tls-0.6.1: TLS/SSL protocol native implementation (Server and Client)

Portabilityunknown
Stabilityexperimental
MaintainerVincent Hanquez <vincent@snarc.org>

Network.TLS

Contents

Description

 

Synopsis

Context configuration

data TLSParams

Constructors

TLSParams 

Fields

pConnectVersion :: Version

version to use on client connection.

pAllowedVersions :: [Version]

allowed versions that we can use.

pCiphers :: [Cipher]

all ciphers supported ordered by priority.

pCompressions :: [Compression]

all compression supported ordered by priority.

pWantClientCert :: Bool

request a certificate from client. use by server only.

pCertificates :: [(X509, Maybe PrivateKey)]

the cert chain for this context with the associated keys if any.

onCertificatesRecv :: [X509] -> IO Bool

callback to verify received cert chain.

Instances

defaultParams :: TLSParams

Context object

data TLSCtx

A TLS Context is a handle augmented by tls specific state and parameters

ctxHandle :: TLSCtx -> Handle

return the handle associated with this context

Creating a context

client :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m TLSCtx

Create a new Client context with a configuration, a RNG, and a Handle. It reconfigures the handle buffermode to noBuffering

server :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m TLSCtx

Create a new Server context with a configuration, a RNG, and a Handle. It reconfigures the handle buffermode to noBuffering

Initialisation and Termination of context

bye :: MonadIO m => TLSCtx -> m ()

notify the context that this side wants to close connection. this is important that it is called before closing the handle, otherwise the session might not be resumable (for version < TLS1.2).

this doesn't actually close the handle

handshake :: MonadIO m => TLSCtx -> m ()

Handshake for a new TLS connection This is to be called at the beginning of a connection, and during renegociation

High level API

sendData :: MonadIO m => TLSCtx -> ByteString -> m ()

sendData sends a bunch of data. It will automatically chunk data to acceptable packet size

recvData :: MonadIO m => TLSCtx -> m ByteString

recvData get data out of Data packet, and automatically renegociate if a Handshake ClientHello is received

Crypto Key

data PrivateKey

Constructors

PrivRSA PrivateKey 

Instances

Compressions & Predefined compressions

data Compression

Compression algorithm

Instances

nullCompression :: Compression

default null compression

Ciphers & Predefined ciphers

data Cipher

Cipher algorithm

Instances

Versions

data Version

Versions known to TLS

SSL2 is just defined, but this version is and will not be supported.

TLS12 is not yet supported

Constructors

SSL2 
SSL3 
TLS10 
TLS11 
TLS12 

Instances

Errors

data TLSError

TLSError that might be returned through the TLS stack

Constructors

Error_Misc String 
Error_Certificate String 
Error_Random String 
Error_Digest ([Word8], [Word8]) 
Error_Packet String 
Error_Packet_Size_Mismatch (Int, Int) 
Error_Packet_unexpected String String 
Error_Packet_Parsing String 
Error_Internal_Packet_ByteProcessed Int Int Int 
Error_Unknown_Version Word8 Word8 
Error_Unknown_Type String 

Instances