http2-tls-0.4.3: Library for HTTP/2 over TLS
Safe HaskellSafe-Inferred
LanguageHaskell2010

Network.HTTP2.TLS.Client

Description

Running an HTTP/2 client over TLS.

Synopsis

Runners

type Client a = SendRequest -> Aux -> IO a #

Client type.

type HostName = String #

Either a host name e.g., "haskell.org" or a numeric host address string consisting of a dotted decimal IPv4 address or an IPv6 address e.g., "192.168.0.1".

type Authority = String #

Authority.

data PortNumber #

Port number. Use the Num instance (i.e. use a literal) to create a PortNumber value.

>>> 1 :: PortNumber
1
>>> read "1" :: PortNumber
1
>>> show (12345 :: PortNumber)
"12345"
>>> 50000 < (51000 :: PortNumber)
True
>>> 50000 < (52000 :: PortNumber)
True
>>> 50000 + (10000 :: PortNumber)
60000

Instances

Instances details
Storable PortNumber 
Instance details

Defined in Network.Socket.Types

Bounded PortNumber 
Instance details

Defined in Network.Socket.Types

Enum PortNumber 
Instance details

Defined in Network.Socket.Types

Num PortNumber 
Instance details

Defined in Network.Socket.Types

Read PortNumber 
Instance details

Defined in Network.Socket.Types

Integral PortNumber 
Instance details

Defined in Network.Socket.Types

Real PortNumber 
Instance details

Defined in Network.Socket.Types

Show PortNumber 
Instance details

Defined in Network.Socket.Types

Eq PortNumber 
Instance details

Defined in Network.Socket.Types

Ord PortNumber 
Instance details

Defined in Network.Socket.Types

runTLS Source #

Arguments

:: Settings 
-> HostName 
-> PortNumber 
-> ByteString

ALPN

-> (Context -> SockAddr -> SockAddr -> IO a) 
-> IO a 

Generalized API

data ClientConfig #

Client configuration

Instances

Instances details
Show ClientConfig 
Instance details

Defined in Network.HTTP2.Client.Run

Eq ClientConfig 
Instance details

Defined in Network.HTTP2.Client.Run

defaultAuthority :: HostName -> Authority Source #

Default authority

When we connect to a server, we can distinguish between three names, all of which may be different:

  1. The HostName, used for the DNS lookup to get the server's IP
  2. The HTTP2 :authority pseudo-header
  3. The TLS SNI (Server Name Indicator). This is different from (2) only in exceptional circumstances, see settingsServerNameOverride.

In most cases, however, all three names are identical, and so the default Authority is simply equal to the ServerName.

runWithConfig :: ClientConfig -> Settings -> HostName -> PortNumber -> Client a -> IO a Source #

Running an HTTP/2 client over TLS (over TCP).

runH2CWithConfig :: ClientConfig -> Settings -> HostName -> PortNumber -> Client a -> IO a Source #

Running an HTTP/2 client over TCP.

runTLSWithConfig Source #

Arguments

:: ClientConfig 
-> Settings 
-> HostName 
-> PortNumber 
-> ByteString

ALPN

-> (Context -> SockAddr -> SockAddr -> IO a) 
-> IO a 

Running a TLS client.

Settings

defaultSettings :: Settings Source #

Default settings.

settingsKeyLogger :: Settings -> String -> IO () Source #

Key logger (TLS and H2)

Applications may wish to set this depending on the SSLKEYLOGFILE environment variable.

Default: do nothing.

settingsValidateCert :: Settings -> Bool Source #

Should we validate TLS certificates? (TLS and H2)

>>> settingsValidateCert defaultSettings
True

settingsCAStore :: Settings -> CertificateStore Source #

Certificate store used for validation. (TLS and H2)

Default: mempty.

settingsCacheLimit :: Settings -> Int Source #

How many pushed responses are contained in the cache (H2 and H2c)

>>> settingsCacheLimits defaultSettings
64

settingsConcurrentStreams :: Settings -> Int Source #

The maximum number of incoming streams on the net (H2 and H2c)

>>> settingsConcurrentStreams defaultSettings
64

settingsConnectionWindowSize :: Settings -> Int Source #

The window size of a connection (H2 and H2c)

>>> settingsConnectionWindowSize defaultSettings
1048575

settingsStreamWindowSize :: Settings -> Int Source #

The window size of incoming streams (H2 and H2c)

>>> settingsStreamWindowSize defaultSettings
262144

settingsServerNameOverride :: Settings -> Maybe HostName Source #

Server name override (H2)

By default, the server name (for TLS SNI) is set based on the authority, corresponding to the HTTP2 :authority pseudo-header. In rare circumstances these two values should be different (for example in the case of domain fronting); settingsServerNameOverride can be used to give SNI a different value than :authority.

settingsSessionManager :: Settings -> SessionManager Source #

TLS session manager (H2 and TLS)

Default: noSessionManager

settingsWantSessionResume :: Settings -> Maybe (SessionID, SessionData) Source #

Try to resume a TLS session (H2 and TLS)

>>> settingsWantSessionResume defaultSettings
Nothing

settingsWantSessionResumeList :: Settings -> [(SessionID, SessionData)] Source #

Try to resume a TLS session (H2 and TLS). This takes precedence over settingsWantSessionResume.

>>> settingsWantSessionResumeList defaultSettings
[]

settingsOpenClientSocket :: Settings -> AddrInfo -> IO Socket Source #

Function to initialize the server socket (All)

Default: openClientSocket

settingsUseEarlyData :: Settings -> Bool Source #

Try to use 0-RTT (H2 and TLS)

This is only supported for tls >= 2.0.

>>> settingsUseEarlyData defaultSettings
False

Rate limits

settingsPingRateLimit :: Settings -> Int Source #

Maximum number of pings allowed per second (CVE-2019-9512)

>>> settingsPingRateLimit defaultSettings
10

settingsEmptyFrameRateLimit :: Settings -> Int Source #

Maximum number of empty data frames allowed per second (CVE-2019-9518)

>>> settingsEmptyFrameRateLimit defaultSettings
4

settingsSettingsRateLimit :: Settings -> Int Source #

Maximum number of settings frames allowed per second (CVE-2019-9515)

>>> settingsSettingsRateLimit defaultSettings
4

settingsRstRateLimit :: Settings -> Int Source #

Maximum number of reset frames allowed per second (CVE-2023-44487)

>>> settingsRstRateLimit
4