-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | TLS/SSL protocol native implementation (Server and Client) -- -- Native Haskell TLS and SSL protocol implementation for server and -- client. -- -- This provides a high-level implementation of a sensitive security -- protocol, eliminating a common set of security issues through the use -- of the advanced type system, high level constructions and common -- Haskell features. -- -- Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, -- with only RSA supported for Key Exchange. -- -- Only core protocol available here, have a look at the -- http://hackage.haskell.org/package/tls-extra/ package for -- default ciphers, compressions and certificates functions. @package tls @version 0.8.3 module Network.TLS data TLSParams TLSParams :: Version -> [Version] -> [Cipher] -> [Compression] -> Bool -> Bool -> [(X509, Maybe PrivateKey)] -> TLSLogging -> (Measurement -> IO Bool) -> ([X509] -> IO TLSCertificateUsage) -> TLSParams -- | version to use on client connection. pConnectVersion :: TLSParams -> Version -- | allowed versions that we can use. pAllowedVersions :: TLSParams -> [Version] -- | all ciphers supported ordered by priority. pCiphers :: TLSParams -> [Cipher] -- | all compression supported ordered by priority. pCompressions :: TLSParams -> [Compression] -- | request a certificate from client. use by server only. pWantClientCert :: TLSParams -> Bool pUseSecureRenegotiation :: TLSParams -> Bool -- | the cert chain for this context with the associated keys if any. pCertificates :: TLSParams -> [(X509, Maybe PrivateKey)] -- | callback for logging pLogging :: TLSParams -> TLSLogging -- | callback on a beggining of handshake onHandshake :: TLSParams -> Measurement -> IO Bool -- | callback to verify received cert chain. onCertificatesRecv :: TLSParams -> [X509] -> IO TLSCertificateUsage data TLSLogging TLSLogging :: (String -> IO ()) -> (String -> IO ()) -> (Bytes -> IO ()) -> (Header -> Bytes -> IO ()) -> TLSLogging loggingPacketSent :: TLSLogging -> String -> IO () loggingPacketRecv :: TLSLogging -> String -> IO () loggingIOSent :: TLSLogging -> Bytes -> IO () loggingIORecv :: TLSLogging -> Header -> Bytes -> IO () -- | Certificate Usage callback possible returns values. data TLSCertificateUsage -- | usage of certificate accepted CertificateUsageAccept :: TLSCertificateUsage -- | usage of certificate rejected CertificateUsageReject :: TLSCertificateRejectReason -> TLSCertificateUsage -- | Certificate and Chain rejection reason data TLSCertificateRejectReason CertificateRejectExpired :: TLSCertificateRejectReason CertificateRejectRevoked :: TLSCertificateRejectReason CertificateRejectUnknownCA :: TLSCertificateRejectReason CertificateRejectOther :: String -> TLSCertificateRejectReason defaultParams :: TLSParams defaultLogging :: TLSLogging -- | A TLS Context is a handle augmented by tls specific state and -- parameters data TLSCtx a -- | return the connection object associated with this context ctxConnection :: TLSCtx a -> a -- | Create a new Client context with a configuration, a RNG, and a Handle. -- It reconfigures the handle buffermode to noBuffering client :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m (TLSCtx Handle) -- | Create a new Server context with a configuration, a RNG, and a Handle. -- It reconfigures the handle buffermode to noBuffering server :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m (TLSCtx Handle) -- | notify the context that this side wants to close connection. this is -- important that it is called before closing the handle, otherwise the -- session might not be resumable (for version < TLS1.2). -- -- this doesn't actually close the handle bye :: MonadIO m => TLSCtx c -> m () -- | Handshake for a new TLS connection This is to be called at the -- beginning of a connection, and during renegociation handshake :: MonadIO m => TLSCtx c -> m Bool -- | sendData sends a bunch of data. It will automatically chunk data to -- acceptable packet size sendData :: MonadIO m => TLSCtx c -> ByteString -> m () -- | recvData get data out of Data packet, and automatically renegociate if -- a Handshake ClientHello is received recvData :: MonadIO m => TLSCtx c -> m ByteString data PrivateKey PrivRSA :: PrivateKey -> PrivateKey -- | supported compression algorithms need to be part of this class class CompressionC a compressionCID :: CompressionC a => a -> Word8 compressionCDeflate :: CompressionC a => a -> ByteString -> (a, ByteString) compressionCInflate :: CompressionC a => a -> ByteString -> (a, ByteString) -- | every compression need to be wrapped in this, to fit in structure data Compression Compression :: a -> Compression -- | default null compression nullCompression :: Compression -- | Cipher algorithm data Cipher Cipher :: Word16 -> String -> Hash -> Bulk -> CipherKeyExchangeType -> Maybe Version -> Cipher cipherID :: Cipher -> Word16 cipherName :: Cipher -> String cipherHash :: Cipher -> Hash cipherBulk :: Cipher -> Bulk cipherKeyExchange :: Cipher -> CipherKeyExchangeType cipherMinVer :: Cipher -> Maybe Version data Bulk Bulk :: String -> Int -> Int -> Int -> BulkFunctions -> Bulk bulkName :: Bulk -> String bulkKeySize :: Bulk -> Int bulkIVSize :: Bulk -> Int bulkBlockSize :: Bulk -> Int bulkF :: Bulk -> BulkFunctions -- | Versions known to TLS -- -- SSL2 is just defined, but this version is and will not be supported. -- -- TLS12 is not yet supported data Version SSL2 :: Version SSL3 :: Version TLS10 :: Version TLS11 :: Version TLS12 :: Version -- | TLSError that might be returned through the TLS stack data TLSError -- | mainly for instance of Error Error_Misc :: String -> TLSError Error_Protocol :: (String, Bool, AlertDescription) -> TLSError Error_Certificate :: String -> TLSError -- | handshake policy failed. Error_HandshakePolicy :: String -> TLSError Error_Random :: String -> TLSError Error_EOF :: TLSError Error_Packet :: String -> TLSError Error_Packet_Size_Mismatch :: (Int, Int) -> TLSError Error_Packet_unexpected :: String -> String -> TLSError Error_Packet_Parsing :: String -> TLSError Error_Internal_Packet_ByteProcessed :: Int -> Int -> Int -> TLSError Error_Unknown_Version :: Word8 -> Word8 -> TLSError Error_Unknown_Type :: String -> TLSError