tls 2.0.5 → 2.0.6
raw patch · 6 files changed
+26/−32 lines, 6 filesdep ~data-default-class
Dependency ranges changed: data-default-class
Files
- CHANGELOG.md +10/−0
- Network/TLS/Extra/Cipher.hs +2/−20
- Network/TLS/Parameters.hs +2/−1
- tls.cabal +2/−2
- util/tls-client.hs +1/−3
- util/tls-server.hs +9/−6
CHANGELOG.md view
@@ -1,3 +1,13 @@+## Version 2.0.6++* Setting `supportedCiphers` in `defaultSupported` to `ciphersuite_default`.+ So, users don't have to override this value anymore by exporting+ `Network.TLS.Extra.Cipher`.+ [#471](https://github.com/haskell-tls/hs-tls/pull/471)+* `ciphersuite_default` is the same as `ciphersuite_strong`.+ So, the duplicated definition is removed.+* Add missing modules for util/tls-client and util/tls-server.+ ## Version 2.0.5 * Fixing handshake13_0rtt_fallback
Network/TLS/Extra/Cipher.hs view
@@ -196,30 +196,12 @@ -- hardware-acceleration support. If this dynamic runtime behavior is not -- desired, use 'ciphersuite_default_det' instead. ciphersuite_default :: [Cipher]-ciphersuite_default = sortOptimized sets_default+ciphersuite_default = ciphersuite_strong -- | Same as 'ciphersuite_default', but using deterministic preference not -- influenced by the CPU. ciphersuite_default_det :: [Cipher]-ciphersuite_default_det = sortDeterministic sets_default--sets_default :: [CipherSet]-sets_default =- [ -- First the PFS + GCM + SHA2 ciphers- SetAead- [cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES256GCM_SHA384]- [cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256]- [cipher_ECDHE_ECDSA_AES128CCM_SHA256, cipher_ECDHE_ECDSA_AES256CCM_SHA256]- , SetAead- [cipher_ECDHE_RSA_AES128GCM_SHA256, cipher_ECDHE_RSA_AES256GCM_SHA384]- [cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256]- []- , -- TLS13 (listed at the end but version is negotiated first)- SetAead- [cipher_TLS13_AES128GCM_SHA256, cipher_TLS13_AES256GCM_SHA384]- [cipher_TLS13_CHACHA20POLY1305_SHA256]- [cipher_TLS13_AES128CCM_SHA256]- ]+ciphersuite_default_det = ciphersuite_strong_det ----------------------------------------------------------------
Network/TLS/Parameters.hs view
@@ -28,6 +28,7 @@ import Network.TLS.Credentials import Network.TLS.Crypto import Network.TLS.Extension+import Network.TLS.Extra.Cipher import Network.TLS.Imports import Network.TLS.Measurement import Network.TLS.RNG (Seed)@@ -331,7 +332,7 @@ defaultSupported = Supported { supportedVersions = [TLS13, TLS12]- , supportedCiphers = []+ , supportedCiphers = ciphersuite_default , supportedCompressions = [nullCompression] , supportedHashSignatures = Struct.supportedSignatureSchemes , supportedSecureRenegotiation = True
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: tls-version: 2.0.5+version: 2.0.6 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>@@ -118,7 +118,7 @@ base16-bytestring, bytestring >= 0.10 && < 0.13, cereal >= 0.5.3 && < 0.6,- crypton >= 0.34 && < 0.35,+ crypton >= 0.34, crypton-x509 >= 1.7 && < 1.8, crypton-x509-store >= 1.6 && < 1.7, crypton-x509-validation >= 1.6.5 && < 1.7,
util/tls-client.hs view
@@ -12,7 +12,6 @@ import Network.Run.TCP import Network.Socket import Network.TLS-import Network.TLS.Extra.Cipher import System.Console.GetOpt import System.Environment import System.Exit@@ -293,8 +292,7 @@ } supported = def- { supportedCiphers = ciphersuite_strong- , supportedVersions = vers+ { supportedVersions = vers , supportedGroups = groups } hooks =
util/tls-server.hs view
@@ -10,7 +10,6 @@ import qualified Data.Map.Strict as M import Network.Run.TCP import Network.TLS-import Network.TLS.Extra.Cipher import System.Console.GetOpt import System.Environment (getArgs) import System.Exit@@ -37,7 +36,8 @@ { optDebugLog = False , optShow = False , optKeyLogFile = Nothing- , optGroups = []+ , -- excluding FFDHE8192 for retry+ optGroups = [X25519, X448, P256, P521] , optCertFile = "servercert.pem" , optKeyFile = "serverkey.pem" }@@ -99,12 +99,15 @@ (host, port) <- case ips of [h, p] -> return (h, p) _ -> showUsageAndExit "cannot recognize <addr> and <port>\n"+ when (null optGroups) $ do+ putStrLn "Error: unsupported groups"+ exitFailure smgr <- newSessionManager Right cred@(!_cc, !_priv) <- credentialLoadX509 optCertFile optKeyFile let keyLog = getLogger optKeyLogFile creds = Credentials [cred] runTCPServer (Just host) port $ \sock -> do- let sparams = getServerParams creds smgr keyLog+ let sparams = getServerParams creds optGroups smgr keyLog E.bracket (contextNew sock sparams) bye $ \ctx -> do handshake ctx when (optDebugLog || optShow) $ putStrLn "------------------------"@@ -114,10 +117,11 @@ getServerParams :: Credentials+ -> [Group] -> SessionManager -> (String -> IO ()) -> ServerParams-getServerParams creds sm keyLog =+getServerParams creds groups sm keyLog = def { serverSupported = supported , serverShared = shared@@ -133,8 +137,7 @@ } supported = def- { supportedCiphers = ciphersuite_strong- , supportedGroups = [X25519, X448, P256, P521]+ { supportedGroups = groups } hooks = def{onALPNClientSuggest = Just chooseALPN} debug = def{debugKeyLogger = keyLog}