package tls

  1. Overview
  2. Docs
package tls
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Tls.CiphersuiteSource

Ciphersuite definitions and some helper functions.

Sourcetype key_exchange_algorithm13 = [
  1. | `DHE_RSA
]

sum type of all possible key exchange methods

Sourceval __key_exchange_algorithm13_of_sexp__ : Sexplib0.Sexp.t -> key_exchange_algorithm13
Sourceval key_exchange_algorithm13_of_sexp : Sexplib0.Sexp.t -> key_exchange_algorithm13
Sourceval sexp_of_key_exchange_algorithm13 : key_exchange_algorithm13 -> Sexplib0.Sexp.t
Sourcetype key_exchange_algorithm = [
  1. | key_exchange_algorithm13
  2. | `RSA
]
Sourceval __key_exchange_algorithm_of_sexp__ : Sexplib0.Sexp.t -> key_exchange_algorithm
Sourceval key_exchange_algorithm_of_sexp : Sexplib0.Sexp.t -> key_exchange_algorithm
Sourceval sexp_of_key_exchange_algorithm : key_exchange_algorithm -> Sexplib0.Sexp.t
Sourceval required_keytype_and_usage : [< `DHE_RSA | `RSA ] -> [> `RSA ] * [> `Digital_signature | `Key_encipherment ]

required_keytype_and_usage kex is (keytype, usage) which a certificate must have if it is used in the given kex method

Sourcetype block_cipher =
  1. | TRIPLE_DES_EDE_CBC
  2. | AES_128_CBC
  3. | AES_256_CBC
Sourceval block_cipher_of_sexp : Sexplib0.Sexp.t -> block_cipher
Sourceval sexp_of_block_cipher : block_cipher -> Sexplib0.Sexp.t
Sourcetype aead_cipher =
  1. | AES_128_CCM
  2. | AES_256_CCM
  3. | AES_128_GCM
  4. | AES_256_GCM
  5. | CHACHA20_POLY1305
Sourceval aead_cipher_of_sexp : Sexplib0.Sexp.t -> aead_cipher
Sourceval sexp_of_aead_cipher : aead_cipher -> Sexplib0.Sexp.t
Sourcemodule H : sig ... end
Sourcetype payload_protection13 = [
  1. | `AEAD of aead_cipher
]
Sourceval __payload_protection13_of_sexp__ : Sexplib0.Sexp.t -> payload_protection13
Sourceval payload_protection13_of_sexp : Sexplib0.Sexp.t -> payload_protection13
Sourceval sexp_of_payload_protection13 : payload_protection13 -> Sexplib0.Sexp.t
Sourcetype payload_protection = [
  1. | payload_protection13
  2. | `Block of block_cipher * H.t
]
Sourceval __payload_protection_of_sexp__ : Sexplib0.Sexp.t -> payload_protection
Sourceval payload_protection_of_sexp : Sexplib0.Sexp.t -> payload_protection
Sourceval sexp_of_payload_protection : payload_protection -> Sexplib0.Sexp.t
Sourceval kn_13 : aead_cipher -> int * int
Sourceval key_length : unit option -> [< `AEAD of aead_cipher | `Block of block_cipher * [< Mirage_crypto.Hash.hash ] ] -> int * int * int

key_length iv payload_protection is (key size, IV size, mac size) where key IV, and mac sizes are the required bytes for the given payload_protection

Sourcetype ciphersuite13 = [
  1. | `AES_128_GCM_SHA256
  2. | `AES_256_GCM_SHA384
  3. | `CHACHA20_POLY1305_SHA256
  4. | `AES_128_CCM_SHA256
]
Sourceval __ciphersuite13_of_sexp__ : Sexplib0.Sexp.t -> ciphersuite13
Sourceval ciphersuite13_of_sexp : Sexplib0.Sexp.t -> ciphersuite13
Sourceval sexp_of_ciphersuite13 : ciphersuite13 -> Sexplib0.Sexp.t
Sourceval privprot13 : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] -> aead_cipher
Sourceval hash13 : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] -> [> `SHA256 | `SHA384 ]
Sourceval any_ciphersuite_to_ciphersuite13 : Packet.any_ciphersuite -> [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] option
Sourcetype ciphersuite = [
  1. | ciphersuite13
  2. | `DHE_RSA_WITH_AES_128_GCM_SHA256
  3. | `DHE_RSA_WITH_AES_256_GCM_SHA384
  4. | `DHE_RSA_WITH_AES_256_CCM
  5. | `DHE_RSA_WITH_AES_128_CCM
  6. | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  7. | `DHE_RSA_WITH_AES_256_CBC_SHA256
  8. | `DHE_RSA_WITH_AES_128_CBC_SHA256
  9. | `DHE_RSA_WITH_AES_256_CBC_SHA
  10. | `DHE_RSA_WITH_AES_128_CBC_SHA
  11. | `DHE_RSA_WITH_3DES_EDE_CBC_SHA
  12. | `ECDHE_RSA_WITH_AES_128_GCM_SHA256
  13. | `ECDHE_RSA_WITH_AES_256_GCM_SHA384
  14. | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  15. | `ECDHE_RSA_WITH_AES_256_CBC_SHA384
  16. | `ECDHE_RSA_WITH_AES_128_CBC_SHA256
  17. | `ECDHE_RSA_WITH_AES_256_CBC_SHA
  18. | `ECDHE_RSA_WITH_AES_128_CBC_SHA
  19. | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  20. | `RSA_WITH_AES_256_CBC_SHA256
  21. | `RSA_WITH_AES_128_CBC_SHA256
  22. | `RSA_WITH_AES_256_CBC_SHA
  23. | `RSA_WITH_AES_128_CBC_SHA
  24. | `RSA_WITH_3DES_EDE_CBC_SHA
  25. | `RSA_WITH_AES_128_GCM_SHA256
  26. | `RSA_WITH_AES_256_GCM_SHA384
  27. | `RSA_WITH_AES_256_CCM
  28. | `RSA_WITH_AES_128_CCM
]
Sourceval __ciphersuite_of_sexp__ : Sexplib0.Sexp.t -> ciphersuite
Sourceval ciphersuite_of_sexp : Sexplib0.Sexp.t -> ciphersuite
Sourceval sexp_of_ciphersuite : ciphersuite -> Sexplib0.Sexp.t
Sourceval ciphersuite_to_ciphersuite13 : ciphersuite -> ciphersuite13 option
Sourceval any_ciphersuite_to_ciphersuite : Packet.any_ciphersuite -> [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] option
Sourceval ciphersuite_to_any_ciphersuite : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> Packet.any_ciphersuite
Sourceval ciphersuite_to_string : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> string
Sourceval get_kex_privprot : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> [> `DHE_RSA | `RSA ] * [> `AEAD of aead_cipher | `Block of block_cipher * [> `SHA1 | `SHA256 | `SHA384 ] ]

get_kex_privprot ciphersuite is (kex, privacy_protection) where it dissects the ciphersuite into a pair containing the key exchange method kex, and its privacy_protection

Sourceval ciphersuite_kex : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> [> `DHE_RSA | `RSA ]

ciphersuite_kex ciphersuite is kex, first projection of get_kex_privprot

Sourceval ciphersuite_privprot : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> [> `AEAD of aead_cipher | `Block of block_cipher * [> `SHA1 | `SHA256 | `SHA384 ] ]

ciphersuite_privprot ciphersuite is privprot, second projection of get_kex_privprot

Sourceval ciphersuite_fs : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 | `DHE_RSA_WITH_3DES_EDE_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA | `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_3DES_EDE_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> bool
Sourceval ecc : [> `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ] -> bool
Sourceval ciphersuite_tls12_only : [> `DHE_RSA_WITH_AES_128_CBC_SHA256 | `DHE_RSA_WITH_AES_128_CCM | `DHE_RSA_WITH_AES_128_GCM_SHA256 | `DHE_RSA_WITH_AES_256_CBC_SHA256 | `DHE_RSA_WITH_AES_256_CCM | `DHE_RSA_WITH_AES_256_GCM_SHA384 | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `ECDHE_RSA_WITH_AES_128_CBC_SHA256 | `ECDHE_RSA_WITH_AES_128_GCM_SHA256 | `ECDHE_RSA_WITH_AES_256_CBC_SHA384 | `ECDHE_RSA_WITH_AES_256_GCM_SHA384 | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | `RSA_WITH_AES_128_CBC_SHA256 | `RSA_WITH_AES_128_CCM | `RSA_WITH_AES_128_GCM_SHA256 | `RSA_WITH_AES_256_CBC_SHA256 | `RSA_WITH_AES_256_CCM | `RSA_WITH_AES_256_GCM_SHA384 ] -> bool
Sourceval ciphersuite_tls13 : [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] -> bool
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct