Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

explicitly documented default values. #408

Closed
wants to merge 1 commit into from
Closed

explicitly documented default values. #408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 124 additions & 18 deletions core/Network/TLS/Parameters.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,21 @@ data DebugParams = DebugParams
-- | Disable the true randomness in favor of deterministic seed that will produce
-- a deterministic random from. This is useful for tests and debugging purpose.
-- Do not use in production
--
-- Default: 'Nothing'
debugSeed :: Maybe Seed
-- | Add a way to print the seed that was randomly generated. re-using the same seed
-- will reproduce the same randomness with 'debugSeed'
--
-- Default: no printing
, debugPrintSeed :: Seed -> IO ()
-- | Force to choose this version in the server side.
--
-- Default: 'Nothing'
, debugVersionForced :: Maybe Version
-- | Printing master keys. The default is no printing.
-- | Printing master keys.
--
-- Default: no printing
, debugKeyLogger :: String -> IO ()
}

Expand All @@ -76,7 +84,10 @@ instance Default DebugParams where
def = defaultDebugParams

data ClientParams = ClientParams
{ clientUseMaxFragmentLength :: Maybe MaxFragmentEnum
{ -- |
--
-- Default: 'Nothing'
clientUseMaxFragmentLength :: Maybe MaxFragmentEnum
-- | Define the name of the server, along with an extra service identification blob.
-- this is important that the hostname part is properly filled for security reason,
-- as it allow to properly associate the remote side with the given certificate
Expand All @@ -85,45 +96,62 @@ data ClientParams = ClientParams
-- The extra blob is useful to differentiate services running on the same host, but that
-- might have different certificates given. It's only used as part of the X509 validation
-- infrastructure.
--
-- This value is typically set by 'defaultParamsClient'.
, clientServerIdentification :: (HostName, ByteString)
-- | Allow the use of the Server Name Indication TLS extension during handshake, which allow
-- the client to specify which host name, it's trying to access. This is useful to distinguish
-- CNAME aliasing (e.g. web virtual host).
--
-- Default: 'True'
, clientUseServerNameIndication :: Bool
-- | try to establish a connection using this session.
--
-- Default: 'Nothing'
, clientWantSessionResume :: Maybe (SessionID, SessionData)
-- | See the default value of 'Shared'.
, clientShared :: Shared
-- | See the default value of 'ClientHooks'.
, clientHooks :: ClientHooks
-- | In this element, you'll need to override the default empty value of
-- of 'supportedCiphers' with a suitable cipherlist.
--
-- See the default value of 'Supported'.
, clientSupported :: Supported
-- | See the default value of 'DebugParams'.
, clientDebug :: DebugParams
-- | Client tries to send this early data in TLS 1.3 if possible.
-- If not accepted by the server, it is application's responsibility
-- to re-sent it.
--
-- Default: 'Nothing'
, clientEarlyData :: Maybe ByteString
} deriving (Show)

defaultParamsClient :: HostName -> ByteString -> ClientParams
defaultParamsClient serverName serverId = ClientParams
{ clientWantSessionResume = Nothing
, clientUseMaxFragmentLength = Nothing
, clientServerIdentification = (serverName, serverId)
{ clientUseMaxFragmentLength = Nothing
, clientServerIdentification = (serverName, serverId)
, clientUseServerNameIndication = True
, clientShared = def
, clientHooks = def
, clientSupported = def
, clientDebug = defaultDebugParams
, clientEarlyData = Nothing
, clientWantSessionResume = Nothing
, clientShared = def
, clientHooks = def
, clientSupported = def
, clientDebug = defaultDebugParams
, clientEarlyData = Nothing
}

data ServerParams = ServerParams
{ -- | request a certificate from client.
{ -- | Request a certificate from client.
--
-- Default: 'False'
serverWantClientCert :: Bool

-- | This is a list of certificates from which the
-- disinguished names are sent in certificate request
-- messages. For TLS1.0, it should not be empty.
--
-- Default: '[]'
, serverCACertificates :: [SignedCertificate]

-- | Server Optional Diffie Hellman parameters. Setting parameters is
Expand All @@ -133,18 +161,27 @@ data ServerParams = ServerParams
-- Value can be one of the standardized groups from module
-- "Network.TLS.Extra.FFDHE" or custom parameters generated with
-- 'Crypto.PubKey.DH.generateParams'.
--
-- Default: 'Nothing'
, serverDHEParams :: Maybe DHParams

, serverShared :: Shared
-- | See the default value of 'ServerHooks'.
, serverHooks :: ServerHooks
-- | See the default value of 'Shared'.
, serverShared :: Shared
-- | See the default value of 'Supported'.
, serverSupported :: Supported
-- | See the default value of 'DebugParams'.
, serverDebug :: DebugParams
-- | Server accepts this size of early data in TLS 1.3.
-- 0 (or lower) means that the server does not accept early data.
--
-- Default: 0
, serverEarlyDataSize :: Int
-- | Lifetime in seconds for session tickets generated by the server.
-- Acceptable value range is 0 to 604800 (7 days). The default lifetime
-- is 86400 seconds (1 day).
--
-- Default: 86400 (one day)
, serverTicketLifetime :: Int
} deriving (Show)

Expand Down Expand Up @@ -174,15 +211,21 @@ data Supported = Supported
--
-- Versions should be listed in preference order, i.e. higher versions
-- first.
--
-- Default: @[TLS13,TLS12,TLS11,TLS10]@
supportedVersions :: [Version]
-- | Supported cipher methods. The default is empty, specify a suitable
-- cipher list. 'Network.TLS.Extra.Cipher.ciphersuite_default' is often
-- a good choice.
--
-- Default: @[]@
, supportedCiphers :: [Cipher]
-- | Supported compressions methods. By default only the "null"
-- compression is supported, which means no compression will be performed.
-- Allowing other compression method is not advised as it causes a
-- connection failure when TLS 1.3 is negotiated.
--
-- Default: @[nullCompression]@
, supportedCompressions :: [Compression]
-- | All supported hash/signature algorithms pair for client
-- certificate verification and server signature in (EC)DHE,
Expand All @@ -200,16 +243,39 @@ data Supported = Supported
-- Note: with TLS 1.3 some algorithms have been deprecated and will not be
-- used even when listed in the parameter: MD5, SHA-1, SHA-224, RSA
-- PKCS#1, DSS.
--
-- Default:
--
-- @
-- [ (HashIntrinsic, SignatureEd448)
-- , (HashIntrinsic, SignatureEd25519)
-- , (Struct.HashSHA256, SignatureECDSA)
-- , (Struct.HashSHA384, SignatureECDSA)
-- , (Struct.HashSHA512, SignatureECDSA)
-- , (HashIntrinsic, SignatureRSApssRSAeSHA512)
-- , (HashIntrinsic, SignatureRSApssRSAeSHA384)
-- , (HashIntrinsic, SignatureRSApssRSAeSHA256)
-- , (Struct.HashSHA512, SignatureRSA)
-- , (Struct.HashSHA384, SignatureRSA)
-- , (Struct.HashSHA256, SignatureRSA)
-- , (Struct.HashSHA1, SignatureRSA)
-- , (Struct.HashSHA1, SignatureDSS)
-- ]
-- @
, supportedHashSignatures :: [HashAndSignatureAlgorithm]
-- | Secure renegotiation defined in RFC5746.
-- If 'True', clients send the renegotiation_info extension.
-- If 'True', servers handle the extension or the renegotiation SCSV
-- then send the renegotiation_info extension.
--
-- Default: 'True'
, supportedSecureRenegotiation :: Bool
-- | If 'True', renegotiation is allowed from the client side.
-- This is vulnerable to DOS attacks.
-- If 'False', renegotiation is allowed only from the server side
-- via HelloRequest.
--
-- Default: 'False'
, supportedClientInitiatedRenegotiation :: Bool
-- | The mode regarding extended master secret. Enabling this extension
-- provides better security for TLS versions 1.0 to 1.2. TLS 1.3 provides
Expand All @@ -219,19 +285,27 @@ data Supported = Supported
-- to 'RequireEMS', the handshake will fail when the peer does not support
-- the extension. It is also advised to disable SSLv3 which does not have
-- this mechanism.
--
-- Default: 'AllowEMS'
, supportedExtendedMasterSec :: EMSMode
-- | Set if we support session.
--
-- Default: 'True'
, supportedSession :: Bool
-- | Support for fallback SCSV defined in RFC7507.
-- If 'True', servers reject handshakes which suggest
-- a lower protocol than the highest protocol supported.
--
-- Default: 'True'
, supportedFallbackScsv :: Bool
-- | In ver <= TLS1.0, block ciphers using CBC are using CBC residue as IV, which can be guessed
-- by an attacker. Hence, an empty packet is normally sent before a normal data packet, to
-- prevent guessability. Some Microsoft TLS-based protocol implementations, however,
-- consider these empty packets as a protocol violation and disconnect. If this parameter is
-- 'False', empty packets will never be added, which is less secure, but might help in rare
-- cases.
--
-- Default: 'True'
, supportedEmptyPacket :: Bool
-- | A list of supported elliptic curves and finite-field groups in the
-- preferred order.
Expand All @@ -242,6 +316,8 @@ data Supported = Supported
--
-- The default value includes all groups with security strength of 128
-- bits or more.
--
-- Default: @[X25519,X448,P256,FFDHE3072,FFDHE4096,P384,FFDHE6144,FFDHE8192,P521]@
, supportedGroups :: [Group]
} deriving (Show,Eq)

Expand Down Expand Up @@ -293,33 +369,41 @@ data Shared = Shared
--
-- When credential list is left empty (the default value), no key
-- exchange can take place.
--
-- Default: 'mempty'
sharedCredentials :: Credentials
-- | Callbacks used by clients and servers in order to resume TLS
-- sessions. The default implementation never resumes sessions. Package
-- <https://hackage.haskell.org/package/tls-session-manager tls-session-manager>
-- provides an in-memory implementation.
--
-- Default: 'noSessionManager'
, sharedSessionManager :: SessionManager
-- | A collection of trust anchors to be used by a client as
-- part of validation of server certificates. This is set as
-- first argument to function 'onServerCertificate'. Package
-- <https://hackage.haskell.org/package/x509-system x509-system>
-- gives access to a default certificate store configured in the
-- system.
--
-- Default: 'mempty'
, sharedCAStore :: CertificateStore
-- | Callbacks that may be used by a client to cache certificate
-- validation results (positive or negative) and avoid expensive
-- signature check. The default implementation does not have
-- any caching.
--
-- See the default value of 'ValidationCache'.
, sharedValidationCache :: ValidationCache
}

instance Show Shared where
show _ = "Shared"
instance Default Shared where
def = Shared
{ sharedCAStore = mempty
, sharedCredentials = mempty
{ sharedCredentials = mempty
, sharedSessionManager = noSessionManager
, sharedCAStore = mempty
, sharedValidationCache = def
}

Expand Down Expand Up @@ -402,6 +486,8 @@ data ClientHooks = ClientHooks
-- select a certificate matching one of the requested
-- certificate types (public key algorithms). Returning
-- a non-matching one will lead to handshake failure later.
--
-- Default: returns 'Nothing' anyway.
onCertificateRequest :: OnCertificateRequest
-- | Used by the client to validate the server certificate. The default
-- implementation calls 'validateDefault' which validates according to the
Expand All @@ -412,9 +498,13 @@ data ClientHooks = ClientHooks
-- end-entity certificate, as this depends on the dynamically-selected
-- cipher and this part should not be cached. Key-usage verification
-- is performed by the library internally.
--
-- Default: 'validateDefault'
, onServerCertificate :: OnServerCertificate
-- | This action is called when the client sends ClientHello
-- to determine ALPN values such as '["h2", "http/1.1"]'.
--
-- Default: returns 'Nothing'
, onSuggestALPN :: IO (Maybe [B.ByteString])
-- | This action is called to validate DHE parameters when the server
-- selected a finite-field group not part of the "Supported Groups
Expand Down Expand Up @@ -458,11 +548,19 @@ data ServerHooks = ServerHooks
-- The function is not expected to verify the key-usage
-- extension of the certificate. This verification is
-- performed by the library internally.
--
-- Default: returns the followings:
--
-- @
-- CertificateUsageReject (CertificateRejectOther "no client certificates expected")
-- @
onClientCertificate :: CertificateChain -> IO CertificateUsage

-- | This action is called when the client certificate
-- cannot be verified. Return 'True' to accept the certificate
-- anyway, or 'False' to fail verification.
--
-- Default: returns 'False'
, onUnverifiedClientCert :: IO Bool

-- | Allow the server to choose the cipher relative to the
Expand All @@ -472,6 +570,8 @@ data ServerHooks = ServerHooks
-- to the BEAST (where RC4 is sometimes prefered with TLS < 1.1)
--
-- The client cipher list cannot be empty.
--
-- Default: taking the head of ciphers.
, onCipherChoosing :: Version -> [Cipher] -> Cipher

-- | Allow the server to indicate additional credentials
Expand All @@ -484,22 +584,28 @@ data ServerHooks = ServerHooks
--
-- Returned credentials may be ignored if a client does not support
-- the signature algorithms used in the certificate chain.
--
-- Default: returns 'mempty'
, onServerNameIndication :: Maybe HostName -> IO Credentials

-- | at each new handshake, we call this hook to see if we allow handshake to happens.
-- | At each new handshake, we call this hook to see if we allow handshake to happens.
--
-- Default: returns 'True'
, onNewHandshake :: Measurement -> IO Bool

-- | Allow the server to choose an application layer protocol
-- suggested from the client through the ALPN
-- (Application Layer Protocol Negotiation) extensions.
--
-- Default: 'Nothing'
, onALPNClientSuggest :: Maybe ([B.ByteString] -> IO B.ByteString)
}

defaultServerHooks :: ServerHooks
defaultServerHooks = ServerHooks
{ onCipherChoosing = \_ -> head
, onClientCertificate = \_ -> return $ CertificateUsageReject $ CertificateRejectOther "no client certificates expected"
{ onClientCertificate = \_ -> return $ CertificateUsageReject $ CertificateRejectOther "no client certificates expected"
, onUnverifiedClientCert = return False
, onCipherChoosing = \_ -> head
, onServerNameIndication = \_ -> return mempty
, onNewHandshake = \_ -> return True
, onALPNClientSuggest = Nothing
Expand Down
1 change: 1 addition & 0 deletions core/Network/TLS/Session.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ data SessionManager = SessionManager
, sessionInvalidate :: SessionID -> IO ()
}

-- | The session manager to do nothing.
noSessionManager :: SessionManager
noSessionManager = SessionManager
{ sessionResume = \_ -> return Nothing
Expand Down