Portability	unknown
Stability	experimental
Maintainer	Vincent Hanquez <vincent@snarc.org>

Network.TLS

Contents

Context configuration
Context object
Creating a context
Initialisation and Termination of context
High level API
Crypto Key
Compressions & Predefined compressions
Ciphers & Predefined ciphers
Versions
Errors

Description

Synopsis

Context configuration

data TLSParams Source

Constructors

TLSParams

Fields

pConnectVersion :: Version: version to use on client connection.
pAllowedVersions :: [Version]: allowed versions that we can use.
pCiphers :: [Cipher]: all ciphers supported ordered by priority.
pCompressions :: [Compression]: all compression supported ordered by priority.
pWantClientCert :: Bool: request a certificate from client. use by server only.
pCertificates :: [(X509, Maybe PrivateKey)]: the cert chain for this context with the associated keys if any.
onCertificatesRecv :: [X509] -> IO Bool: callback to verify received cert chain.

Instances

Show TLSParams

defaultParams :: TLSParams Source

Context object

data TLSCtx Source

A TLS Context is a handle augmented by tls specific state and parameters

ctxHandle :: TLSCtx -> Handle Source

return the handle associated with this context

Creating a context

client :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m TLSCtx Source

Create a new Client context with a configuration, a RNG, and a Handle. It reconfigures the handle buffermode to noBuffering

server :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m TLSCtx Source

Create a new Server context with a configuration, a RNG, and a Handle. It reconfigures the handle buffermode to noBuffering

Initialisation and Termination of context

bye :: MonadIO m => TLSCtx -> m ()Source

notify the context that this side wants to close connection. this is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2).

this doesn't actually close the handle

handshake :: MonadIO m => TLSCtx -> m ()Source

Handshake for a new TLS connection This is to be called at the beginning of a connection, and during renegociation

High level API

sendData :: MonadIO m => TLSCtx -> ByteString -> m ()Source

sendData sends a bunch of data. It will automatically chunk data to acceptable packet size

recvData :: MonadIO m => TLSCtx -> m ByteString Source

recvData get data out of Data packet, and automatically renegociate if a Handshake ClientHello is received

Crypto Key

data PrivateKey Source

Constructors

PrivRSA PrivateKey

Instances

Show PrivateKey

Compressions & Predefined compressions

data Compression Source

Compression algorithm

Instances

Show Compression

nullCompression :: Compression Source

default null compression

Ciphers & Predefined ciphers

data Cipher Source

Cipher algorithm

Instances

Eq Cipher
Show Cipher

Versions

data Version Source

Versions known to TLS

SSL2 is just defined, but this version is and will not be supported.

TLS12 is not yet supported

Constructors

SSL2
SSL3
TLS10
TLS11
TLS12

Instances

Eq Version
Ord Version
Show Version

Errors

data TLSError Source

TLSError that might be returned through the TLS stack

Instances

Eq TLSError
Show TLSError
Error TLSError
MonadError TLSError Get
MonadError TLSError TLSSt

Error_Misc String
Error_Certificate String
Error_Random String
Error_Digest ([Word8], [Word8])
Error_Packet String
Error_Packet_Size_Mismatch (Int, Int)
Error_Packet_unexpected String String
Error_Internal_Packet_Remaining Int
Error_Internal_Packet_ByteProcessed Int Int Int
Error_Unknown_Version Word8 Word8
Error_Unknown_Type String