package tls

  1. Overview
  2. Docs
val src : Logs.src
module Log : Logs.LOG
val trace_cipher : [< `TLS_AES_128_CCM_SHA256 | `TLS_AES_128_GCM_SHA256 | `TLS_AES_256_GCM_SHA384 | `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> unit
val empty : 'a list -> bool
val change_cipher_spec : Packet.content_type * Cstruct.t
val host_name_opt : string option -> [ `host ] Domain_name.t option
val hostname : Core.client_hello -> [ `host ] Domain_name.t option
val find_matching : [ `host ] Domain_name.t -> (X509.Certificate.t list * 'a) list -> (X509.Certificate.t list * 'a) option
val agreed_cert : [> `Multiple of (X509.Certificate.t list * 'a) list | `Multiple_default of (X509.Certificate.t list * 'a) * (X509.Certificate.t list * 'a) list | `None | `Single of X509.Certificate.t list * 'a ] -> [ `host ] Domain_name.t option -> (X509.Certificate.t list * 'a) State.t
val get_secure_renegotiation : [> `SecureRenegotiation of 'a ] list -> 'a option
val get_alpn_protocols : Core.client_hello -> string list option
val alpn_protocol : Config.config -> Core.client_hello -> string option State.t
val get_alpn_protocol : Core.server_hello -> string option
val empty_common_session_data : State.common_session_data
val empty_session : State.session_data
val session_of_epoch : Core.epoch_data -> State.session_data
val supported_protocol_version : ([< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] * [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]) -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] as 'a -> 'a option
val to_client_ext_type : [< `ALPN of 'a | `Cookie of 'b | `Draft of 'c | `ECPointFormats of 'd | `EarlyDataIndication | `ExtendedMasterSecret | `Hostname of 'e | `KeyShare of 'f | `MaxFragmentLength of 'g | `Padding of 'h | `PostHandshakeAuthentication | `PreSharedKeys of 'i | `PskKeyExchangeModes of 'j | `SecureRenegotiation of 'k | `SignatureAlgorithms of 'l | `SupportedGroups of 'm | `SupportedVersions of 'n | `UnknownExtension of 'o ] -> [> `ALPN | `Cookie | `Draft | `ECPointFormats | `EarlyDataIndication | `ExtendedMasterSecret | `Hostname | `KeyShare | `MaxFragmentLength | `Padding | `PostHandshakeAuthentication | `PreSharedKey | `PskKeyExchangeMode | `SecureRenegotiation | `SignatureAlgorithms | `SupportedGroups | `SupportedVersion | `UnknownExtension ]
val to_server_ext_type : [< `ALPN of 'a | `Draft of 'b | `ECPointFormats of 'c | `EarlyDataIndication | `ExtendedMasterSecret | `Hostname | `KeyShare of 'd | `MaxFragmentLength of 'e | `PreSharedKey of 'f | `SecureRenegotiation of 'g | `SelectedVersion of 'h | `UnknownExtension of 'i ] -> [> `ALPN | `Draft | `ECPointFormats | `EarlyDataIndication | `ExtendedMasterSecret | `Hostname | `KeyShare | `MaxFragmentLength | `PreSharedKey | `SecureRenegotiation | `SupportedVersion | `UnknownExtension ]
val extension_types : ('a -> [> `UnknownExtension ] as 'b) -> 'a list -> 'b list
val server_exts_subset_of_client : [< `ALPN of 'a | `Draft of 'b | `ECPointFormats of 'c | `EarlyDataIndication | `ExtendedMasterSecret | `Hostname | `KeyShare of 'd | `MaxFragmentLength of 'e | `PreSharedKey of 'f | `SecureRenegotiation of 'g | `SelectedVersion of 'h | `UnknownExtension of 'i ] list -> [< `ALPN of 'j | `Cookie of 'k | `Draft of 'l | `ECPointFormats of 'm | `EarlyDataIndication | `ExtendedMasterSecret | `Hostname of 'n | `KeyShare of 'o | `MaxFragmentLength of 'p | `Padding of 'q | `PostHandshakeAuthentication | `PreSharedKeys of 'r | `PskKeyExchangeModes of 's | `SecureRenegotiation of 't | `SignatureAlgorithms of 'u | `SupportedGroups of 'v | `SupportedVersions of 'w | `UnknownExtension of 'x ] list -> bool
module Group : sig ... end
module GroupSet : sig ... end
val of_list : GroupSet.elt list -> GroupSet.t
val client_hello_valid : [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] -> Core.client_hello -> [> `Error of [> `EmptyCiphersuites | `HasSignatureAlgorithmsExtension | `NoGoodSignatureAlgorithms of Core.signature_algorithm list | `NoKeyShareExtension | `NoSignatureAlgorithmsExtension | `NoSupportedCiphersuite of Packet.any_ciphersuite list | `NoSupportedGroupExtension | `NotSetExtension of Core.client_extension list | `NotSetKeyShare of (Packet.named_group * Cstruct_sexp.t) list | `NotSetSupportedGroup of Packet.named_group list | `NotSubsetKeyShareSupportedGroup of Packet.named_group list * (Packet.named_group * Cstruct_sexp.t) list ] | `Ok ]
val server_hello_valid : Core.server_hello -> bool
val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t
val to_sign_1_3 : string option -> Cstruct.t
val signature : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> ?context_string:string -> Cstruct.t -> Core.signature_algorithm list option -> Core.signature_algorithm list -> Mirage_crypto_pk.Rsa.priv -> Cstruct.t State.t
val verify_digitally_signed : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> ?context_string:string -> Core.signature_algorithm list -> Cstruct.t -> Cstruct.t -> X509.Certificate.t option -> unit State.t
val validate_chain : (host:'a -> X509.Certificate.t list -> (('b list * 'c) option, State.V_err.t) result) option -> Cstruct.t list -> 'a -> (X509.Certificate.t option * X509.Certificate.t list * 'b list * 'c option) State.t
val output_key_update : request:bool -> State.state -> (State.state * (Packet.content_type * Cstruct.t)) State.t
OCaml

Innovation. Community. Security.