warp-tls

HTTP over TLS support for Warp via the TLS package

http://github.com/yesodweb/wai

Version on this page:3.4.9
LTS Haskell 23.1:3.4.9
Stackage Nightly 2024-12-22:3.4.12
Latest on Hackage:3.4.12

See all snapshots warp-tls appears in

MIT licensed by Michael Snoyman
Maintained by [email protected]
This version can be pinned in stack with:warp-tls-3.4.9@sha256:a081e20e12583bd2a0628f97eafd2f1a3ba077eed26e313a53f8389a8bcb1a3f,1816

Module documentation for 3.4.9

warp-tls

Serve WAI applications using the Warp webserver and the Haskell TLS library.

In order to generate a self-signed certificate for testing, try the following:

openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out certificate.csr
openssl x509 -req -in certificate.csr -signkey key.pem -out certificate.pem

Changes

ChangeLog

3.4.9

  • Using timeout for handshake to prevent thread leaks.

3.4.8

  • Substituted data-default-class for data-default #1010

3.4.7

  • Expose attachConn to use post-handshake TLS connection. #1007

3.4.6

  • Preparing for tls v2.1

3.4.5

  • Making mkConn of WarpTLS interruptible #984

3.4.4

  • Allow warp v3.4.

3.4.3

  • Install shutdown handlers passed via Settings to run... functions

3.4.2

  • Requiring warp v3.3.29.

3.4.1

  • Supporting tls v1.8.0.

3.4.0

  • Major version up to deprecate v3.3.7 due to the incompatibility against cryptonite.

3.3.7

  • Using crypton instead of cryptonite. #931

3.3.6

  • Setting FD_CLOEXEC on the listening socket. #923

3.3.5

  • Switching the version of the “recv” package from 0.0.x to 0.1.x.

3.3.4

  • Integrated customizable accept hook from Network.Wai.Handler.Warp.Settings (cf. setAccept) #912
  • Adjusted httpOverTls because of the factoring out of Network.Wai.Handler.Warp.Recv to its own package recv in the warp package. #899

3.3.3

  • Creating a bigger buffer when the current one is too small to fit the Builder #895
  • Expose TLS.supportedHashSignatures via TLSSettings #872

3.3.2

  • Providing the Internal module. #841

3.3.1

  • Move exception handling over to unliftio for better async exception support #845
  • Cleanly close connection when client closes connection prematurely #844

3.3.0

  • Breaking changes: certFile and keyFile are not exported anymore.
  • Allow TLS credentials to be retrieved from an IORef. #806

3.2.12

  • A config field: tlsCredentials and tlsSessionManager. #805

3.2.11

  • Ignoring an exception from shutdown (gracefulClose).

3.2.10

  • Passing client certificate, if any, to Warp #783

3.2.9

  • Cooperating setGracefulCloseTimeout1 and setGracefulCloseTimeout2 of Warp. #782

3.2.8

  • Using gracefullClose of network 3.1.1 or later if available.

3.2.7

  • Relaxing version constraint.

3.2.6

  • Using the Strict and StrictData language extensions for GHC >8. #752

3.2.5

  • When tls 1.5.0 is available, TLS 1.3 is automatically supported.

3.2.4.3

  • Using warp >= 3.2.17.

3.2.4.2

  • Ignore socket errors while sending close_notify #640

3.2.4

  • Using tls-session-manager.

3.2.3

  • Stop using obsoleted APIs of network.

3.2.2

  • New settting parameter: tlsServerDHEParams #556
  • Preventing socket leakage #559

3.2.1

  • Removing dependency to cprng-aes.

3.2.0

  • Major version up due to breaking changes.
  • runHTTP2TLS and runHTTP2TLSSocket were removed.

3.1.4

  • Add an option to disable HTTP2 #450

3.1.3

  • Removing SHA 512 and SHA 384 from supportedCiphers to rescue Safari and golang. #429

3.1.2

3.1.1

  • Converting “send: resource vanished (Broken pipe)” to ConnectionClosedByPeer. #421

3.1.0

  • Supporting HTTP/2 #399
  • Removing RC4 #400

3.0.4.2

  • tls 1.3 support #390

3.0.4.1

  • Fix for leaked FDs #378

3.0.4

  • Replace acceptSafe with accept, see #361

3.0.3

  • Support chain certs #349

3.0.2

  • Allow warp-tls to request client certificates. #337

3.0.1.4

Add additional Diffie-Hellman RSA and DSA ciphers to warp-tls.

3.0.1.3

Unable to allow insecure connections with warp-tls #324

3.0.1.2

Make sure Timer is tickled in sendfile. #323

3.0.1

Support for in-memory certificates and keys