Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Native Haskell TLS protocol implementation for servers and clients.
This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.
Currently implement the TLS1.2 and TLS 1.3 protocol, and support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many extensions.
The tipical usage is:
socket <- ... ctx <- contextNew socket <params> handshake ctx ... (using recvData and sendData) bye
Synopsis
- data Context
- contextNew :: (MonadIO m, HasBackend backend, TLSParams params) => backend -> params -> m Context
- handshake :: MonadIO m => Context -> m ()
- sendData :: MonadIO m => Context -> ByteString -> m ()
- recvData :: MonadIO m => Context -> m ByteString
- bye :: MonadIO m => Context -> m ()
- class HasBackend a where
- initializeBackend :: a -> IO ()
- getBackend :: a -> Backend
- data Backend = Backend {
- backendFlush :: IO ()
- backendClose :: IO ()
- backendSend :: ByteString -> IO ()
- backendRecv :: Int -> IO ByteString
- class TLSParams a
- data ClientParams
- defaultParamsClient :: HostName -> ByteString -> ClientParams
- clientUseMaxFragmentLength :: ClientParams -> Maybe MaxFragmentEnum
- clientServerIdentification :: ClientParams -> (HostName, ByteString)
- clientUseServerNameIndication :: ClientParams -> Bool
- clientWantSessionResume :: ClientParams -> Maybe (SessionID, SessionData)
- clientWantSessionResumeList :: ClientParams -> [(SessionID, SessionData)]
- clientShared :: ClientParams -> Shared
- clientHooks :: ClientParams -> ClientHooks
- clientSupported :: ClientParams -> Supported
- clientDebug :: ClientParams -> DebugParams
- clientUseEarlyData :: ClientParams -> Bool
- data ServerParams
- serverWantClientCert :: ServerParams -> Bool
- serverCACertificates :: ServerParams -> [SignedCertificate]
- serverDHEParams :: ServerParams -> Maybe DHParams
- serverHooks :: ServerParams -> ServerHooks
- serverShared :: ServerParams -> Shared
- serverSupported :: ServerParams -> Supported
- serverDebug :: ServerParams -> DebugParams
- serverEarlyDataSize :: ServerParams -> Int
- serverTicketLifetime :: ServerParams -> Int
- data Shared
- sharedCredentials :: Shared -> Credentials
- sharedSessionManager :: Shared -> SessionManager
- sharedCAStore :: Shared -> CertificateStore
- sharedValidationCache :: Shared -> ValidationCache
- sharedHelloExtensions :: Shared -> [ExtensionRaw]
- data ClientHooks
- type OnCertificateRequest = ([CertificateType], Maybe [HashAndSignatureAlgorithm], [DistinguishedName]) -> IO (Maybe (CertificateChain, PrivKey))
- onCertificateRequest :: ClientHooks -> OnCertificateRequest
- type OnServerCertificate = CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason]
- onServerCertificate :: ClientHooks -> OnServerCertificate
- onSuggestALPN :: ClientHooks -> IO (Maybe [ByteString])
- onCustomFFDHEGroup :: ClientHooks -> DHParams -> DHPublic -> IO GroupUsage
- onServerFinished :: ClientHooks -> Information -> IO ()
- data ServerHooks
- onClientCertificate :: ServerHooks -> CertificateChain -> IO CertificateUsage
- onUnverifiedClientCert :: ServerHooks -> IO Bool
- onCipherChoosing :: ServerHooks -> Version -> [Cipher] -> Cipher
- onServerNameIndication :: ServerHooks -> Maybe HostName -> IO Credentials
- onNewHandshake :: ServerHooks -> Measurement -> IO Bool
- onALPNClientSuggest :: ServerHooks -> Maybe ([ByteString] -> IO ByteString)
- onEncryptedExtensionsCreating :: ServerHooks -> [ExtensionRaw] -> IO [ExtensionRaw]
- data Measurement
- nbHandshakes :: Measurement -> Word32
- bytesReceived :: Measurement -> Word32
- bytesSent :: Measurement -> Word32
- data Supported
- supportedVersions :: Supported -> [Version]
- supportedCiphers :: Supported -> [Cipher]
- supportedCompressions :: Supported -> [Compression]
- supportedHashSignatures :: Supported -> [HashAndSignatureAlgorithm]
- supportedSecureRenegotiation :: Supported -> Bool
- supportedClientInitiatedRenegotiation :: Supported -> Bool
- supportedExtendedMainSecret :: Supported -> EMSMode
- supportedSession :: Supported -> Bool
- supportedFallbackScsv :: Supported -> Bool
- supportedEmptyPacket :: Supported -> Bool
- supportedGroups :: Supported -> [Group]
- data DebugParams
- debugSeed :: DebugParams -> Maybe Seed
- debugPrintSeed :: DebugParams -> Seed -> IO ()
- debugVersionForced :: DebugParams -> Maybe Version
- debugKeyLogger :: DebugParams -> String -> IO ()
- newtype Credentials = Credentials [Credential]
- type Credential = (CertificateChain, PrivKey)
- credentialLoadX509 :: FilePath -> FilePath -> IO (Either String Credential)
- credentialLoadX509FromMemory :: ByteString -> ByteString -> Either String Credential
- credentialLoadX509Chain :: FilePath -> [FilePath] -> FilePath -> IO (Either String Credential)
- credentialLoadX509ChainFromMemory :: ByteString -> [ByteString] -> ByteString -> Either String Credential
- data SessionManager
- noSessionManager :: SessionManager
- sessionResume :: SessionManager -> SessionIDorTicket -> IO (Maybe SessionData)
- sessionResumeOnlyOnce :: SessionManager -> SessionIDorTicket -> IO (Maybe SessionData)
- sessionEstablish :: SessionManager -> SessionIDorTicket -> SessionData -> IO (Maybe Ticket)
- sessionInvalidate :: SessionManager -> SessionIDorTicket -> IO ()
- sessionUseTicket :: SessionManager -> Bool
- type SessionID = ByteString
- type SessionIDorTicket = ByteString
- type Ticket = ByteString
- data SessionData
- sessionVersion :: SessionData -> Version
- sessionCipher :: SessionData -> CipherID
- sessionCompression :: SessionData -> CompressionID
- sessionClientSNI :: SessionData -> Maybe HostName
- sessionSecret :: SessionData -> ByteString
- sessionGroup :: SessionData -> Maybe Group
- sessionTicketInfo :: SessionData -> Maybe TLS13TicketInfo
- sessionALPN :: SessionData -> Maybe ByteString
- sessionMaxEarlyDataSize :: SessionData -> Int
- sessionFlags :: SessionData -> [SessionFlag]
- data SessionFlag = SessionEMS
- data TLS13TicketInfo
- is0RTTPossible :: SessionData -> Bool
- data ValidationCache = ValidationCache {}
- type ValidationCacheQueryCallback = ServiceID -> Fingerprint -> Certificate -> IO ValidationCacheResult
- type ValidationCacheAddCallback = ServiceID -> Fingerprint -> Certificate -> IO ()
- data ValidationCacheResult
- exceptionValidationCache :: [(ServiceID, Fingerprint)] -> ValidationCache
- newtype Version where
- data Compression = forall a.CompressionC a => Compression a
- nullCompression :: Compression
- type HashAndSignatureAlgorithm = (HashAlgorithm, SignatureAlgorithm)
- supportedSignatureSchemes :: [HashAndSignatureAlgorithm]
- newtype HashAlgorithm where
- HashAlgorithm { }
- pattern HashMD5 :: HashAlgorithm
- pattern HashSHA1 :: HashAlgorithm
- pattern HashSHA224 :: HashAlgorithm
- pattern HashSHA256 :: HashAlgorithm
- pattern HashSHA384 :: HashAlgorithm
- pattern HashSHA512 :: HashAlgorithm
- pattern HashNone :: HashAlgorithm
- pattern HashIntrinsic :: HashAlgorithm
- newtype SignatureAlgorithm where
- SignatureAlgorithm { }
- pattern SignatureAnonymous :: SignatureAlgorithm
- pattern SignatureRSA :: SignatureAlgorithm
- pattern SignatureDSA :: SignatureAlgorithm
- pattern SignatureECDSA :: SignatureAlgorithm
- pattern SignatureRSApssRSAeSHA256 :: SignatureAlgorithm
- pattern SignatureRSApssRSAeSHA384 :: SignatureAlgorithm
- pattern SignatureRSApssRSAeSHA512 :: SignatureAlgorithm
- pattern SignatureEd25519 :: SignatureAlgorithm
- pattern SignatureEd448 :: SignatureAlgorithm
- pattern SignatureRSApsspssSHA256 :: SignatureAlgorithm
- pattern SignatureRSApsspssSHA384 :: SignatureAlgorithm
- pattern SignatureRSApsspssSHA512 :: SignatureAlgorithm
- newtype Group where
- supportedNamedGroups :: [Group]
- data EMSMode
- = NoEMS
- | AllowEMS
- | RequireEMS
- type DHParams = Params
- type DHPublic = PublicNumber
- data GroupUsage
- data CertificateUsage
- data CertificateRejectReason
- newtype CertificateType where
- CertificateType { }
- pattern CertificateType_RSA_Sign :: CertificateType
- pattern CertificateType_DSA_Sign :: CertificateType
- pattern CertificateType_ECDSA_Sign :: CertificateType
- pattern CertificateType_Ed25519_Sign :: CertificateType
- pattern CertificateType_Ed448_Sign :: CertificateType
- type HostName = String
- data MaxFragmentEnum
- ctxBackend :: Context -> Backend
- contextFlush :: Context -> IO ()
- contextClose :: Context -> IO ()
- data Information
- contextGetInformation :: Context -> IO (Maybe Information)
- infoVersion :: Information -> Version
- infoCipher :: Information -> Cipher
- infoCompression :: Information -> Compression
- infoMainSecret :: Information -> Maybe ByteString
- infoExtendedMainSecret :: Information -> Bool
- infoClientRandom :: Information -> Maybe ClientRandom
- infoServerRandom :: Information -> Maybe ServerRandom
- infoSupportedGroup :: Information -> Maybe Group
- infoTLS12Resumption :: Information -> Bool
- infoTLS13HandshakeMode :: Information -> Maybe HandshakeMode13
- infoIsEarlyDataAccepted :: Information -> Bool
- data ClientRandom
- data ServerRandom
- unClientRandom :: ClientRandom -> ByteString
- unServerRandom :: ServerRandom -> ByteString
- data HandshakeMode13
- getClientCertificateChain :: Context -> IO (Maybe CertificateChain)
- getNegotiatedProtocol :: MonadIO m => Context -> m (Maybe ByteString)
- getClientSNI :: MonadIO m => Context -> m (Maybe HostName)
- updateKey :: MonadIO m => Context -> KeyUpdateRequest -> m Bool
- data KeyUpdateRequest
- requestCertificate :: Context -> IO Bool
- getTLSUnique :: Context -> IO (Maybe ByteString)
- getTLSExporter :: Context -> IO (Maybe ByteString)
- getTLSServerEndPoint :: Context -> IO (Maybe ByteString)
- getFinished :: Context -> IO (Maybe VerifyData)
- getPeerFinished :: Context -> IO (Maybe VerifyData)
- data Hooks
- hookRecvHandshake :: Hooks -> Handshake -> IO Handshake
- hookRecvHandshake13 :: Hooks -> Handshake13 -> IO Handshake13
- hookRecvCertificates :: Hooks -> CertificateChain -> IO ()
- hookLogging :: Hooks -> Logging
- contextModifyHooks :: Context -> (Hooks -> Hooks) -> IO ()
- data Handshake
- contextHookSetHandshakeRecv :: Context -> (Handshake -> IO Handshake) -> IO ()
- data Handshake13
- contextHookSetHandshake13Recv :: Context -> (Handshake13 -> IO Handshake13) -> IO ()
- contextHookSetCertificateRecv :: Context -> (CertificateChain -> IO ()) -> IO ()
- data Logging
- loggingPacketSent :: Logging -> String -> IO ()
- loggingPacketRecv :: Logging -> String -> IO ()
- loggingIOSent :: Logging -> ByteString -> IO ()
- loggingIORecv :: Logging -> Header -> ByteString -> IO ()
- data Header = Header ProtocolType Version Word16
- newtype ProtocolType where
- ProtocolType { }
- pattern ProtocolType_ChangeCipherSpec :: ProtocolType
- pattern ProtocolType_Alert :: ProtocolType
- pattern ProtocolType_Handshake :: ProtocolType
- pattern ProtocolType_AppData :: ProtocolType
- contextHookSetLogging :: Context -> Logging -> IO ()
- data TLSError
- data KxError
- newtype AlertDescription where
- AlertDescription { }
- pattern DecodeError :: AlertDescription
- pattern CloseNotify :: AlertDescription
- pattern UnexpectedMessage :: AlertDescription
- pattern BadRecordMac :: AlertDescription
- pattern DecryptionFailed :: AlertDescription
- pattern RecordOverflow :: AlertDescription
- pattern DecompressionFailure :: AlertDescription
- pattern HandshakeFailure :: AlertDescription
- pattern BadCertificate :: AlertDescription
- pattern UnsupportedCertificate :: AlertDescription
- pattern CertificateRevoked :: AlertDescription
- pattern CertificateExpired :: AlertDescription
- pattern CertificateUnknown :: AlertDescription
- pattern IllegalParameter :: AlertDescription
- pattern UnknownCa :: AlertDescription
- pattern AccessDenied :: AlertDescription
- pattern DecryptError :: AlertDescription
- pattern ExportRestriction :: AlertDescription
- pattern ProtocolVersion :: AlertDescription
- pattern InsufficientSecurity :: AlertDescription
- pattern InternalError :: AlertDescription
- pattern InappropriateFallback :: AlertDescription
- pattern UserCanceled :: AlertDescription
- pattern NoRenegotiation :: AlertDescription
- pattern MissingExtension :: AlertDescription
- pattern UnsupportedExtension :: AlertDescription
- pattern CertificateUnobtainable :: AlertDescription
- pattern UnrecognizedName :: AlertDescription
- pattern BadCertificateStatusResponse :: AlertDescription
- pattern BadCertificateHashValue :: AlertDescription
- pattern UnknownPskIdentity :: AlertDescription
- pattern CertificateRequired :: AlertDescription
- pattern NoApplicationProtocol :: AlertDescription
- data TLSException
- class CompressionC a where
- compressionCID :: a -> CompressionID
- compressionCDeflate :: a -> ByteString -> (a, ByteString)
- compressionCInflate :: a -> ByteString -> (a, ByteString)
- type CompressionID = Word8
- data PubKey
- data PrivKey
- data CipherKeyExchangeType
- data Bulk = Bulk {
- bulkName :: String
- bulkKeySize :: Int
- bulkIVSize :: Int
- bulkExplicitIV :: Int
- bulkAuthTagLen :: Int
- bulkBlockSize :: Int
- bulkF :: BulkFunctions
- data BulkFunctions
- = BulkBlockF (BulkDirection -> BulkKey -> BulkBlock)
- | BulkStreamF (BulkDirection -> BulkKey -> BulkStream)
- | BulkAeadF (BulkDirection -> BulkKey -> BulkAEAD)
- data BulkDirection
- data BulkState
- newtype BulkStream = BulkStream (ByteString -> (ByteString, BulkStream))
- type BulkBlock = BulkIV -> ByteString -> (ByteString, BulkIV)
- type BulkAEAD = BulkNonce -> ByteString -> BulkAdditionalData -> (ByteString, AuthTag)
- bulkInit :: Bulk -> BulkDirection -> BulkKey -> BulkState
- data Hash
- data Cipher = Cipher {}
- type CipherID = Word16
- cipherKeyBlockSize :: Cipher -> Int
- type BulkKey = ByteString
- type BulkIV = ByteString
- type BulkNonce = ByteString
- type BulkAdditionalData = ByteString
- cipherAllowedForVersion :: Version -> Cipher -> Bool
- hasMAC :: BulkFunctions -> Bool
- hasRecordIV :: BulkFunctions -> Bool
- recvData' :: MonadIO m => Context -> m ByteString
- type Bytes = ByteString
- data ValidationChecks = ValidationChecks {}
- data ValidationHooks = ValidationHooks {
- hookMatchSubjectIssuer :: DistinguishedName -> Certificate -> Bool
- hookValidateTime :: DateTime -> Certificate -> [FailedReason]
- hookValidateName :: HostName -> Certificate -> [FailedReason]
- hookFilterReason :: [FailedReason] -> [FailedReason]
Basic APIs
:: (MonadIO m, HasBackend backend, TLSParams params) | |
=> backend | Backend abstraction with specific method to interact with the connection type. |
-> params | Parameters of the context. |
-> m Context |
create a new context using the backend and parameters specified.
handshake :: MonadIO m => Context -> m () Source #
Handshake for a new TLS connection
This is to be called at the beginning of a connection, and during renegotiation.
Don't use this function as the acquire resource of bracket
.
sendData :: MonadIO m => Context -> ByteString -> m () Source #
sendData sends a bunch of data. It will automatically chunk data to acceptable packet size
recvData :: MonadIO m => Context -> m ByteString Source #
Get data out of Data packet, and automatically renegotiate if a Handshake ClientHello is received. An empty result means EOF.
bye :: MonadIO m => Context -> m () Source #
Notify the context that this side wants to close connection. This is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2). This doesn't actually close the handle.
Proper usage is as follows:
ctx <- contextNew <backend> <params> handshake ctx ... bye
The following code ensures nothing but is no harm.
bracket (contextNew <backend> <params>) bye $ \ctx -> do handshake ctx ...
Exceptions
Since 1.8.0, this library only throws exceptions of type TLSException
.
In the common case where the chosen backend is socket, IOException
may be thrown as well. This happens because the backend for sockets,
opaque to most modules in the tls
library, throws those exceptions.
Backend abstraction
class HasBackend a where Source #
initializeBackend :: a -> IO () Source #
getBackend :: a -> Backend Source #
Instances
HasBackend Handle Source # | |
Defined in Network.TLS.Backend initializeBackend :: Handle -> IO () Source # getBackend :: Handle -> Backend Source # | |
HasBackend Socket Source # | |
Defined in Network.TLS.Backend initializeBackend :: Socket -> IO () Source # getBackend :: Socket -> Backend Source # | |
HasBackend Backend Source # | |
Defined in Network.TLS.Backend initializeBackend :: Backend -> IO () Source # getBackend :: Backend -> Backend Source # |
Connection IO backend
Backend | |
|
Instances
HasBackend Backend Source # | |
Defined in Network.TLS.Backend initializeBackend :: Backend -> IO () Source # getBackend :: Backend -> Backend Source # |
Parameters
getTLSCommonParams, getTLSRole, doHandshake, doHandshakeWith, doRequestCertificate, doPostHandshakeAuthWith
Instances
TLSParams ClientParams Source # | |
Defined in Network.TLS.Context getTLSCommonParams :: ClientParams -> CommonParams getTLSRole :: ClientParams -> Role doHandshake :: ClientParams -> Context -> IO () doHandshakeWith :: ClientParams -> Context -> Handshake -> IO () doRequestCertificate :: ClientParams -> Context -> IO Bool doPostHandshakeAuthWith :: ClientParams -> Context -> Handshake13 -> IO () | |
TLSParams ServerParams Source # | |
Defined in Network.TLS.Context getTLSCommonParams :: ServerParams -> CommonParams getTLSRole :: ServerParams -> Role doHandshake :: ServerParams -> Context -> IO () doHandshakeWith :: ServerParams -> Context -> Handshake -> IO () doRequestCertificate :: ServerParams -> Context -> IO Bool doPostHandshakeAuthWith :: ServerParams -> Context -> Handshake13 -> IO () |
Client parameters
data ClientParams Source #
Instances
Show ClientParams Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> ClientParams -> ShowS # show :: ClientParams -> String # showList :: [ClientParams] -> ShowS # | |
TLSParams ClientParams Source # | |
Defined in Network.TLS.Context getTLSCommonParams :: ClientParams -> CommonParams getTLSRole :: ClientParams -> Role doHandshake :: ClientParams -> Context -> IO () doHandshakeWith :: ClientParams -> Context -> Handshake -> IO () doRequestCertificate :: ClientParams -> Context -> IO Bool doPostHandshakeAuthWith :: ClientParams -> Context -> Handshake13 -> IO () |
defaultParamsClient :: HostName -> ByteString -> ClientParams Source #
clientUseMaxFragmentLength :: ClientParams -> Maybe MaxFragmentEnum Source #
Default: Nothing
clientServerIdentification :: ClientParams -> (HostName, ByteString) Source #
Define the name of the server, along with an extra service identification blob. this is important that the hostname part is properly filled for security reason, as it allow to properly associate the remote side with the given certificate during a handshake.
The extra blob is useful to differentiate services running on the same host, but that might have different certificates given. It's only used as part of the X509 validation infrastructure.
This value is typically set by defaultParamsClient
.
clientUseServerNameIndication :: ClientParams -> Bool Source #
Allow the use of the Server Name Indication TLS extension during handshake, which allow the client to specify which host name, it's trying to access. This is useful to distinguish CNAME aliasing (e.g. web virtual host).
Default: True
clientWantSessionResume :: ClientParams -> Maybe (SessionID, SessionData) Source #
try to establish a connection using this session for TLS 1.2/TLS 1.3.
This can be used for TLS 1.3 but for backward compatibility purpose only.
Use clientWantSessionResume13
instead for TLS 1.3.
Default: Nothing
clientWantSessionResumeList :: ClientParams -> [(SessionID, SessionData)] Source #
try to establish a connection using one of this sessions
especially for TLS 1.3.
This take precedence over clientWantSessionResume
.
For convenience, this can be specified for TLS 1.2 but only the first
entry is used.
Default: '[]'
clientShared :: ClientParams -> Shared Source #
See the default value of Shared
.
clientHooks :: ClientParams -> ClientHooks Source #
See the default value of ClientHooks
.
clientSupported :: ClientParams -> Supported Source #
In this element, you'll need to override the default empty value of
of supportedCiphers
with a suitable cipherlist.
See the default value of Supported
.
clientDebug :: ClientParams -> DebugParams Source #
See the default value of DebugParams
.
clientUseEarlyData :: ClientParams -> Bool Source #
Client tries to send early data in TLS 1.3
via sendData
if possible.
If not accepted by the server, the early data
is automatically re-sent.
Default: False
Server parameters
data ServerParams Source #
Instances
Show ServerParams Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> ServerParams -> ShowS # show :: ServerParams -> String # showList :: [ServerParams] -> ShowS # | |
Default ServerParams Source # | |
Defined in Network.TLS.Parameters def :: ServerParams Source # | |
TLSParams ServerParams Source # | |
Defined in Network.TLS.Context getTLSCommonParams :: ServerParams -> CommonParams getTLSRole :: ServerParams -> Role doHandshake :: ServerParams -> Context -> IO () doHandshakeWith :: ServerParams -> Context -> Handshake -> IO () doRequestCertificate :: ServerParams -> Context -> IO Bool doPostHandshakeAuthWith :: ServerParams -> Context -> Handshake13 -> IO () |
serverWantClientCert :: ServerParams -> Bool Source #
Request a certificate from client.
Default: False
serverCACertificates :: ServerParams -> [SignedCertificate] Source #
This is a list of certificates from which the disinguished names are sent in certificate request messages. For TLS1.0, it should not be empty.
Default: '[]'
serverDHEParams :: ServerParams -> Maybe DHParams Source #
Server Optional Diffie Hellman parameters. Setting parameters is necessary for FFDHE key exchange when clients are not compatible with RFC 7919.
Value can be one of the standardized groups from module
Network.TLS.Extra.FFDHE or custom parameters generated with
generateParams
.
Default: Nothing
serverHooks :: ServerParams -> ServerHooks Source #
See the default value of ServerHooks
.
serverShared :: ServerParams -> Shared Source #
See the default value of Shared
.
serverSupported :: ServerParams -> Supported Source #
See the default value of Supported
.
serverDebug :: ServerParams -> DebugParams Source #
See the default value of DebugParams
.
serverEarlyDataSize :: ServerParams -> Int Source #
Server accepts this size of early data in TLS 1.3. 0 (or lower) means that the server does not accept early data.
Default: 0
serverTicketLifetime :: ServerParams -> Int Source #
Lifetime in seconds for session tickets generated by the server. Acceptable value range is 0 to 604800 (7 days).
Default: 7200 (2 hours)
Shared
sharedCredentials :: Shared -> Credentials Source #
The list of certificates and private keys that a server will use as
part of authentication to clients. Actual credentials that are used
are selected dynamically from this list based on client capabilities.
Additional credentials returned by onServerNameIndication
are also
considered.
When credential list is left empty (the default value), no key exchange can take place.
Default: mempty
sharedSessionManager :: Shared -> SessionManager Source #
Callbacks used by clients and servers in order to resume TLS sessions. The default implementation never resumes sessions. Package tls-session-manager provides an in-memory implementation.
Default: noSessionManager
sharedCAStore :: Shared -> CertificateStore Source #
A collection of trust anchors to be used by a client as
part of validation of server certificates. This is set as
first argument to function onServerCertificate
. Package
crypton-x509-system
gives access to a default certificate store configured in the
system.
Default: mempty
sharedValidationCache :: Shared -> ValidationCache Source #
Callbacks that may be used by a client to cache certificate validation results (positive or negative) and avoid expensive signature check. The default implementation does not have any caching.
See the default value of ValidationCache
.
sharedHelloExtensions :: Shared -> [ExtensionRaw] Source #
Additional extensions to be sent during the Hello sequence.
For a client this is always included in message ClientHello. For a server, this is sent in messages ServerHello or EncryptedExtensions based on the TLS version.
Default: []
Client hooks
data ClientHooks Source #
A set of callbacks run by the clients for various corners of TLS establishment
Instances
Show ClientHooks Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> ClientHooks -> ShowS # show :: ClientHooks -> String # showList :: [ClientHooks] -> ShowS # | |
Default ClientHooks Source # | |
Defined in Network.TLS.Parameters def :: ClientHooks Source # |
type OnCertificateRequest = ([CertificateType], Maybe [HashAndSignatureAlgorithm], [DistinguishedName]) -> IO (Maybe (CertificateChain, PrivKey)) Source #
Type for onCertificateRequest
. This type synonym is to make
document readable.
onCertificateRequest :: ClientHooks -> OnCertificateRequest Source #
This action is called when the a certificate request is
received from the server. The callback argument is the
information from the request. The server, at its
discretion, may be willing to continue the handshake
without a client certificate. Therefore, the callback is
free to return Nothing
to indicate that no client
certificate should be sent, despite the server's request.
In some cases it may be appropriate to get user consent
before sending the certificate; the content of the user's
certificate may be sensitive and intended only for
specific servers.
The action should select a certificate chain of one of
the given certificate types and one of the certificates
in the chain should (if possible) be signed by one of the
given distinguished names. Some servers, that don't have
a narrow set of preferred issuer CAs, will send an empty
DistinguishedName
list, rather than send all the names
from their trusted CA bundle. If the client does not
have a certificate chaining to a matching CA, it may
choose a default certificate instead.
Each certificate except the last should be signed by the following one. The returned private key must be for the first certificates in the chain. This key will be used to signing the certificate verify message.
The public key in the first certificate, and the matching
returned private key must be compatible with one of the
list of HashAndSignatureAlgorithm
value when provided.
TLS 1.3 changes the meaning of the list elements, adding
explicit code points for each supported pair of hash and
signature (public key) algorithms, rather than combining
separate codes for the hash and key. For details see
RFC 8446
section 4.2.3. When no compatible certificate chain is
available, return Nothing
if it is OK to continue
without a client certificate. Returning a non-matching
certificate should result in a handshake failure.
While the TLS version is not provided to the callback,
the content of the signature_algorithms
list provides
a strong hint, since TLS 1.3 servers will generally list
RSA pairs with a hash component of Intrinsic
(0x08
).
Note that is is the responsibility of this action to select a certificate matching one of the requested certificate types (public key algorithms). Returning a non-matching one will lead to handshake failure later.
Default: returns Nothing
anyway.
type OnServerCertificate = CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason] Source #
Type for onServerCertificate
. This type synonym is to make
document readable.
onServerCertificate :: ClientHooks -> OnServerCertificate Source #
Used by the client to validate the server certificate. The default
implementation calls validateDefault
which validates according to the
default hooks and checks provided by Data.X509.Validation. This can
be replaced with a custom validation function using different settings.
The function is not expected to verify the key-usage extension of the end-entity certificate, as this depends on the dynamically-selected cipher and this part should not be cached. Key-usage verification is performed by the library internally.
Default: validateDefault
onSuggestALPN :: ClientHooks -> IO (Maybe [ByteString]) Source #
This action is called when the client sends ClientHello to determine ALPN values such as '["h2", "http/1.1"]'.
Default: returns Nothing
onCustomFFDHEGroup :: ClientHooks -> DHParams -> DHPublic -> IO GroupUsage Source #
This action is called to validate DHE parameters when the server
selected a finite-field group not part of the "Supported Groups
Registry" or not part of supportedGroups
list.
With TLS 1.3 custom groups have been removed from the protocol, so this callback is only used when the version negotiated is 1.2 or below.
The default behavior with (dh_p, dh_g, dh_size) and pub as follows:
- rejecting if dh_p is even
- rejecting unless 1 < dh_g && dh_g < dh_p - 1
- rejecting unless 1 < dh_p && pub < dh_p - 1
- rejecting if dh_size < 1024 (to prevent Logjam attack)
See RFC 7919 section 3.1 for recommandations.
onServerFinished :: ClientHooks -> Information -> IO () Source #
When a handshake is done, this hook can check Information
.
Server hooks
data ServerHooks Source #
A set of callbacks run by the server for various corners of the TLS establishment
Instances
Show ServerHooks Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> ServerHooks -> ShowS # show :: ServerHooks -> String # showList :: [ServerHooks] -> ShowS # | |
Default ServerHooks Source # | |
Defined in Network.TLS.Parameters def :: ServerHooks Source # |
onClientCertificate :: ServerHooks -> CertificateChain -> IO CertificateUsage Source #
This action is called when a client certificate chain is received from the client. When it returns a CertificateUsageReject value, the handshake is aborted.
The function is not expected to verify the key-usage extension of the certificate. This verification is performed by the library internally.
Default: returns the followings:
CertificateUsageReject (CertificateRejectOther "no client certificates expected")
onCipherChoosing :: ServerHooks -> Version -> [Cipher] -> Cipher Source #
Allow the server to choose the cipher relative to the the client version and the client list of ciphers.
This could be useful with old clients and as a workaround to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)
The client cipher list cannot be empty.
Default: taking the head of ciphers.
onServerNameIndication :: ServerHooks -> Maybe HostName -> IO Credentials Source #
Allow the server to indicate additional credentials to be used depending on the host name indicated by the client.
This is most useful for transparent proxies where credentials must be generated on the fly according to the host the client is trying to connect to.
Returned credentials may be ignored if a client does not support the signature algorithms used in the certificate chain.
Default: returns mempty
onNewHandshake :: ServerHooks -> Measurement -> IO Bool Source #
At each new handshake, we call this hook to see if we allow handshake to happens.
Default: returns True
onALPNClientSuggest :: ServerHooks -> Maybe ([ByteString] -> IO ByteString) Source #
Allow the server to choose an application layer protocol
suggested from the client through the ALPN
(Application Layer Protocol Negotiation) extensions.
If the server supports no protocols that the client advertises
an empty ByteString
should be returned.
Default: Nothing
onEncryptedExtensionsCreating :: ServerHooks -> [ExtensionRaw] -> IO [ExtensionRaw] Source #
Allow to modify extensions to be sent in EncryptedExtensions of TLS 1.3.
Default: return
data Measurement Source #
record some data about this connection.
Instances
Show Measurement Source # | |
Defined in Network.TLS.Measurement showsPrec :: Int -> Measurement -> ShowS # show :: Measurement -> String # showList :: [Measurement] -> ShowS # | |
Eq Measurement Source # | |
Defined in Network.TLS.Measurement (==) :: Measurement -> Measurement -> Bool # (/=) :: Measurement -> Measurement -> Bool # |
nbHandshakes :: Measurement -> Word32 Source #
number of handshakes on this context
bytesReceived :: Measurement -> Word32 Source #
bytes received since last handshake
bytesSent :: Measurement -> Word32 Source #
bytes sent since last handshake
Supported
List all the supported algorithms, versions, ciphers, etc supported.
supportedVersions :: Supported -> [Version] Source #
Supported versions by this context. On the client side, the highest version will be used to establish the connection. On the server side, the highest version that is less or equal than the client version will be chosen.
Versions should be listed in preference order, i.e. higher versions first.
Default: [TLS13,TLS12]
supportedCiphers :: Supported -> [Cipher] Source #
Supported cipher methods. The default is empty, specify a suitable
cipher list. ciphersuite_default
is often
a good choice.
Default: []
supportedCompressions :: Supported -> [Compression] Source #
Supported compressions methods. By default only the "null" compression is supported, which means no compression will be performed. Allowing other compression method is not advised as it causes a connection failure when TLS 1.3 is negotiated.
Default: [nullCompression]
supportedHashSignatures :: Supported -> [HashAndSignatureAlgorithm] Source #
All supported hash/signature algorithms pair for client certificate verification and server signature in (EC)DHE, ordered by decreasing priority.
This list is sent to the peer as part of the "signature_algorithms"
extension. It is used to restrict accepted signatures received from
the peer at TLS level (not in X.509 certificates), but only when the
TLS version is 1.2 or above. In order to disable SHA-1 one must then
also disable earlier protocol versions in supportedVersions
.
The list also impacts the selection of possible algorithms when generating signatures.
Note: with TLS 1.3 some algorithms have been deprecated and will not be used even when listed in the parameter: MD5, SHA-1, SHA-224, RSA PKCS#1, DSA.
Default:
[ (HashIntrinsic, SignatureEd448) , (HashIntrinsic, SignatureEd25519) , (Struct.HashSHA256, SignatureECDSA) , (Struct.HashSHA384, SignatureECDSA) , (Struct.HashSHA512, SignatureECDSA) , (HashIntrinsic, SignatureRSApssRSAeSHA512) , (HashIntrinsic, SignatureRSApssRSAeSHA384) , (HashIntrinsic, SignatureRSApssRSAeSHA256) , (Struct.HashSHA512, SignatureRSA) , (Struct.HashSHA384, SignatureRSA) , (Struct.HashSHA256, SignatureRSA) , (Struct.HashSHA1, SignatureRSA) , (Struct.HashSHA1, SignatureDSA) ]
supportedExtendedMainSecret :: Supported -> EMSMode Source #
The mode regarding extended main secret. Enabling this extension provides better security for TLS versions 1.2. TLS 1.3 provides the security properties natively and does not need the extension.
By default the extension is RequireEMS
.
So, the handshake will fail when the peer does not support
the extension.
Default: RequireEMS
supportedEmptyPacket :: Supported -> Bool Source #
In ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed
by an attacker. Hence, an empty packet is normally sent before a normal data packet, to
prevent guessability. Some Microsoft TLS-based protocol implementations, however,
consider these empty packets as a protocol violation and disconnect. If this parameter is
False
, empty packets will never be added, which is less secure, but might help in rare
cases.
Default: True
supportedGroups :: Supported -> [Group] Source #
A list of supported elliptic curves and finite-field groups in the preferred order.
The list is sent to the server as part of the "supported_groups" extension. It is used in both clients and servers to restrict accepted groups in DH key exchange. Up until TLS v1.2, it is also used by a client to restrict accepted elliptic curves in ECDSA signatures.
The default value includes all groups with security strength of 128 bits or more.
Default: [X25519,X448,P256,FFDHE3072,FFDHE4096,P384,FFDHE6144,FFDHE8192,P521]
Debug parameters
data DebugParams Source #
All settings should not be used in production
Instances
Show DebugParams Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> DebugParams -> ShowS # show :: DebugParams -> String # showList :: [DebugParams] -> ShowS # | |
Default DebugParams Source # | |
Defined in Network.TLS.Parameters def :: DebugParams Source # |
debugSeed :: DebugParams -> Maybe Seed Source #
Disable the true randomness in favor of deterministic seed that will produce a deterministic random from. This is useful for tests and debugging purpose. Do not use in production
Default: Nothing
debugPrintSeed :: DebugParams -> Seed -> IO () Source #
Add a way to print the seed that was randomly generated. re-using the same seed
will reproduce the same randomness with debugSeed
Default: no printing
debugVersionForced :: DebugParams -> Maybe Version Source #
Force to choose this version in the server side.
Default: Nothing
debugKeyLogger :: DebugParams -> String -> IO () Source #
Printing main keys.
Default: no printing
Shared parameters
Credentials
newtype Credentials Source #
Instances
Monoid Credentials Source # | |
Defined in Network.TLS.Credentials mempty :: Credentials # mappend :: Credentials -> Credentials -> Credentials # mconcat :: [Credentials] -> Credentials # | |
Semigroup Credentials Source # | |
Defined in Network.TLS.Credentials (<>) :: Credentials -> Credentials -> Credentials # sconcat :: NonEmpty Credentials -> Credentials # stimes :: Integral b => b -> Credentials -> Credentials # | |
Show Credentials Source # | |
Defined in Network.TLS.Credentials showsPrec :: Int -> Credentials -> ShowS # show :: Credentials -> String # showList :: [Credentials] -> ShowS # |
type Credential = (CertificateChain, PrivKey) Source #
:: FilePath | public certificate (X.509 format) |
-> FilePath | private key associated |
-> IO (Either String Credential) |
try to create a new credential object from a public certificate and the associated private key that are stored on the filesystem in PEM format.
credentialLoadX509FromMemory :: ByteString -> ByteString -> Either String Credential Source #
similar to credentialLoadX509
but take the certificate
and private key from memory instead of from the filesystem.
credentialLoadX509Chain Source #
:: FilePath | public certificate (X.509 format) |
-> [FilePath] | chain certificates (X.509 format) |
-> FilePath | private key associated |
-> IO (Either String Credential) |
similar to credentialLoadX509
but also allow specifying chain
certificates.
credentialLoadX509ChainFromMemory :: ByteString -> [ByteString] -> ByteString -> Either String Credential Source #
similar to credentialLoadX509FromMemory
but also allow
specifying chain certificates.
Session manager
data SessionManager Source #
A session manager.
In the server side, all fields are used.
In the client side, only sessionEstablish
is used.
noSessionManager :: SessionManager Source #
The session manager to do nothing.
sessionResume :: SessionManager -> SessionIDorTicket -> IO (Maybe SessionData) Source #
Used on TLS 1.2/1.3 servers to lookup SessionData
with SessionID
or to decrypt Ticket
to get SessionData
.
sessionResumeOnlyOnce :: SessionManager -> SessionIDorTicket -> IO (Maybe SessionData) Source #
Used for 0RTT on TLS 1.3 servers to lookup SessionData
with SessionID
or to decrypt Ticket
to get SessionData
.
sessionEstablish :: SessionManager -> SessionIDorTicket -> SessionData -> IO (Maybe Ticket) Source #
Used on TLS 1.2/1.3 servers to store SessionData
with SessionID
or to encrypt SessionData
to get Ticket
ignoring SessionID
. Used on TLS 1.2/1.3 clients to store SessionData
with SessionIDorTicket
and then return Nothing
. For clients, only this field should be set with noSessionManager
.
sessionInvalidate :: SessionManager -> SessionIDorTicket -> IO () Source #
Used TLS 1.2 servers to delete SessionData
with SessionID
on errors.
type SessionID = ByteString Source #
A session ID
type SessionIDorTicket = ByteString Source #
Identity
type Ticket = ByteString Source #
Encrypted session ticket (encrypt(encode SessionData
)).
Session data
data SessionData Source #
Session data to resume
Instances
sessionVersion :: SessionData -> Version Source #
sessionCipher :: SessionData -> CipherID Source #
sessionGroup :: SessionData -> Maybe Group Source #
sessionALPN :: SessionData -> Maybe ByteString Source #
sessionFlags :: SessionData -> [SessionFlag] Source #
data SessionFlag Source #
Some session flags
SessionEMS | Session created with Extended Main Secret |
Instances
data TLS13TicketInfo Source #
Instances
Generic TLS13TicketInfo Source # | |
Defined in Network.TLS.Types type Rep TLS13TicketInfo :: Type -> Type # from :: TLS13TicketInfo -> Rep TLS13TicketInfo x # to :: Rep TLS13TicketInfo x -> TLS13TicketInfo # | |
Show TLS13TicketInfo Source # | |
Defined in Network.TLS.Types showsPrec :: Int -> TLS13TicketInfo -> ShowS # show :: TLS13TicketInfo -> String # showList :: [TLS13TicketInfo] -> ShowS # | |
Eq TLS13TicketInfo Source # | |
Defined in Network.TLS.Types (==) :: TLS13TicketInfo -> TLS13TicketInfo -> Bool # (/=) :: TLS13TicketInfo -> TLS13TicketInfo -> Bool # | |
Serialise TLS13TicketInfo Source # | |
Defined in Network.TLS.Types encode :: TLS13TicketInfo -> Encoding Source # decode :: Decoder s TLS13TicketInfo Source # encodeList :: [TLS13TicketInfo] -> Encoding Source # decodeList :: Decoder s [TLS13TicketInfo] Source # | |
type Rep TLS13TicketInfo Source # | |
Defined in Network.TLS.Types |
is0RTTPossible :: SessionData -> Bool Source #
Validation Cache
data ValidationCache Source #
All the callbacks needed for querying and adding to the cache.
ValidationCache | |
|
Instances
Default ValidationCache | |
Defined in Data.X509.Validation.Cache |
type ValidationCacheQueryCallback Source #
= ServiceID | connection's identification |
-> Fingerprint | fingerprint of the leaf certificate |
-> Certificate | leaf certificate |
-> IO ValidationCacheResult | return if the operation is succesful or not |
Validation cache query callback type
type ValidationCacheAddCallback Source #
= ServiceID | connection's identification |
-> Fingerprint | fingerprint of the leaf certificate |
-> Certificate | leaf certificate |
-> IO () |
Validation cache callback type
data ValidationCacheResult Source #
The result of a cache query
ValidationCachePass | cache allow this fingerprint to go through |
ValidationCacheDenied String | cache denied this fingerprint for further validation |
ValidationCacheUnknown | unknown fingerprint in cache |
Instances
Show ValidationCacheResult | |
Defined in Data.X509.Validation.Cache showsPrec :: Int -> ValidationCacheResult -> ShowS # show :: ValidationCacheResult -> String # showList :: [ValidationCacheResult] -> ShowS # | |
Eq ValidationCacheResult | |
Defined in Data.X509.Validation.Cache (==) :: ValidationCacheResult -> ValidationCacheResult -> Bool # (/=) :: ValidationCacheResult -> ValidationCacheResult -> Bool # |
exceptionValidationCache :: [(ServiceID, Fingerprint)] -> ValidationCache Source #
create a simple constant cache that list exceptions to the certification validation. Typically this is use to allow self-signed certificates for specific use, with out-of-bounds user checks.
No fingerprints will be added after the instance is created.
The underlying structure for the check is kept as a list, as usually the exception list will be short, but when the list go above a dozen exceptions it's recommended to use another cache mechanism with a faster lookup mechanism (hashtable, map, etc).
Note that only one fingerprint is allowed per ServiceID, for other use, another cache mechanism need to be use.
Types
For Supported
Versions known to TLS
pattern TLS12 :: Version | |
pattern TLS13 :: Version | |
pattern SSL2 :: Version | |
pattern SSL3 :: Version | |
pattern TLS10 :: Version | |
pattern TLS11 :: Version |
data Compression Source #
every compression need to be wrapped in this, to fit in structure
forall a.CompressionC a => Compression a |
Instances
Show Compression Source # | |
Defined in Network.TLS.Compression showsPrec :: Int -> Compression -> ShowS # show :: Compression -> String # showList :: [Compression] -> ShowS # | |
Eq Compression Source # | |
Defined in Network.TLS.Compression (==) :: Compression -> Compression -> Bool # (/=) :: Compression -> Compression -> Bool # |
nullCompression :: Compression Source #
default null compression
newtype HashAlgorithm Source #
pattern HashMD5 :: HashAlgorithm | |
pattern HashSHA1 :: HashAlgorithm | |
pattern HashSHA224 :: HashAlgorithm | |
pattern HashSHA256 :: HashAlgorithm | |
pattern HashSHA384 :: HashAlgorithm | |
pattern HashSHA512 :: HashAlgorithm | |
pattern HashNone :: HashAlgorithm | |
pattern HashIntrinsic :: HashAlgorithm |
Instances
Show HashAlgorithm Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> HashAlgorithm -> ShowS # show :: HashAlgorithm -> String # showList :: [HashAlgorithm] -> ShowS # | |
Eq HashAlgorithm Source # | |
Defined in Network.TLS.Struct (==) :: HashAlgorithm -> HashAlgorithm -> Bool # (/=) :: HashAlgorithm -> HashAlgorithm -> Bool # |
newtype SignatureAlgorithm Source #
pattern SignatureAnonymous :: SignatureAlgorithm | |
pattern SignatureRSA :: SignatureAlgorithm | |
pattern SignatureDSA :: SignatureAlgorithm | |
pattern SignatureECDSA :: SignatureAlgorithm | |
pattern SignatureRSApssRSAeSHA256 :: SignatureAlgorithm | |
pattern SignatureRSApssRSAeSHA384 :: SignatureAlgorithm | |
pattern SignatureRSApssRSAeSHA512 :: SignatureAlgorithm | |
pattern SignatureEd25519 :: SignatureAlgorithm | |
pattern SignatureEd448 :: SignatureAlgorithm | |
pattern SignatureRSApsspssSHA256 :: SignatureAlgorithm | |
pattern SignatureRSApsspssSHA384 :: SignatureAlgorithm | |
pattern SignatureRSApsspssSHA512 :: SignatureAlgorithm |
Instances
Show SignatureAlgorithm Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> SignatureAlgorithm -> ShowS # show :: SignatureAlgorithm -> String # showList :: [SignatureAlgorithm] -> ShowS # | |
Eq SignatureAlgorithm Source # | |
Defined in Network.TLS.Struct (==) :: SignatureAlgorithm -> SignatureAlgorithm -> Bool # (/=) :: SignatureAlgorithm -> SignatureAlgorithm -> Bool # |
pattern P256 :: Group | |
pattern P384 :: Group | |
pattern P521 :: Group | |
pattern X25519 :: Group | |
pattern X448 :: Group | |
pattern FFDHE2048 :: Group | |
pattern FFDHE3072 :: Group | |
pattern FFDHE4096 :: Group | |
pattern FFDHE6144 :: Group | |
pattern FFDHE8192 :: Group |
supportedNamedGroups :: [Group] Source #
Client or server policy regarding Extended Main Secret
NoEMS | Extended Main Secret is not used |
AllowEMS | Extended Main Secret is allowed |
RequireEMS | Extended Main Secret is required |
For parameters and hooks
type DHPublic = PublicNumber Source #
data GroupUsage Source #
Group usage callback possible return values.
GroupUsageValid | usage of group accepted |
GroupUsageInsecure | usage of group provides insufficient security |
GroupUsageUnsupported String | usage of group rejected for other reason (specified as string) |
GroupUsageInvalidPublic | usage of group with an invalid public value |
Instances
Show GroupUsage Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> GroupUsage -> ShowS # show :: GroupUsage -> String # showList :: [GroupUsage] -> ShowS # | |
Eq GroupUsage Source # | |
Defined in Network.TLS.Parameters (==) :: GroupUsage -> GroupUsage -> Bool # (/=) :: GroupUsage -> GroupUsage -> Bool # |
data CertificateUsage Source #
Certificate Usage callback possible returns values.
CertificateUsageAccept | usage of certificate accepted |
CertificateUsageReject CertificateRejectReason | usage of certificate rejected |
Instances
Show CertificateUsage Source # | |
Defined in Network.TLS.X509 showsPrec :: Int -> CertificateUsage -> ShowS # show :: CertificateUsage -> String # showList :: [CertificateUsage] -> ShowS # | |
Eq CertificateUsage Source # | |
Defined in Network.TLS.X509 (==) :: CertificateUsage -> CertificateUsage -> Bool # (/=) :: CertificateUsage -> CertificateUsage -> Bool # |
data CertificateRejectReason Source #
Certificate and Chain rejection reason
CertificateRejectExpired | |
CertificateRejectRevoked | |
CertificateRejectUnknownCA | |
CertificateRejectAbsent | |
CertificateRejectOther String |
Instances
Show CertificateRejectReason Source # | |
Defined in Network.TLS.X509 showsPrec :: Int -> CertificateRejectReason -> ShowS # show :: CertificateRejectReason -> String # showList :: [CertificateRejectReason] -> ShowS # | |
Eq CertificateRejectReason Source # | |
Defined in Network.TLS.X509 |
newtype CertificateType Source #
Some of the IANA registered code points for CertificateType
are not
currently supported by the library. Nor should they be, they're are either
unwise, obsolete or both. There's no point in conveying these to the user
in the client certificate request callback. The request callback will be
filtered to exclude unsupported values. If the user cannot find a certificate
for a supported code point, we'll go ahead without a client certificate and
hope for the best, unless the user's callback decides to throw an exception.
pattern CertificateType_RSA_Sign :: CertificateType | TLS10 and up, RFC5246 |
pattern CertificateType_DSA_Sign :: CertificateType | TLS10 and up, RFC5246 |
pattern CertificateType_ECDSA_Sign :: CertificateType | TLS10 and up, RFC8422 |
pattern CertificateType_Ed25519_Sign :: CertificateType | |
pattern CertificateType_Ed448_Sign :: CertificateType |
Instances
Show CertificateType Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> CertificateType -> ShowS # show :: CertificateType -> String # showList :: [CertificateType] -> ShowS # | |
Eq CertificateType Source # | |
Defined in Network.TLS.Struct (==) :: CertificateType -> CertificateType -> Bool # (/=) :: CertificateType -> CertificateType -> Bool # | |
Ord CertificateType Source # | |
Defined in Network.TLS.Struct compare :: CertificateType -> CertificateType -> Ordering # (<) :: CertificateType -> CertificateType -> Bool # (<=) :: CertificateType -> CertificateType -> Bool # (>) :: CertificateType -> CertificateType -> Bool # (>=) :: CertificateType -> CertificateType -> Bool # max :: CertificateType -> CertificateType -> CertificateType # min :: CertificateType -> CertificateType -> CertificateType # |
type HostName = String Source #
Either a host name e.g., "haskell.org"
or a numeric host
address string consisting of a dotted decimal IPv4 address or an
IPv6 address e.g., "192.168.0.1"
.
data MaxFragmentEnum Source #
Instances
Show MaxFragmentEnum Source # | |
Defined in Network.TLS.Extension showsPrec :: Int -> MaxFragmentEnum -> ShowS # show :: MaxFragmentEnum -> String # showList :: [MaxFragmentEnum] -> ShowS # | |
Eq MaxFragmentEnum Source # | |
Defined in Network.TLS.Extension (==) :: MaxFragmentEnum -> MaxFragmentEnum -> Bool # (/=) :: MaxFragmentEnum -> MaxFragmentEnum -> Bool # |
Advanced APIs
Backend
ctxBackend :: Context -> Backend Source #
return the backend object associated with this context
contextFlush :: Context -> IO () Source #
A shortcut for 'backendFlush . ctxBackend'.
contextClose :: Context -> IO () Source #
A shortcut for 'backendClose . ctxBackend'.
Information gathering
data Information Source #
Information related to a running context, e.g. current cipher
Instances
Show Information Source # | |
Defined in Network.TLS.Parameters showsPrec :: Int -> Information -> ShowS # show :: Information -> String # showList :: [Information] -> ShowS # | |
Eq Information Source # | |
Defined in Network.TLS.Parameters (==) :: Information -> Information -> Bool # (/=) :: Information -> Information -> Bool # |
contextGetInformation :: Context -> IO (Maybe Information) Source #
Information about the current context
infoVersion :: Information -> Version Source #
infoCipher :: Information -> Cipher Source #
data ClientRandom Source #
Instances
Show ClientRandom Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> ClientRandom -> ShowS # show :: ClientRandom -> String # showList :: [ClientRandom] -> ShowS # | |
Eq ClientRandom Source # | |
Defined in Network.TLS.Struct (==) :: ClientRandom -> ClientRandom -> Bool # (/=) :: ClientRandom -> ClientRandom -> Bool # |
data ServerRandom Source #
Instances
Show ServerRandom Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> ServerRandom -> ShowS # show :: ServerRandom -> String # showList :: [ServerRandom] -> ShowS # | |
Eq ServerRandom Source # | |
Defined in Network.TLS.Struct (==) :: ServerRandom -> ServerRandom -> Bool # (/=) :: ServerRandom -> ServerRandom -> Bool # |
data HandshakeMode13 Source #
Type to show which handshake mode is used in TLS 1.3.
FullHandshake | Full handshake is used. |
HelloRetryRequest | Full handshake is used with hello retry request. |
PreSharedKey | Server authentication is skipped. |
RTT0 | Server authentication is skipped and early data is sent. |
Instances
Show HandshakeMode13 Source # | |
Defined in Network.TLS.Handshake.State showsPrec :: Int -> HandshakeMode13 -> ShowS # show :: HandshakeMode13 -> String # showList :: [HandshakeMode13] -> ShowS # | |
Eq HandshakeMode13 Source # | |
Defined in Network.TLS.Handshake.State (==) :: HandshakeMode13 -> HandshakeMode13 -> Bool # (/=) :: HandshakeMode13 -> HandshakeMode13 -> Bool # |
getClientCertificateChain :: Context -> IO (Maybe CertificateChain) Source #
Getting certificates from a client, if any. Note that the certificates are not sent by a client on resumption even if client authentication is required. So, this API would be replaced by the one which can treat both cases of full-negotiation and resumption.
Negotiated
getNegotiatedProtocol :: MonadIO m => Context -> m (Maybe ByteString) Source #
If the ALPN extensions have been used, this will return get the protocol agreed upon.
getClientSNI :: MonadIO m => Context -> m (Maybe HostName) Source #
If the Server Name Indication extension has been used, return the hostname specified by the client.
Post-handshake actions
data KeyUpdateRequest Source #
How to update keys in TLS 1.3
Instances
Show KeyUpdateRequest Source # | |
Defined in Network.TLS.Core showsPrec :: Int -> KeyUpdateRequest -> ShowS # show :: KeyUpdateRequest -> String # showList :: [KeyUpdateRequest] -> ShowS # | |
Eq KeyUpdateRequest Source # | |
Defined in Network.TLS.Core (==) :: KeyUpdateRequest -> KeyUpdateRequest -> Bool # (/=) :: KeyUpdateRequest -> KeyUpdateRequest -> Bool # |
requestCertificate :: Context -> IO Bool Source #
Post-handshake certificate request with TLS 1.3. Returns True
if the
request was possible, i.e. if TLS 1.3 is used and the remote client supports
post-handshake authentication.
getTLSUnique :: Context -> IO (Maybe ByteString) Source #
Getting the "tls-unique" channel binding for TLS 1.2 (RFC5929).
For TLS 1.3, Nothing
is returned.
supportedExtendedMainSecret
must be RequireEMS
But in general, it is highly recommended to upgrade to TLS 1.3
and use the "tls-exporter" channel binding via getTLSExporter
.
getTLSExporter :: Context -> IO (Maybe ByteString) Source #
Getting the "tls-exporter" channel binding for TLS 1.3 (RFC9266).
For TLS 1.2, Nothing
is returned.
getTLSServerEndPoint :: Context -> IO (Maybe ByteString) Source #
Getting the "tls-server-end-point" channel binding for TLS 1.2 (RFC5929). For 1.3, there is no specifications for how to create it. In this implementation, a certificate chain without extensions is hashed like TLS 1.2.
getFinished :: Context -> IO (Maybe VerifyData) Source #
Deprecated: Use getTLSUnique instead
Getting TLS Finished sent to peer.
getPeerFinished :: Context -> IO (Maybe VerifyData) Source #
Deprecated: Use getTLSUnique instead
Getting TLS Finished received from peer.
Modifying hooks in context
A collection of hooks actions.
hookRecvHandshake :: Hooks -> Handshake -> IO Handshake Source #
called at each handshake message received
hookRecvHandshake13 :: Hooks -> Handshake13 -> IO Handshake13 Source #
called at each handshake message received for TLS 1.3
hookRecvCertificates :: Hooks -> CertificateChain -> IO () Source #
called at each certificate chain message received
hookLogging :: Hooks -> Logging Source #
hooks on IO and packets, receiving and sending.
Instances
data Handshake13 Source #
Instances
Show Handshake13 Source # | |
Defined in Network.TLS.Struct13 showsPrec :: Int -> Handshake13 -> ShowS # show :: Handshake13 -> String # showList :: [Handshake13] -> ShowS # | |
Eq Handshake13 Source # | |
Defined in Network.TLS.Struct13 (==) :: Handshake13 -> Handshake13 -> Bool # (/=) :: Handshake13 -> Handshake13 -> Bool # |
contextHookSetHandshake13Recv :: Context -> (Handshake13 -> IO Handshake13) -> IO () Source #
contextHookSetCertificateRecv :: Context -> (CertificateChain -> IO ()) -> IO () Source #
Hooks for logging
This is called when sending and receiving packets and IO
loggingIOSent :: Logging -> ByteString -> IO () Source #
loggingIORecv :: Logging -> Header -> ByteString -> IO () Source #
newtype ProtocolType Source #
pattern ProtocolType_ChangeCipherSpec :: ProtocolType | |
pattern ProtocolType_Alert :: ProtocolType | |
pattern ProtocolType_Handshake :: ProtocolType | |
pattern ProtocolType_AppData :: ProtocolType |
Instances
Show ProtocolType Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> ProtocolType -> ShowS # show :: ProtocolType -> String # showList :: [ProtocolType] -> ShowS # | |
Eq ProtocolType Source # | |
Defined in Network.TLS.Struct (==) :: ProtocolType -> ProtocolType -> Bool # (/=) :: ProtocolType -> ProtocolType -> Bool # |
Errors and exceptions
Errors
TLSError that might be returned through the TLS stack.
Prior to version 1.8.0, this type had an Exception
instance.
In version 1.8.0, this instance was removed, and functions in
this library now only throw TLSException
.
Error_Misc String | mainly for instance of Error |
Error_Protocol String AlertDescription | A fatal error condition was encountered at a low level. The elements of the tuple give (freeform text description, structured error description). |
Error_Protocol_Warning String AlertDescription | A non-fatal error condition was encountered at a low level at a low level. The elements of the tuple give (freeform text description, structured error description). |
Error_Certificate String | |
Error_HandshakePolicy String | handshake policy failed. |
Error_EOF | |
Error_Packet String | |
Error_Packet_unexpected String String | |
Error_Packet_Parsing String |
newtype AlertDescription Source #
Instances
Show AlertDescription Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> AlertDescription -> ShowS # show :: AlertDescription -> String # showList :: [AlertDescription] -> ShowS # | |
Eq AlertDescription Source # | |
Defined in Network.TLS.Struct (==) :: AlertDescription -> AlertDescription -> Bool # (/=) :: AlertDescription -> AlertDescription -> Bool # |
Exceptions
data TLSException Source #
TLS Exceptions. Some of the data constructors indicate incorrect use of
the library, and the documentation for those data constructors calls
this out. The others wrap TLSError
with some kind of context to explain
when the exception occurred.
Terminated Bool String TLSError | Early termination exception with the reason and the error associated |
HandshakeFailed TLSError | Handshake failed for the reason attached. |
PostHandshake TLSError | Failure occurred while sending or receiving data after the TLS handshake succeeded. |
Uncontextualized TLSError | Lifts a |
ConnectionNotEstablished | Usage error when the connection has not been established and the user is trying to send or receive data. Indicates that this library has been used incorrectly. |
MissingHandshake | Expected that a TLS handshake had already taken place, but no TLS handshake had occurred. Indicates that this library has been used incorrectly. |
Instances
Exception TLSException Source # | |
Defined in Network.TLS.Struct | |
Show TLSException Source # | |
Defined in Network.TLS.Struct showsPrec :: Int -> TLSException -> ShowS # show :: TLSException -> String # showList :: [TLSException] -> ShowS # | |
Eq TLSException Source # | |
Defined in Network.TLS.Struct (==) :: TLSException -> TLSException -> Bool # (/=) :: TLSException -> TLSException -> Bool # |
Raw types
Compressions class
class CompressionC a where Source #
supported compression algorithms need to be part of this class
compressionCID :: a -> CompressionID Source #
compressionCDeflate :: a -> ByteString -> (a, ByteString) Source #
compressionCInflate :: a -> ByteString -> (a, ByteString) Source #
type CompressionID = Word8 Source #
Compression identification
Crypto Key
Public key types known and used in X.509
PubKeyRSA PublicKey | RSA public key |
PubKeyDSA PublicKey | DSA public key |
PubKeyDH (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer)) | DH format with (p,g,q,j,(seed,pgenCounter)) |
PubKeyEC PubKeyEC | EC public key |
PubKeyX25519 PublicKey | X25519 public key |
PubKeyX448 PublicKey | X448 public key |
PubKeyEd25519 PublicKey | Ed25519 public key |
PubKeyEd448 PublicKey | Ed448 public key |
PubKeyUnknown OID ByteString | unrecognized format |
Private key types known and used in X.509
PrivKeyRSA PrivateKey | RSA private key |
PrivKeyDSA PrivateKey | DSA private key |
PrivKeyEC PrivKeyEC | EC private key |
PrivKeyX25519 SecretKey | X25519 private key |
PrivKeyX448 SecretKey | X448 private key |
PrivKeyEd25519 SecretKey | Ed25519 private key |
PrivKeyEd448 SecretKey | Ed448 private key |
Ciphers & Predefined ciphers
data CipherKeyExchangeType Source #
Instances
Show CipherKeyExchangeType Source # | |
Defined in Network.TLS.Cipher showsPrec :: Int -> CipherKeyExchangeType -> ShowS # show :: CipherKeyExchangeType -> String # showList :: [CipherKeyExchangeType] -> ShowS # | |
Eq CipherKeyExchangeType Source # | |
Defined in Network.TLS.Cipher (==) :: CipherKeyExchangeType -> CipherKeyExchangeType -> Bool # (/=) :: CipherKeyExchangeType -> CipherKeyExchangeType -> Bool # |
Bulk | |
|
data BulkFunctions Source #
BulkBlockF (BulkDirection -> BulkKey -> BulkBlock) | |
BulkStreamF (BulkDirection -> BulkKey -> BulkStream) | |
BulkAeadF (BulkDirection -> BulkKey -> BulkAEAD) |
data BulkDirection Source #
Instances
Show BulkDirection Source # | |
Defined in Network.TLS.Cipher showsPrec :: Int -> BulkDirection -> ShowS # show :: BulkDirection -> String # showList :: [BulkDirection] -> ShowS # | |
Eq BulkDirection Source # | |
Defined in Network.TLS.Cipher (==) :: BulkDirection -> BulkDirection -> Bool # (/=) :: BulkDirection -> BulkDirection -> Bool # |
newtype BulkStream Source #
BulkStream (ByteString -> (ByteString, BulkStream)) |
type BulkBlock = BulkIV -> ByteString -> (ByteString, BulkIV) Source #
type BulkAEAD = BulkNonce -> ByteString -> BulkAdditionalData -> (ByteString, AuthTag) Source #
Cipher algorithm
cipherKeyBlockSize :: Cipher -> Int Source #
type BulkKey = ByteString Source #
type BulkIV = ByteString Source #
type BulkNonce = ByteString Source #
type BulkAdditionalData = ByteString Source #
cipherAllowedForVersion :: Version -> Cipher -> Bool Source #
Check if a specific Cipher
is allowed to be used
with the version specified
hasMAC :: BulkFunctions -> Bool Source #
hasRecordIV :: BulkFunctions -> Bool Source #
Deprecated
recvData' :: MonadIO m => Context -> m ByteString Source #
Deprecated: use recvData that returns strict bytestring
same as recvData but returns a lazy bytestring.
type Bytes = ByteString Source #
Deprecated: Use Data.ByteString.Bytestring instead of Bytes.
data ValidationChecks Source #
A set of checks to activate or parametrize to perform on certificates.
It's recommended to use defaultChecks
to create the structure,
to better cope with future changes or expansion of the structure.
ValidationChecks | |
|
Instances
Show ValidationChecks | |
Defined in Data.X509.Validation showsPrec :: Int -> ValidationChecks -> ShowS # show :: ValidationChecks -> String # showList :: [ValidationChecks] -> ShowS # | |
Default ValidationChecks | |
Defined in Data.X509.Validation | |
Eq ValidationChecks | |
Defined in Data.X509.Validation (==) :: ValidationChecks -> ValidationChecks -> Bool # (/=) :: ValidationChecks -> ValidationChecks -> Bool # |
data ValidationHooks Source #
A set of hooks to manipulate the way the verification works.
BEWARE, it's easy to change behavior leading to compromised security.
ValidationHooks | |
|
Instances
Default ValidationHooks | |
Defined in Data.X509.Validation |