Distinction between the TLS PRF for the Master Key and for the Keys
posted March 2016
I just realized one more thing in TLS that doesn't make sense (besides the fact that different versions of TLS have different PRFs). Here's RFC 5246 (the RFC on TLS 1.2) on how to use the PRF transform your pre-master key into a master key:
Here's the same RFC on how to use the PRF to transform your master key into your 4 or 6 keys:
Took me some time, the first takes the server random appended to the client random, while the second takes the client random appended to the server random. I'm willing to bet this is not to circumvent any attack but rather to confuse the implementer...