-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | TLS/SSL protocol native implementation (Server and Client) -- -- Native Haskell TLS and SSL protocol implementation for server and -- client. -- -- This provides a high-level implementation of a sensitive security -- protocol, eliminating a common set of security issues through the use -- of the advanced type system, high level constructions and common -- Haskell features. -- -- Currently implement the SSL3.0, TLS1.0 and TLS1.1 protocol, with only -- RSA supported for Key Exchange. -- -- Only core protocol available here, have a look at the -- http://hackage.haskell.org/package/tls-extra/ package for -- default ciphers, compressions and certificates functions. @package tls @version 0.7.2 module Network.TLS data TLSParams TLSParams :: Version -> [Version] -> [Cipher] -> [Compression] -> Bool -> Bool -> [(X509, Maybe PrivateKey)] -> TLSLogging -> ([X509] -> IO TLSCertificateUsage) -> TLSParams -- | version to use on client connection. pConnectVersion :: TLSParams -> Version -- | allowed versions that we can use. pAllowedVersions :: TLSParams -> [Version] -- | all ciphers supported ordered by priority. pCiphers :: TLSParams -> [Cipher] -- | all compression supported ordered by priority. pCompressions :: TLSParams -> [Compression] -- | request a certificate from client. use by server only. pWantClientCert :: TLSParams -> Bool pUseSecureRenegotiation :: TLSParams -> Bool -- | the cert chain for this context with the associated keys if any. pCertificates :: TLSParams -> [(X509, Maybe PrivateKey)] -- | callback for logging pLogging :: TLSParams -> TLSLogging -- | callback to verify received cert chain. onCertificatesRecv :: TLSParams -> ([X509] -> IO TLSCertificateUsage) data TLSLogging TLSLogging :: (String -> IO ()) -> (String -> IO ()) -> (Bytes -> IO ()) -> (Header -> Bytes -> IO ()) -> TLSLogging loggingPacketSent :: TLSLogging -> String -> IO () loggingPacketRecv :: TLSLogging -> String -> IO () loggingIOSent :: TLSLogging -> Bytes -> IO () loggingIORecv :: TLSLogging -> Header -> Bytes -> IO () -- | Certificate Usage callback possible returns values. data TLSCertificateUsage -- | usage of certificate accepted CertificateUsageAccept :: TLSCertificateUsage -- | usage of certificate rejected CertificateUsageReject :: TLSCertificateRejectReason -> TLSCertificateUsage -- | Certificate and Chain rejection reason data TLSCertificateRejectReason CertificateRejectExpired :: TLSCertificateRejectReason CertificateRejectRevoked :: TLSCertificateRejectReason CertificateRejectUnknownCA :: TLSCertificateRejectReason CertificateRejectOther :: String -> TLSCertificateRejectReason defaultParams :: TLSParams defaultLogging :: TLSLogging -- | A TLS Context is a handle augmented by tls specific state and -- parameters data TLSCtx -- | return the handle associated with this context ctxHandle :: TLSCtx -> Handle -- | Create a new Client context with a configuration, a RNG, and a Handle. -- It reconfigures the handle buffermode to noBuffering client :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m TLSCtx -- | Create a new Server context with a configuration, a RNG, and a Handle. -- It reconfigures the handle buffermode to noBuffering server :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m TLSCtx -- | notify the context that this side wants to close connection. this is -- important that it is called before closing the handle, otherwise the -- session might not be resumable (for version < TLS1.2). -- -- this doesn't actually close the handle bye :: MonadIO m => TLSCtx -> m () -- | Handshake for a new TLS connection This is to be called at the -- beginning of a connection, and during renegociation handshake :: MonadIO m => TLSCtx -> m Bool -- | sendData sends a bunch of data. It will automatically chunk data to -- acceptable packet size sendData :: MonadIO m => TLSCtx -> ByteString -> m () -- | recvData get data out of Data packet, and automatically renegociate if -- a Handshake ClientHello is received recvData :: MonadIO m => TLSCtx -> m ByteString data PrivateKey PrivRSA :: PrivateKey -> PrivateKey -- | Compression algorithm data Compression -- | default null compression nullCompression :: Compression -- | Cipher algorithm data Cipher -- | Versions known to TLS -- -- SSL2 is just defined, but this version is and will not be supported. -- -- TLS12 is not yet supported data Version SSL2 :: Version SSL3 :: Version TLS10 :: Version TLS11 :: Version TLS12 :: Version -- | TLSError that might be returned through the TLS stack data TLSError -- | mainly for instance of Error Error_Misc :: String -> TLSError Error_Protocol :: (String, Bool, AlertDescription) -> TLSError Error_Certificate :: String -> TLSError Error_Random :: String -> TLSError Error_EOF :: TLSError Error_Packet :: String -> TLSError Error_Packet_Size_Mismatch :: (Int, Int) -> TLSError Error_Packet_unexpected :: String -> String -> TLSError Error_Packet_Parsing :: String -> TLSError Error_Internal_Packet_ByteProcessed :: Int -> Int -> Int -> TLSError Error_Unknown_Version :: Word8 -> Word8 -> TLSError Error_Unknown_Type :: String -> TLSError