![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / hs-tls
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
security/hs-tls: Don't require RFC 7627 Extended Master Secret by default
recursive revbump after patching lang/ghc910
Bump all Haskell packages after switching the default compiler.
security/hs-tls: update to tls-2.1.7 # Change log for "tls" ## Version 2.1.7 * Introducing `Limit` parameter. * Implementing "Record Size Limit Extension for TLS" (RFC8449). Set `limitRecordSize` use it. * Implementing "TLS Certificate Compression" (RFC 8879). This feature is automatically used if the peer supports it. * More tests with `tlsfuzzer` especially for client authentication and 0-RTT. * Implementing a utility funcation, `validateClientCertificate`, for client authentication. * Bug fix for echo back logic of Cookie extension. * More pretty show for the internal `Handshake` structure for debugging. ## Version 2.1.6 * Testing with "tlsfuzzer" again. Now don't send an alert agaist to peer's alert. Double locking (aka self dead-lock) is fixed. Sending an alert for known-but-cannot-parse extensions. Other corner cases are also fixed. * `tls-client -d` and `tls-server -d` pretty-prints `Handshake`. ## Version 2.1.5 * Removing the dependency on the async package. * Restore a few DHE_RSA ciphers. [#493](https://github.com/haskell-tls/hs-tls/pull/493) ## Version 2.1.4 * Exporting defaultValidationCache. ## Version 2.1.3 * Remove `data-default` version constraint. [#492](https://github.com/haskell-tls/hs-tls/pull/492) * Exporting default variables. [#448](https://github.com/haskell-tls/hs-tls/pull/488) ## Version 2.1.2 * Using data-default instead of data-default-class. ## Version 2.1.1 * `bye` directly calls `timeout recvHS13`, not spawning a thread for `timeout recvHS13`. So, `bye` can receive an exception if thrown. ## Version 2.1.0 * Breaking change: stop exporting constructors to maintain future compatibilities. Field names are still exported, and values can be updated with them using record syntax. Use `def` and `noSessionManager` as initial values. * `onServerFinished` is added to `ClientHooks`. * `clientWantSessionResumeList` is added to `ClientParams` to support multiple tickets for TLS 1.3. ## Version 2.0.6 * Setting `supportedCiphers` in `defaultSupported` to `ciphersuite_default`. So, users don't have to override this value anymore by exporting `Network.TLS.Extra.Cipher`. [#471](https://github.com/haskell-tls/hs-tls/pull/471) * `ciphersuite_default` is the same as `ciphersuite_strong`. So, the duplicated definition is removed. * Add missing modules for util/tls-client and util/tls-server.
Recursive revbump after changing the default Haskell compiler
security/hs-tls: Update to 2.0.5
Version 2.0.5
Fixing handshake13_0rtt_fallback
Client checks if the group of PSK is contained in Supported_Groups.
HRR is not allowed for 0-RTT.
Version 2.0.4
More fix for 0-RTT when application data is available while receiving CF.
New util/tls-client and util/tls-server.
Version 2.0.3
Fixing a bug where timeout in bye does not work.
util/client -> util/tls-client
util/server -> util/tls-server
Version 2.0.2
Client checks sessionMaxEarlyDataSize to decide 0-RTT
Client checks the resumption cipher properly.
Version 2.0.1
Fix a leak of pending data to be sent.
Version 2.0.0
tls now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed.
Security: BREAKING CHANGE: all CBC cipher suite are removed.
Security: BREAKING CHANGE: RC4 and 3DES are removed.
Security: BREAKING CHANGE: DSS(digital signature standard) is removed.
Security: BREAKING CHANGE: TLS 1.2 servers require EMS(extended main secret) by default. supportedExtendedMasterSec is renamed to supportedExtendedMainSecret.
BREAKING CHANGE: the package is now complied with Strict and StrictData.
BREAKING CHANGE: Many data structures are re-defined with PatternSynonyms for extensibility.
BREAKING CHANGE: the structure of SessionManager is changed to support session tickets.
API: BREAKING CHANGE: sendData can send early data (0-RTT). clientEarlyData is removed. To send early data via sendData, set clientUseEarlyData to True. #466
API: handshake can receive an alert of client authentication failure for TLS 1.3. #463
API: bye can receive NewSessionTicket for TLS 1.3.
Channel binding: getFinished and getPeerFinished are deprecated. Use getTLSUnique instead. #462
Channel binding: getTLSExporter and getTLSServerEndPoint are provided. #462
Refactoring: the monolithic handshake is divided to follow the diagram of TLS 1.2 and 1.3 for readability.
Refactoring: test cases are refactored for maintenability and readablity. hspec is used instead of tasty.
Code format: fourmolu is used as an official formatter.
Catching up RFC8446bis-09. #467
Revbump all Haskell after updating lang/ghc96
security/hs-tls: Update to 1.9.0 Version 1.9.0 * BREAKING CHANGE: The type of the Error_Protocol constructor of TLSError has changed. The "warning" case has been split off into a new Error_Protocol_Warning constructor. #460 Version 1.8.0 * BREAKING CHANGE: Remove Exception instance for TLSError. The library now throws TLSException only. If you need to change your code, please refer to this example first. #457 Version 1.7.1 * NOP on UserCanceled event #454 Version 1.7.0 * Major version up because "crypton" is used instead of "cryptonite"
Bump Haskell packages after updating lang/ghc94
revbump all the Haskell packages after modifying the runtime system of lang/ghc94
security/hs-tls: Update to 1.6.0 Version 1.6.0 * Major version up because of disabling SSL3 * Some fixes against tlsfuzzer Version 1.5.8 * Require mtl-2.2.1 or newer #448
Recursive bump for recently updated Haskell packages
Bump all Haskell packages after enabling "split sections" in mk/haskell.mk
revbump after changing the default Haskell compiler
Update to tls-1.5.7
Version 1.5.7
New APIs: getFinished and getPeerFinished #445
Version 1.5.6
Dynamically setting enctypted extensions #444
Bump packages that depends on GHC
*: Bump PKGREVISION for ghc-9.0.1
Update to tls-1.5.5 Version 1.5.5 * QUIC support #419 #427 #428 #430 #433 #441 * Server ECDSA for P-256 #436 * Sort ciphersuites based on hardware-acceleration support #439 * Sending no_application_protocol #440 * Internal improvements #426 #431 Version 1.5.4 * Restore interoperability with early Java 6 #422 * Test cleanups for timeout and async usage #416
Import tls-1.5.3 Native Haskell TLS and SSL protocol implementation for server and client. This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features. Currently implement the SSL3.0, TLS1.0, TLS1.1, TLS1.2 and TLS 1.3 protocol, and support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges, and many extensions.