-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | HTTP over TLS support for Warp via the TLS package
--   
--   SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS
--   1.1 or TLS 1.0 if necessary). HTTP/2 can be negotiated by ALPN. API
--   docs and the README are available at
--   <a>http://www.stackage.org/package/warp-tls</a>.
@package warp-tls
@version 3.2.4


-- | HTTP over TLS support for Warp via the TLS package.
--   
--   If HTTP/2 is negotiated by ALPN, HTTP/2 over TLS is used. Otherwise
--   HTTP/1.1 over TLS is used.
--   
--   Support for SSL is now obsoleted.
module Network.Wai.Handler.WarpTLS

-- | Settings for WarpTLS.
data TLSSettings

-- | Default <a>TLSSettings</a>. Use this to create <a>TLSSettings</a> with
--   the field record name (aka accessors).
defaultTlsSettings :: TLSSettings

-- | A smart constructor for <a>TLSSettings</a> based on
--   <a>defaultTlsSettings</a>.
tlsSettings :: FilePath -> FilePath -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses in-memory
--   representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
--   
--   Since 3.0.1
tlsSettingsMemory :: ByteString -> ByteString -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a> that allows specifying
--   chain certificates based on <a>defaultTlsSettings</a>.
--   
--   Since 3.0.3
tlsSettingsChain :: FilePath -> [FilePath] -> FilePath -> TLSSettings

-- | A smart constructor for <a>TLSSettings</a>, but uses in-memory
--   representations of the certificate and key based on
--   <a>defaultTlsSettings</a>.
--   
--   Since 3.0.3
tlsSettingsChainMemory :: ByteString -> [ByteString] -> ByteString -> TLSSettings

-- | File containing the certificate.
certFile :: TLSSettings -> FilePath

-- | File containing the key
keyFile :: TLSSettings -> FilePath

-- | The level of logging to turn on.
--   
--   Default: <a>defaultLogging</a>.
--   
--   Since 1.4.0
tlsLogging :: TLSSettings -> Logging

-- | The TLS versions this server accepts.
--   
--   <pre>
--   &gt;&gt;&gt; tlsAllowedVersions defaultTlsSettings
--   [TLS12,TLS11,TLS10]
--   </pre>
--   
--   Since 1.4.2
tlsAllowedVersions :: TLSSettings -> [Version]

-- | The TLS ciphers this server accepts.
--   
--   <pre>
--   &gt;&gt;&gt; tlsCiphers defaultTlsSettings
--   [ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1]
--   </pre>
--   
--   Since 1.4.2
tlsCiphers :: TLSSettings -> [Cipher]

-- | Whether or not to demand a certificate from the client. If this is set
--   to True, you must handle received certificates in a server hook or all
--   connections will fail.
--   
--   <pre>
--   &gt;&gt;&gt; tlsWantClientCert defaultTlsSettings
--   False
--   </pre>
--   
--   Since 3.0.2
tlsWantClientCert :: TLSSettings -> Bool

-- | The server-side hooks called by the tls package, including actions to
--   take when a client certificate is received. See the <a>Network.TLS</a>
--   module for details.
--   
--   Default: def
--   
--   Since 3.0.2
tlsServerHooks :: TLSSettings -> ServerHooks

-- | Configuration for ServerDHEParams more function lives in
--   <tt>cryptonite</tt> package
--   
--   Default: Nothing
--   
--   Since 3.2.2
tlsServerDHEParams :: TLSSettings -> Maybe Params

-- | Configuration for in-memory TLS session manager. If Nothing,
--   <a>noSessionManager</a> is used. Otherwise, an in-memory TLS session
--   manager is created according to <tt>Config</tt>.
--   
--   Default: Nothing
--   
--   Since 3.2.4
tlsSessionManagerConfig :: TLSSettings -> Maybe Config

-- | Do we allow insecure connections with this server as well?
--   
--   <pre>
--   &gt;&gt;&gt; onInsecure defaultTlsSettings
--   DenyInsecure "This server only accepts secure HTTPS connections."
--   </pre>
--   
--   Since 1.4.0
onInsecure :: TLSSettings -> OnInsecure

-- | An action when a plain HTTP comes to HTTP over TLS/SSL port.
data OnInsecure
DenyInsecure :: ByteString -> OnInsecure
AllowInsecure :: OnInsecure

-- | Running <a>Application</a> with <a>TLSSettings</a> and
--   <a>Settings</a>.
runTLS :: TLSSettings -> Settings -> Application -> IO ()

-- | Running <a>Application</a> with <a>TLSSettings</a> and <a>Settings</a>
--   using specified <a>Socket</a>.
runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()
data WarpTLSException
InsecureConnectionDenied :: WarpTLSException

-- | Represent Diffie Hellman parameters namely P (prime), and G
--   (generator).
data Params :: *

-- | generate params from a specific generator (2 or 5 are common values)
--   we generate a safe prime (a prime number of the form 2p+1 where p is
--   also prime)
generateParams :: MonadRandom m => Int -> Integer -> m Params
instance GHC.Show.Show Network.Wai.Handler.WarpTLS.WarpTLSException
instance GHC.Show.Show Network.Wai.Handler.WarpTLS.OnInsecure
instance GHC.Exception.Exception Network.Wai.Handler.WarpTLS.WarpTLSException
