<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Do you control the client application? If yes, then perhaps it can be<br>adjusted to support HTTP proxies? In other words, the client will send a<br>plain text HTTP CONNECT request to Squid and, upon receiving a 200<br>(Connection Established) response headers, will start using TLS with the<br>origin server. In this case, you do not need interception.</blockquote><div><br></div><div>Nope, the client application is also used to communicate with other apps in</div><div>other environments. The SNI has to be used as the client/server apps perform</div><div>mutual TLS authentication.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">In other words, the client will send a<br>plain text HTTP CONNECT request to Squid and, upon receiving a 200<br>(Connection Established) response headers, will start using TLS with the<br>origin server. In this case, you do not need interception.</blockquote><div><br></div><div>In order to evaluate if we can use Squid for this purpose, I have also created a</div><div>basic TLS client/server app to validate what is happening. Basically my TLS client</div><div>tries to connect directly to Squid IP/Port and I am indicating the SNI so that the </div><div>TLS handshake passes.<br></div><div><br></div><div>Using a reverse I was able to make it reach the TLS server after faking a CONNECT</div><div>request. But without a fake CONNECT or a valid HTTP request it failed.</div><div><br></div><div>When I tried to make it work using a forward proxy with intercept and ssl_bump, I</div><div>could not make Squid peek at the SNI and tunnel the request to the correct destination.</div><div><br></div><div>Fernando</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 29, 2023 at 11:35 AM Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2023-09-29 09:17, Fernando Giorgetti wrote:<br>
<br>
> Actually I am evaluating if Squid can be used to proxy Non-HTTP/TLS<br>
> data, as we have a restricted environment where Squid is currently the<br>
> only way to get out to the internet.<br>
<br>
Yes, Squid can tunnel non-HTTP data, including TLS data.<br>
<br>
<br>
> The idea is that the client application will open a connection to a given<br>
> hostname and port (setting the SNI in the TLS options), considering that<br>
> the given hostname/port is the actual backend they're trying to reach.<br>
<br>
Do you control the client application? If yes, then perhaps it can be <br>
adjusted to support HTTP proxies? In other words, the client will send a <br>
plain text HTTP CONNECT request to Squid and, upon receiving a 200 <br>
(Connection Established) response headers, will start using TLS with the <br>
origin server. In this case, you do not need interception.<br>
<br>
<br>
> We can either try to use a fake hostname (defined in the /etc/hosts of the<br>
> tls client machine) which would actually point to Squid's IP <br>
<br>
AFAICT, faking the IP address will not work without Squid source code <br>
modifications because a non-intercepting Squid https_port will want to <br>
terminate TLS -- such a port does not support blindly tunneling traffic.<br>
<br>
<br>
> or eventually<br>
> redirect traffic to the real destination into Squid using a DNAT rule.<br>
<br>
I am not a DNAT expert, but this sounds like interception to me. Bugs <br>
notwithstanding, Squid supports blind tunneling of intercepted TCP <br>
connections (to their intended destination):<br>
<br>
     https_port X intercept ssl-bump ...<br>
     ssl_bump splice all<br>
<br>
On a successful tunneling path, the above configuration does not care <br>
whether the intercepted traffic is TLS and will not peek at TLS SNI, but <br>
nothing in your requirements necessitates SNI knowledge AFAICT.<br>
<br>
If Squid fails to establish a TCP connection to the intended destination <br>
of the intercepted connection, then the situation becomes more complex: <br>
Squid (with the above configuration) assumes that the client is speaking <br>
TLS. Squid will attempt to bump the TLS client connection and send a <br>
Squid-generated HTTP error response to the client. AFAIK, this bumping <br>
and error sending attempt cannot be prevented in this case without Squid <br>
source code modifications: Squid used to be able to terminate a <br>
client-Squid connection instead of sending a Squid-generated HTTP error <br>
response (by replacing the corresponding Squid error page contents with <br>
a word "reset"). However, that feature was accidentally(?) dropped in <br>
2002 commit 76cdc28 AFAICT.<br>
<br>
<br>
HTH,<br>
<br>
Alex.<br>
<br>
<br>
> But overall, it will be a 1:1 relationship, meaning, the https_port on Squid<br>
> would be used exclusively to this purpose of proxying from a given source<br>
> to a given destination.<br>
> <br>
> That is why I was considering a reverse-proxy, but I had no luck with it <br>
> (actually<br>
> I was able to proxy HTTP/HTTPS, but not non-http).<br>
> <br>
> Thank you again,<br>
> Fernando<br>
> <br>
> On Thu, Sep 28, 2023 at 11:39 PM Alex Rousskov <br>
> <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a> <br>
> <mailto:<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>>> wrote:<br>
> <br>
>     On 2023-09-28 20:35, Fernando Giorgetti wrote:<br>
> <br>
>      > Do you have any recommendations on how I could have it done?<br>
> <br>
>     I am unable to confirm whether Squid can do what you want or provide<br>
>     configuration recommendations because I do not yet know how your Squid<br>
>     will receive traffic (e.g., an intercepting proxy or an explicit<br>
>     forward<br>
>     HTTP proxy), what traffic Squid will receive (e.g., TLS, plain HTTP,<br>
>     something else), and what you want Squid to do with that traffic.<br>
> <br>
>     To make progress, I recommend describing the above details (for one<br>
>     typical use case?) and then answering any followup questions.<br>
> <br>
> <br>
>     Cheers,<br>
> <br>
>     Alex.<br>
> <br>
> <br>
>      > When my tls client tries to reach the target through Squid, using<br>
>      > a "ssl_bump splice", it seems like squid is trying to reach<br>
>     itself in a<br>
>      > loop.<br>
>      ><br>
>      > I have also tried including a peek first, but no luck.<br>
>      ><br>
>      > Thanks again for all suggestions.<br>
>      ><br>
>      > On Thu, Sep 28, 2023 at 7:23 PM Alex Rousskov wrote:<br>
>      ><br>
>      >     On 2023-09-28 15:23, Fernando Giorgetti wrote:<br>
>      ><br>
>      >      > Actually with the suggested blind passthrough, Squid would not<br>
>      >     handle<br>
>      >      > the TLS termination.<br>
>      ><br>
>      >     Correct.<br>
>      ><br>
>      ><br>
>      >      > how will Squid know what the target is?<br>
>      ><br>
>      >     In many cases, Squid can learn SNI by peeking at TLS ClientHello,<br>
>      >     without terminating TLS. Bugs notwithstanding, none of the<br>
>      >     configuration<br>
>      >     sketches I shared previously will do that though.<br>
>      ><br>
>      ><br>
>      >     HTH,<br>
>      ><br>
>      >     Alex.<br>
>      ><br>
>      ><br>
>      ><br>
>      >      > On Thu, Sep 28, 2023 at 1:02 PM Alex Rousskov wrote:<br>
>      >      ><br>
>      >      >     On 2023-09-28 11:31, Fernando Giorgetti wrote:<br>
>      >      ><br>
>      >      >      > And what should I do to let Squid use the SNI<br>
>     defined by<br>
>      >     the TLS<br>
>      >      >     client?<br>
>      >      ><br>
>      >      >     What do you want Squid to use that SNI for?<br>
>      >      ><br>
>      >      >     Alex.<br>
>      >      ><br>
>      >      ><br>
>      >      >      > On Thu, Sep 28, 2023 at 11:51 AM Alex Rousskov wrote:<br>
>      >      >      ><br>
>      >      >      >     On 2023-09-28 09:06, Fernando Giorgetti wrote:<br>
>      >      >      >      > Hi Matus, do you mean something like a DNAT<br>
>      >     (iptables) rule?<br>
>      >      >      >      > If so, I would say, it should work as well.<br>
>      >      >      >      ><br>
>      >      >      >      > But this is an environment I do not control,<br>
>     and I have<br>
>      >      >     been told<br>
>      >      >      >     to try<br>
>      >      >      >      > using an existing squid installation to proxy<br>
>      >     non-http/TLS<br>
>      >      >     data<br>
>      >      >      >     through.<br>
>      >      >      >      ><br>
>      >      >      >      > I appreciate any guidance or recommendation.<br>
>      >      >      ><br>
>      >      >      ><br>
>      >      >      >     Bugs notwithstanding, Squid can blindly tunnel<br>
>     intercepted<br>
>      >      >     (at TCP port<br>
>      >      >      >     X) TCP traffic to its intended destination:<br>
>      >      >      ><br>
>      >      >      >           https_port X intercept ssl-bump ...<br>
>      >      >      >           ssl_bump splice all<br>
>      >      >      ><br>
>      >      >      ><br>
>      >      >      >     Without interception, then Squid can only<br>
>     tunnel stuff<br>
>      >     inside<br>
>      >      >     HTTP<br>
>      >      >      >     CONNECT tunnels (for HTTP CONNECT requests<br>
>     received at TCP<br>
>      >      >     port Y):<br>
>      >      >      ><br>
>      >      >      >           http_port Y ssl-bump ...<br>
>      >      >      >           ssl_bump splice all<br>
>      >      >      ><br>
>      >      >      ><br>
>      >      >      >     In both cases, Squid does not care about the<br>
>     protocols<br>
>      >     that<br>
>      >      >     tunneled<br>
>      >      >      >     traffic is using. It could be HTTP, HTTPS, TLS, or<br>
>      >     anything<br>
>      >      >     else on top<br>
>      >      >      >     of TCP.<br>
>      >      >      ><br>
>      >      >      >     Your ACLs may differ from "all" in the above<br>
>     sketches,<br>
>      >     of course,<br>
>      >      >      >     but if<br>
>      >      >      >     traffic is not TLS, then you want an "ssl_bump<br>
>     splice"<br>
>      >     rule that<br>
>      >      >      >     matches<br>
>      >      >      >     during SslBump step1. A rule with an "all" ACLs<br>
>     is the<br>
>      >      >     simplest example<br>
>      >      >      >     of that.<br>
>      >      >      ><br>
>      >      >      ><br>
>      >      >      >     HTH,<br>
>      >      >      ><br>
>      >      >      >     Alex.<br>
>      >      >      >     P.S. I am getting an "Internal Server Error" when<br>
>      >     following<br>
>      >      >     the haproxy<br>
>      >      >      >     link in the original question, so I cannot map what<br>
>      >     that page<br>
>      >      >     says to<br>
>      >      >      >     the configurations above.<br>
>      >      >      ><br>
>      >      >      ><br>
>      >      >      >      > On Thu, Sep 28, 2023 at 3:41 AM Matus UHLAR -<br>
>      >     fantomas wrote:<br>
>      >      >      >      ><br>
>      >      >      >      >     On 27.09.23 16:48, Fernando Giorgetti wrote:<br>
>      >      >      >      >      >I would like to know if it is possible<br>
>     to set up<br>
>      >      >     Squid to<br>
>      >      >      >     perform<br>
>      >      >      >      >      >TLS passthrough to a given backend,<br>
>     relaying TLS<br>
>      >      >     encrypted<br>
>      >      >      >      >      >traffic to the backend, similarly to<br>
>     what HAProxy<br>
>      >      >     does below?<br>
>      >      >      >      >      ><br>
>      >      >      >      ><br>
>      >      >      ><br>
>      >      ><br>
>      >     <br>
>      ><a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a> <<a href="https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough" rel="noreferrer" target="_blank">https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough</a>>>>>><br>
>      >      >      >      >      ><br>
>      >      >      >      >      >I have tried a few different<br>
>     configurations using<br>
>      >      >     reverse<br>
>      >      >      >     proxy,<br>
>      >      >      >      >      >or peek and splice, but I could not<br>
>     make it<br>
>      >     work without<br>
>      >      >      >     providing<br>
>      >      >      >      >      >a valid HTTP request or a CONNECT request.<br>
>      >      >      >      ><br>
>      >      >      >      >     what's the difference between TCP<br>
>     redirect and<br>
>      >     this?<br>
>      >      >      >      ><br>
>      >      >      >      >     --<br>
>      >      >      >      >     Matus UHLAR - fantomas,<br>
>     <a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>><br>
>      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>><br>
>      >      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>>><br>
>      >      >      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>><br>
>      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>>>><br>
>      >      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>><br>
>      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>>><br>
>      >      >      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>><br>
>      >     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>><br>
>     <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a> <mailto:<a href="mailto:uhlar@fantomas.sk" target="_blank">uhlar@fantomas.sk</a>>>>>><br>
>      >      >      >      >     ; <a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>>><br>
>      >      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>><br>
>      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>>>><br>
>      >      >      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>><br>
>      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>>><br>
>      >      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>><br>
>      >     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>><br>
>     <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a> <<a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a>>>>>><br>
>      >      >      >      >     Warning: I wish NOT to receive e-mail<br>
>      >     advertising to this<br>
>      >      >      >     address.<br>
>      >      >      >      >     Varovanie: na tuto adresu chcem NEDOSTAVAT<br>
>      >     akukolvek<br>
>      >      >     reklamnu<br>
>      >      >      >     postu.<br>
>      >      >      >      >     Depression is merely anger without<br>
>     enthusiasm.<br>
>      >      >      >      >   <br>
>       _______________________________________________<br>
> <br>
> <br>
<br>
</blockquote></div>