[Haskell-cafe] ANNOUNCE: tls, native TLS/SSL protocol implementation

Vincent Hanquez tab at snarc.org
Thu Oct 7 08:07:05 EDT 2010


On Thu, Oct 07, 2010 at 12:29:51AM +0200, Christopher Done wrote:
> On 6 October 2010 23:26, Vincent Hanquez <tab at snarc.org> wrote:
> > I'ld like to announce the tls package [1][2], which is a native implementation
> > of the TLS protocol, client and server.  It's currently mostly supporting SSL3,
> > TLS1.0 and TLS1.1.  It's got *lots* of rough edges, and a bunch of unsupported
> > features, but it's humming along, and at each iteration it's becoming more
> > tighly secure and featureful.
> 
> Wow, great! So might we be able to combine this with Network.HTTP some
> day? I am interested in moving away from C libraries (curl) to pure
> Haskell libraries, for a safer, richer Haskell ecosystem and for
> solving the interesting problems.

That's one of the goal of this library. Ultimately I want something more flexible
than usual APIs in traditional libraries; TLS can do lots of things, that are
not typically exposed by others libraries.

Otherwise more pratically, there's michael's http-enumerator.  I hope i'll see
more package depending on tls in the future instead of gnutls/openssl bindings.

> Will you eventually add benchmarks?

This is on my TODO list but the priority is quite low; I'm trying to focus on
correctness and security for now. However I suspect what does make the biggest
difference is the crypto implementation that is used, and the current dependencies
should be all reasonable (cryptohash is close to C performance level with
hashes, the AES package has a pretty fast implementation, ghc seems quite good
with big number benefiting RSA, ..).

-- 
Vincent Hnquez


More information about the Haskell-Cafe mailing list