diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,30 @@
+Copyright (c) 2018, Renzo Carbonara <renλren.zone>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+    * Neither the name of Renzo Carbonara nor the names of other
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+# network-simple-wss
+
+Build running `nix-build`.
+
+Secure WebSockets (WSS) in Haskell.
+
+Check the source or rendered Haddocks for extensive documentation.
+
+This code is licensed under the terms of the so called **3-clause BSD
+license**. Read the file named ``LICENSE`` found in this same directory
+for details.
diff --git a/Setup.hs b/Setup.hs
new file mode 100644
--- /dev/null
+++ b/Setup.hs
@@ -0,0 +1,4 @@
+#! /usr/bin/env nix-shell
+#! nix-shell ./shell.nix -i runghc
+import Distribution.Simple
+main = defaultMain
diff --git a/changelog.md b/changelog.md
new file mode 100644
--- /dev/null
+++ b/changelog.md
@@ -0,0 +1,3 @@
+# Version 0.1
+
+* First release.
diff --git a/network-simple-wss.cabal b/network-simple-wss.cabal
new file mode 100644
--- /dev/null
+++ b/network-simple-wss.cabal
@@ -0,0 +1,32 @@
+name: network-simple-wss
+version: 0.1
+synopsis: Simple interface to TLS secured WebSockets.
+description: Simple interface to TLS secured WebSockets.
+homepage: https://github.com/k0001/network-simple-wss
+bug-reports: https://github.com/k0001/network-simple-wss/issues
+license: BSD3
+license-file: LICENSE
+author: Renzo Carbonara
+maintainer: renλren.zone
+copyright: Copyright (c) Renzo Carbonara 2018
+category: Network
+build-type: Simple
+cabal-version: >=1.8
+extra-source-files: README.md changelog.md
+
+source-repository head
+    type: git
+    location: https://github.com/k0001/network-simple-wss
+
+library
+  hs-source-dirs: src
+  exposed-modules: Network.Simple.WSS
+  ghc-options: -Wall -O2
+  build-depends:
+    base >=4.7 && <5.0,
+    bytestring,
+    safe-exceptions,
+    network-simple-tls >=0.3.2,
+    network-simple-ws,
+    websockets
+
diff --git a/src/Network/Simple/WSS.hs b/src/Network/Simple/WSS.hs
new file mode 100644
--- /dev/null
+++ b/src/Network/Simple/WSS.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE StrictData #-}
+
+-- | Simple tools for establishing and using Secure WebSockets connections on
+-- top of TLS (i.e, @wss:\/\/@).
+--
+-- See the
+-- [network-simple-ws](https://hackage.haskell.org/package/network-simple-ws)
+-- package for insecure WebSockets (i.e, @ws:\/\/@) support.
+--
+-- Notice that, currently, this is package offers tools that are mostly
+-- intreresting from a client's point of view. Server side support will come
+-- later.
+module Network.Simple.WSS
+ ( W.Connection
+ , WS.send
+ , WS.recv
+   -- * Client side
+ , connect
+ , connectOverSOCKS5
+   -- * Low level
+ , streamFromContext
+ ) where
+
+
+import Control.Monad.IO.Class (MonadIO, liftIO)
+import qualified Control.Exception.Safe as Ex
+import qualified Data.ByteString as B
+import Data.Foldable (traverse_)
+
+import qualified Network.Simple.TCP.TLS as T
+import qualified Network.Simple.WS as WS
+import qualified Network.WebSockets as W
+import qualified Network.WebSockets.Stream as W (Stream, makeStream, close)
+
+--------------------------------------------------------------------------------
+
+-- | Connect to the specified Secure WebSockets server.
+connect
+  :: (MonadIO m, Ex.MonadMask m)
+  => T.ClientSettings  -- ^ TLS settings.
+  -> T.HostName
+  -- ^ Secure WebSockets server host name (e.g., @\"www.example.com\"@ or IP
+  -- address).
+  -> T.ServiceName
+  -- ^ Secure WebSockets server port (e.g., @\"443\"@ or @\"www\"@).
+  -> B.ByteString
+  -- ^ Secure WebSockets resource (e.g., @\"/foo\/qux?bar=wat&baz\"@).
+  --
+  -- Leading @\'\/\'@ is optional.
+  -> [(B.ByteString, B.ByteString)]
+  -- ^ Extra HTTP Headers
+  -- (e.g., @[(\"Authorization\", \"Basic dXNlcjpwYXNzd29yZA==\")]@).
+  -> ((W.Connection, T.SockAddr) -> m r)
+  -- ^ Computation to run after establishing a Secure WebSockets to the remote
+  -- server. Takes the WebSockets connection and remote end address.
+  -> m r
+connect cs hn sn res hds act = do
+  T.connect cs hn sn $ \(ctx, saddr) -> do
+     Ex.bracket (streamFromContext ctx) (liftIO . W.close) $ \stream -> do
+        conn <- WS.clientConnectionFromStream stream hn sn res hds
+        liftIO (W.forkPingThread conn 30)
+        act (conn, saddr)
+
+-- | Like 'connect', but connects to the destination server through a SOCKS5
+-- proxy.
+connectOverSOCKS5
+  :: (MonadIO m, Ex.MonadMask m)
+  => T.HostName -- ^ SOCKS5 proxy server hostname or IP address.
+  -> T.ServiceName -- ^ SOCKS5 proxy server service port name or number.
+  -> T.ClientSettings -- ^ TLS settings.
+  -> T.HostName
+  -- ^ Destination Secure WebSockets server hostname or IP address. We connect
+  -- to this host /through/ the SOCKS5 proxy specified in the previous
+  -- arguments.
+  --
+  -- Note that if hostname resolution on this 'T.HostName' is necessary, it
+  -- will happen on the proxy side for security reasons, not locally.
+  -> T.ServiceName
+  -- ^ Destination Secure WebSockets server port (e.g., @\"443\"@ or @\"www\"@).
+  -> B.ByteString
+  -- ^ WebSockets resource (e.g., @\"/foo\/qux?bar=wat&baz\"@).
+  --
+  -- Leading @\'\/\'@ is optional.
+  -> [(B.ByteString, B.ByteString)]
+  -- ^ Extra HTTP Headers
+  -- (e.g., @[(\"Authorization\", \"Basic dXNlcjpwYXNzd29yZA==\")]@).
+  -> ((W.Connection, T.SockAddr, T.SockAddr) -> m r)
+  -- ^ Computation taking a 'W.Connection' for communicating with the
+  -- destination Secure WebSockets server through the SOCKS5 server, the address
+  -- of that SOCKS5 server, and the address of the destination WebSockets
+  -- server, in that order.
+ -> m r
+connectOverSOCKS5 phn psn tcs dhn dsn res hds act = do
+  T.connectOverSOCKS5 phn psn tcs dhn dsn $ \(ctx, pa, da) -> do
+    Ex.bracket (streamFromContext ctx) (liftIO . W.close) $ \stream -> do
+      conn <- WS.clientConnectionFromStream stream dhn dsn res hds
+      liftIO (W.forkPingThread conn 30)
+      act (conn, pa, da)
+
+-- | Obtain a 'W.Stream' implemented using the given TLS 'T.Context'. You can
+-- use the
+-- [network-simple-tls](https://hackage.haskell.org/package/network-simple-tls)
+-- library to get one of those.
+streamFromContext :: MonadIO m => T.Context -> m W.Stream
+streamFromContext ctx = liftIO $ do
+  W.makeStream (T.recv ctx) (traverse_ (T.sendLazy ctx))
+
