tls-2.1.1: TLS protocol native implementation
Safe HaskellSafe-Inferred
LanguageHaskell2010

Network.TLS

Description

Native Haskell TLS protocol implementation for servers and clients.

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Currently implement the TLS1.2 and TLS 1.3 protocol, and support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many extensions.

The tipical usage is:

socket <- ...
ctx <- contextNew socket <params>
handshake ctx
... (using recvData and sendData)
bye
Synopsis

Basic APIs

data Context Source #

A TLS Context keep tls specific state, parameters and backend information.

contextNew Source #

Arguments

:: (MonadIO m, HasBackend backend, TLSParams params) 
=> backend

Backend abstraction with specific method to interact with the connection type.

-> params

Parameters of the context.

-> m Context 

create a new context using the backend and parameters specified.

handshake :: MonadIO m => Context -> m () Source #

Handshake for a new TLS connection This is to be called at the beginning of a connection, and during renegotiation. Don't use this function as the acquire resource of bracket.

sendData :: MonadIO m => Context -> ByteString -> m () Source #

sendData sends a bunch of data. It will automatically chunk data to acceptable packet size

recvData :: MonadIO m => Context -> m ByteString Source #

Get data out of Data packet, and automatically renegotiate if a Handshake ClientHello is received. An empty result means EOF.

bye :: MonadIO m => Context -> m () Source #

Notify the context that this side wants to close connection. This is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2). This doesn't actually close the handle.

Proper usage is as follows:

ctx <- contextNew <backend> <params>
handshake ctx
...
bye

The following code ensures nothing but is no harm.

bracket (contextNew <backend> <params>) bye $ \ctx -> do
  handshake ctx
  ...

Exceptions

Since 1.8.0, this library only throws exceptions of type TLSException. In the common case where the chosen backend is socket, IOException may be thrown as well. This happens because the backend for sockets, opaque to most modules in the tls library, throws those exceptions.

Backend abstraction

class HasBackend a where Source #

Instances

Instances details
HasBackend Handle Source # 
Instance details

Defined in Network.TLS.Backend

HasBackend Socket Source # 
Instance details

Defined in Network.TLS.Backend

HasBackend Backend Source # 
Instance details

Defined in Network.TLS.Backend

data Backend Source #

Connection IO backend

Constructors

Backend 

Fields

Instances

Instances details
HasBackend Backend Source # 
Instance details

Defined in Network.TLS.Backend

Parameters

class TLSParams a Source #

Minimal complete definition

getTLSCommonParams, getTLSRole, doHandshake, doHandshakeWith, doRequestCertificate, doPostHandshakeAuthWith

Client parameters

clientServerIdentification :: ClientParams -> (HostName, ByteString) Source #

Define the name of the server, along with an extra service identification blob. this is important that the hostname part is properly filled for security reason, as it allow to properly associate the remote side with the given certificate during a handshake.

The extra blob is useful to differentiate services running on the same host, but that might have different certificates given. It's only used as part of the X509 validation infrastructure.

This value is typically set by defaultParamsClient.

clientUseServerNameIndication :: ClientParams -> Bool Source #

Allow the use of the Server Name Indication TLS extension during handshake, which allow the client to specify which host name, it's trying to access. This is useful to distinguish CNAME aliasing (e.g. web virtual host).

Default: True

clientWantSessionResume :: ClientParams -> Maybe (SessionID, SessionData) Source #

try to establish a connection using this session for TLS 1.2/TLS 1.3. This can be used for TLS 1.3 but for backward compatibility purpose only. Use clientWantSessionResume13 instead for TLS 1.3.

Default: Nothing

clientWantSessionResumeList :: ClientParams -> [(SessionID, SessionData)] Source #

try to establish a connection using one of this sessions especially for TLS 1.3. This take precedence over clientWantSessionResume. For convenience, this can be specified for TLS 1.2 but only the first entry is used.

Default: '[]'

clientShared :: ClientParams -> Shared Source #

See the default value of Shared.

clientHooks :: ClientParams -> ClientHooks Source #

See the default value of ClientHooks.

clientSupported :: ClientParams -> Supported Source #

In this element, you'll need to override the default empty value of of supportedCiphers with a suitable cipherlist.

See the default value of Supported.

clientDebug :: ClientParams -> DebugParams Source #

See the default value of DebugParams.

clientUseEarlyData :: ClientParams -> Bool Source #

Client tries to send early data in TLS 1.3 via sendData if possible. If not accepted by the server, the early data is automatically re-sent.

Default: False

Server parameters

serverWantClientCert :: ServerParams -> Bool Source #

Request a certificate from client.

Default: False

serverCACertificates :: ServerParams -> [SignedCertificate] Source #

This is a list of certificates from which the disinguished names are sent in certificate request messages. For TLS1.0, it should not be empty.

Default: '[]'

serverDHEParams :: ServerParams -> Maybe DHParams Source #

Server Optional Diffie Hellman parameters. Setting parameters is necessary for FFDHE key exchange when clients are not compatible with RFC 7919.

Value can be one of the standardized groups from module Network.TLS.Extra.FFDHE or custom parameters generated with generateParams.

Default: Nothing

serverHooks :: ServerParams -> ServerHooks Source #

See the default value of ServerHooks.

serverShared :: ServerParams -> Shared Source #

See the default value of Shared.

serverSupported :: ServerParams -> Supported Source #

See the default value of Supported.

serverDebug :: ServerParams -> DebugParams Source #

See the default value of DebugParams.

serverEarlyDataSize :: ServerParams -> Int Source #

Server accepts this size of early data in TLS 1.3. 0 (or lower) means that the server does not accept early data.

Default: 0

serverTicketLifetime :: ServerParams -> Int Source #

Lifetime in seconds for session tickets generated by the server. Acceptable value range is 0 to 604800 (7 days).

Default: 7200 (2 hours)

Shared

data Shared Source #

Parameters that are common to clients and servers.

Instances

Instances details
Show Shared Source # 
Instance details

Defined in Network.TLS.Parameters

Default Shared Source # 
Instance details

Defined in Network.TLS.Parameters

Methods

def :: Shared Source #

sharedCredentials :: Shared -> Credentials Source #

The list of certificates and private keys that a server will use as part of authentication to clients. Actual credentials that are used are selected dynamically from this list based on client capabilities. Additional credentials returned by onServerNameIndication are also considered.

When credential list is left empty (the default value), no key exchange can take place.

Default: mempty

sharedSessionManager :: Shared -> SessionManager Source #

Callbacks used by clients and servers in order to resume TLS sessions. The default implementation never resumes sessions. Package tls-session-manager provides an in-memory implementation.

Default: noSessionManager

sharedCAStore :: Shared -> CertificateStore Source #

A collection of trust anchors to be used by a client as part of validation of server certificates. This is set as first argument to function onServerCertificate. Package crypton-x509-system gives access to a default certificate store configured in the system.

Default: mempty

sharedValidationCache :: Shared -> ValidationCache Source #

Callbacks that may be used by a client to cache certificate validation results (positive or negative) and avoid expensive signature check. The default implementation does not have any caching.

See the default value of ValidationCache.

sharedHelloExtensions :: Shared -> [ExtensionRaw] Source #

Additional extensions to be sent during the Hello sequence.

For a client this is always included in message ClientHello. For a server, this is sent in messages ServerHello or EncryptedExtensions based on the TLS version.

Default: []

Client hooks

data ClientHooks Source #

A set of callbacks run by the clients for various corners of TLS establishment

Instances

Instances details
Show ClientHooks Source # 
Instance details

Defined in Network.TLS.Parameters

Default ClientHooks Source # 
Instance details

Defined in Network.TLS.Parameters

type OnCertificateRequest = ([CertificateType], Maybe [HashAndSignatureAlgorithm], [DistinguishedName]) -> IO (Maybe (CertificateChain, PrivKey)) Source #

Type for onCertificateRequest. This type synonym is to make document readable.

onCertificateRequest :: ClientHooks -> OnCertificateRequest Source #

This action is called when the a certificate request is received from the server. The callback argument is the information from the request. The server, at its discretion, may be willing to continue the handshake without a client certificate. Therefore, the callback is free to return Nothing to indicate that no client certificate should be sent, despite the server's request. In some cases it may be appropriate to get user consent before sending the certificate; the content of the user's certificate may be sensitive and intended only for specific servers.

The action should select a certificate chain of one of the given certificate types and one of the certificates in the chain should (if possible) be signed by one of the given distinguished names. Some servers, that don't have a narrow set of preferred issuer CAs, will send an empty DistinguishedName list, rather than send all the names from their trusted CA bundle. If the client does not have a certificate chaining to a matching CA, it may choose a default certificate instead.

Each certificate except the last should be signed by the following one. The returned private key must be for the first certificates in the chain. This key will be used to signing the certificate verify message.

The public key in the first certificate, and the matching returned private key must be compatible with one of the list of HashAndSignatureAlgorithm value when provided. TLS 1.3 changes the meaning of the list elements, adding explicit code points for each supported pair of hash and signature (public key) algorithms, rather than combining separate codes for the hash and key. For details see RFC 8446 section 4.2.3. When no compatible certificate chain is available, return Nothing if it is OK to continue without a client certificate. Returning a non-matching certificate should result in a handshake failure.

While the TLS version is not provided to the callback, the content of the signature_algorithms list provides a strong hint, since TLS 1.3 servers will generally list RSA pairs with a hash component of Intrinsic (0x08).

Note that is is the responsibility of this action to select a certificate matching one of the requested certificate types (public key algorithms). Returning a non-matching one will lead to handshake failure later.

Default: returns Nothing anyway.

type OnServerCertificate = CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason] Source #

Type for onServerCertificate. This type synonym is to make document readable.

onServerCertificate :: ClientHooks -> OnServerCertificate Source #

Used by the client to validate the server certificate. The default implementation calls validateDefault which validates according to the default hooks and checks provided by Data.X509.Validation. This can be replaced with a custom validation function using different settings.

The function is not expected to verify the key-usage extension of the end-entity certificate, as this depends on the dynamically-selected cipher and this part should not be cached. Key-usage verification is performed by the library internally.

Default: validateDefault

onSuggestALPN :: ClientHooks -> IO (Maybe [ByteString]) Source #

This action is called when the client sends ClientHello to determine ALPN values such as '["h2", "http/1.1"]'.

Default: returns Nothing

onCustomFFDHEGroup :: ClientHooks -> DHParams -> DHPublic -> IO GroupUsage Source #

This action is called to validate DHE parameters when the server selected a finite-field group not part of the "Supported Groups Registry" or not part of supportedGroups list.

With TLS 1.3 custom groups have been removed from the protocol, so this callback is only used when the version negotiated is 1.2 or below.

The default behavior with (dh_p, dh_g, dh_size) and pub as follows:

  1. rejecting if dh_p is even
  2. rejecting unless 1 < dh_g && dh_g < dh_p - 1
  3. rejecting unless 1 < dh_p && pub < dh_p - 1
  4. rejecting if dh_size < 1024 (to prevent Logjam attack)

See RFC 7919 section 3.1 for recommandations.

onServerFinished :: ClientHooks -> Information -> IO () Source #

When a handshake is done, this hook can check Information.

Server hooks

data ServerHooks Source #

A set of callbacks run by the server for various corners of the TLS establishment

Instances

Instances details
Show ServerHooks Source # 
Instance details

Defined in Network.TLS.Parameters

Default ServerHooks Source # 
Instance details

Defined in Network.TLS.Parameters

onClientCertificate :: ServerHooks -> CertificateChain -> IO CertificateUsage Source #

This action is called when a client certificate chain is received from the client. When it returns a CertificateUsageReject value, the handshake is aborted.

The function is not expected to verify the key-usage extension of the certificate. This verification is performed by the library internally.

Default: returns the followings:

CertificateUsageReject (CertificateRejectOther "no client certificates expected")

onUnverifiedClientCert :: ServerHooks -> IO Bool Source #

This action is called when the client certificate cannot be verified. Return True to accept the certificate anyway, or False to fail verification.

Default: returns False

onCipherChoosing :: ServerHooks -> Version -> [Cipher] -> Cipher Source #

Allow the server to choose the cipher relative to the the client version and the client list of ciphers.

This could be useful with old clients and as a workaround to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)

The client cipher list cannot be empty.

Default: taking the head of ciphers.

onServerNameIndication :: ServerHooks -> Maybe HostName -> IO Credentials Source #

Allow the server to indicate additional credentials to be used depending on the host name indicated by the client.

This is most useful for transparent proxies where credentials must be generated on the fly according to the host the client is trying to connect to.

Returned credentials may be ignored if a client does not support the signature algorithms used in the certificate chain.

Default: returns mempty

onNewHandshake :: ServerHooks -> Measurement -> IO Bool Source #

At each new handshake, we call this hook to see if we allow handshake to happens.

Default: returns True

onALPNClientSuggest :: ServerHooks -> Maybe ([ByteString] -> IO ByteString) Source #

Allow the server to choose an application layer protocol suggested from the client through the ALPN (Application Layer Protocol Negotiation) extensions. If the server supports no protocols that the client advertises an empty ByteString should be returned.

Default: Nothing

onEncryptedExtensionsCreating :: ServerHooks -> [ExtensionRaw] -> IO [ExtensionRaw] Source #

Allow to modify extensions to be sent in EncryptedExtensions of TLS 1.3.

Default: return

data Measurement Source #

record some data about this connection.

Instances

Instances details
Show Measurement Source # 
Instance details

Defined in Network.TLS.Measurement

Eq Measurement Source # 
Instance details

Defined in Network.TLS.Measurement

nbHandshakes :: Measurement -> Word32 Source #

number of handshakes on this context

bytesReceived :: Measurement -> Word32 Source #

bytes received since last handshake

bytesSent :: Measurement -> Word32 Source #

bytes sent since last handshake

Supported

data Supported Source #

List all the supported algorithms, versions, ciphers, etc supported.

Instances

Instances details
Show Supported Source # 
Instance details

Defined in Network.TLS.Parameters

Default Supported Source # 
Instance details

Defined in Network.TLS.Parameters

Methods

def :: Supported Source #

Eq Supported Source # 
Instance details

Defined in Network.TLS.Parameters

supportedVersions :: Supported -> [Version] Source #

Supported versions by this context. On the client side, the highest version will be used to establish the connection. On the server side, the highest version that is less or equal than the client version will be chosen.

Versions should be listed in preference order, i.e. higher versions first.

Default: [TLS13,TLS12]

supportedCiphers :: Supported -> [Cipher] Source #

Supported cipher methods. The default is empty, specify a suitable cipher list. ciphersuite_default is often a good choice.

Default: []

supportedCompressions :: Supported -> [Compression] Source #

Supported compressions methods. By default only the "null" compression is supported, which means no compression will be performed. Allowing other compression method is not advised as it causes a connection failure when TLS 1.3 is negotiated.

Default: [nullCompression]

supportedHashSignatures :: Supported -> [HashAndSignatureAlgorithm] Source #

All supported hash/signature algorithms pair for client certificate verification and server signature in (EC)DHE, ordered by decreasing priority.

This list is sent to the peer as part of the "signature_algorithms" extension. It is used to restrict accepted signatures received from the peer at TLS level (not in X.509 certificates), but only when the TLS version is 1.2 or above. In order to disable SHA-1 one must then also disable earlier protocol versions in supportedVersions.

The list also impacts the selection of possible algorithms when generating signatures.

Note: with TLS 1.3 some algorithms have been deprecated and will not be used even when listed in the parameter: MD5, SHA-1, SHA-224, RSA PKCS#1, DSA.

Default:

  [ (HashIntrinsic,     SignatureEd448)
  , (HashIntrinsic,     SignatureEd25519)
  , (Struct.HashSHA256, SignatureECDSA)
  , (Struct.HashSHA384, SignatureECDSA)
  , (Struct.HashSHA512, SignatureECDSA)
  , (HashIntrinsic,     SignatureRSApssRSAeSHA512)
  , (HashIntrinsic,     SignatureRSApssRSAeSHA384)
  , (HashIntrinsic,     SignatureRSApssRSAeSHA256)
  , (Struct.HashSHA512, SignatureRSA)
  , (Struct.HashSHA384, SignatureRSA)
  , (Struct.HashSHA256, SignatureRSA)
  , (Struct.HashSHA1,   SignatureRSA)
  , (Struct.HashSHA1,   SignatureDSA)
  ]

supportedSecureRenegotiation :: Supported -> Bool Source #

Secure renegotiation defined in RFC5746. If True, clients send the renegotiation_info extension. If True, servers handle the extension or the renegotiation SCSV then send the renegotiation_info extension.

Default: True

supportedClientInitiatedRenegotiation :: Supported -> Bool Source #

If True, renegotiation is allowed from the client side. This is vulnerable to DOS attacks. If False, renegotiation is allowed only from the server side via HelloRequest.

Default: False

supportedExtendedMainSecret :: Supported -> EMSMode Source #

The mode regarding extended main secret. Enabling this extension provides better security for TLS versions 1.2. TLS 1.3 provides the security properties natively and does not need the extension.

By default the extension is RequireEMS. So, the handshake will fail when the peer does not support the extension.

Default: RequireEMS

supportedSession :: Supported -> Bool Source #

Set if we support session.

Default: True

supportedFallbackScsv :: Supported -> Bool Source #

Support for fallback SCSV defined in RFC7507. If True, servers reject handshakes which suggest a lower protocol than the highest protocol supported.

Default: True

supportedEmptyPacket :: Supported -> Bool Source #

In ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed by an attacker. Hence, an empty packet is normally sent before a normal data packet, to prevent guessability. Some Microsoft TLS-based protocol implementations, however, consider these empty packets as a protocol violation and disconnect. If this parameter is False, empty packets will never be added, which is less secure, but might help in rare cases.

Default: True

supportedGroups :: Supported -> [Group] Source #

A list of supported elliptic curves and finite-field groups in the preferred order.

The list is sent to the server as part of the "supported_groups" extension. It is used in both clients and servers to restrict accepted groups in DH key exchange. Up until TLS v1.2, it is also used by a client to restrict accepted elliptic curves in ECDSA signatures.

The default value includes all groups with security strength of 128 bits or more.

Default: [X25519,X448,P256,FFDHE3072,FFDHE4096,P384,FFDHE6144,FFDHE8192,P521]

Debug parameters

data DebugParams Source #

All settings should not be used in production

Instances

Instances details
Show DebugParams Source # 
Instance details

Defined in Network.TLS.Parameters

Default DebugParams Source # 
Instance details

Defined in Network.TLS.Parameters

debugSeed :: DebugParams -> Maybe Seed Source #

Disable the true randomness in favor of deterministic seed that will produce a deterministic random from. This is useful for tests and debugging purpose. Do not use in production

Default: Nothing

debugPrintSeed :: DebugParams -> Seed -> IO () Source #

Add a way to print the seed that was randomly generated. re-using the same seed will reproduce the same randomness with debugSeed

Default: no printing

debugVersionForced :: DebugParams -> Maybe Version Source #

Force to choose this version in the server side.

Default: Nothing

debugKeyLogger :: DebugParams -> String -> IO () Source #

Printing main keys.

Default: no printing

Shared parameters

Credentials

credentialLoadX509 Source #

Arguments

:: FilePath

public certificate (X.509 format)

-> FilePath

private key associated

-> IO (Either String Credential) 

try to create a new credential object from a public certificate and the associated private key that are stored on the filesystem in PEM format.

credentialLoadX509FromMemory :: ByteString -> ByteString -> Either String Credential Source #

similar to credentialLoadX509 but take the certificate and private key from memory instead of from the filesystem.

credentialLoadX509Chain Source #

Arguments

:: FilePath

public certificate (X.509 format)

-> [FilePath]

chain certificates (X.509 format)

-> FilePath

private key associated

-> IO (Either String Credential) 

similar to credentialLoadX509 but also allow specifying chain certificates.

Session manager

data SessionManager Source #

A session manager. In the server side, all fields are used. In the client side, only sessionEstablish is used.

noSessionManager :: SessionManager Source #

The session manager to do nothing.

sessionResume :: SessionManager -> SessionIDorTicket -> IO (Maybe SessionData) Source #

Used on TLS 1.2/1.3 servers to lookup SessionData with SessionID or to decrypt Ticket to get SessionData.

sessionResumeOnlyOnce :: SessionManager -> SessionIDorTicket -> IO (Maybe SessionData) Source #

Used for 0RTT on TLS 1.3 servers to lookup SessionData with SessionID or to decrypt Ticket to get SessionData.

sessionEstablish :: SessionManager -> SessionIDorTicket -> SessionData -> IO (Maybe Ticket) Source #

Used on TLS 1.2/1.3 servers to store SessionData with SessionID or to encrypt SessionData to get Ticket ignoring SessionID. Used on TLS 1.2/1.3 clients to store SessionData with SessionIDorTicket and then return Nothing. For clients, only this field should be set with noSessionManager.

sessionInvalidate :: SessionManager -> SessionIDorTicket -> IO () Source #

Used TLS 1.2 servers to delete SessionData with SessionID on errors.

sessionUseTicket :: SessionManager -> Bool Source #

Used on TLS 1.2 servers to decide to use SessionID or Ticket. Note that SessionID and Ticket are integrated as identity in TLS 1.3.

type SessionID = ByteString Source #

A session ID

type Ticket = ByteString Source #

Encrypted session ticket (encrypt(encode SessionData)).

Session data

data SessionData Source #

Session data to resume

Instances

Instances details
Generic SessionData Source # 
Instance details

Defined in Network.TLS.Types

Associated Types

type Rep SessionData :: Type -> Type #

Show SessionData Source # 
Instance details

Defined in Network.TLS.Types

Eq SessionData Source # 
Instance details

Defined in Network.TLS.Types

Serialise SessionData Source # 
Instance details

Defined in Network.TLS.Types

type Rep SessionData Source # 
Instance details

Defined in Network.TLS.Types

data SessionFlag Source #

Some session flags

Constructors

SessionEMS

Session created with Extended Main Secret

Instances

Instances details
Enum SessionFlag Source # 
Instance details

Defined in Network.TLS.Types

Generic SessionFlag Source # 
Instance details

Defined in Network.TLS.Types

Associated Types

type Rep SessionFlag :: Type -> Type #

Show SessionFlag Source # 
Instance details

Defined in Network.TLS.Types

Eq SessionFlag Source # 
Instance details

Defined in Network.TLS.Types

Serialise SessionFlag Source # 
Instance details

Defined in Network.TLS.Types

type Rep SessionFlag Source # 
Instance details

Defined in Network.TLS.Types

type Rep SessionFlag = D1 ('MetaData "SessionFlag" "Network.TLS.Types" "tls-2.1.1-AAV3nGG2hCu7Mm2II5UATK" 'False) (C1 ('MetaCons "SessionEMS" 'PrefixI 'False) (U1 :: Type -> Type))

Validation Cache

data ValidationCache Source #

All the callbacks needed for querying and adding to the cache.

Constructors

ValidationCache 

Fields

Instances

Instances details
Default ValidationCache 
Instance details

Defined in Data.X509.Validation.Cache

type ValidationCacheQueryCallback Source #

Arguments

 = ServiceID

connection's identification

-> Fingerprint

fingerprint of the leaf certificate

-> Certificate

leaf certificate

-> IO ValidationCacheResult

return if the operation is succesful or not

Validation cache query callback type

type ValidationCacheAddCallback Source #

Arguments

 = ServiceID

connection's identification

-> Fingerprint

fingerprint of the leaf certificate

-> Certificate

leaf certificate

-> IO () 

Validation cache callback type

data ValidationCacheResult Source #

The result of a cache query

Constructors

ValidationCachePass

cache allow this fingerprint to go through

ValidationCacheDenied String

cache denied this fingerprint for further validation

ValidationCacheUnknown

unknown fingerprint in cache

exceptionValidationCache :: [(ServiceID, Fingerprint)] -> ValidationCache Source #

create a simple constant cache that list exceptions to the certification validation. Typically this is use to allow self-signed certificates for specific use, with out-of-bounds user checks.

No fingerprints will be added after the instance is created.

The underlying structure for the check is kept as a list, as usually the exception list will be short, but when the list go above a dozen exceptions it's recommended to use another cache mechanism with a faster lookup mechanism (hashtable, map, etc).

Note that only one fingerprint is allowed per ServiceID, for other use, another cache mechanism need to be use.

Types

For Supported

newtype Version Source #

Versions known to TLS

Constructors

Version Word16 

Bundled Patterns

pattern TLS12 :: Version 
pattern TLS13 :: Version 
pattern SSL2 :: Version 
pattern SSL3 :: Version 
pattern TLS10 :: Version 
pattern TLS11 :: Version 

Instances

Instances details
Generic Version Source # 
Instance details

Defined in Network.TLS.Types

Associated Types

type Rep Version :: Type -> Type #

Methods

from :: Version -> Rep Version x #

to :: Rep Version x -> Version #

Show Version Source # 
Instance details

Defined in Network.TLS.Types

Eq Version Source # 
Instance details

Defined in Network.TLS.Types

Methods

(==) :: Version -> Version -> Bool #

(/=) :: Version -> Version -> Bool #

Ord Version Source # 
Instance details

Defined in Network.TLS.Types

Serialise Version Source # 
Instance details

Defined in Network.TLS.Types

type Rep Version Source # 
Instance details

Defined in Network.TLS.Types

type Rep Version = D1 ('MetaData "Version" "Network.TLS.Types" "tls-2.1.1-AAV3nGG2hCu7Mm2II5UATK" 'True) (C1 ('MetaCons "Version" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Word16)))

data Compression Source #

every compression need to be wrapped in this, to fit in structure

Constructors

forall a.CompressionC a => Compression a 

Instances

Instances details
Show Compression Source # 
Instance details

Defined in Network.TLS.Compression

Eq Compression Source # 
Instance details

Defined in Network.TLS.Compression

nullCompression :: Compression Source #

default null compression

newtype HashAlgorithm Source #

Constructors

HashAlgorithm 

Bundled Patterns

pattern HashMD5 :: HashAlgorithm 
pattern HashSHA1 :: HashAlgorithm 
pattern HashSHA224 :: HashAlgorithm 
pattern HashSHA256 :: HashAlgorithm 
pattern HashSHA384 :: HashAlgorithm 
pattern HashSHA512 :: HashAlgorithm 
pattern HashNone :: HashAlgorithm 
pattern HashIntrinsic :: HashAlgorithm 

Instances

Instances details
Show HashAlgorithm Source # 
Instance details

Defined in Network.TLS.Struct

Eq HashAlgorithm Source # 
Instance details

Defined in Network.TLS.Struct

newtype Group Source #

Constructors

Group Word16 

Bundled Patterns

pattern P256 :: Group 
pattern P384 :: Group 
pattern P521 :: Group 
pattern X25519 :: Group 
pattern X448 :: Group 
pattern FFDHE2048 :: Group 
pattern FFDHE3072 :: Group 
pattern FFDHE4096 :: Group 
pattern FFDHE6144 :: Group 
pattern FFDHE8192 :: Group 

Instances

Instances details
Generic Group Source # 
Instance details

Defined in Network.TLS.Crypto.Types

Associated Types

type Rep Group :: Type -> Type #

Methods

from :: Group -> Rep Group x #

to :: Rep Group x -> Group #

Show Group Source # 
Instance details

Defined in Network.TLS.Crypto.Types

Methods

showsPrec :: Int -> Group -> ShowS #

show :: Group -> String #

showList :: [Group] -> ShowS #

Eq Group Source # 
Instance details

Defined in Network.TLS.Crypto.Types

Methods

(==) :: Group -> Group -> Bool #

(/=) :: Group -> Group -> Bool #

Serialise Group Source # 
Instance details

Defined in Network.TLS.Crypto.Types

type Rep Group Source # 
Instance details

Defined in Network.TLS.Crypto.Types

type Rep Group = D1 ('MetaData "Group" "Network.TLS.Crypto.Types" "tls-2.1.1-AAV3nGG2hCu7Mm2II5UATK" 'True) (C1 ('MetaCons "Group" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 Word16)))

data EMSMode Source #

Client or server policy regarding Extended Main Secret

Constructors

NoEMS

Extended Main Secret is not used

AllowEMS

Extended Main Secret is allowed

RequireEMS

Extended Main Secret is required

Instances

Instances details
Show EMSMode Source # 
Instance details

Defined in Network.TLS.Parameters

Eq EMSMode Source # 
Instance details

Defined in Network.TLS.Parameters

Methods

(==) :: EMSMode -> EMSMode -> Bool #

(/=) :: EMSMode -> EMSMode -> Bool #

For parameters and hooks

data GroupUsage Source #

Group usage callback possible return values.

Constructors

GroupUsageValid

usage of group accepted

GroupUsageInsecure

usage of group provides insufficient security

GroupUsageUnsupported String

usage of group rejected for other reason (specified as string)

GroupUsageInvalidPublic

usage of group with an invalid public value

Instances

Instances details
Show GroupUsage Source # 
Instance details

Defined in Network.TLS.Parameters

Eq GroupUsage Source # 
Instance details

Defined in Network.TLS.Parameters

data CertificateUsage Source #

Certificate Usage callback possible returns values.

Constructors

CertificateUsageAccept

usage of certificate accepted

CertificateUsageReject CertificateRejectReason

usage of certificate rejected

newtype CertificateType Source #

Some of the IANA registered code points for CertificateType are not currently supported by the library. Nor should they be, they're are either unwise, obsolete or both. There's no point in conveying these to the user in the client certificate request callback. The request callback will be filtered to exclude unsupported values. If the user cannot find a certificate for a supported code point, we'll go ahead without a client certificate and hope for the best, unless the user's callback decides to throw an exception.

Constructors

CertificateType 

Bundled Patterns

pattern CertificateType_RSA_Sign :: CertificateType

TLS10 and up, RFC5246

pattern CertificateType_DSA_Sign :: CertificateType

TLS10 and up, RFC5246

pattern CertificateType_ECDSA_Sign :: CertificateType

TLS10 and up, RFC8422

pattern CertificateType_Ed25519_Sign :: CertificateType 
pattern CertificateType_Ed448_Sign :: CertificateType 

type HostName = String Source #

Either a host name e.g., "haskell.org" or a numeric host address string consisting of a dotted decimal IPv4 address or an IPv6 address e.g., "192.168.0.1".

Advanced APIs

Backend

ctxBackend :: Context -> Backend Source #

return the backend object associated with this context

contextFlush :: Context -> IO () Source #

A shortcut for 'backendFlush . ctxBackend'.

contextClose :: Context -> IO () Source #

A shortcut for 'backendClose . ctxBackend'.

Information gathering

data Information Source #

Information related to a running context, e.g. current cipher

Instances

Instances details
Show Information Source # 
Instance details

Defined in Network.TLS.Parameters

Eq Information Source # 
Instance details

Defined in Network.TLS.Parameters

contextGetInformation :: Context -> IO (Maybe Information) Source #

Information about the current context

data ClientRandom Source #

Instances

Instances details
Show ClientRandom Source # 
Instance details

Defined in Network.TLS.Struct

Eq ClientRandom Source # 
Instance details

Defined in Network.TLS.Struct

data ServerRandom Source #

Instances

Instances details
Show ServerRandom Source # 
Instance details

Defined in Network.TLS.Struct

Eq ServerRandom Source # 
Instance details

Defined in Network.TLS.Struct

data HandshakeMode13 Source #

Type to show which handshake mode is used in TLS 1.3.

Constructors

FullHandshake

Full handshake is used.

HelloRetryRequest

Full handshake is used with hello retry request.

PreSharedKey

Server authentication is skipped.

RTT0

Server authentication is skipped and early data is sent.

getClientCertificateChain :: Context -> IO (Maybe CertificateChain) Source #

Getting certificates from a client, if any. Note that the certificates are not sent by a client on resumption even if client authentication is required. So, this API would be replaced by the one which can treat both cases of full-negotiation and resumption.

Negotiated

getNegotiatedProtocol :: MonadIO m => Context -> m (Maybe ByteString) Source #

If the ALPN extensions have been used, this will return get the protocol agreed upon.

getClientSNI :: MonadIO m => Context -> m (Maybe HostName) Source #

If the Server Name Indication extension has been used, return the hostname specified by the client.

Post-handshake actions

updateKey :: MonadIO m => Context -> KeyUpdateRequest -> m Bool Source #

Updating appication traffic secrets for TLS 1.3. If this API is called for TLS 1.3, True is returned. Otherwise, False is returned.

data KeyUpdateRequest Source #

How to update keys in TLS 1.3

Constructors

OneWay

Unidirectional key update

TwoWay

Bidirectional key update (normal case)

requestCertificate :: Context -> IO Bool Source #

Post-handshake certificate request with TLS 1.3. Returns True if the request was possible, i.e. if TLS 1.3 is used and the remote client supports post-handshake authentication.

getTLSUnique :: Context -> IO (Maybe ByteString) Source #

Getting the "tls-unique" channel binding for TLS 1.2 (RFC5929). For TLS 1.3, Nothing is returned. supportedExtendedMainSecret must be RequireEMS But in general, it is highly recommended to upgrade to TLS 1.3 and use the "tls-exporter" channel binding via getTLSExporter.

getTLSExporter :: Context -> IO (Maybe ByteString) Source #

Getting the "tls-exporter" channel binding for TLS 1.3 (RFC9266). For TLS 1.2, Nothing is returned.

getTLSServerEndPoint :: Context -> IO (Maybe ByteString) Source #

Getting the "tls-server-end-point" channel binding for TLS 1.2 (RFC5929). For 1.3, there is no specifications for how to create it. In this implementation, a certificate chain without extensions is hashed like TLS 1.2.

getFinished :: Context -> IO (Maybe VerifyData) Source #

Deprecated: Use getTLSUnique instead

Getting TLS Finished sent to peer.

getPeerFinished :: Context -> IO (Maybe VerifyData) Source #

Deprecated: Use getTLSUnique instead

Getting TLS Finished received from peer.

Modifying hooks in context

data Hooks Source #

A collection of hooks actions.

Instances

Instances details
Default Hooks Source # 
Instance details

Defined in Network.TLS.Hooks

Methods

def :: Hooks Source #

hookRecvHandshake :: Hooks -> Handshake -> IO Handshake Source #

called at each handshake message received

hookRecvHandshake13 :: Hooks -> Handshake13 -> IO Handshake13 Source #

called at each handshake message received for TLS 1.3

hookRecvCertificates :: Hooks -> CertificateChain -> IO () Source #

called at each certificate chain message received

hookLogging :: Hooks -> Logging Source #

hooks on IO and packets, receiving and sending.

data Handshake Source #

Instances

Instances details
Show Handshake Source # 
Instance details

Defined in Network.TLS.Struct

Eq Handshake Source # 
Instance details

Defined in Network.TLS.Struct

data Handshake13 Source #

Instances

Instances details
Show Handshake13 Source # 
Instance details

Defined in Network.TLS.Struct13

Eq Handshake13 Source # 
Instance details

Defined in Network.TLS.Struct13

data Logging Source #

Hooks for logging

This is called when sending and receiving packets and IO

Instances

Instances details
Default Logging Source # 
Instance details

Defined in Network.TLS.Hooks

Methods

def :: Logging Source #

data Header Source #

Instances

Instances details
Show Header Source # 
Instance details

Defined in Network.TLS.Struct

Eq Header Source # 
Instance details

Defined in Network.TLS.Struct

Methods

(==) :: Header -> Header -> Bool #

(/=) :: Header -> Header -> Bool #

Errors and exceptions

Errors

data TLSError Source #

TLSError that might be returned through the TLS stack.

Prior to version 1.8.0, this type had an Exception instance. In version 1.8.0, this instance was removed, and functions in this library now only throw TLSException.

Constructors

Error_Misc String

mainly for instance of Error

Error_Protocol String AlertDescription

A fatal error condition was encountered at a low level. The elements of the tuple give (freeform text description, structured error description).

Error_Protocol_Warning String AlertDescription

A non-fatal error condition was encountered at a low level at a low level. The elements of the tuple give (freeform text description, structured error description).

Error_Certificate String 
Error_HandshakePolicy String

handshake policy failed.

Error_EOF 
Error_Packet String 
Error_Packet_unexpected String String 
Error_Packet_Parsing String 

Instances

Instances details
Show TLSError Source # 
Instance details

Defined in Network.TLS.Struct

Eq TLSError Source # 
Instance details

Defined in Network.TLS.Struct

data KxError Source #

Instances

Instances details
Show KxError Source # 
Instance details

Defined in Network.TLS.Crypto

newtype AlertDescription Source #

Bundled Patterns

pattern DecodeError :: AlertDescription 
pattern CloseNotify :: AlertDescription 
pattern UnexpectedMessage :: AlertDescription 
pattern BadRecordMac :: AlertDescription 
pattern DecryptionFailed :: AlertDescription 
pattern RecordOverflow :: AlertDescription 
pattern DecompressionFailure :: AlertDescription 
pattern HandshakeFailure :: AlertDescription 
pattern BadCertificate :: AlertDescription 
pattern UnsupportedCertificate :: AlertDescription 
pattern CertificateRevoked :: AlertDescription 
pattern CertificateExpired :: AlertDescription 
pattern CertificateUnknown :: AlertDescription 
pattern IllegalParameter :: AlertDescription 
pattern UnknownCa :: AlertDescription 
pattern AccessDenied :: AlertDescription 
pattern DecryptError :: AlertDescription 
pattern ExportRestriction :: AlertDescription 
pattern ProtocolVersion :: AlertDescription 
pattern InsufficientSecurity :: AlertDescription 
pattern InternalError :: AlertDescription 
pattern InappropriateFallback :: AlertDescription 
pattern UserCanceled :: AlertDescription 
pattern NoRenegotiation :: AlertDescription 
pattern MissingExtension :: AlertDescription 
pattern UnsupportedExtension :: AlertDescription 
pattern CertificateUnobtainable :: AlertDescription 
pattern UnrecognizedName :: AlertDescription 
pattern BadCertificateStatusResponse :: AlertDescription 
pattern BadCertificateHashValue :: AlertDescription 
pattern UnknownPskIdentity :: AlertDescription 
pattern CertificateRequired :: AlertDescription 
pattern NoApplicationProtocol :: AlertDescription 

Exceptions

data TLSException Source #

TLS Exceptions. Some of the data constructors indicate incorrect use of the library, and the documentation for those data constructors calls this out. The others wrap TLSError with some kind of context to explain when the exception occurred.

Constructors

Terminated Bool String TLSError

Early termination exception with the reason and the error associated

HandshakeFailed TLSError

Handshake failed for the reason attached.

PostHandshake TLSError

Failure occurred while sending or receiving data after the TLS handshake succeeded.

Uncontextualized TLSError

Lifts a TLSError into TLSException without provided any context around when the error happened.

ConnectionNotEstablished

Usage error when the connection has not been established and the user is trying to send or receive data. Indicates that this library has been used incorrectly.

MissingHandshake

Expected that a TLS handshake had already taken place, but no TLS handshake had occurred. Indicates that this library has been used incorrectly.

Raw types

Compressions class

class CompressionC a where Source #

supported compression algorithms need to be part of this class

type CompressionID = Word8 Source #

Compression identification

Crypto Key

data PubKey Source #

Public key types known and used in X.509

Constructors

PubKeyRSA PublicKey

RSA public key

PubKeyDSA PublicKey

DSA public key

PubKeyDH (Integer, Integer, Integer, Maybe Integer, ([Word8], Integer))

DH format with (p,g,q,j,(seed,pgenCounter))

PubKeyEC PubKeyEC

EC public key

PubKeyX25519 PublicKey

X25519 public key

PubKeyX448 PublicKey

X448 public key

PubKeyEd25519 PublicKey

Ed25519 public key

PubKeyEd448 PublicKey

Ed448 public key

PubKeyUnknown OID ByteString

unrecognized format

Instances

Instances details
ASN1Object PubKey 
Instance details

Defined in Data.X509.PublicKey

Show PubKey 
Instance details

Defined in Data.X509.PublicKey

Eq PubKey 
Instance details

Defined in Data.X509.PublicKey

Methods

(==) :: PubKey -> PubKey -> Bool #

(/=) :: PubKey -> PubKey -> Bool #

data PrivKey Source #

Private key types known and used in X.509

Constructors

PrivKeyRSA PrivateKey

RSA private key

PrivKeyDSA PrivateKey

DSA private key

PrivKeyEC PrivKeyEC

EC private key

PrivKeyX25519 SecretKey

X25519 private key

PrivKeyX448 SecretKey

X448 private key

PrivKeyEd25519 SecretKey

Ed25519 private key

PrivKeyEd448 SecretKey

Ed448 private key

Instances

Instances details
ASN1Object PrivKey 
Instance details

Defined in Data.X509.PrivateKey

Show PrivKey 
Instance details

Defined in Data.X509.PrivateKey

Eq PrivKey 
Instance details

Defined in Data.X509.PrivateKey

Methods

(==) :: PrivKey -> PrivKey -> Bool #

(/=) :: PrivKey -> PrivKey -> Bool #

Ciphers & Predefined ciphers

data Bulk Source #

Instances

Instances details
Show Bulk Source # 
Instance details

Defined in Network.TLS.Cipher

Methods

showsPrec :: Int -> Bulk -> ShowS #

show :: Bulk -> String #

showList :: [Bulk] -> ShowS #

Eq Bulk Source # 
Instance details

Defined in Network.TLS.Cipher

Methods

(==) :: Bulk -> Bulk -> Bool #

(/=) :: Bulk -> Bulk -> Bool #

data BulkDirection Source #

Constructors

BulkEncrypt 
BulkDecrypt 

Instances

Instances details
Show BulkDirection Source # 
Instance details

Defined in Network.TLS.Cipher

Eq BulkDirection Source # 
Instance details

Defined in Network.TLS.Cipher

data Hash Source #

Constructors

MD5 
SHA1 
SHA224 
SHA256 
SHA384 
SHA512 
SHA1_MD5 

Instances

Instances details
Show Hash Source # 
Instance details

Defined in Network.TLS.Crypto

Methods

showsPrec :: Int -> Hash -> ShowS #

show :: Hash -> String #

showList :: [Hash] -> ShowS #

Eq Hash Source # 
Instance details

Defined in Network.TLS.Crypto

Methods

(==) :: Hash -> Hash -> Bool #

(/=) :: Hash -> Hash -> Bool #

data Cipher Source #

Cipher algorithm

Instances

Instances details
Show Cipher Source # 
Instance details

Defined in Network.TLS.Cipher

Eq Cipher Source # 
Instance details

Defined in Network.TLS.Cipher

Methods

(==) :: Cipher -> Cipher -> Bool #

(/=) :: Cipher -> Cipher -> Bool #

type CipherID = Word16 Source #

Cipher identification

cipherAllowedForVersion :: Version -> Cipher -> Bool Source #

Check if a specific Cipher is allowed to be used with the version specified

Deprecated

recvData' :: MonadIO m => Context -> m ByteString Source #

Deprecated: use recvData that returns strict bytestring

same as recvData but returns a lazy bytestring.

type Bytes = ByteString Source #

Deprecated: Use Data.ByteString.Bytestring instead of Bytes.

data ValidationChecks Source #

A set of checks to activate or parametrize to perform on certificates.

It's recommended to use defaultChecks to create the structure, to better cope with future changes or expansion of the structure.

Constructors

ValidationChecks 

Fields

  • checkTimeValidity :: Bool

    check time validity of every certificate in the chain. the make sure that current time is between each validity bounds in the certificate

  • checkAtTime :: Maybe DateTime

    The time when the validity check happens. When set to Nothing, the current time will be used

  • checkStrictOrdering :: Bool

    Check that no certificate is included that shouldn't be included. unfortunately despite the specification violation, a lots of real world server serves useless and usually old certificates that are not relevant to the certificate sent, in their chain.

  • checkCAConstraints :: Bool

    Check that signing certificate got the CA basic constraint. this is absolutely not recommended to turn it off.

  • checkExhaustive :: Bool

    Check the whole certificate chain without stopping at the first failure. Allow gathering a exhaustive list of failure reasons. if this is turn off, it's absolutely not safe to ignore a failed reason even it doesn't look serious (e.g. Expired) as other more serious checks would not have been performed.

  • checkLeafV3 :: Bool

    Check that the leaf certificate is version 3. If disable, version 2 certificate is authorized in leaf position and key usage cannot be checked.

  • checkLeafKeyUsage :: [ExtKeyUsageFlag]

    Check that the leaf certificate is authorized to be used for certain usage. If set to empty list no check are performed, otherwise all the flags is the list need to exists in the key usage extension. If the extension is not present, the check will pass and behave as if the certificate key is not restricted to any specific usage.

  • checkLeafKeyPurpose :: [ExtKeyUsagePurpose]

    Check that the leaf certificate is authorized to be used for certain purpose. If set to empty list no check are performed, otherwise all the flags is the list need to exists in the extended key usage extension if present. If the extension is not present, then the check will pass and behave as if the certificate is not restricted to any specific purpose.

  • checkFQHN :: Bool

    Check the top certificate names matching the fully qualified hostname (FQHN). it's not recommended to turn this check off, if no other name checks are performed.

data ValidationHooks Source #

A set of hooks to manipulate the way the verification works.

BEWARE, it's easy to change behavior leading to compromised security.

Constructors

ValidationHooks 

Fields

Instances

Instances details
Default ValidationHooks 
Instance details

Defined in Data.X509.Validation