You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Vincent Hanquez db1232aea8 remove warnings, add some more #ifdef. 7 years ago
core remove warnings, add some more #ifdef. 7 years ago
debug bump version of debug to 0.2.0 7 years ago
extra Kludge for -optl-mwindows 7 years ago
test-scripts always do verbose tests with gnutls-debug-cli 7 years ago
.gitignore filter out .mix 7 years ago
LICENSE update LICENSE files and add a root one. 7 years ago
README.md update README 7 years ago
TODO remove old items 7 years ago

README.md

haskell TLS

This library provide native Haskell TLS and SSL protocol implementation for server and client.

Description

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Features

  • tiny code base (more than 20 times smaller than openSSL, and 10 times smaller than gnuTLS)
  • client certificates.
  • permissive license: BSD3.
  • supported versions: SSL3, TLS1.0, TLS1.1, TLS1.2.
  • key exchange supported: only RSA.
  • bulk algorithm supported: any stream or block ciphers.
  • supported extensions: secure renegociation, next protocol negotiation (draft 2), server name indication.

Common Issues

The tools mentioned below are all available from the tls-debug package.

  • Certificate issues

It’s useful to run the following command, which will connect to the destination and retrieve the certificate chained used.

tls-retrievecertificate -d <destination> -p <port> -v -c

As an output it will print every certificates in the chain and will gives the issuer and subjects of each. It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:

(subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)

A “CA is unknown” error indicates that your system doesn’t have a certificate in the trusted store belonging to any of the node of the chain.