tls

TLS/SSL protocol native implementation (Server and Client) http://github.com/vincenthz/hs-tls

Latest on Hackage:1.5.4

See all snapshots tls appears in

BSD-3-Clause licensed and maintained by Vincent Hanquez

Module documentation for 1.2.13

This version can be pinned in stack with:tls-1.2.13@sha256:5921b3456bbf7f6ef5463b9c8c651af4c264cfbffe0110cdfd5ae37e4a1f01dc,5863
  • Network
    • Network.TLS
      • Network.TLS.Cipher
      • Network.TLS.Compression
      • Network.TLS.Extra
        • Network.TLS.Extra.Cipher
      • Network.TLS.Internal

Native Haskell TLS and SSL protocol implementation for server and client.

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support RSA and Ephemeral Diffie Hellman key exchanges, and many extensions.

Some debug tools linked with tls, are available through the http://hackage.haskell.org/package/tls-debug/.

Changes

Version 1.2.6 (23 Mar 2014)

  • Fixed socket backend endless loop when the server does not close connection properly at the TLS level with the close notify alert.
  • Catch Error_EOF in recvData and return empty data.

Version 1.2.5 (23 Mar 2014)

  • Fixed Server key exchange data being parsed without the correct context, leading to not knowing how to parse the structure. The bug happens on efficient server that happens to send the ServerKeyXchg message together with the ServerHello in the same handshake packet. This trigger parsing of all the messages without having set the pending cipher. Delay parsing, when this happen, until we know what to do with it.

Version 1.2.4 (23 Mar 2014)

  • Fixed unrecognized name non-fatal alert after client hello.
  • Add SSL3 to the supported list of version by default.
  • Fix cereal lower bound to 0.4.0 minimum

Version 1.2.3 (22 Mar 2014)

  • Fixed handshake records not being able to span multiples records.