$L      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~4 BSD-styleKazu Yamamoto <kazu@iij.ad.jp> experimentalunknownSafeR%/.-,+*)('&% &'()*+,-./ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownSafe) BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone5      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone"3Connection IO backend5,Flush the connection sending buffer, if any.6Close the connection.7)Send a bytestring through the connection.86Receive specified number of bytes from the connection. 012345678012345678 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone&v9'record some data about this connection.;$number of handshakes on this context<#bytes received since last handshake=bytes sent since last handshake 9:;<=9:;<= NoneK&  None'^>? BSD-styleKazu Yamamoto <kazu@iij.ad.jp> experimentalunknownNone3@2048 bits finite field Diffie-Hellman ephemeral parameters defined in RFC 7919. The estimated symmetric-equivalent strength is 103 bits.A3072 bits finite field Diffie-Hellman ephemeral parameters defined in RFC 7919. The estimated symmetric-equivalent strength is 125 bits.B4096 bits finite field Diffie-Hellman ephemeral parameters defined in RFC 7919. The estimated symmetric-equivalent strength is 150 bits.C6144 bits finite field Diffie-Hellman ephemeral parameters defined in RFC 7919. The estimated symmetric-equivalent strength is 175 bits.D8192 bits finite field Diffie-Hellman ephemeral parameters defined in RFC 7919. The estimated symmetric-equivalent strength is 192 bits.@ABCD@ABCD  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone8s DirectionRoleECompression identificationFCipher identificationGSession data to resumeN A session IDOVersions known to TLSDSSL2 is just defined, but this version is and will not be supported.EFGHIJKLMNOPQRSTGHIJKLMOPQRST  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone<UA session managerWAused on server side to decide whether to resume a client session.X#used when a session is established.Y#used when a session is invalidated.UVWXYZUVWXY  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneCVI[0This is the default compression which is a NOOP.\Aevery compression need to be wrapped in this, to fit in structure^>supported compression algorithms need to be part of this classb+return the associated ID for this algorithmczdeflate (compress) a bytestring using a compression context and return the result along with the new compression context.dwinflate (decompress) a bytestring using a compression context and return the result along the new compression context.eintersect a list of ids commonly given by the other side with a list of compression the function keeps the list of compression in order, to be able to find quickly the prefered compression.fdefault null compression E[\]^_`abcdef[\]^_`a BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneJ  NoneVNS This is a strict version of and This is a strict version of &&. verify that 2 bytestrings are equals. it's a non lazy version, that will compare every bytes. arguments with different length will bail out early     BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneR\Attempt to decode a bytestring representing an DER ASN.1 serialized object into the object.7Encode an ASN.1 Object to the DER serialized bytestringNoneRQ BSD-styleKazu Yamamoto <kazu@iij.ad.jp> experimentalunknownNoneS  !"#$% &'()*+,-./ 0123456789NoneCVU:+(for the md5 context, for the sha1 context)[ %&'()*+,-./>? !"#$%;<=>?@ABCgmlkjihnopqDEFGHI:JKLMNOPQR;<=>?@ASTCUVghijklmnopq BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone1_zwBdeprecated alert, should never be sent by compliant implementation@TLS Exceptions related to bad user usage or asynchronous errorsGEarly termination exception with the reason and the error associated(Handshake failed for the reason attachedjUsage error when the connection has not been established and the user is trying to send or receive data5TLSError that might be returned through the TLS stackmainly for instance of Errorhandshake policy failed.WGHIJKLMNOPQRSTXYZ[\]^_`rabcdefghijklmnopqrstuvwxyz{|}~stuvwxyz{|}~XYZ[\]^`_r bcdefghijaklmno pqrstuvwxyz{|}~ stuvwxyz{|}~  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonehFor now we ignore the version, but perhaps some day the PRF will depend not only on the cipher PRF algorithm, but also on the protocol version. BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneCVkCipher algorithmCheck if a specific 2 is allowed to be used with the version specified@Fgmlkjihn  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone,All AES ciphers supported ordered from strong to weak. This choice of ciphersuites should satisfy most normal needs. For otherwise strong ciphers we make little distinction between AES128 and AES256, and list each but the weakest of the AES128 ciphers ahead of the corresponding AES256 ciphers.DThe default ciphersuites + some not recommended last resort ciphers.list of medium ciphers.The strongest ciphers supported. For ciphers with PFS, AEAD and SHA2, we list each AES128 variant right after the corresponding AES256 variant. For weaker constructs, we use just the AES256 form.DHE-RSA cipher suite8all unencrypted ciphers, do not use on insecure network.@unencrypted cipher using RSA for key exchange and MD5 for digestAunencrypted cipher using RSA for key exchange and SHA1 for digest /RC4 cipher, RSA key exchange and MD5 for digest 0RC4 cipher, RSA key exchange and SHA1 for digest ?3DES cipher (168 bit key), RSA key exchange and SHA1 for digest >AES cipher (128 bit key), RSA key exchange and SHA1 for digest MAES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digestMAES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest>AES cipher (256 bit key), RSA key exchange and SHA1 for digestMAES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digestMAES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest@AES cipher (128 bit key), RSA key exchange and SHA256 for digest@AES cipher (256 bit key), RSA key exchange and SHA256 for digestaAESGCM cipher (128 bit key), RSA key exchange. The SHA256 digest is used as a PRF, not as a MAC.aAESGCM cipher (256 bit key), RSA key exchange. The SHA384 digest is used as a PRF, not as a MAC.'      !"#$%&'  %& !"#$    BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone,@ABCD      !"#$%& BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneg, BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneecurrent protocol versioncurrent key exchange typein certain cases, we haven't manage to decode ServerKeyExchange properly, because the decoding was too eager and the cipher wasn't been set yet. we keep the Server Key Exchange in it unparsed format, and this function is able to really decode the server key xchange if it's unparsed.fThe TLS12 PRF is cipher specific, and some TLS12 algorithms use SHA384 instead of the default SHA256."      BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone>?O !"#$%&'()*  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneE +Represent a TLS record.,Xturn a plaintext record into a compressed record using the compression function supplied-Tturn a compressed record into a ciphertext record using the cipher function supplied.Xturn a ciphertext fragment into a compressed fragment using the cipher function supplied/^turn a compressed fragment into a plaintext fragment using the decompression function supplied0&turn a record into an header and bytes1*turn a header and a fragment into a record2turn a record into a header34567+89:;,-./0126<7+8 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone= BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone<> BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneM!"$34567+89:012=> BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone>?Kl?7Set to Just-value when certificate request was received@4Set to true when a client certificate chain was sentA/Set to true when a certificate request was sentB6Generate the master secret from the pre master secret.CSet master secret and as a side effect generate the key block with all the right parameters, and setup the pending tx/rx state.Bchosen transmission version2the role (Client or Server) of the generating sidethe pre master secretDchosen version5EFGHIJKLMNOPQRS?@ATUVWXYZ[\]^_`abcdefghijklmnopqrsBCDEtuGHIJKLMNOPQRS?@ATUVWXvwxy  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonetz-Application Layer Protocol Negotiation (ALPN){Secure Renegotiation|?Max fragment extension with length from 512 bytes to 4096 bytes}Server Name extension including the name type and the associated name. the associated name decoding is dependant of its name type. name type = 0 : hostname~KExtension class to transform bytes to and from a high level Extension type..all supported extensions by the implementation:%&'()*+,-./z{'()*+|}~z{'()*+|}~! BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone>?KQVg4" BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone2,3Certificate Usage callback possible returns values.-usage of certificate accepted.usage of certificate rejected/&Certificate and Chain rejection reason#,-./0123,-./0123# BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone4A collection of hooks actions.6)called at each handshake message received71called at each certificate chain message received8/hooks on IO and packets, receiving and sending.9Hooks for logging8This is called when sending and receiving packets and IO 456789:;<=>456789:;<=>$ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneBtry to create a new credential object from a public certificate and the associated private key that are stored on the filesystem in PEM format.C similar to BV but take the certificate and private key from memory instead of from the filesystem.D similar to B/ but also allow specifying chain certificates.E similar to C/ but also allow specifying chain certificates.Checks whether certificates in the chain comply with a list of hash/signature algorithm pairs. Currently the verification applies only to the leaf certificate, if it is not self-signed. This may be extended to additional chain elements in the future.B!public certificate (X.509 format)private key associatedD!public certificate (X.509 format)!chain certificates (X.509 format)private key associated ?@ABCDE?@% BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneB &FQA set of callbacks run by the server for various corners of the TLS establishmentHThis action is called when a client certificate chain is received from the client. When it returns a CertificateUsageReject value, the handshake is aborted.INThis action is called when the client certificate cannot be verified. Return ' to accept the certificate anyway, or  to fail verification.JiAllow the server to choose the cipher relative to the the client version and the client list of ciphers.xThis could be useful with old clients and as a workaround to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)'The client cipher list cannot be empty.KtAllow the server to indicate additional credentials to be used depending on the host name indicated by the client.This is most useful for transparent proxies where credentials must be generated on the fly according to the host the client is trying to connect to.yReturned credentials may be ignored if a client does not support the signature algorithms used in the certificate chain.LQat each new handshake, we call this hook to see if we allow handshake to happens.MAllow the server to choose an application layer protocol suggested from the client through the ALPN (Application Layer Protocol Negotiation) extensions.NNA set of callbacks run by the clients for various corners of TLS establishmentP This action is called when the server sends a certificate request. The parameter is the information from the request. The action should select a certificate chain of one of the given certificate types where the last certificate in the chain should be signed by one of the given distinguished names. Each certificate should be signed by the following one, except for the last. At least the first of the certificates in the chain must have a corresponding private key, because that is used for signing the certificate verify message.Note that is is the responsibility of this action to select a certificate matching one of the requested certificate types. Returning a non-matching one will lead to handshake failure later.Returning a certificate chain not matching the distinguished names may lead to problems or not, depending whether the server accepts it.QZUsed by the client to validate the server certificate. The default implementation calls H which validates according to the default hooks and checks provided by Data.X509.ValidationT. This can be replaced with a custom validation function using different settings.RqThis action is called when the client sends ClientHello to determine ALPN values such as '["h2", "http/1.1"]'.SThis action is called to validate DHE parameters when the server selected a finite-field group not part of the "Supported Groups Registry". See RFC 7919 section 3.1 for recommandations.T,Group usage callback possible return values.Uusage of group acceptedV-usage of group provides insufficient securityW>usage of group rejected for other reason (specified as string)X+usage of group with an invalid public value_DList all the supported algorithms, versions, ciphers, etc supported.aSupported Versions by this context On the client side, the highest version will be used to establish the connection. On the server side, the highest version that is less or equal than the client version will be chosed.bSSupported cipher methods. The default is empty, specify a suitable cipher list. & is often a good choice.csupported compressions methodsdAll supported hash/signature algorithms pair for client certificate verification and server signature in (EC)DHE, ordered by decreasing priority./This list is sent to the peer as part of the signature_algorithms extension. It is also used to restrict the choice of server credential, signature and hash algorithm, but only when the TLS version is 1.2 or above. In order to disable SHA-1 one must then also disable earlier protocol versions in a.e/Secure renegotiation defined in RFC5746. If 7, clients send the renegotiation_info extension. If g, servers handle the extension or the renegotiation SCSV then send the renegotiation_info extension.fIf ], renegotiation is allowed from the client side. This is vulnerable to DOS attacks. If I, renegotiation is allowed only from the server side via HelloRequest.gSet if we support session.h4Support for fallback SCSV defined in RFC7507. If b, servers reject handshakes which suggest a lower protocol than the highest protocol supported.idIn ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed by an attacker. Hence, an empty packet is normally sent before a normal data packet, to prevent guessability. Some Microsoft TLS-based protocol implementations, however, consider these empty packets as a protocol violation and disconnect. If this parameter is Y, empty packets will never be added, which is less secure, but might help in rare cases.jpA list of supported elliptic curves and finite-field groups in the preferred order. The default value is [),&,',(]. ) and & provide 128-bit security which is strong enough until 2030. Both curves are fast because their backends are written in C.m"request a certificate from client.nThis is a list of certificates from which the disinguished names are sent in certificate request messages. For TLS1.0, it should not be empty.oServer Optional Diffie Hellman parameters. Setting parameters is necessary for FFDHE key exchange when clients are not compatible with RFC 7919.9Value can be one of the standardized groups from module Network.TLS.Extra.FFDHE& or custom parameters generated with '(.wDefine the name of the server, along with an extra service identification blob. this is important that the hostname part is properly filled for security reason, as it allow to properly associate the remote side with the given certificate during a handshake.The extra blob is useful to differentiate services running on the same host, but that might have different certificates given. It's only used as part of the X509 validation infrastructure.xAllow the use of the Server Name Indication TLS extension during handshake, which allow the client to specify which host name, it's trying to access. This is useful to distinguish CNAME aliasing (e.g. web virtual host).y1try to establish a connection using this session.|IIn this element, you'll need to override the default empty value of of b with a suitable cipherlist.~-All settings should not be used in productionDisable the true randomness in favor of deterministic seed that will produce a deterministic random from. This is useful for tests and debugging purpose. Do not use in productionyAdd a way to print the seed that was randomly generated. re-using the same seed will reproduce the same randomness with K'()*+,-./0123FGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~FGHIJKLMNOPQRSTUVWXYZ[\]^_ `abcdefghijklmnopqrst uvwxyz{|}~) BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneRwJA TLS Context keep tls specific state, parameters and backend information.6return the backend object associated with this contexthas the handle EOFed or not.0has the handshake been done and been successful.-empty packet workaround for CBC guessability.enable the reception of compatibility SSLv2 client hello. the flag will be set to false regardless of its initial value after the first packet received.current tx statecurrent rx stateoptional handshake statehooks for this context;lock to use for writing data (including updating the state);lock to use for reading data (including updating the state)mlock used during read/write when receiving and sending packet. it is usually nested in a write or read lock.=Information related to a running context, e.g. current cipher%Information about the current contextc9:;<=GHIJKLMN'()*+45678klmnopqrstuvwxyz{|}      * BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneYj!makePacketData\ create a Header and a content bytestring related to a packet this doesn't change any state"marshall packet data#jwritePacket transform a packet into marshalled data related to current state and updating state on the go#+ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone<Z$, BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneb%%JrecvRecord receive a full TLS record (header + data), from the other side..The record is disengaged from the record layer&receive one packet from the context that contains 1 or many messages (many only in case of handshake). if will returns a TLSError if the packet is unexpected or malformed'Send one packet to the context%1flag to enable SSLv2 compat ClientHello reception TLS context(&'- BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonecj )*+,-./01. BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoned2345678/ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonef$s9:0NonehA;1when a new handshake is done, wrap up & clean up.<?process a list of handshakes message in the recv state machine.=>?@ABCD;EFG<HI=>?@1 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneiJK2 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonetSL7send client Data after receiving all server data (hello certificateskey).> [certificate]> client key exchange> [cert verify]M<onServerHello process the ServerHello message on the client.1) check the version chosen by the server is one allowed by parameters. 2) check that our compression and cipher algorithms are part of the list we sent 3) check extensions received are part of the one we sent 4) process the session parameter to see if the server want to start a new session or can resume 5) if no resume switch to processCertificate SM or in resume switch to expectChangeCipherNO3 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonetP)Put the server context in handshake mode.Expect a client hello message as parameter. This is useful when the client hello has been already poped from the recv layer to inspect the packet.When the function returns, a new handshake has been succesfully negociated. On any error, a HandshakeFailed exception is raised.handshake protocol ( - receiving, -K sending, [] optional): (no session) (session resumption) <- client hello <- client hello -> server hello -> server hello -> [certificate] -> [server key xchg] -> [cert request] -> hello done <- [certificate] <- client key xchg <- [cert verify]  -change cipher - change cipher  -finish -Z finish -> change cipher <- change cipher -> finish <- finishQ>receive Client data in handshake until the Finished handshake.g<- [certificate] <- client key xchg <- [cert verify] <- change cipher <- finishRP4 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonesHandshake for a new TLS connection This is to be called at the beginning of a connection, and during renegotiationNORPS5 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone@create a new context using the backend and parameters specified."create a new context on an handle.!create a new context on a socket.NBackend abstraction with specific method to interact with the connection type.Parameters of the context.Handle of the connection.Parameters of the context.Socket of the connection.Parameters of the context.D45678      TUVW6 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneVnotify the context that this side wants to close connection. this is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2).&this doesn't actually close the handleVIf the ALPN extensions have been used, this will return get the protocol agreed upon.dIf the Server Name Indication extension has been used, return the hostname specified by the client.[sendData sends a bunch of data. It will automatically chunk data to acceptable packet sizekrecvData get data out of Data packet, and automatically renegotiate if a Handshake ClientHello is received/same as recvData but returns a lazy bytestring. &'7 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneWGHIJKLMNOPQRSTXYZ[\]^`_rabcdefghijklmnopqrstuvwxyz{|}~stuvwxyz{|}~     #$&' BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonen  #"! $%&'()*+,-./0123456789:;<=>?FGHIJKLMNOPQRSTUVWXYZ\]^_`afgmlkjihnopqrstuvwxyz{|}~'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~wtuvwxyz{|}$klmnopqrs~>?NOPQRSFGHIJKLM_`abcdefghijYZ[\]^45678r9:;<=>9:;<=TUVWX,-./0123'()*+NGHIJKLMUVWXYZ345678012?@ABCDE ^_`a\]Ef[bcdeghijklmnFOPQRSTopqstuvwxyz{|}~ #"! %&'()*+,-./X89:89;89<89=8>?8>@8>A8>B8>C8>DEFGEFHEFIEFJEFKEFLEFMEFNEFOEFPEFPEFQEFREFSEFTEFUEFUEVWEVXEVYEVZEV[EV\EV]EV^EV^E_`abcdefghijklmnoopqrsttuvw x yz{|}~                        !"##$%&'()*+,-./012&3456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX Y Z [ \ ]"^"_"`"a"b"c"d"e#f#f#g#h#i#j#j#k#l#m#n$o$o$p$q$r$s$t%u%u%v%w%x%y%z%{%|%|%}%~%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%))))))))))))))45555555666666       ! " # $%&'()*+,-.//01123345667889:;<==>?@ABCDEFGHIJKLMN O P QRSRTRURVRWRXRYRZRZR[\]\]\^_`abcdefghijklmnmnmompmpmqmrmrmsmtmtmumvmvmwmxmxmyz{z|z}z~zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz         !"#$#% & & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; <=>?@ABCDEFGHIJKJLJMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~w8      !"#$%&'()*+,-./0123456789:;<==>?@ABBCDDEFGHIJKLMNOP;QRSTUVWXYZ[\]Q^_`\abcdefghijkklmnopqrstuvwxyz{|}~i                                          !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!88888888888888EFEFE_"""#$$$$ $   % )))))))))))))))))))) )!)")#)$)%)&)')()))*)+),)-).)/)0)1)2)3)4)5)6*7*8*9+:,;,<,=,>-?-@-A-B-C-D-E-F-G.H.I.J.K.L.M.N/O/P0Q0R0S0T0U0V0W0X0Y0Z0[0\0]0^0_1`1a2b2c2d2e3f3g3h4i5j5k5l5mn tls-1.4.1-HOyrFB7Z1D16FhqqwhYoz7 Network.TLSNetwork.TLS.Extra.FFDHENetwork.TLS.Extra.CipherNetwork.TLS.Crypto.TypesNetwork.TLS.ErrTNetwork.TLS.ImportsNetwork.TLS.BackendNetwork.TLS.MeasurementNetwork.TLS.RNGNetwork.TLS.Crypto.DHNetwork.TLS.TypesNetwork.TLS.SessionNetwork.TLS.CompressionNetwork.TLS.CapNetwork.TLS.UtilNetwork.TLS.Util.ASN1Network.TLS.Util.SerializationNetwork.TLS.Crypto.IESNetwork.TLS.CryptoNetwork.TLS.StructNetwork.TLS.MACNetwork.TLS.CipherNetwork.TLS.ExtraNetwork.TLS.WireNetwork.TLS.PacketNetwork.TLS.Record.StateNetwork.TLS.Record.TypesNetwork.TLS.Record.EngageNetwork.TLS.Record.DisengageNetwork.TLS.RecordNetwork.TLS.Handshake.StateNetwork.TLS.ExtensionNetwork.TLS.StateNetwork.TLS.X509Network.TLS.HooksNetwork.TLS.CredentialsNetwork.TLS.Parametersciphersuite_defaultCrypto.PubKey.DHgenerateParamsNetwork.TLS.Context.InternalNetwork.TLS.SendingNetwork.TLS.ReceivingNetwork.TLS.IONetwork.TLS.Handshake.KeyNetwork.TLS.Handshake.SignatureNetwork.TLS.Handshake.ProcessNetwork.TLS.Handshake.Common!Network.TLS.Handshake.CertificateNetwork.TLS.Handshake.ClientNetwork.TLS.Handshake.ServerNetwork.TLS.HandshakeNetwork.TLS.ContextNetwork.TLS.CoreNetwork.TLS.Internal!x509-1.7.3-IHUO4Nc1bVtAKRRQbZQlV3Data.X509.PrivateKey PrivKeyEC PrivKeyDSA PrivKeyRSAPrivKeyData.X509.PublicKey PubKeyUnknownPubKeyECPubKeyDH PubKeyDSA PubKeyRSAPubKey-x509-validation-1.6.10-AdcB2H2Jkv32KElgnwOcppData.X509.Validation checkFQHNcheckLeafKeyPurposecheckLeafKeyUsage checkLeafV3checkExhaustivecheckCAConstraintscheckStrictOrdering checkAtTimecheckTimeValidityValidationCheckshookFilterReasonhookValidateNamehookValidateTimehookMatchSubjectIssuerValidationHooksData.X509.Validation.CacheexceptionValidationCacheValidationCacheUnknownValidationCacheDeniedValidationCachePassValidationCacheResultcacheAdd cacheQueryValidationCacheData.X509.Validation.TypesHostNameGroupP256P384P521X25519X448 FFDHE2048 FFDHE3072 FFDHE4096 FFDHE6144 FFDHE8192 HasBackendinitializeBackend getBackendBackend backendFlush backendClose backendSend backendRecv Measurement nbHandshakes bytesReceived bytesSentDHParamsDHPublic ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192 CompressionIDCipherID SessionDatasessionVersion sessionCiphersessionCompressionsessionClientSNI sessionSecret SessionIDVersionSSL2SSL3TLS10TLS11TLS12SessionManager sessionResumesessionEstablishsessionInvalidatenoSessionManagerNullCompression Compression CompressionCcompressionCIDcompressionCDeflatecompressionCInflate compressionIDcompressionDeflatecompressionInflatecompressionIntersectIDnullCompressionHashMD5SHA1SHA224SHA256SHA384SHA512SHA1_MD5KxErrorRSAError KxUnsupported HandshakeAlertDescription CloseNotifyUnexpectedMessage BadRecordMacDecryptionFailedRecordOverflowDecompressionFailureHandshakeFailureBadCertificateUnsupportedCertificateCertificateRevokedCertificateExpiredCertificateUnknownIllegalParameter UnknownCa AccessDenied DecodeError DecryptErrorExportRestrictionProtocolVersionInsufficientSecurity InternalErrorInappropriateFallback UserCanceledNoRenegotiationUnsupportedExtensionCertificateUnobtainableUnrecognizedNameBadCertificateStatusResponseBadCertificateHashValue ClientRandomunClientRandom ServerRandomunServerRandomHeader TLSException TerminatedHandshakeFailedConnectionNotEstablishedTLSError Error_MiscError_ProtocolError_CertificateError_HandshakePolicy Error_EOF Error_PacketError_Packet_unexpectedError_Packet_Parsing ProtocolTypeProtocolType_ChangeCipherSpecProtocolType_AlertProtocolType_HandshakeProtocolType_AppData ProtocolType_DeprecatedHandshakeHashAndSignatureAlgorithmSignatureAlgorithmSignatureAnonymous SignatureRSA SignatureDSSSignatureECDSASignatureRSApssSHA256SignatureRSApssSHA384SignatureRSApssSHA512SignatureEd25519SignatureEd448SignatureOther HashAlgorithmHashNoneHashMD5HashSHA1 HashSHA224 HashSHA256 HashSHA384 HashSHA512 HashIntrinsic HashOtherCertificateTypeCertificateType_RSA_SignCertificateType_DSS_SignCertificateType_RSA_Fixed_DHCertificateType_DSS_Fixed_DH CertificateType_RSA_Ephemeral_DH CertificateType_DSS_Ephemeral_DHCertificateType_fortezza_dmsCertificateType_UnknownCiphercipherID cipherName cipherHash cipherBulkcipherKeyExchange cipherMinVer cipherPRFHashBulkbulkName bulkKeySize bulkIVSizebulkExplicitIVbulkAuthTagLen bulkBlockSizebulkFCipherKeyExchangeTypeCipherKeyExchange_RSACipherKeyExchange_DH_AnonCipherKeyExchange_DHE_RSACipherKeyExchange_ECDHE_RSACipherKeyExchange_DHE_DSSCipherKeyExchange_DH_DSSCipherKeyExchange_DH_RSACipherKeyExchange_ECDH_ECDSACipherKeyExchange_ECDH_RSACipherKeyExchange_ECDHE_ECDSA BulkFunctions BulkBlockF BulkStreamF BulkAeadF BulkDirection BulkEncrypt BulkDecryptBulkAEAD BulkBlock BulkStream BulkStateBulkStateStreamBulkStateBlock BulkStateAEADBulkStateUninitializedBulkAdditionalData BulkNonceBulkIVBulkKeybulkInithasMAC hasRecordIVcipherKeyBlockSizecipherAllowedForVersioncipherExchangeNeedMoreDataciphersuite_allciphersuite_mediumciphersuite_strongciphersuite_dhe_rsaciphersuite_dhe_dssciphersuite_unencryptedcipher_null_MD5cipher_null_SHA1cipher_RC4_128_MD5cipher_RC4_128_SHA1cipher_RSA_3DES_EDE_CBC_SHA1cipher_AES128_SHA1cipher_DHE_DSS_AES128_SHA1cipher_DHE_RSA_AES128_SHA1cipher_AES256_SHA1cipher_DHE_DSS_AES256_SHA1cipher_DHE_RSA_AES256_SHA1cipher_AES128_SHA256cipher_AES256_SHA256cipher_DHE_DSS_RC4_SHA1cipher_DHE_RSA_AES128_SHA256cipher_DHE_RSA_AES256_SHA256cipher_AES128GCM_SHA256cipher_AES256GCM_SHA384cipher_DHE_RSA_AES128GCM_SHA256cipher_DHE_RSA_AES256GCM_SHA384 cipher_ECDHE_ECDSA_AES128CBC_SHA cipher_ECDHE_ECDSA_AES256CBC_SHAcipher_ECDHE_RSA_AES128CBC_SHAcipher_ECDHE_RSA_AES256CBC_SHA!cipher_ECDHE_RSA_AES128CBC_SHA256!cipher_ECDHE_RSA_AES256CBC_SHA384#cipher_ECDHE_ECDSA_AES128CBC_SHA256#cipher_ECDHE_ECDSA_AES256CBC_SHA384#cipher_ECDHE_ECDSA_AES128GCM_SHA256#cipher_ECDHE_ECDSA_AES256GCM_SHA384!cipher_ECDHE_RSA_AES128GCM_SHA256!cipher_ECDHE_RSA_AES256GCM_SHA384MaxFragmentEnumMaxFragment512MaxFragment1024MaxFragment2048MaxFragment4096CertificateUsageCertificateUsageAcceptCertificateUsageRejectCertificateRejectReasonCertificateRejectExpiredCertificateRejectRevokedCertificateRejectUnknownCACertificateRejectOtherHookshookRecvHandshakehookRecvCertificates hookLoggingLoggingloggingPacketSentloggingPacketRecv loggingIOSent loggingIORecv Credentials CredentialcredentialLoadX509credentialLoadX509FromMemorycredentialLoadX509Chain!credentialLoadX509ChainFromMemory ServerHooksonClientCertificateonUnverifiedClientCertonCipherChoosingonServerNameIndicationonNewHandshakeonALPNClientSuggest ClientHooksonCertificateRequestonServerCertificate onSuggestALPNonCustomFFDHEGroup GroupUsageGroupUsageValidGroupUsageInsecureGroupUsageUnsupportedGroupUsageInvalidPublicSharedsharedCredentialssharedSessionManager sharedCAStoresharedValidationCache SupportedsupportedVersionssupportedCipherssupportedCompressionssupportedHashSignaturessupportedSecureRenegotiation%supportedClientInitiatedRenegotiationsupportedSessionsupportedFallbackScsvsupportedEmptyPacketsupportedGroups ServerParamsserverWantClientCertserverCACertificatesserverDHEParams serverShared serverHooksserverSupported serverDebug ClientParamsclientUseMaxFragmentLengthclientServerIdentificationclientUseServerNameIndicationclientWantSessionResume clientShared clientHooksclientSupported clientDebug DebugParams debugSeeddebugPrintSeeddefaultParamsClientContext ctxConnection Information infoVersion infoCipherinfoCompressioninfoMasterSecretinfoClientRandominfoServerRandom contextFlush contextClosecontextGetInformationcontextModifyHooks handshake TLSParams contextNewcontextNewOnHandlecontextNewOnSocketcontextHookSetHandshakeRecvcontextHookSetCertificateRecvcontextHookSetLoggingbyegetNegotiatedProtocol getClientSNIsendDatarecvData recvData'BytesDigitalSignatureAlgEd448Ed25519DSSRSAECDSAavailableFFGroupsavailableECGroupsavailableGroups mtl-2.2.1-DscMMmDQUE6GBfOSl4qMUHControl.Monad.Error.Class MonadError throwError catchErrortransformers-0.5.2.0Control.Monad.Trans.ErrorErrorstrMsgnoMsgErrTrunErrTbaseGHC.Base++GHC.Listfilterzipmap Control.MonadguardjoinMonad>>=>>returnfailFunctorfmap<$ghc-prim GHC.ClassesOrd>=minmax><<=compare Applicativepure<*>*>liftA2<* Data.Foldablefoldrnulllengthfoldlfoldl'foldl1sumproductfoldr1maximumminimumelemData.TraversablemapMsequenceData.Semigroup Semigroup<>sconcatstimesMonoidmemptymappendmconcatMaybeNothingJust GHC.TypesOrderingLTEQGTWordGHC.WordWord8Word16Word32Word64bytestring-0.10.8.2Data.ByteString.Internal ByteStringdiffoption mtimesDefaultstimesIdempotentstimesIdempotentMonoid stimesMonoidcycle1MingetMinMaxgetMaxArgArgMinArgMaxFirstgetFirstLastgetLast WrappedMonoid WrapMonoid unwrapMonoidOption getOptionmfilter<$!>unless replicateM_ replicateMfoldM_foldM zipWithM_zipWithM mapAndUnzipMforever<=<>=>filterM Data.ListisSubsequenceOf mapAccumR mapAccumLforMControl.Applicativeoptional WrappedMonad WrapMonad unwrapMonad WrappedArrow WrapArrow unwrapArrowZipList getZipListData.Functor.ConstConstgetConstfindnotElem minimumBy maximumByallanyorand concatMapconcatmsum sequence_forM_mapM_ Data.MonoidDualgetDualEndoappEndoAllgetAllAnygetAnySumgetSumProduct getProduct Data.OldListunwordswordsunlineslinesunfoldrsortOnsortBysort permutations subsequencestailsinitsgroupBygroupdeleteFirstsByunzip7unzip6unzip5unzip4zipWith7zipWith6zipWith5zipWith4zip7zip6zip5zip4genericReplicate genericIndexgenericSplitAt genericDrop genericTake genericLengthinsertByinsert partition transpose intercalate intersperse intersectBy intersectunionByunion\\deleteBydeletenubBynub isInfixOf isSuffixOf isPrefixOf findIndices findIndex elemIndices elemIndex stripPrefix dropWhileEndData.Ord comparingDown byteSwap64 byteSwap32 byteSwap16 Data.BitstoIntegralSizedpopCountDefaulttestBitDefault bitDefaultBits.&..|.xor complementshiftrotatezeroBitsbitsetBitclearBit complementBittestBit bitSizeMaybebitSizeisSignedshiftL unsafeShiftLshiftR unsafeShiftRrotateLrotateRpopCount FiniteBits finiteBitSizecountLeadingZeroscountTrailingZeros Data.Functorvoid<$>unzip3unzipzipWith3zipWithzip3!!lookupreversebreakspansplitAtdroptake dropWhile takeWhilecycle replicaterepeatiteratescanr1scanrscanl'scanl1scanlfoldl1'initlasttailunconshead Data.MaybemapMaybe catMaybes listToMaybe maybeToList fromMaybe isNothingisJustmaybeapliftM5liftM4liftM3liftM2liftMwhen=<<liftA3liftA<**> Alternativeempty<|>somemany MonadPlusmzeromplus showBytesHexnewMeasurementaddBytesReceived addBytesSentresetBytesCountersincrementNbHandshakes&cryptonite-0.25-FKlHjQx60Hz3nWV7A6o2Fs Crypto.RandomseedFromInteger seedToIntegerseedNewSeedCrypto.Random.Types MonadRandomgetRandomBytesStateRNG withTLSRNG newStateRNGDHKey DHPrivatedhPublic dhPrivatedhParamsdhGenerateKeyPair dhGetShareddhValiddhUnwrap dhParamsGetP dhParamsGetGdhUnwrapPublic DirectionRoleTxRx ClientRole ServerRole invertRolehasHelloExtensionshasExplicitBlockIVand'&&!bytesEqsubtakelast partition3 partition6fromJust fmapEithercatchExceptiondecodeASN1ObjectencodeASN1ObjectCrypto.Number.Serializei2ospOf_i2ospos2ip lengthBytesGroupKey GroupPublic GroupPrivatedhParamsForGroupgroupGenerateKeyPairdhGroupGenerateKeyPairgroupGetPubShareddhGroupGetPubSharedgroupGetSharedencodeGroupPublicdecodeGroupPublic GroupPub_P256 GroupPub_P384 GroupPub_P521 GroupPub_X255 GroupPub_X448GroupPub_FFDHE2048GroupPub_FFDHE3072GroupPub_FFDHE4096GroupPub_FFDHE6144GroupPub_FFDHE8192 GroupPri_P256 GroupPri_P384 GroupPri_P521 GroupPri_X255 GroupPri_X448GroupPri_FFDHE2048GroupPri_FFDHE3072GroupPri_FFDHE4096GroupPri_FFDHE6144GroupPri_FFDHE8192 hashUpdateSSLSignatureParams RSAParams DSSParams ECDSAParams RSAEncodingRSApkcs1RSApssHashCtx HashContext PrivateKey PublicKeyfindDigitalSignatureAlgfindFiniteFieldGrouphashInit hashUpdate hashFinalhashhashNamehashDigestSize hashBlockSize kxEncrypt kxDecryptkxVerifykxSign ContextSimpleHashContextSSLData.X509.DistinguishedNameDistinguishedName EnumSafe16fromEnumSafe16 toEnumSafe16 EnumSafe8 fromEnumSafe8 toEnumSafe8 TypeValuable valToType valOfTypeFinished ClientHello ServerHello Certificates HelloRequestServerHelloDone ClientKeyXchg ServerKeyXchg CertRequest CertVerifyClientKeyXchgAlgorithmDataCKX_RSACKX_DHCKX_ECDHServerKeyXchgAlgorithmData SKX_DH_Anon SKX_DHE_DSS SKX_DHE_RSA SKX_ECDHE_RSASKX_ECDHE_ECDSASKX_RSA SKX_DH_DSS SKX_DH_RSA SKX_Unparsed SKX_UnknownServerRSAParams rsa_modulus rsa_exponentServerECDHParamsServerDHParamsserverDHParams_pserverDHParams_gserverDHParams_yBigNum HandshakeTypeHandshakeType_HelloRequestHandshakeType_ClientHelloHandshakeType_ServerHelloHandshakeType_CertificateHandshakeType_ServerKeyXchgHandshakeType_CertRequestHandshakeType_ServerHelloDoneHandshakeType_CertVerifyHandshakeType_ClientKeyXchgHandshakeType_Finished AlertLevelAlertLevel_WarningAlertLevel_Fatal ExtensionRaw ExtensionID FinishedDataSessionPacketAlertChangeCipherSpecAppDataDigitallySigned CipherDatacipherDataContent cipherDataMACcipherDataPadding CipherType CipherStream CipherBlock CipherAEAD ConnectionEndConnectionServerConnectionClient serverRandom clientRandombigNumToIntegerbigNumFromIntegerserverDHParamsFromserverDHParamsToParamsserverDHParamsToPublic packetTypetypeOfHandshake numericalVerverOfNumprf_TLSmacSSLhmacprf_SHA1prf_MD5 prf_MD5SHA1 prf_SHA256%cereal-0.5.5.0-9SaQaZtFYYr7IcidQXeHaxData.Serialize.PutputWord8runPutPutData.Serialize.GetgetWord8getBytesisEmpty remainingGet GetResultGotError GotPartial GotSuccessGotSuccessRemainingGetContinuationrunGet runGetErr runGetMaybetryGet getWords8 getWord16 getWords16 getWord24 getWord32 getOpaque8 getOpaque16 getOpaque24 getInteger16 getBigNum16getList processBytes putWords8 putWord16 putWord32 putWords16 putWord24putBytes putOpaque8 putOpaque16 putOpaque24 putInteger16 putBigNum16 encodeWord16 encodeWord32 encodeWord64cParamsVersioncParamsKeyXchgType&decodeReallyServerKeyXchgAlgorithmDatagetPRF CurrentParams decodeHeaderdecodeDeprecatedHeaderLengthdecodeDeprecatedHeader encodeHeaderencodeHeaderNoVer decodeAlert decodeAlerts encodeAlertsdecodeHandshakeRecorddecodeHandshakedecodeDeprecatedHandshakeencodeHandshakeencodeHandshakesencodeHandshakeHeaderencodeHandshakeContentgetSignatureHashAlgorithmputSignatureHashAlgorithmdecodeChangeCipherSpecencodeChangeCipherSpecdecodePreMasterSecretencodePreMasterSecretgenerateMasterSecretgenerateKeyBlockgenerateClientFinishedgenerateServerFinishedgenerateCertificateVerify_SSL!generateCertificateVerify_SSL_DSSencodeSignedDHParamsencodeSignedECDHParamsRecordM runRecordM RecordStatestCipher stCompression stCryptState stMacStateMacState msSequence CryptStatecstKeycstIV cstMacSecretgetRecordVersionnewRecordStateincrRecordState setRecordIVwithCompression computeDigest makeDigestgetBulkgetMacSequenceRecordfragmentCompressfragmentCipherfragmentUncipherfragmentUncompress recordToRaw rawToRecordrecordToHeader Ciphertext Compressed PlaintextFragmentfragmentGetBytesfragmentPlaintextfragmentCiphertextonRecordFragment engageRecorddisengageRecordhstClientCertRequesthstClientCertSenthstCertReqSentsetMasterSecretFromPresetMasterSecretsetServerHelloParameters HandshakeMClientCertRequestDataHandshakeStatehstClientVersionhstClientRandomhstServerRandomhstMasterSecret hstKeyStatehstServerDHParams hstDHPrivatehstServerECDHParamshstECDHPrivatehstHandshakeDigesthstHandshakeMessageshstClientCertChainhstPendingTxStatehstPendingRxStatehstPendingCipherhstPendingCompressionnewEmptyHandshake runHandshake setPublicKey setPrivateKeygetRemotePublicKeygetLocalPrivateKeygetServerDHParamsgetServerECDHParamssetServerDHParamssetServerECDHParams getDHPrivategetECDHPrivate setDHPrivatesetECDHPrivatesetCertReqSentgetCertReqSentsetClientCertSentgetClientCertSentsetClientCertChaingetClientCertChainsetClientCertRequestgetClientCertRequestgetPendingCipheraddHandshakeMessagegetHandshakeMessagesupdateHandshakeDigestgetHandshakeDigest runHandshakeMHandshakeKeyStatehksRemotePublicKeyhksLocalPrivateKey#ApplicationLayerProtocolNegotiationSecureRenegotiationMaxFragmentLength ServerName ExtensionsupportedExtensionsSignatureAlgorithms HeartBeatModeHeartBeat_PeerAllowedToSendHeartBeat_PeerNotAllowedToSend HeartBeat SessionTicket EcPointFormatEcPointFormat_Uncompressed'EcPointFormat_AnsiX962_compressed_prime'EcPointFormat_AnsiX962_compressed_char2EcPointFormatsSupportedNegotiatedGroupsServerNameTypeServerNameHostNameServerNameOtherextensionDecodeextensionEncode extensionIDextensionID_ServerNameextensionID_MaxFragmentLengthextensionID_NegotiatedGroupsextensionID_EcPointFormatsextensionID_SignatureAlgorithmsextensionID_Heartbeat/extensionID_ApplicationLayerProtocolNegotiationextensionID_SecureRenegotiationdefinedExtensionsTLSStTLSState stSessionstSessionResumingstSecureRenegotiationstClientVerifiedDatastServerVerifiedDatastExtensionALPNstHandshakeRecordContstNegotiatedProtocolstClientALPNSuggeststClientGroupSuggeststClientEcPointFormatSuggeststClientCertificateChain stClientSNI stRandomGen stVersionstClientContext runTLSState newTLSStateupdateVerifiedDatafinishHandshakeTypeMaterialfinishHandshakeMaterialcertVerifyHandshakeTypeMaterialcertVerifyHandshakeMaterial setSession getSessionisSessionResuming setVersionsetVersionIfUnset getVersiongetVersionWithDefaultsetSecureRenegotiationgetSecureRenegotiationsetExtensionALPNgetExtensionALPNsetNegotiatedProtocolsetClientALPNSuggestgetClientALPNSuggestsetClientEcPointFormatSuggestgetClientEcPointFormatSuggestsetClientCertificateChaingetClientCertificateChain setClientSNIgetVerifiedDataisClientContext genRandomwithRNGrunTLSSt Data.X509getCertificateSignedCertificateData.X509.CertificateChainCertificateChainData.X509.Cert Certificate certVersion certSerialcertSignatureAlg certIssuerDN certValidity certSubjectDN certPubKeycertExtensions'x509-store-1.6.6-KOwZjvg9UDV2x7MyDA9un8Data.X509.CertificateStoreCertificateStorevalidateDefault FailedReason ServiceIDisNullCertificateChaingetCertificateChainLeafwrapCertificateChecks defaultHookscredentialMatchesHashSignatures credentialsListSigningAlgorithmscredentialsFindForSigningcredentialsFindForDecryptingcredentialPublicPrivateKeysTrueFalse CommonParamsctxEOF_ctxEstablished_ctxNeedEmptyPacketctxSSLv2ClientHello ctxTxState ctxRxState ctxHandshakectxHooks ctxLockWrite ctxLockRead ctxLockState ctxSupported ctxSharedctxStatectxMeasurementctxDoHandshakectxDoHandshakeWith updateMeasure withMeasure contextSend contextRecvctxEOFctxHasSSLv2ClientHelloctxDisableSSLv2ClientHellosetEOFctxEstablished ctxWithHookssetEstablishedwithLog throwCore usingState usingState_ usingHState getHState runTxState runRxState getStateRNG withReadLock withWriteLock withRWLock withStateLock makeRecord encodeRecord writePacket processPacket recvRecord recvPacket sendPacket checkValid encryptRSA signPrivate decryptRSA verifyPublic generateDHE generateECDHEgenerateECDHEShared generateFFDHEgenerateFFDHESharedsignatureCompatiblecheckCertificateVerifycreateCertificateVerifydigitallySignDHParamsdigitallySignECDHParamsdigitallySignDHParamsVerifydigitallySignECDHParamsVerifyprocessHandshakestartHandshakehandshakeTerminateonRecvStateHandshake RecvState RecvStateNextRecvStateHandshake RecvStateDonehandshakeFailed errorToAlert unexpected newSessionsendChangeCipherAndFinishrecvChangeCipherAndFinishrecvPacketHandshake runRecvStateextensionLookupcertificateRejectedrejectOnExceptionsendClientData onServerHellohandshakeClientWithhandshakeClienthandshakeServerWithrecvClientDatahandshakeServer handshakeWithgetTLSCommonParams getTLSRole doHandshakedoHandshakeWith