-		resp, err = http.Get(reqURL)
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, errors.New("failed to retrieve OSCP")
-	}
-
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	resp.Body.Close()
-
-	return ocsp.ParseResponseForCert(body, cert, ca)
-}
diff --git a/firewall/inspection/tls/verify/verify.go b/firewall/inspection/tls/verify/verify.go
deleted file mode 100644
index 469a87ce..00000000
--- a/firewall/inspection/tls/verify/verify.go
+++ /dev/null
@@ -1,208 +0,0 @@
-package verify
-
-import (
-	"crypto/x509"
-	"errors"
-	"fmt"
-	"time"
-
-	"github.com/safing/portbase/crypto/hash"
-	"github.com/safing/portbase/database"
-)
-
-// useful references:
-// https://github.com/cloudflare/cfssl/blob/master/revoke/revoke.go
-// Mozilla OneCRL
-// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
-// https://wiki.mozilla.org/CA:ImprovingRevocation
-// Google CRLSet
-// https://security.stackexchange.com/questions/55811/how-are-crlsets-more-secure
-// https://www.imperialviolet.org/2012/02/05/crlsets.html
-// RE: https://www.grc.com/revocation/crlsets.htm
-// RE: RE: https://www.imperialviolet.org/2014/04/29/revocationagain.html
-
-// FullCheckBytes does a full certificate check, certificates are provided as raw bytes.
-// It parses the raw certificates and calls FullCheck.
-func FullCheckBytes(name string, certBytes [][]byte) (bool, error) {
-	certs := make([]*x509.Certificate, len(certBytes))
-	for key, bytes := range certBytes {
-		cert, err := x509.ParseCertificate(bytes)
-		if err != nil {
-			return false, errors.New("verify: failed to parse certificate: " + err.Error())
-		}
-		certs[key] = cert
-	}
-
-	return FullCheck(name, certs)
-}
-
-// FullCheck does a full certificate check.
-// Calls CheckSignatures, CheckRecovation and CheckCertificateTransparency(TODO).
-func FullCheck(name string, chain []*x509.Certificate) (bool, error) {
-	verifiedChain, err := CheckSignatures(name, chain)
-	if err != nil {
-		return false, fmt.Errorf("verify: certificate invalid: %s", err)
-	}
-
-	return CheckRecovation(verifiedChain)
-}
-
-func CheckSignatures(name string, chain []*x509.Certificate) ([]*x509.Certificate, error) {
-	if len(chain) == 0 {
-		return nil, errors.New("no certificates supplied")
-	}
-
-	opts := x509.VerifyOptions{
-		// Roots:         c.config.RootCAs,
-		// CurrentTime:   time.Now(),
-		DNSName:       name,
-		Intermediates: x509.NewCertPool(),
-	}
-
-	for i, cert := range chain {
-		if i == 0 {
-			continue
-		}
-		opts.Intermediates.AddCert(cert)
-	}
-
-	verifiedChains, err := chain[0].Verify(opts)
-	if err != nil {
-		return nil, err
-	}
-
-	// TODO: further process all verified chains (revocation / CT)
-	return verifiedChains[0], nil
-}
-
-// TODO
-// func CheckCertificateTransparency(chain []*x509.Certificate, securityLevel int8) {
-// }
-
-func CheckKnownRevocation(verifiedChain []*x509.Certificate) (bool, error) {
-	for i := 0; i < len(verifiedChain)-1; i++ {
-		caID := hash.Sum(verifiedChain[i+1].RawSubjectPublicKeyInfo, hash.SHA2_256).Safe64()
-		rCert, err := GetRevokedCert(caID, verifiedChain[i].SerialNumber)
-		if err != nil {
-			if err != database.ErrNotFound {
-				return true, nil
-			}
-			return true, fmt.Errorf("verify: failed to get rCert from database: %s", err)
-		}
-		if rCert.IsRevoked(false) {
-			return false, nil
-		}
-		if rCert.OCSPFailed {
-			return true, errors.New("verify: OCSP failed in the past")
-		}
-	}
-	return true, nil
-}
-
-func CheckRecovation(verifiedChain []*x509.Certificate) (bool, error) {
-
-	for i := 0; i < len(verifiedChain)-1; i++ {
-		ok, err := checkCertRevocation(verifiedChain[i], verifiedChain[i+1])
-		if !ok {
-			return ok, err
-		}
-	}
-	return true, nil
-
-}
-
-func checkCertRevocation(cert, ca *x509.Certificate) (bool, error) {
-
-	// proper use?
-	if cert == nil {
-		return false, errors.New("verify: no certificate supplied")
-	}
-
-	// check if recocation is supported
-	if len(cert.CRLDistributionPoints) == 0 && len(cert.OCSPServer) == 0 {
-		return true, fmt.Errorf("verify: certificate does not support OCSP or CRL.")
-	}
-
-	var err error
-	if ca == nil {
-		ca, err = GetOrFetchIssuer(cert)
-		if err != nil {
-			return true, err
-		}
-	}
-	caID := hash.Sum(ca.RawSubjectPublicKeyInfo, hash.SHA2_256).Safe64()
-
-	// check cert
-	rCert, err := GetRevokedCert(caID, cert.SerialNumber)
-	if err != nil {
-		if err != database.ErrNotFound {
-			return true, fmt.Errorf("verify: failed to get Cert: %s", err)
-		}
-		rCert = &Cert{
-			cert: cert,
-			// Raw: cert.Raw,
-			LastSeen: time.Now().Unix(),
-			Expires:  time.Now().Add(7 * 24 * time.Hour).Unix(),
-		}
-		rCert.CreateRevokedCert(caID, cert.SerialNumber)
-	} else if rCert.IsRevoked(false) {
-		return false, fmt.Errorf("verify: certificate is %s", rCert.RevocationStatus(false))
-	}
-
-	// update OCSP
-	// TODO: check OCSP stapling data
-	// TODO: is MustStaple already handled by golang? If not, handle it!
-	if len(cert.OCSPServer) > 0 {
-		if rCert == nil {
-			rCert = new(Cert)
-		}
-		rCert, err = UpdateOCSP(rCert, cert, ca, caID)
-		if err == nil && !rCert.OCSPFailed {
-			// update CRL later
-			go checkCRL(rCert, cert, ca, caID, false, true)
-			if rCert.IsRevoked(false) {
-				return false, fmt.Errorf("verify: certificate is %s", rCert.RevocationStatus(false))
-			}
-			return true, nil
-		}
-	}
-
-	// update CRL
-	return checkCRL(rCert, cert, ca, caID, false, false)
-}
-
-func checkCRL(rCert *Cert, cert, ca *x509.Certificate, caID string, hardFail bool, postpone bool) (bool, error) {
-
-	if postpone {
-		// postpone a bit to finish packet processing
-		// TODO: use microtask management
-		time.Sleep(1 * time.Second)
-	}
-
-	caInfo, err := GetCARevocationInfo(caID)
-	if err != nil {
-		if err != database.ErrNotFound {
-			return true, fmt.Errorf("verify: failed to get CARevocationInfo: %s", err)
-		}
-		caInfo = &CARevocationInfo{
-			CRLDistributionPoints: cert.CRLDistributionPoints,
-			OCSPServers:           cert.OCSPServer,
-			CertificateURLs:       cert.IssuingCertificateURL,
-			Raw:                   ca.Raw,
-			Expires:               time.Now().Add(30 * 24 * time.Hour).Unix(),
-		}
-		caInfo.Create(caID)
-	}
-
-	UpdateCRL(caInfo, ca, caID)
-
-	rCert, err = GetRevokedCert(caID, cert.SerialNumber)
-	if err != nil {
-		return true, fmt.Errorf("verify: failed to get Cert: %s", err)
-	}
-	if rCert.IsRevoked(false) {
-		return false, fmt.Errorf("verify: certificate is %s", rCert.RevocationStatus(false))
-	}
-	return true, nil
-
-}
diff --git a/process/xdgicons/humanInfo.go b/process/xdgicons/humanInfo.go
deleted file mode 100644
index f02c271e..00000000
--- a/process/xdgicons/humanInfo.go
+++ /dev/null
@@ -1,217 +0,0 @@
-package process
-
-import (
-	"bufio"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/safing/portbase/log"
-)
-
-var (
-	humanInfoCache           map[string]*humanInfo
-	humanInfoCacheNamesOnly  map[string]*humanInfo
-	nextHumanInfoCacheUpdate time.Time
-
-	searchPathCache           map[string]string
-	nextSearchPathCacheUpdate time.Time
-
-	humanInfoCacheLock sync.Mutex
-)
-
-type humanInfo struct {
-	Name     string
-	IconName string
-	IconPath string
-	ExecCmd  string
-}
-
-func (m *Process) GetHumanInfo() {
-	humanInfoCacheLock.Lock()
-	defer humanInfoCacheLock.Unlock()
-
-	// TODO: do some proper fuzzy matching to get these icons!
-	// take special care of:
-	// - flatpak
-	// - snapd
-
-	fuzzyMatch := false
-	info, ok := humanInfoCache[m.Path]
-	if !ok {
-		splitted := strings.Split(m.Path, "/")
-		nameOnly := splitted[len(splitted)-1]
-		info, ok = humanInfoCacheNamesOnly[nameOnly]
-		if ok {
-			fuzzyMatch = true
-		} else {
-			updateHumanInfoCache()
-			info, ok = humanInfoCache[m.Path]
-			if !ok {
-				fuzzyMatch = true
-				info, ok = humanInfoCacheNamesOnly[nameOnly]
-				if !ok {
-					if len(splitted) > 3 {
-						info, ok = humanInfoCacheNamesOnly[splitted[len(splitted)-2]]
-						if !ok {
-							return
-						}
-					} else {
-						return
-					}
-				}
-			}
-		}
-	}
-
-	if info.IconPath == "" && info.IconName != "" {
-		info.IconPath = getIconPathFromName(info.IconName)
-	}
-
-	if !fuzzyMatch {
-		m.Name = info.Name
-	}
-	if info.IconPath != "" {
-		m.Icon = "f:" + info.IconPath
-	}
-
-}
-
-func updateHumanInfoCache() {
-	if time.Now().Before(nextHumanInfoCacheUpdate) {
-		return
-	}
-	humanInfoCache = make(map[string]*humanInfo)
-	humanInfoCacheNamesOnly = make(map[string]*humanInfo)
-	log.Tracef("process: updating human info cache")
-	for _, starterDir := range starterLocations {
-		for _, dirEntry := range readDirNames(starterDir) {
-
-			// only look at .desktop files
-			if !strings.HasSuffix(dirEntry, ".desktop") {
-				continue
-			}
-
-			execCmd, name, iconPath := getStarterInfo(filepath.Join(starterDir, dirEntry))
-
-			if execCmd == "" {
-				continue
-			}
-			execPath := strings.SplitN(execCmd, " ", 2)[0]
-
-			var ok bool
-			if !strings.HasPrefix(execPath, "/") {
-				execPath, ok = searchPathCache[execPath]
-				if !ok {
-					updateSearchPathCache()
-					execPath, ok = searchPathCache[execPath]
-					if !ok {
-						continue
-					}
-				}
-			}
-
-			new := humanInfo{
-				Name: name,
-			}
-			if strings.HasPrefix(iconPath, "/") {
-				new.IconPath = iconPath
-			} else {
-				new.IconName = iconPath
-			}
-			humanInfoCache[execPath] = &new
-			splitted := strings.Split(execPath, "/")
-			humanInfoCacheNamesOnly[splitted[len(splitted)-1]] = &new
-			// log.Tracef("process: new cache entry: %s - %s - %s - %s", execPath, name, new.IconName, new.IconPath)
-
-		}
-	}
-	nextHumanInfoCacheUpdate = time.Now().Add(10 * time.Second)
-}
-
-func getStarterInfo(filePath string) (execCmd, name, iconPath string) {
-	// open file
-	file, err := os.Open(filePath)
-	if err != nil {
-		log.Warningf("process: could not read %s: %s", filePath, err)
-		return
-	}
-	defer file.Close()
-
-	// file scanner
-	scanner := bufio.NewScanner(file)
-	scanner.Split(bufio.ScanLines)
-
-	// parse
-	seen := 0
-	scanner.Scan() // skip first line
-	for scanner.Scan() {
-		line := strings.SplitN(scanner.Text(), "=", 2)
-		if len(line) < 2 {
-			continue
-		}
-		switch {
-		case line[0] == "Name":
-			if name == "" {
-				name = line[1]
-				seen += 1
-			}
-		case line[0] == "Exec":
-			if execCmd == "" {
-				execCmd = line[1]
-				seen += 1
-			}
-		case line[0] == "Icon":
-			if iconPath == "" {
-				iconPath = line[1]
-				seen += 1
-			}
-		}
-		if seen >= 3 {
-			return
-		}
-	}
-	return
-}
-
-func updateSearchPathCache() {
-	if time.Now().Before(nextSearchPathCacheUpdate) {
-		return
-	}
-	searchPathCache = make(map[string]string)
-	for _, searchEntry := range strings.Split(os.Getenv("PATH"), ":") {
-		names := readDirNames(searchEntry)
-		for _, name := range names {
-			// only save first occurence
-			if _, ok := searchPathCache[name]; !ok {
-				searchPathCache[name] = filepath.Join(searchEntry, name)
-			}
-		}
-	}
-	nextSearchPathCacheUpdate = time.Now().Add(10 * time.Second)
-}
-
-func getIconPathFromName(iconName string) string {
-	for _, location := range xdgIconLocations {
-		// skip everything that does not exist or we do not have access to.
-		if _, err := os.Stat(location); err != nil {
-			continue
-		}
-		// check for icon
-		for _, path := range xdgIconPaths {
-			possibleIcon := filepath.Join(location, path, iconName+".png")
-			if _, err := os.Stat(possibleIcon); err == nil {
-				return possibleIcon
-			}
-		}
-	}
-	for _, location := range iconLocations {
-		possibleIcon := filepath.Join(location, iconName+".png")
-		if _, err := os.Stat(possibleIcon); err == nil {
-			return possibleIcon
-		}
-	}
-	return ""
-}
diff --git a/process/xdgicons/humanInfo_test.go b/process/xdgicons/humanInfo_test.go
deleted file mode 100644
index 4af29226..00000000
--- a/process/xdgicons/humanInfo_test.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package process
-
-import (
-	"fmt"
-	"strconv"
-	"testing"
-)
-
-func TestGetHumanInfo(t *testing.T) {
-	// gather processes for testing
-	pids := readDirNames("/proc")
-	var allProcs []*Process
-	for _, pidString := range pids {
-		pid, err := strconv.ParseInt(pidString, 10, 32)
-		if err != nil {
-			continue
-		}
-		next, err := GetOrFindProcess(int(pid))
-		if err != nil {
-			continue
-		}
-		allProcs = append(allProcs, next)
-	}
-
-	// test
-	for _, process := range allProcs {
-		process.GetHumanInfo()
-		fmt.Printf("%d - %s - %s - %s\n", process.Pid, process.Path, process.Name, process.Icon)
-	}
-}
diff --git a/process/xdgicons/locations.go b/process/xdgicons/locations.go
deleted file mode 100644
index d3956199..00000000
--- a/process/xdgicons/locations.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package process
-
-// spec: https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html
-// alternatives:
-// gtk3 lib: https://developer.gnome.org/gtk3/stable/GtkIconTheme.html
-// qt lib: ?
-
-var (
-	starterLocations = []string{
-		"/usr/share/applications",
-		"/var/lib/flatpak/exports/share/applications/",
-	}
-
-	iconLocations = []string{
-		"/usr/share/pixmaps",
-	}
-
-	xdgIconLocations = []string{
-		"/usr/share/default",
-		"/usr/share/gnome",
-		"/var/lib/flatpak/exports/share",
-		"/usr/local/share",
-		"/usr/share",
-		"/var/lib/snapd/desktop",
-	}
-
-	xdgIconPaths = []string{
-		"icons/hicolor/512x512/apps",
-		"icons/hicolor/256x256/apps",
-		"icons/hicolor/192x192/apps",
-		"icons/hicolor/128x128/apps",
-		"icons/hicolor/96x96/apps",
-		"icons/hicolor/72x72/apps",
-		"icons/hicolor/64x64/apps",
-		"icons/hicolor/48x48/apps",
-	}
-)
diff --git a/profile/index/index.go b/profile/index/index.go
deleted file mode 100644
index f206212f..00000000
--- a/profile/index/index.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package index
-
-import (
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"sync"
-
-	"github.com/safing/portbase/database/record"
-	"github.com/safing/portbase/utils"
-)
-
-// ProfileIndex links an Identifier to Profiles
-type ProfileIndex struct {
-	record.Base
-	sync.Mutex
-
-	ID string
-
-	UserProfiles  []string
-	StampProfiles []string
-}
-
-func makeIndexRecordKey(fpType, id string) string {
-	return fmt.Sprintf("index:profiles/%s:%s", fpType, base64.RawURLEncoding.EncodeToString([]byte(id)))
-}
-
-// NewIndex returns a new ProfileIndex.
-func NewIndex(id string) *ProfileIndex {
-	return &ProfileIndex{
-		ID: id,
-	}
-}
-
-// AddUserProfile adds a User Profile to the index.
-func (pi *ProfileIndex) AddUserProfile(identifier string) (changed bool) {
-	if !utils.StringInSlice(pi.UserProfiles, identifier) {
-		pi.UserProfiles = append(pi.UserProfiles, identifier)
-		return true
-	}
-	return false
-}
-
-// AddStampProfile adds a Stamp Profile to the index.
-func (pi *ProfileIndex) AddStampProfile(identifier string) (changed bool) {
-	if !utils.StringInSlice(pi.StampProfiles, identifier) {
-		pi.StampProfiles = append(pi.StampProfiles, identifier)
-		return true
-	}
-	return false
-}
-
-// RemoveUserProfile removes a profile from the index.
-func (pi *ProfileIndex) RemoveUserProfile(id string) {
-	pi.UserProfiles = utils.RemoveFromStringSlice(pi.UserProfiles, id)
-}
-
-// RemoveStampProfile removes a profile from the index.
-func (pi *ProfileIndex) RemoveStampProfile(id string) {
-	pi.StampProfiles = utils.RemoveFromStringSlice(pi.StampProfiles, id)
-}
-
-// Get gets a ProfileIndex from the database.
-func Get(fpType, id string) (*ProfileIndex, error) {
-	key := makeIndexRecordKey(fpType, id)
-
-	r, err := indexDB.Get(key)
-	if err != nil {
-		return nil, err
-	}
-
-	// unwrap
-	if r.IsWrapped() {
-		// only allocate a new struct, if we need it
-		new := &ProfileIndex{}
-		err = record.Unwrap(r, new)
-		if err != nil {
-			return nil, err
-		}
-		return new, nil
-	}
-
-	// or adjust type
-	new, ok := r.(*ProfileIndex)
-	if !ok {
-		return nil, fmt.Errorf("record not of type *ProfileIndex, but %T", r)
-	}
-	return new, nil
-}
-
-// Save saves the Identifiers to the database
-func (pi *ProfileIndex) Save() error {
-	if !pi.KeyIsSet() {
-		if pi.ID != "" {
-			pi.SetKey(makeIndexRecordKey(pi.ID))
-		} else {
-			return errors.New("missing identification Key")
-		}
-	}
-
-	return indexDB.Put(pi)
-}
diff --git a/profile/index/indexer.go b/profile/index/indexer.go
deleted file mode 100644
index e76beb7a..00000000
--- a/profile/index/indexer.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package index
-
-import (
-	"github.com/safing/portbase/database"
-	"github.com/safing/portbase/database/query"
-	"github.com/safing/portbase/database/record"
-	"github.com/safing/portbase/log"
-	"github.com/safing/portbase/modules"
-
-	"github.com/safing/portmaster/profile"
-)
-
-// FIXME: listen for profile changes and update the index
-
-var (
-	indexDB = database.NewInterface(&database.Options{
-		Local:                true, // we want to access crownjewel records
-		AlwaysMakeCrownjewel: true, // never sync the index
-	})
-	indexSub *database.Subscription
-
-	shutdownIndexer = make(chan struct{})
-)
-
-func init() {
-	modules.Register("profile:index", nil, start, stop, "core", "profile")
-}
-
-func start() (err error) {
-	indexSub, err = indexDB.Subscribe(query.New("core:profiles/user/"))
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func stop() error {
-	close(shutdownIndexer)
-	indexSub.Cancel()
-	return nil
-}
-
-func indexer() {
-	for {
-		select {
-		case <-shutdownIndexer:
-			return
-		case r := <-indexSub.Feed:
-			if r == nil {
-				return
-			}
-
-			prof := ensureProfile(r)
-			if prof != nil {
-				for _, fp := range prof.Fingerprints {
-					if fp.MatchesOS() && fp.Type == "full_path" {
-
-						// get Profile and ensure identifier is set
-						pi, err := Get("full_path", fp.Value)
-						if err != nil {
-							if err == database.ErrNotFound {
-								pi = NewIndex(id)
-							} else {
-								log.Errorf("profile/index: could not save updated profile index: %s", err)
-							}
-						}
-
-						if pi.AddUserProfile(prof.ID) {
-							err := pi.Save()
-							if err != nil {
-								log.Errorf("profile/index: could not save updated profile index: %s", err)
-							}
-						}
-
-					}
-				}
-			}
-		}
-	}
-}
-
-func ensureProfile(r record.Record) *profile.Profile {
-	// unwrap
-	if r.IsWrapped() {
-		// only allocate a new struct, if we need it
-		new := &profile.Profile{}
-		err := record.Unwrap(r, new)
-		if err != nil {
-			log.Errorf("profile/index: could not unwrap Profile: %s", err)
-			return nil
-		}
-		return new
-	}
-
-	// or adjust type
-	new, ok := r.(*profile.Profile)
-	if !ok {
-		log.Errorf("profile/index: record not of type *Profile, but %T", r)
-		return nil
-	}
-	return new
-}
diff --git a/profile/matching/database.go b/profile/matching/database.go
deleted file mode 100644
index 77a2e4ff..00000000
--- a/profile/matching/database.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package matching
-
-import (
-	"github.com/safing/portbase/database"
-)
-
-// core:profiles/user/12345-1234-125-1234-1235
-// core:profiles/special/default
-//                      /global
-// core:profiles/stamp/12334-1235-1234-5123-1234
-// core:profiles/identifier/base64
-
-var (
-	profileDB = database.NewInterface(&database.Options{
-		Local: true, // we want to access crownjewel records (indexes are)
-	})
-)
diff --git a/profile/matching/fingerprints.go b/profile/matching/fingerprints.go
deleted file mode 100644
index 11aebb40..00000000
--- a/profile/matching/fingerprints.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package matcher
-
-import (
-	"strings"
-
-	"github.com/safing/portmaster/process"
-	"github.com/safing/portmaster/profile"
-)
-
-// CheckFingerprints checks what fingerprints match and returns the total score.
-func CheckFingerprints(proc *process.Process, prof *profile.Profile) (score int, err error) {
-	// FIXME: kinda a dummy for now
-
-	for _, fp := range prof.Fingerprints {
-		if strings.HasPrefix(fp, "fullpath:") {
-			if fp[9:] == proc.Path {
-				return 3, nil
-			}
-		}
-	}
-
-	return 0, nil
-}
diff --git a/profile/matching/identpath_linux.go b/profile/matching/identpath_linux.go
deleted file mode 100644
index e25b8c1a..00000000
--- a/profile/matching/identpath_linux.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package matcher
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/safing/portmaster/process"
-	"github.com/safing/portmaster/profile"
-)
-
-// GetIdentificationPath returns the identifier for the given process (linux edition).
-func GetIdentificationPath(p *process.Process) string {
-	splittedPath := strings.Split(p.Path, "/")
-	if len(splittedPath) > 3 {
-		return fmt.Sprintf("%s%s", profile.IdentifierPrefix, strings.Join(splittedPath[len(splittedPath)-3:len(splittedPath)], "/"))
-	}
-	return fmt.Sprintf("%s%s", profile.IdentifierPrefix, p.Path)
-}
diff --git a/profile/matching/identpath_linux_test.go b/profile/matching/identpath_linux_test.go
deleted file mode 100644
index eae72098..00000000
--- a/profile/matching/identpath_linux_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package matcher
-
-import (
-	"testing"
-
-	"github.com/safing/portmaster/process"
-)
-
-func TestGetIdentifierLinux(t *testing.T) {
-	p := &process.Process{
-		Path: "/usr/lib/firefox/firefox",
-	}
-
-	if GetIdentificationPath(p) != "lin:lib/firefox/firefox" {
-		t.Fatal("mismatch!")
-	}
-
-	p = &process.Process{
-		Path: "/opt/start",
-	}
-
-	if GetIdentificationPath(p) != "lin:/opt/start" {
-		t.Fatal("mismatch!")
-	}
-}
diff --git a/profile/matching/matcher.go b/profile/matching/matcher.go
deleted file mode 100644
index 14109113..00000000
--- a/profile/matching/matcher.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package matcher
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/safing/portbase/log"
-	"github.com/safing/portmaster/process"
-	"github.com/safing/portmaster/profile"
-	"github.com/safing/portmaster/profile/index"
-)
-
-// GetProfileSet finds a local profile.
-func GetProfileSet(proc *process.Process) (set *profile.ProfileSet, err error) {
-
-	identPath := GetIdentificationPath(proc)
-	pi, err := index.GetIndex(identPath)
-
-	var bestScore int
-	var bestProfile *profile.Profile
-
-	for _, id := range pi.UserProfiles {
-		prof, err := profile.GetUserProfile(id)
-		if err != nil {
-			log.Errorf("profile/matcher: failed to load profile: %s", err)
-			continue
-		}
-
-		score, err := CheckFingerprints(proc, prof)
-		if score > bestScore {
-			bestScore = score
-			bestProfile = prof
-		}
-	}
-
-	if bestProfile == nil {
-		bestProfile = ProfileFromProcess(proc)
-	}
-
-	// FIXME: fetch stamp profile
-	set = profile.NewSet(bestProfile, nil)
-	return set, nil
-}
-
-// ProfileFromProcess creates an initial profile based on the given process.
-func ProfileFromProcess(proc *process.Process) *profile.Profile {
-	new := profile.New()
-
-	splittedPath := strings.Split(proc.Path, "/")
-	new.Name = strings.ToTitle(splittedPath[len(splittedPath)-1])
-
-	new.Identifiers = append(new.Identifiers, GetIdentificationPath(proc))
-	new.Fingerprints = append(new.Fingerprints, fmt.Sprintf("fullpath:%s", proc.Path))
-
-	err := new.Save(profile.UserNamespace)
-	if err != nil {
-		log.Errorf("profile/matcher: could not save new profile: %s", new.Name)
-	}
-
-	return new
-}
diff --git a/threats/all.go b/threats/all.go
deleted file mode 100644
index f4ce20d0..00000000
--- a/threats/all.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package threats
-
-import (
-	_ "github.com/safing/portmaster/threats/arp"
-	_ "github.com/safing/portmaster/threats/portscan"
-)
diff --git a/threats/arp/arpentry.go b/threats/arp/arpentry.go
deleted file mode 100644
index 68e1e8d6..00000000
--- a/threats/arp/arpentry.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package arp
-
-type arpEntry struct {
-	IP        string
-	MAC       string
-	Interface string
-}
diff --git a/threats/arp/os_linux.go b/threats/arp/os_linux.go
deleted file mode 100644
index 6cf16bc0..00000000
--- a/threats/arp/os_linux.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package arp
-
-import (
-	"bufio"
-	"os"
-	"strings"
-
-	"github.com/safing/portbase/log"
-)
-
-const (
-	arpTableProcFile = "/proc/net/arp"
-)
-
-func getArpTable() (table []*arpEntry, err error) {
-	// open file
-	arpData, err := os.Open(arpTableProcFile)
-	if err != nil {
-		log.Warningf("threats/arp: could not read %s: %s", arpTableProcFile, err)
-		return nil, err
-	}
-	defer arpData.Close()
-
-	// file scanner
-	scanner := bufio.NewScanner(arpData)
-	scanner.Split(bufio.ScanLines)
-
-	// parse
-	scanner.Scan() // skip first line
-	for scanner.Scan() {
-		line := strings.Fields(scanner.Text())
-		if len(line) < 6 {
-			continue
-		}
-
-		table = append(table, &arpEntry{
-			IP:        line[0],
-			MAC:       line[3],
-			Interface: line[5],
-		})
-	}
-
-	return table, nil
-}
-
-func clearArpTable() error {
-	return nil
-}
diff --git a/threats/portscan/detection.go b/threats/portscan/detection.go
deleted file mode 100644
index 416aa534..00000000
--- a/threats/portscan/detection.go
+++ /dev/null
@@ -1 +0,0 @@
-package portscan
diff --git a/threats/portscan/module.go b/threats/portscan/module.go
deleted file mode 100644
index 416aa534..00000000
--- a/threats/portscan/module.go
+++ /dev/null
@@ -1 +0,0 @@
-package portscan