packages feed

tls 2.0.5 → 2.0.6

raw patch · 6 files changed

+26/−32 lines, 6 filesdep ~data-default-class

Dependency ranges changed: data-default-class

Files

CHANGELOG.md view
@@ -1,3 +1,13 @@+## Version 2.0.6++* Setting `supportedCiphers` in `defaultSupported` to `ciphersuite_default`.+  So, users don't have to override this value anymore by exporting+  `Network.TLS.Extra.Cipher`.+  [#471](https://github.com/haskell-tls/hs-tls/pull/471)+* `ciphersuite_default` is the same as `ciphersuite_strong`.+  So, the duplicated definition is removed.+* Add missing modules for util/tls-client and util/tls-server.+ ## Version 2.0.5  * Fixing handshake13_0rtt_fallback
Network/TLS/Extra/Cipher.hs view
@@ -196,30 +196,12 @@ -- hardware-acceleration support.  If this dynamic runtime behavior is not -- desired, use 'ciphersuite_default_det' instead. ciphersuite_default :: [Cipher]-ciphersuite_default = sortOptimized sets_default+ciphersuite_default = ciphersuite_strong  -- | Same as 'ciphersuite_default', but using deterministic preference not -- influenced by the CPU. ciphersuite_default_det :: [Cipher]-ciphersuite_default_det = sortDeterministic sets_default--sets_default :: [CipherSet]-sets_default =-    [ -- First the PFS + GCM + SHA2 ciphers-      SetAead-        [cipher_ECDHE_ECDSA_AES128GCM_SHA256, cipher_ECDHE_ECDSA_AES256GCM_SHA384]-        [cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256]-        [cipher_ECDHE_ECDSA_AES128CCM_SHA256, cipher_ECDHE_ECDSA_AES256CCM_SHA256]-    , SetAead-        [cipher_ECDHE_RSA_AES128GCM_SHA256, cipher_ECDHE_RSA_AES256GCM_SHA384]-        [cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256]-        []-    , -- TLS13 (listed at the end but version is negotiated first)-      SetAead-        [cipher_TLS13_AES128GCM_SHA256, cipher_TLS13_AES256GCM_SHA384]-        [cipher_TLS13_CHACHA20POLY1305_SHA256]-        [cipher_TLS13_AES128CCM_SHA256]-    ]+ciphersuite_default_det = ciphersuite_strong_det  ---------------------------------------------------------------- 
Network/TLS/Parameters.hs view
@@ -28,6 +28,7 @@ import Network.TLS.Credentials import Network.TLS.Crypto import Network.TLS.Extension+import Network.TLS.Extra.Cipher import Network.TLS.Imports import Network.TLS.Measurement import Network.TLS.RNG (Seed)@@ -331,7 +332,7 @@ defaultSupported =     Supported         { supportedVersions = [TLS13, TLS12]-        , supportedCiphers = []+        , supportedCiphers = ciphersuite_default         , supportedCompressions = [nullCompression]         , supportedHashSignatures = Struct.supportedSignatureSchemes         , supportedSecureRenegotiation = True
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version:      >=1.10 name:               tls-version:            2.0.5+version:            2.0.6 license:            BSD3 license-file:       LICENSE copyright:          Vincent Hanquez <vincent@snarc.org>@@ -118,7 +118,7 @@         base16-bytestring,         bytestring >= 0.10 && < 0.13,         cereal >= 0.5.3 && < 0.6,-        crypton >= 0.34 && < 0.35,+        crypton >= 0.34,         crypton-x509 >= 1.7 && < 1.8,         crypton-x509-store >= 1.6 && < 1.7,         crypton-x509-validation >= 1.6.5 && < 1.7,
util/tls-client.hs view
@@ -12,7 +12,6 @@ import Network.Run.TCP import Network.Socket import Network.TLS-import Network.TLS.Extra.Cipher import System.Console.GetOpt import System.Environment import System.Exit@@ -293,8 +292,7 @@             }     supported =         def-            { supportedCiphers = ciphersuite_strong-            , supportedVersions = vers+            { supportedVersions = vers             , supportedGroups = groups             }     hooks =
util/tls-server.hs view
@@ -10,7 +10,6 @@ import qualified Data.Map.Strict as M import Network.Run.TCP import Network.TLS-import Network.TLS.Extra.Cipher import System.Console.GetOpt import System.Environment (getArgs) import System.Exit@@ -37,7 +36,8 @@         { optDebugLog = False         , optShow = False         , optKeyLogFile = Nothing-        , optGroups = []+        , -- excluding FFDHE8192 for retry+          optGroups = [X25519, X448, P256, P521]         , optCertFile = "servercert.pem"         , optKeyFile = "serverkey.pem"         }@@ -99,12 +99,15 @@     (host, port) <- case ips of         [h, p] -> return (h, p)         _ -> showUsageAndExit "cannot recognize <addr> and <port>\n"+    when (null optGroups) $ do+        putStrLn "Error: unsupported groups"+        exitFailure     smgr <- newSessionManager     Right cred@(!_cc, !_priv) <- credentialLoadX509 optCertFile optKeyFile     let keyLog = getLogger optKeyLogFile         creds = Credentials [cred]     runTCPServer (Just host) port $ \sock -> do-        let sparams = getServerParams creds smgr keyLog+        let sparams = getServerParams creds optGroups smgr keyLog         E.bracket (contextNew sock sparams) bye $ \ctx -> do             handshake ctx             when (optDebugLog || optShow) $ putStrLn "------------------------"@@ -114,10 +117,11 @@  getServerParams     :: Credentials+    -> [Group]     -> SessionManager     -> (String -> IO ())     -> ServerParams-getServerParams creds sm keyLog =+getServerParams creds groups sm keyLog =     def         { serverSupported = supported         , serverShared = shared@@ -133,8 +137,7 @@             }     supported =         def-            { supportedCiphers = ciphersuite_strong-            , supportedGroups = [X25519, X448, P256, P521]+            { supportedGroups = groups             }     hooks = def{onALPNClientSuggest = Just chooseALPN}     debug = def{debugKeyLogger = keyLog}