-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Engine (tls.Tls.Engine)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> » <a href="../index.html">Tls</a> » Engine</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Engine</span></code></h1><p>Transport layer security</p><p><code>TLS</code> is an implementation of <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">transport layer security</a> in OCaml. TLS is a widely used security protocol which establishes an end-to-end secure channel (with optional (mutual) authentication) between two endpoints. It uses TCP/IP as transport. This library supports all four versions of TLS: <a href="https://tools.ietf.org/html/rfc8446">1.3, RFC8446</a>, <a href="https://tools.ietf.org/html/rfc5246">1.2, RFC5246</a>, <a href="https://tools.ietf.org/html/rfc4346">1.1, RFC4346</a>, and <a href="https://tools.ietf.org/html/rfc2246">1.0, RFC2246</a>. SSL, the previous protocol definition, is not supported.</p><p>TLS is algorithmically agile: protocol version, key exchange algorithm, symmetric cipher, and message authentication code are negotiated upon connection.</p><p>This library implements several extensions of TLS, <a href="https://tools.ietf.org/html/rfc3268">AES ciphers</a>, <a href="https://tools.ietf.org/html/rfc4366">TLS extensions</a> (such as server name indication, SNI), <a href="https://tools.ietf.org/html/rfc5746">Renegotiation extension</a>, <a href="https://tools.ietf.org/html/rfc7627">Session Hash and Extended Master Secret Extension</a>.</p><p>This library does not contain insecure cipher suites (such as single DES, export ciphers, ...). It does not expose the server time in the server random, requires secure renegotiation.</p><p>This library consists of a core, implemented in a purely functional matter (<a href="#"><code>Engine</code></a>, this module), and effectful parts: <code>Tls_lwt</code> and <code>Tls_mirage</code>.</p><p><em>v1.0.0</em></p></header><nav class="odoc-toc"><ul><li><a href="#abstract-state-type">Abstract state type</a></li><li><a href="#constructors">Constructors</a></li><li><a href="#protocol-failures">Protocol failures</a></li><li><a href="#protocol-handling">Protocol handling</a></li><li><a href="#session-information">Session information</a></li></ul></nav><div class="odoc-content"><h2 id="abstract-state-type"><a href="#abstract-state-type" class="anchor"></a>Abstract state type</h2><div class="odoc-spec"><div class="spec type anchored" id="type-state"><a href="#type-state" class="anchor"></a><code><span><span class="keyword">type</span> state</span></code></div><div class="spec-doc"><p>The abstract type of a TLS state.</p></div></div><h2 id="constructors"><a href="#constructors" class="anchor"></a>Constructors</h2><div class="odoc-spec"><div class="spec value anchored" id="val-client"><a href="#val-client" class="anchor"></a><code><span><span class="keyword">val</span> client : <span><a href="../Config/index.html#type-client">Config.client</a> <span class="arrow">-></span></span> <a href="#type-state">state</a> * string</span></code></div><div class="spec-doc"><p><code>client client</code> is <code>tls * out</code> where <code>tls</code> is the initial state, and <code>out</code> the initial client hello</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server"><a href="#val-server" class="anchor"></a><code><span><span class="keyword">val</span> server : <span><a href="../Config/index.html#type-server">Config.server</a> <span class="arrow">-></span></span> <a href="#type-state">state</a></span></code></div><div class="spec-doc"><p><code>server server</code> is <code>tls</code> where <code>tls</code> is the initial server state</p></div></div><h2 id="protocol-failures"><a href="#protocol-failures" class="anchor"></a>Protocol failures</h2><div class="odoc-spec"><div class="spec type anchored" id="type-error"><a href="#type-error" class="anchor"></a><code><span><span class="keyword">type</span> error</span><span> = </span><span>[ </span></code><ol><li id="type-error.AuthenticationFailure" class="def variant constructor anchored"><a href="#type-error.AuthenticationFailure" class="anchor"></a><code><span>| </span><span>`AuthenticationFailure <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Validation.validation_error</span></code></li><li id="type-error.NoConfiguredCiphersuite" class="def variant constructor anchored"><a href="#type-error.NoConfiguredCiphersuite" class="anchor"></a><code><span>| </span><span>`NoConfiguredCiphersuite <span class="keyword">of</span> <span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></li><li id="type-error.NoConfiguredVersions" class="def variant constructor anchored"><a href="#type-error.NoConfiguredVersions" class="anchor"></a><code><span>| </span><span>`NoConfiguredVersions <span class="keyword">of</span> <span><a href="../Core/index.html#type-tls_version">Core.tls_version</a> list</span></span></code></li><li id="type-error.NoConfiguredSignatureAlgorithm" class="def variant constructor anchored"><a href="#type-error.NoConfiguredSignatureAlgorithm" class="anchor"></a><code><span>| </span><span>`NoConfiguredSignatureAlgorithm <span class="keyword">of</span> <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span></code></li><li id="type-error.NoMatchingCertificateFound" class="def variant constructor anchored"><a href="#type-error.NoMatchingCertificateFound" class="anchor"></a><code><span>| </span><span>`NoMatchingCertificateFound <span class="keyword">of</span> string</span></code></li><li id="type-error.CouldntSelectCertificate" class="def variant constructor anchored"><a href="#type-error.CouldntSelectCertificate" class="anchor"></a><code><span>| </span><span>`CouldntSelectCertificate</span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>failures which can be mitigated by reconfiguration</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-fatal"><a href="#type-fatal" class="anchor"></a><code><span><span class="keyword">type</span> fatal</span><span> = </span><span>[ </span></code><ol><li id="type-fatal.Protocol_version" class="def variant constructor anchored"><a href="#type-fatal.Protocol_version" class="anchor"></a><code><span>| </span><span>`Protocol_version <span class="keyword">of</span>
0 commit comments