announcement: tls-1.2 is out

One year ago, I've started some big changes on the tls package. I've finally manage to wrap it up in something that people can use straight out of hackage.

State improvements

One major limitation of previous tls versions, was that you wouldn't be able to read and write data at the same time, since all the state was behind a big-lock single mvar. Now the state is separated between multiple smaller states with can be concurrently used:

For many protocols like HTTP, this was never an issue as the reading and writing are disjoints. But some others protocols that do intertwined read and write (AMQP, IMAP, SMTP, ..) were rightfully having difficulties to use tls.

This provide a more scalable implementation, and optimise the structure changes to the minimum needed.

Certificate improvements

The second pharaonic change was a major rewrite of ASN.1, X509 and the handling of certificate. The support libraries are now splitted in more logical units, and provide all the necessary foundations for a much simplified handling of certificates.

ASN.1 that was previously all in asn1-data is splitted into asn1-types for the high level ASN.1 Types, asn1-encoding for BER and DER binary encoding support, and asn1-parse to help with parsing ASN.1 representation into high level types. Generally, the code is nicer and able to support more cases, and also more stress tested.

Certificate certificate is splitted too and is now deprecated in favor of:

On the TLS side, previous version was leaving the whole validation process to a callback function. Now that we have a solid stack of validation and support for all main operating systems, tls now automatically provide the validation function enabled and with the appropriate security parameters by default. Of course, It's still possible to change validation parameters, add some hooks and add a validation cache too.

The validation cache is a way to take a fingerprint and get cached yes/no answer about whether the certificate is accepted. It's a generic lookup mechanism, so that it could work with any storage mechanism. The same mechanism can be overloaded to support Trust-on-first-use, and exceptions fingerprint list.

Exceptions list a great way to use self-signed certificates without compromising on security; You have to do the validation process out-of-band to make sure the certificate is really the one, and then store a tuple of the name of the remote accessed associated with a fingerprint. The fingerprint is a simple hash of the certificate, whereas the name is really just a simple (hostname, service) tuple.

Key exchange methods

Along with RSA signature, there's now DSA signature support for certificate.

Previous versions only supported the old RSA key exchange methods. After a bit of refactoring, we now have DHE-RSA and DHE-DSS support. DHE is ephemereal Diffie Hellman, and provide Forward Secrecy.

In the future, with this refactoring in place, ECDHE based key exchange methods and ECDSA signature will be very easy to add.

API and parameters changes

The initialization parameters for a context is now splitted into multiples smaller structures:

All this change allow better separation of what parameters are for the client and the server, and should also make it easier to setup better default, and allow tweaking of the configuration to be more self contain. The aim is only to have to set your "Shared" structure, and for the remaining structures uses default.

tls-extra has been merged in tls.

TLS Protocol Versions

Previous tls packages were not able to downgrade protocol version. This is now completely fixed, and by default tls will try to use the maximum supported version (by default, TLS 1.2) instead of the version specified by the user (by default, TLS 1.0).

Client use

For client connection, I recommend to use connection instead of tls directly.

Closing note

And finally this is the extents of the modifications just in tls:

 82 files changed, 5528 insertions(+), 4568 deletions(-)

Enjoy,