pkgsrc.se | The NetBSD package collection

./security/hs-tls, TLS/SSL protocol native implementation (Server and Client)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.1.7nb1, Package name: hs-tls-2.1.7nb1, Maintainer: pho

Native Haskell TLS and SSL protocol implementation for server and
client.

This provides a high-level implementation of a sensitive security
protocol, eliminating a common set of security issues through the use
of the advanced type system, high level constructions and common
Haskell features.

Currently implement the SSL3.0, TLS1.0, TLS1.1, TLS1.2 and TLS 1.3
protocol, and support RSA and Ephemeral (Elliptic curve and regular)
Diffie Hellman key exchanges, and many extensions.

Required to run:
[devel/hs-data-default-class] [net/hs-network] [devel/hs-async] [lang/ghc88] [devel/hs-memory] [devel/hs-cereal] [devel/hs-asn1-encoding] [devel/hs-asn1-types] [security/hs-x509] [security/hs-cryptonite] [time/hs-hourglass] [security/hs-x509-store] [security/hs-x509-validation]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://hackage.haskell.org/package/tls-2.1.7/ (Download)

Filesize: 168.915 KB

Version history: (Expand)

(2025-02-02) Updated to version: hs-tls-2.1.7nb1
(2025-01-30) Updated to version: hs-tls-2.1.7
(2024-05-09) Updated to version: hs-tls-2.0.5nb1
(2024-05-04) Updated to version: hs-tls-2.0.5
(2023-11-02) Updated to version: hs-tls-1.9.0nb1
(2023-10-30) Updated to version: hs-tls-1.9.0

CVS history: (Expand)

2025-02-02 14:06:08 by Masatake Daimon | Files touched by this commit (1173)

Log message:
Bump all Haskell packages after switching the default compiler.

2025-01-30 12:10:36 by Masatake Daimon | Files touched by this commit (4) | Package updated

Log message:
security/hs-tls: update to tls-2.1.7

# Change log for "tls"

## Version 2.1.7

* Introducing `Limit` parameter.
* Implementing "Record Size Limit Extension for TLS" (RFC8449).
  Set `limitRecordSize` use it.
* Implementing "TLS Certificate Compression" (RFC 8879).
  This feature is automatically used if the peer supports it.
* More tests with `tlsfuzzer` especially for client authentication
  and 0-RTT.
* Implementing a utility funcation, `validateClientCertificate`, for
  client authentication.
* Bug fix for echo back logic of Cookie extension.
* More pretty show for the internal `Handshake` structure for debugging.

## Version 2.1.6

* Testing with "tlsfuzzer" again. Now don't send an alert agaist to
  peer's alert. Double locking (aka self dead-lock) is fixed. Sending
  an alert for known-but-cannot-parse extensions. Other corner cases
  are also fixed.
* `tls-client -d` and `tls-server -d` pretty-prints `Handshake`.

## Version 2.1.5

* Removing the dependency on the async package.
* Restore a few DHE_RSA ciphers.
  [#493](https://github.com/haskell-tls/hs-tls/pull/493)

## Version 2.1.4

* Exporting defaultValidationCache.

## Version 2.1.3

* Remove `data-default` version constraint.
  [#492](https://github.com/haskell-tls/hs-tls/pull/492)
* Exporting default variables.
  [#448](https://github.com/haskell-tls/hs-tls/pull/488)

## Version 2.1.2

* Using data-default instead of data-default-class.

## Version 2.1.1

* `bye` directly calls `timeout recvHS13`, not spawning a thread for
  `timeout recvHS13`. So, `bye` can receive an exception if thrown.

## Version 2.1.0

* Breaking change: stop exporting constructors to maintain future
  compatibilities. Field names are still exported, and values can be updated
  with them using record syntax. Use `def` and `noSessionManager` as initial
  values.
* `onServerFinished` is added to `ClientHooks`.
* `clientWantSessionResumeList` is added to `ClientParams` to support
  multiple tickets for TLS 1.3.

## Version 2.0.6

* Setting `supportedCiphers` in `defaultSupported` to `ciphersuite_default`.
  So, users don't have to override this value anymore by exporting
  `Network.TLS.Extra.Cipher`.
  [#471](https://github.com/haskell-tls/hs-tls/pull/471)
* `ciphersuite_default` is the same as `ciphersuite_strong`.
  So, the duplicated definition is removed.
* Add missing modules for util/tls-client and util/tls-server.

2024-05-09 03:32:57 by Masatake Daimon | Files touched by this commit (1137)

Log message:
Recursive revbump after changing the default Haskell compiler

2024-05-04 08:10:14 by Masatake Daimon | Files touched by this commit (4)

Log message:
security/hs-tls: Update to 2.0.5

Version 2.0.5

    Fixing handshake13_0rtt_fallback
    Client checks if the group of PSK is contained in Supported_Groups.
    HRR is not allowed for 0-RTT.

Version 2.0.4

    More fix for 0-RTT when application data is available while receiving CF.
    New util/tls-client and util/tls-server.

Version 2.0.3

    Fixing a bug where timeout in bye does not work.
    util/client -> util/tls-client
    util/server -> util/tls-server

Version 2.0.2

    Client checks sessionMaxEarlyDataSize to decide 0-RTT
    Client checks the resumption cipher properly.

Version 2.0.1

    Fix a leak of pending data to be sent.

Version 2.0.0

    tls now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
    Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed.
    Security: BREAKING CHANGE: all CBC cipher suite are removed.
    Security: BREAKING CHANGE: RC4 and 3DES are removed.
    Security: BREAKING CHANGE: DSS(digital signature standard) is removed.
    Security: BREAKING CHANGE: TLS 1.2 servers require EMS(extended main secret) \ 
by default. supportedExtendedMasterSec is renamed to \ 
supportedExtendedMainSecret.
    BREAKING CHANGE: the package is now complied with Strict and StrictData.
    BREAKING CHANGE: Many data structures are re-defined with PatternSynonyms \ 
for extensibility.
    BREAKING CHANGE: the structure of SessionManager is changed to support \ 
session tickets.
    API: BREAKING CHANGE: sendData can send early data (0-RTT). clientEarlyData \ 
is removed. To send early data via sendData, set clientUseEarlyData to True. \ 
#466
    API: handshake can receive an alert of client authentication failure for TLS \ 
1.3. #463
    API: bye can receive NewSessionTicket for TLS 1.3.
    Channel binding: getFinished and getPeerFinished are deprecated. Use \ 
getTLSUnique instead. #462
    Channel binding: getTLSExporter and getTLSServerEndPoint are provided. #462
    Refactoring: the monolithic handshake is divided to follow the diagram of \ 
TLS 1.2 and 1.3 for readability.
    Refactoring: test cases are refactored for maintenability and readablity. \ 
hspec is used instead of tasty.
    Code format: fourmolu is used as an official formatter.
    Catching up RFC8446bis-09. #467

2023-11-02 07:37:49 by Masatake Daimon | Files touched by this commit (1141)

Log message:
Revbump all Haskell after updating lang/ghc96

2023-10-30 15:50:28 by Masatake Daimon | Files touched by this commit (4)

Log message:
security/hs-tls: Update to 1.9.0

Version 1.9.0
* BREAKING CHANGE: The type of the Error_Protocol constructor of TLSError
  has changed. The "warning" case has been split off into a new
  Error_Protocol_Warning constructor. #460

Version 1.8.0
* BREAKING CHANGE: Remove Exception instance for TLSError. The library now
  throws TLSException only. If you need to change your code, please refer
  to this example first. #457

Version 1.7.1
* NOP on UserCanceled event #454

Version 1.7.0
* Major version up because "crypton" is used instead of \ 
"cryptonite"

2023-10-09 06:55:01 by Masatake Daimon | Files touched by this commit (988)

Log message:
Bump Haskell packages after updating lang/ghc94

2023-01-27 03:02:25 by Masatake Daimon | Files touched by this commit (4)

Log message:
security/hs-tls: Update to 1.6.0

Version 1.6.0
* Major version up because of disabling SSL3
* Some fixes against tlsfuzzer

Version 1.5.8
* Require mtl-2.2.1 or newer #448