[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-security-dev
Subject: Re: javax.net.debug output lost client hello extensions in JDK 11.0.2
From: Amir Khassaia <amir.khassaia () gmail ! com>
Date: 2019-02-14 4:29:56
Message-ID: CAJ3+Awe5K35j_aArMST3UShpcHRiNHxXA+12qMJXBt=zygSMaQ () mail ! gmail ! com
[Download RAW message or body]
Thanks Xuelei, I clearly missed the report somehow
On Thu, Feb 14, 2019 at 2:26 PM Xuelei Fan <xuelei.fan@oracle.com> wrote:
> This bug will be addressed in JDK 11.0.3 and 12. See also:
> https://bugs.openjdk.java.net/browse/JDK-8210974
>
> Thanks,
> Xuelei
>
> On 2/13/2019 3:58 PM, Amir Khassaia wrote:
> >
> > Hi, I'd like to report a bug that may confuse others as they diagnose
> > TLS handshakes.
> >
> > The extension logging seems to be affected in JDK 11.0.2, these come up
> > as empty in client hello (see below) from Oracle JDK 11.0.2
> > ==========================
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:48.620
> > AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding
> > KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
> > javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.357
> > AEDT|ServerNameExtension.java:255|Unable to indicate server name
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.357
> > AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
> > server_name
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.358
> > AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
> > status_request
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.361
> > AEDT|SupportedGroupsExtension.java:841|Ignore inactive or disabled named
> > group: secp160k1
> > javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.486
> > AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not
> > supported by the underlying providers
> > javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.486
> > AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not
> > supported by the underlying providers
> > javax.net.ssl|INFO|01|main|2019-02-14 10:51:50.513
> > AEDT|AlpnExtension.java:161|No available application protocols
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.514
> > AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
> > application_layer_protocol_negotiation
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.514
> > AEDT|SSLExtensions.java:256|Ignore, context unavailable extension:
> > status_request_v2
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.516
> > AEDT|ClientHello.java:651|Produced ClientHello handshake message (
> > "ClientHello": {
> > "client version" : "TLSv1.2",
> > "random" : "3E 3B 04 98 F4 65 C7 CF 2B B2 30 EA AE CE 7D
> > C5 51 45 C4 A9 CB D6 F2 39 3F 52 46 77 BE 28 EC 06",
> > "session id" : "",
> > "cipher suites" :
> > "[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
> > TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
> > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
> > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
> > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
> > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
> > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
> > TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
> > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
> > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
> > TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
> > TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032)]",
> > "compression methods" : "00",
> > "extensions" : [
> > ]
> > }
> > )
> >
> > Notice empty extensions, these are actually there on the wire (checked
> > with wireshark).
> >
> > This previously appeared to work, just checked with OpenJDK 11.0.1 and I
> > get them:
> >
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:54.261
> > AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding
> > KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
> > javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.491
> > AEDT|ServerNameExtension.java:255|Unable to indicate server name
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.492
> > AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
> > server_name
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.492
> > AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
> > status_request
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.494
> > AEDT|SupportedGroupsExtension.java:841|Ignore inactive or disabled named
> > group: secp160k1
> > javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.546
> > AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not
> > supported by the underlying providers
> > javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.546
> > AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not
> > supported by the underlying providers
> > javax.net.ssl|INFO|01|main|2019-02-14 10:54:56.575
> > AEDT|AlpnExtension.java:161|No available application protocols
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.576
> > AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
> > application_layer_protocol_negotiation
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.576
> > AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
> > status_request_v2
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.577
> > AEDT|SSLExtensions.java:235|Ignore, context unavailable extension:
> > renegotiation_info
> > javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.582
> > AEDT|ClientHello.java:651|Produced ClientHello handshake message (
> > "ClientHello": {
> > "client version" : "TLSv1.2",
> > "random" : "4E 23 00 5E 22 D3 0D 78 D0 97 B5 E1 16 FB E3
> > 92 B5 90 B0 8E 30 89 BC 72 BA F1 B7 94 71 E7 E8 80",
> > "session id" : "",
> > "cipher suites" :
> > "[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
> > TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
> > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
> > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
> > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
> > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
> > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
> > TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
> > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
> > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
> > TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
> > TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),
> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
> > "compression methods" : "00",
> > "extensions" : [
> > "supported_groups (10)": {
> > "versions": [secp256r1, secp384r1, secp521r1]
> > },
> > "ec_point_formats (11)": {
> > "formats": [uncompressed]
> > },
> > "signature_algorithms (13)": {
> > "signature schemes": [ecdsa_secp256r1_sha256,
> > ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pkcs1_sha256,
> > rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1,
> > rsa_pkcs1_sha1, dsa_sha1]
> > },
> > "signature_algorithms_cert (50)": {
> > "signature schemes": [ecdsa_secp256r1_sha256,
> > ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pkcs1_sha256,
> > rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1,
> > rsa_pkcs1_sha1, dsa_sha1]
> > },
> > "extended_master_secret (23)": {
> > <empty>
> > },
> > "supported_versions (43)": {
> > "versions": [TLSv1.2, TLSv1.1, TLSv1]
> > }
> > ]
> > }
> > )
> >
> > Regards,
> > Amir
> >
> >
> >
>
[Attachment #3 (text/html)]
<div dir="ltr">Thanks Xuelei, I clearly missed the report somehow</div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 14, 2019 at 2:26 PM \
Xuelei Fan <<a href="mailto:xuelei.fan@oracle.com">xuelei.fan@oracle.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">This bug will be \
addressed in JDK 11.0.3 and 12. See also:<br>
<a href="https://bugs.openjdk.java.net/browse/JDK-8210974" rel="noreferrer" \
target="_blank">https://bugs.openjdk.java.net/browse/JDK-8210974</a><br> <br>
Thanks,<br>
Xuelei<br>
<br>
On 2/13/2019 3:58 PM, Amir Khassaia wrote:<br>
> <br>
> Hi, I'd like to report a bug that may confuse others as they diagnose <br>
> TLS handshakes.<br>
> <br>
> The extension logging seems to be affected in JDK 11.0.2, these come up <br>
> as empty in client hello (see below) from Oracle JDK 11.0.2<br>
> ==========================<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:48.620 <br>
> AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding <br>
> KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472<br>
> javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.357 <br>
> AEDT|ServerNameExtension.java:255|Unable to indicate server name<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.357 <br>
> AEDT|SSLExtensions.java:256|Ignore, context unavailable extension: <br>
> server_name<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.358 <br>
> AEDT|SSLExtensions.java:256|Ignore, context unavailable extension: <br>
> status_request<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.361 <br>
> AEDT|SupportedGroupsExtension.java:841|Ignore inactive or disabled named <br>
> group: secp160k1<br>
> javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.486 <br>
> AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not <br>
> supported by the underlying providers<br>
> javax.net.ssl|WARNING|01|main|2019-02-14 10:51:50.486 <br>
> AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not <br>
> supported by the underlying providers<br>
> javax.net.ssl|INFO|01|main|2019-02-14 10:51:50.513 <br>
> AEDT|AlpnExtension.java:161|No available application protocols<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.514 <br>
> AEDT|SSLExtensions.java:256|Ignore, context unavailable extension: <br>
> application_layer_protocol_negotiation<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.514 <br>
> AEDT|SSLExtensions.java:256|Ignore, context unavailable extension: <br>
> status_request_v2<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:51:50.516 <br>
> AEDT|ClientHello.java:651|Produced ClientHello handshake message (<br>
> "ClientHello": {<br>
> "client version" : "TLSv1.2",<br>
> "random" : "3E 3B 04 98 F4 65 C7 CF 2B \
B2 30 EA AE CE 7D <br> > C5 51 45 C4 A9 CB D6 F2 39 3F 52 46 77 BE 28 EC \
06",<br> > "session id" : "",<br>
> "cipher suites" : <br>
> "[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), <br>
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), <br>
> TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), <br>
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), <br>
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), <br>
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), <br>
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), <br>
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), <br>
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), <br>
> TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), <br>
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), <br>
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), <br>
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), <br>
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), <br>
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), <br>
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), <br>
> TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), <br>
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), <br>
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), <br>
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), <br>
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032)]",<br>
> "compression methods" : "00",<br>
> "extensions" : [<br>
> ]<br>
> }<br>
> )<br>
> <br>
> Notice empty extensions, these are actually there on the wire (checked <br>
> with wireshark).<br>
> <br>
> This previously appeared to work, just checked with OpenJDK 11.0.1 and I <br>
> get them:<br>
> <br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:54.261 <br>
> AEDT|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding <br>
> KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472<br>
> javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.491 <br>
> AEDT|ServerNameExtension.java:255|Unable to indicate server name<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.492 <br>
> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: <br>
> server_name<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.492 <br>
> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: <br>
> status_request<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.494 <br>
> AEDT|SupportedGroupsExtension.java:841|Ignore inactive or disabled named <br>
> group: secp160k1<br>
> javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.546 <br>
> AEDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not <br>
> supported by the underlying providers<br>
> javax.net.ssl|WARNING|01|main|2019-02-14 10:54:56.546 <br>
> AEDT|SignatureScheme.java:282|Signature algorithm, ed448, is not <br>
> supported by the underlying providers<br>
> javax.net.ssl|INFO|01|main|2019-02-14 10:54:56.575 <br>
> AEDT|AlpnExtension.java:161|No available application protocols<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.576 <br>
> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: <br>
> application_layer_protocol_negotiation<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.576 <br>
> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: <br>
> status_request_v2<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.577 <br>
> AEDT|SSLExtensions.java:235|Ignore, context unavailable extension: <br>
> renegotiation_info<br>
> javax.net.ssl|DEBUG|01|main|2019-02-14 10:54:56.582 <br>
> AEDT|ClientHello.java:651|Produced ClientHello handshake message (<br>
> "ClientHello": {<br>
> "client version" : "TLSv1.2",<br>
> "random" : "4E 23 00 5E 22 D3 0D 78 D0 \
97 B5 E1 16 FB E3 <br> > 92 B5 90 B0 8E 30 89 BC 72 BA F1 B7 94 71 E7 E8 \
80",<br> > "session id" : "",<br>
> "cipher suites" : <br>
> "[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), <br>
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), <br>
> TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), <br>
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), <br>
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), <br>
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), <br>
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), <br>
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), <br>
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), <br>
> TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), <br>
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), <br>
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), <br>
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), <br>
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), <br>
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), <br>
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), <br>
> TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), <br>
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), <br>
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), <br>
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), <br>
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), <br>
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",<br>
> "compression methods" : "00",<br>
> "extensions" : [<br>
> "supported_groups (10)": {<br>
> "versions": [secp256r1, secp384r1, secp521r1]<br>
> },<br>
> "ec_point_formats (11)": {<br>
> "formats": [uncompressed]<br>
> },<br>
> "signature_algorithms (13)": {<br>
> "signature schemes": [ecdsa_secp256r1_sha256, <br>
> ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pkcs1_sha256, <br>
> rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, <br>
> rsa_pkcs1_sha1, dsa_sha1]<br>
> },<br>
> "signature_algorithms_cert (50)": {<br>
> "signature schemes": [ecdsa_secp256r1_sha256, <br>
> ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pkcs1_sha256, <br>
> rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, <br>
> rsa_pkcs1_sha1, dsa_sha1]<br>
> },<br>
> "extended_master_secret (23)": {<br>
> <empty><br>
> },<br>
> "supported_versions (43)": {<br>
> "versions": [TLSv1.2, TLSv1.1, TLSv1]<br>
> }<br>
> ]<br>
> }<br>
> )<br>
> <br>
> Regards,<br>
> Amir<br>
> <br>
> <br>
> <br>
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic