warp-tls 3.0.1.3 → 3.0.1.4
raw patch · 3 files changed
+44/−10 lines, 3 filesdep ~tls
Dependency ranges changed: tls
Files
- ChangeLog.md +4/−0
- Network/Wai/Handler/WarpTLS.hs +38/−8
- warp-tls.cabal +2/−2
ChangeLog.md view
@@ -1,3 +1,7 @@+## 3.0.1.4++Add additional Diffie-Hellman RSA and DSA ciphers to warp-tls.+ ## 3.0.1.3 [Unable to allow insecure connections with warp-tls #324](https://github.com/yesodweb/wai/issues/324)
Network/Wai/Handler/WarpTLS.hs view
@@ -99,7 +99,16 @@ -- taken from stunnel example in tls-extra ciphers :: [TLS.Cipher] ciphers =- [ TLSExtra.cipher_AES128_SHA1+ [ TLSExtra.cipher_ECDHE_RSA_AES128GCM_SHA256+ , TLSExtra.cipher_DHE_RSA_AES128GCM_SHA256+ , TLSExtra.cipher_DHE_RSA_AES256_SHA256+ , TLSExtra.cipher_DHE_RSA_AES128_SHA256+ , TLSExtra.cipher_DHE_RSA_AES256_SHA1+ , TLSExtra.cipher_DHE_RSA_AES128_SHA1+ , TLSExtra.cipher_DHE_DSS_AES128_SHA1+ , TLSExtra.cipher_DHE_DSS_AES256_SHA1+ , TLSExtra.cipher_DHE_DSS_RC4_SHA1+ , TLSExtra.cipher_AES128_SHA1 , TLSExtra.cipher_AES256_SHA1 , TLSExtra.cipher_RC4_128_MD5 , TLSExtra.cipher_RC4_128_SHA1@@ -173,17 +182,17 @@ } , TLS.serverShared = def { TLS.sharedCredentials = TLS.Credentials [credential]- }+ } } ---------------------------------------------------------------- -getter :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (IO (Connection, Bool), SockAddr)+getter :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (IO (Connection, Transport), SockAddr) getter tlsset@TLSSettings{..} sock params = do (s, sa) <- acceptSafe sock return (mkConn tlsset s params, sa) -mkConn :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (Connection, Bool)+mkConn :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO (Connection, Transport) mkConn tlsset s params = do firstBS <- safeRecv s 4096 cachedRef <- I.newIORef firstBS@@ -194,7 +203,7 @@ ---------------------------------------------------------------- -httpOverTls :: TLS.TLSParams params => TLSSettings -> Socket -> I.IORef B.ByteString -> params -> IO (Connection, Bool)+httpOverTls :: TLS.TLSParams params => TLSSettings -> Socket -> I.IORef B.ByteString -> params -> IO (Connection, Transport) httpOverTls TLSSettings{..} s cachedRef params = do gen <- Crypto.Random.AESCtr.makeSystem ctx <- TLS.contextNew backend params gen@@ -202,7 +211,8 @@ TLS.handshake ctx readBuf <- allocateBuffer bufferSize writeBuf <- allocateBuffer bufferSize- return (conn ctx readBuf writeBuf, True)+ tls <- getTLSinfo ctx+ return (conn ctx readBuf writeBuf, tls) where backend = TLS.Backend { TLS.backendFlush = return ()@@ -254,19 +264,39 @@ else return x +getTLSinfo :: TLS.Context -> IO Transport+getTLSinfo ctx = do+ proto <- TLS.getNegotiatedProtocol ctx+ minfo <- TLS.contextGetInformation ctx+ case minfo of+ Nothing -> return TCP+ Just TLS.Information{..} -> do+ let (major, minor) = case infoVersion of+ TLS.SSL2 -> (2,0)+ TLS.SSL3 -> (3,0)+ TLS.TLS10 -> (3,1)+ TLS.TLS11 -> (3,2)+ TLS.TLS12 -> (3,3)+ return TLS {+ tlsMajorVersion = major+ , tlsMinorVersion = minor+ , tlsNegotiatedProtocol = proto+ , tlsChiperID = TLS.cipherID infoCipher+ }+ tryIO :: IO a -> IO (Either IOException a) tryIO = try ---------------------------------------------------------------- -plainHTTP :: TLSSettings -> Socket -> I.IORef B.ByteString -> IO (Connection, Bool)+plainHTTP :: TLSSettings -> Socket -> I.IORef B.ByteString -> IO (Connection, Transport) plainHTTP TLSSettings{..} s cachedRef = case onInsecure of AllowInsecure -> do conn' <- socketConnection s let conn'' = conn' { connRecv = recvPlain cachedRef (connRecv conn') }- return (conn'', False)+ return (conn'', TCP) DenyInsecure lbs -> do sendAll s "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n" mapM_ (sendAll s) $ L.toChunks lbs
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name: warp-tls-Version: 3.0.1.3+Version: 3.0.1.4 Synopsis: HTTP over SSL/TLS support for Warp via the TLS package License: MIT License-file: LICENSE@@ -19,7 +19,7 @@ , wai >= 3.0 && < 3.1 , warp >= 3.0 && < 3.1 , data-default-class >= 0.0.1- , tls >= 1.2.1+ , tls >= 1.2.16 , network >= 2.2.1 , cprng-aes >= 0.5.0 , streaming-commons