{"γειά, κόσμε!", "ΓΕΙΆ, ΚΌΣΜΕ!"},
		{"γειά, κόσμε!", "ΛΕΙΆ, ΚΌΣΜΕ!"},
		{"AESKey", "aesKey"},
		{"AESKEY", "aes_key"},
		{"aes_key", "AES_KEY"},
		{"AES_KEY", "aes-key"},
		{"aes-key", "AES-KEY"},
		{"AES-KEY", "aesKey"},
		{"aesKey", "AesKey"},
		{"AesKey", "AESKey"},
		{"AESKey", "aeskey"},
		{"DESKey", "aeskey"},
		{"AES Key", "aeskey"},
	} {
		f.Add([]byte(ss[0]), []byte(ss[1]))
	}

	macBytes := encrypted[len(encrypted)-sha256.Size:]

	if _, err := io.ReadFull(c.rand(), iv); err != nil {
		return nil, err
	}
	key := ticketKeys[0]
	block, err := aes.NewCipher(key.aesKey[:])
	if err != nil {
		return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error())
	}
	cipher.NewCTR(block, iv).XORKeyStream(ciphertext, state)

	// sense to use a proper KDF here, like HKDF with a fixed salt.
	const legacyTicketKeyNameLen = 16
	copy(key.aesKey[:], hashed[legacyTicketKeyNameLen:])
	copy(key.hmacKey[:], hashed[legacyTicketKeyNameLen+len(key.aesKey):])
	key.created = c.time()
	return key
}

// maxSessionTicketLifetime is the maximum allowed lifetime of a TLS 1.3 session