Unspecified bytes in SSL serverhello message

Question

During SSL 3.0 handshaking server responses with the following serverhello message

16 03 00 00 51 02 00
00 4d 03 00 4f a1 c1
eb e3 fb 00 a9 c8 25
25 48 6f 89 27 ec bb
80 f3 8c 5d db f7 6c
94 56 d8 34 7a b5 9d
02 20 54 ab 20 ea 05
a6 38 6f ee 55 40 ae
af e2 5d ae 2a 4d c1
c6 f4 09 a7 08 b1 c5
49 39 87 82 d3 f7 00
39 00 00 05 ff 01 00
01 00

I understand this response as follows:

Content-type: 22 (Handshake protocol)
Version: 3.0
Length: a1 (81 bytes)

Content-type: 02 (ServerHello)
Length: 4d (77 bytes)
Version: 3.0
Random: 4f a1 c1 eb e3 fb 00 a9
        c8 25 25 48 6f 89 27 ec
        bb 80 f3 8c 5d db f7 6c
        94 56 d8 34 7a b5 9d 02
SessionID Length: 20 (32 bytes)
SessionID: 54 ab 20 ea 05 a6 38 6f
           ee 55 40 ae af e2 5d ae
           2a 4d c1 c6 f4 09 a7 08
           b1 c5 49 39 87 82 d3 f7
Cipher Suite: 00 39
Compression method: 00

But i can't understand how the last 7 bytes should be interpreted: 00 05 ff 01 00 01 00

Answer 1

That would be the renegotiation_info extension, as defined in RFC 5746:

o  If this is the initial handshake for a connection, then the
   "renegotiated_connection" field is of zero length in both the
   ClientHello and the ServerHello.  Thus, the entire encoding of the
   extension is ff 01 00 01 00.  The first two octets represent the
   extension type, the third and fourth octets the length of the
   extension itself, and the final octet the zero length byte for the
   "renegotiated_connection" field.