warp-tls

HTTP over TLS support for Warp via the TLS package

LTS Haskell 21.13:	3.3.6@rev:1
Stackage Nightly 2023-09-24:	3.4.2
Latest on Hackage:	3.4.2

See all snapshots warp-tls appears in

MIT licensed by Michael Snoyman

Maintained by michael@snoyman.com

This version can be pinned in stack with:warp-tls-3.4.2@sha256:1dc71da6b765f3aefaebb1a9177e6bb0d665d84b84f62a13d046fa8a3fc349b2,1828

Module documentation for 3.4.2

Network
- Network.Wai
  - Network.Wai.Handler
    - Network.Wai.Handler.WarpTLS
      - Network.Wai.Handler.WarpTLS.Internal

Depends on 11 packages(full list with versions):

base, bytestring, data-default-class, network, recv, streaming-commons, tls, tls-session-manager, unliftio, wai, warp

Used by 5 packages in nightly-2023-09-24(full list with versions):

git-annex, keter, tmp-proc, wai-cli, wai-enforce-https

warp-tls

Serve WAI applications using the Warp webserver and the Haskell TLS library.

In order to generate a self-signed certificate for testing, try the following:

openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out certificate.csr
openssl x509 -req -in certificate.csr -signkey key.pem -out certificate.pem

Changes

ChangeLog

3.4.1

Requiring warp v3.3.29.

3.4.1

Supporting tls v1.8.0.

3.4.0

Major version up to deprecate v3.3.7 due to the incompatibility against cryptonite.

3.3.7

Using crypton instead of cryptonite. #931

3.3.6

Setting FD_CLOEXEC on the listening socket. #923

3.3.5

Switching the version of the “recv” package from 0.0.x to 0.1.x.

3.3.4

Integrated customizable accept hook from Network.Wai.Handler.Warp.Settings (cf. setAccept) #912
Adjusted httpOverTls because of the factoring out of Network.Wai.Handler.Warp.Recv to its own package recv in the warp package. #899

3.3.3

Creating a bigger buffer when the current one is too small to fit the Builder #895
Expose TLS.supportedHashSignatures via TLSSettings #872

3.3.2

Providing the Internal module. #841

3.3.1

Move exception handling over to unliftio for better async exception support #845
Cleanly close connection when client closes connection prematurely #844

3.3.0

Breaking changes: certFile and keyFile are not exported anymore.
Allow TLS credentials to be retrieved from an IORef. #806

3.2.12

A config field: tlsCredentials and tlsSessionManager. #805

3.2.11

Ignoring an exception from shutdown (gracefulClose).

3.2.10

Passing client certificate, if any, to Warp #783

3.2.9

Cooperating setGracefulCloseTimeout1 and setGracefulCloseTimeout2 of Warp. #782

3.2.8

Using gracefullClose of network 3.1.1 or later if available.

3.2.7

Relaxing version constraint.

3.2.6

Using the Strict and StrictData language extensions for GHC >8. #752

3.2.5

When tls 1.5.0 is available, TLS 1.3 is automatically supported.

3.2.4.3

Using warp >= 3.2.17.

3.2.4.2

Ignore socket errors while sending close_notify #640

3.2.4

Using tls-session-manager.

3.2.3

Stop using obsoleted APIs of network.

3.2.2

New settting parameter: tlsServerDHEParams #556
Preventing socket leakage #559

3.2.1

Removing dependency to cprng-aes.

3.2.0

Major version up due to breaking changes.
runHTTP2TLS and runHTTP2TLSSocket were removed.

3.1.4

Add an option to disable HTTP2 #450

3.1.3

Removing SHA 512 and SHA 384 from supportedCiphers to rescue Safari and golang. #429

3.1.2

Getting Rating A from the SSL Server Test

3.1.1

Converting “send: resource vanished (Broken pipe)” to ConnectionClosedByPeer. #421

3.1.0

Supporting HTTP/2 #399
Removing RC4 #400

3.0.4.2

tls 1.3 support #390

3.0.4.1

Fix for leaked FDs #378

3.0.4

Replace acceptSafe with accept, see #361

3.0.3

Support chain certs #349

3.0.2

Allow warp-tls to request client certificates. #337

3.0.1.4

Add additional Diffie-Hellman RSA and DSA ciphers to warp-tls.

3.0.1.3

Unable to allow insecure connections with warp-tls #324

3.0.1.2

Make sure Timer is tickled in sendfile. #323

3.0.1

Support for in-memory certificates and keys