diohsc 0.1.14.6 → 0.1.14.7
raw patch · 5 files changed
+19/−16 lines, 5 filesdep ~networkdep ~tls
Dependency ranges changed: network, tls
Files
- ClientSessionManager.hs +3/−1
- GeminiProtocol.hs +11/−10
- Makefile +1/−1
- Version.hs +1/−1
- diohsc.cabal +3/−3
ClientSessionManager.hs view
@@ -38,6 +38,7 @@ (\_ -> return Nothing) insert delete+ True where insert sid sd@SessionData{ sessionClientSNI = Just sni } = do now <- timeCurrent@@ -45,7 +46,8 @@ modifyMVar_ sess $ return . Map.insert (sni, fp) (expire,(sid,sd)) . fromAscList . filter (\(_,(t,(_,_))) -> t >= now) . toAscList- insert _ _ = return ()+ return Nothing+ insert _ _ = return Nothing delete sid = modifyMVar_ sess $ return . fromAscList . filter (\(_,(_,(sid',_))) -> sid /= sid') . toAscList
GeminiProtocol.hs view
@@ -214,11 +214,11 @@ , clientShared = def { sharedCAStore = certStore , sharedSessionManager = sessionManager }- , clientEarlyData = Just requestBytes -- ^Send early data (RTT0) if server session allows it+ , clientUseEarlyData = True -- ^Send early data (RTT0) if server session allows it , clientWantSessionResume = session } (sock,context) <- do- let retryNoResume (HandshakeFailed (Error_Protocol (_,_,HandshakeFailure)))+ let retryNoResume (HandshakeFailed (Error_Protocol _ HandshakeFailure)) | isJust session = do -- Work around a mysterious problem seen with dezhemini+libssl: displayWarning [ "Handshake failure when resuming TLS session; retrying with full handshake." ]@@ -229,8 +229,7 @@ sock <- openSocket c <- TLS.contextNew sock params handle retryNoResume $ handshake c >> return (sock,c)- sentEarly <- (== Just True) . (infoIsEarlyDataAccepted <$>) <$> contextGetInformation context- unless sentEarly . sendData context $ BL.fromStrict requestBytes+ sendData context $ BL.fromStrict requestBytes when verboseConnection . void . runMaybeT $ do info <- MaybeT $ contextGetInformation context lift . displayInfo $ [ "TLS version " ++ show (infoVersion info) ++@@ -456,6 +455,8 @@ -- |those ciphers from ciphersuite_default fitting the requirements -- recommended by the gemini "best practices" document: -- require ECDHE/DHE (for PFS), and >=SHA2, and AES/CHACHA20.+ -- Some of these were subsequently commented out once tls-2.0 dropped+ -- support for them. gemini_ciphersuite :: [Cipher] gemini_ciphersuite = [ -- First the PFS + GCM + SHA2 ciphers@@ -463,15 +464,15 @@ , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 , cipher_ECDHE_RSA_AES128GCM_SHA256, cipher_ECDHE_RSA_AES256GCM_SHA384 , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256- , cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES256GCM_SHA384- , cipher_DHE_RSA_CHACHA20POLY1305_SHA256+ --, cipher_DHE_RSA_AES128GCM_SHA256, cipher_DHE_RSA_AES256GCM_SHA384+ --, cipher_DHE_RSA_CHACHA20POLY1305_SHA256 , -- Next the PFS + CCM + SHA2 ciphers cipher_ECDHE_ECDSA_AES128CCM_SHA256, cipher_ECDHE_ECDSA_AES256CCM_SHA256- , cipher_DHE_RSA_AES128CCM_SHA256, cipher_DHE_RSA_AES256CCM_SHA256+ --, cipher_DHE_RSA_AES128CCM_SHA256, cipher_DHE_RSA_AES256CCM_SHA256 -- Next the PFS + CBC + SHA2 ciphers- , cipher_ECDHE_ECDSA_AES128CBC_SHA256, cipher_ECDHE_ECDSA_AES256CBC_SHA384- , cipher_ECDHE_RSA_AES128CBC_SHA256, cipher_ECDHE_RSA_AES256CBC_SHA384- , cipher_DHE_RSA_AES128_SHA256, cipher_DHE_RSA_AES256_SHA256+ --, cipher_ECDHE_ECDSA_AES128CBC_SHA256, cipher_ECDHE_ECDSA_AES256CBC_SHA384+ --, cipher_ECDHE_RSA_AES128CBC_SHA256, cipher_ECDHE_RSA_AES256CBC_SHA384+ --, cipher_DHE_RSA_AES128_SHA256, cipher_DHE_RSA_AES256_SHA256 -- TLS13 (listed at the end but version is negotiated first) , cipher_TLS13_AES128GCM_SHA256 , cipher_TLS13_AES256GCM_SHA384
Makefile view
@@ -1,4 +1,4 @@-VERSION=0.1.14.6+VERSION=0.1.14.7 GHCOPTS=-threaded -DICONV -DMAGIC -ignore-package regex-compat-tdfa
Version.hs view
@@ -16,4 +16,4 @@ programName = "diohsc" version :: String-version = "0.1.14.6"+version = "0.1.14.7"
diohsc.cabal view
@@ -1,6 +1,6 @@ cabal-version: 1.18 name: diohsc-version: 0.1.14.6+version: 0.1.14.7 license: GPL-3 license-file: COPYING maintainer: mbays@sdf.org@@ -104,7 +104,7 @@ mime >=0.4.0.2 && <0.5, mtl >=2.1.3.1 && <2.4, memory >=0.14 && <0.19,- network >=2.4.2.3 && <3.2,+ network >=2.4.2.3 && <3.3, network-simple >=0.4.3 && <0.5, network-uri >=2.6.3.0 && <2.8, parsec >=3.1.5 && <3.2,@@ -116,7 +116,7 @@ temporary ==1.3.*, terminal-size >=0.3.2.1 && <0.4, text >=1.1.0.0 && <2.2,- tls >=1.5.4 && <1.10,+ tls >=1.5.4 && <2.1, transformers >=0.3.0.0 && <0.7, crypton-x509 >=1.7.5 && <1.8, crypton-x509-store >=1.6.7 && <1.7,