warp-tls-3.3.6: HTTP over TLS support for Warp via the TLS package
Safe HaskellSafe-Inferred
LanguageHaskell2010

Network.Wai.Handler.WarpTLS.Internal

Contents

Synopsis

Documentation

data CertSettings Source #

Determines where to load the certificate, chain certificates, and key from.

Constructors

CertFromFile !FilePath ![FilePath] !FilePath 
CertFromMemory !ByteString ![ByteString] !ByteString 
CertFromRef !(IORef ByteString) ![IORef ByteString] !(IORef ByteString) 

data TLSSettings Source #

Settings for WarpTLS.

Constructors

TLSSettings 

Fields

  • certSettings :: CertSettings

    Where are the certificate, chain certificates, and key loaded from?

    >>> certSettings defaultTlsSettings
tlsSettings "certificate.pem" "key.pem"

    Since: 3.3.0

  • onInsecure :: OnInsecure

    Do we allow insecure connections with this server as well?

    >>> onInsecure defaultTlsSettings
DenyInsecure "This server only accepts secure HTTPS connections."

    Since 1.4.0

  • tlsLogging :: Logging

    The level of logging to turn on.

    Default: defaultLogging.

    Since 1.4.0

  • tlsAllowedVersions :: [Version]

    The TLS versions this server accepts.

    >>> tlsAllowedVersions defaultTlsSettings
[TLS13,TLS12,TLS11,TLS10]

    Since 1.4.2

  • tlsCiphers :: [Cipher]

    The TLS ciphers this server accepts.

    >>> tlsCiphers defaultTlsSettings
[ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1,AES128GCM-SHA256,AES256GCM-SHA384]

    Since 1.4.2

  • tlsWantClientCert :: Bool

    Whether or not to demand a certificate from the client. If this is set to True, you must handle received certificates in a server hook or all connections will fail.

    >>> tlsWantClientCert defaultTlsSettings
False

    Since 3.0.2

  • tlsServerHooks :: ServerHooks

    The server-side hooks called by the tls package, including actions to take when a client certificate is received. See the Network.TLS module for details.

    Default: def

    Since 3.0.2

  • tlsServerDHEParams :: Maybe Params

    Configuration for ServerDHEParams more function lives in cryptonite package

    Default: Nothing

    Since 3.2.2

  • tlsSessionManagerConfig :: Maybe Config

    Configuration for in-memory TLS session manager. If Nothing, noSessionManager is used. Otherwise, an in-memory TLS session manager is created according to Config.

    Default: Nothing

    Since 3.2.4

  • tlsCredentials :: Maybe Credentials

    Specifying Credentials directly. If this value is specified, other fields such as certFile are ignored.

    Since 3.2.12

  • tlsSessionManager :: Maybe SessionManager

    Specifying SessionManager directly. If this value is specified, tlsSessionManagerConfig is ignored.

    Since 3.2.12

  • tlsSupportedHashSignatures :: [HashAndSignatureAlgorithm]

    Specifying supported hash/signature algorithms, ordered by decreasing priority. See the Network.TLS module for details

    Since 3.3.3

data OnInsecure Source #

An action when a plain HTTP comes to HTTP over TLS/SSL port.

Constructors

DenyInsecure ByteString 
AllowInsecure 

Instances

Instances details
Show OnInsecure Source # 
Instance details

Defined in Network.Wai.Handler.WarpTLS.Internal

Methods

showsPrec :: Int -> OnInsecure -> ShowS #

show :: OnInsecure -> String #

showList :: [OnInsecure] -> ShowS #

Accessors

getCertSettings :: TLSSettings -> CertSettings Source #

Some programs need access to cert settings