X;      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:0unknown experimental#Vincent Hanquez <vincent@snarc.org>None;,Attempt to decode a bytestring representing 1 an DER ASN.1 serialized object into the object. <8Encode an ASN.1 Object to the DER serialized bytestring ;<;<;<None=>?@=>?=>?@unknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred ABCDEFGHIJK BCDEFHIJK ABCDEFGHIJKunknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-InferredLMNOPQRSLMLMNoneTUNone VWXYZ[\]^_` WXYZ[\]^_` VWXYZ[\]^_` unknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferreda Direction bRole #Compression identification $Cipher identification %Session data to resume * A session ID +Versions known to TLS ESSL2 is just defined, but this version is and will not be supported. acdbef#$%&'()*+,-./0gacdbef#$%&'()*+,-./0gadcbfe#$%&'()*+0/.-,g unknown experimental#Vincent Hanquez <vincent@snarc.org>None14Certificate Usage callback possible returns values. 2usage of certificate rejected 3usage of certificate accepted 4'Certificate and Chain rejection reason 12345678hijklmnopqrstuvwxyz{"|12345678hij13248765hij unknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred9A session manager ;Bused on server side to decide whether to resume a client session. <$used when a session is established. =$used when a session is invalidated. 9:;<=>9:;<=>9:;<=> unknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred?(record some data about this connection. A%number of handshakes on this context B$bytes received since last handshake C bytes sent since last handshake ?@ABC}~ ?@ABC}~?@ABC}~ None'DEF,(for the md5 context, for the sha1 context) *WXYZ[\]^_`DEFDFEunknown experimental#Vincent Hanquez <vincent@snarc.org>None`Cdeprecated alert, should never be sent by compliant implementation f,TLS Exceptions related to bad user usage or  asynchronous errors g9Usage error when the connection has not been established 2 and the user is trying to send or receive data h)Handshake failed for the reason attached i,Early termination exception with the reason  and the error associated j6TLSError that might be returned through the TLS stack ohandshake policy failed. rmainly for instance of Error GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~   %&'()*+,-./0GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~1  Gcba`_^]\[ZYXWVUTSRQPONMLKJIHdefihgjrqponmlksxwvutyz~}|{  unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneA collection of hooks actions. *called at each handshake message received 2called at each certificate chain message received 0hooks on IO and packets, receiving and sending. Hooks for logging 9This is called when sending and receiving packets and IO       unknown experimental#Vincent Hanquez <vincent@snarc.org>None@try to create a new credential object from a public certificate B and the associated private key that are stored on the filesystem  in PEM format.  similar to  but take the certificate = and private key from memory instead of from the filesystem. "public certificate (X.509 format) private key associated  unknown experimental#Vincent Hanquez <vincent@snarc.org>None !"#$%&'()*+,-./012345'6789:;<= !"#$%&'()*+,-./012345 !"#$%&'()*+,-./012345unknown experimental#Vincent Hanquez <vincent@snarc.org>None>?>?>?unknown experimental#Vincent Hanquez <vincent@snarc.org>None/@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn-?@CDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnNoneo This is a strict version of and pThis is a strict version of &&. q&verify that 2 bytestrings are equals.  it'5s a non lazy version, that will compare every bytes. 5 arguments with different length will bail out early rstuvopqwx rstuvopqwx rstuvopqwxunknown experimental#Vincent Hanquez <vincent@snarc.org>NoneyNext Protocol Negotiation zSecure Renegotiation {@Max fragment extension with length from 512 bytes to 4096 bytes |GServer Name extension including the name type and the associated name. = the associated name decoding is dependant of its name type.  name type = 0 : hostname }LExtension class to transform bytes to and from a high level Extension type. ~/all supported extensions by the implementation yz{|}~yz{|}~yz{|}~unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneConnection IO backend -Flush the connection sending buffer, if any. Close the connection. *Send a bytestring through the connection. 7Receive specified number of bytes from the connection.  unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneCipher algorithm Check if a specific  is allowed to be used  with the version specified -($ unknown experimental#Vincent Hanquez <vincent@snarc.org>Nonecurrent protocol version current key exchange type ,support Next Protocol Negotiation extension in certain cases, we haven'/t manage to decode ServerKeyExchange properly, 7 because the decoding was too eager and the cipher wasn't been set yet. M we keep the Server Key Exchange in it unparsed format, and this function is 3 able to really decode the server key xchange if it' s unparsed. JFunknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred1This is the default compression which is a NOOP. Bevery compression need to be wrapped in this, to fit in structure ?supported compression algorithms need to be part of this class ,return the associated ID for this algorithm Rdeflate (compress) a bytestring using a compression context and return the result ) along with the new compression context. Tinflate (decompress) a bytestring using a compression context and return the result $ along the new compression context. Tintersect a list of ids commonly given by the other side with a list of compression ^ the function keeps the list of compression in order, to be able to find quickly the prefered  compression. default null compression  # unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneRA set of callbacks run by the server for various corners of the TLS establishment 6This action is called when a client certificate chain 1 is received from the client. When it returns a 9 CertificateUsageReject value, the handshake is aborted. 2This action is called when the client certificate  cannot be verified. A  argument indicates a  wrong signature, a 'Just e' message signals a crypto  error. 6Allow the server to choose the cipher relative to the 4 the client version and the client list of ciphers. :This could be useful with old clients and as a workaround 8 to the BEAST (where RC4 is sometimes prefered with TLS < 1.1) (The client cipher list cannot be empty. Nsuggested next protocols accoring to the next protocol negotiation extension. Rat each new handshake, we call this hook to see if we allow handshake to happens. OA set of callbacks run by the clients for various corners of TLS establishment .This action is called when the server sends a 8 certificate request. The parameter is the information ; from the request. The action should select a certificate 7 chain of one of the given certificate types where the : last certificate in the chain should be signed by one of 9 the given distinguished names. Each certificate should : be signed by the following one, except for the last. At 7 least the first of the certificates in the chain must 8 have a corresponding private key, because that is used - for signing the certificate verify message. 5Note that is is the responsibility of this action to 4 select a certificate matching one of the requested 7 certificate types. Returning a non-matching one will " lead to handshake failure later. /Returning a certificate chain not matching the 2 distinguished names may lead to problems or not, * depending whether the server accepts it. EList all the supported algorithms, versions, ciphers, etc supported. #Supported Versions by this context S On the client side, the highest version will be used to establish the connection. g On the server side, the highest version that is less or equal than the client version will be chosed. Supported cipher methods supported compressions methods All supported hash/%signature algorithms pair for client ; certificate verification, ordered by decreasing priority. (Set if we support secure renegotiation. Set if we support session. #request a certificate from client. .This is a list of certificates from which the 4 disinguished names are sent in certificate request 0 messages. For TLS1.0, it should not be empty. @Server Optional Diffie Hellman parameters. If this value is not ? properly set, no Diffie Hellman key exchange will take place. PDefine the name of the server, along with an extra service identification blob. R this is important that the hostname part is properly filled for security reason, N as it allow to properly associate the remote side with the given certificate  during a handshake. VThe extra blob is useful to differentiate services running on the same host, but that , might have different certificates given. It'+s only used as part of the X509 validation  infrastructure. XAllow the use of the Server Name Indication TLS extension during handshake, which allow * the client to specify which host name, it'2s trying to access. This is useful to distinguish ) CNAME aliasing (e.g. web virtual host). 2try to establish a connection using this session. 9    :12345678        unknown experimental#Vincent Hanquez <vincent@snarc.org>None              unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneRepresent a TLS record. Yturn a plaintext record into a compressed record using the compression function supplied Uturn a compressed record into a ciphertext record using the cipher function supplied Yturn a ciphertext fragment into a compressed fragment using the cipher function supplied _turn a compressed fragment into a plaintext fragment using the decompression function supplied 'turn a record into an header and bytes +turn a header and a fragment into a record turn a record into a header  !"#$%&'destuvwx "#$% !"#$%&'unknown experimental#Vincent Hanquez <vincent@snarc.org>None(8Set to Just-value when certificate request was received )5Set to true when a client certificate chain was sent *0Set to true when a certificate request was sent +7Generate the master secret from the pre master secret. ,>Set master secret and as a side effect generate the key block 8 with all the right parameters, and setup the pending tx/ rx state. 4-./0123456789:;()*<=>?@ABCDEFGHIJKLMNOPQRSTUVWX+chosen transmission version 3the role (Client or Server) of the generating side the pre master secret ,YZchosen version [,-0123456789:;()*<=>?@EFGHIJKLMNOPQRSTUVWX+,Z-./0123456789:;()*<=>?@ABCDEFGHIJKLMNOPQRSTUVWX+,YZ[unknown experimental#Vincent Hanquez <vincent@snarc.org>None KA TLS Context keep tls specific state, parameters and backend information. 7return the backend object associated with this context \9prepared list of allowed ciphers according to parameters ]has the handle EOFed or not. ^1has the handshake been done and been successful. _.empty packet workaround for CBC guessability. `:enable the reception of compatibility SSLv2 client hello. ? the flag will be set to false regardless of its initial value " after the first packet received. acurrent tx state bcurrent rx state coptional handshake state dhooks for this context e<lock to use for writing data (including updating the state) f<lock to use for reading data (including updating the state) glock used during read/)write when receiving and sending packet. / it is usually nested in a write or read lock. >Information related to a running context, e.g. current cipher &Information about the current context 7 hij\kl]^_`abcmndefgopqrstuvwxyz{|}~]%&'()*?@ABC     hij\kl]^_`abcmndefgopqrstuvwxyz{}~ hij\kl]^_`abcmndefgopqrstuvwxyz{|}~unknown experimental#Vincent Hanquez <vincent@snarc.org>None unknown experimental#Vincent Hanquez <vincent@snarc.org>None!unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneX"unknown experimental#Vincent Hanquez <vincent@snarc.org>None#unknown experimental#Vincent Hanquez <vincent@snarc.org>None$unknown experimental#Vincent Hanquez <vincent@snarc.org>None%unknown experimental#Vincent Hanquez <vincent@snarc.org>None    "#$&unknown experimental#Vincent Hanquez <vincent@snarc.org>None'unknown experimental#Vincent Hanquez <vincent@snarc.org>NonemakePacketData> create a Header and a content bytestring related to a packet  this doesn't change any state marshall packet data MwritePacket transform a packet into marshalled data related to current state  and updating state on the go (unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneKrecvRecord receive a full TLS record (header + data), from the other side. /The record is disengaged from the record layer 7receive one packet from the context that contains 1 or C many messages (many only in case of handshake). if will returns a 3 TLSError if the packet is unexpected or malformed Send one packet to the context 2flag to enable SSLv2 compat ClientHello reception  TLS context )None&when a new handshake is done, wrap up & clean up. @process a list of handshakes message in the recv state machine. =message possibly sent between ChangeCipherSpec and Finished.  *unknown experimental#Vincent Hanquez <vincent@snarc.org>None7send client Data after receiving all server data (hello certificateskey). > [certificate]  -> client key exchange  -> [cert verify] =onServerHello process the ServerHello message on the client. H1) check the version chosen by the server is one allowed by parameters. R 2) check that our compression and cipher algorithms are part of the list we sent : 3) check extensions received are part of the one we sent a 4) process the session parameter to see if the server want to start a new session or can resume  5) process NPN extension [ 6) if no resume switch to processCertificate SM or in resume switch to expectChangeCipher  +unknown experimental#Vincent Hanquez <vincent@snarc.org>None*Put the server context in handshake mode. ,Expect a client hello message as parameter. h This is useful when the client hello has been already poped from the recv layer to inspect the packet. LWhen the function returns, a new handshake has been succesfully negociated. 6 On any error, a HandshakeFailed exception is raised. handshake protocol ( - receiving, - sending, [] optional): 0 (no session) (session resumption)  <- client hello <- client hello , -> server hello -> server hello  -> [certificate]  -> [server key xchg]  -> [cert request]  -> hello done  <- [certificate]  <- client key xchg  <- [cert verify]   -change cipher - change cipher  <- [NPN]   -finish - finish  -> change cipher <- change cipher  -> finish < - finish ?receive Client data in handshake until the Finished handshake. <- [certificate]  <- client key xchg  <- [cert verify]  <- change cipher  <- [NPN]  < - finish ,unknown experimental#Vincent Hanquez <vincent@snarc.org>None#Handshake for a new TLS connection Q This is to be called at the beginning of a connection, and during renegotiation -unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneAcreate a new context using the backend and parameters specified. #create a new context on an handle. "create a new context on a socket. OBackend abstraction with specific method to interact with the connection type. Parameters of the context. 6Random number generator associated with this context. Handle of the connection. Parameters of the context. 6Random number generator associated with this context. Socket of the connection. Parameters of the context. 6Random number generator associated with this context. B hij\kl]^_`abcmndefgopqrstuvwxyz{}~ .unknown experimental#Vincent Hanquez <vincent@snarc.org>None =notify the context that this side wants to close connection. J this is important that it is called before closing the handle, otherwise 1 the session might not be resumable (for version < TLS1.2).  this doesn't actually close the handle !DIf the Next Protocol Negotiation extension has been used, this will & return get the protocol agreed upon. " sendData sends a bunch of data. < It will automatically chunk data to acceptable packet size #GrecvData get data out of Data packet, and automatically renegotiate if % a Handshake ClientHello is received $0same as recvData but returns a lazy bytestring.  !"#$ !"#$ !"#$/unknown experimental#Vincent Hanquez <vincent@snarc.org>None6789:;<= %&'()*+,-./0GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./012345unknown experimental#Vincent Hanquez <vincent@snarc.org>None  !"$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$&   ?@ABC13248765 yz~}|{sxwvutde*%&'()9:;<=>  !"#$#$+0/.-,jrqponmlkDFEGcba`_^]\[ZYXWVUTSRQPONMLKJIHfihg "! unknown experimental#Vincent Hanquez <vincent@snarc.org>None%=all encrypted ciphers supported ordered from strong to weak. < this choice of ciphersuite should satisfy most normal need &list of medium ciphers. '!the strongest ciphers supported. (DHE-RSA cipher suite *9all unencrypted ciphers, do not use on insecure network. +Aunencrypted cipher using RSA for key exchange and MD5 for digest ,Bunencrypted cipher using RSA for key exchange and SHA1 for digest -0RC4 cipher, RSA key exchange and MD5 for digest .1RC4 cipher, RSA key exchange and SHA1 for digest /?AES cipher (128 bit key), RSA key exchange and SHA1 for digest 0?AES cipher (256 bit key), RSA key exchange and SHA1 for digest 1AAES cipher (128 bit key), RSA key exchange and SHA256 for digest 2AAES cipher (256 bit key), RSA key exchange and SHA256 for digest 3NAES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest 4NAES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest 5NAES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest 6NAES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest :@3DES cipher (168 bit key), RSA key exchange and SHA1 for digest -%&'()*+,-./0123456789:%&'()*+,-./0123456789:%&'*(),+-./012:3489567-%&'()*+,-./0123456789:0unknown experimental#Vincent Hanquez <vincent@snarc.org>None%&'()*+,-./0123456789:12312412516716816916:16;16<=>?=>@=>A=>B=>C=>D=>E=>F=>G=>H=>H=>I=>J=>K=>L=>M=>M=NO=NP=NQ=NR=NS=NT=NU=NV=NV W X Y Y Z [ \ ] ^ _ ` a b c d e f g h i j k l l m n o p q q r s t u v wxyz{|}~       !"#$%&&'()*+,-./0112345678,9-:-;-<-=->-?-@.A.B.C.D.EFGHIJKLMNOPQRSTUVWXYZ[\]^^_`abcdefghijklmnopnoqnorstustvstwxyzxy{|}~          11111111111111=>=>=                                               !"#$%1&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTRSURSVRSWRSXRYZRY[RY\]^__`aabcdefghijklmnopqrstuvwxyz{|}~B{w      !"#$%&'()*+,-./0122'3456789:;<==>?@@ABCDEFGHIJKLMNOOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst/uvwxyz{|}~     !!!!"""""""#####$$$$$&&'''''((((()))))))))))))))************+++++------- tls-1.2.11 Network.TLSNetwork.TLS.Extra.CipherNetwork.TLS.Util.ASN1Network.TLS.RNGNetwork.TLS.MACNetwork.TLS.ErrTNetwork.TLS.Util.SerializationNetwork.TLS.Crypto.DHNetwork.TLS.TypesNetwork.TLS.X509Network.TLS.SessionNetwork.TLS.MeasurementNetwork.TLS.CryptoNetwork.TLS.StructNetwork.TLS.HooksNetwork.TLS.CredentialsNetwork.TLS.WireNetwork.TLS.CapNetwork.TLS.StateNetwork.TLS.UtilNetwork.TLS.ExtensionNetwork.TLS.BackendNetwork.TLS.CipherNetwork.TLS.PacketNetwork.TLS.CompressionNetwork.TLS.ParametersNetwork.TLS.Record.StateNetwork.TLS.Record.TypesNetwork.TLS.Handshake.StateNetwork.TLS.Context.Internal!Network.TLS.Handshake.CertificateNetwork.TLS.Handshake.KeyNetwork.TLS.Handshake.ProcessNetwork.TLS.Handshake.SignatureNetwork.TLS.Record.EngageNetwork.TLS.Record.DisengageNetwork.TLS.RecordNetwork.TLS.ReceivingNetwork.TLS.SendingNetwork.TLS.IONetwork.TLS.Handshake.CommonNetwork.TLS.Handshake.ClientNetwork.TLS.Handshake.ServerNetwork.TLS.HandshakeNetwork.TLS.ContextNetwork.TLS.CoreNetwork.TLS.InternalNetwork.TLS.Extra x509-1.5.0.1Data.X509.PrivateKey PrivKeyRSA PrivKeyDSAPrivKeyData.X509.PublicKey PubKeyRSA PubKeyDSAPubKeyDH PubKeyECDSA PubKeyUnknownPubKeyx509-validation-1.5.1Data.X509.Validation checkFQHNcheckLeafKeyPurposecheckLeafKeyUsage checkLeafV3checkExhaustivecheckCAConstraintscheckStrictOrdering checkAtTimecheckTimeValidityValidationCheckshookFilterReasonhookValidateNamehookValidateTimehookMatchSubjectIssuerValidationHooksData.X509.Validation.CacheexceptionValidationCacheValidationCachePassValidationCacheDeniedValidationCacheUnknownValidationCacheResultcacheAdd cacheQueryValidationCache CompressionIDCipherID SessionDatasessionVersion sessionCipher sessionSecret SessionIDVersionTLS12TLS11TLS10SSL3SSL2CertificateUsageCertificateUsageRejectCertificateUsageAcceptCertificateRejectReasonCertificateRejectOtherCertificateRejectUnknownCACertificateRejectRevokedCertificateRejectExpiredSessionManager sessionResumesessionEstablishsessionInvalidatenoSessionManager Measurement nbHandshakes bytesReceived bytesSentKxError KxUnsupportedRSAErrorAlertDescriptionBadCertificateHashValueBadCertificateStatusResponseUnrecognizedNameCertificateUnobtainableUnsupportedExtensionNoRenegotiation UserCanceled InternalErrorInsufficientSecurityProtocolVersionExportRestriction DecryptError DecodeError AccessDenied UnknownCaIllegalParameterCertificateUnknownCertificateExpiredCertificateRevokedUnsupportedCertificateBadCertificateHandshakeFailureDecompressionFailureRecordOverflowDecryptionFailed BadRecordMacUnexpectedMessage CloseNotifyHeader TLSExceptionConnectionNotEstablishedHandshakeFailed TerminatedTLSErrorError_Packet_ParsingError_Packet_unexpected Error_Packet Error_EOFError_HandshakePolicyError_CertificateError_Protocol Error_Misc ProtocolType ProtocolType_DeprecatedHandshakeProtocolType_AppDataProtocolType_HandshakeProtocolType_AlertProtocolType_ChangeCipherSpecHashAndSignatureAlgorithmSignatureAlgorithmSignatureOtherSignatureECDSA SignatureDSS SignatureRSASignatureAnonymous HashAlgorithm HashOther HashSHA512 HashSHA384 HashSHA256 HashSHA224HashSHA1HashMD5HashNoneCertificateTypeCertificateType_UnknownCertificateType_fortezza_dms CertificateType_DSS_Ephemeral_DH CertificateType_RSA_Ephemeral_DHCertificateType_DSS_Fixed_DHCertificateType_RSA_Fixed_DHCertificateType_DSS_SignCertificateType_RSA_SignHookshookRecvHandshakehookRecvCertificates hookLoggingLoggingloggingPacketSentloggingPacketRecv loggingIOSent loggingIORecv Credentials CredentialcredentialLoadX509credentialLoadX509FromMemoryMaxFragmentEnumMaxFragment4096MaxFragment2048MaxFragment1024MaxFragment512 HasBackendBackend backendFlush backendClose backendSend backendRecvCiphercipherID cipherName cipherHash cipherBulkcipherKeyExchange cipherMinVerHashhashNamehashSizehashFBulkbulkName bulkKeySize bulkIVSize bulkBlockSizebulkFCipherKeyExchangeTypeCipherKeyExchange_ECDHE_ECDSACipherKeyExchange_ECDH_RSACipherKeyExchange_ECDH_ECDSACipherKeyExchange_DH_RSACipherKeyExchange_DH_DSSCipherKeyExchange_DHE_DSSCipherKeyExchange_ECDHE_RSACipherKeyExchange_DHE_RSACipherKeyExchange_DH_AnonCipherKeyExchange_RSA BulkFunctions BulkStreamF BulkBlockFIVKeycipherKeyBlockSizecipherAllowedForVersioncipherExchangeNeedMoreDataNullCompression Compression CompressionCcompressionCIDcompressionCDeflatecompressionCInflate compressionIDcompressionDeflatecompressionInflatecompressionIntersectIDnullCompression ServerHooksonClientCertificateonUnverifiedClientCertonCipherChoosingonSuggestNextProtocolsonNewHandshake ClientHooksonCertificateRequestonNPNServerSuggestonServerCertificateSharedsharedCredentialssharedSessionManager sharedCAStoresharedValidationCache SupportedsupportedVersionssupportedCipherssupportedCompressionssupportedHashSignaturessupportedSecureRenegotiationsupportedSession ServerParamsserverWantClientCertserverCACertificatesserverDHEParams serverShared serverHooksserverSupported ClientParamsclientUseMaxFragmentLengthclientServerIdentificationclientUseServerNameIndicationclientWantSessionResume clientShared clientHooksclientSupporteddefaultParamsClientContext ctxConnection Information infoVersion infoCipherinfoCompression contextFlush contextClosecontextGetInformationcontextModifyHooks handshake TLSParams contextNewcontextNewOnHandlecontextNewOnSocketcontextHookSetHandshakeRecvcontextHookSetCertificateRecvcontextHookSetLoggingbyegetNegotiatedProtocolsendDatarecvData recvData'ciphersuite_allciphersuite_mediumciphersuite_strongciphersuite_dhe_rsaciphersuite_dhe_dssciphersuite_unencryptedcipher_null_MD5cipher_null_SHA1cipher_RC4_128_MD5cipher_RC4_128_SHA1cipher_AES128_SHA1cipher_AES256_SHA1cipher_AES128_SHA256cipher_AES256_SHA256cipher_DHE_RSA_AES128_SHA1cipher_DHE_RSA_AES256_SHA1cipher_DHE_DSS_AES128_SHA1cipher_DHE_DSS_AES256_SHA1cipher_DHE_DSS_RC4_SHA1cipher_DHE_RSA_AES128_SHA256cipher_DHE_RSA_AES256_SHA256cipher_RSA_3DES_EDE_CBC_SHA1decodeASN1ObjectencodeASN1ObjectStateRNG withTLSRNG$fShowStateRNGHMACmacSSLhmachmacMD5hmacSHA1 hmacSHA256hmacIterprf_SHA1prf_MD5 prf_MD5SHA1 prf_SHA256ErrTrunErrT mtl-2.2.1Control.Monad.Error.Class catchError throwError MonadErrortransformers-0.4.1.0Control.Monad.Trans.ErrorErrornoMsgstrMsgcrypto-numbers-0.2.3Crypto.Number.Serializei2ospos2ipDHKeyDHParams DHPrivateDHPublicdhPublic dhPrivatedhParamsdhGenerateKeyPair dhGetShareddhUnwrapdhUnwrapPublic DirectionRoleRxTx ServerRole ClientRole invertRoleisNullCertificateChaingetCertificateChainLeafwrapCertificateChecks Data.X509getCertificateSignedCertificateData.X509.CertificateChainCertificateChainData.X509.CertcertExtensions certPubKey certSubjectDN certValidity certIssuerDNcertSignatureAlg certSerial certVersion Certificatex509-store-1.5.0Data.X509.CertificateStoreCertificateStorevalidateDefault FailedReasonData.X509.Validation.Types ServiceIDnewMeasurementaddBytesReceived addBytesSentresetBytesCountersincrementNbHandshakes HashMD5SHA1HashCtxHashCtxC hashCName hashCInit hashCUpdatehashCUpdateSSL hashCFinal PrivateKey PublicKeyhashInit hashUpdate hashUpdateSSL hashFinal hashMD5SHA1hashSHA1 hashSHA256 hashSHA512generalizeRSAWithRNG kxEncrypt kxDecryptkxVerifykxSign$fHashCtxCHashSHA512$fHashCtxCHashSHA256$fHashCtxCHashSHA1$fHashCtxCHashMD5SHA1 $fShowHashCtxcrypto-pubkey-0.2.4Crypto.PubKey.HashDescr digestToASN1 hashFunction HashDescr TypeValuable valOfType valToType HandshakeHsNextProtocolNegotiationFinished CertVerify CertRequest ServerKeyXchg ClientKeyXchgServerHelloDone HelloRequest Certificates ServerHello ClientHelloDeprecatedRecordClientKeyXchgAlgorithmDataCKX_DHCKX_RSAServerKeyXchgAlgorithmData SKX_Unknown SKX_Unparsed SKX_DH_RSA SKX_DH_DSSSKX_RSA SKX_DHE_RSA SKX_DHE_DSS SKX_DH_AnonServerRSAParams rsa_modulus rsa_exponentServerDHParams HandshakeTypeHandshakeType_NPNHandshakeType_FinishedHandshakeType_ClientKeyXchgHandshakeType_CertVerifyHandshakeType_ServerHelloDoneHandshakeType_CertRequestHandshakeType_ServerKeyXchgHandshakeType_CertificateHandshakeType_ServerHelloHandshakeType_ClientHelloHandshakeType_HelloRequest AlertLevelAlertLevel_FatalAlertLevel_Warning ExtensionRaw ExtensionID FinishedDataSession ClientRandom ServerRandomPacketAppDataChangeCipherSpecAlertDigitallySigned Signature CipherDatacipherDataContent cipherDataMACcipherDataPadding CipherType CipherAEAD CipherBlock CipherStream ConnectionEndConnectionClientConnectionServerBytesconstrRandom32 serverRandom clientRandom packetTypetypeOfHandshake numericalVerverOfNum $fTypeValuableSignatureAlgorithm$fTypeValuableHashAlgorithm$fTypeValuableCertificateType$fTypeValuableAlertDescription$fTypeValuableAlertLevel$fTypeValuableHandshakeType$fTypeValuableProtocolType$fTypeValuableCipherType$fTypeValuableConnectionEnd$fExceptionTLSException$fExceptionTLSErrorData.X509.DistinguishedNameDistinguishedNamedefaultLogging defaultHooks$fDefaultHooks$fDefaultLogging credentialsListSigningAlgorithmscredentialsFindForSigningcredentialsFindForDecryptingcredentialCanDecryptcredentialCanSigngetSignatureAlg$fMonoidCredentials GetResultGotSuccessRemaining GotSuccess GotPartialGotErrorGetContinuationrunGet runGetErr runGetMaybetryGet getWords8 getWord16 getWords16 getWord24 getOpaque8 getOpaque16 getOpaque24 getInteger16getList processBytes putWords8 putWord16 putWords16 putWord24putBytes putOpaque8 putOpaque16 putOpaque24 putInteger16 encodeWord16 encodeWord64cereal-0.4.1.0Data.Serialize.GetgetWord8getBytesisEmpty remainingGetData.Serialize.PutputWord8runPutPuthasHelloExtensionshasExplicitBlockIVTLSStrunTLSStTLSState stSessionstSessionResumingstSecureRenegotiationstClientVerifiedDatastServerVerifiedDatastExtensionNPNstHandshakeRecordContstNegotiatedProtocolstServerNextProtocolSuggeststClientCertificateChain stRandomGen stVersionstClientContext runTLSState newTLSStateupdateVerifiedDatafinishHandshakeTypeMaterialfinishHandshakeMaterialcertVerifyHandshakeTypeMaterialcertVerifyHandshakeMaterial setSession getSessionisSessionResuming setVersionsetVersionIfUnset getVersiongetVersionWithDefaultsetSecureRenegotiationgetSecureRenegotiationsetExtensionNPNgetExtensionNPNsetNegotiatedProtocolsetServerNextProtocolSuggestgetServerNextProtocolSuggestsetClientCertificateChaingetClientCertificateChaingetVerifiedDataisClientContext genRandomwithRNG$fMonadStateTLSStateTLSStand'&&!bytesEqsubtakelast partition3 partition6fromJust fmapEithercatchExceptionNextProtocolNegotiationSecureRenegotiationMaxFragmentLength ServerName ExtensionsupportedExtensionsServerNameTypeServerNameOtherServerNameHostName extensionIDextensionDecodeextensionEncodeextensionID_ServerNameextensionID_MaxFragmentLengthextensionID_SecureRenegotiation#extensionID_NextProtocolNegotiation"$fExtensionNextProtocolNegotiation$fExtensionSecureRenegotiation$fExtensionMaxFragmentLength$fExtensionServerNameinitializeBackend getBackend$fHasBackendHandle$fHasBackendSocket$fHasBackendBackend $fEqCipher $fShowCipher$fEqHash $fShowHash$fEqBulk $fShowBulkcParamsVersioncParamsKeyXchgTypecParamsSupportNPN&decodeReallyServerKeyXchgAlgorithmDataPRF CurrentParams putVersion getHeaderType putHeaderTypegetHandshakeType decodeHeaderdecodeDeprecatedHeaderLengthdecodeDeprecatedHeader encodeHeaderencodeHeaderNoVer decodeAlert decodeAlerts encodeAlertsdecodeHandshakeRecorddecodeHandshakedecodeDeprecatedHandshakedecodeHelloRequestdecodeClientHellodecodeServerHellodecodeServerHelloDonedecodeCertificatesdecodeFinisheddecodeNextProtocolNegotiationdecodeCertRequestdecodeCertVerifydecodeClientKeyXchgdecodeServerKeyXchg_DHdecodeServerKeyXchg_RSA decodeServerKeyXchgAlgorithmDatadecodeServerKeyXchgencodeHandshakeencodeHandshakesencodeHandshakeHeaderencodeHandshakeContent getRandom32getServerRandom32getClientRandom32 putRandom32putClientRandom32putServerRandom32 putSession getExtensions putExtension putExtensionsgetSignatureHashAlgorithmputSignatureHashAlgorithmgetServerDHParamsputServerDHParamsgetDigitallySignedputDigitallySigneddecodeChangeCipherSpecencodeChangeCipherSpecdecodePreMasterSecretencodePreMasterSecretgenerateMasterSecret_SSLgenerateMasterSecret_TLSgenerateMasterSecretgenerateKeyBlock_TLSgenerateKeyBlock_SSLgenerateKeyBlockgenerateFinished_TLSgenerateFinished_SSLgenerateClientFinishedgenerateServerFinishedgenerateCertificateVerify_SSLencodeSignedDHParams$fCompressionCNullCompression$fEqCompression$fShowCompressionbase Data.MaybeNothing CommonParamsdefaultParamsServerdefaultSupporteddefaultClientHooksdefaultServerHooks$fDefaultServerHooks$fShowServerHooks$fDefaultClientHooks$fShowClientHooks$fDefaultShared $fShowShared$fDefaultSupported$fDefaultServerParamsRecordM runRecordM RecordStatestCipher stCompression stCryptState stMacStateMacState msSequence CryptStatecstKeycstIV cstMacSecretgetRecordVersionnewRecordStateincrRecordState setRecordIVwithCompression computeDigest makeDigest$fMonadErrorTLSErrorRecordM$fMonadStateRecordStateRecordM$fFunctorRecordM$fMonadRecordM$fApplicativeRecordMRecordfragmentCompressfragmentCipherfragmentUncipherfragmentUncompress recordToRaw rawToRecordrecordToHeader Ciphertext Compressed PlaintextFragmentfragmentPlaintextfragmentCiphertextonRecordFragment fragmentMap$fByteableFragmenthstClientCertRequesthstClientCertSenthstCertReqSentsetMasterSecretFromPresetMasterSecret HandshakeM runHandshakeMClientCertRequestDataHandshakeStatehstClientVersionhstClientRandomhstServerRandomhstMasterSecret hstKeyStatehstServerDHParams hstDHPrivatehstHandshakeDigesthstHandshakeMessageshstClientCertChainhstPendingTxStatehstPendingRxStatehstPendingCipherhstPendingCompressionHandshakeKeyStatehksRemotePublicKeyhksLocalPrivateKeynewEmptyHandshake runHandshake setPublicKey setPrivateKeygetRemotePublicKeygetLocalPrivateKeysetServerDHParamssetCertReqSentgetCertReqSentsetClientCertSentgetClientCertSentsetClientCertChaingetClientCertChainsetClientCertRequestgetClientCertRequestgetPendingCipheraddHandshakeMessagegetHandshakeMessagesupdateHandshakeDigestgetHandshakeDigestcomputeKeyBlocksetServerHelloParameters$$fMonadStateHandshakeStateHandshakeM ctxCiphersctxEOF_ctxEstablished_ctxNeedEmptyPacketctxSSLv2ClientHello ctxTxState ctxRxState ctxHandshakectxHooks ctxLockWrite ctxLockRead ctxLockState ctxSupported ctxSharedctxStatectxMeasurementctxDoHandshakectxDoHandshakeWith updateMeasure withMeasure contextSend contextRecvctxEOFctxHasSSLv2ClientHelloctxDisableSSLv2ClientHellosetEOFctxEstablished ctxWithHookssetEstablishedwithLog throwCorefailOnEitherError usingState usingState_ usingHState getHState runTxState runRxState getStateRNG withReadLock withWriteLock withRWLock withStateLockcertificateRejectedrejectOnException encryptRSAsignRSA decryptRSA verifyRSA generateDHEprocessHandshakeprocessClientKeyXchgprocessClientFinishedstartHandshakegetHashAndASN1%prepareCertificateVerifySignatureDatasignatureHashDatasignatureCreatesignatureVerifysignatureVerifyWithHashDescrgenerateSignedDHParams engageRecordcompressRecord encryptRecordencryptContent encryptDatadisengageRecorduncompressRecord decryptRecord getCipherData decryptData processPacketswitchRxEncryption makeRecord encodeRecord writePacket prepareRecordswitchTxEncryption recvRecord recvPacket sendPacket checkValid readExacthandshakeTerminateonRecvStateHandshake RecvState RecvStateDoneRecvStateHandshake RecvStateNexthandshakeFailed errorToAlert unexpected newSessionsendChangeCipherAndFinishrecvChangeCipherAndFinishrecvPacketHandshake runRecvStategetSessionDatasendClientData onServerHellohandshakeClientWithhandshakeClientprocessServerExtensionthrowMiscErrorOnExceptionprocessCertificateexpectChangeCipher expectFinishprocessServerKeyExchangeprocessCertificateRequestprocessServerHelloDonehandshakeServerWithrecvClientDatahandshakeServer doHandshakefindHighestVersionFromgetTLSCommonParams getTLSRole getCiphersdoHandshakeWith$fTLSParamsServerParams$fTLSParamsClientParamsaes_cbc_encryptaes_cbc_decryptaes128_cbc_encryptaes128_cbc_decryptaes256_cbc_encryptaes256_cbc_decrypttripledes_ede_cbc_encrypttripledes_ede_cbc_decrypt tripledes_key tripledes_ivtoIVtoCtx initF_rc4 encryptF_rc4 decryptF_rc4 bulk_nullbulk_rc4 bulk_aes128 bulk_aes256bulk_tripledes_edehash_md5 hash_sha1 hash_sha256