Safe Haskell	None
Language	Haskell2010

Network.Wai.Handler.WarpTLS

Contents

Runner
Settings
Smart constructors
Accessors
Exception
DH parameters (re-exports)

Description

HTTP over TLS support for Warp via the TLS package.

If HTTP/2 is negotiated by ALPN, HTTP/2 over TLS is used. Otherwise HTTP/1.1 over TLS is used.

Support for SSL is now obsoleted.

Synopsis

runTLS :: TLSSettings -> Settings -> Application -> IO ()
runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()
data TLSSettings
defaultTlsSettings :: TLSSettings
tlsSettings :: FilePath -> FilePath -> TLSSettings
tlsSettingsChain :: FilePath -> [ FilePath ] -> FilePath -> TLSSettings
tlsSettingsMemory :: ByteString -> ByteString -> TLSSettings
tlsSettingsChainMemory :: ByteString -> [ ByteString ] -> ByteString -> TLSSettings
tlsSettingsRef :: IORef ByteString -> IORef ByteString -> TLSSettings
tlsSettingsChainRef :: IORef ByteString -> [ IORef ByteString ] -> IORef ByteString -> TLSSettings
data CertSettings
tlsCredentials :: TLSSettings -> Maybe Credentials
tlsLogging :: TLSSettings -> Logging
tlsAllowedVersions :: TLSSettings -> [ Version ]
tlsCiphers :: TLSSettings -> [ Cipher ]
tlsWantClientCert :: TLSSettings -> Bool
tlsServerHooks :: TLSSettings -> ServerHooks
tlsServerDHEParams :: TLSSettings -> Maybe Params
tlsSessionManagerConfig :: TLSSettings -> Maybe Config
tlsSessionManager :: TLSSettings -> Maybe SessionManager
onInsecure :: TLSSettings -> OnInsecure
data OnInsecure
- = DenyInsecure ByteString
- | AllowInsecure
data WarpTLSException
- = InsecureConnectionDenied
- | ClientClosedConnectionPrematurely
data Params
generateParams :: MonadRandom m => Int -> Integer -> m Params

Runner

runTLS :: TLSSettings -> Settings -> Application -> IO () Source #

Running Application with TLSSettings and Settings .

runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO () Source #

Running Application with TLSSettings and Settings using specified Socket .

Settings

data TLSSettings Source #

Settings for WarpTLS.

defaultTlsSettings :: TLSSettings Source #

Default TLSSettings . Use this to create TLSSettings with the field record name (aka accessors).

Smart constructors

From files

tlsSettings Source #

Arguments

:: FilePath	Certificate file
-> FilePath	Key file
-> TLSSettings

A smart constructor for TLSSettings based on defaultTlsSettings .

tlsSettingsChain Source #

Arguments

:: FilePath	Certificate file
-> [ FilePath ]	Chain certificate files
-> FilePath	Key file
-> TLSSettings

A smart constructor for TLSSettings that allows specifying chain certificates based on defaultTlsSettings .

Since 3.0.3

From memory

tlsSettingsMemory Source #

Arguments

:: ByteString	Certificate bytes
-> ByteString	Key bytes
-> TLSSettings

A smart constructor for TLSSettings , but uses in-memory representations of the certificate and key based on defaultTlsSettings .

Since 3.0.1

tlsSettingsChainMemory Source #

Arguments

:: ByteString	Certificate bytes
-> [ ByteString ]	Chain certificate bytes
-> ByteString	Key bytes
-> TLSSettings

A smart constructor for TLSSettings , but uses in-memory representations of the certificate and key based on defaultTlsSettings .

Since 3.0.3

From references

tlsSettingsRef Source #

Arguments

:: IORef ByteString	Reference to certificate bytes
-> IORef ByteString	Reference to key bytes
-> TLSSettings

A smart constructor for TLSSettings , but uses references to in-memory representations of the certificate and key based on defaultTlsSettings .

Since: 3.3.0

tlsSettingsChainRef Source #

Arguments

:: IORef ByteString	Reference to certificate bytes
-> [ IORef ByteString ]	Reference to chain certificate bytes
-> IORef ByteString	Reference to key bytes
-> TLSSettings

A smart constructor for TLSSettings , but uses references to in-memory representations of the certificate and key based on defaultTlsSettings .

Since: 3.3.0

data CertSettings Source #

Determines where to load the certificate, chain certificates, and key from.

Accessors

tlsCredentials :: TLSSettings -> Maybe Credentials Source #

Specifying Credentials directly. If this value is specified, other fields such as certFile are ignored.

Since 3.2.12

tlsLogging :: TLSSettings -> Logging Source #

The level of logging to turn on.

Default: defaultLogging .

Since 1.4.0

tlsAllowedVersions :: TLSSettings -> [ Version ] Source #

The TLS versions this server accepts.

>>> tlsAllowedVersions defaultTlsSettings
[TLS13,TLS12,TLS11,TLS10]

Since 1.4.2

tlsCiphers :: TLSSettings -> [ Cipher ] Source #

The TLS ciphers this server accepts.

>>> tlsCiphers defaultTlsSettings
[ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1,AES128GCM-SHA256,AES256GCM-SHA384]

Since 1.4.2

tlsWantClientCert :: TLSSettings -> Bool Source #

Whether or not to demand a certificate from the client. If this is set to True, you must handle received certificates in a server hook or all connections will fail.

>>> tlsWantClientCert defaultTlsSettings
False

Since 3.0.2

tlsServerHooks :: TLSSettings -> ServerHooks Source #

The server-side hooks called by the tls package, including actions to take when a client certificate is received. See the Network.TLS module for details.

Default: def

Since 3.0.2

tlsServerDHEParams :: TLSSettings -> Maybe Params Source #

Configuration for ServerDHEParams more function lives in cryptonite package

Default: Nothing

Since 3.2.2

tlsSessionManagerConfig :: TLSSettings -> Maybe Config Source #

Configuration for in-memory TLS session manager. If Nothing, noSessionManager is used. Otherwise, an in-memory TLS session manager is created according to Config .

Default: Nothing

Since 3.2.4

tlsSessionManager :: TLSSettings -> Maybe SessionManager Source #

Specifying SessionManager directly. If this value is specified, tlsSessionManagerConfig is ignored.

Since 3.2.12

onInsecure :: TLSSettings -> OnInsecure Source #

Do we allow insecure connections with this server as well?

>>> onInsecure defaultTlsSettings
DenyInsecure "This server only accepts secure HTTPS connections."

Since 1.4.0

data OnInsecure Source #

An action when a plain HTTP comes to HTTP over TLS/SSL port.

Constructors

DenyInsecure ByteString
AllowInsecure

Instances

Instances details

Show OnInsecure Source #
Instance details Defined in Network.Wai.Handler.WarpTLS.Internal Methods showsPrec :: Int -> OnInsecure -> ShowS Source # show :: OnInsecure -> String Source # showList :: [ OnInsecure ] -> ShowS Source #

Exception

data WarpTLSException Source #

Constructors

InsecureConnectionDenied
ClientClosedConnectionPrematurely

Instances

Instances details

Show WarpTLSException Source #
Instance details Defined in Network.Wai.Handler.WarpTLS Methods showsPrec :: Int -> WarpTLSException -> ShowS Source # show :: WarpTLSException -> String Source # showList :: [ WarpTLSException ] -> ShowS Source #
Exception WarpTLSException Source #
Instance details Defined in Network.Wai.Handler.WarpTLS Methods toException :: WarpTLSException -> SomeException Source # fromException :: SomeException -> Maybe WarpTLSException Source # displayException :: WarpTLSException -> String Source #

DH parameters (re-exports)

This custom DH parameters are not necessary anymore because pre-defined DH parameters are supported in the TLS package.

data Params Source #

Represent Diffie Hellman parameters namely P (prime), and G (generator).

Instances

Instances details

Eq Params
Instance details Defined in Crypto.PubKey.DH Methods (==) :: Params -> Params -> Bool Source # (/=) :: Params -> Params -> Bool Source #
Data Params
Instance details Defined in Crypto.PubKey.DH Methods gfoldl :: ( forall d b. Data d => c (d -> b) -> d -> c b) -> ( forall g. g -> c g) -> Params -> c Params Source # gunfold :: ( forall b r. Data b => c (b -> r) -> c r) -> ( forall r. r -> c r) -> Constr -> c Params Source # toConstr :: Params -> Constr Source # dataTypeOf :: Params -> DataType Source # dataCast1 :: Typeable t => ( forall d. Data d => c (t d)) -> Maybe (c Params ) Source # dataCast2 :: Typeable t => ( forall d e. ( Data d, Data e) => c (t d e)) -> Maybe (c Params ) Source # gmapT :: ( forall b. Data b => b -> b) -> Params -> Params Source # gmapQl :: (r -> r' -> r) -> r -> ( forall d. Data d => d -> r') -> Params -> r Source # gmapQr :: forall r r'. (r' -> r -> r) -> r -> ( forall d. Data d => d -> r') -> Params -> r Source # gmapQ :: ( forall d. Data d => d -> u) -> Params -> [u] Source # gmapQi :: Int -> ( forall d. Data d => d -> u) -> Params -> u Source # gmapM :: Monad m => ( forall d. Data d => d -> m d) -> Params -> m Params Source # gmapMp :: MonadPlus m => ( forall d. Data d => d -> m d) -> Params -> m Params Source # gmapMo :: MonadPlus m => ( forall d. Data d => d -> m d) -> Params -> m Params Source #
Read Params
Instance details Defined in Crypto.PubKey.DH Methods readsPrec :: Int -> ReadS Params Source # readList :: ReadS [ Params ] Source # readPrec :: ReadPrec Params Source # readListPrec :: ReadPrec [ Params ] Source #
Show Params
Instance details Defined in Crypto.PubKey.DH Methods showsPrec :: Int -> Params -> ShowS Source # show :: Params -> String Source # showList :: [ Params ] -> ShowS Source #
NFData Params
Instance details Defined in Crypto.PubKey.DH Methods rnf :: Params -> () Source #

generateParams Source #

Arguments

:: MonadRandom m
=> Int	number of bits
-> Integer	generator
-> m Params

generate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime)