Safe Haskell	None
Language	Haskell98

Network.Wai.Handler.WarpTLS

Contents

Settings
Smart constructors
Accessors
Runner
Exception

Description

HTTP over TLS support for Warp via the TLS package.

If HTTP/2 is negotiated by ALPN, HTTP/2 over TLS is used. Otherwise HTTP/1.1 over TLS is used.

Support for SSL is now obsoleted.

Synopsis

Settings

data TLSSettings Source

Settings for WarpTLS.

defaultTlsSettings :: TLSSettings Source

Default TLSSettings. Use this to create TLSSettings with the field record name (aka accessors).

Smart constructors

tlsSettings Source

Arguments

:: FilePath	Certificate file
-> FilePath	Key file
-> TLSSettings

A smart constructor for TLSSettings based on defaultTlsSettings.

tlsSettingsMemory Source

Arguments

:: ByteString	Certificate bytes
-> ByteString	Key bytes
-> TLSSettings

A smart constructor for TLSSettings, but uses in-memory representations of the certificate and key based on defaultTlsSettings.

Since 3.0.1

tlsSettingsChain Source

Arguments

:: FilePath	Certificate file
-> [FilePath]	Chain certificate files
-> FilePath	Key file
-> TLSSettings

A smart constructor for TLSSettings that allows specifying chain certificates based on defaultTlsSettings.

Since 3.0.3

tlsSettingsChainMemory Source

Arguments

:: ByteString	Certificate bytes
-> [ByteString]	Chain certificate bytes
-> ByteString	Key bytes
-> TLSSettings

A smart constructor for TLSSettings, but uses in-memory representations of the certificate and key based on defaultTlsSettings.

Since 3.0.3

Accessors

certFile :: TLSSettings -> FilePath Source

File containing the certificate.

keyFile :: TLSSettings -> FilePath Source

File containing the key

tlsLogging :: TLSSettings -> Logging Source

The level of logging to turn on.

Default: defaultLogging.

Since 1.4.0

tlsAllowedVersions :: TLSSettings -> [Version] Source

The TLS versions this server accepts.

>>> tlsAllowedVersions defaultTlsSettings
[TLS12,TLS11,TLS10]

Since 1.4.2

tlsCiphers :: TLSSettings -> [Cipher] Source

The TLS ciphers this server accepts.

>>> tlsCiphers defaultTlsSettings
[ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA1,DHE-RSA-AES128-SHA1,DHE-DSA-AES128-SHA1,DHE-DSA-AES256-SHA1,RSA-aes128-sha1,RSA-aes256-sha1]

Since 1.4.2

tlsWantClientCert :: TLSSettings -> Bool Source

Whether or not to demand a certificate from the client. If this is set to True, you must handle received certificates in a server hook or all connections will fail.

>>> tlsWantClientCert defaultTlsSettings
False

Since 3.0.2

tlsServerHooks :: TLSSettings -> ServerHooks Source

The server-side hooks called by the tls package, including actions to take when a client certificate is received. See the Network.TLS module for details.

Default: def

Since 3.0.2

onInsecure :: TLSSettings -> OnInsecure Source

Do we allow insecure connections with this server as well?

>>> onInsecure defaultTlsSettings
DenyInsecure "This server only accepts secure HTTPS connections."

Since 1.4.0

data OnInsecure Source

An action when a plain HTTP comes to HTTP over TLS/SSL port.

Constructors

DenyInsecure ByteString
AllowInsecure

Instances

Show OnInsecure

Runner

runTLS :: TLSSettings -> Settings -> Application -> IO () Source

Running Application with TLSSettings and Settings.

runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO () Source

Running Application with TLSSettings and Settings using specified Socket.

Exception

data WarpTLSException Source

Constructors

InsecureConnectionDenied

Instances

Show WarpTLSException
Exception WarpTLSException
Typeable * WarpTLSException