o      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn3 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneo\Attempt to decode a bytestring representing an DER ASN.1 serialized object into the object.p7Encode an ASN.1 Object to the DER serialized bytestringopopop BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownSafeqrstuvwxqrqrNoneyz${|}~yzyzNoneC  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone None NoneNThis is a strict version of andThis is a strict version of &&.verify that 2 bytestrings are equals. it's a non lazy version, that will compare every bytes. arguments with different length will bail out early    None   None     BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownSafe DirectionRole#Compression identification$Cipher identification%Session data to resume* A session ID+Versions known to TLSDSSL2 is just defined, but this version is and will not be supported.#$%&'()*+,-./0#$%&'()*+,-./0#$%&'()*+,-./0  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone13Certificate Usage callback possible returns values.2usage of certificate accepted3usage of certificate rejected4&Certificate and Chain rejection reason 12345678"1234567812345678 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownSafe9A session manager;Aused on server side to decide whether to resume a client session.<#used when a session is established.=#used when a session is invalidated.9:;<=>9:;<=>9:;<=> BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownSafe?'record some data about this connection.A$number of handshakes on this contextB#bytes received since last handshakeCbytes sent since last handshake ?@ABC ?@ABC?@ABCNone;N$DEFGHIJKLMN  +(for the md5 context, for the sha1 context)   <DEFGHIJKLMN     DEFGHIJKLMN      BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone    BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone+SBdeprecated alert, should never be sent by compliant implementationq@TLS Exceptions related to bad user usage or asynchronous errorsrGEarly termination exception with the reason and the error associateds(Handshake failed for the reason attachedtjUsage error when the connection has not been established and the user is trying to send or receive datau5TLSError that might be returned through the TLS stackvmainly for instance of Erroryhandshake policy failed.!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^OPQRSTUVWXYZ[\]^_`abcdefghijkl_`abcdefghimjknoplmnopqrstuvwxyz{|}~qrstuvwxyz{|}~%&'()*+,-./0!"#$%&'()*+,-./012345789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^OPQRSTUVWXYZ[\]^_`abcdefghijkl_`abcdefghimjknoplmnopqrstuvwxyz{|}~qrtuvwxyz{|}~:!"#$%&'()* +,-./0123456789:; <=>?@ABCDEFGHIJKLMNOPQRS TUVWXYZ[\]^OPQRSTUVWXYZ[\]^_`abcdefghijkl_`abcdefghimjknoplmnopqrstuvwxyz{|}~qrstuvwxyz{|}~ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneA collection of hooks actions.)called at each handshake message received1called at each certificate chain message received/hooks on IO and packets, receiving and sending.Hooks for logging8This is called when sending and receiving packets and IO  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonetry to create a new credential object from a public certificate and the associated private key that are stored on the filesystem in PEM format. similar to V but take the certificate and private key from memory instead of from the filesystem. similar to / but also allow specifying chain certificates. similar to / but also allow specifying chain certificates.!public certificate (X.509 format)private key associated!public certificate (X.509 format)!chain certificates (X.509 format)private key associated   BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone#* BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneConnection IO backend,Flush the connection sending buffer, if any.Close the connection.)Send a bytestring through the connection.6Receive specified number of bytes from the connection.   BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone;NCipher algorithmCheck if a specific 2 is allowed to be used with the version specified;?$DEFGHIJK  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonecurrent protocol versioncurrent key exchange type+support Next Protocol Negotiation extensionin certain cases, we haven't manage to decode ServerKeyExchange properly, because the decoding was too eager and the cipher wasn't been set yet. we keep the Server Key Exchange in it unparsed format, and this function is able to really decode the server key xchange if it's unparsed.M      !"#$%&'" #$%&'I      !"#$%&' BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone(-Application Layer Protocol Negotiation (ALPN))Next Protocol Negotiation*Secure Renegotiation+?Max fragment extension with length from 512 bytes to 4096 bytes,Server Name extension including the name type and the associated name. the associated name decoding is dependant of its name type. name type = 0 : hostname-KExtension class to transform bytes to and from a high level Extension type...all supported extensions by the implementation\/0123456789:;<=>?@ABCDEFGH(I)J*K+LMNO,P-QRSTUVWXYZ[\]^_`abcdefghijklmnop.qrstuvwxyz{|}~Z{|}~/0123456789:;<=BCDEFGH(I)J*K+LMNO,P-QRSUV_`bdenop.q=/0123456789:;<=>?@ABCDEFGH(I)J*K+LMNO,P-QRSTUVWXYZ[\]^_`abcdefghijklmnop.qrstuvwxyz{|}~ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone7CIN?<* BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownSafe;N0This is the default compression which is a NOOP.Aevery compression need to be wrapped in this, to fit in structure>supported compression algorithms need to be part of this class+return the associated ID for this algorithmzdeflate (compress) a bytestring using a compression context and return the result along with the new compression context.winflate (decompress) a bytestring using a compression context and return the result along the new compression context.intersect a list of ids commonly given by the other side with a list of compression the function keeps the list of compression in order, to be able to find quickly the prefered compression.default null compression #  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneQA set of callbacks run by the server for various corners of the TLS establishmentThis action is called when a client certificate chain is received from the client. When it returns a CertificateUsageReject value, the handshake is aborted.JThis action is called when the client certificate cannot be verified. A S argument indicates a wrong signature, a 'Just e' message signals a crypto error.iAllow the server to choose the cipher relative to the the client version and the client list of ciphers.xThis could be useful with old clients and as a workaround to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)'The client cipher list cannot be empty.tAllow the server to indicate additional credentials to be used depending on the host name indicated by the client.This is most useful for transparent proxies where credentials must be generated on the fly according to the host the client is trying to connect to.Msuggested next protocols accoring to the next protocol negotiation extension.Qat each new handshake, we call this hook to see if we allow handshake to happens.NA set of callbacks run by the clients for various corners of TLS establishment This action is called when the server sends a certificate request. The parameter is the information from the request. The action should select a certificate chain of one of the given certificate types where the last certificate in the chain should be signed by one of the given distinguished names. Each certificate should be signed by the following one, except for the last. At least the first of the certificates in the chain must have a corresponding private key, because that is used for signing the certificate verify message.Note that is is the responsibility of this action to select a certificate matching one of the requested certificate types. Returning a non-matching one will lead to handshake failure later.Returning a certificate chain not matching the distinguished names may lead to problems or not, depending whether the server accepts it.DList all the supported algorithms, versions, ciphers, etc supported.Supported Versions by this context On the client side, the highest version will be used to establish the connection. On the server side, the highest version that is less or equal than the client version will be chosed.Supported cipher methodssupported compressions methodsrAll supported hash/signature algorithms pair for client certificate verification, ordered by decreasing priority./Secure renegotiation defined in RFC5746. If 7, clients send the renegotiation_info extension. If g, servers handle the extension or the renegotiation SCSV then send the renegotiation_info extension.If ], renegotiation is allowed from the client side. This is vulnerable to DOS attacks. If I, renegotiation is allowed only from the server side via HelloRequest.Set if we support session.4Support for fallback SCSV defined in RFC7507. If b, servers reject handshakes which suggest a lower protocol than the highest protocol supported.dIn ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed by an attacker. Hence, an empty packet is normally sent before a normal data packet, to prevent guessability. Some Microsoft TLS-based protocol implementations, however, consider these empty packets as a protocol violation and disconnect. If this parameter is Y, empty packets will never be added, which is less secure, but might help in rare cases."request a certificate from client. This is a list of certificates from which the disinguished names are sent in certificate request messages. For TLS1.0, it should not be empty.!~Server Optional Diffie Hellman parameters. If this value is not properly set, no Diffie Hellman key exchange will take place.)Define the name of the server, along with an extra service identification blob. this is important that the hostname part is properly filled for security reason, as it allow to properly associate the remote side with the given certificate during a handshake.The extra blob is useful to differentiate services running on the same host, but that might have different certificates given. It's only used as part of the X509 validation infrastructure.*Allow the use of the Server Name Indication TLS extension during handshake, which allow the client to specify which host name, it's trying to access. This is useful to distinguish CNAME aliasing (e.g. web virtual host).+1try to establish a connection using this session.0-All settings should not be used in production2Disable the true randomness in favor of deterministic seed that will produce a deterministic random from. This is useful for tests and debugging purpose. Do not use in production3yAdd a way to print the seed that was randomly generated. re-using the same seed will reproduce the same randomness with 2I      !"#$%&'()*+,-./01234F12345678      !"#$%&'()*+,-./01234       !"#$%& '()*+,-./01234 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone7C BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone=Represent a TLS record.Xturn a plaintext record into a compressed record using the compression function suppliedTturn a compressed record into a ciphertext record using the cipher function suppliedXturn a ciphertext fragment into a compressed fragment using the cipher function supplied^turn a compressed fragment into a plaintext fragment using the decompression function supplied&turn a record into an header and bytes*turn a header and a fragment into a recordturn a record into a headerop~  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone7C7Set to Just-value when certificate request was received 4Set to true when a client certificate chain was sent /Set to true when a certificate request was sent 6Generate the master secret from the pre master secret. Set master secret and as a side effect generate the key block with all the right parameters, and setup the pending tx/rx state.7    !"#$%&'()*+,-./0123456789:; chosen transmission version2the role (Client or Server) of the generating sidethe pre master secret <=chosen version>/    !"'()*+,-./0123456789:;  =    !"#$%&'()*+,-./0123456789:;  <=>! BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone5JA TLS Context keep tls specific state, parameters and backend information.66return the backend object associated with this context?8prepared list of allowed ciphers according to parameters@has the handle EOFed or not.A0has the handshake been done and been successful.B-empty packet workaround for CBC guessability.Cenable the reception of compatibility SSLv2 client hello. the flag will be set to false regardless of its initial value after the first packet received.Dcurrent tx stateEcurrent rx stateFoptional handshake stateGhooks for this contextH;lock to use for writing data (including updating the state)I;lock to use for reading data (including updating the state)Jmlock used during read/write when receiving and sending packet. it is usually nested in a write or read lock.7=Information related to a running context, e.g. current cipherA%Information about the current context:5K6LM?NO@ABCDEFPQGHIJ789:;<=>RS?@ATUVWXYZ[B\]^_`abcdefghijb%&'()*?@ABC !"#$%&'()*+,-./45K6LM?NO@ABCDEFPQGHIJ789:;<=>RS?@ATUVWXYZ[B\]^`abcdefghij5K6LM?NO@ABCDEFPQGHIJ789:;<=>RS?@ATUVWXYZ[B\]^_`abcdefghij" BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneklklkl# BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonemnopqrmnopqrmnopqr$ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonestuv;svstuv% BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonewxyz{|}~xywxyz{|}~& BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone' BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone4( BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone) BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone4* BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonemakePacketData\ create a Header and a content bytestring related to a packet this doesn't change any statemarshall packet datajwritePacket transform a packet into marshalled data related to current state and updating state on the go+ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone+JrecvRecord receive a full TLS record (header + data), from the other side..The record is disengaged from the record layerreceive one packet from the context that contains 1 or many messages (many only in case of handshake). if will returns a TLSError if the packet is unexpected or malformedSend one packet to the context1flag to enable SSLv2 compat ClientHello reception TLS context,None+1when a new handshake is done, wrap up & clean up.?process a list of handshakes message in the recv state machine.<message possibly sent between ChangeCipherSpec and Finished. - BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone+7send client Data after receiving all server data (hello certificateskey).> [certificate]> client key exchange> [cert verify]<onServerHello process the ServerHello message on the client.1) check the version chosen by the server is one allowed by parameters. 2) check that our compression and cipher algorithms are part of the list we sent 3) check extensions received are part of the one we sent 4) process the session parameter to see if the server want to start a new session or can resume 5) process NPN extension 6) if no resume switch to processCertificate SM or in resume switch to expectChangeCipher  . BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone+)Put the server context in handshake mode.Expect a client hello message as parameter. This is useful when the client hello has been already poped from the recv layer to inspect the packet.When the function returns, a new handshake has been succesfully negociated. On any error, a HandshakeFailed exception is raised.handshake protocol ( - receiving, -K sending, [] optional): (no session) (session resumption) <- client hello <- client hello -> server hello -> server hello -> [certificate] -> [server key xchg] -> [cert request] -> hello done <- [certificate] <- client key xchg <- [cert verify]  -change cipher -$ change cipher <- [NPN]  -finish -Z finish -> change cipher <- change cipher -> finish <- finish>receive Client data in handshake until the Finished handshake.v<- [certificate] <- client key xchg <- [cert verify] <- change cipher <- [NPN] <- finish/ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneCsHandshake for a new TLS connection This is to be called at the beginning of a connection, and during renegotiationCCC0 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneE@create a new context using the backend and parameters specified.F"create a new context on an handle.G!create a new context on a socket.DENBackend abstraction with specific method to interact with the connection type.Parameters of the context.FHandle of the connection.Parameters of the context.GSocket of the connection.Parameters of the context.HIJE5K6LM?NO@ABCDEFPQGHIJ789:;<=>RS?@ATUVWXYZ[B\]^`abcdefghijDEFGHIJ DEFGHIJ1 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneNKnotify the context that this side wants to close connection. this is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2).&this doesn't actually close the handleLiIf the Next Protocol Negotiation extension has been used, this will return get the protocol agreed upon.MdIf the Server Name Indication extension has been used, return the hostname specified by the client.N[sendData sends a bunch of data. It will automatically chunk data to acceptable packet sizeOkrecvData get data out of Data packet, and automatically renegotiate if a Handshake ClientHello is receivedP/same as recvData but returns a lazy bytestring.KLMNOP CKLMNOPKLMNOP2 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone%&'()*+,-./0!"#$%&'()*+,-./012345789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^OPQRSTUVWXYZ[\]^_`abcdefghijkl_`abcdefghimjknoplmnopqrstuvwxyz{|}~qrtuvwxyz{|}~ #$%&' BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneK  !"$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPR&'()*+,-./ !"#$%0123     ?@ABC123456784~op*%&'()9:;<=>566DEFG?@HIJB789:;<=>mnAKCLMNOP#DEFGHIJK$+,-./0uvwxyz{|}LMNOPQRSTUVWXYZ[\]^_`abcdefghijklqrst "!  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneMQxall encrypted ciphers supported ordered from strong to weak. this choice of ciphersuite should satisfy most normal needRlist of medium ciphers.S the strongest ciphers supported.TDHE-RSA cipher suiteV8all unencrypted ciphers, do not use on insecure network.W@unencrypted cipher using RSA for key exchange and MD5 for digestXAunencrypted cipher using RSA for key exchange and SHA1 for digestY/RC4 cipher, RSA key exchange and MD5 for digestZ0RC4 cipher, RSA key exchange and SHA1 for digest[>AES cipher (128 bit key), RSA key exchange and SHA1 for digest\MAES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest]MAES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest^>AES cipher (256 bit key), RSA key exchange and SHA1 for digest_MAES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest`MAES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digesta@AES cipher (128 bit key), RSA key exchange and SHA256 for digestb@AES cipher (256 bit key), RSA key exchange and SHA256 for digestf?3DES cipher (168 bit key), RSA key exchange and SHA1 for digest/QRSTUVWXYZ[\]^_`abcdefghijklmnQRSTUVWXYZ[\]^_`abcdefghijklmnQRSVTUXWYZ[^abf]`de\_cgmnjhikl/QRSTUVWXYZ[\]^_`abcdefghijklmn3 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneQRSTUVWXYZ[\]^_`abcdefghijklmn45645745849:49;49<49=49>49?@AB@AC@AD@AE@AF@AG@AH@AI@AJ@AK@AK@AL@AM@AN@AO@AP@AP@QR@QS@QT@QU@QV@QW@QX@QY@QY Z [ \ \ ] ^ _ ` a b c d e f g h i j k l m noopqrsttuvwxyz{|}~      !"#$%&'(()*+,-./001234556789::;<=>?@ABCDDEFGHIJKLLMNOPQRSTUUVWX!Y!Z![![!\!]!^!_!`!a!b!c!d!e/f0g0h0i0j0k0l0m1n1o1p1q1r1stuvwxyz{|}~                                                44444444444 4!4"4"#$%@A&@A'@()*+,-./001123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrsstuvvwwxyz{{|}~W4      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTTUVWXXYYZ[\]^^_`abcdefghhMNOPijkQlmnopqrstuvwxyz{|}~o/opo                   ! " # $ % & ' ( ) * + , - . / / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I!J!K!L!M!N!O!P!Q!R!S!T!U!Y!V!W!X!Y!Z![!\!]!^!_!`!a!b!c!d!e!f!g!h!i!j!k!l!m!n!o!p!q!r!s!t"u"v#w#x#y#z#{#|$}$~$$%%%%%%%%%%%%%%%&&&&&&&&'''''))*****+++++,,,,,,,,,,,,,,,,------------.....00000001otls_KbDdKP2IQVAGfjXoOtO0OS Network.TLSNetwork.TLS.Extra.CipherNetwork.TLS.Util.ASN1Network.TLS.ErrTNetwork.TLS.Extension.ECNetwork.TLS.RNGNetwork.TLS.ImportsNetwork.TLS.Util.SerializationNetwork.TLS.UtilNetwork.TLS.Crypto.ECDHNetwork.TLS.Crypto.DHNetwork.TLS.TypesNetwork.TLS.X509Network.TLS.SessionNetwork.TLS.MeasurementNetwork.TLS.CryptoNetwork.TLS.MACNetwork.TLS.StructNetwork.TLS.HooksNetwork.TLS.CredentialsNetwork.TLS.WireNetwork.TLS.CapNetwork.TLS.BackendNetwork.TLS.CipherNetwork.TLS.PacketNetwork.TLS.ExtensionNetwork.TLS.StateNetwork.TLS.CompressionNetwork.TLS.ParametersNetwork.TLS.Record.StateNetwork.TLS.Record.TypesNetwork.TLS.Handshake.StateNetwork.TLS.Context.Internal!Network.TLS.Handshake.CertificateNetwork.TLS.Handshake.KeyNetwork.TLS.Handshake.ProcessNetwork.TLS.Handshake.SignatureNetwork.TLS.Record.EngageNetwork.TLS.Record.DisengageNetwork.TLS.RecordNetwork.TLS.ReceivingNetwork.TLS.SendingNetwork.TLS.IONetwork.TLS.Handshake.CommonNetwork.TLS.Handshake.ClientNetwork.TLS.Handshake.ServerNetwork.TLS.HandshakeNetwork.TLS.ContextNetwork.TLS.CoreNetwork.TLS.InternalNetwork.TLS.Extrax509_7d7izp22mhiF4F7b1SppwPData.X509.PrivateKey PrivKeyDSA PrivKeyRSAPrivKeyData.X509.PublicKey PubKeyUnknownPubKeyECPubKeyDH PubKeyDSA PubKeyRSAPubKeyx509v_JDATikLi1QFJ8zLf90ddcMData.X509.Validation checkFQHNcheckLeafKeyPurposecheckLeafKeyUsage checkLeafV3checkExhaustivecheckCAConstraintscheckStrictOrdering checkAtTimecheckTimeValidityValidationCheckshookFilterReasonhookValidateNamehookValidateTimehookMatchSubjectIssuerValidationHooksData.X509.Validation.CacheexceptionValidationCacheValidationCacheUnknownValidationCacheDeniedValidationCachePassValidationCacheResultcacheAdd cacheQueryValidationCache CompressionIDCipherID SessionDatasessionVersion sessionCipher sessionSecret SessionIDVersionSSL2SSL3TLS10TLS11TLS12CertificateUsageCertificateUsageAcceptCertificateUsageRejectCertificateRejectReasonCertificateRejectExpiredCertificateRejectRevokedCertificateRejectUnknownCACertificateRejectOtherSessionManager sessionResumesessionEstablishsessionInvalidatenoSessionManager Measurement nbHandshakes bytesReceived bytesSentHashMD5SHA1SHA224SHA256SHA384SHA512SHA1_MD5KxErrorRSAError KxUnsupportedAlertDescription CloseNotifyUnexpectedMessage BadRecordMacDecryptionFailedRecordOverflowDecompressionFailureHandshakeFailureBadCertificateUnsupportedCertificateCertificateRevokedCertificateExpiredCertificateUnknownIllegalParameter UnknownCa AccessDenied DecodeError DecryptErrorExportRestrictionProtocolVersionInsufficientSecurity InternalErrorInappropriateFallback UserCanceledNoRenegotiationUnsupportedExtensionCertificateUnobtainableUnrecognizedNameBadCertificateStatusResponseBadCertificateHashValueunClientRandomunServerRandomHeader TLSException TerminatedHandshakeFailedConnectionNotEstablishedTLSError Error_MiscError_ProtocolError_CertificateError_HandshakePolicy Error_EOF Error_PacketError_Packet_unexpectedError_Packet_Parsing ProtocolTypeProtocolType_ChangeCipherSpecProtocolType_AlertProtocolType_HandshakeProtocolType_AppData ProtocolType_DeprecatedHandshakeHashAndSignatureAlgorithmSignatureAlgorithmSignatureAnonymous SignatureRSA SignatureDSSSignatureECDSASignatureOther HashAlgorithmHashNoneHashMD5HashSHA1 HashSHA224 HashSHA256 HashSHA384 HashSHA512 HashOtherCertificateTypeCertificateType_RSA_SignCertificateType_DSS_SignCertificateType_RSA_Fixed_DHCertificateType_DSS_Fixed_DH CertificateType_RSA_Ephemeral_DH CertificateType_DSS_Ephemeral_DHCertificateType_fortezza_dmsCertificateType_UnknownHookshookRecvHandshakehookRecvCertificates hookLoggingLoggingloggingPacketSentloggingPacketRecv loggingIOSent loggingIORecv Credentials CredentialcredentialLoadX509credentialLoadX509FromMemorycredentialLoadX509Chain!credentialLoadX509ChainFromMemory HasBackendBackend backendFlush backendClose backendSend backendRecvCiphercipherID cipherName cipherHash cipherBulkcipherKeyExchange cipherMinVerBulkbulkName bulkKeySize bulkIVSizebulkExplicitIVbulkAuthTagLen bulkBlockSizebulkFCipherKeyExchangeTypeCipherKeyExchange_RSACipherKeyExchange_DH_AnonCipherKeyExchange_DHE_RSACipherKeyExchange_ECDHE_RSACipherKeyExchange_DHE_DSSCipherKeyExchange_DH_DSSCipherKeyExchange_DH_RSACipherKeyExchange_ECDH_ECDSACipherKeyExchange_ECDH_RSACipherKeyExchange_ECDHE_ECDSA BulkFunctions BulkBlockF BulkStreamF BulkAeadF BulkDirection BulkEncrypt BulkDecryptBulkAEAD BulkBlock BulkStream BulkStateBulkStateStreamBulkStateBlock BulkStateAEADBulkStateUninitializedBulkAdditionalData BulkNonceBulkIVBulkKeybulkInithasMAC hasRecordIVcipherKeyBlockSizecipherAllowedForVersioncipherExchangeNeedMoreDataMaxFragmentEnumMaxFragment512MaxFragment1024MaxFragment2048MaxFragment4096NullCompression Compression CompressionCcompressionCIDcompressionCDeflatecompressionCInflate compressionIDcompressionDeflatecompressionInflatecompressionIntersectIDnullCompression ServerHooksonClientCertificateonUnverifiedClientCertonCipherChoosingonServerNameIndicationonSuggestNextProtocolsonNewHandshakeonALPNClientSuggest ClientHooksonCertificateRequestonNPNServerSuggestonServerCertificate onSuggestALPNSharedsharedCredentialssharedSessionManager sharedCAStoresharedValidationCache SupportedsupportedVersionssupportedCipherssupportedCompressionssupportedHashSignaturessupportedSecureRenegotiation%supportedClientInitiatedRenegotiationsupportedSessionsupportedFallbackScsvsupportedEmptyPacket ServerParamsserverWantClientCertserverCACertificatesserverDHEParams serverShared serverHooksserverSupported serverDebug ClientParamsclientUseMaxFragmentLengthclientServerIdentificationclientUseServerNameIndicationclientWantSessionResume clientShared clientHooksclientSupported clientDebug DebugParams debugSeeddebugPrintSeeddefaultParamsClientContext ctxConnection Information infoVersion infoCipherinfoCompressioninfoMasterSecretinfoClientRandominfoServerRandom contextFlush contextClosecontextGetInformationcontextModifyHooks handshake TLSParams contextNewcontextNewOnHandlecontextNewOnSocketcontextHookSetHandshakeRecvcontextHookSetCertificateRecvcontextHookSetLoggingbyegetNegotiatedProtocol getClientSNIsendDatarecvData recvData'ciphersuite_allciphersuite_mediumciphersuite_strongciphersuite_dhe_rsaciphersuite_dhe_dssciphersuite_unencryptedcipher_null_MD5cipher_null_SHA1cipher_RC4_128_MD5cipher_RC4_128_SHA1cipher_AES128_SHA1cipher_DHE_DSS_AES128_SHA1cipher_DHE_RSA_AES128_SHA1cipher_AES256_SHA1cipher_DHE_DSS_AES256_SHA1cipher_DHE_RSA_AES256_SHA1cipher_AES128_SHA256cipher_AES256_SHA256cipher_DHE_DSS_RC4_SHA1cipher_DHE_RSA_AES128_SHA256cipher_DHE_RSA_AES256_SHA256cipher_RSA_3DES_EDE_CBC_SHA1cipher_DHE_RSA_AES128GCM_SHA256cipher_ECDHE_RSA_AES128CBC_SHAcipher_ECDHE_RSA_AES256CBC_SHA!cipher_ECDHE_RSA_AES128CBC_SHA256!cipher_ECDHE_RSA_AES256CBC_SHA384#cipher_ECDHE_ECDSA_AES128GCM_SHA256!cipher_ECDHE_RSA_AES128GCM_SHA256!cipher_ECDHE_RSA_AES256GCM_SHA384decodeASN1ObjectencodeASN1ObjectErrTrunErrTmtl_Aue4leSeVkpKLsfHIV51E8Control.Monad.Error.Class catchError throwError MonadErrortrans_GZTjP9K5WFq01xC9BAGQpFControl.Monad.Trans.ErrorErrornoMsgstrMsg toCurveName fromCurveNamecrypt_CcjcowokjyFJ3PzxfpgObbCrypto.PubKey.ECC.Types SEC_t571r1 SEC_t571k1 SEC_t409r1 SEC_t409k1 SEC_t283r1 SEC_t283k1 SEC_t239k1 SEC_t233r1 SEC_t233k1 SEC_t193r2 SEC_t193r1 SEC_t163r2 SEC_t163r1 SEC_t163k1 SEC_t131r2 SEC_t131r1 SEC_t113r2 SEC_t113r1 SEC_p521r1 SEC_p384r1 SEC_p256r1 SEC_p256k1 SEC_p224r1 SEC_p224k1 SEC_p192r1 SEC_p192k1 SEC_p160r2 SEC_p160r1 SEC_p160k1 SEC_p128r2 SEC_p128r1 SEC_p112r2 SEC_p112r1 CurveNameStateRNG withTLSRNG newStateRNG$fShowStateRNG Crypto.RandomseedFromInteger seedToIntegerseedNewSeedCrypto.Random.TypesgetRandomBytes MonadRandomBytes showBytesHexbaseGHC.Base<*>pure Applicative Data.Functor<$>mconcatmappendmemptyMonoid<$<**> lengthBytesCrypto.Number.Serializei2ospOf_i2ospos2ipand'&&!bytesEqsubtakelast partition3 partition6fromJust fmapEithercatchExceptionECDHKey ECDHParams ECDHPrivate ECDHPublic ecdhPublic ecdhPrivate ecdhParamsecdhGenerateKeyPair ecdhGetShared ecdhUnwrapecdhUnwrapPublic pointSizeDHKeyDHParams DHPrivateDHPublicdhPublic dhPrivatedhParamsdhGenerateKeyPair dhGetShareddhUnwrap dhParamsGetP dhParamsGetGdhUnwrapPublic DirectionRoleTxRx ClientRole ServerRole invertRoleisNullCertificateChaingetCertificateChainLeafwrapCertificateChecks Data.X509getCertificateSignedCertificateData.X509.CertificateChainCertificateChainData.X509.CertcertExtensions certPubKey certSubjectDN certValidity certIssuerDNcertSignatureAlg certSerial certVersion Certificatex509s_6AuJwaGKgg97ff0M26wTI0Data.X509.CertificateStoreCertificateStorevalidateDefault FailedReasonData.X509.Validation.Types ServiceIDnewMeasurementaddBytesReceived addBytesSentresetBytesCountersincrementNbHandshakesHashCtx ContextSimple HashContextHashContextSSL PrivateKey PublicKeyhashInit hashUpdate hashUpdateSSL hashFinalhashhashNamehashDigestSize hashBlockSizegeneralizeRSAError kxEncrypt kxDecryptkxVerifykxSign rsaSignHash rsaVerifyHashnoHash$fShowHashContextHMACmacSSLhmachmacIterprf_SHA1prf_MD5 prf_MD5SHA1 prf_SHA256 EnumSafe16fromEnumSafe16 toEnumSafe16 EnumSafe8 fromEnumSafe8 toEnumSafe8 TypeValuable valOfType valToType Handshake ClientHello ServerHello Certificates HelloRequestServerHelloDone ClientKeyXchg ServerKeyXchg CertRequest CertVerifyFinishedHsNextProtocolNegotiationDeprecatedRecordClientKeyXchgAlgorithmDataCKX_RSACKX_DHCKX_ECDHServerKeyXchgAlgorithmData SKX_DH_Anon SKX_DHE_DSS SKX_DHE_RSA SKX_ECDHE_RSASKX_ECDHE_ECDSASKX_RSA SKX_DH_DSS SKX_DH_RSA SKX_Unparsed SKX_UnknownServerRSAParams rsa_modulus rsa_exponentServerECDHParamsServerDHParamsserverDHParams_pserverDHParams_gserverDHParams_yBigNum HandshakeTypeHandshakeType_HelloRequestHandshakeType_ClientHelloHandshakeType_ServerHelloHandshakeType_CertificateHandshakeType_ServerKeyXchgHandshakeType_CertRequestHandshakeType_ServerHelloDoneHandshakeType_CertVerifyHandshakeType_ClientKeyXchgHandshakeType_FinishedHandshakeType_NPN AlertLevelAlertLevel_WarningAlertLevel_Fatal ExtensionRaw ExtensionID FinishedDataSession ClientRandom ServerRandomPacketAlertChangeCipherSpecAppDataDigitallySigned Signature CipherDatacipherDataContent cipherDataMACcipherDataPadding CipherType CipherStream CipherBlock CipherAEAD ConnectionEndConnectionServerConnectionClientconstrRandom32 serverRandom clientRandombigNumToIntegerbigNumFromIntegerserverDHParamsFromserverDHParamsToParamsserverDHParamsToPublic packetTypetypeOfHandshake numericalVerverOfNum $fTypeValuableSignatureAlgorithm$fTypeValuableHashAlgorithm$fTypeValuableCertificateType$fTypeValuableAlertDescription$fTypeValuableAlertLevel$fTypeValuableHandshakeType$fTypeValuableProtocolType$fTypeValuableCipherType$fTypeValuableConnectionEnd$fShowExtensionRaw$fExceptionTLSException$fExceptionTLSErrorData.X509.DistinguishedNameDistinguishedNamedefaultLogging defaultHooks$fDefaultHooks$fDefaultLogging credentialsListSigningAlgorithmscredentialsFindForSigningcredentialsFindForDecryptingcredentialCanDecryptcredentialCanSigngetSignatureAlg$fMonoidCredentials GetResultGotError GotPartial GotSuccessGotSuccessRemainingGetContinuationrunGet runGetErr runGetMaybetryGet getWords8 getWord16 getWords16 getWord24 getOpaque8 getOpaque16 getOpaque24 getInteger16 getBigNum16getList processBytes putWords8 putWord16 putWord32 putWords16 putWord24putBytes putOpaque8 putOpaque16 putOpaque24 putInteger16 putBigNum16 encodeWord16 encodeWord32 encodeWord64cerea_843xOxvPj94HAJ9SD4EJuqData.Serialize.GetgetWord8getBytesisEmpty remainingGetData.Serialize.PutputWord8runPutPuthasHelloExtensionshasExplicitBlockIVinitializeBackend getBackend$fHasBackendHandle$fHasBackendSocket$fHasBackendBackend $fEqCipher $fShowCipher$fEqBulk $fShowBulk$fShowBulkStatecParamsVersioncParamsKeyXchgTypecParamsSupportNPN&decodeReallyServerKeyXchgAlgorithmDataPRF CurrentParams getVersion putVersion getHeaderType putHeaderTypegetHandshakeType decodeHeaderdecodeDeprecatedHeaderLengthdecodeDeprecatedHeader encodeHeaderencodeHeaderNoVer decodeAlert decodeAlerts encodeAlertsdecodeHandshakeRecorddecodeHandshakedecodeDeprecatedHandshakedecodeHelloRequestdecodeClientHellodecodeServerHellodecodeServerHelloDonedecodeCertificatesdecodeFinisheddecodeNextProtocolNegotiationdecodeCertRequestdecodeCertVerifydecodeClientKeyXchgdecodeServerKeyXchg_DHdecodeServerKeyXchg_RSA decodeServerKeyXchgAlgorithmDatadecodeServerKeyXchgencodeHandshakeencodeHandshakesencodeHandshakeHeaderencodeHandshakeContent getRandom32getServerRandom32getClientRandom32 putRandom32putClientRandom32putServerRandom32 getSession putSession getExtensions putExtension putExtensionsgetSignatureHashAlgorithmputSignatureHashAlgorithmgetServerDHParamsputServerDHParamsgetServerECDHParamsputServerECDHParamsgetDigitallySignedputDigitallySigneddecodeChangeCipherSpecencodeChangeCipherSpecdecodePreMasterSecretencodePreMasterSecretgenerateMasterSecret_SSLgenerateMasterSecret_TLSgenerateMasterSecretgenerateKeyBlock_TLSgenerateKeyBlock_SSLgenerateKeyBlockgenerateFinished_TLSgenerateFinished_SSLgenerateClientFinishedgenerateServerFinishedgenerateCertificateVerify_SSLencodeSignedDHParamsencodeSignedECDHParams#ApplicationLayerProtocolNegotiationNextProtocolNegotiationSecureRenegotiationMaxFragmentLength ServerName ExtensionsupportedExtensionsSignatureAlgorithms HeartBeatModeHeartBeat_PeerAllowedToSendHeartBeat_PeerNotAllowedToSend HeartBeat SessionTicket EcPointFormatEcPointFormat_Uncompressed'EcPointFormat_AnsiX962_compressed_prime'EcPointFormat_AnsiX962_compressed_char2EcPointFormatsSupportedBrainPoolCurveBrainPoolP512R1BrainPoolP384R1BrainPoolP256R1 NamedCurveSEC BrainPool*NamedCurve_arbitrary_explicit_prime_curves*NamedCurve_arbitrary_explicit_char2_curvesEllipticCurvesSupportedServerNameTypeServerNameHostNameServerNameOther extensionIDextensionDecodeextensionEncodeHostNameextensionID_ServerNameextensionID_MaxFragmentLength extensionID_ClientCertificateUrlextensionID_TrustedCAKeysextensionID_TruncatedHMACextensionID_StatusRequestextensionID_UserMappingextensionID_ClientAuthzextensionID_ServerAuthzextensionID_CertTypeextensionID_EllipticCurvesextensionID_EcPointFormatsextensionID_SRPextensionID_SignatureAlgorithmsextensionID_SRTPextensionID_Heartbeat/extensionID_ApplicationLayerProtocolNegotiationextensionID_StatusRequestv2&extensionID_SignedCertificateTimestamp!extensionID_ClientCertificateType!extensionID_ServerCertificateTypeextensionID_PaddingextensionID_EncryptThenMAC extensionID_ExtendedMasterSecretextensionID_SessionTicket#extensionID_NextProtocolNegotiationextensionID_SecureRenegotiationdefinedExtensionsavailableEllipticCurves$fExtensionSignatureAlgorithms$fExtensionHeartBeat$fEnumSafe8HeartBeatMode$fExtensionSessionTicket"$fExtensionEcPointFormatsSupported$fEnumSafe8EcPointFormat"$fExtensionEllipticCurvesSupported$fEnumSafe16NamedCurve.$fExtensionApplicationLayerProtocolNegotiation"$fExtensionNextProtocolNegotiation$fExtensionSecureRenegotiation$fExtensionMaxFragmentLength$fExtensionServerNameTLSStrunTLSStTLSState stSessionstSessionResumingstSecureRenegotiationstClientVerifiedDatastServerVerifiedDatastExtensionNPNstExtensionALPNstHandshakeRecordContstNegotiatedProtocolstServerNextProtocolSuggeststClientALPNSuggeststClientEllipticCurveSuggeststClientEcPointFormatSuggeststClientCertificateChain stClientSNI stRandomGen stVersionstClientContext runTLSState newTLSStateupdateVerifiedDatafinishHandshakeTypeMaterialfinishHandshakeMaterialcertVerifyHandshakeTypeMaterialcertVerifyHandshakeMaterial setSessionisSessionResuming setVersionsetVersionIfUnsetgetVersionWithDefaultsetSecureRenegotiationgetSecureRenegotiationsetExtensionNPNgetExtensionNPNsetExtensionALPNgetExtensionALPNsetNegotiatedProtocolsetServerNextProtocolSuggestgetServerNextProtocolSuggestsetClientALPNSuggestgetClientALPNSuggestsetClientEllipticCurveSuggestgetClientEllipticCurveSuggestsetClientEcPointFormatSuggestgetClientEcPointFormatSuggestsetClientCertificateChaingetClientCertificateChain setClientSNIgetVerifiedDataisClientContext genRandomwithRNG$fMonadStateTLSStateTLSSt$fCompressionCNullCompression$fEqCompression$fShowCompressionNothingghc-prim GHC.TypesTrueFalse CommonParamsdefaultDebugParamsdefaultParamsServerdefaultSupporteddefaultClientHooksdefaultServerHooks$fDefaultServerHooks$fShowServerHooks$fDefaultClientHooks$fShowClientHooks$fDefaultShared $fShowShared$fDefaultSupported$fDefaultServerParams$fDefaultDebugParams$fShowDebugParamsRecordM runRecordM RecordStatestCipher stCompression stCryptState stMacStateMacState msSequence CryptStatecstKeycstIV cstMacSecretgetRecordVersionnewRecordStateincrRecordState setRecordIVwithCompression computeDigest makeDigestgetBulkgetMacSequence$fMonadErrorTLSErrorRecordM$fMonadStateRecordStateRecordM$fFunctorRecordM$fMonadRecordM$fApplicativeRecordMRecordfragmentCompressfragmentCipherfragmentUncipherfragmentUncompress recordToRaw rawToRecordrecordToHeader Ciphertext Compressed PlaintextFragmentfragmentGetBytesfragmentPlaintextfragmentCiphertextonRecordFragment fragmentMaphstClientCertRequesthstClientCertSenthstCertReqSentsetMasterSecretFromPresetMasterSecret HandshakeM runHandshakeMClientCertRequestDataHandshakeStatehstClientVersionhstClientRandomhstServerRandomhstMasterSecret hstKeyStatehstServerDHParams hstDHPrivatehstServerECDHParamshstECDHPrivatehstHandshakeDigesthstHandshakeMessageshstClientCertChainhstPendingTxStatehstPendingRxStatehstPendingCipherhstPendingCompressionHandshakeKeyStatehksRemotePublicKeyhksLocalPrivateKeynewEmptyHandshake runHandshake setPublicKey setPrivateKeygetRemotePublicKeygetLocalPrivateKeysetServerDHParamssetServerECDHParamssetCertReqSentgetCertReqSentsetClientCertSentgetClientCertSentsetClientCertChaingetClientCertChainsetClientCertRequestgetClientCertRequestgetPendingCipheraddHandshakeMessagegetHandshakeMessagesupdateHandshakeDigestgetHandshakeDigestcomputeKeyBlocksetServerHelloParameters$$fMonadStateHandshakeStateHandshakeM ctxCiphersctxEOF_ctxEstablished_ctxNeedEmptyPacketctxSSLv2ClientHello ctxTxState ctxRxState ctxHandshakectxHooks ctxLockWrite ctxLockRead ctxLockState ctxSupported ctxSharedctxStatectxMeasurementctxDoHandshakectxDoHandshakeWith updateMeasure withMeasure contextSend contextRecvctxEOFctxHasSSLv2ClientHelloctxDisableSSLv2ClientHellosetEOFctxEstablished ctxWithHookssetEstablishedwithLog throwCorefailOnEitherError usingState usingState_ usingHState getHState runTxState runRxState getStateRNG withReadLock withWriteLock withRWLock withStateLockcertificateRejectedrejectOnException encryptRSAsignRSA decryptRSA verifyRSA generateDHE generateECDHEprocessHandshakeprocessClientKeyXchgprocessClientFinishedstartHandshakeCertVerifyDatacertificateVerifyCheckcertificateVerifyCreategetHashAndASN1%prepareCertificateVerifySignatureDatasignatureHashDatasignatureCreatesignatureVerifysignatureVerifyWithHashDescrdigitallySignParamsdigitallySignDHParamsdigitallySignECDHParamsdigitallySignDHParamsVerifydigitallySignECDHParamsVerifywithClientAndServerRandom engageRecordcompressRecord encryptRecordencryptContent encryptBlock encryptStream encryptAead getCryptStatedisengageRecorduncompressRecord decryptRecord getCipherData decryptData processPacketswitchRxEncryption makeRecord encodeRecord writePacket prepareRecordswitchTxEncryption recvRecord recvPacket sendPacket checkValid readExacthandshakeTerminateonRecvStateHandshake RecvState RecvStateNextRecvStateHandshake RecvStateDonehandshakeFailed errorToAlert unexpected newSessionsendChangeCipherAndFinishrecvChangeCipherAndFinishrecvPacketHandshake runRecvStategetSessionDataextensionLookupsendClientData onServerHellohandshakeClientWithhandshakeClientprocessServerExtensionthrowMiscErrorOnExceptionprocessCertificateexpectChangeCipher expectFinishprocessServerKeyExchangeprocessCertificateRequestprocessServerHelloDonehandshakeServerWithrecvClientDatahandshakeServer doHandshakefindHighestVersionFromgetTLSCommonParams getTLSRole getCiphersdoHandshakeWith$fTLSParamsServerParams$fTLSParamsClientParams aes128cbc aes256cbc aes128gcm aes256gcmnoFailmakeIV_ tripledes_ede tripledes_ivrc4 bulk_nullbulk_rc4 bulk_aes128bulk_aes128gcmbulk_aes256gcm bulk_aes256bulk_tripledes_ede