Popularity

9.8

Stable

Activity

9.6

Stars 401

Watchers 23

Forks 90

Last Commit 3 days ago

Monthly Downloads: 1,133

Programming language: Haskell

License: GNU General Public License v3.0 or later

Tags: Network Tls

Latest version: v1.5.4

tls alternatives and similar packages

Based on the "Network" category.
Alternatively, view tls alternatives based on common mentions on social networks and blogs.

haskoin

9.8 5.7 tls VS haskoin

Haskoin Core is a Bitcoin and Bitcoin Cash library
gogol

9.7 2.8 tls VS gogol

A comprehensive Google Services SDK for Haskell.

WorkOS - The modern identity platform for B2B SaaS

The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

Promo workos.com

prometheus-client

9.3 5.9 tls VS prometheus-client

Haskell client library for exposing prometheus.io metrics.
connection

9.2 0.0 tls VS connection

DISCONTINUED. simple client connection library in haskell with builtin features: SSL/TLS, SOCKS, session management.
curl

9.0 0.0 tls VS curl

A Haskell binding to the curl library
network-hans

8.9 0.0 tls VS network-hans

HaNS <-> Network Shims for easier porting to HaNS and the HaLVM
riak

8.8 0.0 tls VS riak

A fast Haskell client library for the Riak decentralized data store
libssh2

8.7 3.3 tls VS libssh2

LibSSH2 FFI bindings for Haskell
json-rpc

8.0 4.1 tls VS json-rpc

Fully-featured JSON-RPC 2.0 library for Haskell programs
pcap

8.0 0.0 tls VS pcap

Haskell bindings for the pcap library, which provides a low level interface to packet capture systems.
glue

7.8 0.0 tls VS glue

Building Better Services And Clients
pusher-http-haskell

7.6 5.1 tls VS pusher-http-haskell

Pusher Channels Haskell HTTP Library
api-builder

7.6 0.0 tls VS api-builder

library for building JSON API wrappers in haskell
helics

6.7 0.0 tls VS helics

New Relic® agent SDK wrapper for Haskell
pagerduty

6.7 0.0 tls VS pagerduty

Haskell PagerDuty API Client
tcp-streams

5.9 0.0 tls VS tcp-streams

One stop solution for tcp client and server with tls support.
download

5.8 0.0 L2 tls VS download

High level download interface for Haskell
udbus

5.4 0.0 tls VS udbus

DISCONTINUED. Small Haskell DBus implementation
hs-twitterarchiver

5.1 0.0 tls VS hs-twitterarchiver

Commandline Twitter feed archiver
Dust-tools

5.0 0.0 tls VS Dust-tools

A set of tools for exploring network filtering
peyotls

5.0 0.0 tls VS peyotls

Pretty Easy YOshikuni-made TLS library
memcache-conduit

5.0 0.0 tls VS memcache-conduit

Conduit library for memcache procotol
fluent-logger

5.0 0.0 tls VS fluent-logger

A structured logger for Fluentd (Haskell)
mcpi

4.4 0.0 tls VS mcpi

Haskell interface to MineCraft-Pi
linode-v4

3.6 0.0 tls VS linode-v4

Haskell wrapper for the Linode v4 API
kafka-client

2.9 0.0 tls VS kafka-client

DISCONTINUED. Low-level Haskell client library for Apache Kafka 0.7.
hsdns-cache

1.6 0.0 tls VS hsdns-cache

Caching asynchronous DNS resolver

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of tls or a related project?

Add another 'Network' Package

Popular Comparisons

README

haskell TLS

This library provides native Haskell TLS and SSL protocol implementation for server and client.

Description

This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Features

tiny codebase (more than 20 times smaller than OpenSSL, and 10 times smaller than gnuTLS)
client certificates
permissive license: BSD3
supported versions: SSL3, TLS1.0, TLS1.1, TLS1.2, TLS1.3
key exchange supported: RSA, DHE-RSA, DHE-DSS, ECDHE-RSA, ECDHE-ECDSA
diffie-hellman groups: finite fields, elliptic curves P-256, P-384, P-521, X25519, X448
bulk algorithm supported: any stream or block ciphers
supported extensions: secure renegotiation, application-layer protocol negotiation, extended master secret, server name indication

Common Issues

The tools mentioned below are all available from the tls-debug package.

Certificate issues

It's useful to run the following command, which will connect to the destination and retrieve the certificate chained used.

tls-retrievecertificate <destination> <port> --chain --verify

As an output it will print every certificate in the chain and will give the issuer and subjects of each. It creates a chain where issuer of certificate is the subject of the next certificate part of the chain:

(subject #1, issuer #2) -> (subject #2, issuer #3) -> (subject #3, issuer #3)

A "CA is unknown" error indicates that your system doesn't have a certificate in the trusted store belonging to any of the node of the chain.

You can list the certificates available on your system, as detected by tls running the following command (from the x509-util package):

x509-util system

If this command return 0 certificates, it's likely that you don't have any certificates installed, or that your system is storing certificates in an un-expected place. All TLS operations will result in "CA is unknown" errors.

Usage of `tls-simpleclient`

tls-simpleclient takes a server name and optionally a port number then generates HTTP/1.1 GET.

--tls13: enabling TLS 1.3
-v: verbose mode to tell TLS 1.3 handshake mode
-O : logging received HTML to the file
--http1.1: ensuring that HTTP/1.1 is used instead of HTTP/1.0
--no-valid: skipping verification of a server certificate

TLS 1.3 full negotiation

Specify -g x25519 to not trigger HelloRetryRequest.

% tls-simpleclient --tls13 -v --no-valid -O html-log.txt --http1.1 -g x25519 127.0.0.1 443
sending query:
GET / HTTP/1.1
Host: 127.0.0.1



version: TLS13
cipher: AES128GCM-SHA256
compression: 0
group: X25519
handshake emode: FullHandshake
early data accepted: False
server name indication: 127.0.0.1

TLS 1.3 HelloRetryRequest (HRR)

The first value of -g is used for key-share. To trigger HRR, add in first position a value which will not be accepted by the server, for example use ffdhe2048,x25519,p256.

% tls-simpleclient --tls13 -v --no-valid -O html-log.txt --http1.1 -g ffdhe2048,x25519,p256 127.0.0.1 443
sending query:
GET / HTTP/1.1
Host: 127.0.0.1



version: TLS13
cipher: AES128GCM-SHA256
compression: 0
group: X25519
handshake emode: HelloRetryRequest
early data accepted: False
server name indication: 127.0.0.1

Pre-Shared Key

Specify --session. The client stores a ticket in the memory and tries to make a new connection with the ticket. Note that a proper keyshare is selected on the second try to avoid HRR.

% tls-simpleclient --tls13 -v --no-valid -O html-log.txt --http1.1 --session 127.0.0.1 443
sending query:
GET / HTTP/1.1
Host: 127.0.0.1



version: TLS13
cipher: AES128GCM-SHA256
compression: 0
group: X25519
handshake emode: HelloRetryRequest
early data accepted: False
server name indication: 127.0.0.1

Resuming the session...
sending query:
GET / HTTP/1.1
Host: 127.0.0.1



version: TLS13
cipher: AES128GCM-SHA256
compression: 0
group: X25519
handshake emode: PreSharedKey
early data accepted: False
server name indication: 127.0.0.1

0RTT

Use -Z to specify a file containing early-data. "0RTT is accepted" indicates that 0RTT is succeded.

% cat early-data.txt
GET / HTTP/1.1
Host: 127.0.0.1

% tls-simpleclient --tls13 -v --no-valid -O html-log.txt --http1.1 --session -Z early-data.txt 127.0.0.1 443
sending query:
GET / HTTP/1.1
Host: 127.0.0.1



version: TLS13
cipher: AES128GCM-SHA256
compression: 0
group: X25519
handshake emode: HelloRetryRequest
early data accepted: False
server name indication: 127.0.0.1

Resuming the session...
sending query:
GET / HTTP/1.1
Host: 127.0.0.1



version: TLS13
cipher: AES128GCM-SHA256
compression: 0
group: X25519
handshake emode: RTT0
early data accepted: True
server name indication: 127.0.0.1

*Note that all licence references and agreements mentioned in the tls README section above are relevant to that project's source code only.

tls

TLS/SSL implementation in haskell