-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | TLS extra default values and helpers -- -- a set of extra definitions, default values and helpers for tls. @package tls-extra @version 0.2.2 module Network.TLS.Extra -- | all encrypted ciphers supported ordered from strong to weak. this -- choice of ciphersuite should satisfy most normal need ciphersuite_all :: [Cipher] -- | list of medium ciphers. ciphersuite_medium :: [Cipher] -- | the strongest ciphers supported. ciphersuite_strong :: [Cipher] -- | all unencrypted ciphers, do not use on insecure network. ciphersuite_unencrypted :: [Cipher] -- | this is not stricly a usable cipher; it's the initial cipher of a TLS -- connection cipher_null_null :: Cipher -- | unencrypted cipher using RSA for key exchange and SHA1 for digest cipher_null_SHA1 :: Cipher -- | unencrypted cipher using RSA for key exchange and MD5 for digest cipher_null_MD5 :: Cipher -- | RC4 cipher, RSA key exchange and MD5 for digest cipher_RC4_128_MD5 :: Cipher -- | RC4 cipher, RSA key exchange and SHA1 for digest cipher_RC4_128_SHA1 :: Cipher -- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest cipher_AES128_SHA1 :: Cipher -- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest cipher_AES256_SHA1 :: Cipher -- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest cipher_AES128_SHA256 :: Cipher -- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest cipher_AES256_SHA256 :: Cipher -- | verify a certificates chain using the system certificates available. -- -- each certificate of the list is verified against the next certificate, -- until it can be verified against a system certificate (system -- certificates are assumed as trusted) -- -- This helper only check that the chain of certificate is valid, which -- means that each items received are signed by the next one, or by a -- system certificate. Some extra checks need to be done at the user -- level so that the certificate chain received make sense in the -- context. -- -- for example for HTTP, the user should typically verify the certificate -- subject match the URL of connection. -- -- TODO: verify validity, check revocation list if any, add optional user -- output to know the rejection reason. certificateVerifyChain :: [X509] -> IO Bool -- | verify a certificate against another one. the first certificate need -- to be signed by the second one for this function to succeed. certificateVerifyAgainst :: X509 -> X509 -> IO Bool -- | Verify that the given certificate chain is application to the given -- fully qualified host name. certificateVerifyDomain :: String -> [X509] -> Bool -- | open a TCP client connection to a destination and port description -- (number or name) connectionClient :: CryptoRandomGen g => String -> String -> TLSParams -> g -> IO TLSCtx