jdev - 2022-11-11

  1. Beherit has left

  2. cheokes has joined

  3. cheokes has left

  4. cheokes has joined

  5. cheokes has left

  6. Beherit has joined

  7. cheokes has joined

  8. cheokes has left

  9. cheokes has joined

  10. cheokes has left

  11. cheokes has joined

  12. cheokes has left

  13. cheokes has joined

  14. cheokes has left

  15. cheokes has joined

  16. cheokes has left

  17. cheokes has joined

  18. cheokes has left

  19. cheokes has joined

  20. cheokes has left

  21. cheokes has joined

  22. cheokes has left

  23. cheokes has joined

  24. cheokes has left

  25. cheokes has joined

  26. cheokes has left

  27. cheokes has joined

  28. cheokes has left

  29. marc0s has left

  30. marc0s has joined

  31. cheokes has joined

  32. cheokes has left

  33. cheokes has joined

  34. cheokes has left

  35. Millesimus has left

  36. cheokes has joined

  37. cheokes has left

  38. cheokes has joined

  39. cheokes has left

  40. cheokes has joined

  41. cheokes has left

  42. cheokes has joined

  43. cheokes has left

  44. cheokes has joined

  45. cheokes has left

  46. cheokes has joined

  47. cheokes has left

  48. cheokes has joined

  49. cheokes has left

  50. cheokes has joined

  51. cheokes has left

  52. cheokes has joined

  53. cheokes has left

  54. Kev has joined

  55. pasdesushi has left

  56. Millesimus has joined

  57. Kev has left

  58. amee2k has joined

  59. Millesimus has left

  60. Millesimus has joined

  61. debacle has left

  62. amee2k has left

  63. Kev has joined

  64. Millesimus has left

  65. Millesimus has joined

  66. thomaslewis has joined

  67. thomaslewis has left

  68. thomaslewis has joined

  69. thomaslewis has left

  70. selurvedu has left

  71. Kev has left

  72. thomaslewis has joined

  73. thomaslewis has left

  74. thomaslewis has joined

  75. thomaslewis has left

  76. Millesimus has left

  77. Millesimus has joined

  78. eu has left

  79. eu has joined

  80. Kev has joined

  81. Millesimus has left

  82. Kev has left

  83. Millesimus has joined

  84. Millesimus has left

  85. Millesimus has joined

  86. eu has left

  87. eu has joined

  88. thomaslewis has joined

  89. kapad has left

  90. eu has left

  91. Millesimus has left

  92. Kev has joined

  93. eu has joined

  94. thomaslewis has left

  95. thomaslewis has joined

  96. thomaslewis has left

  97. Trần H. Trung has joined

  98. Millesimus has joined

  99. Kev has left

  100. raghavgururajan has joined

  101. Matrix Traveler (bot) has left

  102. homebeach has left

  103. homebeach has joined

  104. Matrix Traveler (bot) has joined

  105. Millesimus has left

  106. thomaslewis has joined

  107. thomaslewis has left

  108. Millesimus has joined

  109. Kev has joined

  110. Kev has left

  111. Kev has joined

  112. amee2k has joined

  113. Kev has left

  114. amee2k has left

  115. paul has joined

  116. nicoco_ has joined

  117. marc0s has left

  118. marc0s has joined

  119. nicoco_ has left

  120. hearty has left

  121. nicoco has left

  122. nicoco has joined

  123. hearty has joined

  124. mirux has joined

  125. serge90 has left

  126. marc0s has left

  127. marc0s has joined

  128. marc0s has left

  129. marc0s has joined

  130. marc0s has left

  131. marc0s has joined

  132. Matrix Traveler (bot) has left

  133. homebeach has left

  134. homebeach has joined

  135. Matrix Traveler (bot) has joined

  136. marc0s has left

  137. marc0s has joined

  138. marc0s has left

  139. marc0s has joined

  140. marc0s has left

  141. marc0s has joined

  142. marc0s has left

  143. marc0s has joined

  144. marc0s has left

  145. marc0s has joined

  146. nephele has joined

  147. marc0s has left

  148. marc0s has joined

  149. nephele has left

  150. Alastair Hogge has left

  151. marc0s has left

  152. marc0s has joined

  153. wurstsalat has joined

  154. MSavoritias (fae,ve) has joined

  155. atomicwatch has left

  156. marc0s has left

  157. marc0s has joined

  158. amee2k has joined

  159. marc0s has left

  160. marc0s has joined

  161. marc0s has left

  162. marc0s has joined

  163. marc0s has left

  164. marc0s has joined

  165. marc0s has left

  166. marc0s has joined

  167. marc0s has left

  168. marc0s has joined

  169. marc0s has left

  170. marc0s has joined

  171. Alastair Hogge has joined

  172. atomicwatch has joined

  173. marc0s has left

  174. marc0s has joined

  175. marc0s has left

  176. marc0s has joined

  177. marc0s has left

  178. marc0s has joined

  179. marc0s has left

  180. marc0s has joined

  181. Kev has joined

  182. marc0s has left

  183. marc0s has joined

  184. marc0s has left

  185. marc0s has joined

  186. Kev has left

  187. amee2k has left

  188. marc0s has left

  189. marc0s has joined

  190. Mario Sabatino has joined

  191. marc0s has left

  192. marc0s has joined

  193. marc0s has left

  194. marc0s has joined

  195. marc0s has left

  196. marc0s has joined

  197. marc0s has left

  198. marc0s has joined

  199. goffi has joined

  200. inky has left

  201. marc0s has left

  202. marc0s has joined

  203. marc0s has left

  204. marc0s has joined

  205. Laura has left

  206. Schimon_ has joined

  207. marc0s has left

  208. marc0s has joined

  209. stuart.j.mackintosh has left

  210. stuart.j.mackintosh has joined

  211. inky has joined

  212. FireFly has left

  213. Matrix Traveler (bot) has left

  214. homebeach has left

  215. FireFly has joined

  216. homebeach has joined

  217. Matrix Traveler (bot) has joined

  218. marc0s has left

  219. marc0s has joined

  220. marc0s has left

  221. marc0s has joined

  222. goffi has left

  223. goffi has joined

  224. goffi has left

  225. goffi has joined

  226. spectrum has left

  227. spectrum has joined

  228. norayr has left

  229. norayr has joined

  230. norayr has left

  231. Mx2 has left

  232. inky has left

  233. nephele has joined

  234. nephele has left

  235. pasdesushi has joined

  236. marc0s has left

  237. marc0s has joined

  238. MSavoritias (fae,ve) has left

  239. MSavoritias (fae,ve) has joined

  240. MSavoritias (fae,ve) has left

  241. MSavoritias (fae,ve) has joined

  242. amee2k has joined

  243. marc0s has left

  244. marc0s has joined

  245. norayr has joined

  246. Alastair Hogge has left

  247. marc0s has left

  248. marc0s has joined

  249. paul has left

  250. amee2k has left

  251. Alastair Hogge has joined

  252. atomicwatch has left

  253. atomicwatch has joined

  254. atomicwatch has left

  255. paul has joined

  256. norayr has left

  257. norayr has joined

  258. atomicwatch has joined

  259. atomicwatch has left

  260. inky has joined

  261. norayr has left

  262. norayr has joined

  263. atomicwatch has joined

  264. debacle has joined

  265. techmetx11 has left

  266. inky has left

  267. larma has joined

  268. Kev has joined

  269. Kev has left

  270. nik has joined

  271. marc0s has left

  272. marc0s has joined

  273. larma has left

  274. hearty has left

  275. hearty has joined

  276. antranigv has joined

  277. amee2k has joined

  278. nik has left

  279. Kev has joined

  280. hearty has left

  281. gregory has joined

  282. hearty has joined

  283. debacle has left

  284. amee2k has left

  285. amee2k has joined

  286. nik has joined

  287. kapad has joined

  288. kapad has left

  289. kapad has joined

  290. kapad has left

  291. kapad has joined

  292. kapad has left

  293. kapad has joined

  294. marc0s has left

  295. marc0s has joined

  296. kapad has left

  297. kapad has joined

  298. inky has joined

  299. amee2k has left

  300. amee2k has joined

  301. marc0s has left

  302. marc0s has joined

  303. homebeach has left

  304. Matrix Traveler (bot) has left

  305. homebeach has joined

  306. Matrix Traveler (bot) has joined

  307. marc0s has left

  308. marc0s has joined

  309. atomicwatch has left

  310. eu has left

  311. eu has joined

  312. atomicwatch has joined

  313. atomicwatch has left

  314. amee2k has left

  315. atomicwatch has joined

  316. sonny has left

  317. sonny has joined

  318. marc0s has left

  319. marc0s has joined

  320. nicoco has left

  321. kapad has left

  322. kapad has joined

  323. marc0s has left

  324. marc0s has joined

  325. amee2k has joined

  326. marc0s has left

  327. marc0s has joined

  328. sonny has left

  329. sonny has joined

  330. nik has left

  331. marc0s has left

  332. marc0s has joined

  333. techmetx11 has joined

  334. nik has joined

  335. antranigv has left

  336. PapaTutuWawa has joined

  337. norayr has left

  338. norayr has joined

  339. sonny has left

  340. sonny has joined

  341. marc0s has left

  342. marc0s has joined

  343. kikuchiyo has left

  344. marc0s has left

  345. marc0s has joined

  346. antranigv has joined

  347. sonny has left

  348. emdee has joined

  349. sonny has joined

  350. marc0s has left

  351. marc0s has joined

  352. kikuchiyo has joined

  353. kikuchiyo has left

  354. norayr has left

  355. norayr has joined

  356. kikuchiyo has joined

  357. kikuchiyo has left

  358. kikuchiyo has joined

  359. kikuchiyo has left

  360. sonny has left

  361. sonny has joined

  362. kikuchiyo has joined

  363. kikuchiyo has left

  364. pep. has left

  365. sonny has left

  366. sonny has joined

  367. sonny has left

  368. sonny has joined

  369. sonny has left

  370. sonny has joined

  371. marc0s has left

  372. marc0s has joined

  373. jubalh has left

  374. emdee

    Ping Syndace

  375. emdee

    Ping Ppjet6

  376. kikuchiyo has joined

  377. paul has left

  378. paul has joined

  379. Syndace


  380. Syndace

    Ppjet6 is pep. here

  381. kikuchiyo has left

  382. emdee

    Tim I switched OMEMO on in a chat with you and immediately hit a Python bug in my client, that I caused. I'll fix it and get back to you (hang head). What's Ppjet6 handle in this group?

  383. homebeach has left

  384. Matrix Traveler (bot) has left

  385. homebeach has joined

  386. Matrix Traveler (bot) has joined

  387. Syndace

    I've pinged pep. :) Though he's afk for a while

  388. emdee


  389. Syndace

    not available in chat for around an hour

  390. emdee

    No hurry; I think from what you are saying the best way forward is for me to attach to Maxime's slixmpp which I think will just drop into the code because it has more of the XMPP end, and let that codebase follow your rewrites. It also has the SSL bits I want to make sure can be required to use tlsv1.3

  391. sonny has left

  392. sonny has joined

  393. marc0s has left

  394. marc0s has joined

  395. sonny has left

  396. sonny has joined

  397. Syndace

    Yes, if slixmpp is an option for you, that's the route I would recommend.

  398. emdee

    He has the SSL code cleanly written where I can get into the handshake and enforce the ciphers for tlsv1.3 I hope.

  399. sonny has left

  400. sonny has joined

  401. kikuchiyo has joined

  402. emdee

    What I'm trying to do is dead simple; there's an ancient jabber.py file that is distributed with weechat, a goodish IRC client to dual XMPP it. The code uses the ancient xmppy, but there are only a few xmpp calls in there.

  403. kikuchiyo has left

  404. PapaTutuWawa has left

  405. emdee

    So I wanted to just replace the ancient library with a modern one, and them looks at OMEMOing it.

  406. sonny has left

  407. sonny has joined

  408. kikuchiyo has joined

  409. paul has left

  410. Link Mauve

    Isn’t it qy who’s working on improving XMPP support in Weechat?

  411. emdee

    weechat may be a nice platform as it will speak IRC,XMPP, and Tox all in one client,

  412. kikuchiyo has left

  413. Link Mauve

    emdee, see https://github.com/bqv/weechat-xmpp

  414. sonny has left

  415. kikuchiyo has joined

  416. sonny has joined

  417. kikuchiyo has left

  418. inky has left

  419. kikuchiyo has joined

  420. kikuchiyo has left

  421. kikuchiyo has joined

  422. kikuchiyo has left

  423. kikuchiyo has joined

  424. kikuchiyo has left

  425. Alex has left

  426. nik has left

  427. Alex has joined

  428. kikuchiyo has joined

  429. kikuchiyo has left

  430. qy

    emdee: afaict the tox thing may be broken

  431. emdee

    Thanks ‎Link Mauve‎: - I'll try it out, as it's been omemoed. I had been looking at simply updating jabber.py which is is distributed with weechat and hasn't been touched it seems since 2013 https://weechat.org/files/scripts/jabber.py Only a few places to bring up to date with slixmpp and then we could feed it back to weechat so that it's distributed with weechat.

  432. gregory has left

  433. emdee

    qy: I fixed it and added some things to make it work with proxies. Am testing it now

  434. Link Mauve

    emdee, you can’t distribute qy’s thing?

  435. gregory has joined

  436. kikuchiyo has joined

  437. kikuchiyo has left

  438. amee2k has left

  439. sonny has left

  440. emdee

    I can, but I don't know if weechat will. I completely missed it so there's nothing I could find on a weechat website or issues.

  441. sonny has joined

  442. emdee

    I figure if we update the weechat distributed jabber.el to be a modern XMPP they'll just distribute that instead.

  443. emdee

    Then add OMEMO - the webchat IRC people are barely OTR.

  444. marc0s has left

  445. marc0s has joined

  446. sonny has left

  447. sonny has joined

  448. kikuchiyo has joined

  449. paul has joined

  450. kikuchiyo has left

  451. emdee

    Given the dependencies I suspect qy’s thing will never make it into weechat's core - they even scare me :-(

  452. qy

    > emdee: > 2022-11-11 01:34 (GMT) > qy: I fixed it and added some things to make it work with proxies. Am testing it now Neat

  453. marc0s has left

  454. marc0s has joined

  455. qy

    Yeah weechat doesnt distribute plugins

  456. qy

    They're bring-your-own

  457. qy

    Only scripts

  458. qy

    But last i had a working version, omemo worked

  459. qy

    Dont ask me what the ref for that was though

  460. qy

    Got bogged down in restructuring

  461. emdee

    And as jabber.el is a standard part then we could update it to a modern XMPP with tlsv1.3 and have it in their core. I'll ask pep to take a look at it with me and see if we can bang something simple out quickly. If they accept it then we can look at OMEMO later.

  462. emdee

    qy: is your "thing" able to be told to enforce tlsv1.3 only if it's talking to a v1.3 server?

  463. qy

    It's jabber.py, and it's very broken, but you do you

  464. qy

    If profanity can do it, i can do it

  465. qy

    Beyond that, im too sleepy to know

  466. moparisthebest

    > to enforce tlsv1.3 only if it's talking to a v1.3 server? Isn't that literally built into TLS for... Near a decade?

  467. moparisthebest

    You don't have to do anything special for it

  468. sonny has left

  469. sonny has joined

  470. emdee

    qy: I'm confused I thought your "thing" was https://github.com/bqv/weechat-xmpp - in C++. Do you have a version of jabber.py?

  471. Matrix Traveler (bot) has left

  472. homebeach has left

  473. homebeach has joined

  474. Matrix Traveler (bot) has joined

  475. emdee

    moparisthebest‎: NO.

  476. marc0s has left

  477. marc0s has joined

  478. moparisthebest

    emdee: yes, 2009 https://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/

  479. qy

    I have nothing to do with the .py

  480. emdee

    I have nothing to do with C++ :-)

  481. paul has left

  482. sonny has left

  483. sonny has joined

  484. sonny has left

  485. sonny has joined

  486. emdee

    moparisthebest‎: AFAIK all of the common Python libraries (urlib3 requests) don't enforce v1,3 by default from the client, and it's not that easy to make them do so - I just did one in pyOpenSSL. It's only a few lines of setting the min version and ciphers in openssl, but they are critical, as I'm seeing TLS protocol downgrade attacks on anything less than v1.3.

  487. kikuchiyo has joined

  488. sonny has left

  489. paul has joined

  490. sonny has joined

  491. marc0s has left

  492. marc0s has joined

  493. nik has joined

  494. moparisthebest

    I would complain to your distribution / python maintainers, preventing TLS downgrades has been the default in openssl since 2009

  495. moparisthebest

    Unless you are using redhat 5 what you said should not be the case

  496. paul has left

  497. Millesimus has left

  498. atomicwatch has left

  499. Millesimus has joined

  500. marc0s has left

  501. marc0s has joined

  502. pep. has joined

  503. emdee has left

  504. emdee has joined

  505. marc0s has left

  506. marc0s has joined

  507. emdee

    moparisthebest‎: I think you're assuming that was the only problem. I don't thing v1,3 was finalized in 2009.

  508. emdee

    Link Mauve: I just found your website and see you work on slixmpp too. It's gorgeous code.

  509. sonny has left

  510. emdee

    Link Mauve: could you take a quick look at https://weechat.org/files/scripts/jabber.py and see if you think it will port to slixmpp easily?

  511. sonny has joined

  512. sonny has left

  513. moparisthebest

    emdee: it wasn't, but that mechanism prevents TLS version fallbacks, period

  514. sonny has joined

  515. moparisthebest

    So you could say all TLS 1.3 libraries have prevented fallbacks from day 1

  516. amee2k has joined

  517. moparisthebest

    It shouldn't be a thing with 1.3

  518. Matrix Traveler (bot) has left

  519. homebeach has left

  520. homebeach has joined

  521. Matrix Traveler (bot) has joined

  522. marc0s has left

  523. marc0s has joined

  524. Schimon_ has left

  525. emdee

    Link Mauve: je pense que ca sera facile a ameliore a slixmpp n'est ce pas?

  526. paul has joined

  527. atomicwatch has joined

  528. amee2k has left

  529. amee2k has joined

  530. larma has joined

  531. Link Mauve has left

  532. nik has left

  533. inky has joined

  534. Link Mauve has joined

  535. emdee

    Syndace: when pep comes back could you ask him to take a quick look at https://weechat.org/files/scripts/jabber.py and see if he thinks it will port to slixmpp easily? I'll try but I'm way behind the curve with Python async.

  536. pep.


  537. paul has left

  538. amee2k has left

  539. amee2k has joined

  540. nik has joined

  541. larma has left

  542. PapaTutuWawa has joined

  543. atomicwatch has left

  544. emdee has left

  545. atomicwatch has joined

  546. atomicwatch has left

  547. atomicwatch has joined

  548. atomicwatch has left

  549. pep.

    Not entirely sure. I've skimmed through. Basically you'd be porting an entire client to slix. slix is even based also so you may be able to reuse some of your methods, mostly converting them to async and using slix' objects instead.. probably already quite some work

  550. Syndace

    emdee: async is an awesome concept you'll find not only in Python. I'd say it's well worth to learn :)

  551. atomicwatch has joined

  552. atomicwatch has left

  553. emdee has joined

  554. atomicwatch has joined

  555. inky has left

  556. emdee

    I know, but I've been learning python for 20 years and I'm getting tired of it :-) (It's no only in Python but it came into Python with blistering speed - a hallmark of async code :-)

  557. emdee

    pep.: thanks; I was hoping it was just a case of dropping in your calls for the xmpppy calls in about 5 different places. If it's probably already quite some work I'll back off until I have some more experience with async.

  558. inky has joined

  559. paul has joined

  560. emdee

    pep.: In slixmpp/xmlstream/xmlstream.py L302 you turn off ssl checking of SNI hostnames, or is that done later elsewhere?

  561. pep.

    Hmm these calls can be replaced more or less yes. You'll have to register events though still. And the client needs to be launched in an async runtime

  562. emdee

    Is there an easy way of making async code synchronous? I doubt weechat is async, so there's no advantage to having the XMPP code async (at first glance.)

  563. pep.

    I don't know about SNI, maybe Link Mauve / mathieui would know

  564. pep.

    You can asyncio.ensure_future(async_method) in a sync context and that'll launch the future onto the existing async loop and do whatever it needs to do.

  565. emdee

    So if I did that, whic is simple and straight forward, I could replace xmpppy with slixmpp and look at asyncing the code in the future? (There are lot of advantages to sync slixmpp over xmpppy I'm sure you will agree.)

  566. marc0s has left

  567. marc0s has joined

  568. kikuchiyo has left

  569. pep.

    I'm not exactly sure. I guess you'll have to deal with async code anyway in you jabber.py script. Just that you'll wrap it up so that weechat doesn't see it. More and more stuff in slix has async methods/helpers

  570. kikuchiyo has joined

  571. kikuchiyo has left

  572. marc0s has left

  573. marc0s has joined

  574. emdee

    OK - well I'll back off and abandon until I'm up to speed on async and de-asyncing.

  575. emdee

    Thanks for your help anyways.

  576. kikuchiyo has joined

  577. kikuchiyo has left

  578. amee2k has left

  579. amee2k has joined

  580. kikuchiyo has joined

  581. emdee

    self.ssl_context.check_hostname = False in slixmpp/xmlstream/xmlstream.py L302 says to me you are not checking any SSL certificates.

  582. pep.

    I'm sure we are checking certs, but I'm not well-versed in this part of the code

  583. marc0s has left

  584. marc0s has joined

  585. debacle has joined

  586. Alex has left

  587. emdee

    You code tells me you aren't and there's nothing in your tests that tells me you are.

  588. Alex has joined

  589. marc0s has left

  590. marc0s has joined

  591. antranigv has left

  592. emdee

    There should be a callback to verify the certificates which I'm not seeing.

  593. emdee

    I also don't see any calls to context.set_cipher_list so I don't think you can talk tlsv1.3. Maybe queue up checking for these as todo items in your issues?

  594. marc0s has left

  595. marc0s has joined

  596. pep.

    I'm sure we talk 1.3. I use poezio everyday which uses slix

  597. emdee

    Have you verified the connection after the do_handshake is using a 1.3 cipher, or are you connecting to a 1.3 server and they are argeeing to speak < 1.2?

  598. marc0s has left

  599. marc0s has joined

  600. nik has left

  601. emdee

    s/< 1.2/< 1.3/

  602. mathieui

    emdee, it is "context.set_ciphers(" and the verification is done automatically by the python "ssl" module after loading cert chains and configuring it

  603. mathieui

    see also xmlstream.py:get_ssl_context

  604. emdee

    mathieui: I'm looking at the line after create_default_context(): self.ssl_context.check_hostname = False

  605. mathieui

    emdee, yes

  606. marc0s has left

  607. mathieui

    but the configuring is done before connecting

  608. marc0s has joined

  609. emdee


  610. mathieui

    in get_ssl_context

  611. mathieui

    which is called either in connect_routine or start_tls

  612. emdee

    There is no other call that sets self.ssl_context.check_hostname in the code AFAIK.

  613. larma has joined

  614. emdee

    So please queue up an issue that says "test for v1.3 when connected to a v1,3 server" and find where the connection object is after the do_handshake and put a debug statement to spit out the list of ciphers. Then queue up another one to allow the client end-user to specify the cipher he wants and use the debug statment place to confirm you have it. My read of the code is that you dont even try to do v1,3, or check server certs, but I don;t know the code.

  615. larma has left

  616. emdee

    (The only real way of telling if you got 1,3 is if the cipher is one of the 3 v1,3 ciphers.)

  617. Sam has left

  618. larma has joined

  619. emdee

    If you are assuming it "is done automatically by the python "ssl" module" you may be decu.

  620. larma has left

  621. pep.

    connJuaN4ALiuRFP: TLS handshake complete (TLSv1.3 with TLS_AES_256_GCM_SHA384) c2s557ec01bb0b0: Client sent opening <stream:stream> to bouah.net c2s557ec01bb0b0: Sending[c2s_unauthed]: <?xml version='1.0'?> c2s557ec01bb0b0: Sent reply <stream:stream> to client c2s557ec01bb0b0: Channel binding 'tls-unique' undefined in context of TLS 1.3 c2s557ec01bb0b0: SASL mechanisms supported by handler: PLAIN, SCRAM-SHA-1 c2s557ec01bb0b0: Offering usable mechanisms: PLAIN, SCRAM-SHA-1 c2s557ec01bb0b0: Sending[c2s_unauthed]: <stream:features>

  622. pep.


  623. larma has joined

  624. Sam has joined

  625. emdee

    Bingo SCRAM-SHA-1 is v1.1 at best - v1 maybe.

  626. pep.

    Can you not just ack first that we're doing tls1.3 instead of jumping right onto another possible issue trying to be right

  627. pep.


  628. emdee

    pep.: Sorry you misunderstood me - I wasn;t jumping. The client sent opening stream... said PLAIN SCRAM-SHA-1

  629. pep.

    Well I'm already on a TLS stream

  630. mathieui

    emdee, I am not sure what that has to do with TLS

  631. emdee

    That means you are speaking tlsv1 maximum, or maybe 1.1 I forget, ie 10 year old crypto.

  632. pep.

    It says right above

  633. mathieui

    those are XMPP processes

  634. mathieui

    inside the TLS stream

  635. pep.

    Granted, I may not have choosen the best part of the logs

  636. emdee

    mathieu: v1.1 = tlsv1.1 - I'm speaking about TLSv1.1 (or maybe even TLS1 which is older weaker).

  637. pep.

    But there's no v1.1 here

  638. pep.

    SCRAM-SHA-1 is a SASL mechanism

  639. pep.

    Not TLS

  640. emdee

    You XMLstream is SSL ssl.create_default_context()

  641. emdee

    The S in SASL is SSL ; SASL is an SSL with regard to ciphers and protocol versions.

  642. pep.

    The S in SASL in Simple :/

  643. pep.

    And Security.

  644. MSavoritias (fae,ve) has left

  645. emdee

    OK the other S is the lack of Security in (in)Security Sockets Layer :-)

  646. nik has joined

  647. antranigv has joined

  648. larma has left

  649. Matrix Traveler (bot) has left

  650. homebeach has left

  651. homebeach has joined

  652. Matrix Traveler (bot) has joined

  653. emdee

    mathieui‎: inside the TLS stream that's not very secure and easy to tamper with. It's the ciphers that make the security and the SCRAM-SHA-1 (I know a hash but still) is considered broken now. The cipher's you want are one of these 3:

  654. emdee

    lOPENSSL_13_CIPHERS = ['TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256', 'TLS_AES_128_GCM_SHA256']

  655. emdee

    Notice the difference between SHA-1 and SHA384.

  656. Syndace

    > OK the other S is the lack of Security in (in)Security Sockets Layer :-) LOL

  657. antranigv has left

  658. Syndace

    emdee: I'm no expert but I believe you're lacking knowledge about how XMPP streams are secured

  659. PapaTutuWawa has left

  660. Syndace

    There might be two layers of encryption where the inner layer isn't of much relevance

  661. Syndace

    Actually this is the wrong channel to discuss this

  662. Syndace

    Please head over to xsf@muc.xmpp.org where you'll find a lot of experts in TLS, SCRAM, XMPP stream encryption etc.

  663. Syndace

    Maybe we can clear things up there

  664. flow

    I just believe he confused SCRAM with something TLS related

  665. Syndace

    That's what I was thinking - SCRAM is just authentication, right? And it happens in an encrypted TLS channel?

  666. flow

    yes and usually

  667. flow

    SCRAM is on the application layer, whereas TLS is on the transport layer. and you can perform SCRAM over non-TLS connections, but that is usually not the case as the public internet uses TLS (nearly) everywhere these days

  668. emdee

    flow: I'm not talking about TLS - I'm talking about TLSv1.3 - something that's hard to do in Python.

  669. Matrix Traveler (bot) has left

  670. homebeach has left

  671. homebeach has joined

  672. Matrix Traveler (bot) has joined

  673. marc0s has left

  674. marc0s has joined

  675. Syndace

    I think this line of pep.'s log > TLS handshake complete (TLSv1.3 with TLS_AES_256_GCM_SHA384) indicates clearly that TLSv1.3 with a secure cipher is used for stream encryption

  676. flow

    emdee, that's like saying "I'm not talking about IP, I'm talking about IPv4", the latter is a subset of the former, so by talking about the latter your are implicitly always talking about the former

  677. Zash

    What's IPv4? Did you mean 'Legacy IP' ?

  678. pep.

    The thing that's used everywhere in the world, Legacy IP

  679. emdee

    Syndace: I have the source code for knowledge. The source code, and mathieu is telling me "and the verification is done automatically by the python "ssl" module" which means the code has never been tested. ssl.create_default_context in Python 3.9 gives you a very wak TLS - TLSv1 I think. I just wrote an IRC Python client to log onto oftc.net with certificate identification where v1.3 is a requirement.

  680. Syndace

    so we have your knowledge of a source code you've looked at for a few minutes vs. pep.'s prosody log

  681. Syndace

    Not trying to be rude but I think the log doesn't lie

  682. mathieui

    emdee, ciphers is up to the client using slixmpp, really

  683. MSavoritias (fae,ve) has joined

  684. flow

    emdee, I suggest you setup an local experiment where you capture the traffic of poezio connecting to a TLS 1.3 enabled server and check with e.g., wireshark or tcpdump, which TLS version is sued

  685. Syndace

    I appreciate that you look into it though and you're right in that slix should add tests for it

  686. emdee

    By the log, do you mean what you just posted in with SHA-1?

  687. Syndace

    _SCRAM_ SHA-1

  688. Syndace

    SCRAM is the authentication thingy that is spoken inside of the TLS1.3 encrytped stream

  689. flow

    yes, SCRAM is a SASL mechanism, nothing (directly) related to TLS

  690. flow

    the important line is

  691. flow

    connJuaN4ALiuRFP: TLS handshake complete (TLSv1.3 with TLS_AES_256_GCM_SHA384)

  692. flow


  693. flow

    c2s557ec01bb0b0: SASL mechanisms supported by handler: PLAIN, SCRAM-SHA-1

  694. emdee

    OK - reread what I what I just wrote carefully and understand that anything using SHA-1 is rightly considered broken and unsafe for use on the Internet. It's proof you are not even using TLSv1,2 (which was 128 bit), SHA-1 is proof of what I'm been saying.

  695. mathieui

    I give up

  696. flow

    yep, some poeople just want to always be right

  697. Matrix Traveler (bot) has left

  698. homebeach has left

  699. marc0s has left

  700. homebeach has joined

  701. Matrix Traveler (bot) has joined

  702. marc0s has joined

  703. Syndace


  704. flow

    yep, some people just want to always be right

  705. emdee

    OK - I give up on slixmpp - reread what I wrote and get some tests together, You don't need wireshark -just learn the python ssl or pyOpenSSL code and how to get the ciphers,

  706. flow

    emdee, multiple people are telling you that the SHA-1 that you see in the logs is happening on a different layer from TLS

  707. flow

    yes SHA-1 is insecure, for certain definitions of "insecure". but just becasue SHA-1 does appear in the log is not a proof that the connection is *not* using TLS 1.3

  708. Syndace

    emdee: what about the PLAIN next to the SHA-1 thing? Doesn't that bother you as well?

  709. pep.

    Syndace, :D

  710. Syndace

    If I send you a SHA-1 hash in an OMEMO-encrypted chat, does it matter?

  711. Syndace

    It does not, because OMEMO is not broken - SHA-1 is

  712. emdee

    Sure but I'm asking about the SSL layer. The OMEMO over is I haven't ever referred to.

  713. Syndace

    On the SSL layer, SHA-1 is not used

  714. Syndace

    SCRAM is not part of the SSL layer

  715. emdee

    Where did pep.'s log > TLS handshake complete (TLSv1.3 with TLS_AES_256_GCM_SHA384)

  716. emdee

    come from?

  717. pep.

    My server

  718. Syndace

    That log line is about the SSL layer

  719. Syndace

    The following log lines are not about the SSL layer

  720. emdee

    And the client was a slixmpp client.

  721. flow

    I am pretty sure tcpdump would also indicate that TLS 1.3 is used

  722. emdee

    pep.: And the client was a slixmpp client?

  723. pep.

    emdee, it was poezio, yes it's using slix

  724. amee2k has left

  725. amee2k has joined

  726. emdee

    Great - end of story - sorry I missed the log paste earlier. It;s a v1,3 cipher and I was mistaken.

  727. marc0s has left

  728. marc0s has joined

  729. Zash

    flow, doesn't TLS 1.3 look just like TLS 1.2 in order to not trip up middleboxes?

  730. nik has left

  731. Beherit has left

  732. pep.

    emdee, fwiw, you may have pointed out an issue anyway, not this one though. We're checking it :)

  733. flow

    Zash, yes, but I somehow hoped that tcpdump would still be able to detect 1.3 being used, but that is probably not the case :(

  734. flow

    or wasn't it just "we signal 1.2 as version, but here is the 1.3 extension?" or something?

  735. gregory has left

  736. Zash

    maybe? I remember it as TLS 1.3 looking like a TLS 1.2 session resumption, but maybe that's the 0RTT thing?

  737. emdee

    It's 1.2 as a protocol and specific cipher choice I think - tcpdump won;t see the difference.

  738. atomicwatch has left

  739. thomaslewis has joined

  740. emdee

    pep.: the other thing to queue up, and easyish to do is the client users of the library will want to specify the ciphers that they will accept for whatever reason.

  741. gregory has joined

  742. Martin has left

  743. thomaslewis has left

  744. Martin has joined

  745. thomaslewis has joined

  746. marc0s has left

  747. marc0s has joined

  748. amee2k has left

  749. amee2k has joined

  750. selurvedu has joined

  751. selurvedu has left

  752. Patiga has left

  753. Patiga has joined

  754. thomaslewis has left

  755. thomaslewis has joined

  756. thomaslewis has left

  757. marc0s has left

  758. marc0s has joined

  759. marc0s has left

  760. marc0s has joined

  761. marc0s has left

  762. marc0s has joined

  763. selurvedu has joined

  764. amee2k has left

  765. amee2k has joined

  766. marc0s has left

  767. marc0s has joined

  768. debacle has left

  769. thomaslewis has joined

  770. thomaslewis has left

  771. emdee has left

  772. emdee has joined

  773. norayr has left

  774. norayr has joined

  775. amee2k has left

  776. amee2k has joined

  777. kikuchiyo has left

  778. marc0s has left

  779. marc0s has joined

  780. Maranda has left

  781. Mjolnir Archon has left

  782. kikuchiyo has joined

  783. kikuchiyo has left

  784. Ingolf has left

  785. Ingolf has joined

  786. kikuchiyo has joined

  787. kikuchiyo has left

  788. Beherit has joined

  789. larma has joined

  790. kikuchiyo has joined

  791. kikuchiyo has left

  792. thomaslewis has joined

  793. thomaslewis has left

  794. pep.

    emdee, looks like it's already handled: https://lab.louiz.org/poezio/slixmpp/-/blob/master/slixmpp/xmlstream/xmlstream.py#L164

  795. amee2k has left

  796. kikuchiyo has joined

  797. kikuchiyo has left

  798. kikuchiyo has joined

  799. kikuchiyo has left

  800. emdee

    I saw that and L775 - but I don't see where a use can do anything with them.

  801. kikuchiyo has joined

  802. kikuchiyo has left

  803. Mx2 has joined

  804. thomaslewis has joined

  805. pep.

    Not sure I understand

  806. pep.

    What more do you need

  807. thomaslewis has left

  808. amee2k has joined

  809. emdee

    A getter and setter method that advertises they're settable was what I was thinking which usually brings them up to the surface,

  810. larma has left

  811. pep.

    This property is editable, that's as good as a get/set

  812. pep.

    It's even documented!

  813. hearty has left

  814. mh has left

  815. kikuchiyo has joined

  816. kikuchiyo has left

  817. hearty has joined

  818. mh has joined

  819. emdee

    documented where? I grepped the docs/* and didn;t find it.

  820. marc0s has left

  821. marc0s has joined

  822. emdee

    I guess I'm wondering if it should come up to the level of api.py

  823. marc0s has left

  824. marc0s has joined

  825. amee2k has left

  826. amee2k has joined

  827. Laura has joined

  828. raghavgururajan has left

  829. emdee

    (I'm having a hard time getting at the ciphers in urllib3 and requests so I guess it's a peeve of mine.)

  830. emdee

    (I didn't read that code as saying it's a property. Am I out-of-date = does listing them in the class preample turn them into properties?)

  831. moparisthebest

    that's good, you'd probably mess them up, as I said TLS 1.3 has *always* prevented downgrades out of the box

  832. norayr has left

  833. norayr has joined

  834. marc0s has left

  835. marc0s has joined

  836. pep.

    not sorry I didn't mean it as @property, it's just a class attribute. And you can edit it

  837. marc0s has left

  838. marc0s has joined

  839. pep.

    no sorry I didn't mean it as @property, it's just a class attribute. And you can edit it

  840. jubalh has joined

  841. marc0s has left

  842. marc0s has joined

  843. kikuchiyo has joined

  844. kikuchiyo has left

  845. atomicwatch has joined

  846. emdee

    Of course - if you can reach that far down, just like anything else. But I was suggesting users will want to specify this at the top-level using the library, maybe at the api level. I tried to follow down how I could reach that instance from the top and go lost.

  847. kikuchiyo has joined

  848. kikuchiyo has left

  849. emdee

    (I'd still queue up a todo of testing that you are actually checking the SNI name. I dug into the gajim code and find their test accepts all certificates regardless of the name on the certificate :-)

  850. marc0s has left

  851. marc0s has joined

  852. kikuchiyo has joined

  853. kikuchiyo has left

  854. emdee

    (Their test code had one return: True !)

  855. pep.

    It's accessible from ClientXMPP, it's a grandparent class

  856. emdee

    Which is accessible how from api.py?

  857. pep.


  858. pep.

    `from Slixmpp import ClientXMPP` and that's what you use as your entrypoint for the lib

  859. pep.


  860. emdee

    OK - so you don't use slixmpp/api.py ?

  861. amee2k has left

  862. marc0s has left

  863. marc0s has joined

  864. pep.


  865. marc0s has left

  866. marc0s has joined

  867. marc0s has left

  868. marc0s has joined

  869. marc0s has left

  870. marc0s has joined

  871. emdee

    https://slixmpp.readthedocs.io/en/latest/api/clientxmpp.html has no mention of it which is where I looked. And I'm still scratching my head over: use_ssl (bool) – Indicates if the older SSL connection method should be used. Defaults to False!

  872. kikuchiyo has joined

  873. pep.

    I guess that's not exactly the first thing we want to advertize. I'm happy it's not so obvious to change

  874. marc0s has left

  875. marc0s has joined

  876. kikuchiyo has left

  877. sonny has left

  878. marc0s has left

  879. marc0s has joined

  880. sonny has joined

  881. kikuchiyo has joined

  882. Matrix Traveler (bot) has left

  883. homebeach has left

  884. homebeach has joined

  885. Matrix Traveler (bot) has joined

  886. jubalh has left

  887. kikuchiyo has left

  888. emdee

    Your call but you should expect people to ask for it. It's supported in the code but not easy to get at. The other part I feel I'm missing in in the openssl s_client which has the notion of --connect-to separate from target host.

  889. emdee

    This comes up with XMPP sites that support onion addresses - you have to give it a SNO name to validate against the certificate that may not be what you are connecting to ( the onion),

  890. emdee


  891. pep.

    Yeah it's there as well, I know poezio supports it. Provide `address` on connect()

  892. mirux has left

  893. mirux has joined

  894. pep.

    It can be different from the jid you pass when instanciating ClientXMPP

  895. kikuchiyo has joined

  896. emdee

    It may be there but it's not at the level I as a user would find it: from the doc

  897. emdee

    connect(address=None, use_ssl=False, force_starttls=True, disable_starttls=False)

  898. kikuchiyo has left

  899. pep.

    "address (Optional[Tuple[str, int]]) – A tuple containing the server’s host and port."

  900. pep.

    Right below

  901. pep.

    "When no address is given, a SRV lookup for the server will be attempted. If that fails, the server user in the JID will be used." and this as a description.

  902. pep.

    Maybe you have better wording to provide

  903. emdee

    (Pleas change the use_ssl=False !)

  904. kikuchiyo has joined

  905. kikuchiyo has left

  906. pep.

    The name is confusing, this parameter allows using direct tls

  907. pep.

    starttls will be attempted by default, see `force_starttls=True` in the same method signature

  908. Laura has left

  909. marc0s has left

  910. marc0s has joined

  911. pep.

    "Indicates if the older SSL connection method should be used." I guess this could be updated

  912. pep.

    What is old is new again

  913. emdee

    No I think that misses what's needed I want to provide the address tuple but not connect to the address - I want to verify the certificate against the address, but connect to something else.

  914. pep.


  915. kikuchiyo has joined

  916. kikuchiyo has left

  917. marc0s has left

  918. marc0s has joined

  919. emdee

    E,g in openssl it would be s_client --connect-to longonionname.onion -tls1_3 address:port

  920. marc0s has left

  921. marc0s has joined

  922. moparisthebest

    why are you supplying an address and connection type manually instead of looking it up? seems very wrong

  923. marc0s has left

  924. marc0s has joined

  925. pep.

    emdee, there's also `-starttls xmpp-server` if you use starttls and `-xmpphost thehost` for what you're trying to do

  926. emdee

    What's -xmpphost?

  927. pep.

    it's the domain part in the jid

  928. emdee

    I don't see it or its equivalent in https://slixmpp.readthedocs.io/en/latest/api/clientxmpp.html

  929. pep.

    That you provide to openssl s_client

  930. marc0s has left

  931. marc0s has joined

  932. pep.

    foo = ClientXMPP('user@thehost', ...); foo.connect(address=('longonionname.onion', 5222), ...)

  933. marc0s has left

  934. marc0s has joined

  935. Sam has left

  936. emdee

    You think the connect will use the address from the ClientXMPP for the SNI, and not the address from the connect?

  937. pep.

    Try it out?

  938. kikuchiyo has joined

  939. kikuchiyo has left

  940. Sam has joined

  941. amee2k has joined

  942. kikuchiyo has joined

  943. PapaTutuWawa has joined

  944. kikuchiyo has left

  945. marc0s has left

  946. marc0s has joined

  947. emdee

    Sure - in the future - pun intended :-) I have to figure out your future siggestion to see if I can deasync the code. My complements it's gorgeous code and I really want to try using it for *something*. I looked at the xmpppy code on sourceforge after a full meal and almost lost it.

  948. kikuchiyo has joined

  949. kikuchiyo has left

  950. kikuchiyo has joined

  951. marc0s has left

  952. marc0s has joined

  953. kikuchiyo has left

  954. Laura has joined

  955. kikuchiyo has joined

  956. sonny has left

  957. sonny has joined

  958. kikuchiyo has left

  959. kikuchiyo has joined

  960. kikuchiyo has left

  961. gregory has left

  962. kikuchiyo has joined

  963. emdee

    ‎Zash‎: flow: come to think of it there maybe a difference between v1.2 and v1.3 at the tcpdump/wireshark level. I seem to remember tha there is an information leak with v1.2 so that the certificates are sent in the clear, so the information of who you are connecting to is visible with 1.2 but not 1.3.

  964. hearty has left

  965. kikuchiyo has left

  966. Laura has left

  967. amee2k has left

  968. amee2k has joined

  969. gregory has joined

  970. kikuchiyo has joined

  971. kikuchiyo has left

  972. kikuchiyo has joined

  973. kikuchiyo has left

  974. sonny has left

  975. sonny has joined

  976. kikuchiyo has joined

  977. sonny has left

  978. kikuchiyo has left

  979. sonny has joined

  980. EOF has left

  981. sonny has left

  982. sonny has joined

  983. kikuchiyo has joined

  984. sonny has left

  985. EOF has joined

  986. kikuchiyo has left

  987. sonny has joined

  988. sonny has left

  989. kikuchiyo has joined

  990. sonny has joined

  991. kikuchiyo has left

  992. kikuchiyo has joined

  993. kikuchiyo has left

  994. larma has joined

  995. kikuchiyo has joined

  996. kikuchiyo has left

  997. emdee has left

  998. kikuchiyo has joined

  999. Matrix Traveler (bot) has left

  1000. homebeach has left

  1001. homebeach has joined

  1002. Matrix Traveler (bot) has joined

  1003. sonny has left

  1004. kikuchiyo has left

  1005. sonny has joined

  1006. sonny has left

  1007. sonny has joined

  1008. PapaTutuWawa has left

  1009. kikuchiyo has joined

  1010. PapaTutuWawa has joined

  1011. kikuchiyo has left

  1012. PapaTutuWawa has left

  1013. PapaTutuWawa has joined

  1014. PapaTutuWawa has left

  1015. PapaTutuWawa has joined

  1016. kikuchiyo has joined

  1017. sonny has left

  1018. sonny has joined

  1019. kikuchiyo has left

  1020. kikuchiyo has joined

  1021. amee2k has left

  1022. kikuchiyo has left

  1023. antranigv has joined

  1024. Sam has left

  1025. antranigv has left

  1026. antranigv has joined

  1027. kikuchiyo has joined

  1028. kikuchiyo has left

  1029. kikuchiyo has joined

  1030. kikuchiyo has left

  1031. emdee has joined

  1032. Sam has joined

  1033. kikuchiyo has joined

  1034. kikuchiyo has left

  1035. kikuchiyo has joined

  1036. emdee has left

  1037. kikuchiyo has left

  1038. kikuchiyo has joined

  1039. kikuchiyo has left

  1040. antranigv has left

  1041. kikuchiyo has joined

  1042. kikuchiyo has left

  1043. Matrix Traveler (bot) has left

  1044. homebeach has left

  1045. homebeach has joined

  1046. Matrix Traveler (bot) has joined

  1047. marc0s has left

  1048. marc0s has joined

  1049. kapad has left

  1050. kapad has joined

  1051. amee2k has joined

  1052. nicoco_ has joined

  1053. sonny has left

  1054. sonny has joined

  1055. sonny has left

  1056. sonny has joined

  1057. sonny has left

  1058. sonny has joined

  1059. sonny has left

  1060. sonny has joined

  1061. sonny has left

  1062. sonny has joined

  1063. hearty has joined

  1064. kikuchiyo has joined

  1065. kikuchiyo has left

  1066. kikuchiyo has joined

  1067. kikuchiyo has left

  1068. kikuchiyo has joined

  1069. sonny has left

  1070. sonny has joined

  1071. kikuchiyo has left

  1072. sonny has left

  1073. kikuchiyo has joined

  1074. kikuchiyo has left

  1075. sonny has joined

  1076. sonny has left

  1077. sonny has joined

  1078. sonny has left

  1079. sonny has joined

  1080. hearty has left

  1081. kapad has left

  1082. kikuchiyo has joined

  1083. kikuchiyo has left

  1084. sonny has left

  1085. amee2k has left

  1086. sonny has joined

  1087. kapad has joined

  1088. sonny has left

  1089. amee2k has joined

  1090. sonny has joined

  1091. kikuchiyo has joined

  1092. sonny has left

  1093. sonny has joined

  1094. Trần H. Trung has left

  1095. Trần H. Trung has joined

  1096. kikuchiyo has left

  1097. kikuchiyo has joined

  1098. antranigv has joined

  1099. kikuchiyo has left

  1100. antranigv has left

  1101. kikuchiyo has joined

  1102. kikuchiyo has left

  1103. sonny has left

  1104. sonny has joined

  1105. kikuchiyo has joined

  1106. kikuchiyo has left

  1107. sonny has left

  1108. sonny has joined

  1109. sonny has left

  1110. sonny has joined

  1111. kikuchiyo has joined

  1112. kikuchiyo has left

  1113. kikuchiyo has joined

  1114. kikuchiyo has left

  1115. marc0s has left

  1116. marc0s has joined

  1117. kikuchiyo has joined

  1118. kikuchiyo has left

  1119. kikuchiyo has joined

  1120. kikuchiyo has left

  1121. kikuchiyo has joined

  1122. kikuchiyo has left

  1123. kikuchiyo has joined

  1124. kikuchiyo has left

  1125. Matrix Traveler (bot) has left

  1126. homebeach has left

  1127. homebeach has joined

  1128. Matrix Traveler (bot) has joined

  1129. amee2k has left

  1130. hearty has joined

  1131. kikuchiyo has joined

  1132. kikuchiyo has left

  1133. sonny has left

  1134. sonny has joined

  1135. kikuchiyo has joined

  1136. kikuchiyo has left

  1137. kikuchiyo has joined

  1138. marc0s has left

  1139. marc0s has joined

  1140. kikuchiyo has left

  1141. hearty has left

  1142. sonny has left

  1143. sonny has joined

  1144. hearty has joined

  1145. sonny has left

  1146. sonny has joined

  1147. kikuchiyo has joined

  1148. kikuchiyo has left

  1149. sonny has left

  1150. sonny has joined

  1151. sonny has left

  1152. sonny has joined

  1153. kikuchiyo has joined

  1154. kurtain has left

  1155. sonny has left

  1156. kikuchiyo has left

  1157. sonny has joined

  1158. Matrix Traveler (bot) has left

  1159. homebeach has left

  1160. homebeach has joined

  1161. Matrix Traveler (bot) has joined

  1162. kikuchiyo has joined

  1163. sonny has left

  1164. sonny has joined

  1165. kikuchiyo has left

  1166. kikuchiyo has joined

  1167. kikuchiyo has left

  1168. sonny has left

  1169. sonny has joined

  1170. sonny has left

  1171. kikuchiyo has joined

  1172. sonny has joined

  1173. sonny has left

  1174. sonny has joined

  1175. kikuchiyo has left

  1176. sonny has left

  1177. sonny has joined

  1178. sonny has left

  1179. sonny has joined

  1180. sonny has left

  1181. sonny has joined

  1182. sonny has left

  1183. Laura has joined

  1184. kikuchiyo has joined

  1185. kikuchiyo has left

  1186. gregory has left

  1187. sonny has joined

  1188. nephele has joined

  1189. nephele has left

  1190. gregory has joined

  1191. sonny has left

  1192. sonny has joined

  1193. kikuchiyo has joined

  1194. kikuchiyo has left

  1195. kurtain has joined

  1196. sonny has left

  1197. sonny has joined

  1198. marc0s has left

  1199. marc0s has joined

  1200. sonny has left

  1201. marc0s has left

  1202. marc0s has joined

  1203. sonny has joined

  1204. kikuchiyo has joined

  1205. marc0s has left

  1206. marc0s has joined

  1207. marc0s has left

  1208. marc0s has joined

  1209. sonny has left

  1210. sonny has joined

  1211. marc0s has left

  1212. marc0s has joined

  1213. sonny has left

  1214. sonny has joined

  1215. sonny has left

  1216. sonny has joined

  1217. sonny has left

  1218. sonny has joined

  1219. thomaslewis has joined

  1220. sonny has left

  1221. sonny has joined

  1222. thomaslewis has left

  1223. thomaslewis has joined

  1224. sonny has left

  1225. sonny has joined

  1226. sonny has left

  1227. thomaslewis has left

  1228. thomaslewis has joined

  1229. sonny has joined

  1230. sonny has left

  1231. marc0s has left

  1232. marc0s has joined

  1233. sonny has joined

  1234. thomaslewis has left

  1235. thomaslewis has joined

  1236. thomaslewis has left

  1237. Laura has left

  1238. sonny has left

  1239. mh has left

  1240. mh has joined

  1241. mh has left

  1242. mh has joined

  1243. mh has left

  1244. mh has joined

  1245. amee2k has joined

  1246. sonny has joined

  1247. sonny has left

  1248. sonny has joined

  1249. sonny has left

  1250. sonny has joined

  1251. sonny has left

  1252. sonny has joined

  1253. sonny has left

  1254. sonny has joined

  1255. marc0s has left

  1256. marc0s has joined

  1257. sonny has left

  1258. sonny has joined

  1259. sonny has left

  1260. nicoco_ has left

  1261. nicoco_ has joined

  1262. sonny has joined

  1263. sonny has left

  1264. sonny has joined

  1265. Laura has joined

  1266. marc0s has left

  1267. marc0s has joined

  1268. gregory has left

  1269. marc0s has left

  1270. marc0s has joined

  1271. paul has left

  1272. gregory has joined

  1273. marc0s has left

  1274. marc0s has joined

  1275. rubi has left

  1276. rubi has joined

  1277. marc0s has left

  1278. marc0s has joined

  1279. Laura has left

  1280. Laura has joined

  1281. gregory has left

  1282. gregory has joined

  1283. amee2k has left

  1284. sonny has left

  1285. sonny has joined

  1286. Laura has left

  1287. sonny has left

  1288. thomaslewis has joined

  1289. sonny has joined

  1290. sonny has left

  1291. sonny has joined

  1292. sonny has left

  1293. sonny has joined

  1294. thomaslewis has left

  1295. thomaslewis has joined

  1296. thomaslewis has left

  1297. gregory has left

  1298. gregory has joined

  1299. Ingolf has left

  1300. Ingolf has joined

  1301. marc0s has left

  1302. marc0s has joined

  1303. atomicwatch has left

  1304. inky has left

  1305. amee2k has joined

  1306. marc0s has left

  1307. marc0s has joined

  1308. sonny has left

  1309. sonny has joined

  1310. rubi has left

  1311. rubi has joined

  1312. marc0s has left

  1313. marc0s has joined

  1314. Ingolf has left

  1315. Ingolf has joined

  1316. marc0s has left

  1317. marc0s has joined

  1318. thomaslewis has joined

  1319. marc0s has left

  1320. marc0s has joined

  1321. thomaslewis has left

  1322. MSavoritias (fae,ve) has left

  1323. rubi has left

  1324. rubi has joined

  1325. goffi has left

  1326. goffi has joined

  1327. marc0s has left

  1328. marc0s has joined

  1329. marc0s has left

  1330. marc0s has joined

  1331. marc0s has left

  1332. marc0s has joined

  1333. hearty has left

  1334. hearty has joined

  1335. amee2k has left

  1336. amee2k has joined

  1337. gregory has left

  1338. gregory has joined

  1339. rubi has left

  1340. rubi has joined

  1341. marc0s has left

  1342. marc0s has joined

  1343. paul has joined

  1344. amee2k has left

  1345. amee2k has joined

  1346. Millesimus has left

  1347. Holger has left

  1348. rubi has left

  1349. rubi has joined

  1350. marc0s has left

  1351. marc0s has joined

  1352. marc0s has left

  1353. marc0s has joined

  1354. gregory has left

  1355. Kev has left

  1356. gregory has joined

  1357. jubalh has joined

  1358. thomaslewis has joined

  1359. thomaslewis has left

  1360. marc0s has left

  1361. marc0s has joined

  1362. oshn has left

  1363. Millesimus has joined

  1364. kapad has left

  1365. rubi has left

  1366. oshn has joined

  1367. kapad has joined

  1368. gregory has left

  1369. mirux has left

  1370. gregory has joined

  1371. Millesimus has left

  1372. marc0s has left

  1373. marc0s has joined

  1374. gregory has left

  1375. gregory has joined

  1376. nicoco_ has left

  1377. kapad has left

  1378. kapad has joined

  1379. Millesimus has joined

  1380. Laura has joined

  1381. kapad has left

  1382. kapad has joined

  1383. kapad has left

  1384. marc0s has left

  1385. marc0s has joined

  1386. Mario Sabatino has left

  1387. amee2k has left

  1388. rubi has joined

  1389. adx has left

  1390. thomaslewis has joined

  1391. thomaslewis has left

  1392. marc0s has left

  1393. marc0s has joined

  1394. thomaslewis has joined

  1395. marc0s has left

  1396. marc0s has joined

  1397. thomaslewis has left

  1398. Millesimus has left

  1399. pep. has left

  1400. marc0s has left

  1401. marc0s has joined

  1402. marc0s has left

  1403. marc0s has joined

  1404. inky has joined

  1405. marc0s has left

  1406. marc0s has joined

  1407. kapad has joined

  1408. thomaslewis has joined

  1409. thomaslewis has left

  1410. PapaTutuWawa has left

  1411. thomaslewis has joined

  1412. kapad has left

  1413. thomaslewis has left

  1414. kapad has joined

  1415. thomaslewis has joined

  1416. goffi has left

  1417. thomaslewis has left

  1418. gregory has left

  1419. rubi has left

  1420. gregory has joined

  1421. kapad has left

  1422. kapad has joined

  1423. Millesimus has joined

  1424. kapad has left

  1425. kapad has joined

  1426. Laura has left

  1427. sonny has left

  1428. sonny has joined

  1429. sonny has left

  1430. sonny has joined

  1431. sonny has left

  1432. sonny has joined

  1433. sonny has left

  1434. sonny has joined

  1435. sonny has left

  1436. sonny has joined

  1437. kapad has left

  1438. kapad has joined

  1439. sonny has left

  1440. sonny has joined

  1441. kapad has left

  1442. kapad has joined

  1443. kapad has left

  1444. kapad has joined

  1445. sonny has left

  1446. sonny has joined

  1447. sonny has left

  1448. sonny has joined

  1449. sonny has left