Start a TLS-secured TCP server that accepts incoming connections and handles each of them concurrently, in different threads.

Any acquired network resources are properly closed and discarded when done or in case of exceptions. This function binds a listening socket, accepts an incoming connection, performs a TLS handshake and then safely closes the connection when done or in case of exceptions. You don't need to perform any of those steps manually.

Bind a TCP listening socket and use it.

The listening socket is closed when done or in case of exceptions.

If you prefer to acquire and close the socket yourself, then use bindSock and the listen and sClose functions from Network.Socket instead.

Note: maxListenQueue is tipically 128, which is too small for high performance servers. So, we use the maximum between maxListenQueue and 2048 as the default size of the listening queue. The NoDelay and ReuseAddr options are set on the socket.

Accepts a single incomming TLS-secured TCP connection and use it.

A TLS handshake is performed immediately after establishing the TCP connection.

The connection is properly closed when done or in case of exceptions. If you need to manage the lifetime of the connection resources yourself, then use acceptTls instead.

Like accept, except it uses a different thread to performs the TLS handshake and run the given computation.

Abstract type representing the configuration settings for a TLS server.

Use makeServerSettings to obtain your ServerSettings value, and updateServerParams to update it.

Make default ServerSettings.

The following TLS settings are used by default:

Supported versions

TLS10, TLS11, TLS12.

Supported cipher suites for TLS10

In decreasing order of preference: cipher_AES256_SHA256, cipher_AES256_SHA1, cipher_AES128_SHA256, cipher_AES128_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5. The cipher suite preferred by the client is used.

Supported cipher suites for TLS11 and TLS12

In decreasing order of preference: cipher_AES256_SHA256, cipher_AES256_SHA1, cipher_AES128_SHA256, cipher_AES128_SHA1. The cipher suite preferred by the client is used.

Update advanced TLS server configuration Params. See the Network.TLS module for details.

A Lens into the TLS server configuration Params. See the Network.TLS and the lens package for details.

Connect to a TLS-secured TCP server and use the connection

A TLS handshake is performed immediately after establishing the TCP connection.

The connection is properly closed when done or in case of exceptions. If you need to manage the lifetime of the connection resources yourself, then use connectTls instead.

Abstract type representing the configuration settings for a TLS client.

Use makeClientSettings or getDefaultClientSettings to obtain your ClientSettings value.

Make defaults ClientSettings.

The following TLS settings are used by default:

Supported versions

TLS10, TLS11, TLS12.

Version reported during ClientHello

TLS10.

Supported cipher suites

In decreasing order of preference: cipher_AES256_SHA256, cipher_AES256_SHA1, cipher_AES128_SHA256, cipher_AES128_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5.

Get the system default ClientSettings.

See makeClientSettings for the for the default TLS settings used.

Update advanced TLS client configuration Params. See the Network.TLS module for details.

A Lens into the TLS client configuration Params. See the Network.TLS and the lens package for details.

Primary certificate, private key and the rest of the certificate chain.

Convert client Credential to the format expected by pCertificates.

Receives decrypted bytes from the given Context. Returns Nothing on EOF.

Up to 16384 decrypted bytes will be received at once. The TLS connection is automatically renegotiated if a ClientHello message is received.

Encrypts the given strict ByteString and sends it through the Context.

Estalbishes a TCP connection to a remote server and returns a TLS Context configured on top of it using the given ClientSettings. The remote end address is also returned.

Prefer to use connect if you will be used the obtained Context within a limited scope.

You need to call handshake on the resulting Context before using it for communication purposes, and bye afterwards. The useTls or useTlsThenCloseFork functions can perform those steps for you.

Accepts an incoming TCP connection and returns a TLS Context configured on top of it using the given ServerSettings. The remote end address is also returned.

Prefer to use accept if you will be used the obtained Context within a limited scope.

You need to call handshake on the resulting Context before using it for communication purposes, and bye afterwards. The useTls or useTlsThenCloseFork functions can perform those steps for you.

Perform a TLS handshake on the given Context, then perform the given action and at last say bye, even in case of exceptions.

This function discards ResourceVanished exceptions that will happen when trying to say bye if the remote end has done it before.

Similar to useTls, except it performs the all the IO actions safely in a new thread and closes the connection backend after using it. Use this instead of forking useTls yourself.

This function discards ResourceVanished exceptions that will happen when trying to close the connection backend if the remote end has done it before.

On Windows operating systems, the networking subsystem has to be initialised using withSocketsDo before any networking operations can be used. eg.

 main = withSocketsDo $ do {...}

Although this is only strictly necessary on Windows platforms, it is harmless on other platforms, so for portability it is good practice to use it all the time.

Preferred host to bind.