Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-www-owner+archive@lists.postgresql.org>)
	id 1r7sB9-007CPd-CB
	for pgsql-www@arkaria.postgresql.org; Tue, 28 Nov 2023 07:06:46 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-www-owner+archive@lists.postgresql.org>)
	id 1r7sB8-003BH3-1F
	for pgsql-www@arkaria.postgresql.org; Tue, 28 Nov 2023 07:06:42 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <Frank.Buettner@mdc-berlin.de>)
	id 1r7sB7-003BGv-Ng
	for pgsql-www@lists.postgresql.org; Tue, 28 Nov 2023 07:06:41 +0000
Received: from c2062.mx.srv.dfn.de ([194.95.238.172])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <Frank.Buettner@mdc-berlin.de>)
	id 1r7sB3-008vTa-OY
	for pgsql-www@lists.postgresql.org; Tue, 28 Nov 2023 07:06:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h=
	content-type:content-type:in-reply-to:from:from:references
	:content-language:subject:subject:user-agent:mime-version:date
	:date:message-id:received; s=mdc; t=1701155195; x=1702969596;
	 bh=rn9jjknrFDAOyrHyqMTyCrRwskZnogeWJz7oO7cY9AQ=; b=QATq9+9/8Nul
	S4ufbGkTg3Iq1bs/DEnfgzKKLb1LUFEh9Z6tncvJVzlzoiTU4c9N/3+HmI/yN+3J
	CnATIrJ5l1qUea86N6F749CziuJUFi5gjQWEPyxSozhRdxeSL9ZD5hpDheWUsCU5
	wcvTUPR2wdwNslphFZwLGutgLu9ncRc=
Received: from SW-IT-P-EX2.mdc-berlin.net (mgw2.mdc-berlin.de [141.80.113.60])
	by c2062.mx.srv.dfn.de (Postfix) with ESMTPS id 64F313001AD
	for <pgsql-www@lists.postgresql.org>; Tue, 28 Nov 2023 08:06:35 +0100 (CET)
Received: from [141.80.121.45] (141.80.121.45) by SW-IT-P-EX2.mdc-berlin.net
 (141.80.113.60) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 28 Nov
 2023 08:06:34 +0100
Message-ID: <d95ac833-752a-42c9-bc5a-e03dd7a9f5bc@mdc-berlin.de>
Date: Tue, 28 Nov 2023 08:06:33 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [ext] Re: Misconfiguration on SSL for download.postgresql.org ?
Content-Language: en-GB
To: PostgreSQL WWW <pgsql-www@lists.postgresql.org>
References: <618816f6-d07a-4d1b-88ad-ef2113e463af@mdc-berlin.de>
 <580fc76b-21ae-4ecc-a255-84eef8379161@kaltenbrunner.cc>
From: =?UTF-8?Q?Frank_B=C3=BCttner?= <frank.buettner@mdc-berlin.de>
In-Reply-To: <580fc76b-21ae-4ecc-a255-84eef8379161@kaltenbrunner.cc>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha-512; boundary="------------ms000105000008050105070809"
X-Originating-IP: [141.80.121.45]
X-ClientProxiedBy: sw-it-p-ex5.mdc-berlin.net (141.80.113.55) To
 SW-IT-P-EX2.mdc-berlin.net (141.80.113.60)
X-TM-AS-Product-Ver: SMEX-14.0.0.3092-9.0.1002-28024.005
X-TM-AS-Result: No-10--28.974700-5.000000
X-TMASE-MatchedRID: WMT2WRIkHPPM/ECkaAy/4hJmPIoQFzZ705SDu2UGfe+wZuykSn6+/Dw/
	VfkjVS61z5q1SpbRsthgA0THUoFyOOlt5WehodvpYmbjxNY/eGCDwLTbOQjvDm/M6gBEVRkpIy1
	72d7+pVCOHJaQyVEicEBjds+QHZ5eWZgvP9yNYbo8+i/lP6Xo8RwOcB9/9tcR31GU/N5W5BC9MA
	WIoHWpyXDwVWLOwoai7icOXRyDqarnXrD+mzqUKSi+x79yWCOsQBczYaSYgk9HaB5v9ZGyDro1U
	ZA4JquzLcmIG2ug1cki3m2l69juFHj7PwsdQyXd6ws6Flw3FGIz0SQBTPKW4aaYkqKEtUB43PG1
	dXejr93+nd34g3pHrzf3E8o1HWAj5VtV90uxxtdvnRfXNrt97x7+/yRK0gD3+ohyXUK2VJGRitm
	ofS8WdUkLG3etrfccGc+8wdoSu3+sP7gN7d9IwUY41YX/o/8KF3xfhEImHGbC3mjfc0j3ZgP90f
	JP9eHt
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
X-TMASE-Result: 10--28.974700-5.000000
X-TMASE-Version: SMEX-14.0.0.3092-9.0.1002-28024.005
X-TM-SNTS-SMTP: 
	5E48D79E8D7F444D83CB49005DE09FDBAAAE33167C8DF150472389A37BF227B12000:F
List-Id: <pgsql-www.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-www@lists.postgresql.org>
List-Owner: <mailto:pgsql-www-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-www>
Archived-At: 
 <https://www.postgresql.org/message-id/d95ac833-752a-42c9-bc5a-e03dd7a9f5bc%40mdc-berlin.de>
Precedence: bulk

--------------ms000105000008050105070809
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi Stefan,
now the download of the updates will works again.

The exact date is unclear when the problems started.
The only think that was done on our site war an update for the RHEL9 
servers to 9.3 an for the RHEL8 one to 8.9


Thanks
Frank

Am 23.11.23 um 21:04 schrieb Stefan Kaltenbrunner:
> On 11/23/23 09:21, Frank Büttner wrote:
>> Hi at all,
> 
> Hi Frank!
> 
>> since some day's all our servers can't download updates for the RPM 
>> packages of PostgreSQL.
> 
> the current TLS configuration has been in place for a long time now - so 
> I suspect the issue started when you constrained your local TLS client 
> in terms of elliptic curves...
> 
>>
>> Error:
>> Errors during downloading metadata for repository 'pgdg-common':
>>    - Curl error (35): SSL connect error for 
>> https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-9-x86_64/repodata/repomd.xml [error:0A000410:SSL routines::sslv3 alert handshake failure]
>> Fehler: Failed to download metadata for repo 'pgdg-common': Cannot 
>> download repomd.xml: Cannot download repodata/repomd.xml: All mirrors 
>> were tried
>>
>> After checking the site via nmap:
>> nmap -p 443 download.postgresql.org  --script ssl-enum-ciphers
>> |   TLSv1.3:
>> |     ciphers:
>> |       TLS_AKE_WITH_AES_256_GCM_SHA384 (secp384r1) - A
>> |       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (secp384r1) - A
>> |       TLS_AKE_WITH_AES_128_GCM_SHA256 (secp384r1) - A
>>
>>
>> I found the problem, the "x25519" ciphers are missing.
>> |   TLSv1.3:
>> |     ciphers:
>> |       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
>> |       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
>>
>>
>> Which are need on systems where the NIST curves are blocked for 
>> security reasons.
>>
>>
>> So please re enable the x25519 curve.
> 
> I would kinda argue that your current configuration is in direct 
> violation of RFC8446(TLS 1.3) as well as 7748(elliptic curves for 
> security) which explicitly state that x25519 only a SHOULD while 
> supporting secp256r1 is declared a MUST and a mandatory supported key 
> exchange so it seems a bit of a stretch to consider us not supporting it 
> a "misconfiguration".
> 
> However we have now modified our TLS configuration to fall back to the 
> embedded curves list within openssl (which among other things) enables 
> x25519.
> 
> 
> 
> Stefan

-- 
*Frank Büttner*
IT

MDC Berlin-Buch
Max-Delbrück-Centrum für Molekulare Medizin in der Helmholtz-Gemeinschaft
Robert-Rössle-Straße 10
13125 Berlin

☎ +49 30 9406 2038
℻ +49 30 9406 2599
✉ frank.buettner@mdc-berlin.de

--------------ms000105000008050105070809
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Kryptografische S/MIME-Signatur

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC
Dk0wggbmMIIEzqADAgECAhAxAnDUNb6bJJr4VtDh4oVJMA0GCSqGSIb3DQEBDAUAMIGIMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkx
HjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0yMDAyMTgwMDAwMDBaFw0zMzA1MDEyMzU5
NTlaMEYxCzAJBgNVBAYTAk5MMRkwFwYDVQQKExBHRUFOVCBWZXJlbmlnaW5nMRwwGgYDVQQD
ExNHRUFOVCBQZXJzb25hbCBDQSA0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
s0riIl4nW+kEWxQENTIgFK600jFAxs1QwB6hRMqvnkphfy2Q3mKbM2otpELKlgE8/3AQPYBo
7p7yeORuPMnAuA+oMGRb2wbeSaLcZbpwXgfCvnKxmq97/kQkOFX706F9O7/h0yehHhDjUdyM
yT0zMs4AMBDRrAFn/b2vR3j0BSYgoQs16oSqadM3p+d0vvH/YrRMtOhkvGpLuzL8m+LTAQWv
QJ92NwCyKiHspoP4mLPJvVpEpDMnpDbRUQdftSpZzVKTNORvPrGPRLnJ0EEVCHR82LL6oz91
5WkrgeCY9ImuulBn4uVsd9ZpubCgM/EXvVBlViKqusChSsZEn7juIsGIiDyaIhhLsd3amm8B
S3bgK6AxdSMROND6hiHT182Lmf8C+gRHxQG9McvG35uUvRu8v7bPZiJRaT7ZC2f50P4lTlnb
LvWpXv5yv7hheO8bMXltiyLweLB+VNvg+GnfL6TW3Aq1yF1yrZAZzR4MbpjTWdEdSLKvz8+0
wCwscQ81nbDOwDt9vyZ+0eJXbRkWZiqScnwAg5/B1NUD4TrYlrI4n6zFp2pyYUOiuzP+as/A
Znz63GvjFK69WODR2W/TK4D7VikEMhg18vhuRf4hxnWZOy0vhfDR/g3aJbdsGac+diahjEwz
yB+UKJOCyzvecG8bZ/u/U8PsEMZg07iIPi8CAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5
v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRpAKHHIVj44MUbILAK3adRvxPZ5DAOBgNV
HQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
KwYBBQUHAwQwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2Vj
dGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRq
MGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FB
ZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAN
BgkqhkiG9w0BAQwFAAOCAgEACgVOew2PHxM5AP1v7GLGw+3tF6rjAcx43D9Hl110Q+BABABg
lkrPkES/VyMZsfuds8fcDGvGE3o5UfjSno4sij0xdKut8zMazv8/4VMKPCA3EUS0tDUoL01u
gDdqwlyXuYizeXyH2ICAQfXMtS+raz7mf741CZvO50OxMUMxqljeRfVPDJQJNHOYi2pxuxgj
KDYx4hdZ9G2o+oLlHhu5+anMDkE8g0tffjRKn8I1D1BmrDdWR/IdbBOj6870abYvqys1qYlP
otv5N5dm+XxQ8vlrvY7+kfQaAYeO3rP1DM8BGdpEqyFVa+I0rpJPhaZkeWW7cImDQFerHW9b
KzBrCC815a3WrEhNpxh72ZJZNs1HYJ+29NTB6uu4NJjaMxpk+g2puNSm4b9uVjBbPO9V6sFS
G+IBqE9ckX/1XjzJtY8Grqoo4SiRb6zcHhp3mxj3oqWi8SKNohAOKnUc7RIP6ss1hqIFyv0x
XZor4N9tnzD0Fo0JDIURjDPEgo5WTdti/MdGTmKFQNqxyZuT9uSI2Xvhz8p+4pCYkiZqpahZ
lHqMFxdw9XRZQgrP+cgtOkWEaiNkRBbvtvLdp7MCL2OsQhQEdEbUvDM9slzZXdI7NjJokVBq
3O4pls3VD2z3L/bHVBe0rBERjyM2C/HSIh84rfmAqBgklzIOqXhd+4RzadUwggdfMIIFR6AD
AgECAhBn9oSAKG28dAI6xziFuihSMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNVBAYTAk5MMRkw
FwYDVQQKExBHRUFOVCBWZXJlbmlnaW5nMRwwGgYDVQQDExNHRUFOVCBQZXJzb25hbCBDQSA0
MB4XDTIzMTAwNjAwMDAwMFoXDTI1MTAwNTIzNTk1OVowgdIxCzAJBgNVBAYTAkRFMQ8wDQYD
VQQIEwZCZXJsaW4xNjA0BgNVBAoMLU1heC1EZWxicsO8Y2stQ2VudHJ1bSBmw7xyIE1vbGVr
dWxhcmUgTWVkaXppbjERMA8GA1UEYRMIR09WREUrQkUxKzApBgkqhkiG9w0BCQEWHEZyYW5r
LkJ1ZXR0bmVyQG1kYy1iZXJsaW4uZGUxETAPBgNVBAQMCELDvHR0bmVyMQ4wDAYDVQQqEwVG
cmFuazEXMBUGA1UEAwwORnJhbmsgQsO8dHRuZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDOHMd5049wPrZM/eRHs8mvDr1Yhrt3xBNSxUvh1uYwEnlLKJJBcQPENpqEY2GI
s08yZ01gJeudFncIQh6m4mc0DV6N3UT7bSdkkeR2r6ok0Y0T3hm/fP40gPxRdbgKhFAozw+p
UZTzEXpl3EJomLRYjuaaR5ibdEqGJ5pRy4cC96yWhBvU6o9v/Zv+MFc2eSrhdrCu6U41JgFy
rr8jwWrczDyTCfiOIjcznvItvmxl8tvtfvefuh9mSKaajwFw3KYI+mgC9+gqTyaDJBoPok1b
JW3vCuoCR3LduPxtc2uR+pvj+EfvwocqiQ2i/K7R/p34708FvKcGocvv0dBaR3PuvSGyfvI+
wGBmiIwaSekPq91qaCzMFETaj4BQJgz/GxiP8uzBEHFo7kJRWc+Rlk/LldyajW/TxEzIMj0P
Cq1sATKP2rT6QBVkkTIbKhaab7Axmu2oyHWCSL0I/iHto5r1vM8OnHAvq8MgXxCwauRezWLV
T5DFOD5c1p87bq1pwoCWmtesW+cKAOS6aBvUHCEXhZfiGb9+FPMGTin4ggQKl8b7Q6dOl7PP
09fewDU8XsW5c9wsPWluzzjoq3CjoD4iIUrPWZYP+uuhe3+5Op3psRbFvaFiNOcTfep+HKbm
ySpnFcJa3LV3yhymaNdGoHr4ws1G8WpLmtrD6Gm5YQ2JuwIDAQABo4IBujCCAbYwHwYDVR0j
BBgwFoAUaQChxyFY+ODFGyCwCt2nUb8T2eQwHQYDVR0OBBYEFBW3RmGTEI2zh1UCb1bQ7Y4/
KzCmMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwME
BggrBgEFBQcDAjBQBgNVHSAESTBHMDoGDCsGAQQBsjEBAgEKBDAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3NlY3RpZ28uY29tL1NNSU1FQ1BTMAkGB2eBDAEFAwIwQgYDVR0fBDswOTA3oDWg
M4YxaHR0cDovL0dFQU5ULmNybC5zZWN0aWdvLmNvbS9HRUFOVFBlcnNvbmFsQ0E0LmNybDB4
BggrBgEFBQcBAQRsMGowPQYIKwYBBQUHMAKGMWh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5j
b20vR0VBTlRQZXJzb25hbENBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3Nw
LnNlY3RpZ28uY29tMCcGA1UdEQQgMB6BHEZyYW5rLkJ1ZXR0bmVyQG1kYy1iZXJsaW4uZGUw
DQYJKoZIhvcNAQEMBQADggIBAIu3GijbDMfugPbRhRQSUcDUH0d3r1ey6VLThGMRrnSLffw2
2oKbeswk90NHZ8cNOF7F6NG/t98kf+H5mHLpQdC79v707fIMDjcJ0lVYHIHn6H9A3gWSSdmF
uc7I8MOYc4SKDkU/5OlHZVkH12MNxztH4/cKFn27ly7hxegL50VcOryafNsRmEbIBeyQhSKw
FstRrzZEqSA5IfA4lpjlCQZ5VQSZ3jfQ37qBcdLZigOKPY+2gAxOPoQmnwU97bnqr7OEh3Is
AmCE/U31N1UcrLQpDlw1pZJsMuYk15le9HdjB0DvcotLj8TbIbQIRi2xwaGowLUQggRZYB69
SYdUA8+lsNUuUJgPt4QKus5G//DrqUw3soWK29vyC5/gR2bRgF27cUe+7eq8eKcIrDrOS9pY
eBkX7Ws8mZOXXYe0NYXTZtKmbY9LdW5iWScDDLSA2Z1AcXFQla3r2AVpaLSdT5vPJCf0MCpA
1n4+z+kfuvpS7Hf//h8uNRGvKX2tsSWXu2XknqXbIOupfZ6Vnn3U+SHgdrjLFmPRR8soCXwQ
WfZUeYePiVLI4CHtl+ipTxCEAmaeXzMtgp9T6kJmBGytFAzA4qtX2i86/0p7hpvcxEf476yw
nuI5Yxr9qX96f7tb166mkbMTkaD7petcLIKuwZBA+cE90GsaaqLBAnY0qAsuMYIEWDCCBFQC
AQEwWjBGMQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEcMBoGA1UE
AxMTR0VBTlQgUGVyc29uYWwgQ0EgNAIQZ/aEgChtvHQCOsc4hbooUjANBglghkgBZQMEAgMF
AKCCAc8wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjMxMTI4
MDcwNjM0WjBPBgkqhkiG9w0BCQQxQgRAtx9ybPkqEgN+hlBHAZOu7kLgku9biuSHULDNSFUq
PHBLFlfa8IDSr0+3/jlJ/ydXmb9Hu/F8caUZfPLvnegLZjBpBgkrBgEEAYI3EAQxXDBaMEYx
CzAJBgNVBAYTAk5MMRkwFwYDVQQKExBHRUFOVCBWZXJlbmlnaW5nMRwwGgYDVQQDExNHRUFO
VCBQZXJzb25hbCBDQSA0AhBn9oSAKG28dAI6xziFuihSMGsGCyqGSIb3DQEJEAILMVygWjBG
MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEcMBoGA1UEAxMTR0VB
TlQgUGVyc29uYWwgQ0EgNAIQZ/aEgChtvHQCOsc4hbooUjBsBgkqhkiG9w0BCQ8xXzBdMAsG
CWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G
CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIC
AAe+e3Vxl4H02Ct4nn7zaJ1anKesBFR+kgdX++AeswTXH3S7NqBoyNk9PEHEE+y4KvFk/1QN
KWaoGxmqdNc0wVNXBc1oSknQwZXx0f7NHUHS2eAPAR+QxiBAOioTNfeVY+frkC7UXyseack8
w7TvlNgeQXxlhJ8JcxQlhDrUfZsn+XqqFEGAThgLzsVb8kTSZ9WvMnFz/timHsHTiPYp7/On
CACAD5cVBOb/V1BKbqBfTyZQSD59g1q7gBqaDsG345cCFV6Uxzg3cI4gFLnhjeW/TLiTBxY4
EFX7nwbnWOrm1NL/wvoodTaM840wfW4e9q6S+8sJ2T5twPQIY0fEbgaieJafN02yMRGl2va2
0fdrnM3Lj6r8+yskW9GgDLx+FmV2yv71XfBiH9YCJPb0qVoOlioZaZbg4aqtWvJjWzCxgodz
K+CBX6k6i5kgVsdL1KOXXkI8T62mYZwVYj3BN8taj1dMY8cX6UV0SXZWlblh4ZeMcDvJrkDb
eXSTsCzhRmbAjmMuXx3cVp90ZEDJ35lhtGUQzvW1lqwSo09oee8e8SgF3Yiu01kU0RxJT8GO
Q/LZipk4wzPrp1TaCYNlVBQfsFgtpxUU0EWAHRnZbWnmJTj180qx5KJdOiBrEjucxB4URExw
E4kau90IljFTE5lynJGCFpmI1Oi4tzA78KCyAAAAAAAA
--------------ms000105000008050105070809--