Fields

clientUseMaxFragmentLength :: Maybe MaxFragmentEnum

 

clientServerIdentification :: (HostName, Bytes)

Define the name of the server, along with an extra service identification blob. this is important that the hostname part is properly filled for security reason, as it allow to properly associate the remote side with the given certificate during a handshake.

The extra blob is useful to differentiate services running on the same host, but that might have different certificates given. It's only used as part of the X509 validation infrastructure.

clientUseServerNameIndication :: Bool

Allow the use of the Server Name Indication TLS extension during handshake, which allow the client to specify which host name, it's trying to access. This is useful to distinguish CNAME aliasing (e.g. web virtual host).

clientWantSessionResume :: Maybe (SessionID, SessionData)

try to establish a connection using this session.

clientShared :: Shared

 

clientHooks :: ClientHooks

 

clientSupported :: Supported

In this element, you'll need to override the default empty value of of supportedCiphers with a suitable cipherlist.

clientDebug :: DebugParams

 

Fields

serverWantClientCert :: Bool

request a certificate from client.

serverCACertificates :: [SignedCertificate]

This is a list of certificates from which the disinguished names are sent in certificate request messages. For TLS1.0, it should not be empty.

serverDHEParams :: Maybe DHParams

Server Optional Diffie Hellman parameters. If this value is not properly set, no Diffie Hellman key exchange will take place.

serverShared :: Shared

 

serverHooks :: ServerHooks

 

serverSupported :: Supported

 

serverDebug :: DebugParams

 

Fields

debugSeed :: Maybe Seed

Disable the true randomness in favor of deterministic seed that will produce a deterministic random from. This is useful for tests and debugging purpose. Do not use in production

debugPrintSeed :: Seed -> IO ()

Add a way to print the seed that was randomly generated. re-using the same seed will reproduce the same randomness with debugSeed

Fields

onCertificateRequest :: ([CertificateType], Maybe [HashAndSignatureAlgorithm], [DistinguishedName]) -> IO (Maybe (CertificateChain, PrivKey))

This action is called when the server sends a certificate request. The parameter is the information from the request. The action should select a certificate chain of one of the given certificate types where the last certificate in the chain should be signed by one of the given distinguished names. Each certificate should be signed by the following one, except for the last. At least the first of the certificates in the chain must have a corresponding private key, because that is used for signing the certificate verify message.

Note that is is the responsibility of this action to select a certificate matching one of the requested certificate types. Returning a non-matching one will lead to handshake failure later.

Returning a certificate chain not matching the distinguished names may lead to problems or not, depending whether the server accepts it.

onNPNServerSuggest :: Maybe ([ByteString] -> IO ByteString)

 

onServerCertificate :: CertificateStore -> ValidationCache -> ServiceID -> CertificateChain -> IO [FailedReason]

 

onSuggestALPN :: IO (Maybe [ByteString])

 

Fields

onClientCertificate :: CertificateChain -> IO CertificateUsage

This action is called when a client certificate chain is received from the client. When it returns a CertificateUsageReject value, the handshake is aborted.

onUnverifiedClientCert :: IO Bool

This action is called when the client certificate cannot be verified. A Nothing argument indicates a wrong signature, a 'Just e' message signals a crypto error.

onCipherChoosing :: Version -> [Cipher] -> Cipher

Allow the server to choose the cipher relative to the the client version and the client list of ciphers.

This could be useful with old clients and as a workaround to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)

The client cipher list cannot be empty.

onServerNameIndication :: Maybe HostName -> IO Credentials

Allow the server to indicate additional credentials to be used depending on the host name indicated by the client.

This is most useful for transparent proxies where credentials must be generated on the fly according to the host the client is trying to connect to.

onSuggestNextProtocols :: IO (Maybe [ByteString])

suggested next protocols accoring to the next protocol negotiation extension.

onNewHandshake :: Measurement -> IO Bool

at each new handshake, we call this hook to see if we allow handshake to happens.

onALPNClientSuggest :: Maybe ([ByteString] -> IO ByteString)

 

Fields

supportedVersions :: [Version]

Supported Versions by this context On the client side, the highest version will be used to establish the connection. On the server side, the highest version that is less or equal than the client version will be chosed.

supportedCiphers :: [Cipher]

Supported cipher methods. The default is empty, specify a suitable cipher list. ciphersuite_default is often a good choice.

supportedCompressions :: [Compression]

supported compressions methods

supportedHashSignatures :: [HashAndSignatureAlgorithm]

All supported hash/signature algorithms pair for client certificate verification, ordered by decreasing priority.

supportedSecureRenegotiation :: Bool

Secure renegotiation defined in RFC5746. If True, clients send the renegotiation_info extension. If True, servers handle the extension or the renegotiation SCSV then send the renegotiation_info extension.

supportedClientInitiatedRenegotiation :: Bool

If True, renegotiation is allowed from the client side. This is vulnerable to DOS attacks. If False, renegotiation is allowed only from the server side via HelloRequest.

supportedSession :: Bool

Set if we support session.

supportedFallbackScsv :: Bool

Support for fallback SCSV defined in RFC7507. If True, servers reject handshakes which suggest a lower protocol than the highest protocol supported.

supportedEmptyPacket :: Bool

In ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed by an attacker. Hence, an empty packet is normally sent before a normal data packet, to prevent guessability. Some Microsoft TLS-based protocol implementations, however, consider these empty packets as a protocol violation and disconnect. If this parameter is False, empty packets will never be added, which is less secure, but might help in rare cases.

Fields

sharedCredentials :: Credentials

 

sharedSessionManager :: SessionManager

 

sharedCAStore :: CertificateStore

 

sharedValidationCache :: ValidationCache

 

Fields

hookRecvHandshake :: Handshake -> IO Handshake

called at each handshake message received

hookRecvCertificates :: CertificateChain -> IO ()

called at each certificate chain message received

hookLogging :: Logging

hooks on IO and packets, receiving and sending.

Fields

loggingPacketSent :: String -> IO ()

 

loggingPacketRecv :: String -> IO ()

 

loggingIOSent :: ByteString -> IO ()

 

loggingIORecv :: Header -> ByteString -> IO ()

 

Fields

nbHandshakes :: !Word32

number of handshakes on this context

bytesReceived :: !Word32

bytes received since last handshake

bytesSent :: !Word32

bytes sent since last handshake

Fields

sessionVersion :: Version

 

sessionCipher :: CipherID

 

sessionSecret :: ByteString

 

Fields

sessionResume :: SessionID -> IO (Maybe SessionData)

used on server side to decide whether to resume a client session.

sessionEstablish :: SessionID -> SessionData -> IO ()

used when a session is established.

sessionInvalidate :: SessionID -> IO ()

used when a session is invalidated.

Fields

backendFlush :: IO ()

Flush the connection sending buffer, if any.

backendClose :: IO ()

Close the connection.

backendSend :: ByteString -> IO ()

Send a bytestring through the connection.

backendRecv :: Int -> IO ByteString

Receive specified number of bytes from the connection.

Fields

infoVersion :: Version

 

infoCipher :: Cipher

 

infoCompression :: Compression

 

infoMasterSecret :: Maybe Bytes

 

infoClientRandom :: Maybe ClientRandom

 

infoServerRandom :: Maybe ServerRandom

 

Fields

bulkName :: String

 

bulkKeySize :: Int

 

bulkIVSize :: Int

 

bulkExplicitIV :: Int

 

bulkAuthTagLen :: Int

 

bulkBlockSize :: Int

 

bulkF :: BulkFunctions

 

Fields

cipherID :: CipherID

 

cipherName :: String

 

cipherHash :: Hash

 

cipherBulk :: Bulk

 

cipherKeyExchange :: CipherKeyExchangeType

 

cipherMinVer :: Maybe Version

 

cipherPRFHash :: Maybe Hash

 

Fields

checkTimeValidity :: Bool

check time validity of every certificate in the chain. the make sure that current time is between each validity bounds in the certificate

checkAtTime :: Maybe DateTime

The time when the validity check happens. When set to Nothing, the current time will be used

checkStrictOrdering :: Bool

Check that no certificate is included that shouldn't be included. unfortunately despite the specification violation, a lots of real world server serves useless and usually old certificates that are not relevant to the certificate sent, in their chain.

checkCAConstraints :: Bool

Check that signing certificate got the CA basic constraint. this is absolutely not recommended to turn it off.

checkExhaustive :: Bool

Check the whole certificate chain without stopping at the first failure. Allow gathering a exhaustive list of failure reasons. if this is turn off, it's absolutely not safe to ignore a failed reason even it doesn't look serious (e.g. Expired) as other more serious checks would not have been performed.

checkLeafV3 :: Bool

Check that the leaf certificate is version 3. If disable, version 2 certificate is authorized in leaf position and key usage cannot be checked.

checkLeafKeyUsage :: [ExtKeyUsageFlag]

Check that the leaf certificate is authorized to be used for certain usage. If set to empty list no check are performed, otherwise all the flags is the list need to exists in the key usage extension. If the extension is not present, the check will pass and behave as if the certificate key is not restricted to any specific usage.

checkLeafKeyPurpose :: [ExtKeyUsagePurpose]

Check that the leaf certificate is authorized to be used for certain purpose. If set to empty list no check are performed, otherwise all the flags is the list need to exists in the extended key usage extension if present. If the extension is not present, then the check will pass and behave as if the certificate is not restricted to any specific purpose.

checkFQHN :: Bool

Check the top certificate names matching the fully qualified hostname (FQHN). it's not recommended to turn this check off, if no other name checks are performed.

Fields

hookMatchSubjectIssuer :: DistinguishedName -> Certificate -> Bool

check the the issuer DistinguishedName match the subject DistinguishedName of a certificate.

hookValidateTime :: DateTime -> Certificate -> [FailedReason]

validate that the parametrized time valide with the certificate in argument

hookValidateName :: HostName -> Certificate -> [FailedReason]

validate the certificate leaf name with the DNS named used to connect

hookFilterReason :: [FailedReason] -> [FailedReason]

user filter to modify the list of failure reasons

Fields

cacheQuery :: ValidationCacheQueryCallback

cache querying callback

cacheAdd :: ValidationCacheAddCallback

cache adding callback