package tls

  1. Overview
  2. Docs
Transport Layer Security purely in OCaml

Install

Dune Dependency

github.com Readme Changelog BSD-2-Clause License Edit opam file Versions (36)

Authors

  1. D
    David Kaloper <david@numm.org>
  2. H
    Hannes Mehnert <hannes@mehnert.org>

Maintainers

  1. H
    Hannes Mehnert <hannes@mehnert.org>
  2. D
    David Kaloper <david@numm.org>

Sources

tls-v0.12.4.tbz
sha256=4983e09f9394a7594ce6fbe4bfd193dec61ec7c0a0cbcc75985da1d7518accd4
sha512=8851df811eb4d7cfc9d09aead278b0ba9fb1dc10b151eec766635956829fb3fd7c40ac946269e89cca1020091a1a3474d51ff83395400edfd66fe436943d15f5

doc/tls/Tls/Ciphersuite/index.html

Module Tls.Ciphersuite

Ciphersuite definitions and some helper functions.

type key_exchange_algorithm13 = [
  1. | `DHE_RSA
]

sum type of all possible key exchange methods

val __key_exchange_algorithm13_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> key_exchange_algorithm13
val key_exchange_algorithm13_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> key_exchange_algorithm13
val sexp_of_key_exchange_algorithm13 : key_exchange_algorithm13 -> Ppx_sexp_conv_lib.Sexp.t
type key_exchange_algorithm = [
  1. | key_exchange_algorithm13
  2. | `RSA
]
val __key_exchange_algorithm_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> key_exchange_algorithm
val key_exchange_algorithm_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> key_exchange_algorithm
val sexp_of_key_exchange_algorithm : key_exchange_algorithm -> Ppx_sexp_conv_lib.Sexp.t
val required_keytype_and_usage : [< `DHE_RSA | `RSA ] -> [> `RSA ] * [> `Digital_signature | `Key_encipherment ]

required_keytype_and_usage kex is (keytype, usage) which a certificate must have if it is used in the given kex method

type block_cipher =
  1. | TRIPLE_DES_EDE_CBC
  2. | AES_128_CBC
  3. | AES_256_CBC
val block_cipher_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> block_cipher
val sexp_of_block_cipher : block_cipher -> Ppx_sexp_conv_lib.Sexp.t
type aead_cipher =
  1. | AES_128_CCM
  2. | AES_256_CCM
  3. | AES_128_GCM
  4. | AES_256_GCM
  5. | CHACHA20_POLY1305
val aead_cipher_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> aead_cipher
val sexp_of_aead_cipher : aead_cipher -> Ppx_sexp_conv_lib.Sexp.t
module H : sig ... end
type payload_protection13 = [
  1. | `AEAD of aead_cipher
]
val __payload_protection13_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> payload_protection13
val payload_protection13_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> payload_protection13
val sexp_of_payload_protection13 : payload_protection13 -> Ppx_sexp_conv_lib.Sexp.t
type payload_protection = [
  1. | payload_protection13
  2. | `Block of block_cipher * H.t
]
val __payload_protection_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> payload_protection
val payload_protection_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> payload_protection
val sexp_of_payload_protection : payload_protection -> Ppx_sexp_conv_lib.Sexp.t
val kn_13 : aead_cipher -> int * int
val key_length : unit option -> [< `AEAD of aead_cipher | `Block of block_cipher * [< Mirage_crypto.Hash.hash ] ] -> int * int * int

key_length iv payload_protection is (key size, IV size, mac size) where key IV, and mac sizes are the required bytes for the given payload_protection

type ciphersuite13 = [
  1. | `AES_128_GCM_SHA256
  2. | `AES_256_GCM_SHA384
  3. | `CHACHA20_POLY1305_SHA256
  4. | `AES_128_CCM_SHA256
]
val __ciphersuite13_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> ciphersuite13
val ciphersuite13_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> ciphersuite13
val sexp_of_ciphersuite13 : ciphersuite13 -> Ppx_sexp_conv_lib.Sexp.t
val privprot13 : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] -> aead_cipher
val hash13 : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] -> [> `SHA256 | `SHA384 ]
val any_ciphersuite_to_ciphersuite13 : Packet.any_ciphersuite -> [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] option
type ciphersuite = [
  1. | ciphersuite13
  2. | `DHE_RSA_WITH_AES_128_GCM_SHA256
  3. | `DHE_RSA_WITH_AES_256_GCM_SHA384
  4. | `DHE_RSA_WITH_AES_256_CCM
  5. | `DHE_RSA_WITH_AES_128_CCM
  6. | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  7. | `DHE_RSA_WITH_AES_256_CBC_SHA256
  8. | `DHE_RSA_WITH_AES_128_CBC_SHA256
  9. | `DHE_RSA_WITH_AES_256_CBC_SHA
  10. | `DHE_RSA_WITH_AES_128_CBC_SHA
  11. | `DHE_RSA_WITH_3DES_EDE_CBC_SHA
  12. | `ECDHE_RSA_WITH_AES_128_GCM_SHA256
  13. | `ECDHE_RSA_WITH_AES_256_GCM_SHA384
  14. | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  15. | `ECDHE_RSA_WITH_AES_256_CBC_SHA384
  16. | `ECDHE_RSA_WITH_AES_128_CBC_SHA256
  17. | `ECDHE_RSA_WITH_AES_256_CBC_SHA
  18. | `ECDHE_RSA_WITH_AES_128_CBC_SHA
  19. | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  20. | `RSA_WITH_AES_256_CBC_SHA256
  21. | `RSA_WITH_AES_128_CBC_SHA256
  22. | `RSA_WITH_AES_256_CBC_SHA
  23. | `RSA_WITH_AES_128_CBC_SHA
  24. | `RSA_WITH_3DES_EDE_CBC_SHA
  25. | `RSA_WITH_AES_128_GCM_SHA256
  26. | `RSA_WITH_AES_256_GCM_SHA384
  27. | `RSA_WITH_AES_256_CCM
  28. | `RSA_WITH_AES_128_CCM
]
val __ciphersuite_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> ciphersuite
val ciphersuite_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> ciphersuite
val sexp_of_ciphersuite : ciphersuite -> Ppx_sexp_conv_lib.Sexp.t
val ciphersuite_to_ciphersuite13 : ciphersuite -> ciphersuite13 option
val any_ciphersuite_to_ciphersuite : Packet.any_ciphersuite -> [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] option
val ciphersuite_to_any_ciphersuite : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> Packet.any_ciphersuite
val ciphersuite_to_string : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> string
val get_kex_privprot : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> [> `DHE_RSA | `RSA ] * [> `AEAD of aead_cipher | `Block of block_cipher * [> `SHA1 | `SHA256 | `SHA384 ] ]

get_kex_privprot ciphersuite is (kex, privacy_protection) where it dissects the ciphersuite into a pair containing the key exchange method kex, and its privacy_protection

val ciphersuite_kex : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> [> `DHE_RSA | `RSA ]

ciphersuite_kex ciphersuite is kex, first projection of get_kex_privprot

val ciphersuite_privprot : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> [> `AEAD of aead_cipher | `Block of block_cipher * [> `SHA1 | `SHA256 | `SHA384 ] ]

ciphersuite_privprot ciphersuite is privprot, second projection of get_kex_privprot

val ciphersuite_fs : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> bool
val ecc : [> `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ] -> bool
val ciphersuite_tls12_only : [> `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> bool
val ciphersuite_tls13 : [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] -> bool
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct