нУЁh* "┘  СП┬                   	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  2.0.3л      	BSD-styleKazu Yamamoto <kazu@iij.ad.jp>experimentalunknownSafe-Inferred<Л Я Р   
'  /0:987654321┬┴;┼▀▄█            Safe-Inferred Я Р   
l  ▌▐░▒▓            Safe-InferredЯ Р   
║  к⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхийклмнопярстужвьызшэщ     	       Safe-InferredЯ Р   J? tlsConnection IO backendA tls,Flush the connection sending buffer, if any.B tlsClose the connection.C tls)Send a bytestring through the connection.D tls6Receive specified number of bytes from the connection. 	<=>?@ABCD     
       Safe-InferredЯ Р   3E tls'record some data about this connection.G tls$number of handshakes on this contextH tls#bytes received since last handshakeI tlsbytes sent since last handshake 
EFGHIчъЮАБ            Safe-Inferredр Я Р   o  
ЦДЕФГХИЙКЛ            Safe-InferredЯ Р   ў  JKМНОПЯРСТУЖВЬЫ        	BSD-styleKazu Yamamoto <kazu@iij.ad.jp>experimentalunknownSafe-InferredЯ Р   0L tls▌2048 bits finite field Diffie-Hellman ephemeral parameters
   defined in RFC 7919.
   The estimated symmetric-equivalent strength is 103 bits.M tls▌3072 bits finite field Diffie-Hellman ephemeral parameters
   defined in RFC 7919.
   The estimated symmetric-equivalent strength is 125 bits.N tls▌4096 bits finite field Diffie-Hellman ephemeral parameters
   defined in RFC 7919.
   The estimated symmetric-equivalent strength is 150 bits.O tls▌6144 bits finite field Diffie-Hellman ephemeral parameters
   defined in RFC 7919.
   The estimated symmetric-equivalent strength is 175 bits.P tls▌8192 bits finite field Diffie-Hellman ephemeral parameters
   defined in RFC 7919.
   The estimated symmetric-equivalent strength is 192 bits. LMNOPLMNOP           Safe-Inferredщ Я Р   ўЗ tlsу An opaque newtype wrapper to prevent from poking inside content that has
 been saved.Ш tlsThis is a strict version of &&.Э tlsSave the content of an  Щ to restore it later.Ч tlsRestore the content of an  Що  to a previous saved value and return the
 content that has just been replaced. Ъ─│┌Ш┐└┘├┤ЗЭЧ            Safe-InferredЯ Р   ²┬ tlsэ Attempt to decode a bytestring representing
 an DER ASN.1 serialized object into the object.┴ tls7Encode an ASN.1 Object to the DER serialized bytestring ┬┴            Safe-InferredЯ Р   л  ┼▀▄        	BSD-styleKazu Yamamoto <kazu@iij.ad.jp>experimentalunknownSafe-InferredЯ Р   ;  █▌▐░▒▓⌠■∙√≈            Safe-Inferredй ь щ Я Р   Ш\ tlsDigest size in bytes.≤ tlsп Test the RSASSA-PKCS1 length condition described in RFC 8017 section 9.2,
 i.e. emLen >= tLen + 11.  Lengths are in bytes.≥ tlsп Test the RSASSA-PSS length condition described in RFC 8017 section 9.1.1,
 i.e. emBits >= 8hLen + 8sLen + 9.  Lengths are in bits.  tls+(for the md5 context, for the sha1 context)Й ⌡°²· ÷JKМНОПЯРСТУЖВЬЫ█▌▐░▒▓⌠■∙√≈/0:987654321┼▀▄█;┬┴═QWVUTSRX║\╒ 	
ёє╔ії╗╘╙╚╛ґў╞╟╠╡≤≥ЁYZ[Є╣І             Safe-Inferred<Л Я Р   "] tls=Hold both client and server traffic secrets at the same step.^ tlsш A server traffic secret, typed with a parameter indicating a step in the
 TLS key schedule.` tlsш A client traffic secret, typed with a parameter indicating a step in the
 TLS key schedule.b tls4Phantom type indicating application traffic secrets.c tls2Phantom type indicating handshake traffic secrets.d tls-Phantom type indicating early traffic secret.Ї tls	Direction╦ tlsRolee tlsCompression identificationf tlsCipher identification╧ tls(Certificate request context for TLS 1.3.h tlsSome session flagsi tls)Session created with Extended Main Secretj tlsSession data to resumev tls)Encrypted session ticket (encrypt(encode  j)).w tlsIdentityx tlsA session IDy tlsVersions known to TLS ф yz─~}|{xwv╨╩jklmnopqrstuhi╧g╪ҐЎ©юfe╦абцЇде.фгdcbхийкл`a^_]мнопярстужв            Safe-InferredЯ Р   °│ tlsA session manager┐ tls&Used on TLS 1.2/1.3 servers to lookup  j with  x or to decrypt  v to get  j.└ tls+Used for 0RTT on TLS 1.3 servers to lookup  j with  x or to decrypt  v to get  j.┘ tls*Used TLS 1.2/1.3 servers/clients to store  j with  x or to encrypt  j to get  v. In the client side,  ├е  should be returned. For clients, only this field should be set with  ┬.├ tls#Used TLS 1.2/1.3 servers to delete  j with  x if sessionUseTicket is  ь.┤ tls)Used on TLS 1.2 servers to decide to use  x or  v7. Note that TLS 1.3 servers always use session tickets.┬ tls"The session manager to do nothing. │┌┐└┘├┤┬            Safe-Inferredй щ Я Р   "ыы tls0This is the default compression which is a NOOP.┴ tlsа every compression need to be wrapped in this, to fit in structure▀ tls>supported compression algorithms need to be part of this classз tls+return the associated ID for this algorithmш tlsЗ deflate (compress) a bytestring using a compression context and return the result
 along with the new compression context.э tlsВ inflate (decompress) a bytestring using a compression context and return the result
 along the new compression context.щ tls©intersect a list of ids commonly given by the other side with a list of compression
 the function keeps the list of compression in order, to be able to find quickly the prefered
 compression.▐ tlsdefault null compression ▀▄█▌┴┼e▐ызшэщ            Safe-Inferred7Л Я Р   -x■ tls#The raw content of a TLS extension.√ tls"Identifier of a TLS extension.
   у http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.txt · tlsґTLS Exceptions. Some of the data constructors indicate incorrect use of
   the library, and the documentation for those data constructors calls
   this out. The others wrap  ╔е  with some kind of context to explain
   when the exception occurred.÷ tlsд Early termination exception with the reason and the error associated═ tls)Handshake failed for the reason attached.║ tlsж Failure occurred while sending or receiving data after the
   TLS handshake succeeded.╒ tlsLifts a  ╔ into  ·ю  without provided any context
   around when the error happened.ё tls╔Usage error when the connection has not been established
   and the user is trying to send or receive data.
   Indicates that this library has been used incorrectly.є tls√Expected that a TLS handshake had already taken place, but no TLS
   handshake had occurred.
   Indicates that this library has been used incorrectly.╔ tls6TLSError that might be returned through the TLS stack.)Prior to version 1.8.0, this type had an 	ExceptionГ  instance.
 In version 1.8.0, this instance was removed, and functions in
 this library now only throw  ·.і tlsmainly for instance of Errorї tls■A fatal error condition was encountered at a low level.  The
 elements of the tuple give (freeform text description, structured
 error description).╗ tlsїA non-fatal error condition was encountered at a low level at a low
 level.  The elements of the tuple give (freeform text description,
 structured error description).╙ tlshandshake policy failed.╧ tls,Some of the IANA registered code points for  ╧в are not
 currently supported by the library.  Nor should they be, they're are either
 unwise, obsolete or both.  There's no point in conveying these to the user
 in the client certificate request callback.  The request callback will be
 filtered to exclude unsupported values.  If the user cannot find a certificate
 for a supported code point, we'll go ahead without a client certificate and
 hope for the best, unless the user's callback decides to throw an exception.Ь tlsTLS10 and up, RFC8422Ы tlsTLS10 and up, RFC5246З tlsTLS10 and up, RFC5246ч tlsХ Last supported certificate type, no 'CertificateType that
 compares greater than this one (based on the  дЫ  instance,
 not on the wire code point) will be reported to the application
 via the client certificate request callback. └yz|{─~}ъЮАБЦ√ДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├щ┤≈┬■∙╧╨ЗЫЬВЖ╩чІУТСРЯПОНЇ╦ЁМЛКЙИХГФЕДЦБЄ╣╡Ш┴┼▀╞АЮъч╟╠╔ії╗╘╙╚╛ґў·÷║═╒ёє▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡°² Ё⌡≤Є≥╣ІxЇ╦jklmnopqrstu╧╨╩╪Ґ▒эшзыьвжутсряпонмлкйихгфедцбаю©ЎҐ╪▓⌠Ў©юабцдефгхийклмн░опярстужвьызшэщчъЮ             Safe-InferredЯ Р   /≥  АБЦДЕЭФГХИЙКЛМНОПЯРС            Safe-InferredЯ Р   0┬Т tls░For now we ignore the version, but perhaps some day the PRF will depend
 not only on the cipher PRF algorithm, but also on the protocol version. УЖВЬЫТЗ            Safe-Inferredй щ Я Р   19Щ tlsCipher algorithmЁ tlsCheck if a specific  Щ2 is allowed to be used
 with the version specified ю ▐░▒▓⌠■∙√≈≤≥ ├┤▌┬┴┼▀▄█⌡°²·÷═║ії╗╘╙є╔ё╒╞QWVUTSRXЩЧ─Ъ│┌┐└┘f╡ўґ╛╚Ё╟╠            Safe-InferredЯ Р   3╛Є tlsа Handshake information generated for traffic at application level.І tls?Handshake information generated for traffic at handshake level.╦ tls;Handshake information generated for traffic at 0-RTT level.╨ tlsЕ ID of the application-level protocol negotiated between client and server.
 See values listed in the Й https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-idsIANA registry. ШЭЩЧЪ─	│	╦╧ІЇЄ╣╨            Safe-InferredЯ Р   9ў╩ tlsбAll AES and ChaCha20-Poly1305 ciphers supported ordered from strong to
 weak.  This choice of ciphersuites should satisfy most normal needs.  For
 otherwise strong ciphers we make little distinction between AES128 and
 AES256, and list each but the weakest of the AES128 ciphers ahead of the
 corresponding AES256 ciphers.║AEAD ciphers with equivalent security properties are ordered based on CPU
 hardware-acceleration support.  If this dynamic runtime behavior is not
 desired, use  ╪	 instead.╪ tlsSame as  ╩ю , but using deterministic preference not
 influenced by the CPU.Ґ tlsд The default ciphersuites + some not recommended last resort ciphers.║AEAD ciphers with equivalent security properties are ordered based on CPU
 hardware-acceleration support.  If this dynamic runtime behavior is not
 desired, use  Ў	 instead.Ў tlsSame as  Ґю , but using deterministic preference not
 influenced by the CPU.© tlsьThe strongest ciphers supported.  For ciphers with PFS, AEAD and SHA2, we
 list each AES128 variant after the corresponding AES256 and ChaCha20-Poly1305
 variants.  For weaker constructs, we use just the AES256 form.║AEAD ciphers with equivalent security properties are ordered based on CPU
 hardware-acceleration support.  If this dynamic runtime behavior is not
 desired, use  ю	 instead.ю tlsSame as  ©ю , but using deterministic preference not
 influenced by the CPU. ╩╪ҐЎ©юхинйлфкмгоабцде╩╪ҐЎ©юхинйлфкмгоабцде           Safe-InferredЯ Р   :,  ╩╪ҐЎ©юхинйлфкмгоабцдеLMNOP            Safe-InferredЯ Р   :┘  .┌	┐	└	┘	├	┤	┬	┴	┼	▀	▄	█	▌	▐	░	▒	▓	⌠	■	∙	√	≈	≤	≥	 	⌡	°	²	·	÷	═	║	╒	ё	є	╔	і	ї	╗	╘	╙	╚	╛	ґ	ў	╞	            Safe-Inferred"%&Я Р   =Q╟	 tlscurrent protocol version╠	 tlscurrent key exchange type╡	 tls$Decode a list CA distinguished namesЁ	 tls%Encode a list of distinguished names.Є	 tls·in certain cases, we haven't manage to decode ServerKeyExchange properly,
 because the decoding was too eager and the cipher wasn't been set yet.
 we keep the Server Key Exchange in it unparsed format, and this function is
 able to really decode the server key xchange if it's unparsed.╣	 tlsФ The TLS12 PRF is cipher specific, and some TLS12 algorithms use SHA384
 instead of the default SHA256. (І	Ї	╟	╠	╦	╧	╨	╩	╪	Ґ	Ў	©	ю	а	б	ц	д	е	ф	Є	г	х	и	й	к	л	м	н	о	п	я	р	с	т	у	ж	в	Ё	╡	ь	            Safe-Inferredе ф Я Р   >Яп tlsTLS encryption level.я tlsUnprotected trafficр tls&Protected with main secret (TLS < 1.3)с tls-Protected with early traffic secret (TLS 1.3)т tls1Protected with handshake traffic secret (TLS 1.3)у tls3Protected with application traffic secret (TLS 1.3) 'ы	з	ш	э	щ	пстуярч	ъ	Ю	А	Б	Ц	Д	Е	Ф	Г	Х	И	Й	К	Л	М	Н	О	П	Я	Р	С	Т	У	Ж	В	Ь	Ы	            Safe-InferredЯ Р   A╙З	 tlsRepresent a TLS record.Ш	 tlsь turn a plaintext record into a compressed record using the compression function suppliedЭ	 tlsт turn a compressed record into a ciphertext record using the cipher function suppliedЩ	 tlsь turn a ciphertext fragment into a compressed fragment using the cipher function suppliedЧ	 tlsч turn a compressed fragment into a plaintext fragment using the decompression function suppliedЪ	 tls&turn a record into an header and bytes─
 tls*turn a header and a fragment into a record│
 tlsturn a record into a header °²╞╟АЮъч╠ъЗ	┌
┐
└
┘
├
┤
┬
┴
┼
▀
Ш	Э	Щ	Ч	─
Ъ	│
            Safe-InferredЯ Р   B  ▄
             Safe-Inferredц Я Р   B=  █
     !       Safe-InferredЯ Р   Bj  З	┌
┐
└
┘
┤
Ъ	─
│
┬
┴
┼
▄
█
П	Я	Г	Х	И	Й	К	Л	М	Н	С	Т	     "       Safe-Inferred"ц Я Р   Bл  ▌
▐
░
▒
▓
     #       Safe-Inferred"е ф р Я Р   Sdж tls5Type to show which handshake mode is used in TLS 1.3.в tlsFull handshake is used.ь tls0Full handshake is used with hello retry request.ы tls!Server authentication is skipped.з tls8Server authentication is skipped and early data is sent.⌠
 tls╠When we receive a CertificateRequest from a server, a just-in-time
    callback is issued to the application to obtain a suitable certificate.
    Somewhat unfortunately, the callback parameters don't abstract away the
    details of the TLS 1.2 Certificate Request message, which combines the
    legacy certificate_types	 and new supported_signature_algorithms'
    parameters is a rather subtle way.єTLS 1.2 also (again unfortunately, in the opinion of the author of this
    comment) overloads the signature algorithms parameter to constrain not only
    the algorithms used in TLS, but also the algorithms used by issuing CAs in
    the X.509 chain.  Best practice is to NOT treat such that restriction as a
    MUST, but rather take it as merely a preference, when a choice exists.  If
    the best chain available does not match the provided signature algorithm
    list, go ahead and use it anyway, it will probably work, and the server may
    not even care about the issuer CAs at all, it may be doing DANE or have
    explicit mappings for the client's public key, ...The TLS 1.3 CertificateRequest message, drops certificate_types and no
    longer overloads supported_signature_algorithmsН to cover X.509.  It also
    includes a new opaque context token that the client must echo back, which
    makes certain client authentication replay attacks more difficult.  We will
    store that context separately, it does not need to be presented in the user
    callback.  The certificate signature algorithms preferred by the peer are
    now in the separate signature_algorithms_certС extension, but we cannot
    report these to the application callback without an API change.  The good
    news is that filtering the X.509 signature types is generally unnecessary,
    unwise and difficult.  So we just ignore this extension.²As a result, the information we provide to the callback is no longer a
    verbatim copy of the certificate request payload.  In the case of TLS 1.3
    The  ╧7 list is synthetically generated from the server's
    signature_algorithms extension, and the signature_algorithms_certs
    extension is ignored.Since the original TLS 1.2  ╧╘ has no provision for the newer
    certificate types that have appeared in TLS 1.3 we're adding some synthetic
    values that have no equivalent values in the TLS 1.2  ╧! as
    defined in the IANA
    <у https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 Ф 
    TLS ClientCertificateType Identifiers> registry.  These values are inferred
    from the TLS 1.3 signature_algorithmsМ  extension, and will allow clients to
    present Ed25519 and Ed448 certificates when these become supported.■
 tls>Set to Just-value when a TLS13 certificate request is received∙
 tls8Set to Just-value when a certificate request is received√
 tlsйIn TLS 1.3, these are separate from the certificate
 issuer signature algorithm hints in the callback data.
 In TLS 1.2 the same list is overloaded for both purposes.
 Not present in TLS 1.1 and earlier≈
 tls4Set to true when a client certificate chain was sent≤
 tlsЭ Set to true when a certificate request was sent.  This applies
 only to requests sent during handshake (not post-handshake).≥
 tlsе Compress the whole transcript with the specified function.  Function fО 
 takes the handshake digest as input and returns an encoded handshake message
 to replace the transcript with. 
 tls2Generate the main secret from the pre-main secret.⌡
 tlsЧ Set main secret and as a side effect generate the key block
 with all the right parameters, and setup the pending tx/rx state. 
  tlschosen transmission version tls2the role (Client or Server) of the generating side tlsthe pre-main secret°
  tlschosen versionъ ²
·
÷
═
║
╒
ё
є
╔
і
ї
╗
╘
■
∙
√
≈
≤
╙
╚
╛
ґ
ў
╞
╟
╠
╡
Ё
Є
╣
І
Ї
╦
жывьз╧
╨
╩
╪
Ґ
⌠
Ў
©
ю
а
б
ц
д
е
ф
г
х
и
й
к
л
м
н
о
п
я
р
с
т
у
ж
в
ь
ы
з
ш
э
щ
≥
⌡
 
ч
°
ъ
Ю
А
Б
Ц
Д
Е
Ф
Г
Х
И
Й
К
Л
     $       Safe-Inferred"Я Р   U_ш tlsHKDF-Extractз  function.  Returns the pseudorandom key (PRK) from salt and
 input keying material (IKM).э tlsHKDF-Expand-LabelЫ  function.  Returns output keying material of the
 specified length from the PRK, customized for a TLS label and context. шэМ
     %       Safe-Inferred"Л Я Р   X÷Н
 tlsExtended Main SecretО
 tls-Application Layer Protocol Negotiation (ALPN)П
 tlsSecure RenegotiationЯ
 tls?Max fragment extension with length from 512 bytes to 4096 bytesаRFC 6066 defines:
 If a server receives a maximum fragment length negotiation request
 for a value other than the allowed values, it MUST abort the
 handshake with an "illegal_parameter" alert.х So, if a server receives MaxFragmentLengthOther, it must send the alert.Р
 tls²Server Name extension including the name type and the associated name.
 the associated name decoding is dependant of its name type.
 name type = 0 : hostnameС
 tlsк Extension class to transform bytes to and from a high level Extension type.Т
 tls.all supported extensions by the implementation ъ С
У
Ж
В
Т
Ь
Ы
З
Ш
Р
Э
Я
Щ
Ч
щчъЮАП
Ъ
О
─Н
│┌┐/0:987654321└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩     &       Safe-Inferred"е ф р ь щ Я Р   Y┬  я ╪ҐЎ©юабцдефгхийклмнопярстужвьыИзшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀     '       Safe-InferredЯ Р   [Б tls3Certificate Usage callback possible returns values.Ц tlsusage of certificate acceptedД tlsusage of certificate rejectedЕ tls&Certificate and Chain rejection reason !▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡ЕФГХИЙБЦД°²·÷═║     (       Safe-InferredЯ Р   \КК tlsA collection of hooks actions.М tls)called at each handshake message receivedН tls5called at each handshake message received for TLS 1.3О tls1called at each certificate chain message receivedП tls/hooks on IO and packets, receiving and sending.Я tlsHooks for logging8This is called when sending and receiving packets and IO ЯРСТУЖКЛМНОП╒     )       Safe-Inferred Я Р   `йЗ tls▒try to create a new credential object from a public certificate
 and the associated private key that are stored on the filesystem
 in PEM format.Ш tlssimilar to  Зж  but take the certificate
 and private key from memory instead of from the filesystem.Э tlssimilar to  З/ but also allow specifying chain
 certificates.Щ tlssimilar to  Ш/ but also allow
 specifying chain certificates.ё tls Checks whether certificate signatures in the chain comply with a list of
 hash/signature algorithm pairs.  Currently the verification applies only to
 the signature of the leaf certificate, and when not self-signed.  This may
 be extended to additional chain elements in the future.З  tls!public certificate (X.509 format) tlsprivate key associatedЭ  tls!public certificate (X.509 format) tls!chain certificates (X.509 format) tlsprivate key associatedЫВЬЗШЭЩє╔іїё     *       Safe-InferredЯ Р   ²а Ч tlsя A set of callbacks run by the server for various corners of the TLS establishment─ tls÷This action is called when a client certificate chain
 is received from the client.  When it returns a
 CertificateUsageReject value, the handshake is aborted.▐The function is not expected to verify the key-usage
 extension of the certificate.  This verification is
 performed by the library internally. Default: returns the followings:р CertificateUsageReject (CertificateRejectOther "no client certificates expected")
│ tlsн This action is called when the client certificate
 cannot be verified. Return  ь' to accept the certificate
 anyway, or  ╗ to fail verification.Default: returns  ╗┌ tlsИ Allow the server to choose the cipher relative to the
 the client version and the client list of ciphers.Ь This could be useful with old clients and as a workaround
 to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)'The client cipher list cannot be empty.$Default: taking the head of ciphers.┐ tlsТ Allow the server to indicate additional credentials
 to be used depending on the host name indicated by the
 client.√This is most useful for transparent proxies where
 credentials must be generated on the fly according to
 the host the client is trying to connect to.Ы Returned credentials may be ignored if a client does not support
 the signature algorithms used in the certificate chain.Default: returns  ╘└ tlsя At each new handshake, we call this hook to see if we allow handshake to happens.Default: returns  ь┘ tlsМAllow the server to choose an application layer protocol
   suggested from the client through the ALPN
   (Application Layer Protocol Negotiation) extensions.
   If the server supports no protocols that the client advertises
   an empty  ⌠ should be returned.	Default:  ├├ tlsй Allow to modify extensions to be sent in EncryptedExtensions
  of TLS 1.3.	Default:  І┤ tlsн A set of callbacks run by the clients for various corners of TLS establishment┴ tlsєThis action is called when the a certificate request is
 received from the server. The callback argument is the
 information from the request.  The server, at its
 discretion, may be willing to continue the handshake
 without a client certificate.  Therefore, the callback is
 free to return  ├▒ to indicate that no client
 certificate should be sent, despite the server's request.
 In some cases it may be appropriate to get user consent
 before sending the certificate; the content of the user's
 certificate may be sensitive and intended only for
 specific servers.║The action should select a certificate chain of one of
 the given certificate types and one of the certificates
 in the chain should (if possible) be signed by one of the
 given distinguished names.  Some servers, that don't have
 a narrow set of preferred issuer CAs, will send an empty
  ▄╧ list, rather than send all the names
 from their trusted CA bundle.  If the client does not
 have a certificate chaining to a matching CA, it may
 choose a default certificate instead.вEach certificate except the last should be signed by the
 following one.  The returned private key must be for the
 first certificates in the chain.  This key will be used
 to signing the certificate verify message.Э The public key in the first certificate, and the matching
 returned private key must be compatible with one of the
 list of  ╡Э value when provided.
 TLS 1.3 changes the meaning of the list elements, adding
 explicit code points for each supported pair of hash and
 signature (public key) algorithms, rather than combining
 separate codes for the hash and key.  For details see
 1https://tools.ietf.org/html/rfc8446#section-4.2.3RFC 8446м 
 section 4.2.3.  When no compatible certificate chain is
 available, return  ├└ if it is OK to continue
 without a client certificate.  Returning a non-matching
 certificate should result in a handshake failure.к While the TLS version is not provided to the callback,
 the content of the signature_algorithmsМ  list provides
 a strong hint, since TLS 1.3 servers will generally list
 RSA pairs with a hash component of 	Intrinsic (0x08).ыNote that is is the responsibility of this action to
 select a certificate matching one of the requested
 certificate types (public key algorithms).  Returning
 a non-matching one will lead to handshake failure later.Default: returns  ├ anyway.┼ tlsз Used by the client to validate the server certificate.  The default
 implementation calls  ²х  which validates according to the
 default hooks and checks provided by Data.X509.Validation т .  This can
 be replaced with a custom validation function using different settings.ВThe function is not expected to verify the key-usage extension of the
 end-entity certificate, as this depends on the dynamically-selected
 cipher and this part should not be cached.  Key-usage verification
 is performed by the library internally.	Default:  ²▀ tlsЯ This action is called when the client sends ClientHello
   to determine ALPN values such as '["h2", "http/1.1"]'.Default: returns  ├▄ tls═This action is called to validate DHE parameters when the server
   selected a finite-field group not part of the "Supported Groups
   Registry" or not part of  ╚ list.░With TLS 1.3 custom groups have been removed from the protocol, so
   this callback is only used when the version negotiated is 1.2 or
   below.ц The default behavior with (dh_p, dh_g, dh_size) and pub as follows:	rejecting if dh_p is even,rejecting unless 1 < dh_g && dh_g < dh_p - 1+rejecting unless 1 < dh_p && pub < dh_p - 16rejecting if dh_size < 1024 (to prevent Logjam attack)-See RFC 7919 section 3.1 for recommandations.█ tls	Type for  ┼4. This type synonym is to make
   document readable.▌ tls	Type for  ┴4. This type synonym is to make
   document readable.▐ tls,Group usage callback possible return values.░ tlsusage of group accepted▒ tls-usage of group provides insufficient security▓ tls>usage of group rejected for other reason (specified as string)⌠ tls+usage of group with an invalid public value■ tls2Parameters that are common to clients and servers.√ tlsУThe list of certificates and private keys that a server will use as
 part of authentication to clients.  Actual credentials that are used
 are selected dynamically from this list based on client capabilities.
 Additional credentials returned by  ┐ are also
 considered.ь When credential list is left empty (the default value), no key
 exchange can take place.	Default:  ╘≈ tls├Callbacks used by clients and servers in order to resume TLS
 sessions.  The default implementation never resumes sessions.  Package
 7https://hackage.haskell.org/package/tls-session-managertls-session-manager'
 provides an in-memory implementation.	Default:  ┬≤ tls░A collection of trust anchors to be used by a client as
 part of validation of server certificates.  This is set as
 first argument to function  ┼.  Package
 7https://hackage.haskell.org/package/crypton-x509-systemcrypton-x509-systemх 
 gives access to a default certificate store configured in the
 system.	Default:  ╘≥ tlsдCallbacks that may be used by a client to cache certificate
 validation results (positive or negative) and avoid expensive
 signature check.  The default implementation does not have
 any caching.See the default value of  .  tls;Additional extensions to be sent during the Hello sequence.ёFor a client this is always included in message ClientHello.  For a
 server, this is sent in messages ServerHello or EncryptedExtensions
 based on the TLS version.	Default: []⌡ tls6Client or server policy regarding Extended Main Secret° tls Extended Main Secret is not used² tlsExtended Main Secret is allowed· tls Extended Main Secret is required÷ tlsд List all the supported algorithms, versions, ciphers, etc supported.║ tlsЮSupported versions by this context.  On the client side, the highest
 version will be used to establish the connection.  On the server side,
 the highest version that is less or equal than the client version will
 be chosen.к Versions should be listed in preference order, i.e. higher versions
 first.	Default: [TLS13,TLS12]╒ tlsс Supported cipher methods.  The default is empty, specify a suitable
 cipher list.    + is often
 a good choice.	Default: []ё tlsУSupported compressions methods.  By default only the "null"
 compression is supported, which means no compression will be performed.
 Allowing other compression method is not advised as it causes a
 connection failure when TLS 1.3 is negotiated.	Default: [nullCompression]є tls⌠All supported hash/signature algorithms pair for client
 certificate verification and server signature in (EC)DHE,
 ordered by decreasing priority.бThis list is sent to the peer as part of the "signature_algorithms"
 extension.  It is used to restrict accepted signatures received from
 the peer at TLS level (not in X.509 certificates), but only when the
 TLS version is 1.2 or above.  In order to disable SHA-1 one must then
 also disable earlier protocol versions in  ║.в The list also impacts the selection of possible algorithms when
 generating signatures.≈Note: with TLS 1.3 some algorithms have been deprecated and will not be
 used even when listed in the parameter: MD5, SHA-1, SHA-224, RSA
 PKCS#1, DSA.Default:╔  [ (HashIntrinsic,     SignatureEd448)
  , (HashIntrinsic,     SignatureEd25519)
  , (Struct.HashSHA256, SignatureECDSA)
  , (Struct.HashSHA384, SignatureECDSA)
  , (Struct.HashSHA512, SignatureECDSA)
  , (HashIntrinsic,     SignatureRSApssRSAeSHA512)
  , (HashIntrinsic,     SignatureRSApssRSAeSHA384)
  , (HashIntrinsic,     SignatureRSApssRSAeSHA256)
  , (Struct.HashSHA512, SignatureRSA)
  , (Struct.HashSHA384, SignatureRSA)
  , (Struct.HashSHA256, SignatureRSA)
  , (Struct.HashSHA1,   SignatureRSA)
  , (Struct.HashSHA1,   SignatureDSA)
  ]
╔ tls/Secure renegotiation defined in RFC5746.
   If  ь7, clients send the renegotiation_info extension.
   If  ьГ , servers handle the extension or the renegotiation SCSV
   then send the renegotiation_info extension.	Default:  ьі tlsIf  ьщ , renegotiation is allowed from the client side.
   This is vulnerable to DOS attacks.
   If  ╗и , renegotiation is allowed only from the server side
   via HelloRequest.	Default:  ╗ї tlsфThe mode regarding extended main secret.  Enabling this extension
 provides better security for TLS versions 1.2.  TLS 1.3 provides
 the security properties natively and does not need the extension.By default the extension is  ·м .
 So, the handshake will fail when the peer does not support
 the extension.	Default:  ·╗ tlsSet if we support session.	Default:  ь╘ tls4Support for fallback SCSV defined in RFC7507.
   If  ьБ , servers reject handshakes which suggest
   a lower protocol than the highest protocol supported.	Default:  ь╙ tlsДIn ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed
 by an attacker. Hence, an empty packet is normally sent before a normal data packet, to
 prevent guessability. Some Microsoft TLS-based protocol implementations, however,
 consider these empty packets as a protocol violation and disconnect. If this parameter is
  ╗ы , empty packets will never be added, which is less secure, but might help in rare
 cases.	Default:  ь╚ tlsж A list of supported elliptic curves and finite-field groups in the
   preferred order.≥The list is sent to the server as part of the "supported_groups"
   extension.  It is used in both clients and servers to restrict
   accepted groups in DH key exchange.  Up until TLS v1.2, it is also
   used by a client to restrict accepted elliptic curves in ECDSA
   signatures.т The default value includes all groups with security strength of 128
   bits or more.	Default: д [X25519,X448,P256,FFDHE3072,FFDHE4096,P384,FFDHE6144,FFDHE8192,P521]ў tls"Request a certificate from client.	Default:  ╗╞ tls▒This is a list of certificates from which the
 disinguished names are sent in certificate request
 messages.  For TLS1.0, it should not be empty.Default: '[]'╟ tls⌠Server Optional Diffie Hellman parameters.  Setting parameters is
 necessary for FFDHE key exchange when clients are not compatible
 with RFC 7919.9Value can be one of the standardized groups from module
 Network.TLS.Extra.FFDHE & or custom parameters generated with
  , -.	Default:  ├╠ tlsSee the default value of  Ч.╡ tlsSee the default value of  ■.Ё tlsSee the default value of  ÷.Є tlsSee the default value of  б.╣ tlsР Server accepts this size of early data in TLS 1.3.
 0 (or lower) means that the server does not accept early data.
Default: 0І tlsЯ Lifetime in seconds for session tickets generated by the server.
 Acceptable value range is 0 to 604800 (7 days).Default: 7200 (2 hours)╧ tls	Default:  ├╨ tls└Define the name of the server, along with an extra service identification blob.
 this is important that the hostname part is properly filled for security reason,
 as it allow to properly associate the remote side with the given certificate
 during a handshake.ЎThe extra blob is useful to differentiate services running on the same host, but that
 might have different certificates given. It's only used as part of the X509 validation
 infrastructure.This value is typically set by  х.╩ tlsщAllow the use of the Server Name Indication TLS extension during handshake, which allow
 the client to specify which host name, it's trying to access. This is useful to distinguish
 CNAME aliasing (e.g. web virtual host).	Default:  ь╪ tls1try to establish a connection using this session.	Default:  ├Ґ tlsSee the default value of  ■.Ў tlsSee the default value of  ┤.© tlsи In this element, you'll  need to override the default empty value of
 of  ╒ with a suitable cipherlist.See the default value of  ÷.ю tlsSee the default value of  б.а tls0Client tries to send early data in TLS 1.3
 via sendDataв  if possible.
 If not accepted by the server, the early data
 is automatically re-sent.	Default:  ╗б tls-All settings should not be used in productionд tlsЄDisable the true randomness in favor of deterministic seed that will produce
 a deterministic random from. This is useful for tests and debugging purpose.
 Do not use in production	Default:  ├е tlsЫ Add a way to print the seed that was randomly generated. re-using the same seed
 will reproduce the same randomness with  дDefault: no printingф tls0Force to choose this version in the server side.	Default:  ├г tlsPrinting main keys.Default: no printing з Ї╦╧╨╩╪ҐЎ©юа╛ґў╞╟╠╡ЁЄ╣І╙бцдефг┤┬┴┼▀▄▌█ЧЪ─│┌┐└┘├÷═║╒ёє╔ії╗╘╙╚■∙√≈≤≥ хщчъЮА⌡°²·▐░▒▓⌠БЦДЕФГХИЙ     .       Safe-Inferred"%&й щ Д Я Р   ╒╪╚ tls!simple pending action. The first  ╛ is necessity of alignment.ґ tlsк pending action taking transcript hash up to preceding message
   The first  ╛ is necessity of alignment.ў tls;lock to use for writing data (including updating the state)╞ tls;lock to use for reading data (including updating the state)╟ tlsМ lock used during read/write when receiving and sending packet.
 it is usually nested in a write or read lock.и tlsй A TLS Context keep tls specific state, parameters and backend information.й tls6return the backend object associated with this context╠ tlshas the handle EOFed or not.╡ tls0has the handshake been done and been successful.Ё tlscurrent TX record stateЄ tlscurrent RX record state╣ tlsoptional handshake stateІ tlshooks for this contextЇ tls.pending post handshake authentication requests╦ tls-empty packet workaround for CBC guessability.╧ tls#maximum size of plaintext fragmentsк tls=Information related to a running context, e.g. current cipherь tls+A shortcut for 'backendFlush . ctxBackend'.ы tls+A shortcut for 'backendClose . ctxBackend'.з tls%Information about the current context ЄЇ╦╧╨╩╪ҐЎ©юа╛ґў╞╟╠╡ЁЄ╣ІхxjklmnopqrstuщчъЮАEFGHIи╨й╩╪ҐЎ╠╡ЁЄ╣І©юабцдЇефг╦╧КЛМНОПхийклмн╚ґопярстужвў╞╟ьызшэщчъЮАшБЦьыДЕФГХИЙКЛклмнопярстужвзМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤     /       Safe-InferredЯ Р   є>  ≥ ⌡     0       Safe-InferredЯ Р   ╔T° tlsй recvRecord receive a full TLS record (header + data), from the other side..The record is disengaged from the record layer°  tlsTLS context tls;number of AppData bytes to accept above normal maximum size°²     1       Safe-Inferredц Я Р   ╔┘  ·÷     2       Safe-Inferred"Я Р   ╔╣  псту═║╒ёє╔ії╗╘╙╚н╚ґ╛ґ     3       Safe-InferredЯ Р   ╗Аў tls█Generate a server random suitable for the version selected by the server
 and its supported versions.  We use an 8-byte downgrade suffix when the
 selected version is lowered because of incomplete client support, but also
 when a version downgrade has been forced with debugVersionForced√.  This
 second part allows to test that the client implementation correctly detects
 downgrades.  The suffix is not used when forcing TLS13 to a server not
 officially supporting TLS13 (this is not a downgrade scenario but only the
 consequence of our debug API allowing this).╞ tls┌Test if the negotiated version was artificially downgraded (that is, for
 other reason than the versions supported by the client). ў╟╠╡╞     4       Safe-InferredЯ Р   ╘█Ё tlsК encodePacket transform a packet into marshalled data related to current state
 and updating state on the go ЁЄ╣І     5       Safe-Inferredр ь щ Я Р   ╛Ї tlsЙState monad used to group several packets together and send them on wire as
 single flight.  When packets are loaded in the monad, they are logged
 immediately, update the context digest and transcript, but actual sending is
 deferred.  Packets are sent all at once when the monadic computation ends
 (normal termination but also if interrupted by an exception).╦ tlsSend one packet to the context╧ tls╛receive one packet from the context that contains 1 or
 many messages (many only in case of handshake). if will returns a
 TLSError if the packet is unexpected or malformed 	╦╨╧╩╪ҐЇЎ©     6       Safe-InferredЯ Р   ╛Z  юаб     7       Safe-Inferredб д Я Р   ╞Eц tlsКTest whether the argument is a public key supported for signature at the
 specified TLS version.  This also accepts a key for RSA encryption.  This
 test is performed by clients or servers before verifying a remote
 Certificate Verify.д tlsчTest whether the argument is matching key pair supported for signature.
 This also accepts material for RSA encryption.  This test is performed by
 servers or clients before using a credential from the local configuration.е tlsюTest whether the public key satisfies a predicate about the elliptic curve.
 When the public key is not suitable for ECDSA, like RSA for instance, the
 predicate is not used and the result is  ь. фгхийклмнодцпея     8       Safe-Inferred"Я Р   Ёюр tls0Check that the key is compatible with a list of  ╧Т  values.
 Ed25519 and Ed448 have no assigned code point and are checked with extension
 "signature_algorithms" only.с tlsTranslate a  ╡ to an acceptable  ╧°.
 Perhaps this needs to take supported groups into account, so that, for
 example, if we don't support any shared ECDSA groups with the server, we
 return  ├ rather than  Ь.╧Therefore, this interface is preliminary.  It gets us moving in the right
 direction.  The interplay between all the various TLS extensions and
 certificate selection is rather complex.н The goal is to ensure that the client certificate request callback only sees
  ╧Н  values that are supported by the library and also
 compatible with the server signature algorithms extension.д Since we don't yet support ECDSA private keys, the caller will use
  ч, to filter those out for now, leaving just
 RSAю  as the only supported client certificate algorithm for TLS 1.3.1FIXME: Add RSA_PSS_PSS signatures when supported. тужвьызршэсщч     9       Safe-Inferred"Д Я Р   І2э tlsА Return the message that a TLS endpoint can add to its local log for the
 specified library error.ъ tls1when a new handshake is done, wrap up & clean up.Ю tls?process a list of handshakes message in the recv state machine.А tls╚Store the specified keypair.  Whether the public key and private key
 actually match is left for the peer to discover.  We're not presently
 burning  CPU to detect that misconfiguration.  We verify only that the
 types of keys match and that it does not include an algorithm that would
 not be safe. БЦДЕъФГХИЙКЛМНЮОПЯРАСТУэЖВ     :       Safe-Inferred%&Я Р   І⌠  Ь     ;       Safe-InferredЯ Р   Ію  ЫЗШЭЩ     <       Safe-Inferred"%&р Д Я Р   ╦jЧ tls1TLS13 handshake wrap up & clean up.  Contrary to handshakeDone², this
 does not handle session, which is managed separately for TLS 1.3.  This does
 not reset byte counters because renegotiation is not allowed.  And a few more
 state attributes are preserved, necessary for TLS13 handshake modes, session
 tickets and post-handshake authentication. (Ъ─│┌┐└┘├┤┬Ч┴┼▀▄█▌▐░▒▓⌠■∙√▓⌠■∙√≈≤≈≤≥ ⌡°²·     =       Safe-Inferred"%&Я Р   ╦Х  ÷═     >       Safe-Inferred"Я Р   ╧  ║╒ёє╔ії╗     ?       Safe-Inferred"%&Я Р   ╧V  ╘╙     @       Safe-Inferred"Я Р   ╨;╚ tls>receive Client data in handshake until the Finished handshake.Г <- [certificate]
      <- client key xchg
      <- [cert verify]
      <- change cipher
      <- finish ╛     A       Safe-Inferred"%&Я Р   ╨k  ґ     B       Safe-Inferred"%&Я Р   ╨⌡  ў     C       Safe-Inferred"%&Я Р   ╨к  ╞     D       Safe-Inferred"Я Р   ╪K╟ tls)Put the server context in handshake mode.⌠Expect a client hello message as parameter.
 This is useful when the client hello has been already poped from the recv layer to inspect the packet.│When the function returns, a new handshake has been succesfully negociated.
 On any error, a HandshakeFailed exception is raised. ╠╡Ё╙     E       Safe-InferredД Я Р   к^Є tlsReturn the supported  ╧м  values that are
 compatible with at least one supported signature algorithm.╣ tls─When the server requests a client certificate, we try to
 obtain a suitable certificate chain and private key via the
 callback in the client parameters.  It is OK for the callback
 to return an empty chain, in many cases the client certificate
 is optional.  If the client wishes to abort the handshake for
 lack of a suitable certificate, it can throw an exception in
 the callback.The return value is  ├	 when no CertificateRequest was
 received and no Certificate? message needs to be sent. An empty
 chain means that an empty Certificate> message needs to be sent
 to the server, naturally without a CertificateVerify.  A non-empty
  ▄ю  is the chain to send to the server along with
 a corresponding CertificateVerify.With TLS < 1.2 the server's CertificateRequestО  does not carry
 a signature algorithm list.  It has a list of supported public
 key signing algorithms in the certificate_types' field.  The
 hash is implicit.  It is  S for DSA and  X	 for RSA.With TLS == 1.2 the server's CertificateRequest always has a
 supported_signature_algorithmsў list, as a fixed component of
 the structure.  This list is (wrongly) overloaded to also limit
 X.509 signatures in the client's certificate chain.  The BCP
 strategy is to find a compatible chain if possible, but else
 ignore the constraint, and let the server verify the chain as it
 sees fit.  The supported_signature_algorithmsы  field is only
 obligatory with respect to signatures on TLS messages, in this
 case the CertificateVerify message.  The certificate_types
 field is still included.With TLS 1.3 the server's CertificateRequest has a mandatory
 signature_algorithms extension, the signature_algorithms_cert╗
 extension, which is optional, carries a list of algorithms the
 server promises to support in verifying the certificate chain.
 As with TLS 1.2, the client's makes a best-effortд to deliver
 a compatible certificate chain where all the CA signatures are
 known to be supported, but it should not abort the connection
 just because the chain might not work out, just send the best
 chain you have and let the server worry about the rest.  The
 supported public key algorithms are now inferred from the
 signature_algorithms extension and certificate_types
 is
 gone.(With TLS 1.3, we synthesize and store a certificate_types&
 field at the time that the server's CertificateRequestЬ 
 message is received.  This is then present across all the
 protocol versions, and can be used to determine whether
 a CertificateRequest was received or not.If signature_algorithms is  ├), then we're doing
 TLS 1.0 or 1.1.  The signature_algorithms_certШ extension
 is optional in TLS 1.3, and so the application callback
 will not be able to distinguish between TLS 1.[01] and
 TLS 1.3 with no certificate algorithm hints, but this
 just simplifies the chain selection process, all CA
 signatures are OK.І tlsЦ Store the keypair and check that it is compatible with the current protocol
 version and a list of  ╧ values.Ї tlsReturn a most preferred HandAndSignatureAlgorithm╟ that is compatible with
 the local key and server's signature algorithms (both already saved).  Must
 only be called for TLS versions 1.2 and up, with compatibility function
  ш or  э based on version.The values in the server's signature_algorithmsЖ  extension are
 in descending order of preference.  However here the algorithms
 are selected by client preference in 	cHashSigs. ╦╧╨Ї╣╩╪Ґ     F       Safe-Inferred"Д Я Р   мьЎ tlsх TLS 1.2 and below.  Send the client handshake messages that
 follow the ServerHello, etc. except for CCS and Finished.АXXX: Is any buffering done here to combined these messages into
 a single TCP packet?  Otherwise we're prone to Nagle delays, or
 in any case needlessly generate multiple small packets, where
 a single larger packet will do.  The TLS 1.3 code path seems
 to separating record generation and transmission and sending
 multiple records in a single packet.> [certificate]> client key exchange> [cert verify] ©юа     G       Safe-Inferred"Я Р   о▓б tlsц processServerHello processes the ServerHello message on the client.Є1) check the version chosen by the server is one allowed by parameters.
 2) check that our compression and cipher algorithms are part of the list we sent
 3) check extensions received are part of the one we sent
 4) process the session parameter to see if the server want to start a new session or can resume цд     H       Safe-Inferred"Я Р   об  ефгх     I       Safe-Inferred"Я Р   оЖ  ий     J       Safe-Inferred"Я Р   п&  клх     K       Safe-InferredЯ Р   ящ tls:Post-handshake certificate request with TLS 1.3.  Returns  ьУ  if the
 request was possible, i.e. if TLS 1.3 is used and the remote client supports
 post-handshake authentication. щЁмх╙     L       Safe-InferredЯ Р   яO  нол╡к╠     M       Safe-Inferred"Я Р   у$ъ tlsю create a new context using the backend and parameters specified.Д tls"Getting TLS Finished sent to peer.Е tls(Getting TLS Finished received from peer.Ф tlsп Getting the "tls-unique" channel binding for TLS 1.2 (RFC5929).
   For TLS 1.3,  ├ is returned.
    ї	 must be  ·У 
   But in general, it is highly recommended to upgrade to TLS 1.3
   and use the "tls-exporter" channel binding via  Г.Г tlsр Getting the "tls-exporter" channel binding for TLS 1.3 (RFC9266).
   For TLS 1.2,  ├ is returned.Х tlsЕGetting the "tls-server-end-point" channel binding for TLS 1.2
   (RFC5929).  For 1.3, there is no specifications for how to create
   it.  In this implementation, a certificate chain without
   extensions is hashed like TLS 1.2.ъ  tlsн Backend abstraction with specific method to interact with the connection type. tlsParameters of the context.Р чи╨й╩╪ҐЎ╠╡ЁЄ╣І©юабцдЇефг╦╧КЛМНОПхийклмопярстучъЮАшБЦьыДЕГХИЙКЛклмнопярстужвзъЮАБЦМОПЯРСТВЬФГХДЕЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌░▒     N       Safe-InferredЯ Р   ж4  опярступ     O       Safe-Inferred"щ Я Р   шFИ tlsHow to update keys in TLS 1.3Й tlsUnidirectional key updateК tls&Bidirectional key update (normal case)Л tls╘Handshake for a new TLS connection
 This is to be called at the beginning of a connection, and during renegotiation.
 Don't use this function as the acquire resource of bracket.М tlsбnotify the context that this side wants to close connection.
 this is important that it is called before closing the handle, otherwise
 the session might not be resumable (for version < TLS1.2).&this doesn't actually close the handleН tlsж If the ALPN extensions have been used, this will
 return get the protocol agreed upon.О tlsД If the Server Name Indication extension has been used, return the
 hostname specified by the client.П tlsш sendData sends a bunch of data.
 It will automatically chunk data to acceptable packet sizeЯ tlsЪ Get data out of Data packet, and automatically renegotiate if a Handshake
 ClientHello is received.  An empty result means EOF.Р tls/same as recvData but returns a lazy bytestring.С tlsв Updating appication traffic secrets for TLS 1.3.
   If this API is called for TLS 1.3,  ь is returned.
   Otherwise,  ╗ is returned. ╦╧МЛНОПЯРСИЙКщ             Safe-Inferred"Я Р   ГчТ tlsОCallbacks implemented by QUIC and to be called by TLS at specific points
 during the handshake.  TLS may invoke them from external threads but calls
 are not concurrent.  Only a single callback function is called at a given
 point in time.Ж tls√Called by TLS so that QUIC sends one or more handshake fragments. The
 content transiting on this API is the plaintext of the fragments and
 QUIC responsability is to encrypt this payload with the key material
 given for the specified level and an appropriate encryption scheme.И The size of the fragments may exceed QUIC datagram limits so QUIC may
 break them into smaller fragments.▒The handshake protocol sometimes combines content at two levels in a
 single flight.  The TLS library does its best to provide this in the
 same quicSendч  call and with a multi-valued argument.  QUIC can then
 decide how to transmit this optimally.В tls║Called by TLS to receive from QUIC the next plaintext handshake
 fragment.  The argument specifies with which encryption level the
 fragment should be decrypted.?QUIC may return partial fragments to TLS.  TLS will then call
 quicRecv▐ again as long as necessary.  Note however that fragments
 must be returned in the correct sequence, i.e. the order the TLS peer
 emitted them.ІThe function may return an error to TLS if end of stream is reached or
 if a protocol error has been received, believing the handshake cannot
 proceed any longer.  If the TLS handshake protocol cannot recover from
 this error, the failure condition will be reported back to QUIC through
 the control interface.Ь tlsэ Called by TLS when new encryption material is ready to be used in the
 handshake.  The next  Ж or  В⌠ may now use the
 associated encryption level (although the previous level is also
 possible: directions Send/Recv do not change at the same time).Ы tlsн Called by TLS when QUIC-specific extensions have been received from
 the peer.З tlsCalled when  Л
 is done.  ─' is
 finished after calling this hook.  Ъ calls
  Я: after calling this hook to wait for new session
 tickets.Ш tlsArgument given to  Ь' when encryption material is available.Э tls6Key material and parameters for traffic at 0-RTT levelЩ tls:Key material and parameters for traffic at handshake levelЧ tls<Key material and parameters for traffic at application levelЪ tls╟Start a TLS handshake thread for a QUIC client.  The client will use the
 specified TLS parameters and call the provided callback functions to send and
 receive handshake data.─ tls╟Start a TLS handshake thread for a QUIC server.  The server will use the
 specified TLS parameters and call the provided callback functions to send and
 receive handshake data.│ tls│Can be used by callbacks to signal an unexpected condition.  This will then
 generate an "internal_error" alert in the TLS stack.┌ tlsщ Return the alert that a TLS endpoint would send to the peer for the
 specified library error.┐ tls(Decode an alert from the assigned value.┘ tlsMax early data size for QUIC. 6Ъ─ТУЖВЬЫЗпстуярШЭЩЧ╦╧ІЇЄ╣dcb]^_`a╨жывьз■∙√≈щ│┌э⌠┐эш\┘└7Ъ─ТУЖВЬЫЗпстуярШЭЩЧ╦╧ІЇЄ╣dcb]^_`a╨жывьз■∙√≈щщ│┌э⌠┐эш\┘└    P       Safe-InferredЯ Р   Хп  ╛°²yz|{─~}Ї╦ІЇТСРЯПОУН╦▀■∙▄xjklmnopqrstu╡ЁЄМЛКЙИХГФЕДЦБ╣╧╨ЗЫЬВЖ╩≤Є≥ Ё⌡░опярстужвьы╞╟АЮъч╠╔ії╗╘╙╚╛ґў▒м▓эшзыьвжутсряпонлкйихгфедцбаю©ЎҐ╪⌠·÷║═╒ёєў╞╟╠╡√≈щДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬ъЮАБЦ┴┼█▌▒▓⌠■∙≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґ╣І╧╪╨╩ҐЎм©юабцдефгхийклнзшэщчШч▐░√≈≤ъЮЭФГХИЙКЛМНАБЦДЕЯРСОПІ	Ї	╟	╠	╧	ж	н	╡	л	о	Ё	м	т	е	ф	╦	╨	╩	╪	Ґ	Ў	©	ю	а	б	ц	д	Є	г	х	и	й	к	п	я	р	с	у	в	ь	▌
▐
░
▒
▓
·÷ЁЄ╣І.╦абwvhig╪ҐЎ©юefdcb]^_`aкл╧Їдефгхиймнопярстужв╨╩ц┌	·	┬	┐	└	┘	├	┤	∙	┴	▌	²	█	÷	═	ґ	ў	╞	ї	╒	╔	┼	▀	▄	▐	░	▒	▓	⌠	■	√	≈	≤	≥	 	⌡	°	║	ё	є	і	╗	╘	╙	╚	╛	╦╧            Safe-InferredЯ Р   МI┤ tls█Getting certificates from a client, if any.
   Note that the certificates are not sent by a client
   on resumption even if client authentication is required.
   So, this API would be replaced by the one which can treat
   both cases of full-negotiation and resumption. ЎийъЛПЯМ<=>?@ABCDчЇ╦╧╨╩╪ҐЎ©юах╛ґў╞╟╠╡ЁЄ╣І■∙√≈≤≥ ┤┬┴┼▀▄▌█ЧЪ─│┌┐└┘├EFGHI÷═║╒ёє╔ії╗╘╙╚бцдефгВЬЫЗШЭЩ│┌┐└┘├┤┬xwvjklmnopqrstuhigyz|{─~}┴┼▐╡ШІЇТСРЯПОУН╦ЁЄМЛКЙИХГФЕДЦБ╣/0:987654321;⌡°²·JK▐░▒▓⌠БЦДЕФГХИЙ╧╨ЗЫЬВЖ╩.щчъЮАьыклмнопярстужвз≤≥ ⌡жывьз┤НОСИЙКщФГХДЕКЛМНОПш░ЮЭАБЯРСТУЖ°²╞╟АЮъч╠Ц╔ії╗╘╙╚╛ґўYZ[▒м▓эшзыьвжутсряпонлкйихгфедцбаю©ЎҐ╪⌠·÷║═╒ёє▀▄█▌e 	
ЩЧ─Ъ│┌┐└┘QWVUTSRX▐░▒▓⌠■∙√≈≤≥ ├┤▌┬┴┼▀▄█⌡°²·÷═║ії╗╘╙є╔ё╒fўґ╛╚╞╡Ё╟╠Р├#$%&'()*+,- !"▄иъЛПЯМ<=>?@ABCDчЇ╦╧╨╩╪ҐЎ©юах╛ґў╞╟╠╡ЁЄ╣І■∙√≈≤≥ ┤┬┴┼▀▄▌█ЧЪ─│┌┐└┘├EFGHI÷═║╒ёє╔ії╗╘╙╚бцдефгВЬЫЗШЭЩ│┌┐└┘├┤┬xwvjklmnopqrstuhigyz|{─~}|{─~}┴┼▐╡ШІЇТСРЯПОУН╦ТСРЯПОУНЁЄМЛКЙИХГФЕДЦБ╣МЛКЙИХГФЕДЦБ/0:987654321:987654321;⌡°²·JK▐░▒▓⌠БЦДЕФГХИЙ╧╨ЗЫЬВЖ╩ЗЫЬВЖ.щчъЮАйьыклмнопярстужвз≤ ≥⌡жывьз┤НОСИЙКщФГХДЕКЛМНОПш░ЮЭАБЯРСТУЖ°²╞╟АЮъч╠АЮъчЦ╔ії╗╘╙╚╛ґўYZ[▒м▓эшзыьвжутсряпонлкйихгфедцбаю©ЎҐ╪⌠мэшзыьвжутсряпонлкйихгфедцбаю©ЎҐ╪·÷║═╒ёє▀▄█▌e 	
▐░▒▓⌠■∙√≈≤≥ ├┤▌┬┴┼▀▄█⌡°²·÷═║ії╗╘╙є╔ё╒╞QWVUTSRXЩЧ─Ъ│┌┐└┘f╡ўґ╛╚Ё╟╠Р├#$%&'()*+,- !"  я QRS QRT QRU QRV QRW QRX QRY QRZ QR[ QR\ Q]^ Q]_ Q]` Q]a Q]b Q]c Q]d Q]e fgh fgh fg i fg j fgk fgl fgm fgn fgo fgp fg q frs frs fr t fr u fr v fr w frx frx fr y fr z fr { fr | fr } fr ~ fr  fr ─ fr │ ┌┐└  ┘  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐   ░  	▒  	 ▓  	 ⌠  	■  	■  	 ∙  	 √  	 ≈  	 ≤  
≥  
≥  
    
 ⌡  
 °  ²  ·   ÷   ═   ║   ╒   ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў   ╞  ╟  ╠  ╠  ╡  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╩   ╪   Ґ   Ў   ©   ю   а   б   ц   д   е  ф  г  х  и  и  й  к  л  м  н  о  п  п   я   р   с   т   у   ж  в  в  ь   ы   з   ш   э  щ  ч  ч   ъ  Ю  Ю  А  А  Б   Ц  Д   Е  Ф  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ь   Ы  З  Ш  Ш   Э  Щ  Щ   Ч  Ъ  Ъ   ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©   ю  а  б  б   ц   д   е   ф   г   х   и  й  й   к   л   м   н   о   п   я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Г  Х  И  Й  К  Л  М  Н  О  П   Я   Р   С   Т   У  Ж  Ж  В  В  Ь  Ь  Ы   +   З   Ш   Э   Щ   Ч   Ъ   ─   │   ┌   ┐   └   ┘   ├   ┤   ┬   ┴   ┼   ▀   ▄   █  ▌  ▐  ░  ▒  ▓  ⌠  #■  #∙  #√  #≈  #≤  $ ≥  $    %⌡  %°  %²  %·  %÷  '═  '║  '╒  'ё  'є  '╔  'і  'ї  '╗  (╘  (╘  ( ╙  ( ╚  ( ╛  ( ґ  (ў  (ў  ( ╞  ( ╟  ( ╠  ( ╡  )Ё  )Ё  )Є  ) ╣  ) І  ) Ї  ) ╦  *╧  *╧  * ╨  * ╩  * ╪  * Ґ  * Ў  * ©  * ю  *а  *а  * б  * ц  * д  * е  *ф  *г  *х  *и  *й  *к  *л  *м  *м  * н  * о  * п  * я  * р  *с  *т  *у  *ж  *в  *в  * ь  * ы  * з  * ш  * э  * щ  * ч  * ъ  * Ю  * А  * Б  *Ц  *Ц  * Д  * Е  * Ф  * Г  * Х  * И  * Й  * К  * Л  *М  *М  * Н  * О  * П  * Я  * Р  * С  * Т  * У  * Ж  *В  *В  * Ь  * Ы  * З  * Ш  * Э  .Щ  . Ч  .Ъ  .Ъ  . ─  . │  . ┌  . ┐  . └  . ┘  . ├  . ┤  . ┬  . ┴  . ┼  . ▀  . ▄  . █  . ▌  9 ▐  K ░  M▒  M ▓  M ⌠  M ■  M ∙  M √  M ≈  M ≤  M ≥  M    M ⌡  O°  O²  O·  O ÷  O ═  O ║  O ╒  O ё  O є  O ╔  O і  ї  ї   ╗   ╘   ╙   ╚   ╛  ґ  ў  ╞  ╟   ╠   ╡   Ё   Є   ╣   І   Ї  ╦   ╧   ╨   ╩  ╪  Ґ  Ў  ©   ю  а бцд бц е бц ф гхи йк л ймн йм о йм п йм я йм р йм с ймт йм у йм ж йм в йм ь йыз йыз йы ш йэщ йэщ йэ ч йэъ йэЮ йэ А йэБ йэЦ йэ Д йк Е ймФ йм Г йм Х йм И йм Й йм К йэ Л йМ Н ймО йм П йм Я йм Р ймС йм Т йм У йЖВ йЖ Ь йм Ы йМ З йМ Ш йЭ Щ йЭ Ч йЭ Ъ й─ │ йм ┌ й─ ┐ йм └ йм ┘ йм ├ йм ┤ йм ┬ йм ┴ йм ┼ йк ▀ йМ ▄ йМ █ й─ ▌ й─ ▐ й─ ░ й─ ▒ й─ ▓ й─ ⌠ й─ ■ й─ ∙ й─ √ й─ ≈ й─ ≤ й─ ≥ й─   й⌡° й⌡ ² й⌡ · й⌡ ÷ й⌡═ й⌡ ║ й⌡ ╒ й⌡ ё й⌡ є й⌡ ╔ й⌡ і й⌡ ї й⌡ ╗ й⌡ ╘ й⌡ ╙ й⌡ ╚ й⌡ ╛ й⌡ ґ й⌡ ў й⌡ ╞ й⌡ ╟ й⌡ ╠ й⌡ ╡ й⌡ Ё й⌡ Є й⌡ ╣ й⌡ І йЇ╦ йЇ╦ йЇ ╧ йЇ╨ йЇ╨ йЇ ╩ йЇ╪ йЇ╪ йЇ Ґ йЇЎ йЇЎ йЇ © й⌡ ю й⌡ а й⌡ б й⌡ ц йЇ д йЇ е йЇ ф йЇ г йЇ х йЇ и йм й йМ к йМ л йМ м йМ н йМ о йМ п йМ я йМ р йМ с йМ т йМ у йМ ж йм в йь ы йз ш йз э йМ щ йМ ч йз ъ йз Ю йз А йз Б йз Ц йь Д йз Е йз Ф йь Г йз Х йз И йз Й йь К йМ Л йь М йь Н йь О йь П йь Я йь Р йь С йь Т йь У йь Ж йь В йь Ь йь Ы йь З йь Ш йь Э йь Щ йь Ч йь Ъ йь ─ йь │ йь ┌ йь ┐ йМ └ йМ ┘ йМ ├ йМ ┤ йМ ┬ йь ┴ йМ ┼ йь ▀ йь ▄ йь █ йь ▌ йь ▐ йМ ░ йз ▒ йз ▓ йз ⌠ йз ■ йз ∙ йз √ йз ≈ йз ≤ йз ≥ йз   йз ⌡ йз ° йз ² йз · йз ÷ йз ═ йз ║ йз ╒ йз ё йз є йз ╔ йЭ і йЭ ї йз ╗ йз ╘ йз ╙ йз ╚ йз ╛ йз ґ йз ў йз ╞ йз ╟ йз ╠ йз ╡ йз Ё йз Є йз ╣ йз І йз Ї йз ╦ йз ╧ йз ╨ йз ╩ йз ╪ йз Ґ йз Ў йз © йз ю йа б йцд йце йцф йг х йг и йг й йг к йг л йг м йг н йг о йг п йяр йяр йя с ймт йм у йм ж йм в йяь йяь йя ы йяз йяз йя ш йэщ йэщ йэ ч йэъ йэъ йэ Ю йэА йэА йэ Б йэЦ йэЦ йэ Д йяЕ йяЕ йя Ф йяГ йяГ йя Х йяИ йяИ йя Й йэК йэЛ йэ М йэН йэО йэП йэП йя Я йя Р йя С йэ Т йэ У йэ Ж ВЬЫ ВЬЗ ВЬШ ВЬЭ ВЩЧ ВЩ Ъ ВЩ ─ ВЩ │ ВЩ ┌ ВЩ ┐ ВЩ └ ВЩ ┘ й├┤ й├┤ й├ ┬ й├ ┴ й├ ┼ й▀▄ ВЬ█ й▀▌ й▀▐ й▀░ й▀ ▒ й▀ ▓ й▀ ⌠ й▀ ■ й▀ ∙ й▀ √ й▀ ≈   ≤  
 ≥  
    
 ⌡  
 °  
 ²  ·  · ÷═║ ÷═ ╒ ÷═ ё ÷═ є   ╔   і ÷ї╗ ÷ї ╘  ╙  ╚   ╛   ґ   ў   ╞   ╟   ╠   ╡   Ё   Є   ╣   І  Ї   ╦   ╧ й╨╩   ╪   Ґ   Ў   ©   ю   а   б   ц   д   е   ф   г ÷х и ÷х й ÷х к  л  м  н   о   п   я   р   с   т   у   ж   в   ь   ы  з  ш   э   щ   ч   ъ   Ю   А  Б  Ц  Д  Е  Ф  Г  Х  И   Й   К   Л   М   Н   О   П   Я   Р  С  Т  У  Ж  В  Ь   Ы   З  ╦   Ш   Э   Щ   Ч  Ъ  ─   │  ┌  ┐  └  ┘  ├  ┤  ┤  ┬  ┬  ┴  ┴   ┼   ▀   ▄  █  █   ▌   ▐  ░  ░ ВЬ▒  ▓   ⌠   ■   ∙   √   ≈  ≤  ≤   ≥       ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©   ю  а  а  б Qцд  е  е   ф   г  х  х   и   й   к   л   м   н  о  о  п  п   я   р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  щ  Ц  Д  Е  Д  Б  Ф  Г  Х  Х  И  Й  К  И   Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  М   Э  Щ  Ч  Ъ  ─	  │	  ┌	  ┐	  └	  ┘	  ├	  ┤	  ┬	  ┬	   ┴	   ┼	   ▀	   ▄	   █	  ▌	  а  ▐	  ░	  ▒	  ▓	  ⌠	  ■	  ∙	  √	  ≈	  ≤	  ≥	   	   ⌡	   °	  ²	  ·	  ÷	   ═	   ║	   ╒	   ё	   є	   ╔	   і	  ї	  ╗	  ╘	  ╙	  ╚	  ╛	  ґ	 ў	╞	╟	  ╠	  ╡	  Ё	  Є	  ╣	  І	   Ї	   ╦	   ╧	   ╨	 ў	╞	 ╩	 ў	╞	 ╪	   Ґ	   Ў	   ©	   ю	   а	   б	 ў	╞	 ц	   д	   е	   ф	   г	   х	   и	   й	 ў	╞	 к	 ў	л	м	 ў	л	 н	 ў	л	 о	   п	   я	   р	   с	   т	   у	   ж	   в	   ь	   ы	   з	   ш	   э	   щ	   ч	   ъ	   Ю	   А	   Б	   Ц	   Д	  Е	  Е	   Ф	   Г	   Х	   И	   Й	   К	   Л	   М	   Н	   О	   П	   Я	   Р	   С	   Т	   У	   Ж	   В	   Ь	   Ы	   З	   Ш	   Э	   Щ	   Ч	   Ъ	   ─
   │
   ┌
   ┐
   └
   ┘
   ├
  ┤
  ┤
   ┬
   ┴
   ┼
  ▀
   ▄
  █
  █
   ▌
  ▐
  ▐
   ░
   ▒
  ▓
  ▓
   ⌠
   ■
   ∙
   √
   ≈
   ≤
   ≥
   
   ⌡
   °
   ²
   ·
   ÷
   ═
   ║
   ╒
   ё
  є
   ╔
   і
   ї
   ╗
   ╘
   ╙
   ╚
  є
  ╛
   ґ
   ў
   ╞
   ╟
  ╠
  ╡
  Ё
   Є
   ╣
    І
  " Ї
  " ╦
  " ╧
  " ╨
  " ╩
  #╪
  # Ґ
  # Ў
  # ©
  # ю
  # а
  # б
  # ц
  # д
  # е
  #ф
  #ф
  # г
  # х
  # и
  # й
  # к
  # л
  # м
  # н
  # о
  # п
  # я
  # р
  # с
  # т
  # у
  # ж
  # в
  # ь
  # ы
  # з
  # ш
  # э
  # щ
  #ч
  #ъ
  #Ю
  #А
  #Б
  #Ц
  #Д
  #Е
  #Ф
  # Г
  # Х
  # И
  # Й
  # К
  # Л
  # М
  # Н
  # О
  # П
  # Я
  # Р
  # С
  # Т
  # У
  # Ж
  # В
  # Ь
  # Ы
  # З
  # Ш
  # Э
  # Щ
  # Ч
  # Ъ
  # ─  # │  # ┌  # ┐  # └  # ┘  # ├  # ┤  # ┬  # ┴  # ┼  # ▀  # ▄  # █  # ▌  # ▐  # ░  # ▒  # ▓  # ⌠  # ■  $ ∙  %√  %≈  %≤  %≥  %   %⌡  % °  % ²  % ·  % ÷  % ═  %║  %╒  %ё  %   %≥  %є  %≤  %≈  %√  %╔  %╔  %і  %і  %ї  %ї  %╗  %╘  %╙  %╚  %╚  %╛  %╛  %ґ  %ґ  %ў  %╞  %╟  %╟  %╠  %╠  %╡  %Ё  %Є  %╣  %І  %Ї  %╦  %╧  %╧  % ╨  % ╩  %╪  %Ґ  %Ў  %©  %ю  %а  %б  %ц  %ц  %д  %д  %е  %ф  %г  %г  %х  %х  %≈  %и  %й  %к  %к  %л  %л  %м  %м  &н  &н  & о  & п  & я  & р  & с  & т  & у  & ж  & в  & ь  & ы  & з  & ш  & э  & щ  & ч  & ъ  & Ю  & А  & Б  & Ц  & Д  & Е  & Ф  & Г  &Х  & И  & Й  & К  & Л  & М  & Н  & О  & П  & Я  & Р  & С  & Т  & У  & Ж  & В  & Ь  & Ы  & З  & Ш  & Э  & Щ  & ║  & Ч  & Ъ  & ─  & │  & ┌  & ╒  & ╧  & ┐  & └  & ┘  & ├  & └
  & ┤  & ┬  & ┴  & ┼  & ▀  & ▄  & █  & ▌  & ▐  & ░  & ▒  & ▓  & ⌠  & ■  & ∙  & √  & ≈  & ≤ Q≥  Q≥  Q⌡Ч Q⌡Ч Q⌡ ° Q⌡ ² Q⌡ · Q⌡ ÷ Q⌡ ═ Q⌡ ║ Q⌡ ╒ Q⌡ ё Qє╔ Qє і  ' ї  ' ╗ ╘╙╚ fr ╛ frґ fў╞  ' ╟  ' ╠  ( ╡  ) Ё  ) Є  ) ╣  ) І  ) Ї ВЬ╦ йм ╧  *╨  .╩ ВЬ╪  .Ґ  . Ў  . ©  . ю  . а  . б  . ц  . д  . е  . ф  . г  . х  . и  .Щ  . й  . к  . л  . м  . н  . о  . п  . я  . р  . с  . т  . у  . ж  .в  .в  .ь  .ы  .з  .ш  .╩  .э  .э  . щ  . ч  . ъ  . Ю  . А  .Б  .Б  .Ц  .Ц  . Д  . Е  . Ф  . Г  . Х  . И  . Й  . К  . Л  . М  . Н  . О  . П  . Я  . Р  . С  . Т  . У  . Ж  . В  . Ь  . Ы  . З  . Ш  . Э  . Щ  . Ч  . Ъ  . ─  . │  . ┌  . ┐  . └  . ┘  .├  .├  .┤  .┤  . ┬  . ┴  . ┼  . ▀  . ▄  . █  . ▌  . ▐  . ░  . ▒  . ▓  . ⌠  . ■  . ∙  . √  . ≈  . ≤  . ≥  .   .   . ⌡  . °  . ²  . ·  . ÷  / ═  / ║  / ╒  0 ё  0 є  1 ╔  1 і  2ї  2 ╗  2 ╘  2 ╙  2 ╚  2 ╛  2 ґ  2 ў  2 ╞  2 ╟  2 ╠  2 ╡  2 Ё  2 Є  3 ╣  3 І  3 Ї  3 ╦  3 ╧  4 ╨  4 ╩  4 ╪  4 Ґ  5Ў  5 ©  5 ю  5 а  5 б  5 ц  5 д  5 е  5 ф  6 г  6 х  6 и  7 й  7 к  7 л  7 м  7 н  7 о  7 п  7 я  7 р  7 с  7 т  7 у  7 ж  7 в  7 ь  8 ы  8 з  8 ш  8 э  8 щ  8 ч  8 ъ  8 Ю  8 А  8 Б  8 Ц  8 Д  8 Е  9 Ф  9 Г  9 Х  9 И  9 Й  9 К  9 Л  9 М  9 Н  9О  9П  9Я  9Р  9 С  9 Т  9 У  9 Ж  9 В  9 Ь  9 Ы  9 З  9 Ш  9 Э  9 Щ  9 Ч  : Ъ  ; ─  ; │  ; ┌  ; ┐  ; └  < ┘  < ├  < ┤  < ┬  < ┴  < ┼  < ▀  < ▄  < █  < ▌  < ▐  < ░  < ▒  < ▓  < ⌠  < ■  < ∙  < √  < ≈  < ≤  < ≥  <   < ⌡  < °  < ²  < ·  < ÷  < ═  < ║  < ╒  < ё  < є  < ╔  = і  = ї  > ╗  > ╘  > ╙  > ╚  > ╛  > ґ  > ў  > ╞  ? ╟  ? ╠  @ ╡  @ Ё  A Є  B ╣  C І  D ÷  D Ї  D ╦  D ╧  E ╨  E ╩  E ╪  E Ґ  E Ў  E ©  E ю  E а  E б  E ц  F д  F е  F ф  F г  G х  G и  G й  H к  H л  H м  H н  I о  I п  J я  J р  K с  L т  L у  N жвtls-2.0.3-2jTVhxRoD1SNLfe7mqudrNetwork.TLSNetwork.TLS.Extra.FFDHENetwork.TLS.QUICNetwork.TLS.Extra.CiphertlsNetwork.TLS.Crypto.TypesNetwork.TLS.ErrTNetwork.TLS.ImportsNetwork.TLS.BackendNetwork.TLS.MeasurementNetwork.TLS.RNGNetwork.TLS.Crypto.DHNetwork.TLS.UtilNetwork.TLS.Util.ASN1Network.TLS.Util.SerializationNetwork.TLS.Crypto.IESNetwork.TLS.CryptoNetwork.TLS.TypesNetwork.TLS.SessionNetwork.TLS.CompressionNetwork.TLS.StructNetwork.TLS.Struct13Network.TLS.MACNetwork.TLS.CipherNetwork.TLS.Handshake.ControlNetwork.TLS.ExtraNetwork.TLS.WireNetwork.TLS.PacketNetwork.TLS.Record.StateNetwork.TLS.Record.TypesNetwork.TLS.Record.EngageNetwork.TLS.Record.DisengageNetwork.TLS.RecordNetwork.TLS.Packet13Network.TLS.Handshake.StateNetwork.TLS.KeyScheduleNetwork.TLS.ExtensionNetwork.TLS.StateNetwork.TLS.X509Network.TLS.HooksNetwork.TLS.CredentialsNetwork.TLS.Parametersciphersuite_defaultCrypto.PubKey.DHgenerateParamsNetwork.TLS.Context.InternalNetwork.TLS.Record.WritingNetwork.TLS.Record.ReadingNetwork.TLS.ReceivingNetwork.TLS.Handshake.State13Network.TLS.Handshake.RandomNetwork.TLS.SendingNetwork.TLS.IONetwork.TLS.Handshake.ProcessNetwork.TLS.Handshake.KeyNetwork.TLS.Handshake.SignatureNetwork.TLS.Handshake.Common(Network.TLS.Handshake.Server.ClientHello!Network.TLS.Handshake.CertificateNetwork.TLS.Handshake.Common13*Network.TLS.Handshake.Server.ClientHello13#Network.TLS.Handshake.Server.Common"Network.TLS.Handshake.Server.TLS13"Network.TLS.Handshake.Server.TLS12*Network.TLS.Handshake.Server.ServerHello13*Network.TLS.Handshake.Server.ServerHello12*Network.TLS.Handshake.Server.ClientHello12Network.TLS.Handshake.Server#Network.TLS.Handshake.Client.Common"Network.TLS.Handshake.Client.TLS12(Network.TLS.Handshake.Client.ServerHello"Network.TLS.Handshake.Client.TLS13(Network.TLS.Handshake.Client.ClientHelloNetwork.TLS.Handshake.ClientNetwork.TLS.PostHandshakeNetwork.TLS.HandshakeNetwork.TLS.ContextNetwork.TLS.Record.LayerNetwork.TLS.CoreNetwork.TLS.Internal)crypton-x509-1.7.6-GhyrNaqq9oy7CmtW9X38vCData.X509.PublicKeyPubKey	PubKeyRSA	PubKeyDSAPubKeyDHPubKeyECPubKeyX25519
PubKeyX448PubKeyEd25519PubKeyEd448PubKeyUnknownData.X509.PrivateKeyPrivKey
PrivKeyRSA
PrivKeyDSA	PrivKeyECPrivKeyX25519PrivKeyX448PrivKeyEd25519PrivKeyEd4485crypton-x509-validation-1.6.12-2dGUu4iPcwuBTTK68HzvL0Data.X509.Validation.CacheValidationCache
cacheQuerycacheAddValidationCacheAddCallbackValidationCacheQueryCallbackValidationCacheResultValidationCachePassValidationCacheDeniedValidationCacheUnknownexceptionValidationCacheData.X509.ValidationValidationHookshookMatchSubjectIssuerhookValidateTimehookValidateNamehookFilterReasonValidationCheckscheckTimeValiditycheckAtTimecheckStrictOrderingcheckCAConstraintscheckExhaustivecheckLeafV3checkLeafKeyUsagecheckLeafKeyPurpose	checkFQHN&network-3.2.0.0-5QpNnrjrLsi7YSUErzYZu3Network.Socket.InfoHostNameGroup	FFDHE8192	FFDHE6144	FFDHE4096	FFDHE3072	FFDHE2048X448X25519P521P384P256supportedNamedGroups
HasBackendinitializeBackend
getBackendBackendbackendFlushbackendClosebackendSendbackendRecvMeasurementnbHandshakesbytesReceived	bytesSentDHParamsDHPublic	ffdhe2048	ffdhe3072	ffdhe4096	ffdhe6144	ffdhe8192HashMD5SHA1SHA224SHA256SHA384SHA512SHA1_MD5KxErrorRSAErrorKxUnsupportedhashDigestSizeTrafficSecretsServerTrafficSecretClientTrafficSecretApplicationSecretHandshakeSecretEarlySecretCompressionIDCipherIDTLS13TicketInfoSessionFlag
SessionEMSSessionDatasessionVersionsessionCiphersessionCompressionsessionClientSNIsessionSecretsessionGroupsessionTicketInfosessionALPNsessionMaxEarlyDataSizesessionFlagsTicketSessionIDorTicket	SessionIDVersionTLS13TLS12TLS11TLS10SSL3SSL2SessionManagersessionResumesessionResumeOnlyOncesessionEstablishsessionInvalidatesessionUseTicketnoSessionManagerCompressionCompressionCcompressionCIDcompressionCDeflatecompressionCInflatenullCompression	HandshakeAlertDescriptionfromAlertDescriptionExtensionRawExtensionIDClientRandomunClientRandomServerRandomunServerRandomHeaderTLSException
TerminatedHandshakeFailedPostHandshakeUncontextualizedConnectionNotEstablishedMissingHandshakeTLSError
Error_MiscError_ProtocolError_Protocol_WarningError_CertificateError_HandshakePolicy	Error_EOFError_PacketError_Packet_unexpectedError_Packet_ParsingProtocolTypefromProtocolTypeHashAndSignatureAlgorithmSignatureAlgorithmfromSignatureAlgorithmHashAlgorithmfromHashAlgorithmCertificateTypefromCertificateTypeNoApplicationProtocolCertificateRequiredUnknownPskIdentityBadCertificateHashValueBadCertificateStatusResponseUnrecognizedNameCertificateUnobtainableUnsupportedExtensionMissingExtensionNoRenegotiationUserCanceledInappropriateFallbackInternalErrorInsufficientSecurityProtocolVersionExportRestrictionDecryptErrorDecodeErrorAccessDenied	UnknownCaIllegalParameterCertificateUnknownCertificateExpiredCertificateRevokedUnsupportedCertificateBadCertificateHandshakeFailureDecompressionFailureRecordOverflowDecryptionFailedBadRecordMacUnexpectedMessageCloseNotifyEID_QuicTransportParametersProtocolType_AppDataProtocolType_HandshakeProtocolType_AlertProtocolType_ChangeCipherSpecSignatureRSApsspssSHA512SignatureRSApsspssSHA384SignatureRSApsspssSHA256SignatureEd448SignatureEd25519SignatureRSApssRSAeSHA512SignatureRSApssRSAeSHA384SignatureRSApssRSAeSHA256SignatureECDSASignatureDSASignatureRSASignatureAnonymousHashIntrinsic
HashSHA512
HashSHA384
HashSHA256
HashSHA224HashSHA1HashMD5HashNoneCertificateType_Ed448_SignCertificateType_Ed25519_SignCertificateType_ECDSA_SignCertificateType_DSA_SignCertificateType_RSA_SignsupportedSignatureSchemesHandshake13CiphercipherID
cipherName
cipherHash
cipherBulkcipherKeyExchangecipherMinVercipherPRFHashBulkbulkNamebulkKeySize
bulkIVSizebulkExplicitIVbulkAuthTagLenbulkBlockSizebulkFCipherKeyExchangeTypeCipherKeyExchange_RSACipherKeyExchange_DH_AnonCipherKeyExchange_DHE_RSACipherKeyExchange_ECDHE_RSACipherKeyExchange_DHE_DSACipherKeyExchange_DH_DSACipherKeyExchange_DH_RSACipherKeyExchange_ECDH_ECDSACipherKeyExchange_ECDH_RSACipherKeyExchange_ECDHE_ECDSACipherKeyExchange_TLS13BulkFunctions
BulkBlockFBulkStreamF	BulkAeadFBulkDirectionBulkEncryptBulkDecryptBulkAEAD	BulkBlock
BulkStream	BulkStateBulkStateStreamBulkStateBlockBulkStateAEADBulkStateUninitializedBulkAdditionalData	BulkNonceBulkIVBulkKeybulkInithasMAChasRecordIVcipherKeyBlockSizecipherAllowedForVersionApplicationSecretInfoHandshakeSecretInfoEarlySecretInfoNegotiatedProtocolciphersuite_default_detciphersuite_allciphersuite_all_detciphersuite_strongciphersuite_strong_detcipher_TLS13_AES128GCM_SHA256cipher_TLS13_AES256GCM_SHA384$cipher_TLS13_CHACHA20POLY1305_SHA256cipher_TLS13_AES128CCM_SHA256cipher_TLS13_AES128CCM8_SHA256#cipher_ECDHE_ECDSA_AES128GCM_SHA256#cipher_ECDHE_ECDSA_AES256GCM_SHA384!cipher_ECDHE_RSA_AES128GCM_SHA256!cipher_ECDHE_RSA_AES256GCM_SHA384#cipher_ECDHE_ECDSA_AES128CCM_SHA256#cipher_ECDHE_ECDSA_AES256CCM_SHA256$cipher_ECDHE_ECDSA_AES128CCM8_SHA256$cipher_ECDHE_ECDSA_AES256CCM8_SHA256(cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256*cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256
CryptLevelCryptInitialCryptMainSecretCryptEarlySecretCryptHandshakeSecretCryptApplicationSecretHandshakeMode13FullHandshakeHelloRetryRequestPreSharedKeyRTT0hkdfExtracthkdfExpandLabelMaxFragmentEnumMaxFragment512MaxFragment1024MaxFragment2048MaxFragment4096CertificateUsageCertificateUsageAcceptCertificateUsageRejectCertificateRejectReasonCertificateRejectExpiredCertificateRejectRevokedCertificateRejectUnknownCACertificateRejectAbsentCertificateRejectOtherHookshookRecvHandshakehookRecvHandshake13hookRecvCertificateshookLoggingLoggingloggingPacketSentloggingPacketRecvloggingIOSentloggingIORecvCredentials
CredentialcredentialLoadX509credentialLoadX509FromMemorycredentialLoadX509Chain!credentialLoadX509ChainFromMemoryServerHooksonClientCertificateonUnverifiedClientCertonCipherChoosingonServerNameIndicationonNewHandshakeonALPNClientSuggestonEncryptedExtensionsCreatingClientHooksonCertificateRequestonServerCertificateonSuggestALPNonCustomFFDHEGroupOnServerCertificateOnCertificateRequest
GroupUsageGroupUsageValidGroupUsageInsecureGroupUsageUnsupportedGroupUsageInvalidPublicSharedsharedCredentialssharedSessionManagersharedCAStoresharedValidationCachesharedHelloExtensionsEMSModeNoEMSAllowEMS
RequireEMS	SupportedsupportedVersionssupportedCipherssupportedCompressionssupportedHashSignaturessupportedSecureRenegotiation%supportedClientInitiatedRenegotiationsupportedExtendedMainSecretsupportedSessionsupportedFallbackScsvsupportedEmptyPacketsupportedGroupsServerParamsserverWantClientCertserverCACertificatesserverDHEParamsserverHooksserverSharedserverSupportedserverDebugserverEarlyDataSizeserverTicketLifetimeClientParamsclientUseMaxFragmentLengthclientServerIdentificationclientUseServerNameIndicationclientWantSessionResumeclientSharedclientHooksclientSupportedclientDebugclientUseEarlyDataDebugParams	debugSeeddebugPrintSeeddebugVersionForceddebugKeyLoggerdefaultParamsClientContext
ctxBackendInformationinfoVersion
infoCipherinfoCompressioninfoMainSecretinfoExtendedMainSecretinfoClientRandominfoServerRandominfoSupportedGroupinfoTLS12ResumptioninfoTLS13HandshakeModeinfoIsEarlyDataAcceptedcontextFlushcontextClosecontextGetInformationcontextModifyHookserrorToAlertMessagerequestCertificate	TLSParams
contextNewcontextHookSetHandshakeRecvcontextHookSetHandshake13RecvcontextHookSetCertificateRecvcontextHookSetLogginggetFinishedgetPeerFinishedgetTLSUniquegetTLSExportergetTLSServerEndPointKeyUpdateRequestOneWayTwoWay	handshakebyegetNegotiatedProtocolgetClientSNIsendDatarecvData	recvData'	updateKeyQUICCallbacksquicSendquicRecvquicInstallKeysquicNotifyExtensionsquicDoneKeyScheduleEventInstallEarlyKeysInstallHandshakeKeysInstallApplicationKeystlsQUICClienttlsQUICServererrorTLSerrorToAlertDescriptiontoAlertDescriptiondefaultSupportedquicMaxEarlyDataSizeBytesgetClientCertificateChainavailableFFGroupsavailableECGroupsKeyExchangeSignatureAlgKX_RSAKX_DSAKX_ECDSArunErrTErrT	mtl-2.3.1Control.Monad.Error.Class
MonadError
throwError
catchErrorbytestring-0.11.5.2Data.ByteString.Internal.Type
ByteStringbaseData.Functor<&>GHC.BaseApplicative*><*>pureliftA2<*Alternativeempty<|>somemanyData.Functor.ConstConstgetConstControl.ApplicativeZipList
getZipListWrappedArrow	WrapArrowunwrapArrowWrappedMonad	WrapMonadunwrapMonad<$>Functorfmap<$<**>liftAliftA3optionalData.FoldableasumMonadreturn>>>>=	MonadPlusmzeromplusControl.Monad.Fail	MonadFailfailjoinmapM_forM_Data.TraversablemapMsequenceforMControl.MonadforeverliftMguard=<<whenliftM2liftM3liftM4liftM5apvoid	sequence_msumfilterM>=><=<mapAndUnzipMzipWithM	zipWithM_foldMfoldM_
replicateMreplicateM_unless<$!>mfilterGHC.Bits
FiniteBitsfiniteBitSizecountLeadingZeroscountTrailingZerosBits.&..|.xor
complementshiftrotatezeroBitsbitsetBitclearBitcomplementBittestBitbitSizeMaybebitSizeisSignedshiftLunsafeShiftLshiftRunsafeShiftRrotateLrotateRpopCount	Data.BitsIffgetIffXorgetXorIorgetIorAndgetAnd
bitDefaulttestBitDefaultpopCountDefaulttoIntegralSizedoneBits.^..>>..<<.!>>.!<<.++foldrlengthfoldlnullfoldl'foldl1sumproductfoldr1maximumminimumelemmapGHC.ListzipWithData.OldListsortBygenericLength	maximumBy	minimumBygenericReplicategenericTakegenericDropgenericSplitAtgenericIndexheadgroupgroupByfilterunfoldr	transposesortOncycleconcatzipunconstaillastinitfoldl1'scanlscanl1scanl'scanrscanr1iterateiterate'repeat	replicate	takeWhile	dropWhiletakedropsplitAtspanbreakreverseandoranyallnotElemlookup	concatMap!!zip3zipWith3unzipunzip3finddropWhileEndstripPrefix	elemIndexelemIndices	findIndexfindIndices
isPrefixOf
isSuffixOf	isInfixOfnubnubBydeletedeleteBy\\unionunionBy	intersectintersectByintersperseintercalate	partition	mapAccumL	mapAccumRinsertinsertByzip4zip5zip6zip7zipWith4zipWith5zipWith6zipWith7unzip4unzip5unzip6unzip7deleteFirstsByinitstailssubsequencespermutationssort	singletonlinesunlineswordsunwords	Data.ListisSubsequenceOf	GHC.MaybeMaybeNothingJust
Data.MaybemaybeisJust	isNothingfromJust	fromMaybemaybeToListlistToMaybe	catMaybesmapMaybeData.Semigroup.InternalAnygetAny	Semigroup<>sconcatstimesSumgetSumProduct
getProductData.SemigroupLastgetLastFirstgetFirstMingetMinMaxgetMaxAllgetAllEndoappEndoDualgetDualWrappedMonoid
WrapMonoidunwrapMonoidArgMaxArgMinArgstimesIdempotentstimesIdempotentMonoidstimesMonoidcycle1diffmtimesDefaultghc-prim	GHC.TypesOrderingLTEQGTGHC.ClassesOrdcompare>=<<=>maxminData.OrdDowngetDownclamp	comparingGHC.WordWord8WordWord64Word32Word16
byteSwap16
byteSwap32
byteSwap64bitReverse8bitReverse16bitReverse32bitReverse64showBytesHexnewMeasurementaddBytesReceivedaddBytesSentresetBytesCountersincrementNbHandshakesStateRNG#crypton-0.34-E5Dk5pqXKlDCTQoCaWkaffCrypto.RandomSeedseedNewseedToIntegerseedFromInteger
withTLSRNGnewStateRNGCrypto.Random.TypesMonadRandomgetRandomBytes	DHPrivateDHKeydhPublic	dhPrivatedhParamsdhParamsGetPdhParamsGetGdhParamsGetBitsdhGenerateKeyPairdhGetShareddhValiddhUnwrapdhUnwrapPublicSaved&&!saveMVarGHC.MVarMVarrestoreMVarsubtakelast
partition3
partition6
fmapEithercatchException
forEitherM
mapChunks_	getChunksdecodeASN1ObjectencodeASN1ObjectCrypto.Number.Serializeos2ipi2ospi2ospOf_GroupPublicGroupPrivateGroupKeygroupGenerateKeyPairgroupGetPubSharedgroupGetSharedencodeGroupPublicdecodeGroupPublicdhParamsForGroupdhGroupGenerateKeyPairdhGroupGetPubSharedkxCanUseRSApkcs1kxCanUseRSApsshashUpdateSSLHashContextHashCtxhashInit
hashUpdate	hashFinalhashhashNamehashBlockSize	PublicKey
PrivateKeySignatureParams	RSAParams	DSAParamsECDSAParamsEd25519ParamsEd448ParamsisKeyExchangeSignatureKeyfindKeyExchangeSignatureAlgfindFiniteFieldGroupfindEllipticCurveGroup	kxEncrypt	kxDecryptkxSignkxVerifykxSupportedPrivKeyECRSAEncodingRSApkcs1RSApss	DirectionRoleCertReqContextisTickettoSessionIDlifetimeageAddtxrxTimeestimatedRTT
ClientRole
ServerRole
invertRoleTxRxSecondMillisecondResumptionSecret
BaseSecretAnyTrafficSecretSecretTripletriBase	triClient	triServer
SecretPairpairBase
pairClient
MainSecretTrueNullCompressioncompressionIDcompressionDeflatecompressionInflatecompressionIntersectIDlastSupportedCertificateType
CipherDatacipherDataContentcipherDataMACcipherDataPaddingEID_ServerNameEID_MaxFragmentLengthEID_ClientCertificateUrlEID_TrustedCAKeysEID_TruncatedHMACEID_StatusRequestEID_UserMappingEID_ClientAuthzEID_ServerAuthzEID_CertTypeEID_SupportedGroupsEID_EcPointFormatsEID_SRPEID_SignatureAlgorithmsEID_SRTPEID_Heartbeat'EID_ApplicationLayerProtocolNegotiationEID_StatusRequestv2EID_SignedCertificateTimestampEID_ClientCertificateTypeEID_ServerCertificateTypeEID_PaddingEID_EncryptThenMACEID_ExtendedMainSecretEID_SessionTicketEID_PreSharedKeyEID_EarlyDataEID_SupportedVersions
EID_CookieEID_PskKeyExchangeModesEID_CertificateAuthoritiesEID_OidFiltersEID_PostHandshakeAuthEID_SignatureAlgorithmsCertEID_KeyShareEID_SecureRenegotiationfromExtensionIDDigitallySigned	SignatureData.X509.DistinguishedNameDistinguishedNameBigNumbigNumToIntegerbigNumFromIntegerServerDHParamsserverDHParams_pserverDHParams_gserverDHParams_yserverDHParamsToParamsserverDHParamsToPublicserverDHParamsFromServerECDHParamsServerRSAParamsrsa_modulusrsa_exponentServerKeyXchgAlgorithmDataSKX_DH_AnonSKX_DHE_DSASKX_DHE_RSASKX_ECDHE_RSASKX_ECDHE_ECDSASKX_RSA
SKX_DH_DSA
SKX_DH_RSASKX_UnparsedSKX_UnknownClientKeyXchgAlgorithmDataCKX_RSACKX_DHCKX_ECDHPacketAlertChangeCipherSpecAppDataFinishedData
VerifyDataSession
AlertLevelAlertLevel_WarningAlertLevel_FatalfromAlertLevelHandshakeTypeHandshakeType_HelloRequestHandshakeType_ClientHelloHandshakeType_ServerHelloHandshakeType_NewSessionTicketHandshakeType_EndOfEarlyData!HandshakeType_EncryptedExtensionsHandshakeType_CertificateHandshakeType_ServerKeyXchgHandshakeType_CertRequestHandshakeType_ServerHelloDoneHandshakeType_CertVerifyHandshakeType_ClientKeyXchgHandshakeType_FinishedHandshakeType_KeyUpdatefromHandshakeTypeFinishedCertificateClientHelloServerHelloHelloRequestServerHelloDoneClientKeyXchgServerKeyXchgCertRequest
CertVerifyNewSessionTicketCH	chSession	chCipherschExtensions
packetTypetypeOfHandshakePacket13Alert13ChangeCipherSpec13	AppData13ServerHello13NewSessionTicket13EndOfEarlyData13EncryptedExtensions13CertRequest13Certificate13CertVerify13
Finished13KeyUpdate13typeOfHandshake13contentType	KeyUpdateUpdateNotRequestedUpdateRequestedprf_TLSmacSSLhmacprf_MD5prf_SHA1
prf_SHA256prf_MD5SHA1ClientStateSendClientHelloRecvServerHelloSendClientFinishedServerStateSendServerHelloSendServerFinished%cereal-0.5.8.3-JKZKQMLMQ2v8uUoo8OtauqData.Serialize.GetGet	GetResultGotError
GotPartial
GotSuccessGotSuccessRemainingGetContinuationrunGet	runGetErrrunGetMaybetryGet	remaininggetWord8	getWords8	getWord16
getWords16	getWord24	getWord32	getWord64getBytes
getOpaque8getOpaque16getOpaque24getInteger16getBigNum16getListprocessBytesisEmptyData.Serialize.PutPutrunPutputWord8	putWords8	putWord16
putWords16	putWord24	putWord32	putWord64putBytes
putOpaque8putOpaque16putOpaque24putInteger16putBigNum16encodeWord16encodeWord32encodeWord64cParamsVersioncParamsKeyXchgType	getDNames	putDNames&decodeReallyServerKeyXchgAlgorithmDatagetPRFCurrentParamsdecodeHeaderencodeHeaderdecodeAlertdecodeAlertsencodeAlertsdecodeHandshakeRecorddecodeHandshakeencodeHandshakeencodeCertificatedecodeChangeCipherSpecencodeChangeCipherSpecdecodePreMainSecretencodePreMainSecretencodeSignedDHParamsencodeSignedECDHParamsgenerateMainSecretgenerateExtendedMainSecretgenerateKeyBlockgenerateClientFinishedgenerateServerFinishedgetSignatureHashAlgorithmputSignatureHashAlgorithmgetBinaryVersionputBinaryVersiongetClientRandom32putClientRandom32getServerRandom32putServerRandom32getExtensionsputExtension
getSession
putSessiongetHandshakeType
CryptStatecstKeycstIVcstMacSecretHasCryptLevelgetCryptLevelMacState
msSequenceRecordOptionsrecordVersionrecordTLS13RecordStatestCipherstCompressionstCryptLevelstCryptState
stMacStatenewRecordStateincrRecordStateRecordM
runRecordMgetRecordOptionsgetRecordVersionsetRecordIVwithCompressioncomputeDigest
makeDigestgetBulkgetMacSequenceRecordfragmentCompressfragmentCipherfragmentUncipherfragmentUncompressrecordToRawrawToRecordrecordToHeaderFragmentfragmentGetBytesfragmentPlaintextfragmentCompressedfragmentCiphertext	Plaintext
Compressed
CiphertextonRecordFragmentengageRecorddisengageRecordencodeHandshake13decodeHandshakeRecord13decodeHandshake13decodeHandshakes13encodeCertificate13CertReqCBdatahstCertReqTokenhstCertReqCBdatahstCertReqSigAlgsCerthstClientCertSenthstCertReqSentfoldHandshakeDigestsetMainSecretFromPresetMainSecretsetServerHelloParametersHandshakeStatehstClientVersionhstClientRandomhstServerRandomhstMainSecrethstKeyStatehstServerDHParamshstDHPrivatehstServerECDHParamshstGroupPrivatehstHandshakeDigesthstHandshakeMessageshstClientCertChainhstPendingTxStatehstPendingRxStatehstPendingCipherhstPendingCompressionhstExtendedMainSecrethstSupportedGrouphstTLS13HandshakeModehstTLS13RTT0StatushstTLS13EarlySecrethstTLS13ResumptionSecrethstCCS13SentHandshakeDigestHandshakeMessagesHandshakeDigestContext
RTT0StatusRTT0NoneRTT0SentRTT0AcceptedRTT0Rejected
HandshakeMnewEmptyHandshakerunHandshakesetPublicKeysetPublicPrivateKeysgetLocalPublicPrivateKeysgetRemotePublicKeysetServerDHParamsgetServerDHParamssetServerECDHParamsgetServerECDHParamssetDHPrivategetDHPrivatesetGroupPrivategetGroupPrivatesetClientCertSentgetClientCertSentsetCertReqSentgetCertReqSentsetClientCertChaingetClientCertChainsetCertReqTokengetCertReqTokensetCertReqCBdatagetCertReqCBdatasetCertReqSigAlgsCertgetCertReqSigAlgsCertaddHandshakeMessageupdateHandshakeDigestgetHandshakeMessagesgetHandshakeMessagesRevgetHandshakeDigestgetPendingCiphersetExtendedMainSecretgetExtendedMainSecretsetSupportedGroupgetSupportedGroupsetTLS13HandshakeModegetTLS13HandshakeModesetTLS13RTT0StatusgetTLS13RTT0StatussetTLS13EarlySecretgetTLS13EarlySecretsetTLS13ResumptionSecretgetTLS13ResumptionSecretsetCCS13SentgetCCS13SentderiveSecretExtendedMainSecret#ApplicationLayerProtocolNegotiationSecureRenegotiationMaxFragmentLength
ServerName	ExtensionsupportedExtensionsextensionDecodeextensionEncodeextensionIDdefinedExtensionsServerNameTypeServerNameHostNameServerNameOtherMaxFragmentLengthOtherSupportedGroupsEcPointFormatsSupportedEcPointFormatEcPointFormat_Uncompressed'EcPointFormat_AnsiX962_compressed_prime'EcPointFormat_AnsiX962_compressed_char2SessionTicket	HeartBeatHeartBeatModeHeartBeat_PeerAllowedToSendHeartBeat_PeerNotAllowedToSendSignatureAlgorithmsSignatureAlgorithmsCertSupportedVersionsSupportedVersionsClientHelloSupportedVersionsServerHelloKeyShareKeyShareClientHelloKeyShareServerHelloKeyShareHRRKeyShareEntrykeyShareEntryGroupkeyShareEntryKeyExchangeMessageTypeMsgTClientHelloMsgTServerHelloMsgTHelloRetryRequestMsgTEncryptedExtensionsMsgTNewSessionTicketMsgTCertificateRequestPostHandshakeAuth
PskKexModePSK_KE
PSK_DHE_KEPskKeyExchangeModesPskIdentityPreSharedKeyClientHelloPreSharedKeyServerHelloEarlyDataIndicationCookieCertificateAuthoritiesTLSState	stSessionstSessionResumingstSecureRenegotiationstClientVerifyDatastServerVerifyDatastServerCertificateChainstExtensionALPNstHandshakeRecordContstNegotiatedProtocolstHandshakeRecordCont13stClientALPNSuggeststClientGroupSuggeststClientEcPointFormatSuggeststClientCertificateChainstClientSNIstRandomGen	stVersionstClientContextstTLS13KeySharestTLS13PreSharedKey
stTLS13HRRstTLS13CookiestExporterSecretstClientSupportsPHAstTLS12SessionTicketTLSStrunTLSStatenewTLSStatesetVerifyDataForSendsetVerifyDataForRecvgetVerifyDatagetMyVerifyDatagetPeerVerifyDatagetFirstVerifyDatafinishedHandshakeTypeMaterialfinishedHandshakeMaterialcertVerifyHandshakeTypeMaterialcertVerifyHandshakeMaterial
setVersionsetVersionIfUnset
getVersiongetVersionWithDefaultsetSecureRenegotiationgetSecureRenegotiationsetExtensionALPNgetExtensionALPNsetNegotiatedProtocolsetClientALPNSuggestgetClientALPNSuggestsetClientEcPointFormatSuggestgetClientEcPointFormatSuggestsetClientSNIsetClientCertificateChaingetServerCertificateChainsetServerCertificateChain
setSessionisSessionResuminggetRolesetExporterSecretgetExporterSecretsetTLS13KeySharegetTLS13KeySharesetTLS13PreSharedKeygetTLS13PreSharedKeysetTLS13HRRgetTLS13HRRsetTLS13CookiegetTLS13CookiesetClientSupportsPHAgetClientSupportsPHAsetTLS12SessionTicketgetTLS12SessionTicket	genRandomwithRNGData.X509.CertificateChainCertificateChainData.X509.CertcertVersion
certSerialcertSignatureAlgcertIssuerDNcertValiditycertSubjectDN
certPubKeycertExtensions	Data.X509SignedCertificategetCertificateisNullCertificateChaingetCertificateChainLeaf/crypton-x509-store-1.6.9-A0HOMV9aTdyHu7OvQp2eYnData.X509.CertificateStoreCertificateStorevalidateDefaultFailedReasonData.X509.Validation.Types	ServiceIDwrapCertificateChecks
pubkeyTypedefaultHookscredentialMatchesHashSignaturescredentialsFindForSigningcredentialsFindForDecrypting credentialsListSigningAlgorithmscredentialPublicPrivateKeysFalsememptyCommonParamsPendingRecvActionBoolPendingRecvActionHash	lockWritelockRead	lockStatectxEOF_ctxEstablished_ctxTxRecordStatectxRxRecordStatectxHandshakeStatectxRoleParamsctxCertRequestsctxNeedEmptyPacketctxFragmentSizectxSupported	ctxSharedctxTLSStatectxMeasurementctxLocksctxKeyLoggerctxHooksctxTLS13StatectxPendingRecvActionsctxPendingSendActionctxRecordLayerctxHandshakeSyncctxQUICModeEstablishedNotEstablishedEarlyDataAllowedEarlyDataNotAllowedEarlyDataSendingRecordLayerrecordEncoderecordEncode13recordSendBytes
recordRecvrecordRecv13Locks
RoleParamsdoHandshake_doHandshakeWith_doRequestCertificate_doPostHandshakeAuthWith_ctxEOFctxEstablishedwithLogctxWithHookssetEOFsetEstablishedcontextSendcontextRecvupdateRecordLayerupdateMeasurewithMeasurewithReadLockwithWriteLockwithStateLock
withRWLock	throwCorefailOnEitherError
usingStateusingState_runTxRecordStaterunRxRecordStateusingHState	getHState
saveHStaterestoreHStategetStateRNGtls13orLateraddCertRequest13getCertRequest13decideRecordVersionHandshakeSync
TLS13Statetls13stRecvNSTtls13stSentClientCerttls13stRecvSFtls13stSentCFtls13stRecvCFtls13stPendingRecvDatatls13stPendingSentData
tls13stRTTtls13st0RTTtls13st0RTTAcceptedtls13stClientExtensionstls13stChoicetls13stHsKeytls13stSessiontls13stSentExtensionsdefaultTLS13StategetTLS13StatemodifyTLS13StateCipherChoicecVersioncCiphercHashcZeromakeCipherChoiceencodeRecordencodeRecord13	sendBytes
recvRecordrecvRecord13processPacketprocessPacket13TrafficSecretgetTxRecordStategetRxRecordStatesetTxRecordStatesetRxRecordState
getTxLevel
getRxLevelclearTxRecordStateclearRxRecordStatesetHelloParameters13transcriptHashwrapAsMessageHash13setPendingRecvActionspopPendingRecvActionserverRandomisDowngradedclientRandom	hrrRandomisHelloRetryRequestencodePacket12encodePacket13updateHandshake12updateHandshake13PacketFlightMsendPacket12recvPacket12sendPacket13recvPacket13isRecvComplete
checkValidrunPacketFlightloadPacket13processHandshake12processHandshake13startHandshakecheckDigitalSignatureKeyisDigitalSignaturePairsatisfiesEcPredicate
encryptRSAsignPrivate
decryptRSAverifyPublicgenerateDHEgenerateECDHEgenerateECDHESharedgenerateFFDHEgenerateFFDHESharedversionCompatiblegetLocalPublicKeylogKeycertificateCompatiblehashSigToCertTypecreateCertificateVerifycheckCertificateVerifydigitallySignDHParamsdigitallySignECDHParamsdigitallySignDHParamsVerifydigitallySignECDHParamsVerifycheckSupportedHashSignaturesignatureCompatiblesignatureCompatible13signatureParamsdecryptErrorhandshakeDone12onRecvStateHandshakestorePrivInfohandshakeFailedhandleException
unexpected
newSessionensureNullCompressionsendCCSandFinished	RecvStateRecvStatePacketRecvStateHandshakeRecvStateDonerunRecvStaterunRecvStateHSrecvPacketHandshakeensureRecvCompleteprocessExtendedMainSecretextensionLookupgetSessionDataisSupportedGroupcheckSupportedGrouperrorToAlertexpectFinishedprocessCertificateprocessClientHellocertificateRejectedbadCertificaterejectOnExceptionverifyLeafKeyUsageextractCAnamehandshakeDone13makeFinishedcheckFinishedmakeServerKeySharemakeClientKeySharefromServerKeySharemakeCertVerifycheckCertVerifymakePSKBinderreplacePSKBindersendChangeCipherSpec13makeCertRequestcreateTLS13TicketInfoageToObfuscatedAge
isAgeValidgetAgecheckFreshnessgetCurrentTimeFromBasegetSessionData13isHashSignatureValid13safeNonNegative32RecvHandshake13MrunRecvHandshake13recvHandshake13recvHandshake13hashinitEarlySecretcalculateEarlySecretcalculateHandshakeSecretcalculateApplicationSecretcalculateResumptionSecret	derivePSKcheckKeyShareKeyLengthsetRTTprocessClientHello13sendHRRapplicationProtocolcheckValidClientCertChainclientCertificatecredentialDigitalSignatureKeyfilterCredentials#filterCredentialsWithHashSignaturesisCredentialAllowedstorePrivInfoServerrecvClientSecondFlight13postHandshakeAuthServerWithrecvClientCCCrecvClientSecondFlight12sendServerHello13sendServerHello12processClinetHello12handshakeServerhandshakeServerWithrequestCertificateServersupportedCtypesclientChainstorePrivInfoClientgetLocalHashSigAlgthrowMiscErrorOnExceptiondoServerKeyExchangedoCertificatesigAlgsToCertTypessetALPNcontextSyncsendClientCCCrecvServerFirstFlight12sendClientSecondFlight12recvServerSecondFlight12processServerHellorecvServerHelloprocessServerHello13recvServerSecondFlight13sendClientSecondFlight13asyncServerHello13postHandshakeAuthClientWithsendClientHellogetPreSharedKeyInfohandshakeClienthandshakeClientWithpostHandshakeAuthWith
handshake_handshakeWithnewTransparentRecordLayer