tls-1.1.1: TLS/SSL protocol native implementation (Server and Client)

MaintainerVincent Hanquez <>
Safe HaskellNone






Context configuration

data Params Source


forall s . SessionManager s => Params 


pConnectVersion :: Version

version to use on client connection.

pAllowedVersions :: [Version]

allowed versions that we can use.

pCiphers :: [Cipher]

all ciphers supported ordered by priority.

pCompressions :: [Compression]

all compression supported ordered by priority.

pHashSignatures :: [HashAndSignatureAlgorithm]

All supported hash/signature algorithms pair for client certificate verification, ordered by decreasing priority.

pUseSecureRenegotiation :: Bool

notify that we want to use secure renegotation

pUseSession :: Bool

generate new session if specified

pCertificates :: [(X509, Maybe PrivateKey)]

the cert chain for this context with the associated keys if any.

pLogging :: Logging

callback for logging

onHandshake :: Measurement -> IO Bool

callback on a beggining of handshake

onCertificatesRecv :: [X509] -> IO CertificateUsage

callback to verify received cert chain.

pSessionManager :: s
onSuggestNextProtocols :: IO (Maybe [ByteString])

suggested next protocols accoring to the next protocol negotiation extension.

onNPNServerSuggest :: Maybe ([ByteString] -> IO ByteString)
roleParams :: RoleParams


data ClientParams Source




clientUseMaxFragmentLength :: Maybe MaxFragmentEnum
clientUseServerName :: Maybe HostName
clientWantSessionResume :: Maybe (SessionID, SessionData)

try to establish a connection using this session.

onCertificateRequest :: ([CertificateType], Maybe [HashAndSignatureAlgorithm], [DistinguishedName]) -> IO [(X509, Maybe PrivateKey)]

This action is called when the server sends a certificate request. The parameter is the information from the request. The action should select a certificate chain of one of the given certificate types where the last certificate in the chain should be signed by one of the given distinguished names. Each certificate should be signed by the following one, except for the last. At least the first of the certificates in the chain must have a corresponding private key, because that is used for signing the certificate verify message.

Note that is is the responsibility of this action to select a certificate matching one of the requested certificate types. Returning a non-matching one will lead to handshake failure later.

Returning a certificate chain not matching the distinguished names may lead to problems or not, depending whether the server accepts it.

data ServerParams Source




serverWantClientCert :: Bool

request a certificate from client.

serverCACertificates :: [X509]

This is a list of certificates from which the disinguished names are sent in certificate request messages. For TLS1.0, it should not be empty.

onClientCertificate :: [X509] -> IO CertificateUsage

This action is called when a client certificate chain is received from the client. When it returns a CertificateUsageReject value, the handshake is aborted.

onUnverifiedClientCert :: IO Bool

This action is called when the client certificate cannot be verified. A Nothing argument indicates a wrong signature, a 'Just e' message signals a crypto error.

onCipherChoosing :: Version -> [Cipher] -> Cipher

callback on server to modify the cipher chosen.

data Measurement Source

record some data about this connection.




nbHandshakes :: !Word32

number of handshakes on this context

bytesReceived :: !Word32

bytes received since last handshake

bytesSent :: !Word32

bytes sent since last handshake

data CertificateUsage Source

Certificate Usage callback possible returns values.



usage of certificate accepted

CertificateUsageReject CertificateRejectReason

usage of certificate rejected

raw types


type SessionID = ByteStringSource

A session ID

data SessionData Source

Session data to resume

class SessionManager a whereSource

A session manager


sessionResume :: a -> SessionID -> IO (Maybe SessionData)Source

used on server side to decide whether to resume a client session

sessionEstablish :: a -> SessionID -> SessionData -> IO ()Source

used when a session is established.

sessionInvalidate :: a -> SessionID -> IO ()Source

used when a session is invalidated

setSessionManager :: SessionManager s => s -> Params -> ParamsSource

Set a new session manager in a parameters structure.

Backend abstraction

data Backend Source

Connection IO backend




backendFlush :: IO ()

Flush the connection sending buffer, if any.

backendClose :: IO ()

Close the connection.

backendSend :: ByteString -> IO ()

Send a bytestring through the connection.

backendRecv :: Int -> IO ByteString

Receive specified number of bytes from the connection.

Context object

data Context Source

A TLS Context keep tls specific state, parameters and backend information.

ctxConnection :: Context -> BackendSource

return the backend object associated with this context

Creating a context



:: (MonadIO m, CPRG rng) 
=> Backend

Backend abstraction with specific method to interact with the connection type.

-> Params

Parameters of the context.

-> rng

Random number generator associated with this context.

-> m Context 

create a new context using the backend and parameters specified.



:: (MonadIO m, CPRG rng) 
=> Handle

Handle of the connection.

-> Params

Parameters of the context.

-> rng

Random number generator associated with this context.

-> m Context 

create a new context on an handle.

deprecated type aliases

deprecated values

Initialisation and Termination of context

bye :: MonadIO m => Context -> m ()Source

notify the context that this side wants to close connection. this is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2).

this doesn't actually close the handle

handshake :: MonadIO m => Context -> m ()Source

Handshake for a new TLS connection This is to be called at the beginning of a connection, and during renegotiation

Next Protocol Negotiation

getNegotiatedProtocol :: MonadIO m => Context -> m (Maybe ByteString)Source

If the Next Protocol Negotiation extension has been used, this will return get the protocol agreed upon.

High level API

sendData :: MonadIO m => Context -> ByteString -> m ()Source

sendData sends a bunch of data. It will automatically chunk data to acceptable packet size

recvData :: MonadIO m => Context -> m ByteStringSource

recvData get data out of Data packet, and automatically renegotiate if a Handshake ClientHello is received

recvData' :: MonadIO m => Context -> m ByteStringSource

same as recvData but returns a lazy bytestring.

Crypto Key

data PrivateKey Source


PrivRSA PrivateKey 


Compressions & Predefined compressions

class CompressionC a whereSource

supported compression algorithms need to be part of this class

data Compression Source

every compression need to be wrapped in this, to fit in structure


forall a . CompressionC a => Compression a 


type CompressionID = Word8Source

Compression identification

nullCompression :: CompressionSource

default null compression

data NullCompression Source

This is the default compression which is a NOOP.

member redefined for the class abstraction

compressionID :: Compression -> CompressionIDSource

return the associated ID for this algorithm

compressionDeflate :: ByteString -> Compression -> (Compression, ByteString)Source

deflate (compress) a bytestring using a compression context and return the result along with the new compression context.

compressionInflate :: ByteString -> Compression -> (Compression, ByteString)Source

inflate (decompress) a bytestring using a compression context and return the result along the new compression context.


compressionIntersectID :: [Compression] -> [Word8] -> [Compression]Source

intersect a list of ids commonly given by the other side with a list of compression the function keeps the list of compression in order, to be able to find quickly the prefered compression.

Ciphers & Predefined ciphers

data Hash Source



type CipherID = Word16Source

Cipher identification


data Version Source

Versions known to TLS

SSL2 is just defined, but this version is and will not be supported.




data KxError Source


RSAError Error 



data Terminated Source

Early termination exception with the reason and the TLS error associated