Skip to content

Commit 459ccee

Browse files
drwetterdrwetter
authored
Merge pull request #2737 from dcooper16/tls13_pq_sigalg
Support ML-DSA server keys
2 parents 3fbcead + ecaa787 commit 459ccee

File tree

2 files changed

+79
-24
lines changed

2 files changed

+79
-24
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
* TLS 1.2 and TLS 1.3 sig algs added
3737
* Check for ffdhe groups
3838
* Check for six KEMs in draft-connolly-tls-mlkem-key-agreement/draft-kwiatkowski-tls-ecdhe-mlkem/draft-tls-westerbaan-xyber768d00
39+
* Check for ML-DSA signatures (draft-tls-westerbaan-mldsa)
3940
* Show server supported signature algorithms
4041
* --add-ca can also now be a directory with \*.pem files
4142
* Warning of 398 day limit for certificates issued after 2020/9/1

testssl.sh

Lines changed: 78 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1166,7 +1166,7 @@ set_key_str_score() {
11661166
elif [[ $size -lt 225 ]] && [[ $KEY_EXCH_SCORE -ge 90 ]]; then
11671167
KEY_EXCH_SCORE=90
11681168
fi
1169-
else
1169+
elif [[ $type == RSA || $type == DSA || $type == DH ]]; then
11701170
if [[ $size -lt 512 ]] && [[ $KEY_EXCH_SCORE -ge 20 ]]; then
11711171
KEY_EXCH_SCORE=20
11721172
elif [[ $size -lt 1024 ]] && [[ $KEY_EXCH_SCORE -ge 40 ]]; then
@@ -1176,6 +1176,10 @@ set_key_str_score() {
11761176
elif [[ $size -lt 4096 ]] && [[ $KEY_EXCH_SCORE -ge 90 ]]; then
11771177
KEY_EXCH_SCORE=90
11781178
fi
1179+
elif [[ $type == ML-DSA ]]; then
1180+
if [[ $size -lt 4032 ]] && [[ $KEY_EXCH_SCORE -ge 90 ]]; then
1181+
KEY_EXCH_SCORE=90
1182+
fi
11791183
fi
11801184
return 0
11811185
}
@@ -6750,6 +6754,21 @@ read_sigalg_from_file() {
67506754
case "$sig_alg" in
67516755
1.3.101.112|ED25519) tm_out "Ed25519" ;;
67526756
1.3.101.113|ED448) tm_out "Ed448" ;;
6757+
2.16.840.1.101.3.4.3.17) tm_out "ML-DSA-44" ;;
6758+
2.16.840.1.101.3.4.3.18) tm_out "ML-DSA-65" ;;
6759+
2.16.840.1.101.3.4.3.19) tm_out "ML-DSA-87" ;;
6760+
2.16.840.1.101.3.4.3.20) tm_out "SLH-DSA-SHA2-128s" ;;
6761+
2.16.840.1.101.3.4.3.21) tm_out "SLH-DSA-SHA2-128f" ;;
6762+
2.16.840.1.101.3.4.3.22) tm_out "SLH-DSA-SHA2-192s" ;;
6763+
2.16.840.1.101.3.4.3.23) tm_out "SLH-DSA-SHA2-192f" ;;
6764+
2.16.840.1.101.3.4.3.24) tm_out "SLH-DSA-SHA2-256s" ;;
6765+
2.16.840.1.101.3.4.3.25) tm_out "SLH-DSA-SHAKE-256f" ;;
6766+
2.16.840.1.101.3.4.3.26) tm_out "SLH-DSA-SHAKE-128s" ;;
6767+
2.16.840.1.101.3.4.3.27) tm_out "SLH-DSA-SHAKE-128f" ;;
6768+
2.16.840.1.101.3.4.3.28) tm_out "SLH-DSA-SHAKE-192s" ;;
6769+
2.16.840.1.101.3.4.3.29) tm_out "SLH-DSA-SHAKE-192f" ;;
6770+
2.16.840.1.101.3.4.3.30) tm_out "SLH-DSA-SHAKE-256s" ;;
6771+
2.16.840.1.101.3.4.3.31) tm_out "SLH-DSA-SHAKE-256f" ;;
67536772
*) tm_out "$sig_alg" ;;
67546773
esac
67556774

@@ -8201,15 +8220,15 @@ get_server_certificate() {
82018220
# So, for TLS 1.3 connections, the -sigalgs option is used with $OPENSSL and an appropriate signature_algorithms (0x0d) extension
82028221
# is provided to tls_sockets().
82038222
# The return 1 if $1 is neither tls_1_3_RSA nor tls_1_3_ECDSA is unnecessary. That would only happen if there were a bug in the
8204-
# code. For example, if someone added another certificate type (e.g., ML-DSA) to run_server_defaults(), but forgot to add corresponding
8223+
# code. For example, if someone added another certificate type (e.g., FN-DSA) to run_server_defaults(), but forgot to add corresponding
82058224
# code to get_server_certificate().
82068225

82078226
"$SSL_NATIVE" && using_sockets=false
82088227

82098228
CERTIFICATE_LIST_ORDERING_PROBLEM=false
82108229
if [[ "$1" =~ tls1_3 ]]; then
82118230
[[ $(has_server_protocol "tls1_3") -eq 1 ]] && return 1
8212-
if "$HAS_TLS13" && "$HAS_SIGALGS" && [[ ! "$1" =~ tls1_3_EdDSA ]]; then
8231+
if "$HAS_TLS13" && "$HAS_SIGALGS" && [[ ! "$1" =~ tls1_3_EdDSA ]] && [[ ! "$1" =~ tls1_3_MLDSA ]]; then
82138232
if [[ "$1" =~ tls1_3_RSA ]]; then
82148233
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -showcerts -connect $NODEIP:$PORT $PROXY $SNI -tls1_3 -tlsextdebug -status -msg -sigalgs PSS+SHA256:PSS+SHA384:PSS+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512") </dev/null 2>$ERRFILE >$TMPFILE
82158234
elif [[ "$1" =~ tls1_3_ECDSA ]]; then
@@ -8232,6 +8251,8 @@ get_server_certificate() {
82328251
tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03"
82338252
elif [[ "$1" =~ tls1_3_EdDSA ]]; then
82348253
tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,06,00,04,08,07,08,08"
8254+
elif [[ "$1" =~ tls1_3_MLDSA ]]; then
8255+
tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,08,00,06,09,04,09,05,09,06"
82358256
else
82368257
return 1
82378258
fi
@@ -9105,12 +9126,30 @@ certificate_info() {
91059126
case "$cert_sig_algo" in
91069127
1.3.101.112|ED25519) cert_sig_algo="Ed25519" ;;
91079128
1.3.101.113|ED448) cert_sig_algo="Ed448" ;;
9129+
2.16.840.1.101.3.4.3.17) cert_sig_algo="ML-DSA-44" ;;
9130+
2.16.840.1.101.3.4.3.18) cert_sig_algo="ML-DSA-65" ;;
9131+
2.16.840.1.101.3.4.3.19) cert_sig_algo="ML-DSA-87" ;;
9132+
2.16.840.1.101.3.4.3.20) cert_sig_algo="SLH-DSA-SHA2-128s" ;;
9133+
2.16.840.1.101.3.4.3.21) cert_sig_algo="SLH-DSA-SHA2-128f" ;;
9134+
2.16.840.1.101.3.4.3.22) cert_sig_algo="SLH-DSA-SHA2-192s" ;;
9135+
2.16.840.1.101.3.4.3.23) cert_sig_algo="SLH-DSA-SHA2-192f" ;;
9136+
2.16.840.1.101.3.4.3.24) cert_sig_algo="SLH-DSA-SHA2-256s" ;;
9137+
2.16.840.1.101.3.4.3.25) cert_sig_algo="SLH-DSA-SHAKE-256f" ;;
9138+
2.16.840.1.101.3.4.3.26) cert_sig_algo="SLH-DSA-SHAKE-128s" ;;
9139+
2.16.840.1.101.3.4.3.27) cert_sig_algo="SLH-DSA-SHAKE-128f" ;;
9140+
2.16.840.1.101.3.4.3.28) cert_sig_algo="SLH-DSA-SHAKE-192s" ;;
9141+
2.16.840.1.101.3.4.3.29) cert_sig_algo="SLH-DSA-SHAKE-192f" ;;
9142+
2.16.840.1.101.3.4.3.30) cert_sig_algo="SLH-DSA-SHAKE-256s" ;;
9143+
2.16.840.1.101.3.4.3.31) cert_sig_algo="SLH-DSA-SHAKE-256f" ;;
91089144
esac
91099145
cert_key_algo="$(awk -F':' '/Public Key Algorithm:/ { print $2; if (++Match >= 1) exit; }' <<< "$cert_txt")"
91109146
cert_key_algo="${cert_key_algo// /}"
91119147
case "$cert_key_algo" in
91129148
1.3.101.112|E[Dd]25519) cert_key_algo="Ed25519"; cert_keysize=253 ;;
91139149
1.3.101.113|E[Dd]448) cert_key_algo="Ed448"; cert_keysize=456 ;;
9150+
2.16.840.1.101.3.4.3.17) cert_key_algo="ML-DSA-44"; cert_keysize=2560 ;;
9151+
2.16.840.1.101.3.4.3.18) cert_key_algo="ML-DSA-65"; cert_keysize=4032 ;;
9152+
2.16.840.1.101.3.4.3.19) cert_key_algo="ML-DSA-87"; cert_keysize=4896 ;;
91149153
esac
91159154

91169155
out "$indent" ; pr_bold " Signature Algorithm "
@@ -9219,7 +9258,7 @@ certificate_info() {
92199258
fileout "${jsonID}${json_postfix}" "CRITICAL" "MD5"
92209259
set_grade_cap "F" "Supports a insecure signature (MD5)"
92219260
;;
9222-
Ed25519|Ed448)
9261+
Ed25519|Ed448|ML-DSA*|SLH-DSA*)
92239262
prln_svrty_good "$cert_sig_algo"
92249263
fileout "${jsonID}${json_postfix}" "OK" "$cert_sig_algo"
92259264
;;
@@ -9244,13 +9283,17 @@ certificate_info() {
92449283
*RSA*|*rsa*) short_keyAlgo="RSA";;
92459284
*ecdsa*|*ecPublicKey) short_keyAlgo="EC";;
92469285
*Ed25519*|*Ed448*) short_keyAlgo="EdDSA";;
9286+
*ML-DSA*) short_keyAlgo="ML-DSA" ;;
9287+
*SLH-DSA*) short_keyAlgo="SLH-DSA" ;;
92479288
*DSA*|*dsa*) short_keyAlgo="DSA";;
92489289
*GOST*|*gost*) short_keyAlgo="GOST";;
92499290
*dh*|*DH*) short_keyAlgo="DH" ;;
92509291
*) pr_fixme "don't know $cert_key_algo "
92519292
((ret++)) ;;
92529293
esac
9253-
out "$short_keyAlgo "
9294+
if [[ $short_keyAlgo != EdDSA ]] && [[ $short_keyAlgo != ML-DSA ]]; then
9295+
out "$short_keyAlgo "
9296+
fi
92549297
# https://tools.ietf.org/html/rfc4492, https://www.keylength.com/en/compare/
92559298
# https://doi.org/10.1007/s00145-001-0009-4
92569299
# see https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-4/final
@@ -9307,7 +9350,7 @@ certificate_info() {
93079350
fi
93089351

93099352
set_key_str_score "$short_keyAlgo" "$cert_keysize"
9310-
elif [[ $cert_key_algo == Ed* ]]; then
9353+
elif [[ $cert_key_algo == Ed* ]] || [[ $cert_key_algo == ML-DSA* ]]; then
93119354
pr_svrty_good "$cert_key_algo"
93129355
json_rating="OK"; json_msg="$short_keyAlgo $cert_key_algo"
93139356
set_key_str_score "$short_keyAlgo" "$cert_keysize"
@@ -10143,27 +10186,29 @@ run_server_defaults() {
1014310186
ciphers_to_test[8]="tls1_3_RSA"
1014410187
ciphers_to_test[9]="tls1_3_ECDSA"
1014510188
ciphers_to_test[10]="tls1_3_EdDSA"
10189+
ciphers_to_test[11]="tls1_3_MLDSA"
1014610190
certificate_type[1]="" ; certificate_type[2]=""
1014710191
certificate_type[3]=""; certificate_type[4]=""
1014810192
certificate_type[5]="" ; certificate_type[6]=""
1014910193
certificate_type[7]="" ; certificate_type[8]="RSASig"
1015010194
certificate_type[9]="ECDSA" ; certificate_type[10]="EdDSA"
10195+
certificate_type[11]="MLDSA"
1015110196

10152-
for (( n=1; n <= 17 ; n++ )); do
10197+
for (( n=1; n <= 18 ; n++ )); do
1015310198
# Some servers use a different certificate if the ClientHello
1015410199
# specifies TLSv1.1 and doesn't include a server name extension.
1015510200
# So, for each public key type for which a certificate was found,
1015610201
# try again, but only with TLSv1.1 and without SNI.
1015710202
if [[ $n -ne 1 ]] && [[ "$OPTIMAL_PROTO" == -ssl2 ]]; then
1015810203
ciphers_to_test[n]=""
10159-
elif [[ $n -ge 11 ]]; then
10204+
elif [[ $n -ge 12 ]]; then
1016010205
ciphers_to_test[n]=""
10161-
[[ ${success[n-10]} -eq 0 ]] && [[ $(has_server_protocol "tls1_1") -ne 1 ]] && \
10162-
ciphers_to_test[n]="${ciphers_to_test[n-10]}" && certificate_type[n]="${certificate_type[n-10]}"
10206+
[[ ${success[n-11]} -eq 0 ]] && [[ $(has_server_protocol "tls1_1") -ne 1 ]] && \
10207+
ciphers_to_test[n]="${ciphers_to_test[n-11]}" && certificate_type[n]="${certificate_type[n-11]}"
1016310208
fi
1016410209

1016510210
if [[ -n "${ciphers_to_test[n]}" ]]; then
10166-
if [[ $n -ge 11 ]]; then
10211+
if [[ $n -ge 12 ]]; then
1016710212
sni="$SNI"
1016810213
SNI=""
1016910214
get_server_certificate "${ciphers_to_test[n]}" "tls1_1"
@@ -10174,7 +10219,7 @@ run_server_defaults() {
1017410219
success[n]=$?
1017510220
fi
1017610221
if [[ ${success[n]} -eq 0 ]] && [[ -s "$HOSTCERT" ]]; then
10177-
[[ $n -ge 11 ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni
10222+
[[ $n -ge 12 ]] && [[ ! -e $HOSTCERT.nosni ]] && cp $HOSTCERT $HOSTCERT.nosni
1017810223
cp "$TEMPDIR/$NODEIP.get_server_certificate.txt" $TMPFILE
1017910224
>$ERRFILE
1018010225
if [[ -z "$sessticket_lifetime_hint" ]]; then
@@ -10256,7 +10301,7 @@ run_server_defaults() {
1025610301
fi
1025710302
i=$((i + 1))
1025810303
done
10259-
if ! "$match_found" && [[ $n -ge 11 ]] && [[ $certs_found -ne 0 ]]; then
10304+
if ! "$match_found" && [[ $n -ge 12 ]] && [[ $certs_found -ne 0 ]]; then
1026010305
# A new certificate was found using TLSv1.1 without SNI.
1026110306
# Check to see if the new certificate should be displayed.
1026210307
# It should be displayed if it is either a match for the
@@ -10313,7 +10358,7 @@ run_server_defaults() {
1031310358
[[ -n "${previous_intermediates[certs_found]}" ]] && [[ -r $TEMPDIR/hostcert_issuer.pem ]] && \
1031410359
previous_hostcert_issuer[certs_found]=$(cat $TEMPDIR/hostcert_issuer.pem)
1031510360
previous_ordering_problem[certs_found]=$CERTIFICATE_LIST_ORDERING_PROBLEM
10316-
[[ $n -ge 11 ]] && sni_used[certs_found]="" || sni_used[certs_found]="$SNI"
10361+
[[ $n -ge 12 ]] && sni_used[certs_found]="" || sni_used[certs_found]="$SNI"
1031710362
tls_version[certs_found]="$DETECTED_TLS_VERSION"
1031810363
previous_hostcert_type[certs_found]=" ${certificate_type[n]}"
1031910364
if [[ $DEBUG -ge 1 ]]; then
@@ -10611,10 +10656,10 @@ run_fs() {
1061110656
local -a ffdhe_groups_hex=("01,00" "01,01" "01,02" "01,03" "01,04")
1061210657
local -a ffdhe_groups_output=("ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192")
1061310658
local -a supported_curve
10614-
local -a sigalgs_hex=("01,01" "01,02" "01,03" "02,01" "02,02" "02,03" "03,01" "03,02" "03,03" "04,01" "04,02" "04,03" "04,20" "05,01" "05,02" "05,03" "05,20" "06,01" "06,02" "06,03" "06,20" "07,08" "08,04" "08,05" "08,06" "08,07" "08,08" "08,09" "08,0a" "08,0b" "08,1a" "08,1b" "08,1c")
10615-
local -a sigalgs_strings=("RSA+MD5" "DSA+MD5" "ECDSA+MD5" "RSA+SHA1" "DSA+SHA1" "ECDSA+SHA1" "RSA+SHA224" "DSA+SHA224" "ECDSA+SHA224" "RSA+SHA256" "DSA+SHA256" "ECDSA+SHA256" "RSA+SHA256" "RSA+SHA384" "DSA+SHA384" "ECDSA+SHA384" "RSA+SHA384" "RSA+SHA512" "DSA+SHA512" "ECDSA+SHA512" "RSA+SHA512" "SM2+SM3" "RSA-PSS-RSAE+SHA256" "RSA-PSS-RSAE+SHA384" "RSA-PSS-RSAE+SHA512" "Ed25519" "Ed448" "RSA-PSS-PSS+SHA256" "RSA-PSS-PSS+SHA384" "RSA-PSS-PSS+SHA512" "ECDSA-BRAINPOOL+SHA256" "ECDSA-BRAINPOOL+SHA384" "ECDSA-BRAINPOOL+SHA512")
10616-
local -a tls13_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false")
10617-
local -a tls12_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false")
10659+
local -a sigalgs_hex=("01,01" "01,02" "01,03" "02,01" "02,02" "02,03" "03,01" "03,02" "03,03" "04,01" "04,02" "04,03" "04,20" "05,01" "05,02" "05,03" "05,20" "06,01" "06,02" "06,03" "06,20" "07,08" "08,04" "08,05" "08,06" "08,07" "08,08" "08,09" "08,0a" "08,0b" "08,1a" "08,1b" "08,1c" "09,04" "09,05" "09,06")
10660+
local -a sigalgs_strings=("RSA+MD5" "DSA+MD5" "ECDSA+MD5" "RSA+SHA1" "DSA+SHA1" "ECDSA+SHA1" "RSA+SHA224" "DSA+SHA224" "ECDSA+SHA224" "RSA+SHA256" "DSA+SHA256" "ECDSA+SHA256" "RSA+SHA256" "RSA+SHA384" "DSA+SHA384" "ECDSA+SHA384" "RSA+SHA384" "RSA+SHA512" "DSA+SHA512" "ECDSA+SHA512" "RSA+SHA512" "SM2+SM3" "RSA-PSS-RSAE+SHA256" "RSA-PSS-RSAE+SHA384" "RSA-PSS-RSAE+SHA512" "Ed25519" "Ed448" "RSA-PSS-PSS+SHA256" "RSA-PSS-PSS+SHA384" "RSA-PSS-PSS+SHA512" "ECDSA-BRAINPOOL+SHA256" "ECDSA-BRAINPOOL+SHA384" "ECDSA-BRAINPOOL+SHA512" "ML-DSA-44" "ML-DSA-65" "ML-DSA-87")
10661+
local -a tls13_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false")
10662+
local -a tls12_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false")
1061810663
local rsa_cipher="" ecdsa_cipher="" dss_cipher=""
1061910664
local sigalgs_to_test tls12_supported_sigalg_list="" tls13_supported_sigalg_list=""
1062010665
local -i nr_supported_ciphers=0 nr_curves=0 nr_ossl_curves=0 i j low high
@@ -15467,8 +15512,8 @@ parse_tls_serverhello() {
1546715512
fi
1546815513
fi
1546915514
if [[ 0x$peering_signing_digest -eq 8 ]] && \
15470-
[[ 0x$peer_signature_type -ge 4 ]] && [[ 0x$peer_signature_type -le 11 ]] || \
15471-
[[ 0x$peer_signature_type -ge 26 ]] && [[ 0x$peer_signature_type -le 28 ]]; then
15515+
{ [[ 0x$peer_signature_type -ge 4 && 0x$peer_signature_type -le 11 ]] || \
15516+
[[ 0x$peer_signature_type -ge 26 && 0x$peer_signature_type -le 28 ]]; }; then
1547215517
case $peer_signature_type in
1547315518
04) peering_signing_digest="SHA256"; peer_signature_type="RSA-PSS-RSAE" ;;
1547415519
05) peering_signing_digest="SHA384"; peer_signature_type="RSA-PSS-RSAE" ;;
@@ -15507,6 +15552,15 @@ parse_tls_serverhello() {
1550715552
[[ $DEBUG -ge 3 ]] && echo -e " Peer signing digest: $peering_signing_digest"
1550815553
echo "Peer signature type: $peer_signature_type" >> $TMPFILE
1550915554
[[ $DEBUG -ge 3 ]] && echo -e " Peer signature type: $peer_signature_type\n"
15555+
elif [[ 0x$peering_signing_digest -eq 9 ]] && \
15556+
[[ 0x$peer_signature_type -ge 4 ]] && [[ 0x$peer_signature_type -le 6 ]]; then
15557+
case $peer_signature_type in
15558+
04) peering_signing_digest=""; peer_signature_type="ML-DSA-44" ;;
15559+
05) peering_signing_digest=""; peer_signature_type="ML-DSA-65" ;;
15560+
06) peering_signing_digest=""; peer_signature_type="ML-DSA-87" ;;
15561+
esac
15562+
echo "Peer signature type: $peer_signature_type" >> $TMPFILE
15563+
[[ $DEBUG -ge 3 ]] && echo -e " Peer signature type: $peer_signature_type\n"
1551015564
fi
1551115565
tmpfile_handle ${FUNCNAME[0]}.txt
1551215566

@@ -15839,10 +15893,10 @@ prepare_tls_clienthello() {
1583915893
else
1584015894
extension_signature_algorithms="
1584115895
00, 0d, # Type: signature_algorithms , see RFC 8446
15842-
00, 22, 00, 20, # lengths
15843-
04,03, 05,03, 06,03, 08,04, 08,05, 08,06,
15844-
04,01, 05,01, 06,01, 08,09, 08,0a, 08,0b,
15845-
08,07, 08,08, 02,01, 02,03"
15896+
00, 28, 00, 26, # lengths
15897+
04,03, 05,03, 06,03, 08,04, 08,05, 08,06, 04,01, 05,01,
15898+
06,01, 08,09, 08,0a, 08,0b, 08,07, 08,08, 02,01, 02,03,
15899+
09,04, 09,05, 09,06"
1584615900
fi
1584715901

1584815902
extension_heartbeat="

0 commit comments

Comments
 (0)