tls-0.9.5: TLS/SSL protocol native implementation (Server and Client)

Portabilityunknown
Stabilityexperimental
MaintainerVincent Hanquez <vincent@snarc.org>
Safe HaskellSafe-Infered

Network.TLS

Contents

Description

 

Synopsis

Context configuration

data TLSParams

Constructors

TLSParams 

Fields

pConnectVersion :: Version

version to use on client connection.

pAllowedVersions :: [Version]

allowed versions that we can use.

pCiphers :: [Cipher]

all ciphers supported ordered by priority.

pCompressions :: [Compression]

all compression supported ordered by priority.

pWantClientCert :: Bool

request a certificate from client. use by server only.

pUseSecureRenegotiation :: Bool
 
pUseSession :: Bool
 
pCertificates :: [(X509, Maybe PrivateKey)]

the cert chain for this context with the associated keys if any.

pLogging :: TLSLogging

callback for logging

onHandshake :: Measurement -> IO Bool

callback on a beggining of handshake

onCertificatesRecv :: [X509] -> IO TLSCertificateUsage

callback to verify received cert chain.

onSessionResumption :: SessionID -> IO (Maybe SessionData)

callback to maybe resume session on server.

onSessionEstablished :: SessionID -> SessionData -> IO ()

callback when session have been established

onSessionInvalidated :: SessionID -> IO ()

callback when session is invalidated by error

sessionResumeWith :: Maybe (SessionID, SessionData)

try to establish a connection using this session.

Instances

data TLSLogging

Constructors

TLSLogging 

Fields

loggingPacketSent :: String -> IO ()
 
loggingPacketRecv :: String -> IO ()
 
loggingIOSent :: ByteString -> IO ()
 
loggingIORecv :: Header -> ByteString -> IO ()
 

data TLSCertificateUsage

Certificate Usage callback possible returns values.

Constructors

CertificateUsageAccept

usage of certificate accepted

CertificateUsageReject TLSCertificateRejectReason

usage of certificate rejected

Instances

data TLSCertificateRejectReason

Certificate and Chain rejection reason

Constructors

CertificateRejectExpired 
CertificateRejectRevoked 
CertificateRejectUnknownCA 
CertificateRejectOther String 

Instances

defaultParams :: TLSParams

defaultLogging :: TLSLogging

Context object

data TLSCtx a

A TLS Context is a handle augmented by tls specific state and parameters

ctxConnection :: TLSCtx a -> a

return the connection object associated with this context

Creating a context

client

Arguments

:: (MonadIO m, CryptoRandomGen g) 
=> TLSParams

parameters to use for this context

-> g

random number generator associated with the context

-> Handle

handle to use

-> m (TLSCtx Handle) 

Create a new Client context with a configuration, a RNG, and a Handle. It reconfigures the handle's BufferMode to NoBuffering.

server :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m (TLSCtx Handle)

Create a new Server context with a configuration, a RNG, and a Handle. It reconfigures the handle's BufferMode to NoBuffering.

Initialisation and Termination of context

bye :: MonadIO m => TLSCtx c -> m ()

notify the context that this side wants to close connection. this is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2).

this doesn't actually close the handle

handshake :: MonadIO m => TLSCtx c -> m ()

Handshake for a new TLS connection This is to be called at the beginning of a connection, and during renegotiation

High level API

sendData :: MonadIO m => TLSCtx c -> ByteString -> m ()

sendData sends a bunch of data. It will automatically chunk data to acceptable packet size

recvData :: MonadIO m => TLSCtx c -> m ByteString

recvData get data out of Data packet, and automatically renegotiate if a Handshake ClientHello is received

recvData' :: MonadIO m => TLSCtx c -> m ByteString

Crypto Key

data PrivateKey

Constructors

PrivRSA PrivateKey 

Instances

Compressions & Predefined compressions

class CompressionC a where

supported compression algorithms need to be part of this class

Methods

compressionCID :: a -> Word8

compressionCDeflate :: a -> ByteString -> (a, ByteString)

compressionCInflate :: a -> ByteString -> (a, ByteString)

Instances

CompressionC NullCompression 

data Compression

every compression need to be wrapped in this, to fit in structure

Constructors

forall a . CompressionC a => Compression a 

Instances

nullCompression :: Compression

default null compression

Ciphers & Predefined ciphers

data Cipher

Cipher algorithm

Constructors

Cipher 

Fields

cipherID :: Word16
 
cipherName :: String
 
cipherHash :: Hash
 
cipherBulk :: Bulk
 
cipherKeyExchange :: CipherKeyExchangeType
 
cipherMinVer :: Maybe Version
 

Instances

data Bulk

Constructors

Bulk 

Fields

bulkName :: String
 
bulkKeySize :: Int
 
bulkIVSize :: Int
 
bulkBlockSize :: Int
 
bulkF :: BulkFunctions
 

Versions

data Version

Versions known to TLS

SSL2 is just defined, but this version is and will not be supported.

Constructors

SSL2 
SSL3 
TLS10 
TLS11 
TLS12 

Instances

Errors

data TLSError

TLSError that might be returned through the TLS stack

Constructors

Error_Misc String

mainly for instance of Error

Error_Protocol (String, Bool, AlertDescription) 
Error_Certificate String 
Error_HandshakePolicy String

handshake policy failed.

Error_Random String 
Error_EOF 
Error_Packet String 
Error_Packet_Size_Mismatch (Int, Int) 
Error_Packet_unexpected String String 
Error_Packet_Parsing String 
Error_Internal_Packet_ByteProcessed Int Int Int 
Error_Unknown_Version Word8 Word8 
Error_Unknown_Type String 

Instances

Exceptions

data HandshakeFailed

Constructors

HandshakeFailed TLSError 

Instances

data ConnectionNotEstablished

Constructors

ConnectionNotEstablished 

Instances