tls: TLS/SSL protocol native implementation (Server and Client)

[ bsd3, library, network ] [ Propose Tags ]

Native Haskell TLS and SSL protocol implementation for server and client.

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, with only RSA supported for Key Exchange.

Only core protocol available here, have a look at the http://hackage.haskell.org/package/tls-extra/ package for default ciphers, compressions and certificates functions.


[Skip to Readme]
Versions 0.1, 0.1.1, 0.1.2, 0.1.3, 0.2, 0.3, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.3.1, 0.8.3.2, 0.8.4, 0.8.5, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.4.0, 1.4.1
Dependencies base (>=3 && <4.8), bytestring, cereal (>=0.3), certificate (>=1.2.0 && <1.3.0), cprng-aes, crypto-api (>=0.5), cryptocipher (>=0.3.0 && <0.4.0), cryptohash (>=0.6), mtl, QuickCheck (>=2), test-framework, test-framework-quickcheck2, time [details]
License BSD-3-Clause
Copyright Vincent Hanquez <vincent@snarc.org>
Author Vincent Hanquez <vincent@snarc.org>
Maintainer Vincent Hanquez <vincent@snarc.org>
Revised Revision 1 made by phadej at Mon May 9 10:24:39 UTC 2016
Category Network
Home page http://github.com/vincenthz/hs-tls
Source repo head: git clone git://github.com/vincenthz/hs-tls
Uploaded by VincentHanquez at Mon Jul 23 20:25:27 UTC 2012
Distributions Arch:1.4.1, Debian:1.3.4, Fedora:1.4.0, FreeBSD:1.3.1, LTSHaskell:1.4.1, NixOS:1.4.1, Stackage:1.4.1, openSUSE:1.4.1
Executables Tests
Downloads 186387 total (587 in the last 30 days)
Rating (no votes yet) [estimated by rule of succession]
Your Rating
  • λ
  • λ
  • λ
Status Docs uploaded by user
Build status unknown [no reports yet]
Hackage Matrix CI

Modules

[Index]

  • Network
    • Network.TLS
      • Network.TLS.Cipher
      • Network.TLS.Compression
      • Network.TLS.Internal

Flags

NameDescriptionDefaultType
test

Build unit test

DisabledAutomatic
executable

Build the executable

DisabledAutomatic

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Note: This package has metadata revisions in the cabal description newer than included in the tarball. To unpack the package including the revisions, use 'cabal get'.

Maintainer's Corner

For package maintainers and hackage trustees


Readme for tls-0.9.8

[back to package description]

haskell TLS

This library provide native Haskell TLS and SSL protocol implementation for server and client.

Description

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Only core protocol available here, have a look at the tls-extra package for default ciphers, compressions and certificates functions.

Features

  • tiny code base (more than 20 times smaller than openSSL, and 10 times smaller than gnuTLS)
  • permissive license: BSD3.
  • supported versions: SSL3, TLS1.0, TLS1.1, TLS1.2.
  • key exchange supported: only RSA.
  • bulk algorithm supported: any stream or block ciphers.
  • supported extensions: secure renegociation

Common Issues

The tools mentioned below are all available from the tls-debug package.

  • Certificate issues

It's useful to run the following command, which will connect to the destination and retrieve the certificate chained used.

tls-retrievecertificate -d <destination> -p <port> -v -c

As an output it will print every certificates in the chain and will gives the issuer and subjects of each. It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:

(subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)

A "CA is unknown" error indicates that your system doesn't have a certificate in the trusted store belonging to any of the node of the chain.