packages feed

warp-tls 3.2.3 → 3.2.4

raw patch · 2 files changed

+25/−32 lines, 2 filesdep +tls-session-managerdep ~tls

Dependencies added: tls-session-manager

Dependency ranges changed: tls

Files

Network/Wai/Handler/WarpTLS.hs view
@@ -31,6 +31,7 @@     , tlsWantClientCert     , tlsServerHooks     , tlsServerDHEParams+    , tlsSessionManagerConfig     , onInsecure     , OnInsecure (..)     -- * Runner@@ -60,6 +61,7 @@ import qualified Network.TLS as TLS import qualified Crypto.PubKey.DH as DH import qualified Network.TLS.Extra as TLSExtra+import qualified Network.TLS.SessionManager as SM import Network.Wai (Application) import Network.Wai.Handler.Warp import Network.Wai.Handler.Warp.Internal@@ -102,7 +104,7 @@     -- ^ The TLS ciphers this server accepts.     --     -- >>> tlsCiphers defaultTlsSettings-    -- [ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA1,DHE-RSA-AES128-SHA1,DHE-DSA-AES128-SHA1,DHE-DSA-AES256-SHA1,RSA-aes128-sha1,RSA-aes256-sha1]+    -- [ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1]     --     -- Since 1.4.2   , tlsWantClientCert :: Bool@@ -129,6 +131,15 @@     -- Default: Nothing     --     -- Since 3.2.2+  , tlsSessionManagerConfig :: Maybe SM.Config+    -- ^ Configuration for in-memory TLS session manager.+    -- If Nothing, 'TLS.noSessionManager' is used.+    -- Otherwise, an in-memory TLS session manager is created+    -- according to 'Config'.+    --+    -- Default: Nothing+    --+    -- Since 3.2.4   }  -- | Default 'TLSSettings'. Use this to create 'TLSSettings' with the field record name (aka accessors).@@ -147,24 +158,12 @@   , tlsWantClientCert = False   , tlsServerHooks = def   , tlsServerDHEParams = Nothing+  , tlsSessionManagerConfig = Nothing   }  -- taken from stunnel example in tls-extra ciphers :: [TLS.Cipher]-ciphers =-    [ TLSExtra.cipher_ECDHE_RSA_AES128GCM_SHA256-    , TLSExtra.cipher_ECDHE_RSA_AES128CBC_SHA256-    , TLSExtra.cipher_ECDHE_RSA_AES128CBC_SHA-    , TLSExtra.cipher_DHE_RSA_AES128GCM_SHA256-    , TLSExtra.cipher_DHE_RSA_AES256_SHA256-    , TLSExtra.cipher_DHE_RSA_AES128_SHA256-    , TLSExtra.cipher_DHE_RSA_AES256_SHA1-    , TLSExtra.cipher_DHE_RSA_AES128_SHA1-    , TLSExtra.cipher_DHE_DSS_AES128_SHA1-    , TLSExtra.cipher_DHE_DSS_AES256_SHA1-    , TLSExtra.cipher_AES128_SHA1-    , TLSExtra.cipher_AES256_SHA1-    ]+ciphers = TLSExtra.ciphersuite_strong  ---------------------------------------------------------------- @@ -252,10 +251,13 @@             key <- maybe (S.readFile keyFile) return mkey             either error return $               TLS.credentialLoadX509ChainFromMemory cert chainCertsMemory key-    runTLSSocket' tlsset set credential sock app+    mgr <- case tlsSessionManagerConfig of+      Nothing     -> return TLS.noSessionManager+      Just config -> SM.newSessionManager config+    runTLSSocket' tlsset set credential mgr sock app -runTLSSocket' :: TLSSettings -> Settings -> TLS.Credential -> Socket -> Application -> IO ()-runTLSSocket' tlsset@TLSSettings{..} set credential sock app =+runTLSSocket' :: TLSSettings -> Settings -> TLS.Credential -> TLS.SessionManager -> Socket -> Application -> IO ()+runTLSSocket' tlsset@TLSSettings{..} set credential mgr sock app =     runSettingsConnectionMakerSecure set get app   where     get = getter tlsset sock params@@ -273,20 +275,13 @@           (if settingsHTTP2Enabled set then Just alpn else Nothing)       }     shared = def {-        TLS.sharedCredentials = TLS.Credentials [credential]+        TLS.sharedCredentials    = TLS.Credentials [credential]+      , TLS.sharedSessionManager = mgr       }     supported = def { -- TLS.Supported         TLS.supportedVersions       = tlsAllowedVersions       , TLS.supportedCiphers        = tlsCiphers       , TLS.supportedCompressions   = [TLS.nullCompression]-      , TLS.supportedHashSignatures = [-          -- Safari 8 and go tls have bugs on SHA 512 and SHA 384.-          -- So, we don't specify them here at this moment.-          (TLS.HashSHA256, TLS.SignatureRSA)-        , (TLS.HashSHA224, TLS.SignatureRSA)-        , (TLS.HashSHA1,   TLS.SignatureRSA)-        , (TLS.HashSHA1,   TLS.SignatureDSS)-        ]       , TLS.supportedSecureRenegotiation = True       , TLS.supportedClientInitiatedRenegotiation = False       , TLS.supportedSession             = True@@ -296,9 +291,6 @@ alpn :: [S.ByteString] -> IO S.ByteString alpn xs   | "h2"    `elem` xs = return "h2"-  | "h2-16" `elem` xs = return "h2-16"-  | "h2-15" `elem` xs = return "h2-15"-  | "h2-14" `elem` xs = return "h2-14"   | otherwise         = return "http/1.1"  ----------------------------------------------------------------
warp-tls.cabal view
@@ -1,5 +1,5 @@ Name:                warp-tls-Version:             3.2.3+Version:             3.2.4 Synopsis:            HTTP over TLS support for Warp via the TLS package License:             MIT License-file:        LICENSE@@ -23,10 +23,11 @@                    , wai                           >= 3.2      && < 3.3                    , warp                          >= 3.2.10   && < 3.3                    , data-default-class            >= 0.0.1-                   , tls                           >= 1.3.5+                   , tls                           >= 1.3.10                    , cryptonite                    >= 0.12                    , network                       >= 2.2.1                    , streaming-commons+                   , tls-session-manager   Exposed-modules:   Network.Wai.Handler.WarpTLS   ghc-options:       -Wall