<div dir="ltr">It's actually the version of Apache that has the different default. This is coming from the guy who compiled the RPM for me.</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 21, 2015 at 4:27 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Cohen, Laurence wrote:<br>
> Rob,<br>
><br>
> It turned out that we were actually running 1.0.12 because someone<br>
> compiled libmodnss.so to solve a separate problem. He didn't create an<br>
> rpm to install it though. He just replaced the file directly. Also,<br>
> with Apache 2.2 which is what we are running, the default is<br>
> NSSSessionTickets on. You have to explicitly turn them off. They<br>
> default to off in Apache 2.4.<br>
<br>
</span>I'm not sure I understand how the default would be different unless the<br>
default is different in the versions of NSS on those systems, or the way<br>
I initialize things in mod_nss is somehow different in the different<br>
versions of Apache. Can you clarify that at all?<br>
<br>
rob<br>
<br>
><br>
> Thanks,<br>
><br>
> Larry Cohen<br>
><br>
<span class="im HOEnZb">> On Tue, Oct 20, 2015 at 11:43 AM, Cohen, Laurence <<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
</span><span class="im HOEnZb">> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>> wrote:<br>
><br>
> Ok Rob,<br>
><br>
> Thanks for all your help anyway. Someone else on my team is going<br>
> to create an RPM for version 1.0.12 so that I can just install it.<br>
> I appreciate your time and effort.<br>
><br>
> Larry Cohen<br>
><br>
> On Mon, Oct 19, 2015 at 1:23 PM, Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
</span><span class="im HOEnZb">> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>> wrote:<br>
><br>
> Cohen, Laurence wrote:<br>
> > Unfortunately the latest one I can find available for RHEL6 is 1.0.10,<br>
> > which is the one we have on our production system.<br>
><br>
> Yeah, you'd need to grab the release tarball and build it yourself.<br>
><br>
> rob<br>
><br>
> ><br>
> > On Mon, Oct 19, 2015 at 11:39 AM, Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
</span><span class="im HOEnZb">> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>> wrote:<br>
> ><br>
> > Cohen, Laurence wrote:<br>
> > > Well, I appreciate your assistance anyway. Is there a way to explicitly<br>
> > > turn it off, even though the default is supposed to be off?<br>
> ><br>
> > I guess as a test you can pull the latest mod_nss upstream release and<br>
> > try that since it has the ability to turn it off. If behavior changes<br>
> > then we may need to file a bug against nss.<br>
> ><br>
> > rob<br>
> ><br>
> > ><br>
> > > Thanks,<br>
> > ><br>
> > > Larry Cohen<br>
> > ><br>
> > > On Mon, Oct 19, 2015 at 10:09 AM, Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
</span><span class="im HOEnZb">> > > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>>> wrote:<br>
> > ><br>
> > > Cohen, Laurence wrote:<br>
> > > > Here you go.<br>
> > > ><br>
> > > > mod_nss-1.0.10-1.el6.x86_64<br>
> > > > nss-3.19.1-3.el6_6.x86_64<br>
> > ><br>
> > > Hmm, I can't duplicate this. I get no session ticket offer in the<br>
> > > initial handshake. In fact, using ssltap I can see the client offering<br>
> > > the extension and the server ignoring it. In the openssl client request<br>
> > > I see:<br>
> > ><br>
> > > extension type session_ticket, length [0]<br>
> > ><br>
> > > The server responds only with the renegotiation extension (enabled in my<br>
> > > configuration).<br>
> > ><br>
> > > This feature was added to NSS in 3.12 and according to the docs is<br>
> > > disabled by default so I don't know what could be turning it on for you.<br>
> > ><br>
> > > rob<br>
> > ><br>
> > > ><br>
> > > > On Thu, Oct 15, 2015 at 8:38 PM, Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>><br>
</span><span class="im HOEnZb">> > > > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>>>> wrote:<br>
> > > ><br>
> > > > Cohen, Laurence wrote:<br>
</span><div class="HOEnZb"><div class="h5">> > > > > Hi Rob,<br>
> > > > ><br>
> > > > > Thanks for your reply yesterday. Here is my<br>
> problem. We<br>
> > > are using<br>
> > > > > mod_nss version 1.0.8 on RHEL6. Here is a<br>
> session<br>
> > that our<br>
> > > F5 admin<br>
> > > > > sent to our production webserver at the<br>
> command line using<br>
> > > openssl.<br>
> > > > ><br>
> > > > > # openssl s_client -connect x.x.x.x:443 <<br>
> /dev/null<br>
> > > > ><br>
> > > > ><br>
> > > > ><br>
> > > > > CONNECTED(00000003)<br>
> > > > > depth=2 C = US, O = U.S. Government, OU =<br>
> DoD, OU =<br>
> > PKI, CN<br>
> > > = DoD Root CA 2<br>
> > > > > verify error:num=19:self signed certificate in<br>
> > certificate chain<br>
> > > > > verify return:0<br>
> > > > > ---<br>
> > > > > Certificate chain<br>
> > > > > 0 s:/C=us/O=u.s.<br>
> > > government/OU=DOD/OU=pki/OU=disa/CN=<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">metadata.ces.mil</a><br>
> <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>> <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > > > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > > > i:/C=US/O=U.S.<br>
> Government/OU=DoD/OU=PKI/CN=DOD CA-28<br>
> > > > > 1 s:/C=US/O=U.S.<br>
> Government/OU=DoD/OU=PKI/CN=DOD CA-28<br>
> > > > > i:/C=US/O=U.S.<br>
> Government/OU=DoD/OU=PKI/CN=DoD Root<br>
> > CA 2<br>
> > > > > 2 s:/C=US/O=U.S.<br>
> Government/OU=DoD/OU=PKI/CN=DoD Root<br>
> > CA 2<br>
> > > > > i:/C=US/O=U.S.<br>
> Government/OU=DoD/OU=PKI/CN=DoD Root<br>
> > CA 2<br>
> > > > > ---<br>
> > > > > Server certificate<br>
> > > > > -----BEGIN CERTIFICATE-----<br>
> > > > ><br>
> ><br>
> MIIFczCCBFugAwIBAgIDAMDoMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAlVT<br>
> > > > ><br>
> ><br>
> MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE<br>
> > > > ><br>
> ><br>
> CxMDUEtJMRIwEAYDVQQDEwlET0QgQ0EtMjgwHhcNMTMxMTAxMjExMTM0WhcNMTYx<br>
> > > > ><br>
> ><br>
> MTAxMjExMTM0WjBtMQswCQYDVQQGEwJ1czEYMBYGA1UEChMPdS5zLiBnb3Zlcm5t<br>
> > > > ><br>
> ><br>
> ZW50MQwwCgYDVQQLEwNET0QxDDAKBgNVBAsTA3BraTENMAsGA1UECxMEZGlzYTEZ<br>
> > > > ><br>
> ><br>
> MBcGA1UEAxMQbWV0YWRhdGEuY2VzLm1pbDCCASIwDQYJKoZIhvcNAQEBBQADggEP<br>
> > > > ><br>
> ><br>
> ADCCAQoCggEBAMuaXfCzffQnuqtQAwwTssjkbHEpQICFsjD5T0BhhLYwf/6MEZIe<br>
> > > > ><br>
> ><br>
> Dfx97j7CvqthxvVEtVe6j5d99OXW0rrXowgo/bGhnc8pR5sDke2hlUbmjb+XkqZR<br>
> > > > ><br>
> ><br>
> 03QyKv2+DFhiv8BIlO8EAygQZSYK8lyKxvvEwI19RRht1uZ9Mcn2hUKlm7OD6nnH<br>
> > > > ><br>
> ><br>
> grCk+qo8idCE2qO52gln46Q12nHIEHIrc8u6+EcgrdbC/Tpj5G+0HTuzOw4aQ0H8<br>
> > > > ><br>
> ><br>
> EMLQk8e7EdubfOxdhscS2YQtzNBkvLVEgA8QZr2wMleYG2ZJDRB0W5m6n12/3lpv<br>
> > > > ><br>
> ><br>
> M+hZMAJO8pDrzzmM1OZ0ZZYTsd2i9pvUNAsCAwEAAaOCAjAwggIsMB8GA1UdIwQY<br>
> > > > ><br>
> ><br>
> MBaAFCa0rqotjumNim+2tVud6k6usZxpMB0GA1UdDgQWBBRKkMaGpVHBLnDcBRcL<br>
> > > > ><br>
> ><br>
> SdbKrPieKjBjBggrBgEFBQcBAQRXMFUwMQYIKwYBBQUHMAKGJWh0dHA6Ly9jcmwu<br>
> > > > ><br>
> ><br>
> ZGlzYS5taWwvc2lnbi9ET0RDQV8yOC5jZXIwIAYIKwYBBQUHMAGGFGh0dHA6Ly9v<br>
> > > > ><br>
> ><br>
> Y3NwLmRpc2EubWlsMA4GA1UdDwEB/wQEAwIFoDCBwwYDVR0fBIG7MIG4MCqgKKAm<br>
> > > > ><br>
> ><br>
> hiRodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RDQV8yOC5jcmwwgYmggYaggYOG<br>
> > > > ><br>
> ><br>
> gYBsZGFwOi8vY3JsLmdkcy5kaXNhLm1pbC9jbiUzZERPRCUyMENBLTI4JTJjb3Ul<br>
> > > > ><br>
> ><br>
> M2RQS0klMmNvdSUzZERvRCUyY28lM2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RV<br>
> > > > ><br>
> ><br>
> Uz9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeTBbBgNVHREEVDBSghBt<br>
> > > > ><br>
> ><br>
> ZXRhZGF0YS5jZXMubWlsghBtZXRhZGF0YS5jZXMubWlsghVtZXRhZGF0YS1jb2xz<br>
> > > > ><br>
> ><br>
> LmNlcy5taWyCFW1ldGFkYXRhLXNhdHguY2VzLm1pbDAjBgNVHSAEHDAaMAsGCWCG<br>
> > > > ><br>
> ><br>
> SAFlAgELBTALBglghkgBZQIBCxIwLQYDVR0lBCYwJAYIKwYBBQUHAwEGCCsGAQUF<br>
> > > > ><br>
> ><br>
> BwMCBggrBgEFBQgCAgYEVR0lADANBgkqhkiG9w0BAQUFAAOCAQEAjVht0bS/D5+M<br>
> > > > ><br>
> ><br>
> kCoYbxyFLWnAIWzoeyZC2al5znPllgQrW+RTVBjGiYlvKB2W5eXVJF+RCjCBk1k5<br>
> > > > ><br>
> ><br>
> qrtINH39+FQQZjivwhidLKWklEUt4MRN3tulRlTj+Hr34F0reD56EQaFSlXXvY0r<br>
> > > > ><br>
> ><br>
> +LNx5xzudvvrf45dCbHKGNmjDpyDIiezJbCojfYfN7E8ljkA0bq5Ku4eCsAm4sbd<br>
> > > > ><br>
> ><br>
> ezRoZsxSzzOUuynmP3yo20A+nU6+dDsVPXulkamlLGpVnC7nHnl5f8gspr4S7Ld8<br>
> > > > ><br>
> ><br>
> MnC/K7qfNaUTUkpe7Qym8WfKU0dUHWNAzqvSmhYJlk7wYwpKRfRlPi2cxabOkcxL<br>
> > > > > 4F2HMSAkIw==<br>
> > > > > -----END CERTIFICATE-----<br>
> > > > > subject=/C=us/O=u.s.<br>
> > > > ><br>
> government/OU=DOD/OU=pki/OU=disa/CN=<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">metadata.ces.mil</a><br>
> <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > > > <<a href="http://metadata.ces.mil" rel="noreferrer" target="_blank">http://metadata.ces.mil</a>><br>
> > > > > issuer=/C=US/O=U.S.<br>
> Government/OU=DoD/OU=PKI/CN=DOD CA-28<br>
> > > > > ---<br>
> > > > > No client certificate CA names sent<br>
> > > > > ---<br>
> > > > > SSL handshake has read 3989 bytes and<br>
> written 647 bytes<br>
> > > > > ---<br>
> > > > > New, TLSv1/SSLv3, Cipher is AES256-SHA<br>
> > > > > Server public key is 2048 bit<br>
> > > > > Secure Renegotiation IS supported<br>
> > > > > Compression: NONE<br>
> > > > > Expansion: NONE<br>
> > > > > SSL-Session:<br>
> > > > > Protocol : TLSv1.1<br>
> > > > > Cipher : AES256-SHA<br>
> > > > > Session-ID:<br>
> > > > ><br>
> ><br>
> 606DF4ED165AF725E18F3EBAA3BE18669E7E47921BF246EF1851C6E622C15B2A<br>
> > > > > Session-ID-ctx:<br>
> > > > > Master-Key:<br>
> > > > ><br>
> > > ><br>
> > ><br>
> ><br>
> A7F149F1EFF32EC29C8C1F570A076A7F3A20C7890F58958A9539ECC52822E28BCBBC94949C638AF52D8D89854887018C<br>
> > > > > Key-Arg : None<br>
> > > > > PSK identity: None<br>
> > > > > PSK identity hint: None<br>
> > > > > TLS session ticket lifetime hint: 172800<br>
> (seconds)<br>
> > > > > TLS session ticket:<br>
> > > > > 0000 - 4e 53 53 21 d9 f3 55 ff-e1 a9 5e<br>
> a1 bb 2c 45 50<br>
> > > > > NSS!..U...^..,EP<br>
> > > > > 0010 - 27 9c cc 9d 07 2a af 5f-a3 06 ad<br>
> 26 9a 1d cc 7a<br>
> > > > > '....*._...&...z<br>
> > > > > 0020 - 00 50 e7 85 b2 eb 32 7f-dc 71 d3<br>
> ec 39 09 43 8a<br>
> > > > > .P....2..q..9.C.<br>
> > > > > 0030 - 08 40 6c 6f b5 9e df 9c-4b 57 78<br>
> 49 50 af d4 9b<br>
> > > > > .@lo....KWxIP...<br>
> > > > > 0040 - 84 83 3d 8d de c8 91 6f-2c 9c 83<br>
> a4 bc 9c 68 4a<br>
> > > > > ..=....o,.....hJ<br>
> > > > > 0050 - b1 4f 46 1e fb a9 80 3f-f6 ff f7<br>
> 3a 4f b3 e7 5a<br>
> > > > > .OF....?...:O..Z<br>
> > > > > 0060 - 8f 69 a2 3e 8a 57 d5 53-18 b2 15<br>
> bf 72 86 e1 d9<br>
> > > > > .i.>.W.S....r...<br>
> > > > > 0070 - 9d b5 3e 1e 45 80 d6 96-e3 b7 c5<br>
> ca b4 03 d3 21<br>
> > > > > ..>.E..........!<br>
> > > > > 0080 - 70 95 a7 77 32 9e 92 7b-bf bb 4d<br>
> b2 92 3f 8f 61<br>
> > > > > p..w2..{..M..?.a<br>
> > > > > 0090 - 03 dd<br>
> > ..<br>
> > > > ><br>
> > > > > Start Time: 1444922629<br>
> > > > > Timeout : 300 (sec)<br>
> > > > > Verify return code: 19 (self signed<br>
> certificate in<br>
> > > certificate<br>
> > > > chain)<br>
> > > > > ---<br>
> > > > > DONE<br>
> > > > ><br>
> > > > > As you can see, our server is clearing<br>
> presenting a TLS<br>
> > > session ticket<br>
> > > > > which supposedly should be turned off by<br>
> default in this<br>
> > > version of<br>
> > > > > mod_nss. I'm confused, and I'm also a<br>
> newbie to mod_nss.<br>
> > > Could you<br>
> > > > > please help me understand?<br>
> > > ><br>
> > > > Can you provide this:<br>
> > > ><br>
> > > > rpm -q mod_nss nss<br>
> > > ><br>
> > > > rob<br>
> > > ><br>
> > > > ><br>
> > > > > Thanks,<br>
> > > > ><br>
> > > > > Larry Cohen<br>
> > > > ><br>
> > > > > On Wed, Oct 14, 2015 at 11:26 AM, Rob Crittenden<br>
> > > <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>><br>
> > > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>>><br>
> > > > > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>><br>
> > > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>><br>
> > <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br>
> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a> <mailto:<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>>>>>> wrote:<br>
> > > > ><br>
> > > > > Cohen, Laurence wrote:<br>
> > > > > > I'm trying to find out what version of<br>
> mod_nss<br>
> > uses TLSSESSIONTICKETS<br>
> > > > > > and has the ability to turn them off.<br>
> I see<br>
> > that Fedora has a version<br>
> > > > > > that has this function, but I need<br>
> this function<br>
> > for RHEL6. I want to<br>
> > > > > > try to avoid doing a custom build<br>
> since this is<br>
> > for a government customer.<br>
> > > > ><br>
> > > > > TLS Session tickets are disabled by default.<br>
> > mod_nss 1.0.12 adds an<br>
> > > > > option to turn them on.<br>
> > > > ><br>
> > > > > rob<br>
> > > > ><br>
> > > > ><br>
> > > > ><br>
> > > > ><br>
> > > > > --<br>
> > > > ><br>
> > > > > <a href="http://www.novetta.com" rel="noreferrer" target="_blank">www.novetta.com</a> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> > <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> > > <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> > > > ><br>
> > > > > Larry Cohen<br>
> > > > ><br>
> > > > > System Administrator<br>
> > > > ><br>
> > > > ><br>
> > > > > 12021 Sunset Hills Road, Suite 400<br>
> > > > ><br>
> > > > > Reston, VA 20190<br>
> > > > ><br>
> > > > > Email <a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>><br>
> > <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>>><br>
> > > <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>><br>
> > <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>>>><br>
> > > > <<a href="http://novetta.com" rel="noreferrer" target="_blank">http://novetta.com</a>><br>
> > > > ><br>
> > > > > Office 703-885-1064<br>
> > > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > --<br>
> > > ><br>
> > > > <a href="http://www.novetta.com" rel="noreferrer" target="_blank">www.novetta.com</a> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> > <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> > > ><br>
> > > > Larry Cohen<br>
> > > ><br>
> > > > System Administrator<br>
> > > ><br>
> > > ><br>
> > > > 12021 Sunset Hills Road, Suite 400<br>
> > > ><br>
> > > > Reston, VA 20190<br>
> > > ><br>
> > > > Email <a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>><br>
> > <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>>><br>
> > > <<a href="http://novetta.com" rel="noreferrer" target="_blank">http://novetta.com</a>><br>
> > > ><br>
> > > > Office 703-885-1064<br>
> > > ><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > --<br>
> > ><br>
> > > <a href="http://www.novetta.com" rel="noreferrer" target="_blank">www.novetta.com</a> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> > ><br>
> > > Larry Cohen<br>
> > ><br>
> > > System Administrator<br>
> > ><br>
> > ><br>
> > > 12021 Sunset Hills Road, Suite 400<br>
> > ><br>
> > > Reston, VA 20190<br>
> > ><br>
> > > Email <a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>><br>
> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>>><br>
> > <<a href="http://novetta.com" rel="noreferrer" target="_blank">http://novetta.com</a>><br>
> > ><br>
> > > Office 703-885-1064<br>
> > ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> ><br>
> > <a href="http://www.novetta.com" rel="noreferrer" target="_blank">www.novetta.com</a> <<a href="http://www.novetta.com" rel="noreferrer" target="_blank">http://www.novetta.com</a>><br>
> ><br>
> > Larry Cohen<br>
> ><br>
> > System Administrator<br>
> ><br>
> ><br>
> > 12021 Sunset Hills Road, Suite 400<br>
> ><br>
> > Reston, VA 20190<br>
> ><br>
> > Email <a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <mailto:<a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a>><br>
> <<a href="http://novetta.com" rel="noreferrer" target="_blank">http://novetta.com</a>><br>
> ><br>
> > Office 703-885-1064<br>
> ><br>
><br>
><br>
><br>
><br>
> --<br>
><br>
> <a href="http://www.novetta.com" rel="noreferrer" target="_blank">www.novetta.com</a><br>
><br>
> Larry Cohen<br>
><br>
> System Administrator<br>
><br>
><br>
> 12021 Sunset Hills Road, Suite 400<br>
><br>
> Reston, VA 20190<br>
><br>
> Email <a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <<a href="http://novetta.com" rel="noreferrer" target="_blank">http://novetta.com</a>><br>
><br>
> Office 703-885-1064<br>
><br>
><br>
><br>
><br>
> --<br>
><br>
> <a href="http://www.novetta.com" rel="noreferrer" target="_blank">www.novetta.com</a><br>
><br>
> Larry Cohen<br>
><br>
> System Administrator<br>
><br>
><br>
> 12021 Sunset Hills Road, Suite 400<br>
><br>
> Reston, VA 20190<br>
><br>
> Email <a href="mailto:lcohen@novetta.com">lcohen@novetta.com</a> <<a href="http://novetta.com" rel="noreferrer" target="_blank">http://novetta.com</a>><br>
><br>
> Office 703-885-1064<br>
><br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.5;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(0,0,0);font-family:Helvetica,sans-serif;font-size:15px;vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><img alt="www.novetta.com" src="https://p2.zdassets.com/hc/theme_assets/236109/200035260/novetta-email.png" style="border:currentcolor" height="56" width="211"></span></p><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.5;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(0,100,182);font-family:Helvetica,sans-serif;font-weight:bold;vertical-align:baseline;white-space:pre-wrap">Larry Cohen</span></p><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;font-style:italic;vertical-align:baseline;white-space:pre-wrap">System Administrator</span></p><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.5;margin-top:0pt;margin-bottom:0pt"><br style="font-size:13.3333339691162px;line-height:22.2222232818604px"></p><p style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap">12021 Sunset Hills Road, Suite 400</span></p><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap">Reston, VA 20190</span></p><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(0,100,182);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap">Email</span><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap"> lcohen@</span><span style="color:rgb(17,85,204);font-family:Helvetica,sans-serif;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap"><a href="http://novetta.com" target="_blank">novetta.com</a></span><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap"> </span></p><p dir="ltr" style="color:rgb(51,51,51);font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(0,100,182);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap">Office</span><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap"> 703-885-1064</span></p><p dir="ltr" style="font-family:'Lucida Grande','Lucida Sans',Verdana,Arial,sans-serif;font-size:13.3333339691162px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="color:rgb(147,149,152);font-family:Helvetica,sans-serif;vertical-align:baseline;white-space:pre-wrap"></span></p><table style="color:rgb(147,149,152);font-family:sans-serif;font-size:medium"><tbody><tr></tr><tr></tr><tr></tr></tbody></table> </div></div>
</div>