Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

all: Deprecate TLS 1.2 on sync connections (fixes #7594) (#7598) 

This makes us use TLS 1.3+ on sync connections by default. A new option
`insecureAllowOldTLSVersions` exists to allow communication with TLS
1.2-only clients (roughly Syncthing 1.2.2 and older). Even with that
option set you get a slightly simplified setup, with the cipher suite
order fixed instead of auto detected.
This commit is contained in:
Jakob Borg 2021-04-26 10:04:35 +02:00 committed by GitHub
parent ef4b8a2cf8
commit 74823e81e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 280 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
go.mod
View File

@ -51,6 +51,7 @@ require (
golang.org/x/text v0.3.4 golang.org/x/text v0.3.4
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
golang.org/x/tools v0.1.0 // indirect golang.org/x/tools v0.1.0 // indirect
google.golang.org/protobuf v1.23.0 // indirect
gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
) )

2
lib/api/api.go
View File

@ -162,7 +162,7 @@ func (s *service) getListener(guiCfg config.GUIConfiguration) (net.Listener, err
if err != nil { if err != nil {
return nil, err return nil, err
} }
tlsCfg := tlsutil.SecureDefault() tlsCfg := tlsutil.SecureDefaultWithTLS12()
tlsCfg.Certificates = []tls.Certificate{cert} tlsCfg.Certificates = []tls.Certificate{cert}
if guiCfg.Network() == "unix" { if guiCfg.Network() == "unix" {

2
lib/config/observed.pb.go
View File

@ -7,9 +7,9 @@ import (
fmt "fmt" fmt "fmt"
proto "github.com/gogo/protobuf/proto" proto "github.com/gogo/protobuf/proto"
github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
_ "github.com/golang/protobuf/ptypes/timestamp"
github_com_syncthing_syncthing_lib_protocol "github.com/syncthing/syncthing/lib/protocol" github_com_syncthing_syncthing_lib_protocol "github.com/syncthing/syncthing/lib/protocol"
_ "github.com/syncthing/syncthing/proto/ext" _ "github.com/syncthing/syncthing/proto/ext"
_ "google.golang.org/protobuf/types/known/timestamppb"
io "io" io "io"
math "math" math "math"
math_bits "math/bits" math_bits "math/bits"

446
lib/config/optionsconfiguration.pb.go
View File

@ -81,6 +81,9 @@ type OptionsConfiguration struct {
// meaning no limit. Affects incoming connections and prevents // meaning no limit. Affects incoming connections and prevents
// attempting outgoing connections. // attempting outgoing connections.
ConnectionLimitMax int `protobuf:"varint,52,opt,name=connection_limit_max,json=connectionLimitMax,proto3,casttype=int" json:"connectionLimitMax" xml:"connectionLimitMax"` ConnectionLimitMax int `protobuf:"varint,52,opt,name=connection_limit_max,json=connectionLimitMax,proto3,casttype=int" json:"connectionLimitMax" xml:"connectionLimitMax"`
// When set, this allows TLS 1.2 on sync connections, where we otherwise
// default to TLS 1.3+ only.
InsecureAllowOldTLSVersions bool `protobuf:"varint,53,opt,name=insecure_allow_old_tls_versions,json=insecureAllowOldTlsVersions,proto3" json:"insecureAllowOldTLSVersions" xml:"insecureAllowOldTLSVersions"`
// Legacy deprecated // Legacy deprecated
DeprecatedUPnPEnabled bool `protobuf:"varint,9000,opt,name=upnp_enabled,json=upnpEnabled,proto3" json:"-" xml:"upnpEnabled,omitempty"` // Deprecated: Do not use. DeprecatedUPnPEnabled bool `protobuf:"varint,9000,opt,name=upnp_enabled,json=upnpEnabled,proto3" json:"-" xml:"upnpEnabled,omitempty"` // Deprecated: Do not use.
DeprecatedUPnPLeaseM int `protobuf:"varint,9001,opt,name=upnp_lease_m,json=upnpLeaseM,proto3,casttype=int" json:"-" xml:"upnpLeaseMinutes,omitempty"` // Deprecated: Do not use. DeprecatedUPnPLeaseM int `protobuf:"varint,9001,opt,name=upnp_lease_m,json=upnpLeaseM,proto3,casttype=int" json:"-" xml:"upnpLeaseMinutes,omitempty"` // Deprecated: Do not use.
@ -133,209 +136,213 @@ func init() {
} }
var fileDescriptor_d09882599506ca03 = []byte{ var fileDescriptor_d09882599506ca03 = []byte{
// 3218 bytes of a gzipped FileDescriptorProto // 3295 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x5a, 0x5d, 0x6c, 0x1d, 0x47, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x5a, 0x5d, 0x6c, 0x1d, 0x47,
0xf5, 0xcf, 0x26, 0x4d, 0xda, 0x6c, 0x1c, 0x27, 0x1e, 0x3b, 0xf6, 0x36, 0x49, 0xbd, 0xee, 0xcd, 0xd9, 0xce, 0x26, 0x4d, 0xda, 0x6c, 0x1c, 0x27, 0x1e, 0x3b, 0xf6, 0x36, 0x49, 0xbd, 0xee, 0xc9,
0x4d, 0xeb, 0x7e, 0x25, 0xb6, 0x93, 0xe6, 0x9f, 0x46, 0xfa, 0xab, 0xf8, 0xa3, 0x26, 0x6e, 0xec, 0x49, 0xeb, 0xfe, 0x25, 0xb6, 0x93, 0xe6, 0x4b, 0x23, 0x7d, 0xea, 0xe7, 0x9f, 0xfa, 0xab, 0x1b,
0xc4, 0x1a, 0xdb, 0x2a, 0x2a, 0x42, 0xab, 0xb9, 0x7b, 0xe7, 0xda, 0x8b, 0xf7, 0xce, 0xde, 0xee, 0x3b, 0xb1, 0xc6, 0xf6, 0xd7, 0x4f, 0x45, 0x68, 0x35, 0xde, 0x9d, 0x63, 0x2f, 0xde, 0x33, 0x7b,
0xcc, 0xfa, 0xda, 0x2d, 0x82, 0xaa, 0x88, 0x8f, 0x37, 0xc0, 0xe2, 0x43, 0x02, 0x09, 0x15, 0x01, 0xba, 0x33, 0xeb, 0x9f, 0x16, 0x41, 0x55, 0x04, 0xe5, 0x0e, 0xb0, 0xf8, 0x91, 0x40, 0x42, 0x45,
0x12, 0xa5, 0x14, 0x21, 0x21, 0x21, 0xc1, 0x0b, 0x08, 0x09, 0xa9, 0x82, 0x07, 0xfb, 0xb1, 0x12, 0x80, 0x44, 0x29, 0x45, 0x48, 0x48, 0x48, 0x70, 0x43, 0x85, 0x84, 0x54, 0xc1, 0x85, 0x7d, 0x89,
0x65, 0x51, 0x9d, 0x3e, 0xdd, 0x07, 0x1e, 0xee, 0xa3, 0x79, 0x41, 0x33, 0xfb, 0x35, 0xbb, 0x3b, 0x44, 0x59, 0x54, 0xa7, 0x57, 0xe7, 0x82, 0x8b, 0x73, 0x69, 0x6e, 0xd0, 0xcc, 0xfe, 0xcd, 0xee,
0xb7, 0xc9, 0xdb, 0xdd, 0xf3, 0x3b, 0x73, 0xe6, 0x77, 0xe6, 0xe3, 0xcc, 0x39, 0x33, 0x57, 0xbf, 0xce, 0x49, 0x72, 0x77, 0xf6, 0x7d, 0xde, 0x79, 0xe7, 0x79, 0xe7, 0xe7, 0x9d, 0xf7, 0x9d, 0x39,
0xec, 0x3a, 0xb5, 0xab, 0xb6, 0x47, 0x1a, 0xce, 0xfa, 0x55, 0xaf, 0xc5, 0x1c, 0x8f, 0xd0, 0xe8, 0xfa, 0x65, 0xcf, 0x5d, 0xbd, 0x6a, 0xfb, 0xa4, 0xe1, 0xae, 0x5d, 0xf5, 0x5b, 0xcc, 0xf5, 0x09,
0x2b, 0xf0, 0x11, 0xff, 0xba, 0xd2, 0xf2, 0x3d, 0xe6, 0x81, 0x13, 0x91, 0xf0, 0xfc, 0x88, 0xa4, 0x8d, 0xbf, 0xc2, 0x00, 0xf1, 0xaf, 0x2b, 0xad, 0xc0, 0x67, 0x3e, 0x38, 0x11, 0x0b, 0xcf, 0x0f,
0xce, 0x02, 0xe2, 0x90, 0xf5, 0x48, 0xe1, 0xfc, 0x39, 0x09, 0xa0, 0xce, 0x9b, 0x38, 0x16, 0x9f, 0x49, 0xea, 0x2c, 0x24, 0x2e, 0x59, 0x8b, 0x15, 0xce, 0x9f, 0x93, 0x00, 0xea, 0xbe, 0x85, 0x13,
0xc4, 0xdb, 0x2c, 0xfa, 0x59, 0xf9, 0xe8, 0xb6, 0x3e, 0x74, 0x2f, 0xea, 0x61, 0x56, 0xee, 0x01, 0xf1, 0x49, 0xbc, 0xcd, 0xe2, 0x9f, 0xb5, 0x83, 0xd7, 0xf4, 0x81, 0xbb, 0x71, 0x0f, 0xd3, 0x72,
0xfc, 0x54, 0xd3, 0xcf, 0xba, 0x0e, 0x65, 0x98, 0x58, 0xa8, 0x5e, 0xf7, 0x31, 0xa5, 0x98, 0x1a, 0x0f, 0xe0, 0xc7, 0x9a, 0x7e, 0xd6, 0x73, 0x29, 0xc3, 0xc4, 0x42, 0x8e, 0x13, 0x60, 0x4a, 0x31,
0xda, 0xd8, 0xb1, 0xf1, 0x93, 0x33, 0xf4, 0x20, 0x34, 0x01, 0x44, 0xed, 0x45, 0x01, 0x4f, 0x27, 0x35, 0xb4, 0x91, 0x63, 0xa3, 0x27, 0xa7, 0xe8, 0x41, 0x64, 0x02, 0x88, 0xb6, 0xe6, 0x05, 0x3c,
0x68, 0x27, 0x34, 0xcf, 0xb8, 0x79, 0x51, 0x37, 0x34, 0x2f, 0x6f, 0x37, 0xdd, 0x5b, 0x95, 0x9c, 0x99, 0xa2, 0xed, 0xc8, 0x3c, 0xe3, 0x15, 0x45, 0x9d, 0xc8, 0xbc, 0xbc, 0xdd, 0xf4, 0x6e, 0xd5,
0xbc, 0x32, 0x56, 0xc7, 0x0d, 0x14, 0xb8, 0xec, 0x56, 0x25, 0xfe, 0x51, 0x39, 0xdc, 0xab, 0x3e, 0x0a, 0xf2, 0xda, 0x88, 0x83, 0x1b, 0x28, 0xf4, 0xd8, 0xad, 0x5a, 0xf2, 0xa3, 0x76, 0xb8, 0x57,
0x1a, 0xff, 0xde, 0xdd, 0xaf, 0x2a, 0x8c, 0xc3, 0xa2, 0x69, 0xf0, 0x1f, 0x4d, 0x37, 0xd6, 0x5d, 0x7f, 0x34, 0xf9, 0xbd, 0xbb, 0x5f, 0x57, 0x18, 0x87, 0x65, 0xd3, 0xe0, 0x5f, 0x9a, 0x6e, 0xac,
0xaf, 0x86, 0x5c, 0xab, 0xee, 0x50, 0xdb, 0xdb, 0xc2, 0xfe, 0x8e, 0x45, 0xb1, 0xbf, 0x85, 0x7d, 0x79, 0xfe, 0x2a, 0xf2, 0x2c, 0xc7, 0xa5, 0xb6, 0xbf, 0x89, 0x83, 0x1d, 0x8b, 0xe2, 0x60, 0x13,
0x6a, 0x1c, 0x15, 0x44, 0x7f, 0xaf, 0x1d, 0x84, 0xe6, 0x20, 0x44, 0xed, 0xcf, 0x0b, 0xbd, 0x69, 0x07, 0xd4, 0x38, 0x2a, 0x88, 0xfe, 0x56, 0x3b, 0x88, 0xcc, 0x7e, 0x88, 0xb6, 0xfe, 0x57, 0xe8,
0x42, 0x56, 0x22, 0xbc, 0x13, 0x9a, 0xe7, 0xd6, 0x13, 0x99, 0x17, 0x10, 0x1b, 0xc7, 0x40, 0x37, 0x4d, 0x12, 0xb2, 0x14, 0xe3, 0xed, 0xc8, 0x3c, 0xb7, 0x96, 0xca, 0xfc, 0x90, 0xd8, 0x38, 0x01,
0x34, 0x9f, 0x17, 0x84, 0x55, 0xa8, 0x82, 0x77, 0x67, 0xaf, 0x3a, 0xa4, 0x52, 0xed, 0xee, 0x55, 0x3a, 0x91, 0xf9, 0xbc, 0x20, 0xac, 0x42, 0x15, 0xbc, 0xdb, 0x7b, 0xf5, 0x01, 0x95, 0x6a, 0x67,
0xd5, 0x1d, 0xe4, 0x1d, 0x55, 0x71, 0x83, 0xc3, 0x51, 0xc3, 0xb9, 0xc4, 0xa9, 0x58, 0x0e, 0x3e, 0xaf, 0xae, 0xee, 0xa0, 0xe8, 0xa8, 0x8a, 0x1b, 0x1c, 0x8c, 0x1b, 0xce, 0xa4, 0x4e, 0x25, 0x72,
0x55, 0x39, 0x8c, 0x09, 0xaa, 0xb9, 0xb8, 0x6e, 0x1c, 0x1b, 0xd3, 0xc6, 0x1f, 0x9b, 0x79, 0x8f, 0xf0, 0xb9, 0xca, 0x61, 0x4c, 0xd0, 0xaa, 0x87, 0x1d, 0xe3, 0xd8, 0x88, 0x36, 0xfa, 0xd8, 0xd4,
0x3b, 0x7c, 0x36, 0xb5, 0xf8, 0x4a, 0x04, 0x96, 0xbd, 0x8d, 0x81, 0x6e, 0x68, 0x3e, 0xab, 0xf0, 0x07, 0xdc, 0xe1, 0xb3, 0x99, 0xc5, 0x57, 0x62, 0xb0, 0xea, 0x6d, 0x02, 0x74, 0x22, 0xf3, 0x59,
0x36, 0x46, 0x25, 0x77, 0x99, 0x1f, 0x60, 0xee, 0x6b, 0x0f, 0x33, 0xbd, 0x80, 0xc3, 0xbd, 0xea, 0x85, 0xb7, 0x09, 0x2a, 0xb9, 0xcb, 0x82, 0x10, 0x73, 0x5f, 0xbb, 0x98, 0xe9, 0x06, 0x1c, 0xee,
0x23, 0xbc, 0xe9, 0xee, 0x7e, 0xb5, 0x44, 0xaa, 0xe4, 0x66, 0x2c, 0x07, 0x1f, 0x6b, 0xfa, 0x88, 0xd5, 0x1f, 0xe1, 0x4d, 0x77, 0xf7, 0xeb, 0x15, 0x52, 0x15, 0x37, 0x13, 0x39, 0xf8, 0x54, 0xd3,
0xeb, 0xd9, 0x4a, 0x2f, 0x1f, 0x11, 0x5e, 0xfe, 0x9c, 0x7b, 0x79, 0x66, 0x91, 0xeb, 0xe4, 0x9c, 0x87, 0x3c, 0xdf, 0x56, 0x7a, 0xf9, 0x88, 0xf0, 0xf2, 0xa7, 0xdc, 0xcb, 0x33, 0xf3, 0x5c, 0xa7,
0x1c, 0x72, 0x63, 0x51, 0xc1, 0xc7, 0x67, 0xa2, 0x25, 0xa8, 0x00, 0x15, 0x2e, 0xaa, 0x8d, 0xf4, 0xe0, 0xe4, 0x80, 0x97, 0x88, 0x4a, 0x3e, 0x3e, 0x13, 0x2f, 0x41, 0x05, 0xa8, 0x70, 0x51, 0x6d,
0x90, 0x4b, 0x0e, 0x16, 0xf9, 0xc0, 0x73, 0xa2, 0x41, 0xc9, 0xbd, 0x7f, 0x68, 0xfa, 0x60, 0xe4, 0xa4, 0x8b, 0x5c, 0x72, 0xb0, 0xcc, 0x07, 0x9e, 0x13, 0x0d, 0x2a, 0xee, 0xfd, 0x55, 0xd3, 0xfb,
0x1e, 0x8a, 0x6d, 0x59, 0x2d, 0xcf, 0x67, 0xc6, 0xf1, 0x31, 0x6d, 0xfc, 0xf8, 0xcc, 0x8f, 0xb9, 0x63, 0xf7, 0x50, 0x62, 0xcb, 0x6a, 0xf9, 0x01, 0x33, 0x8e, 0x8f, 0x68, 0xa3, 0xc7, 0xa7, 0x7e,
0x6b, 0x7d, 0x89, 0xa9, 0x65, 0xcf, 0x67, 0x9d, 0xd0, 0x1c, 0xc8, 0x75, 0xcd, 0x85, 0xdd, 0xd0, 0xc8, 0x5d, 0xeb, 0x49, 0x4d, 0x2d, 0xfa, 0x01, 0x6b, 0x47, 0x66, 0x5f, 0xa1, 0x6b, 0x2e, 0xec,
0x7c, 0xba, 0xec, 0x14, 0x47, 0x24, 0x8f, 0xa6, 0x26, 0x27, 0xa6, 0xfe, 0xaf, 0x72, 0x18, 0x9a, 0x44, 0xe6, 0xd3, 0x55, 0xa7, 0x38, 0x22, 0x79, 0x34, 0x31, 0x3e, 0x36, 0xf1, 0x5f, 0xb5, 0xc3,
0xc7, 0x1c, 0xc2, 0x3a, 0x7b, 0x55, 0x85, 0x19, 0x95, 0xf0, 0x70, 0xaf, 0x7a, 0x5c, 0x34, 0xdd, 0xc8, 0x3c, 0xe6, 0x12, 0xd6, 0xde, 0xab, 0x2b, 0xcc, 0xa8, 0x84, 0x87, 0x7b, 0xf5, 0xe3, 0xa2,
0xdd, 0xaf, 0xe6, 0x98, 0xc0, 0xb2, 0x2e, 0xf8, 0xfa, 0x51, 0x7d, 0xac, 0xe0, 0x4d, 0x33, 0x70, 0xe9, 0xee, 0x7e, 0xbd, 0xc0, 0x04, 0x56, 0x75, 0xc1, 0xd7, 0x8e, 0xea, 0x23, 0x25, 0x6f, 0x9a,
0x99, 0x63, 0x23, 0xca, 0x92, 0xb8, 0x61, 0x9c, 0x18, 0xd3, 0xc6, 0x4f, 0xce, 0xfc, 0x91, 0xbb, 0xa1, 0xc7, 0x5c, 0x1b, 0x51, 0x96, 0xc6, 0x0d, 0xe3, 0xc4, 0x88, 0x36, 0x7a, 0x72, 0xea, 0xf7,
0xd6, 0x9f, 0x18, 0x5c, 0x9a, 0xe5, 0x3b, 0xb9, 0x13, 0x9a, 0x83, 0x39, 0xa3, 0x91, 0xb8, 0x1b, 0xdc, 0xb5, 0xde, 0xd4, 0xe0, 0xc2, 0x34, 0xdf, 0xc9, 0xed, 0xc8, 0xec, 0x2f, 0x18, 0x8d, 0xc5,
0x9a, 0x37, 0xca, 0xee, 0x45, 0x98, 0xe4, 0xe0, 0x17, 0x1b, 0x8d, 0xc9, 0xa9, 0x5b, 0xb7, 0x6e, 0x9d, 0xc8, 0xbc, 0x51, 0x75, 0x2f, 0xc6, 0x24, 0x07, 0xbf, 0xd0, 0x68, 0x8c, 0x4f, 0xdc, 0xba,
0x5e, 0xbb, 0x79, 0xfd, 0x4b, 0xb7, 0x22, 0x6f, 0x3b, 0x7b, 0x55, 0xa5, 0x41, 0xb5, 0xf8, 0x70, 0x75, 0xf3, 0xda, 0xcd, 0xeb, 0x5f, 0xbc, 0x15, 0x7b, 0xdb, 0xde, 0xab, 0x2b, 0x0d, 0xaa, 0xc5,
0xaf, 0x0a, 0xca, 0x46, 0x76, 0xf7, 0xab, 0x05, 0x9a, 0xf0, 0x89, 0x7c, 0xe3, 0xc4, 0xc3, 0x38, 0x87, 0x7b, 0x75, 0x50, 0x35, 0xb2, 0xbb, 0x5f, 0x2f, 0xd1, 0x84, 0x4f, 0x14, 0x1b, 0xa7, 0x1e,
0x18, 0x81, 0x7b, 0xfa, 0xe9, 0x26, 0xda, 0xb6, 0x28, 0x26, 0x75, 0x6b, 0xb3, 0xd6, 0xa2, 0xc6, 0x26, 0xc1, 0x08, 0xdc, 0xd5, 0x4f, 0x37, 0xd1, 0xb6, 0x45, 0x31, 0x71, 0xac, 0x8d, 0xd5, 0x16,
0xa3, 0x62, 0x32, 0x9f, 0xeb, 0x84, 0xe6, 0xa9, 0x26, 0xda, 0x5e, 0xc1, 0xa4, 0x7e, 0xa7, 0xd6, 0x35, 0x1e, 0x15, 0x93, 0xf9, 0x5c, 0x3b, 0x32, 0x4f, 0x35, 0xd1, 0xf6, 0x12, 0x26, 0xce, 0xed,
0xe2, 0xc1, 0x65, 0x40, 0xb8, 0x25, 0xc9, 0x92, 0xf9, 0x81, 0xb2, 0x62, 0x62, 0xd0, 0xc7, 0xf6, 0xd5, 0x16, 0x0f, 0x2e, 0x7d, 0xc2, 0x2d, 0x49, 0x96, 0xce, 0x0f, 0x94, 0x15, 0x53, 0x83, 0x01,
0x56, 0x64, 0xf0, 0xb1, 0x9c, 0x41, 0x88, 0xed, 0xad, 0xa2, 0xc1, 0x44, 0x96, 0x33, 0x98, 0x08, 0xb6, 0x37, 0x63, 0x83, 0x8f, 0x15, 0x0c, 0x42, 0x6c, 0x6f, 0x96, 0x0d, 0xa6, 0xb2, 0x82, 0xc1,
0xc1, 0x1f, 0x34, 0x7d, 0xc4, 0xc7, 0xb6, 0x47, 0x08, 0xb6, 0x79, 0x78, 0xb7, 0x1c, 0xc2, 0xb0, 0x54, 0x08, 0x7e, 0xa7, 0xe9, 0x43, 0x01, 0xb6, 0x7d, 0x42, 0xb0, 0xcd, 0xc3, 0xbb, 0xe5, 0x12,
0xbf, 0x85, 0x5c, 0x8b, 0x1a, 0x27, 0x85, 0xed, 0xaf, 0x8a, 0xa0, 0x9e, 0xa8, 0x2c, 0xc4, 0xf0, 0x86, 0x83, 0x4d, 0xe4, 0x59, 0xd4, 0x38, 0x29, 0x6c, 0x7f, 0x45, 0x04, 0xf5, 0x54, 0x65, 0x2e,
0x0a, 0x8f, 0x1d, 0x72, 0xc3, 0x14, 0xe8, 0x86, 0xe6, 0xb8, 0xe8, 0x5b, 0x89, 0x4a, 0xb3, 0x74, 0x81, 0x97, 0x78, 0xec, 0x90, 0x1b, 0x66, 0x40, 0x27, 0x32, 0x47, 0x45, 0xdf, 0x4a, 0x54, 0x9a,
0x63, 0x22, 0xa1, 0x74, 0xb8, 0x57, 0x3d, 0x7a, 0x63, 0x42, 0xc4, 0xf7, 0x52, 0x3f, 0x50, 0xdd, 0xa5, 0x1b, 0x63, 0x29, 0xa5, 0xc3, 0xbd, 0xfa, 0xd1, 0x1b, 0x63, 0x22, 0xbe, 0x57, 0xfa, 0x81,
0x0b, 0x68, 0xe8, 0xfd, 0x3e, 0x76, 0xd1, 0x0e, 0x4d, 0x63, 0x80, 0x2e, 0x62, 0xc0, 0xcb, 0x9d, 0xea, 0x5e, 0x40, 0x43, 0xef, 0x0d, 0xb0, 0x87, 0x76, 0x68, 0x16, 0x03, 0x74, 0x11, 0x03, 0x5e,
0xd0, 0x3c, 0x1d, 0x21, 0xd9, 0x46, 0xaf, 0xc4, 0x84, 0x24, 0x69, 0x71, 0x87, 0x27, 0x3b, 0x16, 0x6e, 0x47, 0xe6, 0xe9, 0x18, 0xc9, 0x37, 0x7a, 0x2d, 0x21, 0x24, 0x49, 0xcb, 0x3b, 0x3c, 0xdd,
0xe6, 0x1b, 0x83, 0x77, 0x8e, 0xea, 0x17, 0xe2, 0x8e, 0x52, 0x22, 0xd9, 0x20, 0x35, 0x8d, 0x53, 0xb1, 0xb0, 0xd8, 0x18, 0xbc, 0x7b, 0x54, 0xbf, 0x90, 0x74, 0x94, 0x11, 0xc9, 0x07, 0xa9, 0x69,
0x62, 0x90, 0xfe, 0xca, 0xd7, 0xf0, 0x08, 0xe4, 0x7a, 0x25, 0x17, 0x96, 0x3a, 0xa1, 0x39, 0xe2, 0x9c, 0x12, 0x83, 0xf4, 0x27, 0xbe, 0x86, 0x87, 0x20, 0xd7, 0xab, 0xb8, 0xb0, 0xd0, 0x8e, 0xcc,
0xab, 0xa1, 0x34, 0xd0, 0xf6, 0xc0, 0x25, 0x96, 0x93, 0x13, 0xd2, 0x96, 0xed, 0x69, 0xaf, 0x37, 0xa1, 0x40, 0x0d, 0x65, 0x81, 0xb6, 0x0b, 0x2e, 0xb1, 0x1c, 0x1f, 0x93, 0xb6, 0x6c, 0x57, 0x7b,
0xc4, 0x07, 0x79, 0x92, 0x0f, 0x72, 0x2f, 0x9a, 0xd0, 0x88, 0xfc, 0x2c, 0x23, 0xa0, 0xa6, 0x9f, 0xdd, 0x21, 0x3e, 0xc8, 0xe3, 0x7c, 0x90, 0xbb, 0xd1, 0x84, 0x46, 0xec, 0x67, 0x15, 0x01, 0xab,
0xa6, 0x0c, 0xf9, 0xcc, 0xaa, 0xf9, 0x5e, 0x9b, 0x62, 0xdf, 0xe8, 0x13, 0x63, 0xfd, 0xff, 0x9d, 0xfa, 0x69, 0xca, 0x50, 0xc0, 0xac, 0xd5, 0xc0, 0xdf, 0xa2, 0x38, 0x30, 0x7a, 0xc4, 0x58, 0xff,
0xd0, 0xec, 0x13, 0xc0, 0x4c, 0x24, 0xef, 0x86, 0xe6, 0x93, 0xc2, 0x1d, 0x59, 0xd8, 0x73, 0xa4, 0x77, 0x3b, 0x32, 0x7b, 0x04, 0x30, 0x15, 0xcb, 0x3b, 0x91, 0xf9, 0xa4, 0x70, 0x47, 0x16, 0x76,
0x73, 0x4d, 0xc1, 0x2f, 0x35, 0xfd, 0x1c, 0x41, 0xcc, 0x62, 0x3e, 0xe2, 0xa7, 0x1a, 0x72, 0xd3, 0x1d, 0xe9, 0x42, 0x53, 0xf0, 0x73, 0x4d, 0x3f, 0x47, 0x10, 0xb3, 0x58, 0x80, 0xf8, 0xa9, 0x86,
0x89, 0xed, 0x17, 0x9d, 0xbd, 0x71, 0x10, 0x9a, 0xfa, 0xdd, 0xe9, 0xd5, 0x2c, 0xac, 0xeb, 0x04, 0xbc, 0x6c, 0x62, 0x7b, 0x45, 0x67, 0x6f, 0x1e, 0x44, 0xa6, 0x7e, 0x67, 0x72, 0x39, 0x0f, 0xeb,
0xb1, 0x6c, 0x8e, 0x4d, 0xd1, 0x71, 0x26, 0x52, 0x84, 0x70, 0xb9, 0x41, 0xee, 0x4b, 0x0a, 0xd7, 0x3a, 0x41, 0x2c, 0x9f, 0x63, 0x53, 0x74, 0x9c, 0x8b, 0x14, 0x21, 0x5c, 0x6e, 0x50, 0xf8, 0x92,
0x52, 0x17, 0x70, 0x90, 0x20, 0xb6, 0x9a, 0xd0, 0x49, 0x16, 0xc4, 0x9f, 0x4a, 0x3c, 0x5d, 0x8c, 0xc2, 0xb5, 0xd4, 0x05, 0xec, 0x27, 0x88, 0x2d, 0xa7, 0x74, 0xd2, 0x05, 0xf1, 0x87, 0x0a, 0x4f,
0x28, 0xb6, 0x9a, 0xc6, 0x19, 0xb1, 0x14, 0xbe, 0xc9, 0x97, 0xc2, 0xc9, 0xbb, 0xd3, 0xab, 0x8b, 0x0f, 0x23, 0x8a, 0xad, 0xa6, 0x71, 0x46, 0x2c, 0x85, 0x6f, 0xf0, 0xa5, 0x70, 0xf2, 0xce, 0xe4,
0x5c, 0xcc, 0x27, 0xff, 0x0c, 0x41, 0x2c, 0xfa, 0x70, 0x48, 0xc0, 0x44, 0xf2, 0x53, 0x49, 0xc8, 0xf2, 0x3c, 0x17, 0xf3, 0xc9, 0x3f, 0x43, 0x10, 0x8b, 0x3f, 0x5c, 0x12, 0x32, 0x91, 0xfc, 0xd4,
0xca, 0x72, 0xe5, 0xde, 0xe8, 0xec, 0x55, 0x4b, 0xed, 0xcb, 0xa2, 0x74, 0x07, 0x65, 0x1d, 0x43, 0x52, 0xb2, 0xb2, 0x5c, 0xb9, 0x37, 0xda, 0x7b, 0xf5, 0x4a, 0xfb, 0xaa, 0x28, 0xdb, 0x41, 0x79,
0x20, 0xb3, 0x8f, 0x64, 0xe0, 0xef, 0x9a, 0x3e, 0x92, 0x27, 0xef, 0x63, 0x82, 0xdb, 0x62, 0x25, 0xc7, 0x10, 0xc8, 0xec, 0x63, 0x19, 0xf8, 0x8b, 0xa6, 0x0f, 0x15, 0xc9, 0x07, 0x98, 0xe0, 0x2d,
0x9f, 0x15, 0xf4, 0x77, 0x39, 0xfd, 0x53, 0x77, 0xa7, 0x57, 0x61, 0x04, 0x70, 0x07, 0x06, 0x08, 0xb1, 0x92, 0xcf, 0x0a, 0xfa, 0xbb, 0x9c, 0xfe, 0xa9, 0x3b, 0x93, 0xcb, 0x30, 0x06, 0xb8, 0x03,
0x62, 0xc9, 0x67, 0xea, 0x42, 0x35, 0x71, 0x21, 0x8f, 0x48, 0x4e, 0x5c, 0x93, 0x9d, 0x50, 0xd8, 0x7d, 0x04, 0xb1, 0xf4, 0x33, 0x73, 0xa1, 0x9e, 0xba, 0x50, 0x44, 0x24, 0x27, 0xae, 0xc9, 0x4e,
0x50, 0x09, 0xb9, 0x23, 0xd7, 0xb8, 0x23, 0x32, 0x05, 0x38, 0x24, 0xbb, 0x92, 0x48, 0x15, 0xce, 0x28, 0x6c, 0xa8, 0x84, 0xdc, 0x91, 0x6b, 0xdc, 0x11, 0x99, 0x02, 0x1c, 0x90, 0x5d, 0x49, 0xa5,
0x30, 0xa7, 0x89, 0xbd, 0x80, 0x59, 0xd4, 0x18, 0xc8, 0x3b, 0xb3, 0x1a, 0x01, 0x2b, 0xb1, 0x33, 0x0a, 0x67, 0x98, 0xdb, 0xc4, 0x7e, 0xc8, 0x2c, 0x6a, 0xf4, 0x15, 0x9d, 0x59, 0x8e, 0x81, 0xa5,
0xc9, 0x27, 0x5f, 0xe9, 0xf5, 0x9c, 0x33, 0x79, 0xa4, 0xd7, 0xf6, 0x53, 0xd8, 0x50, 0x09, 0xd3, 0xc4, 0x99, 0xf4, 0x93, 0xaf, 0x74, 0xa7, 0xe0, 0x4c, 0x11, 0xe9, 0xb6, 0xfd, 0x14, 0x36, 0x54,
0x2d, 0x27, 0x53, 0xc8, 0x3b, 0x93, 0x48, 0xc1, 0x4f, 0x34, 0xdd, 0x08, 0x28, 0x5a, 0xc7, 0x96, 0xc2, 0x6c, 0xcb, 0xc9, 0x14, 0x8a, 0xce, 0xa4, 0x52, 0xf0, 0x23, 0x4d, 0x37, 0x42, 0x8a, 0xd6,
0x8f, 0xf9, 0xb9, 0xef, 0x90, 0x75, 0x0b, 0xd9, 0x36, 0x6e, 0x31, 0x5c, 0x37, 0x80, 0xf0, 0x06, 0xb0, 0x15, 0x60, 0x7e, 0xee, 0xbb, 0x64, 0xcd, 0x42, 0xb6, 0x8d, 0x5b, 0x0c, 0x3b, 0x06, 0x10,
0xf1, 0x1d, 0xb0, 0x06, 0xa7, 0x63, 0x29, 0xdf, 0x01, 0x81, 0x9f, 0x7c, 0x75, 0x43, 0xf3, 0xac, 0xde, 0x20, 0xbe, 0x03, 0x56, 0xe0, 0x64, 0x22, 0xe5, 0x3b, 0x20, 0x0c, 0xd2, 0xaf, 0x4e, 0x64,
0x70, 0x22, 0x13, 0x49, 0x84, 0x65, 0xc5, 0xdc, 0x17, 0x5f, 0xf1, 0x99, 0x49, 0x38, 0x2c, 0x28, 0x9e, 0x15, 0x4e, 0xe4, 0x22, 0x89, 0xb0, 0xac, 0x58, 0xf8, 0xe2, 0x2b, 0x3e, 0x37, 0x09, 0x07,
0xc0, 0x84, 0x41, 0x22, 0x07, 0x6f, 0xe9, 0x43, 0x45, 0x72, 0x14, 0x63, 0x62, 0x0c, 0x0a, 0x62, 0x05, 0x05, 0x98, 0x32, 0x48, 0xe5, 0xe0, 0x6d, 0x7d, 0xa0, 0x4c, 0x8e, 0x62, 0x4c, 0x8c, 0x7e,
0x0b, 0x07, 0xa1, 0x79, 0x62, 0x0d, 0xae, 0x60, 0x4c, 0x3a, 0xa1, 0x79, 0x22, 0xf0, 0xf9, 0xaf, 0x41, 0x6c, 0xee, 0x20, 0x32, 0x4f, 0xac, 0xc0, 0x25, 0x8c, 0x49, 0x3b, 0x32, 0x4f, 0x84, 0x01,
0x6e, 0x68, 0xf6, 0xc5, 0x84, 0xf8, 0xa7, 0x44, 0x26, 0x51, 0x48, 0x7f, 0xed, 0xee, 0x57, 0xe3, 0xff, 0xd5, 0x89, 0xcc, 0x9e, 0x84, 0x10, 0xff, 0x94, 0xc8, 0xa4, 0x0a, 0xd9, 0xaf, 0xdd, 0xfd,
0xe6, 0x10, 0xe4, 0x09, 0x70, 0x19, 0xf8, 0x81, 0xa6, 0x3f, 0x5e, 0xec, 0x3d, 0x20, 0xce, 0x1b, 0x7a, 0xd2, 0x1c, 0x82, 0x22, 0x01, 0x2e, 0x03, 0xdf, 0xd3, 0xf4, 0xc7, 0xcb, 0xbd, 0x87, 0xc4,
0x01, 0xb6, 0x9c, 0xba, 0x31, 0x24, 0x92, 0x88, 0xd7, 0xa3, 0xb1, 0x59, 0x13, 0xe2, 0x85, 0xb9, 0x7d, 0x33, 0xc4, 0x96, 0xeb, 0x18, 0x03, 0x22, 0x89, 0x78, 0x23, 0x1e, 0x9b, 0x15, 0x21, 0x9e,
0x68, 0x6c, 0xe2, 0x2f, 0x79, 0x6c, 0x12, 0x85, 0x4a, 0x34, 0x28, 0xc9, 0x67, 0x57, 0xfe, 0x8a, 0x9b, 0x89, 0xc7, 0x26, 0xf9, 0x92, 0xc7, 0x26, 0x55, 0xa8, 0xc5, 0x83, 0x92, 0x7e, 0x76, 0xe4,
0x07, 0x25, 0xc1, 0x8a, 0x83, 0x92, 0x68, 0x81, 0xbf, 0x68, 0xfa, 0x60, 0x89, 0x97, 0xef, 0x1a, 0xaf, 0x64, 0x50, 0x52, 0xac, 0x3c, 0x28, 0xa9, 0x16, 0xf8, 0x58, 0xd3, 0xfb, 0x2b, 0xbc, 0x02,
0xe7, 0x04, 0xa3, 0xef, 0xf0, 0xb5, 0x77, 0x7c, 0x0d, 0xae, 0xc1, 0xc5, 0x4e, 0x68, 0x1e, 0x0f, 0xcf, 0x38, 0x27, 0x18, 0x7d, 0x8b, 0xaf, 0xbd, 0xe3, 0x2b, 0x70, 0x05, 0xce, 0xb7, 0x23, 0xf3,
0xfc, 0x35, 0xb8, 0xd8, 0x0d, 0xcd, 0x9b, 0x09, 0x11, 0xb8, 0x28, 0xad, 0xae, 0x0d, 0xc6, 0x5a, 0x78, 0x18, 0xac, 0xc0, 0xf9, 0x4e, 0x64, 0xde, 0x4c, 0x89, 0xc0, 0x79, 0x69, 0x75, 0xad, 0x33,
0xf4, 0xd6, 0xd5, 0xab, 0x75, 0xc4, 0xd0, 0x15, 0xba, 0x43, 0x6c, 0xb6, 0xc1, 0x8b, 0x35, 0x82, 0xd6, 0xa2, 0xb7, 0xae, 0x5e, 0x75, 0x10, 0x43, 0x57, 0xe8, 0x0e, 0xb1, 0xd9, 0x3a, 0x2f, 0xd6,
0xd9, 0x55, 0x82, 0xdb, 0x5c, 0xca, 0x09, 0xc7, 0x46, 0x92, 0x1f, 0x87, 0x7b, 0xd5, 0x87, 0x68, 0x08, 0x66, 0x57, 0x09, 0xde, 0xe2, 0x52, 0x4e, 0x38, 0x31, 0x92, 0xfe, 0x38, 0xdc, 0xab, 0x3f,
0xb8, 0xbb, 0x5f, 0x8d, 0x58, 0xc0, 0x81, 0x82, 0x1f, 0xbe, 0x0b, 0xfe, 0xad, 0xe9, 0x66, 0xd1, 0x44, 0xc3, 0xdd, 0xfd, 0x7a, 0xcc, 0x02, 0xf6, 0x95, 0xfc, 0x08, 0x3c, 0xf0, 0x4f, 0x4d, 0x37,
0x85, 0x96, 0x47, 0xf9, 0x09, 0x47, 0xb1, 0x1d, 0xf8, 0xd8, 0xdd, 0x31, 0x86, 0x45, 0xf8, 0xfd, 0xcb, 0x2e, 0xb4, 0x7c, 0xca, 0x4f, 0x38, 0x8a, 0xed, 0x30, 0xc0, 0xde, 0x8e, 0x31, 0x28, 0xc2,
0x91, 0xa8, 0x20, 0xd6, 0xe0, 0xb2, 0x47, 0xd9, 0x42, 0x0a, 0x76, 0x42, 0xf3, 0x6c, 0xe0, 0xe7, 0xef, 0x0f, 0x44, 0x05, 0xb1, 0x02, 0x17, 0x7d, 0xca, 0xe6, 0x32, 0xb0, 0x1d, 0x99, 0x67, 0xc3,
0x65, 0xdd, 0xd0, 0x7c, 0x2a, 0x76, 0x32, 0x0f, 0x48, 0xfe, 0x36, 0x90, 0x4b, 0x45, 0x48, 0x2e, 0xa0, 0x28, 0xeb, 0x44, 0xe6, 0x53, 0x89, 0x93, 0x45, 0x40, 0xf2, 0xb7, 0x81, 0x3c, 0x2a, 0x42,
0xb7, 0x56, 0xc8, 0x78, 0xe6, 0x29, 0x5a, 0xf0, 0x7a, 0xa1, 0x48, 0x01, 0x5e, 0xcc, 0xbb, 0x95, 0x72, 0xb5, 0xb5, 0x42, 0xc6, 0x33, 0x4f, 0xd1, 0x82, 0xd7, 0x0b, 0x65, 0x0a, 0xf0, 0x62, 0xd1,
0x47, 0xc1, 0xbf, 0x14, 0x1e, 0x3a, 0xc4, 0x61, 0x0e, 0xaf, 0x23, 0xf8, 0x79, 0x67, 0x51, 0x63, 0xad, 0x22, 0x0a, 0xfe, 0xa1, 0xf0, 0xd0, 0x25, 0x2e, 0x73, 0x79, 0x1d, 0xc1, 0xcf, 0x3b, 0x8b,
0x44, 0xac, 0xe2, 0x1f, 0x8a, 0xea, 0x61, 0x0d, 0x2e, 0x44, 0xe8, 0x1c, 0x07, 0x79, 0xc0, 0x38, 0x1a, 0x43, 0x62, 0x15, 0x7f, 0x5f, 0x54, 0x0f, 0x2b, 0x70, 0x2e, 0x46, 0x67, 0x38, 0xc8, 0x03,
0x13, 0xf8, 0x39, 0x51, 0x1a, 0x2e, 0x0a, 0x72, 0x39, 0x58, 0xdc, 0x9c, 0xc8, 0x05, 0xf0, 0xa2, 0xc6, 0x99, 0x30, 0x28, 0x88, 0xb2, 0x70, 0x51, 0x92, 0xcb, 0xc1, 0xe2, 0xe6, 0x58, 0x21, 0x80,
0x85, 0xb2, 0x88, 0x9f, 0x40, 0xbc, 0x15, 0x2f, 0x18, 0x0a, 0x14, 0xe0, 0x85, 0xbc, 0x83, 0x39, 0x97, 0x2d, 0x54, 0x45, 0xfc, 0x04, 0xe2, 0xad, 0x78, 0xc1, 0x50, 0xa2, 0x00, 0x2f, 0x14, 0x1d,
0x10, 0x78, 0xfa, 0x80, 0x8f, 0xa3, 0xc3, 0xd9, 0x23, 0x56, 0x1b, 0x6d, 0xe2, 0xa0, 0x65, 0x18, 0x2c, 0x80, 0xc0, 0xd7, 0xfb, 0x02, 0x1c, 0x1f, 0xce, 0x3e, 0xb1, 0xb6, 0xd0, 0x06, 0x0e, 0x5b,
0x62, 0xca, 0x66, 0x39, 0xf9, 0x18, 0xbc, 0x47, 0x5e, 0x13, 0x50, 0x4a, 0xbe, 0x20, 0xef, 0x79, 0x86, 0x21, 0xa6, 0x6c, 0x9a, 0x93, 0x4f, 0xc0, 0xbb, 0xe4, 0x75, 0x01, 0x65, 0xe4, 0x4b, 0xf2,
0x48, 0x17, 0x0d, 0x80, 0x6f, 0x69, 0xfa, 0x08, 0x0a, 0x98, 0x67, 0x05, 0xad, 0x75, 0x1f, 0xd5, 0xae, 0x87, 0x74, 0xd9, 0x00, 0x78, 0x4f, 0xd3, 0x87, 0x50, 0xc8, 0x7c, 0x2b, 0x6c, 0xad, 0x05,
0x71, 0x96, 0x0c, 0x6d, 0x18, 0x8f, 0x8b, 0x81, 0x5c, 0xe6, 0x25, 0x17, 0x57, 0x59, 0x8b, 0x34, 0xc8, 0xc1, 0x79, 0x32, 0xb4, 0x6e, 0x3c, 0x2e, 0x06, 0x72, 0x91, 0x97, 0x5c, 0x5c, 0x65, 0x25,
0x92, 0x3c, 0xe2, 0x76, 0x5a, 0x9d, 0xa8, 0x40, 0x79, 0xf8, 0xa6, 0xe4, 0xcc, 0x70, 0x72, 0x0a, 0xd6, 0x48, 0xf3, 0x88, 0x57, 0xb3, 0xea, 0x44, 0x05, 0xca, 0xc3, 0x37, 0x21, 0x67, 0x86, 0xe3,
0x2a, 0xad, 0x81, 0xa6, 0x3e, 0x92, 0x70, 0x60, 0x9e, 0xd5, 0xf2, 0xf9, 0x14, 0x8b, 0xb3, 0x98, 0x13, 0x50, 0x69, 0x0d, 0x34, 0xf5, 0xa1, 0x94, 0x03, 0xf3, 0xad, 0x56, 0xc0, 0xa7, 0x58, 0x9c,
0x1a, 0xe7, 0xc5, 0x00, 0xdc, 0xe0, 0x44, 0x62, 0x95, 0x55, 0x6f, 0xd9, 0xc7, 0x30, 0xc6, 0xbb, 0xc5, 0xd4, 0x38, 0x2f, 0x06, 0xe0, 0x06, 0x27, 0x92, 0xa8, 0x2c, 0xfb, 0x8b, 0x01, 0x86, 0x09,
0xa1, 0x79, 0x3e, 0x9a, 0x42, 0x05, 0x58, 0x81, 0xca, 0x36, 0x60, 0x4b, 0x07, 0x9b, 0x18, 0xb7, 0xde, 0x89, 0xcc, 0xf3, 0xf1, 0x14, 0x2a, 0xc0, 0x1a, 0x54, 0xb6, 0x01, 0x9b, 0x3a, 0xd8, 0xc0,
0x2c, 0x86, 0x9b, 0x2d, 0xcf, 0x47, 0xbe, 0x83, 0xa9, 0xb5, 0x61, 0x5c, 0x10, 0x2e, 0xdf, 0xe6, 0xb8, 0x65, 0x31, 0xdc, 0x6c, 0xf9, 0x01, 0x0a, 0x5c, 0x4c, 0xad, 0x75, 0xe3, 0x82, 0x70, 0xf9,
0x1b, 0x81, 0xa3, 0xab, 0x19, 0xc8, 0xdd, 0xbd, 0x24, 0x7a, 0x29, 0x02, 0x72, 0x2d, 0x76, 0x5d, 0x55, 0xbe, 0x11, 0x38, 0xba, 0x9c, 0x83, 0xdc, 0xdd, 0x4b, 0xa2, 0x97, 0x32, 0x20, 0xd7, 0x62,
0x76, 0x75, 0xea, 0x3a, 0x2c, 0x59, 0x01, 0x3b, 0xfa, 0xa0, 0x8d, 0xec, 0x0d, 0x6c, 0x39, 0xeb, 0xd7, 0x65, 0x57, 0x27, 0xae, 0xc3, 0x8a, 0x15, 0xb0, 0xa3, 0xf7, 0xdb, 0xc8, 0x5e, 0xc7, 0x96,
0xc4, 0xf3, 0x71, 0xdd, 0x6a, 0x38, 0x2e, 0xa6, 0xc6, 0x45, 0xe1, 0xe2, 0x02, 0x3f, 0xd1, 0x04, 0xbb, 0x46, 0xfc, 0x00, 0x3b, 0x56, 0xc3, 0xf5, 0x30, 0x35, 0x2e, 0x0a, 0x17, 0xe7, 0xf8, 0x89,
0xbc, 0x10, 0xa1, 0xf3, 0x1c, 0x4c, 0x07, 0xba, 0x84, 0x94, 0xf6, 0x60, 0xba, 0xb7, 0x60, 0xd9, 0x26, 0xe0, 0xb9, 0x18, 0x9d, 0xe5, 0x60, 0x36, 0xd0, 0x15, 0xa4, 0xb2, 0x07, 0xb3, 0xbd, 0x05,
0x0c, 0xf8, 0x9e, 0xa6, 0x9f, 0x6f, 0xf9, 0xde, 0x3a, 0x2f, 0x66, 0xac, 0xa0, 0x55, 0x47, 0x0c, 0xab, 0x66, 0xc0, 0x77, 0x34, 0xfd, 0x7c, 0x2b, 0xf0, 0xd7, 0x78, 0x31, 0x63, 0x85, 0x2d, 0x07,
0xcb, 0x05, 0xc2, 0x13, 0xc2, 0xf7, 0x55, 0x9e, 0xdf, 0x26, 0x5a, 0x6b, 0x42, 0x49, 0x2e, 0x06, 0x31, 0x2c, 0x17, 0x08, 0x4f, 0x08, 0xdf, 0x97, 0x79, 0x7e, 0x9b, 0x6a, 0xad, 0x08, 0x25, 0xb9,
0xa2, 0x22, 0xbb, 0x07, 0x2e, 0xd1, 0x79, 0x51, 0x1a, 0x08, 0xed, 0x45, 0xd8, 0xcb, 0x22, 0x78, 0x18, 0x88, 0x8b, 0xec, 0x2e, 0xb8, 0x44, 0xe7, 0x45, 0x69, 0x20, 0xb4, 0x17, 0x61, 0x37, 0x8b,
0x47, 0xd3, 0x87, 0x5d, 0xa7, 0xe9, 0x30, 0xab, 0x86, 0x48, 0xbd, 0xed, 0xd4, 0xd9, 0x86, 0xe5, 0xe0, 0x5d, 0x4d, 0x1f, 0xf4, 0xdc, 0xa6, 0xcb, 0xac, 0x55, 0x44, 0x9c, 0x2d, 0xd7, 0x61, 0xeb,
0x10, 0xcb, 0x45, 0xc4, 0x18, 0x15, 0x43, 0xb2, 0x24, 0x8a, 0x47, 0xae, 0x31, 0x93, 0x28, 0x2c, 0x96, 0x4b, 0x2c, 0x0f, 0x11, 0x63, 0x58, 0x0c, 0xc9, 0x82, 0x28, 0x1e, 0xb9, 0xc6, 0x54, 0xaa,
0x90, 0x45, 0x44, 0xb2, 0x82, 0xbf, 0x8c, 0x7d, 0xc6, 0xb0, 0xa8, 0x4c, 0x81, 0xb7, 0x35, 0x1d, 0x30, 0x47, 0xe6, 0x11, 0xc9, 0x0b, 0xfe, 0x2a, 0x76, 0x9f, 0x61, 0x51, 0x99, 0x02, 0xef, 0x68,
0x34, 0x1d, 0x62, 0x6d, 0x78, 0x4d, 0x6c, 0xd5, 0x1d, 0xba, 0x69, 0x35, 0x7c, 0x8c, 0x0d, 0x73, 0x3a, 0x68, 0xba, 0xc4, 0x5a, 0xf7, 0x9b, 0xd8, 0x72, 0x5c, 0xba, 0x61, 0x35, 0x02, 0x8c, 0x0d,
0x4c, 0x1b, 0x3f, 0x35, 0xd5, 0x77, 0x25, 0xba, 0x59, 0xbb, 0xb2, 0xe2, 0xbc, 0x89, 0x67, 0x5e, 0x73, 0x44, 0x1b, 0x3d, 0x35, 0xd1, 0x73, 0x25, 0xbe, 0x59, 0xbb, 0xb2, 0xe4, 0xbe, 0x85, 0xa7,
0xf9, 0x30, 0x34, 0x8f, 0xf0, 0x9d, 0xd8, 0x74, 0xc8, 0x6d, 0xaf, 0x89, 0xe7, 0x1c, 0xba, 0x39, 0x5e, 0xf9, 0x24, 0x32, 0x8f, 0xf0, 0x9d, 0xd8, 0x74, 0xc9, 0xab, 0x7e, 0x13, 0xcf, 0xb8, 0x74,
0xef, 0x63, 0x9c, 0xae, 0x8e, 0x82, 0x5c, 0xde, 0x07, 0x63, 0x97, 0x39, 0x91, 0x63, 0x93, 0x63, 0x63, 0x36, 0xc0, 0x38, 0x5b, 0x1d, 0x25, 0xb9, 0xbc, 0x0f, 0x46, 0x2e, 0x73, 0x22, 0xc7, 0xc6,
0x97, 0x61, 0xb1, 0x39, 0xb8, 0xaf, 0xe9, 0x7d, 0xc9, 0x7a, 0x17, 0xc7, 0xce, 0x98, 0x38, 0x76, 0x47, 0x2e, 0xc3, 0x72, 0x73, 0x70, 0x4f, 0xd3, 0x7b, 0xd2, 0xf5, 0x2e, 0x8e, 0x9d, 0x11, 0x71,
0xfe, 0x2c, 0x52, 0x9e, 0x64, 0xd1, 0x46, 0x87, 0xcf, 0x29, 0x3f, 0xfb, 0xec, 0x86, 0xe6, 0x5c, 0xec, 0xfc, 0x51, 0xa4, 0x3c, 0xe9, 0xa2, 0x8d, 0x0f, 0x9f, 0x53, 0x41, 0xfe, 0xd9, 0x89, 0xcc,
0x52, 0x71, 0x24, 0x32, 0xc5, 0x41, 0x14, 0xef, 0x00, 0x5a, 0x38, 0x53, 0x9a, 0x98, 0xa1, 0x2b, 0x99, 0xb4, 0xe2, 0x48, 0x65, 0x8a, 0x83, 0x28, 0xd9, 0x01, 0xb4, 0x74, 0xa6, 0x34, 0x31, 0x43,
0x5f, 0xa6, 0x1e, 0xe1, 0xb1, 0x3b, 0x67, 0x36, 0xff, 0x79, 0xb8, 0x57, 0x1d, 0x7f, 0x58, 0x53, 0x57, 0xbe, 0x44, 0x7d, 0xc2, 0x63, 0x77, 0xc1, 0x6c, 0xf1, 0xf3, 0x70, 0xaf, 0x3e, 0xfa, 0xb0,
0x3c, 0x3f, 0x92, 0xf8, 0xc2, 0xcc, 0x8e, 0xef, 0x82, 0xd7, 0xf4, 0x01, 0xe4, 0xb6, 0x79, 0xf5, 0xa6, 0x78, 0x7e, 0x24, 0xf1, 0x85, 0xb9, 0x9d, 0xc0, 0x03, 0xaf, 0xeb, 0x7d, 0xc8, 0xdb, 0xe2,
0x15, 0xdd, 0x26, 0x10, 0xcc, 0xa8, 0xf1, 0xa4, 0xb8, 0xc4, 0xe3, 0x45, 0xef, 0x99, 0x08, 0x14, 0xd5, 0x57, 0x7c, 0x9b, 0x40, 0x30, 0xa3, 0xc6, 0x93, 0xe2, 0x12, 0x8f, 0x17, 0xbd, 0x67, 0x62,
0x55, 0xf9, 0x5d, 0xcc, 0xf8, 0xc2, 0x1f, 0x8a, 0x22, 0x4c, 0x4e, 0x5e, 0x81, 0x45, 0x45, 0xf0, 0x50, 0x54, 0xe5, 0x77, 0x30, 0xe3, 0x0b, 0x7f, 0x20, 0x8e, 0x30, 0x05, 0x79, 0x0d, 0x96, 0x15,
0x5f, 0x4d, 0x1f, 0xf7, 0xb6, 0xb0, 0xdf, 0xf6, 0x1d, 0xc6, 0x03, 0x47, 0xd3, 0x63, 0xd8, 0xaa, 0xc1, 0xbf, 0x35, 0x7d, 0xd4, 0xdf, 0xc4, 0xc1, 0x56, 0xe0, 0x32, 0x1e, 0x38, 0x9a, 0x3e, 0xc3,
0xe3, 0x2d, 0xc7, 0xc6, 0x16, 0x41, 0x4d, 0x4c, 0x79, 0x38, 0x8d, 0x0b, 0x21, 0xa3, 0x92, 0x5d, 0x96, 0x83, 0x37, 0x5d, 0x1b, 0x5b, 0x04, 0x35, 0x31, 0xe5, 0xe1, 0x34, 0x29, 0x84, 0x8c, 0x5a,
0x2f, 0x8d, 0xdc, 0x4b, 0x1a, 0x41, 0xd1, 0x66, 0x0e, 0x6f, 0xdd, 0xe5, 0xea, 0x9d, 0xd0, 0xbc, 0x7e, 0xbd, 0x34, 0x74, 0x37, 0x6d, 0x04, 0x45, 0x9b, 0x19, 0xbc, 0x79, 0x87, 0xab, 0xb7, 0x23,
0xe4, 0x95, 0x20, 0xc7, 0xc6, 0x02, 0xbd, 0x47, 0x66, 0x23, 0x53, 0xdd, 0xd0, 0x7c, 0x49, 0x10, 0xf3, 0x92, 0x5f, 0x81, 0x5c, 0x1b, 0x0b, 0xf4, 0x2e, 0x99, 0x8e, 0x4d, 0x75, 0x22, 0xf3, 0x25,
0x7c, 0x08, 0xdd, 0xde, 0x8b, 0x92, 0x57, 0x71, 0x3d, 0x78, 0xc0, 0x87, 0x61, 0x01, 0xbe, 0xa6, 0x41, 0xf0, 0x21, 0x74, 0xbb, 0x2f, 0x4a, 0x5e, 0xc5, 0x75, 0xe1, 0x01, 0x1f, 0x86, 0x05, 0xf8,
0x9f, 0xe3, 0x61, 0xcc, 0x72, 0x48, 0x1d, 0x6f, 0x5b, 0x7c, 0x25, 0xd7, 0x5c, 0xcf, 0xde, 0xa4, 0xaa, 0x7e, 0x8e, 0x87, 0x31, 0xcb, 0x25, 0x0e, 0xde, 0xb6, 0xf8, 0x4a, 0x5e, 0xf5, 0x7c, 0x7b,
0xc6, 0x25, 0xb1, 0xa5, 0xf9, 0xa2, 0x01, 0x5c, 0x61, 0x81, 0xe3, 0x4b, 0x0e, 0x99, 0x11, 0x68, 0x83, 0x1a, 0x97, 0xc4, 0x96, 0xe6, 0x8b, 0x06, 0x70, 0x85, 0x39, 0x8e, 0x2f, 0xb8, 0x64, 0x4a,
0x7a, 0x6b, 0x5b, 0x86, 0x94, 0x99, 0x72, 0x94, 0xff, 0x42, 0x85, 0x25, 0xf0, 0x4f, 0x9e, 0xee, 0xa0, 0xd9, 0xad, 0x6d, 0x15, 0x52, 0x66, 0xca, 0x71, 0xfe, 0x0b, 0x15, 0x96, 0xc0, 0xdf, 0x79,
0x12, 0x64, 0x6f, 0xe2, 0xba, 0x45, 0x3c, 0xe6, 0x34, 0x1c, 0x1b, 0x45, 0xf7, 0x0f, 0x75, 0x6a, 0xba, 0x4b, 0x90, 0xbd, 0x81, 0x1d, 0x8b, 0xf8, 0xcc, 0x6d, 0xb8, 0x36, 0x8a, 0xef, 0x1f, 0x1c,
0x54, 0xc5, 0xfc, 0xbe, 0xcb, 0x87, 0x7b, 0x78, 0x2d, 0x52, 0xba, 0x2b, 0xe9, 0x2c, 0xcc, 0xf1, 0x6a, 0xd4, 0xc5, 0xfc, 0xbe, 0xcf, 0x87, 0x7b, 0x70, 0x25, 0x56, 0xba, 0x23, 0xe9, 0xcc, 0xcd,
0xd1, 0x1e, 0x0e, 0x94, 0x48, 0x37, 0x34, 0x2f, 0x44, 0xa1, 0x5d, 0x05, 0x8b, 0xbb, 0x4a, 0x25, 0xf0, 0xd1, 0x1e, 0x0c, 0x95, 0x48, 0x27, 0x32, 0x2f, 0xc4, 0xa1, 0x5d, 0x05, 0x8b, 0xbb, 0x4a,
0xd2, 0xdd, 0xab, 0xf6, 0xb0, 0xb8, 0xbb, 0x5f, 0xed, 0xc1, 0x02, 0x2a, 0x5b, 0xd4, 0x29, 0x80, 0x25, 0xd2, 0xd9, 0xab, 0x77, 0xb1, 0xb8, 0xbb, 0x5f, 0xef, 0xc2, 0x02, 0x2a, 0x5b, 0x38, 0x14,
0xfa, 0x69, 0xe6, 0xa3, 0x46, 0xc3, 0xb1, 0x2d, 0xdb, 0x45, 0x94, 0x1a, 0x97, 0xc5, 0xb0, 0xbe, 0x40, 0xfd, 0x34, 0x0b, 0x50, 0xa3, 0xe1, 0xda, 0x96, 0xed, 0x21, 0x4a, 0x8d, 0xcb, 0x62, 0x58,
0xc0, 0xeb, 0xe5, 0x18, 0x98, 0xe5, 0xf2, 0x6e, 0x68, 0x82, 0x68, 0x40, 0x25, 0x61, 0x7a, 0x51, 0x5f, 0xe0, 0xf5, 0x72, 0x02, 0x4c, 0x73, 0x79, 0x27, 0x32, 0x41, 0x3c, 0xa0, 0x92, 0x30, 0xbb,
0x93, 0x53, 0x05, 0x6f, 0xe9, 0x83, 0xf1, 0x10, 0x5b, 0x0d, 0xcf, 0xad, 0x63, 0xdf, 0x6a, 0x21, 0xa8, 0x29, 0xa8, 0x82, 0xb7, 0xf5, 0xfe, 0x64, 0x88, 0xad, 0x86, 0xef, 0x39, 0x38, 0xb0, 0x5a,
0xb6, 0x61, 0x3c, 0x25, 0x76, 0xfd, 0x9d, 0x83, 0xd0, 0xbc, 0x30, 0x87, 0x5b, 0x3e, 0xb6, 0x11, 0x88, 0xad, 0x1b, 0x4f, 0x89, 0x5d, 0x7f, 0xfb, 0x20, 0x32, 0x2f, 0xcc, 0xe0, 0x56, 0x80, 0x6d,
0xc3, 0xf5, 0xb9, 0x48, 0x71, 0x5e, 0xe8, 0x2d, 0x23, 0xb6, 0xd1, 0x09, 0x4d, 0xed, 0x85, 0xb4, 0xc4, 0xb0, 0x33, 0x13, 0x2b, 0xce, 0x0a, 0xbd, 0x45, 0xc4, 0xd6, 0xdb, 0x91, 0xa9, 0xbd, 0x90,
0x3a, 0xaf, 0x17, 0xe1, 0xe7, 0xbd, 0xa6, 0xc3, 0x27, 0x89, 0xed, 0x54, 0x0c, 0x0d, 0x0e, 0x94, 0x55, 0xe7, 0x4e, 0x19, 0x7e, 0xde, 0x6f, 0xba, 0x7c, 0x92, 0xd8, 0x4e, 0xcd, 0xd0, 0x60, 0x5f,
0x70, 0xb0, 0xa9, 0x9f, 0xa5, 0x98, 0x59, 0xae, 0xd7, 0xb6, 0x5a, 0xbe, 0xe3, 0xf9, 0x0e, 0xdb, 0x05, 0x07, 0x1b, 0xfa, 0x59, 0x8a, 0x99, 0xe5, 0xf9, 0x5b, 0x56, 0x2b, 0x70, 0xfd, 0xc0, 0x65,
0x31, 0x9e, 0x16, 0x9b, 0x62, 0xba, 0x13, 0x9a, 0xfd, 0x14, 0xb3, 0x45, 0xaf, 0xbd, 0x1c, 0x23, 0x3b, 0xc6, 0xd3, 0x62, 0x53, 0x4c, 0xb6, 0x23, 0xb3, 0x97, 0x62, 0x36, 0xef, 0x6f, 0x2d, 0x26,
0x69, 0x64, 0xcb, 0x8b, 0x7b, 0xa6, 0x18, 0x85, 0xe6, 0xe0, 0x3d, 0x4d, 0x1f, 0x6e, 0xa2, 0xed, 0x48, 0x16, 0xd9, 0x8a, 0xe2, 0xae, 0x29, 0x46, 0xa9, 0x39, 0xf8, 0x40, 0xd3, 0x07, 0x9b, 0x68,
0xc4, 0x4d, 0xdb, 0x23, 0x76, 0xe0, 0xfb, 0x98, 0xd8, 0x3b, 0xc6, 0xb8, 0x18, 0x47, 0x2a, 0x2e, 0x3b, 0x75, 0xd3, 0xf6, 0x89, 0x1d, 0x06, 0x01, 0x26, 0xf6, 0x8e, 0x31, 0x2a, 0xc6, 0x91, 0x8a,
0x5b, 0x50, 0x7b, 0x09, 0x6d, 0x47, 0x1c, 0x67, 0x33, 0x15, 0x7e, 0xe4, 0x37, 0x15, 0xf2, 0xf4, 0xcb, 0x16, 0xb4, 0xb5, 0x80, 0xb6, 0x63, 0x8e, 0xd3, 0xb9, 0x0a, 0x3f, 0xf2, 0x9b, 0x0a, 0x79,
0xc8, 0x57, 0x81, 0xc9, 0x90, 0x8b, 0xdb, 0x11, 0xb5, 0x5d, 0xa8, 0xb4, 0x0a, 0x3e, 0xd6, 0xf4, 0x76, 0xe4, 0xab, 0xc0, 0x74, 0xc8, 0xc5, 0xed, 0x88, 0xda, 0x2e, 0x54, 0x5a, 0x05, 0x9f, 0x6a,
0x41, 0xdb, 0x47, 0x74, 0xa3, 0x50, 0x03, 0x3c, 0x23, 0xa6, 0xe5, 0x7d, 0x51, 0x03, 0xcc, 0x26, 0x7a, 0xbf, 0x1d, 0x20, 0xba, 0x5e, 0xaa, 0x01, 0x9e, 0x11, 0xd3, 0xf2, 0xa1, 0xa8, 0x01, 0xa6,
0x35, 0x80, 0x1d, 0xd7, 0x00, 0xf3, 0xd1, 0xd9, 0xcc, 0x9b, 0x65, 0xd9, 0xb8, 0x32, 0x0c, 0x0b, 0xd3, 0x1a, 0xc0, 0x4e, 0x6a, 0x80, 0xd9, 0xf8, 0x6c, 0xe6, 0xcd, 0xf2, 0x6c, 0x5c, 0x19, 0x86,
0x9d, 0x72, 0x5e, 0x2f, 0xc4, 0x7c, 0x2d, 0x0f, 0x94, 0x8c, 0xf0, 0xea, 0xc0, 0x8e, 0xab, 0x83, 0x85, 0x4e, 0x35, 0xaf, 0x17, 0x62, 0xbe, 0x96, 0xfb, 0x2a, 0x46, 0x78, 0x75, 0x60, 0x27, 0xd5,
0xea, 0xc3, 0x98, 0xe1, 0xf5, 0xc1, 0x6c, 0x54, 0x1f, 0x14, 0x8c, 0xf9, 0x2e, 0xf8, 0x99, 0xa6, 0x41, 0xfd, 0x61, 0xcc, 0xf0, 0xfa, 0x60, 0x3a, 0xae, 0x0f, 0x4a, 0xc6, 0x02, 0x0f, 0xfc, 0x44,
0x8f, 0x14, 0xdd, 0x4b, 0xae, 0x65, 0x9e, 0x15, 0xf3, 0xef, 0x1c, 0x84, 0xe6, 0xc9, 0x59, 0x28, 0xd3, 0x87, 0xca, 0xee, 0xa5, 0xd7, 0x32, 0xcf, 0x8a, 0xf9, 0x77, 0x0f, 0x22, 0xf3, 0xe4, 0x34,
0xbd, 0x28, 0xe4, 0xad, 0x14, 0x5f, 0x14, 0x94, 0x68, 0xaf, 0xa5, 0xb1, 0xbb, 0x5f, 0xcd, 0x6c, 0x94, 0x5e, 0x14, 0x8a, 0x56, 0xca, 0x2f, 0x0a, 0x4a, 0xb4, 0xdb, 0xd2, 0xd8, 0xdd, 0xaf, 0xe7,
0x43, 0xb5, 0x65, 0xf0, 0x0d, 0x4d, 0x1f, 0xa6, 0x2c, 0x20, 0x16, 0xcf, 0x9c, 0x90, 0xeb, 0x6c, 0xb6, 0xa1, 0xda, 0x32, 0xf8, 0xba, 0xa6, 0x0f, 0x52, 0x16, 0x12, 0x8b, 0x67, 0x4e, 0xc8, 0x73,
0x61, 0x2b, 0xca, 0x87, 0xa9, 0xf1, 0x5c, 0x9a, 0x8f, 0x0e, 0x72, 0x8d, 0x3b, 0x89, 0xc2, 0x0a, 0x37, 0xb1, 0x15, 0xe7, 0xc3, 0xd4, 0x78, 0x2e, 0xcb, 0x47, 0xfb, 0xb9, 0xc6, 0xed, 0x54, 0x61,
0xc7, 0x57, 0xd2, 0x2c, 0x49, 0x81, 0xe5, 0x93, 0x79, 0x29, 0xa0, 0x1d, 0x9b, 0xbc, 0x39, 0x01, 0x89, 0xe3, 0x4b, 0x59, 0x96, 0xa4, 0xc0, 0x8a, 0xc9, 0xbc, 0x14, 0xd0, 0x8e, 0x8d, 0xdf, 0x1c,
0x55, 0xd6, 0x78, 0x8d, 0x5c, 0xa0, 0xc1, 0xe3, 0x2a, 0x35, 0x9e, 0x17, 0x24, 0x5e, 0xe5, 0x89, 0x83, 0x2a, 0x6b, 0xbc, 0x46, 0x2e, 0xd1, 0xe0, 0x71, 0x95, 0x1a, 0xcf, 0x0b, 0x12, 0xaf, 0xf1,
0x5a, 0xae, 0xd9, 0x92, 0x43, 0xb2, 0x5a, 0xa2, 0x84, 0xc8, 0x39, 0x62, 0x2e, 0xa0, 0x4e, 0x4d, 0x44, 0xad, 0xd0, 0x6c, 0xc1, 0x25, 0x79, 0x2d, 0x51, 0x41, 0xe4, 0x1c, 0xb1, 0x10, 0x50, 0x27,
0xc0, 0xb2, 0x1d, 0x9e, 0x95, 0xf7, 0x89, 0xde, 0x93, 0x87, 0xae, 0x17, 0x44, 0x0c, 0xad, 0x1f, 0xc6, 0x60, 0xd5, 0x0e, 0xcf, 0xca, 0x7b, 0x44, 0xef, 0xe9, 0x43, 0xd7, 0x0b, 0x22, 0x86, 0x3a,
0x84, 0x66, 0x3f, 0x44, 0xed, 0x15, 0x16, 0x48, 0x4f, 0x5c, 0xa7, 0x68, 0xf6, 0x99, 0x5e, 0x46, 0x07, 0x91, 0xd9, 0x0b, 0xd1, 0xd6, 0x12, 0x0b, 0xa5, 0x27, 0xae, 0x53, 0x34, 0xff, 0xcc, 0x2e,
0x65, 0xb2, 0x07, 0x3e, 0xc3, 0x15, 0x2c, 0x42, 0xd9, 0x1e, 0xd8, 0xd2, 0xcf, 0xf0, 0xb2, 0xb3, 0xa3, 0x72, 0xd9, 0x03, 0x9f, 0xe1, 0x4a, 0x16, 0xa1, 0x6c, 0x0f, 0x6c, 0xea, 0x67, 0x78, 0xd9,
0x86, 0x28, 0xb6, 0xa2, 0x37, 0x47, 0xe3, 0xca, 0x98, 0x36, 0xde, 0x3f, 0xd5, 0x9f, 0xa4, 0x45, 0xb9, 0x8a, 0x28, 0xb6, 0xe2, 0x37, 0x47, 0xe3, 0xca, 0x88, 0x36, 0xda, 0x3b, 0xd1, 0x9b, 0xa6,
0xab, 0x42, 0x2a, 0x6e, 0x0f, 0xfb, 0x13, 0xd5, 0x48, 0x96, 0x46, 0x8e, 0xbc, 0xb8, 0x32, 0x16, 0x45, 0xcb, 0x42, 0x2a, 0x6e, 0x0f, 0x7b, 0x53, 0xd5, 0x58, 0x96, 0x45, 0x8e, 0xa2, 0xb8, 0x36,
0x17, 0x21, 0xf1, 0xf2, 0x78, 0x7b, 0xbf, 0xaa, 0xc1, 0x42, 0x53, 0xf0, 0xfd, 0xa3, 0xfa, 0x25, 0x92, 0x14, 0x21, 0xc9, 0xf2, 0x78, 0x67, 0xbf, 0xae, 0xc1, 0x52, 0x53, 0xf0, 0xdd, 0xa3, 0xfa,
0x1e, 0x35, 0xd2, 0x70, 0xc1, 0x8b, 0x58, 0xdb, 0x6b, 0xf2, 0x25, 0xeb, 0xe3, 0x37, 0x02, 0x4c, 0x25, 0x1e, 0x35, 0xb2, 0x70, 0xc1, 0x8b, 0x58, 0xdb, 0x6f, 0xf2, 0x25, 0x1b, 0xe0, 0x37, 0x43,
0x99, 0xb5, 0xe9, 0xd4, 0x8c, 0xab, 0x62, 0x3a, 0xfe, 0xa6, 0xc5, 0x6f, 0x95, 0x4b, 0x68, 0x7b, 0x4c, 0x99, 0xb5, 0xe1, 0xae, 0x1a, 0x57, 0xc5, 0x74, 0xfc, 0x59, 0x4b, 0xde, 0x2a, 0x17, 0xd0,
0x76, 0x01, 0x46, 0xf8, 0x1d, 0x67, 0xa6, 0x13, 0x9a, 0x66, 0x13, 0x6d, 0xa7, 0x5b, 0x9c, 0x2d, 0xf6, 0xf4, 0x1c, 0x8c, 0xf1, 0xdb, 0xee, 0x54, 0x3b, 0x32, 0xcd, 0x26, 0xda, 0xce, 0xb6, 0x38,
0xc4, 0x36, 0x32, 0x95, 0xf4, 0x14, 0x7c, 0x80, 0x9e, 0x54, 0x00, 0x3e, 0xd0, 0xe4, 0x83, 0x55, 0x9b, 0x4b, 0x6c, 0xe4, 0x2a, 0xd9, 0x29, 0xf8, 0x00, 0x3d, 0xa9, 0x00, 0x7c, 0xa0, 0xc9, 0x07,
0xe2, 0xd7, 0xcf, 0x02, 0x5d, 0xf8, 0x80, 0x66, 0x35, 0xf0, 0xa9, 0xa6, 0x0f, 0xa7, 0x4f, 0x30, 0xab, 0x24, 0xaf, 0x9f, 0x25, 0xba, 0xf0, 0x01, 0xcd, 0x56, 0xc1, 0xe7, 0x9a, 0x3e, 0x98, 0x3d,
0x2e, 0x92, 0x1f, 0x6d, 0x27, 0xc4, 0x06, 0xfe, 0x80, 0x8f, 0xc4, 0x50, 0xf2, 0x84, 0xb1, 0x38, 0xc1, 0x78, 0x48, 0x7e, 0xb4, 0x1d, 0x13, 0x1b, 0xf8, 0x23, 0x3e, 0x12, 0x03, 0xe9, 0x13, 0xc6,
0x7d, 0x57, 0x7e, 0xb7, 0x1d, 0x42, 0x0a, 0x79, 0x9a, 0x48, 0xab, 0x40, 0xd5, 0xcb, 0x99, 0xd2, 0xfc, 0xe4, 0x1d, 0xf9, 0xdd, 0x76, 0x00, 0x29, 0xe4, 0x59, 0x22, 0xad, 0x02, 0x55, 0x2f, 0x67,
0x48, 0x0f, 0xb9, 0xb4, 0xf5, 0x95, 0xa4, 0x60, 0xd6, 0x0a, 0x49, 0x8f, 0xbe, 0x5b, 0xfa, 0x79, 0x4a, 0x23, 0x5d, 0xe4, 0xd2, 0xd6, 0x57, 0x92, 0x82, 0x79, 0x2b, 0x24, 0x3d, 0xfa, 0x6e, 0xea,
0xf1, 0xca, 0xd2, 0x08, 0x5c, 0x37, 0xce, 0x6a, 0x3c, 0x92, 0x94, 0xa8, 0xc6, 0xa4, 0xf0, 0xf4, 0xe7, 0xc5, 0x2b, 0x4b, 0x23, 0xf4, 0xbc, 0x24, 0xab, 0xf1, 0x49, 0x5a, 0xa2, 0x1a, 0xe3, 0xc2,
0x16, 0xcf, 0x1a, 0xb8, 0xd6, 0x7c, 0xe0, 0xba, 0x22, 0x1f, 0xb9, 0x47, 0xe2, 0xa2, 0xb2, 0x1b, 0xd3, 0x5b, 0x3c, 0x6b, 0xe0, 0x5a, 0xb3, 0xa1, 0xe7, 0x89, 0x7c, 0xe4, 0x2e, 0x49, 0x8a, 0xca,
0x9a, 0x17, 0xe3, 0x23, 0x4b, 0x05, 0x57, 0x60, 0x8f, 0x76, 0xe0, 0x55, 0xfd, 0x74, 0x03, 0x23, 0x4e, 0x64, 0x5e, 0x4c, 0x8e, 0x2c, 0x15, 0x5c, 0x83, 0x5d, 0xda, 0x81, 0xd7, 0xf4, 0xd3, 0x0d,
0x16, 0xf8, 0xd8, 0x6a, 0xb8, 0x68, 0x9d, 0x1a, 0x53, 0x62, 0xdf, 0x5d, 0xe6, 0x27, 0x7d, 0x0c, 0x8c, 0x58, 0x18, 0x60, 0xab, 0xe1, 0xa1, 0x35, 0x6a, 0x4c, 0x88, 0x7d, 0x77, 0x99, 0x9f, 0xf4,
0xcc, 0x73, 0x79, 0xfa, 0x22, 0x23, 0x09, 0x2b, 0x30, 0xa7, 0x02, 0xda, 0xfa, 0x88, 0xf4, 0x10, 0x09, 0x30, 0xcb, 0xe5, 0xd9, 0x8b, 0x8c, 0x24, 0xac, 0xc1, 0x82, 0x0a, 0xd8, 0xd2, 0x87, 0xa4,
0x13, 0xd5, 0x38, 0x98, 0x78, 0xc1, 0xfa, 0x86, 0x71, 0x4d, 0x2c, 0xda, 0x97, 0x45, 0x78, 0x4d, 0x87, 0x98, 0xb8, 0xc6, 0xc1, 0xc4, 0x0f, 0xd7, 0xd6, 0x8d, 0x6b, 0x62, 0xd1, 0xbe, 0x2c, 0xc2,
0x55, 0x16, 0xb9, 0xc6, 0x2b, 0x42, 0x21, 0xcd, 0x7a, 0x94, 0x68, 0x9a, 0x51, 0xa8, 0x1b, 0x83, 0x6b, 0xa6, 0x32, 0xcf, 0x35, 0x5e, 0x11, 0x0a, 0x59, 0xd6, 0xa3, 0x44, 0xb3, 0x8c, 0x42, 0xdd,
0x4d, 0x7d, 0xa8, 0xd4, 0x71, 0x13, 0x6d, 0x1b, 0xd7, 0x45, 0xaf, 0x2f, 0xf1, 0x64, 0xb0, 0xd0, 0x18, 0x6c, 0xe8, 0x03, 0x95, 0x8e, 0x9b, 0x68, 0xdb, 0xb8, 0x2e, 0x7a, 0x7d, 0x89, 0x27, 0x83,
0x70, 0x09, 0x6d, 0x77, 0x43, 0xd3, 0x50, 0x75, 0xb9, 0x84, 0xb6, 0xd3, 0xfe, 0x14, 0xcd, 0xc0, 0xa5, 0x86, 0x0b, 0x68, 0xbb, 0x13, 0x99, 0x86, 0xaa, 0xcb, 0x05, 0xb4, 0x9d, 0xf5, 0xa7, 0x68,
0x57, 0xf4, 0xbe, 0xa0, 0x45, 0x5a, 0xe9, 0x31, 0xf2, 0xab, 0x79, 0x31, 0x39, 0x5f, 0x38, 0x08, 0x06, 0xde, 0x3b, 0xaa, 0x9b, 0xe9, 0xed, 0x92, 0x85, 0x3c, 0x9e, 0x52, 0xf8, 0x9e, 0x63, 0x31,
0xcd, 0x73, 0x59, 0x06, 0xb3, 0xb6, 0x4c, 0x96, 0xb3, 0x33, 0x45, 0xe4, 0x2e, 0x71, 0x5a, 0xd7, 0x8f, 0x5a, 0x3c, 0x7e, 0xb8, 0x3e, 0xa1, 0xc6, 0x8b, 0x62, 0xbe, 0x3e, 0xe6, 0x2b, 0xf3, 0x42,
0x22, 0xad, 0x18, 0x90, 0xb2, 0x96, 0xdd, 0xfd, 0xaa, 0xba, 0xb1, 0xa1, 0xc1, 0x53, 0x52, 0x13, 0x7a, 0x97, 0x33, 0xc9, 0x55, 0xef, 0x7a, 0xce, 0xf2, 0xfc, 0xd2, 0xff, 0x25, 0x7a, 0xed, 0xc8,
0xf0, 0x0b, 0x2d, 0xee, 0x3e, 0xb9, 0xb4, 0x7f, 0x6f, 0x5e, 0x38, 0xf9, 0xb6, 0xd8, 0x05, 0x79, 0xbc, 0xe0, 0x76, 0x87, 0xb3, 0x7c, 0xe7, 0x3e, 0x3a, 0x7c, 0x7d, 0xde, 0xd7, 0xc6, 0xfd, 0xe1,
0x13, 0xe9, 0x05, 0xbe, 0xe8, 0x7e, 0x2c, 0xed, 0x5e, 0xbe, 0x78, 0x97, 0x38, 0x64, 0xdb, 0xfd, 0xdd, 0xfd, 0xfa, 0xfd, 0x08, 0xc2, 0x6a, 0x5b, 0x8f, 0xa6, 0x20, 0xf8, 0xb2, 0xde, 0x13, 0xb6,
0x7c, 0x6f, 0x2d, 0xbe, 0xac, 0x55, 0xbd, 0x18, 0x1a, 0xd4, 0xb3, 0x56, 0xe0, 0x77, 0x9a, 0xde, 0x48, 0x2b, 0x3b, 0x50, 0x7f, 0x31, 0x2b, 0xdc, 0xfe, 0xff, 0x83, 0xc8, 0x3c, 0x97, 0xe7, 0x72,
0x2f, 0x68, 0x66, 0xd7, 0xf3, 0xbf, 0x8e, 0x88, 0x7e, 0x5b, 0x64, 0xc5, 0x79, 0x13, 0xd2, 0x55, 0x2b, 0x8b, 0x64, 0x31, 0x3f, 0x5d, 0x45, 0x16, 0x97, 0x24, 0xb8, 0x2d, 0xd2, 0x4a, 0x00, 0x29,
0xbd, 0xa0, 0x5a, 0x49, 0xa9, 0xe6, 0x2f, 0xd7, 0x95, 0x64, 0x2f, 0x7e, 0x96, 0x1e, 0xcf, 0x7d, 0x7f, 0xdb, 0xdd, 0xaf, 0xab, 0x1b, 0x1b, 0x1a, 0x3c, 0x25, 0x35, 0x01, 0x3f, 0xd3, 0x92, 0xee,
0xd5, 0x7d, 0x19, 0x1a, 0xec, 0x93, 0x5b, 0x66, 0x94, 0xb3, 0x4b, 0xf8, 0xf7, 0x7b, 0x53, 0x96, 0xd3, 0xe7, 0x8b, 0x0f, 0x66, 0xc5, 0x74, 0xbf, 0x23, 0xe2, 0x41, 0xd1, 0x44, 0xf6, 0x94, 0x21,
0x2e, 0xe4, 0x0b, 0x94, 0xf3, 0x57, 0xe8, 0xbd, 0x29, 0xf7, 0xd2, 0x2b, 0x53, 0x4e, 0x34, 0x13, 0xba, 0x1f, 0xc9, 0xba, 0x97, 0x9f, 0x20, 0x24, 0x0e, 0x79, 0xe0, 0x3b, 0xdf, 0x5d, 0x8b, 0x6f,
0xca, 0xe9, 0x9d, 0x7b, 0x43, 0x8f, 0x1e, 0xfb, 0xd2, 0x43, 0xf3, 0x37, 0xf3, 0x62, 0xf7, 0x7e, 0x70, 0x55, 0x2f, 0x86, 0x06, 0xf5, 0xbc, 0x15, 0xf8, 0x8d, 0xa6, 0xf7, 0x0a, 0x9a, 0xf9, 0x43,
0x2e, 0xcf, 0x57, 0xbc, 0x97, 0x65, 0xa7, 0xa7, 0xb4, 0x18, 0xfd, 0x0c, 0xc9, 0xa7, 0xd0, 0x7d, 0xc5, 0x2f, 0x63, 0xa2, 0xdf, 0x14, 0xf5, 0x41, 0xd1, 0x84, 0xf4, 0x68, 0x21, 0xa8, 0xd6, 0x32,
0x12, 0x42, 0xc5, 0x95, 0x45, 0xf9, 0xb6, 0xc0, 0x6a, 0xd9, 0xcc, 0xf8, 0x80, 0x0f, 0x91, 0x36, 0xaa, 0xc5, 0x67, 0x06, 0x25, 0xd9, 0x8b, 0xf7, 0xd3, 0xe3, 0x55, 0x80, 0xba, 0x2f, 0x43, 0x83,
0xb3, 0x74, 0x10, 0x9a, 0x17, 0xb3, 0x1e, 0x97, 0xf2, 0xb5, 0xfe, 0xb2, 0xcd, 0xf2, 0xe3, 0xd4, 0x3d, 0x72, 0xcb, 0x9c, 0x72, 0xfe, 0x1c, 0xf1, 0x61, 0x77, 0xca, 0xd2, 0xd3, 0x44, 0x89, 0x72,
0x2c, 0xe1, 0xf9, 0xee, 0x41, 0x59, 0x81, 0x67, 0x08, 0x43, 0x85, 0xf3, 0x91, 0xda, 0x88, 0x50, 0xf1, 0x31, 0xa1, 0x3b, 0xe5, 0x6e, 0x7a, 0x55, 0xca, 0xa9, 0x66, 0x4a, 0x39, 0x7b, 0x7d, 0x68,
0xe3, 0xb7, 0xd1, 0x2c, 0xad, 0x16, 0x28, 0xc8, 0xe7, 0xca, 0x0a, 0x57, 0x2c, 0x50, 0x28, 0xe1, 0xe8, 0xf1, 0xb3, 0x67, 0x96, 0x3e, 0xfc, 0x6a, 0x56, 0xc4, 0xb1, 0xff, 0x29, 0xf2, 0x15, 0x2f,
0xe5, 0xa9, 0x12, 0x4c, 0x4a, 0x7a, 0x33, 0x77, 0x3e, 0xfc, 0x64, 0xf4, 0xc8, 0xfe, 0x27, 0xa3, 0x87, 0x79, 0x1e, 0x21, 0x2d, 0xc6, 0x20, 0x47, 0x8a, 0xc5, 0x44, 0x8f, 0x84, 0x50, 0x71, 0x79,
0x47, 0x3e, 0x3c, 0x18, 0xd5, 0xf6, 0x0f, 0x46, 0xb5, 0xef, 0xde, 0x1f, 0x3d, 0xf2, 0xee, 0xfd, 0x53, 0xbd, 0x37, 0xb1, 0x5a, 0x36, 0x33, 0x3e, 0xe2, 0x43, 0xa4, 0x4d, 0x2d, 0x1c, 0x44, 0xe6,
0x51, 0x6d, 0xff, 0xfe, 0xe8, 0x91, 0x8f, 0xee, 0x8f, 0x1e, 0x79, 0xfd, 0x99, 0x75, 0x87, 0x6d, 0xc5, 0xbc, 0xc7, 0x85, 0xe2, 0xad, 0xc7, 0xa2, 0xcd, 0x8a, 0xe3, 0xd4, 0xac, 0xe0, 0xc5, 0xee,
0x04, 0xb5, 0x2b, 0xb6, 0xd7, 0xbc, 0x9a, 0x66, 0xad, 0xd2, 0xaf, 0xec, 0xdf, 0x4b, 0xb5, 0x13, 0x41, 0x55, 0x81, 0xe7, 0x4a, 0x03, 0xa5, 0x4c, 0x81, 0xda, 0x88, 0x50, 0xe3, 0xd7, 0xf1, 0x2c,
0xe2, 0xef, 0x4a, 0xd7, 0xfe, 0x17, 0x00, 0x00, 0xff, 0xff, 0x2c, 0x30, 0xd1, 0x0d, 0x1a, 0x25, 0x2d, 0x97, 0x28, 0xc8, 0x27, 0xec, 0x12, 0x57, 0x2c, 0x51, 0xa8, 0xe0, 0xd5, 0xa9, 0x12, 0x4c,
0x00, 0x00, 0x2a, 0x7a, 0x53, 0xb7, 0x3f, 0xf9, 0x6c, 0xf8, 0xc8, 0xfe, 0x67, 0xc3, 0x47, 0x3e, 0x39, 0x18,
0xd6, 0xf6, 0x0f, 0x86, 0xb5, 0x6f, 0xdf, 0x1b, 0x3e, 0xf2, 0xfe, 0xbd, 0x61, 0x6d, 0xff, 0xde,
0xf0, 0x91, 0xbf, 0xdd, 0x1b, 0x3e, 0xf2, 0xc6, 0x33, 0x6b, 0x2e, 0x5b, 0x0f, 0x57, 0xaf, 0xd8,
0x7e, 0xf3, 0x6a, 0x96, 0xbf, 0x4b, 0xbf, 0xf2, 0xff, 0x71, 0xad, 0x9e, 0x10, 0x7f, 0xdc, 0xba,
0xf6, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x1c, 0x3d, 0xe9, 0x4b, 0x24, 0x26, 0x00, 0x00,
} }
func (m *OptionsConfiguration) Marshal() (dAtA []byte, err error) { func (m *OptionsConfiguration) Marshal() (dAtA []byte, err error) {
@ -431,6 +438,18 @@ func (m *OptionsConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i-- i--
dAtA[i] = 0xc0 dAtA[i] = 0xc0
} }
if m.InsecureAllowOldTLSVersions {
i--
if m.InsecureAllowOldTLSVersions {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x3
i--
dAtA[i] = 0xa8
}
if m.ConnectionLimitMax != 0 { if m.ConnectionLimitMax != 0 {
i = encodeVarintOptionsconfiguration(dAtA, i, uint64(m.ConnectionLimitMax)) i = encodeVarintOptionsconfiguration(dAtA, i, uint64(m.ConnectionLimitMax))
i-- i--
@ -1072,6 +1091,9 @@ func (m *OptionsConfiguration) ProtoSize() (n int) {
if m.ConnectionLimitMax != 0 { if m.ConnectionLimitMax != 0 {
n += 2 + sovOptionsconfiguration(uint64(m.ConnectionLimitMax)) n += 2 + sovOptionsconfiguration(uint64(m.ConnectionLimitMax))
} }
if m.InsecureAllowOldTLSVersions {
n += 3
}
if m.DeprecatedUPnPEnabled { if m.DeprecatedUPnPEnabled {
n += 4 n += 4
} }
@ -2288,6 +2310,26 @@ func (m *OptionsConfiguration) Unmarshal(dAtA []byte) error {
break break
} }
} }
case 53:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field InsecureAllowOldTLSVersions", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOptionsconfiguration
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.InsecureAllowOldTLSVersions = bool(v != 0)
case 9000: case 9000:
if wireType != 0 { if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field DeprecatedUPnPEnabled", wireType) return fmt.Errorf("proto: wrong wireType = %d for field DeprecatedUPnPEnabled", wireType)

2
lib/db/structs.pb.go
View File

@ -8,10 +8,10 @@ import (
_ "github.com/gogo/protobuf/gogoproto" _ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto" proto "github.com/gogo/protobuf/proto"
github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
_ "github.com/golang/protobuf/ptypes/timestamp"
github_com_syncthing_syncthing_lib_protocol "github.com/syncthing/syncthing/lib/protocol" github_com_syncthing_syncthing_lib_protocol "github.com/syncthing/syncthing/lib/protocol"
protocol "github.com/syncthing/syncthing/lib/protocol" protocol "github.com/syncthing/syncthing/lib/protocol"
_ "github.com/syncthing/syncthing/proto/ext" _ "github.com/syncthing/syncthing/proto/ext"
_ "google.golang.org/protobuf/types/known/timestamppb"
io "io" io "io"
math "math" math "math"
math_bits "math/bits" math_bits "math/bits"

8
lib/syncthing/syncthing.go
View File

@ -255,7 +255,13 @@ func (a *App) startup() error {
// The TLS configuration is used for both the listening socket and outgoing // The TLS configuration is used for both the listening socket and outgoing
// connections. // connections.
tlsCfg := tlsutil.SecureDefault() var tlsCfg *tls.Config
if a.cfg.Options().InsecureAllowOldTLSVersions {
l.Infoln("TLS 1.2 is allowed on sync connections. This is less than optimally secure.")
tlsCfg = tlsutil.SecureDefaultWithTLS12()
} else {
tlsCfg = tlsutil.SecureDefaultTLS13()
}
tlsCfg.Certificates = []tls.Certificate{a.cert} tlsCfg.Certificates = []tls.Certificate{a.cert}
tlsCfg.NextProtos = []string{bepProtocolName} tlsCfg.NextProtos = []string{bepProtocolName}
tlsCfg.ClientAuth = tls.RequestClientCert tlsCfg.ClientAuth = tls.RequestClientCert

119
lib/tlsutil/tlsutil.go
View File

@ -29,30 +29,22 @@ var (
) )
var ( var (
// The list of cipher suites we will use / suggest for TLS connections. // The list of cipher suites we will use / suggest for TLS 1.2 connections.
// This is built based on the component slices below, depending on what cipherSuites = []uint16{
// the hardware prefers. // Suites that are good and fast on hardware *without* AES-NI.
cipherSuites []uint16 tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
// Suites that are good and fast on hardware with AES-NI. These are // Suites that are good and fast on hardware with AES-NI. These are
// reordered from the Go default to put the 256 bit ciphers above the // reordered from the Go default to put the 256 bit ciphers above the
// 128 bit ones - because that looks cooler, even though there is // 128 bit ones - because that looks cooler, even though there is
// probably no relevant difference in strength yet. // probably no relevant difference in strength yet.
gcmSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
}
// Suites that are good and fast on hardware *without* AES-NI. // The rest of the suites, minus DES stuff.
chaChaSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
}
// The rest of the suites, minus DES stuff.
otherSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
@ -67,13 +59,18 @@ var (
} }
) )
func init() { // SecureDefault returns a tls.Config with reasonable, secure defaults set.
// Creates the list of ciper suites that SecureDefault uses. // This variant allows only TLS 1.3.
cipherSuites = buildCipherSuites() func SecureDefaultTLS13() *tls.Config {
return &tls.Config{
// TLS 1.3 is the minimum we accept
MinVersion: tls.VersionTLS13,
}
} }
// SecureDefault returns a tls.Config with reasonable, secure defaults set. // SecureDefaultWithTLS12 returns a tls.Config with reasonable, secure
func SecureDefault() *tls.Config { // defaults set. This variant allows TLS 1.2.
func SecureDefaultWithTLS12() *tls.Config {
// paranoia // paranoia
cs := make([]uint16, len(cipherSuites)) cs := make([]uint16, len(cipherSuites))
copy(cs, cipherSuites) copy(cs, cipherSuites)
@ -245,79 +242,3 @@ func pemBlockForKey(priv interface{}) (*pem.Block, error) {
return nil, errors.New("unknown key type") return nil, errors.New("unknown key type")
} }
} }
// buildCipherSuites returns a list of cipher suites with either AES-GCM or
// ChaCha20 at the top. This takes advantage of the CPU detection that the
// TLS package does to create an optimal cipher suite list for the current
// hardware.
func buildCipherSuites() []uint16 {
pref := preferredCipherSuite()
for _, suite := range gcmSuites {
if suite == pref {
// Go preferred an AES-GCM suite. Use those first.
return append(gcmSuites, append(chaChaSuites, otherSuites...)...)
}
}
// Use ChaCha20 at the top, then AES-GCM etc.
return append(chaChaSuites, append(gcmSuites, otherSuites...)...)
}
// preferredCipherSuite returns the cipher suite that is selected for a TLS
// connection made with the Go defaults to ourselves. This is (currently,
// probably) either a ChaCha20 suite or an AES-GCM suite, depending on what
// the CPU detection has decided is fastest on this hardware.
//
// The function will return zero if something odd happens, and there's no
// guarantee what cipher suite would be chosen anyway, so the return value
// should be taken with a grain of salt.
func preferredCipherSuite() uint16 {
// This is one of our certs from NewCertificate above, to avoid having
// to generate one at init time just for this function.
crtBs := []byte(`-----BEGIN CERTIFICATE-----
MIIBXDCCAQOgAwIBAgIIQUODl2/bE4owCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ
c3luY3RoaW5nMB4XDTE4MTAxNDA2MjU0M1oXDTQ5MTIzMTIzNTk1OVowFDESMBAG
A1UEAxMJc3luY3RoaW5nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMqP+1lL4
0s/xtI3ygExzYc/GvLHr0qetpBrUVHaDwS/cR1yXDsYaJpJcUNtrf1XK49IlpWW1
Ds8seQsSg7/9BaM/MD0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0cAMEQCIFxY
MDBA92FKqZYSZjmfdIbT1OI6S9CnAFvL/pJZJwNuAiAV7osre2NiCHtXABOvsGrH
vKWqDvXcHr6Tlo+LmTAdyg==
-----END CERTIFICATE-----
`)
keyBs := []byte(`-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHtPxVHlj6Bhi9RgSR2/lAtIQ7APM9wmpaJAcds6TD2CoAoGCCqGSM49
AwEHoUQDQgAEMqP+1lL40s/xtI3ygExzYc/GvLHr0qetpBrUVHaDwS/cR1yXDsYa
JpJcUNtrf1XK49IlpWW1Ds8seQsSg7/9BQ==
-----END EC PRIVATE KEY-----
`)
cert, err := tls.X509KeyPair(crtBs, keyBs)
if err != nil {
return 0
}
serverCfg := &tls.Config{
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
Certificates: []tls.Certificate{cert},
}
clientCfg := &tls.Config{
MinVersion: tls.VersionTLS12,
InsecureSkipVerify: true,
}
c0, c1 := net.Pipe()
c := tls.Client(c0, clientCfg)
go func() {
c.Handshake()
}()
s := tls.Server(c1, serverCfg)
if err := s.Handshake(); err != nil {
return 0
}
return c.ConnectionState().CipherSuite
}

2
lib/tlsutil/tlsutil_test.go
View File

@ -98,7 +98,7 @@ func TestCheckCipherSuites(t *testing.T) {
tls.TLS_RSA_WITH_AES_256_CBC_SHA, tls.TLS_RSA_WITH_AES_256_CBC_SHA,
} }
suites := buildCipherSuites() suites := SecureDefaultWithTLS12().CipherSuites
if len(suites) != len(allSuites) { if len(suites) != len(allSuites) {
t.Fatal("should get a list representing all suites") t.Fatal("should get a list representing all suites")

4
proto/lib/config/optionsconfiguration.proto
View File

@ -67,6 +67,10 @@ message OptionsConfiguration {
// attempting outgoing connections. // attempting outgoing connections.
int32 connection_limit_max = 52; int32 connection_limit_max = 52;
// When set, this allows TLS 1.2 on sync connections, where we otherwise
// default to TLS 1.3+ only.
bool insecure_allow_old_tls_versions = 53 [(ext.goname)= "InsecureAllowOldTLSVersions", (ext.xml) = "insecureAllowOldTLSVersions", (ext.json) = "insecureAllowOldTLSVersions"];
// Legacy deprecated // Legacy deprecated
bool upnp_enabled = 9000 [deprecated = true, (ext.goname) = "DeprecatedUPnPEnabled"]; bool upnp_enabled = 9000 [deprecated = true, (ext.goname) = "DeprecatedUPnPEnabled"];
int32 upnp_lease_m = 9001 [deprecated = true, (ext.goname) = "DeprecatedUPnPLeaseM", (ext.xml) = "upnpLeaseMinutes,omitempty"]; int32 upnp_lease_m = 9001 [deprecated = true, (ext.goname) = "DeprecatedUPnPLeaseM", (ext.xml) = "upnpLeaseMinutes,omitempty"];