a 802.1x-ttls supplicant (client) needs to compute a session-key using material gathered in the tls handshake: the prf, master secret, client-random and server-random. Either all these have to be exposed to the user, or the session-key computation has to be done as part of the tls handshake. I'm suggesting to do the latter here, by extending the TLSconn. As far as I can see, this change should not break any existing code, although recompilation is needed. I could imagine other situations where also a session-key has to be computed, but in a different way. I tried to cater for that by the sessionType field which allows/forces the user to specify some kind of computation scheme. If there is a better way to do this please let me know (I tried to get feedback via 9fans, without success). Axel.