[Haskell-cafe] ANNOUNCE: secure-sockets version 1.0

Thomas DuBuisson thomas.dubuisson at gmail.com
Mon Sep 6 12:16:13 EDT 2010

Good work Dan!  Would you be interested in providing a build option
that replaces the OpenSSL dependency with something more stand-alone?
Or does ossl perform a significant part of the TLS protocol work for
you (vs just being used for algorithms)?

Anyone impatient for the midnight haddocking can see the docs here:


On Sun, Sep 5, 2010 at 10:26 PM, David Anderson <dave at natulte.net> wrote:
> Hi,
> I'm happy to announce the first release of secure-sockets, a library which
> aims to simplify the task of communicating securely between two
> authenticated peers.
> --------------------------------------------
> -- What it is
> --------------------------------------------
> The API mimicks that of Network.Socket, and introduces the additional notion
> of peer identity, which is distinct from the endpoint address (host and
> port). Connections can only be established between two peers who know and
> expect to be communicating with each other.
> Transport security is implicitly taken care of: an established
> Network.Secure.Connection implies that each end of the connection
> successfully authenticated to the other, and that they have setup strong
> encryption for your data.
> --------------------------------------------
> -- What it isn't
> --------------------------------------------
> The library leans towards the "zero configuration" end of the spectrum, and
> basically Just Works. This means that if you know exactly what you want and
> need for the cipher, authentication algorithm, key type and length, key
> exchange protocol, HMAC algorithm, rekeying intervals, random number
> source... Then secure-sockets is not for you.
> If on the other hand you just want to replace your current cleartext
> "cipher" and faith-based "authentication" code with something that gives you
> a good chance of being secure (see caveats in docs), without diving into the
> rich madness that is full blown SSL, then you might want to take a look.
> This library assumes that both ends of a connection are using it. The goal
> of secure-sockets is not to allow you to connect to any SSL-enabled server,
> or to speak a particular standard flavor of authentication protocol.
> Internally, secure-sockets uses SSL to achieve its goals, so you might get
> lucky if you do it just right, but that is an implementation detail. The
> library is designed to help you easily secure communications between two
> programs whose implementation you control, not between you and anything out
> there.
> --------------------------------------------
> -- Links
> --------------------------------------------
> Homepage: http://secure-hs.googlecode.com/
> Hackage page: http://hackage.haskell.org/package/secure-sockets
> Bug tracker: http://code.google.com/p/secure-hs/issues/list
> Code repository: https://secure-hs.googlecode.com/hg
> --------------------------------------------
> -- Thanks
> --------------------------------------------
> I'd like to thank my employer, Google. Not only did they not get mad at the
> idea that I might want to hack on Haskell during working hours (as my "20%
> project"), they also made it very painless for me to open source this code
> when the time came.
> --------------------------------------------
> -- Questions?
> --------------------------------------------
> Questions, comments, suggestions and patches can be filed in the issue
> tracker, emailed directly to me, or thrown out on haskell-cafe.
> Hope you find this code useful!
> - Dave
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe

More information about the Haskell-Cafe mailing list