{-# LINE 1 "OpenSSL/SSL/Option.hsc" #-}
{-# LANGUAGE DeriveDataTypeable #-}
-- | See https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
module OpenSSL.SSL.Option
    ( SSLOption(..)
    , optionToIntegral
    )
    where
import Data.Typeable



-- | The behaviour of the SSL library can be changed by setting
-- several options. During a handshake, the option settings of the
-- 'OpenSSL.Session.SSL' object are used. When a new
-- 'OpenSSL.Session.SSL' object is created from a
-- 'OpenSSL.Session.SSLContext', the current option setting is
-- copied. Changes to 'OpenSSL.Session.SSLContext' do not affect
-- already created 'OpenSSL.Session.SSL' objects.
data SSLOption
    = -- | As of OpenSSL 1.0.0 this option has no effect.
      SSL_OP_MICROSOFT_SESS_ID_BUG
      -- | As of OpenSSL 1.0.0 this option has no effect.
    | SSL_OP_NETSCAPE_CHALLENGE_BUG
      -- | As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
    | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
      -- | As of OpenSSL 1.0.1h and 1.0.2, this option has no effect.
    | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER

{-# LINE 31 "OpenSSL/SSL/Option.hsc" #-}
      -- | Don't prefer ECDHE-ECDSA ciphers when the client appears to
      -- be Safari on OS X. OS X 10.8..10.8.3 has broken support for
      -- ECDHE-ECDSA ciphers.
    | SSL_OP_SAFARI_ECDHE_ECDSA_BUG

{-# LINE 36 "OpenSSL/SSL/Option.hsc" #-}
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_SSLEAY_080_CLIENT_DH_BUG
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_TLS_D5_BUG
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_TLS_BLOCK_PADDING_BUG

{-# LINE 43 "OpenSSL/SSL/Option.hsc" #-}
      -- | Disables a countermeasure against a SSL 3.0/TLS 1.0
      -- protocol vulnerability affecting CBC ciphers, which cannot be
      -- handled by some broken SSL implementations. This option has
      -- no effect for connections using other ciphers.
    | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

{-# LINE 49 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 50 "OpenSSL/SSL/Option.hsc" #-}
      -- | Adds a padding extension to ensure the ClientHello size is
      -- never between 256 and 511 bytes in length. This is needed as
      -- a workaround for some implementations.
    | SSL_OP_TLSEXT_PADDING

{-# LINE 55 "OpenSSL/SSL/Option.hsc" #-}
      -- | Default set of options
    | SSL_OP_ALL

{-# LINE 58 "OpenSSL/SSL/Option.hsc" #-}
      -- | Disable version rollback attack detection.
      --
      -- During the client key exchange, the client must send the same
      -- information about acceptable SSL/TLS protocol levels as
      -- during the first hello. Some clients violate this rule by
      -- adapting to the server's answer. (Example: the client sends a
      -- SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only
      -- understands up to SSLv3. In this case the client must still
      -- use the same SSLv3.1=TLSv1 announcement. Some clients step
      -- down to SSLv3 with respect to the server's answer and violate
      -- the version rollback protection.)
    | SSL_OP_TLS_ROLLBACK_BUG

{-# LINE 71 "OpenSSL/SSL/Option.hsc" #-}
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_SINGLE_DH_USE
      -- | As of OpenSSL 1.0.1k and 1.0.2, this option has no effect.
    | SSL_OP_EPHEMERAL_RSA

{-# LINE 76 "OpenSSL/SSL/Option.hsc" #-}
      -- | When choosing a cipher, use the server's preferences
      -- instead of the client preferences. When not set, the SSL
      -- server will always follow the clients preferences. When set,
      -- the SSLv3/TLSv1 server will choose following its own
      -- preferences. Because of the different protocol, for SSLv2 the
      -- server will send its list of preferences to the client and
      -- the client chooses.
    | SSL_OP_CIPHER_SERVER_PREFERENCE

{-# LINE 85 "OpenSSL/SSL/Option.hsc" #-}
      -- | As of OpenSSL 1.0.1 this option has no effect.
    | SSL_OP_PKCS1_CHECK_1
      -- | As of OpenSSL 1.0.1 this option has no effect.
    | SSL_OP_PKCS1_CHECK_2
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_NETSCAPE_CA_DN_BUG
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
      -- | As of OpenSSL 1.1.0 this option has no effect.
    | SSL_OP_NO_SSLv2
      -- | Do not use the SSLv3 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_SSLv3
      -- | Do not use the TLSv1 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_TLSv1
      -- | Do not use the TLSv1.1 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_TLSv1_1
      -- | Do not use the TLSv1.2 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_TLSv1_2
      -- | Do not use the TLSv1.3 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_TLSv1_3
      -- | Do not use the DTLSv1 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_DTLSv1
      -- | Do not use the DTLSv1.2 protocol.
      -- As of OpenSSL 1.1.0, this option is deprecated
    | SSL_OP_NO_DTLSv1_2

{-# LINE 117 "OpenSSL/SSL/Option.hsc" #-}
      -- | When performing renegotiation as a server, always start a
      -- new session (i.e., session resumption requests are only
      -- accepted in the initial handshake). This option is not needed
      -- for clients.
    | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

{-# LINE 123 "OpenSSL/SSL/Option.hsc" #-}
      -- | Normally clients and servers will, where possible,
      -- transparently make use of
      -- <http://tools.ietf.org/html/rfc4507 RFC 4507> tickets for
      -- stateless session resumption.
      --
      -- If this option is set this functionality is disabled and
      -- tickets will not be used by clients or servers.
    | SSL_OP_NO_TICKET

{-# LINE 132 "OpenSSL/SSL/Option.hsc" #-}
      -- | Allow legacy insecure renegotiation between OpenSSL and
      -- unpatched clients or servers. See
      -- <https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiation SECURE RENEGOTIATION>
      -- for more details.
    | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

{-# LINE 138 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 139 "OpenSSL/SSL/Option.hsc" #-}
      -- | Allow legacy insecure renegotiation between OpenSSL and
      -- unpatched servers _only_. See
      -- <https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiation SECURE RENEGOTIATION>
      -- for more details.
    | SSL_OP_LEGACY_SERVER_CONNECT

{-# LINE 145 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 146 "OpenSSL/SSL/Option.hsc" #-}
      -- | Disable Extended master secret.
      -- Only available on OpenSSL 3.0.0 and later.
    | SSL_OP_NO_EXTENDED_MASTER_SECRET

{-# LINE 150 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 151 "OpenSSL/SSL/Option.hsc" #-}
      -- | Cleanse plaintext copies of data.
      -- Only available on OpenSSL 3.0.0 and later.
    | SSL_OP_CLEANSE_PLAINTEXT

{-# LINE 155 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 156 "OpenSSL/SSL/Option.hsc" #-}
      -- | Enble support for Kernel TLS
      -- Only available on OpenSSL 3.0.0 and later
    | SSL_OP_ENABLE_KTLS

{-# LINE 160 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 161 "OpenSSL/SSL/Option.hsc" #-}
    | SSL_OP_IGNORE_UNEXPECTED_EOF

{-# LINE 163 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 164 "OpenSSL/SSL/Option.hsc" #-}
    | SSL_OP_ALLOW_CLIENT_RENEGOTIATION

{-# LINE 166 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 167 "OpenSSL/SSL/Option.hsc" #-}
    | SSL_OP_DISABLE_TLSEXT_CA_NAMES

{-# LINE 169 "OpenSSL/SSL/Option.hsc" #-}
    | SSL_OP_CISCO_ANYCONNECT
    | SSL_OP_NO_ANTI_REPLAY
    | SSL_OP_PRIORITIZE_CHACHA
    | SSL_OP_ALLOW_NO_DHE_KEX
    | SSL_OP_NO_ENCRYPT_THEN_MAC
    | SSL_OP_NO_QUERY_MTU
    | SSL_OP_COOKIE_EXCHANGE
    | SSL_OP_NO_COMPRESSION
    | SSL_OP_ENABLE_MIDDLEBOX_COMPAT
    | SSL_OP_NO_RENEGOTIATION
    | SSL_OP_CRYPTOPRO_TLSEXT_BUG
      deriving (SSLOption -> SSLOption -> Bool
(SSLOption -> SSLOption -> Bool)
-> (SSLOption -> SSLOption -> Bool) -> Eq SSLOption
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: SSLOption -> SSLOption -> Bool
== :: SSLOption -> SSLOption -> Bool
$c/= :: SSLOption -> SSLOption -> Bool
/= :: SSLOption -> SSLOption -> Bool
Eq, Eq SSLOption
Eq SSLOption =>
(SSLOption -> SSLOption -> Ordering)
-> (SSLOption -> SSLOption -> Bool)
-> (SSLOption -> SSLOption -> Bool)
-> (SSLOption -> SSLOption -> Bool)
-> (SSLOption -> SSLOption -> Bool)
-> (SSLOption -> SSLOption -> SSLOption)
-> (SSLOption -> SSLOption -> SSLOption)
-> Ord SSLOption
SSLOption -> SSLOption -> Bool
SSLOption -> SSLOption -> Ordering
SSLOption -> SSLOption -> SSLOption
forall a.
Eq a =>
(a -> a -> Ordering)
-> (a -> a -> Bool)
-> (a -> a -> Bool)
-> (a -> a -> Bool)
-> (a -> a -> Bool)
-> (a -> a -> a)
-> (a -> a -> a)
-> Ord a
$ccompare :: SSLOption -> SSLOption -> Ordering
compare :: SSLOption -> SSLOption -> Ordering
$c< :: SSLOption -> SSLOption -> Bool
< :: SSLOption -> SSLOption -> Bool
$c<= :: SSLOption -> SSLOption -> Bool
<= :: SSLOption -> SSLOption -> Bool
$c> :: SSLOption -> SSLOption -> Bool
> :: SSLOption -> SSLOption -> Bool
$c>= :: SSLOption -> SSLOption -> Bool
>= :: SSLOption -> SSLOption -> Bool
$cmax :: SSLOption -> SSLOption -> SSLOption
max :: SSLOption -> SSLOption -> SSLOption
$cmin :: SSLOption -> SSLOption -> SSLOption
min :: SSLOption -> SSLOption -> SSLOption
Ord, Int -> SSLOption -> ShowS
[SSLOption] -> ShowS
SSLOption -> String
(Int -> SSLOption -> ShowS)
-> (SSLOption -> String)
-> ([SSLOption] -> ShowS)
-> Show SSLOption
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> SSLOption -> ShowS
showsPrec :: Int -> SSLOption -> ShowS
$cshow :: SSLOption -> String
show :: SSLOption -> String
$cshowList :: [SSLOption] -> ShowS
showList :: [SSLOption] -> ShowS
Show, Typeable)

optionToIntegral :: Integral a => SSLOption -> a
optionToIntegral :: forall a. Integral a => SSLOption -> a
optionToIntegral SSLOption
SSL_OP_MICROSOFT_SESS_ID_BUG                  = a
0
{-# LINE 184 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NETSCAPE_CHALLENGE_BUG                 = 0
{-# LINE 185 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG       = 0
{-# LINE 186 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG            = 0
{-# LINE 187 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER             = 0
{-# LINE 188 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 189 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_SAFARI_ECDHE_ECDSA_BUG                 = 64
{-# LINE 190 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 191 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_SSLEAY_080_CLIENT_DH_BUG               = 0
{-# LINE 192 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_TLS_D5_BUG                             = 0
{-# LINE 193 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_TLS_BLOCK_PADDING_BUG                  = 0
{-# LINE 194 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 195 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS            = 2048
{-# LINE 196 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 197 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 198 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_TLSEXT_PADDING                         = 16
{-# LINE 199 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 200 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_ALL                                    = 2147485776
{-# LINE 201 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 202 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_TLS_ROLLBACK_BUG                       = 8388608
{-# LINE 203 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 204 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_SINGLE_DH_USE                          = 0
{-# LINE 205 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_EPHEMERAL_RSA                          = 0
{-# LINE 206 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 207 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_CIPHER_SERVER_PREFERENCE               = 4194304
{-# LINE 208 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 209 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_PKCS1_CHECK_1                          = 0
{-# LINE 210 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_PKCS1_CHECK_2                          = 0
{-# LINE 211 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NETSCAPE_CA_DN_BUG                     = 0
{-# LINE 212 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG        = 0
{-# LINE 213 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_SSLv2                               = 0
{-# LINE 214 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_SSLv3                               = 33554432
{-# LINE 215 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_TLSv1                               = 67108864
{-# LINE 216 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_TLSv1_1                             = 268435456
{-# LINE 217 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_TLSv1_2                             = 134217728
{-# LINE 218 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 219 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_TLSv1_3                             = 536870912
{-# LINE 220 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 221 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 222 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_DTLSv1                              = 67108864
{-# LINE 223 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 224 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 225 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_DTLSv1_2                            = 134217728
{-# LINE 226 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 227 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 228 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 65536
{-# LINE 229 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 230 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_TICKET                              = 16384
{-# LINE 231 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 232 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION      = 262144
{-# LINE 233 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 234 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 235 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_LEGACY_SERVER_CONNECT                  = 4
{-# LINE 236 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 237 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 238 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_EXTENDED_MASTER_SECRET              = 1
{-# LINE 239 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 240 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 241 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_CLEANSE_PLAINTEXT                      = 2
{-# LINE 242 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 243 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 244 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_ENABLE_KTLS                            = 8
{-# LINE 245 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 246 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 247 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_IGNORE_UNEXPECTED_EOF                  = 128
{-# LINE 248 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 249 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 250 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_ALLOW_CLIENT_RENEGOTIATION             = 256
{-# LINE 251 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 252 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 253 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_DISABLE_TLSEXT_CA_NAMES                = 512
{-# LINE 254 "OpenSSL/SSL/Option.hsc" #-}

{-# LINE 255 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_ANTI_REPLAY                         = 16777216
{-# LINE 256 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_PRIORITIZE_CHACHA                      = 2097152
{-# LINE 257 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_ENABLE_MIDDLEBOX_COMPAT                = 1048576
{-# LINE 258 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_ENCRYPT_THEN_MAC                    = 524288
{-# LINE 259 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_ALLOW_NO_DHE_KEX                       = 1024
{-# LINE 260 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_QUERY_MTU                           = 4096
{-# LINE 261 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_COOKIE_EXCHANGE                        = 8192
{-# LINE 262 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_COMPRESSION                         = 131072
{-# LINE 263 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_NO_RENEGOTIATION                       = 1073741824
{-# LINE 264 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_CRYPTOPRO_TLSEXT_BUG                   = 2147483648
{-# LINE 265 "OpenSSL/SSL/Option.hsc" #-}
optionToIntegral SSL_OP_CISCO_ANYCONNECT                       = 32768