package tls

  1. Overview
  2. Docs

Core type definitions

val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t
val let* : ('a, 'b) Stdlib.result -> ('a -> ('c, 'b) Stdlib.result) -> ('c, 'b) Stdlib.result
val guard : bool -> 'a -> (unit, 'a) Stdlib.result
val map_reader_error : ('a, 'b) Stdlib.result -> ('a, [> `Fatal of [> `ReaderError of 'b ] ]) Stdlib.result
type tls13 = [
  1. | `TLS_1_3
]
val pp_tls13 : Stdlib.Format.formatter -> [< `TLS_1_3 ] -> unit
type tls_before_13 = [
  1. | `TLS_1_0
  2. | `TLS_1_1
  3. | `TLS_1_2
]
val pp_tls_before_13 : Stdlib.Format.formatter -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 ] -> unit
type tls_version = [
  1. | tls13
  2. | tls_before_13
]
val pp_tls_version : Stdlib.Format.formatter -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> unit
val pair_of_tls_version : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> int * int
val compare_tls_version : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> int
val next : [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> [> `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
val all_versions : ([< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 TLS_1_1 TLS_1_2 TLS_1_3 ] as 'a * [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]) -> 'a list
val tls_version_of_pair : (int * int) -> [> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
type tls_any_version = [
  1. | tls_version
  2. | `SSL_3
  3. | `TLS_1_X of int
]
val pp_tls_any_version : Stdlib.Format.formatter -> [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] -> unit
val any_version_to_version : [> tls_version ] -> [> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option
val version_eq : [> tls_version ] -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> bool
val version_ge : [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] -> [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] -> bool
val tls_any_version_of_pair : (int * int) -> [> `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] option
val pair_of_tls_any_version : [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] -> int * int
val max_protocol_version : ('a * 'b) -> 'b
val min_protocol_version : ('a * 'b) -> 'a
type tls_hdr = {
  1. content_type : Packet.content_type;
  2. version : tls_any_version;
}
val pp_tls_hdr : Stdlib.Format.formatter -> tls_hdr -> unit
module SessionID : sig ... end
module PreSharedKeyID : sig ... end
type psk_identity = (Cstruct.t * int32) * Cstruct.t
val binders_len : ('a * Cstruct.t) list -> int
type group = [
  1. | `FFDHE2048
  2. | `FFDHE3072
  3. | `FFDHE4096
  4. | `FFDHE6144
  5. | `FFDHE8192
  6. | `X25519
  7. | `P256
  8. | `P384
  9. | `P521
]
val pp_group : Stdlib.Format.formatter -> [< `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] -> unit
val named_group_to_group : Packet.named_group -> [> `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] option
val group_to_named_group : [< `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] -> Packet.named_group
val group_to_impl : [< `FFDHE2048 | `FFDHE3072 | `FFDHE4096 | `FFDHE6144 | `FFDHE8192 | `P256 | `P384 | `P521 | `X25519 ] -> [> `Finite_field of Mirage_crypto_pk.Dh.group | `P256 | `P384 | `P521 | `X25519 ]
type signature_algorithm = [
  1. | `RSA_PKCS1_MD5
  2. | `RSA_PKCS1_SHA1
  3. | `RSA_PKCS1_SHA224
  4. | `RSA_PKCS1_SHA256
  5. | `RSA_PKCS1_SHA384
  6. | `RSA_PKCS1_SHA512
  7. | `ECDSA_SECP256R1_SHA1
  8. | `ECDSA_SECP256R1_SHA256
  9. | `ECDSA_SECP384R1_SHA384
  10. | `ECDSA_SECP521R1_SHA512
  11. | `RSA_PSS_RSAENC_SHA256
  12. | `RSA_PSS_RSAENC_SHA384
  13. | `RSA_PSS_RSAENC_SHA512
  14. | `ED25519
]
val hash_of_signature_algorithm : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> [> `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ]
val signature_scheme_of_signature_algorithm : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> [> `ECDSA | `ED25519 | `RSA_PKCS1 | `RSA_PSS ]
val pp_signature_algorithm : Stdlib.Format.formatter -> [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ] -> unit
val rsa_sigalg : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> bool
val tls13_sigalg : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ] -> bool
val pk_matches_sa : [> `ED25519 of 'a | `P256 of 'b | `P384 of 'c | `P521 of 'd | `RSA of 'e ] -> [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 | `ECDSA_SECP521R1_SHA512 | `ED25519 | `RSA_PKCS1_MD5 | `RSA_PKCS1_SHA1 | `RSA_PKCS1_SHA224 | `RSA_PKCS1_SHA256 | `RSA_PKCS1_SHA384 | `RSA_PKCS1_SHA512 | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ] -> bool
type client_extension = [
  1. | `Hostname of [ `host ] Domain_name.t
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of Packet.named_group list
  4. | `SecureRenegotiation of Cstruct.t
  5. | `Padding of int
  6. | `SignatureAlgorithms of signature_algorithm list
  7. | `ExtendedMasterSecret
  8. | `ALPN of string list
  9. | `KeyShare of (Packet.named_group * Cstruct.t) list
  10. | `EarlyDataIndication
  11. | `PreSharedKeys of psk_identity list
  12. | `SupportedVersions of tls_any_version list
  13. | `PostHandshakeAuthentication
  14. | `Cookie of Cstruct.t
  15. | `PskKeyExchangeModes of Packet.psk_key_exchange_mode list
  16. | `ECPointFormats
  17. | `UnknownExtension of int * Cstruct.t
]
type server13_extension = [
  1. | `KeyShare of group * Cstruct.t
  2. | `PreSharedKey of int
  3. | `SelectedVersion of tls_version
]
type server_extension = [
  1. | server13_extension
  2. | `Hostname
  3. | `MaxFragmentLength of Packet.max_fragment_length
  4. | `SecureRenegotiation of Cstruct.t
  5. | `ExtendedMasterSecret
  6. | `ALPN of string
  7. | `ECPointFormats
  8. | `UnknownExtension of int * Cstruct.t
]
type encrypted_extension = [
  1. | `Hostname
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of group list
  4. | `ALPN of string
  5. | `EarlyDataIndication
  6. | `UnknownExtension of int * Cstruct.t
]
type hello_retry_extension = [
  1. | `SelectedGroup of group
  2. | `Cookie of Cstruct.t
  3. | `SelectedVersion of tls_version
  4. | `UnknownExtension of int * Cstruct.t
]
type client_hello = {
  1. client_version : tls_any_version;
  2. client_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuites : Packet.any_ciphersuite list;
  5. extensions : client_extension list;
}
type server_hello = {
  1. server_version : tls_version;
  2. server_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuite : Ciphersuite.ciphersuite;
  5. extensions : server_extension list;
}
type dh_parameters = {
  1. dh_p : Cstruct.t;
  2. dh_g : Cstruct.t;
  3. dh_Ys : Cstruct.t;
}
type hello_retry = {
  1. retry_version : tls_version;
  2. ciphersuite : Ciphersuite.ciphersuite13;
  3. sessionid : SessionID.t option;
  4. selected_group : group;
  5. extensions : hello_retry_extension list;
}
type session_ticket_extension = [
  1. | `EarlyDataIndication of int32
  2. | `UnknownExtension of int * Cstruct.t
]
type session_ticket = {
  1. lifetime : int32;
  2. age_add : int32;
  3. nonce : Cstruct.t;
  4. ticket : Cstruct.t;
  5. extensions : session_ticket_extension list;
}
type certificate_request_extension = [
  1. | `SignatureAlgorithms of signature_algorithm list
  2. | `CertificateAuthorities of X509.Distinguished_name.t list
  3. | `UnknownExtension of int * Cstruct.t
]
type tls_handshake =
  1. | HelloRequest
  2. | HelloRetryRequest of hello_retry
  3. | EncryptedExtensions of encrypted_extension list
  4. | ServerHelloDone
  5. | ClientHello of client_hello
  6. | ServerHello of server_hello
  7. | Certificate of Cstruct.t
  8. | ServerKeyExchange of Cstruct.t
  9. | CertificateRequest of Cstruct.t
  10. | ClientKeyExchange of Cstruct.t
  11. | CertificateVerify of Cstruct.t
  12. | Finished of Cstruct.t
  13. | SessionTicket of session_ticket
  14. | KeyUpdate of Packet.key_update_request_type
  15. | EndOfEarlyData
val pp_handshake : Stdlib.Format.formatter -> tls_handshake -> unit
val src : Logs.src
module Tracing : sig ... end
type master_secret = Cstruct.t

the master secret of a TLS connection

type psk13 = {
  1. identifier : Cstruct.t;
  2. obfuscation : int32;
  3. secret : Cstruct.t;
  4. lifetime : int32;
  5. early_data : int32;
  6. issued_at : Ptime.t;
}
type epoch_state = [
  1. | `ZeroRTT
  2. | `Established
]
type epoch_data = {
  1. state : epoch_state;
  2. protocol_version : tls_version;
  3. ciphersuite : Ciphersuite.ciphersuite;
  4. peer_random : Cstruct.t;
  5. peer_certificate_chain : X509.Certificate.t list;
  6. peer_certificate : X509.Certificate.t option;
  7. peer_name : [ `host ] Domain_name.t option;
  8. trust_anchor : X509.Certificate.t option;
  9. received_certificates : X509.Certificate.t list;
  10. own_random : Cstruct.t;
  11. own_certificate : X509.Certificate.t list;
  12. own_private_key : X509.Private_key.t option;
  13. own_name : [ `host ] Domain_name.t option;
  14. master_secret : master_secret;
  15. session_id : SessionID.t;
  16. extended_ms : bool;
  17. alpn_protocol : string option;
}

information about an open session

val supports_key_usage : ?not_present:bool -> X509.Extension.key_usage -> X509.Certificate.t -> bool
val supports_extended_key_usage : ?not_present:bool -> X509.Extension.extended_key_usage -> X509.Certificate.t -> bool
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct