Library
Module
Module type
Parameter
Class
Class type
Configuration of the TLS stack
type certchain = X509.t list * Nocrypto.Rsa.priv
certificate chain and private key of the first certificate
type own_cert = [
| `None
| `Single of certchain
| `Multiple of certchain list
| `Multiple_default of certchain * certchain list
]
polymorphic variant of own certificates
type session_cache = Core.SessionID.t -> Core.epoch_data option
type config = private {
ciphers : Ciphersuite.ciphersuite list;
ordered list (regarding preference) of supported cipher suites
*)protocol_versions : Core.tls_version * Core.tls_version;
supported protocol versions (min, max)
*)hashes : Nocrypto.Hash.hash list;
ordered list of supported hash algorithms (regarding preference)
*)use_reneg : bool;
endpoint should accept renegotiation requests
*)authenticator : X509.Authenticator.a option;
optional X509 authenticator
*)peer_name : string option;
optional name of other endpoint (used for SNI RFC4366)
*)own_certificates : own_cert;
optional default certificate chain and other certificate chains
*)session_cache : session_cache;
cached_session : Core.epoch_data option;
}
configuration parameters
val config_of_sexp : Sexplib.Sexp.t -> config
val sexp_of_config : config -> Sexplib.Sexp.t
val client_of_sexp : Sexplib.Sexp.t -> client
val sexp_of_client : client -> Sexplib.Sexp.t
val server_of_sexp : Sexplib.Sexp.t -> server
val sexp_of_server : server -> Sexplib.Sexp.t
val client :
authenticator:X509.Authenticator.a ->
?ciphers:Ciphersuite.ciphersuite list ->
?version:(Core.tls_version * Core.tls_version) ->
?hashes:Nocrypto.Hash.hash list ->
?reneg:bool ->
?certificates:own_cert ->
?cached_session:Core.epoch_data ->
unit ->
client
val server :
?ciphers:Ciphersuite.ciphersuite list ->
?version:(Core.tls_version * Core.tls_version) ->
?hashes:Nocrypto.Hash.hash list ->
?reneg:bool ->
?certificates:own_cert ->
?authenticator:X509.Authenticator.a ->
?session_cache:session_cache ->
unit ->
server
val default_hashes : Nocrypto.Hash.hash list
default_hashes
is a list of hash algorithms used by default
val supported_hashes : Nocrypto.Hash.hash list
supported_hashes
is a list of supported hash algorithms by this library
val dh_group : Nocrypto.Dh.group
dh_group
is the default Diffie-Hellman group (currently the ffdhe2048 group from Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS)
module Ciphers : sig ... end
Cipher selection